Jared Diamond has written a new book,
Collapse: How Societies Choose to Fail or Succeed.
The author examines societies from the smallest (Tikopia) to the largest (China) and why they have succeeded or failed, where failure has included warfare, poverty, depopulation, and complete extinction. He thought he could do this purely through examining how societies damaged their environments, but discovered he also had to consider climate change, hostile neighbors, trading partners, and reactions of the society to all of those, including re-evaluating how the society’s basic suppositions affect survival in changed conditions.
For example, medieval Norse Greenlanders insisted on remaining Europeans to the extent of valuing the same food animals and plants in the same order, even though the local climate was not propitious for hogs and cows and grain crops, and the sea nearby was
full of fish and seals. When the climate became colder, their marginal way of life became even more so. Meanwhile, colder weather led the Inuit to move southwards until they contacted the Norse, who reacted adversely, producing hostile relations.
And cold weather stopped the trading ships from Norway. The Greenland Norse never learned to use kayaks, harpoons, ice spears, or dogs.
In the end, they all died.
Europeans are capable of learning all these things, as the Danes who rediscovered Greenland several hundred years later demonstrated.
The medieval Norse Greenlanders stuck so slavishly to their presuppositions that they doomed themselves.
It’s true that they survived for more than four hundred years, which is a long time as civilizations go, but they didn’t have to die; all they had to do was to become a bit more flexible.
Many corporations are larger than the tiny island nation of Tikopia, where the inhabitants are almost always in sight of the sea.
Many have more people than the entire population of Norse Greenland.
And many corporations operate in cultural strait-jackets as severe as that of the Norse Greenlanders: stovepiped departments, top-down comand-and-control hierarchy,
and fast profit instead of long-term investment, to name a few.
To get a bit more concrete, let’s look at a few of the one-liner objections Diamond says he encounters to the importance of environmental concerns.
“The environment has to be balanced against the economy.”
Or risk management has to be balanced against near-term profit.
Indeed, no corporation can spend all its profit on risk management,
but if it doesn’t spend enough on risk management, it risks there being
no profit because there may be no corporation.
Plus, risk management can be a competitive advantage.
With the London Stock Exchange requiring corporations to have
risk management plans to be listed, and the U.S. SEC considering the same thing,
at the least risk management is becoming a requirement to play capitalism.
The first corporations to have good plans can also gain marketing advantages.
In addition, the kinds of information a corporation needs to make a good plan can also be used to improve connectivity, lessen risk, and improve customer satisfaction, all of which should have some positive benefit on the bottom line.
“Technology will solve all our problems.”
This is what corporations have been assuming: buying more Internet security technical
solutions will solve Internet security problems.
Recent history indicates otherwise.
Every corporation needs some forms of technical security,
just like every building needs fire control mechanisms,
but a building can still burn down and Internet connections can still fail.
“If we exhaust one resource, we can always switch to some other resource meeting the same need.”
This is the attitude I’ve seen with people who think that if the U.S. is attacked via the Internet, we’ll just cut off Internet connectivity at the edges of CONUS (continental United States).
Such an attitude ignores the basic fact that there is no way to do that successfully,
because there are always more ways in or out than you were keeping track of,
not to mention that a great deal of U.S. commerce and even emergency communication measures would suffer.
It’s also the attitude of corporate executives who think they’ll find something to replace the Internet so they don’t have to deal with Internet problems; for example, they’ll put up private communication links to their business partners, or they’ll build perfect virtual private networks on top of the Internet. Both of these approaches have certain applications, but neither of them can replace the Internet as a globally accessible communications medium.
Not all of the one-liners Diamond lists are so obviously parallel with Internet problems and denials, but these three may be suffficient to illustrate the point.
The point is that business as usual isn’t enough for Internet business risk management planning.
Traditions need to be re-examined in order to construct and implement new strategies that will work.