29 July 2017

OPS Risk: Choosing Service Over Self-Interest...

Accountability and ownership are two vital elements of any operational risk professionals mindset, if they are to accomplish real results.  In order to gain this mindset as a professional, you have to be able to work along side others, who have these ingrained into their character and DNA.

What are you accountable for in your team or organization?  You are accountable for the stewardship of your particular mission at this point in time with a clear vision of the results that are envisioned.

You are not accountable to anyone but yourself and the team you have assembled for this particular set of tasks and outcomes.  The Operational Risks that you will encounter and those that you decide to mitigate or avoid are entirely up to you and your team, long before you set out to accomplish the mission.

Do you have ownership of the results desired?  You must have ownership of the operational risks that may and will occur if you and your team are to survive whatever known and unknown challenges may come your way.  Who are some of the best of the best in the profession of Operational Risk Management (ORM) over the past few decades?

Neil Armstrong and Buzz Aldrin are just two:
Of course, it was less than a year later that Armstrong himself would make the biggest step. After a three day trip to the moon, Armstrong, Aldrin and Collins entered lunar orbit on July 19. On July 20, Armstrong and Aldrin began their descent towards the surface inside Eagle, the lunar landing module. The flight to the surface did not quite go as planned. During the descent several alarms from the flight guidance computer distracted the astronauts. The onboard computers were inundated with extraneous radar information, but the alarms were determined not to be a problem. 
But Armstrong also noticed he and Aldrin were flying faster than expected across the lunar surface and were likely going to overshoot their landing site. As the Eagle passed 1,500 feet above the surface, Armstrong saw they were heading for a crater. He thought this might be a good option as it would have “more scientific value to be close to a large crater.” But the steep slope and big rocks did not provide a safe place to land. 
As they continued to fly over areas covered with large rocks and boulders, Armstrong took over control of the Eagle and continued flying it manually. He was able to use his training from the LLTV to maneuver as they continued to descend to the surface. But all of the maneuvering was using up propellant. At 200 feet above the surface, Armstrong finally was able to find a place to land. 
Aldrin: Eleven [feet per second] forward. Coming down nicely. Two hundred feet, four and a half down.
Armstrong: Gonna be right over that crater.
Aldrin: Five and a half down.
Armstrong: I got a good spot.
Aldrin: One hundred and sixty feet, six and a half down. Five and a half down, nine forward. You’re looking good. 
As they passed 75 feet mission control in Houston determined the Eagle only had 60 seconds of fuel left. Armstrong says he wasn’t terribly concerned about the low fuel situation, “typically in the LLTV it wasn’t unusual to land with 15 seconds left of fuel.”
About 40 seconds later Armstrong made a final few maneuvers before announcing the landing was complete. 
Armstrong: Shutdown.
Aldrin: Okay. Engine stop.
Houston: We copy you down, Eagle.
Armstrong: Houston, Tranquility Base here. The Eagle has landed.
Think about your team.  Is the boss dictating from the top on your every move or are they side-by-side with equal accountability and ownership of the results of the mission.  NASA puts rock star top gun pilots behind the controls of lunar missions for a good reason.  It is because they know that they are not in control, ultimately the pilots are working together.

So if you find that in your next corporate or organizational project that the boss from afar is telling you what to do at every moment, it's time to eject.  A true Operational Risk professional understands the mission and the desired results.

They have accountability and ownership of the tasks necessary to achieve the results.  Their stewardship of the project, with their fellow team members will be able to adapt to any changing environment or sudden challenges.

If you are the boss that has responsibility for the team and the successful outcome of the mission, what have you done to enhance each of their skills, knowledge and experience to deal with operational risks?    You may be asking at this point "How" do I do this?  This isn't about giving you suggestions or to show you where it is working and how to do it.

This is about service before self-interest and your ability to think of yourself as an equal on the team. Just one more vital asset with the same sense of accountability and ownership for the overall mission. That's it.

Your team needs you as one more set of brains, hands and talents to solve the operational risks that will be on their way.  How you behave and perform in light of these new found challenges, may very well be the one thing that determines whether your team lives, or survives.
To serve. To be safe. To know what freedom feels like.
Author, Peter Block - Stewardship - Choosing Service Over Self-Interest
Neil Armstrong was a true Operational Risk Professional...God speed.

22 July 2017

Global Pulse: Resilience in Development...

