posted 1 May 2000 in Volume 3 Issue 8
The Knowledge Salient: Intelligence
& information warfare in an age of uncertainty
In the Information Age, the amount of data available, together with the increasing sophistication of analysis techniques, provides both threat and opportunity for commercial organisations. In the following article, David Snowden and James Luke examine organisational and behavioural aspects of information warfare in a corporate environment.
Open Source Intelligence is revolutionising the activities of security agencies - both in defence and in the police force (Rathmell, 1998). The advent of the Information Age and the exponential growth in the Internet has generated a vast amount of data that is freely available without recourse to clandestine methods.
In both private and public sectors the borderlines of legitimacy have become blurred: 'Information Warfare' has emerged as a discipline in its own right with military, government and commercial organisations all striving for Information Superiority; companies are adopting the cold war KGB tactic of monitoring patent disclosures in order to target their competitors R&D strategy; individuals sell their capabilities and knowledge to the highest bidder; loyalty is one of the most ambiguous words in the corporate lexicon. The pervasive nature of communication has resulted in a casual attitude to security. Perhaps most worrying is the attitude that security is simply a question of passwords and firewalls; as information becomes truly pervasive our perceptions of security must extend beyond a locked computer room.
Security is not just a matter of password discipline; it needs to be incumbent in every activity. It is not practical to impose fixed rules regarding security. There is a need to build understanding so that employees can interact with natural security processes in a way that is neither paranoid nor too relaxed. The majority of Information Warfare attacks go unreported because employees assume that "it wouldn't happen to them". Employees should understand the basics regarding what constitutes a security breach (that is, what information would be of value to a competitor) and what are the indicators that suggest someone is interested in that information.
We never cease to be amazed at the amount of confidential material that can be gleaned by sideways glances to a neighbour's laptop during a transatlantic flight, or just by sitting on a London bound train surrounded by mobile phone addicts - utilising the addictions of one's targets was always an intelligence trick in spy novels. Even more damaging is the information which can be generated when fusing together information from many different sources; an overheard conversation, a patent search, a company advert requesting specific skills, can all be combined to reveal a specific corporate direction.
For commercial companies the vast amount of available data, and the increasing sophistication of analysis techniques provide both threat and opportunity. Threat comes from three sources:
Companies who wish to survive in this new age have to be good custodians of their intellectual assets. They have to develop a clear understanding of their Information Picture, the sources used to compile the it, the level of trust associated with those sources, the assumptions on which every item of information is based. The next stage is to understand how the Information Picture relates to their operational activity; what exactly is the relationship between a competitor advertisement and the subsequent drop in revenue? What is the time lag between a competitor announcing a technical capability and delivery of a robust product? What is the relationship between competitor job adverts and employee attrition? Clearly such a deep understanding of the Information Picture cannot be developed simply through organisational process.
Instead companies need to create an ecology (or ecologies) in which their employees, associates, customers, suppliers - and competitors - make their knowledge available. In doing this they need to constantly reflect on one of the fundamentals truths of knowledge management: Valuable knowledge can only ever be volunteered, it can never be conscripted. The organisational forms and reward structures of a volunteer community are radically different from those of a conscript society. This is not an easy message to accommodate when the organisational norm of the past fifty years has been based on a hierarchical or matrix model, predicated on rational behaviour and the 'predictability' myth of much strategic planning.
Technology has played a key part in the growth of the area, and provides many of the tools for its propogation. We do not intend to summarise their use - that information is all too readily available from vendors and exhibitions. In this article we want to look at two organisational and behavioural aspects of information warfare in a commercial setting. We will start with a summary of the realities of the data rich environment in which we work, illustrating that reality examples of current knowledge management activity that borrows directly or indirectly from Information Warfare techniques. Finally, by debunking one of the most common knowledge management myths (the transformation of information into knowledge) We wish to open up a way forward for companies drawing on some of my own work linking complexity theory to knowledge management.
The Cyberpunk genre of Science Fiction founded by William Gibson visualised a future society in which the boundaries of virtual and physical reality are known but are irrelevant. Individuals slip between their virtual and physical worlds without a second thought. For most people this is already the case. Videoconferences, the daily tyranny of e-mail, intranets; these are all a natural part of day-to-day business life. The danger with something that is both common place and new, is that we have not yet aquired instinctive response mechanisms - many of our natural reactions are still those of a bounded physical work environment. Any individual or organisation has to be aware of the following 'realities'.
