OODA Loop

Understand tomorrow, today.

C-Suite Considerations Regarding Current Geopolitical Tensions

Archive, Business, OODA Original / by

I’ve professionally tracked geopolitical events for my entire adult life, starting as a Navy Intelligence Officer in 1982. Now at OODA I continue this professional watching of geopolitical events (most of which you see reflected in our reporting). Four decades of experience of operational intelligence analysis leads me to the same conclusion most any watcher of international events would have, the world has always been a dangerous place, especially for democratic nations.

But something is different now. The reason for the change is probably a combination of factors that include the pandemic, the rise of the global grid of cyberspace, plus the payoff of years of planning and strategic moves by our adversaries. But whatever the cause, the world today is more complicated, chaotic and more dangerous than the world of just a year ago, and in many cases the risks being faced by open societies have never been seen before. The changes are so significant, OODA recommends all business leaders take stock of the geopolitical situation and assess how the nature of these changes should impact your business strategy. And all in open societies need to realize that authoritarians view us as their enemies.

The Geopolitical Situation

Here is a short overview of some of the tense realities we are tracking:


OODA Loop Sponsor
  • Russia has been flowing more troops into occupied Crimea and is “drafting” residents into the Russian Army. They are also building up troops along the Ukrainian border.
  • Russia has inked a stronger partnership with Iran, a move years in the making, consistent with the much closer coordination both these regimes have been working towards. Russia will benefit not only from more influence in the Middle East but also in many post-Soviet countries where Iran is influential. And, Iran has Russia as a stronger ally to counter the West. And the West will likely see more coordinated misinformation/disinformation campaigns from this arrangement.
  • Historically Russia and China have had an “on-again/off-again” relationship, and at this point the power dynamic between the two clearly tips towards China, which is 10 times bigger in population and economic power. But over the last few years these two have begun working closer and closer to counter the democratic interests of open societies. Putin and Xi have developed strong personal ties and pledged to bolster their “strategic partnership.”
  • China has been making more aggressive statements against Taiwan and backing those up with military exercises flanking Taiwan. We have noted in our monthly meeting that China does not need to invade Taiwan to subdue it, it only needs to blockade.
  • China has launched major fishing fleet and merchant fleet armadas into the South China Sea to bolster illegal claims that the entire area is theirs.
  • The Chinese clampdown on Hong Kong that began in 2019 has continued in a way that makes it clear the PRC has no regard for international opinion and will gladly risk losing the economic benefits that currently flow from Hong Kong. Clearly the PRC does not care about our opinion on the freedom of Hong Kong (like they did not care when I put a “Free Tibet” sticker on my car).
  • Cyber espionage attacks by China and Russia have shown that neither of these nations will be deterred from espionage including spying against government but also intellectual property theft.
  • Despite international condemnation of China for its treatment of Uyghurs, China has been pushing back and doubling down on what some have called genocide. And firms that voice any support for freedom of the Uyghurs are being economically punished by the PRC, including by riling up PRC citizens through social media.
  • China and Russia have both demonstrated capabilities to attack US strengths, including US use of Space Systems.
  • North Korea continues use of ransomware to generate revenue and cyber attacks for espionage purposes. They remain a nuclear power. Both the PRC and Russia benefit from propping up the DPRK and turning a blind eye to transgressions, meaning the DPRK will remain a bad actor on the world stage.
  • China, Russia, Iran and DPRK have all learned to flex their information warfare power by targeted misinformation and disinformation, as well as their ability to hack, attack and exploit computer systems. These four nations have used this cyber power to the detriment of democracies globally, and there are no indications any intend to stop.
  • China and Russia (and to a lesser extent others) have mounted extensive human spying activities in the US and other democratic nations, with far too many human agents than our own law enforcement agencies can adequately cover. This puts a burden on law enforcement and counterintelligence and puts US companies at a significant disadvantage if they must root out agents themselves.
  • There are many other tense situations, including the heating up of the long running Sino-India border dispute, the challenge for EU leaders to maintain a strong union with so many diverse countries and economies, the humanitarian crisis and conflict in Venezuela and the polarization and tensions internal to the US. We will continue to report on those elsewhere on the OODAloop site.
  • We also track the many technological shifts are underway that also need to be considered, including the rise of cryptocurrencies (Peter Thiel has warned about how the CCP may use Bitcoin against the USD and suggests taking action to mitigate that), but also the dramatic changes coming from the rise of quantum computers, advanced communications systems (including 5G and WiFi 6) and many other tech trends that are creating new avenues of competition and conflict.
  • The current situation has environmental dimensions as well. The warming of the Arctic Ocean has opened up new transit routes for global commerce and Russia and China have both made separate aggressive moves to take advantage of this. Major disruptions in how goods are moved globally are expected.

