OODA Network members are invited to participate in a monthly video call to discuss items of common interest to our membership. These highly collaborative sessions are always a great way for our members to meet and interact with each other while talking about topics like global risks, emerging technologies, cybersecurity, and current or future events impacting their organizations. We also use these sessions to help better focus our research and reporting on member needs.

To encourage openness of discussion, these sessions take place with Chatham House rules, where participants are free to use the information in the meeting but are asked not to directly quote or identify other participants (we also keep privacy in mind when preparing summaries of these sessions, like the one that follows).

The August monthly meeting focused on issues around Afghanistan and the many geopolitical and business-related elements of these chaotic events. Members also discussed topics in the OODA C-Suite Report.

Topics discussed and questions raised for follow-up research and analysis included:

• Higher-order issues/broad challenges for the future
• Bridging the Perennial Divide: real partnership and real outcomes from public/private partnership for Cybersecurity Challenge ahead
• What will be the Chinese response to the fall of Kabul?
• Taliban 2.0: Has the organization really changed?
• Corporate human resource allocation, recruitment, and employee safety in the Middle East
• Do most organizations over-optimize and lose resiliency?
• Intelligence Reform:  Do we try to simplify the nature of conflict?  Do we have a propensity to avoid complexity?
• Intelligence Fusion – We need to somehow find a way to synchronize multiple themes
• A low-tech adversary: is U.S. DoD building the right technology systems?
• WWII, Manhattan Project, and Marshal Plan-style mobilizations to multiple existential threats
• Cybersecurity: Pessimism is easy. What are we going to do about it?
• What did we know: Special Inspector General for Afghanistan Reconstruction (SIGAR) Quarterly Reports and the Fall of Kabul?
• Is Taiwan the Next Chechnya/Crimea? Or Hong Kong?
• Organizational Behavior: Black Swan/Silver Lining counterfactuals to break the echo chamber/groupthink
• Will we begin to see a non-US Central resource allocation in Afghanistan post-fall of Kabul?  What does that look like?  Is it led by a friend or foe?
• Is it going to take a Pearl Harbor? What is the next Pearl Harbor?
• Cyberblitz/Bitskreig:  What does it take to make a blitz in this area?
• China/Taiwan semiconductor supply chain – scenario planning/wargaming exercise to complement monthly member call    

Matt Devost then provided a debrief of some of the trends he noticed from Black Hat and DefCon in Las Vegas.  For Matt’s perspective, see:  OODA Loop – Black Hat and Def Con 2021 – Observations and Trends.  For coverage of the CISA presence at Black Hat, see:  OODA Loop – At Black Hat 2021, CISA Director Jen Easterly launches CISA JCDC (Joint Cyber Defense Collaborative)

A few participants on the call requested a follow-up on the Defcon 29 CTF winners two years in a row,  a Chinese team, considering the recent CPC restrictions on hacker participation in CTF events outside of the CPC.  Who are the members of this team?  The success of the China-based CTF competition, known as The Tianfu Cup, was also of note on the call, as well as the first of its kind maritime CTF held at Defcon, which provided a transition to an interesting discussion on Iranian maritime offensive cyber activities.

Bob then acknowledged that due to the conditions on the ground in Afghanistan it may be the singular topic for discussion on the call.  He positioned a question for the group:  “What’s is the change to the business and global risk environment because of the Afghanistan withdrawal?”  Bob also poised a larger question: “When there is a complex situation are two questions:  So what? and what’s next?”  To review Bob’s pre-read comments on the evolving situation in Kabul, see:  OODA Loop – The OODA C-Suite Report: Operational Intelligence for Decision-Makers

The open discussion for network members then began.  Topics highlighted by the group (ideas and topics the group thought were appropriate for follow up research and analysis by OODALoop)  included:

Higher-order issues/broad challenges for the future: In conceptualizing what future concerns and solutions should be, it was noted by a member that “Yes, we are concerned with Afghanistan today, but there are larger issues which impact all threat environments which are challenges across a variety of domains, including cybersecurity, such as Cyber information warfare, strategic communications, influence warfare, preparation, farsightedness, “some realism spun into it”,  escalation, stability, risk calculation, and signaling.”  Another  concurred:  “Information as [the] center of gravity in the adversary campaign was not properly taken into consideration. And it was that information component that led to the breaking of the backbone of the defensive forces.”

