umanity is notoriously fickle and short-sighted, particularly when it comes to risks. In the absence of a clear threat or urgent or pressing challenge, it is far easier to remain optimistic and think “that can never happen to me.” That optimism is useful for finding opportunities, but particularly foolish when one accounts for history. It certainly never happens, until it does. As the world is now out of the COVID-19 global emergency and life is returning to normal, attention has moved on and little attention is paid to pandemic preparedness—we know it will happen again, but it is easier to just hope for the best.
Preparing for the worst is both an art and a science. No amount of preparation will mitigate every risk, but smart preparation and the development of institutional crisis management can help governments and organizations find their way through the worst and limit the damage. The best crisis management is informed by past experience and deep expertise, both of which Sir David Omand has and provides to readers in his new book “How to Survive a Crisis” (a copy of which was kindly provided by the publisher for review).
At its core, “How to Survive a Crisis” is a toolkit for how to respond to crises. Deeply informed by historical and personal experience, it identifies the challenges of emergency situations and offers lessons learned (neatly contained at the end of every chapter). This survey of past crises is superbly presented—from the 2013 In Amenas gas plant in Algeria to COVID-19, and from France’s failure at Dien Bien Phu in 1954 and the response to the 2017 NotPetya ransomware attack, Omand shows the applicability of lessons across time and space—a key lesson for crisis managers: learn from history.
Yet, “How to Survive a Crisis” is a much more complex and subtle book. Of course, it offers a masterclass into how to respond to and manage a crisis, but it delivers far more than just the topline title. It has fascinating capsule histories of recent crises, insights into human psychology during a crisis, the applicability of physical-world lessons to digital-world emergencies, but also how the United Kingdom organizes itself for disasters, whether natural or man-made. This is far more than simply a checklist of crisis response actions.
It is a very clever book about much more than it initially lets on.
Omand’s experience and his measured presentation of what should be self-evident best practices are what sets “How to Survive a Crisis” apart from its peers. It is, sadly, about as close to a proper autobiography of Omand as we are likely to see, unless he can be convinced of the value of penning a full memoir. His career as a civil servant across the United Kingdom’s security and intelligence establishments is nothing short of extraordinary. From a humble civil servant in the Ministry of Defence’s Defence Secretariat—a civilian policy institution offering non-military perspectives on military matters—which saw him on patrol in Northern Ireland to heading GCHQ (the UK’s signals intelligence organization) and the country’s first national security advisor, there are few senior roles of great import he has not held.
“How to Survive a Crisis,” like Omand’s previous work “How Spies Think,” is a book that commands attention because of this authority. Omand is not some business transformation guru opining on the experiences of others, or simply rehashing a well-thumbed Harvard Business School case study (though there are plenty of those in the business section of my local bookseller). He speaks with the authority of experience, but in a uniquely humble and measured manner. He has definitively attempted to use the tools of state to navigate a crisis, but found them as often as not like “rubber levers”, tools that prove unresponsive to inputs, and it shows. He is one of those truly quiet professionals on whom governments rely for smooth operation and success.
The straightforwardness of his approach and methodology demystifies crisis response. His model of calculating crisis severity, which is the sum of intensity, extent, and duration, is far more illuminating than complex models. His distillation of crisis management into its constituent parts undoubtedly makes him an invaluable person in an emergency, a steady hand at the helm of a ship in turbulent waters.
It is, however, also his ability to not lose sight of the broader complexity of crises and crisis response, which are never simple sets of causes and effects, but the result of dynamic interactions of systems and systems of systems. Omand’s distillation makes the principles of crisis response clear, but never presumes that things are or ever will be “simple”. He never presumes to suggest that there is a singular plan for crisis response, rather it is a strategy, one that is flexible and adaptable, but based on the principles and lessons he presents. Plans are fragile, good strategies are flexible.
His impressive career offers a unique perspective on how the government of the United Kingdom organizes and manages itself. The delegation of authority during a crisis along gold, silver, and bronze commands, the operation of the Civil Contingencies Committee, more commonly known as COBR (Cabinet Office Briefing Room, the equivalent of the White House’s Situation Room), and the interaction of the ministries during a crisis is fascinating. This presentation has its own value—understanding how allies and partners respond to and manage crises is useful for informing one’s own national and business response. It is also invaluable to understand how a partner country to the U.S., such as the United Kingdom, organizes its crisis and emergency response. Such awareness surely smooths cooperation and interaction, especially during international crises like cyber incidents, about which Omand writes extensively.
