In episode 113 of the podcast, Rob interviewed Bruce McIndoe of McIndoe Risk Advisory, LLC. Rob spoke to Bruce about Geopolitical Risk and the current situation. Bruce provided insight into his experience with helping organizations manage geological situations with a key focus on the effects. Rob and Bruce spoke about exercises and the importance of conducting them early in the planning process. Another one you won’t want to miss.  

Show Notes  

1. MRA work in Geopolitical “space”. Geopolitical Forecasts for F500 companies and Associations. Geopolitical Risk Management, mitigation strategies and contingency planning. 

2. Challenges – Long burn (when to trigger for action); Quick burn (no time to prepare); Just Right (seldom happens – time for preparation and timely action taking) – Cascading linkages; Polycrisis;  

3. Geopolitical Scenarios – Political unrest, coup, nation state border/resource conflict, military action, war, etc. 

4. Scenario Planning – first focus on Effects and not Causes; For example, what is the plan if our back-office operations in country X is disrupted or non-available? Less important what the cause was, but critical that the organization deal with the effect. 

5. Evacuations: I have been involved in evacuation and rapid exit operations for more than 20 years as CEO of iJET and then WorldAware. These operations have been conducted all around the world.  

6. 2023 “Predictions” From my report in “ONTIC Security Industry Forecasts for 2023 and Beyond” Organizations will need to continue to monitor and respond to all the current major global issues that will persist into 2023 such as the Russia-Ukraine War, continued aggression by China, climate change driven severe weather, supply and transport disruptions, along with global stress and unrest driven by continued inflation and food insecurity.  

Protective leaders should plan for potential issues such as a new and more challenging COVID variant, nation-state aggression, territorial disputes and political instability. Success in navigating this dynamic global environment where the frequency and severity of threats and events seem to be ever-increasing will require:

1) more continuous risk monitoring (current and evolving) and assessment;

2) balancing current response activities with proactive preparedness; and

3) staying abreast of changing organizational objectives and enhancing your risk-related communications with management. 

7. Simulation Exercises. One of my key tenants is that if you want to build real response and recovery capabilities, you need to regularly conduct exercises. In fact, through our Agile Business Continuity framework, we start each planning sprint with an exercise. This baselines current capabilities and aligns all participants on the gaps and areas for improvement. From there, the planning process is more informed and in most cases the planning team is more motivated.  

I developed a global exercise for a large IT outsourcing company in the summer of 2012. The scenario was a contractor with insider access inserted a USB drive into a computer on a major middle eastern oil company and took down their network and business. We ran the exercise. Lots of lessons learned. And a month later… 

“The virus — called Shamoon after a word embedded in its code —was unleashed on 15 August 2012 by a a company insider with privileged access to Aramco’s network. Instead of solely collecting information, the virus revealed its highly destructive nature as it rendered the infected computers unusable.”