Operational Resilience and Impact Tolerance: Are you ready for the next wave?

Humanity will make history if C19 is a single wave pandemic. The bubonic plague lasted in Europe between the 14th and 18th Centuries with 3 major waves. In 1346 it wiped out one third of Europe’s population; in 1361 an estimated 10-20% of the remaining populations died of plague; the next wave in 1374 is virtually unrecorded! While Shakespeare is writing his plays there are 2 taboo subjects which are barely mentioned: one is the plague – A plague o both your houses ~ Mercutio; the other was the disastrous military campaigns in Ireland! The World Health Organisation finally declared the third wave of bubonic plague as expired in 1959 – that is only 61 years ago!

C19 is a timely reminder, both individually and collectively, that we need to maintain our own operational resilience and impact tolerance. Last month, I discussed how the Bank of England and others are pushing for operational resilience and impact tolerance to be regulatory requirements but it goes beyond that – C19 is a harbinger for many, especially the SME community, that you must be able to look after yourself.

The first wave of the pandemic has shown that many businesses have been able to pivot from being office-based to supporting staff working from home. However, as the lockdown continues to extend, business leaders need to think about how to maintain long-term productivity, staff wellbeing and security – will the State have the wherewithal to manage another wave? I very much doubt it.

Global markets demand global contact so, for the foreseeable future, the ability to withstand wave after wave of uncertainty requires the right organisational culture and resilient mindset.

Shifting Resilience & Sliding Productivity

The NCSC Cyber Aware campaign is reaping collective benefits. Since its launch on 21 Apr 20, it has received over 508,985 suspicious cyber activity reports from the public with 3,768 previously unknown phishing URLs being removed and 40,086 views of advice and guidance. This is evidence of shifting resilience. Some firms have modified their websites to give access to easy-to-understand instructions to users on what to do in relation to securing their home offices and segregating their work connectivity from, say, their entertainment or IoT networks.

Productivity is also under pressure with growing confusion and uncertainty on when to unplug. Recent surveys show that large parts of the workforce struggle without the structure of a workday. A factor exacerbated by being overloaded with an exploding catalogue of digital tools – an 8×8 report this month highlighted that a majority (62%) of those surveyed said that they are now using more digital apps and tools in their jobs. Just over two-fifths (42%) used between 6-15 different apps and platforms during their working day, while a small minority use between 16-20 (2%) or even more (1%).

A big difficulty separating work from home is being driven by a majority using personal devices (67%) and personal communication apps (55%) for work purposes. The survey also found that 42% of British workers feel more stressed and overwhelmed than when in the office, blaming too many apps, a blurring of the lines between work and home life and difficulty unplugging. This is not to mention the increased cyber vulnerability surface.  Taken together, organisations must be clear on their in-place controls and defences and the associated cost-benefit analysis in this new era: resilience is proportional to the situation.

Physical & Cyber Security

Working-from-home places greater emphasis on BYOD control and the ability to reliably segregate the confidentiality and availability of work-related data from home-life and, most likely, school-life. Employees must be aware of the dangers of adding shadow IT and unprotected devices to the network and how to securely configure all their approved devices so that they can process work-data appropriately. Employers need to adjust their risk postures and mitigation strategies to manage a more dispersed and decentralised info-structure. Be under no illusion, nation states use whatever means to take best advantage from the weak links of home networks and children desperate for the latest online fun.

Similarly, now is a good time to take stock of the digital tools recently rolled out to support home working: which ones are delivering against business needs and which ones are taking up bandwidth? People time, network space and added cost. It is important to fully understand the underlying driving forces and to adjust the implementation strategies accordingly. If this means retiring novel tools then so be it – don’t let the tail wag the dog.

Response Framework

As the UK’s workforce begins its return to a new-normal, now is the time to examine your response frameworks – are they fit for purpose? Are they resilient and flexible enough to handle a 2nd or even a 3rd wave of uncertainty? Where will the resources, money and team goodwill be found to deal with these likely challenges?  These scenarios need to be considered, costed and tested.