It is equally fascinating to see how things do not and did not work, particularly during the COVID-19 pandemic—the subject of a public inquiry in the United Kingdom at the moment. Omand handles the government’s response with a notable delicacy. He rightly points out failures on the part of Boris Johnson’s cabinet (and indeed on the part of the prime minister himself), but also recognizes successes where they were found, not the least of which was in the country’s vaccine development and roll-out.
While Omand is too polite to say so, there is no magic bullet for surviving emergencies and anyone who suggests there is one is simply peddling snake oil. There is also little excuse for lacking preparation. Crisis management requires due attention, care, and consideration. After a crisis or an emergency there is inevitably a great deal of effort and reflection. After-action reports are drawn up, lessons learned are divined, goats scaped, and promises made to do better in the future. Yet, as distance from the crisis grows, the attention fades. Preparation and planning are decidedly less attractive options, even if an ounce of prevention is truly worth a pound of cure. This is something against which Omand counsels.
Omand applies his lessons to the information era. While his guidance for the digital world is not fundamentally different from those of the real world, he does counsel the importance of recognizing the emerging challenges governments and companies face. The rise of ransomware, for example, poses a multiplicity of challenges that few likely consider in their plans. Hackers may hold the data hostage, which is a primary threat, but they also risk disclosing to the public the data that they hold (a secondary sort of ransom) and threaten to expose the breach publicly—three ransom demands for the price of one malware. The speed with which ransomware can propagate poses its own challenges, as does the effort to remediate the damage. The giant Danish shipping conglomerate Maersk, by way of example, was only able to recover its operations because a single server in Africa was offline when NotPetya took the company’s global operations down. Its cables had to be severed and physically flown to the United Kingdom to reimage the company’s networks.
Omand’s methodology and preparation would set up a crisis manager well, accounting for nearly everything; everything except human nature and psychology. Omand certainly addresses this throughout the book, but no blueprint can account for human fallibility, biases—psychological, political, or otherwise, incomplete information, faulty analysis, pride, or ego. The risk of attempting to rely too much on quantitative models or methodology in a crisis is very real, just as real as humans’ innate ability to do things that confound both models and rationality. The toolkit he outlines seeks to accommodate as much of these as possible, finding workarounds, building off-ramps, and creating structures to limit the damage that human nature and fallibility can create in a crisis (or otherwise).
There is always the question of the “dog that didn’t bark,” the issue that didn’t become an emergency, and didn’t become a crisis. “How to Survive a Crisis” does point to comparable successes, notably the preparations for the 2012 London Olympics, but most case studies are where things did not work. Sir David is perhaps a touch too polite about the private sector’s failure to mobilize sufficient security personnel for the 2012 Olympics. Yes, the British military stepped in and saved the day, but the security contractor’s failure was nonetheless monumental. There are far fewer cases where management was more successful or avoided descending into chaos. This is not surprising, but it does skew the data. We certainly know when things failed, we have a general sense of when things went going poorly but avoided disaster, but we likely don’t know the crises that didn’t happen because systems and processes worked.
On finishing “How to Survive a Crisis” one is left with both a sense of optimism and trepidation. Optimism because crisis management is, at its core, very sensible and logical. If certain guidelines and best practices are followed, if measures are exercises and practiced, and communications clear, risks to a degree are mitigatable and emergencies containable. There are always things outside of one’s control, but as Omand outlines, preparation and planning offer the best pathway to containing those developments and setting governments and organizations up for success. That is, of course, so long as they invest the time, energy, and resources necessary.
This then is where the trepidation emerges. Humans are notoriously shortsighted, especially in the absence of a clear threat. It requires leadership to focus organizations on the future, especially pessimistic scenarios, or risks. More than simply that, humanity is engineering increasingly complex systems and systems of systems. The just-in-time supply chain that yielded unparalleled economic progress also created unanticipated vulnerabilities. A novel virus or a ship blocking a canal are, arguably, predictable.
Yet, the interconnectedness of artificial intelligence, machine learning, and quantum computing are offering up risks which we’ve only just begun to consider.. In 2013 a false tweet about a bombing at the White House caused markets to plunge. That was a decade ago. What vulnerabilities exist today that simply have yet been exposed? How will a crisis propagate across time, space, and information and will it rapidly outpace our ability to contain or manage it in accordance with best practices? Will the reliance on automated systems to help humans manage or respond to crises, or simply create their own new vulnerabilities and exacerbate the challenges of emergency management? How will we handle multiple emerging sudden and slow-burn crises occurring at the same time?
Time will, perhaps, only tell.
a global affairs media network
Steering a Ship of State Through Crisis Waters
Image by Dimitris Vetsikas from Pixabay
August 19, 2023
Sir David Omand's latest book, "How to Survive a Crisis," is an authoritative toolkit for crisis response, informed by historial and personal experience. It is also a very clever book about much more than it initially lets on, writes Joshua Huminski.
