Crisis Management

2009 EEI Business Continuity Conference

1

Dan Sadler, CBCPProgram Manager – Business Continuity

Constellation Energy

Agenda• Constellation Energy at a Glance• Background on ICS/NIMS g• Incident Command Structure, modified for Private

Sector• Crisis Management Protocols & Team• NERC CIP Implicationsp• Crisis Management Tools• Case Studies for Major and Minor incidents j• Lessons Learned and Recommendations

2

Constellation Energy At A Glance• A leading supplier of energy products and services to

wholesale and retail electric and natural gas customers.• A major generator of electricity with a diversified fleet of

power plants strategically located throughout the United StatesStates.

• A regulated distributor – our Baltimore Gas and Electric utility – of electricity and natural gas in Central Maryland.y y g y

• A FORTUNE 500 energy company headquartered in Baltimore, Md.

Constellation Energy At A Glance• Enterprise-Wide Business Continuity Program• Business Continuity Team, comprised of:

7 full-time employees 250 part-time Business Continuity coordinators in the business areas400 Building WardensP t hi ith i C t S t i tiPartnerships with various Corporate Support organizations

• Strong Program Support from all Management LevelsAll Business Units have recovery plans that are drilled and maintainedTeam reports to the Chief Administrative Officer

• Services:Provide “all-hazards” recovery planningProvide all hazards recovery planningFacilitate emergency preparednessFacilitate effective crisis management

Crisis ManagementFacilitate effective crisis management via incident command, crisis management protocols, crisis communications, incident tracking, procedures, allocation of resources, and internal/external partnershipspartnerships.• Crisis/Incident Management (incident management,

procedures, roles/responsibilities, IM/WebEOC) p , p , )• Crisis Communications (procedures, devices, Notifind) • Logistics (vendors, recovery sites, equipment) • Situational Awareness (alerts, relationships)

5

Incident Command System (ICS)• ICS provides for coordinated response and a clear chain of

command and safe operations• A standardized on-scene all-hazard incident management• A standardized, on-scene, all-hazard incident management

concept. • Allows its users to adopt an integrated organizational structure

to match the complexities and demands of single or multipleto match the complexities and demands of single or multiple incidents without being hindered by jurisdictional boundaries.

• ICS helps to ensure: – The safety of responders and others. – The achievement of tactical objectives.– The efficient use of resources.

• Originally developed for the Fire Service in the 1970’s• Now used by all Emergency Personnel nation-wide

6

Source: FEMA

National Incident Management System (NIMS)• ICS is a major component of the National Incident

Management System (NIMS)• NIMS was introduced, following the events of

September 11, 2001, via a Homeland Security P id ti l Di tiPresidential Directive

• Goal = Improving coordination in response to incidents• Aligns Federal, State, local, tribal, private sector,

preparedness, incident management, and emergency response plans into an effective and efficient nationalresponse plans into an effective and efficient national structure

7

Source: FEMA

Incident Command System (ICS)

For ICS Training: http://training.fema.gov/IS/NIMS.asp

8

Source: FEMA

Constellation Energy Incident CommandConstellation Energy utilizes a modified version of the Incident Command System, tailored to the needs of a private sector company

9

Emergency Response Organizations

Incident Type Emergency Response Organization

Loss of Building / Crisis Business ContinuitygManagement Protocols

y

Pandemic / Health Crisis Business Continuity / Health & Safety

IT Outage IT Operations Center (ITOC)IT Outage IT Operations Center (ITOC)

Cyber Security Incident Corporate Security

Physical Security Incident Corporate Securityy y p y

Nuclear Generation Incident Nuclear Emergency Response Organization (ERO)

Fossil Generation Incident Plant Emergency Response Organization (ERO)Fossil Generation Incident Plant Emergency Response Organization (ERO)

Severe Impact Storm BGE Storm Organization

N t l G I id t BGE G E TNatural Gas Incident BGE Gas Emergency Team

10

Incident Command – Activation Levels

Activation Level

Description Incident Command - Staffing

Incident Monitoring

Heightened alert related to a specific hazard

Maintain Situational Awareness / Stand-Ready

Incident Director assigned. Provide status updates, as appropriate

No Incident Command Center activation

Pre-Positioning

Imminent event with pre-warning

Preparatory actions taken to mitigate impact

Incident Director assigned. Logistics Coordinator and Information Coordinator mobilized

Potential activation of Incident Command Center

A l ti l i d i t t I id t Di t i d I id t Di t f

Minor Incident

A relatively minor adverse impact to operations or life safety (e.g. minimal damage to property, incident of short duration, minor financial loss, non-life threatening i j i t

Incident Director assigned. Incident Director may perform additional ICC duties, or mobilize additional staff, as needed

Potential activation of Incident Command Center

Ongoing support typically provided during normal business hinjuries, etc. hours

Major Incident

A high impact to operations or life safety (e.g. significant damage to property, incident of extended duration major financial loss loss of

Incident Director assigned.

Full activation of Incident Command Center, and supporting functions across enterprise.

