Lessons from Japan: Communication key to business continuity

Months have passed since eastern Japan was struck by an earthquake of unprecedented force and destructive power. The Tohoku earthquake, also known as the Great East Japan Earthquake, on March 11 left 20,000 people dead or missing in the affected areas, and was at magnitude 9.0 – the most powerful earthquake to hit Japan since records began (and among the most powerful ever recorded worldwide).

The damage caused by an earthquake depends not so much on the magnitude as on the readiness of the area it hits – the magnitude 7.0 2010 Haiti earthquake, affecting a poor country with limited preparedness and inadequate building regulations, killed more than 200,000 people. The 1994 Northridge earthquake in southern California, though of similar size and also in a densely populated area, killed just 17 people. In this regard, Japan – a rich, peaceful country with extensive historical experience of earthquakes and tsunami – should have been better prepared than any other nation for the events of March 11.

And in many ways it was: Japan’s rigorous building codes, for example, meant major buildings survived even in close proximity to the earthquake’s epicentre, and buildings constructed since design laws were overhauled in 1981 were rarely destroyed. “If the earthquake had been the sole problem, then Japan could have claimed for itself a significant success in planning for the impact of a major earthquake, even one of historically unique size,” comments David Rubens, a London-based corporate security consultant.

If Japanese government and private-sector bodies were well prepared for the immediate effects of an earthquake, they were, some argue, far less prepared for its secondary and tertiary consequences.

The most obvious of these was the tsunami that struck the eastern seaboard of Japan shortly after the earthquake. “The vast majority of the tragic impact was caused by the scale and power of the tsunami, a natural consequence of ocean-centred earthquakes that it is almost impossible to mitigate,” Rubens writes.

The tsunami and earthquake together caused widespread damage across north-eastern Japan, including to critical infrastructure such as power lines, roads, railways and fibre-optic lines, as well as to housing and at-risk industrial targets such as oil installations and, of course, the Fukushima Daiichi nuclear reactors.

The United Nations’ most recent Global assessment report on disaster risk reduction noted: “Countries are also faced with new patterns of vulnerability associated with the growing complexity and interdependency of the technological systems on which modern societies depend: energy, telecommunications, finance and banking, transport, water and sanitation. The tsunami-driven nuclear disaster in Fukushima, Japan, highlights how these new vulnerabilities multiply disaster risks and can trigger cascading and concatenated system breakdowns at different scales that are difficult to model but which can exponentially magnify effects.”

Keep talking
One theme recurs again and again in discussions of the effects of the earthquake on the financial sector – communications. With head offices generally located in the Tokyo region, Japanese financial institutions suffered only local damage from the immediate effects of the earthquake and tsunami, and were outside the area affected by the radiation release from Fukushima. Nor were they seriously affected by supply chain interruptions (a major problem for the manufacturing sector in Japan and worldwide). But in the aftermath of the earthquake and tsunami, banks in Japan, even outside the worst-affected area, found there were serious problems with their ability to communicate with employees, the public, regulators and their own offices.

This was generally not a problem foreseen by banks – or regulators – in their pre-earthquake planning. In the Bank of Japan’s (BOJ) most recent business continuity exercise, released in April this year but conducted in November 2010, only 4% of banks cited “communications liaison with important external parties” as a potential area of inadequacy.

After the earthquake, however, communication systems came under immense stress – and shortfalls in business continuity plans became apparent.

“The situation in our Tokyo headquarters was not so serious. And in our branches – we had eight there [in the affected area] – they were well prepared and had tested and confirmed their plans. But the plan did not work well in information sharing and sending information between headquarters and our branches,” says Yukihiro Jimbo, executive director of IT governance at Nomura in Japan in Tokyo. “It was difficult to reach from a corporate level down to individual employees in branches – many Japanese companies experienced similar problems in ensuring effective communications in the disaster situation.”

Nomura’s own lessons-learned document lists 10 areas in which the company’s preparations for disaster and actions during the emergency had fallen short: the first seven all relate to inadequate communications.

This was partly a result of damage to communications infrastructure. Landline phone networks were damaged and overloaded. Mobile phone networks, although they do not involve a fixed link to the user, still rely on extensive fixed infrastructure – base stations connected by cables – which were also damaged and heavily loaded, especially in the immediate aftermath of the earthquake. Nomura, for example, found that both landline and mobile phone systems failed, posing severe problems for any actions designed to rely on voice communications.