This paradigm shift provides a unique opportunity to re-evaluate your resilience and impact tolerance. A sustainable home-working environment with suitable social channels and a regular communications routine to avoid isolation syndrome offers a potential cost-saving but needs to be considered in the context of data confidentiality, availability and staff well-being.

Any enterprise whose staff figures exceed 30 – 40 really ought to evaluate these options through a balanced-scorecard approach.  Over the past 18 months, Spectra Analytics, working with Perimeter Group have developed a leading-edge Operational Resilience and Impact Tolerance Maturity Assessment, known as ORBITT, to help Enterprises effectively manage resilience challenges like global pandemics by analysing the key vectors of digital and physical infrastructures; Enterprise controls and defences; response frameworks and their effectiveness and, most importantly, a resilient organisational culture and mindset.

Visit our new LinkedIn Showcase page to find out more about ORBITT https://www.linkedin.com/showcase/orbitt.ai/


This blog was written by Spectra Analytics Chief Information Officer Chris Crowther. Chris has over 25 years’ experience in the information assurance and security domain.

He is uniquely qualified to understand the evolving threat environment, as well as having an exceptional track record of driving and delivering change in complex organisations.

He is a global digital leader with senior experience with the UK military and other Government Departments, US Military and Federal Government, the United Nations, KPMG and Airbus. Amongst a plethora of awards and accolades from the UK and US, Chris’ contribution to the world of Information Risk was recognised in 2016 by his qualification as a CESG Certified Professional Lead Security and Information Risk Advisor. Chris is co-founder and chair for the West of England Cyber Cluster.

Operational Resilience and Impact Tolerance in a post-coronavirus world, Chris Crowther

In early December 2019 the Bank of England, Prudential Regulation Authority and Financial Conduct Authority published six consultation papers (CP) on operational resilience and impact tolerance. The papers set out a series of proposed rules and policy statements which are expected to make their way into confirmed policy by the second half of 2021. This was around the same time as the C-19 strain of coronavirus was wreaking havoc in Wuhan and was about to change our world and appreciation of resilience.

The Covid-19 pandemic has shown that many businesses have been able to pivot from being office-based to supporting staff working full time at home. However, the home environment is not the same as an office environment. As the lockdown is extended business leaders need to think about how to maintain long-term productivity and staff wellbeing. This demands an appropriate organisational culture and resilient mindset.

For many organisations, getting laptops to everyone and moving to Cloud suites was the first step.  Home-working software also exceeded expectations, including office, collaboration, virtual desktop, remote access and security.  Some organisations have found they are able to get by without the need for physical PCs deploying virtual desktops to staff to enable them to work remotely. In summary, it is necessary to understand the needs and expanse of your digital and physical footprint.

Shifting Resilience & Sliding Productivity

Resilience has shifted from centralised offices to numerous home-offices. Furthermore, working from home shifts information assurance and business resilience from the responsibility of the CIO to remote workers themselves. Some firms have modified their websites to give easily accessible and understood instructions to users on what to do.

A study measuring the hours worked on work computers and applications in major European countries between 24 February to 26 March 2020 has reported that Europe has seen a decline in productivity.  The Global Remote Work Productivity Tracker found that in the UK, people were using work applications 20% less than if they were in an office. Germany and France both experienced a 55% decline, Spain a 33% decline, and Italy a 70% decline. These falls risk an increase in worker surveillance, so organisations need to be clear on their in-place controls and defences and the associated cost-benefit analysis.

Digital collaboration

With more dispersed teams, businesses are finding it increasingly important to remain digitally connected.  Data from Slack illustrates how London-based workers are making greater use of the Slack service – usage data between February 17-21 and March 16-20 increased by 27%. While, almost overnight, Zoom has become a household name for video conferencing.  This suggests that staff and organisations are figuring out how to use technologies that support remote working.

