My Review of Drapeau’s Social Software and National Security Paper

So I’ve been sitting on Dr. Mark Drapeau’s (with Linton Wells) paper entitled Social Software and National Security (download here) for a few weeks.

I took a quick peruse the other day and was digging what I was reading but thought I’d take a deeper dive on a Sunday morning.

Here are my thoughts:

1) Interesting title. I’ve noticed people don’t use the term “social software” very often. It seems like we are still battling terms that actually mean something but also excite the common purpose. Thus the battle between Gov 2.0 and other terms like open government. I read a blog by Forrester the other day trying to stop the use of the term “social media”

2) This is so true and the problem is technology/web 2.0 sites move so fast that they are always late. I loved it at my old job when they blocked Myspace but not Facebook. Ha….”There is no coordinated, department-wide policy for DOD (or, insofar as we are aware, any other USG agency) or set of guidelines for using the universe of social software tools internally, between agencies or other entities, or with the public. It is unclear in many cases who, what, when, where, why, and how such tools should be used while at work, and while not at work. This leads to confusion and inconsistencies. One USG agency blocks a certain Web 2.0 site, and another down the street allows it.”

3) While not incredibly catchy (we got to create some better buzzword framework around this), I like the framework used in this paper: inward sharing, outward sharing, inbound sharing, and outbound sharing. I haven’t seen such a specific framework but I think it is useful. Reading the paper the differences became evident and useful. My first take though is the names of the terms are too similar and bleed together.

4) Love Company Command (ex. 2.1.1) – Those guys rock. Google the story if you can. It’s Gov 2.0 started 10 years ago.

5) I’ve heard about that GovLoop thing (ex. 2.2.1) – I’m skeptical but it sounds cool……ha…..

6) This paper does a good overview of the four types of social software uses and a couple good examples. Pretty basic stuff if you’ve been in the space. But also very clear, brief, with nice examples to pitch the new boss.

7) I like this recommendation – “Analyze the Balance b/w Sharing and Security” – People always forget we always take risks with our employees – we allow them to go home where they can leak info to friends/family, we give them email where they can attach files and sent to reporters, etc. – “This does not only apply to the battlefield. In one anecdotal example, a public affairs group is charged with promoting military videos online using YouTube, but simultaneously cannot access YouTube from their work computers. ”

8) Prepare to Discard Some Legacy Systems and Processes – Another recommendation I like. Essentially, social software is not just an add-on to existing systems and processes. To truly be revolutionary, it needs to replace existing actions so it’s not just more work. For example, a move to a robust wiki/collaboration system should lead to reduce email not both.

In general, I think it is a good overview for anyone trying to understand the changes and possibilities when Web 2.0 and Government meet. Insiders should send the paper to their boss as a good overview – bosses always like to hear the same ideas from another trusted source (and DOD, NDU is a good one – it’s not the young, hip, free-spirit agency that one would expect to pushing this message). People new to the space should read this paper as a good intro.

My only downside of the paper is I think we can snazz it up a little. The title and terms in framework make it seem a little drier and more DOD specific than it really is. This is really the fun 101 (or 201) intro to Gov 2.0 you always wanted.

Keep up the good work Drapeau. You’ve written the paper the community has needed….

Leave a Comment

13 Comments

Leave a Reply

Matt Topper

Steve, some great points on the paper which I agree wish most of them. One of the things that I would have liked to see was a list of software that can be installed and utilized internally for the inward sharing aspect of things. Mark has a great list of the publicly available sites, but I don’t believe any of the services listed offer a hosted or downloadable solution. I know naming vendor products is always a no no in papers like this, but OSS deployble solutions would have been nice. I’m actually working on a post / list as a supplement. I feel that inward sharing has some of the most immediate impact on the agencies discussed.

Matt Topper

Thinking through the paper I think one of the other problems we’ll see is how do we verify the identities of government employees for outbound sharing. As we’ve seen on twitter, many of the agencies normal acronyms and names have already been taken and they’ve been forced into using alternatives. There is no central system today that validates who identities of the people behind the keyboard on these accounts.

This was one of the hot topics at #gov20camp last month. Jack Holt specifically brought up this same issue that he found when starting the social march for his agency. The resounding solution seemed to be a government sponsored OpenID server that could be used to authenticate to these services. This could also remove access from these accounts when an employee no longer works for an agency.

Authentication to the OpenID server could be done through the CAC card system, but that could pose a problem when authenticating from home. Hmmm…

Richard Fahey

Good points. I think some of these points could actually relate to private sector organisations also.
#2: The results of this survey are interesting, because it tells you that this issue is faced by other countries. Indeed, in my multinational organisations sites are blocked on a country basis e.g. UK blocks Youtube, Norway doesn’t. Therefore if private companies cannot even agree on common policies, I guess it will be difficult for entire governments.
#7 I know of a plenty of companies that have profiles on Youtube and Facebook, but simultaneously block access to these sites for their own employees. It seems if the IT department has one example where someone betrays organisational trust by doing something naughty on these sites, they have a reason to block them for everyone.

