The following is a “revised and extended” version of my remarks at the PNSR Futures Conference this week in Washington D.C. (PNSR = Project on National Security Reform.)

FINDING: The national security system is not organization, nor even a system of shared purpose.  My observations lead me to believe it is better described as an ad hoc consortia of competing interests. 

Assessing knowledge flow across this “system,” therefore, is akin to understanding the flow of capital across and within financial markets. Yes, I am jumping on the coattails of current headlines.  Suddenly, people who never considered derivatives trading are telling each other “credit is frozen,” and “the markets lack trust.”  Suddenly, it’s a bit easier to discuss knowledge management via analog to financial markets and capital flow.

Common between these two worlds:

• issues of trust, 
• expectations of reciprocity, 
• primacy of individual cultures, 
• expected rewards, 
• hidden agendas, 
• local authorities preferred when confronted with cross-organizational mission, 
• etc.

For the Project on National Security Reform (PNSR) we used systems analysis – with an emphasis on complex systems – to understand the challenges and ideas for reform.   This an augmentation to the study’s original reliance on organizational analysis, which can be normative regarding expected roles and functions.  If you approach a non-organization using an organizational lens, you will likely end at recommendations that speak of “headquarters staff size” or “unity of purpose.”  

Some of these organizational observations will be useful – the human capital team’s recommendation of a common approach to the national security workforce comes to mind.  But the use of an organizational lens alone will fall short of understanding how to employ leadership and management techniques best suited to a complex adaptive system of functionally-oriented public agencies.

Therefore, while we present KM problems and recommendations in the PNSR report, it is essential to understand that – because of the market, or systems nature of the problem – fixing the KM problems requires a concomitant focus on human capital, process, development of a grand strategy, placing mission instead of functional resourcing, etc.  

(I’ve written of the problems and recommendations before, but wanted to place them in context one last time before moving on with my life.)

Without a systemic approach to reform, these KM recommendations alone will not solve the basic problem of helping the national security system know what it knows.

Knowledge management problems

• Sharing knowledge across organizational boundaries remains difficult.  Agency cultures still discourage information sharing, although this is changing at the “point of the spear.”  Interoperability across classified networks is difficult, to say the least.  Even when we can communicate, we lack a shared lexicon across national security interests – try having a conversation with someone who has spent at least 3 years working at DoD or State.  (Or Morgan Stanley.)
• Organizational learning is thwarted.  Not only does the new team find empty safes when they arrive, but there is a tendency (this last transition being an exception) among many new incoming national security teams to believe: “If these guys knew what they were doing, we wouldn’t be here.  What could we possibly learn from them?”
• The national security system lacks true global situation awareness.  A few cognitive truths here:  We don’t know our own biases.  We don’t fully understand how we make decisions.  Add to this the orientation of the functional organization, each interpreting new information within a group filter.  Now add stress, uncertainty, and you have a system where the only time a “common operating picture” is available is in the White House (or on Capitol Hill).  Lower in the ranks, it is extremely difficult to comprehend the global situation as it is unfolding.
• Current data systems do not provide or are not employed in a manner that promotes optimal knowledge sharing.  The state of public sector computing, while improving in some ways, remains abysmal.  Program funding solidifies the primacy of functional coherence over whole-of-government understanding.  Information systems still lack common data abstraction, business logic, and protocols.  And, thanks to our friends the technology vendors, government clients come to believe that buying “a portal” or “collaboration technology” solves this problem.  “We have collaboration – other agencies can come share their information on our portal!” “My agency has an enterprise license for Search.  Now everyone can find the information they need!”

