Conclusions: Adaptive Leadership and Power for Secure Cyberspace Operations

by Carl W. Hunt, Walter E. Natemeyer and Chuck E. Hunt

Throughout this series on Adaptive Leadership and Power for Secure Cyberspace Operations (ALP-SCO), we’ve stressed how hard leadership is. It’s time for us to admit that operating in cyberspace does nothing to make the fundamentals of leadership and management easier. In fact, successfully operating in cyberspace is one of the greatest challenges leaders (and followers) have ever faced in the history of organizations.

Leaders make the difference in any operating environment, however, and they will in cyberspace also. This concluding post on ALP-SCO both wraps up the series and offers some views on how leaders in all sectors might enhance their thinking about SCO. [1]

Last time, we began to contrast leadership in the “old days” of the information technology world with the need to accommodate system-wide complexity in approaches to leadership for today’s universe of cyberspace operations. Since we’ve emphasized the role of leadership in SCO throughout, it’s worth noting the prominence that cybersecurity author Marc Goodman places on the systemic nature of cyberspace:

In a world in which all of our critical systems and infrastructures are run by computers, it would be easy to dismiss our profound technological insecurity as just a computing problem. But we don’t just have an IT problem. Because technology is woven through the entire fabric of our modern lives, we also have a social problem, a personal problem, a financial problem, a health-care problem, a manufacturing problem, a public safety problem, a government problem, a governance problem, a transportation problem, an energy problem, a privacy problem, and a human rights problem…[2]

Technology and leadership, even though they may at times seem unrelated, must blend effectively in cyberspace to put our nation at the forefront of a future built on the dynamisms of what Kevin Kelly calls the currents and flows of innovation. [3] Here, we don’t mean technology leadership…we mean leadership in a highly technological environment that is increasingly difficult to visualize. Every item in Goodman’s list above has a common basic requirement to succeed and bring about some level of organizational visibility and transparency, however: adaptive leadership.

Getting back to Narrative 2 from last time, “SCO in Complex and Chaotic Environments,” let’s refocus on the elements of good leadership in the age of a complex environment like cyberspace. The two critical components we narrowed in on to succeed as adaptive leaders today are the ability to orient to the realities of the environment and match leadership and power styles to both the environment and to the readiness of the followers. It is the mismatch of leadership and power to the readiness levels of followers and to the environment that leaders must seek to avoid.

Since we’ve talked extensively about OODA and orientation to the operating domains and environment of cyberspace, we refer you to the detailed discussions (here and here). Also, the last post discussed the process of orienting to complex and chaotic environments, so we won’t repeat that in this post, either.

Instead, we’ll reemphasize the application of OODA and Orientation in order to avoid mismatch and operate more securely in cyberspace. And, since ALP can help even in the increasingly rare non-cyberspace environment, it’s like getting a twofer: adaptive leadership and power works in any management setting.

A significant element of adaptive leadership is anticipation of the future requirements and risks. We could easily argue that OODA was in fact designed to make anticipation in complex environments possible. [4] OODA, particularly Orientation, is indeed at the heart of ALP-SCO. Anticipation is equally at the heart of adaptive leadership, as described next.

Coauthor Carl Hunt offers an example of the effective operational level use of OODA and adaptation he experienced as a newly minted Information Technology officer in the Army during Desert Shield-Desert Storm in 1991. Many have likened the leadership challenges we face in conducting secure cyberspace operations to be like war, and we agree. From Carl:

“I had just been assigned to the US Army Intelligence Threat Analysis Center (ITAC) at the Washington Navy Yard, in DC as large numbers of US forces were being deployed to the Persian Gulf in early 1991. When I arrived, I found ITAC and our national intelligence agency partners at the forefront of applying early cyberspace technologies to warfighting challenges in an effort to make national-level intelligence products available to our forces deployed there, in what we hoped would eventually be real-time intelligence support.

“War has always presented a complex operating environment, and until this point, the delivery of these kinds of intelligence products were subject to the vagaries and untimely flows of war…intelligence support didn’t always arrive in a timely manner, or didn’t fulfill the field commander’s needs.

“The intelligence products provided from the national level normally had to be either delivered by courier or produced in-theater, typically using less than the state-of-the-art capabilities than existed in facilities in the United States or permanent regional centers. Such localized intelligence products reflected only small parts of the overall context or were of inferior resolution so that they were often ineffective at telling the story the warfighter needed in remote areas. Sometimes the products simply didn’t help commanders in a rapidly changing battlefield environment.

“National intelligence organizations of the early 90s were very keen on sharing relevant information with the warfighter in as timely a manner as possible. This was also the timeframe when we all realized the critical nature of collaboration and sharing information; we actually had the beginnings of an IT infrastructure that could make this sharing a reality, but we had to orient to the new environment; interestingly, there was a lot of talk about John Boyd and his OODA Loop in those days! Fortunately, we also had the roots of what I would call an adaptive and anticipatory leadership approach to serve remotely stationed US forces.

