Defense AT&L Magazine

OPERATING STATUS

FULLY OPERATIONAL

Defense Acquisition Magazine

https://www.dau.edu/library/defense-atl/Lists/Blog/DispForm.aspx?ID=344

Avoiding a “Cargo Cult” Transformation

2023-03-24T16:00:00Z

https://wwwad.dauext.dau.mil/library/defense-atl/PublishingImages/Phillips_MarApr2023.jpg, https://www.dau.edu/library/defense-atl/PublishingImages/Phillips_MarApr2023.jpg https://wwwad.dauext.dau.mil/library/defense-atl/PublishingImages/Phillips_MarApr2023.jpg

<div class="ExternalClass779A81DD44D84161A68F170A2790B196">Transformation is never an easy endeavor. On a personal level, it takes a lifelong commitment to achieve permanent positive change. Additionally, it takes continuous re-evaluation of one’s current state to determine the future correct course. A well-known statistic shows that, of all months, yearly gym memberships increase the most in January. People buy gear and nutrition supplements. They talk the jargon and go through the motions of a fitness enthusiast, but only a fraction of those people go to the gym. These people are victims of the transformation “cargo cult.” <h3>Cargo Cults</h3> World War II was a conflict of massive proportions. Never had people and materiel been sent to so many places. What separated World War II from other wars was the remote locations where battles were fought. For example, in the South Pacific many of the islanders had never experienced modern contrivances. When the island-hopping campaign began, the U.S. military needed everything from port facilities, to airfields, to maintenance and repair depots. All this war materiel was seen as miraculous to island people often living in a Stone Age culture. As the fighting continued, the conflict moved from island to island. Just as it “miraculously” appeared, the materiel disappeared and left with the people who brought it. After the war, anthropologists became curious about the impact wartime island-hopping had on indigenous people. In their research, the anthropologists encountered what would later be described as “cargo cults.” According to a 1984 Los Angeles Times article quoted by author Lamont Lindstrom in his 1993 book, <a href="https://scholarspace.manoa.hawaii.edu/server/api/core/bitstreams/0755bd46-0f5f-4efe-a09b-66dc72794239/content" target="_blank">Cargo Cult: Strange Stories of Desire from Melanesia and Beyond</a>: Cargo cults develop when primitive societies are exposed to the overpowering material wealth of the outside industrialized world. Not knowing where the foreigners’ plentiful supplies come from, the natives believe they were sent from the spirit world. They build makeshift piers and airstrips and perform magical rites to summon the well-stocked foreign ships and planes … the faithful still expect the Americans to arrive soon, bringing with them lots of chocolate, radios, and motorcycles. (p. 1) In encountering things like radios, electric lights and airplanes, the tribal societies would describe them as cargo. Because they did not understand how these things were manufactured or how they worked, the technology seemed magical. Shortly after the war, the indigenous people began to try to duplicate what they saw. Suddenly runways were built with the addition of bamboo “control towers” to complete the rudimentary airfield. For example, on one island, it was not unusual to see the islanders staffing these control towers while wearing headphones carved from wood. Other islanders would occupy the runways, waving torches to signal the planes that might bring cargo. They even built life-size replicas of airplanes in hopes of attracting more aircraft to their island. The islanders believed that, if they imitated the actions they had encountered previously, somehow the spirits would bring more cargo. <h3>Transformation Cargo Cults</h3> In an online article, “<a href="https://medium.com/steveglaveski/the-curious-case-of-cargo-cults-and-corporate-innovation-29bcd0a14fa8" target="_blank">The Curious Case of Cargo Cults and Corporate Innovation</a>,” Steve Glaveski describes the following. The cargo cults of the corporate world, in attempts to generate and commercialize breakthrough ideas, imitated the same practices they had seen the hackers, hustlers and hipsters use. Cult behaviors usually involved mimicking the day-to-day activities and dress styles of startup founders, such as littering the office with bean bags, ping pong and foosball tables, performing daily stand-ups and wearing hoodies and sneakers to the office. Cult members eat pizza and drink beers on Fridays. They often hang out at coworking spaces and hip inner city cafes, hoping it will result in an increase in market capitalization. In the transformation cargo cult, just like the cargo cults of the Pacific Islands, management believes their mimicry will produce the same “magic” as the original. A good example is the General Motors (GM)-Toyota Joint venture known as NUMMI. <img alt="a coastline" src="/library/defense-atl/DATLFiles/Mar-Apr_2023/phillips_01.jpg" style="width:100%;" /> <h3>NUMMI and the Transformation Cargo Cult</h3> In the early 1980s, GM fell on hard times. In the face of the energy crises, poor labor relations, and dismal quality, GM decided to close its Fremont, California, plant. With the looming prospect of U.S. tariffs, Toyota saw an opportunity and worked with GM to form the New United Motor Manufacturing, Inc., or (NUMMI), plant. This joint venture was a win-win opportunity. Toyota would avoid tariffs and GM would have an inside look at the Toyota Production System (TPS), which Toyota introduced to the Fremont plant. After careful screening, Toyota began training the workforce in the intricacies of the TPS. The workers were astounded that the Japanese practiced what they taught. They were immersed into the TPS culture and its benefits. Admittedly, many skeptics permeated the car business, but from Job One, the Fremont cars were as good as the cars made in Japan. The industry was amazed by the quality coming out of NUMMI. However, GM management was not enthusiastic. Although they saw remarkable success coming out of NUMMI, they did not think their plants were a problem. They blamed their quality issues on labor and motivation, missing the point that the GM culture itself was responsible. As the reputation of the Fremont plant improved, the individual plants were allowed to try to duplicate the NUMMI success. In fact, they went so far as to send people to Fremont to view the operation firsthand. The visitors returned with procedures, photos, and measurements in hopes of transforming their own GM plants. The GM plants looked like NUMMI with one exception. Just like the cargo cults of the Pacific islanders, duplication of the “magic” of NUMMI did not translate into the same success of NUMMI. As it turns out, duplicating the look without understanding the methods and culture leads to failure. According to Larry Spiegel, one of the TPS practitioners who worked to transform the Van Nuys plant, “There were too many people convinced they didn’t need to change.” This lack of understanding coupled with the lack of desire for change led to the failure of the NUMMI experiment. (For more background and discussions with Spiegel and other participants in the NUMMI experiment, hear a recorded “This American Life” [Public Radio] interview or read the <a href="https://www.thisamericanlife.org/561/transcript" target="_blank">transcript</a>.) <div style="text-align:center;"> </div> <blockquote> <div style="text-align:center;">Cargo cults mimic success without knowing what activity is impacted, merely hoping that it will result in success. </div> </blockquote> <h3> Avoiding the Transformation Cargo Cults</h3> How can you avoid creating a transformation cargo cult? Many of the lessons of NUMMI were never embraced by the rest of the company. Although the following are well- known concepts, they are essential in avoiding becoming a transformation cargo cult and, when followed, can ensure an organization’s transformation is successful. The author contends that four factors promote an organization’s successful transformation: standard work, accountability, respect, and effective leadership that will help any organization manage transformation successfully. 1. Standard Work. Develop standard work for all positions. Make sure that employees understand how their standard work assignments impact transformation. Their standard work will describe their value-added tasks and reflect daily activity. As an essential component of Lean manufacturing, standardized work helps the organization understand what the important tasks are and avoids the cargo cult trap of merely appearing to work while adding no value. This concept applies equally across any business and at all levels. 2. Accountability. Accountability must be reflected by key measures that support transformation. It needs to be displayed in a location that facilitates communication and daily review. These performance data are tied to standard work. How can we get to our destination without understanding where we are? To avoid becoming a transformation cargo cult, we also need to understand how an organization’s activities support its transformation. Cargo cults mimic success without knowing what activity is impacted, merely hoping that it will result in success. Data must support the transformation process, and key measures will allow for data-driven progress. These key indicators on the organization’s intranet will allow progress to be monitored and eliminate guesswork and wishful thinking. 3. Respect. A system where employees feel respected and are properly utilized is crucial to a successful transformation. All transformation metrics need to be communicated and understood by everyone involved. In this environment, employees actively participate in problem solving and continuous improvement and have ownership of the process. As management expert W. Edwards Deming once said, “If you can’t describe what you are doing as a process, you don’t know what you’re doing.” By communicating transformation measures to all employees, the organization becomes calibrated to change at the same tempo—unlike a cargo cult where disparate activities have no known impact. The process of empowering employees to participate in and solve problems leads to a better understanding of the organization’s mission and esprit de corps! 4. Effective Leadership. Leadership is necessary for cultivating an environment where mutual trust exists between all levels of the organization and is supported by the organizational culture. In this future state, all employees will be fully trained and will have developed intuitive problem-solving skills. As time passes, a spirit of trust will develop where employees accept tasks and managers are confident of the employees’ abilities to accomplish those tasks. This provides a clear focus that empowers employees to accomplish transformation over time. By embracing the first three factors, organizations can ensure the success of the fourth factor. The biggest pitfall of a transformation cargo cult is the absence of organizational change. The cargo cult is cursed to continuously repeat the same things over and over while expecting different results. <blockquote> Leadership is necessary for cultivating an environment where mutual trust exists between all levels of the organization and is supported by the organizational culture. </blockquote> <h3>Conclusions</h3> Transformation can be a sudden and unplanned event. Many mechanisms can be leveraged for transformation. Prior to World War II, the battleship was the premier weapons system in naval warfare. The attack at Pearl Harbor demonstrated that the aircraft carrier was the new dominant weapons system, transforming the Navy from a battleship to an aircraft carrier force. Transformation can also result from poor leadership. In the late 1980s, Sears management decided to get out of the mail-order business and transform the retail company into a storefront-only entity. This misstep took a company with almost 100 successful years in the mail-order business and transformed it into a company on the verge of bankruptcy. Transformation can be unplanned or misplanned. It can also be mimicked in a most detrimental way. Because a cargo cult is an example of a culture that does not understand a transformational phenomenon, it tries to mimic what it sees in order to duplicate success. A transformation cargo cult exhibits the same characteristics. Duplicating examples of success without understanding the process is no different than joining a gym but not exercising in a pursuit of physical transformation. A facsimile of other organizations’ transformations put into effect without understanding the mechanism of transformation will prove just as phony as a cargo cult’s grass copy of an airport. Understanding these concepts will help you avoid turning your transformation into a transformation cargo cult! <blockquote> </blockquote> <hr /><a href="/library/defense-atl/p/DefAcqMag-March-April23" target="_blank"><img alt="Defense Acquisition magazine March-April 2023 cover" src="/library/defense-atl/DATLFiles/Mar-Apr_2023/cover%20_MarApr2023.jpg" style="margin-left:6px;margin-right:6px;float:left;width:10%;" /></a>Read the full issue of Defense Acquisition magazine <a href="/library/defense-atl/p/DefAcqMag-March-April23" target="_blank">TABLE OF CONTENTS</a> <hr />PHILLIPS is a professor of Quality Assurance in the College of Contract Management at DAU. He holds a Ph.D. in Quality Management from Eastern Michigan University in Ypsilanti. His dissertation focused on knowledge management, job design, and organizational climate’s influence on employees’ perception of quality. The author can be contacted at <a class="ak-cke-href" href="mailto:[email protected]">[email protected]</a>. <h5>The views expressed in this article are those of the author alone and not the Department of Defense. Reproduction or reposting of articles from Defense Acquisition magazine should credit the authors and the magazine.</h5> <hr /><a href="https://ctt.ac/6B4fG" target="_blank"><img alt="tweet" src="/library/defense-atl/DATLFiles/Sept-Oct_2021/tweetbutton.jpg" style="width:10%;" /></a><a href="https://forms.office.com/Pages/ResponsePage.aspx?id=RL4hHDUkv0m8H8ujFxhwWKL1MkZ9ijlJn6eDW2eiPulURThIUzNNN1VaVFRPMzhaTkNHTkMxODE1Ri4u"><img alt="subscribe" src="/library/defense-atl/DATLFiles/Sept-Oct_2021/suscribebutton.jpg" style="width:10%;" /></a><a href="/library/defense-atl/DATLFiles/Mar-Apr_2023/Phillips_MarApr2023.pdf?Web=1" target="_blank"><img alt="print" src="/library/arj/ARJ/ARJ%20101/print_button.jpg" style="width:10%;" /></a></div>

