Can corporate social responsibility survive through recession?

In recession, people are actually less forgiving of bad behaviour, writes Philip Monaghan.

All film-lovers will recall the famous scene in Butch Cassidy and The Sundance Kid: our anti-heroes stand at the cliff edge with the prospect of either jumping off into the rapids below or being caught by the chasing posse to face a firing squad. The Sundance Kid (Robert Redford) hesitates, saying he is scared to leap because he cannot swim. Butch Cassidy (Paul Newman) laughs out loud, pointing out that he need not worry – the jump from the cliff will kill them anyway. Both men make the jump and survive.

Many corporate leaders face a similar leap of faith when it comes to integrating sustainable development into their business strategies. Barclays, BP, Enron, Lehman Brothers and NewsCorp all have or had corporate social responsibility (CSR) programmes in place, many of which have been lauded. Barclays and BP have rightly been praised in the past for their leadership roles in the Equator Principles (to enable environmental and social considerations in project financing) and the Extractive Industries Transparency Initiative (to counter bribery and corruption) respectively. Yet the Barclays interest-rate manipulation scandal in 2012 and the BP deepwater horizon spill in 2006 show that despite these best intentions a culture of "making a quick buck" at someone else’s expense can be extremely hard to shake. This has only had disastrous consequences for shareholders and wider society, but led to the ongoing existence of both companies been called into question at one point or another.

So what is the problem? Is CSR still merely a periphery activity in companies despite the hula? Does short-term gain always trump long-term value? Or is it just a few rogue actors within a company bringing the rest down, which is impossible to 100 per cent safeguard against? Maybe. Or perhaps it is because corporate planners and risk evaluators are simply looking at the wrong thing: their resiliency strategy needs rewiring. Misguided business executives assume they can ride out the storm from any high-stake gamble, including an illegal one. Their hunch is that they will not caught because they are smarter than everyone else. That even if they do get caught the market will forgive them if they continue to deliver good investor returns. And that people have short memories. Yet this is a very narrow approach to resiliency, one that is focused on being able to resist immediate shocks and fails to understand the complex system in which a single entity operates. Survival is also about the ability to learn and transforming. During a global recession, people's tolerance of bad corporate behaviour is much lower and their memories much longer. So the political uproar and ferocity of the regulator response on both sides of the Atlantic is no surprise (and hopefully any new supervision will include an overhaul of how credit rating agencies evaluate non-financial risk too).

If CSR is to be relevant for a post-recession world from 2015 onwards, it needs to become infused with resiliency thinking. CSR advocates now stand at the cliff edge at a time of great uncertainty. They can turn back or make another great leap of faith to shape a more responsible capitalism. Not an easy choice by any means, but the right choice for shareholders and society alike.

News Corp, one of many companies with a CSR program. Photograph: Getty Images

Philip Monaghan is founder & CEO of Infrangilis (a consultancy and think-tank on resiliency strategies). He is the acclaimed author of the books Sustainability in Austerity (2010) and How Local Resilience Creates Sustainable Societies (2012).

Show Hide image

Can Trident be hacked?

A former defence secretary has warned that Trident is vulnerable to cyber attacks. Is it?

What if, in the event of a destructive nuclear war, the prime minister goes to press the red button and it just doesn't work? 

This was the question raised by Des Browne, a former defence secretary, in an interview witht the Guardian this week. His argument, based on a report from the defence science board of the US Department of Defense, is that the UK's Trident nuclear weapons could be vulnerable to cyberattacks, and therefore rendered useless if hacked. 

Browne called for an "end-to-end" assessment of the system's cybersecurity: 

 The government ... have an obligation to assure parliament that all of the systems of the nuclear deterrent have been assessed end-to-end against cyber attacks to understand possible weak spots and that those weak spots are protected against a high-tier cyber threat. If they are unable to do that then there is no guarantee that we will have a reliable deterrent or the prime minister will be able to use this system when he needs to reach for it.

Is he right? Should we really be worried about Trident's potential cyber weaknesses?

Tangled webs 

The first, crucial thing to note is that Trident is not connected to the "internet" we use every day. Sure, it's connected to the main Ministry of Defence network, but this operates totally independently of the network that you visit Facebook through. In cyber-security terms, this means the network is "air-gapped" - it's isolated from other systems that could be less secure. 

In our minds, Trident is old and needs replacing (the submarines began patrolling in the 1990s), but any strike would be ordered and co-ordinated from Northwood, a military bunker 100m underground which would use the same modern networks as the rest of the MoD. Trident is basically as secure as the rest of the MoD. 

What the MoD said

I asked the Ministry of Defence for a statement on Trident's security, and while it obviously can't offer much information about how it all actually works, a spokesperson confirmed that the system is air-gapped and added: 

We wouldn't comment on the detail of our security arrangements for the nuclear deterrent but we can and do safeguard it from all threats including cyber.

What security experts said

Security experts agree that an air-gapped system tends to be more secure than one connected to the internet. Sean Sullivan, a security adviser at F-secure, told Infosecurity magazine that while some hackers have been able to "jump" air-gaps using code, this would cause "interference" at most and a major attack of this kind is still "a long way off". 

Franklin Miller, a former White House defence policy offer, told the Guardian that the original report cited by Browne was actually formulated in response to suggestions that some US defence networks should be connected to the internet. In that case, it actually represents an argument in favour of the type of air-gapped system used by the MoD. 

So... can it be hacked?

The answer is really that any system could be hacked, but a specialised, independent defence network is very, very unlikely to be. If a successful hack did happen, it would likely affect all aspects of defence, not just Trident. That doesn't mean that every effort shouldn't be made to make sure the MoD is using the most secure system possible, but it also means that scaremongering in the context of other, unrelated cybersecurity scares is a little unjustified. 

Barbara Speed is a technology and digital culture writer at the New Statesman and a staff writer at CityMetric.