Tuesday, May 09, 2006


Last Friday
("Organization," May 5) I explained why cyberspace will alter the structure of illegitimate organizations: gangs and other illicit coalitions.

Today I want to discuss a related issue: why cyberspace will also alter the structure of legitimate organzations, such as corporations, government agencies and the like.

My expertise in crime and criminal law lets me speak with assurance -- and, I think, accuracy -- about the structure and evolution of illegitimate organizations. I am not an expert on
non-criminal groups but I have what I think is good reason to believe that cyberspace will also, must also, affect the structure of non-criminal groups, notably, private groupings used to carry out commercial and other types of activity.

Everything I am going to say today derives from (a) extrapolations based upon my analysis of how cyberspace will affect illegitmate organizational structures and (b) anecdotal evidence, the product of my observations of how legitimate organizations function today.

As I explained in my earlier post, hierarchical organization evolved, and triumphed, in the real, physical world because it is a superior way to orchestrate collaborative human effort toward the achievement of various goals: military action; commercial production; large-scale educational activity; government affairs; etc. I explained that criminal groups began to adopt hierarchical organizational forms as they moved from "simple" criminal activity (serial robbery, extortion, and the like) into "complex" criminal activity (bootlegging in the 1920's, large-scale drug production and distribution, etc.). While simple hierarchies suffice for simple tasks (hunting and gathering, robbery), more complex tasks require a more sophisticated division of labor.

In my earlier post I explained that cyberspace will alter this, with regard to criminal organizations, because activity in cyberspace is not subject to the physical constraints we must deal with in the real-world. Cyberspace is, as a result, a much more fluid environment . . . a conceptual, not a physical environment. It is, as many have noted, an environment in which lateral organizational structures are more effective than are hierarchical organizational structures. And that is why, as I explained in my earlier post, I believe we will see different modes of organization emerge for criminal activity in cyberspace; I believe we will see hierarchical structures like the U.S. Mafia families replaced by fluid, lateral, "situational"organizational structures. I think cybercriminals will come together when and as necessary for the collaborative achievement of certain ends, and then go their separate ways, all of which, as I said earlier, will make law enforcement's job that much more difficult.

But I am not talking about criminal organizational structures today. I want to speculate a bit about how cyberspace will (should) impact on legitimate organizational structures, such as the commercial, for-profit corporation. (I could just as easily talk about government agencies, but I am going to pick on commerce today, instead.)

I titled this post "Dinosaurs" because I think the huge, hierarchical organizational structures that are characteristic of the modern commercial corporation are, or soon will become, as antiquated as the erstwhile Brontosaurus (now Apatosaurus) depicted above. The Brontosaurus was one of the largest land animals that ever existed; it was, as a result, exceedingly slow and cumbersome in its movements. Now, that is not a particular disadvantage for a species that exists in an environment in which predators are few and can be effectively discouraged by the animal's size. It would be a significant disadvantage for the species if the environment were to be invaded by predators who were numerous and who were not in the least intimidated by the animal's bulk.

I think this latter scenario is beginning to evolve today, in the clash between cybercriminals and conventional hierarchical organizations. Over the last century or so, corporate and government entities have evolved into huge, unwieldy entities . . . the modern organizational analogue of the Brontosaurus. The increasing size of these entities conferred certain advantages with regard to the conduct of their real-world activities and created no significant disadvantages as long as they, like the Brontosaurus, existed in an environment in which predators were relatively scarce and were disinclined to challenge such large and powerful targets. It was, aside from anything else, difficult for individual criminals or criminal groups to mount a successful physical attack on a multinational corporation. What was there to attack? The entity may have enormous wealth, but where was it and how did one access it? The entity's resources were not concentrated in a specific location in a suitably portable, fungible form. Robbers could rob a local bank, but could do little with the Ford Motor Company or American Express. The size differential protected the larger entities; robbers could figure out where the bank's resources were, but could not begin to penetrate the structure of a multinational corporation.

Cyberspace alters the environment in which corporate (and government) organizations function. Large, powerful and slowmoving, these organizations are no match for online attackers who are already utilizing the more fluid organizational forms I wrote about in my last post.

The analogy that comes to mind (my mind, anyway) is that of a Brontosaurus being attacked by evolved velociraptors armed with a submachine gun and expertise in using it. The velociraptors cannot summon the physical resources the Brontosaurus can, but they are much more nimble, can attack while evading counterattack and can, courtesy of the submachine guns, attack remotely. The size that was once the Brontosaurus' advantage has become its Achilles heel.

I think of this analogy when I hear/read about/otherwise encounter instances in which corporate and other large, legitimate entities are attacked by cybercriminals. From what I see (IMHO), their size and the complexity of their organizational structure is counterproductive in this context. Any effort to respond to cyberattacks by reacting to completed attacks and/or deterring future attacks must proceed through a large, complex institutional hierarchy . . . which means that the effort will move very slowly. Along the way, the effort may be further delayed and/or sabotaged by internal political and other operationally irrelevant motivations. The outcome is likely to be a failure to respond or a response that is ineffectual.

What should we do? How do we modernize our Brontosaurian organizations so they can deal effectively with the challenges emerging in the online environment?

I really don't know. I imagine we will, for a long time, anyway, need hierarchical organizations to carry out certain tasks in the real-world, tasks involving large-scale collaborative human effort. I suspect, though, that we will begin to see hierarchical organization decline in popularity as other types of human endeavor migrate wholly or substantially online where they are conducted by non-hierarchically structured entities.

No comments: