Defend our 'networked' economy
Among all its effects, Sept. 11 has illustrated the need to redefine how we defend the 21st-century economy.
Our economy, highly dependent on information networks has vulnerabilities that weren't apparent before. Indeed, this economy's strengths - global integration, electronically linked buyers and suppliers, instantaneous movement of cash and securities - also define its vulnerabilities. Businesses and policymakers need to adapt rapidly to defend this economy from future disruptive attacks.
The emergence of the network economy has been well documented. Obvious examples include the vast communications links within and among companies and customers. The network economy has completely remade the supplier-manufacturer-distributor chain. Wal-Mart's vaunted logistics network, for example, ensures that stores have the right merchandise at the right time. Countless not-so-obvious examples also exist. Many larger companies use armies of computer programmers in India. Several US insurers use non-US locations for key processing activities. Indeed, the virtue most cited about the network economy is its distributed nature.
Sept. 11 has raised significant concerns about these networks. Loss of key voice-data connections in lower Manhattan alone led to an unprecedented shutdown of the securities markets. The impact was not limited to New York. The movement of cash and securities around the world was severely impaired, often because of the temporary operational failure of a single financial institution in the network. Some institutions could not activate remote backup sites because communication links had been severed.
The system did not fail. Networks were repaired and markets reopened. Buildups and backlogs have been or are being remedied. But the warning signs are clear. In an attack on three buildings that appeared designed to take lives and destroy American icons as opposed to wreaking broad economic damage, the network economy was collaterally wounded as never before.
Could this economy survive attacks directly on these key networks? Y2K preparations highlighted many communication risks and so-called "daisy chain" vulnerabilities - failures of one institution causing failures for other institutions in the same network. Indeed, many experts are saying that Y2K preparations partially explain the speed at which companies, particularly financial institutions, recovered from Sept. 11. However, these preparations may not be sufficient to overcome attacks directed specifically on these networks.
As Tom Ridge sets the agenda for the new Office for Homeland Defense, defending the network economy needs to be high on that list. Steps to consider include:
Identify 'daisy chain' risks. What are the vulnerabilities in a network that can cause even larger domino-like failures? This requires much thought and examination of processes at micro levels. Though not all potential breakdowns can have solutions, just the advance knowledge of potential soft spots can help managers if and when recovery plans are implemented.
Think beyond organizational boundaries. Collaborate with suppliers and customers in an analysis of mutual vulnerabilities. Test all parties in the network on their preparedness. It is not enough for a firm to prepare itself. Many well-prepared institutions were caught by failures elsewhere. Companies must use heightened scrutiny, particularly of those institutions that are critical nodes in a particular network.
Consider distributing key operations. Advances in voice/data communications and bandwidth may enable even further dispersing of operations. This step also has the advantage of creating additional backup sites if a key element goes down.
Locate backup sites in different geographic areas. At least one firm lost both its primary and secondary processing sites in the lower-Manhattan attack. Other firms could not activate sites in Brooklyn because of communication failures. In hindsight, the decision to locate backup centers so close looks silly. However, each was in a separate building with separate and redundant utilities. Lower Manhattan has negligible risk of earthquakes, hurricanes, or floods - which were the usual reasons before Sept. 11 to locate backup sites in a separate region. Nobody envisioned attacks by passenger jets.
Collaborate with competitors. The reaching out with help by many, often competing, firms in the aftermath of Sept. 11 perhaps should be built into contingency plans. Such collaboration will require a different mindset by both competitors and regulators. However, this step can go a long way toward creating high-quality redundancy into networks.
Develop methods for periodically testing or at least evaluating the network's preparedness. The pace of change in the technologies and infrastructures on which we depend is so rapid as to make obsolete in just months any well-thought-out recovery plan. New networks are formed daily. Ongoing testing is required to ensure ongoing preparedness.
Clearly, the world has changed since Sept. 11. If business wants to continue to explore the tremendous advantages of the network economy, we must also protect it and ensure its ongoing viability.
Ronald P. O'Hanley is vice chairman of Mellon Financial Corporation.