Long-term prospects

This week will likely witness the UK Govt laying out its C-19 Restart Exit Strategy – it is a good time for organisations to reflect on what they ought to do to avoid the chaos and uncertainty in future. This will require a detailed examination of fit-for-purpose response frameworks.

The first phase was about getting people working but this is not a sustainable position – particularly from a health and safety, and productivity perspective. Home bandwidth is also contentious. There are reports of a 5.3% decrease in internet speed in Europe and Amazon and Facebook have fallen by over 50%. These shifts are unsustainable.

One of the long-term impacts of coronavirus is likely to be a sense of home-working empowerment.  This paradigm shift provides a unique opportunity for organisations to re-evaluate their resilience and impact tolerance. At a tactical level, organisations ought to consider how to resource a sustainable home-working environment with suitable social channels and a regular communications routine to avoid isolation syndrome.

From an enterprise perspective, it makes more sense to evaluate these shifts and changes through a maturity framework that focuses on your organisation’s digital and physical infrastructure and estate; the suite of in-place controls and defences that protect those estates; the robustness and effectiveness of your organisation’s response frameworks especially its supply chain; and, most importantly, a resilient organisational culture and mindset.

Over the past 18 months, Spectra Analytics, working with Perimeter Group to develop a leading-edge Operational Resilience and Impact Tolerance Maturity Assessment, known as ORBITT, to help Enterprises effectively manage the risk of resilience challenges like global pandemics.

Find out more about ORBITT here: ORBITT Brochure

Contact Chris Crowther (chris.crowther@spectraanalytics.com) for more information.

Spectra Interviews: PhD Data Science Internships, Callum Reekie

What attracted you to the data science internship?

Throughout my PhD I have worked with large datasets that have required me to use code-based models and data manipulation methods to extract meaningful scientific information. The technical challenge of designing and implementing computer models has been the most enjoyable aspect of my PhD and I was excited to find that data scientists do this as a career. The internship offered by Spectra provides an opportunity for PhD students to get valuable experience in this field. Not only does the internship offer traditional data science training but also allows you to learn the full lifecycle of developing a data analysis solution.

What is the culture like at Spectra?

Spectra has a fantastic, dynamic working environment. All of the staff are friendly and approachable, regardless of their position or the projects they are working on. There are regular team building exercises which allow the intern not only to get to know colleagues but also feel part of the team. Crazy golf was a particular highlight! Regular ‘stand-ups’ also allow you to learn how your work is contributing to the overall projects that the business is working on.

What was the best part of the internship?

It became apparent to me that effective data science is not just pure AI, but also learning how these models are integrated into user applications. Being given the chance to learn web application development alongside industry-level machine learning has been my favourite aspect of the internship. This has given me valuable insight into not only how to develop effective machine learning models but also deploy these models for others to gain valuable insights from their data.

What was the worst part of the internship?

Choosing a ‘worst’ part would be a challenge! There were none. However, to give an answer – because of the fast-moving projects that the business works on, you are ‘thrown in at the deep end’ with regards to web-app development. There is certainly a learning curve involved and it might take time based on your skill level but it is certainly positive in the long run.

Will the internship help you with your PhD?

Absolutely. I have applied a small amount of machine learning in my PhD written in embarrassingly shambolic scripts. Learning best practices for developing machine learning models as well as an opportunity to learn deep learning will allow me improve this work.

Would you recommend the internship?

110%. I come from a slightly unconventional background (PhD Earth Science) compared to typical routes into this industry. However, the training and support I have received from the entire team at Spectra and the amount I have learned in the space of 3 months has been outstanding. I cannot recommend this internship highly enough for PhD students who want industry experience in data science.

