General Stanley McChrystal: Applying Team Of Team Logic To Cyber
General Stanley McChrystal: Applying Team Of Team Logic To Cyber
100th episode with retired, four-star General Stanley McChrystal, discussing his bestselling book "Team of Teams". The similarities between the landscape he encountered in Iraq and today's Cyber landscape. How we can apply the lessons and tactics used to defend against Al Qaeda to cyber.
Episode Table of Contents
- [01:52] How Team of Teams Began
- [07:09] A Constantly Morphing Nature
- [13:51] A Person With a Hammer
- [22:48] People’s Confidence in Systems Is Gone
- [29:35] Examples of Pushing Information Out From Team of Teams
- [37:47] The Gardeners in Cyber According to the Team of Teams
- About Our Guest
View video of this episodes:
How Team of Teams Began
Carolyn: This is our 100th episode and boy, did we shoot for the moon as far as guests go. I am thrilled and honored to say that we have retired four star General Stanley McCrystal with us.
Eric: I thought you were going to say, "The eagle has landed."
Carolyn: I just got chills just even saying General Stanley McCrystal's name. General McCrystal is widely praised for launching a revolution in warfare. He led a comprehensive counter terrorism organization that fused intelligence and operations, redefining the way military and government agencies interact.
Carolyn: His leadership of Joint Special Operations Task Force, JSOC, is credited with the 2000 capture of Saddam Hussein. It’s also credited in the 2006 location and killing of Abu Musab al-Zarqawi, the leader of Al-Qaeda in Iraq.
Carolyn: Since retiring from the military, General McCrystal has served on a number of corporate boards of directors. He founded the McCrystal Group, an advisory services firm. It helps businesses challenge the hierarchical command and control approach to organizational management.
Carolyn: He's also the author of several best selling leadership books, one of which we are going to talk about today. Team of Teams began when General McCrystal took command of JSOC in 2004. He quickly realized that conventional military tactics were failing.
Carolyn: Al-Qaeda in Iraq was a decentralized network that could move quickly, strike ruthlessly, then seemingly vanish into the local population. The allied forces had a huge advantage in numbers, equipment and training, but none of that seemed to matter.
Becoming a Team of Teams
Carolyn: To defeat Al-Qaeda, they’d have to combine the power of the world's mightiest military with the agility of the world's most fearsome terrorist network. They would have to become a team of teams, faster, flatter and more flexible than ever. Good morning, General. Thank you so much for joining us.
Stan: Carolyn, thank you for the generous introduction. You said that saying my name gives you chills, so say my name from now on and it's Stan. As I tell people, I've been called worse. So, if you and Eric would honor me by doing that, I'd appreciate it.
Carolyn: Thank you, I will do my best.
Eric: We will do our best, sir, Stan. Team of Teams for me is right up there with one of my favorite management professors, experts of all time, Michael Porter. I hand it out to all of my people, and I frequently reference it. It certainly changed my way of thinking in business, thank you for that.
Stan: That was a great journey to experience. To try and capture it in writing was something that made us all think, which I really appreciated.
Carolyn: It was such a good read. It was honestly a page turner, which to be fair, a lot of those books are not. But the way that you wove the story into it, I couldn't put it down.
Eric: You love the summary at the end.
Carolyn: I did. We found a lot of similarities between the landscape Stan has encountered in Iraq and in today's cyber landscape. Can I just read a little piece from your book?
Stan: Of course. No author ever is going to say no to that.
How Can We Apply the Logic in Team of Teams
Carolyn: "In 2003 when fighting the war against Al-Qaeda, although lavishly resourced and exquisitely trained, we found ourselves losing. We’re losing to an enemy that, by traditional calculus, we should have dominated. We came to realize that more than our foe, we were actually struggling. Struggling to cope with an environment that’s fundamentally different from anything we'd planned or trained for.
