ArchiveOODA Original

Considerations On What the Capital Storming May Mean For Your Strategy

The 6 January 2021 Capital Storming is not just a news event, it will have repercussions across society, and its impact may well include a need to change your business strategy. The time to start thinking through that is now.

Observations:

The fact that large protests were scheduled to occur on 6 January 2021 (date of Congressional certification of the election) and the potential for violence was widely reported. Many sources indicated there was a high potential for violence in this event, with some making the case quite clearly that there were threats of a breach of the capital

This was not a hard assessment to make given the violence in large protests throughout 2020 and the very clear articulations of intent to cause problems noted in social media. There were plenty of warning that things could turn violent.

But there were certainly surprises. It was surprising to hear Rudy Guliani at the “Save America” rally call for the crowd to settle the election dispute though “trial by combat.” It was not totally surprising that the President encouraged the crowd but his calls for supporters to march on the capital were shocking to hear nonetheless. For many of us the biggest surprise was how unprepared Washington was to prevent chaos. After decades of experience in handling large crowds and a years of experience of large scale protests around the Capital, it was reasonable to assume that all the buildings of the Legislative Branch, especially the Capital, would have had strong protection after all this forewarning. The result: A shocking breach of both the House and Senate chambers and the siege seen around the world.

Polarized Views and Enduring Threats:

Based on interviews and postings of participants in the protests, their views of these events will likely not change. Participants see their actions as support to freedom and a patriotic duty. We have no way of assessing how many people view the situation with this lens but have spoken to many people who put the blame squarely on Trump’s opponents for all these actions. We do not have a scientifically rigorous way of assessing this, but our sense is that those who were polarized before this event will remain polarized after. Additionally, those who were not polarized before this event will find themselves with even more reason to become polarized and even more partisan. For now our planning assumption is that up to 40% of the population will view the siege either as a good thing done to fight for democracy or some vandalism that is not that big of a deal. An equal number will probably see this event as an attack motivated by a sitting President in an attempt to find a way to remain in power.

Our assessment on polarization is an important planning assumption. It means the threat of actions like this will be with us for a long time. Additionally, millions of US citizens will continue to be motivated to disrupt our democracy in unconstitutional and illegal ways. The nation must come to grips with this.

Questions and Considerations For Strategic Planning

Considerations below are provided in two broad categories, those for government policy and those for corporate strategy.

Government Policy Considerations:

The Capital building breach highlighted the significant threat of internal sedition and also damage from out of control crowds. New, continuous defenses will have to be put in place to protect the Capital and the 535 members of Congress. Protections will also need to be enhanced for State governors and legislatures and for all judges at federal, state and local levels. This is an unfortunate fact that will be expensive and will serve to separate those who govern from the governed even more. We expect immediate increases in budgets for physical security in each of these areas.

This breach also highlighted the potential damages that can be caused by unauthorized access to computers. When physical access to computers and networks is available, attackers have far more options, ranging from the low level access to computers that are logged on to installation of hardware for future remote access. The systems of the Legislative Branch have a reputation of being hard to protect, since every one of the 535 members of Congress exercise incredible direction over how their hardware and software is configured and used. Leaders of the House and Senate should now relent to allowing cybersecurity leaders reduce the risk of unauthorized access to systems, including improving defenses against remote and on site attacks.  Every office in the legislative branch, including those for all members and staffers, should implement designs that can reduce the risk of compromise when unauthorized individuals gain access to computers and networks. Lessons on how to do this are widely available, with best practices available from DoD and the State Department.

Another key strategic consideration for the federal branch is what impact this may have on our national security strategy. So far, strategic actions focus on influencing events in an age of great power competion. Adversaries to the nation are seen as Russia and China plus a range of lessor opponents (including Iran and the DPRK). But it has now been clearly demonstrated that there are internal threats to consider. Will the DoD have a role in countering sedition? What about the intelligence community? Traditionally, since the Whiskey Rebellion in the early days of the republic, the military has not been used in this way. Even after the Civil War there was a quick swing back to use of internal law enforcement to put down sedition, not the military. Our sense is that this will remain the approach going forward. But we also believe DoD will need to play a bigger role in ensuring that all who ever serve in DoD understand their duties to the rule of law and the Constitution.

There are geopolitical ramifications of the Capital Breach. We are watching some of this play out in the open press. In normal situations the nation would also be able to tap into insights from the Diplomatic Corps and the Intelligence Community to help assess what other nation’s may be doing in response. But there are serious trust issues now with information coming from organizations with political control. Caution should be urged in acting on any information that cannot be independently verified. Open source information is more important to government policy than ever before.

