The Imperative of Expert Continuity Professionals in Strengthening US National Defense and Compliance with the Federal Mission Resilience Strategy
By Dan Lipps, CBCP
The headlines over the last 2 weeks have been nothing short of sensational, or ominous, depending on how you look at it. January 30th reported the close-call incident involving the USS Gravely destroyer shooting down an anti-ship cruise missile in the Red Sea after the missile came within one mile of the ship. The very next day, on January 31st, during a congressional hearing on “The CCP Cyber Threat to the American Homeland and National Security,” FBI Director Christopher Wray testified that the Chinese Communist Party (CCP) has successfully hacked critical U.S. infrastructure implanting malware with the intent to cause “physical harm” to American populations, at a time of their choosing.
Rep. Raja Krishnamoorthi (D-Ill.), the ranking member on the Select Committee on the CCP, said that “The purpose of the hacking was not to collect intelligence,” but to “install malware that, once activated, would disrupt or damage the infrastructure.” “This means we could suffer large-scale blackouts in major cities. We could lose access to our cell towers and the internet. We could lose access to clean water and fuel.” Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), referred to this as a “Cyber Invasion” by the CCP, and likely just the “tip of the iceberg” as far as the extent of exposure to this threat.
Rising threats internationally, and this latest revelation about a literal “cyber time-bomb” in systems and critical infrastructure underscores the imperative for robust Continuity of Operations (COOP) programs within the U.S. federal government, and specifically the Department of Defense (DoD).
While Presidential Policy Directive 40 (PPD-40) mandates that federal agencies establish comprehensive COOP programs ensuring that the U.S. government can maintain essential functions during and after a range of emergencies, including cyber threats, physical attacks, and other disruptions.
The reality is that many DoD continuity programs are mere “paperwork drills.”
The truth emerges when considering that most of these programs falter under the scrutiny of a genuine program audit. The current state of many COOP programs reveals a significant gap between policy and practice.
Many agencies have programs that lack the depth and resilience required to address real-world threats effectively. Rarely, you’ll find full-time defense continuity planners engaged at the program management level. Most civil service and military personnel tasked with COOP responsibilities juggle multiple roles or are assigned as a collateral duty. They lack the expertise and tenure needed to establish viable continuity programs.
In my experience, there’s not a lack of policy at the agency/command-level, but limited leadership engagement and enforcement. Admittedly, DoD agencies have a lot of “federal requirements” to comply with, but the reality is compliance comes down to risk exposure and appetite by the agency head/commander.
That calculus is changing though. As we’ve seen, the threat landscape is skewing more and more from the “not-probable/not-likely to occur” axis to the “probable/likely to occur” axis.
The critical question arises: why are these COOP programs consistently falling short, and how can they be fortified to withstand this evolving threat landscape? The answer lies in the specialized expertise brought to the table by certified Business Continuity Professionals.
Continuity professionals possess the experience and knowledge necessary to navigate the complexities of continuity planning and how to implement industry best-practices, thus ensuring that programs extend beyond theoretical exercises to produce real readiness capabilities.
In 2020, President Trump signed the new Federal Mission Resilience Strategy (FMRS), which further emphasized the need for agencies to maintain the capability and capacity to continuously perform National Essential Functions (NEFs), regardless of threat or condition, with the understanding that advance warning may not occur. It does not change the underlying requirements for federal continuity program, but does change the emphasis on where planning and resourcing need to be placed. COOP planning has historically focused on react, respond and relocate performance of essential functions. The new strategy requires the Federal Executive Branch to logically distribute leadership authority and operations, where possible, to minimize risk to the performance of essential functions and services and ensure Presidential decision support in all conditions.
Here are several key reasons why hiring continuity professionals supports and will accelerate compliance with FMRS implementation:
- In-depth Understanding of Threat Landscapes: Experienced continuity professionals are well-versed in assessing and adapting to dynamic threat landscapes. They possess the knowledge to anticipate potential risks specific to their sector, including cyber threats, geopolitical tensions, and physical attacks.
- Scenario-Based Planning: True resilience requires more than just checking boxes on a checklist. Continuity professionals bring a nuanced understanding of scenario-based planning, considering various contingencies and crafting strategies that address the specific needs of the organization. This aligns with the FMRS’ emphasis on distributing leadership authority and operations to minimize risk.
- Regulatory Compliance: COOP planning often involves compliance with a myriad of policies and directives. Professionals with a background in business continuity management are equipped to navigate these complexities, ensuring that programs align with industry standards, governmental regulations, and the FMRS.
- Effective Communication and Coordination: During a crisis, effective communication and coordination are paramount. Continuity professionals are skilled in developing communication plans that facilitate efficient information flow, both within the organization and with external stakeholders.
- Regular Testing and Evaluation: Successful continuity programs require regular testing and evaluation to identify weaknesses and areas for improvement. Continuity professionals implement comprehensive testing protocols and ensure that lessons learned from each exercise are incorporated into the program’s ongoing development.
In a world where threats to our national security are multifaceted and rapidly evolving, the need for certified continuity professionals cannot be overstated. The incidents and testimonies cited above serve as stark warnings that our national security strategy demands more than just bureaucratic compliance. It necessitates real operational durability. COOP Planning is not a part-time “staff job;” it requires the expertise of continuity professionals to move these programs rapidly toward viability. It is time to move beyond paperwork drills and invest in the resilience that true continuity planning brings to our national defense.