See things clearly
In advance of the recent Davos conference of business executives, think tanks and leading politicians, the World Economic Forum (WEF) published its “Global Risks 2012” report.
The report is a ‘call to action’ to global leaders. It seeks better coordination and collaboration of
“...public and private sector efforts to map, monitor, manage and mitigate global risks...” p.8
One of the three “Global Risks” discussed, is that of “Connectivity”, where the world’s ‘Critical systems become ever more vulnerable to malevolent cyber attack’.
In a ‘hyperconnected’ digital world, our lives are becoming more vulnerable to disruptions in data flow, and
“A healthy digital space is needed to ensure stability in the world economy and balance of power...” p.11
Creating such a ‘healthy digital space’ is the aim of a WEF multi-stakeholder project, which has just published
“Partnering for Cyber Resilience principles and guidelines”. [pdf]
The stakeholders recognise there is a need for a ‘Programme’, a ‘coordinated approach’, to best,
“...identify and address emerging global systemic risks arising from increasing connectivity of people, processes and objects. [technology]” p.4
Guidelines to management executives on such an approach include
A checklist is provided for C-suite executives to ‘help inform their actions for the organization’, during internal review of cyber risks to the business.
However, at this point, executives will be faced with a fundamental problem that affects nearly all businesses today – a lack of clarity.
For the WEF initiative to have the best chance of success, it is critical that CxOs, IT managers, security experts, insurers, investors and other stakeholders, are all able to clearly see and easily communicate how the business works.
But, as Sian John, Security Strategist at Symantec, points out in relation to ‘Global Risks 2012’,
“One of the most interesting elements...is the challenges around creating meaningful discussions on the risks of an interconnected world. This is a topic I’ve been discussing with a friend who works within the Insurance industry...The key to being able to factor risks is to describe it; however, we don’t have a common language or any empirical evidence from which we can both benefit...there is often a lack of clarity on the impact on individual organisations of cyber attacks and interruptions to digital connectivity.”
What is the best way to create such ‘meaningful discussions’ in a ‘hyperconnected digital world’?
Clarity on how data flows through the people, process and technology of the business is the key.
For centuries, it is clarity on flow that has enabled simple communication and ‘meaningful discussions’ between business leaders and technical experts.
In Ancient Rome, Frontinus, an expert in the engineering of water flows, surveyed and mapped water supplies, documenting how all the assets were put together to enable flow. As a result, he was able to communicate with the Emperor Nerva about essential work needed to better secure Rome’s water supply.
During the 19th century, the American boiler industry was plagued by numerous boiler explosions, which caused many fatalities, and destroyed many businesses. A Boiler Code of standards was created so as to create clarity about how flows of steam interacted with other business assets, and, ‘...to make sure that all the pieces fit and hold together safely, even under pressure.’
Today, the Oil & Gas industry uses computer models to see clearly how individual assets interact – things like pipes, valves, pumps, meters and sensors. Easily understandable print outs from the models are used by business managers and technical specialists to easily communicate on how assets are connected. They also use them to describe how flows of oil & gas products through a business unit are measured and valued. Assets that do not add value to, or support, a business can be easily identified on these diagrams, so projects can be established to remove or reassign them. Also, the cost to the business of failure of an asset (and interruption of flow) can be evaluated and steps taken to mitigate that risk.
The lesson of history is clear - the best way to create ‘meaningful discussions’, is to use simple pictures which show how everything is put together to enable flows through the business.
With clarity on how data flows through the organisation, technical and non-technical stakeholders in today’s businesses will make better, more-informed decisions about cybersecurity, risk, investment and other key business drivers.
In the context of the WEF reports, the critical question that management executives have to ask themselves, is
How can I manage cybersecurity, if I can’t see how data flows through people, process and technology?
Add a Comment