Conclusions: Adaptive Leadership and Power for Secure Cyberspace Operations

by Carl W. Hunt, Walter E. Natemeyer and Chuck E. Hunt

Throughout this series on Adaptive Leadership and Power for Secure Cyberspace Operations (ALP-SCO), we’ve stressed how hard leadership is. It’s time for us to admit that operating in cyberspace does nothing to make the fundamentals of leadership and management easier. In fact, successfully operating in cyberspace is one of the greatest challenges leaders (and followers) have ever faced in the history of organizations.

Leaders make the difference in any operating environment, however, and they will in cyberspace also. This concluding post on ALP-SCO both wraps up the series and offers some views on how leaders in all sectors might enhance their thinking about SCO. [1]

Last time, we began to contrast leadership in the “old days” of the information technology world with the need to accommodate system-wide complexity in approaches to leadership for today’s universe of cyberspace operations. Since we’ve emphasized the role of leadership in SCO throughout, it’s worth noting the prominence that cybersecurity author Marc Goodman places on the systemic nature of cyberspace:

In a world in which all of our critical systems and infrastructures are run by computers, it would be easy to dismiss our profound technological insecurity as just a computing problem. But we don’t just have an IT problem. Because technology is woven through the entire fabric of our modern lives, we also have a social problem, a personal problem, a financial problem, a health-care problem, a manufacturing problem, a public safety problem, a government problem, a governance problem, a transportation problem, an energy problem, a privacy problem, and a human rights problem…[2]

Technology and leadership, even though they may at times seem unrelated, must blend effectively in cyberspace to put our nation at the forefront of a future built on the dynamisms of what Kevin Kelly calls the currents and flows of innovation. [3] Here, we don’t mean technology leadership…we mean leadership in a highly technological environment that is increasingly difficult to visualize. Every item in Goodman’s list above has a common basic requirement to succeed and bring about some level of organizational visibility and transparency, however: adaptive leadership.

Getting back to Narrative 2 from last time, “SCO in Complex and Chaotic Environments,” let’s refocus on the elements of good leadership in the age of a complex environment like cyberspace. The two critical components we narrowed in on to succeed as adaptive leaders today are the ability to orient to the realities of the environment and match leadership and power styles to both the environment and to the readiness of the followers. It is the mismatch of leadership and power to the readiness levels of followers and to the environment that leaders must seek to avoid.

Since we’ve talked extensively about OODA and orientation to the operating domains and environment of cyberspace, we refer you to the detailed discussions (here and here). Also, the last post discussed the process of orienting to complex and chaotic environments, so we won’t repeat that in this post, either.

Instead, we’ll reemphasize the application of OODA and Orientation in order to avoid mismatch and operate more securely in cyberspace. And, since ALP can help even in the increasingly rare non-cyberspace environment, it’s like getting a twofer: adaptive leadership and power works in any management setting.

A significant element of adaptive leadership is anticipation of the future requirements and risks. We could easily argue that OODA was in fact designed to make anticipation in complex environments possible. [4] OODA, particularly Orientation, is indeed at the heart of ALP-SCO. Anticipation is equally at the heart of adaptive leadership, as described next.

Coauthor Carl Hunt offers an example of the effective operational level use of OODA and adaptation he experienced as a newly minted Information Technology officer in the Army during Desert Shield-Desert Storm in 1991. Many have likened the leadership challenges we face in conducting secure cyberspace operations to be like war, and we agree. From Carl:

“I had just been assigned to the US Army Intelligence Threat Analysis Center (ITAC) at the Washington Navy Yard, in DC as large numbers of US forces were being deployed to the Persian Gulf in early 1991. When I arrived, I found ITAC and our national intelligence agency partners at the forefront of applying early cyberspace technologies to warfighting challenges in an effort to make national-level intelligence products available to our forces deployed there, in what we hoped would eventually be real-time intelligence support.

“War has always presented a complex operating environment, and until this point, the delivery of these kinds of intelligence products were subject to the vagaries and untimely flows of war…intelligence support didn’t always arrive in a timely manner, or didn’t fulfill the field commander’s needs.

“The intelligence products provided from the national level normally had to be either delivered by courier or produced in-theater, typically using less than the state-of-the-art capabilities than existed in facilities in the United States or permanent regional centers. Such localized intelligence products reflected only small parts of the overall context or were of inferior resolution so that they were often ineffective at telling the story the warfighter needed in remote areas. Sometimes the products simply didn’t help commanders in a rapidly changing battlefield environment.

“National intelligence organizations of the early 90s were very keen on sharing relevant information with the warfighter in as timely a manner as possible. This was also the timeframe when we all realized the critical nature of collaboration and sharing information; we actually had the beginnings of an IT infrastructure that could make this sharing a reality, but we had to orient to the new environment; interestingly, there was a lot of talk about John Boyd and his OODA Loop in those days! Fortunately, we also had the roots of what I would call an adaptive and anticipatory leadership approach to serve remotely stationed US forces.

“Unfortunately, on the other hand, it was only the beginnings of the needed IT infrastructure, and it was hard to find “experts” who were familiar enough with the new world of “cyberspace” to adapt old processes and policies (or create new ones) in ways that would accommodate the demands for secure delivery of “real-time” intelligence. However, this was the American military, an organization that appreciated why and how to change to the demands of war, and we relatively quickly coevolved processes and technologies to adjust to these new demands. We helped warfighters win in the Gulf, with what became direct support from DC.

“Adaptive leadership demands that we find innovative ways to coevolve processes such as leadership styles, with technology in order to stay inside an adversary’s own OODA Loop. We began to provide intelligence products in real-time or even anticipated the needs of combat commanders and staged them so they could pull them as needed. In other words, anticipatory/adaptive leadership allowed the US to stay well within the adversary’s OODA Loop and decide and act during this first Gulf War far more quickly than they could before. This contributed significantly to a quick and decisive combat outcome, as well as a low-casualty conflict.”[5]

Such adaptive/anticipatory leadership approaches are precisely what we need to cope with the demands of the complex nature of operating securely in cyberspace today.

If there are any historical lessons that leaders can immediately follow to start implementing ALP-SCO today, they will likely be found in the successful prosecution of modern conflicts like Desert Storm and the follow-on military operations in the Gulf. The essential principles of ALP-SCO worked in the context of war because leaders understood the gravity of the situation and environment and realized the old ways of “attrition warfare” would result in many more casualties.

What Can You Do, Leader in Cyberspace?

Today, we are fighting the battle for cyberspace like attrition warfare, except our friendly forces of businesses, governments and academic institutions are the only ones really suffering attrition. Individual organizations cannot fight this battle alone, and we will all need to collaborate with each other and leverage the forces that governments at every level must refine and deploy in law enforcement and other forms of interagency and cross-organizational operations.

Leaders at all levels can transform the ways in which we interact with adversaries. Leaders can change the nature of the conflict through just a few basic principles derived from the topics we’ve presented in this series. It may not be all that easy to change, but nobody said leadership was easy!

