By Jim Burtles, FBCI, head of training, Automata, Global Business Continuity Services
For many business continuity practitioners, one of the most challenging assignments is the development and delivery of realistic but stimulating exercises. Perhaps the toughest aspect is choosing a suitable basic plot line which can be adapted and embellished to form the basis of an imaginary event in line with your objectives and purpose.
Part of the difficulty is finding a suitable source of inspiration. Many of the stories from the media are too sensational for use as a credible scenario within our own sheltered environment. Incredibility seems to be an essential element of any media exposure. A more fruitful field of research might be the records of the emergency services and others who might be involved in dealing with serious incidents. Case studies are another useful source of ideas. Both of these approaches do require a great deal of investigation but, over time, one gradually gathers enough background information to be reasonably confident of inventing one’s own variations on the basic themes.
The other essential ingredient for any aspiring plot writer is a vivid but rational imagination. Whilst this need for creativity is somewhat of a challenge, it does imbue the whole process with a sense of excitement and satisfaction.
Over the years, I have evolved a routine method for the whole process and accumulated a small collection of basic plot lines. I apply a gradient scale of difficulty and credibility in exercising which narrows the choice of plot line according to the requirements of that level of exercise. For example, a team with little or no experience will benefit from a simple plot line with few complications; whereas a more experienced group will need something rather more complex, always providing we can retain a reasonable degree of credibility. One easy way of increasing the complexity is through the use of multiple simultaneous incidents. (See the ‘Exercise Scale’ later in this article.)
Based on what happens in the real world there are several plot lines we can use as our typical trigger events. On the other hand, wherever business continuity is flourishing there will be preventative and defensive measures in place. Therefore it might be wise to carry out a rough risk assessment as the first stage of your plot development.
Plot line potential
To help you select from the many plot lines available I have worked out a rather rough and ready five star rating system. Stars are allocated according to the five key requirements of a good exercise script. I have also indicated which characteristics have contributed to the overall star rating of each class or category of plotlines.
The stars and characters are intended to give an indication of whether the basic plotline contains the potential for the development of a good exercise script which is:
* (C) Credible which means they are likely to believe it is a realistic event
* (A) Attainable which means the various problems can be solved, rather than an overwhelming situation with no positive outcome
* (S) Simplistic which means no obscure or technical implications which might confuse them or open the way for you to lose control or credibility
* (P) Press Appeal which means an interesting story for the media to pick up on, a central requirement if the crisis response team are to be involved
* (T) Testing which means it will set them a challenge which is likely to stretch their capabilities.
This five star rating system is quite unscientific and crude but it may help you to avoid unwise choices and steer you towards plot lines with the best potential. I tend to use the lower rated plot lines as subsidiary plots rather than the main trigger event.
The commonest types of incident which can be expected to lead to a major outage include fires and floods of various kinds. Service failures are also quite common, although they are generally of rather short duration. In the following list we briefly explore the implications and nuances associated with the range of credible scenarios I’ve used or considered over the past few years. You should also bear in mind that an apparently reasonable scenario in one part of the world may seem quite bizarre in another. You would not expect a tsunami in Switzerland but hurricanes happen every year the Caribbean. It is a classic case of ‘horses for courses’.
Fire ***** CASPT
Fires come in all shapes and sizes and can appear almost anywhere. Indeed, they are so prevalent that almost everyone has put up some form of defensive or protective measure. Nevertheless we still get plenty of fires. As a general rule we can assume that if a fire is not extinguished with four minutes then it is out of control. The only truly effective countermeasure is a sprinkler system, but even then a shortage of water could still allow a fire to develop. The actual cause of the fire could be an electrical problem due to poor wiring or an over loaded socket or perhaps a lightning strike.
Another highly likely cause would be arson, committed by a disgruntled employee or customer, local hooligans or perhaps someone with a grudge against the company, its owners, its products or its way of doing business. The actual instrument could be a petrol bomb, a box of matches or even an industrial accident if there are flammable materials around. Most types of roofing felt and the bitumen they use on flat roofs are highly flammable and are a common cause of fires in factories and warehouses.
Faults in the fire detection and alarm system can contribute to the scenario by delaying the recognition and response procedures and allowing the fire to really take hold before the fire fighting commences. Your scenario might include an earlier fault or failure which precedes and provides the opportunity for things to get out of hand despite the apparently sound countermeasures which are in place.
There is also the opportunity for a fire to start somewhere nearby and spread over to the target premises. External triggers, where the participants are the subject of a secondary, or indirect, impact are common sources of good plot lines.
