Homeland Security Requires Internet-based Thinking
Homeland Security Requires Internet-based Thinking
speech to InfoWarCon 2002, September 4, 2002
by W. David Stephenson
We’ll hear a lot during InfowarCon about specific technologies on the cutting edge of fighting terrorism.
As crucial as those measures are, during the next hour I want to turn our attention to a far greater challenge we must master if we are to successfully combat terrorism: the challenge of changing our own minds.
Why? Because the attitudes and systems that built America’s prosperity — competition, linear processes, and hierarchy — are maladapted to fighting the rapidly-changing challenges of global terrorism.
Let me briefly recount three instances that illustrate this point:
- to quote FBI Agent Colleen Rowley’s scathing memo about delays in getting a search warrant for Zacharias Moussaoui’s laptop, “Minneapolis agents’ initial thought was to obtain a criminal search warrant, but in order to do so, they needed to get FBI Headquarters’ approval in order to ask for DOJ OIPR’s approval to contact the United States Attorney’s Office in Minnesota. Prior to and even after receipt of information provided by the French, FBIHQ personnel disputed with the Minneapolis agents the existence of probable cause to believe that a criminal violation had occurred/was occurring. As such, FBIHQ personnel refused to contact OIPR to attempt to get the authority.”Is that the most outrageous example of bureaucratic excess you’ve ever heard — and with the most tragic results.
- Second, even after the tragedy, the FBI tried to get rid of the FAA’s liaison person at their headquarters, because he was seen as “too pushy.” Nothing personal, but I want someone pushing for answers in this disaster!
- And, finally, as Actor James Woods told The New Yorker’s Sy Hersh, on an Aug. 1 2001 Boston to LA flight, he observed 4 men who appeared Middle Eastern. They dressed alike, didn’t carry luggage, didn’t drink or talk to the stewardess. Woods — who says he watches people “like a director would,” concluded that the men were casing the plane for a hijacking. He told a flight attendant that “I know how serious it is to say this,” and asked to speak to the captain. Both the first officer and flight attendant shared Woods’ concerns, and said they would file reports with the FAA. However, Woods heard nothing more — until September 12th, when FBI agents were outside his door at 7:15 AM!Woods remains convinced that at least 2 of the men were among the Sept. 11th hijackers. If that’s the response a celebrity’s concern received, what do you think would happen to the average citizen?
These are all reflections of obsolete thinking:
- creating linear, hierarchical practices
- working in isolation
- and devaluing the insights of those from outside our organization or who are low on the organization chart.
Instead, our response to terrorism must be marked by three diametrically opposite characteristics.
First, we must think cyclically.
We paid a terrible price for outmoded procedures that forced people with critical information to route it through a ponderous chain of command designed more to weed out information than speed critical knowledge to everyone who needed it ASAP. So much of the terrorist threat is so unprecedented, so alien to our traditional approaches, that we must instead act quickly, then revise procedures on the fly based on immediate feedback.
Second, we must link everything.
Agencies that have guarded their proprietary information and prerogatives instead of sharing it are intolerable.
Finally, and most important, we must empower individuals — in fact, every individual.
Preventing and/or responding to terrorist attacks is too great a challenge for government by itself: it must be everyone’s job.
Unfortunately, the average American has no more information on Sept. 4, 2002, on how he or she can help prevent another terrorist attack or deal with the aftermath of one, than on Sept. 10, 2001.
I do have some good news: these three attitudes — thinking cyclically, linking everything, and empowering individuals — are embedded in the Internet’s fundamental technology and architecture. That gives us the potential of synergies between thinking and technology.
It is why the Internet can and must become the anti-terrorism effort’s digital nervous system.
However, to date, anti-terrorism efforts have failed to capitalize on the Internet’s full potential.
I believe that we adopted this new technology so rapidly that we didn’t reflect on how it might not only allow us to do things faster and more efficiently, but to do them in fundamentally different ways.
We use 21st century technology to accomplish 19th century tasks.
We haven’t grasped that a fundamental shift in technology demands a fundamental shift in thinking.
