Operational Risk Management Executives are still digesting the latest Washington Post investigative reporting from Dana Priest and William M. Arkin, "Top Secret America". The U.S. Intelligence Community (IC) and the Defense Industrial Base (DIB) employees in the suburbs of Virginia, Maryland and DC will be debating the impact over whispered dialogue around the weekend BBQ or over a candle light dinner in their favorite Georgetown restaurant.
The aftermath of the disclosure, increased transparency and ongoing investigation will continue for months and most likely years. New questions, new facts and new ideas will be put on the table for consideration inside the board rooms of private sector companies, law firm lobby shops and the government program management offices. Risk Management and the topics of risk exposure and the likelihood of incident categories will be the center of the conversation.
Since the Safety and Security of the United States is the foundation for the article, it makes the nexus of all the newspaper writing, blogposts, TV interviews and Internet "Tweets" relevant to Operational Risk Management.
As professionals in the IC and DIB continue to evolve their solutions on the ever changing threat to US citizens, you only have to look to the requirements placed in front of them. What risk are we trying to mitigate? What exposure do we have now? What is the likelihood that this will happen to us and how soon?
The requirements dictate the solution. The understanding of the threat dictates the requirements. The solution is not going to be implemented one time, one place and then it's over. It's going to be adaptive and it's going to evolve at the speed of the threat. The question that is always being asked by everyone is, how fast can we adapt?
Dana Priest and Bill Arkin may have done our country a great service at this point in time. The "Analysis of Competing Hypotheses" (ACH) may be utilized to ultimately prove the correct course and to make even more sound analytical judgments about our national security evolution. By actually using the data facts uncovered by their current research the process of eliminating errors in the data can begin. And once the data has been normalized and cleansed so that all agree that it is the true baseline, then the ACH can begin.
As the DNI provides the leadership and works through the governance cycles with all of the IC Director's and Secretary's, then the use of a vetted methodology such as ACH combined with the entire risk management exercise, may indeed reveal some operational risk vulnerabilities. It would be through the analytic process, risk matrix and the future enterprise architecture work that a more robust, resilient and economic model is developed and implemented.
Now about the question on whether our national security has been compromised or the risk to our private sector assets has increased as a result of the Washington Post article. Only time will tell as the possibility of future VBIED incidents, take out the facades of previously unknown or unnoticed IC or DoD facilities identified and validated in the newspaper's research.
Even now however, the vulnerability of our vital national security assets are most likely to be copied, stolen, corrupted or deleted by the logic bombs lying in wait, before major kinetic disruptions. It will no doubt be a 4GW blended attack on our homeland that combines the effects of both that experts predict is our greatest threat.
This brings us back to the quote at the top of this blog:
"The Only Thing Necessary For Evil To Triumph Is For Good Men To Do Nothing." --E. Burke
God's Speed to the United States of America...