Bridging the Perennial Divide: real partnership and real outcomes from public/private partnership for Cybersecurity Challenge ahead:  The conversation then turned to just how much the private sector will be able to depend on USG leadership on cybersecurity issues.  A member opined that  “80, 85, 90% of all digital resources and capabilities are owned and controlled and managed by the private sector.  That [means the USG is] the junior partner and they don’t like to think of themselves as a junior partner on anything, but then they lack the knowledge, the wherewithal, the skill, the experience, the understanding to provide that leadership.”

What will be the Chinese response to the fall of Kabul?  The group then turned to China, with a member suggesting “I think one big elephant in the room is China.  China can look at the US now being preoccupied with this and maybe this is the time to do a blockade of Taiwan.”  Another added some specific concerns: “I’m worried about Taiwan. I’m worried about the Philippines and the oil fields, but particularly with Taiwan. As you guys well know the vast majority of semiconductors are produced there.  The semiconductor industry has been concerned about the lack of resilience in the supply chain because of this single point of failure. If China goes in and takes over TSMC I have no idea how to estimate the impact on the globe.  What is China planning now?”

Taliban 2.0: Has the organization really changed?  The nature of Taliban leadership and governance was discussed throughout the call.  A member expressed concern about the violent nature of the organization and wondered whether it is a terrorist group or a tribal group – and which is more dangerous.  Later in the discussion, a member followed up with the “I don’t know. I doubt this is a kinder, gentler Taliban, but they have learned things along the way. They probably have a much more centralized leadership. They now have a state they have to run – and be somewhat responsible regionally and globally. So again, managing whatever stability is in that equation is important. And outside backers, particularly people now taking advantage of a frustrated America would not be a good thing to be doing, right?”

Corporate human resource allocation, recruitment, and employee safety in the Middle East: A member turned the conversation to broader concerns:  “I would like to know what a Fortune 100, Fortune 500 CEO or COO needs to know about the changing situation because of the Afghan withdrawal? A member responded “the conversations I am having are really very fundamental…everybody that I know that runs 24/7 operations… they just follow the sun up. We all have people over there. It’s the business risks: how do we protect people going in and out of there? What is the operational risk to the business? How many people over there are going to have to move to different positions? Should I start hiring in Australia or Singapore to vacate my people position in the Middle East?”

Do most organizations over-optimize and lose resiliency?  An individual extended the corporate response discussing, submitting that it is apparent, even without an incident like this, one thing made clear by all of the other global incidents is when companies over-optimize, they reduce their resilience to any kind of event. So, my one message to every fortune 1000 CEO, these strategies for over-optimizing everything to improve your resiliency should be questioned.  What kind of questions should you be asking about your technology architecture and changing risk posture?  Another concurred: “Optimizing for efficiency means typically challenging resilience, right? They don’t typically optimize together.”

Intelligence Reform:  Do we try to simplify the nature of conflict?  Do we have a propensity to avoid complexity?  An individual shared a personal perspective “9/11 has been on my mind.  I was working intelligence to deal with that threat before we went through it. I was just revisiting an intelligence reform paper for domestic intelligence that I initially finished 10 years ago and threw away and decided to come back. We never finished intelligence reform.  We are re really bad at doing scope and scale of the conflict.”

Intelligence Fusion – We need to somehow find a way to synchronize multiple themes:  The conversation then moved to the issue of the integration of intelligence efforts.   “We keep talking about fusion as if it’s a buzzword.  Domestic Intel is looked at as a bureaucratic enterprise of a federal agency with battles over which federal agencies do it.  It’s often decoupled from other types of Intel; it’s decoupled from corporations. And I think we made an important, important observation about one of our major adversaries: the Chinese don’t compartmentalize that way.”  You have the Chinese unrestricted warfare approach and that’s over two decades old now. They specify bringing together all the different threat strands and synchronizing them to erode their adversaries.”  Domestic US political polarization was also mentioned as a concern for intelligence collection moving forward, as well as the role of illicit networks of transnational organized crime and how they may be benefitting from the fall of Kabul.  Another added “We need to somehow find a way to synchronize multiple themes. Climate change is going to drive lots of conflicts, benefit transnational crime, adversaries are all going to figure out how to use it  So, complexity is part of it  We have to learn how to better negotiate it and integrate it into our scenario planning, which others have been advocating.”

