Article by Homeland Security News Wire

Published April 17, 2013

The White House on Tuesday threatened to veto the cybersecurity bill drafted by the House of Representatives. The house is expected to vote on the bill later this week. The cybersecurity bill died in the Senate last August after the White House said it would veto the bill.

The White House on Tuesday threatened to veto the cybersecurity bill drafted by the House of Representatives. The house is expected to vote on the bill later this week. The cybersecurity bill died in the Senate last August after the White House said it would veto the bill.

Yahoo News reports that in a repeat of last summer, the Obama administration issued a new veto threat over the bill, which is co-authored by House Intelligence Committee chairman Mike Rogers. The  administration says the legislation needs to  protect private information better, and that it gives too much liability protection to companies.

“The Administration still seeks additional improvements and if the bill, as currently crafted, were presented to the president, his senior advisors would recommend that he veto the bill,” the White House  said Tuesday.

To secure  White House support and address the objections  of civil liberty groups, the Intelligence Committee made changes to the wording of the bill, but these changes only made the panel’s proposal  similar to the bill which  was unsuccessful last year.

The changes include a provision which prevents companies from using information they receive for anything but cybersecurity purposes, and added roles for privacy and civil liberty oversight.

“The Committee adopted several amendments to (the bill) in a good faith effort to incorporate some of the administration’s important substantive concerns. However (it) … still does not address these fundamental priorities adequately,” Caitlin Hayden, a National Security Councilspokeswoman, said.

The White House has been seeking a more comprehensive bill, which would set minimum security standards for critical companies. Michelle Richardson of the American Civil Liberties Union said the veto threat was “completely justified” and that the bill has an uncertain future in the Senate.

Published April 17, 2013

In the last few years the money DHS has allocated to states  to purchase equipment and develop  first response and disaster recovery plans has dropped off significantly.

The Herald.net reports that federal grant spending on state and local homeland security is currently at an all-time low. The DHS  formula grant program was at an all-time high of $2 billion in 2003, but last year the program had only $294 million, and as a result of the sequester, another 5 percent will be cut from the program.

In Massachusetts, funding from the program has dropped 76 percent in the last five years, and the state received just $4 million dollars last year, according to the Federal Funds Information for States.

Ben Bawden, a government affairs consultant representing the National Fusion Center Association and the Association of State Criminal Investigative Agencies, said that in addition to funding being down significantly, domestic attention to responding to bomb threats has also fallen off.

Bawden told Herald.net that bombings are typically seen as an overseas concern for which local and state law enforcement agencies do not have the proper training to respond.

“It’s been a fatalistic view by state and local law enforcement agencies. We just don’t have a good way to increase the level of awareness or ability to detect and mitigate bomb threats and they (law enforcement officers) are all saying, ‘It’s just a matter of time before someone explodes a bus, a car or a trash can.’” Bawden said.

One reason for the cuts is the perception  that there have been many instances of the money being wasted. According to a report assessing the use of federal grants on homeland security, several  cities and  states have wasted federal grant money.

Michigan used grant money from the program to purchase thirteen snow-cone machines. Officials in Illinois wasted $45 million on a video surveillance system which failed. In Columbus, Ohio, officials spent $98,000 to purchase an “underwater robot” which officials said would be used to assists in underwater rescues, although the state is landlocked.

Another factor for the drop in funding is the fact  that the money was granted on a per capita basis. This meant that  smaller states facing little or no terror threats often received more money, on a per capita basis, fromDHS than New York or California. Of the top five cities receiving DHS grant funding, only  Washington, D.C.  could be considered a prime  terrorism target. New York City was ranked 10^th in DHS formula grants.

Senator Tom Coburn (R-Oklahoma) says the program and others like it lack clear intent.

“We cannot secure liberty and guarantee security simply by spending more and more money in the name of security,” Coburn wrote in a Senate oversight committee report in December. “Every dollar misspent in the name of security weakens our already precarious economic condition, indebts us to foreign nations, and shackles the future of our children and grandchildren.”

Despite the cuts at the federal level, Bawden believes that in the days following the Boston Marathon bombing, things could change.

“We are going to see state and local law enforcement, lawmakers and governors saying that they want to take steps to minimize this; that need the resources to train people to respond, and minimize this from happening again,” Bawden told Herald.net.

