Contingency Planning & Management April 2002
Balancing Hysteria and Caution in Today's Volatile Climate
by: David Hochman
A Conversation with John Pike
Business continuity professionals must not only deal with the challenging task of developing and installing contingency plans, they must also be able to analyze risk from a big-picture, long-term perspective. In large cities such as New York and Washington, D.C., there is increasing pressure, fueled by sensational media reports and frequent government warnings, to address issues of terrorism. But budget constraints are real, and risk is part of life, so planners need practical wisdom on how best to communicate realistic vulnerabilities and allocate appropriate resources in this highly charged environment.
We spoke with John Pike, director of GlobalSecurity.org, a nonprofit nonpartisan organization focused on innovative approaches to the emerging security challenges of the new millennium, about today's vulnerabilities and how business continuity professionals should manage them.
Pike worked for nearly two decades with the Federation of American Scientists, where he directed the Space Policy, Cyberstrategy, Military Analysis, Nuclear Resource, and Intelligence Resource projects. He has also been at the forefront of utilizing satellite imagery to monitor worldwide weapons facilities.
Frequently called upon to testify before Congress, Pike in 1983 established the Space Policy Working Group, comprised of congressional staff and advocacy organizations concerned with missile defense issues. He is a member of the Council on Foreign Relations and has served on a variety of nongovernmental boards and advisory committees. He appears regularly on PBS, CNN, MSNBC, Fox, ABC, CBS, NBC, BBC, and NPR to provide commentary and analysis on space and security issues.
The author of more than 200 studies and articles on national security and space, Pike began his career as a political consultant and science writer.
With frightening, though speculative, stories in the media becoming an everyday occurrence, how can business continuity professionals take a leadership role in quelling hysteria, while still completing their mission?
The greatest challenge is conveying realistic assessments relating to "low probability / high consequence" hazards. While the September 11 attacks have certainly recalibrated the risk calculus, there has been a tendency in the mass media to focus on the worst-case hazards, and they portray these hazards as having a high probability, verging on certainty.
In the real world, the risk of a mass casualty terrorist attack has to be factored into risk management in much the same way that normal accidents, such as fires, storms, or earthquakes, do.
Hysteria generated by the media and its effect on workers' emotions has created a need for discernment among business continuity professionals. How can these professionals help communicate to employees the seriousness or lack of seriousness of a threat, or the likelihood of an event?
One good place to start is to do the math. On an actuarial basis, the probability of being killed or injured in a terrorist incident has always been quite low, and even if the odds look a bit worse today, there are still many other daily hazards that are of equal or greater danger.
There is clearly a need for new educational materials that focus on personal self-protection against the new terrorist threats. The existing pamphlets and booklets are mainly focused on kidnappings and hijackings, rather than the terrorist threat scenarios that are currently of greatest concern.
When the government issues alerts without specifics for fear of creating a panic, it instead can create a level of anxiety that itself causes a business interruption - and the media runs with it because it attracts audiences. What can be done to help reduce the anxiety caused by such general alerts?
The recent announcement by Homeland Security director Tom Ridge of a new terror alert system, which assigns various colors to specific levels of risk, is a much-needed first step. The challenge now is to translate these alert levels into specific response plans for specific facilities and organizations.
During the 1990s the Defense Department developed a four-stage terrorist alert system, first labeled THREATCON and later renamed ALERTCON. Military installations worldwide were provided with a specific set of steps to take at each level of alert.
In principle, nonfederal security managers now face the challenge of emulating this approach. In practice, the uniform application of ALERTCON security measures at all military installations cannot be matched in the [private] sector, given the diversity of facilities that must be protected. Not all targets are created equal, and not all facilities need equal protection.
Determining broad categories of facilities that will require specific levels of security at various stages of alert remains the main challenge for homeland security.
Since the government admits it has held back information to avoid panic, what should business continuity professionals look for to indicate that a heightened threat condition exists?
This is one case in which we will have to trust the government's new threat alert system to convey their best-available threat assessment.
Many continuity and recovery personnel, especially in New York, have developed plans to de-concentrate key employees - no one wants to be the next Cantor Fitzgerald - and have been criticized by many for succumbing to fear and panic by abandoning the city. What advice would you have for these planners?
This is simply another risk management issue, so do the math. Calculate the additional cost, if any, factored against the probability of loss. My hunch is that even relatively modest additional costs for de-concentration might turn out to be a very expensive insurance premium.
Nearly everyone accepts that the post-Cold War honeymoon is over, and although no one is building bomb shelters yet, Americans now realize again the world can be a very dangerous place. In terms of protecting American lives and property, is the U.S. government as powerless as the media makes it seem?
There are certainly limits to the ability to defend against terrorist attacks. As President Bush said, if we cannot bring them to justice we must bring justice to them, which is why the military campaign around the world will be an essential component of homeland defense.
Unfortunately, to date, the federal government has been rather more focused on protecting itself from terrorists than in protecting the rest of the country. The big challenge that remains is forging a public-private partnership in which the federal government provides a broad spectrum of assistance to [private sector] security managers.
Copyright ©2001, Witter Publishing Corporation