string;#/library/defense-atl/blog/CargoCultTransformation

Energize Your Workplace Feedback

https://www.dau.edu/library/defense-atl/Lists/Blog/DispForm.aspx?ID=343

Energize Your Workplace Feedback

2023-03-17T16:00:00Z

https://wwwad.dauext.dau.mil/library/defense-atl/PublishingImages/Gadeken_MarApr2023.jpg, https://www.dau.edu/library/defense-atl/PublishingImages/Gadeken_MarApr2023.jpg https://wwwad.dauext.dau.mil/library/defense-atl/PublishingImages/Gadeken_MarApr2023.jpg

<div class="ExternalClass89A18B944EDF48768048EA4215B9E7D6">Our acquisition system is full of feedback processes and metrics. We have cost, schedule, and performance baselines, earned value reports, key performance parameters, contract status reports, integrated baseline reviews, milestone reviews, and the list goes on. But this list applies only to our acquisition programs and not to the people who work on them. <h3>Poor Feedback is the Norm</h3> What’s missing is a better process for workplace feedback to our acquisition team members and support organizations. While we have many current feedback processes for our people, quite frankly they are sorely lacking when compared to the excellent feedback given on the technical, cost, and schedule side of acquisition programs. To cite just one example, I remember my last feedback session before I retired from the military. It was a mandatory six-month counseling session with my boss, the colonel in charge of the research organization where I had worked for the previous several months. As I sat down for my progress review, he pulled out the mandatory form, drew a vertical line down the middle with his pen, wrote “good job” at the bottom, signed it, and handed it back to me. I asked if he could give me some specific feedback on how I could improve, and he said, “I’ve been really busy lately, but I hear you’re doing a great job. So, keep up the good work.” And that was it. I wish I could say that was an exception to the feedback I had received throughout my career, but it was the rule. Most of my managers were either uncomfortable or unskilled at giving good feedback and even went out of their way to avoid it. As a result, I often asked for feedback from my peers that usually proved to be more useful than what I received from my management. This raises the question of why feedback is often neglected and so poorly done in our acquisition organizations. While I am not an expert on organizational culture, I will point out that the acquisition workforce is full of professionals with advanced technical and business degrees. These are the people I worked for throughout my career, and I fit that description as well and eventually also became a supervisor. I wasn’t very good at giving feedback either, which is why I’m writing this article. I have found that acquisition professionals with technical and business degrees love working on programs that present technical and business challenges. And they correspondingly hate working on “people” issues like doing evaluations, giving feedback, and handling performance problems. However, people are the key to what makes our acquisition programs work. <h3>Good People Deserve Good Feedback</h3> So, if you want to have a successful acquisition program, it all starts and ends with the people who work on that program in both our government and industry organizations. While having good people won’t guarantee you will have a successful program, having too many poor performers will guarantee that you won’t have a successful program. What does it take to have good people on your acquisition program? This requires quite an involved answer that covers recruiting, hiring, team building, developing, and retaining talent. These are all great challenges for our Defense Acquisition Workforce, but I will not be able to cover them all in this article. With my focus on energizing workplace feedback, I will concentrate on developing and retaining talent. Imagine you are now in charge of a team or organization with a staff of acquisition professionals. You want them all to be top performers, but you realize that only a few are even close to that at present. So, your goal is to further develop their talent and increase their contribution while they are working on their current jobs. This challenge could roughly be equivalent to adding more supplies and cargo to an already moving train, plane, or ship. Though difficult, it’s still possible if you have a good plan and the right tools. Let’s first take a closer look at your current workforce. If they are anything like the teams I have been on during my career, you’ll have a “mixed bag” of talent, dedication, and professionalism. There also will be a mixed bag of civil service, military personnel, and support contractors. You could also have team members from mixed military services and various federal agencies, academic institutions, and even international partner nations. As for civil service, active military, and support contractors, each category has different hiring, training, and retention policies, as well as different systems for performance evaluation, rewards, and discipline. You’ll have to keep those straight as you work with these different team members. <blockquote> Most of my managers were either uncomfortable or unskilled at giving good feedback and even went out of their way to avoid it. </blockquote> <h3>Feedback Tools</h3> As a general rule, employees in all categories are given annual written performance evaluations with accompanying feedback. This is usually done as part of a standard process with deadlines and prescribed documentation. While nothing is wrong with this approach in principle, fitting human performance into a standard process with timelines can have its limitations. This is especially true about feedback. To be most effective, feedback should be offered continually and linked as closely in time as possible to the actual performance events. Collecting and documenting feedback items for performance reviews conducted weeks or even months later significantly dilutes the learning value and impact on the employee. Another issue is the rigid nature of a standard evaluation process in which the manager artificially fits the feedback into a prescribed format that often incudes set ranges and rating limitations. It is almost better to decouple the manager’s ongoing role of providing workplace feedback from the standardized performance evaluation. The Situation-Behavior-Impact (SBI™) model, developed by the Center for Creative Leadership and featured in its 2019 monograph “<a href="https://www.ccl.org/leadership-solutions/leadership-topics/giving-effective-feedback-that-works/#:~:text=The%20Center%20for%20Creative%20Leadership%27s%20%28CCL%C2%AE%29%20simple%2c%20powerful%2c%2cmore%20motivated%20to%20take%20actions%20that%20improve%20performance." target="_blank">Feedback That Works</a>,” is a tool that can help immediately improve the quality and effectiveness of the feedback you provide to team members as their leader. Anyone is free to use that model. Just make sure to use the SBI™ trademark label. Much of our current workplace feedback is generalized. For example, “what a great briefing,” “that was an excellent report,” or “nice work on that program review.” The lack of detail in these comments renders them almost meaningless. And to contrast, this missing detail is precisely what the SBI™ model is designed to provide, as we will see in the following discussion. <h3>The Situation</h3> The first step in using the model is to accurately describe the situation where feedback will be provided. Taking the “great” briefing as an example, you could say, “Yesterday morning when you gave your program status briefing to the deputy director in the executive conference room … .” By setting the context, the briefer will be able to recall their version of the event and compare it to what you provide. <img alt="we want your feedback" src="/library/defense-atl/DATLFiles/Mar-Apr_2023/gadeken_01.jpg" style="width:100%;" /> <h3>Behavior</h3> The heart of the SBI™ feedback process is your description of the specific behaviors you observed that most clearly relate to the positive or negative outcomes achieved. By specific behaviors, I mean observable events such as written and spoken words, actions taken, vocal tones and inflections, hand gestures, and other nonverbal “body language.” These can all be good observations if you can clearly relate them to the impact or outcomes achieved. But by behaviors, I do not mean to include the thoughts, feelings, motivations, intentions, or assumptions that you may impute to the briefer. These are subjective inferences on your part that are not observable and are very likely to be wrong. To summarize, you need to stick only to behaviors that you or others present can actually observe. In the “great” briefing example, you could provide comments such as, “You began your presentation with a clear outline of the topics you would cover and referred to this outline as you transitioned to each succeeding topic.” Also, you could say, “I noticed that you made eye contact not only with the deputy director but with people all around the room,” and “you deliberately paused three times during your presentation to check for questions and made sure to answer them before moving on.” <h3>Impact</h3> The real leverage of SBI™ feedback comes in this last step where you relate the behaviors you observed to the impact those behaviors did or did not achieve. Impact achieved is often a judgment on the part of the observer, so try to remain as objective as possible. Using the briefing example cited earlier, you could say, “I think the clear outline you provided and used throughout the briefing made it easier for the audience to follow along and understand your key points” or “the eye contact and time you set aside for questions helped you relate to the audience and convince them that you understood their concerns.” To summarize, you want to relate as many behaviors as you can to how they impacted the outcomes in the situation observed. If a decision was made or an action taken, what behaviors most contributed to those outcomes? Here again, the feedback will be based on what you actually observed and not what you thought or wished had happened. <blockquote> Feedback can then truly be a gift that keeps on giving with both improved team member performance and improved acquisition outcomes. </blockquote> <h3>Stay on Your Side of the Net</h3> If some observed behaviors lead to a negative result, the temptation is to judge the motivation or faulty intent of the person being observed. This is going too far since the SBI™ feedback model is based on observable behavior and not inferred intent or motivation. The only way to judge intent is to ask the person and have them tell you. Let’s say you have a person on your team who starts showing up a few minutes late for work each morning. You might say to them, “I’ve noticed that you’re showing up late for work, and it seems like you don’t care.” But this judgment is something you inferred without proof. Perhaps a better statement would be, “I’ve noticed that you started showing up late for work, and it makes me feel like you don’t care.” This statement keeps the focus on the impact of the behavior on you. I once had a tardy person on my team. When I asked him about it, I got the back story that the family had just switched to a new day care center for their daughter, and it took a little longer to drop her off each morning. Yes, the team member should have mentioned it. But I was equally at fault for “making up” a story about his lack of motivation. In their insightful 2021 book <a href="https://www.gsb.stanford.edu/faculty-research/books/connect-building-exceptional-relationships-family-friends-colleagues" target="_blank">Connect</a>, authors David Bradford and Carole Robin use a tennis analogy to model the interaction between a feedback giver and receiver. As statements are volleyed across the net, the authors urge each “player” to stay on their side of the net. In other words, don’t make the mistake of trying to guess the perceived thoughts, feelings, motives, or intentions of the person on the other side of the net. The authors’ conclusion is to “stick with your reality” in describing the behavior you observed and the impact it had on you. For convenience, a set of key behaviors for feedback givers and receivers is summarized in Figures 1 and 2. Figure 1. Key behaviors for feedback givers <table border="1" cellpadding="5" cellspacing="1" style="width:50%;"> <tbody> <tr> <td bgcolor="#D3D3D3">When Giving Feedback: <ul> <li>Use Situation-Behavior-Impact (SBI™).</li> <li>Speak to the person and make eye contact.</li> <li>Use “I” statements (speak for yourself).</li> <li>Stay on your “side of the net” with your comments, and “stick with your reality.”</li> <li>Avoid prescriptive “shoulds” or “musts.”</li> <li>Be honest and be kind.</li> </ul> </td> </tr> </tbody> </table> Figure 2. Key behaviors for feedback receivers <table border="1" cellpadding="5" cellspacing="1" style="width:50%;"> <tbody> <tr> <td bgcolor="#D3D3D3">When Receiving Feedback: <ul> <li>Listen to all feedback before commenting.</li> <li>Seek to understand (not necessarily to agree).</li> <li>Ask for clarification, if needed.</li> <li>Do not defend, justify, or explain away.</li> <li>Be alert for themes and patterns.</li> <li>Give yourself time to reflect and process.</li> <li>Treat feedback as a gift, and say “thank you.”</li> </ul> </td> </tr> </tbody> </table> <h3>Conclusions</h3> Workplace feedback has long been an underused and mismanaged tool in our acquisition organizations. I assert that, if we improve our workplace feedback, our team members will improve, and our acquisition programs will improve right along with them. Improving workplace feedback should even have a multiplier effect by giving us far more payoff than our ongoing investment. Feedback can then truly be a gift that keeps on giving with both improved team member performance and improved acquisition outcomes. <hr /><a href="/library/defense-atl/p/DefAcqMag-March-April23"><img alt="Defense Acquisition magazine March-April 2023 cover" src="/library/defense-atl/DATLFiles/Mar-Apr_2023/cover%20_MarApr2023.jpg" style="margin-left:6px;margin-right:6px;float:left;width:10%;" /></a>Read the full issue of Defense Acquisition magazine <a href="/library/defense-atl/p/DefAcqMag-March-April23" target="_blank">TABLE OF CONTENTS</a> <hr />GADEKEN is a professor of Program Management at DAU’s Fort Belvoir, Va., campus. The author can be contacted at <a class="ak-cke-href" href="mailto:[email protected]">[email protected]</a>. <h5>The views expressed in this article are those of the author alone and not the Department of Defense. Reproduction or reposting of articles from Defense Acquisition magazine should credit the authors and the magazine.</h5> <hr /><a href="https://ctt.ac/vaYcp" target="_blank"><img alt="tweet" src="/library/defense-atl/DATLFiles/Sept-Oct_2021/tweetbutton.jpg" style="width:10%;" /></a><a href="https://forms.office.com/Pages/ResponsePage.aspx?id=RL4hHDUkv0m8H8ujFxhwWKL1MkZ9ijlJn6eDW2eiPulURThIUzNNN1VaVFRPMzhaTkNHTkMxODE1Ri4u" target="_blank"><img alt="subscribe" src="/library/defense-atl/DATLFiles/Sept-Oct_2021/suscribebutton.jpg" style="width:10%;" /></a><a href="/library/defense-atl/DATLFiles/Mar-Apr_2023/Gadeken_MarApr2023.pdf" target="_blank"><img alt="print" src="/library/arj/ARJ/ARJ%20101/print_button.jpg" style="width:10%;" /></a></div>