Recommendations

• Provide Institutional  Memory Through NSC Librarian /Historian.  The National Security Council needs a library function to help it understand decisions across Administrations.  The Chairman, Joint Chiefs of Staff has an appointed term that crosses Administrations to provide continuity, let’s learn from this example.
• Establish Office of Decision Support on National Security Council.  Charter for this office is open to discussion, let them first tackle common security clearances – as the current efforts here lack inter-Agency authorities.  (Waivers are taking all the teeth – or at least the incisors – out of these efforts.)
• Establish Agency Chief Knowledge Officers and associated Council. The cadre of Federal CIOs are incentivized to provide secure, reliable, performing systems.  In other words, CIOs would maximize their bonus if all their ‘users’ died or otherwise stopped trying to use the systems.  Perhaps it is time to focus on the knowledge their users need to do their job.
• Establish a ‘Federal Information Services Agency.’ Stop talking and move to the cloud.  Get commodity IT services coordinated, get data servers out of downtown Washington, establish compatible GALs, stand up FISA to own the janitor and plumber functions of IT.  
• Subordinate Information Security Functions to Operations.  If you have had the delightful experience of deploying systems on a protected network, doubtless you have had to pass (multiple) security audits.  Have you ever heard of a security person filing an “operational impact statement” before locking down a firewall rule, closing off access to YouTube, or taking away flash drives?  It’s time the security professionals worked for someone – the current system places them in charge, and their decisions are unreviewable by the workforce.  We need to manage, not mindlessly work to reduce, risk.

And finally, in his Senate testimony (response to Q&A), ADM Blair – who was confirmed this week as the new Director for National Intelligence, pointed to these last two as essential reforms he plans to tackle immediately.  While efforts are underway, our recommendations involve removing the waivers inherent in the current executive orders and authorizing legislation.

• Establish Unified Security Classification Regime
• Establish Unified National Security Clearances

In talking about foresight, I’m reminded that this is not an attribute but a process.  No one “has” foresight, we look ahead – we envision.

In turbulent times, when we’re reminded of the Black Swan effects and the connected nature of things, we tremble at our inability to predict.  Truth is, our ability to predict only occurs when the world is relatively linear and stable – that is, anomalous.  We have built up such structures and have been the primary power for nearly a generation.  We have come to believe, until recently, that the world should be predictable. 

Let me illustrate, I beg your indulgence.

You are driving along Virginia’s Blue Ridge Parkway, Skyline Drive one evening.  You have set your sights on Staunton and plan to be there within two hours.  You hum along, thinking only of the dinner and wine that await you, dimly aware of your settings. As you drive, you are so
given to boredom that you have music to occupy your senses as you keep an even course.  Even if you experience a flat tire, you have preparations for that.  It’s the furthest thing from your mind, but the occurrence is normal enough that you have a jack and a spare.  If the spare is flat, well, you have AAA and a cell phone.  You aren’t thinking of this future, however, your mind is fixed on the evening’s upcoming Pinot Noir.

Then the tire blows.  And your daughter borrowed the jack.  Your phone has no coverage in this spot.  How big a spot, you don’t know. But now new possible futures are flooding your mind.  Someone may come by, you picture that scenario and how it would play out.  Even patting your pocket to ensure you have cash to compensate the Good Samaritan.

But no one comes.  You aren’t aware, but a freak rockslide closed the highway 45 minutes ago.  A Black Swan event, although there have been signs warning of such things on this road for years.  You are alone. You decide to walk to see if the cell coverage improves. Walking along the dark road, hugging the shoulder in case a car comes along, as night falls hard.

Unlike an hour ago, you are now much more aware of sounds.  Is that an animal?  If so, you try to guess its size and intent.  You are now
picturing personal futures that were completely unthinkable when you started your car this afternoon.  What if you trip and end up in a
ravine?

Does it hurt to die of exposure?

Then it begins to rain.

We can paint a similar picture, but this time by hearing a noise in your home at night.  Animal? Fallen object?  Intruder?  We flash to
several possible immediate futures, none of which were envisioned minutes earlier.

Implications for Policy Planning – Learn from Biology

What is common here?  We enter a period of heightened awareness as we simultaneously try to comprehend the changes in our environment and walk through possible futures.  This process cycles, as “new” futures enter our thoughts and obsolete ones are discarded.

