Risk Assessment: The View from Ten Miles above your Enterprise
Recently, I had the privilege to attend Jack Jarmon’s Convergent National Security Risks to Government and Business Symposium at the University of Pennsylvania and breathe the thin air that circulates above the department, enterprise, community and industry.
Jack Jarmon, PhD, University of Pennsylvania professor and the coordinator of the symposium, brought an outstanding group of participants to the program including Steve Flynn, Senior Fellow, Council on Foreign Relations to moderate the program and give a compelling overview on national security and tough challenges.
Flynn mentioned that risk issues today are inherently multi-jurisdictional and multi-disciplinary, meaning the most important risks are ignored because no one entity owns them or is directly impacted by them. We have serious U.S. challenges with the change in administration.
"During the past seven years our strategy has been to address enemies overseas. Now the goal is security within the U.S. That requires infrastructure. But DHS is being tasked to avoid big government through synergies with existing agencies. DHS has over 30 government departments that have specific DHS tasks to execute, such as the Coast Guard and FBI. This is very hard to coordinate. Plus, DHS’ activity in 50 states and the territories creates issues about how to provide national security. Add in that 85 percent of our critical infrastructure is privately owned and you can understand the difficulty in answering: Were does DHS stop and private organizations start regarding security? There are many issues to work through," said Flynn.
Jack Jarmon, PhD, University of Pennsylvania professor and the coordinator of the symposium, brought an outstanding group of participants to the program including Steve Flynn, Senior Fellow, Council on Foreign Relations to moderate the program and give a compelling overview on national security and tough challenges.
Flynn mentioned that risk issues today are inherently multi-jurisdictional and multi-disciplinary, meaning the most important risks are ignored because no one entity owns them or is directly impacted by them. We have serious U.S. challenges with the change in administration.
"During the past seven years our strategy has been to address enemies overseas. Now the goal is security within the U.S. That requires infrastructure. But DHS is being tasked to avoid big government through synergies with existing agencies. DHS has over 30 government departments that have specific DHS tasks to execute, such as the Coast Guard and FBI. This is very hard to coordinate. Plus, DHS’ activity in 50 states and the territories creates issues about how to provide national security. Add in that 85 percent of our critical infrastructure is privately owned and you can understand the difficulty in answering: Were does DHS stop and private organizations start regarding security? There are many issues to work through," said Flynn.
Risks
Flynn identified these U.S. Strategic Risks:
- Brittleness of networks, infrastructure and social contracts. We rely on trust for our economy to work.
- Once we are exposed to bad things, people opt out of these systems, such as the financial network meltdown and making investments for loan availability.
- Our networks have to be secure and able to survive terror, disruption and attacks.
- The current economic situation does not bode well, should a terror attack occur.
- Major social issue: The perception that the government is not doing enough can fray our social contract, hampering our response.
What are the possible solutions? Flynn stated that the actions on Flight 93 gave him great hope for our social fabric and ability to defend against terror. “Alert U.S. citizens were key to national security that day. It shows that we need to move from central, tight, Cold War security thinking to a broad civic and public security partnership.”
Public-Private Partnerships
Brandon Wales is director of DHS' Homeland Infrastructure Threat and Risk Analysis Center (HITRAC) who oversees 100 threat and risk analysts. His thoughts on risks, security and our best courses of action were powerful:
"The U.S. is at a critical and opportunistic time for new administration to set a national security agenda that will move U.S. forward. Issues including terror, as well as climate change, need consideration when planning to secure the U.S. thereby enabling the economy to grow.
"The challenge is that DHS, U.S. businesses and international businesses require economic efficiencies that leave no room for error. Threats, as a result, can be far more disruptive in an environment of just in time inventory and thin supply chains," said Wales.
Wales continued, "Contaminated medicine made outside the U.S. can cause shortages, leading to deaths. A significant portion of our food supply is shipped by train through Kansas City. Disruption to those rail routes would cause massive food shortages within three days. These are the critical issues to get on the national agenda and build contingency plans."
Wales pointed to a recent episode: "Look at what happened to Ericsson Phones. They made their chips in Mexico and a lightning strike shut down their factory. Without a back up manufacturing plan, they went offline, lost billions and were forced to sell themselves to Sony. What if that was a supplier directly tied to our national security?
"We need to bring together the public and private sectors to discuss how to use risk analysis and better allocate resources to mitigate those risks. We need to tackle vs. ignore the biggest issues," said Wales.
Robert Strayer is the Republican Director, U.S. Senate Committee for Homeland Security and Governmental Affairs. He pointed out the challenge that organizations are being asked to both share information across public and private entities to break down silos and provide more effective communication. While at the same time more information is being classified to prevent against threats and not being shared. It’s a challenge to manage effectively in this situation.
"The U.S. is at a critical and opportunistic time for new administration to set a national security agenda that will move U.S. forward. Issues including terror, as well as climate change, need consideration when planning to secure the U.S. thereby enabling the economy to grow.
"The challenge is that DHS, U.S. businesses and international businesses require economic efficiencies that leave no room for error. Threats, as a result, can be far more disruptive in an environment of just in time inventory and thin supply chains," said Wales.
Wales continued, "Contaminated medicine made outside the U.S. can cause shortages, leading to deaths. A significant portion of our food supply is shipped by train through Kansas City. Disruption to those rail routes would cause massive food shortages within three days. These are the critical issues to get on the national agenda and build contingency plans."
Wales pointed to a recent episode: "Look at what happened to Ericsson Phones. They made their chips in Mexico and a lightning strike shut down their factory. Without a back up manufacturing plan, they went offline, lost billions and were forced to sell themselves to Sony. What if that was a supplier directly tied to our national security?
"We need to bring together the public and private sectors to discuss how to use risk analysis and better allocate resources to mitigate those risks. We need to tackle vs. ignore the biggest issues," said Wales.
Robert Strayer is the Republican Director, U.S. Senate Committee for Homeland Security and Governmental Affairs. He pointed out the challenge that organizations are being asked to both share information across public and private entities to break down silos and provide more effective communication. While at the same time more information is being classified to prevent against threats and not being shared. It’s a challenge to manage effectively in this situation.
Moving Faster
That was the theme that was repeated during the day: When it comes to security, risk mitigation, response and recovery – you will never be able to move fast enough. But understanding where your enterprise stops and where the government begins is critical for your plan to be comprehensive and your response plan to be effective.
Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!
