Applied Business Continuity during real life crisis @ STIB-MIVB: Belgium 22 March 2016

Challenges, benefits and valuable ‘side effects’ of business continuity management

Koen Luykx – Business Continuity Manager @ Belgocontrol – former Business Continuity manager @ STIB-MIVBContinuation Training seminar 26/10/2017

Agenda1. Business continuity management

• Basic principles

• A strategic management objective

2. Implementing BCM in public services

• Pretty straight forward at first sight

• Desired level of control?

• Levers to implement “second line of defense” – activities

• Points of attention for succesful implementation of BCM

3. Implementing BCM in STIB-MIVB

• Company profile

• Trigger to implement BCM

• BCM implementation in STIB - initiatives

4. Risk analisys on terror threat

• A raising concern

• Being aware of vulnerabilities

• Multidisciplinary cooperation

• Recommendations

5. Terror attacks – Brussels 22/03/2016

• No surprise

• How the organisation responded

• Long term effects

• Never waste a good crisis 2

1. Business Continuity ManagementBasic principles

Time

Service

Level

Normal Level

of Service

Minimum Level

of Service

Loss of Service

Objective

Time

Max Time

CMP Continuity Recovery

Time normal level

Objective:

• Less incidents

• Reduced impact

• Faster recovery

3

• SLA with stakeholders

1. Business Continuity ManagementA strategic management objective

Business continuity management is about:according to ISO22301

Understanding how value is (and will be) created and maintained

Understanding vulnerabilities and dependancies in delivering that value

Increasing organisation’s ability to absorb, respond and recover from disruptions to its value

creating activity, to safeguard its reputation as well as the interest of its key stake holders.

How to translate this to an organisation’s reality?

That’s where the fun starts! 4

2. Implementing BCM – in public servicesPretty straight forward at first sight …

providing quality,

efficiency &

innovative services

…

No legacy

acceptance!

Company Mission,

Vision & Strategy

Safety is

primary objective!

Fix basics first!

Priority setting …

No disruptions to

critical services!

Flexibel & participatory

organization

…

Reliable & efficient

service provisioning

Personal

Opinions &

Emotions

Trade-offs

…

Long term investment

versus short term

mandate

Social peace

@ all price

Responsibility

versus authorityWhat’s in

it for me?

Personal

liability?

5

2. Implementing BCM – in public servicesDesired level of control?

Always too much

&

Never enough

No legal obligation, no hard compliancy requirements, high investment & time consuming for low probability risks …

High customer expectations, increasing awareness of vulnerabilities and fear for heavy service disruptions, corporate

ambition for being a reliable service provider, …

6

2. Implementing BCM – in public servicesLevers to implement ‘second line of defense’ - activities

• Compliancy requirements

Legal framework / professional league / international standards / …

• Commercial pressure

Globalisation / extended liberalisation (Uber) / compelling events (Brexit, data protection, …) / loss of monopoly / …

• Heavy failures/accidents

Never waste a good crisis …

• Supplier requirements

Could be ‘forced’ via (public) tendering process

7

2. Implementing BCM – in public servicesPoints of attention for succesful implementation of BCM

• Company culture

‘how we do things around here’, norms and values, tone @ the top, learning/blaming environment …

Align with company profile (do-er / think-ers, flat / vertical, formal / informal, …)

• Pace of implementation

Choose the battles carefully / implement gradually / apply change management techniques

Accept the fact this will be a long lasting organisational transition

• Anchoring the discipline in core business

Apply BCM as response to real business needs, make implementation a joint effort

Avoid theory owned by methodologist ( ‘perfect world on paper’) , … spread knowledge & ownership!

