30 November 2019

Enterprise Resilience: Compete or Die...

Enterprise Resilience is the road to competitiveness. It is the global answer to many of the Chief Security Officers (CSO) who have faced the troublesome battle of selling more "Fear and Doubt" to the CEO and Board of Directors.

The 34th Overseas Security Advisory Council event was held the week before Thanksgiving as usual.  Yet flashback to when Deborah Wince-Smith stood up on the stage at the 21st Annual Security Briefing at OSAC on November 16th, 2006, when her words were music to our ears:

"It is undeniable that the world has gotten more risky. Businesses now function in a global economy characterized by increasing uncertainty, complexity, connectivity and speed. Managing this rapidly changing risk landscape is an emerging competitiveness challenge—a challenge that demands resilience: the capability to survive, adapt, evolve and grow in the face of change. The Council on Competitiveness is proud to offer this report, which promotes a strategy of resilience for both the public and private sectors a strategy with clear benefits for our companies’ competitiveness and our nation’s homeland security."


On the doorstep of 2020, globalization, technological complexity, interdependence, and speed of digital information are fundamentally changing the kind of risks and competitive challenges that companies— and countries—face.

Failure, whether by attack or accident, can spread quickly and cascade across networks, borders and societies.

Increasingly, disruptions can come from unforeseen directions with unanticipated effects. Global information and transportation networks create interdependencies that magnify the impact of individual incidents. These new types of risk, demand new methods of Risk Management.

Was this a way for the Chief Security Officers of the Fortune 500 to finally shift their thinking from protection to something less macho? How could "Resilience" become a platform for a mind set shift to justify new funding?

After all, now we aren't trying to scare people into the "Low Probability - High Impact" incidents anymore and focusing in on the high probability incidents, that may have enough impact to cause a significant business disruption.

What are the incidents and areas of risk that insurance won't touch these days? If the insurance companies can write the policy to give you peace of mind, then is this necessarily an area that you can ignore, because you have transfered the risk to someone else?  Maybe not.

Being agile, ready and capable of a quick recovery is what competitiveness is all about, on the field, on stage or around the table in the Board Room. Working towards control and protection while fear builds in the back of your mind makes you stiff, depletes your energy and creates doubt.

And when you are operating a business or standing on the tee of your first sudden death hole on any PGA weekend, you better have resilience.

The business equivalent to Homeland Security and Critical Infrastructure Protection is Operational Risk Management (ORM)—a domain that many executives see as the most important emerging area of risk for their firms. Increasingly, failure to plan for operational resilience can have “bet the firm” results.

Back in 2000, the Meta Group (now owned by Gartner) did a study on the cost of "An hour of computer downtime by industry group". These numbers are now 19 years old:
INDUSTRY SECTOR (Millions)
  • Energy - $2.8
  • Telecommunications - $2.0
  • Manufacturing - $1.6
  • Financial Institutions - $1.4
  • Information Technology - $1.3
  • Insurance - $1.2
  • Retail - $1.1
  • Pharmaceuticals - $1.0
  • Banking - $0.996
We all know that it costs lot of money to have any systems downtime, that's why so many dollars have been invested in Disaster Recovery (DRP) and other Business Continuity Planning (BCP).

Yet is this the kind of resilience that is going to make you more competitive, to seize more opportunities? The economics of resilience are more than investing for the likely or unlikely information systems incident (ransomware) that will attack your organization tomorrow.

The threat of Tort Liability and the loss of reputation is top of mind these days with every major global company executive. The threat is real and increasing at a faster rate than many other real operational risks to the enterprise. Litigation from regulators, class actions and competitors has given the term "Legal Risk" new emphasis and meaning.

Once corporate management understands the need for a "Resilience" mentality in place of a "Protection" mental state, a new perspective is found. Investing in the vitality, agility and competitive capabilities of the organization sounds and is more positive.

It alleviates the fear of doom and gloom and inspires new found innovation. The future of your organizations longevity and in its adaptability, can be achieved with a new perspective.

Compete or die.

"Enabling Global Enterprise Business Resilience
" is just the beginning...

23 November 2019

Trust Decisions: Future Outcomes in an Unpredictable World...

What new information have you processed or new insight have you gained today, that will be necessary for your next Trust Decision?

