National Security

Increasing "Jointness" and Reducing Duplication in DoD Intelligence

When the Secretary of Defense asks you to do something, you need to heed the call, whether you are in government or not. He recently asked all DoD military and civilian employees to submit their ideas to save money, avoid cost, reduce cycle time and increase the agility of the department. He asked in a way that should generate many good ideas (for more see: ).  A small team of us have a bias towards one idea in particular.  This concept is being cross-posted on the blogs of several of the contributors, including Michael Tanji’s Haft of the Spear, John Bordeaux’s, Bob Gourley’ and Lewis Shepherd’s .  We hope you will give this concept a read. If the SecDef and his senior staff decide these ideas have merit your support may be needed in getting these ideas some much needed traction.

Increasing “Jointness” and Reducing Duplication in DoD Intelligence

by Chris Rasmussen

with contributions from LCDR John D. Ismay, John Bordeaux, Bob Gourley, Michael Tanji

This paper was submitted to DoD’s INVEST (Innovation for New Value, Efficiency, and Savings Tomorrow) contest on September 23, 2010.

The explosive intelligence spending over the last decade initiated by the 9/11 attacks has been both a blessing and curse. The initial spending was a warranted blessing but as time passed it turned into a curse that created far too much duplication of effort, fragmentation, and sprawl throughout the United States Intelligence Community (IC). The initial infusion of cash dovetailed with a renewed focus on information sharing and “collaboration,” which was emphasized in the Intelligence Reform and Terrorism Prevention Act (IRTPA) of 2004. While modest gains have been made in breaking down “stovepipes,” the initial energy of these “collaborative” efforts has waned and increased spending has largely cemented bad habits: siloed analytic reporting that fuels massive duplication of effort. If these negative trends continue and a new “joint” business model is not adopted wholesale, the promise that sparked IRTPA is in danger of being unrealized. A move way from the newspaper-like “finished intelligence” model to a “purple intelligence” model more aligned with Internet-enabled global trends in content-centric enterprises will increase analytic “jointness” and reduce duplication–saving billions of dollars and resulting in improved intelligence insight.

Each intelligence agency still behaves much like an independent newspaper writing whatever it wants with limited coordination with other agencies. As newspapers around the world are going bankrupt due to the changes in content creation and delivery of services over the Internet, the Intelligence Community is moving in the opposite direction: more editorial control in the form of “finished intelligence” (vertically vetted projects within an agency) posted to “portals.” This trend ignores the democratizing and crowdsourcing trends of the Internet which are changing the world of personal electronics, software development, consumer spending, content delivery and creation.

The majority of the US Intelligence Community is comprised of Department of Defense (DoD) elements. The “INVEST” ideas expressed in this analysis can be applied to the broader IC, which is beyond DoD control, but the cost saving suggestions of this paper should be applied to DoD elements first to set an example. The term “IC” (Intelligence Community) throughout this paper largely refers to the intelligence agencies of DoD such as DIA, NGA, NSA, the service intelligence elements, and combatant command elements.

Observers of transformation underway in commercial organizations often note that organizations with smaller budgets deliver far greater capability. Many of these small budget commercial capabilities are not only disrupting and shifting markets, but often are delivering capabilities that are more powerful than the legacy systems they displace. Some of the greatest use cases in this area are those observed in the displacement of old-fashioned newspapers for outlets of information. “New” content sources are often of higher quality, greater relevance, and available at much lower costs (almost free!) Since the IC is in dire need of higher quality and more relevance – and all in the federal sector are in need of economical alternatives – lessons from this sector are important to consider.

The literature regarding innovation is clear – technology and process innovation can be put to use as an incremental improvement to existing operations, or can used to disrupt existing operations in pursuit of transformation. One famous case study compares the incorporation of individual online trading technology into the business models of Charles Schwab and Merrill Lynch. Lynch assigned the same brokers, with the same incentive programs, to add online trading to their portfolio. There were no individual incentives to tend to the new channel – and no disruption to the business model was expected or desired. One innovation author notes the contrast with the approach taken by Charles Schwab, which immediately “created a separate business unit to conduct online trading and made a masterful transition to the computer-centric investment management world – ultimately phasing out its original broker-based business unit…the new unit operated at much higher trading volumes and significantly lower costs than those characterizing the traditional business.” The IC cannot continue to marginalize potentially disruptive innovations and hope to thrive in a rapidly changing threat environment.

Intelink and Intellipedia

Intelink, launched in 1994, was an internal governmental response to extend the budding HTML and web browser revolution forming on the Internet to the IC. Websites began to proliferate from PACOM to the CIA to the NSA. In addition to agencies posting “their” content, some agencies started to expose traditional cable traffic – previously bound to dissemination lists – to Intelink for broader discoverability. This could be considered the IC’s “Web 1.0” phase.

In 2005, Intelink started to host a series of “Web 2.0” tools such as wikis, blogs, social bookmarking services, and document storage all of which were indexed by Google Search Appliance. This move was a surprise to many: the stodgy and security conscious IC was moving ahead of many private sector companies with its use of Web 2.0 tools behind the firewall (dubbed “Enterprise 2.0”) to increase knowledge transfer and information sharing. The flagship application in Intelink’s tool kit was Intellipedia—a wiki built upon the same software that drives Wikipedia hosted on all three security networks: JWICS, SIPRNET, and NIPRNET.

