"Above all, watch with glittering eyes the whole world around you, because the greatest secrets are always hidden in the most unlikely places. Those who don’t believe in magic will never find it." —Roald DahlWhat is the latest headline to get your attention this past few weeks? As an Operational Risk Management (ORM) professional you have to be amazed and in shock from several of the global loss incidents. Was it from the Financial, Technology, Energy or Government sector or just a tragic crime or terrorist event with significant loss of life somewhere?
The people, processes, systems and external events that make up your particular Operational Risk ecosystem are dynamic. The threats are evolving both in the physical world and even more so in our data hungry processor driven virtual workplace. You probably can't remember the last time your organization required you to operate the whole day without the use of computer systems; to operate the business in a manual mode over a Saturday in an orchestrated and scenario-driven Business Continuity exercise.
If you can't remember, then as a corporate leader or head of a Board of Directors audit committee you are in denial. The attitude that your organization will never have a data breach or become the victim of a natural disaster such as an earthquake, flood or hurricane is naive. What about the rogue "Insider" who has perpetuated an act of industrial espionage or a long term fraud scheme? The continued theft of Intellectual Property to the United States has been well documented since 2013:
The Impact of International IP Theft on the American Economy Hundreds of billions of dollars per year.
The annual losses are likely to be comparable to the current annual level of U.S. exports to Asia—over $300 billion. The exact figure is unknowable, but private and governmental studies tend to understate the impacts due to inadequacies in data or scope. The members of the Commission agree with the assessment by the Commander of the United States Cyber Command and Director of the National Security Agency, General Keith Alexander, that the ongoing theft of IP is “the greatest transfer of wealth in history.”When you really sit down and think about the risk to the Homeland Security of the United States today, this has to be at the top of the list. The reason is that the "IP Theft" threat is not like ICBM's coming over the horizon suddenly. This metastasized problem set, is eating away at the economic security and our U.S. national security simultaneously.
"While IP theft is not new to the planet, today’s scale of economic impacts—with national security ramifications, international dimensions, significant foreign-state involvement, and inadequacy of legal and policy remedies and deterrents—makes for an unprecedented set of circumstances."
CHAPTER 1: THE NATURE OF THE PROBLEM- The Commission on the Theft of American Intellectual Property
What are the solutions? The answer is plural because there is no single way to address the magnitude and the severity of the threat. The security of the U.S. Homeland begins with intelligence. The degree to which the intelligence gathered, analyzed and shared is capable of being absent of bias is a start.
Homeland Security Intelligence (HSI) is quickly evolving beyond the group think of a catastrophic physical terrorist event. The focus now is on counterintelligence, as much as on counterterrorism and for all of the interdependent connections to the rest of the world. As your organization begins it's next strategic planning cycle or engages in the thought of a continuity of operations exercise you should think wider and deeper. The survival of your business and organization is dependent upon your internal counterintelligence mechanism.
As one example, take a minute to better understand the diversity of languages being spoken within your organization. Who are the people within the enterprise who have the fluent ability to speak and to translate English to some other foreign language? How does your enterprise engage with other countries to engage in International business? The degree to which you have multiple languages being translated, or utilized for business transactions and necessary for daily operations is both a risk and an opportunity.
The secrets inside your organization are knowable. The ability to hedge the Operational Risks to Intellectual Property within your enterprise is greater than you may realize. The interdependency with U.S. Homeland Security is evident.