The asymmetric threats cast upon the private sector on a daily basis across the globe, are rising and more complex.  As a result, Operational Risk Management (ORM) is a discipline that has quickly matured in the past decade.  

Today, as we embark on this blog post number 1154 we can reflect on our amazing journey.  When you search Google from our location on "Operational Risk Management Blog" this blog is the number 1 link.

This endless journey encounters new insights and transverses industry sectors to include financial services, energy, automotive manufacturing, aerospace, defense industrial base, pharmaceuticals and government both local and federal.  It has involved the following four fundamental principles of ORM:
  • Accept risk when benefits outweigh the cost.
  • Accept no unnecessary risk.
  • Anticipate and manage risk by planning.
  • Make risk decisions at the right level.
Whether the oversight and pursuit encountered the risks of fraud, economic espionage, workplace violence, natural disasters, terrorism or cyber vulnerabilities does not matter.  The threats and hazards that span the spectrum of Operational Risks to the enterprise are vast and increasingly diverse.

The discipline continues the quest to improve and to learn new lessons from both the private sector and government.  Now both of these need to also include a third dimension, that is evolving and could be the place to look for real innovation:  Non-Governmental Organizations. (NGO)

The NGO community is the environment that has now gone beyond response and is finally becoming more predictive:
Global Pulse is a United Nations initiative, launched by the Secretary-General in 2009, to leverage innovations in digital data, rapid data collection and analysis to help decision-makers gain a real-time understanding of how crises impact vulnerable populations. Global Pulse functions as an innovation lab, bringing together expertise from inside and outside the UN to harness today’s new world of digital data and real-time analytics for global development. The initiative contributes to a future in which access to better information sooner makes it possible to keep international development on track, protect the world’s most vulnerable populations, and strengthen resilience to global shocks.
There are plenty of situational awareness analogies that can be made to the risk management of vital private sector or government assets over the years.  Predictive operations have been evolving for years with the goal of preemptive capabilities to detect an attack on a Homeland.  The analysis of information from disparate sources is nothing new.  Link analysis and other methods of qualitative and human factors analysis give us the cues and clues to a possible evolving pattern of human behavior.

Yet what is fascinating now about the NGO perspective, is the intersection of Big Data and the mobile phone:
Wherever people are using mobile phones or accessing digital services, they are leaving trails behind in the data. Data gathered from cell phones, online behavior, and Twitter, for example, provides information that is updated daily, hourly and by the minute. With the global explosion of mobile phone-based services, communities all around the world are generating this real-time data in ever-increasing volumes. These digital trails are more immediate and can give a fuller picture of the changes, stressors, and shifts in the daily living of a community, especially when compared with traditional indicators such as annual averages of wages, or food and gas prices. This is especially crucial during times of global shocks, when the resilience of families and their hard-won development gains are tested.
These global shocks that are economic, geopolitical or as a result of climate change are at a macro level nothing more than environmental volatility.  This volatility in markets, government leadership, religious conflict and drought are what is driving the NGO development community to be more predictive and to be more preemptive.

In concert with this focus on predictive intelligence is the initiative "data philanthropy."  How can the data sets from our respective countries be shared to work on the really hard global problems together?  Open Data Sites is just the beginning.  You have to make sure that you recognize the attributes of "Big Data for Development" vs. the private sector or purely government:
Big Data for Development sources generally share some or all of these features: 
(1) Digitally generated – i.e. the data are created digitally (as opposed to being
digitised manually), and can be stored using a series of ones and zeros, and thus
can be manipulated by computers; 
(2) Passively produced – a by product of our daily lives or interaction with digital
services; 
(3) Automatically collected – i.e. there is a system in place that extracts and stores
the relevant data as it is generated; 
(4) Geographically or temporally trackable – e.g. mobile phone location data or
call duration time; 
(5) Continuously analysed – i.e. information is relevant to human well-being and
development and can be analyzed in real-time;
What if the private sector and the government started looking through a different lens?  Or perhaps the other way around.  Is the NGO development community capable of learning from the mistakes with data that intersect with privacy and national intelligence?  Operational Risk Management is just as much an imperative in the NGO environment, as we evolve in the integration of Big Data for global humanitarian initiatives.

When you really look at the opportunity and the challenge ahead, you must consider this intersection of data today in context with where development is still in its infancy.  Look at this visualization of Google search volume by language.  Notice the darkest parts of the planet Earth.