Intellipedia is a media darling. The underlying message in the press was “if the IC can use a wiki, so can our company.” Intellipedia and other Intelink 2.0 tools have impressive registration and activity rates and inspired many throughout industry, government, and academia to pursue the “wiki way.” After almost five years of “collaboration” as an industry leader, it is long past time to consider the result. Intellipedia boasts many collaborative successes by facilitating insights among analysts, but this is marginal change. The underlying assumptions regarding the prevailing finished intelligence workflow have not been questioned. In fact, much of Intellipedia’s “success” is rooted in transforming non-analytic work.

Intellipedia has proven effective at reducing the amount of email and streamlining basic administrative work common across the corporate world. Posting office and administrative content (such as concept of operation documents, requirements lists, software design de-bugging matrices, and meeting minutes) to Intellipedia is helpful, but it fails to reach the core function of the IC. The IC’s core business function is analytic output, to date unchanged by this information sharing “revolution.”

Let’s assume that every “enabler” office within an agency (such as human resources, IT, investment, legal, acquisition, logistics, training, etc.) achieves transparent office status, thereby reaping the benefits of crowdsourcing and data discovery, while the analytic core of the agency does not? The result is limited transformation: the primary function of an intelligence unit is analytic output and all “enabler” functions exist to support analysis. The “revolution” is incomplete.

From the perspective of structural analytic transformation, “2.0” tools have done little to reform the approach to analytic “production.” The analytic core is trying to use the “new web” to tell stories in a different way but is falling short for two primary reasons: 1) The “2.0” tools still remain as a complement—not an alternative—to the existing production processes used to create the 50,000 products a year published across the IC and rising. 2) A vast amount of stock content is pushed out in traditional dissemination channels with much overlap. Some have argued Intellipedia is a “knowledge base.” If it is a knowledge base then finding links to base knowledge in “official” or “tailored” content should be easy. It is not. In fact, there are very few links to Intellipedia in official agency output – because it’s not “officially” trusted.


Launched in 2007, A-Space is a virtual work environment where analysts connect with other analysts, ask questions, and see what their colleagues are doing. The result is similar to Facebook’s news feed. A-Space is a good place to “think out loud” and ask questions in threaded forums but as Intellipedia before it A-Space is struggling because it doesn’t address reforming or replacing the finished intelligence process.

Patrick Neary, former Deputy ADDNI for Strategy, Plans & Policy, noted: “Analytic Transformation (AT) has as its tag line ‘unleashing the potential of a community of analysts.’ While each of [its] initiatives will—if and when they are successfully deployed—improve the daily routine of community analysts, it is entirely unclear when a transformation in analysis will occur. While the AT initiatives are necessary preconditions to analytic reform, they do not address the decentralized management of analysis or the product-centric analytic process. Real reform in analysis will require agencies to give up proprietary products and share customer relationships, establish new rules facilitating on-line collaboration, and focus more on intelligence as a service than a product.”

The decentralized management of analysis manifests itself in many ways, but the most glaring is that agencies can write “products” on any topic with limited to no coordination with other agencies. They then disseminate those products to their “customers” often without the benefits of “upstream,” joint collaboration. This practice creates incredible amounts of overlap and duplication. The gusher of intelligence spending increased duplication because it simply augmented the siloed habits of analytic production.

The Washington Post series “Top Secret America” revealed: “Many security and intelligence agencies do the same work, creating redundancy and waste. For example, 51 federal organizations and military commands, operating in 15 U.S. cities, track the flow of money to and from terrorist networks.” Many in the IC argue that the “Top Secret America” series was sensationalist and some parts of the story were inaccurate, which is true. However, the observation above is accurate and is a microcosm of the larger problem of excessive duplication fueled by increased spending.

As with most public sector organizations, the application of private sector insights must be tempered by the understanding that private sector goals of efficiency will not always apply. The IC is not designed for efficiency. It’s designed instead to be effective with purposeful overlap built into the system to catch things that may slip by a single entity. A popular saying within the IC is: “one man’s duplication is another man’s competitive analysis.” This axiom is partly true but is too often used to legitimize excessive overlap. For example, five to ten units working the same topic is probably effective but no one can honestly argue that 51 organizations working on the same issue is effective. This inability to scope “sufficient” redundancy leads to uncontrolled costs and a lack of accountability. While efficiency may be sacrificed for effectiveness, this should not translate into rampant task duplication with no cost ceiling or metrics for governance.

Another expression of excessive duplication can be seen in how A-Space is currently being used. A-Space is built around “workspaces” which must be named. Analysts from across community can focus talent and energy on a topic and gain new efficiencies through a combination of “crowdsourced” workflow and the “in-house” work of their team. Unfortunately, this is not really happening. Analysts are projecting the organizational construct of offices, sub-offices and “fusion centers” working similar issues into the potentially “flat” A-Space. For example, there are over 100 workspaces dedicated to Iran. A workspace simply named “Iran” is too generic and more specific workspaces such as “Iran’s Conventional Military” are needed to manage the workflow. But, as previously noted, 25 workspaces devoted to Iranian topics would probably be effective but no one can honestly argue that over 100 is generating synergy.