Everything we do in virtual space is ultimately knowable or traceable
Storage and analysis capacity are rarely, if ever, an issue. Our ability to replay or look back in time is bounded only by our willingness to do so. Once upon a time you knew if you had been caught speeding in any single journey. Now a flash in the rear view mirror could be sunlight or three penalty points on the licence, and you won't know for months. Consider a further development - if a credit card is used to purchase petrol at two service stations on the M1 is the timing of the transactions sufficient to prove a charge of speeding? Especially when correlated with forecourt close circuit TV systems showing the car and the driver. In such a case the police would not even have to obtain the information; they could ask drivers 'under caution' and threaten to obtain the information! In defining a threat the military often refer to 'capability and a willingness to use that capability'. In this respect we should understand that the technical capability for this level of data fusion already exists; what is lacking in many situations is the realisation and therefore the willingness to use the capability.
This is especially the case in the corporate environment where considerable numbers of data sources exist but are never exploited. For example, network analysis of email contacts and telephonic communication can produce maps of an organisation's connectivity. We can draw on the experience and tools used by intelligence agencies to see patterns in multi-source data. We can look to see if there is any intelligence in the footprints of individuals and communities in virtual space. Those same tools can be used to measure improvements in knowledge utilisation. We can use network analysis tools to identify trusted communities via knowledge node holders. Such node holders are the key individuals who connect a companies knowledge assets (Foster & Falkowski 1999): "I don't know myself, but I know someone who does..."
Another example is a classic case of the use of intelligence techniques. We provide a document repository with the added feature that readers may only exit from a document if they provide an assessment of its value - say a simple score on a scale of one to five. Documents can be flagged according to the number of readers and the rating level provided. This is a useful feature for any professional body. It reflects the way that professionals work. They want to know what other people are reading so that they can keep up to date. Now, what if we extend that facility to allow each individual to maintain lists of who they respect for different subject areas, and then view the document repository through that filter? The tool is more valuable, and therefore more likely to be used. However, we now have used the facility to gather intelligence. By looking at the lists we know who rates whom. That is valuable knowledge for team formation, performance rating; the list is endless.
Considering the external sources of information, all organisations publish data. Often the website of a company reveals far more than was originally intended - both by omission and commission. This open source material can provide valuable competitive intelligence - or it can be used to misinform, either through direct dishonesty, or more effectively, by selective emphasis. All organisations also have to publish data. Much of this was in former times safe by virtue of its physical separation. However, in a virtual age, all connections between desperate databases are possible. One common example is patent data. This information is readily available in electronic format; its acquisition no longer requires searches through documents or microfiche. Legislation requires a degree of disclosure higher than most companies would provide given a free choice. During the cold war, the KGB recognised the usefulness of this and developed software to monitor patent registration to indicate areas of technology development, and to provide vital clues to assist parallel development. When the wall came down, it was not long before this same technology was utilised by major corporations to monitor the patent registrations of their competitors with the same intent as the KGB - to glean secrets without investment. Some of them have gone a stage further and are now seeking to register patents in the white space around the areas of their competitors' registrations. This activity is effectively a legal form of industrial sabotage, and is often more effective than head hunting or terrorist activity! It is worth re-iterating that beyond the formal methods of releasing information, every act undertaken by an individual within an organisation represents a release of information. There is a wonderful anecdote about the Pentagon on the night the Gulf War started; apparently it was impossible to order a pizza (or any other form of takeaway food) for 50 miles due to the unexpected orders from those working late. As stated earlier every activity of an organisation reveals information.
What and who can be trusted?
When we make decisions, we rely on a dynamic combination of information, experience and gut feel. If the information is false then we have problems. Falseness can arise from a variety of circumstances, though some of them may be innocent:
- The information could have been planted with an intention to deceive
- Key items of information, particularly those related to context could be
- The information may be out of date
- The information may result from an urban myth: In a cut and paste
environment facts can arise spontaneously and without any relation to
- The process of abstraction and codification necessary to convert data into
information may have stripped away necessary context
- The information could be incestuous. It is not uncommon for organisations to release information that is later received back into the organisation as a fact. For example, a member of a pharmaceutical research organisation makes a guarded statement about one of the organisation's programmes at a public conference. The facts are reported in a trade journal and, due to the lack of complete information, the research organisation assumes a competitor has taken the lead in the particular area of research.