The little screens and nano-processors in the palm of our hand, have taken over our abilities to think clearly.  To ask the right questions.  To process information, using our own biological and cognitive capabilities.

The ability to make your next decision to act, will depend on your level of trust in the information you are now processing.  How are your recieving this new information and what is the source?  Is it trusted?

The speed and quality of "Trust Decisions" in your life will make all the difference in your ability to prosper or not.  How much do you trust the sources of your daily information?  How much does it distract you, from your primary mission?

Are you starting a new education or training class?  Are you starting a new job?  Are others following you?  Are you going on a first date?  Are you planning a wedding?  Are you moving to a new city?  Are you going to be a Mother or Father in the next nine months?  It is an unpredictable world.

What happens to your behavior, when you receive this trustworthy information?  You act on that information, whether it is positive in your plans or creates a new and challenging problem-set to be solved.
"The Internet, the embrace of cyberspace, and the ubiquitous presence of digital information in human society are making immense, positive contributions. In the simplest actions of our daily lives and in the most important decisions we make in business, in government, in education, and in choosing between war and peace, we have become reliant upon the availability and presence of digital information. As our reliance speeds into dependency and, in turn, addiction, there are two profound shifts occurring that are shaping the direction of this war on trust." --Jeffrey Ritter-Achieving Digital Trust
The little screen in the palm of your hand, does not make information more trustworthy.  It makes information more readily accessible and in greater volumes.  It assumes you are pressed for time and therefore, you do not have the patience or the ability to ask timely questions about it's origin, or authenticity to make your next "Trust Decision".

As you sit there and read this, look around you.  What do you see?  How do you feel?  These are the outcomes of your own history of "Trust Decisions".

Why did you decide to get on that plane with this particular airline today?  Why did you decide to make the appointment to travel to your destination, to meet with the person(s) you are traveling to visit?  Why are you going to spend your valuable time, listening to what they have to say, what they will show you and tell you?

Your future continuously depends on your next "Trust Decisions."  What is the information you are receiving and from where?  Will you trust this information?  You see, your next behaviors and actions will take place as a result of how your brain and your trust calculations have processed this information.

So what?

  • Every transaction creating wealth first requires an affirmative decision to trust.
  • Building trust creates new wealth. Sustaining trust creates recurring wealth.
  • Achieving trust superior to your competition achieves market dominance.
  • Leadership rises (or falls) based on trust (or the absence of trust).  --Jeffrey Ritter-Achieving Digital Trust
Your decisions to trust some thing or some one, is far more a science and a calculation than you may have ever known before.
It is time to begin thinking differently about the science of "Trust" itself.
The time has come for you to spend more time with the leaders and the sources of trustworthy information and behavior.
It is time for you to evaluate your wealth in this world.  Whether that wealth is tangible or intangible.  Whether it is measured in love, knowledge, experiences or in currency.

The calculus of your own "TrustDecisions" will continue to be the difference...

16 November 2019

Intelligence Fusion: The Race Against Time...

 Human intelligence may be the most sought after way to prevent new threats to your organization.

Yet that is never enough to give you total peace of mind. You have to implement multiple collection points for real-time and relevant information.

The front line of intelligence analysis begins far in advance of the actual event or incident taking place. Companies like "Quid" have provided some of the tools to detect the presence of new and relevant information in the hundreds of millions of active web sites across the Internet.

You may also see Dataminr in the corporate Security Operations Center (SOC) and even the local Fusion Center for more Real-Time information.

They assist CxO's in navigating their operational risk strategy execution across a competitive and increasingly threatening global landscape.

The fusion of intelligence from the Internet and broadcast media requires not only sophisticated software, hardware and talented Intelligence Analysts, it requires good old fashioned investigative tactics. And when you combine all of these to create the closest version of reality, then you have found true "Integrity."

Keeping information truely confidential is a difficult task. Assurance that the information will be there when you need it, is also equally important. Yet it is the "Integrity" of the information that we are in constant pursuit of.

Data fusion involves the exchange of information from different sources—including "John Q. Public" with his mobile phone, Ring and other IoT sensors, Law Enforcement, Public Safety, and especially the Private Sector—and, with analysis, can result in meaningful and actionable intelligence and information.
In a wide-ranging hearing on the myriad threats to the U.S. homeland, from white supremacist terrorists, border security, school shooters, and cyber attackers, the director of the FBI gave a glimpse of how the agency is using technology to blunt one of those threats.