Goldwater-Nichols Analogy

Many have commented that the IC needs to model the Goldwater-Nichols Act of 1986 to create more “jointness.” Prior to Goldwater-Nichols each military service “trained, acquired, and equipped” and also conducted operations virtually independently. Goldwater-Nichols took war planning and operational powers away from the military services and centralized it to a “commander” of a geographic or functional command. Goldwater-Nichols did several other things: it made the Chairman of Joint Chiefs of Staff the primary military advisor to the President replacing the confusion that resulted when each service chief gave disparate advice. Also, it mandated that flag officers serve in a joint duty assignment in order to receive further promotion. These stipulations of Goldwater-Nichols are outside the scope of this paper but I’d like to focus on the services losing operational power and apply it to the IC.

Goldwater-Nichols created jointness in the military because the services traded off some power to bolster a more effective central entity. The Intelligence Reform and Terrorism Prevention Act of 2004 created the DNI and set in motion many reforms but it did not stipulate that intelligence agencies would have to trade off any power to bolster a command or center like Goldwater-Nichols. The agencies “train, acquire, and equip” but also conduct operations independently much as the military services did prior to Goldwater-Nichols. For the most part, the IC does not conduct kinetic operations like the military, rather the IC’s “operations” are its analytic and collection functions. Some argue something similar to Goldwater-Nichols cannot work in the IC because it’s spread across five cabinet departments unlike the military services which are all under DoD. There is some merit to this argument from a command and budgeting perspective, but this does not detract from the overall message: achieving analytic jointness and reducing duplication with a series of DoD Directives – specifically aimed at removing some of the independent analytic power of agencies, service components, and combatant commands.

Balancing the corporate voice with crowdsourcing

No single agency recognizes any of the content in Intellipedia or A-Space to be “official.” In fact, most of the interaction and content in these social tools is described as “good for collaboration but not the product.” The IC’s product-centric view of intelligence is at the heart of the analytic transformation problem and most “solutions” simply treat various symptoms. If each agency uses “2.0” tools to “coordinate,” but the content creation power lies independently within the finished intelligence process, the analytic transformation movement has gone as far as it’s going to go.

The main objections to Intellipedia and A-Space as “official” sources are that both spaces are too uncontrolled and there is difficulty determining which content “speaks for the agency” within individualized social media platforms. The “agency voice” in finished production is trusted to address issues of accountability, vetting, and records management. Some of these virtues are over-stated in the current system where slapping an agency or command logo on a report imbues the product as being more trustworthy and accountable than any social software-based content. Nonetheless, the IC’s obsession with agency logos is here to stay so a compromise was struck.

A move toward joint production

Like Intellipedia, Intellipublia’s Joint Product Line (JPL) is a wiki, but it also includes a built-in approval process and balances crowdsourced content with the agency voice. Readers can see who contributed to an article, which managers approved it, and when those activities took place.

The JPL combines official agency review with emergent content for joint or “purple” output. Users can consume and compare “authorized” versions to the emergent “living” version. Agency logos quickly denote that official vetters have reviewed the content but anyone can contribute and the article cannot be locked down. In addition to agency logos, the “authority” and roles of vetters are denoted by color-coded stamps such as “team leader” and “final authority.” Once the official vetters sign off on the content, their agency logo will become un-ghosted at the top. Ghosted logos show that someone from that agency has made edits but doesn’t have a higher vetting function. This is modified MediaWiki software and shown in the edit history mode. This software is a starting point and needs to evolve, but it’s a strong starting point because the underlying business process (not the technology per se) creates jointness and exposes duplication.


MIT business professor Andrew McAfee stated that “if you want to control the outcome, you need to control the process.” Currently, each agency, command, and fusion center controls every process associated with production and can conduct each process in a vacuum. There is no requirement to coordinate across these organizations. A DoD Directive moving some production power into the JPL network would be similar in effect and benefit to the removal of the operational and war planning powers of the military service in Goldwater-Nichols. The transparent JPL network would now “control” the analytic process. Agencies would no longer have to write using their internal, opaque systems but would would still “control” their agency’s voice – but now without locking down or “owning” every part of the process.

Transferring some analytic production away from finished intelligence posted to agency portals and cable traffic would expose the amount of duplication in the system through transparency and customer feedback loops. There will always be a need for “tailored” intelligence but tailored snapshots should be the exception not the rule and “products” should be the by-product of the collaborative process not the end state. There will always be a need for some duplication but, as previously stated, the amount of duplication is over-kill on most topics. At the limit, the IC needs an approach to understand and be held accountable for the amount and areas of duplication. Moreover, we need to re-examine what “tailoring” means in a smart phone apps and wiki world.

Reforming acquisition and shutting down intel shops

DoD’s fragmented IT acquisition process leads often to excessive duplication and waste. Every agency and command can acquire any technology in a vacuum. More times than not that specific technology often already exists somewhere else. “Not invented here” syndrome and the belief that “our data and requirements are unique” are simply over-stated default assumptions fueling waste across budgets. A-Space, C-Space (for collectors), J-Space (for non-analytic staff workers), Intellipedia, Sharepoint, Army Knowledge Online, Air Force Knowledge Online, Apps for the Army, etc. all provide some niche but most of these systems do similar things. Once again, we are not advocating for total acquisition centralization nor are we suggesting that one purple production system fits all needs. However, if production were centrally “managed” via a transparent system like the JPL we could start to see the excessive duplication of analytic effort and associated IT acquisition. If nothing else, this approach will provide the leadership with visibility into the amount of duplication by topic area.