For reference, here is an updated version of the initial model we showed in the first post in this series depicting the major working parts of ALP-SCO:

complete-alp-sco-graphic-for-final-post

Here’s what we can all start doing now as leaders in the pursuit of secure cyberspace operations, using ALP-SCO as a model:

  1. Understand and orient to the environment of cyberspace. OODA is all about orientation in the support of decision and action.
  2. Apply the orientation and understanding of the environment through adaptive employment of leadership styles…avoid mismatching the leadership style to what followers’ readiness and the environment demand.
  3. Back up the use of the right match of leadership style with the right power base that complements the follower’s needs and situation. Match style and power base to the environment.
  4. Anticipate the adversary and align prepared responses based on good cyber intelligence. Collaborate and cooperate both within and across partner organizations. [6]
  5. After a leader has succeeded in the first four principles, then look to technology as an augmentation and set of tools for enhancing secure operations. Leadership trumps technology, but in this day and age benefits greatly from effective implementations of technology.
  6. Care about what you do as a leader, take care of your followers and organization, and help make cyberspace secure for all of us.

Yes, leadership is hard, particularly in cyberspace. But, this is the United States of America. We can “fight and win” as the military mantra goes. We can be good leaders and ultimately secure cyberspace for all operations, including commercial, academic and government. ALP-SCO can make that difference.

Be an adaptive leader, especially in cyberspace.

Originally posted on 9/26/2016.

[1] Readers may note that we have chosen not to label SCO as cybersecurity throughout this series. Cybersecurity has been associated with the IT gurus for too long and removed from the visibility of the CEO, COO and CFO and rest of the C-Suite team. The identification of cybersecurity as one function of SCO is more accurate and better weights the responsibilities that every leader in the organization has for protecting critical assets.

[2] Goodman, M., Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It, Knopf Doubleday Publishing Group, 2015. Kindle Edition, (Kindle Locations 8468-8473).

[3] Kelly, K. The Inevitable: Understanding the 12 Technological Forces That Will Shape Our Future (Kindle Edition). Penguin Publishing Group, 2016.

[4] This makes adaptation and anticipation key features of another property of effective leadership we’ve talked about throughout the series: risk management.

[5] While there are no details here about what we did specifically or how we accomplished it during this conflict, the experimental processes and leadership approaches we implemented paid off very well, and set the stage for how networked collaborative intelligence is done today. Much can be said about the remarkable contributions of those at the strategic, operational and tactical levels of intelligence and what they accomplished in the early 90s and since.

[6] See: How To Stay One Step Ahead Of Cybersecurity Threats, Sep 22, 2016, for a 7-point list of things to do to practice Anticipatory and Adaptive Leadership. The list is composed of items that are leader responsibilities such as follower and peer training, senior-level engagement, collaboration with other organizations and investments into AI and future holistic technologies that go beyond Defense alone.

Contrasting the “Before and After” of Leading in the Information Age

by Carl W. Hunt, Walter E. Natemeyer and Chuck E. Hunt

Leadership in cyberspace is hard work and leaders need every edge they can get to succeed in the Information Age. In the past five posts, we’ve presented the major components of a system for adaptive leadership and power that can synergize to produce a better likelihood of organizational success in cyberspace. Interacting and working together, these leadership components produce a greater effect for secure cyberspace operations (SCO) than any technology available to us today, as well as minimizing the threats that cyberspace offers.

Moreover, combined effectively with technology, adaptive leadership and power (ALP) offers organizations even better opportunities for success. ALP, application of good cyber intelligence and risk management, paired with increasingly good technology, will act in concert to make secure cyberspace operations feasible and profitable. [1]

As Raymond Kelley, New York City Police Department’s longest serving Commissioner recently pointed out “…cyber is interwoven into everything that we do, so if you’re hit by a terrorist attack or natural disaster, cyber is going to play a role in some way, shape or form…(and) if it doesn’t come from the top, chances are (cybersecurity is) not going to be adopted or certainly not going to be interwoven.” [2] Only leaders and adaptive leadership can make ALP-SCO happen as an integral part of secure organizational operations.

Before we wrap up this series on ALP-SCO with a review and conclusions, we want to offer a couple of contrasting example vignettes, or narratives to show the differences in operations before the pervasiveness of cyberspace and what we face as leaders in 2016 and beyond. Even today, too many leaders still apply (or misapply) industrial age leadership to information age challenges and opportunities.

Mismatch of style and process is an area of emphasis for ALP-SCO. We want to demonstrate how the major components of the ALP-SCO model converge to help avoid or at least mitigate mismatch. We want to narratively demonstrate what we hypothesize will be measurable improvements brought on by more effective and secure operations in cyberspace.

In the first narrative, we’ll describe “the good old days” of operating in the world before we started connecting everyone to each other and everything else that could be connected. This is the world of Simple and Complicated environments that we described previously, and to which earlier forms of leadership and management principles applied adequately.

The second narrative will be split across this post and the final, concluding post to cement what we mean by operating in Complex and Chaotic environments like those presented in today’s manifestations of cyberspace. We intend to show how leaders may still rely on good old fashioned leadership approaches to adjust to new challenges and situations that cyberspace introduces, but update their styles and processes through more adaptive forms of leadership and power. In other words, we want to help leaders avoid mismatching their leadership approaches to the challenges their followers and organizations face in cyberspace.

Narrative 1: SCO in Simple and Complicated Environments

Remember the days when “all employees really needed” was to make sure their firewall and antivirus software were up to date and they changed their passwords every few months or so (if indeed they used passwords)? That was a time of simple network environments. Cyberspace was a reality but few were aware of it as an operating environment.

The pioneering “IT staff” had the lion’s share of the responsibility for reliable and safe network access and they only reported to the C-Suite when they had a problem or were asked for budget input. [3] The operational bosses concentrated on the bottom line and taking care of customers (or the government and academic equivalents). There was nothing more important than staying competitive, establishing new markets and making more money.

Yes, those were the days, weren’t they? We upgraded our PCs and network components based on an IT budget and life cycle that was simply one, sometimes minor, line item in the organizational budget. Depending on the size of the organization’s network, it could also be a complicated environment because it was tougher on the IT department to make sure all those software updates and faster printers were implemented in a timely manner. Information flows were relatively transparent.

During those “halcyon days” of early intranetworks and simple office automation, leaders focused on the productivity gains that fax machines, teleconferences and face-to-face meetings offered; email was only a toy to share jokes around the office. Disruptions to business processes based on network outages were few or had minor effects, and the work-arounds were well tested because they were the standard prior to the rise of the early PCs and networks.

Leaders oriented to the early cyberspace environments in much the same way they did before IT became the common and pervasive operating environment of organizations. Connections were clear to see, typically manifested in org charts and telephone directories.

As we wrote in “A Walk-Through for Applying Leadership Orientation Domains,” effective leaders could visualize these connections using tools that were available to them for decades before. Causes and effects were fairly observable and the “remedies” for low follower readiness and motivation were tested by time. Risk Management techniques were similar to what they had been for many years, consisting of standardized training and operating procedures, rarely changing organizational missions, and laws and regulations that reflected still-current industrial age conditions.

Dare we say Risk Management was easy or at least straightforward before the rise of the Information Age and the massive connectivity of cyberspace?

