Resilience Engineering
Any of you who, like me, have been in this business for a good few years will have seen a myriad of phrases describing the business of making organisations more resilient. Business continuity, crisis management, disaster recovery and operational resilience spring to mind. Recently a phrase that has been gaining ground is ‘resilience engineering’.
Photo by Rebekah Howell on Unsplash
In the past resilience engineering has largely focused on system and application development, but a recent letter to Chief Executives of UK organisations the UK government has made it clear that the thinking needs to be much wider. It refers to a very specific threat - cyber attack - and poses the question ‘how can you structure your operations to prepare for a cyber attack?’
The BBC described the government’s suggestions as looking “…beyond cyber-security controls toward a strategy … which focuses on building systems that can anticipate, absorb, recover, and adapt, in the event of an attack.”
To further underline the importance of this planning Richard Horne, chief executive of the UK’s National Cyber Security Centre (NCSC) said organisations need to "have a plan for how they would continue to operate without their IT, (and rebuild that IT at pace), were an attack to get through.”
At Crisis Solutions we have been working with a number of our clients to engineer resilience into their operations. Initially it seems a tall order - we are so reliant on technology that it’s difficult to see how businesses might operate without it. From a bank approving a mortgage to a logistics company moving goods around the world - automation is inherent in most of what we do.
But with board support and the imagination and enthusiasm of the teams we work with, manual workarounds and practical precautionary measures are being implemented to mitigate the impacts of a cyber attack. I’ll be sharing more of our resilience engineering experiences over the coming weeks.