Spanish Critial Infrastructure Protection Law and Business Continuity

By Daniel Blanco Real

The Spanish Law 8/2011 or Ley  de Protección de Infraestructuras Críticas (LPIC) its related to grant essential services that support specific infrastructures considered critical mainly because of two properties:

1. because its required and there are not other alternative solutions that could replace it and/or
2. because a disruption or destruction should have very important impacts in essential services. 

But What is considered a essential service in the law? LPIC identify essential service as those services required to maintain social basic functions (health, security, social welfare and economics, Public administration, etc), although there is difficult to identify it based on the definition above.

Looking for activities and definitions carried out by other countries, we can take a look to the information published by Swedish Civil Contingencies Agency, (MSB in Swedish), that in 2007 established a set of criteria to identify Social critical functions, very close to what is described in LPIC as essential services.

Sector	Functions
Energy supply	Production and distribution of electricity, district heating, fossil fuels and vehicle fuels.
Information and communication	Telephone services, Internet, radio and TV broadcasts, postal services, production and distribution of newspapers, radio and TV.
Financial services	Money transmission, cash access, private insurance and securities trading.
Social insurances	Payment of sickness and unemployment benefits and the national pension system.
Public health and medical services, and special social services	Emergency hospitals, primary care, psychiatry, pharmaceutical supplies, infectious disease control, and special social services for children, disabled persons and the elderly.
Protection, security and safety	Rescue services, police, courts, correctional institutions and SOS Alarm, military, coast guard, and customs, border and immigration control.
Transport	Road, rail, sea and air transport, and transport infrastructure management.
Municipal services	Drinking water, sewage treatment, streetcleaning, public meeting places, refuse collection and roads.
Food Agriculture and the production, distribution and control of food.º	Trade and industry Retail, IT operations and service, construction and contract work, guard and security services and the manufacturing industry.
Public administration  governance  support functions  service sector	National management, regional management and local management, diplomatic and consular services, inspection and permit services, expert and analytical services, detection and laboratory services, collection and provision of population data, meteorological services, training services and burial services.

It can be seen in the original document.

In order to clarify what is considered as a essential service, the document offers some questions that have to be answered for those who think that can be critical operators, grouped by two different blocks: preventive measures and respond measures

From a preventive measures perspective:

• What is the potential scope of a shutdown?
• How many people would be affected?
• What levels of society would be affected by a shutdown?
• To what degree would people’s lives and health be affected?
• What financial, environmental, societal and cultural values could be lost?
• How would public trust be affected?
• How long would it take to repair the damage?

 From a response measures perspective:

• Is the function essential for Leading and coordinating society’s response?
• Is the function essential for Providing the public with enough information about the situation?
• Is the function essential for Responding operatively to the emergency?
• Is the function essential for Minimising the consequences?
• Is the function essential for Restoring functions?

Once essential services are clearly defined, all organizations (obviously critical operator, but also if not)  must focus on:

• How products and services that are delivering can affect to those essential services (This is clear in critical operators)
• How lack of this essential services could affect to products and services delivered.

As a conclusion, Business Continuity in an organization has not only focus in how to recover products and service delivery, but also to take into account how the lack of this products and services affect to the society and the essential services. Without support of those essential services it's probably that organizations will not be able to recover their business and this is something that a lot of organizations don't take into account in their plans and business continuity management systems.

When Goverment shutdowns

By Jorge García Carnicero

The decision taken by the Congress of United States of not to finance the Government is a continuity scenario that is going to bring multiples inconveniences to citizens and that it would provoke the activation of different contingency plans in organization, and people.

But first of all, what is a Government shutdown? It’s a situation in which Government stops to deliver public services that are not basic because of lack of money to pay it. This situation is due to the separation in the decisions groups established by the USA law in which the federal budget depends on Congress (composed by Senate and House of representatives) and have to be countersigned by President. In some circumstances, like President and parliaments groups that control the Congress, are different in political terms it could be that there would be divergences between them and not to approve the budgets, and consequently, the lack of financial for the public activity.

Last 30th of September, House of Representatives, controlled by Republicans, and Democart-controlled Government didn’t agree about deadline of health assistance law, which provoke the government shutdown. This brought along with sending 800.000 public servant to their homes and the activity of all the agencies in United State which are considered not critical stopped. Moreover, and due to the government has reached the top of approved budget, if new budget is not approved, United States will declare suspension of payments next 17th of October.

Government Shutdown consequences are a lot, as it can be imaged. Following we are going to analyses this situation from different perspectives:

 For agencies in United States:

Agencies are stopping their activities and carrying out the different contingency plans associated to each one. Those plans will be published in the following link of the White House

For Government agencies providers

It’s clear that the Government activity generate business for a lot of providers. These providers will be affected, because activity is going to decrease and so the ingress. Depending on the time that takes the shutdown, the looses in the providers will be growing. It’s difficult to thin on a contingency plan covering this situation, but assurance.

For companies depending on services of Government

There are a lot of companies which have dependencing on the government activity. Apart from the administrative activities, we are talking about, for example, public transport, needed to take people to their workplaces or custom services, needed to imports.

For Public servants

As said before, the shutdown is going to send close to 800.000 public servants to their homes, without salary, until the Congress approve the new budget. This situation can carry some finantial problems to their families, and each public servant will have to manage with measures that will anticipate, if they have done before.

There are other agents afected, like those ecompanies with a very high dependency on retail trade or al thouse business denpending on agencies actions. As an example, the validation of mobile phones.

From a the perspectgive of administration as a provider of business continuity services, companies and continuity responsables in United States has to take into account that the following services are affected:

• FEMA: the disaster recovery information is not beeing up to date, although it has been asking for help trough disasterassistanc.gov
• Ready.gov, the website information is not up to date.
• The NOAA (National  Oceanic and Atmospheric Administration) is not operative, and the NHC(National Hurricane Center) is operative and working properly.