Security, Strategy, and the Commercial Enterprise

President George W. Bush has confirmed what many of us in business already understood intuitively: The new war on terror will be fought not just by governments and soldiers, but also by the companies, large and small, that comprise the global economy — the terrorists’ real target. “Terrorists want to turn the openness of the global economy against itself,” the President told executives attending the Asia-Pacific Economic Cooperation forum in Shanghai recently. “We must not let them.”

Rising to that challenge, though, will not be easy. If we are to surmount the grueling test the free world now confronts, we must adapt both national and corporate strategies toward an unfamiliar but absolutely necessary goal: promoting openness and maintaining security at the same time.

How can our nation and our companies preserve openness in the face of threats from suicide bombers, bio-terrorism, information warfare, and others as-yet unperceived? Clearly, security balanced with openness now must rise to become part of the CEO agenda. We suggest a framework based on six principles:

1. Security and strategy are interdependent. U.S. military commanders integrate security — force protection — into their strategic and tactical plans for accomplishing their missions. Indeed, guarding the ability to accomplish the mission is the commander’s primary force-protection goal. A business must assess the vulnerability of its people, physical and intellectual assets, and relationships with customers, and then assure the continuity of its business operations. Ultimately, companies will need to redesign their critical business processes and information flows to enhance security and maintain openness with the smallest possible increases in costs.

2. In establishing and maintaining corporate alliances, security must become a factor. The de-integration of the vertically integrated firm has benefited many companies, both domestically and globally. But the extended enterprise can reach too far, exposing a company’s core operations and competencies to the flaws in far-flung allies. Those weaknesses can range from data security to physical protection of overseas facilities. The answer will not be wholesale reintegration, for that would be economically counterproductive. Instead, companies will need to conduct new forms of due diligence on would-be alliance partners. Existing alliances should reevaluate their linked physical, personnel, and cyber-security processes. How will the alliance respond jointly and immediately to threats?

4. The opportunities of globalization must be measured against the risks. Companies will have to rethink their globalization strategies, not only because of the terrorist attacks, but in light of the mounting protests that began in Seattle and continued through Geneva, Davos, and Genoa. This is not to equate the protesters with the terrorists, but it is to accept that there is a palpable opposition in the East and West to the globalization regimens of many multinational companies. At the least, corporate leaders will have to be able to identify legitimate non-governmental organizations, distinguish genuine grievances from untenable demands, and adapt strategies and operations to the needs of increasingly diverse global constituencies. More importantly, corporate leaders should add to their companies’ mission the goal of spreading the benefits of openness — through education, training, and rising living standards — to the world’s dispossessed.

5. Cyber-security is also a life-and-death matter. Although lacking the direct human trauma of physical attacks and bio-terrorism, cyber-attack is a real and perilous vulnerability. Scenarios, such as one sponsored last year by the Department of Energy and the Utah Olympic Public Safety Command, demonstrate that terrorist attacks could be significantly worsened by cyber-assaults aimed at disrupting local power and telecommunications infrastructures. The dispersed character of the Internet does not protect against this threat. To the contrary, although the Internet was designed to be so redundant that it could survive a massive physical attack, because it treats everyone as a privileged insider, it is extremely vulnerable to cyber-attack. Witness the recurrent denial-of-service attacks and large-scale computer viruses. Individual companies can significantly reduce their vulnerability to cyber-attack; nets of companies can do more.

Foundations of Prosperity
The memory of the Second World War should be a balm in the months and years ahead. For lest our resolve in this latest global conflict wane, it’s important to remember that the measures taken to win World War II also were the foundation for the Western world’s post-war prosperity.

We can achieve even greater results today, but only if government leaders, citizens, and business executives recognize that we all play crucial roles. In Shanghai, President Bush put it best. “Pursuing both openness and security is difficult,” he said. “But it is necessary.”