Crisis Calling on Line One

On Jan. 19, the FBI told authorities in Boston about an unsubstantiated tip: Four Chinese nationals and two Iraqis had entered the United States from Mexico and were awaiting a shipment of nuclear oxide that was en route to the city. Word quickly spread as national and local news media reported that the authorities were seeking suspects allegedly planning to release a dirty bomb in Boston. Massachusetts Gov. Mitt Romney returned early from President Bush's inauguration, and state officials opened an emergency management bunker. The tip later turned out to be a hoax. At the height of the incident's uncertainty, Edward A. Flynn, the state's public safety secretary, took press interviews, including a live Q&A with Boston's National Public Radio affiliate. CSO spoke with Flynn, a veteran of media interviews during terrorism alert warnings, about five things security leaders can do to keep the public calm in fear-fraught situations.

No. 1: Disseminate accurate information. During a crisis, Flynn says, you first need to provide information to your colleagues and employees about what's happening so that they can respond appropriately. "How do we have an active and involved public without scaring the bejesus out of them? Quite honestly, it's hard to do. Terrorist investigations are federal. State and local governments render assistance and have responsibility, but we're not primarily in control of shaping the message," Flynn says. "Understandably, there's stress between the federal concerns to protect an ongoing investigation and the state government who needs to convey information to the media. Everyone in the game is trying to do the right thing."

No. 2: Answer questions. After the authority or organization releases information about an incident, Flynn says, expect that questions will follow. It's important to respond quickly and to shape answers to the questions that reflect the tone you are trying to achievein this case, a calming presence. He adds: "By the morning of the second day, people like myself could answer questions [about the dirty bomb scare]. It's far less difficult for me to respond to questions than to craft the message. The crafting of the message itself raises concerns. But if I'm answering your questions, I've found, it gives me room in tone and content to convey a more accurate, simple statement than any crafted message could do. And there's always the old adage that you answer the question you wish you were asked."

No. 3: Tell the truth about the crisis. Flynn says that it's important to establish your credibility before a crisis hits. Then, when an incident occurs, your boss and peers will know that they can come to you for accurate and reliable information. They'll look to you to set the tone and create the plan because you've already proven yourself. "I've got a boss. You have to have credibility with that boss so that they believe what you're telling them and will take some of your advice," Flynn says. "Their concerns are not only security related, they have a constituency. You need to be part of crafting that message. There are other interests besides yours as stake."

No. 4: Be prepared. Flynn says it's essential to have a disaster plan in place before that disaster ever takes place. "You can't make it up as you go along," Flynn says. "This requires preplanning. We will have various levels of information in the public domain that pertains to homeland security. This requires that we work out in advance how we will communicate that messagewho will deliver it to certain constituencies. But you need to sort out that plan in advance. What's the message that's a combination of alertness and reassurance? If we have an industry that's part of the critical infrastructure, what is your standard procedure to handle information when it comes into your domain? Into the public domain? How do you [speak] to your employees? Who do you take the lead from? These discussions need to take place in advance."

No. 5: Get involved. As a government official, Flynn says he sees the importance of public- and private-sector information-sharing. Such cooperation can help in a crisis. "CSOs should get involved with local and state government," Flynn says. "Get in touch with your state's emergency management agency."

Copyright © 2005 IDG Communications, Inc.

The 10 most powerful cybersecurity companies