I call this needed shift Internet thinking, and what could be a more appropriate impetus to make the shift to Internet thinking — whose benefits will go far beyond mastering the terrorist threat — than the first major crisis of the 21st century, and one that is so sweeping in its scope and so contrary to our prior experience? The first step in the transition to Internet thinking is being able to identify how restrictions imposed by obsolete technology limited our thinking, and how ingrained they are.
For example, paper-based documents and processes, especially ones dealing with complex and highly-significant issues (such as security and defense ones), had to go through slow and hierarchical review and approval processes. A superior had to review the document, return it to the author for comment, and then repeat the process as it moved up the chain of command. Agent Rowley’s memo captured vividly how complex and antiquated this process was, and how unsuited to an era and situation in which real-time communication is essential.<br><br>Similarly, phone-based or face-to-face conferencing required that all participants be available at the same time: there was no provision for those with a scheduling conflict to participate.
By contrast, the Internet and the communications theory underlying it, have always emphasized creating technology to support the way humans naturally think, rather than constricting it.
In a 1945 article that is now generally acknowledged as the theoretical impetus for hyper text and the World Wide Web, Presidential Science Advisor Vannevar Bush raised the idea of what he called the memex, a device that would free communication from these constraints. It would mimic the mind’s way of working — organizing information not in a linear fashion but by association, “creating an intricate web of trails interconnecting the memories and data stored within the mind.” This device would let the user create a wide range of paths between individual pieces of information. “The memex would also allow users to annotate any piece of information, enter their own information, and link it to the existing web of trails.”
Isn’t that exactly the kind of device and thinking — that the current challenge requires? 20 years later, Ted Nelson made the kind of communication Vanevar Bush possible with hypertext:”non-sequential writing - text that branches and allows choices to the reader … a series of text chunks connected by links which offer the reader different pathways.”
With hypertext, individuals and organizations could go beyond linear thinking, linking a wide range of ideas and thoughts that give the reader the power to explore related topics rather than imposing just a single linear argument. To me, that sounds like the ability to connect the dots that has been so much in demand recently.
Ironically, by the time that we had technology mimicking the way humans think when left to their own devices, we have become so conditioned by the constraints imposed by prior technologies that we have a hard time thinking in non-linear fashion!
So what is “Internet thinking,” and how, combined with Internet technology, can it improve Homeland Security?
The first aspect of Internet thinking that is critical for homeland security is to think in terms of cyclical processes.
The need for feedback loops and constant, iterative revisions to anti-terrorist processes is painfully evident:
- Breaches in airport security before Sept. 11 were reported to authorities but weren’t acted upon, unbenownst to those filing the reports.The Rowley memo demonstrated how crucial information could become mired in hierarchy.
- After the tragedy, numerous Arabs in the US were detained on the basis of fragmentary information, only to be freed when an examination of their entire histories made it clear that they were innocent.
Businesses suffered from similar information-sharing lapses when paper-based reporting and linear communication were the rule. Now, companies use Internet-enabled Customer-Relationship Management (CRM) software so all information about a customer is at the fingertips of the person dealing with that customer, on a real-time basis. That’s why banks can now decide on loan applications while you’re still on the phone. The customer’s file is constantly under revision, constantly altered on the basis of feedback.
Seizing on the similarity between the way CRM has aided companies and government’s needs to give those dealing with a potential terrorist information gathered by all agencies, one leading CRM vendor, Siebel Systems, is marketing a “Solutions for Homeland Security” package. It allows agencies to coordinate information sources including maps and other spatial data, and communicate it via phone, fax, email, Web or face to face.
In the case of Homeland Security, if there were cyclical, Internet-based processes, someone offering a tip would be notified automatically that her complaint wasn’t acted on within a given period. A supervisor would be automatically notified, who could both expedite the matter and discipline the non-responder. Just think how different things might have been in the FBI’s Minneapolis and Phoenix offices with such a system! Equally important, Internet-based systems — and thinking — would allow information to be fed back so security processes could be continuously revised based on real-life experience. This is particularly important in a situation such as the terrorist threat, in which we must deal with situations that were unimaginable in our wildest scenario plans. That’s unfortunate, but at least we can make certain that as seat-of-the-pants learning does occur, others may share from the insights without having to repeat the same errors.