A low-tech adversary: is U.S. DoD building the right technology systems? It was observed that The Taliban communicate by radios.  They ride motorcycles and trucks.   They didn’t use any space or laser communications. They didn’t use advanced analytics. They didn’t have a Hadoop cluster. They didn’t have 5g or 4g or 3g probably. So, I’m just wondering what this says. Are we too high-tech a military? Was that a weakness?  A response:  We get into this very “easy button” way of kind of looking at the world – wanting things to be simple when they’re just not.  Some threats will be different than others. Certainly, the technologies we need to address those threats will vary depending on the threat. China has hypersonic weapons, for example.  The way we would fight China is different than the way we deal with a threat like in Afghanistan. But it’s never, ever just about the technology, right? It never has just been about technology.”

WWII, Manhattan Project, and Marshal Plan-style mobilizations to multiple existential threats:  It was said that “You know, we have a history of mobilizing in World War II. It’s probably the best model public/private effort in the history books that scaled. It was impressive.  We were at one time the experts on mobilization. I’m not sure today we have time to mobilize at every strategic vector, but it seems to me that you could pick cyber, I/O, etc., Not be cynical about what’s possible with the public/private collaboration, working together with some set of rules and try to get on down the road in a whole bunch of areas.” Another opined World War II is a great model. I agree because the government-private sector came together.  But there was a different legal environment, a different moral environment, a different everything back in those days. And I just don’t see that we are there today.”  How is the operational environment different today? And how can we operationalize solutions at scale for success?

Cybersecurity: Pessimism is easy. What are we going to do about it?    The group praised current Intel community leaders such as Chris Inglis, Inaugural National Cyber Director, Jen Easterly, CISA Director] and Ann Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology.   Chris Krebs at CISA  was also mentioned for his public/private partnership efforts at CISA.  Still, past public/private partnership attempts by the USG in a variety of domains were met by frustration and disillusionment by the participants.  A participant encouraged the group to take a moment for a different angle on the issue:  “I sure would love to hear about potential actions as a community.  There’s a lot of reasons to be pessimistic. There’s a lot of reasons to be upset. I certainly understand that. But when you think about the minds on this call and other groups I’m involved in, what are we going to do about it?

What did we know: Special Inspector General for Afghanistan Reconstruction (SIGAR) Quarterly Reports and the Fall of Kabul?   A member asked for the group to recommend sources and subject matter experts who are vetted and trusted by the group?  It was suggested that the SIGAR quarterly may be a place to start in understanding the ground truth in Afghanistan prior to the fall of Kabul.

Is Taiwan the Next Chechnya/Crimea? Or Hong Kong?  A member pointed out a clear thread throughout the discussion:  “I think it is interesting the number of people who brought up Taiwan without any mental preparation. I mean, everybody kind of jumped to Taiwan – which really serious, right?”  Another then asked the group:  what would be the appropriate messaging from the USG to deter Chinese offensive capabilities?  A person rhetorically positioned Chechnya/Crimea as analogous geopolitical events -which were not necessarily met, in hindsight, by an appropriate response from the global community.

Organizational Behavior: Black Swan/Silver Lining counterfactuals to break the echo chamber/groupthink:   A member encouraged the group to take some time with a different perspective, as “between the news coverage and so many conversations and private groups I am taking part in – it is all getting to be like one echo chamber. And I’m just curious about what the rest of the world is saying, what the optimist and the world are saying and try to approach this from a different perspective, you know, what is the positive Black Swan that comes out of this whole thing?  I’m not trying to be Pollyannish about it, but is this going to spur the microprocessor industry to come back to the States?

Will we begin to see a non-US Central resource allocation in Afghanistan post-fall of Kabul?  What does that look like?  Is it led by a friend or foe?   A person felt that a potential positive strategic outcome may be “finally we begin to see a non-US  moment for proper capacity, whether that’s kinetic, or cyber or the UK offensive cyber piece of this is incredibly interesting as it’s being stood up.”  The participants on the call agreed that this is an interesting area for OODALoop follow-up research efforts.

Is it going to take a Pearl Harbor? What is the next Pearl Harbor? The perennial question of the scale and scope of the next successful attack was discussed.  Will it be cyber?  Kinetic?  Has the fall of Kabul left an opening for an increased threat for a major attack on domestic US soil?

