Booz Allen Announces Practice Dedicated to Strategic Security

NEW YORK, February 7, 2002 — Asserting that September 11 dramatically exposed critical vulnerabilities in the global business infrastructure, Booz Allen Hamilton announced today a service offering to help CEOs manage their most important new imperative: Integrating security into their strategic business planning.

The new offering combines the expertise of nearly 1,000 consultants drawn from relevant Booz Allen practices around the world. It leverages Booz Allen's unique position as an industry leader in both strategy and technology consulting for the public and private sectors, drawing upon its acknowledged leadership in Homeland Security, Information Assurance, Operations and IT, as well as new disciplines the firm has helped develop, such as critical infrastructure protection and social network engineering.

The firm's experts include former leaders of the nation's highest security and intelligence agencies, as well as officers with expertise in cyber-security, global supply-chain management and wargame-based scenario planning. The practice is led by Mark Gerencser and DeAnne Aguirre, vice presidents from Booz Allen's Government and Commercial sectors, respectively. Other officers in the strategic security practice include: Don Vincent; Chris Kelly; Mark Herman; Joe Mahaffee; Jim Weinberg; Mike McConnell, a retired Admiral and former head of the National Security Agency; and Rich Wilhelm, former Naval intelligence officer and national security advisor for Vice President Gore.

The new strategic security practice will help companies protect themselves from potential threats and vulnerabilities, including direct risks — to personnel, physical properties and equipment and information, as well as indirect risks — to business markets and channels, supply chains, or external infrastructure. By doing so, the practice enables companies not only to reduce risk exposure, but also secure opportunity through enhancing business resiliency.

"Strategy and security must be integrated. Security can no longer be bolted on. In the corporate world, this commitment needs to start with the CEO," said Booz Allen Chairman and CEO Dr. Ralph Shrader during a panel discussion at the World Economic Forum.

"This is the first formal practice of this scale dedicated to security," said Dan Lewis, President of Booz Allen's Worldwide Commercial Business. "It recognizes that, now and forevermore, security must be an integral part of corporate strategy. Security has been elevated from a focus on insurance policies and infrastructure protection to a cardinal point on the CEO agenda — one that can produce a competitive upside or advantage as well as reduce risk."

Booz Allen applies a structured approach to managing risk, based on three critical elements: vulnerability assessment, business resilience planning, and business model adaptation. The strategic security team works from a set of guiding principles that help improve security and preparedness in case of attack, develop coordinated responses to range of threats facing business today, and assures the ability to continue business operations in the face of disaster.

Booz Allen uses a "quick-look" analysis to understand a client's current security position, assessing the company's ability to handle risks to physical security, business continuity, the supply chain and other business alliances and interconnections. By measuring these risks, both independently and jointly, the strategic security team determines the current baseline resilience of the client. Booz Allen then reviews security requirements in the context of business goals and objectives, and creates tailored strategies to adopt into the business model.

Focus on New Risks and Vulnerabilities

The strategic security practice recognizes fundamental changes in the business environment. For example, corporations must now adjust their strategy to take into account changed consumer buying preferences, consumer buying channels, and gaps in product/service offerings. Operations strategies must respond to potential disruptions in the supply chain and the extended enterprise. Technology strategies must be modified to guard against cyber security threats. Business will also be affected by new security-driven regulations issued by the government (at the federal, state, and local levels), and the need to exchange critical information with government agencies to prevent and respond to future terrorist attacks.

The Booz Allen-developed concept of "interdependence risk" defines the vulnerabilities arising from the web of interconnections that link organizations in the global business environment. "Today, interdependence risk may be the single greatest threat to the enterprise," said Mark Gerencser. "Ostensibly small events — a single trader improperly covering derivatives risks, a rogue computer hacker, a fire in a supplier's factory — can spiral rapidly into an organization-threatening crisis.

"Protecting the enterprise involves far more than installing appropriate technologies, buying the right insurance policies, protecting data networks, and guarding critical infrastructure: It requires the integration of organizational security and corporate strategy. By successfully integrating security and strategy, firms not only lessen their exposure to interdependence risk, but can also obtain lasting competitive advantage."

New Practice Builds on Firm's Extensive Experience in Security

This new practice builds on the firm's extensive experience in assisting government and corporate clients with security-related issues, including: assessing physical security and developing enhancements; preparing strategic counter-terrorism plans; and providing information assurance, in the U.S. and internationally. Booz Allen also is a leader in developing wargames for government and commercial clients, using a unique, proprietary structure matched only by Department of Defense wargaming in its power and scope.

The firm applies a variety of proprietary methods, intellectual capital and other tools to help executive leaders manage security challenges. Recent activities include:

• A sweeping wargame that simulated a bioterrorist attack on two U.S. cities, with senior-level participants from both private industry and federal and state agencies. Specific recommendations emerged from the exercise, especially insight into best practices regarding public/private sector responsibilities and coordination.
• "How Corporate Security is Reshaping the Post-9/11 CEO Agenda" — a survey of CEOs on security issues.
• "Security and Strategy in the Age of Discontinuity: A Management Framework for the Post-9/11 World" — a leading-edge analysis of strategic security issues co-authored by Booz Allen Chairman and CEO Ralph W. Shrader and Mike McConnell, which is the lead article in the current issue of strategy business (issue 26).
• Cyber-Security Summit — Booz Allen hosted more than 300 corporate and government chief information officers and other senior executives from a cross-section of industries gathered to discuss the ongoing security of the nation's information infrastructure.