Homeland Security Watch

Comment by Dan O'Connor

July 27, 2012 @ 9:39 am

Thank you Phil

Your point of view on this resonates with me. I find the integration of Cynefin and OODA as both requiring context. Orientation without context adds greater distortion to observation and also allow for a bleeding of sorts from simple to chaotic. I have read a lot on Boyd and his work and find great relevance between trying to understanding or defining resilience and Boyd’s use of Heisenberg and Gödel.

The Heisenberg’s Uncertainty Principle simply states that there is a limit on our ability to observe reality with precision. We believe our observations to be very precise when in fact they are not. What is real is difficult to because we all come with our own set of criteria. Being aware of that predilection is an asset, I think. Gödel’s Incompleteness Theorem simply states that any logical model of reality is incomplete (and possibly inconsistent) and must be continuously refined/adapted in the face of new observations. Novel situations are dynamic and constantly morphing. Observations are subject to a myriad of factors and what the brain doesn’t understand the eye does not see.

Our ability to observe novelty is often thwarted by our experience and training with emphasis on heuristics to observe. I think being aware of these traps or patterns is akin to resilient thinking. Resilience in these contexts to me is surplus, overlap and margins. Being able to adapt and respond may require surplus time, assets, or other. When those margins begin to contract and the time/space relationship is shrinking or perceives to be, decisions are made under an artificial duress or the appearance of duress that exacerbates a decaying situation.

Speed and efficient observation in these cases are not the same thing.

I think being aware of cynefin and OODA at the very least enables someone to step back from a situational myopia and ask; what am I not seeing, observing, understanding, etc. I do not pretend to be an expert in these subjects. However, I find great utility in having diversity in backgrounds and expertise of others to form a collective of generality to see many facts seeing a spectrum of contextual orientation. I think Maslow nailed it here (pun intended) “I suppose it is tempting, if the only tool you have is a hammer, to treat everything as if it were a nail”. Too many like-minded, like experienced people may see the same thing or not see what may be readily apparent to others.

Comment by Lynn WHeeler

July 27, 2012 @ 2:35 pm

Part of Boyd’s briefing was contrasting the rigid, top-down, command&control structure of the US military going into WW2 with the German military structure. He would then comment that former WW2 officers beginning to permeate US corporate leadership was starting to contaminate the US corporate structure with similar rigid, top-down command&control paradigm. Rigid, top-down, command&control paradigm was inhibiting the ability to recognize and adapt to changing circumstances (undermining OODA-loop).

Comment by Philip J. Palin

July 27, 2012 @ 4:30 pm

Dan and Lynn: In eco-systems resilience is almost always enhanced by diversity. Sounds like you both think this is also key to the resilience of human organizations. Diversity is not stress-free in non-human settings. But in the long-run (sometimes even in the short run) it pays dividends.

Yet diversity is also a source of complexity… yes? Are you saying effective habituation to complexity may serve to cultivate resilience for chaos… and even disorder?

Comment by Lynn Wheeler

July 27, 2012 @ 6:34 pm

our last product before leaving IBM was high-availability/cluster multiprocessing … which required doing a lot of study about how things failed. it isn’t diversity and complexity directly … it is no common modes/points of failure. random diversity and/or random complexity … may or may not have common ways or place of failure. if you have no idea about ways things fail … then going for random diversity may be just wishful thinking that they won’t have common failure/vulnerabilities/exploits.

other areas where it plays is multi-factor authentication, presumed to be more secure with implicit assumption that the different factors have unique/different vulnerabilities … which may or may not be true. For instance pin-based magstripe debit cards were presumed to be “more secure” … pin typically treated as countermeasure to lost/stolen card. However, a common exploit for decades is compromised end-point (atm machine, pos terminal, etc) that has been able to harvest both pin&magstripe information … invalidating the assumption about multi-factor authentication having independent failures/exploits.

rigid, top-down, command&control paradigms tend to be susceptible to single/common failure/vulnerability modes.

Comment by Philip J. Palin

July 28, 2012 @ 5:13 am

Lynn, Another question: A small group of supply chain operators are engaged in a parallel process of vulnerability analysis. They are each attempting to better understand how things have failed and may fail. The process is the same for each, but each is conducting the examination independently. They then intend to consider what vulnerabilities, sources of failure, they share… with the thought they will collaborate in mitigation.

But I may read in your comment a caution?