These illustrations are my attempt to convey the following.  When we find ourselves off course:

1. We become more attuned to our environment
2. We focus mental energies as our bodies increase our capacity. ”From deep within your brain, a chemical signal speeds stress hormones through the bloodstream, priming your body to be alert and ready to escape danger. Concentration becomes more focused, reaction time faster, and strength and agility increase. When the stressful situation ends, hormonal signals switch off the stress response and the body returns to normal.” (NIH)
3. We model possible futures, thinking through steps and working out actions we may take.  (I’ll need a weapon if it’s an intruder.  I left a knife on the counter.”
4. We explore/probe the environment. (“I’ll walk just a little further in this direction, maybe the coverage comes back.”  ”I’ll open the door now, make some noise.”)
5. Based on what we experience next, we return to step 2 until we have a path that appears to resolve matters to our satisfaction (our perception of “satisfaction” changes as the crisis deepens).

In the current global climate, therefore, foresight and policy should become more fluid and iterative.  Adopt the mindset that this is a process, not a state.  As Eisenhower warned, “Plans are nothing, planning is everything.”

• Establish mechanisms to listen
• Focus our energies on learning interdependencies, weak links
• Cooperate more, trust more, with allies and the indifferent. We need others more than we realize, for the weak signals in the environment may be discernible to them.
• Establish a rigor of visioning, building on futures analysis.  I found a reference online that said in 1974, the House Committee on Committees stipulated that each Committee “shall review and study on a continuing basis undertake futures research and forecasting on matters within its jurisdiction.”  If true, this is extraordinary.  And a hook by which we can begin today.
• Explore, probe, experiment.  Is today’s economic crisis the end of Bretton Woods, or Westphalia?  Or does the surge towards nationalization of banks and industry represent a resurgence of Westphalia, perhaps its last?
• Rinse and repeat.

The Obama Adminstration is committed to an open and transparent government, leveraging current technology and principles of business and public sector collaboration that are revolutionizing the way we work and live.  This generation is writing their own encyclopedia (Wikipedia.org), spreading information virally (digg.com, twitter.com, blogs), and is constantly connected to their friends and colleagues through cell-phone texting and other social media. 

This is not only about technology, but behaviors.  Books such as Shirky’s “Here Comes Everybody,” Covey’s “Speed of Trust,” Barabasi’s “Linked,” Surowiecki’s “The Wisdom of Crowds” and Tapscott’s “Wikinomics” point to the power of networked minds to sense, attend, and act.  What we are seeing is a convergence of technology and networked social behaviors and the effect on organizations.  In science, we see the convergence of network science and complexity.  The hallmark of globalization is simply the unparalleled depth and breadth of our universal connections.

We have come a long way from the “CNN effect” noted during the 1990 Gulf War, when private industry connected citizens to government information on a (then) unprecedented scale.  Technologies and citizen expectations continue to evolve, such that it is now time for government to become proactive and thoughtful regarding a potential transformation in how we govern, coordinate, and collaborate in the world’s oldest Democracy.

The “seat at the table” initiative during the Transition marked an extraordinary step away from previous transitions and policy deliberations.  Washington has a history of boardroom politics combined with a “culture of leaks;” leading to many off-the-record “non-meetings” to consider policy options. This allows interest groups to advance their agenda in a closed market of ideas, where the citizen and long-term innovation are not well served.  We wish to explore the vastly increased opportunity for disseminating government information, coordinating across “the interagency,” and opening up decision-making to allow for broader participation in addressing the many challenges in the nation’s inbox.

One critical aspect of mass collaboration is the serendipitous connections that can be made.  One value of the Twitter concept is the persistent presence application – an ongoing party line conversation that includes shared links, observations, and general information.  The UK Prime Minister has 5,000 followers, which doesn’t sound like much until you realize that information of broad interest is likely to be re-broadcast across the networks each of those followers joins.  This is a network standing by to provide loose connections across international information networks.  If the Prime Minister sends a note of import, it will quickly spread as a virus.  It will appear on the 5,000 followers, some of whom will re-transmit it as a repeater network. In addition, people who have RSS feeds set against specific search terms that occur across the Twitter conversations will receive the information.

We need to stop thinking of collaboration as only associated with a specific team or problem.  We may want to establish connections with people in order to anticipate trust networks we may need in the future.  