Article by Homeland Security News Wire

Published on June 12, 2012

A data protection specialist developed best practices guidelines to assist businesses along the Atlantic coastline to assess their business continuity in preparation for the hurricane season

Recall, a data protection specialist, the other day issued records information management (RIM) best practices guidelines. Recall says that as hurricane season begins, the company developed these guidelines to assist businesses along the Atlantic coastline to assess their business continuity in preparation for the hurricane season. Recall has experience in managing business records in more than twenty countries.

The guidelines help businesses examine their RIM program and how this program works in conjunction with a company’s business continuity execution. Recall’s strategies include specific guidelines to mitigate document loss and damage in hurricane season, including:

• Methods to create and implement a records information management plan, detailing the past and current lifecycle status of documents.
• Techniques to perform full risk assessments of physical security of critical documents.
• Strategies to collect and store critical documents and computer backup tapes in a secure, hurricane-proof, off-site location.

“Hurricanes offer little time for organizations to secure documents, making it critical to address business continuity concerns ahead of time. The time to develop a RIM plan is now,” said Barry Medintz, global vice president and general counsel at Recall. “Without a strategy in place, organizations increase their business risk in the event of a devastating hurricane.”

Additionally, lost or damaged documents can place organizations outside of strict compliance regulations, such as HIPAA, HITECH, and Sarbanes-Oxley, which require the retention of volumes of sensitive records.

“Communicating a clear and uniform RIM plan before hurricane season is key,” said Mark Emery, global director of record information management consulting services at Recall. “Creating an effective strategy requires coordination across all departments and a thorough audit of all documents. While not a simple task, this preparation will put organizations in position to account for documents that are most critical to business continuity.”

March 1, 2013

Business Impact Analysis (BIA) Objective

The objective of the BIA for any business continuity plan is to itemize and prioritize a company’s most critical business operations, internal resources, and internal and external support dependencies.  Part of this process is the identification of the recovery time objectives for each of the mission critical functions.

What should be avoided in the BIA is any itemized listing of detailed business processes, work procedures, and resources that are of no consequence to the critical overall enterprise functions.  A clear distinction should be made between descriptions of mission essential operations and lists of detailed work procedures. Descriptions of individual work procedures do not belong in the BIA.  Those descriptions just add unnecessary bulk to a business continuity plan.  If business unit processes, operations, and resources don’t contribute directly to the mission essential operations, then they should be considered for inclusion in the details of the business unit recovery plans. Identifying critical resources and prioritizing the recovery time objective of each critical business operation is crucial for a viable BIA.

Characteristics of Critical Business Functions

• They are strategic in nature. They promote the mission of the company or organization
• They are important to the customers whose livelihood may depend on those functions
• Their interruption or loss has an immediate adverse impact on the company and customers to perform their tasks.

Importance of BIAs

It is important to understand that the primary purpose of the BIA surveys is to obtain information on company resources and business dependencies that are needed to sustain the company’s most critical business operations.  It is too late to try to compile lists of these company resources during or after an emergency particularly if that information is either damaged, destroyed, or otherwise just not readily available in the first few hours of the beginning of an emergency.  Listing of critical resources before an emergency is particularly crucial in large companies with diverse and multiple business operations and employees in various occupations, widely separated work locations, and even shifts.

BIA Survey Methodology

The business impact analysis (BIA) begins with a survey distributed to company employees to obtain information that is important in the response to an emergency potentially affecting critical business operations and the recovery of those critical business operations that are damaged by an event.

Most BIA surveys have previously been done on paper surveys that are laboriously handed out to company employees.  Automated BIA surveys are becoming the norm to obtain data quickly and efficiently with the ability to more easily adjust and change data than previously possible.  Web based BIA tools such as Continuum ™ facilitate the distribution of BIA surveys, controlled sharing of information, and overall ease of BIA data administration.

BIA surveys normally contain questions requesting information on employees, office equipment, computers and communications equipment (also known as information technology (IT) equipment), paper and automated data, and similar information.  What is frequently not explicitly explained in the instructions at the beginning of BIA surveys is that the primary purpose of these BIA surveys is the need to document information on company resources that are “critical to the continued operation” of the company enterprise.  Often, these resource lists are either inadequate because they don’t list all critical resources or employees “fluff” up the lists with too much data that is of no consequence in the recovery of their company’s critical operations.  Too much unnecessary information serves no useful purpose and increases the difficulty of emergency responses and business recoveries.