Comment by Lynn WHeeler

July 28, 2012 @ 7:00 am

part of supply chain management tends to optimize by eliminating redundancy, increasing vulnerability to failures in such areas (that have eliminated redundancy).

in rigid, top-down, command&control structure, group-think can be frequent culture paradigm. group OODA-loop sharing sould enhance group operation … but non-sharing may be an attempt at countermeasure to pervasive group-think culture (some of this comes through in Boyd’s Organic Design For Command & Control briefing)

at early financial industry critical infrastructure meetings, industry representatives didn’t want to share because 1) they viewed vulnerability information as competitive advantage and 2) they were worried that ISACs might be subject to FOIA and they didn’t want pervasiveness of exploits leaking to public (way ahead of worries that exploit techniques would leak to the bad guys).

Comment by Lynn WHeeler

July 28, 2012 @ 8:20 am

minor side-track … we were tangentially involved in the cal. state data breach notification legislation having been brought in to help word-smith the cal state electronic signature legislation. Many of the parties were also heavily involved in privacy issues and had done extensive, in-depth public surveys. The #1 issue was identity theft, primarily the form of “account fraud” (fraudulent financial transactions) frequently as the result of data breach. The issue was that little or nothing was being done about such breaches (aka normally entities take exploit countermeasures motivated by the risk to themselves … the fraudulent financial transactions as a result of the data breaches were against individuals … not the institutions having the breaches … so there was no self-interest involved). There was some anticipation that the publicity from the data breach notifications would motivate institutions to take countermeasures (also provide individuals opportunity to close accounts involved in the breaches).

In the more than decade since the cal. state data breach notification legislation, there have been lots of federal bills introduced … about evenly divided between those similar to the cal. legislation and those that would effectively eliminate notification (sometimes cleverly worded requiring breach to involve combinations of personal information that rarely occurs in the real-world)

Comment by Philip J. Palin

July 28, 2012 @ 8:38 am

Lynn, Thanks. In this particular case I think the supply chain owners/operators have seen it is in their self-interest to share — for reasons close to what you outlined. They are conducting individual vulnerability analyses specifically to avoid group-think. But they are using a common methodology to encourage sharing. They have also involved a china-breaker specifically to challenge group think.

Based on the results of the vulnerability analysis they will conduct a joint exercise where they will try to cause more failure. From all this activity they are attempting to identify where they should focus their mitigation efforts. I can imagine the group-think risk becoming more acute as there is an attempt to focus in one place and not another. But we’re not there yet.

There is no command or control. No one is required to be at the table and they participate as they want. So far they have collaborated because they find the process more creative and productive than trying trying to achieve the same goals alone. Some have said they are already handling internal difficulties differently than before. None have yet been faced with an acute challenge to test the results… and in any case it is very early in a process.

A very different network than those on which you are reporting, but it sounds like the same principles largely apply.

Comment by Lynn WHeeler

July 28, 2012 @ 2:06 pm

Lots written about group-think, conformity and hierarchy are epidemic in the culture … with non-conformity being beaten out from early age; … then how to reverse the process and foster innovation.

IBM under Watsons had culture where it was claimed “wild ducks” were needed. Then in the mid-70s the company had a major stumble that precipitated major change in the corporate culture … and after that the joke was wild ducks are tolerated so long as they fly in formation.

Boyd would talk about observing from every possible facet … image the OODA-loop is perimeter of a circle with the subject matter in the middle and constantly circling to observe from every possible perspective.

Isolating multiple teams helps as countermeasure to group-think … but it is also useful to give the teams slightly different directions/starting-point to encourage taking different perspectives. This also shows up in red/blue teaming.

Comment by Arnold Bogis

July 29, 2012 @ 8:54 pm

To be upfront, while I know the OODA loop and of Boyd in general, I’ve never read his work. However, this doesn’t stop me from clarifying one assertion and asking a question.

First the assertion. Dan wrote: “The Heisenberg’s Uncertainty Principle simply states that there is a limit on our ability to observe reality with precision. We believe our observations to be very precise when in fact they are not. What is real is difficult to because we all come with our own set of criteria.”

I’m assuming (maybe hoping?) that Boyd used Heisenberg’s principle as a metaphor. The actual Principle addresses measurement at the sub-atomic or quantum scale. In fact, measurements at the “everyday” scale where Newtonian mechanics and relativity hold sway are INCREDIBLY precise. Even quantum mechanics makes predictions of energy levels and whatnot that have proven accurate to ridiculous levels of precision. Heisenberg cared nothing about criteria or what was brought to the table, only the interaction of the particles to be measured and those used to measure. It is math, not psychology.

