While doing some book research, I found this Network World article about six security-related weaknesses in the United States’ smart grid.
If you step back a little, it makes a good lens for examining your business and your products/services.
While I suggest you read the article to help you use these six areas of concern as a way to examine your own projects, here’s a summary of the six weaknesses identified by the GAO:
- Lack of information
- Lack of focus
- Lack of security features
- Information sharing
- Measure success
- Regulation issues
These six concerns could easily be identified with any large public project, but they can also impact your projects – particularly if you’re in the technology business.
Let’s expand the definitions of these concerns just a bit so we can tie them a bit closer to your business.
Lack of information
“Consumers are not adequately informed about the benefits, costs, and risks associated with smart grid systems.” – Â a quote from the article. Could the same be said about your market regarding your products, services and business?
Marketing and public relations, folks.
Lack of focus
The GAO story mentions “focusing on regulatory compliance instead of comprehensive security” and notes that security is not designed into systems from the beginning, but are (in my words) duct taped on as a way of getting the regulators off their back.
For you, this might be focusing on survive vs. thrive – a deep-rooted attitude change that totally refocuses what you do.
If you’re focused solely (or mostly) on survival and succeed, you arrive at survival. Is that really what you’re working those long days for?
Lack of security features
In this case, the GAO discussion was about design and continuous improvement. About the ability to react vs. the ability to point at how compliant/secure they were vs. a requirement at a point in the past, vs. being able to react to current and developing threats. Your business has similar design concerns.
Is it designed strategically to react to / foresee change, or is it focused on a time in the past – leaving you vulnerable to strategically wiser competition?
This one is about communication, but it’s also about interoperability. When your products and services interoperate with industry standards and market-leaders, they become both. When you are standing on the outside crowing about new features that you invented your own way, that interact with nothing and that in some cases are a decade behind, you don’t become a market leader.
You stay on the outside looking in. Integration with existing systems, products and workflows is critical. How do you handle that?
Quoting the GAO concern about metrics: “The electricity industry does not have metrics for evaluating cybersecurity. The electricity industry is also challenged by a lack of cybersecurity metrics, making it difficult to measure the extent to which investments in cybersecurity improve the security of smart grid systems. … Until such metrics are developed, there is increased risk that utilities will not invest in security in a cost-effective manner, or have the information needed to make informed decisions on their cybersecurity investments.”
Sound familiar? Do you have the information needed to make informed decisions about your internal and external investments?
Really? Show me a heat map of the physical location of your customers. Show me a ROI analysis of the various media you use. Show me a list of your 100 highest value customers and where you got them (referrals, direct marketing, public media, etc).
Not having this info, these metrics, is what Dan Kennedy calls “Blind archery”. Shooting arrows in the dark makes it hard to hit the target.
A lot of this was about jurisdiction in the GAO report. Jurisdiction in your case is all about management and delegation. Proof that you have that under control: You can disappear for a week to spend solo time with a new, extremely valuable customer and return the following week to find a business that has not missed a step. Bonus points are awarded if you met this new customer in a place with no cell service or internet.
Look hard at this Network World coverage of the GAO smart grid analysis to see how you can apply those insights to your business.