Pandemic-related Government Compliance Initiatives: 7/17/20
This webinar built upon the previous webinar’s topic of maintaining business continuity, specifically in the current pandemic environment that includes complying with government cybersecurity initiatives. We explored pandemic-related government compliance initiatives from two broad perspectives: complex aggregates and compliance challenges; and a way to think about “blind spots” regarding compliance.
The presentation began with aggregates that form and present challenges, opportunities and threats. Aggregates are dynamic mixtures of groups linked via common interests and experiences. When we add propellent to that mixture, such as grievances and injustice, the network can be suddenly ignited. Igniters such as unemployment, the covid-19 outbreak, and the killing of George Floyd can spark the formation of new aggregates that take on local relevance on a global scale. The current pandemic is a dynamic aggregate with which we have to deal. There are others, too.
We used supply chain as an example of deliberately constructed aggregates. We contrasted a supply chain based on rules-based liberal economic competition with official-China’s supply chain warfare. The comparison went as follows:
This led to the question, how can we compete against such warfare? Our argument was that meeting government compliance requirements is not enough. We have to go further. How?
Some sectors are already doing well in this environment: cloud security firms; food delivery; aerospace and defense; and end-to-end security and network solutions. Cisco, for instance, has a program for 15 of the 17 domains of the impending Cybersecurity Maturity Model Certification.
Overall, however, compliance competes for attention behind other priorities: covid and getting remote working working; cloud adoption that trades off user experience with security; artificial intelligence and machine learning for threat detection now; the need to recruit develop and retain cyber skills; and phishing (it’s too easy). For some companies, compliance may not seem to be worth the expense, until fines go up or threats take more of their earnings.
Next, we reviewed some examples of initiatives in the compliance business:
These efforts are about mitigating threats with great defense rather than hunting threats. This point led to the question, how can we identify our “blind spots” that make us more susceptible to either non-compliance with government/private sector standards or attack?
We gave two examples.
First, we showed political – legal checklist from Covington provided questions that any business can ask of itself.
Second, we showed a 4×4 matrix called a “Johari Window” through which a company could look to identify what it knows and does not know about itself (programs, connections, funding, decisions and value), and what it knows and does not know about others (competitors, threats, aggregates.)
The summary of the presentation related the importance of identifying and anticipating threat aggregates, argued that Western-style supply chain competition is facing a different aggregate of Chinese supply chain warfare, noted how we are reacting to this threat with government and industry compliance initiatives, and advocated the use of “blind spot analysis” to help with those challenges.
The discussion that ensued raised thought-provoking questions, developed insights, and offered potential solutions. A few of these are:
At the end of the hour, several participants expressed an interest in the next webinar being about specific local tools and solutions to these complex problems.