What is true of information may also be true of individuals. Someone may be trusted on the basis of past results. However, a previous positive outcome may have been good luck, or the real responsibility of a less gifted player, unskilled in the politics of a corporation. The individual may not be aware of the environmental factors - now changed - which gave rise to their correct judgement on a previous occasion. Where a company is being targeted (and you should work on the basis that you are being), it needs to be aware of some of the secondary criteria for an information warfare weapon (Schwartau 1996): invisibility, passivity, droning (remote control or activity traceable to an innocent third party), fallout (secondary effect on related areas to original target), insidiousness or lack of trace ability. Just think through the implications of some of those for recently made decisions in your organisation. You may not even be the original target. You may be using material, originating as fallout, which has developed as an urban myth within your industry.
Of course, the boundary line between sensible awareness and paranoia is slight. It would be easy to become paralysed with fear in the face of some of this stuff (incidentally that is another Information Warfare technique involving no falsity whatsoever). This is analagous to chemical warfare, where the threat alone is sufficient to reduce operational effectiveness, due to the gas masks and the additional equipment the troops must wear, without a single weapon actually being used. Similarly in Information Warfare consider the effect on a news organisation if every single fact had to undergo detailed confirmation. The news organisation would probably be put out of business by its inability to provide timely information.
Knowledge, and by implication knowledge management, is key to solving this problem. The way we validate information is to validate the knowledge used to create that information. We may look to the source of the information, or seek to corroborate the information from multiple sources. Ultimately any decision is based to some extent on an acceptable level of uncertainty (Snowden 1998). The issue is to determine an acceptable level of uncertainty for different classes of decision-making.
Knowledge management practice has given rise to a variety of methods for increasing trust. The sharing and controlling of information within communities of competence is among the most effective techniques available. The constant validation and testing of information within a professional - and hopefully sceptical - community, is a good way of providing for constant validation. Testing the reasonableness of a decision or assumption on multiple non-connected communities is another. Techniques can be borrowed from history: The Catholic Church long ago created the position of Devil's Advocate to argue the contra side in any canonisation proceedings. Virtual space makes this sort of process far simpler. Allowing anonymity within a virtual community can open up a greater degree of honesty - at the expense of senior management egos. Use of retired employees or the innocence of an apprentice are also appropriate as their interest in the corporate power trip is less than the active players who are making the decisions in the first place.
The key issue here is speed, ease of use and pervasiveness. Validation techniques - and with them threat assessment - need to become an integral part of all employees activity. A specific act, or a highly structured process can more readily become the victim of an attack. Organisations that are highly process-based are often more vulnerable. The sheer weight of processes creates an organisational sub-culture of finding ways around, or performing meaningless and ill understood tasks to avoid bucking the processes. For example, a password system that is too complex will almost certainly result in passwords being displayed on post-it notes on the side of computer terminals. Expense systems based on rules rather than human judgement are more likely to be subject to fraud than otherwise.
Trusted mechanisms based on trade are also emerging. The first electronic knowledge exchanges make use of structures derived from medieval guilds to validate knowledge trades within a virtual community. Some companies are starting to think of using internal markets for knowledge - including spread betting - for improved forecast accuracy in sales departments. Human imagination can rise to meet a threat, just as human imagination creates the threat in the first place.
One last danger deserves mention in their area of what and who we trust; that of tool fetishism. Web surfing is not just a danger to the young; a variant also affects middle-aged managers. Models of scientific rationalism on which much management practice is based are not well equipped for the age of uncertainty that we have entered. We have trained a generation of managers who think that, given sufficient analysis and data capture, there is a correct answer. Such managers given access to a large IT budget are very dangerous. They constantly build the equivalent of the defence system that almost launched a nuclear counter strike on detecting a flock of birds. One of the key lessons from defence to the private sector is the constant need for human validation of decision-making and sanity checking of automated rules. All rules contain assumptions and ass/u/me will always make an ass of you and me. Human beings are able to cope with uncertainty far better than computers. There is also a need to provide the correct level of abstraction in analysis systems. The generation of further business metrics is only of value if they can be used in influencing the future direction of the business. If there is no real understanding of the value of the metrics, their association with the performance of the enterprise or the business drivers that affect the metrics, then there is no reason to invest effort in their derivation.