Incident duration, major financial loss, loss of life, etc.) Ongoing support provided 24/7 during initial phase of the

response and recovery effort

11

Crisis Management Protocols• To ensure the timely notification to leadership of an emergency event• Crisis Management Protocols established for each Business Unit• Senior Leadership, Corporate Security, and Business Continuity are

authorized to activateauthorized to activate• Leaders contacted via Notifind, and automatically transferred to a

conference call bridge • Once on the conference call bridge, Business Continuity (On-Call Rep) g , y ( p)

facilitates call and coordinates response actions • Threshold emergency events include, but are not limited to:

Fatality or significant injuryWorkplace violence civil disturbances or other significant security-related eventsWorkplace violence, civil disturbances, or other significant security-related eventsFires causing significant damageHazardous materials releaseEnvironmental issues reportable to local, state, or federal authoritiesNegative site-related “newsworthy” events from mediaNegative site-related newsworthy events from mediaMajor IT network or system outagesNatural events (earthquakes, hurricanes, ice storms, tornados, etc.)Major disturbance or unusual occurrence affecting the gas system, electric system, or generating facility

12

generating facility

Crisis Management Team• Coordinated and mobilized by Business Continuity• Activated for events impacting continuity of operations and/or

lif f tlife safety • Includes representatives from key corporate support

departmentsdepartments• Addresses emergency response, crisis communications,

damage assessment, logistics, recovery, and restoration• Ensures effective emergency management, communication

between all organizations involved in the response and recovery efforts, allocation of resources, incident tracking, andrecovery efforts, allocation of resources, incident tracking, and post-incident analysis

Crisis Management Call Recommendations• Countdown, allowing 1-2 minutes for all to join• Provide instructions for Mute / Un-Mute• Encourage participants to begin statements with their nameEncourage participants to begin statements with their name• Conduct Roll Call (begin by asking for name of individual who initiated the

protocol)• Ask for summary/status of the incident• Ask for summary/status of the incident• Ask followup questions (use script / checklist)• Determine if reporting to third-party agencies is necessary• Repeat-back all major decisions and action items• Ensure action items are assigned• Determine time for next call, or declare “incident is closed”,• Summarize/document call, to include participants, incident status, and action

items. • Distribute call summary to all stakeholders Save documentationDistribute call summary to all stakeholders. Save documentation• If subsequent calls are needed, reference previous call summary at opening

of subsequent call

Crisis Management NERC CIP Implications• NERC reliability standard (CIP-001 – Sabotage Reporting)

requires company to report disturbances or unusual occurrences suspected or determined to be caused byoccurrences, suspected or determined to be caused by sabotage, to the appropriate systems, governmental agencies, and regulatory bodies

• Notification process will assist in making operational personnel aware of these incidents, and ensuring that appropriate incidents are reportedincidents are reported

• Notification process will assist with CIP-008 – Incident Reporting & Response Planning for Cyber Security incidents

• Related training must be developed• Training and exercises must be documented

Crisis Management Tools

NC4 & Other Tools Providing Situational Awareness(Sources from Government Media Industry)(Sources from Government, Media, Industry)

Crisis Management Tools

Notifind

17

Crisis Management Tools

Incident Manager / WebEOC

18

Crisis Management Tools

Incident Command Center

19

Case Studies• Non Incidents (i.e. minor medical event, facility maintenance

issues, non-credible suspicious package)Mi I id t (i ll ffi fi k l i l b b• Minor Incidents (i.e. small office fire, workplace violence, bomb threat)

• Major IncidentsMajor Incidents– Pre-Warning (i.e. hurricanes, health crisis)– Sudden Impact (i.e. water main break, datacenter outage)

E I id t i U i b t C Th i t• Every Incident is Unique, but Common Themes exist• Emergency Response and Crisis Management Process must

be Flexible and Agilebe Flexible and Agile

Case Studies

Hurricane Isabel – Sep 2003 Hurricane Ike – Sep 2008

H1N1 Swine Flu – Apr-May 2009 Balto Water Main Break – Apr 2009

Lessons Learned / Recommendations• Establish Command & Control• Mobilize and Inform all appropriate Support Depts. pp p pp p• Launch Prompt, Accurate Communications• Establish Liaisons with Affected Business Units• Create Periodic Situation Reports• Leverage Government Interfaces / LiaisonsLeverage Government Interfaces / Liaisons• Assemble After-Action Report, and Followup• Improve Awareness of BC Plans from Top-DownImprove Awareness of BC Plans from Top Down

Lessons Learned / Recommendations• Test Tools to Ensure Readiness

– Crisis Communications (Sat Phones, WPS, GETS)– Automated Emergency Call System (Vary Scenarios)– Command Center

E H tli– Emergency Hotlines– Playbooks

Incident Manager / WebEOC– Incident Manager / WebEOC• Conduct Periodic Exercises to Ensure Understanding

of Roles & Responsibilitiesof Roles & Responsibilities

Thank You for Your Interest!

Dan Sadler, CBCPProgram Manager - Business Continuity

Constellation Energy 410-470-6182 (w)

d i l dl @ t ll tidaniel.sadler@constellation.com