How the India-Pakistan conflict raises the stakes: Should the conflict between these two nuclear powers escalate and become a full-blown war, the disruption to supply chains, research and development, and support services has the potential to be significant. Pakistan’s technical hubs in Karachi, Lahore, and Islamabad will be placed in jeopardy. India’s technical hubs in Bengaluru, Hyderabad, Chennai, Pune, Delhi, Mumbai, and Kolkata may be targeted.Take into consideration that large portions of India’s 1.45 billion and Pakistan’s 255 million citizens may be on the move, and one can easily picture the possibility of societal chaos and infrastructure interruption. And with India still leading the world in IT outsourcing and captive centers, accounting for 17.58% of the global market, direct business impacts of a wider conflict will be significant.
Is my company ready for war?: At the Berlin Security Conference in November 2024, Admiral Rob Bauer, then chair of the NATO Military Committee, spoke frankly to industry leaders in the context of Russia’s illegal war being waged against Ukraine, asking two central questions of business leaders:
Is my company ready for war?What can my company do to prevent war?Bauer acknowledges the second question might take some by surprise, but not those who have been keeping an eye on geopolitical events. I touched on this following the February 2022 invasion of Ukraine, and the West began to issue sanctions, urging those not affected by sanctions to remove themselves from the Russian Federation. At that time, I noted that companies had choices to continue doing business as usual, to withdraw from Russia, or to do nothing. All three were choices, and all three carried with them the consequences of each specific action.There were a great many cyber clues that war was coming, including advisories from both government and commercial entities. I discussed this in “Russian cyberattacks on Ukraine raise IT security concerns.” Immediately after the Russian invasion, more advisories were shared and analysis on supply chain interruption followed.”War is on the European continent,” Bauer bluntly stated. He noted, the Eurobarometer in September 2024 “stated that 58% of respondents did not consider themselves well prepared for a crisis in the area where they lived. And almost two-thirds feel that they need more information to prepare for disasters and emergencies.”Since that time, we’ve seen Russia engaged in low-intensity conflict throughout Europe. In this regard, recruiting citizens sympathetic to Russia to engage in sabotage and disruption. We’ve seen disinformation and misinformation used as a weapon against democracies across the globe, but with greater frequency and focus on nations that are supporting Ukraine in defending its sovereign territory.When a conflict involves population sets the size of India and Pakistan and includes their diaspora, the potential for companies to be inadvertently pulled into a conflict by their own employee’s taking an action using company resources in support of their nation is not improbable.Bauer continued, “Business leaders in Europe and America need to realize that the commercial decisions they make have strategic consequences for the security of their nation. Businesses need to be prepared for a wartime scenario and adjust their production and distribution lines accordingly.”Every CISO needs to be asking whether they and their companies are ready for war. Do your network communications rely on one means of communication for corporation communications and another for commerce? Do the operational technologies use network communications that may become vulnerable during conflict and thus turn out the lights on production? What is the contingency plan when communications degrade to nil?
How CISOs can make a difference: Furthermore, as Bauer noted, “The world can be a dark place. And over the last years, it certainly grew even darker. But there is light as well. And they have been shocked by the united response from NATO, the EU, and other democratic nations around the world.”He continued, “The fact that the global security climate is becoming ever more complex and volatile does not mean we should slip into lethargic pessimism and think that these circumstances are beyond our control.”In addition to having a plan, companies must recognize that they have the ability to make a difference when making purchasing and implementation decisions, Bauer said. He recommended one do so with an eye on the potential for preventing conflict. Ask the uncomfortable question: Will this decision help the belligerent? This should include those allied with the belligerent and those supplying the belligerent. If the answer is yes, don’t do it.At RSA Conference 20225, Cross and Conti urged companies to think about “whether your organization may have direct or third-party exposure to regions of the world that may be exposed to conflict.” Leadership should then follow this up with a self-assessment to lay the groundwork to “develop specific plans to mitigate operational, infrastructure, and human resource impacts.”Final recommendation: Exercise your plan and update regularly. As Starmer noted, Britain’s plan is over 20 years old; your plan should be less than 12 months old.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3980419/india-pakistan-conflict-underscores-your-c-suites-need-to-prepare-for-war.html
