It takes an extraprise to secure your business

Never mind the front gate, your company's biggest vulnerability could reside far outside its walls

Back in May, I wrote a column about our country's lack of an overall plan to protect critical infrastructure in case of attack -- telecommunications and fiber in particular. Consider this Part 2.

What moved me to write another column on the subject is a news piece I watched a couple of weeks ago, about the Lawrence Livermore National Laboratory here in Northern California. The lab has been criticized of late for lax security measures. On the local level, it was fingernail-biting time as the federal government reviewed the lab's contract. Besides being a major embarrassment to the state, lots of jobs could have been lost as well. But we need not fear; the contract was renewed.

And then a week or two later, this story followed: It seems the lab just bought a half-dozen or so of the world's fastest Gatling guns. They fire up to an incredible 4,000 rounds per minute.

Well, I thought, now they really are secure. I can only imagine how the Al Qaeda infantry would be mowed down as they stormed the front gates. These guns can even shoot down a hand grenade in midflight. It would make a great John Wayne movie, don't you think?

But somehow I'm thinking maybe the lab is taking the wrong approach. So I called a security specialist I know at the Department of Homeland Security to see what he thinks we need to worry about.

Jeff Gaynor is director, executive secretariat, and designated federal officer of the Emergency Response Senior Advisory Committee and Critical Infrastructure Taskforce of the Homeland Security Advisory Council. He says our weakest links are not found at the front gates, but rather on the Internet.

What he means is, if you Google "Gatling guns," you'll probably get the story about the lab's purchase, how many guns were purchased, and -- who knows? -- maybe even a map to show you where the guns are located.

(Actually, I did Google "Gatling guns and Lawrence Livermore Lab" and got back 684 hits.)

Gaynor says the most seemingly innocuous piece of marketing hype can be quite useful in the wrong hands -- for example, a story that says, "We are the sole supplier of something to someone," or "Here are pictures of our newest facility," proudly depicting the building from every imaginable angle. But there is an even bigger idea to what Gaynor is talking about than just "Loose lips sink ships."

The Department of Homeland Security identifies 17 critical infrastructure sectors, such as electric, power, telecommunications. Although a list of 17 sectors looks good on paper, that's not the way the country and the economy operate. Both private industry and government are making a serious misconnection if they think in terms of infrastructure silos.

It is good to understand those critical sectors, says Gaynor, an ex-military man, but you must train the way you are going to fight. "We are lined up in sectors, but we operate in communities. You have to align yourself the way you operate."

For the enterprise, that means we need to think in terms of working closely with our trading partners in the "extraprise" when we think of security. That means thinking more holistically and organizing ourselves around networks of business partners, suppliers, manufactures, and distributors. Whether it is another Sept. 11-style attack or a Hurricane Katrina, IT will have to work harder to ensure the survival of a company's business community, rather than just its corporate datacenter.