In the early days of office automation and the beginnings of the Internet (the interconnecting roots of cyberspace), leaders were already beginning to question the wisdom of standardized industrial processes, however. Frederick Taylor (Scientific Management), Fritz Roethlisberger (Hawthorne Experiments) and the direct application of military leadership principles to civilian organizations probably sounded great when they were initially introduced to leaders and managers (perhaps based on Machiavelli or Clausewitz). [4]

But, as followers understood through a newly connective mass media what was happening outside their own organizations and behaved in a less “scientific” manner (e.g., predictable), things were changing. Leaders and managers also began to question the scalability of the original “scientific leadership” principles in an increasingly connected and complex world. Looking to the past for leadership inspiration wasn’t working as well as before the rise of cyberspace…a different world was descending upon all of us.

Leaders intuitively knew there were more and more mismatches of style and process. Enlightened leaders found they needed to reorient themselves to the realities of a changing, more connected operating environment.

Fortunately, this was about the time John Boyd introduced new thinking in his OODA Loop model, and leaders could begin to look at innovative ways to consider the rise of cyberspace as an organizational operating environment and orient to the challenges it presented. As we’ve seen, Boyd’s work was starting to influence leadership thinking in the connected age, but leaders needed still more. Hence, our introduction of Adaptive Leadership and Power for Secure Cyberspace Operations.

Figure 1 reviews the basic elements of Leadership Orientation Domains, Adaptive Leadership and Power characteristics and OODA from earlier discussions.

domains-styles-ooda

Figure 1: Basic Elements of ALP

 

Narrative 2: SCO in Complex and Chaotic Environments

Situational Leadership, using OODA to orient to operating domains and even understanding and leveraging power and influence in cyberspace are useful concepts to be sure. But if used independently of each other mismatches and reduced leadership effects are still a danger. Failure to allow these components to synergize ensures that leaders will find it harder to orient to the challenges of the very complex and even chaotic world cyberspace imposes on the organization that must work within it.

When it comes to leaders and followers orienting to cyberspace as the predominant operating environment for business, government and academia, it’s worth heeding the words of Kevin Kelly, subject of one of our blog posts last year: “No matter how long you have been using a tool, endless upgrades make you into a newbie—the new user often seen as clueless. In this era of ‘becoming,’ everyone becomes a newbie. Worse, we will be newbies forever. That should keep us humble.” [5]

We’ll not only be newbies, we’ll lead like newbies to followers that look to us for inspiration and motivation. That’s a failure of leadership! Leaders and managers operating in cyberspace have to do better than being overwhelmed like newbies.

Today, we are still advised to do Risk Management similar to the ways we did it before cyberspace. In reality though, only the risk management prescription terms have changed to reflect new technologies, not new approaches to leadership. [6] Risk management is a leadership responsibility and it has to be articulated in terms that reflect leadership and inspire effective followership. Poor Risk Management is a failure of leadership, also.

So, let’s apply a bit of Boyd’s OODA Loop integrating our self-understanding of heritage, culture, analysis and synthesis abilities, previous experiences and new information inputs, as Boyd wrote. Let’s say that this orientation indicates that we are operating in an environment in which cause and effect are obscured by the highly interconnected nature of cyberspace.

Let’s further say that nothing in the current risk management approach for our organization is effective in dealing with attacks on our networks, and we conclude that we are indeed operating in a complex environment. As leaders, we come to realize we are mismatching leadership style to follower readiness and the organizational environment.

Half of the battle is won as we reach these conclusions: we are at least oriented to the environment we face as leaders. We now understand that simple, rules-oriented and best-practice approaches operating in such a complex environment are no longer suitable. How do we proceed? How does ALP-SCO help us?

Well, not to spoil our conclusions as we wrap up this series, we’ll use this setup to defer to next time. The next and final post in this series will address how we synergize the components of ALP-SCO to understand where we are in cyberspace, how we better operate in a more secure fashion and how we avoid mismatches of leadership style to followership readiness and organizational environment conditions.

Until next time!

Originally posted on 9-13-2016.

[1] We haven’t written a lot about the importance of open-source cyber intelligence, available to all, is to ALP-SCO. It is an important ingredient of agility and adaptation for secure cyberspace operations. Many of the sources of cyber intelligence for this blog post series are taken from Threat Brief, a daily recap of cyberspace and terrorism threats.

[2] Warren, Z., “Cybersecurity ‘Has to be Everyone’s Problem’ Says Former NYPD Police Commissioner,” LegalTech News, 8-22-2016, accessed 8-30-2016.

[3] Remember these early “IT staffers” were likely to be the ones who were early adopters of technology at home; they were the ones who bought the Radio Shack TRS-80 or Commodore VIC-20 computers to fool around with. These folks at least had learned enough computer lingo to tell the difference between a RS-232 serial port and a DB-25 parallel port.

[4] For deeper insights on these early leadership and management concepts, see Natemeyer, W., and Hersey, P., Classics of Organizational Behavior, Waveland Press, IL, 2011.

[5] Kelly, K. The Inevitable: Understanding the 12 Technological Forces That Will Shape Our Future (Kindle). Penguin Publishing Group, 2016, Kindle Edition locations 178-180.

[6] Caspi, G., The H Factor – Why you should be building “human firewalls”. “Cybersecurity risk management procedures can include providing employees with a VPN to avoid the risk of them using public Wi-Fi when they work outside of the office; prohibiting the use of personal social media channels to communicate with colleagues or clients about work-related correspondence or information sharing; mandatory periodic password changes; tracking apps on devices to protect from loss or physical theft; a theft hotline procedure with remote-deletion tools in place, and more.”

The Power Factor in Adaptive Leadership and Power

By Walter E. Natemeyer and Carl W. Hunt

This series on Adaptive Leadership and Power for Secure Cyberspace Operations began with a look at the requirement to adapt sound leadership principles for operations in cyberspace today. We proposed that we could integrate several traditional and non-traditional techniques that lend themselves well to leadership in the connected age.

We pointed to Dwight Eisenhower’s tried and true leadership perspectives, Paul Hersey and Ken Blanchard’s Situational Leadership model and a novel take on leadership that Nick Obolensky calls Complex Adaptive Leadership. We also demonstrated the power that John Boyd’s OODA Loop model offers to help leaders orient to the emergent environmental conditions that cyberspace and its massive connectivity poses to leaders in the connected age.

All of these approaches and models had one thing in common, whether addressing the environments of cyberspace or not: Leadership is the process of influencing others in efforts toward goal accomplishment. The fact is that leaders cannot automatically influence other people. Leaders have to have some sort of power to enable them to gain compliance or commitment from others.

We define Power as the potential for influence. Leaders who understand how to use power are clearly more effective than those who do not. This was true before the advent of cyberspace but in the face of a relentless, adaptive threat to our organizational networks today, the effective use of power to coordinate and influence our people in the exercise of secure cyberspace operations is more critical than ever.

Let’s look at some ways power has been classified in management literature. Amitai Etzioni broke power into two major categories. [1] One is called position power, and those are the powers that are bestowed upon a leader as a result of title, role or position within the organization. The other is called personal power. It is the power that leaders earn interacting with others based on their respect for knowledge, judgment, experience and the way that they treat other people. It is important for leaders to develop and utilize both their position power and their personal power.

Position Power and Personal Power consist of seven power bases. [2] There is an additional, perhaps transcendent, power base, truly prevalent in the age of cyberspace, which we loosely call “Network Power;” We will discuss this at the end of our description of the initial seven power bases. Figure 1 depicts all of these power bases in relation to each other and to the readiness level of the follower.