The question. Lynn wrote: “Part of Boyd’s briefing was contrasting the rigid, top-down, command&control structure of the US military going into WW2 with the German military structure. He would then comment that former WW2 officers beginning to permeate US corporate leadership was starting to contaminate the US corporate structure with similar rigid, top-down command&control paradigm.”

What’s interesting is that I’ve heard something similar to the first sentiment, but replace “US” with “USSR” and “German” with “US.” But my question has to do with the corporate comment. Was Boyd caught up in the late 70s, early 80s fear of US decline and Japanese economic rise? I have no background in business, but I’ve always had the sense that different corporations have different degrees of freedom in terms of decision making but that few, if any, don’t adhere to a basic top-down model. It worked for decades, than didn’t, then was the envy of the world, and then wasn’t, etc. When the US economy is doing well, our “system” works better than everything else. When it isn’t, the almost-same system needs to be radically changed…until it starts working again.

Phil, your comments about transition among the Cynefin quadrants reminds me of the concept of “emergent crises” as put forth by Dutch Leonard and Arnold Howitt of Harvard: “But some forms of crisis do not arrive suddenly. They fester and grow,arising from more ordinary circumstances that often mask their appearance. We term such situations emergent arises – a special and especially difficult category.” For further explanation and the difference from what they term “routine emergencies” and “crisis emergencies,” see:
http://www.hks.harvard.edu/var/ezp_site/storage/fckeditor/file/pdfs/centers-programs/centers/taubman/peril_new.pdf

Comment by Philip J. Palin

July 30, 2012 @ 5:18 am

Arnold: Thanks. I will let Lynn and Dan respond as appropriate… and as they wish. As you know, I am persistently metaphorical. Even my rare quadratic equation is more analogy than analysis. Dan and Lynn are clearly more familiar than I with the John Boyd canon.

Regarding Cynefin and “emergent crises”: There are clearly situations where a seemingly “simple” challenge is the presenting aspect of what is really a complex or chaotic event. Drought is an example. The appropriate response to a “routine” drought (one or two years) is dramatically different from the appropriate response to long-term drought. The initial response to the perceived routine can easily exacerbate the crisis.

Comment by Lynn Wheeler

July 30, 2012 @ 8:00 am

I was blamed for online computer conferencing on the internal network in the late 70s & early 80s (internal network was larger than arpanet/internet from just about the beginning until late 85 or early 86). Part of the discussion was the downside of the rise of MBA culture and religion of quarterly numbers … and its contributing to gradual deteriorating US business.

This corresponded to some of the observations of what was happening to corporate America in Boyd’s briefings. Part of Boyd’s briefing was that a motivation for the rigid, top-down, command&control structure was having to deploy huge numbers with little or no experience and leverage the very few skills available. Part of the contrast was German army with 3% officers to the 11% (growing to 20%) officers needed to maintain rigid, top-down, command&control structure.

The implied assumption that only those at the very top know what they are doing has been used to justify the ratio of US corporate executive compensation to employee compensation exploding to 400-500:1 (when it had been 20:1 for a long time, and 10:1 in much of the rest of the world). Last night I was watching CSPAN rebroadcast (originally early June) of Stiglitz about his new book where he had some discussion of the same ratio (but he mentions it may have reached 1000:1 in some places).

Boyd’s point was that the rigid, top-down, command&control structure can continue in relatively static environment … but the culture has much less ability to be agile and adaptable. From Coram’s Boyd biography, pg337:

But Eisenhower did not understand this kind of conflict and, at the very moment of victory–egged on by jealous and conventional British officers–he grew afraid for Patton’s flanks and supply lines and ordered Patton to stop. The Germans were amazed at the respite. One school of thought says that Eisenhower’s timidity cost another six months of war and a million additional lives.

… snip …

Boyd would comment that WW2 US strategy, in addition to rigid, top-down, command&control structure, was massive overwhelming logistics and resources …. which then translates in to tactics of “attrition” that continues to this day (winning by being last man standing in head-to-head slug fest).

Boyd developed a separate briefing (to compliment “Patterns of Conflict” and OODA-loop) called “Organic Design of Command and Control” which goes into alternative ways of running organizations.

