Critical Infrastructure Protection & Resilience Asia

Oliver C. G. Odulio

Atty. Oliver C. G. Odulio
Head of Asset Protection & Risk Management; Head of Enterprise Business Continuity & Resilience

Atty. Oliver C. G. Odulio is a Vice President for PLDT Inc. where he heads 2 groups: Asset Protection & Risk Management, and Enterprise Business Continuity & Resilience. PLDT is the leading telecommunications and digital services provider in the Philippines which utilizes the most extensive fiber optic backbone, and fixed line and cellular networks in the country. PLDT is listed in both the Philippine Stock Exchange (PSE:TEL) and its American Depositary Shares are listed on the New York Stock Exchange (NYSE:PHI), and has one of the largest market capitalizations among Philippine¬ listed companies.

Oliver’s responsibility covers several companies which comprise the PLDT Group: namely PLDT Inc., Smart Ccommunications, Sun(DMPI)/Digitel (DTPI), and several other subsidiaries and affiliates.

As head of Asset Protection & Risk Management, he has lead responsibility for the security of all the assets and operations of the PLDT Group of companies, covering both strategic and tactical aspects of asset protection. On a concurrent but separate capacity, he is likewise the head of Enterprise Business Continuity & Resilience, which ensures that the company has the necessary processes in place to respond to, mitigate and overcome the effects of disruptive incidents that may affect the company’s business, including but not limited to incident response and disaster recovery. He is likewise the head of the Asset Protection Council, which is composed of the top security heads of various critical infrastructure companies in the Philippines, covering power, water, telecommunications, transportation, media, and others.
He was previously the head of Supply Chain and Support Services for PLDT Inc. which covered Procurement, Logistics, Fleet and Aviation. A lawyer by profession, he has experience in both litigation and corporate law.

Presentation: How the Business Continuity methodology of Business Impact Analysis can help CIP practitioners transition from Asset Protection to Asset Resilience

The historical concept of “Asset Protection” has been defined as actions taken “to cover or shield the asset against danger, harm or damage”. More often than not, most security organizations have been created with pre-defined tasks based on such a simplistic and general definition, without understanding that it would not be responsive to the dynamic and ever-changing business risk environment.

Accordingly, the dilemma facing the security professional is fourfold: (1) the inherent resistance against new security strategies which are not aligned with pre-conceived ideas of traditional security functions, (2) limited and non-prioritized resources given to the security organization that would enable it to perform its functions properly, (3) the current means/methods in the creation the security strategies are ineffective and imprecise: based either by direct inference of perceived threats, or at most, through a simple gap analysis (4) the current security strategies are too inflexible and unresponsive to the dynamic risks and threats to the company.

The presentation discusses how the Business Continuity methodology of Business Impact Analysis can be used to address the aforementioned fourfold dilemma in order to create a more efficient and effective security organization that is responsive to the evolving risks and threats facing the company. A detailed discussion and comparison is made with respect to the use of Business Impact Analysis (BIA) versus Gap Analysis in formulating security strategies and plans. The paper concludes by highlighting related fields in in Risk Management and Business Continuity and how such disciplines and methodologies can be used to enhance the practice in Critical Infrastructure Protection.