RSA 2020, Chris Crowther

Image result for rsa 2020

While attendance at the 2020 RSA Conference might have been down; the quality of the sessions and the opportunities to meet amazing people was undiminished. With a reported 36,000 attendees, 704 speakers and 658 exhibitors, RSA 2020 maintained its position as a world leading cyber convention. No small feat given the Covid-19 pandemic that led to the last minute withdrawal of such big names as IBM, AT&T and Verizon.

For a complete catalogue of the key sessions visit the RSA Conference Youtube Channel. In the meantime, here is a small selection of the sessions that got the Spectra team excited – now is a good time to reflect on these predictions as we all consider and prepare for a post-Covid-19 world.

SECURITI.ai, an AI-Powered Privacy Ops company that helps automate all major functions needed for privacy compliance, son of the Innovation Sandbox competition. Since the start of the contest 15 years ago, the top 10 finalists have collectively seen 56 acquisitions and received $6.2 billion in financing. Such is the quality of the competition and the growth of AI / ML and automation in cyber security.

In his keynote, Reality Check: The Story of Cybersecurity, the president of RSA was clear that humans will always matter in cybersecurity despite technologies continued advance. However, he urged that the narrative needs to move towards cyber-resilience. Cyber- and Operational Resilience and Impact Tolerance is a service that Spectra Analytics has been offering for some time. It is good to see that the world is awakening to this key development in thinking.

The Cryptographers’ Panel explored the pressing issues facing the industry today. The discussion points included GDPR and CCPA, the ethical uses of AI, democracy-election security and the rise of blockchain.

Hacking Exposed: Global Threat Brief explored the most novel attacks in the current global threat landscape, diving into specific, real-time examples of threat actor activity from both nation-states and criminal groups.

Navigating Privacy in a Data-Driven World: Treating Privacy as a Human Right, discussed why privacy is a basic human right in a growing technocratic world. Society is at a tipping point due to high-tech drones and biometric clothing. As the world becomes more advanced, society must adjust. Will new legislation really protect citizen privacy?

On the Edge of Something Big: Security’s Next Frontier ML and AI are now woven into security network environments and demonstrating utility in the autonomous cyber security management, saving critical resources and enabling focus on strategic concerns.

Collaborating to Improve Open Source Security: How the Ecosystem Is Stepping Up A useful open source security discussion on the efforts across industry and open source communities which covered projects such as the software bill of materials, and shared best practices for consumers and software vendors.

Look forward to seeing you at RSA 2021

By Chris Crowther, CIO Spectra Analytics

Operational Resilience in Your Life, Andrew Cortis

Andrew Cortis, Perimeter Group

I would like you to take part in an experiment, if you are brave enough you can run it live but a cognitive exercise will perform just as well. It’s going to cost you nothing, just the simple the push of a button…ready….ok…..don’t charge your phone this evening, then set off to work, your next appointment or simply enjoy the weekend for 24hrs without your phone….on purpose!

For many of you, the mere thought of voluntarily turning off your phone and attempting to operate fills you with complete dread.

If you are still with me, begin to run through the important services you rely on hour by hour or day by day; the things that allow you to operate as an optimum version of yourself. Travel times for delayed striking trains, an absolute must down my way, money transfer services on your beautifully designed banking app, streaming music, box sets to block out the daily commute, or perhaps the social connectivity which, at any time of day or night, provides an opportunity to enjoy the endless and questionable antics of your family and friends.

In its simplest terms, what we are doing here is running a personal resilience exercise to establish the impact on us and our network if/when important services are removed. Our ability to perform complex tasks is delivered with simplistic ease if the capability and connectivity to our network exists, but what if it is removed by an outage or failure?

For those of you who have plucked up the courage to consider this set of circumstances and maybe even layered on some additional scenarios of your own, we can use heuristics and simple quantitative measures to rapidly calculate a broad approximation of impact and our tolerance to that impact. Our ability to continue to function is derived from quickly establishing a baseline and by running some relevant scenarios.