These are where the NGO community lives today, with little access to the Internet, regardless of language.  The human resilience factor necessary to evolve in these non-connected IP (Internet Protocol) deprived areas of the world, must be addressed as we aspire to become more predictive risk managers.

16 July 2017

Cyber Deterrence: Chief Information Warfare Officer (CIWO) is born...

In 2017 there has been a significant amount of news and dialogue on the topic of information security. America is now waking up to the reality that it's true vulnerability is critical infrastructure reliance on strategic networks and is worth analyzing in depth.

Operational Risk Management (ORM) in critical infrastructure sectors such as Energy, Finance, Transportation, Defense Industrial Base (DIB) and a dozen more, is alive and well. Yet the long view, requires a pivot from the cyber analogies of immune systems and daily hygiene scenarios simply to address cyber theft, denial of service, viruses and ransomware.

The growing priority problem-set is "Cyber Deterrence" and the U.S. is still a long way off from having this strategy in place. The current abilities of several known nation state adversaries, to launch and maintain a persistent attack on our critical infrastructure, requires a new and robust set of initiatives to solve this new reality and immediate cyber problem for national security.

The fusion of Homeland Security with U.S. Department of Defense planning to address "Cyber Deterrence" is necessary and beyond what has been accomplished to date. The attributes focused on "Continuity of Government" (COG) and "Continuity of Operations" (COOP) are paramount with solving the hard problem-set of U.S. Cyber Deterrence. Why?

A wider range of military cyber options are needed beyond diplomatic expulsions and economic sanctions and a clear policy framework must be in place for these deterrence options to be utilized against nation states.

The growing use of cyber offensive weapons requires an increased level of preparedness, offensive war games and planning including substantial integration with the U.S. private sector critical infrastructure companies. The resilience factors associated with Fortune 500 private sector companies is vital.

First, a substantial portion of the new problem-set, involves the use of offensive cyber weapons and the declaratory engagement policy with adversaries such as Russia, China, Iran and North Korea. This must include the key dialogue on attribution capabilities. Have you ever had a conversation with your information security team on the topic of attribution? If you haven't then now is the time to better understand this set of issues.

Second, the degree to which a private sector company has been under attack by non-state actors will in many cases provide an indicator of their current cyber deterrence capabilities. The question is, how would they respond and how resilient would they be if any new attacks were exponential in proportion to previous adversarial campaigns?

Third, the coordination with not only DOD and private sector companies also requires significant integration with the Department of Homeland Security (DHS), State Department and the Intelligence Community (IC).

Non-Kinetic cyber actions utilized by the military is not new. Strategic U.S. ICT (Information, Communications & Technology) capabilities working side-by-side and in concert with the military is now more necessary than ever. Private sector organizations interacting and engagement with USCYBERCOM to establish working relationships that include COG and COOP level planning also needs to accelerate.

So what?
The House has joined the Senate in calling for the Department of Defense to update its cyber strategy and to more clearly define the meaning of cyber deterrence.
The House on July 14 overwhelmingly passed the 2018 National Defense Authorization Act, which included a number of cyber-related amendments, including a provision directing the secretary of defense to "develop a definition of the term 'deterrence' as such term is used in the context of the cyber operations of the Department of Defense; and assess how the definition...affects the overall cyber strategy of the Department."
The Senate's draft of the NDAA establishes a U.S. cyber deterrence and response policy and calls on the administration to develop a clear cyber deterrence strategy.
The Chief Information Warfare Officer (CIWO) has been born...is it a myth?

09 July 2017

Mergers & Acquisitions: Achieving Trust Awareness...

Building relationships is a continuous process that requires an effective approach, mutual intent and clear understanding of the purpose.  Operational Risk Management is at the center of all kinds of Mergers and Acquisitions (M&A) activities.

Whether it is a mega-merger between Amazon and Whole Foods or even a planned meeting with a potential partner or client invested to discover the possibilities of working together;  you can improve the ratios of a positive outcome.

Developing new capabilities, launching a new solution or improving an existing line of business, requires a substantial investment in "Relationship Building."  A team of individuals with their respective areas of knowledge, subject matter expertise and mutual mission still require continuous hands on facilitation.

The building of relationships requires at the core, a persistent devotion to "Trust Awareness."  This means that you have to be conscientious about looking through your individual and organizational behaviors and messaging, that could in some way erode trust.  This trust awareness is the ability to detect anything that could diminish the possibility for the relationship to grow.

