Cyclones, earthquakes, floods… you name it, all manner of catastrophes fill our news space with unnerving regularity. Today, all organizations have to deal with security-related issues on a smaller or larger scale in order to stave off potential risks, deal with disruptions, and, ultimately, secure their operations.
Disasters wreak havoc in poor and vulnerable communities across the globe, hamper business continuity, and cost billions in recovery and aid funding. Yet despite an abundance of scientific and technical information, they continue to produce ever-increasing human, environmental and economic losses, with the latter estimated at USD 100 billion per year globally, according to United Nations (UN) statistics.
Alongside potential environmental hazards, society now also faces human-induced threats in the form of fraud, cybercrime and terrorist attacks, which call for reinforced travel/border security, information protection, better fraud detection and powerful counter-messaging.
So what’s the solution ? To ensure that we remain secure and resilient within this setting, it is vital that organizations increase their risk awareness, undertake risk reduction strategies, and become resilient to the constantly evolving threats by developing foolproof ways of rapidly and effectively responding to these challenges. And International Standards based on global cooperation are part of this answer. We caught up with Åsa Kyrk Gere, the new Chair of ISO/TC 292, Security, whose secretariat is held by SIS, the ISO member for Sweden, to find out the plan for a more resilient future.
ISOfocus : To set the record straight, is it just media hype or are security threats really on the rise ?
Åsa Kyrk Gere : Security threats are definitely on the rise. For one thing, climate change and natural disasters have noticeably intensified from prior decades, to the point where their effects have been diagnosed as the number one security challenge by most countries today.
As humanity interferes increasingly with the earth’s natural systems, driving climate change, disasters have escalated in frequency and severity, putting more and more stress on the ability of society – and the organizations within it – to build up resilience and adapt to these evolving risks and threats. By this I mean finding ways of preventing and mitigating risks, and enhancing our preparedness and our capability to respond.
Global engagement around this issue is evidenced by the United Nations World Conference on Disaster Risk Reduction (WCDRR), which took place in Sendai, Japan, in March of 2015. There, 187 countries met to negotiate the new Sendai Framework for Disaster Risk Reduction that sets the pace for disaster mitigation over the next 15 years.
One session focused on how standards might enhance and support the implementation of this new framework. The conclusion was unequivocal : standards are a vital and important tool that can complement the UN’s work in preparing us for disaster and increasing our community resilience.
What, in your view, are the most important security challenges facing society today ?
The challenges for a safer, more secure and more resilient society are similar all around the world. They can be broken down into four main points :
- Inadequate response to natural disasters. On a local and regional level, our ability to deal with, and respond to, today’s disasters is proving woefully inadequate, and countries are now working overtime to make their emergency preparedness leaner and more efficient. As a result, some are struggling with the lack of redundancy of their emergency services to face up to these new challenges. But individual organizations also need to take into consideration the impending threats of climate change and many other risks, taking extra steps to focus on their security management, continuity management and, potentially, their emergency response.
- Large-scale urbanization. A soaring population and rapid urbanization means much larger cities. According to the UN, the trend is so severe that by 2050, as much as 66 % of the world’s population will live in urban areas. To make matters worse, several of these “ megacities ” are situated on flood- or earthquake-prone territory. This presents endless challenges to a society’s security and resilience to sustain its critical infrastructure and vital societal functions – the essential assets, services and systems that are necessary for our society to operate. Many of these services and functions are managed by a mix of private and public organizations that depend on the same systems to function. Their security and continuity management as well as their resilient ability to deal with disruption and disaster is therefore vital.
- Cybercrime and fraud. Another of today’s great challenges is keeping these critical societal functions secure since they play a vital role for society as a whole. Examples of services and systems that must function are our financial systems, water and sewage, energy and electricity, electronic communications, and various types of control systems such as dams, public transportation, border/port security, and so forth. Additional societal functions include the protection of information, intellectual property and identity from fraud and theft, which incur enormous financial losses for organizations.
- World instability We live in an increasingly volatile world where the parameters of political, economic and social stability have shifted. This calls for greater focus on societal security issues, from border security at air, land and sea checkpoints, to violent forms of home-grown extremism and terrorism, and counter-messaging that promotes a narrative of tolerance.
Taking stock of the grim reality, most organizations are forced to use a multidisciplinary approach. From our deficiencies we learn that society needs to become more coordinated and streamlined in order to build the safe, secure and resilient world we seek. Standards, unsurprisingly, are a big part of this picture. ISO/TC 292,Security, can make a major difference for organizations - both within and across sectors - by fulfilling their need for security standards that enhance the safety and resilience of society.
As the newly appointed Chair of ISO/TC 292, what opportunities do you see for the committee ?
There are plenty of opportunities for ISO/TC 292 to do good work. A variety of standards are needed to help organizations and communities build up their resilience for a safer tomorrow. Today, we have to shoulder our common responsibility and embrace a holistic, multidisciplinary approach towards a more secure and resilient future. This also means complementing each other’s work on every level – locally, nationally, regionally and globally – as well as acting in all phases – before, during and after an event. Standards play a vital role, both in contributing to this streamlining and as a complement to existing sector-specific standards.
ISO also has an exciting opportunity to support the UN’s globally accepted frameworks. These are based on the consensus of over 180 countries, many of which have identified standards as an essential tool for enhancing and strengthening the implementation of the frameworks. I have made a personal commitment to facilitate cooperation between ISO and the UN. In addition, ISO/TC 292 has decided to establish a task force on cooperation with UN agencies to investigate how present and future standards can reinforce the UN’s work and help implement the frameworks.
Finally, from an ISO perspective, this is also a great opportunity to enhance cooperation and coordination with other ISO technical committees whose work is closely related to ours. I speak, in particular, of ISO/TC 268 for sustainable development in communities, ISO/TC 262 on risk management, and ISO/IEC JTC 1/SC 27 that deals with IT security techniques. Together, we can make a major contribution to a more secure society.
A world of opportunities, but some great challenges too…
Yes. In fact, our greatest stumbling block is combining the different sectors within our extensive scope and finding a common strategy. Breaking through existing “ silos ” and creating a reliable set of security standards that do not overlap and cause market confusion is a sizeable challenge.
Optimizing stakeholder engagement is no mean feat either, but we are striving for an all-round, representative participation from public administrations and authorities, NGOs and SMEs. This means attracting high-calibre experts from a wide range of sectors and fostering an open, contributing dialogue that will eventually lead to high-quality standards in this field.
Yet another challenge is encouraging countries from the southern hemisphere to participate in our work. They are the hardest hit by the consequences of climate change and are struggling with urbanization. Our ambition, in ISO/TC 292, is to create and facilitate an active group of developing countries that will be instrumental in developing the standards that they need. This is why we invite them to get on board so that, together, we can achieve a good regional balance within the committee and, most importantly, develop standards of global relevance.
How do you perceive the demand for standards that contribute to a safer, more secure and resilient society around the world ?
Security risks to society are growing, which means that organizations need to develop the capacity to identify, understand, prepare and deal with multidisciplinary threats. Be they public or private, and regardless of size, all must work towards building up their resilient capability today. Many are lagging behind and need to step up their efforts in this area. Together, we can make a change, and including standards in this journey is crucial. Society will not get stronger than its weakest link.
What areas remain in greatest need of International Standards ?
All areas. International Standards are still very much underutilized in the realm of societal security. I have outlined four important challenges to building a secure and resilient society. Why limit ourselves ? I believe there is a great need and great scope for developing standards that address all four of these key challenges. When it comes to security standards, the world’s our oyster !