Today is the end of a long dark and fairly miserable month, culminating in one final elephant trap – it is the deadline to submit our self-assessment tax return. A spike of anxiety for some and warm smug self-satisfaction for others. What’s important about this example? In some ways it’s a good proxy for impact – we can instantly measure the impact of a delayed submission either through technical failure or apathy, it’s £100.  We can probably all afford the penalty and therefore our impact tolerance to financial loss is high but what about if this delay continues, there might be a reputational impact with significantly higher costs.

There is a famous expression “only the paranoid survive”. What does this mean in this context of Operational Resilience? Well as institutions or individuals we can choose to act by testing our resilience and understanding of the down side risk or we can bury our collective heads in the sand and hope.

Hope is especially appropriate in many forms for me this weekend as I travel to Dublin to watch Ireland play Scotland in the 6 nations; global pandemic aside. I have given scant regard to the connections I will make to all the institutions I will interact with in Dublin. I hope they are all resilient enough to at least serve the black stuff and transport me to and from the game. In this scenario I can afford to hope for a Scotland victory, it’s the only control I have in my world, and I will not be impacted much if they don’t……..now where did I leave my phone charger?

by Andrew Cortis, Managing Director, Perimeter Group

Cervus and Spectra Continue Data Science Partnership

spectra-cervusWe are proud to announce the signing of a contract that ensures a long-term partnership between Cervus and Spectra that will continue to build and deliver world class data science into the hands of the frontline user.

The new contract supports product development to scale Hive™ and to significantly enhance its AI functionality. Over the last 18 months, this partnership and Cervus’ analytics platform Hive™ has supported:

  • The US Marine Corp’s Wargame Capability Development to integrate advanced analytics and visualisation to deliver an environment that empowers senior leadership decision making.
  • The British Army’s Virtual Reality Land Training (VRLT) project and the Collective Transformation Programme (CTTOP) to explore Training Measurement and Evaluation (TME).
  • Exercise Iron Strike 3 and supported the development of the British Army’s STRIKE Concept through live simulation data capture and analytics.
  • The University of Chichester to develop a Physical Activity Capture and Evaluation (PACES) tool to inform musculoskeletal injury prevention in service personnel.
  • DSTL’s Transforming Training, Education and Preparation (TTEP) Project and CTTP through a Defence and Security Accelerator (DASA) award to capture and analyse both performance and experience across education and individual and collective training environments. This will enable a far richer understanding of military readiness through effective workforce analytics.
  • US SOCOM (via SOFWORX) in the development of a Physiological Assessment Tool (PAT) demonstrator and to aggregate data from a variety of real time physiological capture systems to identify key human behaviours during meetings/engagements.

The effective capture, analysis and exploitation of training and education data is a fast-growing area in the Defence Training Market. The 5 eyes Technical Cooperation Programme (TTCP) commissioned a study into the top 25 emerging trends in learning. The only trend rated in the top 5 for criticality by all 5 nations was learning analytics. This is an exciting time to be in the defence analytics space and our data science credibility and expertise is hugely bolstered by this continued relationship with Marcus and the Spectra team. The UK and Allies ability to access Data Science will be a key issue facing many military organisations over the next 3-5 years and our partnership with Spectra starts to mitigate some of this risk.

Alan Roan – Managing Director, Cervus

The ability to harness artificial intelligence to quickly process and analyse the vast amounts of data that is being generated by the military is vital to protecting our country and allies, and securing the safety of our service men and women. We are delighted to continue our partnership with Cervus as we work together to achieve this goal. ‘

Dr Marcus Ong FIMA – CEO, Spectra Analytics

CEO Dr Marcus Ong elected Fellow of the IMA

Congratulations to our CEO Dr Marcus Alexander Ong being elected Fellow of the Institute of Mathematics and its Applications. This is awarded to individuals with senior professional standing in the field who are actively developing and applying mathematics. You can read an interview with Marcus in Mathematics Today from when he first joined the institute in 2014.