[ISN] Corporate IT needs to make bird-flu plans now

InfoSec News isn at c4i.org
Fri Mar 10 01:18:42 EST 2006


http://www.networkworld.com/news/2006/031306-avian-flu-it-plans.html

By Denise Dubie and Tim Greene
NetworkWorld.com
03/09/06

If the avian flu hits the United States big time, the IS department
for the Bloomberg School of Public Health at Johns Hopkins University
in Baltimore could have a big-time problem.

It sits across the street from the Johns Hopkins Hospital where a high
number of infected patients could be treated and where a large
percentage of the staff travel widely as part of their jobs,
increasing the likelihood they could come back infected.

"Our biggest fear is that we won't be able to get back to our data
center for an extended amount of time, so we set up systems that would
make it accessible remotely," says Ross McKenzie, the IS director for
the school of public health.

The school could have the problem covered, though, considering it has
addressed remote control capabilities for PCs and server by buying 550
GoToMyPC licenses that lets network administrators log in via
Web-based clients. "Every IT function, except maybe for the physical
help desk, can be performed remotely at this point."

Preparing corporate data center operations for an outbreak of the
avian flu requires long-term planning, but not enough IT executives
are planning far enough ahead, according to surveys.

For instance, of 167 government workers across eight federal
departments 44% don't know how they should react to a flu emergency,
according to a poll by Telework Exchange, an online forum trying to
quantify how much teleworking goes on in the federal government.

A survey last month of 300 Minnesota business officials found most
thought a flu pandemic would significantly affect their business, but
only 18% had preparedness plans in place. The poll sponsored by the
University of Minnesota Center for Infectious Disease Research and
Policy found that close to two thirds said they were already prepared
or somewhat prepared to move employees to remote locations or let them
work at home, while 29% said they were not prepared.

The H5N1 influenza virus, which originated in Asia, could hit the U.S.  
this fall, potentially causing an epidemic, the nation's chief avian
flu coordinator warned. It can be transmitted from birds to humans via
close contact, but not from human to human - yet. Flu experts say
mutations are almost certain to create a strain that supports
human-to-human transmission. The resultant pandemic will make 75
million and 90 million people sick in the U.S. with up to 2 million
deaths, according to the U.S. Congressional Budget Office.

Some businesses have the basics of plans in place, such as White
Electronic Designs in Phoenix. "We've given consideration to the avian
flu situation as part of our enterprise risk management program," says
Jim Kritcher, vice president of corporate information technology for
the firm.

He says plans call for asking workers returning from areas where flu
has struck to work from home for a period afterward to avoid infecting
others at corporate sites. And the company would conduct as much work
in general remotely. "We would certainly be susceptible, especially
since we have employees traveling to Asia on a regular basis. We do a
significant amount of manufacturing in China," he says.

For many companies, VPNs are the mainstay for their disaster plans.  
"It's the lynchpin of our remote access," says Paul Beaudry, director
of technical services for JRI, the largest agribusiness company in
Canada based in Winnipeg, Manitoba.

The company has dual Aventail SSL VPN gateways installed at its
headquarters site that support 800 employees for accessing e-mail and
about 25 work-at-home employees. But in the event of flu, that number
would rise drastically, and the company would buy more VPN licenses
and turn up more applications.

The entire IT staff of 15 has been trained to increase the number of
applications available through the gateway and to increase the
resources employees are authorized to reach over the VPN, he says. So
even if some of the IT staff is out of commission, someone will be
able to set up the VPN for those able to work from home, Beaudry says.

Similarly, Kritcher says White Electronic Designs will use its Cisco
VPN concentrators to support remote access as well as thin clients to
access applications remotely.

The concentrators can scale to handle extra concurrent users, he says,
but during an emergency, the number of people trying to connect via
the VPN could strain WAN connections and result in slow response time
or failure to connect altogether. "So we are testing procedures to
reconfigure the WAN links such as wireless IP currently used for
failover and redeploy them to support additional VPN traffic,"  
Kritcher says.

In the case of the Johns Hopkins health school, VPNs were too
expensive for the needs, says McKenzie. "We didn't want something that
could be open to everyone when we weren't entirely sure, considering
the situation, who or how many would need to use it," he says.

Such planning is essential, according to Gartner, which has published
a report called Prepare Now for a Coming Avian Influenza Pandemic.  
"Enterprises should take the widespread agreement on the strong
likelihood of a pandemic
as a signal to take immediate action," says
Ken McGee, the Gartner analyst who wrote the report. "By mid-2006,
have in place completed pandemic/IT response plans."

He recommends preparing lists of the most important knowledge workers
on staff and figuring out how they can work from home for extended
period. In addition to network access, they'll need the ability to
conference with co-workers, customers and business partners, McGee
says.

Still, with all the planning in the world, there is only so much IT
executives can do, Beaudry notes. "You've got a human fear factor, and
you may have people reacting in a way you couldn't predict," he says.  
"You've may have a quarantine situation and business can be impacted -
there's no question. But you have to keep the business running."

All contents copyright 1995-2005 Network World, Inc.





More information about the ISN mailing list