Home » Business Continuity » Disaster Recovery

DHS: No Disaster Recovery Plans in Place

The Office of Inspector General has deemed DHS unfit because the organization devised to protect the homeland does not have a disaster recovery plan

It's disheartening. It's incredible. But it's not all that surprising. That's how some business continuity experts and government officials reacted to the news that 15 out of 19 agencies under the Department of Homeland Security lack fully operational disaster recovery sitesa shortfall that could hinder DHS's ability to carry out its mission during a service disruption or national emergency.

The report, "Disaster Recovery Planning for DHS Information Systems Needs Improvement," published in May by the DHS Office of Inspector General, also found that the four agencies with recovery sites lacked other continuity measures, such as thorough, written disaster recovery plans. (For a full copy of the report, go to www.csoonline.com/printlinks.) Without naming agencies, the report warned that these security gaps could result in "a disruption in passenger screening operations, delays in processing grants in response to a disaster and delays in the flow of goods across U.S. borders."

"I'm not surprised by the number of agencies and IT facilities that have no backup [site]," says John Copenhaver, thesoutheast region director of FEMA from 1997 to 2001. "You've taken such a huge patchwork quilt of agencies and departments and cobbled them all together" into a new homeland security hub, Copenhaver says. But he's quick to add that there's no excuse for such lapses in this critical department.

Still, some private-sector groups are disappointed. "The government as a whole put down a lot of regulations for the financial services industry, and it's disheartening to see that they don't necessarily follow their own guidelines," says Marie Johnson, who's president of the Business Continuity Planners Association, made up of 150 business continuity professionals in the Minneapolis/St. Paul area.

Johnson, who is also a business continuation analyst for Target retail stores in Minneapolis, sees even more serious ramifications. Target relies on the nation's ports for product shipments from overseas, she says. "There are definitely concerns about [business continuity] from that standpoint."

The report blames DHS's disaster recovery woes on a lack of resources, funding and an enterprisewide disaster recovery solutionproblems that the private sector knows all too well. "DHS has only so much funding, and they have to prioritize that in a manner that makes the most sense to them. Usually security, then business continuity and disaster recovery wind up falling short [of funds]," says Dr. Jim Kennedy, a business continuity author and consultant with Lucent Technologies.

Though the Senate Homeland Security and Government Affairs Committee doesn't see the need for congressional action to push for compliance just yet, committee members are closely following the agencies' progress. "A Management 101 class would tell you that any organization that relies on critical computer systems should have the ability to recover from a natural or a man-made disruption," says Leslie Phillips, the spokeswoman for the committee. "The department should be leading by example."