Preparing for (Other Kinds of) Disasters

This guest post is from Garrison Libby, a community college librarian.

When COVID-19 swept the world last year, librarians were forced to adapt their services on the fly. Over the past year, we’ve probably all become very good at disaster planning. However, it’s worth thinking about the disasters that you haven’t planned for, and to begin making preparations for them now.

My institution recently suffered a major technology interruption which led to an extended shutdown of nearly of the college’s online systems: email, online courses, library proxy servers, and nearly everything we need to function, especially during a pandemic. Of course, an outage of that scale paused classes, so access to library resources was the last thing on anyone’s mind. However, it still prompted us to have to consider alternatives as we waited to see what systems would come back online and in what order. There was no guarantee that we would have access to our proxy server when classes resumed, for example, as systems had to return online one by one.

Consider constructing a technology audit as part of your disaster and continuity planning. Review the technology you use, how it’s used, and evaluate potential impacts if you lose access to that technology for an extended period of time. Here are some potential questions to ask yourselves when conducting the audit and developing a technology continuity plan:

  • Do you have alternate contact methods (phone numbers, personal email addresses) for all your staff members? Does anyone maintain this information, and where is it stored?
    • It’s a good idea for managers to have contact information for their staff.
    • Consider maintaining a centralized contact list as well, but ensure that it is kept up to date and accessible.
    • Remember that this is personal information for staff, so do not use their personal contact information except in event of emergency.
  • In a technology outage, how will you communicate updates to your staff?
    • A single text chain with all staff could be unwieldy for libraries with many employees. Communication can be distributed from managers to direct reports, but ensure a clear and consistent message from the top so that staff aren’t getting different or conflicting messages.
  • What technology is locally hosted, and what technology is hosted elsewhere?
    • Inventory your technology and plan for potential outages. We are fortunate that our Springshare LibApps suite was hosted by Springshare, meaning we still had access to LibGuides, LibAnswers, and also LibChat as an emergency staff chat space if necessary.
    • Many of our systems were authenticated using the college login, making them inaccessible during the outage. Can alternative logins be set up? We had both institutional logins and system-specific logins for Springshare, ensuring continued access. The College Google Drive, however, was tied to institutional logins and became inaccessible.
  • What can be done low- or no-tech?
    • Review and update manual check-out procedures for library materials.
    • Can you do reference without access to the library catalog? Do your staff know where popular subject areas are located in the stacks?
  • What alternatives are available for your technology?
    • If your proxy servers go down, can patrons access electronic resources? We are fortunate to be part of a state library consortium, which provided an alternative login that our students could use to access several key databases so that basic research needs could be met.
    • Many libraries are firmly embedded in the Springshare ecosystem. In the event that there is an outage in those systems, do you have alternative options, or can you quickly create emergency alternatives?
    • Are your systems regularly backed up so that they can be restored in the event of data loss?
  • What continuity planning has your institution done?
    • Consult with your IT department and college administration to review their own technology continuity plan. Ensure that your plan aligns with theirs.
    • If your institution does not have a technology continuity plan, encourage them to adopt one.

Just asking these questions alone is not enough. Continuity planning also requires building a robust plan and then ensuring it is reviewed regularly and kept current. A plan you make today may not help if you need it in 5 years and have not adjusted for our constantly changing technology.

The second step is to ensure that the technology continuity plan is also backed up and accessible multiple ways. Consider the 3-2-1 backup plan: Have 3 backups of the plan and key documents available, two of which are stored locally on different mediums (i.e., one on hard drive, one on USB key), and one of which is available via the cloud (Google Drive, college storage, Dropbox, or other options). You will also want multiple staff members to have access to the plan, so that someone will be able to get it. But because such a plan should also have contact information for staff, be sure to keep it secure.

Ideally, a continuity plan is something that you will never actually have to use. However, when an emergency happens, it is good to have the plans ready so that you can shift gears and keep services running as smoothly as possible. Whether it’s a pandemic or a technology outage, you can take actions now to be ready. Because if nothing else, the last year has taught all of us to expect the unexpected and to be prepared for anything.

Add Cyberwar Contingencies To Your Disaster Plan

Two new reports from ACRL serve to remind the academic library community that our future is increasingly one based on digital collections and a virtual presence. Both the Futures Thinking for Academic Librarians: Higher Education in 2025 and the 2010 Top Ten Trends in Academic Libraries point to the importance of paying attention to our external environment and the ways in which it could impact on our operations and services. The short-term view in the latter report makes multiple references to digitization projects and an increasingly electronic collection; that’s certainly what many of our user community members want us to offer. But the former report points to one scenario that may come to pass well before 2025, that should concern all of us who acknowledge our growing digital future.

Of the scenarios that the majority of the respondents thought were both possible and likely to happen sooner rather than later, the likelihood of disruptive cyberwar, cybercrime and cyberterrorism was among the top four. Any one of these different forms of cyber attack has the potential to cripple a largely digital academic library operation.

The same week the 2025 report was issued, MIT’s Technology Review for July/August 2010 featured an article on the dangers posed by cyber warfare:

Ingenious solutions are multiplying, but the attacks are multiplying faster still. And this year’s revelations of China-based attacks against corporate and political targets, including Google and the Dalai Lama, suggest that sophisticated electronic espionage is expanding as well. “What we’ve been seeing, over the last decade or so, is that Moore’s Law is working more for the bad guys than the good guys

So what does all of this mean for academic libraries? Clearly we are poorly positioned, as are our institutions, to have much impact on the growing possibilities for global cyberwar. Even Google, with all of its resources, was breached by cyberattacks from China. Russia lives under constant threat of cyberterrorism from its enemies. The United States is taking this so seriously that it just appointed a general who will focus entirely on preventing cyber attacks and developing a strategy for engaging in global cyber warfare.

So at best we need to be aware and alert, and add this new and challenging threat to those other ones in our disaster plans. What would we do without access to our digital resources? How would we communicate with our users and each other? How would we support both on campus and off-campus faculty and learners if there was an extended loss of connectivity, files, networks or other essentials of our digital age? Just as with all those disasters for which we prepare in our plans, be they fire, floods or worse, we all hope they never come to pass. But be prepared we must.

Finally, the threat of cyber war and terrorism should bring attention to the value academic libraries provide to their communities as stewards of the print institutional collection and experts in locating information in those collective assets. The challenge of balancing growing print collections and diminishing space already moves us toward growing our digital materials. There are many good reasons to maintain strong print collections, and the potential for a total network collapse should remind us that doing so is just one of our many important responsibilities.