BIA Survey Data

The following data is needed to ensure the accomplishment of a complete BIA:

1. List each unique business organizational unit including the respective supervisor and relationship to the whole of the business enterprise.  In other words, list each primary and subsidiary business unit of the company.  Normally, a business unit is identified as a group of employees with a supervisor.

Numerous and diverse business units and employees within large companies may not be fully knowledgeable of each other’s operations and functions.  Identification of this data is necessary in the BIA because the diversity and size of many business units will make the determination of the status of the various business operations very difficult during the chaos of an emergency.  This data is later used in the BIA process to prioritize the critical processes.

Part of this list should be the identification of all “critical” employees within any business unit.  Criticality of employees should be analyzed in the context of the significance of the work they perform for critical operations and the skills they bring to do that work.  Not all employees perform critical operations and this would be very true during an emergency when “business as usual” is reduced.  This is a very sensitive issue with employees and their supervisors and must be handled with the utmost of care because most employees take pride in their work.  The same reasoning applies to the identification of other “critical” resources and equipment within any business unit.  This is discussed further below under resources.

Only those critical employees needed on site during an emergency or at an alternate recovery site (if there is such a site) during the recovery should be listed.  Additional employee lists such as those used for recalls should be maintained by the respective business unit supervisors.  Business unit employee contact lists (also sometimes called Call Trees) should list all employees of each business unit.  The supervisor of each respective business unit should be expected to maintain only the employee contact data their employees.

2. BIA survey should identify the mission essential operations of the overall company and the critical operations within each subsidiary business unit that “directly” support the overall company mission essential operations.

List the critical organizational operations including:

• Frequency of the operations
• Contribution to the company’s revenue
• Recovery time objectives (RTO)

The frequency of the operations pertains to the number of times the processes are performed.  An example of this would be the data backup schedules, legal reports, and employee pay cycles.  Notice these references are for “operations”, not procedures on how the operations are accomplished.

The RTO is the timeframe within which the loss of a process would begin to seriously degrade the company’s overall operational performance.  The RTO is normally shown in terms of the minimum number of hours or days the company needs for a particular function to be operational.  For example, if a company needs Operation “X” to be operational within 18 hours, then 18 hours becomes the RTO for that particular operation.

The contribution to the company’s revenue is a critical factor in that the loss of a revenue contributing operation could seriously affect the company.  Equally important to remember is the need to consider non-revenue factors when determining the criticality of a process.  For example, could the company’s overall credibility be affected if a process is not operational?  A case in point would be the loss of ATM operations for a bank. For some companies, such as banks, there are legal reporting requirements for certain operations and the loss of those operations would be serious even if they don’t contribute any revenue.

Operational Dependencies: Part of the data obtained for the operational dependencies should include a prioritized list of those internal or external operations (with their RTOs) that must be completed in order to accomplish subsequent operations.  This is particularly true, for example, if a critical process is dependent on another process before it can be operational.  For example, Operation “X” can only work if it is dependent on a critical computer application.  Data transfer, for example, may only be accomplished if the communication equipment, which may be operated by a separate company, is operational.

Lists of internal and external dependencies should be obtained and maintained regularly to include all necessary point of contact information for emergencies.  This information may include some of the following:

• Support Services (e.g. transportation, supply, manufacturers, equipment and site maintenance)
• Communication support
• Utilities
• IT support
• Legal
• Contracts
• Facility maintenance

3. All resources affecting the critical business operations should be listed and prioritized according to their business unit and RTO.  This list should include office equipment (e.g. copiers, PCs, etc.,), IT equipment, software, and communications, office furniture, and internal/external dependencies.

Since business operations during an emergency are not “business as usual”, employees should not expect to have all the dedicated resources they have during normal times.  This is particularly true if they will be temporarily operating at an alternate recovery site with limited physical amenities and degraded operations.  Consequently, it is up to the COOP/BCP coordinator to work with the supervisors to ensure only truly needed resources are listed.  All employees must understand they will be required during an emergency to share among their business units such equipment as phones, copiers, fax machines and maybe even desks.  It is therefore important to identify resources that will be shared versus dedicated.