Comment by Lynn Wheeler

July 30, 2012 @ 9:03 am

Something similar runs in this (linkedin, closed) “Greater IBM” discussion about recent articles on “Microsoft’s Downfall” and comparison to IBM and long slide after significant change in culture from the early 70s … part of my post archived here:
http://www.garlic.com/~lynn/2012j.html#32 .
and
http://www.garlic.com/~lynn/2012k.html#15

issue was corporate culture’s inability to adapt to changing environment (myopic focus on extreme optimization of the existing environment and inability to recognize change) … this has some reference to what Gerstner found when he was brought into IBM to resurrect the company … I’ve recently pontificated frequently in several foras
http://www.garlic.com/~lynn/2012g.html#82

Comment by John F. Morton

July 30, 2012 @ 9:16 am

Eisenhower was a disciple of Bernard Baruch. He worked on the Army’s first mobilization plans in the interwar period and thus came to the attention of MacArthur. His view was that modern industrial-era warfare was qualitatively different than any previous. Thus, warfare was a contest between industrial bases and was ultimately decided at that level. Thus, his emphasis on logistics and resources. That would align with the strategic airpower proponents of the time. More importantly, it aligned with the top-down, big government views that come out of WW I and Baruch’s War Industries Board that informed FDR’s various organization in EOP during WW II and following as another Baruch disciple, Ferdinand Eberstadt, set up the National Security System on 1947 and specifically the Nationsl Security Resources Board. The verity was centralized planning (viz. the New Deal)as relates to national security, WW II and the postwar the control over and controlled distribution of “critical materials.” All of that oriented in about 1944 toward shaping the postwar environment on the assumption that the war was won after D-Day. Since we are now in a post-industrial information era, there is need for a new paradigm. I put it to all that ICS is the paradigm of temporary, hierarchical networks and refer folks to a couple of IBM Center studies on ICS by Donald P. Moynihan. Any attempt in this era of centralized, top-down direction of resilience is doomed to fail. The ICS model as a governance model beyond just operational response must function on two axes, (1) the interagency axis, extending to the private sector and NGO mission partners and (2)crucially in this Federal Republic the intergovernmental axis extending from Federal, to state to local. ICS structures at these levels of public administration governance are action networks (Bob Agranoff’s term)or self-organized, directed networks with a hierarchy of hubs (Albert-Laszlo Barabasi). We must learn from the British re resilience. The Federal government and to an extent state-level government can only be resilience enablers. Prioritization must drive from the bottom up and amalgamate as national resilience. In this day and age of complex interdependency, a top-down command and control construct yields only one outcome: an authoritarian, retrograde single point of failure representing a single interest not necessarily accountable to a sovereign people.

Comment by Lynn Wheeler

July 30, 2012 @ 10:51 am

Part of Boyd stories was that perspective in the Pentagon effectively devolving into procurement and budget. He highlighted it by a Vietnam airforce air-to-air missile story … which he had evaluated before Vietnam and predicted it would hardly ever hit. Come Vietnam and turns out he was correct. At one point air force general in Vietnam grounds all fighters and converts them to Navy sidewinders (which had much better hit rate). The general lasts 3months before being called on the carpet back at the Pentagon. Using sidewinder resulted in fewer US fighters/pilots being shot down (reducing airforce budget share) … but the absolute worse sin was increasing Navy budget share using navy sidewinder.

Story from WW2 was half the military budget went to planes and 2/3rds of that went to multi-engine (bombers). In 1944, FDR initiated study of effectiveness of US&RAF campaigns which found 8of9 strategic bombardment campaigns were failures, (aka 1/3rd of total WW2 military budget) contributing little to Allied victory.

Even Eisenhower warned about the MIC as he was leaving (claims are that he originally met to warn about military-industrial-congressional complex but shortened it at the last minute) … effectively the extreme focus on procurement and budget. More recently there have been articles about growing “Success of Failure” culture, the discovery by MICC that there is more money from a series of failures … than an initial success.

Comment by John F. Morton

July 30, 2012 @ 10:59 am

It just occurred to me that Schutz and Weick might shed some light on organizational decision-making. I have been assisting the Aegis BMD Office in my other life, offering insights at their request on the post-World War Two era, legendary and seminal aerospace projects like the aircraft programs of Skunk Works, the missile programs Atlas, Polaris and Saturn V and the Aegis area air and missile defense system. These were enormous and complex engineering development undertakings. Amidst an environment of strategic urgency and competing bureaucracies, program and project managers had to master organizational and planning challenges as they successively integrated often unproven technologies into systems of increasing complexity. These developmental advances succeeded by dint of what organizational theorist Karl E. Weick characterizes as high reliability organizations (HROs) and the institution of programmatic cultures of “profound simplicity.” Weick cites Esalen Institute social psychologist William Schutz, who coined the phrase, and writes of profound simplicity in terms of the progress of organizational understanding that moves through three stages: superficial simplicity, confused complexity to profound simplicity
“HROs,” writes Weick, “strive for profound simplicity. They understand that the means to move toward profound simplicity is through doubting the completeness of their assumptions, through experimenting, and through experiencing a wider variety of possibilities. They realize that when they distrust their simplifications they will feel confused, but they will also know that out of their confusion may come fuller understanding of what they face.”
For what it’s worth.