Once duplication is exposed we can start to roll it up by shutting down unnecessary fusion centers, red cells, and analytic units. The people affected by these cuts can be re-trained or transferred but cutting billets and contracts is absolutely necessary. The HR, facility overhead, engineering, maintenance, electricity, and security costs associated with excessive analytic duplication are unwarranted and wasteful. Moving some of the production power away from the agencies to a transparent and purple network will improve the quality of analytic insight, increase jointness, reduce duplication, and will save billions of dollars. Efficiency that leads to greater effectiveness – a business principle within reach.

How Will The IC Harness Magic?

In reading about innovation, we have many marvelous examples where successful firms incorporated technology by changing their business model.  Rather than digitizing paper, they considered the intersection of organizational imperatives and technology and considered how the business may be done differently.Magic Book Some firms (and Agencies!) went a bit far.  I am still haunted by the story of the Senior Executive at the Department of Defense who saw his secretary replaced by a computer.  The professional assistant who knew why papers were filed a certain way, who knew the history for those files, and who maintained an informal network among other assistants that provided the best intelligence operation in existence.  Shunted aside (Or kicked upstairs so she could print out some SES's email) because some Executives now had new, mystical, magical machines that would connect the human to all the information he could ever need.  This is an example of transforming the office ad absurdum.

Nevertheless, careful transformation can mean everything.  Consider the advent of online stock trades.  In a famous case study, Clayton Christensen ("Disrupting Class") demonstrates that while Merrill Lynch was slow to provide online trading, it did so using the same brokers who were comfortable in the old models, and did so within existing departments.  By contrast, Charles Schwab immediately "created a separate business unit to conduct online trading and made a masterful transition to the computer-centric investment management world - ultimately phasing out its original broker-based business unit...the new unit operated at much higher trading volumes and significantly lower costs than those characterizing the traditional business." [p.78]  Merrill Lynch used technology to improve their core business - successfully for a time - but failed to transform and adapt.  Or survive, as it turns out.

What does this have to do with the U.S. Intelligence Community?  Eight months ago, I noticed this little video on YouTube.

Note how this idea presents an approach for using technology (in this case a simple wiki, in other examples a "Facebook" for the IC) to transform how intelligence is produced.  Yes, Intellipedia has transformed analyst behavior, and to some degree appears to be chipping at the information-hoarding, publish-or-perish model - but do we want to be Merrill Lynch or Charles Schwab?  Do we want to make the analysts better, or consider transforming how we process and produce intelligence products as a result of this new magic? The true magic of these technologies is the unprecedented opportunity to leverage network effects for faster, better intelligence products in an age that demands them.

What is the strategy inside the Intelligence Community to harness the new magic?  I hope we are learning from successful innovations. One must be careful with magic, after all.

Don't Connect the Dots, Watch the Noise

Keep trying to connect the dots, and you'll remain blind to the future

Originally appeared in Inside Knowledge Magazine 10 Sep 2008, Vol 12, Issue 1.

On 12 September, 2001, I received an e-mail from the CEO of my company (a federal contracting firm located just outside Washington DC). As F-16s continued their combat air patrols over my neighbourhood, I read, paraphrasing: ‘John, yesterday [9-11] was a failure of knowledge management. In the years to come, this will be the critical area for improvement’.

We soon heard about failures to ‘connect the dots’ regarding behaviours among flight school students, an arrest in the Midwest not shared across the FBI, and so on.

Seven years forward and US national security is changing. ‘Need to share’ is the buzzword, hoping to replace ‘need to know’. The director of National Intelligence releases a vision calling for sharing intelligence with law enforcement. The Department of Defense releases its first Information Sharing Strategy. The implication, never explicit: if only we get the right knowledge to the right person at the right time, we can know the future and learn which dots pose a threat.

When then-National Security Adviser Condoleeza Rice stated “I don’t think anybody could have predicted... that they would try to use an airplane as a missile”, she was wrong. Someone in government had actually considered that scenario. There are thousands of scenarios considered daily across the national security system – some will always be seen in hindsight as predictive. While technically incorrect, Dr. Rice pointed up an underlying truth. There are thousands of scenarios considered daily and we do not know which scenario, which threat, which dot deserves our attention before the fact. And if we keep assuming there is a golden thread that, if pulled, will unravel the future – we never will.

Systems scientists, organisational theorists and business leaders are beginning to work in a world where control can be an illusion and adaptation preferred. We are starting to focus on nurturing networks and relationships;a recognition that certain systems are, by their very nature, non-linear, and they change their behaviors based on their starting points and the random events that might ensue, leading to emergent new behaviors that cannot be predicted.

Anticipation replaces prediction. While linear models are generally developed to predict the future; complexity helps us anticipate developing patterns of behavior.

In reforming the US national security system, it is vital that we question assumptions regarding the predictability of our world and instead understand that we connect not to find the haystack needle, but in order to better understand and discern patterns in the noise. The subtitle of the interim report from the Project on National Security Reform is a good beginning: ‘Ensuring Security in an Unpredictable World’. How we apply KM and complexity principles to national security reform will shape our ability to secure the nation’s future.