• Build on achievements

Evaluate existing maturity to determine next steps, build on existing grounds

Illustrate added value of BCM through improved performance / spread successes

8

Some numbers

Challenges

Organization

3. Implementing BCM in STIB – MIVBCompany profile

• Public entity charged with the public transport operation in the Brussels-Capital Region

• Administrative autonomy under the auspices of ministry of mobility (by 5-year contract)

• Mission : Offer the most appropriate transport solution in Brussels, with a competitive travel time, an affordable price and with adequate safety and comfort conditions

• Vision : To be the preferred mobility solution in Brussels

• 8295 employees – multicultural environment

• More than1 million trips per day (70% increase over 10 years)

• 66 metros, 397 trams, 702 busses ; 45,6 M. km travelled

• 69 underground stations, 2197 levelground stations

• Annual energy consumption high voltage (36KV) close to 250.000.000 KWh (>70K falimies)

• Public tendering: + 800.000.000€

• Ridership challenges : 20% increase (415 million trips) by 2017

• Public transport offer challenges : important investments in infrastructure and in rolling stock

• Internal challenges : increase productivity, recruitment and transfer of know-how

Travelers

2016

9

3. Implementing BCM in STIB – MIVBTrigger to implement BCM in STIB – MIVB: Heavy rail accident , Buizingen 2010

Belgium, Buizingen 15/02/2010 08h28

Lateral collision between 2 opposite trains

19 people died, 162 got injured

Parliamentary committee of inquiry has

revealed technical shortfalls as well as

organistional issues (degraded safety cuture)

as underlying causes.

Concern for possibility of a similar

catastrophe in the Brussels PT network was

a trigger for implementing ERM (2012) end

BCM (2013) in STIB - MIVB

10

• Structuring crisis management

The killing of an employee by traffic aggression on 7/4/2012 disclosed lack and need of structural crisis management

• Duplicate dispatching center

A ‘what if’ - analysis caused an increased awareness of impact on core business of losing this functionality.

• BCP for black out scenario

Increased dependancy of green energy production techniques is disturbing the balance production / consumption

Loss of nuclear power plant after sabotage caused fear for power shortage and a black out in winter 2014 - 2015

• Risk analisys on terror threat

Increased terrorist activity and new trends in terror attacks observed

Public Transport has the perfect ‘soft target’ profile that terrorists were/are aiming at

3. Implementing BCM in STIB – MIVBFirst initiatives of BCM implementation in STIB - MIVB

11

BCM initiatives - Structuring Crisis managementprepare for the unknown

• Define tresholds for Crisis Management activation

• “Score card” : Department / transport mode / company wide

• Define an activation process for Crisis Management

• Roles & responsibilities

• Set up a Crisis Management team

• Considering existing hierarchy!

• Develop tools for Crisis Management activity

• Decision making cycle / focus on process rather than on outcome

• Exercise the Crisis Management practice

• Table top exercise

12

Ad hoc Emerging Developing

No defined structure

No defined procedures

Intend is to get the

‘right’ people together if

a crisis happens and

‘deal’ with it

Initial membership

(often individual

names rather than

roles)

Some supporting

documentation (e.g.

contact list)

No (succesful)

exercises

Roles &

Responsibilities defined

Deputies identified and

at least some practiced

Procedures &

supporting information

available & tested

1 or more exercises

completed succesfully

Roles &

Responsibilities in

place and proven

Members & most

deputies have

practiced

Procedures &

supporting information

proven in tests/ actual

crisis

Regular comprehensive

exercises

At least 1 crisis

succesfully handled

Mature

Maturity

Crisis Management Maturity - evolution

Risk level

MIVB2015

Improvising basics structure experience

2014

BCM initiatives - Fall Back Dispatching centerLoss of dispatching function would cause a paralyzing traffic issue in Brussels

• Critical service to the core business - implemented as SPOF

• Monitor & control center for daily operations

• Additional safety layer (dealing with “dangerous anomalies” & POC for emergency services)

• Key element in “top-down” command structure

• Implementation programme > 2 years

• Building technical solution to duplicate all dispatching functionalities

• Creating operational procedures

• Organising training & doing exercises

14

BCM initiatives - BCP for scenario Black outSudden power outage in the Brussels PT network will cause serious safety issues!