Comment by John F. Morton

July 30, 2012 @ 11:12 am

Lynn, I just saw your last post. I concur with strategic bombing. The vaunted Strategic Bombing Survey did indeed prove its dubious worth in winning the war. As a multi-generational Navy guy, I can attest how my father’s generation in the 40s were outraged at how the Air Force gamed the analyses vs. the Navy to support USAF strategic bombers for use against the USSR. This all supports my contention on centralized planning, since the USAF proponents were all part of FDR’s “cabal” that was behind the creation of the National Security System, the creation of DoD, the USAF, CIA and so forth. There is a through-line going from Dillon Read to Forrestal and Nitze to NSC-68 that needs to be properly characterized so we can see exactly what we have to escape in terms of models as we look at decision-making and governance in this new century.

Comment by Philip J. Palin

July 30, 2012 @ 4:12 pm

John and Lynn, Interesting give and take and evidently some shared conclusions. If you are still checking in, a question: Where, if anywhere, do you place W. Edwards Deming — or his disciples — in the narrative of how a command-and-control approach has undermined US corporations?

Comment by Lynn Wheeler

July 30, 2012 @ 6:43 pm

Early 80s, Washington Post(?) had article calling for 100% unearned profit tax on the US auto industry. Supposedly the auto import quotas were to reduce foreign competition and give US auto makers enormous profits which they were to use to completely remake themselves … instead they just pocketed the money and continued business as usual. 1990, the US auto industry had C4 “taskforce” to look at completely remaking themselves; they were planning on heavily using technology, so representatives from various technology vendors were asked to participate.

In the C4 meetings they could accurately characterize the competition and what they needed to respond (however as been seen they still weren’t able to actually make the changes, too interested in preserving the status quo). They characterized that the effect of the quotas on foreign competition was they realized that at those levels, they could sell as many high priced cars (as low priced cars) which further removed downward price pressure on US autos (contributing to even larger profits). Complete change of product motivated them to totally redo the process, cutting elapsed time to turn out new product in half. At the time of the C4 meetings the competition was in process of cutting the product elapsed time in half again … aka the foreign competition was able to react to changing market conditions and consumer preferences four times faster than US auto makers (aka agile and adaptable, more recently elapsed time was dropping below traditional model year, wasn’t just better quality).

In the 80s, We were having some gear built on the other side of the pacific. On one of the visits they showed off work they were doing in conjunction with Toyota. Auto wiring harness had one of the highest failure rates and cost to diagnose and fix … and they were working on replacement with dual rotating LAN. Later in the decade when I was on the XTP TAB, NOSC/SPAWAR was participant and working on something similar for SAFENET II.

Comment by Donald Quixote

July 30, 2012 @ 9:39 pm

Boyd: To be or to do.

Comment by Dan O'Connor

July 31, 2012 @ 10:22 am

Apologize for not getting back sooner.

Arnold;

Yes…it is metaphorical or rather thematic to better inference Boyd’s ideas on destruction and creation. In terms of waging war and decision making, Boyd’s integration of parts of Gödel, Heisenburg, thermodynamics, and a host of other aspects make up his idea of orientation. My additional comment was orientation and context was integrated.

Comment by J. Scott Shipman

July 31, 2012 @ 7:08 pm

Hi Dan,

Glad you weighed it. Many Boydian followers, however, don’t believe Boyd was being metaphorical. I got into quite an argument with one who took exception to my question.

Boyd said, “Doctrine on day one, becomes dogma every day thereafter.” Or, something very close.

His use of science must be seen a metaphor–in-spite of many who would object.

JSS

Pingback by Homeland Security Watch » Core characteristics of resilience

August 2, 2012 @ 12:11 am

[...] week we had an extended discussion of “Boydian” concepts.   At the core of John Boyd’s framework is our own [...]