The Cybersecurity and Infrastructure Security Agency (CISA) has released a guideCritical Infrastructure Operations Centers and Control Rooms Guide for Pandemic Response, geared towards all 16 critical infrastructure sectors. The guide provides considerations and mitigation measures for operation centers and control rooms, but can be applied further to any critical node that is required to continue functioning in a pandemic environment.

According to CISA, operations centers and control rooms often operate 24/7, depend on unique equipment, and require specially trained staff who are difficult to replace. As a result, specialized equipment and long lead times required to train personnel mean there is a higher risk to sustaining reliable operations, says the guide. Fortunately, operations centers and control rooms are generally isolated and physically secure, and may be more conducive to the sequestration of on-site staff if needed.

COORDINATION WITH FEDERAL, STATE, AND OTHER AUTHORITIES

  • Engage with relevant Federal, State, local, and/or industry authorities to develop appropriate solutions for operations center and control room personnel in your jurisdiction(s)
  • Prioritize testing for asymptomatic personnel by medical professionals
  • Develop a mechanism (e.g., badging, letter) to allow for identification and free movement of mission-essential
  • personnel when a quarantine/curfew or other travel restriction is in place
  • Consider temporarily waiving, relaxing, or suspending certification or other regulatory requirements
  • Authorize priority supply of sanitizing supplies and personal protective equipment (PPE)
  • Empower non-medical professionals (e.g., control center managers and supervisors) to administer health questionnaires and temperature checks using appropriate PPE while following the U.S. Equal Employment Opportunity Commission (EEOC) and Occupational Safety and Health Administration (OSHA) guidelines  

COMMUNICATION AND INFORMATION SHARING

  • Involve union leadership, if applicable, in discussions around possible mitigation strategies from the beginning to ensure transparency and collaboration
  • Develop compensation, attendance, reliability, and other related policies that will apply during these conditions
  • Reinforce importance of staying home when sick or symptomatic
  • Reinforce the importance of social distancing at work and on personal time and utility of cloth face masks
  • Provide clear symptom-reporting guidance to employees for at-home, self-administered wellness checks and/or observations while on-shift, thereby encouraging robust open, frequent, and rapid communications
  • Build the Centers for Disease Control and Prevention’s (CDC) current travel and self-quarantine advisories into event planning and travel arrangements, and introduce practices to increase awareness of employees’ personal travel plans to high-risk areas or where there are active advisories
  • Establish protocols for reporting cases and any resulting quarantine, facility shutdown, and cleaning actions

KEY MITIGATION MEASURES – PROTECTING PERSONNEL

  • Identify a dedicated, physically separated building entrance for mission-essential personnel where possible
  • Pre-Screen: measure the employee’s temperature and assess symptoms prior to them starting work, ideally before the individual enters the facility
  • Increase handwashing stations, sanitizing supplies and PPE; post CDC and state health department safetyhygiene information at the entrance to operations centers and control rooms
  • Increase cleaning frequency of common areas for critical personnel (e.g., kitchens, locker rooms, bathrooms)
  • Create greater physical separation of operations center and control room operator workstations, increase ventilation or utilize adjacent rooms where possible, and reduce or eliminate interactions across shifts
  • Limit non-essential personnel from entering the area of the operations center and control room (e.g., no outside visitors, non-essential meetings in rooms in near proximity)
  • Limit the hazard from essential personnel such as VIPs, field operators, and contractors/vendors and limit access to critical activities (e.g., health screening before being allowed onsite for visits, deliveries, repairs, etc.)

KEY MITIGATION MEASURES – PROTECTING EQUIPMENT

  • Provide individually assigned peripheral equipment (e.g., mice/keyboards/handsets/headsets/chairs)
  • Increase frequency and extent of cleaning and disinfecting surfaces and equipment that come into routine contact with multiple people (CDC Cleaning and Disinfection Guidance), and use a wipeable cover where possible
  • Anticipate and prepare for pandemic-themed opportunistic social engineering attacks and take steps to ensure continued visibility, patching, and maintenance of cyber assets in the event of staffing disruptions

KEY MITIGATION MEASURES – WORKFORCE PLANNING

  • Divide essential teams into shifts, cutting hours to ensure that no two groups of employees overlap
  • Segregate crews on shift work and split system operators (days/nights or split individual shifts) between primary, backup, and contingency (reserve) operations centers and control rooms. Operating shifts in different locations should provide a 12-hour window to sanitize equipment
  • Sequester and maintain a completely healthy shift or “reserve force” taken out of normal rotation who can step in when minimum staffing levels cannot be met
  • Develop a supplemental staffing plan for potential use of retirees, supervisors, managers, and engineers with the requisite skills to backfill operations center and control room personnel and support staff, as required
  • Request and provide mutual assistance and sharing of operators with other similar organizations
  • Make available employee assistance programs and other professional services

KEY MITIGATION MEASURES – IN THE EVENT OF EXPOSURE

Personnel: Consult Implementing Safety Practices for Critical Infrastructure Workers Who May Have Had Exposure to a Person with Suspected or Confirmed COVID-19

  • Quarantine staff on shift with impacted operator(s) – may require extending work hours of non-impacted shifts
  • Reduce operations where possible to decrease the workload of operations center and control room staff
  • Implement a supplemental staffing plan – may include refresher training and simulations offered for supervisors, managers, engineers, and retirees with the requisite skills to backfill control room staff
  • Temporarily sequester non-impacted shifts onsite and increase access to onsite medical services if available

Equipment

  • Clean porous (soft) surfaces near workstation(s) (e.g., cloth, leather, and faux leather seats within manufacturers guidelines)
  • Clean non-porous (hard) surfaces near work-stations (e.g., desk, communication devices, chairs, etc.) with disinfectant products expected to be effective against the virus that causes COVID-19 (SARS-CoV2) ensuring these products are compatible with surfaces/components and used according to instructions
  • Clean lavatories used by the symptomatic employee, including door handle, locking device, toilet seat(s), faucet(s), washbasin(s), adjacent walls, and counter(s)