However, the existence of Web-based CRM software won’t help unless we think differently as well.
It requires systems thinking.
Pioneered by Prof. Jay Forrester at MIT (and popularized as a business tool by his student Peter Senge in The Fifth Discipline), systems thinking involves looking at all aspects of a complex situation as they interrelate and influence each other, rather than simply analyzing each component in isolation, and to understand the underlying patterns of interrelationships that are responsible for behavior and the events. As the late systems theorist Barry Richmond said, it requires seeing both forests and trees. Process mapping is a crucial tool for systems thinking. It involves identifying the participants in a process, the kinds of information gathered and action taken, and how that information flows from one step to another. If we had AV capacity in this room I would show you a process map by Barry Richmond using his company’s iThink software to model the operation of terrorist groups that vividly brings this approach’s power to life.
The process map would identify current processes that conclude in a “dead end,” where data is simply archived (vs. being acted upon)and isn’t revised on a timely basis.
The other crucial goal in an process-mapping based systems approach to Homeland Security would be to identify all of the places where information gathered by one agency should flow automatically because that data could also be valuable to others: seemingly, this is what the Justice Department planned with its controversial TIPS program, which would create a “single-point of access” to an individual’s record.
That leads me to the second, and closely-related aspect of Internet thinking: always think how people and events are linked. Or, to use the current shorthand, to connect the dots.
That just wasn’t done in the past. Individual agencies were aware in advance that at least one of the eventual highjackers was in the country illegally before September 11th, but didn’t share information to coordinate a response. The Internet’s ability to link everything is crucial to overcome lack of coordination among the Homeland Security agencies. With the Internet, for the first time it becomes possible to share data seamlessly and with many uses simultaneously. For example, take the problem of the voluminous data on threats that each agency accumulates, but which is difficult to share. The reasons aren’t just institutional barriers such as agency rivalries, but also technological ones, particularly the cost of replacing legacy databases compiled with a wide range of vendor technologies with a current, unified architecture.
That is particularly the case with the FBI, which has admitted that it raided its own technology budget for other priorities. Companies such as Fidelity Investments facing the same problem of incompatible legacy systems are unifying their databases using eXtensible Markup Language, or XML. In the case of Homeland Security, adding XML “tags” to existing data bases would let data from one agency flow automatically via the Web to another, where it could be acted upon without human intervention. Intelligence data formerly locked in one agency’s database could be shared seamlessly by others on a real-time basis.
XML also offers an additional bonus to government as a whole and the private sector given the current harsh economic climate, in which the Council of Economic Advisors estimates the average company must now spend 50 to 100% more on security, with little perceived economic benefit.
Widespread adoption of XML could be an important global economic stimulus, while cutting the cost of delivering government services. That is because an XML subset, ebXML, streamlines business processes. The UN is ebXML’s strongest proponent, seeing it as a way to allow frictionless global commerce, not only between large and small nations, but also large and small businesses.
Similarly, another XML subset, XBRL, or extensible Business Reporting Language, is used to describe financial statements, and was designed to make the business reporting supply chain more efficient and streamlined. XBRL could simplify and speed the tracking of suspicious fund transfers and possible money laundering similar to those allegedly done by al-Barrakat.
All US financial institutions must file reports on such activities with the FBI. Because those reports have been filed in printed form, agents had to manually read the reports after Sept. 11 to try to document the terrorists’ money trail. According to Mike Willis, a PriceWaterhouse Coopers partner, “If the FBI and financial institutions used XBRL, the information would be easier to retrieve and do the analysis the FBI needs… The time of processing documents goes from weeks hours and days to seconds.” What if the global business community was to collaborate with the United Nations and their own governments to implement ebXML, XBRL and XML in general on a crash basis — a sort of global digital Manhattan project? Global security would benefit immediately because of the seamless flow of security data. Accelerated, universal rollout of ebXML and XBRL would cut operating costs of governments here and abroad, while stimulating the global economy.
