As the shift continues from the manufacturing economy of the industrial age to the digital economy of the information age, US national-security organizations need to transform as well. American military forces have been, and continue to be, the most capable in the world, but the national-security infrastructure, refined and perfected during the 40-plus years of the Cold War, is increasingly ill suited to the challenges the United States faces today. Volatility, uncertainty, complexity, and ambiguity are so pervasive they have spawned a military acronym: VUCA. Yet the inherently bureaucratic national-security institutions have failed to keep pace. The US Department of Defense (DOD) is still largely governed by the Goldwater-Nichols Department of Defense Reorganization Act of 1986, which focused more on procurement efficiency and unity of command than responsiveness to volatility, uncertainty, and the rest.
Similar changes are roiling the business world. But there, companies are successfully adapting by flattening their structures, exploiting modern information technology, and empowering managers to create flatter, faster-moving, and more flexible organizations. And though some would argue that these new-age management techniques don’t apply to an organization as large and complex as the Pentagon, in fact, they have been successfully deployed in numerous settings in the defense and security arena, and can be usefully adopted in ways that recognize the DOD’s unique context.
Too slow to adapt
The Goldwater-Nichols Act sought to address operational shortcomings and inefficiencies. The structures, processes, and systems that resulted were like the body’s slow-twitch muscles—well suited to the stable dynamics of the Cold War but inadequate for the pivots and twists now required.
Weapons acquisition provides a powerful, strategically important example. Take the quest to secure Mine-Resistant Ambush-Protected vehicles (MRAPs) to protect US forces from improvised explosive devices (IEDs) in Iraq and Afghanistan: When Robert M. Gates became defense secretary in 2006, he was alarmed to see that the Pentagon was slow to provide protected mobility for soldiers, famously observing that the troops in Iraq and Afghanistan were operating on a war footing, but the Pentagon was not. By 2007, IEDs accounted for 69 percent of the wounded and 63 percent of combat deaths in Iraq. Protected vehicles were scarce and had limited uses. Worryingly, the Pentagon considered the MRAP just another in a long list of programs it was pursuing. In May 2007, Gates decided it should be run outside the calcified procurement system. MRAP production surged from 82 vehicles a month in June 2007 to 1,500 vehicles a month in December 2007.
Across all acquisition programs, an inflexible and slow process limits the current and future strategic options available to leaders. The current acquisition portfolio contains solutions conceived in a very different world. More than 25 years after the dissolution of the Soviet Union in 1991, fully a quarter of spending is on Cold War programs. Another 55 percent relates to programs conceived after 1991 but before 9/11. Only 20 percent of spending goes to post-9/11 programs. It certainly appears that there has been little reallocation of defense spending to reflect shifting threats.
The lack of agility extends across the national-security apparatus. A government report on the 2012 attack on the US consulate in Benghazi pointed to bureaucratic delays, criticizing the system for not being able to respond more quickly to the initial reports that the American diplomatic compound was under attack. Although it is now clear that help could not have arrived in time, the report notes that “despite President Obama and Secretary of Defense Leon Panetta’s clear orders to deploy military assets, nothing was sent to Benghazi, and nothing was en route to Libya at the time the last two Americans were killed almost eight hours after the attacks began.”1
Agility: The real third offset
In his speech that served to launch the “third offset” strategy, Secretary of Defense Chuck Hagel set out his vision for coping with change, saying, “Disruptive technologies and destructive weapons once solely possessed by only advanced nations have proliferated widely and are being sought or acquired by unsophisticated militaries and terrorist groups.” He therefore called upon the United States to seek a new means of “offsetting” enemy capabilities, as was done in early 1950s with nuclear weapons and again in the mid-1970s with stealth and precision-guided weapons. The first and second offsets primarily involved leveraging US technology, and many have assumed that this will be the core of any third offset. But Deputy Secretary of Defense Bob Work was clear that it won’t be just about technology: “A third offset strategy will require innovative thinking, the development of new operational concepts, new ways of organizing, and long-term strategies.”2
The phrasing reminds us of the business world, which has been confronting challenges not dissimilar to the military’s. Here, too, VUCA is an apt term. The average life span of a company listed in the S&P 500 has decreased from 67 years in the 1920s to just 15 years today. Yale University professor Richard Foster found that on average an S&P 500 company is now being replaced every two weeks, and he estimates that 75 percent of current S&P 500 firms will be replaced by new firms by 2027.
In fact, business has been coping with such changes for some time. IBM had its most profitable year ever in 1990, but three years later the company lost $16 billion, undone by organizational complexity and an insular corporate culture. Many thought Lou Gerstner had joined IBM to preside over its breakup. Instead, he orchestrated a competitive and cultural transformation, as described in his book, Who Says Elephants Can’t Dance?
As disruptors upend markets, treaties dissolve, new regulations shift the rules, and talent is siphoned off by competitors, companies in every sector are either harnessing these forces or getting left behind. Winners are redesigning their strategies, rejiggering their operations, and getting closer to their customers. There is a thread that connects all of these efforts: a much more important role for cross-organizational teams, and a willingness to sidestep much of the established structure.