Building and growing trust with new partners, mentors, clients or customers requires an investment in time and resources to monitor, measure, document and adapt with change.  It requires a new level of transparency and focus on integrity.  Simultaneously, it means that you have to accept a new level of vulnerability.

Regardless of the logo on your business card or web site, the tag line of what you are about, or even the URL for your domain name, what are you doing today to build trust?  With your employees, co-workers, supply chain or channel partners.  What is the process and method you utilize to improve your trust awareness and to build stronger and lasting relationships?

Jeffrey Ritter says it best from his book "Achieving Digital Trust":
"Whether in government, in business, in classrooms, or at the dinner table, the ubiquitous presence of digital assets and devices enables us to do something radical—immediately seek out information that allows us to challenge and evaluate our trust in the decisions of others we are expected to follow. So, in addition to your own decision process being shaken, so too are the evaluations others make to trust your decisions. If you are a business leader, IT executive, information security manager, systems architect, elected public official, educator or stay-at-home parent, you have surely felt the discomfort.

As soon as you announce a decision, someone is thumb-typing on a device to find information to validate or contradict you. A few clicks and your questioner has acquired data that enables that person to question your decision process, view it differently, or weigh it with lesser confidence. Admit it, you surely have done the same when you are on the other side of the table, hearing the decisions, opinions, or guidance of others—a superior officer, a corporate manager, a business partner, a teacher, or even a spouse."
Building effective relationships between people in the digital age will certainly involve e-mail, iMessages, web sites and even Twitter.  How often do you read a persons name or see them perform before an audience and immediately do a "Google Search" or LinkedIn lookup?  What you see and read there, could influence you and how much you initially trust that person.

There are dozens of ways that due diligence is accomplished during any M&A activity including the asset inventory, testing and validation along with a forensic records review.  Yet in the initial days of the team coming together to identify, approach and cultivate a meaningful relationship with a new partner or buyer, the process is vital.  The methodology can mean your success ratio is improving, flat-lined or declining.

Step back and take a look at your relationship building capabilities.  Analyze why your success ratio is declining.  Understand the trust awareness factors that could be part of the answer to your achieving even greater digital trust.  The next step is to effectively identify and solve the problems that you will encounter as the M&A trends continue.

Building new relationships takes time and resources.  Yet, keeping those relationships effective and continuously growing "Trust Awareness" for years and decades requires even more.  Listening, learning and compassion...

02 July 2017

USA: Our Past and Future Destiny...

The United States of America turns 241 years old on Tuesday, July 4, 2017.  As the parades of celebration commence across the small towns and the mega-metropolitan cities, we have so much to be proud of and have so many accomplishments in these few short centuries.

The Founding Fathers really had no idea in 1776 what Operational Risks they would face or what our nation would look like now, as they were crafting our U.S. Declaration of Independence and later the U.S. Constitution.  All they knew was, that they were crafting something new and unique, in so many ways.  It has endured World Wars and this Republic has become ever more resilient to economic turmoil over the years.

The rest of the world needs the United States of America.  After all, how would they know about the existence of underground ice on Mars or other first discoveries by NASA.  How would many of the countries on our Earth continue to accelerate their abilities to produce greater food yields, preserve vital fresh water drinking sources or even power their transportation sector with clean energy?  Who invented the Internet?  We explore farther and innovate faster...

As Americans, we travel the world with our U.S. Passport and it gives us a glimpse into why this little book is so valuable.  Why it is so sought after.  Even most Americans might not realize that their U.S. Passport is not their property.  It is the property of the United States (Title 22, Code of Federal Regulations, Section 51.9).  It must be surrendered upon demand made by an authorized representative of the United States Government.

On page 16 and 17 of the U.S. Passport is the following quote:

"This is a new nation, based on a mighty continent, of boundless possibilities."  --Theodore Roosevelt

Theodore Roosevelt became the United States youngest President at age 42 in September of 1901.  The 25th President, William McKinley had been the third U.S. President to be assassinated after Lincoln and Garfield.  Now Teddy Roosevelt saw the possibilities and as Vice-President, took our country forward once again.

One can only imagine what our country will be like in another 241 years.  Where else in the solar system will we have new outposts?  How will we be assisting and cooperating with other countries to promote peace and justice?

So with that United States banner of "50 Stars and 13 Stripes" waving in the wind over your home in America this 4th of July, put your hand over your heart or salute our flag.  Remember how far we have come and how far we will be going as a nation together...