Convergence, is a term which…initially entered the security – asset protection lexicon in the late 1990’s.
The underlying premise favoring convergence…at the time, was that multiple security – asset protection practices, when effectively converged, absent inclinations toward ‘turf protection’, would provide more comprehensive safeguards compared to each acting independent of the other. Doing so, produced practical-useful insights for mitigating risks to intangible assets. https://kpstrat.com/wp-admin/post.php?post=5894
To be sure, throughout the security profession…there were numerous parallel processes and programs at work, many with redundancies and overlap which could be converged, providing, of course, there was horizonal managerial receptivity to recognize same and the collaborative willingness to execute change where change was warranted to the betterment of the enterprise as a whole. More specifically, multiple asset safeguard systems and programs could be converged to elevate risk, ala mitigate vulnerability, probability, and criticality to the materialization of asymmetric risk.
So, when I developed the initial ‘computer crime, computer security, and computer crime investigation’ curriculum…at Southern Illinois University, out of a liberal arts college in the mid-1990’s, the notion of convergence was just beginning to gain the profession specific attention it warranted, especially in terms of what was anticipated to be on the horizon.
However, asset risks, ala vulnerability-probability-criticality…at the time, were frequently portrayed as gradations – distinctions which, to date, were not credibly developed. There was little (open source) recognition for distinguishing economic – competitive advantage adversaries, i.e.,
- state – non-state actors, legacy free players, or the ‘business’ of global competitive intelligence firms,
- in terms of what – which intangible assets, i.e., intellectual, structural, relationship capital was deemed attractive, and.
- resources devoted to acquire access – compromise, aside, of course, from those seeking U.S. classified (national security) R&D held-stored in IT systems.
In addition, there was little evidence-based research outside the U.S. classified communities-agencies…aside from anecdotal evidence from U.S. private sector executives whose businesses had experienced probing, victimization, and losses.
Again, very little open source (un-classified) materials available to…describe the conventional who, what, when, where, and how. Each necessary to develop and incorporate prudent defense systems and practices to at least decelerate what many of us believed would be inevitable, more encompassing, and stealthily asymmetric.
The actual number of U.S. companies targeted and experiencing data-information (intangible asset) breaches…i.e., misappropriation-theft, etc., during the early-to-mid 1990’s were largely guesstimates, at best. Few defensive – risk mitigation mechanisms were in place in the U.S. private sector, at the time, to monitor and/or track illicit IT-computer system probing or breaches insofar as exploiting vulnerabilities and successfully acquiring access to U.S. company proprietary and competitive advantage intangibles. https://kpstrat.com/wp-admin/post.php?post=5894
U.S. company-business leadership generally presumed then, as now…those engaging in surreptitious intrusions that lead to breaches of computer-IT systems were variations-combinations of state-sponsored actors. Too, based on my experience, few U.S. business c-suites recognized the much-expanded role now being played by…
- legacy free (independent) actors.
- growing technological advances in business-competitive intelligence, and information brokering operations.
I and colleagues have been characterizing this very lucrative and largely successful phenomena…for many years, as economic, competitive advantage, and political adversaries at work!
U.S. businesses that experienced breaches – losses of proprietary – competitive advantage intangible assets…during this period were routinely characterized as pure victims; having little or no responsibility for…
- self-mitigation to cyber-mounted risks, or
- otherwise improve their computer-IT system’s defenses,
- to favorably change their organization’s posture-exposure to unauthorized-surreptitious access to minimize vulnerability, probability, and criticality. https://kpstrat.com/wp-admin/post.php?post=1350
Perhaps ironically, and quite purposefully, there was mounting economic research stating that…
- 80+%, of most company’s value, sources of revenue, competitiveness, and sustainability lie in – emerge directly from intangible assets.
Not coincidentally, the number of acknowledged intangible asset intensive and dependent companies...rose significantly. An intangible asset intensive and dependent company is operationally defined as one embedded with – dependent on business-project specific variations of intellectual, structural, and relationship capital. It was these firms, based on my independent (investigatory) research, that were routinely being targeted, often successfully, by economic and competitive advantage adversaries globally.
To be sure, certain industry sectors had, at stake, significant financial – reputation exposures…when-if they did not take decisive action to mitigate their vulnerabilities (that favorably affected probability and criticality to breaches-losses or proprietary – competitive advantage information and data which with growing frequency, emerged as reputation risk, civil actions, and financial liabilities, ala criticality. Granted, intangible asset intensive – dependent companies are frequently high-profile players in the global business, trade, and innovation economy. But, admittedly, the concept of ‘convergence’, i.e., recognizing the relevance of a union between physical and cyber security expertise was in its early stages of actual practice. https://kpstrat.com/wp-admin/post.php?post=4194
Soon however, there was growing research and ‘white papers’ produced by national defense agencies…professional associations, and sector relevant vendors variously addressing the benefits and how’s of converging physical and computer (IT) security. My close study of many of these sources proved useful insofar as identifying additional and/or alternative facets of convergence.
Experientially, there was certainly more simplicity and clarity then, than now…regarding industry’s – sector’s receptivity – tolerance to the vulnerability, probability, and criticality of cyber-computer risk and crime materialization, insofar as exposure to adverse effects. In part, of course, this was due to few firms being wholly immune or unattractive as potential-probable targets.
By the early 2000’s, there existed somewhat of an industry frenzy…regarding the practice of converging physical and computer security. This movement (frenzy) was particularly evident in the tech sector and related companies, a majority of which were clear examples of (R&D) intangible asset intensive and dependent. Too, the tech sector was largely driven by completion – market time frames.
Michael D. Moberly December 2, 2017 St. Louis [email protected] ‘The Business Intangible Asset Blog’ since May 2006 ‘where one’s attention span, intangible assets, and solutions converge’!
Readers are invited to explore other papers, blog posts, and books I have published at https://kpstrat.com/blog