Some Issues

Thank you for the opportunity to tell my brief story about the events of 20 January, 2009.  With my Purple Ticket to the North Standing Area in hand, I arrived at the intersection of 1st and Louisiana at 0800 to find a line along the fence and up 1st street.  This line appeared relatively orderly for the most part, but it appeared to be merging with another at the 1st and C St intersection.  I found two policemen standing near the fence and asked them which line was for Purple tickets.  One responded:  ”This along the fence is the Purple line, and it goes up 1st Street.  These other people are from the Yellow ticket line.  We tried to keep them apart earlier, but it’s pretty much a mess now.”

I took my place halfway up 1st, towards 1st and D St.  1st St. was wall to wall people, and we had to squeeze to let the occasional wheelchair through – people headed to 1st and D St.

0944 ET, 1st St

  Inevitably, these people would come back through the line headed South, which told me there may be something blocking 1st and D.  My time  on 1st St was spent avoiding frostbite and watching the officials on a nearby rooftop scan the crowd.  At one point, voices started singing “we shall overcome” very softly – but with a modified second verse: “Deep in my heart, I do believe, we shall get inside someday.”

By 1030, I reached the intersection of 1st and C St again, hopeful that I would be able to enter before the ceremony.  People around me started to question why we weren’t hearing the music scheduled for 1030. This is when I realized there were no loudspeakers near us – if we did not gain entry, we would not be witnesses in any sense of the word.  More troubling, the two policemen I spoke with earlier were now gone.  People were standing on the jersey wall barriers, and the line had lost all integrity.  The crowd was packed in tighter, and was merely a large disorganized mass covering the 1st and C St intersection.  This satellite view from 1119 ET  

1119 ET, The "Line" at the Purple Gate

shows the extent and organization of the Purple ticket line.  By 1100, the rooftop officials were also gone, and the only authority consisted of a woman’s voice over a megaphone repeating ‘This line is for Purple ticket holders only!’ This was followed by many holding their tickets aloft – all of them purple.  The lack of security alarmed many, and people started to give up, voicing their fear of mob dynamics.

I gave up and headed towards Union Station, but noticed that the crowd of people further East along C St appeared to be closer to the actual entrance – and so I joined them.  I eventually got within 30 feet of the entrance, but it was noon and the doors slowly closed on us.  A few voices from the back called out for us to rush the gate, but thankfully this idea was shouted down quickly – there were parents with children in the street and, for once, maturity won out.  Given that our group was physically pushed back as the gates closed, I believe the security personnel and gate would have been easily overwhelmed had we taken a more radical stand.  People around me heard the oath of office in my wife’s voice, as she repeated it from home over my cell phone as it happened.

What you cannot see from this satellite photo is the elderly woman of color from Kentucky who came with her special ticket to be part of something ineffably transforming.  I will not soon forget her quiet tears as the doors closed on her day.  The most watched event in our lifetime was invisible to her and thousands of others.  

1206 ET, 1st and C St

Beyond my personal anger, and this woman’s irretrievable loss, this is my chief concern: According to the Washington Post, authorities claimed initially that all ticket holders were admitted, a claim made around 1330 ET and then quickly retracted. Why would officials lack information about the crowds outside the Purple and Blue gates, fully 90 minutes after the gates closed?  It appears local authorities had no situational awareness regarding the crowd, a most troubling observation given our times.  In addition, there are anecdotes claiming that people with Silver tickets overwhelmed their gate and obtained access to the Mall grounds.  If true, this means people were on the Mall without having gone through the extensive security screening. Again, local authorities did not seem aware of this.

Beyond the lack of any visible authority outside the Purple gate, the sight of police chiefs congratulating themselves on a job well done – self-praise that appears to have been based on an incomplete awareness of events – is most troubling.  On this day, law enforcement was not good – it was lucky.

[Update 1/25: Senate Sergeant-at-Arms Gainer finally "gets it."  This just reinforces my point that basic situational awareness was not present - no presence, confused roles and responsibilities, and reported communication problems among authorities according to this Washington Post article.  Their latest excuse:  They depended on a large number of no-shows, based on past inaugurations.  Classic prediction error, even in the face of data patterns that indicated people felt, shall we say, differently about this new president.]