Expert Power is based on the perception that the leader has relevant education, experience and expertise to influence the follower’s behavior. It is based on respect for the expertise of the leader.

The second power base is called Information Power. It is based on the perception that this leader has access to, or perhaps control over, information that is useful to followers. People who excel at accessing and providing information are in a better position to influence followers than people who are not.

The third power base is called Referent Power. Referent Power is based on the degree to which the followers like, respect and admire their leader.

The fourth power base is Legitimate Power. This is based on the perception that this individual, because of his or her position, has the right to tell a follower what to do, and the follower has a responsibility to comply.

The fifth power base is called Reward Power. Reward Power is based on the perception that if the follower does what this leader wants, he/she is going to get some positive rewards for that compliance.

Sixth is Connection Power. Connection Power is based on the perception that this individual is connected to important or influential people within or even outside this organization. If the follower does what the leader wants because he/she hopes that it will gain the favor or perhaps avoid the disfavor of those “connections,” they are being influenced by the leader’s Connection Power. [3]

The seventh power base is Coercive Power. Coercive Power is built upon fear. It is based on the perception that if the follower doesn’t do what the leader wants, there will be negative consequences.

Finally, there is also what we are labeling Network Power that has become more noticeable since the advent of cyberspace and the massive connectivity that emerges from this relatively new environment. Over the last few years, several prominent thinkers have written about the general nature of Network Power from a variety of standpoints, including social networks, economies and governance. [4] We speak specifically of the influence of networks on leadership and management in this blog post series, however.

Joshua Cooper Ramo notes that the “future will almost certainly bring a study of the influence of network power upon history” and we take from his thoughts that leaders must also recognize the influence of network power in leadership. [5] “In connected systems, power is defined by both profound concentration and by massive distribution,” Ramo writes. “It can’t be understood in simple either-or terms. Power and influence will, in the near future, become even more centralized than in feudal times and more distributed than it was in the most vibrant democracies.” [6]

In the context of the Adaptive Leadership and Power for Secure Cyberspace Operations model, this means that Network Power propagates across cyberspace such that all the power bases might have some level of influence in any situation (e.g., not “either-or” as Ramo notes). “What is true for the machines all around us now is true for us too: We are what we are connected to.” [7] Network Power can and likely will enhance or dampen the “traditional” seven forms of power we described above, sometimes in alternating fashion.

“Network power, we might say, exists as a skin of billions of tied-together points linked to vital, centralized cores…Networks create concentration and distribution. As a result, they rip apart many existing structures.” [8] Thus, according to Ramo, Network Power as we describe it for ALP-SCO, is both an ingredient of the former power bases, and a “connector” for adaptive leadership functions. This is distinct from the Connection Power base previously mentioned, but a more general use of the term.

Ramo’s definitions of Network Power also means that all of the power bases that are infused through our take on Network Power change the character of the relationships between leaders, followers, and the organization, however subtly.

The impact of the four environments of cyberspace also come into play. “If connection changes the nature of an object, it also elevates those who control that connection to a level of rare power and influence.” [9] In ALP-SCO, leaders must bear this in mind. While there is much to learn about Network Power, this is an area worth hypothesizing about and studying. [10]

Figure 1 is an initial effort to integrate Walt Natemeyer’s previous work adapting power bases to follower readiness (and, by extension, leadership styles) to the realities that Network Power expresses in the connected age. Network Power must be recognized, facilitated and accommodated.

 

Leader Power Bases

Figure 1: Leadership Power Bases

 

In the absence of further study of Network Power in relationship to ALP-SCO, we note that when attempting to gain compliance from people with below average readiness (R1/R2), leaders should ideally possess and use their position powers, while tapping the networks they’ve built to focus these position powers. The leader’s ability to provide positive or negative consequences directly (reward and coercive power) or indirectly (connection power) can be instrumental in getting followers at R1 and R2 to accomplish organizational objectives they otherwise would not do.

With people of average readiness (R2/R3), a combination of both position and personal powers tends to be effective at influencing them. Providing positive consequences (reward power), asserting authority (legitimate power) and leveraging positive relationships with people (referent power) tends to work well at gaining their compliance.

And with people of above average readiness (R3/R4), utilizing personal powers (referent, information and expert power), particularly enhanced through social networks, is potentially most effective.

Network Power serves to enhance and/or dampen these powers just as networks do in all other fields (economics, governance, etc.). The leader that learns and exploits Network Power can excel at exercising the other seven powers.

Just as researchers found that there is no one best leadership style, they likewise concluded that there is no one best power base for a leader to use. This is particularly true in the connected age where not only the follower’s readiness is an important measure but so is the impact of the environmental conditions cyberspace imposes. There is no one best leadership technique and there is no one best power base to call upon to influence followers…cyberspace and the networks that emerge makes this certain.

The key to success in exercising power for secure cyberspace operations is to build all the power bases and use them according to the follower’s readiness level and the environmental factors that cyberspace presents. Understanding and leveraging Network Power is critical to that success.

Next time, we’ll provide a few vignettes that illustrate the convergence of follower readiness, cyberspace environmental conditions, leadership styles and how Network Power affects us all.

Originally posted 8/29/2016.

[1] Etzioni, A., A Comparative Analysis of Complex Organizations, The Free Press, NY, 1975, p. 159.

[2] For a detailed review of the Seven Power Bases in organizational behavior, see Natemeyer, W., and Hersey, P., “Situational Leadership and Power,” Classics of Organizational Behavior, Waveland Press, IL, 2011, p. 440.

[3] This “Connection” power base was identified long before the advent of cyberspace and network connectivity. In spite of the apparent overlap of meaning, we will continue to use the original definition of this term as it relates to the power base theory. We’ll try to be clear where confusion may arise.

[4] Important texts in this area of study include the following: Watts, D., Six Degrees: the Science of a Connected Age, Norton, 2003; Grewal, D. S., Network Power: The Social Dynamics of Globalization, Yale University Press, 2008; The books of Alvin and Heide Toffler (e.g., Future Shock, The Third Wave, etc.); and a very recent work, Ramo, J, The Seventh Sense: Power, Fortune, and Survival in the Age of Networks, Little, Brown and Company, NY, 2016.

[5] Ramo, op. cit., p. 85.

[6] Ibid., p. 116.

[7] Ibid., p. 35

[8] Ibid., pp, 116-118.

[9] Ibid., p. 177. Throughout the remainder of his book, Ramo describes what he calls “gateways” and “gatekeepers” as being the ultimate holders of power and influence in the connected age.

[10] In fact, one of the expected outcomes of this blog post series is the working proposal to study the role of leadership power in cyberspace and networks. One of the things we propose to look at in this research is the emergence and role of gatekeepers and gateways that exist in cyberspace, as noted by Ramo.

Leadership Decisions and Actions for Secure Cyberspace Operations

by Walter E. Natemeyer, Carl W. Hunt and Chuck E. Hunt

“The cybersecurity business runs on fear, so it is appropriate that investors have learned to be afraid. While hacking seems like a long-term growth industry, security hasn’t turned out to be the surefire bet many thought it was.” [1]

This quote comes from a business article recently posted in the Wall Street Journal Online, discussing revenues for cybersecurity companies. More than a story about cybersecurity, it’s also a telling piece about leadership in the connected age of cyberspace. Whatever success we’ve had in developing secure cyberspace operations over the years has never been just about software and technology, but it’s always been about good leadership. It’s not just cyberspace “security” as the WSJ article points out. We also need leadership.

