Despite the unparalleled carnage and inestimable impact on
our national economy and psyche, there were a few worthwhile byproducts of
9/11.
First among them was the realization of what America’s
reputation and standing was in the Middle East and the rest of the world in the
few days and weeks after the attack. (Why do they hate us?) As is the case with
most tragedies, it becomes quickly evident who your friends are and aren’t.
Every once in a while it helps to take stock of your allies and know where you stand
with everyone else.
Instantly after 9/11, the boon to privacy and security
professionals become evident, especially business continuity and disaster
recovery practitioners. Suddenly, the departments and disciplines that were
hidden deep in the bowels of the IT department, that used to be thought of only
as cost centers and road blocks to getting access to fun web sites at work, now
became the rising stars of the organization. Every CEO and Board of Directors now
wanted to know what their company’s plan was if they were to be attacked or
lose a data center. How would they stay online? How would they recover services
after a terrorist attack? Could they?
The most interesting dividend to arise from 9/11, in my
opinion, however, was, the suspension of disbelief in the ‘anything is
possible’ scenario. On September 10th 2001 you could not have a
credible conversation with anyone whom you tried to convince that you needed to
plan for a scenario where a plane might crash into your building or data center
affecting your ability to continue your business. With good reason, before 9/11
no one really thought this would ever happen. Historically, when a plane was
hijacked, you waited until the hijackers asked that the plane be taken to
Havana or Cairo or wherever, and then landed, and then began negotiation with them.
No precedent had prepared anyone for the possibility of the hijackers actually
taking their own lives in the hijacking. What would that accomplish? How did
that advance their interests if they were dead?
Now of course, the approach is much different. No
possibility is impossible. No scenario is too far-fetched too imagine or plan
for. When I talk to service providers about how they will maintain continuity
of business to my company in the event of a disaster, I expect to hear them talk
about what they’ll do in the event of everything from a earth quake, hurricane,
tsunami, water spout, flash flood, lightening strike, terrorist attack and even
a zombie uprising. (Hey, you never know!)
So are we any better off now after 10 years of diligence and
‘saying something if we see something’? Are we safe? Are we safer? Has our alertness kept us out of
harm's way from any additional attacks on our soil, or was it just that one small
group of lunatics just got lucky while we naturally had our guard down? America
has habitually talked itself into one counterfeit panic after another (anyone
remember killer bees from South America, SARS, bird flu, or mad cow disease?).
The threat from terrorism is unfortunately not one of those red herrings; it is
real and it is probably here to stay. Though every tragedy on any scale is
regrettable and lamentable, we can always find a lesson or two that comes from
it. At least we can find something
that we can possibly benefit from or a lesson to be learned that may not have
ever been probable or foreseeable.