Carolyn: It demanded a dynamic constantly adapting approach. And so, in the early 2000s we morphed and morphed again in a bitter struggle. To first contain, and then reduce the threat posed by Al-Qaeda in Iraq." So, here's the million dollar question. How can we apply the logic in Team of Teams and what you did against Al-Qaeda to cyber warfare?
Eric: We've been behind our adversary since 1987, since this form of warfare started.
Stan: I'll rewind a little bit, to the JSOC experience really in Iraq, but across the region. We’d been prepared for an industrial age kind of operation. We had a good structure, as you said, we were well-resourced, well-trained, very professional. But we were designed to do precise, elegant operations for which we could plan, rehearse, focus and then execute. That means you are on a fairly deliberate or ponderous cadence to do that.
Stan: The theory being that each of your operations is so perfectly focused at the enemy that it causes tremendous damage. What we found was, Al-Qaeda in Iraq is different from its namesake Al-Qaeda. Al-Qaeda in Iraq was completely different DNA. They had been formed 15 years after Al-Qaeda. 1988 for Al-Qaeda and 2003 for Al-Qaeda in Iraq. In those intervening years, information technology proliferated. Every Iraqi had at least one cell phone and access to the internet.
A Constantly Morphing Nature
Stan: It was in their personal lives, so they automatically used it as terrorists. As a consequence, they had a different DNA, a different way of operating. I didn't know that it was intentional. I think it was reflected the environment. As a consequence, they were constantly adapting, constantly morphing, reshaping themselves as a network. We used to capture detainees and we would ask them to draw out the structure.
Stan: Or we would show them a structure that we had depicted of Al-Qaeda in Iraq and they would be mystified. Because they'd go, "What is that?" And we'd say, "Well that's your structure." And they'd go, "Well, I don't know." That sort of got to the point that the very constantly morphing nature of it, was part of its strength.
Stan: Now, the theory was that they would be weak because they wouldn't be able to focus power. But that's not what happened. They actually were able to take that network through intent and focus at what they needed to do.
Carolyn: I remember you drawing a terrorist cell on a whiteboard and I remember thinking it looked like a living organism. Then you've talked a little bit about the immune system and comparing it to cyber. Could you talk about that a little bit?
Stan: One of the things we found is, I was raised on the counter terrorist or counter insurgency theory. You map out the enemy's structure and then you try to take it out and cause it to collapse on itself. Because they weren't very fast traditionally, you could do that. If you could figure it out and you could start to attack those cells, it would lose its structural cohesion.
The Human Immune System in Relation to Cyber
Stan: When you go into this living organism, what we found is we would try to go after key nodes. But when you took them out, instead of having the effect of causing it to collapse, they just automatically adjusted to that. It was very disappointing because you didn't have that crippling effect that you thought you would. Not even when you took fairly significant personalities out of the network.
Stan: As a consequence, you found that they were a living organism. Every time we impacted them, they changed, which was a challenge into itself. Because just when you're getting a picture of them, you hit them, they're now different. So, your picture is now wrong.
Eric: When we look at current asymmetric warfare, modern day warfare with cyber included, you almost see the same type of morphing. The ability to rapidly go from a burn command and control system to an alternate one in a different country in seconds or it's already online. It's almost exactly similar.
Stan: What we found is, Al-Qaeda in Iraq used information technology to enable their operations, which were largely human. Cyber allows us to take it a step different because they're not as required. They don't require the people and the physical assets and the car bombs and the attacks that Al-Qaeda in Iraq did.
Stan: So, they're even faster, they don't need the face to face connection. Carolyn asked about the human immune system. A human immune system is this extraordinary entity that detects threats to us, assesses those threats.
Constant Array of Attacks
Stan: This is the magic of it, it can tell something that is or isn't a threat, attacks it, but then learns. It learns so that the next time that threat appears, it can quickly identify it, and can go after it. What we find is, nations, organizations, commercial firms have the equivalent of an immune system.
Stan: The problem is, the immune system is very weak or corrupted because of biases, poor communications, or just inertia. It slows it down as a consequence, instead of being able to combat constant attacks like cyber is able to do. Cyber is able to create this constant array of attacks, each of which is a little different.