Corporate Strategy Considerations:

In a polarized world, extremists on both sides may be hunting for entities to blame for their current position, and this will cause many to be more eager to smear or spread smears started by others. This points to increased risks of misinformation and disinformation attacks. This type of attack can hurt brands and potentially disrupt buying patterns. Corporations should evaluate their exposure to this risk and build appropriate mitigation plans. These plans may include:

  • Proactive training of employees to spot misinformation/disinformation and route it to the right office
  • Designation of a lead for the corporation
  • Understanding the power of narrative and framing of a situation
  • Rehearsal of actions including incident response
  • Executive level table top exercises

The extreme polarization in the US means that corporations have members of their own workforce who are motivated to hate other members of the workforce. This is a scenario that no one wants to think through, but is increasingly likely, especially in larger organizations. Corporate policies should be established to make it clear not only what type of behavior is expected of employees, but the types of views that are acceptable and unacceptable. Consider whether or not your situation warrants establishing special training programs to mitigate unacceptable behaviors and views. Some may need to establish special incident response measures should training fail to mitigate this risk.

Corporate leaders should also make it clear that although opinions may certainly vary on what laws and regulations should be, every entity in the US, including corporations and their employees, should support the rule of law. Corporations should make it clear to all employees that participating in actions that seek to prevent the execution of law or any other seditious acts will not be tolerated and will result in termination and proactive coordination with law enforcement.

It can be very hard to avoid being pulled into polarized positions, but our recommendation is that every company try hard to do so. Support your country, strongly, but to the greatest extent do so by supporting the institutions that can help pull us together instead of apart. Consider the recent public moves by Expensible, which was seen by many as a very polarizing example. The CEO sent emails to all clients calling for adaptation of his political views.  Consider the public moves of Coinbase as a more positive example. The CEO made it clear to his employees that their firm is on a mission to succeed and help others in their domain, not on a mission to shape politics. He made it easy for any employees who disagreed to transition out of the firm.

Businesses of all sizes should evaluate the physical security and cybersecurity measures in place to protect not only the corporation but employees. It is a new environment today and this requires new evaluations.

If your company provides capabilities that can help improve security, it goes without saying that there will be a growing demand for solutions. It is important to think through, rapidly, how to express your solution in the language of potential customers at federal, state and local levels.

This moment and the many issues that face us, including the Capital Storming, are important reminders that all of us need to hone our own decision-making processes. This includes corporations and how they make decisions. All corporations should evaluate their corporate intelligence processes to ensure mechanisms are put in place to ensure decisions are being made on valid, vetted data.

Additional Resources:

  • A Practitioner’s View of Corporate Intelligence: Organizations in competitive environments should continually look for ways to gain advantage over their competitors. The ability of a business to learn and translate that learning into action, at speeds faster than others, is one of the most important competitive advantages you can have. This fact of business life is why the model of success in Air to Air combat articulated by former Air Force fighter pilot John Boyd, the Observe – Orient – Decide – Act (OODA) decision loop, is so relevant in business decision-making today.
  • Useful Standards For Corporate Intelligence: Discusses standards in intelligence, a topic that can improve the quality of all corporate intelligence efforts and do so while reducing ambiguity in the information used to drive decisions and enhancing the ability of corporations to defend their most critical information.
  • Optimizing Corporate Intelligence: Actionable recommendation on ways to optimize a corporate intelligence effort. It is based on a career serving large scale analytical efforts in the US Intelligence Community and in applying principles of intelligence in corporate America.
  • An Executive’s Guide To Cognitive Bias in Decision Making: Cognitive Bias and the errors in judgement they produce are seen in every aspect of human decision-making, including in the business world. Companies that have a better understanding of these cognitive biases can optimize decision making at all levels of the organization, leading to better performance in the market. Companies that ignore the impact these biases have on corporate decision-making put themselves at unnecessary risk.

Bob Gourley

Bob Gourley

Bob Gourley is the co-founder and Chief Technology Officer (CTO) of OODA LLC, the technology research and advisory firm with a focus on artificial intelligence and cybersecurity which publishes OODALoop.com. Bob is the co-host of the popular podcast The OODAcast. Bob has been an advisor to dozens of successful high tech startups and has conducted enterprise cybersecurity assessments for businesses in multiple sectors of the economy. He was a career Naval Intelligence Officer and is the former CTO of the Defense Intelligence Agency. Find Bob on Defcon.Social