Standing on the Toes of Giants

Regarding my reference above, Gary Klein defines the Recognition-Primed Decision model thus : "[it] fuses two processes: the way decision makers size up the situation to decide which course of action makes sense, and the way they evaluate to evaluation that course of action by imagining it." (p.24) Klein, in a his ground-breaking work regarding decision-making, shares the findings from a decade doing field research: decisions are not made according to classic methods of rational choice theory, but closer to Simon's satisficing model . ... Some excellent points are made by Bill Kaplan in comments to my original pos t, and by some justifiably emotional voices on the email chain I referenced earlier: Grassroots efforts do exist and thrive, but they have failed to scale across the Department or to effect the lasting change for which we all hope.

The Day DoD KM Died

Yesterday, I was most privileged to sit in on a session with some of the senior folk in DoD Knowledge Management (KM). The setup encouraged an intimate conversation among these government leaders, with twice more their number sitting and observing (a well-placed gag rule limited conversation to the table people only). Each Service was represented, as well as select Commands and activities. Disclaimer 1: While the meeting was invitation only, the findings/preliminary decisions were discussed in open panel sessions later in the day.200904291229.jpg It was here I was privileged and sobered to witness the death of Knowledge Management in DoD.

The gathered expressed an interest in coordinating their efforts for greater effect. These are honest, hard working professionals who, unfortunately, ended up embracing approaches and models that have failed repeatedly, and have helped sound the death knell for large-scale KM programs across industry.

In the audience, at least one of us was eager to hear of the most pressing challenges for KM in DoD. I imagined the issues would include improving the work of the warfighter, increasingly faced with knowledge-intensive tasks in rapidly changing environments. Or perhaps they are frustrated by the lack of coordination with security and information officers.

Of course, they are. But addressing these directly would require a more passive role for KM. Perhaps solutions would include quietly raising the information transfer dial tone, to enable the warfighter to discern signals in a noisy environment; applying KM principles to colleagues and workflows within and among HR, IT, strategy, and operations; or embracing social media strategies, pilots, and deployments to enable ambient feedback and unanticipated participation across the DoD workforce, etc.

These notional ideas involve embedding KM ideas into existing organizational frameworks and work lives. None of these would focus first on the establishment of a central KM function; with standards, vetted processes, certifications, and a KM workforce with specific competencies. Indeed, Stephen Bounds recently crafted a white paper that describes the futility of "un-targeted" KM programs in reducing knowledge failures. More troubling, these programs fail to identify the knowledge failures that carry the largest risk.

After all, KM successes are targeted initiatives: such as Air Force Knowledge Now, where 15,000 communities of practice self-organize across the USAF, providing the ability to discover expertise in the field or even revolutionize approaches to work among teams such as the ones currently training the Iraqi Air Force. Or like CompanyCommand, where army platoon leaders self-organized so they could share online issues of immediate interest in the war zone. Or like the adaptive processes that are currently being worked in Afghanistan. Or Intellipedia, initially a guerrilla deployment of a collaborative authoring capability that is questioning, and may one day transform, the notion of "finished intelligence" for the U.S. Intelligence Community.

What do these successes have in common? They were grassroots efforts, emerging from the workforce. Each came under fierce attack from the established information and knowledge leaders. Perhaps these KM leaders would find new and imaginative ways to get out of the way of the noble warfighters, to allow for more frequent successes, and clear the path for more of these targeted successes.

Instead, the gentlemen in this room converged on the need to convene as an enduring working group, with an initial agenda as follows:

- Establish a higher reporting relationship for Chief Knowledge Officers (CKO). The fear is that unless the CKO is located high enough in the food chain, KM programs will not receive funding. There was also some discussion about peer interactions among the leadership - sadly, the focus was on organizational charts and reporting chains of command, rather than process or methods of value exchange among CIO, CKO, Personnel, Training, Operations, etc.

- Establish a certificate program for KM at an accredited school affiliated with DoD. Participants were careful not to cast this as a certification program, which would imply a certifying body and other rigor - a fool's errand in KM. Rather, this is envisioned as a graduate-level certificate for KM in the DoD. Where I would hope to see the teaching and mentoring of KM "competencies," however defined, across all of DoD; these gentlemen instead focused on developing a KM workforce unto itself.

- Develop common KM metrics across programs. There is some frustration with answering the "value question," and agreement on the need for predictive and quantitative metrics that will finally justify and codify the work of KM. They agree on the notional value of narrative, but there was precious little discussion regarding the assessment of individual narratives against KM value proposition - what makes a "good" story?

- Embrace a KM organizational maturity model. The analog discussed was the CMM program for software development (reference: Software Engineering Institute). Pursuing this analogy, I was struck by the fact that the most promising software methods of the day (XP/Agile, etc.) emerged not from any SEI effort, but rather outside the hallowed halls of CMM-certified organizations. This is natural: maturity models are not designed to foster innovation or creativity - relatively messy endeavors when one is seeking standards and efficiency. Instead, these maturity models presume stages, indicators, and a relatively static representation of what an "mature" organization looks like in terms of software development, project management, and perhaps soon for DoD: Knowledge Management.

Thanks to this central focus on an "un-targeted program," DoD KM is dead. And federal KM, coalition KM, indeed whole-of-government coordination is today much harder. Or at least it was not made any easier following these deliberations.

