Ethics and Leadership

By Guy Higgins

I just read an article in Inc. online. The article looked at leadership failures at Wells Fargo, Samsung and Chipotle and what they had in common. In a short, online post, the author did a good job of pointing out that the recently published problems at those three companies did not spring full blown like Athena from Zeus’ forehead but were preceded by earlier problems or internal warnings that weren’t heeded.

A reason (actually an excuse) that is frequently put forward for the failure of corporate leaders to take action before a crisis explodes is that they are under pressure to produce market-beating financial results. In fact, that was explicitly stated as a reason for the CEO of Wells Fargo to ignore internal warnings that the pressure to meet financial goals was pushing people to skirt (and sometimes cross) ethical boundaries. Continue reading

Measure – Matter – Measure

By Guy Higgins

Last week, I came across an aviation article that urged airlines to adopt AoA (Angle of Attack)* as one of the “metrics” monitored by pilots to ensure proper airplane performance. AoA is very useful because it is self-compensating for airplane weight and remains an accurate indicator of wing stall. In fact, for practical purposes, the AoA for maximum range airspeed is always the same even though the actual airspeed varies with airplane weight. The same is true for maximum endurance airspeed and stall airspeed. AoA is a seriously cool, real-time, self-compensating metric for pilots.

Okay, fine – what has that got to do with non-aviation (which is a very large domain – sort of like non-dandelions)? To answer that, let’s look at the title of this post – Measure – Matter – Measure. We’ve all heard that what gets measured gets managed, and I think that is certainly true. The question I want to explore is whether or not what gets measured actually matters. Continue reading

Left of “X”

By Guy Higgins

A long time ago, in the old days, when I was actively involved in considering things like ship defense systems, we would talk about the two options that existed to respond to an attack. You could “shoot the arrow,” or you could “shoot the archer.” In general, shooting the arrow is a hard thing – they’re small, hard to see and they move fast. Archers, on the other hand are easier to see, slower and easier to hit. The problem, of course is that you don’t always know if the archer is a bad guy until it’s too late and you wind up having to shoot the arrow. Continue reading

Words Matter

By Guy Higgins

I recently read an article on corporate preparedness that contained the following assertion:

“In today’s corporate governance climate, there exists an increased emphasis on corporate boards and directors as well as senior management to fulfill their fiduciary responsibilities to guarantee that their corporations have in place the required corporate policies and operating protocols that would be adequate when it comes to managing the affairs of the corporation.” Continue reading

A Note to CEOs – It Will Happen to You

By Guy Higgins

I recently read a short article on the understanding of US, UK and Japanese CEOs to prepare for and respond to a cyber breach. The bottom line of the article is that they aren’t! Ninety percent of the 1530 CEOs interviewed did not truly grasp the magnitude of the threat, did not understand their company’s cyber-security preparations, and did not understand their company’s plans to respond to an actual cyber breach. Appallingly, forty percent of the CEOs did not even think it was their responsibility!

Some basic facts:

  • Every company, organization and person is the target of hackers
  • Every 12 seconds (24/7/365), there is a cyber attack on a company in the U.S.
  • Your IT security team must succeed 100% of the time 24/7/365 – forever. One failure and you have been breached.
  • Two thirds of all cyber breaches are caused by your employees (including you) because:
    • They don’t update their software as your IT team almost doubtlessly urges them to do
    • They don’t pay attention to the basic cyber security tenets your IT team publishes (e.g. don’t use “PASSWORD” as your password)
    • They don’t password protect access to their computer or they don’t routinely turn it off or put it to sleep when they leave their desk
    • The allow access to their computer by a colleague, or (worse yet) a visitor
    • They open emails from unknown senders (one in three employees do this)
    • They click on links within suspicious emails (one in eight employees do this)
  • An actual cyber breach is not just an IT security problem (they have already done their best) – it is a business problem, a liability problem, a PR problem, and (increasingly) a legal

As the CEO, you are responsible for your company, including cyber security and cyber breach response – just as you are responsible for revenue and earnings. The buck does stop at your desk.

