When a crisis blows in, cool heads will prevail

Neal Shelley stopped in to see his boss, Michael Selves, at the Army's Information Management Support Center at the Pentagon for one of their regular morning meetings. It was about 8:30 a.m. that fateful Sept. 11. A little more than an hour later, after Shelley had returned to his office on the other side of the building, disaster struck.

When a hijacked plane crashed into the Pentagon, Selves and two other of the center's officers were among those killed, and another was seriously injured.

In addition to grieving the personal losses, Shelley, the center's deputy director, was tasked with recovering, restoring and replacing the Army's IT services which, like its headquarters, sustained massive damage.

That's a potent, if extreme, example of how fast and how devastatingly a crisis can hit. But it's not the only kind of crisis government managers face.

At the other end of the spectrum is the comparatively glacial work force crisis at many agencies'a slow but steady drain of experienced or skilled workers that will likely peak by 2006, when a large percentage of government workers will be eligible for retirement.

Repeal Murphy's law

In between are the kinds of crises that vary in frequency and severity, but with which many IT managers are familiar: a cyberattack, a broadside from an auditor's report that could threaten a project's future, and a project sent off the rails by cost overruns or contract disputes.

This issue of GCN Management takes a look at each of those five scenarios and how experts say they can be managed.

As different as these crises are, there are common threads among successful responses. Probably the most important is pre-emptive'that is, having a response plan in place before trouble hits. Whether in cyberdefense or physical defense, a crisis management plan covers everything from taking steps to prevent a disaster to responding to one when it occurs, to recovery of systems and after-the-fact analysis designed to improve the crisis plan.

Having a plan helps IT departments execute a quick, methodical response to a crisis'another common element in these scenarios. And if a plan isn't in place for a particular crisis, the first step is to devise one on the spot.

Shelley and his co-workers at the Army support center prioritized what they had to do to restore communication and IT systems, then set about their work.

When a computer virus invades a network, experts advise a step-by-step response of reporting, recording and isolating malicious code, as well as a process for deciding whether to shut down a system.

In the case of, say, a negative General Accounting Office report that could jeopardize a project, managers need to avoid a bunker mentality, experts said. The plan of response should communicate a willingness to work with auditors'and, by extension, Congress. A key to dealing with any crisis is to know that, once it hits, the response will define it as much as anything else.

On Sept. 12, Shelley wrote on his white board, 'The decisions we make in the next two weeks, we will live with for the next four or five years.' That's a pretty good definition of the importance of crisis management.

About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above