Lack of recognition for the vital role security plays results in too many security managers and agency security advisors – and to those readers who do not fit this profile, I apologise in advance, but it is nonetheless true of many others – being in the position because they are either parked there or waiting out their time to retirement. Precious few in the business would see themselves as leaders within their organisations, far less society.
In some ways, the culture is changing already, albeit slowly, with a younger breed of security operatives joining the ranks and actually choosing security as their future. Culture is complex, however, and change is more than a rebranding exercise with a new coat of paint in the hope no one looks under the hood. It is necessary to first develop an ethos – values – and ways of thinking in order to plot a course. Then that philosophy needs to be embodied in the stories shared, heroes applauded and rituals created.
One small step has been establishing an industry-based medals program recognising bravery and contribution. Another is the creation of the Outstanding Security Performance Awards (OSPAs), which is growing into a global event.
More is needed, as technology is changing the shape of business, government and society, especially in the way people organise, communicate and collaborate, which in turn is changing the way people view authority and power. Nowhere is that more evident than in information sharing, especially in a world of cognitive capital, where knowledge has become an asset of institutions and organisations and a resource traded for money, social influence and political clout, creating barely-understood risks as well as opportunities.
Letting go of old values and beliefs can be challenging in bureaucratic mindsets where knowledge is power, bringing to mind a poster on the wall of an Australian intelligence organisation’s office depicting a toad in the mouth of a crane, with the toad’s hands around the throat of the bird and a caption, “Whatever you do, don’t let go”.
While the security, intelligence and law enforcement old guard refuse to let go, younger generations – so-called digital natives who are young adults and not kids anymore – accept sharing as part of life. All too often, solutions revolve around education and, preferably, control, and rarely innovative or fresh approaches, no matter what the marketing spin or political rhetoric advises. Thinking must move beyond extensions of bureaucratic control to establish networks, which inevitably means sharing information.
Information sharing, however, is what is known in policy development as a wicked problem; wicked not in the sense of evil – though some may see it that way – but in terms of being intractable because its complexity defies definition far less solution.
A big help would be the academic and research community contributing beyond looking for funding opportunities. Industry insiders – government and corporate – also need to play their part. And they need the right environment to do so. In 2003, the Federal Attorney-General’s Department established the Trusted Information Sharing Network (TISN). For a while a promising initiative, of late the TISN has been waxing and waning to a point of being almost moribund; almost because it has just enough of a pulse for the Government to publicly deny its ill health, thanks to some areas, such as the finance sector, working well together. The public water sector has made great strides too. Therein lies some precedents. As such, preventing the TISN’s death, thankfully at this stage, may mean CPR as opposed to open heart surgery.
The UK’s Project Griffin, established in 2004 in the City of London to help the financial sector protect itself against terrorist threats, is often cited as an example of public/private information sharing. What is forgotten is that it was the banks that pushed for its inception.
The reality is the industry, or for that matter the country, cannot afford to wait for the Government to fix problems; corporate security, individual agencies and all levels of government need to engage and support a TISN if it is to be anything more than a tick-a-box exercise. The hard work of creating links and connections with knowledgeable individuals and networks, admittedly difficult given the nature of security, is needed to develop different avenues of engagement with embedded accountability. To date, organisations and governments have stuck to superannuated consultants, credentialed academics, media darlings and other trusted insiders rather than seek fresh input.
Given rapid change, how anyone could claim to be an expert in what is essentially new knowledge is hard to see. Not that that has stopped an entire courage industry growing around advising on cybersecurity, with people deemed ‘experts’ because they work for a university, prancing around glibly spreading fear as facts with less understanding than a spotty 12-year-old Ohio schoolboy known as glitterstick_007.
“In an age of turbulent and unpredictable transition, institutions most need the very things – innovation, picking up the early signs of disruption, a capacity to move quickly and responsively – that tend to be found at the edge of large systems in dispersed networks of expertise close to people’s lives and experiences, rather than the more slower and more distant structures of power at ‘head office’,” writes Martin Stewart-Weeks and Lindsay Tanner in Changing Shape: institutions for a digital age.
“Institutions in the digital age still need to access and exercise power and authority. But that will increasingly happen through their connections with surrounding networks of energy, insight and creativity.”
Historically, major change has always occurred at the edges of society. Finding that edge and having it feed back into the practices and culture in order to change larger systems entails learning new habits of influence and practices of persuasion that emerge from the process, thereby cultivating a network mindset and leadership through active participation, openness and decentralised decision making.
In short, command-and-control – hanging on like the toad – no longer cuts it. And the rapid speed of change means even those who are parked or waiting out their time for retirement may have no choice but to contribute, or learn to enjoy the ride.