A 2011 study by the US Federal Communications Commission found that, after the tsunami, as after similar events such as hurricanes in the US, repairs tended to proceed at about 15% per day for the first 12 days. Of the million phone lines and 500,000 broadband internet connections broken by the earthquake, most were repaired by March 23; after this date the rate of repair slowed dramatically as repair crews moved on to connections that were either less critical or more difficult to reach. By April 21, 39,000 phone lines and 13,000 broadband connections remained inoperable. Repairs to mobile phone base stations followed a similar curve; 1,300 out of 7,900 initially affected remained offline by April 21. Another limit to voice communications: if power remains down for more than a day or two, mobile phone handsets will start to run out of battery life, and merely restoring power to a base station (with, for example, a mobile generator) will not necessarily restore communications.

Bob Hull, head of corporate safety at New Mexico consultancy Los Alamos Technical Associates, comments: “This is universal in catastrophes like this – communications are a key problem. After 9/11, Hurricane Katrina and so on, systems were overloaded and many of them shut down. The more regional the problem, the more complex the answer – even fibre optics can get overloaded.”

Decreasing reliance on communications is one approach – Nomura is exploring how much management responsibility can be devolved down from head office in Japan to local offices elsewhere in the event of a crisis. “We are majority-based in Japan, but we have wholesale operations in London, Singapore and Hong Kong – so how do we communicate in a timely manner with these regions from the disaster command centre? The question is – how much can a company like Nomura delegate management overseas?” Jimbo says.

One company concerned with business continuity, Japanese IT hardware group Fujitsu, has started running disaster response drills in reaction to the earthquake that focus on the loss of communications – the first took place in September and tested “a scenario in which the Tokyo metropolitan area suffers significant damage, resulting in power outages and communications disruptions that prevent phone, including mobile phone, and email, including mobile email, communications”. Instead, Fujitsu plans to rely on a combination of satellite telephone and multi-channel access (MCA) radio telephone systems, a system widely used in Japan for mobile users such as taxi operators and disaster management. But these have limits, the company says: MCA is at its best in cities, and satellite telephones need a clear line of sight to the south. Battery life is also a concern, with batteries often lasting less than a day. The company is also investigating use of social media and text messaging to contact employees in the absence of satellite or MCA connections.

@earthquake
Flexibility and redundancy are key here, experts say. Jimbo and others note that, even when voice communications were impossible, asynchronous text messaging was still available – not only text mobile phone messages, but also email and web-based one-to-many methods such as Facebook and Twitter. Asynchronous methods are inherently more robust if connectivity is only sporadically available due to crowding or damage, as they can be transmitted on a space-available basis – a phone call can obviously only happen if both parties have connectivity simultaneously. And web-based methods take advantage of the internet’s damage-tolerant design; the day after the earthquake, James Cowie, the chief technology officer of internet business analysis company Renesys in New Hampshire, noted that Japan’s links to the regional internet had been largely unaffected by the earthquake. “At this point, it looks like their work might have allowed the internet to do what it does best: route around catastrophic damage and keep the packets flowing, despite terrible chaos and uncertainty,” Cowie wrote in a blog post in April.

Hull adds that, for commercial entities as well as governments, older methods of radio communication could provide a useful back-up. Satellite phones have limited capacity in a given area – a satellite can only handle so much traffic – and will in any case be in high demand by government, emergency services and the media. Satellite communications operator Inmarsat saw a leap in activity over New Zealand after the Christchurch earthquake on February 21, much of it the result of media demand for live video transmission, and says its network operations centre has seen similar jumps in other disaster areas for several years. Hull notes that “amateur radio, radio telex and radiofax are still available in many countries, and are not as heavily dependent on other systems as most of us are at present. For banks, you need to look at what your communication needs are. Who do you need to communicate with, how regularly, and how are they going to know what’s going on? That could be, say, the reserve bank or the regulator as well as your employees – so you need to liaise with them in advance.”

But the widespread availability of information created its own problems for Japanese bank employees – faced with incomplete and contradictory information from multiple sources about the nature and extent of the disaster and what they should do. Nomura highlighted inadequate information to employees as one of its top 10 issues. “It was difficult to give guidance to employees on whether they should go home or come to work – difficult for us to communicate and for them to decide which information they should follow. There was uncertain information from newspapers, from TV, from foreign embassies, and no-one could guarantee which information was correct,” says Jimbo.

