Partnership for Protection: Continuity, Safety and Resilience...

Are your research and development secrets protected and safe?

Do you have a counterintelligence program operating in concert with your own Information Security strategy?

Economic Espionage is a growing concern and a top priority at many US-based global organizations.

Who do you know personally that can help you and your organization Deter, Detect, and Defend against potential attacks on your intellectual assets?

Those formulas, algorithms and new break through products in beta testing are vulnerable from a barrage of social engineering and sophisticated attack tools.

The employees, suppliers and contractors operating in and around the perimeter of your organization represent the audience for your next "Tactical Awareness Program".

However, that is only the "tip of the iceberg" when it comes to your complete “Counterintelligence Strategy”.

How do you keep a consistent and pervasive mechanism in place to ensure that your greatest vulnerabilities and most valuable secrets are safe and secure?

If you ever find yourself having a conversation about the fact that your "source code" is now posted on the “Dark Web” or that a new competitor has just emerged with a very similar product as your own, then maybe the denial phase is now over.

The reality phase is kicking in and you now understand that you now need a more robust management system for all employees to learn and practice. Something that they can utilize in conjunction with your most valuable suppliers and contractors.

How will you be able create the kind of education and program strategy to make sure that your organization is not a target of corporate sabotage or economic espionage.

The rewards that your employees receive go far beyond the workplace and into their local cul-de-sac or apartment complex.

Raising peoples awareness about what has happened in the past and could happen in the future, is every leaders responsibility…

Competition: Life Long Learning Experience…

When you were growing up in your town across the USA, they probably had all kinds of ways for you as a kid to learn about competition.

Was it the Spelling Bee?  The Debate team. The High School ball sports games, running track or swimming meets. Cheer competitions. Car racing. The neighborhood park “Art” & “Pottery” contest. The city Golf championship.

Before you headed out of your own household to universities or colleges in other states or joined up with our Armed Forces and were stationed overseas, you really thought you understood what competition was all about didn't you.

Or did you?

competition

com· pe· ti· tion ˌkäm-pə-ˈti-shən

Synonyms of competition

1: the act or process of competing

compete

com· pete kəm-ˈpēt

1: to strive consciously or unconsciously for an objective (such as position, profit, or a prize) : be in a state of rivalry

The fact that you were in competition with others for the best example of your intellect, or your strength or your speed or your accuracy or creativity would soon become more of a life question.

"Who shall I serve in my years ahead and trust to help me navigate the joys and sorrows of my life long journey?"

How will they provide me with the wisdom and the guidance to know what is the right decision to make at the right time?

Competition in life is unavoidable and you might wonder why some people “Win” on one day and not on another.  Was it luck?

Just ask anyone who has made it to a C-Suite at Headquarters, or “Hall of Fame” or other Museum of History and the people who excelled at their particular Profession, Sport or Craft or Exploration milestone.

Have you ever heard someone say in your long competitive life:  “It’s not about Winning and Losing it is about how you play the game”.

What does that really mean?  Is it about following the rules and playing with good manners or sportsmanship?

Competition is truly a life learning experience whether it played on the field, in the pool, on the mountain, on the ice rink, on the track, in the auditorium, on the stage, in the conference room or the ready room, face-to face or online, it does not really matter.

Some may say it was lots of Time and Practice.  Some may say it was a Miracle.

What shall you learn about Competition in your own life?

Some may say it was "My Destiny"...

Godspeed!

SMART Objectives: The Catalyst for Resilience...

Operational Risk Management (ORM) is evolving into a discipline with an over arching set of objectives. The organizations and entities that do not understand the purpose and the reason behind having SMART objectives, might need a refresher:

• Simple
• Measurable
• Achievable
• Realistic
• Task-oriented

Without "SMART" objectives, any project will continue to strive for a purpose and a relevant set of outcomes. Constituents, stakeholders and various affected employees that intersect with an internal risk mitigation exercise, will continuously require coaching on how to base the project on "SMART" objectives.

Next, the stakeholders will require a path forward that includes a building block approach to gaining consensus, agreement and a set of written events that will either be simulated or real.

These events comprise a master scenario, that the organization will utilize to test a hypothesis or set of operational capabilities. The high reaching outcome, is to determine where there are gaps, vulnerabilities and opportunities to improve.

The building blocks approach may include:

1. Seminars
2. Workshops
3. Table Top Exercises
4. Games

These provide the stakeholders with the opportunity to converge on their respective areas of expertise and integrate them with the overall scenario being developed. However, these are still based upon first identifying the "SMART Objectives" and the application to your particular business, organization, city, state or country.

Taking the foundation of Operational Risk Management and applying a process for evaluation, requires a set of standards so all of the respective constituents, will be talking and practicing from the same exercise play book.

