14 November 2006

Single Points of Failure: Interdependencies Unkown...

The Private Sector is putting it's money where it's mouth is pertaining to increasing it's Business Resiliency. The Business Roundtable has been an advocate of it's Fortune 500 member CEO's to create memorandums of understanding (MOU) to utilize in the event of a significant disruption in critical infrastructure.

Now they have gone a step further and created Partnership for Disaster Response in order to deal with the potential operational risks associated with natural catastrophes and other events such as the terrorist events in Madrid, London and New York.

In May 2006, the Partnership became a Business Roundtable Task Force, and Robert L. Nardelli, Chairman, President and CEO of The Home Depot was named chairman. Since then, nearly 30 CEOs have joined the Task Force.

The Partnership for Disaster Response is working to develop plans and identify deployable resources for the four key phases of disaster response:

* Prepare – Establish business continuity plans, employee assistance and volunteer programs, community partnerships with local and national responders, and other programs or channels that can be activated when a disaster strikes.

* Respond
– Mitigate the impact of a disaster by immediately collecting and transporting food, safe drinking water, and other needed supplies.

* Recover – Deploy volunteers, financial support, goods and supplies, heavy equipment, technology, and other assets to accelerate the restoration of order and critical infrastructure to affected communities.

* Rebuild – Sustain the long-term rebuilding efforts and restore housing capacity, jobs, community assets, and environmental resources damaged and destroyed by disaster events.

The Partnership is focused on preparedness in anticipation of a disaster because no one has control of "Mother Nature". Yet all of this kind of preparation will not help deter nor detect the expanding risk to the global enterprise from the threats from people. Yes, the training on what to do in the event of an incident is valuable for the reaction and recovery time, it does little to prepare and train individuals on the "Cues" and "Clues" that an attack is being planned or ready to be executed.

The global companies focused on disaster response also need to balance this with advanced methods of intelligence collection and the use of sensors to detect any deviations from the norm. Four critical components for this proactive mindset must exist for an organization to survive:

1. Intelligence

2. Investigation

3. Readiness

4. Training

Organizations such as WashingtonDCFirst exist in our Nations Capital to address the need for a coalition of private sector companies to work on being proactive, not reactive. This requires leadership to focus on the critical interdependencies you share with your large corporate neighbor down the street or around the corner. Do you both share the same Central Office from Verizon? Do you have the same pumping station for DC Water? Do you have a shared sub-station for power from Pepco? If you do then you both know some of your Single-Points-of-Failure.

While you may never be able to put up enough walls, fences and locked gates to totally protect your single-points-of-failure, you can create an architecture that deters attacks and detects changes. And if you do have an alert or alarm go off then you must investigate the incident no matter how insignificant it may be. Those organizations who believe that they are not in the bulls eye of some worthy adversary should pay attention. Your competitors and even your neighbors realize that this game is not always about eliminating threats to your own corporate assets. It's about making sure that the attackers choose a much more vulnerable target than your own.

No comments:

Post a Comment