"Games versus Exercises:

Designing Surprise-resilient

Organizations for a Cybered World”

Chris C. Demchak Associate Professor, United States Naval War College

Strategic Research DepartmentNewport, Rhode Island, USA 02841

Views expressed are not those of the US Government or the US Navy .

My Focus in Research

• Field: Comparative study of deliberate and accidental surprise affecting complex, critical socio-technical systems (niche: fusion of social structural, with technological design and basic information systems complexity research)

• Focus: Organizational responses in design, operations, learning– what people do [comparatively] in their organizations when nastily

and intentionally surprised,• Underlying concerns:

– Resilience as Systemic Attribute– Reverberations through institutional changes to alter the

wider society and global system

Outline:

Surprise, Scale/Complexity of Cyberspace, changing Conflict, Power, and the Institutional/Political Topology of the Cybered World

Limitations of Existing Exercise Formats for Learning Resilience in Largescale socio-technical Systems

Argument: Gaming and adapted organization (Atrium model)

for operationally accurate timely trial-and-error learning (TEL)

Cyberspace better seen as a globally man-made ‘Substrate’

• Expansion engine of Globalization

•  Dual nature - it enables good and bad actions equally

• Now is a Complex Socio-Technical System on Steroids at Global Scale

•  Enormous Security and Resilience Challenges for heavily digitized civil democratic nations

New Underlying Insecurity for States

• Everyone regardless of intent can use global cyber substrate to operate through, with, and on anyone whenever over whatever period of time to any level of precise outcome.

• Opponents of any sovereign state have historically new choices to create a multiplicative inventory of complex attacks for little cost:– Scale: enemies can organize from 5 to 500, etc, with

globalized communications,– Proximity: enemies can reach from anywhere with the

high speed, globalized connections,– Precision: enemies can target one or thousands with

globalized interdependent connectivity

Result: a wide range of conceivable forms of cybered conflict and nasty surprises

• Possible on global scale, • Including those from unintentional acts

or just poorly coded attacks

• Multiplies knowledge and sensemaking problems many times over for leaders and institutions ensuring national security

Natanz Peace and Prosperity

Nuclear Fuel

Reprocessing Plant

STUXNET

Global Complex Socio-Technical Systems as Conflict Spaces require a newer language

• “Cybered Conflict”, not ‘cyber’ war’– Cyber is the basic technological system – Cybered is the whole combination of people, instituions, etc with

cyber to create the socio-technical whole• ‘Cybered’ because conflict has no easily defined attributes

– No clear beginning, end, rules of engagement, limitation on actors involved, avenues of deterrence, metrics of risk, indicators of strategic opportunity, immunization, or incremental success, etc

Cybered conflict “Any conflict of national significance in which success or failure for major participants is critically dependent on computerized key (cyber) activities along the path of relevant events”

Need adapted notion of ‘Cyber Power’ in complex Cybered World

• Some attacks will succeed => national ‘security’ now intertwined with national ‘resilience’ because

• “Cyber Power” now has two parts:– Disruption: traditional capacities to deter, deflect, reach out

and harm, but not destroy, ability

– Resilience: newer complex adaptive system ability to endure inevitable successful attacks with internal critical redundancy, slack, and constant trial-and-error learning (TEL) throughout home society

• Cyber power provides the “security resilience”(*) of a nation

* C.Demchak, forthcoming 2011, Wars of Disruption and Resilience: Cybered Conflict, Power, and National Security. UGA Press

Building Cyber Power means increasing Resilience across the Nation

• Exceptionally difficult to do under urgent conditions when under flood of disparate attacks

• Hard to get necessary redundancy, slack, and T&EL (trial and error learning) quickly enough across whole society while cyberspace still growing

• Cannot process inputs fast enough or create critical redundancies quickly enough in real time right now

• Supply chain especially hard to comprehend and control a for bad actors or subverted goods cross such open exchanges

Cyber challenges deeply embedded in supply chains in a globalized largescale socio-technical system

LENOVO China-IBM Inc

NATIONAL ‘CYBER’ POWER NEEDS RESILIENCE

AS MUCH AS DISRUPTION CAPABILITIES IN A CYBERED WORLD

In this cybered world, how do we COLLECTIVELY in our key organizationslearn to be surprise-resilientand then design ourselves to keep it fit for purpose over the long run as cyberspace and its topology evolves?

