Resilience Requires Intelligent Preparedness
Note: The following is an in-progress excerpt from the new book, Not a Moment to Lose: Influencing Global Security One Community at a Time, by Francis D’Addario, which will be available through the Security Executive Council this fall. For more information, visit https://www.securityexecutivecouncil.com/surveys/fdbook/fdbook.html.
We began this millennium with high anxiety related to the Y2K time code ambiguity. Many surmised that date-related machine processing would fail on January 1, 2000. Widespread utility grid and critical systems issues were anticipated. First responder teams were on alert throughout the world. Yet relatively little disruption occurred.
2001: The Year of Events
Pandemic Threat Posed by Avian Influenza Viruses was also published. The research finding by Taisuke Horimoto and Yoshihiro Kawaoka warned of similarities between H5N1 and the Spanish influenza H1N1 that claimed 20,000,000 victims worldwide in 1918 and 1919.
Later that year, on September 11, all eyes turned to the United States, when primetime news footage showed the consequences of Osama Bin Laden’s long-standing threat: 2,974 victims and 19 terrorists died with the suicide destruction of the twin-tower World Trade Centers of New York and heavy damage to the Pentagon.
Identity theft and fraud kept pace with network expansion, enabling subjects of interest (including the 9/11 hijackers) to travel with impunity under alias credentials. Identity theft topped the U.S. Federal Trade Commission’s consumer complaints in 2001. Enron, the $64 billion energy trading giant, declared bankruptcy. Failed fraud detection oversight cost the brand and all its stakeholders.
In October the Amerithrax anthrax attacks reminded us that domestic terrorism can be just as effectively disruptive as any imported variety. 2001 was also the last time the Food and Drug Administration visited a Blakely, Ga. food manufacturing facility that later distributed salmonella-laced product to unsuspecting consumers with fatal results.
Harry Markopoulos, a Certified Fraud Examiner, made his way for the second time to the U.S. Securities and Exchange Commission with incontrovertible proof of the largest Ponzi scheme in history. They did not heed his warning.
Learning Our Way
1. Evacuation and shelter-in-place guidelines
2. Procedures for mail handling and identifying or reporting suspicious packages
3. Security guidelines including facility access control and suspicion reporting
4. Travel guidelines, restrictions and tips
5. All-channel risk reporting and status update communications protocol
The realization that “all-hazards” protection was required became obvious as risk-related compliance legislation was passed in every country around the world. Resultant “board level risk” brought the protection portfolio into the light. Governments began to understand that arguably 90 percent of critical infrastructure is in the private-sector domain. They also learned that response to global catastrophe required all hands, including NGOs.
High-morbidity pandemic is still on the horizon. Networks remain both the target and the means for multinational organized crime including theft, fraud and terror. Criminals, inside and out, continue to exploit the soft targets around the world. Critical infrastructure, including intelligence and first responder agencies, are still uncomfortably vulnerable. More than ever, supply chain and critical process management are required for both proprietary and critical dependency environments. Threat appreciation, exception detection and response preparedness must be improved.
The failures of persuasive risk detection, compliance and effective mitigation have left us with unnecessary injury, death, damage, loss and deficits worldwide. Confidence has been measured at the all-time low since the Great Depression. Counter-intuitively, the resultant downsizing, rightsizing and re-engineering may be a gift – if and when we re-deploy more intelligent, nimble, cross-functional, and return-on-investment capable protection elements. Good and best practices will continue to evolve from risk intelligence linked with integrated mitigation innovation and performance.
The Data is In
In their 2006 study, “Protecting Value in the Face of Mass Fatality Events,” Doctors Rory Knight and Deborah Pretty analyzed shareholder value impacts for a wide range of firms following mass-casualty events including aviation disasters, fires and explosions, terrorist attacks and natural catastrophes. The nearby chart implies that the ability to manage a mass-fatality event (i.e. winners) is even more impressive to investors, and the inability to manage such an event is even more disappointing (i.e. losers), than in less tragic corporate crises.
Our call to action demands holistic risk management. Our ability to identify effective prevention and mitigation before the fact will serve us well in all instances. Protecting people, assets and critical process effectively protects brand and ensures community resilience.