There are very few people who would agree with the premise that the response to the COVID-19 pandemic was a resounding success. The tally and consequences from the pandemic and the resulting responses will be measured for years. The main weaknesses revolved around extreme information silos, protectionism, poor analytical depth, and extreme bias in critical thought. There are enough political battles and blame games in media channels to warrant added coverage in this article. There is plenty of criticism to go around, so we will focus this article on a few main concepts we can learn from. It is my view that a security risk management (SRM) approach would have helped greatly in the detection and management of CoVID-19. We need to think holistically and proactively if we are to limit the damage from the next disaster.
The word “silo” has become somewhat of a buzz word and has been bandied about in many security, intelligence, and risk management circles. Buzz word or not, information silos remain one of the largest threats and impediments to the United States and the world. Most catastrophes and disasters occur when there are gaps in understanding, lack of effective early warning, lack of sufficient data, strict information access controls, and “fiefdoms” of political or departmental information hoarding. In some cases, silos occur with good intentions, but nearly always have severe consequences if not controlling for information walls. Silos take many forms and have boundaries along national, political, theoretical, departmental, and organizational lines. They can be thought of as “informational black holes” that keep info contained and prevent others from gaining the benefit of more data points. Silos force decision makers and stakeholders to make decisions without all the available information.
Group think and narrative building is also an unfortunate side effect of silos. When limited or vast amounts of information reside in a closed environment, it is at the mercy of those conducting the analysis and the assumptions related to that group or silo. “Professional” opinions form and become hardened without outside influence or competing ideas. There is great danger involved when silos become overly confident or promotional. Scientific method involves the constant testing of assumptions and hypothesis. Science is not a destination; it is an organized journey seeking to make sense of a complex world and sometimes surprising observations. Silos tend to oversimplify and form cemented ideas that cease being tested by additional observations and data points. This can lead to confirmation boas and the desire to be “right.”
COVID-19 exploited international and domestic silos at a catastrophic scale. Countries were prideful and afraid of international sentiment. Data was often withheld or altered to maintain a sense of credibility and relative dominance. This prevented early warning in some cases where stakeholders were looking for media reporting to provide that early warning. The scale, characteristics, and scope of the virus was continually driven by untested and dynamic assumptions that led to terrible knee jerk reactions and widespread fear. Unprepared international organizations involved with world health and disease scrambled to issue guidance based on incomplete and flawed information. This led to more panic and chaos. Domestically in the United States, social media erupted with diverse and sensational claims and interpretations of what was happening. Political organizations seized on every press release and update from the scientific community to support a narrative or damage their opponents. The media focused heavily on the virus in its reporting, leading to a captive audience of scared citizens that followed their respective thought leaders for updates. Ideas about the virus, its science, possible management priorities, and outlook became solidified in minds and became more resistant to deeper or more complete analysis. Ideological battle lines formed.
The data from COVID-19 was scarce and flowed through local hospitals, health departments, the CDC and WHO until reporting became more systematic and quality controlled late in the pandemic. The quality and accuracy of the data has been in question and a complete lack of preparation for reporting this type of data resulted in chaotic data silos that were interpreted in diverse ways before it could be properly cleaned and analyzed. Access to data was difficult due to information walls, incomplete reporting, lack of testing, and organizational hoarding of raw data. This was made even more difficult given the nature of private medical information. Statistical summaries popped up throughout the internet with biased and incomplete analysis. Stakeholders and decision makers were bombarded by “social analysis” and top of the page media reporting. Meanwhile scientists and medical experts scrambled to perform experiments and studies to analyze the virus, its characteristics, and possible management modalities. As information leaked about these studies, media outlets and political forces amplified whatever findings supported their narrative without looking at competing or alternative ideas. Although many professionals are still in disagreement on many related topics to this day, “science” was now a beacon of solidarity for lay people and citizens to hitch their opinions and ideas to as a form of social proof and credibility.