Stan: It requires this organic learning process to detect, assess, respond and then learn. The speed at which it happens demands the immune system of the organization to be extraordinary, like the human immune system. Most organizations haven't applied that kind of thinking to create the response of adaptability needed.
Eric: JSOC was all about understanding, learning and rapidly evolving and getting the message out and moving quickly. I have yet to see that in cyber. We take weeks and months to even understand what's happening, let alone put together a coherent response. I almost feel like we're attacking the adversary, we're defending against the adversary of the past.
Carolyn: I love the example that you give, the Krasnovia government. You talk about those drills and you talk about the military and how we run these known threat drills. It reminded me so much of what we're doing in cyber with our anti-malware. We're running known threat drills all the time. We can really only defend against what we know.
The Way a Rational Enemy Attacks
Carolyn: So, how do we morph? How do we get to where we're adapting like an immune system?
Stan: That's almost the most key point of all Carolyn. You really hit it. The idea is that militaries are designed to perfect defenses against what attacked them before, because that's known. Sometimes you can see enemy forces, you can anticipate what they can do.
Stan: If the enemy has a certain capability of types of weaponry, you can do planning against that. In the environment we're in right now, particularly in cyber, it is impossible to see what capabilities the enemy has. Because they are constantly changing. The reality is, anything you prepare for is not the way a rational enemy is going to attack. The last opponent of the United States is going to be like that with Saddam Hussein in 1990.
Stan: He put his army out in the desert and he gave us seven months to line up on it with a big driver. He put his army in and crushed it. Nobody is going to do that again. What they will do is to see what we're good at, then they will prepare capabilities against that. The thing about cyber is, because it's so organic, you have to do two things. One, you have to try to understand the enemy. But you've also got to put the mirror back on yourself.
Stan: You've got to try and understand yourself. One of the things we learned in JSOC, painfully, was we were designed to assume that we were really good. We were, but the reality was, we were more than half the problem when we started. I took over in the fall of 2003, and I'd grown up in a command.
A Person With a Hammer
Stan: I should've known and I didn't. The reality was, we were a person with a hammer looking for a nail. We just kept trying to find that nail and we were going to slam it. The reality was, we needed to look at ourselves and remake how we operated, how we thought, how we interacted. Perfectly knowing the enemy was impossible because the enemy was constantly changing.
Stan: What we had to do was make ourselves into something that is capable of very rapid adaptation. An organization that could rapidly detect, rapidly assess, rapidly respond and learn from it. We weren't originally created with that requirement in mind. That's the requirement in cyber today. It is this extraordinary reality that the answer, the threat on Monday is going to be different on Tuesday. The requirement is going to be different.
Eric: We're still fighting the old war. From the vendor perspective where we're making products for today's problems or even yesterday's in some cases. On the consumer side, the government or commercial industry side, they're putting RFPs, RFIs out for products that are old.
Eric: Products that meet today's requirements, if they're advanced. Can you do this? It is what we need today. What I'm hearing you say is, you need to think about tomorrow. You don't know the answer, so now you need to think about systems that can evolve and adapt very rapidly.
Stan: I would love to go out into our cyber force and ask a question that I used to ask young Sergeants and Lieutenants in Afghanistan. I would go out to these remote bases. I'd say, "If I told you, you can't go home until we win, what would you do differently?"
What Would You Do Differently
Stan: Usually they'd giggle a little bit because they weren't sure if I had that power. Then they would start to get these very thoughtful answers. If you went to the people executing our cyber operations and seeing the impact of the threats, you said, "Okay. If you had to win, your family depending upon it, what would you do differently?"
Stan: One of the first things you hit on, Eric, is how our acquisition process is designed for acquiring belt buckles and boots. Then we added some requirements for suppliers to be compliant. There are rational reasons for those things, but the timeline it takes for that is crushing. There is no way you could compete commercially at that timeline.
