Prof. Daniel Aldrich, author of several books on Resilience, and Director of the Resilience & Security Studies Program at Northeastern University, participates in Risk Roundup to discuss Resilience and Security.
If we are to protect our hard-fought progress and development in cyberspace, geospace and space (CGS), managing and building resilience needs to be a priority for entities across nations: its government, industries, organizations and academia (NGIOA). Nations will thrive when all of its components know how to build resilience in their initiatives. The ability of a nation to be resilient and its effectiveness therefore depends upon all its components ability to anticipate, absorb, adapt to, and/or rapidly recover from any potentially disruptive event in cyberspace, geospace and space.
Since, risk, resilience and security walk hand in hand, it is important to understand how to manage security risks from cyberspace, geospace and space. It needs to be understood that any attempt to reduce the risks in CGS, is a step towards building a resilient nation. Since each decision and action impacts the level of resilience in CGS, the assessments of and choices made about security risk from CGS decision makers, will likely shape how individuals and entities across NGIOA will behave; how they will respond during and after a security event, irrespective of CGS, and how they will plan for future security in CGS.
Understanding security risks from cyberspace, geospace and space is therefore fundamental to nations resilience and security.
STATE OF RESILIENCE
Resilience, the ability to overcome challenges from cyberspace, geospace and space is fundamental to develop security protection mechanisms for nations and all its components: government, industries, organizations and academia. Any nations ability to withstand any disruption from cyberspace or because of cyberspace in geospace and space, impact its ability to conduct its operation, management, governance, security, progress and advancement. While managing or minimizing risk is an important part of the resilient equation, NGIOA decision makers also need to think about rapid advances in technology in cyberspace, geospace and space– in the context of the progress and development, to be able to consider appropriate tradeoffs between risk and resilience to innovation and growth.
It is therefore important to understand the state of resilience across nations today and also evaluate-
- What does resilience mean to different nations or different components of a nation (governments, industries, organizations and academia)?
- When it comes to strategic security risks and resilience, are the nations and all of its components resilient?
One of the key functions of nations and its NGIOA decision makers has historically been to balance security risks against nations’ progress and advancement.
- Amidst the changing reality of the security risks emerging from the cyberspace, geospace and space, how does the current role and responsibilities of NGIOA decision makers change?
- If we talk about tactical or strategic security risks, how do nations prepare for uncertainty in CGS? How do they become resilient in CGS?
- How do NGIOA equip for the chaotic pace of change and the looming uncertainty in CGS?
From tactical security (information security, network security, data security), to operational security to strategic security, understanding and expertise around security risks from cyberspace, geospace and space is now becoming an absolute survival necessity for each nation.
NGIOA decision makers are beginning to understand that CGS security risks, be it tactical or strategic, independent or inter-dependent, is a risk management issue that affects not only the today of the entire nations, but also the coming tomorrow.
While, keeping up with the rapidly evolving risks from cyberspace, geospace and space is a complex challenge, understanding what is at risk is even a bigger challenge.
RISKS FROM CYBERSPACE, GEOSPACE AND SPACE
The computer code, the connected computers and the ecosystem that make the cyberspace brings complex challenges and complexities to everyone and to everything, from cyberspace, geospace to space. This tectonic shift on the nature of risks brought on by the cyberspace and due to cyberspace to geospace and space are creating complex challenges for every entity, within and across every NGIOA.
Due to cyberspace, the nature of security risks has evolved in not only cyberspace but also geospace and space!
To be able to understand what is at risk and how to be resilient, NGIOA decision makers must first know what assets they are protecting. The question is whether the NGIOA decision makers understand the true nature of the CGS assets they are protecting today. It is important to evaluate further-
- What should the NGIOA decision makers know, as to the complexity of security risks they are facing today due to cyberspace.
- How should the NGIOA decision makers understand risk and resilience in the context of cyber-security, geo-security and space-security?
- What is the relationship between CGS risk and a resilient nation?
- Regardless of how NGIOA decision makers structure themselves around cyber-security risks, how do they set expectations for integrated CGS-security risk management and resilience?
RISK AND RESILIENCE
While the question of how resilience can be measured and its associated metrics has been addressed by many, it is important to evaluate whether there is a standard approach to measuring resilience in cyberspace, geospace and space.
- How do nations measure resilience in cyberspace, geospace and space?
- What tools are available to improve resilience in cyberspace, geospace and space?
- What steps should any nation take to cultivate a culture of risk-aware and risk-adjusted decision making?
When it comes to risk, resilience and security, not only the governments, but decision makers across NGIOA have important roles to play.
A risk-aware culture across NGIOA really starts with building the right security foundation. NGIOA decision makers need to establish a shared understanding of CGS risks, both independent and interdependent. This should also include knowledge of the security risks that can impact tactical and strategic objectives.
A resilience plan (CGS) needs to incorporate an understanding of potential CGS attacks, a plan for defending/and or defeating those attacks, and potential responses to those attacks.
DEVELOPING EFFECTIVE CGS RESILIENCE PLAN
Irrespective of geographical location, any localized disruptions in cyberspace or through cyberspace in geospace and space can rapidly trigger a cascading sequence of events that can cause widespread crisis across entire CGS networks and entities. Developing integrated CGS resilience plan is therefore a survival necessity.
