Public-private co-operation on security overseas: by Anders Groenli MSc, Recipient of the Imbert Prize 2009 for the development of ideas for the advancement of risk and security management in the UK.
Setting up and maintaining a business overseas could be a daunting task in many ways. The readers of Professional Security Magazine are, like me, likely to start at the security end of the spectrum of tasks. For most of you this is your job.<br><br>What can and should your home government do for you when you operate overseas? Could businesses be able to provide governments with useful input in a risk analysis and crisis management setting? When does engaging government turn into nanny-state? These were some of my questions as I started my research at Cranfield University. Interviewing 40 key actors in business and government in the United Kingdom and Norway, I got interesting answers but also wanted to try to distil some points that could be of use both to businesses and governments. <br><br>My perspective came from having worked in the Norwegian Foreign Service, and looking at security and risk in the entire spectrum from natural disasters to man-made challenges. Some of my findings and recommendations will be shared with you in this article. <br><br>The national interest<br><br>What should the government do for the security of your business overseas? This was one of the first questions I asked. It turned out that US Foreign Secretary George P. Shultz had asked the same in 1985, after American interests had been severely hit in Lebanon and elsewhere. Shultz set up the Overseas Security Advisory Council (OSAC) with an executive office at the US State Department. Since then OSAC has established 134 ‘country councils’ where all companies with a significant American ‘stake’ can get advice. Even missionary organisations, educational establishments and other non-governmental organisations are OSAC members and benefit from assistance in risk analysis. <br><br>The Foreign and Commonwealth Office (FCO) and the Confederation of British Industry (CBI) set up a similar scheme, Security Information Service for Business Overseas (SISBO) in 2003. This was re-launched as an FCO – UK Trade and Investment (UKTI) initiative on May 1 this year and named Overseas Security Information for Business (OSIB). OSIB is intended to cover issues from political risk, bribery, corruption, physical and personnel security and terrorism to organised crime. The scheme is meant to get designated contacts in all UK high commissions and embassies.<br><br>The businesses I talked to were all very large organisations, who had limited expectations of government support in their risk analysis. Most of the businesses seemed to rely mainly on in-house efforts or advice from large consultancies. <br><br>Nevertheless, both government and business actors agreed that it could be in the national interest to support companies overseas that paid tax to their home government, did business of value to the national interest, or simply had employees of the same nationality as the government. <br><br>Both OSAC and OSIB seem to have a similar definition (although not always spelled out clearly) in that they will help companies with American or British ownership, headquarters or employees. It might even be in the British interest to help secure a company from another country, operating in a third country, if the company has British staff or provides services that are of value to Britain? <br><br>Keeping track <br><br>The study recommended that Foreign Offices should establish central databases where their country data are stored. A co-ordination of data would enable automatic feeds with updated information from trusted sources in addition to manual input of information. A database could provide output to various ‘customers’ both within and outside the organisation. <br><br>This should be part of a comprehensive information management strategy for the Foreign Services, where they both consider internal government needs for information and what external ‘customers’ need. <br><br>The study indicates that much information, both within government and elsewhere, is kept within organisational units to an unnecessarily high degree. The greatest challenge to a good co-operation between businesses and government seemed to be the ‘stovepiped’ nature of our societies. This is probably true for all countries – you relate to your superiors and subordinates but have difficulties in sharing information on the ‘horizontal level.’ <br><br>The need for secrecy is part of the reluctance to share information, but only to a certain extent. Keeping information within an organisation or even a single organisational unit seems to be largely because others’ need for information has not been established rather than a reluctance to share. Risk analysis is thus unnecessarily limited by data that exist, but is not accessible. A successful implementation of the information management strategy should lead to timely and systematic delivery of reliable information to all relevant actors. <br><br>Countries without an overseas risk and security advisory service, like the America OSAC and British OSIB, should establish a strategy for co-operation with businesses and non-governmental organisations that could benefit from information the government is in possession of. This strategy could consist of designated points of contact in the Foreign Offices or through co-operation with existing business security organisations. All embassies should establish systematic networks for exchange of risk and security relevant information with businesses and non-governmental organisations.<br><br>Partnerships<br><br>The study also recommended that Foreign Offices or organisations they designate should establish security partnerships. These would link the government with businesses and non-governmental organisations that are well placed to provide the government with information on overseas risks. This can be particularly valuable when businesses have access to areas or information that the Foreign Office would have difficulty in obtaining themselves. Such information could, after processing, be pooled and made available to the other partners. Foreign Office’ partners could also be given access to more information (even selected classified information) in return for their partnership. One would, however, need to ensure that businesses are not made into governmental intelligence gathering tools in a way that could be damaging for participating businesses. Much risk information concerning natural disaster and crime is not related to national security, and could be better suited for a partnership than information about the national security of the country under scrutiny.