H. Michael Mu˜niz* “Surprise, surprise, surprise!”1 The Florida real ...
"Games versus Exercises: Designing Surprise-resilient Organizations for a Cybered World” Chris C....
-
Upload
egbert-maurice-manning -
Category
Documents
-
view
213 -
download
0
Transcript of "Games versus Exercises: Designing Surprise-resilient Organizations for a Cybered World” Chris C....
"Games versus Exercises:
Designing Surprise-resilient
Organizations for a Cybered World”
Chris C. Demchak Associate Professor, United States Naval War College
Strategic Research DepartmentNewport, Rhode Island, USA 02841
Views expressed are not those of the US Government or the US Navy .
My Focus in Research
• Field: Comparative study of deliberate and accidental surprise affecting complex, critical socio-technical systems (niche: fusion of social structural, with technological design and basic information systems complexity research)
• Focus: Organizational responses in design, operations, learning– what people do [comparatively] in their organizations when nastily
and intentionally surprised,
• Underlying concerns: – Resilience as Systemic Attribute– Reverberations through institutional changes to alter the
wider society and global system
Outline:
Surprise, Scale/Complexity of Cyberspace, changing Conflict, Power, and the Institutional/Political Topology of the Cybered World
Limitations of Existing Exercise Formats for Learning Resilience in Largescale socio-technical Systems
Argument: Gaming and adapted organization (Atrium model)
for operationally accurate timely trial-and-error learning (TEL)
Cyberspace better seen as a globally man-made ‘Substrate’
• Expansion engine of Globalization
• Dual nature - it enables good and bad actions equally
• Now is a Complex Socio-Technical System on Steroids at Global Scale
• Enormous Security and Resilience Challenges for heavily digitized civil democratic nations
New Underlying Insecurity for States
• Everyone regardless of intent can use global cyber substrate to operate through, with, and on anyone whenever over whatever period of time to any level of precise outcome.
• Opponents of any sovereign state have historically new choices to create a multiplicative inventory of complex attacks for little cost:– Scale: enemies can organize from 5 to 500, etc, with
globalized communications,– Proximity: enemies can reach from anywhere with the
high speed, globalized connections,– Precision: enemies can target one or thousands with
globalized interdependent connectivity
Result: a wide range of conceivable forms of cybered conflict and nasty surprises
• Possible on global scale, • Including those from unintentional acts
or just poorly coded attacks
• Multiplies knowledge and sensemaking problems many times over for leaders and institutions ensuring national security
Natanz Peace and Prosperity
Nuclear Fuel
Reprocessing Plant
STUXNET
Global Complex Socio-Technical Systems as Conflict Spaces require a newer language
• “Cybered Conflict”, not ‘cyber’ war’– Cyber is the basic technological system – Cybered is the whole combination of people, instituions, etc with
cyber to create the socio-technical whole
• ‘Cybered’ because conflict has no easily defined attributes– No clear beginning, end, rules of engagement, limitation on actors
involved, avenues of deterrence, metrics of risk, indicators of strategic opportunity, immunization, or incremental success, etc
Cybered conflict “Any conflict of national significance in which success or failure for major participants is critically dependent on computerized key (cyber) activities along the path of relevant events”
Need adapted notion of ‘Cyber Power’ in complex Cybered World
• Some attacks will succeed => national ‘security’ now intertwined with national ‘resilience’ because
• “Cyber Power” now has two parts:– Disruption: traditional capacities to deter, deflect, reach out
and harm, but not destroy, ability
– Resilience: newer complex adaptive system ability to endure inevitable successful attacks with internal critical redundancy, slack, and constant trial-and-error learning (TEL) throughout home society
• Cyber power provides the “security resilience”(*) of a nation
* C.Demchak, forthcoming 2011, Wars of Disruption and Resilience: Cybered Conflict, Power, and National Security. UGA Press
Building Cyber Power means increasing Resilience across the Nation
• Exceptionally difficult to do under urgent conditions when under flood of disparate attacks
• Hard to get necessary redundancy, slack, and T&EL (trial and error learning) quickly enough across whole society while cyberspace still growing
• Cannot process inputs fast enough or create critical redundancies quickly enough in real time right now
• Supply chain especially hard to comprehend and control a for bad actors or subverted goods cross such open exchanges
Cyber challenges deeply embedded in supply chains in a globalized largescale socio-technical system
LENOVO China-IBM Inc
NATIONAL ‘CYBER’ POWER NEEDS RESILIENCE
AS MUCH AS DISRUPTION CAPABILITIES IN A CYBERED WORLD
In this cybered world, how do we COLLECTIVELY in our key organizations
learn to be surprise-resilient
and then design ourselves to keep it fit for purpose over the long run
as cyberspace and its topology evolves?
