Every business depends on the provisioning of essential goods and services yet we take them for granted. Energy, communications, transportation, food and water are all basics we have learned to expect. And the basic security and well being of our employees and assets are also expected.
Given these “basic expectations,” how can the security leadership in the public and private sector create value without relying on an incident to promote commitment and investment?
At this year’s Great Conversation (March 3-4 in Seattle, Wash,), we are focused on the leaders who are taking steps to collaborate, in unique and powerful ways, to ensure their programs are creating value in the minds of those they serve. They are taking proactive steps to create value while continuing to provide the “essential” services their leaders have come to expect but not necessarily value.
This sounds like circular logic doesn’t it? But this is the challenge of all leaders: To keep the wheels moving while creating the value framework for innovation and change.
Caitlin Durkovich, assistant secretary of the Office of Infrastructure Protection (IP), has a unique perspective on public and private risks, threats and vulnerabilities. IP works with public and private partners to increase the security and resilience of critical infrastructure and protect the individuals relying on that infrastructure. This includes programs to support critical infrastructure owners and operators in enhancing their facilities’ security and resilience and in coordinating critical infrastructure sectors. This prepares their partners for operational management of their security as well as large-scale or complex incidents.
IP conducts onsite risk assessments of critical infrastructure and shares risk and threat information with state, local and private sector partners. They also help operators benchmark or compare their levels of security and resilience and identify methods for how they improve.
Since December 2012, her department has conducted over 900 vulnerability assessments and security surveys on critical infrastructure to identify potential gaps and provide the owners and operators with strategic options to mitigate those gaps while strengthening their security and resilience.
Tim Rigg, chief security officer (CSO) of Alcoa, was challenged by his CEO to align the company’s business goals with their corporate security program. Like any mission critical element of a company, security would have to specifically define their vision and mission in context of Alcoa’s corporate vision, mission and goals.
Security would also have to manage their “spend,” meaning it would have to define a level of service that mapped to Alcoa’s risk, resilience and security needs. These needs would have to be defined and articulated in business and finance language. A “return” on this investment would have to be measured. The needs, the measures and the investment would have to be tested against industry benchmarks. And security would have to look at new ways to leverage their spend by collaborating with consultants, integrators and technology vendors.
These keynotes present a persistent and compelling theme that we are tracking around the world: Security has become interconnected with the business and the global critical infrastructure. And security is seeking leverage through those interconnections to mitigate the costs, increase the bandwidth, and accelerate their value.
And we are finally seeing that the technology elements of security are no longer viewed as independent, but as part of the common operating picture. To create this picture might mean pausing before looking for a standalone video surveillance strategy that is not integrated into an overall information management platform or deploying an enterprise access control strategy independent of a video management strategy. It could also include deploying standalone door locking, cabinet locking, or material equipment locking solutions that cannot be integrated into the access and security information management platform, especially if it can be done cost effectively.