On Abssandra

On By Steven LandesIn Cyber, Human
Photo by Vie Studio on Pexels.com

BLUF – Absent Cassandra (Abssandra) is the outcome of knowing there is a question or issue we are required to solve – with no effective internal or external means or understanding to base our plans and programs on. The dangers we don’t often admit are framed within the post.

Background

People sometimes ask how I got into cyber, as it’s a rather remarkable shift in my career, especially since I wasn’t tremendously technically minded to start. I was asked to join the USIC based on my understanding of the country, and on my first day, was given an option for what functional area I’d be analysing.

On one hand, there was Electronic Warfare (essentially jammers used to interrupt or mask signals). The chap who had done it for fifteen years was taking on a new role and could show me all the ins-and-outs, make the introductions within the community. Essentially he could tell me all I needed to know in order to be successful.

On the other, there was this cyber billet the flight recently was given. No one knew quite what it was or what to do with it, but there was a position needing filled. I’d get no real help, as no one ever dealt with it before, nor had we seen it used in conflict (this was back in 2010). It was still part of Information Operations at the time, so it dealt with influence and psychological ops.

I asked how long my probation period was and chose cyber. No way they’d sort if I was right in a year.

Which brings me to Cassandra’s Paradox we discussed a bit over a year ago, postulating how you miss something without understanding what it is or could be. Framed in the absence of knowledge of future developments, due to the loss of the people who could see the connections, the question was: could we miss the possibles we never saw?

This post addresses something closer to the inverse.

Absent Cassandra (or Abssandra) is quite common – knowing there is a question with no idea how or who can solve it. Take nearly any larger scale sector/ region issue or any program that extends out of your organisation’s reach or understanding, and you will find people working to create a solution or program – with no internal means to validate either the program or the responses. An example would be: asking people without disabilities to create means for those with disabilities, not taking into account the beneficiary voice in the matter. There may be imagination implemented into the build, perhaps in the form of empathy, but unless those with the particular disability give a better understanding of what they deal with and what their coping mechanisms are, the imagination is likely closer to fantasy.

In strategic topics taking organisations by storm – ESG, D&I, Cyber (to name a few) – we know we have to do something, begging the question ‘what?’. The ‘what’ involved is complex, made more so by the lack of a vanguard within the sector to pave the way for other programs/organisations to follow. Questions such as:

  • What can be done? ( What are our response options?)
  • What will prove beneficial to our organisation?
  • What degree of effort needs to be actual work versus performative busyness?
  • What stakeholders should we consider?
  • What will matter to the different stakeholders?
  • What are we willing to potentially sacrifice?

Not even asking the questions ‘how,’ or even worse – ‘why’, these ‘what’ questions are challenging enough when we have a decent understanding of the issue. What happens when we have not? Under pressure, we are required to produce something, anything.

Enter Abssandra. And the dangers of it.

The first danger is not understanding more than the surface-layer of the problem. Climate change is a problem, how do you fix it? Reduce emissions? Sure. How do we get our company to spend massive amounts of money to take the necessary steps, and make it happen, especially when there is no demonstrable profit or gain? With something as complex as climate change, how far can you go to reduce those emissions? How fast do you need to go? Would the steps taken be offset by carbon footprint required to fix them? Would it be extended to others as a supply-chain consideration?

The second danger is not having someone to ask. You may find issue-related experts, but they only know your organisation’s surface-layer. Few will understand the direct or collateral impacts that executing their recommendations may create. Even fewer will care what happens to the organisation, unless it fails to deliver. As we saw in Crisis at Scale, this isn’t malicious – their vested areas may not be in line with you or your organisation’s, nor yours with them. Even experts within the organisation will need to make recommendations at the level/scale required, as your issue and response options may not be in line with whom they are aligned with (who pays them). Abssandra thrives in misaligned communications, recommendations, and decisions. Risking insult, it pays to level-set upfront.

The third danger is having no way to validate the answers or data you use. Without a solid vanguard example or framework to build from, and in amorphous situations, we assume relative validity of data used and answers found. Should we? We don’t really know.

Finally, the danger of declaring victory. Without understanding the complexity of the issue (in reference to your organisation and the larger perspective), having someone to consult or any way to confirm the chosen path, it comes down to a decision – do you admit the challenges and continue seeking further guidance/ aid, or do you declare victory at an arbitrary point and continue with the current course? Since organisations operate with resource constraints, many choose to declare victory, as neither they nor their leadership knows the difference. Mostly drive by “it sounds complicated and took a great deal of effort, so good must come of it” without really understanding what should be good results – or comparison to what could be achieved. Barring deeper understanding or catastrophic failure, victory is seen as an acceptable interpretation.

In the end, I love the path I chose – cyber constantly evolves. It is dynamic and unstructured. New understanding needs to be created. It is often not the place for traditional management and program development as it doesn’t fit, and you can’t force it.

For better and worse, we often work with Abssandra. Whilst rife with dangers – this is where opportunities are uncovered, as long as we recognise we don’t know everything.

-scl

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s