string;#/library/defense-atl/blog/EnergizeWorkplaceFeedback

Zero Trust and Industry’s Role in Growing Cybersecurity Solutions

https://www.dau.edu/library/defense-atl/Lists/Blog/DispForm.aspx?ID=342

Zero Trust and Industry’s Role in Growing Cybersecurity Solutions

2023-03-10T17:00:00Z

https://wwwad.dauext.dau.mil/library/defense-atl/PublishingImages/Woody_MarApr2023.jpg, https://www.dau.edu/library/defense-atl/PublishingImages/Woody_MarApr2023.jpg https://wwwad.dauext.dau.mil/library/defense-atl/PublishingImages/Woody_MarApr2023.jpg

<div class="ExternalClassC65E295639294F21A620C8F15056B1C5">Today’s missions rely on highly integrated and complex technology that must be protected from a wide range of adversaries. This technology must operate in highly dynamic and contested environments. However, for quite some time, relying solely on operational security controls in these environments has failed to provide sufficient protection. Virtually all products and services acquired by programs are supported by, or integrated with, information technology that includes third-party software and hardware components and services. Each of these acquired products and services represents a potential source of cybersecurity risk. This article looks at how the U.S. Government and the organizations that support it respond to the growing demand for Zero Trust solutions. <h3>Executive Order Prioritizing Prioritizing Zero Trust</h3> <a href="https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/" target="_blank">Executive Order 14028, Improving the Nation’s Cybersecurity</a>, prioritizes Zero Trust as a strategic approach for securing government data. However, because of our increased reliance on third-party technology and the demands for scalability, organizations implementing Zero Trust solutions must consider industry efforts to develop products that can support increased use of automation for enforcing explicit trust relationships. The following documents, pivotal in the field of Zero Trust, illustrate why Zero Trust is specifically identified in Executive Order 14028: <ul> <li><a href="https://csrc.nist.gov/publications/detail/sp/800-207/final" target="_blank">NIST 800-207: Zero Trust Architecture</a></li> <li><a href="https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf" target="_blank">OMB M-22-09, Moving the U.S. Government Toward Zero Trust Cybersecurity Principles</a></li> <li><a href="https://dodcio.defense.gov/Portals/0/Documents/Library/%28U%29ZT_RA_v2.0%28U%29_Sep22.pdf" target="_blank">DoD</a><a href="https://dodcio.defense.gov/Portals/0/Documents/Library/%28U%29ZT_RA_v2.0%28U%29_Sep22.pdf" target="_blank"> Zero Trust Reference Architecture</a></li> <li><a href="https://www.cisa.gov/zero-trust-maturity-model" target="_blank">CISA Zero Trust Maturity Model</a></li> <li><a href="https://dodcio.defense.gov/Portals/0/Documents/Library/DoD-ZTStrategy.pdf" target="_blank">DoD Zero Trust Strategy</a></li> <li><a href="https://dodcio.defense.gov/Portals/0/Documents/Library/DoD-ZTExecutionRoadmap.pdf" target="_blank">DoD Zero Trust Capability Execution Roadmap (COA 1)</a></li> </ul> We now will examine the role of each of these documents in the government’s move to Zero Trust and how they are changing the way industry approaches cybersecurity and the products developed for its support. <h3>NIST 800-207: Zero Trust Architecture</h3> <a href="https://csrc.nist.gov/publications/detail/sp/800-207/final" target="_blank">NIST 800-207</a>, published by the National Institute of Standards and Technology, introduced a new model for cybersecurity called Zero Trust. That model was based on the work of John Kindervag and a team at Forrester business and technology consultants, beginning around 2009. The goals of that initial effort were to remove implicit trust and move security from the network to users, applications, and workloads. The following DoD example of implicit trust explains those goals. A Department of Defense (DoD) acquisition program staff member is working remotely. That staff member uses a virtual private network (VPN) to connect to the program’s data center, where applications and data sets associated with the program’s acquisition efforts are located. Once the staff member successfully logs in and connects via VPN, that person has legitimate access to DoD acquisition applications and data. The implicit trust is that (1) the staff member is the person who logged in; and (2) that person has a need to access all the applications and data in the data center. The data center does not use multifactor authentication (MFA) or any other means to verify that the staff member is the person who should be logging in and accessing the data center. The VPN provided a clear path to the applications and data. The data center does not check that the staff member has the privilege to use the available applications and data. The trust described in the foregoing example is implicit trust. The VPN provided a way to “get through the wall” (i.e., perimeter defense) that was designed to keep unauthorized people from gaining access to the data center via the network. <a href="https://csrc.nist.gov/publications/detail/sp/800-207/final" target="_blank">NIST 800-207</a> built on Kindervag’s ideas by defining the following tenets for Zero Trust: <ol> <li>All data sources and computing services are considered resources.</li> <li>All communication is secured regardless of network location.</li> <li>Access to individual enterprise resources is granted on a per-session basis.</li> <li>Access to resources is determined by dynamic policy—including the observable state of client identity, application or service, and the requesting asset—and may include other behavioral and environmental attributes.</li> <li>The enterprise monitors and measures the integrity and security posture of all owned and associated assets.</li> <li>All resource authentication and authorization are dynamic and strictly enforced before access is allowed.</li> <li>The enterprise collects as much information as possible about the current state of assets, network infrastructure, and communications, and uses that information to improve its security posture.</li> </ol> Interpreting our previous DoD example using these tenets, each different application and data set is now considered a resource (Tenet 1) and the staff member is a subject. In examining the diagram from Section 3 of <a href="https://csrc.nist.gov/publications/detail/sp/800-207/final" target="_blank">NIST 800-207</a>, we see that a policy enforcement point (PEP) is established between the subject and the resource and operates like a switch. <img alt="a man holding a laptop in a server room" src="/library/defense-atl/DATLFiles/Mar-Apr_2023/woody_01.jpg" style="width:100%;" /> This approach differs from the traditional network-only focus, where the VPN provided access to all available applications and data. Instead, it relies on a set of policies applied dynamically to determine whether sufficient trust can be verified to allow the subject access to the resource (Tenet 4). The policy decision point (PDP) represents a mechanism (i.e., policy engine) that considers different policies and decides whether access should be granted. The policy administrator mechanism provides a control signal that sends the result of the decision to the PEP, which operates like a closed switch (i.e., access granted) or an open switch (i.e., access denied) to the resource. With Zero Trust, policies are used to dynamically control access to resources. But still to be determined is how often that control should be exercised. According to Tenets 3 and 6, whenever someone attempts to access a resource, the PDP must decide whether access should be granted and then signal the PEP to enforce the decision. So far, we have covered Tenets 1, 3, 4, and 6. But how are Tenets 2, 5, and 7 involved? According to Tenet 2, the connections used to allow access must be encrypted. This means that the connection from the person’s system to the PEP, the connection from the PDP to the PEP, and the connection from the PEP to the resource must all be encrypted. According to Tenet 7, the PDP dynamically