Beyond Goldwater-Nichols

This report culminated almost two years of effort at CSIS, which began by developing an approach for both revisiting the Goldwater-Nichols Department of Defense Reorganization Act of 1986 and for addressing issues that were beyond the scope of that landmark legislation

The power of creative thinking in situations of uncertainties: the almost impossible task of protecting critical infrastructures

A good and scientific analysis starts with a closer look at the conceptualisation at hand. The definition of CIP is not easy because of its wide range. This paper examines infrastructures that are critical and need protection. Each word entails a specific connotation and is characterized by several components

The power of creative thinking in situations of uncertainties: the almost impossible task of protecting critical infrastructures

A good and scientific analysis starts with a closer look at the conceptualisation at hand. The definition of CIP is not easy because of its wide range. This paper examines infrastructures that are critical and need protection. Each word entails a specific connotation and is characterized by several components

The enemy has passed through the gate: insider threats, the dark triad, and the challenges around security

Purpose – The purpose of this paper is to highlight the potential role that the so-called “toxic triangle” (Padilla et al., 2007) can play in undermining the processes around effectiveness. It is the interaction between leaders, organisational members, and the environmental context in which those interactions occur that has the potential to generate dysfunctional behaviours and processes. The paper seeks to set out a set of issues that would seem to be worthy of further consideration within the Journal and which deal with the relationships between organisational effectiveness and the threats from insiders.<p></p> Design/methodology/approach – The paper adopts a systems approach to the threats from insiders and the manner in which it impacts on organisation effectiveness. The ultimate goal of the paper is to stimulate further debate and discussion around the issues.<p></p> Findings – The paper adds to the discussions around effectiveness by highlighting how senior managers can create the conditions in which failure can occur through the erosion of controls, poor decision making, and the creation of a culture that has the potential to generate failure. Within this setting, insiders can serve to trigger a series of failures by their actions and for which the controls in place are either ineffective or have been by-passed as a result of insider knowledge.<p></p> Research limitations/implications – The issues raised in this paper need to be tested empirically as a means of providing a clear evidence base in support of their relationships with the generation of organisational ineffectiveness.<p></p> Practical implications – The paper aims to raise awareness and stimulate thinking by practising managers around the role that the “toxic triangle” of issues can play in creating the conditions by which organisations can incubate the potential for crisis.<p></p> Originality/value – The paper seeks to bring together a disparate body of published work within the context of “organisational effectiveness” and sets out a series of dark characteristics that organisations need to consider if they are to avoid failure. The paper argues the case that effectiveness can be a fragile construct and that the mechanisms that generate failure also need to be actively considered when discussing what effectiveness means in practice.<p></p&gt

Failure and Strategic Projects: Australias Asia-Pacific Vision

This paper uses Australia’s 1980s shift to a new accumulation strategy of ‘international competitiveness’ to examine the role of failure in shaping state strategic projects. The paper argues that the Australian strategy’s gradual shift from an interventionist to a market-led orientation played out in competing representations of failure. Whether particular policies were perceived as failures depended not only on their material effects, but also on the ways in which failure was defined and on the values underpinning those definitions. As representations of failure establish the boundaries between the incremental adaptations that stabilise an accumulation strategy and the more radical failures characteristic of crisis, they illuminate how processes of discursive selectivity ‘fix’ state projects’ temporal, scalar and spatial dimension

Leadership and Shared Purpose for America's Future

This report summarizes what CED calls its "unfinished agenda." At the top of this list are heath care reform, controlling our budget, trade, and savings deficits, reforming our entitlement programs, and investing in new infrastructure such as early education, sustainable energy, and the environment. We are pleased to have the financial support of the Peter G. Peterson Foundation to underwrite our efforts to enlist more American business leaders to support this reform agenda

Moving from a "human-as-problem" to a "human-as-solution" cybersecurity mindset

Cybersecurity has gained prominence, with a number of widely publicised security incidents, hacking attacks and data breaches reaching the news over the last few years. The escalation in the numbers of cyber incidents shows no sign of abating, and it seems appropriate to take a look at the way cybersecurity is conceptualised and to consider whether there is a need for a mindset change.To consider this question, we applied a "problematization" approach to assess current conceptualisations of the cybersecurity problem by government, industry and hackers. Our analysis revealed that individual human actors, in a variety of roles, are generally considered to be "a problem". We also discovered that deployed solutions primarily focus on preventing adverse events by building resistance: i.e. implementing new security layers and policies that control humans and constrain their problematic behaviours. In essence, this treats all humans in the system as if they might well be malicious actors, and the solutions are designed to prevent their ill-advised behaviours. Given the continuing incidences of data breaches and successful hacks, it seems wise to rethink the status quo approach, which we refer to as "Cybersecurity, Currently". In particular, we suggest that there is a need to reconsider the core assumptions and characterisations of the well-intentioned human's role in the cybersecurity socio-technical system. Treating everyone as a problem does not seem to work, given the current cyber security landscape.Benefiting from research in other fields, we propose a new mindset i.e. "Cybersecurity, Differently". This approach rests on recognition of the fact that the problem is actually the high complexity, interconnectedness and emergent qualities of socio-technical systems. The "differently" mindset acknowledges the well-intentioned human's ability to be an important contributor to organisational cybersecurity, as well as their potential to be "part of the solution" rather than "the problem". In essence, this new approach initially treats all humans in the system as if they are well-intentioned. The focus is on enhancing factors that contribute to positive outcomes and resilience. We conclude by proposing a set of key principles and, with the help of a prototypical fictional organisation, consider how this mindset could enhance and improve cybersecurity across the socio-technical system

The Road to Transformation: Ascending from the Decade of Darkness

Nobody likes mistakes. Fewer yet like to revisit errors—to analyze, discuss or study them. They are often an embarrassment and remind us of our fallibility and shortcomings. It is always much easier to celebrate our achievements and successes—that leaves everyone with a warm feeling. However, although it is always preferable to avoid making mistakes, once they occur they are important and must be recognized as such. They speak to our weaknesses as both individuals and institutions. They are signals, if not alarms, to warn us of deficiencies that must be addressed. In fact, it has often been said for good reason that one can learn more from one’s mistakes than from one’s successes. The military has always been bad at accepting this premise. Mistakes are often construed as a sign of weakness or inability and many perceive them as potential career-ending events. Such a zero tolerance to mistakes breeds an environment of risk aversion, micro-management and stagnation. It kills initiative and experimentation. And, it avoids examining mistakes in detail—lest blame insidiously spread its evil tentacles and taint others in the chain of command. However, this state affairs leads to atrophy within an organization. It takes strong will and determination to break such a cycle. Normally, crisis is the only catalyst that compels leadership within an organization to take action, and even then it is difficult. The Department of National Defence (DND) and the Canadian Forces (CF), particularly the officer corps, found themselves in such a situation in the late 1980s and 1990s. By 1997, they were at the lowest ebb of their history. They had lost the confidence and trust of the government and Canadian people they served. They were stripped of their ability to investigate themselves. Furthermore, they were not trusted to implement the recommended changes forced upon them by the government and an external committee was established as a watchdog. Whether the leadership wanted to admit it or not, and they vehemently denied it at the time, there existed some substantial and deep rooted problems with DND, the CF and the officer corps. They were caught in a decade of darkness