Barbara Leach, Senior Advisor and Director-Risk Mitigation & Joyce Hunter, Deputy CIO-Policy and Planning, USDA
In the big picture, Enterprise Risk Management must be understood as an all-inclusive risk-based approach embracing the wide range of government, business, and operations that bring value to consumers and stakeholders. In the past, this value has related to single isolated entities, but those days are gone. In part due to technology, today no entity stands alone.
“For industries to become more risk tolerant, our strategies for Enterprise Risk Management must connect through sharing a joint mission and careful strategic planning”
President Obama’s recent Cybersecurity Executive Order and also his Executive Order mandating open and machine-readable data emphasize how Information Technology (IT) can change the world. IT professionals have learned to welcome new language–like cloud computing, social media, and the “Internet of Things”. Expanding IT solutions bring new responsibilities, while the need for risk management applies to technologies and data’s uses and/or threats to humans and machines.
The “World of Risk” is a big one. The World Economic Forum’s (WEF) Risk Response Network divides risk into five categories: Economic, Environmental, Geopolitical, Societal and Technological.
WEF identifies this fifth risk–“Technological”–as the most important since failures of critical systems likely can affect the other four. We, in IT, generally agree, but many of us place our own responsibility in mitigating risk first. We often think that IT literally makes the world go around, but too often, IT professionals have worked without understanding or collaborating with others outside their spheres of influence. The hard fact is that if there were no science, no inventions, no business secrets, no military secrets, no research, no need for privacy, there would be no need for cyber security.
For those of us in the “World of Food”, we often assume that our work concentrates singularly on conflicts of food safety, consumer food needs and wants, the US’s increasing responsibility to feed the world, and in the big picture, there will be an additional two billion hungry people to feed on our planet by the Year 2050. Seven Billion people now…Nine Billion hungry people in just 34years!
No matter which “world” we work in, we all must learn to work together, sharing knowledge, establishing joint goals and understanding each other will help us create better paths for protecting our joint knowledge. Failure to do so is in itself a major risk.
It was Thomas Jefferson who once said, “The greatest service which can be rendered any country is to add a useful plant in its culture.” Yet, it took our country until Abraham Lincoln became president to create the US Department of Agriculture. Now, we take for granted the food science, learning to care for land more carefully, and transportation systems and marketing strategies that get food to our mouths. In the big picture, IT must always be a part of this framework.
So change begins. In the “World of Food”, our journey of change includes a full portfolio of “things”…all likely located somewhere on the “Internet of Things”. These “things” must be protected by cybersecurity strategies just like that of science and other proprietary data.
Of course, our “World of Food”, is really about feeding hungry children, keeping farmers in business and ensuring food is safe, available and affordable every single day. In the “World of IT”, the facts of hunger and our need for a reliable food supply translates into data. In a way, this data can sometimes seem like just a “bunch of facts” to IT professionals, similar to how IT strategies are seen by food policy experts as a sort of “secret” language.
But when policy and IT languages combine, science and technology’s value escalates e.g.
• Accurate data is required, and inaccurate data can be worse than having no data at all, e.g., investments in crop insurance can be put at risk when insurance product developers fail to understand the timing of information collection deadlines.
• Early Warning Crop Monitors use remote sensing data, field observations and environmental monitoring to predict likely food shortages.
• Unmanned Aerial Vehicles and their IT systems measure fields, warn about insect infestations, and identify the timing for irrigation and harvesting.
• GIS mapping helps manage risk by identifying “food deserts” and connecting areas of poverty and disease systematically so strategies for feeding hungry children are strengthened.
• Robotics like tractors that drive themselves offer resource-saving technology while over time likely eliminate some of the dirt and sweat of farm production.
• Data from centuries ago weather records adds to our knowledge about today’s changing weather and climate patterns.
• Analytics offer new knowledge about how growing food without appropriate growing standards adversely affect sustainability; rising temperatures affect food quality; transportation costs affect access to food, and; in general, preparedness, i.e., knowledge about all things in the food value chain matter to our need to eat every single day.
Napoléon has been credited with saying, “An army marches on its stomach” but for all of our worlds today, it is not singularly the armies and related defense systems that rely on food availability. Rather, everyone “marches on ‘our’ stomachs”. Risk management is not an isolated economic concern, but requires understanding human, land, climate, and technology factors. Every day, collaboration and sharing of information about this knowledge guide assistance to billions of people.
Essentially, we in our separate but connected IT and policy worlds must understand we do not stand alone. For industries to become more risk tolerant, our strategies for Enterprise Risk Management must connect through sharing a joint mission and careful strategic planning. Policy experts, scientists, researchers, Chief Data Officers, data scientists, Chief Information Officers and many more people working in partnership are essential to successfully addressing stakeholder risk.
In this way, we will learn to know technology and policy, know risk and to better protect our industries.