Stan: There's no way you could compete against an enemy who has no such constraints at that time. You'd have to just say if all you have to do is win, how do we have to do this? What rules do we have to throw out? And what laws do we have to rewrite to make it possible for the organizations?
Stan: But as you know, organizations and individuals get shaped over time by limitations. If I give you a task and then I say, "Carolyn, I want you to do this. But you can't do this," and I give you a list of things. "And you must do these things." I've just given you a list of excuses for why you don't get the job done.
Stan: It's not that you're an evil person, it's just that you've got these constraints and we get used to them. Typically in warfare, we start to shed some of those.
Team of Teams Defines Complicated Versus Complex
Stan: We haven't been in existential threats enough for us to throw some of those out and to think differently enough.
Eric: Even in cyber, we haven't had a consequential enough event. It pains me when my peers and people in the industry talk about a catastrophic event that finally wakes us up. That's almost what you're alluding to here in my opinion. It scares the hell out of me. That could be the power grid going down for months, which is a catastrophic event.
Stan: As you know, that's not at all impossible to do. That's very achievable for many of our opponents. They just haven't yet found a good enough reason to want to do that. Some are afraid of awakening the sleeping giant, but we're definitely not focused on that.
Carolyn: In chapter three of your book, you talked about complicated versus complex. There's a quote that I love, you cite a couple of examples. With cyber, it's not just cyber attacks as far as a zero day attack or an insider threat. It's also what's happening with society. I love that you brought up the hackers when they hit Twitter in 2013 and what happened to stocks.
Carolyn: Then David Carroll's, love that, United Breaks Guitars. You can read the example in Stan's book. I just want to read your quote here. "The amount of non-linear change that took months to play out, can now happen in the time it takes to type 140 characters. Cyber has taken us from complicated to complex." Will you talk about the difference between complicated and complex and how you're seeing that in cyber?
The Era That We All Grew up In
Stan: Complicated is the era that we all grew up in. It's the industrial age. It is an age in which complicated organizations and complicated machinery was built to do very specific tasks. It may be hard to understand, think of an internal combustion engine. Most of us don't know how to build one or fix it. But we know that if we turn the key or press the button it does the same thing every time. It was designed to do that.
Stan: If you study it or you bring in an expert, you can deconstruct it, you can figure it out. A complicated problem allows you to develop complicated solutions to it. Think General Motors and the big functional organization it created. They were making cars that while they changed, they didn't change every day. The requirement didn't change every day.
Stan: Complex is where you increase the speed of action and the number of variables. When you do that, you hit a point where it's impossible to predict the future. Once you're in a complex environment, trying to build a perfect solution to the problem is a waste of time. The problem's always changing. You can guess at it, but you can't really predict it with any effectiveness. So, what do you do?
Stan: Do you throw your hands up and say, "Well, I'll just wait and see what happens."? No. What you've got to do is try to create yourself into an organization that is organically adaptable, almost reflexively adaptable. It doesn't take an order from the CEO or the president to tell the organization to adapt. It is designed to adapt automatically to what is happening.
People’s Confidence in Systems Is Gone
Stan: Think of the cyber world where you talked about the speed at which 140 characters can be sent. Ideas can be propagated and simply an idea that plants doubt in your mind. If we all got information in the next 15 minutes that said, "The banking system is compromised. You better go get your cash out of the bank." Now, we might not go. But we would all think about it.
Stan: If somebody says, "The stock market is going to crash." If you have stocks, we'd all think about, "Well, maybe we should sell right away." Once people start doing that, they will. Then you take it a step beyond that, and you say, "Okay, I'm going to do that." You go to try to sell your stocks or get your money and the connectivity is not there and you can't.
Stan: Now that seems to fill that black space, that dark space in your head. We would all be frankly terrified. Say it only lasted six hours, then after six hours, people said, "Ah, joke's over." You still would see a reaction inside our society that would be pretty extraordinary. Now, do that in a rolling series of events, in a rolling different way.
