Sunday, September 24, 2017

OSAC: The Insider Threat...

In November 2007, the "Insider Threat" was on the minds of Global Security Executives that year as evidenced by a half day emphasis on the current trends and issues.  We wonder what will have changed over a decade later, at the 2017 OSAC Annual Briefing.

In any global enterprise doing business across multiple continents with a diversity of personnel comprised of expats and country nationals; you can bet on being consistently subjected to the operational risks instigated by people. Fraud, embezzlement, conflicts of interest, economic espionage, workplace violence and disruption of business schemes are the norm.

In a converging organization with outsourced services around every corner, the enterprise becomes more disjointed and incapable of a continuous level of readiness or preparedness to the next organized plot by the insider.

So back to square one. Keep an eye on your employees, contractors and suppliers. Run those new employee awareness sessions and lock down the access to sensitive corporate assets. Now do it again with the same budget we gave you last year!

You can just see these great patriots from all over the world searching for the answer to their continuous woes as a Global Security Director. It's a thankless position and severely underfunded in a time when the threats are increasing exponentially.

In evaluating the current information security, regulatory and legal environment, consider these five key flaws with today’s ORM solution programs:
1. Dependence on inadequate and incomplete technology-based point solutions;

2. Failure to integrate people, process and systems into an effective and comprehensive operational risk program;

3. Lack of adequate decision support and an actionable understanding of the threat to the entire spectrum of corporate assets;

4. Reactive response to perceived problems rather than proactive initiatives based on sound risk management principles; and

5. Cost and shortage of properly skilled IT personnel to support the programs.
The Gartner Group has identified three major questions that executives and boards of directors need to answer when confronting significant issues:
  • Is your policy enforced fairly, consistently and legally across the enterprise. 
  • Would our employees, contractors and partners know if a violation was being committed? 
  • Would they know what to do about it if they did recognize a violation?
If you don't know the answers to these questions, then there is much more work to do and much more strategic planning necessary before any software or system is implemented for Operational Risk Management.

Perhaps it is time for the Private Sector to get serious about the "Insider Threat."  The U.S. Department of Defense has been on point with the issue now for years:
The Defense Department is preparing to add 500,000 employees to its continuous evaluation pilot by Jan. 1 as part of DoD’s effort to add rigor to the security clearance process.

Daniel Payne, the director of the Defense Security Services, said Sept. 20 that the additional half-million employees would bring the total uniformed and civilian employees enrolled in continuous evaluation to 1 million. There are more than 4.3 million cleared employees and service members across the government, including 1.3 million at the top-secret level, according to the Office of the Director of National Intelligence’s 2015 report.
Yet, in the back of everyone's mind is still the possibility of being connected with a significant terrorist incident. What these CxO's are looking for, are the means to gain a larger budget for their departments and to be able to invest in new "Insider Threat" technologies and tools.

Human behavior will always be the center of the controversy on whether these new systems will be able to mitigate the insider threat any more efficiently or effectively...

Sunday, September 17, 2017

DEF: Defense Entrepreneurs Forum Increases National Security Velocity...

There is a tremendous amount of buzz and focus on innovation these days, especially around the .gov and .mil ecosystems.  The Defense and Intelligence domains are in a race and competition for increased velocity in procurement, adoption of new or updated systems, talented people and the implementation of state-of-the-art Commercial-Off-The-Shelf (COTS) solutions.

Every so often you come across some thought leaders like the Defense Entrepreneurs Forum (DEF), that know what true innovation means.  They get it.  The membership understands that innovation does not always = technology alone.  The process of innovation and the people who surround it will tell you, that many prototypes of new innovation do not always include semiconductors, transistors or gigahertz.

When you combine the nodes of an ecosystem of smart people, devoted to increasing velocity in the defense and intelligence communities, there will be inspiration, connection and empowerment.  Each one of these nodes is vital, yet they grow and sustain themselves independently.  Working together however, they will provide our national security institutions additional resources, insight and outside the agency expertise.

At the latest Annual Forum at University of Texas - Austin this past week, it was in full force in conjunction with "Clements Center for National Security".  Keynotes and talks from Adm. William McRaven (ret.), Ori Brafman, Col. Mark Berglund, Brigadier-General Hans Damen, Admiral Bobby Inman (ret.), Todd Stiefler, Warren Katz, Clare O'Neill, Lauren Fish, Kaly McKenna, Eric Burleson, Brendan Mullen, Steve Slick, Kristen Wheeler, Kristen Hajduk and others were just the top line.