receives inputs from the different systems, data feeds, policies, and logs to use in its decision making. And according to Tenet 5, the PDP uses information about the integrity and security posture of the resources and infrastructures to be continuously monitored. The combined use of PDPs and PEPs in Zero Trust poses a new challenge to industry. Decision points must ingest a wide variety of inputs in various formats for authentication, authorization, data authorization, network and infrastructure, applications, and workloads. A standard format must be developed to enable PDPs to act on the information dynamically. This would enable industry to produce tunable PDPs, enabling their application in different enterprises and systems. Industry could also develop PDPs that focus on specific data inputs with the goal of integrating them with other PDPs. This illustration of the Zero Trust strategy from <a href="https://csrc.nist.gov/publications/detail/sp/800-207/final" target="_blank">NIST 800-207</a> is straightforward, but it falls short of where we need to be to apply Zero Trust to enterprises and weapon systems. To spur adoption of a Zero Trust strategy in the federal government, President Biden directed Federal Civilian Executive Branch (FCEB) agencies to modernize their approach to cybersecurity by moving toward a Zero Trust architecture (ZTA) in Executive Order 14028. This order directs the heads of each FCEB agency to develop a plan to implement ZTA that does the following within 60 days of the order’s issuance: <ul> <li>Incorporates the migration steps identified in <a href="https://csrc.nist.gov/publications/detail/sp/800-207/final" target="_blank">NIST 800-207</a>.</li> <li>Identifies activities that will have the most immediate security impact.</li> <li>Includes a schedule to implement these activities.</li> </ul> <h3>OMB M-22-09: Moving Toward Zero Trust Principles</h3> <a href="https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/" target="_blank">Executive Order 14028</a> was followed by <a href="https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf" target="_blank">OMB M-22-09</a>. This new order, published by the Office of Management and Budget (OMB), defines a ZTA strategy and requires agencies to meet specific cybersecurity standards and objectives by the end of Fiscal Year (FY) 2024. <h3>DoD Zero Trust Reference Architecture</h3> For the U.S. military, the <a href="https://dodcio.defense.gov/Portals/0/Documents/Library/%28U%29ZT_RA_v2.0%28U%29_Sep22.pdf" target="_blank">DoD Zero Trust Reference Architecture</a> initially (in version 1.0) predicted that “next generation cybersecurity architecture will become data-centric and based on Zero Trust principles.” An update (<a href="https://dodcio.defense.gov/Portals/0/Documents/Library/%28U%29ZT_RA_v2.0%28U%29_Sep22.pdf" target="_blank">version 2.0</a>) states that Zero Trust “should be used to reprioritize and integrate existing DoD capabilities and resources, while maintaining availability and minimizing temporal delays in authentication mechanisms, to address the DoD CIO’s [Chief Information Officer’s] vision.” <h3>CISA’s Zero Trust Maturity Model</h3> Although the federal government was directed to transition to a Zero Trust strategy, organizations were hampered by a lack of specifics on how to apply and implement that strategy. They needed models to show how they could mature their Zero Trust application. In response, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) developed the <a href="https://www.cisa.gov/zero-trust-maturity-model" target="_blank">Zero Trust Maturity Model</a> specifically for federal agencies to use in addressing this challenge. The “Maturity Model (FFP),” described in Figure 42 of the <a href="https://dodcio.defense.gov/Portals/0/Documents/Library/%28U%29ZT_RA_v2.0%28U%29_Sep22.pdf" target="_blank">DoD Zero Trust Reference Architecture</a>, is the model that DoD is using. Models like this provide the guidance that organizations need to mature their application of a Zero Trust strategy. However, these models do not provide a prescriptive method for achieving increased maturity. <h3>DoD Zero Trust Strategy</h3> This document provides guidance for advancing Zero Trust concept development within DoD based on four goals identified in the <a href="https://dodcio.defense.gov/Portals/0/Documents/Library/%28U%29ZT_RA_v2.0%28U%29_Sep22.pdf" target="_blank">DoD Zero Trust Reference Architecture</a> along with the goals’ associated cybersecurity practices: (1) Zero Trust Cultural Adoption, (2) DoD Information Systems Secured and Defended, (3) Technology Acceleration, and (4) Zero Trust Enablement. Goal 2 focuses on the seven pillars (User, Device, Applications and Workloads, Data, Network and Environment, Automation and Orchestration, and Visibility and Analytics). This provides a good starting point for programs and organizations in planning and initiating their Zero Trust transition efforts. <img alt="fingers on a clear screen" src="/library/defense-atl/DATLFiles/Mar-Apr_2023/woody_02.jpg" style="width:100%;" /> <h3>DoD Zero Trust Capability Execution Roadmap </h3> This roadmap identifies three courses of action (COA): COA 1 ZT Baseline, COA 2 Commercial Cloud, and COA 3 Private Cloud. The document provides recommendations and timelines to implement COA 1, with the goal of implementing Zero Trust and achieving “Target Level ZT” across the DoD by FY 2027. This is done by breaking down Zero Trust capabilities into sequenced activities, which then create a roadmap that supports the DoD Budget Cycle for this timeframe. <h3>The Challenges of Implementing a Zero Trust Strategy</h3> Though we earlier provided a relatively simple example of applying Zero Trust strategy, an organization implementing such a strategy will face significant complexity challenges. The Zero Trust pillars from these documents (five for CISA and seven for DoD) are capability areas that each organization must consider in assessing its own strengths, weaknesses, technical competencies, and risk tolerance. These pillars also have cross-cutting capabilities that provide a security approach, enabling the dynamic application of policies for enforcing Zero Trust tenets. Vendor Challenges. Vendors are working with both federal and DoD sectors to develop and repurpose commercial products to support the application of Zero Trust strategies. However, because Zero Trust affects many different aspects of an enterprise, no single vendor provides all the needed products or the ability to successfully integrate them into a complete solution. Some vendors offer strong products dealing with identity and access management; others focus on products related to the PDP and PEP aspects of Zero Trust. Logging and monitoring play a key role in implementing and growing Zero Trust strategies; therefore, products from these vendors must also integrate with other vendors’ products. Vendors must realize that each organization will be a unique case based on its technical competencies, risk tolerance, and desired time frame to implement. Federal and DoD Sector Challenges. Both DoD and the broader federal sector recognize that they will need assistance integrating products from different vendors to begin implementing their Zero Trust strategies. This integration presents challenges because the sectors lack (1) a set of best practices for implementing a Zero Trust strategy, and (2) a method to determine how successfully a Zero Trust strategy is being implemented. Neither exists at present. The maturity models provide images for maturing Zero Trust approaches, but they are not prescriptive. <h3>A Path Forward: NIST, ATARC, and SEI Contributions</h3> To address these challenges, NIST and organizations such as the Advanced Technology Academic Research Center (ATARC) and the Software Engineering Institute (SEI) are developing use cases and scenarios involving aspects of Zero Trust implementations. These use cases paint a clearer picture of what organizations should consider when developing their Zero Trust strategy. <blockquote> Organizations should leverage governance and risk management to plan, implement, and support the Zero