An
company | Brands
Blog & News/Part Two: Preparing for Cyber Security Threats That Can Disrupt Your Staffing Plan
By Allen Forbes, Kimberly Somerholter Moros, and Dan Billquist
-Crisis Planning Specialists from My R2P2
Recent cybersecurity threats and attacks have disrupted businesses from the Colonial Pipeline to the JSB meat supplier and California drinking water. Hospital attacks have been equally disruptive, and C-suite executives need to be prepared to keep staffing levels adequate in the event of such disruption. In this second part of a two-part fictionalized series, the authors draw upon decades of preparedness training and crisis planning to help executives visualize how to be ready, how to be responsive, and how to keep operations running smoothly.
Bzzz, Bzzz. "Susanne?" the Executive Assistant inquires. "Toni is here to review the draft of the CEO Critical Information Requirements (CCIR) and potential decision points so you can provide your initial guidance to the Crisis Response Team.”
"Great timing," thinks Susanne. “When the response team forms, Toni takes on the collateral duty as the Operations Chief under Eric. Refreshing our CCIRs is essential because rehearsals indicate they need to be adaptable to the situation. The rehearsals ensure we have a framework to facilitate a response tailored to the situation. I'm confident that the Crisis Rapid Response team is activating the planning process to address the extortion threat to prevent irreparable harm.”
“By providing my intent and guidance,” she ponders, “I can help my staff respond to the current crisis while remaining aware of the impact of decisions upon mid and long-range plans and objectives. My role is to ensure our response is within our mission and values. By empowering our staff and subordinate leaders to seek out and share information, they can take actions to create decision space. I want to encourage leaders at all levels to share information and act as skilled filters and synthesizers for the creation of "timely, relevant and accurate information."
As CEO, Susanne needs to strike an optimal balance between understanding her organization's capabilities and the situational requirements without losing site of the bigger picture. This balance enhances her subordinate's decision-making ability and agility. Her CCIRs focus the staff to provide her with actionable knowledge to support her contextual understanding, and not data or isolated bits of the information.
Simon Sinek's book, "Start with Why," is all about asking better questions, and designing a better CCIR. The information you get is as good as the questions you ask. As a leader, you must ask better questions. There's nothing worse from staff or subordinate perspective than a CEO who uses the "I'll know it when I see it" question approach. At its core, a CCIR embodies the why.
Context is an essential dynamic, thus CCIRs must be flexible and adaptable. As a general rule, they should identify what we know, what we need to know, and what we don’t know we don't know. They should motivate the staff to seek information and answer critical questions such as, "Who else needs to know?" CCIRs assist in defining the “when” and “what” decisions to consider. Susanne finds CCIRs frame her contextual understanding which transforms into effective decision-making. Her staff and leadership recognize that CCIRs empower decision-making from their perspective, be it an initial responder to the C-Suite.
Susanne understands the environment is more than running a stand-alone hospital; it's an ecosystem of interrelated social, governance, political, economic, human resource, information, and infrastructure. Her team's actions and decisions impact the whole ecosystem. Their response to the crisis could require changes in how everyone operates and makes decisions. Changes may be temporary response measures or permanent operational adjustments; however, these impacts must be recognized and included in the decision calculus.
The interrelatedness of the system may result in decisions affecting areas differently. For example, a minor change in the informational procedures could increase demand and workload thus requiring an increase of staffing to maintain patient care.
Technology will “stress-test” the interrelatedness of the ecosystem elements. The unprecedented ability of technology to transmit, receive, and distribute data with velocity and in high volume can obscure the critical information we need. CCIRs are the way to capture and distill data into information.
Susanne shares with Toni her philosophy that CCIRs generate opportunities and decision space rather than simply answering discrete questions. As they consider the role of CCIRs in directing the collection, analysis, and dissemination of information, Toni observes that CCIRs also assist with prioritizing and allocating limited resources.
The lack of predictability of potential threats complicates decision variables and supporting information requirements. It reinforces Susanne's point about the flexibility and adaptability of CCIRs to ensure we use our resources wisely.
With the conversation shifting to an attacker orientation, Susanne reviews with Toni the three broad components of her CCIRs. “Priority Information Requirements” (PIR) focus on the adversary and general business environment. “Friendly Information Requirements” (FIR) focus on our employees, partners, and supporting capabilities. Because we are an international corporation, we also have our “Host Nation Information Requirements” (HNIR). HNIRs help us focus on information needed to effectively partner, develop plans, make decisions, and integrate their political, law enforcement, and other civic interests. These three broad components help focus and catalog information; they also help the staff share information and seek additional sources.