In recent posts, we’ve talked about the challenges leaders face about secure cyberspace operations (SCO) and the environments they face in orienting to those challenges. Last time, we discussed a valuable construct from John Boyd, called the OODA Loop, that leaders can leverage to orient to the environments of cyberspace and frame decisions and actions.

We’ve been laying the case that leadership in cyberspace, while sharing similar characteristics to leading in other operating environments, also presents novel challenges that did not exist before. Further, our increasing reliance on technology as a surrogate for leadership encourages us to minimize good leadership and management fundamentals and practices to the detriment of the organizations for which we are responsible.

In continuing our case for adaptive leadership and power for secure cyberspace operations (ALP-SCO), we now dig deeper into the kinds of leadership models that are well-suited for organizational success in the connected age.

There are two leadership models that can leverage the insights gained from applying LOD and OODA for ALP-SCO. [2] They are Situational Leadership (SL) [3] and Complex Adaptive Leadership (CAL), which is actually a variant of SL. [4] Situational Leadership was originally developed by Paul Hersey and Ken Blanchard at Ohio University in the late 1960’s.

Since we’ve focused on some of Nick Obolensky’s insights about CAL in previous posts, we’ll talk primarily about SL in this post. As Obolensky has shown in his book, Situational Leadership is a cornerstone of all adaptive leadership approaches.

More than 50 years of research has consistently shown that there are two critically important dimensions of leadership behavior: providing direction and providing support. A key element of leadership effectiveness is deciding the mix of the appropriate amount of direction and support to followers; the SL model helps leaders make that important decision.

SL embraces the belief there is no one best way to lead people. Rather leaders should vary their leadership style (i.e., direction and support) according to the unique demands of the situation and organizational environment. SL suggests that the most important situational factor is the follower’s performance readiness level with respect to what the leader wants the follower to do. [5]

There are four categories of performance readiness. The first level of readiness is called R1. At this level a follower is very unable to the job, very unwilling to do the job, or both. So, R1 is very unable and/or very unwilling.

R2 is a person who is somewhat unable but willing. This is a follower who is below average in ability but willing to do what the leader wants the follower to do.

R3 is a follower who has developed to a point that he/she is generally able, but not fully confident or perhaps not fully enthusiastic.

Finally, R4 is the highest level of readiness. This is a follower who has developed to the point where he/she is very able, very willing and very confident.

The key point of Situational Leadership is that it is the performance readiness level of the follower that determines the appropriate leadership style for the leader to employ. [6] Again, the SL Model is based on the two key dimensions of leadership behavior: direction and support. Let’s explore those two dimensions a bit more:

Directive leadership behavior is the degree to which the leader tells followers what to do, how to do it, when to do it, where to do it, who to do it with, when to have it finished, what standards to achieve and procedures to follow, etc.

Supportive leadership behavior consists of a variety of people-oriented behaviors, including the degree to which the leader takes time to engage in two-way communication and engage with what the followers have to say, how much encouragement the leader provides, how much feedback the leader gives, how much the leader praises the followers when they do a good job, how much friendly interaction the leader engages in with them, etc.

In the SL model shown below in Figure 1, Directive Behavior is represented along the horizontal axis, and Supportive Behavior is on the vertical dimension. The key point of SL is that the leader should vary his/her leadership style (i.e., amount of direction and support) according to the follower’s readiness level.

 

SL Variant Graphic

Figure 1 – A Model for Situational Leadership for Secure Cyberspace Operations

The SL model is broken into four sectors representing four distinct leadership styles. In the lower right sector (S1), the leader provides an above average amount of directive behavior combined with a below average amount of supportive behavior. In the upper right sector (S2), the leader provides above average direction and above average supportive behavior. The upper left sector (S3) shows a leader who provides below average direction with above average supportive behavior. And finally, in the lower left sector (S4), the leader provides below average amounts of both directive and supportive behavior. [7]

Second, there’s an additional dimension below the SL leadership style model that represents the readiness level of the follower. Notice that the readiness scale ranges from low readiness (R1) on the right to high readiness (R4) on the left, as we discussed above.

Notional steps for using Situational Leadership are as listed below:

  1. Start by assessing the performance readiness level of your follower with respect to the particular task that you want that person to perform
  2. Then virtually “plot” that assessment along the readiness scale shown at the bottom of Figure 1 (R1, R2, R3, R4)
  3. “Draw” a line from the readiness assessment to the corresponding leadership style
  4. The point of intersection indicates an approximation of the appropriate style to use with that person or group at that point in time, under the constraints of the cyberspace environment imposed

In future posts, we’ll describe in more detail how SL, CAL and OODA can work together so leaders can better appreciate follower readiness and the cyberspace environment they must integrate to make leadership style decisions. Below are some initial examples of integrating these concepts to support secure cyberspace operations.

Examples of Using Situational Leadership in the SCO Environment

R1 requires S1

If the followers are very unable and/or very unwilling to solve a SCO problem, a high level of direction from the leader is required. This category of SCO problem might include a blatant disregard for established password or login procedures, or repeated attempts to visit unauthorized websites. The leader needs to tell the follower(s) what to do, how to do it, etc., and at that point a low level of supportive behavior is required. This assumes that the leader is capable and experienced in relation to the problem and understands the rationale for the procedures that need to be reinforced. If the leader is not a capable R4, he/she needs to connect to an R4 expert to provide the needed direction and support to both the leader and the followers.

R2 requires S2

If the followers face a problem where they are somewhat unable but willing, the leader should provide a high level of direction and support. An example of this type of SCO problem might be seen where a follower repeatedly fails to delete or quarantine and report the receipt of phishing emails, given that such attacks are a favored intrusion vector for cyber criminals. The follower may be mature in other aspects of cybersecurity, but just has problems observing and orienting to the threats this attack vector imposes. The followers’ lack of ability requires high direction while their overall willingness should be reinforced with feedback, encouragement and praise.

R3 requires S3

If the followers are generally able with respect to their SCO challenge they face but they lack confidence or enthusiasm, the leader should provide a low level of direction combined with a high level of feedback, encouragement and praise. Here, the leader also reinforces good follower SCO behaviors, and even solicits techniques that may benefit the rest of the team or organization. S3 allows the followers to use what they know and provides the supportive behaviors required for the followers to increase their confidence and/or enthusiasm. R2 and R3 can sometimes overlap, so it’s important for the leader to exercise balance and discretion to help develop and encourage the follower.

R4 requires S4

If the followers are very able, willing and confident to deal with the SCO challenges they face, the leader should use S4 and delegate the responsibility to deal with the situation to the competent, committed and confident followers. In desired cases such as these, the leader is just as capable of learning about SCO from the follower as the follower is from the leader. Leaders in this case should also be looking for good cybersecurity techniques they are learning from their followers that might scale throughout the organization.