The Net Assessment

  • Few of the events described above are total surprises, most are occurring in hot spots the world has tracked for years. Most of the above are what Michele Wucker would call “Gray Rhinos“, things we really should have seen coming but for some reason believed they would not. But we do need to recognize some big shifts have occurred.
  • There is a change that happened so quickly many may have missed it: For years, it seemed like Russia and China at least would pretend that they cared about international opinion. Now any model that implies influence by nations or that international legal bodies can sway action of either of these parties should be called into question. Influencing these nations will likely take strong coordinated action by coalitions of nation’s operating under the rule of law. If that does not exist, it is hard to see how these nations will be deterred from their current courses of action.
  • In open societies, traditionally governments led defense of private industry from nation state attacks. But in the cyber domain, governments have tried in good faith to contribute to defense of industry and academia and citizens, but the nature of privately owned technology in a democratic society is different, and government action has proven to be of limited value in defending the commercial sector from attack or espionage in cyberspace. We have seen nothing in the works that will change this.
  • China, Russia, Iran and the DPRK are keenly aware of the advantages of keeping citizens of open democracies in as much internal tension as possible. These states have long histories of fomenting discord through propaganda and have all been leveraging new technologies to improve their methods. This will continue.
  • The US and other democratic nations are clearly aware of these threats and are almost certainly planning responses to adversary actions and improvements to collective defense, but it is unknown at this time if our decision-makers and coalitions can match the OODA Loop decision cycle speeds of Xi or Putin.

What Should The C-Suite Do?

Every company is different, of course, so it is you who must determine the appropriate action to take. But we will offer some food for thought that may help accelerate your planning. Key considerations include:

  • Since we are in a period of fast action and dynamically shifting situations, look at ways to optimize your own decision-making, with an eye towards speeding up your processes (think of your own OODA Loop). Accelerate your review of internal corporate decision-making by reviewing our special series on the Intelligent Enterprise, which provides advice and recommendations relevant to businesses of all sizes on topics like intelligence support to operational decision-making. This is also a good time to review corporate approaches to training staff and executives on critical thinking, training on how to counter misinformation and disinformation.
  • Larger companies should hire or appoint a senior liaison for working with the US Department of State, Department of Commerce and Department of Homeland Security to ensure your company is as informed as possible on government actions and intentions in regards to the threat, and to ensure your corporate interests are known by government.
  • Besides this appointing of a senior liaison, firms of all sizes should ensure they are connected to the right entities for sharing information on cyber conflict. For most this means joining an appropriate information sharing and analysis center or organization (ISAC or ISAO). C-Suite leaders should track this closely and put themselves in a position to ensure information received from these sharing organizations is as actionable as possible. And remember, sharing is a two-way street. Sharing back information to these organizations can help in trust building and improve collective defense.
  • Strategically assess your entire supply chain. In today’s interconnected world this can be easier said than done, but it is important to know not only where your facilities are, but, depending on your industry, where your supplier facilities are, where manufacturing is done, and where raw materials are sourced from. After an initial mapping of your supply chain assess critical paths and critical components, and use scenario based planning to and determine if alternate supply sources need to be established.
  • Re-assess your markets to know which markets can be influenced by China or Russia and determine how important these markets are to your organization.
  • Understand that no IT system can be totally secured, but all IT can be hardened. Take steps to move your organization to a more resilient architecture that can make it harder on nation states to gain unauthorized access to your systems and detect them if they do (our favored approach, a Zero-Trust Architecture).
  • Know your communications dependencies, including long haul communications and also space based communications. Understand your backup plans should the need arise.
  • Also on the subject of communications, ensure your entire C-Suite has an out of band, secure way to coordinate together (we use Wickr and it has our strongest recommendation for this purpose).
  • C-Suite leaders should work to improve their ability to deal with further disintegration in internal discord in the US and other open societies and how that can impact business models and also Human Resources strategies. Firms should consider ways to mitigate the threat of internal extremists and even workplace violence.
  • Ensure your entire leadership team is staying aware of global threats. One way to do that is to subscribe to our OODA Daily Pulse. This foundational level of intelligence can help keep the entire team aware of key events and threats. Others on your team may be in need of more focused cyber threat intelligence or human intelligence or other dedicated sources. Contact us if you need insights into the best way to do this.

