by Carl W. Hunt, Walter E. Natemeyer and Chuck E. Hunt
Part II of The Future of Leadership in Cyberspace Series
Dwight Eisenhower said “Now I think, speaking roughly, by leadership we mean the art of getting someone else to do something that you want done because he wants to do it, not because your position of power can compel him to do it, or your position of authority.”
This definition of leadership, often quoted in books, papers and training classes, evokes the essence of the subject of leadership in any environment: inspiration, motivation, preparation, power and authority. It focuses on both leaders and followers, two of the three most critical elements of adaptive leadership and power for secure cyberspace operations (ALP-SCO) in the connected age.
As we presented in the first post in this series, the environment of cyberspace itself is the third element that drives the function and role of leadership today. When we start thinking about leadership in these three terms, it becomes ever clearer that the hierarchical models of leadership are shattered. If effective leadership wasn’t hard enough before cyberspace, the new environment of cyberspace should definitely get a leader’s attention.
Respected network enterprise services and equipment provider Cisco Systems, just released their “Midyear Cybersecurity Report.” Their Executive Summary concludes: “Attackers currently enjoy unconstrained time to operate. Their campaigns, which often take advantage of known vulnerabilities that organizations and end users could have—and should have—known about and addressed, can remain active and undetected for days, months, or even longer.”
This could be construed as a virtual indictment of leaders in all types of modern organizations, whether commercial, government or academic. If it’s not leaders who allow attackers to dwell in organizational IT systems for “days, months, or even longer” who is it? That’s rhetorical, of course…it’s the leaders. But as we noted last time in Part I of this series, it’s a tremendous challenge for leaders and followers to understand and orient to what’s really happening in their little corner of cyberspace.
There is a broad spectrum of difficulty in orienting to challenges that leaders face within highly interconnected, cyberspace-based organizational settings. Nick Obolensky suggests that there are four basic operating environments or domains. He bases his four-part framework on the work of David Snowden and Mary Boone in their Cynefin Model. This model introduced the four domains in which leaders typically operate and make decisions, in any organizational setting.
In graphical terms, we might visualize these operating domains as shown in Figure 1. These domains are not necessarily linearly connected, but rather interconnected with relationships and information passing between each, through channels that often emerge unpredictably, as Snowden and Boone wrote. Operating in cyberspace further obscures these flows.
Last time, we introduced these four environments for leadership in cyberspace as Leadership Orientation Domains (LOD). Simple environments are where “cause and effect are fully linked and known, and so predictability is high. If you do ‘This’ you get ‘That’. It is the area of process and best practice.” This is the domain of “what you see is what you get,” so says the old saying. As the picture shows, it’s essentially a flat landscape that doesn’t hide or obscure information flows.
Next on the scale, or grid if you prefer, are Complicated environments, where “cause and effect are there, but the linkages are not so obvious and need analysis to sort it out. Predictability is less than ‘The Simple,’ but with careful analysis and consideration the choices one makes have a fair degree of predictable outcome.” Figure 1 might indicate that this is a “hillier landscape” and thus not all the connections are necessarily easy to see from every point in the organization, but obscurity of connections is still low. It’s possible to still get an overall viewpoint of what’s going on, even if we have to look harder.
A Simple LOD empowers leaders to act with straightforward, cause-and-effect models and methods that are generally predictable and leverage experience and intuition nicely. A Complicated LOD requires a bit more analysis and occasional “outside-the-box” thinking. Both simple and complicated fall within the realm of “best practices” and familiar models and tools.
Experts thrive in these two environments and are often the key players in decision-making and risk management. Also, Simple and Complicated LODs have generally simple patterns that are ultimately straightforward to detect and where risk is apparent to the trained and observant leader, and quite often to experienced followers, as well. When management advises “you just need to follow the rules” or the standard operating procedures or “the book,” they are really referring to Simple and Complicated operating domains.
After simple and complicated, however, leaders must “jump” an intellectual chasm that leads to the “mysteries” of complexity and chaos in organizations. In the next two operating domains, leaders have to be willing to balance intuition and experience with imagination and discovery. If leaders are successful in thinking beyond the boundaries of cause and effect, they will be better prepared to see and interact with the new organizational world that has emerged with the advent of cyberspace.
The “rules” and the “book” may offer a basic foundation for thinking through the challenges of these environments, but it’s up to leaders to sense the conditions of the challenges and opportunities of cyberspace, orient to the leadership behaviors required and to adjust and adapt accordingly. As the bottom two areas in figure 1 suggest, there are interacting weaves that are very difficult to follow, but the patterns can be detected through a creative mind and appreciation for emergence.