Since, as the CEO, you are almost certainly not the cyber-security or cyber-breach expert, what do you do? The same thing that you do for all of your other responsibilities – you find an expert and delegate authority and responsibility for cyber security and cyber-breach response to those experts. It is important to emphasize again that cyber-breach response is not an IT problem. It is a business problem, so you should not automatically delegate cyber-breach response to the IT or cyber-security folks. Pick the right person, empower her, support her and resource her.

It is irresponsible to behave as though your company will not be cyber attacked or that your cyber defenses will never be penetrated. A rapid, transparent and well conceived response to a cyber breach can enhance your company’s reputation rather than damaging it. The failure to be prepared for such breach will damage and may destroy your company’s reputation.

Predict your vulnerability to cyber attack – this is easy. You are vulnerable.

Plan your response to a cyber breach – as a business issue and not only a security problem.

Enhance your ability to Perform by exercising your cyber-breach plan regularly.


Knowledge is Power – Or is It?

By Guy Higgins

A generation ago, when I transferred from my last squadron to Washington, DC, I recall hearing a slightly senior officer repeat the phrase, “Knowledge is power,” in reference to working within the federal bureaucracy in DC. He went on to explain that if you knew something that others did not, then you were in a position of power – power to influence events in the direction you wanted. The phrase has been attributed to Sir Francis Bacon who included it in his 1597 book, Meditationes Sacrae and Human Philosophy. In the context of the book, Sir Francis meant that the more you knew, the more you could influence events – not quite the same thing that the slightly senior officer meant. From the senior officer’s perspective, secret or restricted knowledge provided power. From Sir Francis’ perspective, power accumulated with increasing knowledge (which implies not only facts but understanding) – the more a person knew and understood, the greater influence that person could wield. Continue reading

Competition Doesn’t Happen on a Level Playing Field

By Guy Higgins

On the first of September, SpaceX, the commercial space launch company founded by Elon Musk was conducting prelaunch tests of a rocket scheduled for a satellite launch on September 3rd. An anomaly occurred,, and the rocket exploded destroying the payload (for the non-space folks, payloads destined for orbit run into the hundreds of millions of dollars). Rocket explosions are always spectacular, and if you’re as old as I am, you recall black and white TV showing spectacular failure after spectacular failure in the 1950’s and early 1960’s. You may also have seen film footage of spectacular failures of Werner von Braun’s V-2 tests. Spectacular failures are part of the business. Continue reading

Coulda, Woulda, Shoulda, Din’t

By Guy Higgins

There was a recent news article on a lawsuit against the U.S. Government following the murder of two members of the U.S. Coast Guard on Kodiak Island in the Aleutian Islands. The essentials of the situation are that the alleged murderer displayed increasingly angry and threatening behavior over an extended period of time leading to the attack and murder. The plaintiffs are arguing that the Coast Guard should have been aware of this behavior and taken steps to de-escalate the situation, get treatment for the alleged murderer or remove the perpetrator from the island. Continue reading

Small Island Leadership

By Guy Higgins

Seventy-four years ago this month, the United States conducted an amphibious invasion of a small island in the Solomon Islands between Australia and the Asian mainland. The invasion was conducted by the First Marine Division. The division was led by Major General (later General and Commandant of Marines) Alexander Archer Vandegrift. I suspect, though, that General Vandegrift would be the first to tell us that most, if not all, of the Marines on Guadalcanal were leaders regardless of their rank or rate. Continue reading

Security vs. Convenience

By Guy Higgins

Aviation Week recently published an article on cyber security for connected airplanes. There is growing concern that terrorists will hack into airplane control software through the airplane’s entertainment system – these entertainment systems are increasingly connected, via satellite, to the Internet.

So let’s talk about cyber security. Continue reading