Additional Resources

  • Putin’s cyber OODA Loop is Tighter Than Yours: The Putin regime has fully adopted cyber operations as a component of international relations and an appropriate tool to use in “reaction” to other global measures like sanctions or regional interference.
  • America’s Most Critical Infrastructure is also Our Most Neglected Infrastructure: Our thesis is that America’s most critical infrastructure is our cognitive infrastructure. This is also the most attacked and least defended. In short, our most important infrastructure is also our most neglected infrastructure.
  • Mitigating Risks To America’s Cognitive Infrastructure:This is the second of a series on our nation’s most neglected critical infrastructure, our cognitive infrastructure. The first post dove into the nature of the challenge and why it is so important for our future that the threats to our cognitive infrastructure are understood and addressed. This post flows from that one and suggests ways the nation can mitigate many of these risks.
  • A Practitioner’s View of Corporate Intelligence: Organizations in competitive environments should continually look for ways to gain advantage over their competitors. The ability of a business to learn and translate that learning into action, at speeds faster than others, is one of the most important competitive advantages you can have. This fact of business life is why the model of success in Air to Air combat articulated by former Air Force fighter pilot John Boyd, the Observe – Orient – Decide – Act (OODA) decision loop, is so relevant in business decision-making today.
  • Useful Standards For Corporate Intelligence: Discusses standards in intelligence, a topic that can improve the quality of all corporate intelligence efforts and do so while reducing ambiguity in the information used to drive decisions and enhancing the ability of corporations to defend their most critical information.
  • Optimizing Corporate Intelligence: Actionable recommendation on ways to optimize a corporate intelligence effort. It is based on a career serving large scale analytical efforts in the US Intelligence Community and in applying principles of intelligence in corporate America.
  • An Executive’s Guide To Cognitive Bias in Decision Making: Cognitive Bias and the errors in judgement they produce are seen in every aspect of human decision-making, including in the business world. Companies that have a better understanding of these cognitive biases can optimize decision making at all levels of the organization, leading to better performance in the market. Companies that ignore the impact these biases have on corporate decision-making put themselves at unnecessary risk.
  • Operational Intelligence for Strategic Decision-making: In this OODAcast, OODA Network Expert Jen Hoar interviews noted cybersecurity and intelligence professional Bob Gourley, CTO of OODA LLC, diving deep into what makes him tick. Jen asks Bob about his career, including the constants and dynamics in his professional life, starting with a deep background in operational intelligence as a naval intelligence officer. She explores his strengths and weaknesses and how he makes decisions in domains of overwhelming information. Jen asks Bob for advice for others on ways to keep learning.

“The world is a more dangerous, chaotic and complicated place than it was just a year ago. Your corporate strategy and defensive posture needs to reflect that”

 

Related Reading:

Black Swans and Gray Rhinos

Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis

Explore OODA Research and Analysis

Use OODA Loop to improve your decision making in any competitive endeavor. Explore OODA Loop

Decision Intelligence

The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Stratigames, Business Intelligence and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence

Disruptive/Exponential Technology

We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, Space Technology. Explore Disruptive/Exponential Tech

Security and Resiliency

Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation state conflict, non-nation state conflict, global health, international crime, supply chain and terrorism. Explore Security and Resiliency

Community

The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member only video library. Explore The OODA Community

About Bob Gourley

Bob Gourley is an experienced Chief Technology Officer (CTO), Board Qualified Technical Executive (QTE), author and entrepreneur with extensive past performance in enterprise IT, corporate cybersecurity and data analytics. CTO of OODA LLC, a unique team of international experts which provide board advisory and cybersecurity consulting services. OODA publishes OODALoop.com. Bob has been an advisor to dozens of successful high tech startups and has conducted enterprise cybersecurity assessments for businesses in multiple sectors of the economy. He was a career Naval Intelligence Officer and is the former CTO of the Defense Intelligence Agency.