In 2016, the founder of The World Economic Forum, Klaus Schwab, suggested we were at the beginnings of what he coined “The Fourth Industrial Revolution” (Shwab, 2016). The latest industrial revolution is an amalgamation of the technological and physical with implications beyond the immediate industries involved. Schwab stated, “The Fourth is evolving at an exponential rather than a linear pace. Moreover, it is disrupting almost every industry in every country” (Shwab, 2016).
As Schwab suggests, this has been a disruptive factor across all sectors of industry. We have and will continue to witness the evolution of existing threat vectors and the creation of new ones. Regardless, this should give pause to leaders within the corporate security community who must examine the potential impacts of these threats while continuing to manage their own group’s transformative pathways and staying relevant to their industries. As the company and business change, so then does the work of security leaders and the business of security.
Here are three issues for consideration:
Corporations as a Geopolitical Entity
Companies have been affected by politics, and history contains examples of corporate entities engaging on the geopolitical stage. Historically, the South American Chaco War (and corporate involvement) brought us the important Supreme Court case United States v. Curtiss-Wright Export Corp. that helped define the powers of the executive branch as the main conductor of foreign affairs (oyez, 2018). More recently, corporations have felt the effects from polarizing political events, both domestic and foreign. Most notably, Facebook (FB) has come under scrutiny, being asked to defend its ability to mitigate issues involving foreign tampering as well as issues with data privacy, squarely placing it on the geopolitical stage.
Typically, companies choose to remain mostly neutral, openly preferring the calculations over profit-and-loss in lieu of issues involving power politics. But, the fourth disruption has brought us further into an interconnected world. A recent study suggests political risk is at a marked increase because of this interconnectedness. Through the power of technology, geopolitical activities which would be seen playing out over months now move “at the speed of social media” (West, 2018).
Activities thought to drive profits now have unintended consequences that are played out in the political and social media arenas, having lasting effects on the bottom line. Often this will occur unintentionally, but the politicization of much of our discourse has added social conflict to previous untouched areas. Whether at the behest of the company or not, the enterprise is more involved by great power politics than ever . Facebook’s monetization of data is standard for the industry as social media is free for the user, but this threw the company into the issue of privacy rights in the US and beyond. A simple calculation over profits cascaded into mass controversy. Even the recent debate over gun control created this problem. Delta lost 40 million USD in tax credits in Georgia because they ended their ties with the NRA in an attempt to side with their customers.
Once partitioned to a shadowy world, this idea of inform-and-influence activities coupled with cyberspace actions mean both large and small state actors can harness and produce similar effects towards adversaries, both real and perceived. Whether from interference during elections via misinformation and influence activities or cyber-attacks on multi-national corporations deemed unworthy, this new state of play suggests corporations have and will be on the same battle ground traditionally reserved for state-to-state activities . Writing for the Cipher Brief, Lieutenant Commander Robert Bebber suggests the following:
“Cyberspace is an entirely new strategic environment, one which has important distinctions from the traditional domains of land, sea, air, and space. Questions of sovereignty are ambiguous at best in cyberspace. The domain cannot be segmented into a military sphere and civilian sphere in ways that we do in traditional areas like land, sea, or air. One cannot declare a “war zone” in cyberspace for example” (Bebber, 2018).
Not just state actors, either. Disruptive groups whose causes may vary from criminal to extremism have continued to embrace technology for their own use, exposing and exploiting gaps.
And what happens if bad actors should set up parameters and then let ‘machine learning’ decide when to act, based on the environment and conditions. Jason Healy of the Atlantic Council states, “we should begin the real debate of whether and when our cyber weapons should make their own decisions about when to destroy on our behalf” (Healey, 2013). The physical aspects of a cyber based attack could play out in real time, offering a myriad of hybrid issues for both Chief Security Officers (CSO) and Chief Information Security Officers (CISO), alike.