Flood ***** CASPT
Floods can be started by a number of internal problems, including overflowing sinks, blocked toilets or burst pipes, especially during freezing conditions. The external causes can include burst water mains, overflowing rivers, torrential rains, tidal waves and fire fighting. Water also brings pollution, damages documents, wrecks equipment and weakens foundations. As with the fire scenario, it will take several weeks to dry out, clean, refurbish and redecorate before the premises can be returned to service.
Terrorist ***** CASPT
Terrorists can use almost any form of attack upon your premises, either by intent or by accident. They may strike the wrong target, due to misinformation or ignorance, or they may simply fail to reach the intended target and settle for an alternative softer target. They may or may not provide a warning and there could be hoax messages. Hoax messages or real ones can be used as an inject, or a diversion, as the core scenario unfolds. Generally speaking they prefer to attack ‘iconic targets’ in order to get the maximum exposure and publicity. If your premises are ‘iconic’ or close to an icon then this is a very realistic plotline with plenty of potential for side issues.
The consequences of terrorism may include the closure of an area for safety or forensic reasons as well as the more obvious damage to property.
Lightning *** APT
Lightning can cause a considerable amount of damage and may destroy all of the wiring and any attached electronic equipment throughout the building unless it is properly isolated at the time of the strike. Furthermore most buildings are inadequately protected against a direct strike, even those who have some form of lightning protectors fitted. The full power of a direct strike is often underestimated.
Robbery *** CAS
Robbery can be the motivation for causing severe damage as a crude means of gaining access to valuable items. It can also lead to attacks on personnel leading to mental and physical trauma. On the other hand, more sophisticated methods may be used to rob an organisation of such precious items as intellectual property. This may lead to rather more subtle consequences. Ram raiding is a particularly crude form of attack that is sometimes used by criminals in the pursuit of robbery.
Riots *** CSP
Racial, religious or political differences can lead to whole areas being devastated when riots break out. The threat is usually higher when the weather is hot and dry; rain and frost tend to damp the spirits of even the most fanatical rioters. Sometimes there is a particular target in mind, usually an iconic target which serves to represent ‘the enemy’; on other occasions it is simply the meeting of two opposing groups of people who just happen to come to blows at that point. Of course, many of these events are actually organised, or at least encouraged, by a relatively small number of real trouble makers but the effect is a dangerous mob roaming the streets causing damage along the way.
Activists ** AS
Activists may also lay siege to particular targets to get their message across about such emotional issues as animal rights or human rights. Your premises may be the target of such disturbances or they may simply be caught up in the backlash of someone else’s problems. Often these activities start out as quite peaceful but there is always a danger of one or two trouble makers turning it into something rather more threatening.
Storm Damage **** CASP
Storms can do vast amounts of damage across whole swathes of countryside and so they can take out your supply chain, your delivery network and your premises as well as cause transport difficulties for your staff and clients. Storm damage can also take out core services, such as power and telecommunications.
Exclusion Zone *** CAP
Access to your premises may be denied by a security cordon which might be raised for any number of reasons such as burst water or gas mains, a chemical spillage or structural damage which may be the result of an accident or a crime scene.
Road, rail or aircraft accident *** AST
Traffic accidents of various sorts can have far reaching effects and knowledge of the site will give some strong clues as to the credibility of such an accident impacting on your premises or operations.
Subsidence * T
In some parts of the world there is a danger of subsidence, which could be triggered by heavy rainfall. Subsidence is likely to occur in mining areas, especially if there are abandoned mines around. Subsidence can also occur wherever the subsoil is weak or soft. It may also be triggered by tunnelling operations during the construction of underground roadways, railways or service tunnels.
Earthquake ** SP
Large scale earthquakes can completely demolish the whole environment and thus be overwhelming. Whereas a smaller one could do some structural damage which would pose your participants a solvable set of problems. A distant earthquake might affect transport or water supplies. It could even take out one of your key suppliers.
Strike *** ASP
There may be a potential for industrial action which can lead to any number of outcomes including a strain on the brand, image and reputation of the company or even the whole industry. A strike is an opportunity to explore the crisis management as well as the emergency management capability of the participants but bear in mind that this type of scenario could raise some sensitive issues.
Arrest (Mistaken Identity) ** SP
An interesting scenario can be developed from a key player being placed under arrest. If you should elect to use this plot line make sure that the person is found innocent, preferably through mistaken identity. This avoids leaving any stigma from your ‘innocent’ suggestion. Remember these people have to work together afterwards. If the arrest occurs abroad there is the added dimension of the credibility, or otherwise, of the authorities in a foreign country and the suspicion of political motivations etc.
