As a cybersecurity practitioner, I am always on the lookout for lessons learned that will help our nation be better prepared to survive a major cyber event. Although the details behind how the coronavirus started will be debated for some time to come, it has brought new meaning to the words “global disaster.” In late January, the World Health Organization (WHO) declared the COVID-19 outbreak a “public health emergency of international concern.” With the number of cases and deaths continuing to rise on a daily basis, seeing the light at the end of the tunnel is hazy at best.
While the effects of a major cyber incident would be instantaneous, the coronavirus (COVID-19) has been a more insidious event. Both, however, have a similar result – they are resource intensive, self-consuming and place our entire American way of life at risk.
With any major disaster, taking time to evaluate and assess lessons learned – both the good and bad – should always be a top priority. Unfortunately, the lessons learned are easily forgotten or not fully instituted.
“Anecdotal evidence suggests mistakes are repeated incident after incident. It appears that while identifying lessons is relatively straightforward, true learning is much harder – lessons tend to be isolated and perishable, rather than generalized and institutionalized.” – Amy Donahue and Robert Tuohy, “Lessons We Don’t Learn: A Study of the Lessons of Disasters, Why We Repeat Them, and How We Can Learn Them.”
As we continue to fight this invisible foe, history has shown the following lessons are ALWAYS tried and true. Whether a natural or man-made disaster, the following lessons continue to rise to the top no matter what the situation:
Communication. This is perhaps the most important lesson of all. Lack of communication to the public creates fear, confusion and chaos. During any crisis, the American people rely on and expect candid and straightforward information from their government. Honesty is always the best policy. Social media and the twenty-four hour news cycle, albeit a great information medium, often brings disinformation not only from within, but from our adversaries who want to promote false reports to cause panic and doubt among Americans. A reliable and trusted source of information is critical for all to hear the basic truth of the ongoing events.
Resiliency of American People. Time and time again, the American people rise to meet disasters head on. Stories of neighbors helping neighbors and strangers helping those in need are daily occurrences. Major industries and small businesses alike are stepping up and retooling manufacturing floors and facilities to make critical lifesaving supplies that are in short supply. The FDA and the pharmaceutical industry are working together to change guidelines to fast-tract testing and the development of drugs and vaccines to save lives. Telemedicine is keeping patients safe, virtual education is allowing students to stay in school, and online commerce is ensuring safe social distancing and reducing the congregation of people in vital areas. The list goes on and on.
Fragility of Supply Chain. Logistics… logistics… logistics. Alexander the Great promised death for failure: “My logisticians are a humorless lot … they know if my campaign fails, they are the first ones I will slay.” While Sun Tzu promised mayhem and bedlam without it: “The line between disorder and order lies in logistics.” Each disaster brings on its own idiosyncrasies. Lack of visibility into the supply chain during Desert Shield/Storm resulted in a mountain of supplies and no knowledge of where things were. The coronavirus brought on an early run of hoarding and the shortage of toilet paper and disinfectants.
More importantly, the medical supply chain highlighted our overwhelming dependency on China for critical pharmaceuticals and the shortage of key active pharmaceutical ingredients to make drug products. Shortages in the national stockpiles of personal protective equipment (medical masks, gowns and gloves) have encouraged states to bid against each other, driving up prices unnecessarily. As in all times of peril, the rise of the black market always shows the dark side of human behavior.
Fog of War—Changing Conditions. No matter the circumstance, you cannot plan for every potential situation. Whether planning for a military engagement, a business decision or a natural disaster, one must always add Murphy’s Law – anything that can go wrong, will go wrong – to your assumption list. Even the simplest of plans can go awry. The “fog of war” always brings about unpredictability and uncertainty to the best-laid plans. It is a game of give and take (action and reaction) on steroids. Helmuth von Moltke the Elder said it best: “No battle plan survives first contact with the enemy.”
We live in a dynamic and changing world. No matter what circumstances we face, lessons learned offer the opportunity for each leader to stay one step ahead of the challenges facing them. Failure to learn from the past can waste precious resources, decrease our competitive advantage, and put lives at risk. During troubling times, we cannot afford to make the same mistakes twice.
The Empower and Protect Blog brings you cybersecurity and information technology insights from top industry experts at Telos.