Foreign workers in Japan faced greater problems because of the language barrier, Nomura found. “Some non-Japanese-speaking employees panicked after the earthquake. Messages sent out from governments of other countries on the incident at the nuclear power plant increased a feeling of insecurity,” the bank’s lessons-learned document notes. And Jimbo adds: “Normally, Japanese companies produce important documents only in Japanese. You have to get them translated, and so it’s difficult to send out timely and correct information [in English] – for us, and also the Japanese government and the authorities at Fukushima.” Foreign news outlets also tended to take a more pessimistic view: “A non-Japanese person would be worried during the disaster, because they were watching the BBC and CNN and getting information from the embassies. Even watching Japanese television it could look like a panic situation if you can’t understand Japanese. Locals could manage better.”

One weakness, suggests Bryan MacKinnon, Deutsche Bank’s regional head of operational risk and business continuity management in Singapore, was a failure to understand that the direct effects of the disaster were relatively restricted. “Eastern and northern Japan were under significant stress. But Fukushima, though serious, primarily had a local and regional impact. In the Tokyo area there were modest food shortages, gasoline shortages and unpredictable power – there were concerns, but it was not a ghost town.” This was not the impression given by foreign media, he continued, particularly with regard to the problems at Fukushima, which prompted many non-Japanese workers in the Tokyo area to flee the city or even the country.

MacKinnon adds that the wide range of news sources available acted to increase uncertainty: banks should decide in advance of a crisis to depend on only a few news sources rather than trying to assimilate everything produced during a crisis, he recommends.

Unpredictable threats
Dealing with the other major shortfall – the failure of disaster scenarios to match the severity, extent and complexity of a real earthquake – will be a much less tractable problem, however.

“Even the Japanese government was not totally prepared for a wide-area disaster – and then we had the quake followed by the tsunami followed by Fukushima. The majority of the Japanese economy is planning for a single-disaster situation,” Jimbo comments. As an example, in its most recent business continuity report, the BOJ highlighted not earthquakes or tsunami but a hypothetical new strain of influenza as the most important scenario for improvements in disaster planning – a relatively benign disaster in that it would affect staff but would not immediately produce serious problems with communications, power or other infrastructure systems.

Fujitsu and Nomura both acknowledge their planning scenarios have changed: Jimbo says Nomura’s scenarios now include planning for cascade effects, and Fujitsu says its worst-case assumptions have been revised. But, Hull says, this is only of limited use: he argues that large-scale rare disasters fall into the category of “black swans”, unforeseen in advance (although, he adds, “with black swans you will always find that someone else predicted it in advance, and you think ‘why didn’t we realise that?’”)

Risk managers must take low-probability extreme events into account, he says, and one way to plan for them – in the absence of historical data – is to make plans that are resilient to a certain amount of model failure. Hull gives the example of the Fukushima Daiichi nuclear plant. Its sea wall was designed to handle a tsunami up to 6m high – when it was overtopped by the 12m tsunami on March 11, the floodwaters poured into the turbine building basement and shorted out the emergency generators. “You need to ask: what happens if the quake is larger than the design basis? You need to protect the generators, no matter what the size of the tsunami – it makes no difference whether it’s five feet or 20 feet over the design basis.” The neighbouring Fukushima Daini plant, built more recently, had its generators within the watertight reactor building itself and survived the tsunami far better.

Another aspect of this is to be aware of whether a disaster will interfere with business continuity plans as well as normal operations. Hull gives the example of a business close to a seismic fault: “Some companies in that position have their back-up locations on the other side of the fault – that’s a problem if you have to go from one to the other, because you’ll have to travel through the most seriously affected area.” Again, at Fukushima Daiichi, three of the six reactors were connected to recently installed emergency generators located some way up a hillside out of reach of the tsunami. The power, however, travelled through switching gear in the vulnerable turbine building basements, which were flooded by the tsunami.

Hull continues: “In another case, a company had its back-up 70 miles away, but there were chemical plants and refineries on the way – it would probably be inaccessible. There are things you don’t think about, and that’s why we have exercises – even just discussions of scenarios. Every time you learn something new.”