Former Secretary of Homeland Security Tom Ridge spoke exclusively to the CSO Roundtable on Monday morning about the importance of driving resiliency and business continuity down throughout an organization in an uncertain world where threats abound.
“It’s a pleasure to speak about serious subjects to a serious audience,” said Ridge, who is now president and CEO of Ridge Global, thanking the chief security officers in attendance for what they do to protect American critical infrastructure, which is overwhelmingly owned and operated by the private sector.
Ridge then pivoted to describing the inherent risk proposition that companies face when operating overseas or expanding globally. He noted that the list of threats is endless, such as volcanic eruptions that ground air traffic and tsunamis that disrupt companies’ global supply chains.
“You’re never going to eliminate the risk; you have to manage it,” Ridge, who is also a former governor of Pennsylvania, told the chief security officers listening.
At times, Ridge’s talk was more focused on the C-Suite’s reluctance to embrace the business case for resiliency and business continuity. Ridge stressed that corporate executives should build resiliency into their strategic plans. He also advised CSOs and security professionals who still cannot get access to the C-Suite to “keep beating that drum.”
“We’re all frustrated by the failure to identify the importance from even a profitability point-of-view of the need to manage the risk, to expect an event, and prepare to respond and recover quickly,” Ridge told the ASIS Show Daily in an interview after his speech. Corporate leaders “don’t quite understand yet that a dollar saved is as valuable as a dollar earned.
The biggest threat facing global corporations today isn’t terrorism, hackers, or catastrophic natural disasters: “Indifference is the greatest threat.” Oftentimes, the C-Suite doesn’t understand what CSOs and their staff do to protect their profitability and reputation.
Cybersecurity was on Ridge’s mind as well. Of two competing cybersecurity bills circulating in Congress this session, Ridge favors the House version over the Senate version, which he finds too prescriptive. Ridge, who chairs the U.S. Chamber of Commerce’s national security task force, believes hackers will get around any regulatory framework Congress legislates. The better solution is ensuring that the private and public sectors can quickly share information regarding cyberthreats and mitigation strategies because “hackers will move faster than any standards,” he told ASIS Show Daily.
When the federal government doesn’t share intelligence with the necessary stakeholders, bad things happen, according to Ridge. This cultural abnormality, he said, was most clearly evident when the FBI decided not to share Maj. Nidal Malik Hasan’s e-mails to Anwar al-Awlaki, an American part cleric who was part of al Qaeda in the Arabian Peninsula. Hasan went on to allegedly murder 13 people, overwhelmingly soldiers, at Fort Hood in November 2009.
In another anecdote about the FBI’s information-sharing failures, Ridge told attendees that a company contacted the bureau to report that they had been hacked. The FBI responded, “‘We know,’’” Ridge said.
At some point, said Ridge, the government must trust the private sector to receive intelligence and respond responsibly.
Today and tomorrow the CSO Roundtable will continue sessions uniquely tailored for the top security professionals in the world today. "
Discussion with DHS: Emerging Threats: Dawn Scalici, deputy undersecretary for analysis at the Office of Intelligence and Analysis at the U.S. Department of Homeland Security, will discuss the top range of threats facing multinational corporations in realms such as critical infrastructure, aviation, cyber, and terrorism.
Public Demonstrations: A Security Blueprint for Shareholder Meeting Success: Security professionals from Sallie Mae and Wells Fargo will share how they protected their respective annual meetings during the Occupy Wall Street demonstrations.
Focus on Latin America: The CSO Roundtable will hold an open forum on security issues in Latin America. The discussion of business risks and opportunities will range from Mexico to Panama and Brazil to the Southern Cone.
You’re the New CSO—Now What? Tyler Richmond, of Sony Pictures Entertainment, and Aaron Graham, of Endo Pharmaceutical, will teach new CSOs how they can assess their organization’s processes, technology, and risk levels by gaining access to the C-Suite.
Where Organizational Resilience Meets Crisis Management: Scott Watson, of Boston Private Bank & Trust Company, and Daniel Donahue and Don Knox, both of Caterpillar, will demonstrate how organizational resilience meshes with security, business continuity, and crisis management.