Bob King

I also had an opportunity to read the pre-publication draft of this paper. While at the STRATCOM Cyberspace Symposium 10 days ago in Omaha, I tried to work the “Balance Between Sharing & Security” in whenever possible.

In order to have significant adoption throughout DoD and U.S. Government, this can’t just be a “bottom up” grassroots effort. It’s going to take endorsement by senior leadership. That endorsement is needed so that the bulk of people will realize it’s OK to use it. But, more importantly, it will take that level of sponsorship to break down the barriers imposed by the Information Assurance shops.

No amount of grassroots effort will result in changes to access policies without support from the top.

Mary Davie

In my conversations with colleagues (senior execs), the term “social media” often implies “non-business” related activities to the unfamiliar. When trying to explain the functionality and value of the technology many immediately blow off a serious discussion thinking of tools like facebook or myspace as a place to play with friends and nothing more. In one meeting I participated in, there was actually discussion that we should stop using the term social media because of what many associate with the term. I think it will take some educating for many to understand what social media and or Gov2.0 means and the value the technologies bring.

Andrew Krzmarzick

Good thoughts, Steve…I’m going to review it (though I’ve had it for several weeks as well!) and offer some feedback in the next couple days. I hope to think through the language issue…although many key stakeholders may want something more vanilla…vs. chocolate-butterscotch swirl. 🙂

Mary – regarding education, check out my slides on social networking and government from last week’s Gov 2.0 Bootcamp…let me know how I can enhance them to better drive home the business value of these tools. I am trying to build out slide decks and presentations designed to overcome resistance/reticence, especially among potential champions.

Emi Whittle

Not sure why yet, but I can’t access the article — and I would love to read it! I’ll work on that next… How about a term like “Communications Media”…. at least for some of the sites and tools since it is all about utilizing different forms of communications…. and every company and government agency surely needs help with communications! Apparently this includes me since I can’t read the article…. 🙂

Adam Arthur

This is a very well written and thought-out document. I just wish someone high-up in the federal government would hurry up and flash out some basic criteria for us so we can get more things moving! Everyone here wants to do something but they seem to be running in a circle. Politics, inner-feuding, whatever…they want to adopt something, but then they stop and halt approval for “this” or “that”. I understand we have to consider many things to include everyone. Here are a few basic rules I can understand:

Access for the Disabled
The Rehabilitation Act requires that all government Web content be made reasonably accessible to those with disabilities.

A Ban on Endorsements
Since the government cannot endorse commercial private organizations, some federal Web pages cannot link externally.

Purchasing Rules
Federal agencies must follow contracting rules when they make commercial software purchases costing more than a certain amount.

License Agreements
The Feds can’t draw on content from sites like YouTube that require terms-of-service agreements based on state laws.

Levels of Security
Depending on the information, the Feds can’t post EVERYTHING. The Privacy Act and matters of national security come to mind.

But once these things have been covered, I don’t see the problem with letting us do our thing. I’ve been hired to implement this into a division, but you wouldn’t believe the road blocks.

Lawrence Charters

Your link to the document leaves out the final “f” in .pdf — it would help the world greatly if you properly linked it.

Henry Brown

Blog commentary about said paper from a retired admiral

http://tinyurl.com/cpjv9t
Social Software and the National Security Discussion

Despite some limited success, isolated pockets of bottom-driven informal pilot projects are not the same as a coordinated top-down effort to determine appropriate government uses for social software. Such broad uses include balancing security with transparency, writing policies for use of social software, training personnel to be ready to use the tools, conducting research and acquiring private sector materiel as appropriate, understanding its uses for intelligence and public affairs applications, and assessing the strategic implications for the USG and other countries.

Social Software and National Security: An Initial Net Assessment (PDF) by Dr. Mark Drapeau and Dr. Linton Wells II

The assessment of current social media engagements by the authors of this report in regards to the military services is pretty much on target. Only the Coast Guard can walk chin up with these technologies, and I think even they would admit they have a ways to go before getting where they want to be.

I have read a lot regarding how social media works for business environments, but I don’t think I have seen any descriptions as well defined and easy to understand as how this report presents social software to the military services. The report includes a good summary of how social software can work for the military services.

The first function is Inward Sharing, or sharing information within agencies. This includes information sharing not only during military operations, but also within offices for budgets, human resources, contracting, social, and other purposes, and coordination between offices and other units of an agency.