Militaries Historically Surprise-Embracing Organizations

• Within their purview, modern militaries pursue redundancy, slack and trial-and-error learning

• Use standardized drill and training routinely – to prepare large-scale units for the surprises anticipated in

traditional conflicts

• Train individuals to be redundant in specialties – and cross level them as needed

• Read history of wars and gather intel on likely opponents to create scenarios (slack)

• Use exercises in mass and depth – in accordance with resources

Exercises that worked in the past are today inadequate for surprises of cybered conflict

• See cyberspace narrowly as “domain” so limit environment• Construct exercises for military role in “war”

– Defined crisis build-up, ROE constraints, preplanned scenarios, and ending objectives

• One-offs, even if annual event– No replay on the spot to test alternative hypotheses

• Offense not allowed full range of offense advantages in order to contain training or events– Reverberations beyond focused AO at best second order

• Educates those who design it and those who directly play, few others

• Not widely available for replay, update, dissemination

“Oh great! We trained only with BIG ladders”

Cyberspace is a Complex Socio-Technical System on ‘Steroids’ at a Global Scale

Accommodated?

Yes

No

Knowable?Yes No

Neglect Rogues5-20%

Preparation Serendipity

Outcomes Universe

Complexity expands the Universe of Undesireable Outcomes:

Accommodating Surprise in Complex Largescale Socio-Technical Systems

• To get to the KNOWABLE unknowns, need implicit as well as explicit knowledge

• Especially missing tacit knowledge embedded in your organizational members– Normally lose or ignore their experiences,

knowledge of their professional domains, untapped skills, and perspectives encouraging innovative responses

– Most of this is currently difficult to collect at best

• Complex systems and organizations research has recommendations

Basic Lessons about Responding to Surprise from Complexity, LTS and Complex Adaptive Social System Research

Complexity Research Major Lessons1. Only Trends can be forecast with knowable/unknowable unknowns2. Path Dependence powerful3. Channeling trends is best possible accommodation option

Largescale Technical Systems Research Major Lessons1. Trial and Error best to acquire knowable unknowns2. Tighter coupling increases potential rippling error paths3. Redundancy and Slack powerful accommodators4. Knowledge is expensive in time, money, staff attention, implementation

Complex Adaptive Social Systems Research Major Lessons1. Human buy-in essential for effectiveness (legitimate, useful, doable) 2. Cultural filters powerful (socialization, operationalization hard to control)3. Largescale socio-technical systems drift readily into unnoticed critical coupling and a lack of urgency to absorb or seek knowledge

Exercise Shortcomings

• do not collect tacit knowledge continuously, develop it, or allow the widespread reuse of this data.

• do not prepare adequate capabilities against surprise in complex socio-technical systems

How to learn to be resilient when embedded and vulnerable to globally complex system

• Resilience to surprise must be developed inside the socio-technical system, especially its security units.

• Need to develop collective sensemaking AND a menu of doable rapid accurate actions under urgent conditions (*)– In addition to comprehensive data inside and outside the

institution– Must have collective trust among those responsive,

mitigation or improvisation or innovation knowledge foundations, and holistic understanding of the wider environments involved.

* From L. Comfort, A. Boin, and C. Demchak, eds. 2010. Designing Resilience. U of Pittsburgh Press

Organizations need to “Play It Through”• Virtual reality simulations, if done correctly, can allow

organizational members to play out their experiences and hypotheses with others, developing richer options for response to surprise

• Gathers tacit knowledge in ways that meet the graphical and spatial predilections of humans in easy, useful, and collaborative mechanisms

• Members can develop trust relations with those playing, and engage instinctively in performance assessments

• Can be re-used, replayed, reviewed, analyzed, and reconsulted later – trial-and error learning

• IF co-authored, the tacit knowledge can be provide remarkably informed innovative responses to surprise because they or someone has played through

