6. Mobility, Travel Security and Virtual Reality: The Climate Crisis area will demand thinking outside the box on the culture of the road warrior. It is not as simply as decreeing that there should be less travel to reduce the size of the carbon footprint, although that will certainly be a vital aspect of your overall approach. It will also require, ironically, a new commitment to greater, more powerful and more sophisticated mobility technology. In a world where extreme weather events and population displacement can occur anywhere anytime, the 21st Century workforce will have to be equipped to re-establish their work environment anywhere anytime. Furthermore, greater attention will have to be invested in travel security. You will want to know where people are going, and be able to weigh the risks against the advantages, you will want to be able to track their itineraries and contact them at a moment's notice, you will want to pay more attention to equipping and training them. In short, we will have to expand virtual meeting capabilities to reduce physical travel, increase mobility technology to ensure that business can continue in challenging new circumstances, and evolve travel security program to adapt to deteriorating conditions in areas of the world hit early and hard.
7. Cyber Security: Two important points to stress. Remember the old adage of Confidentiality, Integrity and Availability being the pillars of information security? Well, the Climate Crisis touches on all three. Just as with the seven areas of related risk, the most obvious, is the one that relates to physical reality, i.e., in the era of Climate Crisis, the pursuit of availability becomes ever more vital and ever more elusive. And not just because of disruption due to hurricanes, tornadoes, floods, wild fires, etc. but also because of spiraling demand for more and more energy drawn from overloaded and deteriorating infrastructures to combat ever colder winters and ever hotter summers In regard to confidentiality and integrity, there will also be emerging issues that have yet to be properly addressed. New technology brings new vulnerabilities. In the rush to go green, many new technologies will be designed fast and deployed in haste. To the extent possible, security concerns should be factored into this accelerated R&D curve. But just as with the IT revolution, it is likely that security will be at best an afterthought. So those organizations adapting these new technologies must factor security assessment into their evaluation, testing and deployment processes.
Whether I am speaking about these issues with C-level executives, corporate Board members or security professionals, I encounter the same mix of responses: some people's eyes glaze over, they cannot make the connection, some people's eyes hardened, they refuse to make the connection, but there are other's whose eyes light up, they have already made the connection and they are looking for affirmation and support.
Remember, in the 21st Century, as physical space and cyber reality become increasingly integrated and inter-dependent, physical security issues significantly impact cyber security, and cyber security issues significantly impact physical security.
If you prioritize 21st Century risks, the Climate Crisis not only ranks at the highest level of concern (along with nuclear proliferation and pandemic), it also impacts every other risk, either directly or indirectly.
The orderly threat matrixes of the 20th Century are breaking down into a toxic soup, in which risks will interact on each other in new and dangerous ways:
- Organized crime in Eastern Europe, East Asia, etc.
- Failed States
- Cyber Crime and Cyber War
- Infrastructure Failures
- Natural Disasters
- Nuclear Proliferation
- Food Security
- Water Scarcity
- Extreme Poverty
- Economic Insecurity
- Etc., etc., etc.
You can choose to hang back and stay in the pack, you can choose to get out ahead and lead, or you can deny that there is a race at all, but which ever strategy you choose, in a few years from now, there will be no place to hide.
Richard Power is a Distinguished Fellow at Carnegie Mellon CyLab. He writes, speaks and consults on security, risk and intelligence issues. He has conducted executive briefings and led professional training in over thirty countries. Power is the author of five books. Prior to joining Carnegie Mellon, Power served as Director of Security Management and Security Intelligence for the Global Security Office (GSO) of Deloitte Touche Tomatsu and Editorial Director of the Computer Security Institute.