Situational Awareness and OODA Loops

Coherent Knowledge-based Operations Applied

Last in a series of 4 articles

Let’s face it—leaders at all levels have it rough. Not only do they have to make decisions in the absence of complete information, they also were not put in position to explain losses and defeats. What can be done to improve the information set with which they have to work? Three actions will help: taking full advantage of employees’ knowledge, improving situational awareness, and using the observe-orient-decide-act (OODA) model. These actions are important core functions of Coherent Knowledge-based Operations (CKO).

Pay attention to your enemies, for they are the first to discover your mistakes. Antisthenes

"Why is Company X doing that? How did they know about …?" These are not friendly questions to have to answer at the morning meeting with The Boss. A more amiable discussion would be, "Good job finding that out about Company Y. Based on this information, put together a plan and brief me tomorrow morning how we’re going to take advantage of this situation." That plan will not include key information, and if implemented may fail, if it does not take full advantage of employees’ knowledge.

In an intelligence, surveillance, and reconnaissance context, people and devices are collection sensors. Your employees are your best sensors because they have first-hand knowledge of customer needs, what the competition is doing, and what is good and bad about the products and services you offer. That adds up to a lot of valuable information, and every employee has unique gold nuggets. Employees will not take time from their already full schedules to input these into a knowledge management (KM) system. Capabilities need to be developed where these gold nuggets are routinely mined as a normal part of business. Clearly this goes beyond electronic records management and data mining, and is the essence of KM. In addition to this knowledge, take advantage of the information the competition gives you—for free.

Open source intelligence (OSINT) is the art of legally finding out about the competition through public media. There are some purists who say that gleaning information from radio frequency (RF) signals is communications (COMINT), signals (SIGINT), or electronic intelligence (ELINT), depending on the approach used. Let’s leave it that these special ‘INTs require devices not readily available to the public. OSINT uses information available in the public domain. Radio, television, publications, brochures from trade fairs, conversations with sales representatives, dumpster diving (yes, they really do wear wet suits), public financial statements, reviewing Web sites, buying products to reverse engineer hardware and decompose software, and any other creative approach is yours for the taking. Web sites can be very lucrative. The US Department of Defense established the Joint Web Risk Analysis Cell to ensure what’s posted on DoD web sites wouldn’t harm military operations or national security. Establish a policy of what can be sent on the Internet and posted on your Web site so nothing of value can be collected and used against you.

Integrating employee knowledge with OSINT will provide important insights into what, where, when, and how to market products and services to counter the competition, seize and maintain a competitive advantage, and maximize profits.

Why do all this? Sun Tzu 2500 years ago quite wisely wrote, "If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle."

Forewarned, forearmed; to be prepared is half the victory. Miguel de Cervantes, Don Quixote de la Mancha, 1615

Knowing about your competition is good, but it is not enough. Situational awareness of the "big picture" is essential. Understanding not just the "local" market place, but the political, social, economic, and military factors affecting the business environment is vital to making sound decisions. Situational awareness must be done in both the micro and macro sense. Examples of micro metrics are monthly and quarterly sales, and comparison with the competition’s and your sales for last quarter and the same fiscal period last year. Macro metrics consider leading and lagging indicators for the sector, industry, and country; government policies, laws, and regulations; cultural shifts; national and international economic variances; and the military-industrial complex downsizing or gearing up.

This situational awareness permits you to understand what is influencing your company, and what influence you may wield. It also helps bring into focus what information you need to go after, as well as the information environment (IE) (i.e., information, information infrastructure, and information-based processes) you need to protect. Concentrate your resources on the competition’s essential elements of information (EEIs) and your essential elements of friendly information (EEFIs). This traditional operations security (OPSEC) approach requires a thorough understanding of both your competition’s and your own organization’s IE and processes.

What’s an essential element? What is the intellectual property, infrastructure, or process you must have, or else sales will decline? What would the effect on sales be if the competition knew what you had in research and development (R&D) or knew the contents of the contracts with your customers? Change the questions to ask what if you knew this information about your competition. Would your competitive advantage go up or down?

Every morning you need to ask, "What can I do to beat Company Z today?" Neither your competition nor technology will wait for you. The innocent Palm Pilot, a personal digital assistant, is one example. It can be used as a cracking tool and is targeted for theft because of the valuable information stored on it. Another example is commercial satellite imagery. Ikonos now has photo imagery resolution down to one meter. This imagery, at $15.00 a photo, can readily be used for corporate espionage and terrorism. What are you doing to thwart the competition’s incessant and creative attacks?

Sun Tzu wrote, "The acme of skill is to avoid conflict." To state the obvious, avoid conflict on your terms. That requires intelligence and counterintelligence (CI) functions. These are absolutely essential in order to gain and maintain a competitive advantage. Do not outsource these functions. Remember that every employee can offer valuable insights. The KM process discussed earlier needs to directly feed the intelligence and CI functions.