Hostage/Kidnap *** CSP
You can take out one or more key players as hostages, which doesn’t attach any stigma on the reputation of those involved. In a hostage situation there is an opportunity for negotiation about the terms of release whereas kidnapping is usually simply about money. In any case there is likely to be plenty of media interest and considerable police involvement. You can add spice to this plotline by allowing the incident to take place whilst the victims are abroad, adding an international dimension to the negotiations.
Epidemic ** CA
There have been a number of epidemics in recent years which make this seem a reasonably credible scenario with all sorts of associated side effects or impacts. If you do decide to use this line of approach it pays to do some research on the Internet to make sure you portray the symptoms and the treatment options in a realistic manner.
Pollution ** AP
Pollution can take a many forms with differing degrees of severity. Pollution of the water supply or the atmosphere can be triggered by all sorts of industrial accidents and the responses will vary accordingly. Whilst it may be a realistic scenario in some environments, the reactions may not be so easy to predict. However, where there is a commonly perceived threat, it is well worth exploring the outcomes of such scenarios.
Loss of Services *** CAS
The loss, reduction or uncertainty of key services such as the supply of water, power and telecommunications can have quite serious short term consequences. To make the scenario seem fully credible you need to figure out a realistic reason behind the failure or weakness in the supply system, which takes us back to the fire, flood, terrorist, equipment failure and storm types of trigger event.
Equipment Failure ** CA
Failure of key pieces or unique items of equipment is always a strong possibility. You can add a degree of realism by discussing the possible problems and solutions with the people who maintain the equipment.
Hackers * C
Where there is a high degree of dependence upon a database there is always the chance of a hacker causing damage. But I would post a caution about using this as a plotline. The technical people may feel offended at the suggestion they have failed in their duty to prevent such a thing. It is also easy to get out of your depth if someone challenges you about the details of what happened and how it was allowed to happen. Beware the self styled technical giant who tries to show you up as an intellectual dwarf.
Virus * C
Virus attacks fall into the same category of technical minefields where the script writer and the facilitator can so easily lose credibility and control of the situation. If you enter this arena you should either be properly qualified or have a technical guru on your team who can, not only deal with the questions but also, provide convincing answers without relying too much on ‘techno speak’ and blinding the audience with ‘pseudo science’.
Product Contamination ***** CASPT (within certain sectors)
This type of plotline has limited application but is a major concern in those businesses handling or producing goods or materials which may be sensitive to contamination. It is generally confined to the retail and manufacturing sectors and can have many implications. In the food industry they should have plans and procedures to deal with such incidents and there are certainly a number of good case studies around which you can use as the basis of inspiration or information.
It is essential that emergency response and crisis management skills should be built up over time without overwhelming the participants or incurring unnecessary overheads. Therefore, at Automata we build up our exercise scenarios using five distinct levels of complexity, which are intended to be delivered and tackled in sequence:
Single site; simplex scenario
This is where the scenario involves a single location which is affected by one impact on its premises, infrastructure or systems. There are no pre-requisites for this level of exercise – it is the normal entry point for participants in the training programme
Single site; complex scenario
This is where the scenario involves a single location which is affected by more than one impact on its premises, infrastructure or systems. Usually an initial incident is followed up by other circumstances or factors that may cause decisions to be called into question or conflicts to arise regarding the best response.
The pre-requisite is that the target team should have been involved in at least one Level One exercise. This does not mean every single individual but the team as a whole
Multiple site; simplex scenario
This is where the scenario involves multiple locations which are affected by the same single incident or its ramifications. More than one target team is likely to be involved at this level.
The pre-requisite is that the target teams should all have been involved in at least one Level Two exercise. This does not mean every single individual but the team as a whole
Multiple site; complex scenario
This is where the scenario involves multiple locations, which are affected by the same complex set of impacts or their ramifications. Several target teams are likely to be involved at this level.
The pre-requisite is that the target teams should all have been involved in at least one Level Three exercise. This does not mean every single individual but the team as a whole
Multiple site; multiple scenario
This is where the scenario involves a number of separate incidents occurring at a number of sites during the period of the exercise. These incidents may occur more or less simultaneously in different countries and in differing time zones. Many teams are likely to be involved in an exercise of this scale.
The pre-requisite is that the target teams should all have been involved in at least one Level Four exercise. This does not mean every single individual but the team as a whole.
Jim Burtles, FBCI, is head of training for Automata Global Business Continuity Services. During Automata’s quarterly Exercise Delivery and Development Masterclass on 27th and 28th February 2006, Jim will be explaining the methods that he has developed over many years of undertaking practical exercises for organisations of all sizes and sectors across the globe.
Jim can be contacted at firstname.lastname@example.org
•Date: 10th Feb 2006 • Region: UK/World • Type: Article •Topic: Testing & exercising
Rate this article or make a comment - click here