Solutions to execute the mission in the workplace without ‘cyber’
National Cybersecurity Awareness Month is an opportunity to focus on the effort it takes to appropriately protect information and cyber-enabled capabilities.
In today’s Air Force, the value of cybersecurity cannot be overstated and we have made it a priority: emphasizing compliance, acquiring systems that consider security early in their design, and investing significantly in our ability to defend our interests in cyberspace.
Cybersecurity is clearly important, but in the workplace it is only one piece of the puzzle. In our organizations, both big and small, it is important to understand why we use technology, what it contributes to our effectiveness, and how we might execute our mission without it.
We do not use information technology for its own sake. We use it because it makes us more effective or efficient. Requests are processed faster, errors are reduced, people are safer, and processes take less effort. Through technology, we pursued these kinds of improvements in every mission area across the Air Force. Before we knew it, those improvements were the new normal and we pursued even more.
In this culture of continuous process improvement, organizations quickly became dependent on the technologies that helped them achieve every new level of performance. The old ways of doing business intentionally fell to the wayside.
This is not necessarily a bad thing. However, we must balance our efforts to streamline with the need to get the mission done, regardless of the situation. Often called mission assurance, this balance requires that each organization understand risks to their mission accomplishment and build resiliency into their processes. We can refine our processes to increasingly leverage the technologies available to us on a normal day, but we must not forget the processes that we will be forced to use when those technologies are not available.
While it might sound like heresy for a “comm guy” to tell you plan for a day without cyber, that is exactly what we must do. Someday technology will fail you. Perhaps it will be the result of a complex cyberattack from a determined enemy, but more likely it will be because something broke. On that day, how is your organization going to do its mission? What if it is more than a day? A month? Eventually you will have to get the mission done, efficient or not.
To help you through this process ahead of time, PACE yourself. PACE stands for primary, alternate, contingency, and emergency—a way to think through how you access and communicate information. Primary is the method of communication that you prefer to use and is the most effective. For example, your office could use email as your primary communications method.
Then your alternate might be the telephone—not as good as your primary means, but still fairly effective. Contingency is a method that is not as convenient or efficient as the first two, but still gets the job done. In our example, this might be the use of a radio. Finally, emergency refers to an option that is your last resort and will have some sort of significant impact. An example would be using a runner to deliver information. You can easily find more information about PACE and other models using your favorite search engine.
PACE helps organizations think through their critical processes and determine alternate ways of communicating needed information. When a bad day happens, you have already determined the impact of lost capabilities and have alternate methods ready. This is not an easy process—many people will find that their organization is incredibly reliant on technology to get the mission done.
We have all spent years incorporating that technology into every aspect of our processes to squeeze every bit of efficiency and effectiveness out of the organization. On a bad day you will not be able to get everything done, so you will need to prioritize and find different ways to accomplish the mission. To avoid thinking through that during the crisis, you must consider it now.
From the most senior commander to the newest technician, every member of the Air Force should take time this month to understand what cyber means to them and their organization. We should ensure we are doing everything possible to secure our cyber capabilities. Then we should plan for doing our job without them.
This story was originally published October 12, 2017 at 11:48 AM with the headline "Solutions to execute the mission in the workplace without ‘cyber’."