For the majority of individuals and organisations this particular moment in history will be remembered as a black swan event, we certainly didn’t see, or expect this level of intervention and disruption coming. These days will be recorded as a time when we were forced to shut down, isolate and distance ourselves, to help those critical services that are reaching breaking point.
Of course, we could have a knee jerk reaction and sit here like deer in the headlights waiting to see what happens, this potentially has the immediate impact of limiting our crisis and disaster recovery planning with a very narrow focus . However, if we take a step back, with a view to look at what can actually be achieved in this unique time, we will see that there are certain unprecedented opportunities that are right now in front of us, that we have a chance to advance our organisations.
In fact, there’s an entire industry that has mastered the art of benefitting from shutdowns. Shutdowns are commonplace in OT environments, shutdowns are embraced as catalysts of change by the OT industry. We can learn a lot about how to maximise the benefit from shutdowns by looking at OT shutdown, turnaround or outage experiences.
Studies of OT shutdowns highlight certain emerging best practice traits. Kevin Duffy, Kepner-Tregoe notes “The traditional view of shutdowns, turnarounds and outages (STOs) holds that they are maintenance and engineering events. This simplistic view is held by many organizations. A more realistic and holistic perspective, however, recognizes that the impact and scope of STOs extend far beyond the maintenance and engineering functions. STOs attract the attention of shareholders and boards of directors, and impact inventory supply chains and customer relationships. They are, therefore, “whole business events”, not simple function-specific ones. Considering all the potential ramifications, well-executed STOs can represent a source of competitive advantage for an organization.
Simply put: In today’s leaner and meaner business environments, STOs represent not only an increasingly significant challenge, but also an increasingly significant opportunity.”
Having held the position of Chief Information Officer at Jaguar Land Rover, for over three years Simon Bolton has rare insight. “Organisations have a tendency to, at best, under resource planning for unexpected events. It’s understandable. When margins are tight and every sale is hard fought, how does this kind of activity win appropriate investment? Perhaps our current circumstances will demonstrate that those who did plan appropriately, and use the opportunity that the dramatic shutdown of large parts of the economy presents, will come through fitter and stronger in the long term.
At an individual level, most of us have found ourselves in ‘lockdown’ in our homes. Many of us will have taken the opportunity to get all of those niggling but important jobs around the house done that we haven’t paid attention to for perhaps years. Fix the leaking sink, paint the living room, or sort the garden. We should be thinking about our businesses in the same way.
Beyond the obvious need to respond to the immediate current crisis, if there is the bandwidth, this would be a great time for businesses to learn the lessons from this unplanned shut down. What could we have done to prevent it, or at least to be better prepared if it should happen again? What other similar events could occur that could cripple my business? Cyber attack? Critical infrastructure failure? Fire? What could we do to reduce the likelihood and impact of these events.”
Successful organizations will proactively use this time to come out of shutdowns, more resilient, more reliable and more performant than when they went in.
Successful organisations will not waste this hiatus, they will use this time to plan and organise, to take stock, to baseline and measure asset inventory. Leading organisations take time to review risk assessments, to test incident response scenarios, they take time to audit their environments to weed out weaknesses and triage vulnerabilities. They proactively gain a robust understanding of the connected risks to their organisation and formulate comprehensive new risk postures. They audit and validate the devices in their stores and factories and office buildings and build baselines and metrics to monitor resilience and risk.
When we come out on the other side of this, there will be two types of organisations, those that are lean and mean, armed with complete visibility and a robust understanding of their connected risk and those that are not.
Have our blog posts sent to your inbox.
*** This is a Security Bloggers Network syndicated blog from Armis authored by Jeff Zacuto. Read the original post at: https://www.armis.com/resources/iot-security-blog/carpe-diem/