Critical Infrastructure: OSINT to the Rescue...

Over the past decade our U.S. Critical Infrastructure has become even more vulnerable.

Why?

In the early days of the commercial Internet 2000-2001, there were several dozen of us working in a Rosslyn building on Wilson Boulevard in Arlington, Virginia to answer our growing Fortune 500 and government clients questions of “Who”, “What”, “Where and “How”.

We already knew the answer to “Why”.

The 24/7 Internet crawler algorithms our techies engineered were doing their intended tasks and retrieving Terabytes of data on a 24/7 basis for our further human analysis.

All of this was well on its way before the more sophisticated use cases of the Internet for the implementation of the Banking infrastructure, Retail transactions and Telecommunications were in place.

The systems and infrastructure we now call “Critical”, was just in its early stages of iP maturity.

Remember, the iPhone was not invented until around 2007!

Afterwards and yet even more vital to this day, you might think about your own organizations “Operational Risk Management” (ORM) objectives and tasks into three key categories:

• Human
• Physical
• Cyber

Over the course of your companies legal, compliance and security organizations conducting regular “Threat and Hazard Identification and Risk Assessment” (THIRA) activities and rules, the reality begins to set in.

The Board of Directors are still asking, "How can we as people address the exponential growth, change and remediation without more automation, software and systems?"

"This is when new companies were born to build the software to help humans keep a better eye on the risk management of our growing Critical Infrastructure."

As new software companies were born to address THIRA applications, some people began to feel like it all had NOT been solved.

Asymmetric Warfare today, not only includes our “Nation States” across the globe, but also Black hat “Hacktivist” organizations and individual people. In every country with the Internet.

Evidence of these individuals and groups growing existence are still the “Why” for your own organizations THIRA activities.

This also includes the “Why” for our US Homeland Security organizations such as CISA and others in the National Intelligence and Law Enforcement arenas.

Perhaps even more vital, are the private organizations who are still in the business today of “Open Source Intelligence” (OSINT) since the dawn of the Internet…

Remember: Imagine Our Resilient Future...

Where were you on the morning of September 11, 2001?

In the middle of our mutual “Information Security” and data privacy dialogue over breakfast on the ground floor restaurant of the Reston Hyatt, we both suddenly over heard the peoples commotion and muddled cries.

In the adjacent bar area others were watching the morning television news and were witnessing the continuous replay of an airliner crashing itself into one of the New York City World Trade Center Twin Towers.

We jumped up to walk around the corner into the room and saw the growing shock on peoples faces, as they hurried out the door to pick up or go check on their loved ones.

Then we saw the 2nd plane hit.

Walking back into pay our bill a few minutes later, both of us looked at each other and realized what this meant. Or did we?

Like some other days across your life, this particular morning in America was full of confusion, emotion, tears and fears.

Soon thereafter, driving away from the Reston Town Center near Dulles (IAD), in the distance to the East as the morning sun was rising, you could now see the billowing black smoke rising from the Pentagon burning.

Over the next decade, much of our thinking on our true vulnerabilities as a nation would come before us to solve.

Before 9/11, there were few aviation engineers thinking about reinforced and secure cockpit doors on commercial airliners.

The evolution of “Homeland Security” over the next decade included new buildings and technologies up and down Chain Bridge Road in Northern Virginia.

Predictive Intelligence and Color-Coded warning levels was now focused more on peoples thinking and behavior, not just about flying objects over a country border.

Asymmetric Warfare would become a National focus.

Certain kinds of fertilizers such as "Ammonium Nitrate" would soon be taken off the shelf of local gardening centers and wholesalers in our farming communities and locked up.

Information Technology was now to become a force multiplier. Business Continuity Planning (BCP) was now a mandate. What if?

Operational Risk Management (ORM) was the new normal.

After 9/11, there were new travel innovations like TSA PreCheck. Where even to this day, only one photo ID is required to apply in pre-enrollment, as they take your fingerprints and your photo to match up with vast government databases.

In using another ID travel service years before, CLEAR, even a retina scan was taken in order to back up fingerprinting and two photo IDs.

As we approach our next 9/11 ceremonies around the United States this September 2024, take a few minutes yourself to “Never Forget”.

Acknowledge the vital missions of all those serving who are in uniforms, all those in semi-formal suits, ties and dresses sitting around the conference table and the tireless shifts of analysts and tech people behind the screens who are on continuous watch.