“Unfortunately, on the other hand, it was only the beginnings of the needed IT infrastructure, and it was hard to find “experts” who were familiar enough with the new world of “cyberspace” to adapt old processes and policies (or create new ones) in ways that would accommodate the demands for secure delivery of “real-time” intelligence. However, this was the American military, an organization that appreciated why and how to change to the demands of war, and we relatively quickly coevolved processes and technologies to adjust to these new demands. We helped warfighters win in the Gulf, with what became direct support from DC.

“Adaptive leadership demands that we find innovative ways to coevolve processes such as leadership styles, with technology in order to stay inside an adversary’s own OODA Loop. We began to provide intelligence products in real-time or even anticipated the needs of combat commanders and staged them so they could pull them as needed. In other words, anticipatory/adaptive leadership allowed the US to stay well within the adversary’s OODA Loop and decide and act during this first Gulf War far more quickly than they could before. This contributed significantly to a quick and decisive combat outcome, as well as a low-casualty conflict.”[5]

Such adaptive/anticipatory leadership approaches are precisely what we need to cope with the demands of the complex nature of operating securely in cyberspace today.

If there are any historical lessons that leaders can immediately follow to start implementing ALP-SCO today, they will likely be found in the successful prosecution of modern conflicts like Desert Storm and the follow-on military operations in the Gulf. The essential principles of ALP-SCO worked in the context of war because leaders understood the gravity of the situation and environment and realized the old ways of “attrition warfare” would result in many more casualties.

What Can You Do, Leader in Cyberspace?

Today, we are fighting the battle for cyberspace like attrition warfare, except our friendly forces of businesses, governments and academic institutions are the only ones really suffering attrition. Individual organizations cannot fight this battle alone, and we will all need to collaborate with each other and leverage the forces that governments at every level must refine and deploy in law enforcement and other forms of interagency and cross-organizational operations.

Leaders at all levels can transform the ways in which we interact with adversaries. Leaders can change the nature of the conflict through just a few basic principles derived from the topics we’ve presented in this series. It may not be all that easy to change, but nobody said leadership was easy!

For reference, here is an updated version of the initial model we showed in the first post in this series depicting the major working parts of ALP-SCO:


Here’s what we can all start doing now as leaders in the pursuit of secure cyberspace operations, using ALP-SCO as a model:

  1. Understand and orient to the environment of cyberspace. OODA is all about orientation in the support of decision and action.
  2. Apply the orientation and understanding of the environment through adaptive employment of leadership styles…avoid mismatching the leadership style to what followers’ readiness and the environment demand.
  3. Back up the use of the right match of leadership style with the right power base that complements the follower’s needs and situation. Match style and power base to the environment.
  4. Anticipate the adversary and align prepared responses based on good cyber intelligence. Collaborate and cooperate both within and across partner organizations. [6]
  5. After a leader has succeeded in the first four principles, then look to technology as an augmentation and set of tools for enhancing secure operations. Leadership trumps technology, but in this day and age benefits greatly from effective implementations of technology.
  6. Care about what you do as a leader, take care of your followers and organization, and help make cyberspace secure for all of us.

Yes, leadership is hard, particularly in cyberspace. But, this is the United States of America. We can “fight and win” as the military mantra goes. We can be good leaders and ultimately secure cyberspace for all operations, including commercial, academic and government. ALP-SCO can make that difference.

Be an adaptive leader, especially in cyberspace.

Originally posted on 9/26/2016.

[1] Readers may note that we have chosen not to label SCO as cybersecurity throughout this series. Cybersecurity has been associated with the IT gurus for too long and removed from the visibility of the CEO, COO and CFO and rest of the C-Suite team. The identification of cybersecurity as one function of SCO is more accurate and better weights the responsibilities that every leader in the organization has for protecting critical assets.

[2] Goodman, M., Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It, Knopf Doubleday Publishing Group, 2015. Kindle Edition, (Kindle Locations 8468-8473).

[3] Kelly, K. The Inevitable: Understanding the 12 Technological Forces That Will Shape Our Future (Kindle Edition). Penguin Publishing Group, 2016.

[4] This makes adaptation and anticipation key features of another property of effective leadership we’ve talked about throughout the series: risk management.

[5] While there are no details here about what we did specifically or how we accomplished it during this conflict, the experimental processes and leadership approaches we implemented paid off very well, and set the stage for how networked collaborative intelligence is done today. Much can be said about the remarkable contributions of those at the strategic, operational and tactical levels of intelligence and what they accomplished in the early 90s and since.

[6] See: How To Stay One Step Ahead Of Cybersecurity Threats, Sep 22, 2016, for a 7-point list of things to do to practice Anticipatory and Adaptive Leadership. The list is composed of items that are leader responsibilities such as follower and peer training, senior-level engagement, collaboration with other organizations and investments into AI and future holistic technologies that go beyond Defense alone.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s