As much as anything else, the pre-9/11 world was about empowerment. Empowerment of the individual to more easily communicate, process data, access knowledge, and travel. Empowerment of the organization to expand its global reach, focus on core competencies, and maximize performance. Empowerment translated into the biggest productivity gains ever and, consequently, flush bottom lines for companies across America and around the world. Friction-- those activities or processes that hinder adaptation, flexibility, and innovation-- was increasingly shed in favor of transparency and dexterity. A new, dynamic era with unlimited promise had been ushered in. It was, or so we thought, our birthright.
Almost overnight, however, the friction that had been logarithmically shed was reacquired. On September 12, 2001, leaders of organizations of all sizes woke up to a set of realities that were as formidable as many of them had ever faced. Some of the realities were subtle: government agencies increasingly scrutinized the content of telecommunications and financial transactions. Others were stark and in your face: mind-numbing security lines at airports, stadiums, and amusement parks.
As the post-9/11 era continues to evolve, it has become clear that the newly acquired friction would be around for as long as we could foresee. Organizations that had once been accustomed to a steady devolution of the non-revenue generating aspects of their enterprise were now thrust into the need to somehow deal with these new realities. Traditionally unglamorous areas like emergency management, security, government compliance, risk management, continuity planning, disaster response, and community affairs became more critical than ever to the organization’s overall performance, business across the globe, its bottom line, and, ultimately, its survival.
Not surprising, the massive uncertainty attached to all of this has triggered random and haphazard responses from American and European firms. In the realm of security for instance, companies with operations in Southeast Asia and the Middle East have obviously strengthened their defenses. Some public utilities (but not all) have “hardened” their perimeters by restricting access. Even the Hollywood studios have increased security, fearing their vulnerability as disseminators of “decadent” western culture.
Most leaders viscerally know that the terrorism age has altered the way things now get done. Surprisingly few know how to effectively manage the newly acquired friction.
—Andrew R. Thomas
On the other hand, a study late last year by the U.S. General Accounting Office revealed that the chemical industry has done very little to strengthen its defense and prepare for a possible attack. The survey identified 123 plants in America which, if damaged, could expose more than 1 million people to toxic clouds of gas. Equally disheartening, the GAO report found the emergency management plans of many nearby communities to be incomplete or antiquated.
It’s the System, Always the System
Just because many organizations have begun to implement measures to deal with the unpredictable and the unimaginable doesn’t mean that things are actually any better. Many of the new systems that have been put in place simply don’t function very well. Bad continuity plans look a lot like good ones on the surface. It isn’t until we delve deeper that we can tell if a strategy is truly an effective one or not.
Unfortunately, this kind of exploration happens infrequently, if at all. Most leaders viscerally know that the terrorism age has altered the way things now get done. Surprisingly few know how to effectively manage the newly acquired friction. Such an environment not only results in a waste of critical resources; it also leaves the organization ill prepared when the next [blackout, Internet virus, terror attack, etc.] inevitably occurs.
Even a passing glance at how most companies are dealing with the new friction exposes that what is in place imitates a scattershot of countermeasures. Some work, some don’t, but it is never really explored how any of this impacts the overall vitality of the organization. Crudely stated, the conventional wisdom purports, “If we throw enough measures, plans, processes, and money against the wall, a certain amount will stick. And, whatever stays up there we’ll point to it and label it our best attempt to deal with these new realities.” Very few companies have taken the time to evaluate how these countermeasures- the good ones as well as the bad ones- interact with other aspects of the entire system.
Since 9/11, the international trade folks and the security office have become joined at the hip within many companies. In the past, the two departments would often have little or no contact with each other. But now security and international concerns are intersecting, with importers and brand owners very much concerned with the security of the goods they bring into the U.S. However, it’s not the fear of piracy or pilfering that is the driving force, rather a need to comply with the US government’s new anti-terrorism mandates. It has been quickly learned by thousands of companies that a failure to comply with the new U.S. Customs security measures is what’s punching them in the stomach- right in the place where time equals money.
