As we enter yet another hurricane season in the Caribbean, it is time once again to address the critical need to mitigate the risk of destruction of critical ICT systems.
We have all seen the impact of natural disasters on Caribbean small island states. Recent major hurricanes Dorian, Irma, Jose and Maria severely impacted many of the Caribbean island states. The impact on the economies of small island development states (SIDS) is proportionately much greater than those of larger developed economies. The ability to recover and rebuild infrastructure also takes considerable time and resources which are not necessarily available to these countries.
A 2019 analysis by the Inter-American Development Bank (IADB) of the impact that hurricane Dorian had on The Bahamas identified up to USD$ 3.4 billion in losses which represent more than 25% of GDP.
Due to the impact of Hurricane Maria in 2017, Dominica had significant damages and losses amounting to 226% of the country’s 2016 GDP. The disproportionate impact natural disasters can have on small Caribbean island states both in terms of loss of physical infrastructure and the financial impact of replacing this infrastructure demonstrates why states must act smarter and develop highly resilient infrastructure environments. A systematic approach to managing, optimizing and prioritizing infrastructure investments is key to ensuring sustainability and viability.
Hurricane Dorian, September 2019
While the impact on larger physical infrastructure components is highly visible and potentially more immediately impactful, the increasing reliance on ICT by Caribbean governments brings a new set of risks that need to be understood and considered when viewing the overall strategic approach to infrastructure sustainability.
Caribbean governments are moving to digitize many of their strategic business processes as part of e-government strategies which cover both governments to business (G2B) and government to citizen (G2C). The impact of COVID-19 has accelerated this process. ICT environments are, like other national infrastructure components, vulnerable to natural disasters. They also carry a set of specific risks which need to be understood and for which mitigation policies and procedures need to put in place. These risks can be as impactful as natural disasters as they result in the unavailability of critical ICT systems.
Risk assessments need to be conducted at all ICT layers, from the location and structure of data centres to infrastructure design of networks and system environments to data security. Clear, comprehensive disaster prevention and recovery policies should be in place along with business continuity strategies, based on international and industry standards. Without a systematic approach, there is a significant risk of loss of digital information and infrastructure in the event of a major natural or man-made disaster.
As the hurricane season, fast approaches critical ICT environments need to be examined for vulnerabilities and risk mitigation strategies developed. In some cases, there may not be an option in the short-term to provide mitigation for a particular ICT component, for example relocating a data centre. However, assessing such risks prepares organizations to reduce the overall impact on critical ICT environments.
Identifying alternative data centres / hosting locations that can be used as failover environments should be urgently considered. This may include utilizing MSPs such as Cloud Carib, to implement a hybrid cloud solution in order to be able to react in times of emergency and ensure business continuity and the protection of digital assets. These hybrid solutions could be based within the country or located in other off-island locations.
Caribbean SIDS should also consider housing verified up-to-date backups in highly secure locations in the country but also off-island. As a standard backup policy, backups should be regularly restored to verify that the backup environment has been correctly processed.
When contemplating off-island storage of critical digital assets consideration should also be given to data sovereignty and privacy requirements. This should determine where and how the backup are stored.
While the steps outlined above are ones that can be put in place in the short term having a fully formed and properly managed cloud computing strategy at both national and regional levels can significantly improve the physical resilience of ICT systems. This will alleviate the considerable financial risk of system destruction due to natural disasters and/or cyber-crime activity.