The first and last conversation involved a plea to define knowlege management. As Confucius taught; "first, define your terms." The fundamental first step for any discipline or even conversation might involve a clear agreement to terms, and this, apparently, has yet to occur within DoD KM. Disclaimer 2: One participant referred to the 31-page section on KM in the recently released (full) report from the Project on National Security Reform as a reasonable starting point to get them past the question of KM definitions. On behalf of my hard-working team from the PNSR KM Working Group, I am delighted our work is proving useful to the field.

With a focus on KM structures that will fall eventually of their own weight, the grassroots are left to their own devices, as they have been all along. KM is not the job of these gentlemen. It is incumbent upon all of DoD to find ways to solve their problems locally, as they always have been, with a leadership across IM/IT whose job is to balance the security of the information space with the need to get out of the warfighter's way. It is everyone's responsibility to share information, to grow their combined knowledge and competence, and to help the Department advance, thrive and prevail. 200904291102.jpg

The focus should not be on the KM troops or the CKO. DoD has arrived at the notion that KM is essential, and has moved therefore to secure the position of KM across the Department. This, sadly, removes the focus from what works, and from the warfighter. A focus on a large KM program, careers, etc, is to focus on a structural fix to a behavioral and technology problem. Worse than not fixing it, these structures work against the very types of initiatives that succeed on the ground.

There are others working quietly to raise the dial tone, others working outside this room. There will always be "heroes of the revolution" who will seed social media and open up access to knowledge despite the barriers. There remain ways to get around rigid processes that do not add value to the mission. And, while not betraying confidences, not everyone at this table agreed to the monolithic approach for KM. So there may be hope yet.

One final thought. Every single person given a voice, and a seat at this august table, was a middle-aged or older, white, man. [Update, I am not trying to imply that race matters in this conversation, I'm trying to focus on the need for diverse voices in a field that relies so heavily on behaviors and persuasion.  Apologies for any who were distracted.]

This matters.

In theory, diverse voices help sustain the health of a complex organizational system. In practice, it was jarring to hear not a single young voice from the Generation these men are trying to assist. I couldn't help but wonder how these deliberations would have sounded on the ear of someone serving today in a Joint Operations Cell, or on a high mountain somewhere far from Washington, DC.

PNSR: Knowledge Management and the Market Dynamics of U.S. National Security

The following is a "revised and extended" version of my remarks at the PNSR Futures Conference this week in Washington D.C. (PNSR = Project on National Security Reform.)


FINDING: The national security system is not organization, nor even a system of shared purpose.  My observations lead me to believe it is better described as an ad hoc consortia of competing interests. 

Assessing knowledge flow across this "system," therefore, is akin to understanding the flow of capital across and within financial markets. Yes, I am jumping on the coattails of current headlines.  Suddenly, people who never considered derivatives trading are telling each other "credit is frozen," and "the markets lack trust."  Suddenly, it's a bit easier to discuss knowledge management via analog to financial markets and capital flow.

Common between these two worlds:

  • issues of trust, 
  • expectations of reciprocity, 
  • primacy of individual cultures, 
  • expected rewards, 
  • hidden agendas, 
  • local authorities preferred when confronted with cross-organizational mission, 
  • etc.

For the Project on National Security Reform (PNSR) we used systems analysis – with an emphasis on complex systems – to understand the challenges and ideas for reform.   This an augmentation to the study's original reliance on organizational analysis, which can be normative regarding expected roles and functions.  If you approach a non-organization using an organizational lens, you will likely end at recommendations that speak of "headquarters staff size" or "unity of purpose."  

Some of these organizational observations will be useful - the human capital team's recommendation of a common approach to the national security workforce comes to mind.  But the use of an organizational lens alone will fall short of understanding how to employ leadership and management techniques best suited to a complex adaptive system of functionally-oriented public agencies.

Therefore, while we present KM problems and recommendations in the PNSR report, it is essential to understand that – because of the market, or systems nature of the problem – fixing the KM problems requires a concomitant focus on human capital, process, development of a grand strategy, placing mission instead of functional resourcing, etc.  

(I've written of the problems and recommendations before, but wanted to place them in context one last time before moving on with my life.)

Without a systemic approach to reform, these KM recommendations alone will not solve the basic problem of helping the national security system know what it knows.

Knowledge management problems

  • Sharing knowledge across organizational boundaries remains difficult.  Agency cultures still discourage information sharing, although this is changing at the "point of the spear."  Interoperability across classified networks is difficult, to say the least.  Even when we can communicate, we lack a shared lexicon across national security interests - try having a conversation with someone who has spent at least 3 years working at DoD or State.  (Or Morgan Stanley.)
  • Organizational learning is thwarted.  Not only does the new team find empty safes when they arrive, but there is a tendency (this last transition being an exception) among many new incoming national security teams to believe: "If these guys knew what they were doing, we wouldn't be here.  What could we possibly learn from them?"
  • The national security system lacks true global situation awareness.  A few cognitive truths here:  We don't know our own biases.  We don't fully understand how we make decisions.  Add to this the orientation of the functional organization, each interpreting new information within a group filter.  Now add stress, uncertainty, and you have a system where the only time a "common operating picture" is available is in the White House (or on Capitol Hill).  Lower in the ranks, it is extremely difficult to comprehend the global situation as it is unfolding.
  • Current data systems do not provide or are not employed in a manner that promotes optimal knowledge sharing.  The state of public sector computing, while improving in some ways, remains abysmal.  Program funding solidifies the primacy of functional coherence over whole-of-government understanding.  Information systems still lack common data abstraction, business logic, and protocols.  And, thanks to our friends the technology vendors, government clients come to believe that buying "a portal" or "collaboration technology" solves this problem.  "We have collaboration - other agencies can come share their information on our portal!" "My agency has an enterprise license for Search.  Now everyone can find the information they need!"


