Digital resilience: How to prep for the next crisis when you have no idea what it will be
Read time 4 min
How does one prepare for the unknown? By prepping for the inconvenience of the unknown.
We’re all familiar with the prepping basics: Medical supplies, bug-out bags, rainy day funds. You should always have a stockpile of food and water to get you through 72 hours.
As a society, Finland has taken preparing for a crisis – whether it’s a natural disaster, a pandemic, or an invasion – even further with “comprehensive security” as its national strategy. From politicians to companies to churches, a society-wide network of actors form a system of protection ready to go into crisis mode when need be.
In our connected world, digital resilience is equally important.
Traditionally it has meant looking at things like power grids and banking connections, but recent events should have us looking at 2.0 in the domain of digital resilience as well.
When COVID-19 started to spread, a need for new systems was imminent. To help slow down the pandemic, mobile phones were harnessed for contact tracing. National contact tracing applications sprung up all around the world.
The apps identified situations where you may have been exposed to the coronavirus and provided you with instructions that could help you break the chain of transmission. While far from perfect, the apps provided some much-needed control over the chaos.
The war in Ukraine brought to light new uses for existing tools: Restaurant reviews briefly became a new digital territory in the fight against misinformation in Russia, and a microtasking platform appeared to be used as a crowdsourcing tool for military intel.
Both cases are examples of digital resilience, the ability to build and utilize information systems in unconventional circumstances.
We don’t – and won’t ever – know what the next crisis will be. It could be anything, come from any direction, at any time. Still, we must maintain our digital resilience in the face of these uncertain, unknown conditions.
Modern software development is all but based on open source libraries. In peacetime, this is great because it allows you to build on existing implementations instead of developing the basic functionality from scratch. It makes developing a lot easier, a lot more convenient. You don’t have to start from zero every single time you build something, you can build on what’s already been built before.
The cloud is another crucial part of almost all software development. While on-premises data centers used to be a common sight, shared hosting and dedicated servers are the hosting platforms of today. Cloud offers convenience in saved costs – just think of the real estate alone –, flexibility and scalability, security, and ease of use.
In various states of crises, access to these resources may very well be interrupted. You may have partial access or no access at all. And you still need to build something.
Suddenly, some very old-school skills are needed from professionals who’ve likely never had to go that far back in time before.
You can not know how to operate without something you’ve never operated without. But one day you might have to.
What could you build if your access to development frameworks and libraries was taken away? How do you deploy software if you can’t use the cloud of your choice? What to do if the SaaS tools you use for running your core business are not available?
Therefore, the only thing you can do to secure the future is train.
Training for digital resilience is not that far from any other prepping, actually. You must store anything you might need and secure access to key resources you can’t store yourself. In this case, it’s just your code, libraries, frameworks, and server capacity that should be available – and continuously up to date – for a rainy day. You should map out various risk scenarios and all of their possible, unlikeliest consequences
Then, you should train for those scenarios, making sure that all the people needed to steer the getaway car out of a crisis firstly know each other and secondly have trained for the specific case at hand. The practices should be implemented “end-to-end”, too. The biggest challenges usually arise where two or more organizations need to work to together. These training sessions should happen frequently, with slight variations and participants. My recommendation? At least once a year.
These sessions very quickly force you to plan your communications in a crisis. What are your normal means of communication, and what are your backups in the case your everyday whatsapps and slacks do not work?
It doesn’t stop here either! All the sessions should be analyzed to configure the next training: What worked, what didn’t, what was realistic, and so on. These learnings should be documented, and of course also acted upon.
Like soldiers always say, the way you train is the way you fight. And, if you don’t train, you will not put up a fight.