Stan: Suddenly people's confidence in systems is gone. When people's confidence in systems is gone, they go into a tribal or survival mode with family and things like that. We've seen that in places, war torn countries and whatnot. Suddenly you have the ability to literally constipate the way our society works.
Carolyn: We're seeing that right now. Even here.
Command and Control Against Cyber
Eric: With the election, with COVID, with all of these stressors on what I will call what used to be the normal. What American citizens or even the global citizens of the world were used to, you definitely question. You question the media, you question the leadership, you question everything.
Carolyn: We know the adversary's got this terrorist approach down. That's the way they're operating. What's the first step to move from command and control, which Eric, you alluded to earlier. That's the way we're functioning on the defense side. What's the first step from command and control to more of this living organism?
Stan: I don't think you can centrally command and control against cyber because it's too fluid. What you have to do is have a series of capabilities and they need to be pushed out constantly. It's like the heart in a human body. You've got to push information and capabilities out on a real time basis. That way, the entire body is as healthy as it can be, it's as informed as it can be.
Stan: It's as empowered to act once it starts to get a threat and that sort of thing. It’s different than having information come to the top and the brain make a decision and then slowly respond. Again, you've got to empower that much closer to the edge. Because that's the only thing that will be fast enough to do that.
Stan: Now, that means that you've got to bring all the information that's coming in. It's essentially got to be brought in, infused, and been made available to people. They've got to understand that that information is critical so the most important thing is this flow of information.
Team of Teams Talks About the Dikes in Holland
Stan: That's what can make a society or an organization as resilient as possible. Not just based upon it all going one way to the brain. Because the brain is the critical node that if it stops, you're dead. Instead, it goes laterally. It goes every different direction so that as much as possible, everybody is informed. Think about our power grids. There's a move to go to microgrids and what not, which I think is intelligent.
Stan: Over time, we can be more resilient that way. You first have got to look at yourself. "What would help us most survive a series of interruptions of information flow, power," you name it? That seems inwardly focused, but it's really not. You remember from the book, we talked about the dikes in Holland.
Stan: They're not a big wall that keeps the sea out. They are, in fact, an organic system that responds to the flow of water. You can't stop water. What we're describing here is you've got to use your ability to flow information so that it is a strength and not just a vulnerability.
Carolyn: You talk about the importance of hands off, which is what you did with JSOC. I don't think anybody would've thought it was possible to spread that information out the way you did. Not only that, you empowered so many people. That's a huge part of why I think you were able to do what you did. Can you talk about that? One of my favorite phrases is brains out of the footlockers.
Put Your Brains in the Foot Locker
Stan: That goes through a story my dad used to tell me because he had grown up as a military kid. I was a smart ass young kid along with my brothers. I'd say something and my dad would look at me. He says, "Put your brains in the foot locker, I'll do the thinking around here." So, we're saying you've got to get the brains out of the foot locker because that's where it is.
Stan: When I took over JSOC, I approved every operation. Every single one. The idea was that they are strategically important and they have to be carefully controlled. They are strategically important, but there's no way one person can be the limiting factor and do it well. I certainly didn't bring massive wisdom to the approval process. It was just a process that many organizations frankly have, and they think it's control.
Stan: What we found was, it was too slow and it wasn't value added. But what we had to do is to push contextual information down in the organization. That was context that typically goes to your headquarters. They used to say that the US Navy is an organization designed by geniuses to be run by idiots. The theory was, somebody comes up with a great plan.
Stan: You just follow the checklist that you're given and it all fits together. That's fine if nothing changes. The reality is, when things are changing you have to push this context down. Then, you let people operate within that to do the best they can. The reason we describe eyes on, hands off is because it doesn't mean you push down. Then you tell people to make decisions and you go to the golf course.
Examples of Pushing Information Out From Team of Teams
Stan: It means that with today's information technology, you're pushing those decisions down. But you're now able to watch everything. You're able to be informed at every part of the organization. So every part of the organization can theoretically be really aware of what's happening everywhere else. It matters, it's context.
