Natural catastrophes and computer hacking:

two real-world cases of crisis management and resilience

A crisis is any event having an impact on our activities, agents and population, whose severity causes us to put actions in place.

Resilience is, on the other hand, the assessment of impacts in order to withstand and resolve these crises. It’s an effective and coordinated response for minimizing potential impacts and maximizing a return to normal.

Crises have two main causes:

  • human (attacks, cyber insecurity, social crises)
  • Climatic-technological (hurricanes, nuclear, etc.)

As such, they require two different solutions. In fact, crisis management falls within the shared domaines of security, defense and justice, and requires a comprehensive and preventative approach through the cooperation of stakeholders.

 

Hurricane Irma

Using the example of Hurricane Irma, it’s worth noting that this hurricane was the most powerful of the last few decades due to its strength and the destruction it caused, which is estimated to be more than 100 billion dollars throughout all countries affected.

Several islands were involved, and ended up having to put protective measures in place for those affected by the catastrophe:

  • Florida evacuated more than 6 million residents.
  • In Guadeloupe, 8,000 households were without electricity and roads were blocked.
  • In Martinique, the hurricane cut electricity to more than 2,000 households in addition to causing floods.

Which procedures should be put in place during natural catastrophes?

In the face of hardships caused by a lack of electricity, EDF mobilized an onsite agent to serve as a liaison officer during Hurricane Irma, who witnessed the destruction and alerted officials to the measures that needed to be taken. And it’s thanks to the action of this major private sector invidivual that solutions were found quickly.

Indeed, what often fails on the side of crisis management is the coordination between administrative authorities and those on the ground. Working together is already known to be the best approach. Collaboration divides and distributes tasks in such a way that each person can contribute and share their expertise from their chosen field.

All assistance converges on sharing among local governments. We must avoid situations of each having their own system. According to Gaël Musquet from HANDS (Hackers Against Natural Disasters), it’s up to the state to release funds set aside for prevention and to educate the population on the risks incurred.

The danger of “hackers”

We use the term “hackers” in order to describe the generic entities that threaten both SMEs and large enterprises. Yet, it’s always difficult to say with certainty what’s hidden behind the malware that exists on the internet. From previous incidents, we see three distinct categories:

  • Competing companies whose goal is to sabotage the work of another company in the same sector. The motive is, of course, the lure of financial gain.
  • Individual hackers, often gifted young people or “geeks” who, due to either boredom or the enjoyment of a challenge, find hacking to be a stimulating way to challenge each other (or in the most extreme cases, a neighboring country) to an illegal sort of game.
  • The motives are varied: harming the economy of an entire country, “psychological warfare” or getting their hands on a market.

 

The hacking of Saint Gobain

Saint Gobain is a good example here. This company, which specializes in building materials, was the victim of a cyber attack in June 2017. They were infected with the NotPetya virus, which is suspected to have originated in Russia. Company officials said they lost 5,000 servers and nearly 250 million euros in 90 minutes. 

What’s most ironic is that the company was not the actual target of the cyber-attack, but merely collateral damage.

The company had the correct response: to shut everything down. This allowed them to save the rest of their data. Their resilience strategy consisted of putting a business continuity plan in place and returning to “pen and paper”.

In this case, anticipating the crisis would have ensured a better response. Several companies had been affected by the NotPetya virus, such as the SNCF, but did not suffer as many losses. The SNCF detected the presence of the virus before it became infected. Indeed, companies do not develop all the same financial and material means when faced with attacks. However, they are essential for preserving a company’s sensitive data as well as the proper functioning of its infrastructure. It’s a high-risk investment, but one that ensures long-term functioning of the business

Other mechanisms and procedures are being envisioned to help with crisis management. We talk more and more about anticipation, prevention and risk culture.

For example, 70,000 calls were made to emergency services during the Bataclan attacks, but only 10,000 could be taken. Unclogging phone services is a priority during a crisis. And the only way to do this is to educate people regarding the risks. Remember that prevention on the part of the population remains at the forefront of crisis management and, therefore, resilience.

 

To read: Paris, a resilient city