Soon after I began using Twitter, I thought – this is exactly what my company needs.  But, you know, “inside the firewall.”  That’s the way we boomers think, in terms of these ancient concepts like “firewalls.”  Something like feeling protected against invasion in New York City because there’s a natural moat around the city walls.  Yes, there are bridges, tunnels, ships, but that’s ok.  The moat has rules, we’ll be safe.

Anyway, what if the only people on Twitter were people who worked at my company?  What a great way to keep track of ideas, needs, questions – all in a searchable archive. All knowledge is fragmented, so intuitively the ability to survey information fragments promises great value.  

Along comes Yammer, a service that provides exactly this.  The only way to get an account for your company on Yammer is to provide an email address from your domain.  Presto, the only voices on your Yammer, um – I’ll call it subnet – are fellow employees.  I embraced the idea, encouraged others to do so.  

But something nagged at me.  In order to “appoint an administrator,” the company had to buy the service.  ”Own” your Yammer capability, else the community is adrift and unregulated.  This is completely fair, in my view.  Some companies, however, apparently use Yammer without going to the bother of administering the list.  After all, you have all the functionality of Twitter for no cost, why pay Yammer’s rates?

Because if you do not, you have no promise of security for the conversations you are having on Yammer’s servers.  Put aside for a moment the idea that you are having potentially proprietary conversations on a server outside that pesky firewall – that happens all the time.  But it happens under service-level agreements, with a contract to preserve data in case the company is party to litigation requiring legal discovery – to name one contingency.

Brief sidebar on discovery, which can be extremely costly (disclaimer: my father is the lawyer, I have a different yet higher degree than he does).  The Federal Rules of Civil Procedure (link is pdf) were revised in December of 2007.  Here is a relevant snippet:

(B) Specific Limitations on Electronically Stored Information. A party need not provide discovery of electronically stored information from sources that the party identifies as not reasonably accessible because of undue burden or cost. On motion to compel discovery or for a protective order, the party from whom discovery is sought must show that the information is not reasonably accessible because of undue burden or cost. If that showing is made, the court may nonetheless order discovery from such sources if the requesting party shows good cause, considering the limitations of Rule 26(b)(2)(C). The court may specify conditions for the discovery. [emphasis added]

So if you are a party to a lawsuit, even if not the target, you may be required to furnish conversations from Yammer servers.   Companies keep this in mind when they sign agreements with Salesforce and other hosted solutions, but that unpaid Yammer party line poses a problem. 

In the world of risk management; this is a low probability, high impact event.  You probably won’t be a party to a lawsuit (yes, I’m being tongue-in-cheek), but if you are, it will cost you in discovery costs that do nothing to advance your business interests.

However, we also have a high probability, high impact event.  I posed this question on Twitter – through the magic of the cloud, I received a helpful response from Yammer.  Here’s what I asked:

How do people on Yammer know they’re not talking with ex-employees?

The reasonable response from Yammer pointed me to a FAQ, where administrators can manage the Yammer list for their company.  This, by the way, means there is an administrative burden – assign this to HR or IT – adding a step to the outprocessing paperwork when someone leaves your firm.  If you have a paid Yammer account, add a step where someone goes in and removes their access from the list.

My conclusion: If you have an unpaid Yammer account, at some point, you likely have ex-employees listening to proprietary chatter.  This is not Yammer’s fault – they have no way to manage the employment status of your people.   If you value corporate proprietary information and do not want to pay Yammer, you may want to issue a policy telling employees not to use Yammer for sensitive conversations.  In which case, of course, they may as well use Twitter.

If I am mistaken, I welcome a correction – but I think the risk far outweighs the benefits.  Your employees have no good reason using an unpaid Yammer account to discuss business plans, project needs, client data, code, etc.  

Final disclaimer: I have no business affiliation with, or financial interest in, Yammer or any of its partners or competitors.  Wrote this without looking, Dad.