Transcript File
Matt Runyan Network Consulting Engineer, Cisco Systems – Tactical Operations [email protected] March 2014 © 2013 Cisco and/or its affiliates. All rights reserved. 1 Thanks to: Rakesh Bharania NCE,Cisco TacOps For initial Networked EOC whitepaper, available upon request © 2013 Cisco and/or its affiliates. All rights reserved. 2 • Network Consulting Engineer, Cisco Systems - Tactical Operations • Volunteer Firefighter / EMT-B, Apex (NC) Fire Department • Communications Unit Leader (COML), NCTF-4 USAR (Type III) © 2013 Cisco and/or its affiliates. All rights reserved. 3 3 • About Cisco Tactical Operations • Connected EOC Concept and Design • IT/Security Considerations • EOC Communications Suite Resiliency Redundancy Voice/Video/Data Interoperability • Testing Your Solution & Training People • Q&A • Conclusion © 2013 Cisco and/or its affiliates. All rights reserved. 4 © 2013 Cisco and/or its affiliates. All rights reserved. 5 Team Mission To deliver a unique level of service in corporate and individual risk mitigation, critical network availability, and rapid recovery from natural or man-made disasters through a highly skilled team of operational and technical experts. © 2013 Cisco and/or its affiliates. All rights reserved. Team Focus Areas Corporate Social Responsibility / Emergency Response Internal Support Industry Influence and Thought Leadership Business Enablement and Consulting 6 • Network Emergency Response Vehicle (NERV) • NIMS Type II Mobile Communications Center • Large scale network services core • Emergency Communications Unit Trailer (ECU) • NIMS Type III Mobile Communications Center • Large scale network services core • C17 airlift capable • Mobile Communicator Vehicle (MC2 / MCV) • NIMS Type IV Mobile Communications Center • Medium scale network services core • Emergency Communications Kit (ECK) • Rapidly deployable communications capability • Airline check-in or carry-on form factors • Each platform evolves as technology improves! “Respond locally, communicate globally” © 2013 Cisco and/or its affiliates. All rights reserved. 7 • Satellite, BGAN, 4G Cellular • Land Mobile Radio (LMR) • Cisco IPICS • Cisco Wireless LAN (Mesh) • Cisco Unified CME (VoIP) • Cisco TelePresence (over satellite!) • Cisco Video Surveillance • Cisco Digital Media Encoder • Cisco ISR routers (DMVPN, IPsec, WAAS) • Security (Firewall and IDS / IPS, Web Security Appliance) © 2013 Cisco and/or its affiliates. All rights reserved. 8 Portable self-contained kit Cisco Branch Office Router Rapidly deployable Wired and wireless IP phones Ruggedized shock-mounted case Switch Easily integrated with satellite or other Internet backhaul © 2013 Cisco and/or its affiliates. All rights reserved. Wireless access points UPS 9 © 2013 Cisco and/or its affiliates. All rights reserved. 10 Coordinating Resources Policy Making Operations Information Gathering Public Information Dissemination Hosting Visitors © 2013 Cisco and/or its affiliates. All rights reserved. 11 • Location and potential hazards First you must survive the disaster, then respond • Building layout and Personnel support • IT and Information Security in Critical Path • Understanding workflows & NIMS Requirements • Within EOC (individuals / teams) • EOC to outside agencies & entities - interoperability • The EOC Communications Suite: • • • • • Resiliency and Redundancy of key functions / systems Information Security in the EOC IP Telephony and Video Systems Wireless Networks Remote Access and Interoperability Systems © 2013 Cisco and/or its affiliates. All rights reserved. 12 Implication: Engage your IT and Information Security resources early and often! © 2013 Cisco and/or its affiliates. All rights reserved. 13 • Example: “Watch Desk” -> IC -> Operations -> Logistics -> Finance/Administration • Have backup points of contact or line of succession for key positions. • Workflows can influence physical layout of building (video walls, breakout rooms, separate area for media) • Individuals may be grouped by ICS Position, Branch or other function (Logistics, Law Enforcement / Fire / Public Works, etc.) • Smooth flow of information for best situational awareness is critical for crisis decision-making © 2013 Cisco and/or its affiliates. All rights reserved. 14 • Information Sharing for Situational Awareness • Mutual Aid / Resource Requests • With whom do I need to talk to and share information? • • • • Peer Level: Adjoining Cities / Counties Higher Level: County -> State, State -> Federal Lower Level: State -> Regional, Regional -> County Other Organizations: Military, Utilities, Red Cross, VOAD, Fusion Centers, Businesses • Public Information: News Media, Social Media (value in two-way conversation) © 2013 Cisco and/or its affiliates. All rights reserved. 15 © 2013 Cisco and/or its affiliates. All rights reserved. 16 • Telephone (internal PBX systems, PSTN and NAWAS) • Land Mobile Radio Systems • Email, file sharing and group collaboration (Intranet websites, wikis, chat tools, web-based meeting tools) • Specialized apps, incident management tools and databases (WebEOC, E-Team, CAD, NCIC/DCI, resource catalogs, HR, finance, digital signage, EAS/IPAWS, etc.) • Video tools (Video Teleconferencing, video surveillance, analytics) • Remote access (VPN, Email and Web) • Mobile Apps for Smart Phones & Tablets • Wireless Intranet and Internet access for employees and guests © 2013 Cisco and/or its affiliates. All rights reserved. 