Corporate security and the climate crisis

How to adapt security and risk management policies - including IT security - to deal with climate change.

2. Understand your business's carbon footprint. Actually looking at the numbers is going to blow your mind. Such an assessment will produce plenty of surprises. Both in terms of how much greenhouse gas your organization is turning out, and in terms of how much your current level of emissions can be reduced. You need to know where you are in order to get to where you are going.

3. Green Power: Go green, particularly in your IT environment. Imagine the impact on your carbon footprint if you couple the kind of cost-cutting and energy-saving designs IBM and other technology giants are working on with the many building sector schemes to construct all-green facilities or retrofit existing facilities to turn them green. Imagine virtualization on the inside and solar panels and wind mills on the outside. This is not a Utopian dream, this is a business imperative.

4. Business Continuity: Re-evaluate and revise business continuity, disaster recovery and crisis management plans and capabilities. Plans and capabilities should be re-evaluated and revised to cope with events of greater intensity, greater frequency and greater duration. Plans and capabilities should be re-evaluated and revised to cope with the increased likelihood of multiple crises and/or disasters simultaneously. Plans and capabilities should be re-evaluated and revised to cope with different kinds of events than previously thought likely for region, e.g. tornadoes in downtown Atlanta.

Again, Phelps agrees. "Without a doubt, this will also provide fuel to the current fire for voluntary certification for crisis management in the private sector being driven by Title IX of "The Implementing the 9/11 Commission Recommendations Act of 2007" (Public Law 110-53) which addresses a variety of other national security issues as well. It was signed into law. Risk and hazard analysis will have to evolve to meet the changing environment. Insurance companies will drive a lot of this change, likely to require more extensive research on the risks and appropriate planning for coverage to kick in."

But, again, does she see it getting done anywhere?

"The planning I see is not under the umbrella of Climate Change but of the symptom flooding, severe winter weather, etc. My Midwestern clients have had more activations in the past few years than in all of my 26 years. they have been rather "risk-free" for years but I believe that is all changing. To borrow George Lakoff terminology. this is a framing issue. You could literally rephrase an entire risk assessment/hazard analysis and at the top list "Climate Change" and then as a subset below it list all of the impacts, drought, flooding, severe winter weather, more hurricanes, etc."

5. Develop climate change awareness and education program for your workforce, offering guidance for going green in both professional and personal lives. A few years ago, I proposed utilizing the existing delivery system for security awareness and education programs, e-mail newsletters, intranet web site, annual events, training days, wall posters, etc. to provide Climate Crisis guidance to the work force, i.e., both what they need to know to adapt at work, but also what they need to know to adapt in their personal lives. "Why would we want to do this," was the push-back, "it isn't our responsibility?" "No," I responded, "it isn't your responsibility, it is your opportunity."

Tags corporate issues

Show Comments