Stan: What we found in the fight against Al-Qaeda is they were spread not just in Iraq, but across many countries. What happened in one country was very relevant to what was happening elsewhere. We had to think broadly, inform ourselves constantly so what we did operated within that context. But that requires you to let go a little bit.
Stan: That requires you to lead in a different way, it requires you to trust your subordinates. Not only trust them, demand that they act. That's a little different. It is one thing to empower them. It's another to create the expectation, "You are going to be proactive."
Carolyn: As I thought about your examples of pushing information out, I translated that over to cyber. I thought about how we do that in the cyber world. How do we get the commercial companies to talk to our different agencies? For heaven's sake, how do we get our different agencies to talk to each other? Do you think that's what has to happen?
Stan: I do. I'll tell you my background. When I was commanding long enough ago where the cyber capability was there, it was nothing like it is now. I used to get visitors coming and they'd say, "Well, how's cyber going?" And I said, "Well, we have some very good capabilities.
There Are No Ramiuses
Stan: Let me tell you something. I can drop a bomb on an enemy leader, but I'm not authorized to send them an email. In many cases, I actually wanted to do that. I wanted to send them an email. I said, "I know who you are, here's what we want from you. If you don't do it, we're going to drop a bomb on you." And yet because cyber was new, people treated it like it was kryptonite.
Stan: So, you couldn't trust people lower down the chain to make cyber decisions because it's such a powerful tool. The reality is, you've got to make decisions way down the chain. It's not only powerful, it's really quickly moving. Yet we just had this aversion to it. Partly because it was new and senior leaders just weren't comfortable with it yet.
Eric: We don't understand it well enough.
Stan: Not at all. We know that it's kryptonite, we know that correctly used it can have tremendous effects. That is the reason we've got to get more familiar with it. We've got to be more comfortable with it. We can't be terrified of it, because then we cede all the initiative to our opponents.
Carolyn: I want to ask you about Clancy. When I first started reading him forever ago, one of the things that drew me to him was his technical detail. I truly believed that he knew you guys. When you said that there are no Ramiuses, I was like, "Ugh, my world just got rocked." I thought you, General McCrystal, are a Ramius. Can you unpack that a little bit. What do you mean by that? How does that apply to cyber?
Barrel Chested Commandos With Extraordinary Valor
Stan: I love that part because the movie, the Hunt for Red October has that amazing scene. Sean Connery was this Russian submariner who has ice water in his veins. At the critical moment he's doing multiple things. He's got a torpedo headed right for him and then he's holding a separate conversation with Alec Baldwin.
Stan: I'm sure somebody can do that, but I have never met them. The reality was what I found in this counter terrorist fight is we started thinking that the way you defeat them is to have these barrel chested commandos with extraordinary valor. It’s the ability to do things and you beat them on that level, and it's not that at all.
Stan: In fact, the ability to kick open the door and capture or kill the enemy became commoditized. Now it took good people, but the reality is a lot of different people could do that. The hard part of this is putting the pieces together. It's getting the pieces to work together. The hard part of Captain Ramius's job is getting the entire crew of a Soviet submarine to operate together as they must, without being told everything they do.
Stan: The hard part is to understand that it's constantly changing, so you've got to let people do that part of the job. We all want to be that leader with all the answers. Be the person who walks down the hallway and you have three assistants following you. You're giving them staccato instructions, "Do this, do this." They don't know why you're telling them to do it, but it all comes together in brilliance. That's absolute BS.
Making Nuclear Look Easy
Stan: The reality is, the wisdom of the crowd knows what to do. But the wisdom of the crowd, it's the constant interaction that knows what to do. It's often people doing this and people learning real quickly from that. Another part of, it's the network that does it. It's creating what you look for in leaders, and trying to develop that.
Eric: The network is the individual, it's the organization, it's the government, it's multiple governments. I don't even know how to get my hands around pulling that all together.