24x7.

Now just 23 years after that historic morning in New York, NY, Arlington, VA and Shanksville, PA, we shall all continue our next year of Citizen Vigilance, our National Resilience and our continuous Freedom as true Americans.

And on this Wednesday September 11, 2024, sitting outside on your own back deck or patio watching another sun set or the moon rise, think about how you too will achieve a more resilient journey into the Future…with those you love.

Godspeed!

Volatility: Enemy #1...

Organizations implement Operational Risk solutions to lower "volatility" in earnings growth and return on capital. The focus on volatility is because no institution likes to see peaks and valleys in their earnings or their return on capital. A steady and consistent growth curve without "Volatility" is the goal by many steadfast organizations.

Contrary to the goal of minimized "volatility" there are also those who feed off of the chaos and the large swings between these highs and lows in the marketplace and with specific companies in vital sectors of the financial economy. Will a Blueprint for Regulatory Reform be the answer?

As a hedge fund investor, can you explain what the strategy is for your investment fund? Do you know what your money is being invested in? Does your hedge fund manager provide transparency on calculating your return on funds invested? What was the reason you invested in alternative investments to begin with?

Carrying this analogy to the operational processes within your organization, the goal is to keep the processes running smoothly. When people or systems deviate from the agreed upon "Rule Sets" then change ensues along with the volatility of the performance measures.

Errors, Omissions and systemic "glitches" are the catalysts to volatility that creates fear, uncertainty and doubt. Do you understand the Math? When the process gets to this stage and people don't trust the rules anymore, you are on the brink of a failure and impending loss, in dollars or peoples lives.

Operational Risk Management is a discipline that is emerging in corporate ranks because it has already proven that it saves lives. The regulators and inspector generals are going to demand it.

The "Rule Sets" of playing business in the financial, health care and energy sectors are not the only ones being subjected to this increased scrutiny and renewed focus on OPS Risk.

Lessons learned are being discussed in the ranks of the U.S. Treasury Department and the Department of Defense all relating to the failure of people, processes, systems and or external events.

Whether you utilize Operational Risk Management (ORM) in the Defense Industrial Base or in the Financial Services sector it's important to revisit what it is NOT:

Operational Risk is Not:

• About avoiding risk
• A safety only program
• Limited to complex-high risk evolutions
• A program -- but a process
• Only for on-duty
• Just for your boss
• Just a planning tool
• Automatic
• Static
• Difficult
• Someone else’s job
• A well kept secret
• A fail-safe process
• A bunch of checklists 
• Just a bullet in a briefing guide
• “TQL”
• Going away

The goal of Risk Management is not to eliminate risk, but to manage risk so the mission can be accomplished with minimum impact. We manage risk to operate, not avoid risk as a means to prevent loss.

Operational Risk is all around us and now ready for prime time focus in terms of strategy execution, implementation and measurement...

Always Be Ready: Follow Your Heart...

Waking up to a glorious sunrise in any new town across the USA is inspiring. Today is another one of those days.

The long journey you have been on all these years is full of hardship, yet full of faith.

“Never Forget” the Americans and true professionals that have endured our asymmetric threats and continuous vulnerabilities.

People, Processes, Systems or External events. We must continuously and “Always Be Ready”…

After all of these years of hard work, to many hours standing or waiting in airports and now seeing the finish line, or the minutes winding down on scoreboard clock.

Even just the smile this morning from a cherished loved one after hours of research and keyboard time, you know why.

Before you were old enough, the reasons for the early mornings or the significant travel did not seem worth it.

The journey was constantly in question. The competition too challenging.

"Yet in our America, most anything is possible. With hard work and dedication. With the right colleagues, coaches, mentors and instructors you too are well on your way."

You are here for a reason and all the years, days, hours and minutes devoted to your own particular journey are soon to be known.

Maybe it is that smile when she wakes up and sees you. Maybe it is that laugh when he is watching “Paw Patrol”.

Or maybe it is walking hand-in-hand with your wife or husband on another early morning in your new neighborhood, or somewhere else in the United States of America.

On this Sunday in America, say another silent prayer looking at our flag waving in the wind, while the birds are chirping and a dog is barking with a siren in the distance.

Are you going to compete today? Will you be ready?

After you make it to your own finish line, look up…