In SCO, it’s critical to note that any follower or leader can instantly become R1, regardless of his/her ability, willingness or confidence in other areas of the job. This is because new cyberspace threats arise frequently, often in what are known as “zero-day exploits,” which are attacks that arrive with no prior warning or intelligence indication. It’s important to understand that operations in cyberspace are still so new to many organizations that anyone can become an R1 at any time and thus need to constantly orient and adapt to the situation as both leaders and followers.

A key benefit of utilizing Situational Leadership is that it can significantly improve the performance of the follower. Therefore, leaders should develop the habit of continually assessing their followers’ readiness level – as well as their own – and take necessary steps to provide the appropriate leadership style (i.e. directive and supportive behavior). In cyberspace operations, nobody stays R4 very long.

In fact, in the dynamic environment of cyberspace, people’s readiness level is likely to be more volatile than ever. Therefore, to maximize success at building and maintaining SCO, leaders need to quickly adapt their style to the readiness level of the follower as well as the environmental characteristics that the massive interactions and connections that cyberspace presents. Also, leaders need to assess their own readiness level and seek direction and support from others who possess the appropriate experience, knowledge and skill with respect to the current situation.

Next time, we’ll talk about the interaction of leadership approaches and leadership power.

Originally posted 8-22-2016.

[1] Gallagher D., “Why Safety Is Hard to Find in Cybersecurity,” The Wall Street Journal, 8/16/2016, accessed 8/18/2016.

[2] This current series will not address in great detail the acquisition and use of power in cyberspace operations. Future additions will examine more deeply the role that power and influence have in the massively networked environment of cyberspace.

[3] For the latest textbook-based presentation on Situational Leadership, see Hersey, P., et. al., Management of Organizational Behavior, 10th Edition, Pearson Education, Inc., Saddle River, NJ, 2013.

[4] Obolensky, N., Complex Adaptive Leadership: Embracing Paradox and Uncertainty, Ashgate Publishing Ltd., Kindle Edition, 2014, p. 55.

[5] ALP-SCO extends that thinking to take into equal consideration the impact of the environments of cyberspace.

[6] And, in the case of ALP-SCO, subject also to the demands of the environments of cyberspace, as noted above.

[7] The term “average” is a simplified adjective that serves as a placeholder for the “ground truth” of the follower’s and the environment’s actual requirements on a case-by-case basis.

A Walk-Through for Applying Leadership Orientation Domains

This post accompanies OODA and Leadership in Cyberspace, posted 8/15/2016

How could operationalizing Leadership Orientation Domains (LODs) to inform Adaptive Leadership for Secure Cyberspace Operations (ALP-SCO) with Boyd’s Orientation component work in practice? As we’ll see in the next couple of posts, leaders must understand and orient to the readiness level of their followers for given tasks as well as the environments in which they are functioning. They must also understand and orient to their state of teamwork and collaboration both inside and outside their organizations. We’ll talk about internal operations for simplicity sake in this initial example.

Let’s say a follower is quite experienced and has a high level of readiness (ability, motivation, confidence and willingness) to accomplish a task in a standard office environment. We realize that list represents a lot of variables and the term “standard office environment” is ambiguous. Just imagine this situation reflects what we might think of when we look back on the world before computers and networks. For the most part, this would be a Simple or perhaps even a Complicated environment, as defined in our second post in this series, Leadership Orientation in Cyberspace. We assume that in this case leaders can visualize causes and effects of behaviors and actions because they are oriented to their environment.

Now, jump ahead a bit in time and add in some office tools such as desktop computers or word processing equipment that at most connects only the internal office workers (e.g., before the ubiquity of the Internet we have today). Both the followers and the leaders are no longer in what was previously thought of as a “standard office environment.” They both have to adapt to new tools, both hardware and software, as well as new procedures. Neither leaders nor followers now possess the readiness level they had before: the environment has changed. It may not be Complex at this point because new forms of connectivity haven’t fully influenced operational procedures yet, but the way people labor and interact with their work has clearly become more complicated.

In this former time, rules still work and best practices can be discovered and implemented because the connectivity and interaction levels are low…the Complexity LOD hasn’t kicked in yet. Leaders can exercise “simple” cause-and-effect based leadership behaviors that only have to consider follower readiness; the environment is more predictable and can be more easily visualized. However, leaders will still have to adapt to this evolved definition of “standard office environment.”

In more modern times, the massive interconnectivity of cyberspace-based organizations changes the environment even further. Now leaders must not only consider the behaviors and readiness levels of their followers, they must also consider the “behaviors and readiness levels” of different elements in cyberspace operations such as new technology or rules, and equally important, network intruders.

In terms of intruders, leaders of individual organizations typically have little insight as to the ability, motivation, confidence and willingness of these adversaries and the LOD can quickly change to Complex or even Chaotic. Networked collaboration with other organizations becomes a requirement to fend off these threats…as Ramo and others before him point out, it takes a network to fight a network.[1]

The bottom line in this very simple example is that it’s up to the leaders to orient to new environments and to adapt and manage the evolution of the way they and followers interact. While similar orientations and adaptations certainly happened at the transition of the Agricultural Age to the Industrial Age, very few things were as connected and open to attack as they are in cyberspace: the world was not complex in the way we define organizations today.

A very simplified depiction, Figure 1 demonstrates a basic way to visualize the relationship of complexity to adaptive leadership function.

Complexity - Adaptive Leadership Graphic

Figure 1 – Complexity and Adaptive Leadership

 

Our world has changed and leaders must constantly adapt. They must form new internal and external collaborations to cope with LODs as they are recognized. That’s what leaders in any age must do. As we claimed in the first post, leadership is hard! Leadership self-understanding and orientation to the environment is equally hard. We’re really only just scratching the surface as leaders in cyberspace.

Originally posted on 8/15/2016.

[1] Ramo, J, The Seventh Sense: Power, Fortune, and Survival in the Age of Networks, Little, Brown and Company, NY, Kindle Edition, 2016. Interestingly, this decree has been a part of military counterterrorism network operations for many years.

OODA and Leadership in Cyberspace

by Carl W. Hunt, Walter E. Natemeyer and Chuck E. Hunt

Part III of The Future of Leadership in Cyberspace Series[1]

In 1976, USAF Colonel John Boyd published a paper entitled “Destruction and Creation” in which he described the general nature of decision-making in and out of a jet cockpit.[2] He proposed a novel approach to success in complex information-intensive environments such as aerial combat in an early attempt to find ways to deal with the growing complexity of combat-sensor information and increasingly short decision cycles. His thinking in that paper led to the development of Boyd’s now famous OODA Loop model, shown in Figure 1.[3]

OODA Graphic

Figure 1, John Boyd’s OODA Loop

 

Boyd demonstrated the value of routinely practicing four core processes: observing the environment, orienting to it, deciding on a course of action, and then executing that action. At the top level, it’s a simple graphic, but when combined with the feedback loops and interactions of experiences and observations Boyd demonstrated in his model, the results are highly dynamic and provide rich insights into constantly changing situations, a characteristic of operations in cyberspace today.

In this sense, OODA is ideal for helping to orient to which of the Leadership Orientation Domains (LOD) a leader encounters. When integrated with adaptive leadership models, OODA is a critical linkage to success in secure cyberspace operations.[4] It’s useful to think about these four processes as an interacting leadership support system rather than four discrete elements that leaders apply in cyberspace or aerial combat operations. While we emphasize Orientation as the key driver for LODs, all four of Boyd’s OODA Loop components inform leadership for secure cyberspace operations.

