Security vulnerabilities in businesses across the United States have become a top focus for the U.S. government. Within the last 18 months, the National Counterintelligence and Security Center has highlighted China’s use of spies to steal U.S. trade secrets. The FBI has investigated improper foreign investments in a California aircraft startup. And in March, President Biden said businesses have a patriotic obligation to invest as much as they can in protecting themselves from cyber-attacks.
On the other side of the ledger, business leaders are realizing that a volatile national security environment poses risks to the bottom line. CEOs and boards are more focused than ever before on the potential for major cyber breaches. The Russian invasion of Ukraine and other international flashpoints have also brought geopolitics back as a major corporate concern.
But even if they acknowledge the threat, what should companies do? Isn’t national security supposed to be managed by the federal government? Corporate structures were not designed to handle this level of risk.CSOs Can Take the Lead
Chief Security Officers and Chief Information Security Officers have a unique opportunity to add value to their companies by becoming the go-to experts on national security issues. These officers are already the senior executives responsible for major components of a company’s response to national security issues – whether cybersecurity defenses, insider threat mitigation, or investigations.
CSOs are being forced to work with government agencies on national security issues whether they want to or not. The Cybersecurity and Infrastructure Security Agency (CISA), for example, recently pushed critical infrastructure security leaders to be more transparent with government agencies amidst concerns of Russian cyberattacks on the United States.
There is also already discussion in corporate security circles of the need for CSOs to have a more expansive view of their role. Take the calls for corporate security leaders to better “understand the geopolitical dynamics of the 21st century” and for a shift away from tactical toward strategic thinking. These factors create an environment where CSOs are well positioned to lead on the national security challenge.
How to add value
While some CSOs hail from the national security community – coming from careers in federal law enforcement or the intelligence community – credentials are not sufficient to help companies navigate sensitive national security issues. To provide value to their CEOs and boards, and reduce risk to their organizations, security leaders must take additional action:
Align corporate strategy with national security strategy: CSOs should start by studying national security strategies and analyzing how their organizations align or conflict with national policy. A couple of examples of relevant strategies include the Interim National Security Strategic Guidance and the National Defense Strategy, both of which have updates due soon.
National security strategies provide invaluable insight into the U.S. government’s priorities. CSOs who can point to how their businesses and programs support these strategies will be well positioned to mitigate security, regulatory, and reputational risk. Those who see clear mismatches should work quickly to remediate gaps where possible.
Proactively engage government stakeholders and deepen public-private partnerships: Once CSOs understand how their organizations’ equities relate to those of the national security community, they should lean forward to develop public-private partnerships. As CISA’s private sector engagements demonstrate, attention from national security agencies is coming whether corporations are ready or not.
Adopting a proactive posture will position security departments to shape a collaborative working rapport with the government on issues of national importance. By avoiding an adversarial relationship with regulators, security departments can help their companies reduce long-term costs.
Lead a whole-of-business approach: CSOs should become a resource on national security issues for other parts of their organization. National security issues are cross-cutting, routinely impacting government relations, legal counsel, human resources, communications, operations, and the C-suite.
Security leaders who create a small cross-department working group to track national security issues, identifying risks and opportunities for the business, can help to protect their organizations and enhance the reputation of the security department in the process.
CSOs can fill a crucial gap in the landscape of corporate America, stepping up to provide advice on national security issues sorely needed by business leaders. Add to this the benefits of a more secure organization and a stronger bottom line, and it should be clear that being proactive on national security should be a CSO priority.
About the author: Mark Freedman is CEO & Founder of Rebel Global Security, a consultancy that helps security executives build strategies that account for geopolitics, nation-state attacks, espionage, terrorism, and other global threats. Mark is a CPP and former State Department strategy advisor. He can be reached at [email protected].
Disclaimer: The views expressed in this publication are the author’s and do not imply endorsement by any U.S. government agency.