http://www.networkworld.com/news/2006/031306-avian-flu-it-plans.html
By Denise Dubie and Tim Greene NetworkWorld.com 03/09/06 If the avian flu hits the United States big time, the IS department for the Bloomberg School of Public Health at Johns Hopkins University in Baltimore could have a big-time problem. It sits across the street from the Johns Hopkins Hospital where a high number of infected patients could be treated and where a large percentage of the staff travel widely as part of their jobs, increasing the likelihood they could come back infected. "Our biggest fear is that we won't be able to get back to our data center for an extended amount of time, so we set up systems that would make it accessible remotely," says Ross McKenzie, the IS director for the school of public health. The school could have the problem covered, though, considering it has addressed remote control capabilities for PCs and server by buying 550 GoToMyPC licenses that lets network administrators log in via Web-based clients. "Every IT function, except maybe for the physical help desk, can be performed remotely at this point." Preparing corporate data center operations for an outbreak of the avian flu requires long-term planning, but not enough IT executives are planning far enough ahead, according to surveys. For instance, of 167 government workers across eight federal departments 44% don't know how they should react to a flu emergency, according to a poll by Telework Exchange, an online forum trying to quantify how much teleworking goes on in the federal government. A survey last month of 300 Minnesota business officials found most thought a flu pandemic would significantly affect their business, but only 18% had preparedness plans in place. The poll sponsored by the University of Minnesota Center for Infectious Disease Research and Policy found that close to two thirds said they were already prepared or somewhat prepared to move employees to remote locations or let them work at home, while 29% said they were not prepared. The H5N1 influenza virus, which originated in Asia, could hit the U.S. this fall, potentially causing an epidemic, the nation's chief avian flu coordinator warned. It can be transmitted from birds to humans via close contact, but not from human to human - yet. Flu experts say mutations are almost certain to create a strain that supports human-to-human transmission. The resultant pandemic will make 75 million and 90 million people sick in the U.S. with up to 2 million deaths, according to the U.S. Congressional Budget Office. Some businesses have the basics of plans in place, such as White Electronic Designs in Phoenix. "We've given consideration to the avian flu situation as part of our enterprise risk management program," says Jim Kritcher, vice president of corporate information technology for the firm. He says plans call for asking workers returning from areas where flu has struck to work from home for a period afterward to avoid infecting others at corporate sites. And the company would conduct as much work in general remotely. "We would certainly be susceptible, especially since we have employees traveling to Asia on a regular basis. We do a significant amount of manufacturing in China," he says. For many companies, VPNs are the mainstay for their disaster plans. "It's the lynchpin of our remote access," says Paul Beaudry, director of technical services for JRI, the largest agribusiness company in Canada based in Winnipeg, Manitoba. The company has dual Aventail SSL VPN gateways installed at its headquarters site that support 800 employees for accessing e-mail and about 25 work-at-home employees. But in the event of flu, that number would rise drastically, and the company would buy more VPN licenses and turn up more applications. The entire IT staff of 15 has been trained to increase the number of applications available through the gateway and to increase the resources employees are authorized to reach over the VPN, he says. So even if some of the IT staff is out of commission, someone will be able to set up the VPN for those able to work from home, Beaudry says. Similarly, Kritcher says White Electronic Designs will use its Cisco VPN concentrators to support remote access as well as thin clients to access applications remotely. The concentrators can scale to handle extra concurrent users, he says, but during an emergency, the number of people trying to connect via the VPN could strain WAN connections and result in slow response time or failure to connect altogether. "So we are testing procedures to reconfigure the WAN links such as wireless IP currently used for failover and redeploy them to support additional VPN traffic," Kritcher says. In the case of the Johns Hopkins health school, VPNs were too expensive for the needs, says McKenzie. "We didn't want something that could be open to everyone when we weren't entirely sure, considering the situation, who or how many would need to use it," he says. Such planning is essential, according to Gartner, which has published a report called Prepare Now for a Coming Avian Influenza Pandemic. "Enterprises should take the widespread agreement on the strong likelihood of a pandemicÂ…as a signal to take immediate action," says Ken McGee, the Gartner analyst who wrote the report. "By mid-2006, have in place completed pandemic/IT response plans." He recommends preparing lists of the most important knowledge workers on staff and figuring out how they can work from home for extended period. In addition to network access, they'll need the ability to conference with co-workers, customers and business partners, McGee says. Still, with all the planning in the world, there is only so much IT executives can do, Beaudry notes. "You've got a human fear factor, and you may have people reacting in a way you couldn't predict," he says. "You've may have a quarantine situation and business can be impacted - there's no question. But you have to keep the business running." All contents copyright 1995-2005 Network World, Inc. _________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