Observation, based on objective insights gleaned from the environment, feeds the rest of the process and forms a collection area for feedback, as shown in Boyd’s loop. This feedback ensures that observation and the subsequent processes coevolve with the reality of what’s happening. Military and intelligence operators call this ground truth.

Next in Boyd’s model is Orientation, the primary subject of this post. In the graphic, notice the sub-components Boyd identifies which affect how we as leaders orient to the environment and situation (see also the expansion of this topic in the accompanying blog post). The orientation portion of the OODA model involves self-understanding of the observer/decision-makers’ heritage, culture, analysis and synthesis abilities, previous experiences and new information inputs (looking clockwise around the star of Boyd’s model).

These subcomponents make up the frame of reference for leadership functions. If we combine OODA with an appreciation of the LOD (simple, complicated, complex, chaotic), we can see a much richer potential for success in challenging operating environments such as cyberspace. Orientation is also the collection point for the feed-forward data loop from the Observation component.

The leader’s self-understanding is absolutely fundamental to orienting to both the LOD and the situational factors that are present. It demands true objectivity. It also provides the baseline for decision-making and informs the tactical implementation, or action, of decision-making. This self-understanding and orientation to the environment energizes successful and secure operations within networked environments. Orientation is thus key to the function of adaptive leadership and power for secure cyberspace operations.

Joshua Cooper Ramo also comments on orientation in relation to what he calls Network Power: “No matter what, our global networks are going to be used in pursuit of power. So we had better consider how to become fluent with their real nature, how turn them to our advantage, and, ideally, how to rewrite the rules of conflict so our enemies will only be able to react.”[5] A “rewrite” of the rules is exactly what Boyd had in mind when it comes to using the OODA Loop to overcome adversary advantages.

Continuing with Boyd’s model, the act of Decision is much more than a simple either/or process. Decisions are based on making and testing relevant and appropriate leadership hypotheses about what has been observed, the orientation achieved by the decision-maker, and an estimate of the effects leadership decisions will have on the actions taken.

The component of Acting within the OODA Loop reflects all the interactions up to this point and is where leadership behavior is manifested to the organization. Acting is a coevolutionary process that takes place in the context of the environment. The consequent results of actions are measured through the feedback loops Boyd stipulates in his model.

Based on the previous discussions about LODs, the Orientation process of OODA is key; it sets up the environment for decision-making and action. As depicted in his model, Boyd spent a great deal of effort explaining orientation within OODA. It’s quite likely that Boyd would expand even further on the critical role of orientation for leadership in cyberspace had that environment been prominent in his time. There are recognizable parallels and even convergences for operations in the cockpit and secure cyberspace operations; leaders must come to grips with this “ground truth.”

Secure Cyberspace Operations demands proper orientation and a framework for the eventual action emerging from decisions. Just as successful aerial combat operations requires leadership, collaboration and teamwork to succeed, so does secure cyberspace operations. Ramo emphasizes this in his recent treatise on Network Power. With OODA, Boyd had much to teach us on both fronts.

In summary, OODA is a framework to position leaders and their perspectives to which of the four LODs we confront and eventually must act upon: OODA orients us. The integration of OODA and LODs within an adaptive leadership framework gives leaders a greatly enhanced potential to decide and act within cyberspace. Equally important, this integration will help us avoid mismatches of approaches to problem states such as simple solutions for complex problems. We will continue to stress the value of avoiding these mismatches throughout this series.

The next post will begin to address how we adapt as leaders and followers within the LODs.

Originally posted on 8/15/2016.

[1] This series is part of an ongoing effort to better understand the challenges of providing Adaptive Leadership for Secure Cyberspace Operations for the United States and our international partners.

[2] Boyd, J, (September 3, 1976), Destruction and Creation, US Army Command and General Staff College. Boyd wrote that the goal of destruction and creation is to “to improve our capacity for independent action,” another environmental factor we can influence as leaders.

[3] This graphic is courtesy of the Wikipedia article, “OODA loop” accessed 8-9-2016.

[4] We’ll begin to describe these models of adaptive leadership in Part IV of the series.

[5] Ramo, J, The Seventh Sense: Power, Fortune, and Survival in the Age of Networks Little, Brown and Company, NY, Kindle Edition, 2016, (p. 90). How we “consider how to become fluent with their real nature” is the essence of Orientation.

Leadership Orientation in Cyberspace

by Carl W. Hunt, Walter E. Natemeyer and Chuck E. Hunt

Part II of The Future of Leadership in Cyberspace Series[1]

Dwight Eisenhower said “Now I think, speaking roughly, by leadership we mean the art of getting someone else to do something that you want done because he wants to do it, not because your position of power can compel him to do it, or your position of authority.”[2]

This definition of leadership, often quoted in books, papers and training classes, evokes the essence of the subject of leadership in any environment: inspiration, motivation, preparation, power and authority. It focuses on both leaders and followers, two of the three most critical elements of adaptive leadership and power for secure cyberspace operations (ALP-SCO) in the connected age.

As we presented in the first post in this series, the environment of cyberspace itself is the third element that drives the function and role of leadership today. When we start thinking about leadership in these three terms, it becomes ever clearer that the hierarchical models of leadership are shattered. If effective leadership wasn’t hard enough before cyberspace, the new environment of cyberspace should definitely get a leader’s attention.

Respected network enterprise services and equipment provider Cisco Systems, just released their “Midyear Cybersecurity Report.”  Their Executive Summary concludes: “Attackers currently enjoy unconstrained time to operate. Their campaigns, which often take advantage of known vulnerabilities that organizations and end users could have—and should have—known about and addressed, can remain active and undetected for days, months, or even longer.”

This could be construed as a virtual indictment of leaders in all types of modern organizations, whether commercial, government or academic. If it’s not leaders who allow attackers to dwell in organizational IT systems for “days, months, or even longer” who is it? That’s rhetorical, of course…it’s the leaders. But as we noted last time in Part I of this series, it’s a tremendous challenge for leaders and followers to understand and orient to what’s really happening in their little corner of cyberspace.

There is a broad spectrum of difficulty in orienting to challenges that leaders face within highly interconnected, cyberspace-based organizational settings. Nick Obolensky suggests that there are four basic operating environments or domains.[3] He bases his four-part framework on the work of David Snowden and Mary Boone in their Cynefin Model.[4] This model introduced the four domains in which leaders typically operate and make decisions, in any organizational setting.[5]

In graphical terms, we might visualize these operating domains as shown in Figure 1. These domains are not necessarily linearly connected, but rather interconnected with relationships and information passing between each, through channels that often emerge unpredictably, as Snowden and Boone wrote. Operating in cyberspace further obscures these flows.[6]

LOD Quad Chart

Figure 1: Leadership Orientation Domains (LODs)

Last time, we introduced these four environments for leadership in cyberspace as Leadership Orientation Domains (LOD). Simple environments are where “cause and effect are fully linked and known, and so predictability is high. If you do ‘This’ you get ‘That’. It is the area of process and best practice.”[7] This is the domain of “what you see is what you get,” so says the old saying. As the picture shows, it’s essentially a flat landscape that doesn’t hide or obscure information flows.

