Technology has changed the world at a speed never before seen in human history. In a span of just two decades, the Internet has become the backbone for the way people live, do business, and communicate. Therefore, concerns about cybersecurity are illuminating not just community and state interconnectedness, but global interdependence and its accompanying hazards. Leaders in both government and business must plan to meet these challenges as cyber risk-management practices continue to mature.
A mass-effect cyber incident is more than just a narrow scenario for which emergency response and management officials need to plan. The use of Internet Protocol-based devices and systems further amplifies the vast interdependencies between critical infrastructure sectors. From hand-held devices to large operating systems, and from smart grids to financial mechanisms, these devices and systems are the basis for all government and commercial activity. If exploited, the potential exists for a resoundingly detrimental impact on both U.S. national security and economic vitality.
And should the nation’s worst fears be realized – critical infrastructure failures as a result of a cyber attack – the impact would not only affect the jurisdictions and citizens that emergency professionals serve, but their very own systems and operations as well. In an instant, power, communications, and other vital capabilities could be lost for extended periods.
There has never been a time when the need for public and private collaboration has been greater, primarily because of the overlay of infrastructure assets. The public-private partnerships and industry working groups that provide an excellent forum for collaborating on natural disasters, accidents, and other threats in the physical domain also must fully integrate cyber resilience. However, external relationships are just one part of this important equation.
Business Imperatives & Leadership Priorities
For multinational businesses, Ridge-Schmidt Cyber counsels chief executive officers that they can no longer view cybersecurity, preparedness, and resilience as an issue for the chief information officer or “tech shop.” If cyber threats can affect every aspect of an enterprise – from data and communications to logistics and, ultimately, reputation – then cybersecurity must be an internal business imperative and leadership priority.
The same holds true for leaders of public institutions, particularly the emergency management and crisis response agencies that respond to large-scale incidents. Cyber awareness inside public sector agencies must be an operational imperative.
Leaders such as John Madden, Alaska Homeland Security and Emergency Management Director, understand this imperative not only for his home state, but also for the emergency management profession. Madden made cybersecurity a key focus during his 2012-2013 presidency of the National Emergency Management Association. Across the broader homeland security community, agencies and organizations should continue to challenge themselves to become more educated about the cyber domain and to continuously assess its impact on their own operations. Furthermore, everyone should be prepared to evolve as cyber threats evolve.
Although the intersection of the physical and cyber domains raise complex questions, ironically, many of the answers for dealing with the threats and potential consequences begin with basic risk management principles. Leaders need to carefully assess what enterprise assets are vulnerable, prioritize mitigation activities, properly resource these activities, and take action with an eye toward continuous improvement.
For all organizations, both public and private, cyber resilience is not simply the responsibility of the chief information officer or other information technology executives. It is a critical business and operational challenge that the highest levels of leadership must address. As technology integrates into seemingly all critical business and governmental undertakings, cybersecurity must be an integral part of enterprise risk management plans and entrenched in the broader strategic decision-making processes.