The recent disappearance of Malaysia Airlines Flight 370 has riveted world attention on the seemingly incongruous circumstances that would allow a large aircraft to virtually disappear. In an age of instant and ubiquitous communications linked through space-based and terrestrial networks, our expectations regarding what governments and the private sector should be capable of doing are growing.
It is rarely a case of what the private sector or government is actually capable of doing. It is the growing aggregate expectation of a whole-nation or whole-planet response to complex events that our everyday experiences tell us should be possible. After all, we manage our lives through mobile devices and conduct virtual personal and business relationships without regard to time or distance. Why shouldn’t we be able to marshal the real and virtual resources needed to locate an aircraft?
The Answer is Complexity
Complexity related to the scale of the problem geographically. Complexity related to the number of countries, private companies, international governing bodies, and stakeholders. Complexity related to the application of existing emergency and search and rescue doctrine and procedures across a large number and diverse set of participants with varying degrees of capability, capacity, and competencies.
The disappearance of Flight 370, the catastrophic events surrounding the tsunami and nuclear plant failures at Fukushima, Hurricanes Katrina and Sandy, and the Deepwater Horizon oil spill all challenged conventional wisdom on how we think about large-scale crises and disasters and confront complexity.
It is likely we could see similar complexity challenges in the wake of a cyber attack on an industrial control system that precipitates an industrial accident on the order of the explosion of the fertilizer plant in West, Texas in 2013, or the loss of the electrical grid similar to a recent exercise (GridEx II) conducted by the National Electric Reliability Cooperative (NERC).
I have come to believe that in the extensive discussions on risk management and resiliency that are appropriately center stage in our national dialogue on preparedness, we may not be adequately considering complexity and the effects of complexity on the processes, doctrines, procedures, policies, and plans that form the collective framework for our responses.
To be more specific, we may not be sufficiently considering complexity as a “risk aggravator.” We have traditionally looked for exogenous reasons why we haven’t gotten a response right in larger catastrophic events. The popular notion of the “Black Swan” is based on the concept that there are certain events that cannot be predicted by past events, data, or experience. The answer may be closer to home in a more focused effort to understand the level of complexity that are we confronting or could confront.
A case in point: Hurricane Katrina slammed into the U.S. Gulf Coast on August 29, 2005. One week later, I was assigned as the Deputy Principal Federal Official to then-FEMA Director Mike Brown and was asked to improve the response following well-publicized incidents at the New Orleans Convention Center and Super Dome, where evacuees overwhelmed facilities and there was a general lack of governance and coordination. As I flew into New Orleans on the morning of September 6, I was overwhelmed with the scale of the disaster.
Later, standing in the remnants of what used to be the cities of Waveland and Bay St. Louis, Mississippi, I witnessed an equally catastrophic but different disaster. The storm surge had driven water over the coast, then inland across Interstate 10, and finally to the Hancock County Airport, which was nearly 10 miles inland from the Gulf Coast. Physical damage in each location was extreme but differed based on how the storm came ashore and what the storm encountered in terms of physical structures and local geographical features.
The response in New Orleans had been narrowly framed as a response to the hurricane and associated flooding from levee and drainage canal failures. In actuality, something far more complex had occurred. In speaking, teaching, and writing about the response for the last nine years, I have termed what happened in New Orleans as “the equivalent of a weapon of mass destruction used on the city without criminal activity that resulted in a loss of continuity of government.”
The implications of not understanding this complexity resulted in resources being poured into the city for a week, though not under the control of local authorities that had the legal responsibility for the response. In the absence of a coherent command and control structure and unity of command, which existed in Mississippi, external resources were self deployed and were reporting back to their respective chains of command and not to a central coordinating structure.
The response was ultimately stabilized when we were able to re-establish the elements needed for civil authorities to meet their responsibilities. We did that by providing access, logistics, security, administrative support, and communications that allowed local law enforcement officials to go house to house and account for every dwelling, remaining survivor, and the difficult task of recovery of remains. This required a unified federal effort in support of—not in lieu of—local authorities.
Had this been understood on August 29 and 30, we might have seen different outcomes in New Orleans in that first week.