Next on the scale, or grid if you prefer, are Complicated environments, where “cause and effect are there, but the linkages are not so obvious and need analysis to sort it out. Predictability is less than ‘The Simple,’ but with careful analysis and consideration the choices one makes have a fair degree of predictable outcome.”[8] Figure 1 might indicate that this is a “hillier landscape” and thus not all the connections are necessarily easy to see from every point in the organization, but obscurity of connections is still low. It’s possible to still get an overall viewpoint of what’s going on, even if we have to look harder.

A Simple LOD empowers leaders to act with straightforward, cause-and-effect models and methods that are generally predictable and leverage experience and intuition nicely. A Complicated LOD requires a bit more analysis and occasional “outside-the-box” thinking. Both simple and complicated fall within the realm of “best practices” and familiar models and tools.

Experts thrive in these two environments and are often the key players in decision-making and risk management. Also, Simple and Complicated LODs have generally simple patterns that are ultimately straightforward to detect and where risk is apparent to the trained and observant leader, and quite often to experienced followers, as well. When management advises “you just need to follow the rules” or the standard operating procedures or “the book,” they are really referring to Simple and Complicated operating domains.

After simple and complicated, however, leaders must “jump” an intellectual chasm that leads to the “mysteries” of complexity and chaos in organizations. In the next two operating domains, leaders have to be willing to balance intuition and experience with imagination and discovery. If leaders are successful in thinking beyond the boundaries of cause and effect, they will be better prepared to see and interact with the new organizational world that has emerged with the advent of cyberspace.

The “rules” and the “book” may offer a basic foundation for thinking through the challenges of these environments, but it’s up to leaders to sense the conditions of the challenges and opportunities of cyberspace, orient to the leadership behaviors required and to adjust and adapt accordingly. As the bottom two areas in figure 1 suggest, there are interacting weaves that are very difficult to follow, but the patterns can be detected through a creative mind and appreciation for emergence.

The Complex environment is where “‘cause and effect’ are combined. The multiple ‘agents’ involved (for example, people, organizations, technological component parts of the system and so on) are interconnected with feedback loops that affect each other in a complex network that is hard to predict.”[9] In reality, the patterns are in fact present but require maximum creativity to orient to the patterns; this domain may even require advanced models and simulations to visualize and interact with existing and generated data to observe these patterns.[10]

Resolving complexity in an operational domain requires an understanding of emergence, a term on which we can expand a bit here. Being comfortable with the concept of emergence in an organization entails an appreciation that sometimes things happen or people behave in what appears to be totally unpredictable ways. This is sometimes referred to as an object being more than the sum of its parts, and where even a full comprehension of those component parts does not lead to an understanding of their interactions and ultimate behaviors. For example, individual follower behaviors in a group do not always apprise leaders as to what will happen when these interactions and resulting team behaviors occur. This keeps adaptive leadership interesting and absolutely necessary![11]

It’s even more difficult to visualize and orient leadership experiences in the Chaotic environment. This is “rare and is where there is no discernible cause and effect at all.” Obolensky, Snowden and Boone essentially say that there are “no manageable patterns – only turbulence.”[12] Here the leader’s main job is not to find patterns, but “stop the bleeding” and allow the team or organization to get back into the game as soon as possible and move towards a domain in which the organization can get things under some semblance of control. In scientific terms, chaos is a well-studied state and it is currently unclear that organizational operations in the chaotic environment are even possible for very long.

Organizations can thrive in simple and complicated environments and if they can master complex environments, they may even succeed beyond all expectations. Chaos, however, may not only be debilitating but destructive, and should be avoided or at least mitigated, if at all possible.[13]

So, a Complex LOD requires leaders to test the environment and think beyond intuition and experience; they must be prepared to adapt to a world that often surprises them, and while there are models and tools available, they require practice and objectivity to leverage them. If they were describing leadership in cyberspace in their original work, Snowden and Obolensky might say that a Chaotic LOD is in some sense the easiest of the four since there is no discernible pattern to guide decision-making and action; the leader just needs to do something to get the organization out of this domain as soon as possible. Quite often, one action is as good any other, but constant planning and training will help prepare for eventual action![14]

A key problem for leaders is how to learn which of the LODs they are facing (if they are fortunate to be facing only one at a time) and what they can do about it. Each of these four environments requires different orientations, behaviors and activities for leaders to be successful within their organizations and cope with demands each environment makes on an organization.

Mismatch of leadership decisions and actions to domain requirements can be as bad as mismatching leadership styles to follower readiness levels, as will we note in the near future. This is where the tried but true Observe-Orient-Decide-Act (OODA) model we introduced last time can help leaders operating in cyberspace achieve orientation for all leadership functions.

OODA for orientation to LODs to more effectively lead secure cyberspace operations is the subject of our post next time.

Originally posted: 8-9-2016.

Notes:

[1] This series is part of an ongoing effort to better understand the challenges of providing Adaptive Leadership for Secure Cyberspace Operations for the United States and our international partners.

[2] Dwight D. Eisenhower in his remarks at the Annual Conference of the Society for Personnel Administration, 5/12/54, from the archive recorded at the Presidential Library of the former president.

[3] Obolensky, N., Complex Adaptive Leadership: Embracing Paradox and Uncertainty, Ashgate Publishing Ltd., Kindle Edition, 2014, p. 55.

[4] Snowden, D. and Boone, M., “A leader’s framework for decision makingHarvard Business Review, November, 2007.

[5] The domains Snowden and Boone discuss are not original to them, but have been categories discussed for years as a part of the study of what is known as complexity science. See for example, Kauffman, S.A., The Origins of Order, Oxford Press, NY, 1993.

[6] For more detailed images of the four domains as presented by Snowden, see Snowden, D. and Boone, M., op. cit.

[7] Obolensky, op. cit. p. 55.

[8] Ibid.

[9] Ibid.

[10] Agent-based models and simulations are examples of the advanced computational tools that may be required to visualize patterns in complex domains.

[11] Snowden and Boone’s paper recounts a NASA example: “There is a scene in the film Apollo 13 when the astronauts encounter a crisis (‘Houston, we have a problem’) that moves the situation into a complex domain. A group of experts is put in a room with a mishmash of materials—bits of plastic and odds and ends that mirror the resources available to the astronauts in flight. Leaders tell the team: This is what you have; find a solution or the astronauts will die. None of those experts knew a priori what would work. Instead, they had to let a solution emerge from the materials at hand. And they succeeded. (Conditions of scarcity often produce more creative results than conditions of abundance.)” Snowden and Boone, 2007, op. cit.

[12] Obolensky, op. cit.

[13] In many circumstances, the best we can seek is to create an environment that fosters a “positive emergence” or outcome, referring back to the previous discussion on emergence. Both complexity and chaos can produce emergences, but as leaders, we would like to understand them as they occur, and guide the environmental factors that might improve the likelihood for a good outcome.

[14] Ibid. These descriptions of the four environments are based on Obolensky’s recitation of David Snowden’s Cynefin Model, Obolensky page 55-56. Snowden also calls the “Simple” environment the “Obvious” and includes a fifth domain called “Disorder”. In this paper, we use the four domain descriptions as provided by Obolensky.