The environmental situation facing many nations in the mid-to-late 20th century was bleak. Industrial waste caused the Cuyahoga River in Cleveland to catch fire in 1969. The Rhine River was long one of the most polluted waterways in Europe, similarly catching fire in 1986. School children in Japan were dying from Mercury poisoning. Problems associated with drought and desertification were already underway in China; a process that has only quickened in the early 21st century. Into this world stepped seminal figures including the marine biologist Rachel Carson whose 1962 book, Silent Spring, documented the effects of widespread pesticide use in the United States and is credited with jumpstarting the modern environmental movement. Much like that time, the 21st century cybersecurity landscape is littered with failed attempts to manage the various facets of cyber attacks, from cybercrime and espionage, to nascent threats introduced below including cyber war and terrorism. But we are still waiting for our cyber Silent Spring.
In the search for analogies to get a better handle on the multifaceted cyber threat, we should not ignore the green movement. Consider the Aria hotel in Las Vegas, which is famous for more than its slot machines -- it is also known for its wet towels. "'We say, if you want us to wash your towels every day, we will do it, just let us know,' says Cindy Ortega, chief sustainability officer for MGM Resorts, which owns Aria, 'but other than that, we're just going to hang the towels up every night.'" Such measures may seem small, but they add up to Aria being a pioneer in sustainability. It is saving a bundle, and generating business in the process. Large multinationals such as IBM provide surveys to Aria that ask questions about everything from waste recycling to water use (hence the wet towels). If Aria elected not to make investments in sustainability, it would be at a competitive disadvantage to its competitors that were.
The example of Aria is illuminating as applied to promoting cybersecurity for three reasons. First, it demonstrates that furthering a company's sustainability by promoting corporate social responsibility is not necessarily at odds with the bottom line; it can be a strategic advantage to firms allowing them to distinguish themselves and add value. The same may be said of investments to enhance cybersecurity, be they technological or organizational, allowing firms with best-in-class cybersecurity to charge a premium for their services. Second, the Aria example illustrates the cost savings that can come from investing in sustainability initiatives with a short return on investment. Although determining a cost-benefit analysis for cybersecurity investments is more problematic than figuring out the amount saved on utility bills, firms with more proactive cybersecurity investments have been shown to save in the event of cyber attacks. The third dimension to the Aria tale is the power of leveraging supply chains through information sharing to attain a corporate goal and even build trust. In this case, "IBM encourages MGM. MGM encourages its vendors. And more and more businesses feel pressure to go green." If more companies used the power of their supply chains to signal the need to invest in cybersecurity best practices, then the cause of sustainable cybersecurity could be enhanced.
Read the full op-ed at Huff Post Tech.
- Publication Type:Other Writing
- Publication Date:04/02/2015