In the United States this standard is HSEEP or "Homeland Security Exercise and Evaluation Program":

The Homeland Security Exercise and Evaluation Program (HSEEP) is a capabilities and performance-based exercise program that provides a standardized methodology and terminology for exercise design, development, conduct, evaluation, and improvement planning.

The Homeland Security Exercise and Evaluation Program (HSEEP) constitutes a national standard for all exercises. Through exercises, the National Exercise Program supports organizations to achieve objective assessments of their capabilities so that strengths and areas for improvement are identified, corrected, and shared as appropriate prior to a real incident.

Whether your organization is new to doing functional or full-scale exercises doesn't matter. Having a process oriented model for program management and project management will provide you with the tools and the foundation to achieve new found learning on where and how to improve your enterprise resilience.

Operational Risk Management professionals are working with an organization or population that is constantly striving to be more resilient.

Without testing, without exercising and without the process framework in place to try and achieve measurable objectives, the organization will never gain the vital insight on where and how it can improve rapidly.

It will never fully understand where the enemy will try and exploit the weaknesses. The organization will never realize their resilience factor at this point in time.

When was the last time your organization really tested itself, to survive? How long has it been since you re-established the relationships and the trusted connections with your own supply chain? Why has it been that long?

There are some elite organizations in the world who understand readiness, that have learned along the way of their evolution why exercising and a trusted supply chain is critical to their own survival before the next incident occurs:

To become a SEAL in the Naval Special Warfare/Naval Special Operations (NSW/NSO) community, you must first go through what is widely considered to be the most physically and mentally demanding military training in existence. Then comes the tough part: the job of essentially taking on any situation or foe that the world has to offer.

Direct action warfare. Special reconnaissance. Counterterrorism. Foreign internal defense. When there’s nowhere else to turn, Navy SEALs are in their element. Achieving the impossible by way of conditioned response, sheer willpower and absolute dedication to their training, their missions and their fellow spec ops team members.

This analogy to the Navy SEALs demonstrates that preparedness long before you are asked to test your own resilience, will save lives. Yet there are so many other ways that our planet and the people on it, are being tested every day outside of the context of counterterrorism or national defense missions.

When you think about resilience in the context and relevance of the threats before us, we all have to realize that whether it is the National Level Exercise (NLE), or our US Navy SEALs, only SMART objectives will increase our ability to learn, to save lives and allow for the potential survivability of our organizations or impacted populations.

OSINT. "Accent on the Future"...

It was early-August of 2000 and topics of the “Dark Web” were prolific around the conference table at 8:00AM on that early Monday morning.  Our building on Wilson Blvd was just a few blocks up the hill from the Rosslyn, VA Metro Station.

Soon the dialogue turned to the weekends OSINT and the Terabytes our Cyveillance Web crawlers had retrieved across the globe.

Minding clients business on the Internet was going beyond what was visible with run of the mill browsers and growing search engines.  It had now gone dark, without the right tools, software and protocols.

Now was our opportunity to begin new strategic ventures with clients on three key “Decision Advantages”:

• Continuity
• Safety
• Resilience

How as a Fortune 500 company operating across the globe could you apply these factors to increase your awareness and integrity of your content on the World Wide Web?

Where and how were your adversaries using your published information in nefarious ways to attack your organization?  To influence your product perceptions.  To launch campaigns of doubt against you.

It was now time to get on a plane to fly to the U.S. HQ of our global clients to inform them what was at stake beyond brand protection, social media monitoring and threat investigation, analysis, and response services.

• Think about your business technology operations.  What factors could impact the continuity of your services based upon your geographic locations?
• Think about your employees health and exposure to life threatening acts of sabotage or natural weather events.
• Think about your organizations ability to defend itself against a spectrum of threats and to bounce back quickly to stay in competition with rivals.

Little did we know what was in our future, just about a year away in September 2001.

What if we could apply Continuity, Safety and Resilience (CSR) into our dialogue with a majority of our clients major growth initiatives?

On that Wednesday morning wake up call after a flight to O’hare the previous evening, it was thoughts of Arthur Andersen and the meeting ahead at their HQ.

That morning in a small office looking out on Chicago, we learned about the vast strategy of making a split of AA and Andersen Consulting into a new renaming on 1 January 2001.

Andersen Consulting would soon adopt the new name "Accenture". The word "Accenture" was derived from "Accent on the future”.

The question that morning was now on the “White Board”.

"Where are all the places on the Internet with the brand name “Andersen Consulting” that now needs to be changed to Accenture with a new logo?"

We can help with that business problem in a few hours.  The following day we knew that there were thousands of instances on the “Sun Microsystems” sites alone.