The Complex environment is where “‘cause and effect’ are combined. The multiple ‘agents’ involved (for example, people, organizations, technological component parts of the system and so on) are interconnected with feedback loops that affect each other in a complex network that is hard to predict.” In reality, the patterns are in fact present but require maximum creativity to orient to the patterns; this domain may even require advanced models and simulations to visualize and interact with existing and generated data to observe these patterns.
Resolving complexity in an operational domain requires an understanding of emergence, a term on which we can expand a bit here. Being comfortable with the concept of emergence in an organization entails an appreciation that sometimes things happen or people behave in what appears to be totally unpredictable ways. This is sometimes referred to as an object being more than the sum of its parts, and where even a full comprehension of those component parts does not lead to an understanding of their interactions and ultimate behaviors. For example, individual follower behaviors in a group do not always apprise leaders as to what will happen when these interactions and resulting team behaviors occur. This keeps adaptive leadership interesting and absolutely necessary!
It’s even more difficult to visualize and orient leadership experiences in the Chaotic environment. This is “rare and is where there is no discernible cause and effect at all.” Obolensky, Snowden and Boone essentially say that there are “no manageable patterns – only turbulence.” Here the leader’s main job is not to find patterns, but “stop the bleeding” and allow the team or organization to get back into the game as soon as possible and move towards a domain in which the organization can get things under some semblance of control. In scientific terms, chaos is a well-studied state and it is currently unclear that organizational operations in the chaotic environment are even possible for very long.
Organizations can thrive in simple and complicated environments and if they can master complex environments, they may even succeed beyond all expectations. Chaos, however, may not only be debilitating but destructive, and should be avoided or at least mitigated, if at all possible.
So, a Complex LOD requires leaders to test the environment and think beyond intuition and experience; they must be prepared to adapt to a world that often surprises them, and while there are models and tools available, they require practice and objectivity to leverage them. If they were describing leadership in cyberspace in their original work, Snowden and Obolensky might say that a Chaotic LOD is in some sense the easiest of the four since there is no discernible pattern to guide decision-making and action; the leader just needs to do something to get the organization out of this domain as soon as possible. Quite often, one action is as good any other, but constant planning and training will help prepare for eventual action!
A key problem for leaders is how to learn which of the LODs they are facing (if they are fortunate to be facing only one at a time) and what they can do about it. Each of these four environments requires different orientations, behaviors and activities for leaders to be successful within their organizations and cope with demands each environment makes on an organization.
Mismatch of leadership decisions and actions to domain requirements can be as bad as mismatching leadership styles to follower readiness levels, as will we note in the near future. This is where the tried but true Observe-Orient-Decide-Act (OODA) model we introduced last time can help leaders operating in cyberspace achieve orientation for all leadership functions.
OODA for orientation to LODs to more effectively lead secure cyberspace operations is the subject of our post next time.
Originally posted: 8-9-2016.
 This series is part of an ongoing effort to better understand the challenges of providing Adaptive Leadership for Secure Cyberspace Operations for the United States and our international partners.
 Obolensky, N., Complex Adaptive Leadership: Embracing Paradox and Uncertainty, Ashgate Publishing Ltd., Kindle Edition, 2014, p. 55.
 The domains Snowden and Boone discuss are not original to them, but have been categories discussed for years as a part of the study of what is known as complexity science. See for example, Kauffman, S.A., The Origins of Order, Oxford Press, NY, 1993.
 For more detailed images of the four domains as presented by Snowden, see Snowden, D. and Boone, M., op. cit.
 Obolensky, op. cit. p. 55.
 Snowden and Boone’s paper recounts a NASA example: “There is a scene in the film Apollo 13 when the astronauts encounter a crisis (‘Houston, we have a problem’) that moves the situation into a complex domain. A group of experts is put in a room with a mishmash of materials—bits of plastic and odds and ends that mirror the resources available to the astronauts in flight. Leaders tell the team: This is what you have; find a solution or the astronauts will die. None of those experts knew a priori what would work. Instead, they had to let a solution emerge from the materials at hand. And they succeeded. (Conditions of scarcity often produce more creative results than conditions of abundance.)” Snowden and Boone, 2007, op. cit.
 Obolensky, op. cit.
 In many circumstances, the best we can seek is to create an environment that fosters a “positive emergence” or outcome, referring back to the previous discussion on emergence. Both complexity and chaos can produce emergences, but as leaders, we would like to understand them as they occur, and guide the environmental factors that might improve the likelihood for a good outcome.
 Ibid. These descriptions of the four environments are based on Obolensky’s recitation of David Snowden’s Cynefin Model, Obolensky page 55-56. Snowden also calls the “Simple” environment the “Obvious” and includes a fifth domain called “Disorder”. In this paper, we use the four domain descriptions as provided by Obolensky.