If the company has its own IT department or a complex IT support structure, the following data should be obtained in the BIA survey for insertion in the details of their IT business unit emergency recovery plans:

Computer equipment listing by

• Type
• Manufacturer
• Vendor
• Replacement cost
• Replacement time

Computer software

• Type
• Version
• Vendor
• Licenses (including licenses for operations at additional/secondary sites in case they operate at an alternate recovery site.

Schematics and Configurations of:

• IT equipment
• Software
• Communication  (include external dependencies such as ISPs)

It is very important to identify during the BIA survey the internal/external dependencies and RTOs among the software applications and the critical business operations.  This information is crucial to ensure the mission critical operation RTOs are correctly synchronized with the RTOs identified for the IT computers and software applications (and vice versa).

For example, if the RTO for Operation “X” is 12 hours but the RTO for computer application “Y” is 20 hours, then the RTO for Operation “X” must be adjusted (i.e. increased to 20 hours or higher) to accommodate the recovery and operation of computer application “Y”.  RTOs for all computer operations and critical operations must be synchronized to ensure the orderly recovery procedures from an emergency.

4. All vital records should be listed and prioritized to support continuity and restoration.  This list should include the type of records maintained and their specific location.  The location of all vital records, paper and automated, should be clearly identified to facilitate their recovery and determination of condition.  Ideally, the employee responsible with contact information should be listed next to the respective vital record.

August 28, 2012

Many organisations perform annual disaster recovery exercises, inan attempt to prove their organisation’s (or IT supplier’s) ability to recover the IT infrastructure and/or software systems in the event of a catastrophic loss of data centre. During these exercises, more often than not, the systems recovered undergo only a cursory level of unit testing and rarely (if ever) an integrated end-to-end test with the other continuity plans.

In reality, the most likely plan of the Continuity Management programme to be implemented is the Business Process Continuity Plan (BPCP). The BPCP may be activated for any IT services disruption, whether the IT Service Continuity (ITSC)/Disaster Recovery (DR) Plan is invoked or not. It is the responsibility of this plan to outline the activities the business area will perform throughout the entire event of an IT service disruption – from time of incident to the resumption of normal business function.

Further to the BPCP, the ITSCP/DRP needs to clearly articulate its relationship with the BPCP, and the ITSC/DR Plans of its upstream, downstream and critically dependent systems. Integration of the various continuity plans, processes and procedures (see Figure 2) is an essential factor in providing evidence to the organisational stakeholders that the Enterprise is well prepared to weather any IT services disruption. Far too often, many ITSC/DR Plans rely on the assumed knowledge of the implementer and are rarely revised to maintain currency with changes in technology, system infrastructure or software upgrades.

Leaving the documentation unchecked and unreviewed introduces a new, unforseen and often untested risk that when the time comes to use the documents in a real event – that they will be incorrect, out of date, or contain too much assumed knowledge to provide any real assistance in recovering the system and/or maintaining continuity of business function.

End-to-End Continuity

Testing for integrated End-to-End Continuity is, ideally, a detailed and systematic review of the organisational continuity plans, processes and procedures to determine their level of adherence to, and compliance with, the organisations pre-established standards and policies, and their alignment with the industry best practices and international continuity standards.

Industry bodies of best practice and standards include: The Business Continuity Institute (BCI), Disaster Recovery Institute International (DRII), International Organisation for Standardization (ISO), Office of Government Commerce’s IT Information Library (ITIL), British Standards Institute (BSI), Prudential Standard, Standards Australia (SAI Global) and the US National Institute of Standards and Technology (NIST).

A holistic continuity solution anticipates the entire service disruption, end-to-end and employs integration and interoperability of its individual plans. Best practice is to evaluate the Continuity plans, processes and procedures, through simulation of one or more major or catastrophic IT service outage (disaster) scenarios across the entire disruption lifecycle.

Proving the ability to recover and teaching exercise participants how to perform business continuity are common objectives during most Business Continuity or IT Service Continuity exercises and rehearsals. Testing, on the other hand, is about finding the areas for improvement in the plans, processes and procedures.

Improved Quality

End-to-End testing enables the Test Team to identify risks, weaknesses and gaps within and across the entire breadth of Continuity plans and strategies, and enables the organisation to benefit from its Business Continuity programme.