Another critical Internet thinking tool to link everything is knowledge management.
Knowledge management (KM) uses Internet-based technology to identify all of the knowledge resources residing within an organization, from documents to data bases, and, most important, the tacit knowledge formerly residing only in the memory and thoughts of individual workers.
KM then brings this information together in ways that everyone working on a new problem can tap the legacy of past experience and insights. According to knowledge management expert Karl Erik Sveiby, “..you have to be able to visualize your organization as consisting of nothing but knowledge and knowledge flows. This is a different mind set from the industrial era paradigm.” Add in the necessity to involve state and local government, the business community, and individuals, and KM becomes a major Internet thinking challenge!
The State Department and Accenture have created an promising first step toward such a knowledge management system, with the prototype for the Overseas Presence Interagency Collaboration System. This project was launched in response to the lack of intelligence revealed by the 1998 bombings of the US embassies in Kenya and Tanzania. State Department CIO Fernando Burbano told Network World that, the system will provide “leading-edge knowledge management and collaboration tools over an intranet to 40 federal agencies with overseas operations.” Fortunately, according to Burbano, “Even though [this system] is for foreign-affairs agencies, it’s the same 40 agencies that need to communicate domestically [for Homeland Security].”
Burbano understands the need for a shift in thinking to knowledge management, not just sharing data. “The big thing here is knowledge management. This isn’t just a network. What is knowledge management? In my view, it’s getting the right information to the right people at the right time regardless of their location to support decision-making in a distributive fashion.”
One important feature of the Overseas Presence Interagency Collaboration System is that it will allow users to create “communities of interest” that will instantly bring together experts from multiple agencies who must coordinate to track and avoid new threats.
The final, and, I now believe, most important, aspect of Internet thinking is that it places the individual first, and empowers him or her.
You experience that every time you go to the Amazon.com site and are greeted by name and with new books that your past purchasing indicates might interest you. More important, a growing number of workers now can choose what information they need — rather than what someone else decides for them — displayed on their intranet portals.
We need that same emphasis on the individual — and the empowerment to think and act more intelligently and independently that it yields — in the homeland security area.
That starts within government agencies: witness the inability of dedicated agents Rowley and Williams to have their concerns heard by the FBI hiearchy. However, equally important, and I believe grossly overlooked in homeland security planning so far, is the role of every one of us as individuals. Think again of the example of James Woods. Whether or not you are a Hollywood star, when an individual evaluates all the evidence and believes he or she observed a credible terrorist threat, he or she must be heard, if only because the threat is so broad, the sources so unpredictable, that you or I, as individuals, are as likely as anyone else to uncover a threat.
Informed, empowered individuals can act on their own either in a crisis or in preventing one, without having to wait helplessly until they are told what to do, or jamming already overtaxed phone lines with requests for information. Because of such a shift, emergency response would become a partnership between the public and government, instead of requiring authorities to micromanage the entire operation.
A combination of wireless devices such as Personal Digital Assistants (PDAs) and cell phones, with content customized via a portal could be the contemporary equivalent of the World War II plane spotters’ cards for Homeland Security. As September 11th illustrated, their mobility and their ability to still operate during a disaster, when fixed wire communications may be interrupted, make wireless devices ideal for this function. The newest generation of wireless devices integrate PDA and phone functions, increasing their versatility and the amount of information that can be stored in advance for reference in an emergency. Such a wireless emergency system is particularly important because the burden for response to emergencies usually falls on municipalities, which have widely varying capacities, and may be financially overwhelmed if they have to assume new functions.
Such a system would allow for localized response without requiring municipalities to add expensive new infrastructure. It could have a variety of important uses, some of them already being offered by private vendors, but, tellingly, not the Office of Homeland Security:Issuing instant text-based alerts in case of an emergency. One private vendor, Textgram, is creating a National Wireless Emergency Alert system that allow government emergency agencies to broadcast warnings of terrorist attacks, biochemical warfare, and ecological disasters to anyone with a mobile phone.