Great Power Politics in the Digital Age
This virtual shadowy cold conflict (unlike its historical cousin, which played out in the real world) is far less resource intensive. With the ability to further bury one’s self within multiple layers, non-state actors and state adversaries can (and are) manifesting actions which have direct and indirect effects to a corporation. “Deterrence does not apply in a space where adversaries are conducting long-term, persistent campaigns – especially campaigns ‘operating below the threshold of military conflict…cloaked in deniability” (Bebber, 2018).
Congress attempted to help corporations in this issue with the introduction of the Hack Back bill that would allow corporations to go after hackers. However, this would privatize national security and law enforcement in a way not seen before, which might be necessary because of a lack of a “war zone.” In addition, the ability for attacks to conceal their origins and identities makes protective intelligence and counter-intelligence extremely difficult.
What’s required to manage risk in this fourth revolution, from a leader’s perspective? Security leaders need to accept the world we live in is now has moved beyond the traditional 3G (Guns, Guards and Gates) environment to encompass the 4G (Guns, Guards, Gates, and Gigabytes).
This means more interactions within areas we would not traditionally parlay into lines of business that include (but not limited to) areas such as; cyber, legal and/or finance.
Corporate and Risk Threat Intelligence teams have more in common than traditionally thought. Increased discourse among all relevant parties is necessary to detect anomalous behavior.
Multinationals are subject to a host of international regulations ranging from privacy and data security to sanctions compliance. It’s important for security leadership to understand what those are and how they could affect corporate activity in each area, including everything from business travel risk to due diligence efforts as a result of government sanctions.
The 10k risk report (or the private corporations equivalent) is a document each leader should study and promote within their own organization. In addition to financials, it essentially states what top risks the board (or corporate leadership) is concerned with and what their particular business interests are. This helps not only give direction for a coordinated response, but also helps drive scenario-based intelligence which can both create pathways and open doors for deeper conversations at the senior leadership level.
Connections with our traditional networks must continue to grow and strengthen. As risks manifest at an increasing rate, our information sharing and response times must improve.
Public-private partnerships rooted in information sharing traditionally focus on critical infrastructure. What is required now is the same “all source” approach to identifying and notifying of threats, especially when the digital layer is added. Having an “all defenders” approach will cast a wider net as well as reduce gap time from the 2nd and 3rd orders of effects stemming from hybrid activity.
Our relationships within this risk information sharing vehicle must mature, as the landscape does. National security threats to the government and state economy are also threatening to multi-national corporations. For example, North Korea has attempted to hack other governments in support of their interests, but they used the same technology to go after Sony for insulting their leader.
Embrace Digital Transformation
By embracing the 4th disruption and its related technologies, corporate security organizations can focus on their primary roles while reducing noise through automation and the digitization of their business processes. Director for Defense Intelligence Jack Shanahan suggests letting “the tech do the rote work, so humans can do what they do best” (Williams, 2017).
Digital transformation augments your current systems, people, and processes with a digital layer, allowing your best and brightest to focus on the core tasks of life/safety and the ancillary tasks of risk management. As Schwab states, “[B]usiness leaders and senior executives need to understand their changing environment, challenge the assumptions of their operating teams, and relentlessly and continuously innovate” (Shwab, 2016).
The 4th disruption may present challenges, but it also encourages innovation that can (and likely will) lead to greater abilities to see and defend against threats. As leaders, our jobs are to continue to educate ourselves and embrace transformation. Old ways may still be applicable, but we need to constantly challenge and drive ourselves (and our teams) towards approaching them with a new optic.
Our leadership must evolve, too. Generating clarity and driving innovation is our task along with continued sharing of best practices and lessons learned to help defend and deter though dissemination. Fortunately, many are up to the task and seek to learn from and work through the very issues noted, herein.