Tangible Benefits

• Improved protection of shareholder value
• Compliance with regulatory requirements
• Reduced operational downtime
• Lower cost of operation during a disruption
• Reduced losses as a result of a disruption
• More cost effective recovery  / continuity implementation
• Improve customer service
• Reduce impact of service disruptions
• Minimize duration of outages.

Intangible Benefits

• Preservation of market base
• Improved operational resilience to unforeseen disruptive events
• Protection of brand reputation
• Improved efficiency in continuity processes
• Managed exposure to risks associated with business disruption
• Provision of competitive advantage
• Improved staff confidence
• Increased shareholder confidence
• Reduction of risk.

Reduction of Risk

The biggest exposure to risk of any organisation is the implementation of an ‘untested’ plan, or the expectation that ‘untested aspects’ of a partially tested plan will function as well as the tested components.

Continuity Plan Validation

End-to-End Continuity Testing is about validating the effectiveness, completeness and accuracy of the Plans, holistically and integrated across the suite of Continuity Plans. Its focus is to find as many defects (things that are wrong with the plans) as possible; enabling them to be rectified and resolved – improving both the individual Plans and their integration.

An End-to-End test would span the entire event from time of incident, its detection, and the escalation to failover; all whilst executing the appropriate aspects of business continuity. Figure-3 outlines, at a high-level, some of the plans/processes that may be enacted during the incident lifecycle. Preliminary BCP, BPCP and/or ITSCP activities includes standard incident management processes, where the organisation attempts to resolve/rectify the incident to prevent an untoward invocation of a continuity plan.

Capgemini Group employs a range of testing strategies to validate the consistency of the Continuity plans and strategies including:

• Static testing
• Functional testing
• Non-Functional testing
• Point-to-Point (plan to plan) testing
• End-to-End scenario testing
• Cluster (processes and sub-processes) testing
• Black box / White box testing
• Audit and Compliance testing.

A Successful Test?

Successful continuity testing is not the same as successfully executing a continuity or disaster recovery plan. As the goal of testing is to discover defects in the plan, a successful test is the test that does not successfully execute all aspects of a continuity or disaster recovery plan; due to the vast quantity of defects revealed. In fact: the more defects identified the more successful the test.

If the organisation is exercising the Plan to prove its continued capability in recovering their systems, then a strict test exit criteria is recommended; e.g.

• All planned testing has been completed: 100% of planned test cases executed; or if a planned test case could not be executed, information advising the  reason and/or justification for non-execution provided; along with approval by the Continuity Manager
• Nil occurrences of defects which prevent, impede or severely hinder Continuity
• A maximum of five moderate defects, with remediation action plans documented
• A maximum of ten minor defects, with remediation action plans documented.

If 100% of test exit criteria is not, or cannot, be achieved, then the rehearsal exercise is not successful. Partially achieved is not achieved.

Successful rehearsals of one or more individual continuity plans – in isolation of the other – may provide the organisation with a cursory level of comfort that, should the unthinkable occur, their business and IT groups will handle the incident. But rehearsals do not validate the efficacy of the plans.

Integrated End-to-End Continuity Testing is essential to ensure a higher degree of consistency with both industry best practices and international standards, such as ISO 9001:2000 (Quality Management Systems), ISO/IEC 27001:2005 (Information Security Management Systems), ISO/IEC 20000:2005 (IT Service Management) and the new international standard ISO 22301 (Preparedness and Continuity Management Systems).

Regular audits, walkthroughs and testing of the organisational continuity plans, processes and procedures – combined with understanding of best practices and international standards provides a higher-quality integration continuity solution to the Enterprise and its business (Figure 4).

Beyond conformance to industry standards and best practices, an Integrated End-to-End Continuity Test programme is an indispensable asset toward ensuring that the organisations Continuity Plans will work when needed most.

Impact of an IT Service Disruption

During an IT service disruption, one in which the continuity plans are activated, unless regularly reviewed and tested, it is likely that the plans will not be current or contain a sufficient quantity of gaps in processes and procedures to inhibit their usefulness when implemented.

It is for this reason that the Business Continuity Plan, the Business Process Continuity Plans, the IT Service Continuity (Disaster Recovery) Plans and the Recovery Validation Procedures need to be clearly documented, integrated and regularly tested to ensure their currency with today’s business operations.

