Every so often, I like to review a system that has been proposed to classify disasters and potential responses. While nearly everyone involved in disaster recovery (DR) planning has some idea of the types of disasters that could strike, few have concrete ideas on how to apply those concepts to DR planning itself. Later columns will deal with these levels and how to address them in more detail. For now, this is my proposal for a more formal classification plan for disasters, based loosely on a British military classification system for threat levels in battle situations.
Level 1 – Threat of disaster without evidence
Essentially, this level encompasses everything that doesn't do damage to your data-systems, and also doesn't offer any proof of attack, but could be a publicity or regulatory nightmare. Common examples are posted boasts about incursions into your network on blogs and Web forums, or claims that proprietary data was compromised even though no evidence is offered. The major issue with these kinds of disasters is that you can't prove or disprove them in many cases. Even if you have advanced security measures in place, employee collusion can easily overcome those measures without showing any weakness in the digital security itself. Since this level of threat doesn't have any evidence associated with it, dealing with the bad publicity can be just as devastating to your organization as data loss.
Level 2 – Actual attack without data loss
Once an attacker has breached your security digitally, and has evidence of his or her attack, your IT staff will need to be able to show what happened and how. In these cases, there is clear proof of the attack, but not of the extent of the attack. How far did they get into your network, what did they see, what did they take? Just because they didn't destroy anything, doesn't mean you can call this anything but a disaster.
Level 3 – Minor data/system loss
Entering the level that most people consider disasters, this is where data systems and data itself are lost to natural causes, attacks, or system failures. Level 3 deals mostly with smaller-scale issues: The loss of non-critical systems, or a single critical system that can be restored quickly. The key difference between this level and those that follow is that here we see disasters that have a high priority, but not a high urgency. Your Recovery Time Objective is probably at least one business day, giving you time to react and correct.
Level 4 – Major data/system loss
At this level, larger-scale disasters strike. Here is where multiple critical systems fail at the same time, possibly due to power loss or fire/flood in the data center. While you can correct for these issues, it will require an immediate response from your staff, moving quickly to get business-critical systems back up and running. Systems that have a Recovery Time Objective of less than one business day fall into this category when they fail.
Level 5 – Total Loss
The highest level in the system, this classification is only invoked in cases where there is a massive disruption in services due to disaster. Hurricanes, large-scale floods and fires, and building loss are usually found here, with a twin disaster of loss of data systems and the physical plant to recover to. Due to considerations such as loss of space, loss of life, and psychological impact, recovery is an exceptionally difficult—though necessary—task.