Bebber, R. (2018, April 1). The Cipher Brief. Retrieved from thecipherbrief.com: https://www.thecipherbrief.com/column/strategic-view/no-thing-cyber-deterrence-please-stop?utm_source=Join+the+Community+Subscribers&utm_campaign=1ffbf75823-EMAIL_CAMPAIGN_2018_04_02&utm_medium=email&utm_term=0_02cbee778d-1ffbf75823-122526325&mc_cid=1ffbf
Healey, J. (2013, Apr 16). Huff Post. Retrieved from Huffington Post: https://www.huffingtonpost.com/jason-healey/stuxnet-cyberwarfare_b_3091274.html
Oyez, United States v. Curtiss-Wright Export Corporation. – 299us304 (Supreme Court April 7, 2018). Retrieved from Oyez: https://www.oyez.org/cases/1900-1940/299us304
Shwab, K. (2016, Jan 14). World Economic Forum. Retrieved from weforum.org: https://www.weforum.org/agenda/2016/01/the-fourth-industrial-revolution-what-it-means-and-how-to-respond/
West, R. D. (2018, Mar). The CEO as a Geopolitical Officer. Retrieved from kpmg.com: kpmg.com/geopolitical
Williams, L. (2017, Nov 2). FCW: The Business of Federal Technology. Retrieved from FCW.com: https://fcw.com/articles/2017/11/02/shanahan-maven-usaf-ai.aspx
please note: comments herein are those of the author and do not necessarily represent those of any organization he is involved with.
Culture is more important than anything
It is the single most important element that any leader should obsess upon. It is created and exists even if you don’t think about it. Culture affects everything from esprit-de-corps to productivity. It’s also vitally important to gauge and ensure you and your key leaders are aligned as to how you are defining what it is and what you value, within your group.
As a leader, you are responsible for the culture of the team. It’s hard to shape and maintain and even harder to get back on track, once misaligned.
Everything is Phase 0 (shaping)
Words and Deeds have meaning, and problems occur when these things do not align. You and your leaders must strive to ensure you, “do what you say and say what you do.” Deviations of your ‘true north’ (no matter how small) create ripple effects amongst the greater team. In this regard, the team redefines the zeitgeist of the organization constantly… and usually when leadership is not around.
So – be certain you are matching what you want as culture to any actions as leaders.
Three-Dimensional Thinking is a Leader’s Prime Directive
When an opportunity presents itself (good, bad or indifferent) the first questions should always be, “should we keep doing the same thing…the same way.” Always stop and ask yourself, “What are other ways we can achieve” or “How can we refine the way this is done?” Even if the end-state is no change, thinking the issue through this way and forcing the conversation amongst your leadership is key to developing a growth mindset and instilling your cultural values.
If nothing else, remember you and your key leaders are stewards of your organization and company. Have full faith, respect and trust in your folks to, as Norman Schwarzkopf said, “Do what’s right” and hold the line on maintaining the culture of the organization.
How do you think about and develop culture within your own group?
Strategy. You hear this word a lot. Whether it’s managing a line of business or an operation, it feels like it is an imperative to understand and have strategy within your program. Without it though, it’s certain you risk forfeiting your activity and any long term gains you might hope to achieve with your protection efforts.
Obviously, the overarching goal is the protection of your designate(s). So that’s our strategy, ‘nuff said, right? Wrong. That’s “the mission.” Strategic thinking involves more, “Strategic thinking is a process that defines the manner in which people think about, assess, view, and create the future for themselves and others” (Ebersole, 2017). Making longer decisions and plans require a bit more in order to support the operational mission. With that in mind, here are a few thoughts to help you get started to set your strategy or, perhaps, evaluate your current one.
Understand the concept of risk based protection
Protection efforts and programs are started from ‘risk.’ Whether direct or indirect, it is this spark from which all stems. However, risk is an asymmetrical beast. It is both malleable and elusive, constantly trying to evade and undermine your actions. To this end, you must have a process by which risk is being evaluated and qualified.
Develop your risk model or system (easily searched) and ensure you use it. It should and will be important to driving your long-term plans as well as helping decision making.
Resource management is a center of gravity
Every program must understand, set and track resources. This is about more than financials, too. It spreads to areas such as people and equipment, as well. We need to value these items, as they are vital to keeping momentum within our organizations and ensure the protective program we have in place doesn’t lag. It’s an important factor in a program’s readiness.
Placing and tracking value will help you identify trends in resources and allow you to become more predictable in those areas. This will help earmark and deal with those areas you can’t, too. Like those sudden fast balls or other operational surges.