A major or catastrophic IT services disruption will require the activation of one or more ITSC/DR Plans. And, it will mandate the activation of the Business Process Continuity plans, aspects of the Business Continuity Plan and potentially the organisational Crisis Management plan. Continuity documents need to be effectively and accurately integrated, covering all aspects of continuity from time of incident, through Plan activations, data resynchronisation and/or reconstruction, and the eventual resumption of business processing.

In contrast to the traditional DR approach of planning solely for the least probable scenario involving a total loss of the data centre, other resiliency strategies such as high-availability and active-active implementations, disaster tolerant systems, and pseudo-real time data replication across multiple sites are becoming more prevalent in the delivery of IT Service Continuity.

As each new strategy and solution is implemented, the need for integrated continuity planning increases – as does regular testing that the plans continue to maintain their currency with the solutions deployed.

By: John Glenn, MBCI

April 12, 2012

Too many practitioners overlook an organization’s most critical risks. We worry about a variety of risks and ways to avoid or mediate them, often at great cost to the organizations.

We promote responder training. Hopefully we also promote both in-place sheltering and evacuation exercises, not forgetting that some folks are less mobile than others.

What we rarely seem to do, however, is train the folks on the ground to be First Alerters.

We need to apply the admonishments we hear at the airports and other transportation hubs to the organization’s operations and we need to act on this feedback. The admonishment, in its most simple words, is “Be aware of your surroundings. If you notice anything suspicious, tell someone”.

Employees know what sights, sounds, noises, and smells are “normal” for their environment. They need to be encouraged to be aware of any changes to those sensory inputs.

Imagine you are walking around your neighborhood. Animals are scurrying about, birds are serenading you -all is right with the world. Suddenly everything becomes still. The animals disappear and the birds are silent. You notice that. If you are more than six years old, you recognize that this change in your sensory perceptions probably means a change – perhaps a drastic change – in the weather.

Now go inside.

You are working at your desk and you start to smell melting plastic. The smell suggests that you look for the source. You find it – an electrical wire that was pinched by a desk is starting to smoke. Left unattended, the wire would catch fire, a fire that could ignite other materials leading to a true conflagration – a disaster.

If you know what to do, and you can act in a timely manner, the disaster may be avoided.

Computers and telephones  pose  risks that, if personnel are alert and recognize danger, can be avoided with minimal impact and at no cost to the organization.

Someone gets an email that the installed anti-virus program flags as carrying malware. Rather than simply delete the offending email, the employee needs to know whom to inform within the IT department  and how to inform fellow employees – “Watch out for emails from the.malware.com domain”. Telephone calls can be a miscreant looking for personal, personnel, or sensitive organizational information.

A situation need not be life threatening to deserve someone’s attention.

A leaking pipe needs to be reported before a “slip-and-fall” situation occurs or before the leak causes damage to the floor and the ceiling beneath it. It is a lot less expensive to put a bucket under a leak than to defend against a personal injury law suit or to replace flooring.

Failing to take advantage of the organization’s most valuable asset seems to me to be nothing short of foolish.

Awareness makes life safer for the staff and it reduces risk to the organization, and the cost is zero or minimal. To me, employee safety awareness is a no brainer that ought to be part of every Enterprise Risk Management program.

Article by Continuity Central

Published April 4, 2012

Source: www.continuitycentral.com

TC223, the ISO Technical Committee that has been developing the ISO 22301 international business continuity management standard, has voted to approve the FDIS (Final Draft International Standard). This means that the standard can now be published. It is currently expected that it will be available by the end of the second quarter of 2012. Its official title will be ‘ISO 22301 Societal security — Business continuity management systems.’

ISO 22313, the guidance document that will support ISO 22301, is currently at DIS (Draft International Standard) stage. Business continuity professionals can make comments on this standard at http://drafts.bsigroup.com/Home/Details/928 The deadline is 11th April 2012.

There is as yet no definitive guidance on when BS 25999 part two will be withdrawn and what the certification transition period will be.

To help business continuity professionals understand more about ISO 22301 and the related transition issues Continuity Central has scheduled a free webinar. This will take place on April 25th and will be presented by our guest standards expert Hilary Estall. For more details and to register, click here.

