A New Script for Jack Bauer's "24" - the Virtual SOC
Posted on Fri, Apr 29, 2011
By ASG's Professional Services Group
Fade in: Unknown location
Jack Bauer quickly runs down a hallway chasing someone in a dark blue suit, gun in hand.
Jack: CTU, this is Bauer, where is this guy headed?
CTU Analyst: Bauer, this is CTU, suspect moving towards the ammunition dump.
Zoom in: CTU Analyst’s fingers on the keyboard
Span up: to view the blip on the screen moving through a building.
Span out: to full room to show the large back lit screen on the wall ahead where everyone else in the room can see the situation as it transpires. Typing feverishly, she provides Jack with more information about the missing warhead from a screen on her desktop that can access procedures, radiation detectors and a myriad of other applications all at once.
-End Scene
You know the result, the bad guy is captured and the Counter Terrorism Unit Control Center gets the credit. Good thing everyone was in the room when the situation started or I think it would be safe to say that success may not have actually happened.
Reality
You and the operations within your organization are not the Counter Terrorism Unit for the United States of America. You don’t have a special agent like Jack Bauer; you can’t see people running with GPS through walls and you surely don’t have all of your many applications working together. Even further, you don’t have an operations center, but I am going to guess you want one.
Set aside the “24” type situations and focus on real-life tragedies like a tsunami, earthquake, terrorist attack or other catastrophic event. The bottom line: you want to be able to get control of the situation and push data to the people who need it.
After working with many companies around the world, I run into the same problem time after time. Everyone wants to get to the point where they have an integrated Emergency Center where people can communicate and talk to one another when something critical is happening. They see a room with people and big screens and potentially some guy in a really cool smaller room barking out orders.
But what do you do when you don’t have satellite communications or anyone like “Jack Bauer” available? What if the emergency is on a Saturday, like what happened with the tsunami a month ago? What if none of your systems and/or applications are integrated? (A large percentage are not integrated!)
Pumping money into a room that helps you respond to incidents is great, once the incident is at some level of sustainability, but in the early minutes of an incident your operations center is going to be triaging information. Based on the old model, you are going to be trying to get somewhere, rather than making critical decisions.
Which leads us to reality…everyone is not going to be in one place when the incident occurs. So how do you leverage technology to help decision makers communicate and collaborate around the situation, leverage their existing data and ultimately create a virtual operations center where location and proximity are not an issue?
When an incident occurs, you need to do three things really well. Communicate, Contextualize, and Access Data.
Communicate
In today’s world of smart phones, Wi-Fi and virtual offices, there are a myriad of internet based options for groups of people to talk and do it from anywhere. From Microsoft Lync and Skype to Adobe Conferencing and Face time, getting a group of people online in a matter of minutes is as easy as an internet connection and adding people to a group. Instead of relying on proximity to talk in a conference room, a virtual room works just as well. It is also easier to setup, requires less overhead to manage and is as reliable as the internet. (Which was the only thing running in Japan after the earthquake and tsunami hit.) If that doesn’t prove resilience, I am not sure what does. The point is, by flipping on your computer or your smart phone; you can quickly access people who are going to help you make decisions regardless of location. You can communicate and all you need is a connection.
Contextualize
While you need to see events and data in real time, that does not require a jumbo-tron screen the size of the Dallas Football stadium on the wall. I was recently able to watch CNN on a flight on my computer and was able to email someone and tell them to watch the live event at the same time. All of this was done from a bad connection at 34,000 feet. I have also seen people install active viewers on a SharePoint page with various video feeds on them from major news outlets. This approach is very simple and in most cases free. By doing this, multiple people can watch the same thing or not the same thing at the same time. Are they in a room together? No, but I guarantee the time that it takes them to be in the room could be the crucial time it also takes them to miss what may be going on.
There are also multiple visualization tools out there that can pull data from web site sites as well as internal data from our own servers. This gives your organization the ability to see data both internal and external to your network in real time as well as allow multiple viewers of the same data without the “jumbo-tron.” This concept of visualization adds that crucial context that is so hard for people responding and making decisions to attain. By seeing all the events with the people who may actually be at the operations center, you can better contextualize the situation which helps you make better strategic decisions. Additionally, these types of applications pull data so they are as updated as the database or feed they are connected to. If something new pops up, those with access see the event immediately which cuts down on critical time the operations center will not have to spend telling everyone.
Accessing Data
One thing about the show “24”: you don’t see huge binders sitting around with tons of policies and procedures or a number of proprietary machines running some process. I’ll assume they have some sort of server based file sharing system and applications that are hosted in the cloud in various locations. But do you?
If things happen at a site and you have to respond, but the single machine, single file or single application is not accessible, how are you going to respond? How is your operations center going to respond? Will it be consistent if you are a global operation?
I can tell you if your data and applications are not integrated, the response will be slow. Creation of file backups at different locations is crucial in this case. Systems such as SharePoint are great examples of cloud-based file sharing that enable anyone to access data from anywhere. You can even create redundancies that will cover you when something hits one location. Even options like Dropbox (free 2 gigs) will enable you to put files on the cloud and allow a team to access them. On the other side of the coin, applications should be run on servers and those that still only run on thick clients (computers) should be removed and replaced with something else. Your data and applications should be available at any time and with cloud based technology and data centers or even sites like Dropbox, accessing data should be the last of your concerns.
You Need Reality
The movies and TV have distorted our view of reality when it comes to operations centers. We tend to think in terms of physical location. I am here to tell you that paradigm is shifting. Yes, once the emergency is at some sort of stabilized level, getting people to a location to talk things through is crucial. But in the early stages when everyone is all over the world and people are just waking up, getting on a plane, eating lunch or walking the dog, how do you take action then? The answer is you can’t unless our organization is able to communicate, contextualize, and access data and applications from anywhere.
Image courtesy of freedigitalphotos.net