Trust journey. </blockquote> All three organizations’ development activities involve vendors that must collaborate to provide the government effective implementation options. Vendors are invited to demonstrate how their products can support Zero Trust implementations. Through these demonstrations, NIST, ATARC, and the SEI learn where additional work is needed. NIST. To help address the Zero Trust challenge,<a href="https://csrc.nist.gov/publications/detail/white-paper/2022/05/06/planning-for-a-zero-trust-architecture/final" target="_blank"> NIST published NIST CSWP 20, Planning for a Zero Trust Architecture: A Planning Guide for Federal Administrators</a>; and<a href="https://csrc.nist.gov/publications/detail/sp/1800-35/draft" target="_blank"> SP 1800-35, Implementing a Zero Trust Architecture</a>. CSWP 20 helps administrators understand how the NIST Risk Management Framework can be used when transitioning to Zero Trust. SP 1800-35 explains how commercially available technologies can be integrated and used to build Zero Trust architectures. ATARC. A nonprofit organization that formed a Zero Trust Working Group, ATARC includes members from the federal government, academia, and industry. <a href="https://atarc.org/atarc-zero-trust-lab/" target="_blank">The ATARC Zero Trust Lab</a> was established to demonstrate technical architectures and original equipment manufacturer hardware and software solutions to address the Zero Trust use cases that CISA defined in its Zero Trust Architecture. SEI. The SEI hosted <a href="https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=885624" target="_blank">Zero Trust Industry Day 2022</a>, an event designed to collect information from vendors that develop solutions for implementing a Zero Trust architecture. Vendors addressed a <a href="https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=886710" target="_blank">request for information</a> (RFI) aimed at providing guidance to U.S. federal agencies that must transition to a Zero Trust cybersecurity strategy. As part of this scenario, the vendors’ responses were also required to help these agencies address <a href="https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf" target="_blank">OMB M-22-09</a>, <a href="https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf" target="_blank">Moving the U.S. Government Toward Zero Trust Cybersecurity Principles</a>; and OMB M-21-31,<a href="https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf" target="_blank"> Improving the Federal Government’s Investigative and Remediation Capabilities Related to Cybersecurity Incidents</a>. Each participating vendor focused on one or two facets of Zero Trust: identity and access management, software-defined networking, integrity, workflows, or cloud-based platforms for network security. As a result of a singular focus, each vendor was compelled to collaborate with other vendors to satisfy the RFI. Only one vendor addressed the full scope of Zero Trust identified in the RFI. The vendors’ responses and video presentations are available on the <a href="https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=885624" target="_blank">SEI’s website</a> and <a href="https://www.youtube.com/channel/UCrmnnE3yzpAyAuX_hRqyLdg" target="_blank">YouTube channel</a>. Based on this event, the SEI identified five best practices for Zero Trust architecture: <ul> <li>Develop and maintain comprehensive inventories that include data, applications, assets (with a focus on high-value assets), services, and workflows.</li> <li>Recognize the dynamic nature of Zero Trust and the inherent importance of auditing and logging.</li> <li>Recognize that Zero Trust is a complex paradigm with a relatively long journey to maturity. Organizations should leverage governance and risk management to plan, implement, and support the Zero Trust journey.</li> <li>Decrease overall risk by leveraging cloud and virtual solutions where they reasonably fit into an organization’s Zero Trust journey.</li> <li>Use automation, orchestration, and application programming interfaces to optimize maturity.</li> </ul> <h3><img alt="hands typing on a clear screen" src="/library/defense-atl/DATLFiles/Mar-Apr_2023/woody_03.jpg" style="width:100%;" /></h3> <h3>Conclusions</h3> Applying Zero Trust strategy to enterprises is an effective way to reduce cybersecurity risks. The remaining challenge is determining how to implement this strategy in a way that supports organizations’ missions, time frames, technical competencies, and risk tolerances. Current guidance lacks the specificity required for organizations to implement the strategy on their own. For DoD organizations, the Zero Trust Strategy and Zero Trust Capability Execution Roadmap (COA 1) documents provide a good starting point. Still these organizations cannot acquire ready-made, commercially available Zero Trust solutions that fully meet their needs. Vendors must collaborate to integrate their offerings and create more comprehensive solutions. This integration cannot be accomplished only with other vendors; they must also continue collaborating with government organizations to understand their unique challenges. Some organizations—including NIST, ATARC, and the SEI—are researching ways to help government organizations and vendors better understand what they must consider in their transition to Zero Trust. Meeting this challenge will be an ongoing process that involves multiple organizations working to improve their maturity. To enable resilient systems, government organizations must rely on cybersecurity vendors to refine their offerings and improve interoperability. <hr /><a href="/library/defense-atl/p/DefAcqMag-March-April23" target="_blank"><img alt="Defense Acquisition Magazine March-April 2023 cover" src="/library/defense-atl/DATLFiles/Mar-Apr_2023/cover%20_MarApr2023.jpg" style="margin-left:6px;margin-right:6px;width:10%;float:left;" /></a>Read the full issue of Defense Acquisition magazine <a href="/library/defense-atl/p/DefAcqMag-March-April23" target="_blank">TABLE OF CONTENTS</a> <hr />WOODY is a principal researcher in the CERT Division of the Software Engineering Institute. Her research interests focus on cybersecurity engineering for complex, software-reliant systems. She is a published coauthor on software engineering and led a research effort to develop the CERT Cybersecurity Engineering and Software Assurance Professional Certificate. Woody holds a Ph.D. in Information Science from Nova Southeastern University, an M.B.A. from Wake Forest University, and a B.S. in Mathematics from William and Mary. MORROW is the Situational Awareness Technical Manager within the CERT Monitoring and Response Directorate at the Software Engineering Institute (SEI). He holds a B.S.E.E. from Penn State University and an M.S.E.E. from the University of Pittsburgh. Morrow’s career includes experience with systems, system of systems, software architecture and analysis methods, full life-cycle development and support, cybersecurity, and use of model-based systems engineering tools throughout his 19 years at the SEI. The authors can be contacted at <a class="ak-cke-href" href="mailto:[email protected]">[email protected]</a> and <a class="ak-cke-href" href="mailto:[email protected]">[email protected]</a>. <h5>This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at <a class="ak-cke-href" href="mailto:[email protected]">[email protected]</a>.</h5> <h5>The views expressed in this article are those of the author alone and not the Department of Defense.</h5> <hr /><a href="https://ctt.ac/MO3ba" target="_blank"><img alt="tweet" src="/library/defense-atl/DATLFiles/Sept-Oct_2021/tweetbutton.jpg" style="width:10%;" /></a><a href="https://forms.office.com/Pages/ResponsePage.aspx?id=RL4hHDUkv0m8H8ujFxhwWKL1MkZ9ijlJn6eDW2eiPulURThIUzNNN1VaVFRPMzhaTkNHTkMxODE1Ri4u" target="_blank"><img alt="subscribe" src="/library/defense-atl/DATLFiles/Sept-Oct_2021/suscribebutton.jpg" style="width:10%;" /></a><a href="/library/defense-atl/DATLFiles/Mar-Apr_2023/Woody_MarApr2023.pdf" target="_blank"><img alt="print" src="/library/arj/ARJ/ARJ%20101/print_button.jpg" style="width:10%;" /></a> <h5> </h5></div>

