Sunday, October 18, 2015

Cyber Allies: A Whole Community Strategy...

The "New Normal" for American business is now apparent.   Operational Risk Management (ORM) is at the center of Board of Directors meetings, due to new laws and the latest attribution reports on nations state cyber hacking.  Disclosure to corporate shareholders of significant data breach or intellectual property theft incidents requires a more laser-focused industry strategy.  A private sector "Whole Community" approach to sharing vital intelligence on threat actors and new malware variants, but also developing trusted allies in industry itself.
As a concept, Cyber "Whole Community" is a means by which business, emergency management practitioners, organizational and community leaders, and government officials can collectively understand and assess the needs of their respective communities and determine the best ways to organize and strengthen their assets, capacities, and interests. By doing so, a more effective path to societal security and resilience is built. In a sense, Whole Community is a philosophical approach on how to think about conducting cyber emergency management. 
For the past decade or more the private sector has toiled at the task of creating public-private-partnerships in the Banking, Energy, Telecom, Retail, Defense and numerous other Critical Infrastructure sectors.  These organizations have focused on the challenge of sharing information that is relevant to the industry group at such a high level, the real value of the intelligence on threats or malware is often just a look in the rear view mirror.  By the time it gets to the report and into the hands of the organizational portal or is pushed via listserve to the member constituents it is stale or not relevant.

What if your corporate headquarters was located in an office park in AnyTown, USA along with several dozen other large, medium and small businesses.  What if those businesses were all tied to the same critical infrastructure for the business park.  Such as electrical power, water, and telecommunications.  In most cases, the energy provider and water supplier will be the same for all businesses in the office park.  Unlike these utilities, the telecommunications providers may be much more diverse.  There could be three or more providers of high capacity voice, data and wireless services to choose from by each of the businesses.

What if these businesses now adopted a Cyber "Whole Community" mind-set.  They would begin the process of cooperation, coordination and collaboration.  They would embark on a bold new strategy to:

 Understand community complexity.

 Recognize community capabilities and needs.

 Foster relationships with community leaders.

 Build and maintain partnerships.

 Empower local action.

 Leverage and strengthen social infrastructure, networks, and assets.


You see, national industry-based organizations are not enough to build the long term resilience your headquarters requires, and your shareholders demand.  The Chief Risk Officer, Chief Financial Officer and Chief Information Officer need to begin to reach out to your business neighbors now. The initiative will be well received by the CEO as they report at the next Board of Directors meeting.

The process for developing a more robust Operational Risk Program and sustainable services for your business enterprise, could just be a stones throw from your corporate front door.  Here is the bottom-line.  You need to develop trusted allies in your own neighborhood and community:

Benefits include: 
  • Shared understanding of community needs and capabilities.
  • Greater empowerment and integration of resources from across the community.
  • Stronger social infrastructure.
  • Establishment of relationships that facilitate more effective prevention, protection, mitigation, response, and recovery activities.
  • Increased individual and collective preparedness.
  • Greater resiliency at both the community and national levels.
Just think of the kinds of information or assets you might share with a "Trusted Ally" who is next door to your business or down the street.  What new strategies could you develop together to make yourself even more impervious, to the latest incidents caused by "Anonymous" or "Flame" and even China?
WASHINGTON – For three straight years, a group of Chinese hackers waged a cyber war against a family-owned, eight-person software firm in California, according to court records. Hackers broke into the company's system, shut down its email and web servers, spied on employees using their own webcams and gained access to sensitive company files, according to court records.
Whether you are a small-to-medium-enterprise (SME) or a Fortune Global 1000 company you can develop new trusted allies in your Cyber "Whole Community".  What are you waiting for?