Amission critical asset is essential for a business or organization's survival. When a mission critical asset fails or is otherwise unavailable, it significantly impacts business operations. In emergencies, it is essential to prioritize mission critical assets when making triage decisions under tight resource or personnel constraints.
Mission critical assets are best understood in the context. They are one of four types of critical assets:
Safety critical assets or systems, unlike mission critical assets, can lead to severe environmental damage, injury, or loss of life if they fail. Mission critical and business critical assets are similar in many ways, but business critical assets typically affect only a single company or organization and may cause partial disruption of business activities for a limited period. However, that disruption can still result in significant financial losses.
Mission critical assets can affect an organization, its customers, partners, and neighbors. And security critical assets are essential for protecting sensitive data, materials, and people from theft, accidental loss, or other harm.
Critical facilities are worksites essential to business operations. They can be entire buildings or areas within buildings, such as data centers, medical centers, manufacturing plants, and trading floors—such as a stock exchange.
Critical facility management systems support the effective and efficient operation of these facilities. They include electrical infrastructure, BMS and critical asset monitoring systems, UPS equipment, fire detection and suppression systems, access control, and other physical security and management controls.
Properly managing risk requires well-trained professionals backed by comprehensive policies and smart technology. Critical facility and asset protection is no longer a practice one can carry out independently. The consequences of human error are too severe.
Consider faults from manual access control—specifically, the example of rekeying an entire critical facility due to key loss. Although fees per lock may decrease for larger facilities, it could still amount to around $40 per lock, even at the lowest end. Consequently, rekeying 100 locks could result in expenses of up to $4,000, posing a considerable concern if a sub-master key goes missing unexpectedly.
The consequences become even more severe if a master or grandmaster key is lost, potentially jeopardizing your physical plant budget. An unfortunate example of this occurred in the State of Hawaii when government security officials realized they had no record of how many master keys were in circulation. For security purposes, they undertook the costly measure of rekeying the entire State Capitol, incurring over $250,000 in unnecessary expenses.
Since every organization and its mission are unique, every organization should also have its method of categorizing mission critical assets. Obviously, there may be some commonalities across organizations, but each organization needs to establish clear parameters for identifying its mission critical assets.
To determine which requires a special category of management and protection, you should consider the value of each asset, the impact its unavailability would have on your organization, and the specific risks you face having that asset in your facility.
The equipment, infrastructure, or data—the assets—that an organization chooses to store will possess some inherent value. This value may change or diminish over time, so organizations need to assess the significance of those assets and their impact on their processes.
Consider the consequences if specific assets were to be compromised or stolen by attackers. Suppose the impact of such an event extends beyond the organization's borders and affects the safety and security of multiple customers, for instance. In that case, you should define that asset as mission critical based solely on the impact of its unavailability.
Evaluating an asset’s importance also involves anticipating potential threats and risks that could arise due to those assets being in your possession. For example, the potential risk of vehicle theft from owning and managing fleet vehicles in a city center.
You need to ask questions, such as, are certain types of assets that might interest bad actors? How easily accessible are they? By addressing such questions, organizations can gauge the level of risk certain assets bear and then prioritize their protection accordingly.
See 10 Physical Security Risk Mitigation Strategies That Actually Work
Let’s consider several different types of mission critical assets in context.
Modern hydroelectric power plants are sophisticated systems that generate high electrical power volumes and contain and manage high volumes of water. Any number of different failure scenarios could damage the local, national, and international power grids or devastate the local ecosystem. They—and other power-generating facilities—are a significant public safety concern.
There is no single mission critical component of a hydroelectric facility. The facility comprises many interconnected critical areas and assets.
Maintaining control over hydroelectric generators, reservoirs, and turbine assembly involves stopping, decreasing, or increasing the water flow through the facility. All of these areas are managed from various control rooms. Therefore it is essential to control access to the facility’s perimeter and each area within it.
Microsoft HoloLens augmented reality (AR) headsets may not be well-known to the consumer public, but they have become mission critical assets for many engineering and high-tech firms. Often visual information alone is insufficient for technicians to deploy or repair high value equipment, they require additional AR overlain information to complete expensive or time-sensitive work. The AR headsets can also send video streams from on-site to entire teams of engineers back at the office who can coordinate actions.
Failure to complete those workflows could result in the loss of multi-million dollar contracts or cause catastrophic harm to the organization and its clients. So while the HoloLens headsets are expensive, the workflows within which they’re used are mission-critical. That makes them mission critical assets by default. Proper access and availability control for these devices is essential.
Access control is one of the most important management activities for mission critical assets. Typically you either want to control direct access to assets that you can store—like a HoloLens headset—or control access credentials to the ones you can’t—like a hydroelectric power generating facility. In the first case, you would want to use resilient asset management. In the latter, you would want to deploy smart key management.
Asset management involves overseeing and directing the use of an asset throughout its entire lifecycle within an organization. The primary objective of asset management is to optimize the item's value over its lifespan while also addressing any potential risks associated with its ownership and usage.
Smart asset management systems use sensor networks embedded within the system to monitor stored critical assets, understand their condition, and modify access to them as needed. All those processes can be automatically by the smart system itself or adjusted according to operator prompts.
Key control involves securing locations and assets using physical keys and managing access to those keys. Business key control programs typically include policies and tools to regulate key distribution, track keys in use, and prevent unauthorized duplication.
The primary objective of a comprehensive key control program, regardless of its specific details, is to safeguard mission critical locations, assets, and individuals efficiently. As with smart asset management systems, smart key systems self-monitor and adjust key control practices automatically based on operator criteria.
Yes, but they vary widely by industry and jurisdiction. Researching what might apply in your state or province is highly recommended. However, Several major standards exist that every organization should be aware of.
If your organization adheres to ISO 55000 asset management standards, implementing an automated smart system can aid in ensuring compliance for the storage of mission critical assets. By utilizing electronic management tools, you can automate record-keeping, leading to reduced errors. Additionally, the system allows you to gather valuable data, which can be used to improve your overall asset management program continuously.
If your organization has US-based facilities, you should know the formal definition of a critical facility established by the Federal Emergency Management Agency (FEMA) regarding flooding emergency management. “Typical critical facilities include hospitals, fire stations, police stations, storage of critical records, and similar facilities. These facilities should receive special consideration when formulating regulatory alternatives and floodplain management plans. A critical facility should not be in a floodplain if possible. If a critical facility must be located in a floodplain, it should be provided a higher level of protection to continue functioning and provide services after the flood.”