As they make these moves, companies are seeking the ideal qualities of agility—the ability to be both highly dynamic and inherently stable at the same time. It sounds paradoxical, and many organizations struggle with it, mistakenly thinking they only need to be faster. Those that manage to be both—organizations we call agile—are not only surviving but even thriving in this increasingly stressful world.
Why are dynamism and stability the hallmarks of agility? Our research suggests an answer. Over the past 15 years, McKinsey has developed and refined its Organizational Health Index (OHI) to assess the discrete elements of organizational effectiveness. The OHI data set includes more than 1,100 public and private organizations, is global, and spans every major industry. The healthiest companies—those in the top quartile—deliver returns to shareholders three times higher than the rest. Similar results are evident in the public sector.
When we studied speed and stability, we found that organizations had widely varying capabilities (Exhibit 1).3 Relatively few stood out as being especially agile: 58 percent of them had speed, stability, or both that hovered near average. Eight percent were fast but not stable, similar to the now-familiar start-ups that have pervaded all areas of business. An additional 22 percent of organizations were either slow and unstable, a group we describe as trapped (14 percent), or slow and stable, which we call bureaucratic (the remaining 8 percent).
Twelve percent of our sample were agile: organizations that are both quick and stable. Intriguingly, these organizations were much more likely to be in the top quartile of organizational health than others (Exhibit 2). The bureaucratic organizations—and though we have not surveyed the DOD, we think it would probably qualify as one—have by far the poorest organizational health of the three non-agile types.
Resistance is feudal
Of course, organizations are by no means monolithic, and some parts can be much healthier and agile than others. Certainly, exogenous conditions (for example, the authorities given to the US Special Operations Command) contribute to differences in performance. However, the vast preponderance of variation comes from three internal forces of resistance: the desire for control, organizational complexity, and a cultural aversion to risk.
Desire for control
Layering of management structures and functional silos can often result in decisions being forced to higher and higher levels of management. Within each military service, only the secretary has the authority to integrate across functional, mission, and geographic issues. The only officials with the authority to integrate across separate war-fighting domains are the secretary and deputy. In organizations as vast as the DOD, that is an impossible burden to put on two people, no matter how capable. Without question, some level of control is essential in every organization. Checks and balances, independent reviews, and governance bodies all work to improve decisions. However, national-security organizations have gone far beyond the efficient frontier. Peter W. Singer of the Brookings Institution observed, “Although commanders are empowered as never before, the new technologies have also enabled the old trends of command interference, even taking them to new extremes of micromanagement.”4
Former Secretary of Defense Robert M. Gates has referred to the Pentagon as “the largest and most complex organization on the planet.”5 Few would argue. And the problems of complexity are well known: simply put, complexity makes it harder for individuals to get things done. But isn’t complexity part and parcel of being big? Yes and no. Research suggests that some complexity is essential and value-adding (for example, the range of missions, geography), and some is imposed (for instance, federal law), but the rest of it is largely dysfunctional, self-imposed, and worth reevaluating. Federal acquisition regulations, for example, have become so complex that the Air Force is considering building an artificial-intelligence system to navigatethe thousands of pages of rules and policies.
Cultural aversion to risk
Behavioral economics has demonstrated that humans weigh risk twice as heavily as a similar benefit.6 Individuals worry about being wrong, making a superior angry, or alienating other parts of the organization. Without an imperative to act (such as the profit motive in the private sector), individuals rationally seek ever more information, conduct additional analysis, build consensus, await direction or permission, or optimize for those most important to them (their “tribe”), rather than the enterprise. This often results in lowest-common-denominator recommendations to senior leaders—what Michèle Flournoy, former undersecretary of defense for policy, calls “the tyranny of consensus.” Only when the organization must respond to a crisis will individuals stick their neck out. As mission needs surge, the risk of inaction is no longer acceptable, entrepreneurialism and best-effort judgment are rewarded, and errors become expected, accepted, and corrected. A common refrain we have heard from national-security executives is, “I wish my organization could perform all the time like it does in a crisis.”
What does organizational agility look like?
Our work has highlighted three core areas where agile organizations excel: organizational structure, which defines how resources are distributed; processes, which determine how things get done; and people.
Structure. Agile organizations set a stable, simple structure as their backbone. The top team comprises the leaders of the missions and core functions, with mission leaders typically deciding how the budget is allocated. The dynamic dimension is built from modular teams. The teams have clear missions with autonomy to make decisions and are charged with end-to-end ownership of a process with a clear customer (or, in the national-security context, with mission outcomes). Firms such as Google, ING, and Siemens use this structure to great effect. These units can come in many different sizes, mission sets, and capabilities; they are the “apps” of the organization.
Process. Agile organizations keep their operations stable by underpinning the way they work with a standardized, minimally specified set of core processes. These are usually “signature” processes—the essential activities at which the company must excel in order to win. These processes are often hard for competitors to replicate, which provides a sustained competitive advantage. In a brand- and innovation-driven consumer-goods company, such as P&G, product development and external communication are high on the list of signature processes. Amazon’s synchronized supply chain, with its common language and standards identifying clear decision rights and handoffs, is another.