  • Provide Institutional  Memory Through NSC Librarian /Historian.  The National Security Council needs a library function to help it understand decisions across Administrations.  The Chairman, Joint Chiefs of Staff has an appointed term that crosses Administrations to provide continuity, let's learn from this example.
  • Establish Office of Decision Support on National Security Council.  Charter for this office is open to discussion, let them first tackle common security clearances - as the current efforts here lack inter-Agency authorities.  (Waivers are taking all the teeth - or at least the incisors - out of these efforts.)
  • Establish Agency Chief Knowledge Officers and associated Council. The cadre of Federal CIOs are incentivized to provide secure, reliable, performing systems.  In other words, CIOs would maximize their bonus if all their 'users' died or otherwise stopped trying to use the systems.  Perhaps it is time to focus on the knowledge their users need to do their job.
  • Establish a ‘Federal Information Services Agency.’ Stop talking and move to the cloud.  Get commodity IT services coordinated, get data servers out of downtown Washington, establish compatible GALs, stand up FISA to own the janitor and plumber functions of IT.  
  • Subordinate Information Security Functions to Operations.  If you have had the delightful experience of deploying systems on a protected network, doubtless you have had to pass (multiple) security audits.  Have you ever heard of a security person filing an "operational impact statement" before locking down a firewall rule, closing off access to YouTube, or taking away flash drives?  It's time the security professionals worked for someone - the current system places them in charge, and their decisions are unreviewable by the workforce.  We need to manage, not mindlessly work to reduce, risk.

And finally, in his Senate testimony (response to Q&A), ADM Blair – who was confirmed this week as the new Director for National Intelligence, pointed to these last two as essential reforms he plans to tackle immediately.  While efforts are underway, our recommendations involve removing the waivers inherent in the current executive orders and authorizing legislation.

  • Establish Unified Security Classification Regime
  • Establish Unified National Security Clearances

Foresight and Public Policy in a Complex World


In talking about foresight, I'm reminded that this is not an attribute but a process.  No one "has" foresight, we look ahead – we envision.

In turbulent times, when we're reminded of the Black Swan effects and the connected nature of things, we tremble at our inability to predict.  Truth is, our ability to predict only occurs when the world is relatively linear and stable – that is, anomalous.  We have built up such structures and have been the primary power for nearly a generation.  We have come to believe, until recently, that the world should be predictable. 


Let me illustrate, I beg your indulgence.

You are driving along Virginia's Blue Ridge Parkway, Skyline Drive one evening.  You have set your sights on Staunton and plan to be there within two hours.  You hum along, thinking only of the dinner and wine that await you, dimly aware of your settings. As you drive, you are so given to boredom that you have music to occupy your senses as you keep an even course.  Even if you experience a flat tire, you have preparations for that.  It's the furthest thing from your mind, but the occurrence is normal enough that you have a jack and a spare.  If the spare is flat, well, you have AAA and a cell phone.  You aren't thinking of this future, however, your mind is fixed on the evening's upcoming Pinot Noir.

Then the tire blows.  And your daughter borrowed the jack.  Your phone has no coverage in this spot.  How big a spot, you don't know. But now new possible futures are flooding your mind.  Someone may come by, you picture that scenario and how it would play out.  Even patting your pocket to ensure you have cash to compensate the Good Samaritan.

But no one comes.  You aren't aware, but a freak rockslide closed the highway 45 minutes ago.  A Black Swan event, although there have been signs warning of such things on this road for years.  You are alone. You decide to walk to see if the cell coverage improves. Walking along the dark road, hugging the shoulder in case a car comes along, as night falls hard.

Unlike an hour ago, you are now much more aware of sounds.  Is that an animal?  If so, you try to guess its size and intent.  You are now picturing personal futures that were completely unthinkable when you started your car this afternoon.  What if you trip and end up in a ravine?

Does it hurt to die of exposure?

Then it begins to rain.

We can paint a similar picture, but this time by hearing a noise in your home at night.  Animal? Fallen object?  Intruder?  We flash to several possible immediate futures, none of which were envisioned minutes earlier.

Implications for Policy Planning - Learn from Biology

What is common here?  We enter a period of heightened awareness as we simultaneously try to comprehend the changes in our environment and walk through possible futures.  This process cycles, as "new" futures enter our thoughts and obsolete ones are discarded.