The Deepwater Horizon response represented a different and equally daunting complexity. While there was clear federal jurisdiction over the event and the location (state jurisdiction ends at three nautical miles), five states were simultaneously threatened by an uncontrolled discharge from a well with no human access, for an indefinite period of time, under varying wind, sea, and tidal conditions, and with no precedent for controlling the well, other than drilling a relief well.
Additionally, speculation that the oil could become entrained in the Gulf Loop current and be carried through the Straits of Florida into the Gulf Stream required expansion of the coordination effort to discussions with the governments of Cuba and the Bahamas, as well as additional states on the Atlantic seaboard.
Furthermore, an event involving a private company evokes equally complex issues regarding accountability, regulatory compliance, and liability—issues not present when Mother Nature is the responsible party. Finally, this event occurred on the eve of midterm congressional elections and involved a Democratic administration and five Republican Governors.
In this event, the existing oil spill response framework that had been substantially improved following the Exxon Valdez spill in 1989 had to be modified to address the unprecedented complexity and scale represented by the location of the well (5,000 feet deep), the amount of shoreline threatened, and the technological challenge to cap the well using remotely operated vehicles.
The response doctrine regarding the use of dispersants and in situ burning was challenged publicly and politically. The involvement of a publicly traded company and the associated legal requirements for disclosure brought the BP C-Suite into the public eye at the same time that they were responsible for fixing the problem. The political volatility and public interest were dimensions of complexity that we can expect to be present in any similar response. We need to understand that we will never have a major crisis or public program again that will not involve public participation. There is no barrier to entry.
We know moving forward that we can anticipate greater and more consequential interaction between the natural environment and the constructed environment. As population and infrastructure density increases, it is inevitable that we will see more frequent and complex events with greater and more complex consequences What we need to understand better is the increasing complexity of these events that challenge our existing assumptions of how we assess problems and respond to them. Assessing complexity will evolve as a practice, but for now, it is more art than science. It involves suspending assumptions about our existing models and challenging what we believe we know in light of what the situation presents to us (a concept developed by Peter Senge at MIT).
In the context of risk management, complexity is the final dimension of a problem that leaders need to consider as a potential variable or aggravator to be dealt with. Complexity is met and dealt within the C-Suite where risk is managed. Mere compliance with laws and regulations as a condition of operations are only table stakes. No crisis or problem matches existing plans, and the development of strategic intent that creates unity of effort is the ultimate responsibility of leaders inside and outside of government. The ability to confront situations that are unanticipated and galvanize action is critical.
In 1988, I was a Sloan Fellow at MIT. As part of our program, we visited CEOs of large corporations in the New York area. Our group listened to the leaders and then engaged in discussions about their roles and responsibilities. One of those leaders was the CEO of a major energy company headquartered in the greater New York area. During our group visit, I asked the CEO at the end of his presentation whether he was confident that his business was prepared to deal with a major industrial accident.
At the time, the major industrial accident of record was the Union Carbide chemical leak in Bohpal, India in 1984. The exact death toll has never been verified but estimates have ranged between 2,000 and 3,000 people with thousands more injured.
The CEO was unequivocal in his response. Between the existing and tested continuity of business plans, crisis communications plans, and response plans, he felt the company was more than prepared for a similar event.
What he didn’t know and I didn’t know was that three months later the measure of an industrial accident would change again when the Exxon Valdez would run aground in Alaska causing the largest maritime oil spill in U.S. history at that time.
I have thought back to the exchange with that CEO often in my career and have used it as catalyst to dig deeper, ask more questions, exercise plans more rigorously, and examine whether currently accepted doctrine and response plans are flexible enough to deal with the unknown, the complexity not planned for.
The implications for risk management and leadership in today’s increasingly complex world are clear. Leaders need to continually question the assumptions on which plans are based and introduce wild card scenarios into drills and exercises that increase complexity. More importantly, leaders must get involved in asking the hard questions about assumed risk and the ability of their organizations to adapt when needed.
Commenting on John F. Kennedy’s 1961 Inaugural Address, Edward R. Murrow remarked, “Difficulty is the excuse history never accepts.” Complexity is the new difficulty.