17 • Typical Threats: Service Disruption Network abuse Unauthorized access • Defense in Depth (policies, awareness, firewalls, AV, content filters, IDS, etc.) • Suite of tools (detection, reporting, alerting, mitigation, auditing) • Maintain some ease of use - otherwise, users will circumvent security © 2013 Cisco and/or its affiliates. All rights reserved. 18 • Redundant network hardware and cabling • Independent A/B Power feeds • Server clustering for High Availability • Data backup and restore • Cloud services – do your homework! • Sometimes, less complex = more reliable • Cost vs. reliability tradeoffs © 2013 Cisco and/or its affiliates. All rights reserved. 19 • Converged IP voice and data network = flexibility • Remote access for alternate locations and mobile workers • Stable Power required for stable communications - Redundant generator / UPS systems with aggressive PM • Redundant circuits – diverse media e.g.: DS-3 and VPN on business-class cable modem, 4G, VSAT • Physical path diversity: backhoe example • Good relationship with service providers. Know escalation paths! • TSP on critical circuits http://www.dhs.gov/telecommunications-service-priority-tsp • Document and test “failover” processes © 2013 Cisco and/or its affiliates. All rights reserved. 20 • Resiliency: Where does my data live? Known hazards? • Resiliency: Backup and Restore documented and tested • Redundancy: Redundant HW, network, power, etc. • Redundancy: Options for local production and cloud DR instances • Security: Who has access and control? • Security: Do provider’s security measures meet requirements? © 2013 Cisco and/or its affiliates. All rights reserved. 21 • Increased Flexibility • Decreased TCO • Unified Communications (voice, video, chat, voicemail, fax) • “Survivable” solutions resilient to server failures • Cloud services – do your homework! • Proper design is imperative (Capacity, Quality of Service) • Underlying network must be stable © 2013 Cisco and/or its affiliates. All rights reserved. 22 • Enhanced collaboration experience • Real-time information for situational awareness (CCTV surveillance / traffic cameras, analytics) • PC Desktop screen sharing capabilities • Dedicated VTC units, PC, smartphone, tablet apps • Web-based services for meetings • Video walls for common operational picture © 2013 Cisco and/or its affiliates. All rights reserved. 23 • VPN Software allows Work-from-Anywhere flexibility • Hardware Solutions for single, multi-user sites or vehicles © 2013 Cisco and/or its affiliates. All rights reserved. 24 • BYOD (Smartphone / Tablet) • Laptops and USB Dongles • Backup connection methods • Guest vs. Trusted user access • Interference mitigation technology • WiFi: 2.4/5.8 GHz - shared 4.9 GHz Public Safety Exclusive • 4G/LTE: Commercial networks FirstNet 700 MHz for Public Safety © 2013 Cisco and/or its affiliates. All rights reserved. 25 • More than just radios! • Voice, Video and Data sharing • 5 Rights of Emergency Communications: • • • • • Right Information Right Time Right Person Right Format Right Device • Many solutions: choose carefully (and implement even more carefully) • Poorly implemented interop solutions cause more harm than good © 2013 Cisco and/or its affiliates. All rights reserved. 26 © 2013 Cisco and/or its affiliates. All rights reserved. 27 • Give employees (and volunteers) the proper training to operate in sub-optimal environments • Ensure periodic opportunities to learn updated processes and technology • Set goals for each individual in what they are expected to do in each situation • Seek feedback on how to improve processes after exercises and actual events © 2013 Cisco and/or its affiliates. All rights reserved. 28 • Design realistic scenarios: Success can build morale, and stress helps find weaknesses • Develop exercise injects based on real-world issues • Include EOC Building evacuation scenarios often overlooked (e.g. fire alarm, hazmat, bomb threat) • Involve your PIOs and IT and other support staff in addition to traditional responders • Test failover and relocating to alternate sites: Do all critical processes and tools still work? • Document results, seek feedback and work to improve for “next time” - on a real incident or exercise © 2013 Cisco and/or its affiliates. All rights reserved. 29 © 2013 Cisco and/or its affiliates. All rights reserved. 30 On Cisco.com: http://www.cisco.com/go/tacops Email: [email protected] Facebook: Cisco TACOPS http://www.facebook.com/cisco.taco ps Twitter: @CiscoTACOPS Slideshare.net: ciscotacops © 2013 Cisco and/or its affiliates. All rights reserved. 31 • Cisco Tactical Operations: please engage with us and tour our vehicles! • Connected EOC Concept and Design • IT/Security Considerations • EOC Communications Suite Resiliency Redundancy Voice/Video/Data Interoperability • Testing your solution © 2013 Cisco and/or its affiliates. All rights reserved. 32 Thank you. © 2013 Cisco and/or its affiliates. All rights reserved. 33