skip to main content skip to main navigation
(originally published by Booz & Company)

Security, Strategy, and the Commercial Enterprise

In the post-911 world, companies are faced with the challenge of simultaneously promoting openness and protecting the firm. To achieve this goal, senior executives must understand one fundamental principle: Security and strategy are interdependent.

President George W. Bush has confirmed what many of us in business already understood intuitively: The new war on terror will be fought not just by governments and soldiers, but also by the companies, large and small, that comprise the global economy — the terrorists’ real target. “Terrorists want to turn the openness of the global economy against itself,” the President told executives attending the Asia-Pacific Economic Cooperation forum in Shanghai recently. “We must not let them.”

Rising to that challenge, though, will not be easy. If we are to surmount the grueling test the free world now confronts, we must adapt both national and corporate strategies toward an unfamiliar but absolutely necessary goal: promoting openness and maintaining security at the same time.

“If we are to surmount the grueling test the free world now confronts, we must adapt both national and corporate strategies to maintain openness and security at the same time.”
Managing Contrary Forces
This task is made harder by its apparent internal contradiction. Our whole way of doing business has long been evolving toward greater openness and more individual empowerment. But as the assaults of September 11 have shown, transparency and empowerment allow technological, political, and social forces, abroad and at home, to threaten us. Yet to withdraw into protectionism, while a natural instinct, will prove far deadlier than Al Qaeda and its associates. From the NATO alliance to the airline industry’s Star Alliance, we have learned the value of diversity, collaboration, and partnership. Reversing the trend toward increasingly rapid technology transfer, global communications, and free capital flows is a recipe for moral decay, economic ruin, and entrapment, especially of the poor.

How can our nation and our companies preserve openness in the face of threats from suicide bombers, bio-terrorism, information warfare, and others as-yet unperceived? Clearly, security balanced with openness now must rise to become part of the CEO agenda. We suggest a framework based on six principles:

1. Security and strategy are interdependent. U.S. military commanders integrate security — force protection — into their strategic and tactical plans for accomplishing their missions. Indeed, guarding the ability to accomplish the mission is the commander’s primary force-protection goal. A business must assess the vulnerability of its people, physical and intellectual assets, and relationships with customers, and then assure the continuity of its business operations. Ultimately, companies will need to redesign their critical business processes and information flows to enhance security and maintain openness with the smallest possible increases in costs.

2. In establishing and maintaining corporate alliances, security must become a factor. The de-integration of the vertically integrated firm has benefited many companies, both domestically and globally. But the extended enterprise can reach too far, exposing a company’s core operations and competencies to the flaws in far-flung allies. Those weaknesses can range from data security to physical protection of overseas facilities. The answer will not be wholesale reintegration, for that would be economically counterproductive. Instead, companies will need to conduct new forms of due diligence on would-be alliance partners. Existing alliances should reevaluate their linked physical, personnel, and cyber-security processes. How will the alliance respond jointly and immediately to threats?

“A business must assess the vulnerability of its people, physical and intellectual assets, and relationships with customers, and then assure the continuity of its business operations.”
3. Your greatest business vulnerability may be with partners in your value web. A firm is only as strong as its weakest ally — or the links among them, for that matter. Indeed, it’s those links that are under the most potential pressure right now. Inevitable decisions on homeland security will affect the way companies transact business, especially if they place barriers on the open and rapid transportation of goods. In the three days after the September 11 attacks, border closings in the U.S. cost the General Motors Corporation $30 million in supply chain disruptions. At the very least, the headlong rush toward just-in-time delivery systems must be tempered by “just in case” planning, as companies in manufacturing industries and retailing begin to rethink the advantages of inventory-less operations.

4. The opportunities of globalization must be measured against the risks. Companies will have to rethink their globalization strategies, not only because of the terrorist attacks, but in light of the mounting protests that began in Seattle and continued through Geneva, Davos, and Genoa. This is not to equate the protesters with the terrorists, but it is to accept that there is a palpable opposition in the East and West to the globalization regimens of many multinational companies. At the least, corporate leaders will have to be able to identify legitimate non-governmental organizations, distinguish genuine grievances from untenable demands, and adapt strategies and operations to the needs of increasingly diverse global constituencies. More importantly, corporate leaders should add to their companies’ mission the goal of spreading the benefits of openness — through education, training, and rising living standards — to the world’s dispossessed.

5. Cyber-security is also a life-and-death matter. Although lacking the direct human trauma of physical attacks and bio-terrorism, cyber-attack is a real and perilous vulnerability. Scenarios, such as one sponsored last year by the Department of Energy and the Utah Olympic Public Safety Command, demonstrate that terrorist attacks could be significantly worsened by cyber-assaults aimed at disrupting local power and telecommunications infrastructures. The dispersed character of the Internet does not protect against this threat. To the contrary, although the Internet was designed to be so redundant that it could survive a massive physical attack, because it treats everyone as a privileged insider, it is extremely vulnerable to cyber-attack. Witness the recurrent denial-of-service attacks and large-scale computer viruses. Individual companies can significantly reduce their vulnerability to cyber-attack; nets of companies can do more.

“Companies will need to conduct new forms of due diligence on would-be alliance partners. Existing alliances should reevaluate their linked physical, personnel, and cyber security processes.”
6. Strategic security is a joint public–private responsibility. Strategic security will require a new, negotiated balance between private companies and the public sector generally — cooperation that doesn’t always come naturally. Consider the disparate ways government agencies and the financial-services industry have treated breaches of computer networks. Law enforcement authorities have tended to treat hackers’ attacks as crimes, hence the secrecy of the evidence they obtain. Financial institutions, by contrast, want to understand their vulnerability and repair it, which mandates rapid access to the information that government — as well as other companies — acquires. With power grids, banking networks, industrial logistics systems, and telecommunications networks subject to disruption, mitigating the antagonisms and inefficiencies in the public–private relationship will be crucial in preserving citizen trust in the economic system. It will also save lives.

Foundations of Prosperity
The memory of the Second World War should be a balm in the months and years ahead. For lest our resolve in this latest global conflict wane, it’s important to remember that the measures taken to win World War II also were the foundation for the Western world’s post-war prosperity.

We can achieve even greater results today, but only if government leaders, citizens, and business executives recognize that we all play crucial roles. In Shanghai, President Bush put it best. “Pursuing both openness and security is difficult,” he said. “But it is necessary.”

Ralph Shrader,
Ralph Shrader is the chairman and chief executive officer of Booz Allen Hamilton, the international strategy and technology consulting firm.

Mike McConnell,
Mike McConnell is a vice president with Booz Allen Hamilton and the former director of the National Security Agency.
The business insights you need to succeed. Get s+b’s best ideas delivered to your inbox twice a week.

Get the strategy+business newsletter delivered to your inbox

Recommended Stories