Isolated analytical shops and labs began producing models that completely lacked context (total exposure and pre-existing resistance etc) and forecasted grave danger and disaster. Graphs and charts were prepared to show just how serious the virus was and why citizens should do anything in their power to support their governments in fighting this pandemic. Governments used this data to shut down their economies and shut down their borders. Local and federal governments, partially motivated by a fear of being politically isolated, covered their liabilities by enacting strict policies that could prove steps were taken to protect citizens. Meanwhile the science focused on the virus, epidemiology, virology, public health, and mask wearing and not the unintended impact consequences of lock downs, wrecked economies, and possible health detriments of other risk management controls. The world became fixated on early numbers, models, a virus and its related politics while blocking out the rest of the necessary analysis. Models were followed like gospel and risk management decision were completely driven by projections.
The idea of second and third order effects and impacts is vital to military planning, security programs, and any sound risk management strategy. Characterizing assumptions and data is also necessary to avoid false understanding of observations in nature. Examining other data sources and limiting factors of existing data sets is essential. Performing “course of action” analysis is a relatively basic concept and allows decision makers to determine what impact and long-term effects can emerge base on certain security or risk management controls, treatments, or mitigations. Failing to conduct these basis analysis leads the organization and the nation down a precarious road of hope and react behavior. This can have monumental consequences. Where was this analysis done in the media? What experts focused on this? If it was done by government stake holders, it was not shared. The enterprises and companies determining their own fate likely followed existing analysis fed to them by the media complex and acted primarily out of fear of litigation and alienation. So as the government, experts, and stakeholders failed to do complete analysis in a risk management context, the trickledown effect impacted the available decisions of all organizations in the country.
In successful security risk management, it takes a village. It takes the whole organization, every party, every expert, every citizen, and nation to optimize outcomes from serious threats like pandemics. It requires that we continue to challenge our ideas when new data or context appears. It requires that we plan and seek data points that will help us answer the most basic security and risk management questions to help us make more informed and optimal decisions. We all have our own data, ideas, and contributions to make. The COVID-19 pandemic cannot be mitigated by using the arbitrary tagline, “follow the science.” There is no common sense in that statement. Science and technology can greatly enhance our risk management efforts but it cannot be the north star. This is due to the fact this threat is multi-faceted, complex and requires the collective effort of MANY different types of experts. The threats, impacts, and second order effects of a pandemic are not just medical or immunological issues. There are civic, legal, societal, public health, economic, constitutional, and quality of life analysis that must occur in concert and given adequate weight. Yes, we must strive for more data about the virus and its characteristics. Yes, we must understand the data points around the spread and mortality potential of the virus. But we must also accept the rest of the analysis so we can ensure the security programs, mitigations and risk management strategies are not worse than the threats themselves.
This article is not meant to be political. Its meant to help us learn as a world, organizations, and as a society. At some point we need to understand that we must be better prepared, less siloed, more hungry for data and context, practice more depth in analysis, work across experts, citizenry, and government synergistically and not politically, and view these emerging threats in a more holistic risk management context that maximizes the best decision making for all of us. Our failures continue to be silos, poor risk intelligence capabilities, false or incomplete narratives, bias, and reactive risk management. Security risk management helps to manage these pain points and to improve the decision making of organizations with a focus on people, data, intelligence, analytics, effective communication, training, proactive planning, and total risk impact understanding on a real time basis. Until we sort out a coherent national and local risk management framework that is more resistant to knee jerk overreactions and political/legal influence, our responses and risk management will cause more pain than anything the next pandemic could do at its worst. This is not an easy task and there is a lot to do across domains, but there are many talented experts in risk management that are waiting on the sidelines to help get us on track.
About the author: Toby Houchens is the founder and CEO of Alpha Recon and a thought leader in security risk management, risk intelligence, risk technology, international relations, and other emerging technologies to help keep the human race safer and more informed. With a blend of special operations, big data, and multi-discipline scientific experience, Toby is in a unique position to help navigate today’s most difficult security and risk management challenges.
To learn more about Alpha Recon’s risk intelligence and management solutions or qualify for a free micro-grant, please contact firstname.lastname@example.org or fill out a demo form on the website (www.alpharecon.com).