These illustrations are my attempt to convey the following.  When we find ourselves off course:

  1. We become more attuned to our environment
  2. We focus mental energies as our bodies increase our capacity. "From deep within your brain, a chemical signal speeds stress hormones through the bloodstream, priming your body to be alert and ready to escape danger. Concentration becomes more focused, reaction time faster, and strength and agility increase. When the stressful situation ends, hormonal signals switch off the stress response and the body returns to normal." (NIH)
  3. We model possible futures, thinking through steps and working out actions we may take.  (I'll need a weapon if it's an intruder.  I left a knife on the counter."
  4. We explore/probe the environment. ("I'll walk just a little further in this direction, maybe the coverage comes back."  "I'll open the door now, make some noise.")
  5. Based on what we experience next, we return to step 2 until we have a path that appears to resolve matters to our satisfaction (our perception of "satisfaction" changes as the crisis deepens).

In the current global climate, therefore, foresight and policy should become more fluid and iterative.  Adopt the mindset that this is a process, not a state.  As Eisenhower warned, "Plans are nothing, planning is everything."

  • Establish mechanisms to listen
  • Focus our energies on learning interdependencies, weak links
  • Cooperate more, trust more, with allies and the indifferent. We need others more than we realize, for the weak signals in the environment may be discernible to them.
  • Establish a rigor of visioning, building on futures analysis.  I found a reference online that said in 1974, the House Committee on Committees stipulated that each Committee "shall review and study on a continuing basis undertake futures research and forecasting on matters within its jurisdiction."  If true, this is extraordinary.  And a hook by which we can begin today.
  • Explore, probe, experiment.  Is today's economic crisis the end of Bretton Woods, or Westphalia?  Or does the surge towards nationalization of banks and industry represent a resurgence of Westphalia, perhaps its last?
  • Rinse and repeat.

National Security Reform and Classification Policy

"The [U.S. national security] system fails to know what it knows, to make sense of information and trends in order to understand an increasingly complex global environment, to make effective and informed decisions, and to learn over time what works—and what does not work."

In a blog posted to the FAS Project on Government Secrecy, Stephen Aftergood refers to the Project for National Security Reform (PNSR) - specifically the work conducted by my team, the Knowledge Management Working Group, in the area of classification reform.  Mr. Aftergood raises some important points, and I will try to respond to them here.  

It is important to make clear that I am not speaking on behalf of the Project, but instead clarifying and discussing the analysis my team has already completed. This is my personal blog, and not sponsored or sanctioned by the Project for National Security Reform.

I appreciate the opportunity to discuss our work, as we worked against a compressed timeline and the report would have benefited greatly from additional time and resources.  My team's sections on knowledge management probably need more explanation than most, and I hope to expand on the ideas we put in that paper soon.  I am hopeful that through conversations such as these I can add detail - but also learn from all of you how to improve our thinking on this important topic.

From the Secrecy News blog:

“'Sharing information across organizational boundaries is difficult… [because] agency cultures discourage information sharing,' the report states.  But this is a restatement of the problem, not an explanation of it."

If that were all we stated in our problem statement, Mr. Aftergood would have a more valid case in finding our work shallow.  In addition to his reference regarding impediments to information sharing, however, we also discuss (pp. 331-362):

- Poor interoperability on the classified side

- Overclassification

- The proliferation of the “sensitive but unclassified” designation

- Confusing technical connections with collaboration

- Information systems are missing common data abstraction, protocols, and compatible business logic

- Inability of systems to understand business limitations and context of data

The recommendations we make in the report on this topic are likewise truncated in Mr. Aftergood's treatment.

"And so the real upshot of the report’s argument is that the classification system cannot be fixed at all, at least not in isolation or on its own existing terms. ..

They vaguely advocate a “common [government-wide] approach for information classification [that] will increase transparency, improve accessibility, and reinforce the overall notion that personnel in the national security system are stewards of the nation’s information, not owners thereof.”

We didn't intent to be vague, and apologize if the reader is left believing that we believed that the "teams" recommendation was sufficient to resolve classification issues.  In fact, we recommend (p.450) the establishment of an Office for Decision Support within the NSC Executive Secretariat, which would include the functions within ODNI (Special Security Center)  that are currently working to establish a common security classification across the national security system.  We believe the work this office is already doing is valuable, and seek to give it budgetary and enforcement mechanisms to ensure they succeed.  From our recommendations:

"[T]he Special Security Center within the Office of the Director of National Intelligence currently works to establish uniformity and reciprocity across the intelligence community, but this approach should be expanded to include the entire national security system."

Mr. Aftergood is correct that we believe a systemic approach to resolving the problems of the national security system  is appropriate.  Hence, while we recommend the above for classification issues, we recognize that without the reforms mentioned in the human capital, strategy, and resources sections - the 'knowledge management' problems will not be resolved.  

For example, the fact that information security professionals are free to assert controls that hamper information sharing and other business functions remains a problem.

"There is often a tension between information security and operational effectiveness. The latter is enabled by easy access to information and the free flow of information both within and across organizational boundaries. The former often requires tight controls on information access and sharing based on a wide range of parameters (e.g., classification level, organizational affiliation, 'need to know' requirements, etc.) in order to minimize risks such as unauthorized access to data, data theft, and data manipulation. Historically, national security organizations have placed more emphasis on information security requirements than on the imperatives of information access and sharing. The result has been a culture of 'risk avoidance' that has limited the ability of key people and organizations to work collaboratively."

I appreciate the discussion and review of our work; which we view as the beginning of a conversation.  My thanks to Mr. Aftergood for engaging with us.