string;#/library/defense-atl/blog/ZeroTrustandIndustry

Telework—Possible Learning Curve Effects and the Need for More Analysis

https://www.dau.edu/library/defense-atl/Lists/Blog/DispForm.aspx?ID=341

Telework—Possible Learning Curve Effects and the Need for More Analysis

2023-03-08T17:00:00Z

https://wwwad.dauext.dau.mil/library/defense-atl/PublishingImages/Badiru_MarApr2023.jpg, https://www.dau.edu/library/defense-atl/PublishingImages/Badiru_MarApr2023.jpg https://wwwad.dauext.dau.mil/library/defense-atl/PublishingImages/Badiru_MarApr2023.jpg

<div class="ExternalClassE67A420281A54216B8C7138C0A8B5A4E">In view of the tremendous increase in teleworking over the last two years, we anticipate that new research will be needed about the general effectiveness of working long-term away from employer facilities. Areas to examine include learning retention and productivity maintenance, particularly in national defense work. We neither favor nor oppose telework but believe that the large increase in its use recommends careful examination of its long-term effects. In the past two years, we have seen increased use of telework initiated and accelerated in response to the coronavirus pandemic. We developed a conceptual framework to increase awareness of telework’s impact on learning curves. Our core hypothesis is that telework, which represents a break in normal or traditional work routines, may decrease the expected performance along a typical learning curve. Empirical studies of production systems have shown that production breaks impede progress along the learning curve. However, workforce redevelopment and preservation can help cope with these adverse effects—which can represent significant human-capital concerns. Our approach can reflect how teleworking affects Defense Acquisition Workforce performance and provide added insights into ways to better manage the increasing use of telework in acquisition programs. Defense acquisition systems depend on a combination of technology, process, and the experiential skills of acquisition professionals. Whenever the experience and skills of people degrade, the outputs of acquisition programs are directly impacted. While technology and process may not be immediately changeable, the workforce aspects can and should be protected. While telework is desirable during operational disruption, as in the case of a pandemic or other disaster, organizational leaders must realize that it does pose a risk to learning curves. If adverse impacts are identified early, administrative strategies can protect efficiency, effectiveness, and productivity, which is especially important in defense acquisition. Increased empirical studies may be needed on the loss of learning. Undeniably, there is a personal aspect in remote work: Working from home ensures that the work performed meshes with the worker’s personal life and family needs. Employers also are rethinking their policies in order to compete for skilled workers by providing state-of-the-art techniques, tools, and rules for mobile and remote. All of this has, in recent years, put a different light on the traditional requirement of permanent face-to-face workplace presence. But there are wide-ranging consequences to consider for learning and growth of experience. <h3>Learning Curve Framework</h3> The learning curve theory illustrates and supports the calculation of the effects of learning on workforce performance and productivity. Learning curve models have been researched for nearly a century—the basic theory of Theodore Wright’s Cumulative Average Model was developed in the 1930s. The model is based on a simple key principle: Due to learning effects, the average time or cost for workers to perform a task constantly declines as workers gain expertise and experience. According to the actual learning rate, workforce efficiency, performance, and productivity surge when employees increase their knowledge. In cost- and time-intensive defense acquisition programs, the learning curve impacts are of profound significance. Timely, economical, and quality-appropriate defense programs are essential in sustaining U.S. military capabilities. Since World War II, studies have increased on the effects of work breaks (i.e., forgetting) on learning progress, work performance, efficiency, and productivity. Researchers postulated that an extended disconnection of employees from a normal work routine within a collective social presence increases the tendency to forget lessons learned about efficient ways of working. Any resultant inconsistency in learning rates must be reasonably considered. The theory of forgetting holds that telework-inherent interruptions of the progress in learning trigger performance degradation. Forgetting effects related to telework are not directly comparable to the interruption phenomena of production processes in various previous models. Adedeji Badiru’s 2012 Defense Acquisition Research Journal article, “<a href="/library/arj/ARJ/arj63/Badiru_ARJ63.pdf" target="_blank">Half-Life Learning Curves in the Defense Acquisition Life Cycle</a>,” mentioned “lack of training” and “extended breaks in practice” as possible causes of performance decay. Both may become concerns regarding telework. Participating employees have, other than web-based training modules and virtual online meetings, limited opportunities for practical training or to build and maintain professional networks and share interpersonal experiences. Teleworkers experience interruptions in performing their basic work as well as in collaborative activities with colleagues. The learning curve is characterized by inconstant and slower overall learning when compared with uninterrupted learning curves. Exclusion from the regular working environment means that learning curve effects cannot fully materialize. Telework can hamper communication and presentations, physical coordination, and in-person teamwork—all elements that can promote learning. Employees are subject to (and limited by) the nuances of digital communication. In remote work, people become accustomed to forgetting because of interruptions in work practice and a lack of in-person training, face-to-face interactions, experience buildup, and knowledge intensification. Essential elements of learning curves degrade under adverse conditions that partly hinder efficiency and diminish performance and productivity gains. <h3>Features, Opportunities, and Challenges</h3> Working from home during the coronavirus pandemic was quickly seen by both employers and employees as a way to curtail the spread of infection and maintain workplace safety and productivity. As in other upheavals, the pervasive impact of telework on working life will remain marked by both opportunities and risks. Organizations providing remote work offer their staffs autonomy, flexibility, compatibility of family life and career (i.e., work-life balance), and reduction of risks associated with commuting. Another advantage is the improvement of IT skills, reinforced through miscellaneous digital collaborations and communications. Telework’s challenges, estrangement, social isolation, expansion of personal reachability, and blurring boundaries between private and work life are considerable issues to address going forward. In addition, various adjustments and equipment are needed. Employers must keep their employees engaged, despite physical separation, by using suitable coordination, supervision, measurement, monitoring, and communication methods and tools. Last but not least, this particular form of work requires specific personal qualities such as employee self-discipline and appropriate skill sets. But inevitably this work system is unavailable in certain sectors such as much of manufacturing, food services, agriculture, construction, handicrafts, geriatric and child care, general medical care, and shop as well as warehouse trade. Moreover, it tends to preclude involvement by some organizational staff. Certain employees may lack prerequisites such as adequate space and housing, digital affinity, or the ability to perform obligatory in-person duties. These shortcomings can prevent or limit the use of telework. For organizations to benefit from telework, comprehensive coordination is a key requirement. Expected gains from teleworking do not automatically arise—the whole process must be appropriately coordinated and professionally monitored. Issues could arise from working during what should be the employee’s free time, including overlaps of private and working life, on-duty accidents at home, and lack of framed working hours, guidance, instruction, training, and induction. These issues illustrate the need for telework regulation. Organizations would be well advised to ensure that each employee has access to an adequate setting for telework and timely resolution of technical, ergonomic, and communication issues prior to instituting telework opportunities. Examples of effective ways to improve practical application include training, increasing awareness, adapting appropriate processes and guidelines, investing in digital infrastructure, and promoting workforce telework-enabling skills. A coordinated approach effectively facilitates risk management and supports a coherent use of telework opportunities. It should always be recognized that telework is not suitable for everyone. <img alt="a person typing on a laptop" src="/library/defense-atl/DATLFiles/Mar-Apr_2023/badiru_01.jpg" style="width:100%;" /> <h3>Relevance for Workforce Development</h3> Conceptually, we have observed that forgetting what has been learned, or not learning it in the first place, can result from telework and adversely impact employee learning curves, particularly when new employees are onboarded. The question is whether persuasive qualitative aspects can be derived from telework engagement to tackle learning degradation and thereby preserve overall efficiency, effectiveness, and productivity. As outlined by Adedeji Badiru and Cassie Barlow in their 2020 Dayton