Poorly executed intelligence and CI will result in successful attacks on your IE. The recent theft of credit card information, ransom requests for millions of dollars, and distributed denial of service (DDOS) attacks will pale in comparison to future attacks that affect your information. Denying or destroying information is not as insidious as diddling with the bits. An order from St. Louis for Chicago ends up in Kansas City or the order does get to Chicago, buts it’s acetone instead of acetylene. Imagine if this happened on the battlefield, and 155-mm shells were delivered to a 105-mm howitzer battery. Accounting ledgers are just as easily altered. It could be months before an audit catches the error.

The best way to protect the confidentiality of on-line information is via encryption. This neither stops attacks nor prevents the information from being altered or destroyed. To protect the integrity of on-line information, a defense in depth is necessary. Intrusion detection devices, filtering routers, identification and authentication, firewalls, anti-virus/malicious code software, and audit systems, as well as understanding out of norm events on the network management side, are some of the essential tools if you do business on-line. And don’t forget to keep several back-up copies of databases and other information off site. Take this seriously. A system administrator recently told me he was installing so many system, network, and security patches, upgrades, and new capabilities that he semi-jokingly remarked he would need all users to restart every four hours in order to keep pace with the known threats and to close vulnerabilities.

You don’t have to take my word for it. The People’s Republic of China for at least the last ten years definitely has thoroughly thought this through on the strategic, operational, and tactical levels. Go to http://cryptome.org/cuw01.htm and http://cryptome.org/cuw02.htm for a translated version of "Unrestricted Warfare." Only within the past year has the Western press reported on Chinese thought in this area. Taiwan has taken this threat seriously. A Taiwanese Defense Ministry official announced they have over 1000 viruses in their virtual arsenal.

"Fortune favors a prepared mind." Louis Pasteur

What are your plans for DDOS or other virtual attacks, natural disasters, a trusted employee who sells trade secrets, a flood of new viruses, physical destruction of key facilities, or a misinformation campaign against your company? What if these happened simultaneously? Be prepared for the worst case, and the mundane will be easy. At a minimum, you will need to do the following:

• Invest across all security and intelligence areas. There’s no sense in investing in elaborate information assurance systems if someone can easily blow up your power and uninterruptable back-up systems. It’s equally foolish to have special access to R&D areas when, in the absence of a personnel security program, trusted insiders are stealing and selling intellectual property. An awareness, training, and education program is vital. Clearly demonstrate the benefits of employees sharing knowledge, to include positive bottom line results.

• Plan and exercise for the unexpected. Risk management is frequently done, but that is not enough. Consequence management must follow each proposed risk management decision with its own decision tree of "what ifs." Disaster preparedness, disaster recovery, and business continuity, to include chain of succession, must be exercised. There is absolutely no way to close all risks to your business, so insurance is a necessity.

• Recognize that the marketplace is like a battlefield. The late US Air Force Colonel John Boyd developed an influential theory of conflict. He argued any conflict could be viewed as a duel. Each adversary observes (O) his opponent's actions, orients (O) himself to the unfolding situation, decides (D) on the most appropriate course of action, and then acts (A). The competitor who moves through this OODA loop cycle the fastest gains an inestimable advantage by disrupting his enemy's ability to respond effectively.

Situational awareness and the OODA model are woven synergistically through knowledge management (KM), information operations (IO), and network centric business (NCB). KM is the fuel for the OODA furnace. KM supports IO and network centric business. IO are the tools that will help you to control your information environment (IE), have better KM, and perform network centric business in the face of information warfare (IW) attacks. KM and IO synergistically raise situational awareness. Network centric business is the use of the IE, supported by KM and IO, to execute business processes more effectively and efficiently.

Be interested in the future because that’s where you’ll spend the rest of your life.

Information warfare is real and the attacks will only become more sophisticated and damaging. Coherent Knowledge-based Operations (CKO) is a powerful construct that will contribute to controlling your information environment and making your business more successful. It’s a sound, unifying model to synergistically link functions in order to attain and maintain a competitive advantage.

Islands of knowledge and stove piped functional areas are the wrong construct in the Knowledge Age. The government, industry, and the public are becoming network centric. Cyber cafes, navigation warfare, and even refrigerators that contact the manufacturer via the Web if a problem arises are examples of our acceptance of, and in many cases dependency on, computers. Decisive proactivity, adaptability, and agility will be what separate successful from unsuccessful businesses.

Your company can change at a faster rate than the marketplace and society. The physical world lags the virtual domain which in turn lags the mental realm, so take this into account when introducing products and services. Synchronizing their release to the rate of cultural change and acceptance is important. No matter how good these are, if the market is not ready to accept them, you don’t make money. Situational awareness, the OODA model, and CKO will significantly increase your organization’s chance at being successful.

Copyright 2000, Perry G. Luzwick, all rights reserved.