Early Warning Systems: Giving Your Organization a Heads Up
In the Cold War, the government constructed a line of radar stations near the Arctic Circle to provide an early warning if Soviet bombers ever attacked the United States. Businesses can also benefit from setting up an early warning system to give advance notice of problems that might pose a threat to their operations and resources.
In today’s post we’ll look at what an early warning system for business looks like, why your organization should have one, and some of the challenges involved in setting such a system up.
Related on BCMMETRICS: The Cost of Calamity: The Cost of Calamity: How Being Unprepared Can Harm An Organization
EARLY WARNING SYSTEMS AND NATIONAL SECURITY
Perhaps the most famous early warning system ever was the Cold War–era DEW Line, or Distant Early Warning Line. This was the line of radar stations set up in northern Canada in the 1950s to detect Soviet nuclear bombers that might come flying over the Arctic on the way to targets in the U.S.
The most famous early warning system that unfortunately did not exist was one that might have prevented the attacks of September 11. Only after the attacks did the government wake up and create the National Network of Fusion Centers. These centers synthesize intelligence gathered by various agencies to help authorities detect, prevent, and respond to attacks by terrorists and criminals.
EARLY WARNING SYSTEMS FOR BUSINESS
The value of early warning systems for business has been recognized for some time. For example, the international business continuity standard ISO 22031 calls on organizations to have systems in place for providing early warning of potentially disruptive incidents.
In business, a fusion center is typically a room staffed by representatives of a few critical core support functions.
These might include security, facilities, technology, property management, and other key operations.
By sharing among themselves information from their various networks, these folks can form a clearer, quicker picture of developing threats. They can make sure others in the organization who need to know about them are brought into the loop.
This capability helps the organization prepare for the incident, contain the disruption, and speed restoration and recovery.
If the IT person at the fusion center learns a cyber incident is going on, they can share that information with their colleagues who can ensure that the right people in their own departments are given a timely heads up. Ditto if a facilities person learns of a power outage at an important facility. This way people in other departments aren’t blind-sided, and the time needed to respond and initiate recovery is reduced.
An Early Warning System is like the whiskers of a cat. It’s out there in front, sensing various things that are going on and reporting back with vital information about the environment. Whiskers help a cat avoid danger. A business’s early warning system can help you detect, prepare for, and contain threats to its operations and resources.
OPTIONS IN SETTING UP AN EARLY WARNING SYSTEM
Organizations have many different options in setting up an early warning system. The arrangement can be varied to suit the needs of the company, whether it’s a multinational corporation or a midsize or small business.
The usual starting point is a room to serve as the fusion center. This would typically be at the global security operations center, for organizations that have one.
In terms of how the fusion center is staffed, this can vary depending on the organization’s size and resources. Large multinationals might have dedicated fusion center staffers monitoring for trouble 24/7.
Other companies might have staffers working in the fusion center while conducting their day-to-day jobs.
Another option is to have workstations set up in the fusion center for representatives of the different core areas. At the first sign of trouble, those representatives or their alternates are called in and take their pre-assigned seats. They begin monitoring the situation, sharing information with their fusion center colleagues, and alerting key people in their home department and possibly elsewhere.
OBSTACLES TO SETTING UP WARNING SYSTEMS
Regrettably, business has not been quick to embrace setting up early warning networks.
When asked about this, executives typically say, “Everything is working fine now, I don’t see the need.”
This is just what the CIA and FBI thought before the attacks of September 11.
Naturally, many businesses are concerned about the expense of setting up early warning networks. However, these systems can be scaled to the company’s resources. And if and when a serious incident occurs, such a system is likely to pay for itself quickly.
Two more common obstacles to creating early warning systems are:
- People prefer to keep things in silos. It’s hard to get people to share their inside information with people from other departments. Often they fear that by doing so, they will lose a measure of control.
- Departments cannot agree on which severity matrix to use. This is a small thing, but in my experience, it causes big problems. It’s common for different departments in the same organization to each have their own incident severity matrix. For example, facilities might use a matrix where a Level 1 event is minor and Level 4 means the world is ending, while the security department at the same company might use a color-coded system going from green to red.
WARNING SYSTEMS FOR SMALLER ORGANIZATIONS
A final note regarding how even small and midsize companies can set up early warning networks.
It may be that such companies cannot afford to set up fancy command centers. Most likely, they can set up a cross-functional team and take steps to promote the sharing of data and information. They can also establish one severity matrix to be used by all departments across the organization.
Such measures can provide even small organizations with an effective early warning system.
BEING READY, REDUCING IMPACTS
Chances are your organization would benefit from having an early warning system. Such systems promote the sharing of information across departments and the early detection of threats, as well as the prompt notification of key personnel. This helps organizations get ready sooner, minimizing impacts and speeding recovery.
In setting up such a system, obstacles do exist. But considering that overcoming obstacles is the main activity of every successful organization, this need not prevent yours from succeeding in setting up an early warning system.
FURTHER READING
For more information on disaster preparedness and other hot topics in BC and IT/disaster recovery, check out these recent posts from BCMMETRICS and MHA Consulting:
- As Easy as 1-2-3: How to Launch a Business Continuity Program
- Ditch the Data Silos: Improve Your Resiliency with Integrated Information
- Getting in Sync: Eliminating Recovery Strategy Gaps between BC and IT
- “This Is an Emergency”: Why You Should Consider an Emergency Notification System
- Standard Time: The Best Time to Choose a Business Continuity Standard Is Right Now
- The Cost of Calamity: How Being Unprepared Can Harm An Organization
Michael Herrera
Michael Herrera is the Chief Executive Officer (CEO) of MHA. In his role, Michael provides global leadership to the entire set of industry practices and horizontal capabilities within MHA. Under his leadership, MHA has become a leading provider of Business Continuity and Disaster Recovery services to organizations on a global level. He is also the founder of BCMMETRICS, a leading cloud based tool designed to assess business continuity compliance and residual risk. Michael is a well-known and sought after speaker on Business Continuity issues at local and national contingency planner chapter meetings and conferences. Prior to founding MHA, he was a Regional VP for Bank of America, where he was responsible for Business Continuity across the southwest region.