• 2014: stability of energy production system under pressure

• Increased dependancy on unpredictable green energy sources (wind / solar / bio-energy)

• August 5 2014: Loss of nuclear power plant after sabotage (Doel4 -1000MW)

(65.000l forced oil drain caused irreparable damage to turbine: 30M€ repair cost + 27M€/month operational losses)

• 2 more nuclear power plants in BE out of service – maintenance (25% of BE production capacity disturbed)

• Fear for black out: most critical periods = winter (Jan/feb) evenings (17h00-20h00)

• Response of public authorities:

• Estimated cost of a Black Out in Belgium on a normal working day : 120 Mio €

• Treath of (inter)national black out anticipated by a national disconnection plan

• Response of STIB / MIVB: composition of a BCP > 1year

• Agreement on a company position and approach for the plan

• Complete review of underground infrastructure (power backup for critical functions!)

• Creating continuity procedures

• Organising training & doing exercises (-communication part)

15

FULL

POWER

HALF POWER(STIB: 5MW / connection Elia = 25 MW)

NO POWER

Scénario 1 ‘sudden unexpected Black Out’Basics of the business continuity plan

Metro / Tram:

Evacuation vehicles

Evacuation stations

Clearing tunnels

Metro / Tram:

Recuperation vehicles -> garage

Prepare operations for the next day

Tram:

Free public cross roads

• MIVB uses own backup systems to organise safe evacuation

• Elia will deliver 5MW per interconnection point with MIVB within 4 hours (gas power plant)

• This energy will be used to prepare resumption of operations (next day when BO appears in late

afternoon – otherwise resumption of operations will be done the same day)

Busses:

End trajectory in periphery, go to garage

FULL

POWER

Normal

operationsSudden interruption

of operations

Resuming

operations

Preapring resumption

of operations

T+2h T+6hT+4h T +12h

16

Scénario 2 ‘Black Out after disconnection’Basics of the business continuity plan

FULL

POWER

FULL

POWER

HALF POWER( 5MW / connection Elia: 25 MW)

NO POWER

• Disconnection per zone will be announced 24h upfront (Min. internal affairs) T1 -24h

• No national railway operations on a ‘disconnection day’!

• Bruxelles is not included in the disconnection plan

• STIB could continue operations but the risk of total black out increases! – scenario 1 to be avoided!

DISCONNECT

evacute

securing

unblocking #

Recuperation vehicles

Prepare operations for

the next day

Normal

operations

Normal

operations Operations STIB?

T1 -24h T1 T2 T2 +2h T2 +4h T2 +6h T2 +12h

Announcement

of zone x power

disconnection

due to scarcity

Zone 1

Zone 2 Zone 3

Zone 4

Zone 5 Zone 6Preapring resumption

of operations

Cease of

operations

500 MW

500 MW 500 MW

500 MW

500 MW 500 MW

Cease of operations Metro / Tram between 17.00 et 21.00h

in case more than 4 zones are disconnected

worst case:

17

4. Risk analysis terror threat – initiated december 2014

A raising concern …

• Social observations:

• IS exclaiming the caliphate 29/06/2014

• Increasing number of terror attacks on ‘soft targets’ – everyone is threatened

• BE participating in international aliance against IS

• Increasing flow of refugees coming to EU

• Public transport as ‘traditional target’

• Madrid 11 / 03 / 2004

• London 07 / 05 / 2005

• WEF Global risk report 2015 - risk trends

• Increasing national sentiments

• Increasing polarisation of societies

• Shifts in power

• Rise of hyperconnectivity

• Rising geographic mobility18

WORLD ECONOMIC FORUM: Global Risks 2015 - The Global risk landscape

Terrorist attacks

Cyber attacks

WEF identifies Terrorism

and cyber attacks as

important risks

WEF 2015 -

Global Risks

19

4. Risk analysis on terror threatBeing aware of vulnerabilities

• Inherent vulnerabilities of underground public transport

• Open system (free access for all)

• Large & complex netwerk structure.