Militaries Historically Surprise-Embracing Organizations
• Within their purview, modern militaries pursue redundancy, slack and trial-and-error learning
• Use standardized drill and training routinely – to prepare large-scale units for the surprises anticipated in
traditional conflicts
• Train individuals to be redundant in specialties – and cross level them as needed
• Read history of wars and gather intel on likely opponents to create scenarios (slack)
• Use exercises in mass and depth – in accordance with resources
Exercises that worked in the past are today inadequate for surprises of cybered conflict
• See cyberspace narrowly as “domain” so limit environment• Construct exercises for military role in “war”
– Defined crisis build-up, ROE constraints, preplanned scenarios, and ending objectives
• One-offs, even if annual event– No replay on the spot to test alternative hypotheses
• Offense not allowed full range of offense advantages in order to contain training or events– Reverberations beyond focused AO at best second order
• Educates those who design it and those who directly play, few others
• Not widely available for replay, update, dissemination
“Oh great! We trained only with BIG ladders”
Cyberspace is a Complex Socio-Technical System on ‘Steroids’ at a Global Scale
Accommodated?
Yes
No
Knowable?Yes No
Neglect Rogues5-20%
Preparation Serendipity
Outcomes Universe
Complexity expands the Universe of Undesireable Outcomes:
Accommodating Surprise in Complex Largescale Socio-Technical Systems
• To get to the KNOWABLE unknowns, need implicit as well as explicit knowledge
• Especially missing tacit knowledge embedded in your organizational members– Normally lose or ignore their experiences,
knowledge of their professional domains, untapped skills, and perspectives encouraging innovative responses
– Most of this is currently difficult to collect at best
• Complex systems and organizations research has recommendations
Basic Lessons about Responding to Surprise from Complexity, LTS and Complex Adaptive Social System Research
Complexity Research Major Lessons1. Only Trends can be forecast with knowable/unknowable unknowns2. Path Dependence powerful3. Channeling trends is best possible accommodation option
Largescale Technical Systems Research Major Lessons1. Trial and Error best to acquire knowable unknowns2. Tighter coupling increases potential rippling error paths3. Redundancy and Slack powerful accommodators4. Knowledge is expensive in time, money, staff attention, implementation
Complex Adaptive Social Systems Research Major Lessons1. Human buy-in essential for effectiveness (legitimate, useful, doable) 2. Cultural filters powerful (socialization, operationalization hard to control)3. Largescale socio-technical systems drift readily into unnoticed critical coupling and a lack of urgency to absorb or seek knowledge
Exercise Shortcomings
• do not collect tacit knowledge continuously, develop it, or allow the widespread reuse of this data.
• do not prepare adequate capabilities against surprise in complex socio-technical systems
How to learn to be resilient when embedded and vulnerable to globally complex system
• Resilience to surprise must be developed inside the socio-technical system, especially its security units.
• Need to develop collective sensemaking AND a menu of doable rapid accurate actions under urgent conditions (*)– In addition to comprehensive data inside and outside the
institution– Must have collective trust among those responsive,
mitigation or improvisation or innovation knowledge foundations, and holistic understanding of the wider environments involved.
