Dear Colleagues, Interesting article today in the New York Times on corporate security. Product designs are singled out as one of the key resources for protection by the CSO -- the new breed of executive responsible for security. Excerpts below. Full article on NYT web site. A couple of these excerpts are also reminders of the issues we must consider as designers. Logistics, distributed work, virtual teams, and different kinds of interlocked systems are all central to the work of design today. Best regards, Ken Friedman Article excerpts from NYTimes.com: --snip-- In New Era, Corporate Security Looks Beyond Guns and Badges May 27, 2002 By STEVE LOHR HELP WANTED: Chief Security Officer. Ominously, vaguely, federal officials are again warning Americans to be on alert for some sort of terrorist attack. Will corporate America be ready? In the months since the Sept. 11 attack on New York destroyed the World Trade Center towers, killed thousands of workers and disrupted dozens of companies, businesses have been forced to review their notions of corporate security. And with those assessments has come realization that the job calls for a new kind of corporate security executive - one with breadth of experience, analytic skills, business acumen and leadership qualities. The job, in other words, calls for a chief security officer, or C.S.O., as the emerging term of art would have it. --snip-- It is too early to tell whether the C.S.O. will eventually reach comparable stature. But even before Sept. 11, the corporate security field had been steadily evolving in response to the major business and technological developments of the last two decades. Globalization, deregulation, outsourcing, just-in-time inventory practices, the embrace of information technology and the rise of the Internet have all brought greater openness and efficiency, along with new vulnerabilities. The people managing security at large corporations have also changed with the times, well beyond the "guns and badges" days of mainly overseeing building security guards and investigations of the "who stole the petty cash" variety. In today's open economy, a point of access in security terms is not just a headquarters office or a factory gate, but also a computer network connection that could be a gateway to a company's customer databases or product designs. --snip-- General Motors hired Mr. Christiansen in November from Visa International, where he was a senior vice president. His title is a new one at G.M., but the company had begun recruiting him months before Sept. 11, an indication that information security had already become a priority for senior management. A big part of the comeback story at General Motors in recent years has been its use of information technology to forge closer links with suppliers, shorten product design-and-development cycles and manage its worldwide operations. Yet operating in a global, networked world, where collaboration and information sharing are essential, brings new security risks. The access to computer networks for employees, suppliers or contractors that can make a company more nimble and fleet-footed also makes a company far more vulnerable to theft, sabotage and information-warfare attacks. "It is the digitization of the enterprise that drives the importance of information security to the top," Mr. Christiansen said recently in his Detroit office. "Our car designs are all mathematical models. You don't make a single car, a single truck, without a computer system - actually, several of them." Major manufacturing corporations like General Motors have been adapting their supply pipelines for years. In 1996, G.M. learned a costly lesson in the potential pitfalls of just-in-time inventory practices when an 18-day strike at two factories that supplied brakes shut down 26 assembly plants, reducing quarterly earnings by $900 million. Afterward, the company reorganized its manufacturing and supply channels so that production of critical parts was more diversified and flexible, making it far less susceptible to the loss of a single plant or two. Mr. Christiansen's job is to make similar, risk-reducing steps for the data networks that connect the company's operations and people. "It is the equivalent of G.M.'s nervous system," he said, "and if it were knocked out, it would be as if suddenly your arms and legs don't work anymore." --snip-- The American Society for Industrial Security, a professional organization with 32,000 members, wants to hasten the evolution of the field. In the last few months, the organization has been developing a detailed description of the preferred qualifications and responsibilities for "the new position of chief security officer." The work is not finished, but the draft proposal says the chief security officer - who would ideally hold a graduate degree in business or law - should be a senior executive with strong analytic, strategic and communications skills in addition to security expertise. "For corporate North America, 9/11 was a wake-up, bar none," said Mr. Williams of Nortel, who worked on the society's job-description document. "There will be a lasting effect, and many corporations recognize they need security leadership. But there is also a real need within the security field to broaden itself." http://www.nytimes.com/2002/05/27/technology/27SECU.html?ex=1023497165&ei=1&en=57ba5f97029328e9