Article by Homeland Security Newswire

http://www.homelandsecuritynewswire.com

Published April 6, 2012

Missouri governor announces an investment of $16.5 million in federal National Emergency Grant (NEG) funding to create temporary jobs for workers in twenty-nine Missouri counties affected by tornadoes, floods, and severe storms last year

Governor Jay Nixon of Missouri the other day announced an investment of $16.5 million in federal National Emergency Grant (NEG) funding to create temporary jobs for workers in twenty-nine Missouri counties affected by tornadoes, floods, and severe storms last year. Using these funds, the Missouri Disaster Recovery Jobs Program will create 1,347 additional temporary jobs to assist with the ongoing clean-up efforts, as well as to provide workforce development services to those participants in need of reemployment assistance following the completion of their temporary jobs.

“Our state was hit hard by horrific tornados, severe storms and devastating flooding in the past year, but we remain determined to rebuild and bring damaged communities back to normal,”  Nixon said. “Putting folks back to work is a crucial part of that process. This additional investment will significantly expand our Disaster Recovery Jobs Program in the affected counties, making it possible to employ additional Missourians who are temporarily out of work. I urge Missourians in those counties who are looking for work to contact their local career centers today to learn more about this opportunity.”

The governor announced the creation of the jobs program in Joplin last June. Initially, the program authorized $5.8 million in federal funding to hire 404 workers in temporary jobs to assist with clean-up and humanitarian efforts in Jasper and Newton counties following the tornado. At the end of June, the program received an additional $13.9 million to continue assistance to Joplin, and to create another 446 temporary jobs for eligible dislocated workers to assist with the clean-up and recovery efforts in 35 additional counties that were added to the project.

The jobs created under this program will focus on clean-up and humanitarian efforts, such as clearing and removing debris, and public land and facility restoration. The program will provide job and safety training and equipment for each worker, in addition to vaccinations necessary to work in the disaster area. Wages will be commensurate with entry-level pay at the worksite.

Article by Homeland Security Newswire

http://www.homelandsecuritynewswire.com

Published March 28, 2012

The government of Haiti and the UN Development Program launch Haiti’s National System for Disaster Risk Reduction program; the UN says this is one of the first times that a developing country has taken advance measures to reduce the vulnerability of its people and economy to future earthquakes

Haiti’s minister of the interior, Thierry Mayard-Paul and UN Development Program (UNDP) administrator, Helen Clark, the other day hosted a ceremony in Cap-Haitien, putting into action a Seismic Risk Reduction Plan for Northern Haiti.

The Ministry of the Interior of Haiti says that the plan, a flagship project for UNDP and its national partners, is a joint venture between UNDP and Haiti’s National System for Disaster Risk Reduction, under the Ministry of the Interior.

According to the UNDP’s Clark, this is one of the first times that a developing country has taken advance measures to reduce the vulnerability of its people and economy to future earthquakes. “This project is a historical landmark and this is to the credit of the Haitian government, which decided to engage a proactive strategy of risk reduction in order to avoid a similar tragedy to that which struck Port-au-Prince and its region on January 12th, 2010,” she said.

Because of its geographical location, Haiti is exposed to floods, hurricanes, tsunamis, landslides, and earthquakes, with particular vulnerability in the northern regions, which sit atop two tectonic plates.  Although scientists have no way of telling when the next earthquake will hit, they agree that the level of threat in Northern Haiti is high. At the same time, the Interior Ministry notes, Northern Haiti is poised to play a key role in the decentralization that is part of the post-12 January 2010 regional and economic rebuilding for the country. In particular, tourism represents a strategic development opportunity thanks to the coastline and landscape. Additionally, recent international investments in the Caracol-Fort Liberte economic development area enhance the region’s future as a manufacturing center, which the government believes is poised to attract factories and tens of thousands new inhabitants.

Clark emphasized that in order to invest the hundreds of millions of dollars necessary to develop Northern Haiti into an attractive pole for economic activity; Haiti must first ensure the safety of that investment in the face of natural hazards. “The ‘Seismic Risk Reduction plan for Northern Haiti’ will help local and national authorities face this challenge,” she said.

Stressing that the government plans to complement earthquake risk reduction with similar programs to mitigate risks related to cyclones and flooding, the interior minister said, “We are proactively building capacity of our municipalities and departments for seismic-risk management so all Haiti can be better prepared to manage and respond to emergency situations. Programs such as this are close to my heart, as they involve the safety, welfare and lives of our People.”