The following is a "revised and extended" version of my remarks at the PNSR Futures Conference this week in Washington D.C. (PNSR = Project on National Security Reform.)
FINDING: The national security system is not organization, nor even a system of shared purpose. My observations lead me to believe it is better described as an ad hoc consortia of competing interests.
Assessing knowledge flow across this "system," therefore, is akin to understanding the flow of capital across and within financial markets. Yes, I am jumping on the coattails of current headlines. Suddenly, people who never considered derivatives trading are telling each other "credit is frozen," and "the markets lack trust." Suddenly, it's a bit easier to discuss knowledge management via analog to financial markets and capital flow.
Common between these two worlds:
- issues of trust,
- expectations of reciprocity,
- primacy of individual cultures,
- expected rewards,
- hidden agendas,
- local authorities preferred when confronted with cross-organizational mission,
For the Project on National Security Reform (PNSR) we used systems analysis – with an emphasis on complex systems – to understand the challenges and ideas for reform. This an augmentation to the study's original reliance on organizational analysis, which can be normative regarding expected roles and functions. If you approach a non-organization using an organizational lens, you will likely end at recommendations that speak of "headquarters staff size" or "unity of purpose."
Some of these organizational observations will be useful - the human capital team's recommendation of a common approach to the national security workforce comes to mind. But the use of an organizational lens alone will fall short of understanding how to employ leadership and management techniques best suited to a complex adaptive system of functionally-oriented public agencies.
Therefore, while we present KM problems and recommendations in the PNSR report, it is essential to understand that – because of the market, or systems nature of the problem – fixing the KM problems requires a concomitant focus on human capital, process, development of a grand strategy, placing mission instead of functional resourcing, etc.
(I've written of the problems and recommendations before, but wanted to place them in context one last time before moving on with my life.)
Without a systemic approach to reform, these KM recommendations alone will not solve the basic problem of helping the national security system know what it knows.
Knowledge management problems
- Sharing knowledge across organizational boundaries remains difficult. Agency cultures still discourage information sharing, although this is changing at the "point of the spear." Interoperability across classified networks is difficult, to say the least. Even when we can communicate, we lack a shared lexicon across national security interests - try having a conversation with someone who has spent at least 3 years working at DoD or State. (Or Morgan Stanley.)
- Organizational learning is thwarted. Not only does the new team find empty safes when they arrive, but there is a tendency (this last transition being an exception) among many new incoming national security teams to believe: "If these guys knew what they were doing, we wouldn't be here. What could we possibly learn from them?"
- The national security system lacks true global situation awareness. A few cognitive truths here: We don't know our own biases. We don't fully understand how we make decisions. Add to this the orientation of the functional organization, each interpreting new information within a group filter. Now add stress, uncertainty, and you have a system where the only time a "common operating picture" is available is in the White House (or on Capitol Hill). Lower in the ranks, it is extremely difficult to comprehend the global situation as it is unfolding.
- Current data systems do not provide or are not employed in a manner that promotes optimal knowledge sharing. The state of public sector computing, while improving in some ways, remains abysmal. Program funding solidifies the primacy of functional coherence over whole-of-government understanding. Information systems still lack common data abstraction, business logic, and protocols. And, thanks to our friends the technology vendors, government clients come to believe that buying "a portal" or "collaboration technology" solves this problem. "We have collaboration - other agencies can come share their information on our portal!" "My agency has an enterprise license for Search. Now everyone can find the information they need!"
- Provide Institutional Memory Through NSC Librarian /Historian. The National Security Council needs a library function to help it understand decisions across Administrations. The Chairman, Joint Chiefs of Staff has an appointed term that crosses Administrations to provide continuity, let's learn from this example.
- Establish Office of Decision Support on National Security Council. Charter for this office is open to discussion, let them first tackle common security clearances - as the current efforts here lack inter-Agency authorities. (Waivers are taking all the teeth - or at least the incisors - out of these efforts.)
- Establish Agency Chief Knowledge Officers and associated Council. The cadre of Federal CIOs are incentivized to provide secure, reliable, performing systems. In other words, CIOs would maximize their bonus if all their 'users' died or otherwise stopped trying to use the systems. Perhaps it is time to focus on the knowledge their users need to do their job.
- Establish a ‘Federal Information Services Agency.’ Stop talking and move to the cloud. Get commodity IT services coordinated, get data servers out of downtown Washington, establish compatible GALs, stand up FISA to own the janitor and plumber functions of IT.
- Subordinate Information Security Functions to Operations. If you have had the delightful experience of deploying systems on a protected network, doubtless you have had to pass (multiple) security audits. Have you ever heard of a security person filing an "operational impact statement" before locking down a firewall rule, closing off access to YouTube, or taking away flash drives? It's time the security professionals worked for someone - the current system places them in charge, and their decisions are unreviewable by the workforce. We need to manage, not mindlessly work to reduce, risk.
And finally, in his Senate testimony (response to Q&A), ADM Blair – who was confirmed this week as the new Director for National Intelligence, pointed to these last two as essential reforms he plans to tackle immediately. While efforts are underway, our recommendations involve removing the waivers inherent in the current executive orders and authorizing legislation.
- Establish Unified Security Classification Regime
- Establish Unified National Security Clearances