* From L. Comfort, A. Boin, and C. Demchak, eds. 2010. Designing Resilience. U of Pittsburgh Press
Organizations need to “Play It Through”
• Virtual reality simulations, if done correctly, can allow organizational members to play out their experiences and hypotheses with others, developing richer options for response to surprise
• Gathers tacit knowledge in ways that meet the graphical and spatial predilections of humans in easy, useful, and collaborative mechanisms
• Members can develop trust relations with those playing, and engage instinctively in performance assessments
• Can be re-used, replayed, reviewed, analyzed, and reconsulted later – trial-and error learning
• IF co-authored, the tacit knowledge can be provide remarkably informed innovative responses to surprise because they or someone has played through
The Gaming needs to be Fully Embedded in Shared Practices of the Organization
• Knowing when to seek more knowledge is the sense-making of resilience– Requires seeking what can be known continuously and keeping that tacit
knowledge for ubiquitous operational use
• Embedded organizational high-fidelity, continuously available, co-authored, game-based simulations– Daily practice of contributing reinforced by relatively frequent
episodes of development of competence under surprising conditions
– Actors unusually educated about overall system
• Advantages– Maintenance of knowledge closely monitored– Environmental surprises constantly explored – Cognitive resilience encouraged
• by ability to test ideas for local actions and see how they blend– Operational knowledge exchanges practiced broadly with
different actors or same ones
Gaming and an Atrium Organization
• Embed operationalized on-call gaming in the organization
• Trial-and-error learning is easy, accessible, and useful
• Key attributes: High fidelity, continuously available, co-authored game-based simulations embedded in shared practices of critical organizations
• Encourages knowledge redundancy, along with novel approaches to slack.
Imagine operationalized gaming embedded in your organization
Atrium Model: What a “Surprise-Facing” System might look like
• Model Refines hypertext organization identified by Nonaka and Tageuchi in successful Japanese corporations
Atrium
Core
Task Forces
The Atrium
Knowledge base not merely library or programmed threshold-based decision-maker
Socially constructed as colleague
People “enter” Atrium virtually as consumer, contributor, or producer Atrium
The Core -- Main Operational Stem
• Personnel required to rotate into Atrium and then action related Task Forces before returning to main operations
• Everyone rotates, including CEOs– Wide familiarity with
Atrium queries, knowledge needs and uses
– Fully uses adjunct members and part-timers Atrium
Core
Task Forces – Action end of the Knowledge Chain
• On Call action teams across systems
• Personnel conduct short tours here
• Personnel rotate into Atrium and then Core before returning to task forces, or at each change in major assignment
• Capture wide familiarity with knowledge needs and Atrium uses Atrium
Core
Task Forces
Gaming aspect of Atrium is in the operationalized collaborative emergent knowledge (tacit and explicit development
Accommodates surprise with 24/7 self-coordinating scalable knowledge-centric organization IF co-authored
Conceptual clarity in goals and processes as people play through what they do routinely
Effectiveness AND security enhanced as knowledge less scarce organizationally and societally Atrium
Core
Task Forces
ATRIUM for Joint OPS
Atrium
Core
Real & Virtual EmergencyTask Forces
(multiple organizations)
Only possible in cybered world
Can segregate own sensitive files and yet still play through
Builds cross organizational trust continuously
Builds inter-organizational knowledge sets
What scenarios might individuals play through that have no real outlet currently?
• Casual overeducated unemployed youth in ME pile-on – during period of active Chinese nationalism with rise of proxy cyber
warriors and student projects with unpredictable waves of persistent threats through supply chain backdoors left in place over time in both military and commercially central firms
• “Anonymous” related attempted Fukushima redux attacks – across small reactors with related Son of Stuxnet attacks on small
electrical generation plants serving aviation, mass transit, large federal clearing houses, and main trunk oil pipelines
• Peer state heightened tensions as persistent threats open dormant back doors into military and NATO nation subnational systems – in disruption in world of national cybered borders across international
system with nonstandard OS variants operating in government owned/operated clouds.
Cybercommands are Critical Cyber Sovereignty Indicator of Politcal/Economic/Social Seriousness attached to National Uncertainty from global Cyber Substrate
But only seeds of future evolutions in this sovereignty building process – may end up regional entities
How will we play through a cybered world in which most nations have a cyber commands (or equivalent)?
Cybered New Forms of Conflict?
“Sir! Enemy BN CDR Alpha has tweeted his family.
He plans to be home today in time for a birthday party at 1600.”
“Air strike on his likely travel route? …… ……or tweet back?”
“You’re SURE your unit can tell which ones are the remotely targeted, massed, Alien cyber bots?...you ARE really sure, right?”
National CyberSecurity Gateway
A Millisecond in Life at the Cyber Border
Welcome to the
Cybered Conflict Age ?
“And now at this point in the meeting, I ‘d like to shift the blame away from me onto someone else.”
Questions?