Why do we still wait until a tragic event occurs before taking meaningful preventive action? To say simply that this is human nature is unsatisfactory. The truth is, American society places more importance on making money than it does on the security of the general public.
Some of us remember the '70s scandal involving the Ford Pinto's exploding gas tank. An internal Ford memo revealed that upper management knew about the design flaw and the potential danger, but chose to deal with the possibility of lawsuits rather than the certainty of lost profits if they retooled the line. In the words of Michael Corleone, “It's not personal, Sonny. It's strictly business.”
For too long, we viewed these “oversights” as unfortunate lapses in judgment on the part of individual senior executives. The Enron debacle was primarily a financial disaster, but it had the secondary effect of weakening our critical infrastructure. In the last 10 years, federal regulations such as HIPAA, GLBA and SOX have been implemented with a goal of establishing and enforcing information security standards for the government and the private sectors. These regulations are necessary to compel action.
Once I believed that federal regulations were unnecessary for the private sector. I believed, as Adam Smith wrote in 1776, that the “invisible hand” of free-market competition would force corporations to protect their own self-interest. I agreed with Herbert Spencer, who coined the term “survival of the fittest” in 1851 in support of free-market competition. Both of these renowned economists would oppose federal regulations that inhibit capitalism and the free market. But I no longer wholeheartedly subscribe to their theories.
Free enterprise and capitalism have been the engines behind our country's development into the world's only superpower. However, I reject the idea that the security of our nation, our communities, and our families should be left to the equity of Smith's “invisible hand” or Spencer's “survival of the fittest.” In today's world, someone decides who is fit and who is not. Consider the shortage of H5N1 flu vaccine. We have enough vaccine for about 25% of the population of the United States . In the event that bird flu becomes a pandemic, who gets the vaccine? According to Smith and Spencer, it will go to the rich and powerful. Federal regulations, although certainly imperfect, are the best chance for those who need the vaccine the most—the elderly and children—to receive it.
We must take preventive actions to better secure our nation, our communities, and our families from natural and man-made threats. To do this, we must recognize the opportunity of ordinary days. Ordinary days are those days before the tragic event occurs. They allow us the opportunity to plan and to implement effective controls. It is our responsibility to identify, educate, organize and direct our available resources to better protect our country, our organizations, and our families from natural disasters, disease, and those who would do us harm.
If you manage security for a small or mid-size business, you may think that what you do or don't do to prepare your organization for disaster has no effect on the big picture. But it does. I remember reading an anecdote about a man and his friend walking together along a beach strewn with shells and starfish that had been washed ashore. Each time they walked past a starfish, the man would stop, pick it up, and hurl it back into the ocean. After watching this several times, the friend commented, “You know that hundreds of starfish are washed ashore each day. You're wasting your time; throwing one starfish back just doesn't matter.” The man replied, “But it matters to this one.” Small victories are the essence of ordinary days. There are no reporters and no cameramen, but the voice inside of each of us says we did the right thing.