• High concentration of people according to a predictable pattern (rush hours)

• Underground infrastrucure & shopping centres – complicates emergency interventions

• Brussels EU capital (some subway stations carry politic sensitive names)

• Operational vulnerabilities

• Many technical / critical rooms in the field

• PT operation calls for multidisciplinary cooperation and coordination (internal & external),

interventions of third parties are hard to control

• Permanent supervision of complete undeground infrastructure is complex

• Shared controle in case of intermodality with national railway operations

• Degraded security through multiple construction sites

• Large workforce to keep ‘readiness’ of all staff high at all times20

Count of risks Probability

Impact 1 2 3 4 5 Grand Total

5 44 15 13 1 73

4 3 4 1 2 1 11

3 6 10 2 3 21

2 9 1 1 2 13

1 9 2 3 14

Grand Total 71 30 18 10 3 132

• Objective of the risk assessment

• Identification & analysis of main risks

• Evaluate existing measures & estimate residual risk

• Make recomendations for additional protective measures

• Inform TOP Management

• Create a basis for discussion with public security services (OCAD)

• Result of the analysis:

4. Risk analysis on terror threat - with experts & stakeholders

Result of several multidisciplinary workshops

21

STIB has no influence on

terror threath(broad social context)

STIB can’t control the

inherent vulnerabilities of

the (pre) metro system

Reactieve measuresPreventieve measures

Decrease organisational

vulnerabilities

STIB has only a limited

influence on the direct

impact of terror attacks

Increase capacity to react

(efficiency in response)

4. Risk analysis on terror threat – Recommendations

What can STIB do to reduce the risk of a terror attack or to reduce the impact thereof?

22

5. Terror attacks - Brussels 22/03/2016didn’t come as a surprise, still couldn’t be prevented …

people killed people injured

• 24/05: Brussels - shooting @ jewish museum : 4

• 29/06: IS exclaiming caliphate

• 07/01: Paris – attack on Charlie Hebdo : 12 11

• 18/03: Tunis – attack on Bardomuseum : 23 dozens

• 26/06: Lyon – attack on gas power plant : 1 (beheaded) 2

• 26/06: Sousse – active shooter on beach: 39 dozens

• 13/11: Paris – attacks on Bataclan & Stade de France: 130 dozens

• 21/08: Brussels – Brussels attack on Thalys, distorted by passengers / 3

• 22/03: Brussels – attack on airport & metro 34 (14 & 20) 340

• 14/07: Nice – attack with truck on Promenade des Anglais: 84 dozens

• 19/12: Berlin – attack with truck on christmas market: 12 48

• St Petersburg / Stockholm / Manchester / London / Barcelona / …

2014

2015

2016

2017

23

9h10: explosion in metro @ Maalbeek• Crisis Management activated• Immediate cease of operations• Support multidisciplinary

intervention• Underground evacuated within 30’

according to black out plan

8h00: 2 explosions @ the airport• STIB immediately informed• Securing busline 12• Railway police requesting

‘increased state of readiness’• Activation national emergency

plan

24

• Service impact

• Underground evacuated in 30’ – according to black out plan

• Recall & return of all tram vehicles completed in 1h42’

• Immediate cease of all bus operations after Maalbeek explosion

• Degraded mode

• Bus operations resumed later that day – NOCTIS plan (night operations)

• Normal bus operations resumed next day + shuttle service replacinginterrupted metro line

• Recovery phase

• Reopening of subway stations according to capacity for permanent military surveillance (it took several days before all subway stations reopened …)

5. Terror attacks - Brussels 22/03/2016How the organisation responded

25

Passengers shifting

from Metro to Tram & Bus

Tram & Bus are more vulnerableto black riding

Huge decrease

of income

5. Terror attacks - Brussels 22/03/2016Long term effects …

Number of flights EBBR

Macroeconomic impact:

Estimated between 0.2% - 0.5% of gross national product

NBB: 0,2% of GNP (excluding expectedgrowth 2016 +1.2%)

BE enterprise federation 0.57% of GNP (2,4 billion loss 15/11/’15 – 15/11/’16)

26

Administrative autonomy under the auspices of ministry of mobility

for public service provisioning during crisis ?

• Further development of degraded mode scenarios to facilitate –external- decision taking

• Close 1 tunnel

• Close 1 station

• Close x stations

• Close 1 line

• Close 1 transport mode

• Cease all PT operations

• Define command structure for accepting external commands …

5. Terror attacks - Brussels 22/03/2016Never waste a good crisis

27

Optimism is a moral obligation

being prepared a protective duty

“Protecting the present to safeguard the future”

28

29

Thanks