GISC’s Social Media Roundtable

On Thursday, 25 March, I attended a gathering of civilian, military, and contractor personnel to discuss social networking/social media with two government representatives and two interns from STRATCOM’s Global Innovation and Strategy Center (GISC). The objective of the GISC is to assess the value of Internet-based Capabilities (IbC) to military operations. The project started in mid-Feburary and is slated to end on 1 June 2010. Results will be submitted to VADM Mauney, Deputy Commander, USSTRATCOM.

Option 1: Click on the thumbnail below to view a colorful summary of the discussion, as built by Wordle.net.

Option 2: Read on…

STRATCOM/GISC Reps:

1. John Hudson, DAF Civ
2. Sarah Mussoni, DAF Civ
3. Meghan Obermeyer, GISC Intern
4. Chris Fripp, GISC Intern

Attendees:

• Tamie Lyles-Santiago (GS, OSD (NII)
• COL Kevin Arata, Army (PA)
• Juanita Chang, Army (PA)
• Jack Holt, DoD (New Media/PA)
• Chris Rasmussen, National Geospatial-Intelligence Agency
• Capt Joseph Watson, USAF (EWI @IBM)
• Noel Dickover (ctr), OSD (NII)
• Maxine Teller (ctr), OSD (NII)
• Teri Centner, BAH (Joint Staff)
• Tracy Johnson, BAH (Strategic Comm)
• Matthew Bado, BAH (Strategic Comm)
• Dr. Mark Drapeau, Microsoft
• Frank Nagle, Mandiant
• Richard O’Neill, Highlands Group

Overview of topics discussed during the roundtable:

1. Social Media Policy Implications
2. OPSEC and CyberSecurity Training
3. Social Networking Success Stories
4. Collaboration vs. Coordination/Cooperation
5. The “Fourth” Network

To open the discussion, Mr. Fripp told us the GISC wanted to review the benefits and potential drawbacks of allowing military and government employees to use social networking/social media, focusing on security concerns and potential from collaborative efforts. Because it was an open forum and there were about 20 people in attendance, the discussion was quite varied, and often meandering. Below are the highlights.

** Social Media Policy Implications **

Mr Holt belives the new DoD directive-type memorandum on Internet-based Capabilities indicates a fundamental shift in how DoD sees the Internet. Instead of seeing it as a fortress to be defended, the DTM causes us to see the Internet as a field of maneuver. He believes that having a more open policy is a good thing for DoD organizations; having a policy means resources can be planned and budgeted for, in an effort to support that policy. COL Arata of Public Affairs agreed, saying that before the DTM a PAO had to prove the utility of social media participation to the Commander and DAA in order to get buy-in. Now that the DTM has been issued, the utility of social media is established, so it’s up to the Commander or DAA to justify not allowing the PAO to use social media sites.

In order to get guidance for the DTM out to the workforce in a more rapid fashion, OSD is moving away from publishing an Implementation Guide, which would require a formal issuance from WHS prior to being published. Instead, they are developing a Knowledge Hub for discretionary guidance on Internet-based Capabilities. The Services, on the other hand, are going more “old school” with their implementation guidance. In many cases, though, they’re using Web 2.0 methods to develop and publish that guidance. The Marine Corps has posted their guidance while the Navy is crowdsourcing guidelines for both official and unofficial use on DoN CIO’s the Pulse. The Air Force is moving forward in phases, with PACAF being the first phase and the Army has posted their guidance on SlideShare.

Somebody in the group suggested that we look at IBM’s social media policy, which many people in the social media community consider to be “best of breed.” The IBM Social Computing Guidelines, which are employee-created, basically state that IBMers are individually responsible for what they create and releasing proprietary information is prohibited. The guidelines apply to blogs, wikis, social networks, virtual worlds and social media. “We don’t police,” says one of IBM’s three social media employees. “The community’s largely self-regulating… Employees sort of do that themselves… And that’s worked wonderfully well.” The bottom line is for IBMers to be thoughtful content creators on the web. “If it helps you, your coworkers, our clients or our partners to do their jobs and solve problems; if it helps to improve knowledge or skills; if it contributes directly or indirectly to the improvement of IBM’s products, processes and policies; if it builds a sense of community; or if it helps to promote IBM’s Values, then it is adding value.”

**OPSEC and CyberSecurity Training**

Because a more open NIPRnet is now the default policy, we now have a responsibility to train our people in its responsible and effective use. We must examine what security should look like. As Mr Holt says, it’s like moving from a walled city with guard towers to open communities with constables on patrol. Yes, there are significant threats in working on the Internet, but the military trains to meet the threats on every field of maneuver. It means as members of the DoD, we each have a greater responsibility to protect each other. Perhaps in a change from what we’re used to, our families are in the same field of maneuver as the conflict. We all should have a look at the Social Networking Sites safety checklist and the games (http://socialmedia.defense.gov/index.php/games/;, http://cups.cs.cmu.edu/antiphishing_phil😉 that help us teach our families.

In addition to his fortress simile, Mr. Holt also likened the Internet to the Roman road system. Just as DARPA launched the Internet we use today, the public road system of the Romans was thoroughly military in its aims and spirit. It was designed to unite and consolidate the conquests of the Roman people, where the purpose of the Internet was wartime communications. The Roman road network was important both in maintaining the stability of the empire and for its expansion; on the other hand, it also offered avenues of invasion for ‘barbarians’.

