vladimircaribb - stock.adobe.com


Why BCDR teams should consider EMP disaster recovery plans

An EMP event could be a major game changer depending on where it happens and who is affected. EMP disaster recovery might not seem urgent, but it never hurts to be prepared.

Electromagnetic pulses are not as common as other natural disasters that IT departments tend to worry about. However, with enough intensity, the effects can be catastrophic.

EMPs can be brought on by natural occurrences, such as solar flares or lightning strikes. They can also be human-made, in the form of EMP weapons or extraordinarily intense power line surges.

Business continuity and disaster recovery (BCDR) teams today focus on more frequent threats, such as ransomware or natural disasters. However, in an abundance of caution, businesses might want to consider how EMPs could affect their organization and what efforts BCDR teams should make to prepare for such an event.

An EMP is a significant increase in electromagnetic energy, most often caused by an unusually large solar flare that sends huge blasts of electromagnetic energy to Earth.

What is affected in an EMP event?

An EMP is a significant increase in electromagnetic energy, most often caused by an unusually large solar flare that sends huge blasts of electromagnetic energy to Earth.

In most cases, the Van Allen belt and other elements in the atmosphere shield Earth from the effects of such a blast. However, in rare cases, the intensity of the solar flare is too much for the atmosphere to totally shield the planet, and damage to just about anything that uses electricity is highly likely.

Many different kinds of systems can be affected in a serious EMP event:

Supervisory control and data acquisition (SCADA) systems. Disruption to these systems can seriously disrupt many critical infrastructure systems, such as power and water, which use SCADA systems to monitor their operations, provide data to system managers on overall performance and identify any anomalies that must be addressed. If such systems were suddenly offline, it would be impossible to know whether critical infrastructure systems were malfunctioning and the cause of the disruption.

Electric power-producing systems. Power-generating companies exist across the U.S. and interconnect via a network of systems. These systems continually monitor energy consumption levels and can modify the network of power distribution systems if a need arises for additional power. That can occur due to a major electrical storm, tornado, hurricane or earthquake that damages the power delivery infrastructure. An EMP has the potential to totally shut down power-generating systems and their distribution infrastructures, meaning electrical power would suddenly disappear.

Telecommunications infrastructures. If the internet suddenly disappeared, chances are the entire world would grind to a halt. Wireless communications, also a major human necessity, would cease to exist without power to run the networks, switching infrastructure, transmission towers, etc. The ability to communicate with others, regardless of the technology, would stop immediately following a major EMP event. Earth-orbiting satellites -- many of which are used for communications, position location and national defense -- could be disabled, causing serious issues for U.S. defense capabilities.

Banking and finance. Considering how much global financial systems and networks depend on technology and electric power, loss of those elements would shut down the world's financial systems and companies.

Petroleum and natural gas. Systems that dig for oil and natural gas, plus the many refineries that process these natural resources -- and the distribution infrastructure that delivers the finished products, such as gasoline, diesel fuel and natural gas -- would stop.

Transportation infrastructures. Without electric power and fossil fuel-based products, trains and ships would no longer operate, motor vehicles of all kinds would no longer run, and any other component in the transportation infrastructure would stop.

Food and water infrastructures. Loss of electrical power from an EMP would shut down water purification and distribution systems, so water would no longer flow to businesses and citizens. The same would be true of food processing and distribution infrastructures that depend on electrical power. Food supplies would slowly disappear, with no new replacements to be had.

Emergency services. These critical organizations depend on many of the infrastructure elements described earlier and would be rendered virtually useless, aside from emergency teams that can still use existing medical supplies and emergency equipment that does not require electrical power.

What are the outcomes?

In an EMP event, especially one that has far-reaching destructive effects on critical infrastructures, the issue of IT disaster recovery largely becomes moot. It would be more important that people -- both employees and private citizens -- are safe, because technology as it currently exists might not be recoverable for an extended period of time.

Impact from a major EMP could be swift and deadly, shutting down all kinds of electronic systems. Motor vehicles, rail services and air travel would be disabled. Airplanes in flight would lose their ability to fly, so crashes and losses of life could be enormous. The fact that lighting would disappear could make evacuating underground and aboveground transportation systems very difficult. Employee evacuations also would be difficult, since emergency lighting systems used in stairwells for evacuations would be inoperable.

Even employees working remotely could be affected if the EMP covered a large enough area. Loss of power, loss of internet and loss of communications networks would cut off remote workers immediately. Communications among employees and management, as well as just about everyone else, could cease to be possible.

What can be done?

A massive and far-reaching EMP event is truly a worst-case scenario. Performing anything without electricity and communications would be largely impossible. Traditional technology BCDR plans would be largely unusable, other than ensuring employees are safe and can take care of themselves until EMP damage has been mitigated and infrastructure can be rebuilt and reinstated.

EMP disaster recovery is a different beast than typical DR. Rather than the usual technology checklists and communications measures, it might help to redefine what a BCDR plan looks like. Consider the following activities to prepare for a catastrophic EMP event:

  1. Examine power systems and identify where shielding can be used to block -- or at least mitigate -- electromagnetic surges.
  2. Contact various infrastructure organizations and see how they plan to deal with an EMP event. Ask for recommendations on how to shield critical resources and any other risk mitigation activities.
  3. Examine what might be necessary when rebuilding a technology infrastructure that has been disabled by an EMP. Devices and components that have not been affected might be scarce, if available at all.
  4. Assuming traditional infrastructures will be unavailable, ensure employees have nonelectronic resources at home and in the office, such as food and water, medications, first aid and other necessities that are not likely to be affected by an EMP.
  5. Depending on how quickly critical infrastructure resources can be returned to service, organizations and individuals must be prepared to be without everything that is based on electronic technology.
  6. Use experience from the COVID-19 pandemic as a guide for obtaining medical resources. Healthcare institutions will likely be inoperative and unable to provide help other than first aid, nominal levels of triage and other assistance that does not require technology.
  7. Make plans available that define how an organization will recover and return to business following an EMP event and -- more importantly -- once critical infrastructures have been repaired and reinstated.
  8. Traditional BCDR plans can be retained and likely reused, but organizations should plan for a gradual return to business in the event of an EMP rather than focusing on rapid recovery and business continuity.

It is important to note that a serious EMP event could damage or destroy electronic components, such as power supplies, integrated circuits, memory systems, networks and anything else that needs electronics to operate. It might be difficult, if not impossible, to locate equipment that has been shielded from the EMP stored hundreds of feet underground. Even with limited resources becoming available, rebuilding critical infrastructures could take weeks, months or even longer.

The 2008 "Report of the Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack" examined the potential impact to the U.S. in the aftermath of a significant EMP event. Both the Federal Emergency Management Agency and the Department of Defense supported the report.

It examined the various critical infrastructure and business systems that could be disrupted or disabled by a serious EMP. The report also considered potential strategies and provided recommendations for mitigating the effects of an EMP event.

Dig Deeper on Disaster recovery facilities and operations

Data Backup