Think Three Dimensionally
Risk is not a balanced problem. As a result, neither should your approach to managing strategy be. As the missions remains (to protect) you should always be looking at new angles of approach to the strategic vision. It means looking at new optics of risk, while questioning your old ones. Charles Koch suggested in his 2007 book, The Science of Success: How Market-Based Management Built the World’s Largest Private Company, “the principal of vision to ascertain [long term] value can and should be created in any organization, at any given time” (Koch, 2007).
It’s important to constantly re-examine our risks and look for opportunities vice doing the same things we have always done and, perhaps, sense any black swans circling for opportunity to swoop in and throw us off of our operational mission.
Obviously, so much more to designing and maintaining a strategy. It should be part of your regular meter to obsessively examine and track your strategic goals.
Hopefully, these ideas validated or generated some questions for you. How have you set and manage your protective team’s strategy?
Ebersole, J. G. (2017, NOV 15). Course and Direction. Retrieved from cssp.com: http://www.cssp.com/CD0808b/CriticalStrategicThinkingSkills/
Koch, C. G. (2007). The Science of Success: How Market-Based Management Built the World’s Largest Private Company. New York: Wiley.
While on vacation, I was fortunate enough to have found some nice ‘hard-pack’ roads to run on, off the beaten path. The cool morning and sun shining through the trees made me reminisce about being a young Army officer, learning how to and conducting patrols in Fort Benning, Georgia.
Any Infantryman will tell you, after battle drill 1A, one of the keys to understanding how patrolling works is the movement of the team throughout the activity. Everyone has their position, each knows their primary roles and (if needed or called upon) can step up to a tertiary duty, as well. Through training and honing their collective skills, a patrol can move pretty well with limited verbal communications (hand and arm signals anyone). One test of this is the danger area. This, as it sounds, is an area which presents a particular risk interest to the patrol. It could be an open area, or somewhere where enemy activity is more present. Essentially, it can be many risk vectors that, for some reason, give the patrol a reason to pause, assess, decide and react – preferably without upsetting the rhythm of movement for the patrol, so that it can get back on point as quickly as possible.
Now, there are multiple ways in which a group can manage a danger area, once it has been identified. Like Close Protection Operations, there is as much art that goes into conducting infantry operations as there is science and planning. Without the later, however, the former can less synchronized and nuanced.
Once the danger area is detected the patrol stops, taking a short pause to assess the danger and decide how they will best traverse. Mind you, for those who are trained and work together, a professional organization doesn’t need to waste a lot of time at this stage. As they are practiced and professional, the team has worked thru the variable ways and, thus, when it comes time for the patrol leader to decide how they will move through the danger area they do so…silent and smooth. It is a ballet of bad-assery to observe. Silently, a stealthy team (or larger) wisps its way, with limited interruption, each person understanding what is at stake, their role in the activity, moving without hesitation and with confidence.
What can we learn from this, as Close Protection professionals?
Like a patrol, the CP team (or agent) has been given the task to move forward, towards an objective. In the patrol’s case, it could be many things (recon position, link up points, a patrol base, etc.). A CP mission may be to go to a meeting, an event, or perhaps just getting the principal through a day of activities. In both cases, there are probably multiple moves going on within the larger objective.
Plan the movement
Planning is inherent in both. While we don’t always know what the actual detail may bring us, it’s important to plan the operation for as much as we know. If all easel fails, understanding “how” you will conduct the detail (much like a patrol) is key as you move forward and have to modify actions on-the-move.
Understand the triggers for a danger area
Hopefully you have conducted some type of intelligence prep of your detail. Whether it is an individual or group who conducts your assessment, getting the lay-the-land you will be working in helps identify danger areas and activities you need to formulate responses and mitigative activities or resources towards.