The second function is Outward Sharing, or sharing internal agency information with entities beyond agency boundaries. Outward sharing includes coordination during the Federal interagency process; sharing information with government, law enforcement, medical emergency, and other relevant entities at state, local, and tribal levels; and collaboration with partners such as corporations, non-governmental organizations (NGOs), or super-empowered individuals (billionaires, international CEOs, etc.).

The third function is Inbound Sharing, which allows government to obtain input from citizens and other persons outside the government more easily. Inbound Sharing includes gauging public sentiment on issues in real time (not unlike instant polling), allows government to receive input on current topics of interest, empowers the public to vote or otherwise give weight to other people’s opinions to reach some consensus or equilibrium about online discussions about government issues, and provides a mechanism for crowdsourcing, which is effectively outsourcing projects to a group of people whose membership is not predefined (not unlike a contest or challenge).

The fourth function is Outbound Sharing, whose purpose is to communicate with and/or empower people outside the government. This includes a range of efforts such as focused use of information and communications technology (ICT) during stabilization and reconstruction missions, connecting persons in emergency or post-disaster situations, and communicating messages in foreign countries as part of public diplomacy efforts. It also includes functions like using multimedia and social media for better communication with citizens as part of public affairs.

I think this report would be valuable reading for anyone who thinks social software technology can improve their organization, for example, a maintenance wiki for ships or a way to build collaboration internally or that connect to external organizations. This is an excellent beginners guide in my opinion, perfect for the culture of large organizations that want to be adaptable, but are slow to change. I also think the content in this paper scales very well to private business.

There are two sections I think are missing from this report.

First, the report doesn’t provide much intellectual context for information warfare with social media, both at the national security level or for corporate use. Oh yea, there is tremendous value yet to be leveraged with information operations utilizing social media to shape opinions and perception towards specific products. There are already several examples in the idea space that largely go unnoticed.

For example, it is only a matter of time before the other think tanks decide they are tired of being flanked in the idea space by CNAS, who already leverages social media to conduct information operations every single day in regards to the Army and the national security debate. Good ideas from other think tanks are being ignored in favor of crowdsourced ideas that folks in the field contribute to and believe in as part of the CNAS social media presence. Folks like CSBA, Heritage, CAP, CDI, AEI, and CSIS spend a fortune producing reports with new ideas, then may spend even more putting on a symposium to spread these ideas, only to often find a limited follow-up activity has left a small sample of individuals understanding the content. The buzz generated quickly becomes the hum of background noise, and the impact is steadily lost in favor of a new idea before the information was able to develop purpose.

A single think tank research report could be an investment of $50,000 in research hours alone, and yet most of the time when I ask, most analysts don’t know what happens with their information except among certain circles. In the future, social media will be how researchers measure the return on investment of ideas, because when information sharing is inward, inbound, outward, and outbound you get as much out of your information as you put in, and you know who your information is reaching. Information has value, and yet, if I have linked a think tank report, I know how many people and who those people are who go to a report from ID, which is more information than the writers of the report themselves probably know about their own information.

Second, while this NDU report discussed branding, it did not discuss identity. If you want to see a great discussion in the Army about identity, this discussion is fantastic. Information warfare through social media is often described as asymmetric warfare. Identity is information, a shaping operation for information context, so when you give your identity in cyberspace you do so for the tactical purposes of shaping information. By saying you are Captain Jim Smith, US Coast Guard, you have taken a symmetric warfare tactical approach in information shaping operations for your strategic communications in a social media engagement. Does the US Coast Guard social media policy even recognize this? I hope so.

Content that is published consistency in social media (including comments) is considered branding. A disclaimer is the brand. If you want to build your online brand you have to know how all your activities work together. You need a consistency and congruency. Each part of the social media puzzle builds into a picture people have of you, how they imagine you to be relates to how you really are to the degree you get this stuff right. From an organizational perspective, the complexities extend to how a military service brand comes together when multiple individuals are posting all with the same disclaimer. The impact of this on any information in the social software space will have a shaping effect. If you follow any number of Navy news folks on twitter, the only shaping effect one finds is chaos.

I see the NDU report as very well written and thought provoking in several ways. I can already see where some of the ideas promoted will need explanation or be dismissed as trendy absent context for how the methods can be effective. If you work in media, new media, public affairs, or you are simply looking for more efficient ways to crowdsource project development and idea collaboration, this report is a good place to start.

Mark D. Drapeau

Matt – One big problem is that with gov computers it is very hard to download anything for any reason without getting special permission from “IT” – who often doesn’t understand what the heck you’re trying to do. I have been meaning to ask for permission to download a ton of things like TweetDeck, etc. just to get an answer.

Mark D. Drapeau

We used the term social software not only because it’s fairly broad and all-encompassing on a quickly changing topic area, but also because most government employees probably know what “social” means and what “software” means – and we just have to explain the pairing. (Many wouldnt understand “social media” for instance…)