Stan: Cyber's very interesting. I've been thinking about this for a while. One, we haven't decided whether cyber's war or spy work or something completely different. We haven't decided if somebody comes and takes out a single bank, is that an act of war? Does that justify tomahawk strikes?
Eric: It makes nuclear look easy.
Stan: It does. We got to have that conversation. The second part is, to a great degree, we've done this balkanized effort where firms feel they have to defend themselves. Even parts of firms because they're not sure that the overall fabric of defense against cyber is strong enough. Firms are even often incentivized not to tell when they've been attacked by ransomware. It undercuts their brand and whatnot.
Carolyn: Sometimes they don't even tell within the firm. That happened with Yahoo.
Stan: There's this idea, "We gotta keep it quiet." The problem is, you've got to identify the threats so that people can develop the ability to deal with them. The threats go wide. The best way to be effective against cyber is to have this networked defense, not a series of individuals.
The Gardeners in Cyber According to the Team of Teams
Stan: My problem’s with our response to COVID-19 because it's very much like cyber, it's an opportunistic viral threat. You can't fight it as 50 different states or as X number of. Because nobody's got the expertise or resources. It's only through shared knowledge, shared assets and whatnot that you're going to do it. That's really true across the world. We're struggling with that, with cyber. We're not quite sure what it is and what it means.
Eric: Now, that's a great analogy, the COVID-19 analogy. I don't like it because obviously COVID-19 is out of control at this point, across the globe. But I would argue, so is cyber. We need to come together and do something about it. It's just getting worse and worse every year.
Stan: As you say Eric, it's not only getting worse, but the potential is getting greater. For example, we opined a little bit. If somebody attacks our ability to communicate like we are doing right now during a pandemic. When we’re very dependent upon it, it would slow down our ability to do actions, to do work. Imagine if we were all sitting at home right now afraid to physically go out. We were cut off from this flow of communication that we have. Suddenly we would be almost in the dark ages.
Carolyn: You talk in your book about being a gardener. Who do you think might be our gardeners in cyber?
Stan: It has to start at the federal level. Clearly, cyber is at every level now because we all do it.
A Resilient Cyber Capacity in the United States
Stan: There's got to start at the federal level, the theory that we are going to have a resilient cyber capacity in the United States. That means we've got to look at not just hardening certain things that we value. We have to take a look at how all of our systems work. It means you need to have sharing across all the service providers, sharing across all of the big firms and whatnot.
Stan: You're going to have to have an interaction that is probably unprecedented in American society. There's often this desire to separate off military defense, law enforcement, intelligence and businesses. Because we think it's an unholy interaction when they interact too much. I think we got to step back and say, "Wait a minute, we have got to rethink that."
Stan: There have been some actions moving, but I think it has to start at the federal level. Where you have policies that are known by every American that says, "America is dependent upon digital communication, digital interaction. Therefore, you could say it's our center of gravity. We are going to defend it, but make it as robust and resilient as humanly possible."
Eric: While being open.
Carolyn: I thought about implementing your idea of the linchpin liaison officer. I wondered what that would look like in cyber.
Stan: I'm a great believer in liaisons and fusion cells. That's places where you connect a number of different entities together in a capability that pumps out information. It performs that little heart function we talked about earlier, so everybody's aware about what's happening. The liaisons do the same thing. They tell you what's happening in another organization, they allow you to help, they allow you to learn.
Relearning the Same Lessons Over and Over
Stan: Again, the more we are stovepiped, the more we are ignorant about challenges in other places or developments in other places. We're relearning the same lessons over and over and this goes way too fast to do that.
Eric: I want to go a little personal. You've had one heck of a career. You're an author. What do you do, to decompress? How do you relax?
Stan: Generally it's good. I'm very disciplined, I have set schedules. I workout every morning, I read at night. And I do certain things that are necessary to keep me going. I can't be a helter skelter here because it's not my maximum productivity. If I don't workout every morning then I'm going to be less effective during the day than I could. I'm also an introvert. For me, interacting with people is tiring.