The bottom line up front is that as a participant, you witnessed first hand, that people with outstanding ideas with a similar mission and the genuine enthusiasm for improving United States National Security is increasing velocity.  In greater numbers, momentum and thought leadership.  The Defense Entrepreneurs Forum (DEF) is now in it's 5th year and is a best kept secret no longer.

So what?  What is DEF’s goal?

"We believe that the complexity of national security necessitates Defense professionals with innovative solutions. We believe that great ideas do not depend on rank and that creative problem solving cannot be developed rapidly. Today’s junior and mid-grade Defense professionals will be the future military leadership of this country.
  • Inspire: By attracting diverse, passionate, and innovative individuals, DEF inspires individuals through a community of like-minded national security innovators.
  • Connect: In person and virtually, DEF is a network that connects innovative thinkers who seek to improve on the status quo and educates them on how to do this.
  • Empower: Through a variety of methods--from idea generation to senior-leader engagement--DEF empowers junior leaders to be change agents in national security."
The innovation mindset is only part of the equation.  You need people with the context, experience and ambition to make a real difference.  Those who are seeking new ideas, new talent and new methodologies for increasing velocity.  People who want to contribute time, resources and intellectual thought leadership.

As the wheels went up on the dawn of a new day over Austin, TX our plane headed North East.  The future is bright for U.S. National Security.  Trust is in the wind and the Defense Entrepreneurs Forum is accelerating...

Saturday, September 09, 2017

Resilience: Optimizing a Continuous Cycle in Your Particular Environment...

Walking across the River Thames over a bridge in London, you can see several signs of resilience, if you look carefully.  This city has listened to air raid sirens, bombs exploding and witnessed vehicles running over pedestrians in a pure act of terror over the past seven decades and beyond.

Big Ben was strangely silent, for maintenance and restoration work.  Yet the citizens of the area and tourists alike were anxious to make it past the new vehicle barriers, to reach the other side.  Resilience runs deep in London and you can see it on the faces of those who call it home.

To endure hardship, disappointment, disability, destruction and years of abandoned dreams is just part of life.  Some cities across the globe have endured and stayed vigilant.  They have learned the art and science of resilience, so that their citizens can carry on, no matter what the negative forces may be.

Across any major continent you will find examples of places and people who have endured and remained resilient.  To the wrath of Mother Nature or the evil deeds of other human beings.  Whether it is Houston, Texas or New York City, London or Berlin doesn't really matter.  The examples of resilience are personified in granite, museums and historical sites with the names and faces of resilient people.

Yet as the train pulled out of Euston Station towards Edinburgh, the city fades into rolling farms and wooded forests, thousands of sheep dot the hillsides.  People living outside the city still have their own challenges and battles with everyday life.  They too must adapt and encourage resilience.

A crop that never makes it to harvest due to a fungal disease or live stock threats from liver fluke, are just a few threats that farmers and ranchers must plan for and respond to, in order to lower the risk of loss.  So should you find yourself in the countryside or in the middle of the city looking up at the Edinburgh Castle, here is a standard six-step process to endure and remain vigilant:
These steps in the process are not some new invention.  Others have invented variations such as the OODA Loop.  The point is that even Plan-Do-Check-Act (PDCA) will provide a continuous cycle for the city dweller or the countryman, the banker or the fighter pilot.  The hedge fund manager or the venture capitalist.

So what?

The likelihood is that you to have witnessed operational failure.  You have felt the emotion of severe loss of life.  You have been part of a life or business scenario, that has brought you to a point when you have lashed out at those you love, or brought you to your knees looking to the sky.

Beyond your faith and wishful or positive mental attitude, you only have your proven process left to work with, to endure, to be resilient.  The continuous cycle will keep you heading in the only direction you have and that is, to the next step in that cycle.  When you skip a step or have missed one altogether, you are simply opening yourself up to increased exposure of loss or even complete failure.

You shall discover your favorite process or cycle in your life, your vocation and within your domain.

Once you do, you must decide to master it.  To never skip a step and to adapt, learn and improvise.

When you do this, you will have achieved resilience for yourself, your family and your country...