Security, Risk, Safety & Resilience: Endless Adaptive Threat-Aligned & Mission Orientated Systems, States and Thinking
Ridley Tony
Experienced Leader in Risk, Security, Resilience, Safety, and Management Sciences | PhD Candidate, Researcher and Scholar
Safety, security, risk and resilience remain mission-critical features and functions of any reasonably complex system or real-world environment. But what is the 'mission', objective or desired outcome of safety, security, risk and resilience?
Moreover, how do they complement, compete, form and prioritise within dynamic adversarial environments or in defence of intelligent, agile, motivated and capable humans who accidentally and intentionally seek to circumvent controls, defences, systems and processes?
In other words, how are mission fulfilment and desired status achieved when faced with people, environment, and factors constantly challenging assumptions, hardening, defence-in-depth, and protective security risk management practices?
First, security and all manner of risk mitigation, the management or protective preparedness must be viewed as an 'infinite game' of moves and counter moves.
Second, security, safety, risk and resilience must be thought of and modelled within the context of systems—increasingly networked, complex and diverse systems spanning physical and digital domains.
More importantly, cultural, professional, industry and organisational boundaries.
Especially where providers, third parties, regulators and governments are present. As there may be one or more goals that must be considered and prioritised at any given moment within or across the entity.
"The primary goal of all systems is to provide value-delivery within constraints of cost/benefit?"
(Willet, 2022:564)
Third, mission fulfilment, sustainment and efficacy remain dependent upon numerous actors, threats, adversaries and happenings outside the system.
As a result, the system is in constant adaptation and evolution. Polycentric, protean and capricious influences and structures abound. Not all are within your plan, thinking, imagination or control. It would be unwise to assume, suggest or plan otherwise.
Fourth, and last, adversaries don't give a damn about your plan(s), mission or self fulfilment.
Reasoning, professional and advanced persistent threats of all kinds just consider your efforts and response as just another factor to plan for and go around, over, under, through or exploit. Using all means possible, even your own people, systems, fatigue or human fallibility. Defenders and protectors get far less downtime or rest than adversaries, organised/syndicated criminal cohorts and systemised/automated threat vectors/actors.
"Let’s bring many concepts together for systems thinking about security?"
(Willet, 2022:564)
In sum, no one security, risk, safety or resilience measure or resource should exist in isolation or without consideration of the context or environment for which it was positioned.
For security risk management remains a system-of-systems (SoS) which compliments, interacts, depends and protects numerous other systems of note and those concealed from view or consideration.
As do your adversaries, threats, bad-actors, competitors and the natural/built environment. What attenuations, ameliorations, remediations (okay, enough ??) have you planned for or vary given any updated action, capability or intent from a malevolent actor(s).
In short, security risk management is subject to systems thinking, like it or not. What does your system look like and how does if function in the face of change, stress, challenge, threat, exploitation or collapse?
“The market can remain irrational longer than you can remain solvent.”
Security, Risk, Safety, Resilience & Management Sciences
Reference:
Willet, K. (2022). Systems thinking in security, in Masys, A. (ed) Handbook of Security Sciences, Springer, pp.553-572