Stan: On the one hand, my wife jokes about it. She says social distancing is something I've been waiting for my whole life. A lot of these kinds of sessions are tiring, because you're being focused. I've found I've got to sort of meter myself. Give myself time to read and think or I just stop being as productive as I might want to be.
Eric: It's interesting, in COVID a lot of us have gone to back to back Zoom or WebEx meetings. As a leader of a business, I've struggled to think. We're always responding, we're checking in on people. We are doing what I call activity versus action. As a fellow introvert, I've got to schedule in think time, down time, or I can't see the future. I can't run the organization effectively. It's crazy. I've noticed the exact same thing.
The Right Balance
Stan: There are human interactions we're trying to replicate virtually. There's a limit to it. You can walk in your business, sense how well somebody's doing because you've done that your whole life. It's harder virtually. We figure out what the right balance is so we can put that human part in what we do. There are a lot of times we do what we do because that's what we really value.
Eric: It's hard to build that relationship, that rapport with somebody. I was with a customer today, asked some questions. I’d met them once before, briefly, but they didn't know me. They didn't trust me, I didn't know them. I couldn't read five or six different customer cubes or boxes on the WebEx session along with my people intermixed in between.
Stan: Now my eyes are going into 20 places, I'm trying to read people. Some of which I've never met before. I don't know any of them. It's challenging and taxing on the mind. I'll schedule some down time and think, "How would I do that differently? How would I do that better? What questions would I ask, what format should I use?"
Stan: I'm with you, it's a whole new world. It's going to be interesting as we navigate it, we'll get to some hybrid. If we're going to have to be very thoughtful and intentional about what we create.
Carolyn: Thank you so much for spending time with us. To all of our listeners, read Team of Teams. If you've already read it, read it again with cyber in mind. Let's take our brains out of the foot locker.
About Our Guest
A transformational leader with a remarkable record of achievement. General Stanley A. McChrystal was called “one of America’s greatest warriors” by Secretary of Defense Robert Gates. He’s widely praised for launching a revolution in warfare. He led a comprehensive counter-terrorism organization that fused intelligence and operations, redefining the way military and government agencies interact.
The son and grandson of Army officers, McChrystal graduated from West Point in 1976 as an infantry officer. He completed Ranger Training, and later Special Forces Training. Over the course of his career, he held leadership and staff positions in the Army Special Forces. Also in the Army Rangers, 82nd Airborne Division, the XVIII Army Airborne Corp, and the Joint Staff. He’s a graduate of the US Naval War College. He completed fellowships at Harvard’s John F. Kennedy School of Government in 1997 and at the Council on Foreign Relations in 2000.
From 2003 to 2008, McChrystal commanded JSOC - responsible for leading the nation's deployed military counterterrorism efforts around the globe. His leadership of JSOC is credited with the 2003 capture of Saddam Hussein. It’s also credited to the 2006 location and killing of Abu Musab al-Zarqawi, the leader of al-Qaeda in Iraq. In June 2009, McChrystal received his fourth star and assumed command of all international forces in Afghanistan.
A Memoir, Team of Teams
Since retiring from the military, McChrystal has served on several corporate boards of directors. That includes Deutsche Bank America, JetBlue Airways, Navistar, Siemens Government Technologies, Fiscal Note, and Accent Technologies. A passionate advocate for national service, McChrystal is the Chair of the Board of Service Year Alliance. It envisions a future in which a service year is a cultural expectation and common opportunity for every young American.
He is a senior fellow at Yale University's Jackson Institute for Global Affairs, where he teaches a course on leadership. Additionally, he is the author of the bestselling leadership books, My Share of the Task: A Memoir, Team of Teams: New Rules of Engagement for a Complex World, and Leaders: Myth and Reality.
General McChrystal founded the McChrystal Group in January 2011. Recognizing that companies today are experiencing parallels to what he faced in the war theater, McChrystal established this advisory services firm. It aims to help businesses challenge the hierarchical, “command and control” approach to organizational management