H
umanity is notoriously fickle and short-sighted, particularly when it comes to risks. In the absence of a clear threat or urgent or pressing challenge, it is far easier to remain optimistic and think “that can never happen to me.” That optimism is useful for finding opportunities, but particularly foolish when one accounts for history. It certainly never happens, until it does. As the world is now out of the COVID-19 global emergency and life is returning to normal, attention has moved on and little attention is paid to pandemic preparedness—we know it will happen again, but it is easier to just hope for the best.
Preparing for the worst is both an art and a science. No amount of preparation will mitigate every risk, but smart preparation and the development of institutional crisis management can help governments and organizations find their way through the worst and limit the damage. The best crisis management is informed by past experience and deep expertise, both of which Sir David Omand has and provides to readers in his new book “How to Survive a Crisis” (a copy of which was kindly provided by the publisher for review).
At its core, “How to Survive a Crisis” is a toolkit for how to respond to crises. Deeply informed by historical and personal experience, it identifies the challenges of emergency situations and offers lessons learned (neatly contained at the end of every chapter). This survey of past crises is superbly presented—from the 2013 In Amenas gas plant in Algeria to COVID-19, and from France’s failure at Dien Bien Phu in 1954 and the response to the 2017 NotPetya ransomware attack, Omand shows the applicability of lessons across time and space—a key lesson for crisis managers: learn from history.
Yet, “How to Survive a Crisis” is a much more complex and subtle book. Of course, it offers a masterclass into how to respond to and manage a crisis, but it delivers far more than just the topline title. It has fascinating capsule histories of recent crises, insights into human psychology during a crisis, the applicability of physical-world lessons to digital-world emergencies, but also how the United Kingdom organizes itself for disasters, whether natural or man-made. This is far more than simply a checklist of crisis response actions.
It is a very clever book about much more than it initially lets on.
Omand’s experience and his measured presentation of what should be self-evident best practices are what sets “How to Survive a Crisis” apart from its peers. It is, sadly, about as close to a proper autobiography of Omand as we are likely to see, unless he can be convinced of the value of penning a full memoir. His career as a civil servant across the United Kingdom’s security and intelligence establishments is nothing short of extraordinary. From a humble civil servant in the Ministry of Defence’s Defence Secretariat—a civilian policy institution offering non-military perspectives on military matters—which saw him on patrol in Northern Ireland to heading GCHQ (the UK’s signals intelligence organization) and the country’s first national security advisor, there are few senior roles of great import he has not held.
“How to Survive a Crisis,” like Omand’s previous work “How Spies Think,” is a book that commands attention because of this authority. Omand is not some business transformation guru opining on the experiences of others, or simply rehashing a well-thumbed Harvard Business School case study (though there are plenty of those in the business section of my local bookseller). He speaks with the authority of experience, but in a uniquely humble and measured manner. He has definitively attempted to use the tools of state to navigate a crisis, but found them as often as not like “rubber levers”, tools that prove unresponsive to inputs, and it shows. He is one of those truly quiet professionals on whom governments rely for smooth operation and success.
The straightforwardness of his approach and methodology demystifies crisis response. His model of calculating crisis severity, which is the sum of intensity, extent, and duration, is far more illuminating than complex models. His distillation of crisis management into its constituent parts undoubtedly makes him an invaluable person in an emergency, a steady hand at the helm of a ship in turbulent waters.
It is, however, also his ability to not lose sight of the broader complexity of crises and crisis response, which are never simple sets of causes and effects, but the result of dynamic interactions of systems and systems of systems. Omand’s distillation makes the principles of crisis response clear, but never presumes that things are or ever will be “simple”. He never presumes to suggest that there is a singular plan for crisis response, rather it is a strategy, one that is flexible and adaptable, but based on the principles and lessons he presents. Plans are fragile, good strategies are flexible.
His impressive career offers a unique perspective on how the government of the United Kingdom organizes and manages itself. The delegation of authority during a crisis along gold, silver, and bronze commands, the operation of the Civil Contingencies Committee, more commonly known as COBR (Cabinet Office Briefing Room, the equivalent of the White House’s Situation Room), and the interaction of the ministries during a crisis is fascinating. This presentation has its own value—understanding how allies and partners respond to and manage crises is useful for informing one’s own national and business response. It is also invaluable to understand how a partner country to the U.S., such as the United Kingdom, organizes its crisis and emergency response. Such awareness surely smooths cooperation and interaction, especially during international crises like cyber incidents, about which Omand writes extensively.
