Emergencies come in all forms, from natural to man-made disasters, to worst-case scenario business disasters, which while not threatening in human life, can still have disastrous consequences. Consulting caught up with Booz Allen Hamilton Senior Associate Jeff Roth, who is no stranger to planning for disaster, with a background as a chemical officer in the Army focused on nuclear, biological, and chemical threats. Now a consultant going on 20 years, Roth helps companies devise scenarios, exercises, and war games intended to help them plan for those “what-ifs” and shore up their preparedness for if—and when—disaster strikes.
Consulting: How did your background lead you to this kind of consulting?
Roth: I studied chemical engineering at Notre Dame and was slated to become an Army officer in 1996. That career path brought me into the military as a chemical officer doing nuclear biological chemical training. The Army was very big on training in realistic environments—they used to use something called a rock drill, literally a sand table with rocks on it that helped the commanders try to figure out where they’d position their forces in the case of an engagement to plan through courses of action. As a chemical officer we were focused on nuclear, biological, and chemical threats. I was assigned to an artillery unit as sort of their special expert on nuclear, biological, and chemical warfare, so a lot of my background in the military was in doing training and thinking through scenarios.
Consulting: Is this type of consulting on the rise since you joined BAH in 2002?
Roth: The field of wargaming goes back over 200 years to the Prussian navy. In the 1800s they didn’t have computer simulations to test equipment without moving their ships around in real time, which was cost prohibitive and not always possible. So they’d use the wargame to test force-on-force naval battles. Over the years, that evolved through the major world wars. War gaming has always been a component of how a military does its battle planning.
The crossover to the business side started well over 50 years ago, maybe not as a standard consulting practice but certainly government agencies and commercial entities used forms of war gaming to test out their courses of action, whether that be the rollout of a new product or a competitor’s analysis, there were forms of that war gaming built into how business practices are run.
Over the last decade and a half, if I could use Sept. 11 as sort of a catalyst, I think the field became even more evolved because you had local, state, and federal agencies as well as private institutions worried about different threats and risks. They needed a mechanism to easily test through their concepts without waiting for the real event to happen. So over the last 15 years it’s become increasingly common that institutions of all sizes have begun to practice war games and exercises.
Consulting: What sort of business emergencies is it best to have a disaster plan for?
Roth: The scenarios run the gamut of what a possible threat could be. Normally at the beginning of the process is a risk assessment of an organization, or an organization comes to us with a risk assessment of their most imminent threats. That threat doesn’t have to be a severe disaster or involve loss of life. Certainly a data breach can be economically devastating for a company or a small business. Some of the exercises we’ve done over the past decade have been private-public partnership exercises. For example an objective like where a military installation wants to get along better with the surrounding community and find a way to share resources. In a way we use the same structure to tackle these complex problems and the exercise allows a group of individuals to work through it.
Consulting: How ready are most organizations in terms of disaster management preparedness?
Roth: I think what we’re seeing now is organizations are very aware of preparedness. Certainly from a military or government agency perspective it’s almost built into their mission statement. A big part of their existence is to be able to provide their services at a steady state as well as during a crisis situation. Then the organizations have plans for continuity of operations to physically or virtually move from one location to another so they can provide them. In the same way, the private industries have in a way modeled themselves after some of those best practices from the military and government. If a business is taken offline by a cyber attack, even for a few days, the loss of revenue could be catastrophic for that company. I think nowadays because the state of the world seems to at every turn throw us a new challenge, a new threat, people have become more prepared.