People. No matter the structure or processes in place, people ultimately accomplish the mission. People crave stability and find it in the common values that hold the organization together. If the values are truly embodied in the organization, they provide a strong shared culture and purpose. But people also crave the new, and organizations can tap that to improve their dynamism. Agile organizations focus on creating strong internal motivation and passion, a culture of self-improvement and stretch, and an atmosphere of open, honest feedback.
Elephants learning to dance
Changing the way the Pentagon operates in an increasingly complex, multithreat environment has been intoned so often that it is widely regarded as a truism in defense circles. The real question is how to do it. Stephen Rosen, one of the leading thinkers on innovation and the modern military, summarized the problem well when he said, “Almost everything we know in theory about large bureaucracies suggests not only that they are hard to change, but that they are designed not to change.”7 If the system is designed to prevent change, then the forces at work in the system must be changed. The following three actions can disarm the forces of resistance and increase the agility of the US national-security apparatus:
Lower decision-making time to within adversaries’ OODA (observe, orient, decide, and act) loop
In May 2012, then-major-general H. R. McMaster admitted, “We have a perfect record in predicting future wars—right? ... And that record is 0 percent.”8 Given this inability to predict the future, success depends on being able to react fast enough to cope effectively with the unexpected. To reduce the cycle time, each organization should identify its signature decision-making processes (for example, resource allocation, requirement to fielding, deployment training) and start from a blank slate. In our experience, making incremental adjustments to established processes rarely works, as it leads inexorably to a prolonged internal battle. The organization should use as few steps as possible and no more than can fit within the required timeline. Most importantly, the number of reviews must be drastically shrunk to only those that can significantly improve the answer. Doing this will unwind the massive, self-imposed complexity of many of the current processes. For example, in our view, the planning, programming, budgeting, and execution cycle should be shortened from 30 months to 12—or, better, might even be made obsolete.
One example of a fundamental transformation of organizational agility comes from the Joint Special Operations Task Force (JSOTF), which was commanded by General Stanley McChrystal and sent to Iraq to kill or capture Abu Musab al-Zarqawi, the leader of al-Qaeda in Iraq. In its early days, JSOTF found itself outmaneuvered by a more agile adversary that was organized more like a network than a hierarchy and leveraged modern communications technology. General McChrystal observed that “the wickets through which decisions had to pass made even the most efficient manifestation of our system unacceptably slow.”9 He revamped the task force to place less emphasis on efficiency and more on adaptability. The mission, as is well known, was a success.
Control that which adds significant value, and let go of the rest
As described earlier, the current national-security system has a massive number of controls in place, all individually well intended, but in aggregate they create a system that struggles under its own weight. The controls manifest in three ways: policies (including regulations, instructions, and laws), governance, and hierarchy.
To become agile, the controls need to be rationalized. The policy aspect is likely the most complex and requires a clean-sheet review, with the goal of defining only the minimum specifications needed to ensure interoperability. Governance bodies should be consolidated, creating single decision points. And the hierarchical reviews of decisions along the chain of command should be cut to a single one. In our experience, many more decisions can be safely made by the responsible end-to-end unit, as we discuss next, instead of by top leadership.
Build end-to-end mission units, embed the enterprise view into each, and link and support them as needed
In the quest for efficiency and in an effort to minimize individual risk, many national-security organizations have organized along functional lines, with no single unit having end-to-end accountability, resulting in a lack of responsiveness. What’s needed now is a structure of many self-contained units, each with a clear mission, distinct accountability for performance of the mission, and the resources and access to expertise necessary to execute. The private sector calls the largest of these organizations business units; the smallest versions are called integrated project teams.
Agile organizations typically decouple the formal reporting structure (organization chart and functions) from the daily work management and the professional development of people. Their driving principle is to build the teams and individual work around meaningful end-to-end streams of work with a clear mission and direct results. The DOD has many excellent examples of high-performing business units and, especially, smaller self-contained teams. In the national-security arena, the various missions determine the core end-to-end processes. All aspects of accomplishing a mission (such as training, acquisition, and execution) are managed by this unit. Functional processes (recruiting, finance, IT, and so on) provide support to the end-to-end units. Just as crucially, agile organizational processes include full transparency on performance and mission outcomes. Examples of this exist already, but most are on the operational side. The Marine Corps has marine expeditionary units, the Army has brigade combat teams, the Navy has carrier battle groups, and the Air Force has air expeditionary forces. But in the intelligence arena and the entire support side, most functions are siloed, with mission responsibility coming together only at the level of the agency director or service secretary.
In the modern era, the enterprise view can be pushed further down into the organization, enabling units to make fast, efficient decisions based on their in-depth knowledge of both the frontline situation and the impact on the enterprise. Modeling can often clarify the complex system interactions with the enterprise. Providing units access to the relevant big picture lets them make choices that align with the broader goals.
Warren Bennis, widely regarded as a pioneer of the contemporary field of leadership studies, said it well: “Success in management requires learning as fast as the world is changing.”
This article is an edited extract of a chapter from America’s National Security Architecture: Rebuilding the Foundation (Aspen Strategy Group, November 2016) and is reprinted here by permission.