It is equally fascinating to see how things do not and did not work, particularly during the COVID-19 pandemic—the subject of a public inquiry in the United Kingdom at the moment. Omand handles the government’s response with a notable delicacy. He rightly points out failures on the part of Boris Johnson’s cabinet (and indeed on the part of the prime minister himself), but also recognizes successes where they were found, not the least of which was in the country’s vaccine development and roll-out.
While Omand is too polite to say so, there is no magic bullet for surviving emergencies and anyone who suggests there is one is simply peddling snake oil. There is also little excuse for lacking preparation. Crisis management requires due attention, care, and consideration. After a crisis or an emergency there is inevitably a great deal of effort and reflection. After-action reports are drawn up, lessons learned are divined, goats scaped, and promises made to do better in the future. Yet, as distance from the crisis grows, the attention fades. Preparation and planning are decidedly less attractive options, even if an ounce of prevention is truly worth a pound of cure. This is something against which Omand counsels.
Omand applies his lessons to the information era. While his guidance for the digital world is not fundamentally different from those of the real world, he does counsel the importance of recognizing the emerging challenges governments and companies face. The rise of ransomware, for example, poses a multiplicity of challenges that few likely consider in their plans. Hackers may hold the data hostage, which is a primary threat, but they also risk disclosing to the public the data that they hold (a secondary sort of ransom) and threaten to expose the breach publicly—three ransom demands for the price of one malware. The speed with which ransomware can propagate poses its own challenges, as does the effort to remediate the damage. The giant Danish shipping conglomerate Maersk, by way of example, was only able to recover its operations because a single server in Africa was offline when NotPetya took the company’s global operations down. Its cables had to be severed and physically flown to the United Kingdom to reimage the company’s networks.
Omand’s methodology and preparation would set up a crisis manager well, accounting for nearly everything; everything except human nature and psychology. Omand certainly addresses this throughout the book, but no blueprint can account for human fallibility, biases—psychological, political, or otherwise, incomplete information, faulty analysis, pride, or ego. The risk of attempting to rely too much on quantitative models or methodology in a crisis is very real, just as real as humans’ innate ability to do things that confound both models and rationality. The toolkit he outlines seeks to accommodate as much of these as possible, finding workarounds, building off-ramps, and creating structures to limit the damage that human nature and fallibility can create in a crisis (or otherwise).
There is always the question of the “dog that didn’t bark,” the issue that didn’t become an emergency, and didn’t become a crisis. “How to Survive a Crisis” does point to comparable successes, notably the preparations for the 2012 London Olympics, but most case studies are where things did not work. Sir David is perhaps a touch too polite about the private sector’s failure to mobilize sufficient security personnel for the 2012 Olympics. Yes, the British military stepped in and saved the day, but the security contractor’s failure was nonetheless monumental. There are far fewer cases where management was more successful or avoided descending into chaos. This is not surprising, but it does skew the data. We certainly know when things failed, we have a general sense of when things went going poorly but avoided disaster, but we likely don’t know the crises that didn’t happen because systems and processes worked.
On finishing “How to Survive a Crisis” one is left with both a sense of optimism and trepidation. Optimism because crisis management is, at its core, very sensible and logical. If certain guidelines and best practices are followed, if measures are exercises and practiced, and communications clear, risks to a degree are mitigatable and emergencies containable. There are always things outside of one’s control, but as Omand outlines, preparation and planning offer the best pathway to containing those developments and setting governments and organizations up for success. That is, of course, so long as they invest the time, energy, and resources necessary.
This then is where the trepidation emerges. Humans are notoriously shortsighted, especially in the absence of a clear threat. It requires leadership to focus organizations on the future, especially pessimistic scenarios, or risks. More than simply that, humanity is engineering increasingly complex systems and systems of systems. The just-in-time supply chain that yielded unparalleled economic progress also created unanticipated vulnerabilities. A novel virus or a ship blocking a canal are, arguably, predictable.
Yet, the interconnectedness of artificial intelligence, machine learning, and quantum computing are offering up risks which we’ve only just begun to consider.. In 2013 a false tweet about a bombing at the White House caused markets to plunge. That was a decade ago. What vulnerabilities exist today that simply have yet been exposed? How will a crisis propagate across time, space, and information and will it rapidly outpace our ability to contain or manage it in accordance with best practices? Will the reliance on automated systems to help humans manage or respond to crises, or simply create their own new vulnerabilities and exacerbate the challenges of emergency management? How will we handle multiple emerging sudden and slow-burn crises occurring at the same time?
Time will, perhaps, only tell.