Have a Contingency
In conjunction with the above, having a (at the very least) outline of possible ways to deal with each of the identified issues (think science) will allow
Practice the important parts
I know…. You don’t have time. But, you should make time to (at the least) chalk talk the issues so that, if it happens, you have at least walked through it. If, however, you can take time during your advance to dry run a few of the activities with your team or support crew, it makes the world of difference. Some teams (say a PSD) this is not an option, others may need to collectively get over the ego hump and do it, if only occasionally. Remember, just because you know it, doesn’t mean someone else get’s it (or will admit they don’t).
Communicate the movement plan to all agents/support operatives
You’ve got your plan and have talked about the issues. Take time to brief and discuss with the team and/or your support team. Ensure they know each of the issues and their play in t. Ask for input (especially from the locals) but remember, know one understands or knows the operational plan like you. Spend some time on the contingency and “signals” plan. How will we communicate? Who will you take orders from (maybe the front right is not the best place for the leader to be) and what happens if the leader is out of the loop.
Discussing the possible mitigation activities helps bring confidence to the overall team and creates a culture of professionalism within the group that will transcend beyond the detail, and into the larger organization (or group) you work in.
One more thing…
Finally, leaders need to lead. The show is your responsibility, embrace it. Whether a solo operator dealing with contingency staff at an event or a detail lead of 15 people, it’s your ball. Set a tone and work with what you are handed to create as much of a professional grouping as you can, with the time you have. Like our infantry comrades, the more we be prepared, the better we can cross our danger areas and move forward.
Keep your heads down.
Capability and ability; Understand the difference between what talents the universe has bestowed upon you and what you need to do in order to continue growing.
“No person was ever honored for what he received. Honor has been the reward for what he gave.” ~Calvin Coolidge
If you could achieve it all…everything you want… in 1 year, what’s the one pattern you need to shift about yourself, today?
Innovative ~ in·no·va·tive [ˈinəˌvādiv]
Adjective (of a product, idea, etc.) featuring new methods; advanced and original: innovative designs
Innovation requires white space
When your mind is quiet, the best ideas will come to the surface. “when we quiet the mind through contemplative practices such as meditation, we eventually discover that awareness or consciousness exists beyond it.” (Jan Birchfield, 2013)
While this doesn’t necessarily mean, you have sit in a corner and contemplate your navel (although that also works) it suggests that, through common practices that allow our minds a break from the daily cacophony our subconscious to open and allow new thoughts forward.
Innovation requires energy
When you think of people who are innovative, lack of exuberance is generally not associated with them. People like Richard Branson or Tony Robbins are powerhouses of energy. Going to the gym is not enough, it requires a commitment to self that includes, basically, taking care of yourself; “The corporate athlete doesn’t build a strong physical foundation by exercise alone, of course. Good sleeping and eating rituals are integral to effective energy management.” (Jim Loehr, 2001)
Energy doesn’t dissipate, it only becomes something else. So, with this in mind, it only makes sense to produce positive energy, starting with yourself, and put it out there.
Innovation requires learning
Warren Buffet’s partner, Charlie Munger said of his partner, “If you watched Warren Buffett with a time clock, I would say half of all the time he spends is just sitting on his ass and reading. And a big chunk of the rest of the time is spent talking on the phone or personally with people he trusts.” (Wu, 2014) It is said Buffet read over 500 pages per week and, to this end, he has credited his success to that voracious reading.
With today’s technology ‘reading’ can be sought via many ways. Whether through podcasts or newspapers that have an .mp3 function to audiobooks, there is not excuse to not have a bias-to-learn attitude.
Jan Birchfield, P. (2013, Jan 29). The Huffington Post: Blog. Retrieved from huffingtonpost.com: http://www.huffingtonpost.com/jan-birchfield-phd/business-innovation_b_2563774.html
Jim Loehr, T. S. (2001, Jan). The Making of a Corporate Athlete. Harvard Business Review.
Wu, G. (2014, Oct 16). Gary Wu Personal Development. Retrieved from garywu.next: http://www.garywu.net/influential-people-importance-reading/
— AFTER THE CREDIT SCENE —
Innovation requires listening
True connection comes from real connections and thankfulness. No room here for false platitudes, take time and actively listen to what’s going on around you. Whether in meetings or at home, listen to learn…