<br><br>The businesses that took part in the study said that they often shared international risk analysis within the business community – either with companies from the same country or within the same line of business. The Chief Security Officer of a Fortune 500 company said: ‘We compete on everything but security.’ To some extent businesses interviewed for the study said that they already had links to government, but this was to a large degree built on informal relations. These are vulnerable to changing positions, and of little use in critical situations when your contact is on vacation or otherwise unavailable. <br><br>Foreign Offices should also take an active role in relation to the general public and their possible input. The proliferation of user generated content like Wikipedia and blogs are examples of the desire ordinary people have of making contributions, without expecting payment in return. Forrester Research’s consultants Charlene Li and Josh Bernoff have described the public input in their book Groundswell (2008). All actors who are interested in good risk analysis should consider the potential of tapping into this ‘groundswell’ of potentially valuable information. For the Foreign Offices this would mean ways of connecting with outsiders to get input for their travel advisory services as well as for their risk and security information to businesses and non-governmental organisations overseas. A great challenge for the risk analysis or contingency planners would obviously be to find clever ways of sifting through all the information that is available – or establishing bespoke services for interaction. <br><br>Crisis management<br><br>No matter how much effort businesses and governments put into risk analysis there will always be surprises. I was abruptly thrown into crisis management mode after the 2004 Boxing Day tsunami in Asia, as part of the Norwegian Foreign Office team. To our great surprise we had around 7000 Norwegians on vacation in the affected areas, and were not at all set up to handle the situation at the time. For a country smaller than Scotland it was a great tragedy to lose 84 citizens in a single disaster. The Norwegian Government learned their lesson and established an overseas crisis management structure – but only after the tsunami had hit. <br><br>Natural disasters like the tsunami will hit and some might affect your business. In these circumstances an established partnership between Foreign Offices, embassies and businesses could be of great help. Co-ordinated crisis management plans might be of mutual benefit. Different companies will be able to bring different resources to the effort. In Thailand it turned out that the second largest mobile phone company was owned by the Norwegian company Telenor, and could have been of assistance to the Norwegian Government if they had established systematic links to businesses before the Tsunami. If a network is set up to co-operate on risk analysis, it could be extended to cover crisis management planning – and execution – as well. Actors who have learned to know and trust each other would undoubtedly also work better together than strangers when a crisis occurs.<br><br>What I have mentioned about tapping into the ‘groundswell’ of public attitudes works for crises as well. The Norwegian Government took long to establish the status of citizens in the Tsunami affected areas in 2004. The main Norwegian tabloid Verdens Gang, however, set up an online service where people could list their missing relatives or friends. It turned out that their online lists were not far from the Government lists of missing or dead, but they delivered the results much faster. Privacy is an issue that needs to be addressed when employing such tools but new tools for better interaction with the public in crises would benefit both government and businesses. <br><br>Finally<br><br>The study I did at Cranfield University could only scratch the surface of the needs and desires of security managers and other business leaders in companies that operate overseas. It would be interesting to look closer at small and medium sized companies or non-governmental organisations in particular. These might not have the resources to conduct risk analysis like multinationals do. New ways of tapping into the ‘groundswell’ to get data for risk analysis and crisis management would also be an interesting area for further research. <br><br>The conclusions I made in the study are also limited to the sources I had access to, but I believe that many of the findings and recommendations can find use in business and governments on a wider scale.<br><br>Acknowledgements<br><br>All sources who took the time and provided me with more information than I have had the time to process. My supervisor Tony Moore, mentor Professor Chris Bellamy, and partner Dr Monika Hestad – as well as all others who supported my research.<br><br>Further reading<br><br>Anders Groenli, Upcoming research report on risk analysis abroad, Cranfield University, expected August/September 2009<br><br>Overseas Security Information for Business (OSIB): www.uktradeinvest.gov.uk/ukti/osib<br><br>OSAC London Country Council: london.osac.gov<br><br>About Cranfield University:<br><br>A wholly postgraduate institution specialised in engineering, management and security related disciplines. Cranfield Defence and Security is based at the Defence Academy of the United Kingdom, MOD Shrivenham, Oxfordshire. Among the degrees offered are a full-time MSc in Global Security and the part-time MSc in International Security and MSc in Resilience. For more information visit – <br><br>http://www.cranfield.ac.uk/cds/securityresilience<br><br>About the author, pictured<br><br>Anders Groenli MSc is currently establishing himself as a security consultant in London. Before his postgraduate research at Cranfield University he worked for the Norwegian Ministry of Foreign Affairs. He has been posted to Brussels (NATO HQ) and had field work in Southeast Asia and Western Africa. He has also worked as a political adviser at the Norwegian Parliament and for the European Commission. Groenli is in the process of reviewing his research and aims to make the entire report available online to the readers of Professional Security Magazine later this summer.<br><br>E-mail: [email protected]