Ambiguity over what is right and what is wrong
Information warriors or degenerate hackers? The skills to break through a security system inspire admiration as well as disgust, depending on your perspective. A virus can go undetected if it causes no immediately apparent damage. Their purpose may be to obtain information. We know of one company where an employee created a virus that did no damage, but merely copied spreadsheets from various managers' PC every time they accessed email. The purpose? Well, the virus ran during salary review time, and the employee sold comparative data of salaries and raises, derived from the managers attempts to apportion their allocations. That company found an easy solution: They promoted the individual to a management position. On a larger scale, we know that banks often fail to prosecute electronic fraud through fear of loss of confidence in the banking system.
For the hacker the probability of detection is slight, and the probability of punishment even less. Hackers may be internal or external to the organisation. The reality is that there is no coercive substitute for loyalty and trust. If that is lost within an organisation, then the organisation is vulnerable to loss of intellectual capital and to direct or indirect attack using Information Warfare techniques. Building trust through the establishment of networks with mutual dependencies between individuals and groups is therefore a survival activity for firms, not a nice to have. Companies over-engineered on the assumption that the human assets were always replaceable once the process was codified are discovering that the price of this pseudo-efficiency is a loss of responsiveness and loss of loyalty. Service companies know that their internal brand, and the identity and loyalty created as a result, is more important than their external brand. Customers can be won and lost, but intellectual capital once lost is much more expensive to replace.
The Knowledge Salient
The definition at the head of this article shows that salient is both a description of a defensive feature and a first stage or origin. The Knowledge Salient of the title takes up both these characteristics. We have already talked about using communities of competence and other trusted mechanisms as a means of validating information. In this final section we want to look at knowledge as an underlying cause or means of viewing the world. We have long rejected the concept of knowledge as a higher order level of information (Willmott and Snowden 1997). Knowledge is our sense making capability. It is the means by which we interpret data and create, through a process of abstraction and codification (Boisot 1998) messages that inform others: Information. If knowledge is the means by which information is created - and by implication interpreted and used - then the management of knowledge is key to the effective use of that information.
We normally break knowledge into five components: Artefacts, Skills, Heuristics, Experiences & Natural Talent (see David Snowden's article in the last issue of Knowledge Management). These have a mnemonic ASHEN, and provide a spectrum on the more traditional use of explicit and tacit. Artefacts, skills and to some extent heuristics can be made explicit at least for a specified period of time. The rest are always primarily tacit in nature. If we understand what combination of assets has been used in the creation of information then we are closer to creating the right level of trust in their usage.
Here we meet a paradox: On the one hand, explicit knowledge is more readily audited, and subject to cyclical review and a trusted mechanism can be created. On the other hand, anything that is explicit can be stolen, transferred or interfered with. The only really unique knowledge that an organisation possesses is tacit. There is no right or wrong answer. However, the creation of self-awareness - a key condition of transferable sense-making capability - will mitigate risks. A soundly executed knowledge management programme requires that sufficient attention is paid to common language (Snowden 1998). If this is done, then the capability of an organisation to assess, use and defend its information sources is immeasurably enhanced. Language is also important as a defence mechanism. Organisations can readily create expert languages through the use of stories routed in that organisations' history. Such expert languages render information difficult to interpret to someone who does not share that history. This is a growing area of knowledge management, and one with some of the richest potential for fast return.
Within this context self-awareness and honesty are synonyms. Again, techniques can be borrowed from intelligence. Key information or keys to unlock information can be shared amongst individuals so that they can only act in concert, not independently.
One model from warfare - information or otherwise - is also useful here. OODA stands for observe, orientate, decide and act. It makes the point that what matters is not raw power, but the speed of assimilation of new data, and the capacity to turn or respond in consequence of that process. The person who most quickly assimilates and responds, is the one who acts, everyone else reacts. Good knowledge management seeks to make the intellectual assets of an organisation available in a timely manner so that the organisation can sense change and respond to opportunity.