The U.S. Customs-Trade Partnership Against Terrorism (C-TPAT) has quickly become a de facto requirement for any company hoping to see their shipment anytime soon after it lands on U.S. shores. For smaller companies, the C-TPAT requirements are daunting, especially for importers who purchase goods on spec, buy samples, and deal with many unknown suppliers.
Prioritize the Organization’s Vulnerabilities
A company cannot prepare for every contingency, nor should it try. Instead, firms should conduct a simple assessment of the points at which the organization is most vulnerable. Managers should ask “What are the gravest challenges to the company’s ability to endure and flourish?”
Like everything else in business, as well as in life, success is more about the quality of the decision and the follow-up than the quantity of money thrown at a given concern. Ironically or surprisingly, effectively overcoming the new friction may cost little to accomplish.
Following 9/11, the city of North Olmsted, Ohio like thousands of other municipalities around the country, did a basic analysis of its most glaring vulnerabilities. Located next to a major highway interchange and home to one of the largest shopping centers in the Midwest, planners quickly saw traffic jams as the biggest continuity issue. For less than $1,000, the city purchased three gas-powered generators at a local hardware store and stored them at City Hall. When the blackout of August 2003 occurred at the beginning of the afternoon rush hour, 3 police officers hooked up the generators to traffic lights at the City’s major intersections within 10 minutes. While cities around the Northeast United States and Canada were experiencing horrific congestion and confusion in their streets, this suburb of Cleveland had no noticeable change in traffic flow during the entire blackout.
Magic Bullets are Never the Answer
Time-crunched decision makers have too often focused on one or a few “magic bullets” to manage the new friction they are being forced to confront. Magic bullets are characteristically easy to implement and simple to explain to employees, customers, and other stakeholders. Things like detailed continuity or recovery plans and multi-layered security systems have been held up as the solution to the organization’s challenges. However, by failing to address the most critical needs of the entire system in favor of what looks or feels good, many critical vulnerabilities remain woefully unaddressed.
Key Bank Corp. was under attack on 9/11. The last airliner to be taken over by the terrorists was hijacked over Western Pennsylvania. Before the heroic passengers and flight crew decided to take the plane back from the terrorists, a suicide pilot who had been trained to fly the plane into a skyscraper was in control of the fully-fueled 767. The 63-story Key Tower, the tallest building between New York and Chicago, would have been clearly visible from the cockpit of the hijacked plane. A variation in the actions of the terrorists or the crew and passengers may very well have put the building directly into the line of fire.
On September 11, the evacuation of the 12,000-worker building was chaotic to say the least. Hundreds of employees, including several senior managers, refused to leave their desks even after the evacuation had been ordered. Moreover, for thousands of workers, it took well over an hour to finally exit the building.
The next week, Key designated two people on each floor to be in charge of evacuation in case of another emergency. The floor leaders met for about 15 minutes to provide feedback and updates after regular evacuation drills were conducted. New employee policies mandated that anyone not willing to move from their desk, and evacuate in a timely manner- regardless of their position- would receive sanction, suspension or even termination. When the August 2003 blackout occurred, the building was completely evacuated in less than 12 minutes without incident or injury.
Technology Does not Provide a Failsafe; Processes Do
Consultants and salespeople are quick to promote the latest, hottest technology when it comes to better managing the friction that organizations are confronting. The latest firewalls, communication devices, or detection gadgets are very popular right now. They may be useful to some extent. However, success is only as effective as the human processes that surround proper implementation. The focus must always be on human process, with technology providing support. Not the other way around. All threats to an organization’s viability, even those occurring in cyberspace, stem from human beings. Therefore, the response must be ultimately human.
At the core, organizations need to be able to not merely survive but also thrive in the ever-changing environment they find themselves in today. To fulfill that mission, leaders must create a seamless system that integrates every aspect of their organization- including the friction-producing ones.