Daily News article, “Developing workforce in era of COVID-19,” the organization’s capabilities for redevelopment and preservation are relevant. This would involve, for example, creating a safe and healthy working environment and fostering workers’ reliability or availability. With passage of the Telework Enhancement Act of 2010, a legal definition of “telework” was enshrined at <a href="https://uscode.house.gov/view.xhtml?path=/prelim%40title5/part3/subpartE/chapter65&edition=prelim" target="_blank">5 U.S.C. 6501(3)</a>. One purpose of the law was to provide flexibility in managing the federal government’s workforce. The law’s premise is that well-implemented telework programs provide government agencies with a valuable tool for achieving mission goals even during emergencies, while allowing employees an opportunity for enhanced work-life balance. One goal named in the Telework Enhancement Act is support of employee recruitment and retention. The <a href="http://https:/www.telework.gov/guidance-legislation/telework-guidance/telework-guide/guide-to-telework-in-the-federal-government.pdf" target="_blank">2021 Guide to Telework and Remote Work in the Federal Government</a> expounds specific qualitative background information on the regulatory landscape of telework. This form of work agreement is seen benefiting both employers and employees. Telework is regarded as a tool for improving workforce performance, engagement, productivity, and efficiency—particularly of mission-critical services in an emergency. <h3>Conceptual Framework</h3> Expectation management is a key foundation of human factors in any work environment. Consider the results of a conceptual learning-curve analysis applied to telework, learning decay, and performance degradation through forgetting effects. On the other hand, in view of the lessons learned from the pandemic, and the opportunity provided, telework can enrich both employers and employees. Telework effects can be described as “double-edged swords” with ambiguous dimensions. Advantages and opportunities, and disadvantages and risks, are closely combined. Accompanying effects, such as isolation, unmonitored lengthening of working time, blurred boundaries between work life and personal life, and breach of reachability are influenced by the level of telework. We suggest the goal should be an “optimum” level of teleworking to maximize beneficial effects and productivity gains, and minimize adverse impacts. It is important for employers to find appropriate solutions and instruments so that telework is properly executed, monitored, and controlled to minimize extensive breaks in experiential person-to-person interactions and prevent a decline in performance. Expedient and opportune strategies for organizations to benefit from telework should leverage the positive effects of telework by adhering to those solutions and instruments. With appropriate management, and done in the right way, telework will likely take root and yield the expected benefits. In this regard, a learning curve represents a quantifiable correlation between a worker’s performance on a specific task and how often a task must be repeated before a reliable pattern of satisfactory completions is established. This correlation can be represented by a formula and/or a graph. The formula or graph can be used to forecast the level of the worker’s performance relative to the number of repetitions. The learning curve theory proposes that efficiency in a task improves over time with repeated performance. The more frequently and consistently workers perform the same task, the more proficient they become. Of course, in telework, the chain of task repetition can be broken, possibly reducing performance on the learning curve. <h3>Normal Learning Curve Computation</h3> Let’s look at how the loss of learning (or performance degradation) due to telework can be measured in a practical setting. First, we recall the basic mathematical expression for a learning curve, which is also called an improvement curve, as presented below: <img alt="Y=Axb" src="/library/defense-atl/DATLFiles/Mar-Apr_2023/y=axb.jpg" style="width:10%;" /> <img alt="" src="/library/defense-atl/DATLFiles/Mar-Apr_2023/y.jpg" style="width:2%;" /> is the cumulative average cost of producing x units, A is the theoretical cost to produce the first unit, x is the cumulative number of units produced, and b is the learning curve exponent. Thereby, the Learning Curve Slope (LCS) expresses the decreased percentage in time (or cost), as the number of units produced doubles. According to Evan Boone et al., in their 2021 Defense Acquisition Research Journal article, “<a href="/library/arj/ARJ/ARJ95/ARJ95_Elshaw%2020-850.pdf" target="_blank">A Learning Curve Model Accounting for the Flattening Effect in Production Cycles</a>,” this implies an increase in performance, which translates into reduced cost and/or performance time. <h3>Measuring the Impact of Telework</h3> Suppose a worker fails to achieve the expected learning curve improvement because of interruptions in a normal work routine. How can we measure the diminished performance attributable to telework? Published literature on learning and forgetting provides a measuring pathway. Sheryl Estrada in 2020 presented several ideas about measuring learning curve performance during COVID-19 telework in an article for <a href="https://www.hrdive.com/news/how-to-navigate-the-remote-work-learning-curve-during-covid-19/574389/" target="_blank">HR Dive</a>. Some of those ideas included using digital tools to track work continuity and consistency. Tracking error codes and the number of missed deadlines are other viable quantitative measures. Many organizations now use Microsoft Teams tools to track remote work. Empirical data can provide quantitative variables to compare learning curve profiles before, during, and after teleworking. This is the sort of comparative analysis that we advocate. We postulate that if a graph of the telework data is constructed, the normally increasing concave learning curve may experience dips, thereby indicating point-to-point decreases in the telework-constrained learning curve. In a 1994 research paper in International Journal of Human Factors and Manufacturing, “Multifactor Learning and Forgetting Models for Productivity and Performance Analysis,” Badiru presented such a degraded learning curve plot for the case of production breaks in manufacturing. For additional quantitative modeling of learning curve degradation, see Mohamad Jaber and Maurice Bonney’s 1996 article in Applied Mathematical Modeling, “<a href="https://www.sciencedirect.com/science/article/pii/0307904X9500157F?via%3Dihub" target="_blank">Production breaks and the learning curve: The forgetting phenomenon.</a>” <h3>Conclusions</h3> We have chosen, without an empirical study, a balanced approach between qualitative and quantitative aspects as the focus of future research. The main purpose is to provide the status of current research on the qualitative outcomes related to telework in the context of workforce development and to combine the findings with a mathematical-graphical view. The learning curve theory forms the nucleus for the quantitative assessment of the impacts of telework. In essence, the underlying core of our postulation is that forgetting and diminishing performance are threats to overall organizational productivity. However, workforce redevelopment and preservation provide qualitative means to cope with those adverse impacts. This issue is significant for human capital effects. Decision makers who embrace telework as an option in their respective organizations can benefit from research on telework’s correlation with the decay of learned skills, performance, productivity, efficiency, and effectiveness. Given the increasing availability of data sources on teleworking, we advocate developing appropriate telework models using empirical or observational techniques. <hr /><a href="/library/defense-atl/p/DefAcqMag-March-April23" target="_blank"><img alt="Defense Acquisition Magazine March-April 2023 cover" src="/library/defense-atl/DATLFiles/Mar-Apr_2023/cover%20_MarApr2023.jpg" style="margin-left:6px;margin-right:6px;float:left;width:10%;" /></a>Read the full issue of Defense Acquisition magazine <a href="/library/defense-atl/p/DefAcqMag-March-April23" target="_blank">TABLE OF CONTENTS</a> <hr />BADIRU is a Professor of Systems Engineering at the Air Force Institute of Technology. He holds a Ph.D. in Industrial Engineering from the University of Central Florida. MERTENS is on an Administrative Professional Exchange Program from the German Ministry of Defense. He holds an advanced degree in Finance and Economics from the University of the Bundeswehr in Hamburg, Germany. The authors may be contacted at <a class="ak-cke-href" href="mailto:[email protected]">[email protected]</a> and <a class="ak-cke-href" href="mailto:[email protected]">[email protected]</a>. <h5>The views expressed in this article are those of the authors alone and not the Department of Defense. Reproduction or reposting of articles from Defense Acquisition magazine should credit the authors and the magazine.</h5> <hr /><a href="https://ctt.ac/G30sV" target="_blank"><img alt="tweet" src="/library/defense-atl/DATLFiles/Sept-Oct_2021/tweetbutton.jpg" style="width:10%;" /></a><a href="https://forms.office.com/Pages/ResponsePage.aspx?id=RL4hHDUkv0m8H8ujFxhwWKL1MkZ9ijlJn6eDW2eiPulURThIUzNNN1VaVFRPMzhaTkNHTkMxODE1Ri4u" target="_blank"><img alt="subscribe" src="/library/defense-atl/DATLFiles/Sept-Oct_2021/suscribebutton.jpg" style="width:10%;" /></a><a href="/library/defense-atl/DATLFiles/Mar-Apr_2023/Badiru_MarApr2023.pdf" target="_blank"><img alt="print" src="/library/arj/ARJ/ARJ%20101/print_button.jpg" style="width:10%;" /></a></div>

string;#/library/defense-atl/blog/Telework-PossibleLearningCurve

Chat with DAU Assistant

Current Issue

DEFENSE ACQUISITION MAGAZINE WINS dotCOMM PLATINUM AWARD

Previous Issues

Defense Acquisition Magazine