There is also a more fundamental contribution from knowledge management. This is based on work taking place to incorporate ideas from complexity theory into the more organic schools of knowledge management. Complexity theory contributes two concepts to knowledge management that allow us to turn our knowledge salient from a defensive structure to the more poetical definition of leaping, jumping and jetting forth.
- Simple rules enable consistent behavior in complex environments. When we
drive down a road, we handle a vast amount of data input from dashboard
instruments and from our senses. We manage this task through a simple
unarticulated rule set. For safe drivers it may be something like: Match
speed, stay in lane, avoid collision. Other rule sets are possible, as anyone
who has drive around Hyde Park Corner in rush hour will know! In business and
customer decision-making, these rules or values can often be derived from
observation or story telling (Aibel & Snowden 1998). This is a powerful
technique for cultural change, but also for information validation and
information warfare. If you understand the unspoken rules and values that
govern a competitor's decision-making then the opportunity to influence it is
- Micro interventions have a macro effect. This is the famous butterfly that flaps in wings in the rain forest and causes a hurricane in the West Indies. Treating the organisation as a complex ecology allows us to manage more indirectly - and more effectively. It also allows us to construct interventions that not only have a ripple effect (the endorsement of an idea by the CEO, for instance), but also to refine our understanding of the rules and behaviors of the community we are studying. An example of using trusted lists for profession communities was given earlier in this paper.
Knowledge management is key to the effective management of information, and also to its protection and validation. Information warfare techniques have already transferred in varying degrees into the commercial sector and this trend will increase in direct proportion to the pervasiveness of computing. However, very few organisations currently have the capability to exploit these techniques. This is largely due to a lack of management understanding and organisation; there are few technical constraints. As computer systems increase in intelligence they will compensate for this lack of management understanding. There are potentially massive benefits for those organisations that are at the forefront of these techniques. Organisations need to create a necessary level of self-awareness to combat this, while avoiding the paralysis of paranoia. Treating knowledge management as a technique to codify knowledge and share it on databases is just not good enough in these circumstances. The best way to combat evil in the long-term has always been through doing good - although it is often the most painful. For a criminal, the first act of criminality is the most difficult. It is similar for employees. Companies seeking to compete in the new age of uncertainty, of which open source data is but one symptom, need to focus on creating the necessarily levels of trust and security that will secure their human assets. Four final points to hold in your mind as you consider decision making and information use:
- Intelligence is not about the number of neurons you have in the brain, but
the number of connections; the same is true for organisations
- The knowledge economy requires volunteers and organisational forms that
encourage volunteers, not conscripts. Red neck management and short term
targets is contra -indicated
- Information warfare in the commercial sector is not an option; it is an
- The act of observation affects the thing observed. How do you balance the
need for covert action with the need for trust?
- Every single thing we do as individuals, as
individuals within organisations, and as organisations themselves, transmits
Aibel, J and Snowden, D 'Intellectual Capital Deployment: A new perspective' Focus on Change Management, (September 1998)
Boisot, M Knowledge Assets (Oxford University Press, 1998)
Rathmell, A Cambridge Review of International Affairs (Spring 1998, Vol XI, No2)
Foster, F & Falkowski, G 'Organization Network Analysis: A Tool for Building a Learning Organization' unpublished paper
Schwartau, W Information Warfare: Chaos on the Electronic Super Highway (Thundermouth Press, 1996)
Snowden, D 'Thresholds of Acceptable Uncertainty - achieving symbiosis between Intellectual Assets through mapping and simple models' Knowledge Management (Ark Publications, May 1998) (Republished in Knowledge Management Year Book 1999, Butterworth April 1999)
Snowden, D 'Three Metaphors, two stories and a picture - how to build common understanding in Knowledge Management Programmes' Knowledge Management Review (Melcrum Publishing, March/April 1999)
Willmott, H & Snowden, D 'Knowledge Management: Promises and Pitfalls' Mastering Management - The Reader 8 (pp17 et seq, Financial Times, 1997)
David Snowden is European director of the Institute for Knowledge Management. He can be contacted at:email@example.com
James Luke is an Information Warfare Specialist at IBM. He can be contacted at:firstname.lastname@example.org