"That are many information sources and requirements," mentions Toni.
"You're right, so we must prioritize," states Susanne. "Prioritizing will help us allocate our resources and improve our knowledge. Bottom line, we'll adapt the framework to better our situational understanding. This will give us a greater likelihood of minimizing the effects of the hacker.”
Susanne knows she is the driver of the development of the CCIRs. During the planning process, her staff helps her by developing CCIRs across three horizons of "what’s next?" (negative trends in context), "what if?" (crisis planning process), and "what is?" (crisis response).
In today’s complex environment, we are challenged when creating relevant CCIRs to support sound decision-making. During a crisis, CCIRs may support decision-making at all levels; however, some CCIRs may provide nuanced answers to a select few. This doesn't mean that we should stop planning at the operational level – just the opposite. We must continue to focus on the "why," "so what," "what if," and "what's next." The answers to these questions will drive collection and analysis while building the mindset for success.
It's essential to recognize CCIRs are tools used to focus efforts and assist with informed decision-making. Well-intentioned staff and decision-makers can create CCIRs that actually impede effective decision-making. Susanne reminds herself - do not get target fixated. How often have you heard about a flight crew (Eastern Air Lines Flight 401) that crashed a perfect airplane because they (as a team) were fixated on a minor problem and didn't ensure the plane kept flying? The same goes for CCIRs. Leaders need to take a step back, widen the aperture, and have someone act as a "red cell" (the adversary) to ensure they're not missing something or sound the alarm if they are getting the target fixated.
CCIRs can work against staff and decision-makers when the CCIR provides excellent, but irrelevant information. CCIRs can also give contradictory information leading to misaligned or delayed decisions. All team members must keep this in mind!
CCIRs are a “Living Concept”, requiring frequent reviews to ensure they provide value to the staff and decision-makers. When reviewing CCIRs, it's essential to look at the CCIR and ask three fundamental questions. First, does the CCIR help the staff and decision-maker gain and maintain situational awareness? Second, does the CCIR provide empowerment and authority to subordinate decision-makers to take immediate actions that create decision space for senior leaders? Finally, does the CCIR provide direction and clarity to help focus staff and decision-makers during the chaos and confusion of a crisis? CCIRs may not answer all these questions. Still, they should answer as many as possible to be of value.
Two examples to exercise, review, revise and refresh CCIRs are table-top exercises and post event reviews. Exercises provide staff and leaders with the opportunities to work CCIRs without the added stress of a crisis. These events help adapt CCIRs to contingencies and potential crises; they will also help ensure the CCIRs provide staff focus, support decision-making, and the proper stewarding of resources. Post-event reviews are vital since they help staff identify which CCIRs worked well, which ones need adjustment, and which ones to discard.
A crisis doesn’t need to occur to implement CCIRs, they lend themselves in developing a rich environment of timely, relevant and accurate information that supports good decision-making.
Allen Forbes is a retired reservist Lieutenant Colonel of US Marines and President of PMCAP, a service-disabled veteran-owned small business. Allen has 30 years of experience in crisis planning and decision making in national security and international commercial environments. From preparing for and managing cyber and physical crisis events at start-up through Fortune 100, to planning military special operations and coordinating space-based resources, Allen is a decorated practitioner, planner, and mentor. In 2016, Allen added Thunderbird School of Global Management to his list of Master’s degrees.
Kimberly Somerholter Moros is a retired US Army Colonel who served for 28 years. Kimberly’s years of experience in crisis planning, communications, influence and decision making made her the go to when developing strategic communications strategies and mentoring international decision makers. Kimberly is active in national security as a strategic international engagement advisor who develops and implements strategic communications plans for targeted engagements.
Dan Billquist recently retired as a Lieutenant Colonel from the US Army after 28 years. Dan served as lead influence planner for US Special Operations and NATO forces for 11 years, overseeing operations in the Baltics, Central Asia, the Middle East, and East Africa. For his final assignment, he was selected to serve on a mobile training team which assisted senior military leaders and their staff with contingency response planning and decision making. As a graduate of the Naval Post Graduate School, he earned a Master’s of Science in Joint Information Operations.