This week at CUNA's Governmental Affairs Conference, Ted Koppel was a keynote speaker, discussing his latest book "Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath." It was a fitting discussion for credit union executives given not only the importance of disaster preparedness within our industry, but the major importance of banking and finance to our country's survival.
Imagine a blackout lasting not days, but weeks or months. Tens of millions of people over several states are affected. For those without access to a generator, there is no running water, no sewage, no refrigeration or light. Food and medical supplies are dwindling. Devices we rely on have gone dark. Banks no longer function, looting is widespread, and law and order are being tested as never before.
It isn’t just a scenario. A well-designed attack on just one of the nation’s three electric power grids could cripple much of our infrastructure—and in the age of cyberwarfare, a laptop has become the only necessary weapon...And yet, as Koppel makes clear, the federal government, while well prepared for natural disasters, has no plan for the aftermath of an attack on the power grid. The current Secretary of Homeland Security suggests keeping a battery-powered radio.
Can you imagine a discussion with your examiner about your disaster recovery plan where you point out that you are prepared while holding up your transistor radio?
As referenced in, Don't Get Left in the Dark: Disaster Recovery Tips You Need to Know, there are steps your credit union needs to take to remain compliant with disaster planning in accordance with FFIEC guidelines. As technology and regulatory requirements change more rapidly, and threats become more likely (or according to some, like Koppel, imminent), credit unions must not only do their due diligence to keep DRPs updated, but make significant efforts to ensure they are prepared for the worst.
I don't intend to relay a message of fear and doom, but rather, want to ensure you are aware of the importance of a real Disaster Recovery Plan that will work to protect your assets and member data. Of course, your core technology is crucial to any DRP. Having the right core processor can help you plan proactively to ensure system failures and outages are a rare occurrence by actively measuring data thresholds, processing load limits, and even providing on-site disaster tests.