FBI Director Christopher Wray, testifying before the Senate Homeland Security and Governmental Affairs Committee, said his agency has implemented a new threat-sharing capability on its Law Enforcement Enterprise Portal (LEEP).
The fusion process turns this information and intelligence into actionable knowledge. Fusion also allows for relentless reevaluation of existing data, in context with new data in order to provide constant updates.

The Private Sector is still the biggest challenge. Trusted relationships need to be continually fostered. New mechanisms for public-private coordination are consistently being discussed.

Fusion Center's are not the only answer. It still remains a significant piece of a very complex operational security challenge, that we will be facing for still years to come...

11 November 2019

Veterans Day 2019: A Spectrum of American Service...

What do we all have in common on this Veterans Day 2019?  Walking through the atrium of the U.S. National Museum of the Marine Corps, reminds us what this day is really all about, in our history and as a whole of nation.

Yet those who have sacrificed so much for our freedoms and our country, know first hand what being part of the 1% really means.

The average American walking down Main street watching the parades today, may not have the same context, experienced the same fear, nor truly understands what it means to protect the person to the right or left of you, or on the invisible front lines of this United States of America.

Our highly trained military "First Responders" deployed to foreign lands have many of the same experiences with our own Domestic "First Responders" in keeping our citizens, families and our governments safe and resilient.

Walking through the cafeteria at dinner time and witnessing the young and eager faces, at any of our "National Academies" across America, is an inspiring experience and an emotional reminder to each of us.

These young and eager Americans being trained in Intelligence, Surveillance and Reconnissance, hope they never will have to use the other lethal tools they may be learning about and training with, to become experts.

Others know that the new skills and experience they are gaining in Science, Technology, Engineering, Medicine, Logistics and Navigating, Operating or Flying sophisticated new platforms, makes a vital difference each day.

Whether you have worked on many missions overseas, or in the metro areas of Washington, DC, Chicago or Los Angeles on a daily basis, you wake up each morning with a mutual purpose.  A thought pattern that drives you to improve the safety and the security of your collective team each minute, of each day.

Veterans Day in America celebrates the service of all U.S. military roles, whether they be on the front lines of the battle in the air, space or on the ground and continuously in our growing digital domains.

God Bless you all and Godspeed!

03 November 2019

Culture: Systems of Trust in Your Worldview...

Why are you spending your time on this?  Why does it mean this much to you?  Why do you continue to do it day after day?  Why is it so important to you?

Your particular purpose in life may be different than others.  The question is, are you bold enough to be transparent enough to tell the world who you are and what compels you on your daily mission?

The people who surround you and look up to you are waiting.  They are seeking your real purpose, your particular life mission.  The role of a leader, is to make sure that they truly know you and what your "Why" is every day.

When you begin to study the life journey of leaders at companies such as General Electric what do you think about?  Jack Welch created a noble company and a unique culture there to be certain.  So how do you compare it, with a company like Apple, Palantir, Costco or even SpaceX.

The founders or key leaders that shaped and built the culture there, forever shape the mission and the employees vision of the "Why."

How effective have you been as an "Operational Risk Management" practitioner in your life so far?  The ability to sense, process and mitigate operational risks in any system is a worthwhile purpose, personally and professionally.

Whether you are approaching a person, artificial intelligence, an organization or an agency with your new ideas, products or services, they all require several key elements as a system.  First and foremost, how do you build Trust?
"It is really very simple. In the foreseeable future, we will not function as a global society without the Net and the immense digital resources and information assets of our society. The addiction is established—commerce, government, education, and our neigh- bors offer no option other than to require that we rely upon digital information in making decisions. But we will not function success- fully if the war for control of those assets is lost. The battlefield, however, is the one on which trust is to be gained or lost—trust in the information we use, trust in the infrastructures that support us, and trust in the decisions we make in a digital world."  Jeffrey Ritter
In 2020 and beyond, what and who will you "Trust?"  How will you build systems that are trustworthy?  In your relationships, family, organization or agency, there are risks to sense, to process and to mitigate.

Why will you be more aware of the "Trust Decisions" you have to achieve today?  Your particular culture and livelihood depends on it...