The Gaming needs to be Fully Embedded in Shared Practices of the Organization

• Knowing when to seek more knowledge is the sense-making of resilience– Requires seeking what can be known continuously and keeping that tacit

knowledge for ubiquitous operational use• Embedded organizational high-fidelity, continuously

available, co-authored, game-based simulations– Daily practice of contributing reinforced by relatively frequent

episodes of development of competence under surprising conditions

– Actors unusually educated about overall system• Advantages

– Maintenance of knowledge closely monitored– Environmental surprises constantly explored – Cognitive resilience encouraged

• by ability to test ideas for local actions and see how they blend– Operational knowledge exchanges practiced broadly with

different actors or same ones

Gaming and an Atrium Organization

• Embed operationalized on-call gaming in the organization

• Trial-and-error learning is easy, accessible, and useful

• Key attributes: High fidelity, continuously available, co-authored game-based simulations embedded in shared practices of critical organizations

• Encourages knowledge redundancy, along with novel approaches to slack.

Imagine operationalized gaming embedded in your organization

Atrium Model: What a “Surprise-Facing” System might look like

• Model Refines hypertext organization identified by Nonaka and Tageuchi in successful Japanese corporations

Atrium

Core

Task Forces

The Atrium

Knowledge base not merely library or programmed threshold-based decision-maker

Socially constructed as colleague

People “enter” Atrium virtually as consumer, contributor, or producer Atrium

The Core -- Main Operational Stem

• Personnel required to rotate into Atrium and then action related Task Forces before returning to main operations

• Everyone rotates, including CEOs– Wide familiarity with

Atrium queries, knowledge needs and uses

– Fully uses adjunct members and part-timers Atrium

Core

Task Forces – Action end of the Knowledge Chain

• On Call action teams across systems

• Personnel conduct short tours here

• Personnel rotate into Atrium and then Core before returning to task forces, or at each change in major assignment

• Capture wide familiarity with knowledge needs and Atrium uses Atrium

Core

Task Forces

Gaming aspect of Atrium is in the operationalized collaborative emergent knowledge (tacit and explicit development

Accommodates surprise with 24/7 self-coordinating scalable knowledge-centric organization IF co-authored

Conceptual clarity in goals and processes as people play through what they do routinely

Effectiveness AND security enhanced as knowledge less scarce organizationally and societally Atrium

Core

Task Forces

ATRIUM for Joint OPS

Atrium

Core

Real & Virtual EmergencyTask Forces

(multiple organizations)

Only possible in cybered world

Can segregate own sensitive files and yet still play through

Builds cross organizational trust continuously

Builds inter-organizational knowledge sets

What scenarios might individuals play through that have no real outlet currently?

• Casual overeducated unemployed youth in ME pile-on – during period of active Chinese nationalism with rise of proxy cyber

warriors and student projects with unpredictable waves of persistent threats through supply chain backdoors left in place over time in both military and commercially central firms

• “Anonymous” related attempted Fukushima redux attacks – across small reactors with related Son of Stuxnet attacks on small

electrical generation plants serving aviation, mass transit, large federal clearing houses, and main trunk oil pipelines

• Peer state heightened tensions as persistent threats open dormant back doors into military and NATO nation subnational systems – in disruption in world of national cybered borders across international

system with nonstandard OS variants operating in government owned/operated clouds.

Cybercommands are Critical Cyber Sovereignty Indicator of Politcal/Economic/Social Seriousness attached to National Uncertainty from global Cyber Substrate

But only seeds of future evolutions in this sovereignty building process – may end up regional entities

How will we play through a cybered world in which most nations have a cyber commands (or equivalent)?

Cybered New Forms of Conflict?

“Sir! Enemy BN CDR Alpha has tweeted his family.

He plans to be home today in time for a birthday party at 1600.”

“Air strike on his likely travel route? …… ……or tweet back?”

“You’re SURE your unit can tell which ones are the remotely targeted, massed, Alien cyber bots?...you ARE really sure, right?”

National CyberSecurity Gateway

A Millisecond in Life at the Cyber Border

Welcome to the

Cybered Conflict Age ?

“And now at this point in the meeting, I ‘d like to shift the blame away from me onto someone else.”

Questions?