**Social Networking Success Stories**

Mr. Dickover suggested that despite the hindrances of stovepiping, there are still many successes we can claim in the DoD that were all enabled by Internet-based capabilities. As a quick aside, he reminded us the reason that phrase was used in the DTM was because social networking happens to be what’s big today. We don’t know what the next big thing will be, but we know it will be Internet-based. He also said that ethics weren’t covered in the DTM because it was understood by everyone working on the policy that all ethics regulations would still apply. (OSD/NII has apparently been asked repeatedly about this, however, so maybe it wasn’t as clear as they thought.)

Getting back to the subject at hand, he asked if people could share their success stories. He told us about the United States Coast Guard and Haiti JTF being able to use crowd-sourced information to start looking for earthquake survivors in the days after the earthquake. He said that since most of the local officials (like the UN) who would have normally supplied the information had also suffered the effects of the earthquake, so the military folks went to text-message-generated info (Google “Haiti 4636” for more info) that was posted to open mapping communities on the Internet. In the beginning they were afraid it might be erroneous, but figured it was better to chase a bogus lead than sit and do nothing. They found much of the Internet-based information to be valid and were able to help hundreds of people.

COL Arata was also able to share success stories of Commanders interacting with people at all levels within their commands. Most of them were based on Facebook groups/fan pages that are used to communicate with family members about base/community issues. He said that what PAOs and Commanders are finding is that the “open door” policy that leaders have always talked about are now truly in effect. Anybody can post on a unit’s Facebook wall, and if somebody is paying attention (as they should be) they can get an answer with 24-48 hours.

Dr Drapeau, author of a 2009 NDU paper called “Social Software and National Security: An Initial Net Assessment“, noted that a “positive feedback loop” is one of the most overlooked and undervalued features of social networking. “Crowdsourcing” can enable quick(er) answers to questions that used to take a week, month — or even year — to go through staffing channels. Granted, sometimes an immediate answer is not forthcoming. Despite that, a question can still be acknowledged very quickly, letting everyone involved in the process feel that their input is valued and encouraging them to keep participating. In addition, it is much easier to find other people who have the same question or problem, which often makes the input more important to those who can fix it. Mr Dickover agreed with Dr Drapeau’s premise, saying that developing the IbC DTM through crowdsourcing methods took only a fraction of the time that it took to later staff the memo for approval using traditional staffing channels.

We also discussed the utility of social networking to create working groups that go way outside organizational boundaries. Dr Drapeau mentioned that he had been corresponding and/or working with most of the people in the room via Twitter or Intelink long before he met them in person. He made a specific example of how easy it had been for me to mix with the “Gov 2.0” community in Washington, DC, after I moved here from Germany in November because I had been building relationships with people using social media tools both inside and outside the firewall. He noted that it was specifically these types of relationships that resulted in all of us being at the roundtable discussion at all.

**Collaboration vs. Coordination/Cooperation**

Somebody mentioned that the reason social networking on the Internet works so well is that most of them allow data discovery/sharing through APIs. Unfortunately, many DoD and Federal agencies are building social networking and collaboration capabilities within their own enterprise, which hinders information discovery and sharing. Ms Lyles-Santiago believes that the right conversation needs to happen with the Federal CIO and the Federal CTO if we want to consolidate the masses into a single enterprise. She said that something similar was done in the past — with the help of Congress, who holds the purse strings — to create consolidated capabilities like DTS and DFAS. Many people around the table disagreed that the CIO/CTO would be able to make the necessary changes, but did agree that discovery of information, both inside and outside the firewall, is critical to the success of collaboration and information sharing.

Mr Rasmussen reminded us that we often use “collaboration” as a buzzword, but that it is not the same thing as cooperation or coordination. The DoD, the National Security community, and the Federal government need to understand this before implementing myriad stove-piped systems designed to provide “collaborative capabilities”. (He coined the term “solution pollution” to describe this problem.) A good definition I found while researching his comment was: “Collaboration is a process in which organizations exchange information, alter activities, share resources, and enhance each other’s capacity for mutual benefit and a common purpose by sharing risks, responsibilities, and rewards.”

He referred us to a graphic in a 2008 article from the Economist Intelligence Unit . The graphic indicates Coordination involves narrow goals (e.g., Get this done…), Cooperation involves broad but mandated goals (e.g., We need to…), whereas collaboration involves share and common goals (e.g., I wonder if we could…). The associated text warns us that “Businesses need to approach collaboration strategically, and — as with any business strategy — seek to align people (culture), processes and technology with the project goals. In the case of collaboration, that alignment must take adequate account of the level of trust required to improve the chances of success in each form of collaboration.”

**The “Fourth” Network**

The subject of technology strategy turned discussion to the concept of “the fourth network.” In the past few years I have heard various senior leaders address the possibility of completely disconnecting the NIPRNET from the Internet. If this were to happen, the average senior leader would need four terminals on a single desk: JWICS, SIPRNET, NIPRNET, and Internet. The representatives from OSD(NII) said that avoiding the creation a fourth network was one of the reasons the IbC DTM was written. Many at the table agreed that inter-agency and inter-governmental communication are hard enough as it is, but that all communication outside the national security community would be severely hampered by such a separation of networks. Mr Holt offered an alternative idea: perhaps the NIPRNET shouldn’t be a physical network at all, but something secure but cloud-like, that could be accessed from any approved computer from anywhere on the Internet. He used Intelink-U as an example, but suggested that it could be opened up to other Federal agencies. I suggested that perhaps in such a scenario, the Federal PKI Bridge could be used as an authentication solution for any Federal agency that wanted to participate, so that users wouldn’t be subjected to memorizing yet another username and password combination.

At this point, we had been talking for two hours and our room reservation had come to an end. The STRATCOM representatives thanked us for our time and promised to share a copy of their final report.

(If others who were there feel my memory of any part of the discussion is in error, please let me know in the comments, and I will update my post.)