This post has nothing to do with my all time favorite actor in Negative roles, Robert Shaw and effortlessly insulting actor Walter Matthau (Oscar Winner) Movie. This movie grossed 5 times the Budget in 1970s!!!
So you wonder what is the connection between EHS and Train Hijack???
I am linking one word “VULNERABILITY”
Wherever I visit facilities, people have very confident feel of things and say all fine, no worry, things on ESH going super!! I then ask,? What is your “Vulnerability Assessment”? As my ex- boss Anthony would joke in our conference calls when all quiet as “Stunned Silence” is what I get!!
Organisations, Individual miss this very obivious aspect when working the improvements at their operations as well as managing issues. From the personal side, classic case how to be ready, as happened to Facebook COO, Sheryl Sandberg. She was on a holiday with her husband, 3pm she saw him saying he would be off to Gymnasium and went in to an afternoon nap,and few hours later David Goldberg the CEO Survey Monkey aged 47 then, was found dead at the tread mill! Sheryl has written a wonderful book “OPTION-B” in which she has covered the “VULNERABLE aspects” that she never saw coming??(Naturally in hindsight) the question is how do we tackle the aspects to which we are vulnerable? There are no easy answers!!!
So what organisation can do to work this Vulnerability of setback, shock, failures, rug pulled from its feet that everything nose dive in matter of minutes??? Ofcourse, organisations are entity made of individuals, so the folks who sail the ship need to be aware, else its all goner!!
No point to beat the horse to death, Leadership is critical and without that nothing works! so Vulnerability aspects are given a top priority to focus and linked to business objectives and Strategy elements.
Risk = A Function of Threat, Vulnerability, and Consequences (Risk = f(T,V,C)) with that in mind, work on following aspects.
- Natural Hazards.
- Substance Chemicals Risk.
- Infrastructure Risk
- Sabotage, Intrusion
- Cyber Threat
- The above can be eloborated as:-
• American Chemical Council Responsible Care criteria for Cybersecurity
• Local computing environment
• Specialized networks including:
o Process control network
o Shop floor network
o Engineering network
o Laboratory network
• Firewalls associated with specialized networks
• Critical applications and data
• Root cause analysis of prior site related incidents
• Wireless networks
• Equipment and chemical storage
• Perimeter and interior security
• Facility physical characteristics
• Security force management
• Physical security policies and procedures
• Applicable legal and regulatory policies
- Data privacy
• Disaster recovery and business continuity planning
• Security vulnerability analysis through US DHS Vulnerability Assessment Tool LINK!!
I also laugh at folks telling me that information is confidential (especially outdated Army folks in their 50s, 60s who still think that nothing is unpenetratable!!) 2017??? U think??? God bless such companies!!!
Organisations need to be more ready for any unknown-unknown….. Great organisations try to work that quagmire and solve issues one step at a time working one day at a time slowly,painstakingly like Miner defuse the bomb in STRATEGO (I played in my teens, 80s) ! It is not easy, as 9/11 proved, the folks who want to cause harm, are always one step ahead in their act and it is always a catchup. Also remember the “TROJAN Horses too”
Good luck and God bless.
12/5/17 1830 Hrs.
Update 1230am Saturday 13th May 2017!!
Call it Auditor’s curse or Auditor luck!! As I posted this blogpost on Vulnerability, less than 12 hrs later, massive Cyber attack on Medical and health care systems massive hit across the world affecting 100 Countries!! hmmmmm!!!