It is not only why entities across NGIOA need to be resilient, but rather how they can achieve sustainable, resilient operations in the CGS ecosystem. Entities across NGIOA must decide if, and how, they will achieve their objectives and outcomes within an CGS ecosystem in which individual survival is never guaranteed—and yet they all go individually toward their resilience or security goals.
- How can any organization or entity across NGIOA achieve CGS resilience in silo?
- How can nations or its decision makers create an effective CGS Resilience Plan?
- How do nations or any of its component, develop resilience towards such cascading security disasters with NGIOA inter-connectivity?
The biggest challenge in making critical infrastructure in cyberspace, geospace and space resilient is managing their CGS complexities, NGIOA inter-connectedness and interdependencies by proactively addressing CGS security risks, adopting effective resilience techniques, and resolving problems through NGIOA cooperation.
- Since resolving CGS complexities through NGIOA cooperation seems like a daunting task, how should nations plan to do that?
- How should nations and its NGIOA decision makers approach CGS security risks?
- How should nations and their NGIOA decision makers approach resilience and security?
As risk, resilience and recovery are slowly but steadily becoming an integral component of risk management and oversight, nations that are able to balance and manage not only independent: tactical, operational and strategic security risks, but also interconnected and interdependent CGS security risks that transcends their traditional boundaries in cyberspace, geospace and space will move ahead of competitors that cannot.
It is time to talk about Risk, Resilience and Security!
About the Guest
Prof. Daniel Aldrich is a full professor and Director of the Security and Resilience Studies program at Northeastern University. He specializes in Japanese politics, nuclear power, NIMBY politics, and disaster recovery. Previously at Purdue University, during the 2012-2013 academic year he was a Fulbright research professor at Tokyo University and during the 2011-2012 academic year he was an American Association for the Advancement of Science (AAAS) fellow at USAID. His first book project, called SITE FIGHTS: Controversial Facilities and Civil Society in Japan and the West, focused on how states handle conflict over controversial facilities like nuclear power plants, airports, and dams. His second book BUILDING RESILIENCE (2012 from the University of Chicago) investigated how social capital facilitates recovery following disasters.
About the Host of Risk Roundup
Jayshree Pandya (née Bhatt) is a visionary leader, who is working passionately with imagination, insight and boldness to achieve Global Peace through Risk Management. It is her strong belief that collaboration between and across nations: its government, industries, organizations and academia (NGIOA) will be mutually beneficial to all—for not only in the identification and understanding of critical risks facing one nation, but also for managing the interconnected and interdependent risks facing all nations. She calls on nations to build a shared sense of identity and purpose, for how the NGIOA framework is structured will determine the survival and success of nations in the digital global age. She sees the big picture, thinks strategically and works with the power of intentionality and alignment for a higher purpose—for her eyes are not just on the near at hand but on the future of humanity!
At Risk Group, Jayshree is defining the language of risks and currently developing thought leadership, researching needed practices, tools, framework and systems to manage the “strategic and shared cyber-security, geo-security and space-security risks facing nations today in a digital global age. She believes that the contested commons of cyberspace or space cannot be secured if NGIOA works in silo within and across its geographical boundaries in cyberspace, geospace and space. As security requires an integrated NGIOA approach with a common language, she has launched cyber-security, geo-security and space-security risk research centers that will merge the boundaries of geo-security, cyber-security and space-security.
Previously, she launched and managed “Risk Management Matters”, an online risk journal and one of the first risk publications, publishing “Industry Risk Reports of Biotechnology, Energy, Healthcare, Nanotechnology, and Natural Disasters” over the course of five years. Jayshree’s inaugural book, “The Global Age: NGIOA @ Risk”, was published by Springer in 2012.
About Risk Roundup
Risk Roundup, a global initiative launched by Risk Group, is an integrated cyberspace, geospace, and space (CGS) security risk dialogue for individuals and entities across nations: its government, industries, organizations and academia (NGIOA).
Risk Roundup is released in both audio (Podcast) and video (Webcast) format and is available for subscription at (Risk Group Website, iTunes, Google Play, Stitcher Radio, Android, and Risk Group Professional Social Media).
About Risk Group
Risk Group is a strategic security risk research organization. It focuses broadly on the risks facing individuals and entities across nations: its governments, industries, organizations, and academia (in short referred to as NGIOA). Its approach is broad, encircling cyberspace, geospace and space (in short referred to as CGS). It firmly believes that collaboration within, between and across NGIOA will be mutually beneficial to all stakeholders across nations—for not only in the identification and understanding of critical CGS security risks facing one nation, but all nations.
Risk Group believes that risk management, security and peace walk together hand in hand. Though security is related to management of threats and peace to the management of conflict, risk management is related to management of security vulnerabilities as well as management of conflict, and it is not possible to conceive any one of the three without the existence of the other two. All three concepts feed into each other. Risk Group believes that the security we build for ourselves is precarious and uncertain until it is secured for everyone across nations. Tradition becomes our security-so if we build a culture of managing risks effectively it will lead us to security and security will lead us to peace!
Copyright Risk Group LLC. All Rights Reserved