Securing the bolts before the horse has bolted: A new Perspective on Managing Collaborative Assurance Simon Reay Atkinson, Fellow IET, Seyedamir Tavakolitabaezavareh, David Walker, Li Liu, and Liaquat Hossain Complex Civil Systems Research Group, Faculty of Engineering and IT, University of Sydney, Australia Abstract – We suggest that the bureaucratic response to leaks, e.g. wiki-leaks, has frequently been to add more controls in an effort to securitize the spaces in which the breach has occurred or may occur in the future. We argue that the result of these info/techno-socio controls is to create a socio- info/techno ecology less capable of problem solving. These coordinating rules and controls (CRC) take time / bandwidth to administer and, sometimes deliberately, make things difficult. Often, they do so by simultaneously creating a climate of fear, where adherence to process is rewarded and innovative dissent is punished. Controls may therefore impinge upon the collaborative social influence (CSI) networks necessary for innovation, adaptation and problem solving – so breaches may actually increase. We take a network perspective to security based upon ambidexterity between CRC and CSI networks and creating assuredness / trust to enable a secure and healthy organisational ecology. Keywords: coordination rule & control (CRC); collaborative social influence (CSI); problem-solving; ambidexterity; instrumentation 1 Introduction This paper considers that healthy organisations have ‘a critical capacity for solving problems’, [1]. Warren and Warren [1] further identified three dimensions of connectedness (see also Thibaut and Kelley [2]): identification with the organisation (they referred to as neighbourhood); interstitial interaction within the organisation and existential linkages outside the organisation [3]. Warren and Warren [1] also considered integral neighbourhoods with close interstitial and good existential contacts and anomic neighbourhoods, where individuals have few interstitial or existential contacts. Backman & Smith [3] also reported that members (they called residents) of integral organisations were reported to be healthy and capable of organising for collective action (problem solving); whereas unhealthy, anomic organisations were unlikely to mobilize collectively or support each other. We suggest that problem solving is indicative of both collaboration and shared awareness, see Mintzberg [4]. The ability to engage in efficient and effective collaborative work in the types of social networks described by Latour [5] rests not only on the experience of the people but on the availability and reliability of information. Enabling collaboration incurs costs in terms of technology, networking, and training of users. And coordination remains a necessary activity that is required for the group to complete its tasks. Similarly, breakdowns in collaboration (such as misunderstandings, failure to report, leaking, etc) can lead to delays and missed opportunities – all increasing the cost of collaborating and potentially offsetting its benefits. The political and organisational context in which collaboration takes place also influences individual performances and the group within the collaborative process. It can affect whether people collaborate to maximise group or individual outcomes [6]. Hence, Cohen et al [7] differentiate between ‘cooperative-’ and ‘adversarial collaboration’. A more ‘normal’ characteristic of dynamic social networks (DsNs) is of people working and collaborating in large-scale, dynamically reconfigurable networks across a range of organizations (commercial, civil and non- governmental), see Whitworth & de Moor [8]. In such situations, teams potentially consist of many members communicating and sharing information with each other across organisational and potentially national boundaries: the extent and sheer volume of this information can become too much for them to deal with efficiently, see Endsley et al [9]. In fact, it can reduce ‘shared awareness’ and so the trust individuals have in other collaborators and the associated technology. Dabbish and Kraut [10] showed that workers given a full view of a remote team-mate’s activities were distracted from their own work. This problem will increase with the number of team members to be monitored, where monitoring itself can be a form of control in large-scale networks. Whereas this might be acceptable in a ‘control tolerant’ system [11], it is likely to lead to ‘collaboration breakdown’ in ‘influence tolerant’ regimes relying on the transfer of knowledge. For example, in the military domain, a study of watch-changes in naval operations revealed the need for better ‘situation awareness’ support for incoming personnel, see Endsley & Strater [12]. As information-technology (IT) has advanced, the social management of organizations has become more complex. Managers at all levels of the organization need both a deeper understanding of interactions between the individual, group, and organizational level and confidence / trust in the information and knowledge being exchanged [13]. An emphasis on IT and data rather than on social knowledge [14] has often led to internal competition even hyper-competition (by resource constraint) as a result of increased accessibility to information [15]. Consequently, managers need to become better at identifying the systems they are working with and ‘managing the social capital via which [information] is both produced and shared’ [16].