​Our most recent columns explored how Paul O’Neill and Stanley McChrystal used institutional learning systems to better manage risk and optimize performance. This column focuses on the architecture behind a systems-based approach to risk management.

"Who decides that Soho should have this personality and that the Latin Quarter should have that personality? There are some kind of executive decisions, but mostly the answer is, everybody and nobody." - Steven Johnson, The Web as a City, TED Talk (2003)

Part VIII of this series explained that the most resilient companies of the future reflect a risk management model of emergent intelligence that allows organizations to adapt quicker and more effectively to changing circumstances. We explained that these organizations embrace risk (or as we like to say learn to thrive in managing opportunities and threats) through the use of institutional learning systems and we cited examples of Alcoa under Paul O’Neill and the Joint Special Operations Task Force formerly led by Stanley McChrystal. Citing the work of Frederick LaLoux, we also explained how such organizations resemble a living organism or ecosystem and that such organizations represent the future.

Let’s now take a closer look at the architecture of resilient companies that build institutional learning systems. The best way to is go back to 1962 when a nuclear confrontation threatened the planet’s existence. At that time, the United States and Russia were embroiled in the Cuban Missile Crisis. Both countries had built hair-trigger nuclear ballistic systems and each country was engaged in risk planning and pondering various post-nuclear attack scenarios. In the United States, Paul Baran, a Polish-American engineer working at the Rand Corporation, got involved in a project to redesign the architecture for military communications that could survive a nuclear detonation.

Baran realized that America’s military’s communications system was built on a form of centralized networks. A centralized network is depicted as a star with every node connected to a central node. A decentralized network is a network of centralized networks with the central node of each network connected to several other central nodes. Both types of networks are depicted below, and they resemble a hierarchical model characteristic of most organizations. By taking out one or more central nodes, the network breaks down in the same way an organization would collapse if the central authority was removed.

Recognizing that both models were equally vulnerable to attack by taking out the switching centers of the communications network (the central node or nodes), Baran got the idea of a “fishnet” model. In a fishnet network or what we call a distributive (or distributed) network, every node has as many connections as possible to other nodes. The resiliency comes from the fact that every node can act as a server for others and is capable of forwarding communication from other nodes. Consequently, disrupting communication requires that every node or link be destroyed – a nearly impossible challenge. All three network forms are shown below.

All three models are types of social networks. The challenge with hierarchical social networks (centralized and decentralized) is too much intelligence and decision-making lays at the center of the network. This causes the organization to be less resilient and adaptable to change, often embracing top-down, non-inclusive decision-making, with closed, not open, information flows.

By contrast, the distributive network resembles a “hive mind” that builds a dense network of human intelligence which is exactly what Paul O’Neill and Stanley McChrystal helped their respective organizations (Alcoa and the Joint Special Operations Task Force) become. Our next column will look at the latest science on how people function when they are part of a distributive network and the consequent advantages for risk management.