Eventually, it might mean a collaborative, Internet-based personalized information system that would provide real-time, customized notices that could even send individuals differing evacuation routes depending on their exact positions at the time of an emergency, potentially reducing traffic jams. Trucking companies already benefit from such similar location-based systems, using software based on the simplex method of optimization. To foster the active involvement of empowered individuals in Homeland Security, an interactive system would make it easy for individuals to alert the FBI and other agencies to a potential terrorist threat, and to do so in a methodical way.
I am not talking about the controversial TIPS system here. In my opinion, as originally conceived, TIPS was an abomination that would breed mistrust and invited corruption. Instead, and especially since we have no idea where the next valid threat will come from, what is needed is a system that would make it possible for any concerned citizen to submit a tip on one hand, and to discourage frivolous and/or hate-motivated ones on the other.
The hundreds of thousands of tips to the FBI since Sept. 11 show the public wants to help. However, unless those designing response systems think in terms of the Internet’s potential to alter communications, well-meaning tipsters may both clog the system and soon feel their efforts are meaningless. For example, the “Terrorist Activity Form” on the FBI Web site doesn’t distinguish between helpful, but non-critical, tips and immediate threats to a nuclear plant. An interactive reporting form including a decision tree that would guide a person through criteria to assign a potential treat to one of several levels of urgency for response would both educate the public about how to recognize potential threats and how to prioritize their tips.
Equally important, if the tip form was revised, the resulting structured data could be instantly available, to all relevant law enforcement and intelligence personnel under the PATRIOT Act. Critical information could be acted upon immediately, rather than having to wait until a clerk had gotten around to transferring information from the tip Web site to other data bases. Finally, since creating personalized portals both for government workers and the public was already a priority of the President’s e-Government Task Force before September 11th, why hasn’t that program been put on an emergency basis? Instead, the public is offered an Office of Homeland Security homepage featuring speeches by the President from two months ago as if they were current news, large photos of the President — and not a shred of information about what to do in the case of an emergency or how to help avoid one. I can barely contain my rage about this part of the Homeland Security effort: remember the talk about the speed of change in “Internet time” during the dot.com craze? If ever there was a need for that kind of speedy change and helpful information, it is in making the Office of Homeland Security Web site something more than a cheap pr ploy.
So, how will we make Internet thinking a reality in Homeland Security, given the obstacles? Part of the answer, of course, is structural change, as President Bush has proposed in the Department of Homeland Security legislation, to bring together agencies dealing with similar challenges. As with the State Department example, there are a growing number of imaginative initiatives throughout government.
However, attitude change is equally important. That is the issue with which I conclude. Some businesses have addressed the problem in part by including financial incentives for employees who share information with their peers. However, leadership by example can be as important or more so than other incentives to change. It was only when Jack Welch apprenticed 1000 of his senior GE executives to young Web enthusiasts that GE fully embraced the Web and everyone, company-wide, realized that they needed to become Web-savvy quickly if they wanted their careers to progress. As senior corporate and agency officials, as leaders in your professions, you are all watched more carefully by your workers than any spy might ever do. As we’ve learned painfully in the continuing crisis in corporate governance, the actions — far more than the words — of senior management definitively shape organizational culture.
That is why I leave you with a personal challenge. Don’t just talk about the need to share information on a cross-agency basis. Meet — yourself — with your counterparts. Share some of that rich store of tacit knowledge you have accumulated in young long and distinguished careers. Learn process mapping. When you’re in a boring meeting, begin to sketch how your processes might shift from linear to cyclical ones. Even more important, think what other agencies or companies might benefit from sharing that information as we fight this common enemy. Take the initiative to work with them to harmonize your data collection and other processes. Examine your feeling about the role of individuals. What do you do to educate the general public about your activities and about the nature of the threat. Find productive ways to actively solicit their ideas, and when they contribute ideas, respond quickly.
The Internet obviously plays a major role in the Office of Homeland Security’s planning.
The critical test will be whether the Internet is just employed tactically, as an alternative communications medium, or whether the Internet, and the new approaches to crisis planning that it allows — empowering individuals, closing the loop, and linking everything — fundamentally transforms the way government acts now and in the future.
Thank you!