Cyberblitz/Bitskreig:  The question of “what does a blitz in cyber look like?” was discussed towards the end of the call.  See also the recent OODALoop post:  OODA Loop – Bitskrieg: The New Challenge of Cyberwarfare by Dr. John Arquilla

China/Taiwan semiconductor supply chain – scenario planning/wargaming exercise to complement monthly member call:  The subject of Taiwan was consistent throughout the discussion, an individual suggested that “people just don’t understand nuance or maybe they don’t want to deal with nuance. They don’t want to deal with complexity.  That was the point I was making about the semiconductor industry. If China takes over Taiwan, forget about an AI industry because AI requires advanced chips.  It would be a disaster.”  A member picked up the Taiwan thread with “you would think that the fall Taiwan would be far removed from the top of mind, but actually what happens if Taiwan fails? We can’t get the chips. We can’t do insurance. We can’t do healthcare. There are all kinds of downstream cascading effects. I would find it really interesting for this group to come together and sort of work through those things because from my position, I’d like to help my company think about, if that happens, how long can we operate? What are cyber security implications? What are the operational issues?  Another said:I would love to see this group actually come together and talk about a “Fall of Taiwan” scenario and what that really looks like and what that means for the players across the industry, because what happens if leadership does not respond in a way that the adversary takes seriously?”  A member closed out the thread on a positive, proactive note:  I really like the idea of an OODA network war game around Taiwan. I think we need to pull on that thread a little bit more I think that could be fascinating as a kind of a supplement to the monthly meeting you know, an intellectual exercise around a particular topic. And we have folks on the call here and in the network that obviously have a lot of history creating and participating in that sort of scenario planning.”

Matt Devost closed the call by introducing Daniel Pereira, a new member of the OODALoop team.  Dan introduced himself and his background briefly.  His OODA email was put into the chat:  [email protected]. For more on Daniel’s background, see:  https://www.linkedin.com/in/dtpereira/

Matt highlighted a recent OODALoop post on Elon Musk and his approach to complex engineering:  “That was really me just flagging a piece of video and saying, hey – this looks like an OODALoop for advanced engineering, and here is my perspective on it.”  Daniel then created the post.  See:

OODA Loop – The Everyday Astronaut, Elon Musk, and his five-step engineering process

“I’d love to build out where we’re reaching out to other folks in the network on those topics as well. For example, P6 would have been perfect for that Elon Musk discussion. We’d like to make this a little bit more interactive on a day-to-day basis for those that are willing. So, drop us a note or drop us topics that are interesting or we should cover.”

Matt concluded by reinforcing the message from Bob at the top of the call:  “It’s great talking to everybody every month, but we would love a lot more injects from the community via Wicker or via email around things that you think are interested in or even something that’s crossing your path that is impacting your decision process or a topic you are really engaging. We would love to get your perspective on our content as well.”

 

Related Reading:

Black Swans and Gray Rhinos

Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis

Cybersecurity Sensemaking: Strategic intelligence to inform your decisionmaking

The OODA leadership and analysts have decades of experience in understanding and mitigating cybersecurity threats and apply this real world practitioner knowledge in our research and reporting. This page on the site is a repository of the best of our actionable research as well as a news stream of our daily reporting on cybersecurity threats and mitigation measures. See: Cybersecurity Sensemaking

Corporate Sensemaking: Establishing an Intelligent Enterprise

OODA’s leadership and analysts have decades of direct experience helping organizations improve their ability to make sense of their current environment and assess the best courses of action for success going forward. This includes helping establish competitive intelligence and corporate intelligence capabilities. Our special series on the Intelligent Enterprise highlights research and reports that can accelerate any organization along their journey to optimized intelligence. See: Corporate Sensemaking

Artificial Intelligence Sensemaking: Take advantage of this mega trend for competitive advantage

This page serves as a dynamic resource for OODA Network members looking for Artificial Intelligence information to drive their decision-making process. This includes a special guide for executives seeking to make the most of AI in their enterprise. See: Artificial Intelligence Sensemaking

COVID-19 Sensemaking: What is next for business and governments

From the very beginning of the pandemic we have focused on research on what may come next and what to do about it today. This section of the site captures the best of our reporting plus daily daily intelligence as well as pointers to reputable information from other sites. See: OODA COVID-19 Sensemaking Page.

Space Sensemaking: What does your business need to know now

A dynamic resource for OODA Network members looking for insights into the current and future developments in Space, including a special executive’s guide to space. See: Space Sensemaking

Quantum Computing Sensemaking

OODA is one of the few independent research sources with experience in due diligence on quantum computing and quantum security companies and capabilities. Our practitioner’s lens on insights ensures our research is grounded in reality. See: Quantum Computing Sensemaking.

The OODAcast Video and Podcast Series

In 2020, we launched the OODAcast video and podcast series designed to provide you with insightful analysis and intelligence to inform your decision making process. We do this through a series of expert interviews and topical videos highlighting global technologies such as cybersecurity, AI, quantum computing along with discussions on global risk and opportunity issues. See: The OODAcast