Michael D. Moberly July 21, 2017 email@example.com ‘A business intangible asset blog where attention span really matters’!
Throughout the 1960’s, ala ‘the Cold War’ period, there were consistent references by governments and defense sectors’ regarding a relatively new capability, i.e., MAD (mutually assured destruction). Opposing countries, presumably the United States and the former USSR, now Russia, possessed sufficient triads of nuclear (war) capability, i.e., sea, air, and land based-launched missiles and bombs, a consequence of which, if used, would assure mutual destruction and annihilation of both. Indeed, a perverted approach to deterrence.
A somewhat similar analogy is evident today, but its origins do not lie in the delivery of nuclear weaponry, rather in various anonymity of cyber-attacks, or cyberwarfare, designed to destroy functionality and/or substantially disrupt multiple components of a targeted country’s cyber-based and interconnected infrastructure, hence, a ‘mutually assured disruption’ of a country’s cyber ecosystem.
Cyber warfare (massive cyber-attack) would produce substantial loss of life in-many-different ways, aside from the seismic power of a nuclear warhead blast. In a MAD context, the outcome of a comprehensive cyberwar would likely produce no definitive winner or loser as often portrayed in conventional wars and/or battles. Instead, the outcome would likely be characterized and measured in almost diminutive contexts based on system redundancies and organizational – system resilience.
On the morning of September 11, 2001, I and others presumed the purposeful aircraft strikes in New York and Washington were probably diversionary, to be followed by attacks, cyber, and otherwise, in the U.S. The probable targets would be public – private components of the national infrastructure whose services and functionality are beholden to interwoven IT systems, which, at the time, were incredulously vulnerable.
Not unlike many others who anticipated this ‘follow-up’ potentiality scenario, prompted me to contact colleagues, on the morning of 911, employed in various sectors throughout the U.S., one of which was serving at a top-tier university overseeing their ‘super-computing’ center. My rationale for contacting this individual, lie in the notion that a super-computing center would presumably have the capability to detect, at least the precursors, to impending cyber-attacks which may have already launched and ‘were on their way’. To my less than comforting amazement, this rationale, in this instance, at-this-time, proved much flawed. So, regardless of the degree-level of familiarity and/or expertise with computer security and system breach detection, recognizing and mounting effective defenses against multi-dimensional cyber-attacks were relatively new concepts, largely absent sufficient software-hardware to execute effectively and instantaneously.
The capability to thwart, mitigate, or contain the asymmetric, adverse, and inevitable cascading effects that coordinated cyber-attacks would likely produce, by design, presents obvious challenges and substantial costs insofar as preparing companies and organizations to reasonably keep pace with the infinite, asymmetric, anonymous and ‘stand-off’ methodologies of (cyber) risks and threats which can materialize anytime and anyplace leaving little or no vapor trail to investigate while maximizing disruption and chaos to a company or organization.
There is little doubt today, that management teams, c-suites, and boards, ranging from Fortune ranked firms, SME’s (small, medium enterprises), and RBSU’s (research-based startups) routinely engage in discussions regarding the practicalities and costs of deploying good-better-best cyber risk mitigation (data-information security) products.
As an intangible asset strategist, risk specialist, researcher, author, and trainer, my experience suggests there are, at minimum, two multi-related reasons why these discussions are inevitable and expanding to every business sector…
• it is a universal and irreversible economic fact that 80+% of most company’s value, sources of revenue, and ‘building blocks’ for growth, profitability, and sustainability today lie in – evolve directly from intangible assets, primarily, intellectual, structural, relationship-social and competitive capital.
• data/information generation, storage, and at will retrieval demands are continually ratcheting up to infinite levels, variously aligned to the rapid recognition and rise of intangible asset intensive and dependent companies.
To be sure, efforts to thwart the actions of the growing global array of ultra-sophisticated economic and competitive advantage adversaries and legacy free players engaged in hacking and/or state sponsored entities capable of delivering highly specific, targeted, or broad-based cyber-attacks are challenges which cannot be dismissed or relegated to the uninitiated or unfamiliar.
I am certainly not suggesting public-private U.S. entities disregard their fiduciary responsibilities or regulatory mandates to safeguard data. Instead, I am suggesting any entities’ mandate to mitigate operational disruptions re-examine same in organizational resilience contexts to ensure they bear capabilities to differentiate proprietary information and data on a continuum. For example, differentiating data-information that encompass these factors as valuable – competitive advantage intangible assets, e.g., their
contributory role, value, and materiality to a particular-project, product, and/or the company’s mission and/or relevance to reputation and brand.