In July of 2001 Accenture would go public (IPO) and 8 years later move their HQ to Dublin, Ireland.  Today they have 779,000+ employees and revenue of US$69.xx billion (2025)…

Leadership in Crisis: Building Trust with Continuous Training...

How often have you ever heard the leadership management philosophy that you must "Train Like You Fight"?  Here is another way to look at it:

"The more you sweat in peace, the less you bleed in war." Norman Schwarzkopf

The theme is all too familiar with Operational Risk Management (ORM) teams that operate on the front lines of asymmetric threats, internal corruption, natural disasters and continuous adversaries in achieving a "Defensible Standard of Care."

As the senior leader in your unit, department or subsidiary the responsibility remains high for preparedness, readiness and contingency planning.  Your personnel and company assets are at stake and so what have you done this month or quarter to train, sweat and prepare?  How much of your annual budget do you devote to the improvement of key skills for your people in a moment of crisis or chaos?

What will the crisis environment look like?  Will it develop with clouds, water and wind or the significant shift in tectonic plates?  Will it begin with the insider employee copying the most sensitive merger and acquisition strategy to sell to the highest bidder?  Will it start with a single IT server displaying a warning to pay a ransom or lose all possibility of retrieving it's data and operational capacity to serve your business?  Will it end up being another example of domestic terrorism or workplace violence like San Bernadino, Paris or Ft. Hood?

Leaders across our globe understand the waves of risk and the possible issues that they may encounter each year.  Many travel to Davos to the World Economic Forum where the world tackles these disruptive events, with the best minds and exchange of information.  Why? They understand that vulnerability is what they fear the most.

Yet what can you do in your own community, at your own branch office to address the Operational Risks you face?  How can you wake up each day with the confidence as a leader, that you have trained and prepared for the future events that will surprise you?  It begins with leadership and a will to lead your team into the places no one really likes to talk about.  The scenarios that people fear to train for, because they think they will never happen.

Achieving any level of trust with your employees, your customers and your supply chain revolves around your leadership.  The discipline of "Operational Risk Management" is focused on looking at all of the interdependent pieces of your business mosaic.  The environment you operate in, even the building that houses your most precious assets.  All of these factors are considered in developing and executing your specific plan for training and readiness.

So what?  The question is

"Why Don't Employees Trust Their Bosses"?

Why this lack of trust?

As a leader your roles are multi-faceted and there is never enough time or money in the budget.  The leaders who excel in the next decade, will find a way.  They will invest in their teams training and the systems to increase trust, by addressing Operational Risk Management (ORM) as a key component of the interdependent enterprise.

The "TrustDecisions" you require and the understanding developed to insure effective "Trust Decisions" by all of your stakeholders will remain your most lofty goal as a leader.

How you train to fight and how you sweat now will make all the difference in your next war.  From the boardroom to the battlefield your leadership is all that is needed.  Your leadership will make a difference...

Intelligence Sharing: Responsibility to Provide...

Back in the summer of 2008, the "Need to Know" was now finally becoming extinct. Intelligence Communities around the globe began ever so slightly changing their behavior.

The Office of the Director of National Intelligence (ODNI) had released it's Information Sharing Strategy:

The Office of the Director of National Intelligence was announcing the first-ever strategy to improve the ability of intelligence professionals to share information, ultimately strengthening national security.

The "Responsibility to Provide" attitude combined with a "Rule-set" reset could get the entities moving the right direction. Risk Managers in institutions in the private sector have been grappling with this business issue for multiple decades.

The reality that the FBI, NSA, CIA and DHS are sharing more effectively will only be evident in actual behaviors, not technology.

The new mantra "Responsibility to Provide" would be repeated over and over but where is the evidence?  

The culture shift was predicated on the ability to manage risks associated with mission effectiveness and disclosure of sensitive information. A Trusted Environment.

This new information sharing model is not revolutionary and requires the same care with privacy, information security and civil liberties that we all expect when it comes to personal identifiable information.

Adding new incentives to share information or rewards for doing so will soon be the norm and the behavior changes will be evident. Great care will be given to the ability to protect sources and methods of collection.

Creating a "Single Information Environment" (SIE) will improve the ability for analysts and investigators to get access earlier and to discover what exists. Enhancing collaboration across the IC community would be a strategic goal and has been a dream for over twenty years.

So let's go back to the "Trust Model" for a minute:

• Governance: The environment influencing sharing.
• Policy: The "rules" for sharing.
• Technology: The "capability" to enable sharing.
• Culture: The "will" to share.
• Economics: The "value" of sharing.

A 500 day plan was then in place. The integration has now been reemphasized even today. Let's make sure that our vigilance continues and on this Martin Luther King Jr. weekend, our spirits are reenergized...