“In my experience, we need to start all our discussions about board membership, accountability, and responsibility with the term ‘leadership,’” said CACI International Executive Chair Dr. J. “Jack” Phillip London. “Leaders cultivate and sustain an organization’s culture. They set the expectations right from the beginning. They are continually communicating what’s appropriate and what’s not appropriate in terms of behavior. And that’s done by example, by discussion, by dialogue, and by role modeling.” As London pointed out, however, having leaders with strength of character is not enough to transform an organization’s culture.
London further explained his view of the role of the board in helping to establish and perpetuate a strategically advantageous culture during an interview with Steven R. Walker, NACD general counsel and managing director, Board Advisory Services Group. Among the highlights, excerpted from their interview, were his reflections on contagions, communication, and culpability.
For these aspiring directors and current directors, how can the board verify and check on the fact that every company holds itself as having high integrity and high ethics?
One of the things that we’ve done at CACI in the last year or so is put together our culture, character, integrity, and ethics [board] committee. We have at least 20,000 employees around the planet, and we surveyed them to get feedback on how they viewed the company’s culture, our standards of ethics, and our operational perspectives on being innovative. This committee is now in the process of putting together a dashboard of metrics that we can use to assess and evaluate as we go along. Turnover rates, anonymous reports of problems—those kinds of things. Of course, you want to do it in a light-handed way. You’re trying to bring people along and encourage them. It’s amazing what happens when you ask people to perform with sincerity and integrity. Good folks, well-intended folks, will tend to rise to the requirement, and it’s amazing how that can be contagious. And the beauty of that is, when there are people who come along who don’t subscribe to that kind of thing, they find a way to meander out the door.
What was the motivation to create the board’s culture, character, integrity, and ethics committee?
I saw too many things going in the wrong direction in our society, our culture, our government, religious institutions, and the athletic world that I didn’t care for. And I thought, “We’ve got a pretty good culture at CACI, and I think we’ve got a good reputation. Let’s put something together that can sustain this.”
How do you, as a leader, make sure the board has access to the layers beyond the C-suite and has open access to things and can nip problems in the bud?
We have concerns in that area. One of the things I do is go around to my organizations and sit down and talk to people. I meet with our customers. I’m confident that the board wants me to do that. And when you do it in the field, you’re diving way below a lot of players. And I’m amazed at the kinds of questions I get in one of these sessions.
Communication’s a big deal. And we work hard at making sure we communicate with our people. But it takes persistent effort and, again, priority, and one of the wonderful things is that our leadership group—the CEO, general counsel, and human resources executive vice president—are very on board with this. By the way, they are members of our culture, character, integrity, and ethics committee. It’s not just board people. It’s members of the C suite and others, and I’ve even thought about bringing on some people that are outside the corporation with appropriate liability considerations.
How do you address crisis from the top?
Well, you’re probably talking about our Abu Ghraib situation. If there’s anything that I’ll absolutely never forget in my career, it’s the experience that CACI went through with the wrongful allegations and charges with regard to our interrogators in the early days of [the war in] Iraq. I first found out when Seymour Hersh put out his article in The New Yorker [in 2004] making some claims. The public was ready to hang me. I made the fairly early discovery that the allegations in the leaked report had flaws in them. They had listed some people in there as being our employees, who weren’t our employees.
And so, I dug down into it and found out that our culpability was really misrepresented. It gave me the fortitude, commitment, and the confidence to stand up on it. The main problem was a lot of people wanted to have me fired because of the type of work that we were doing. I would save my neck in the media at least by letting all those people go, but that was not the right thing to do. If you just hang in there, and you’re credible, and you’ve got your facts together, you’re going to prevail—and our reputation today is probably better than ever.
Dr. J. “Jack” Phillip London is the Executive Chairman of the board of CACI International, a Fortune 1000 Largest company that provides services to many branches of the federal government, and serves on the boards of the U.S. Navy Memorial Foundation, the Naval Historical Foundation, Friends of the National WWII Memorial, the Senior Advisory Board of the Northern Virginia Technology Council, and CAUSE (Comfort for America’s Uniformed Services), the “wounded warriors” support organization. He has served on numerous other boards and foundations.
More information is hidden in plain sight than ever before. When the success of the global economy is hinged on the secure ownership of intellectual property and data, it behooves those who govern in the global company to understand how this information is being protected—and how it could be compromised. To that end, the National Association of Corporate Directors convened directors and cyber risk experts in Geneva, Switzerland, for its first Global Cyber Forum.
Dr. Simon Singh demonstrates the inner workings of an Enigma machine (Credit: Les Studios Casagrande).
Attendees from nearly every continent made their way to the Hotel President Wilson to confront the challenges of securing data across borders in light of complex and sometimes competing regulations. The European Union’s General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018, will be a watchword during each session. The complex and potentially costly regulation is likely to affect most companies that do business with or employ Europeans.
GDPR defines protected data far more broadly than the protections set by most country regulators. (Click here to learn more about the implications of GDPR.) Experts from international KPMG offices, cybersecurity firm Rapid7, AIG together with NACD cohosts Ridge Global and the Internet Security Alliance, will proffer their best advice on the interconnected challenges and solutions of cybersecurity oversight for today’s board directors.
NACD’s Global Cyber Forum commenced Tuesday night with a keynote presentation by popular scientist and author Dr. Simon Singh.
A particle physicist who completed his degree at Cambridge University while working at the European Organization for Nuclear Research (CERN), Singh has committed himself to helping everyday people understand some of the most complex concepts in modern math and science. He is the author of several books and won a BAFTA award for producing Fermat’s Last Theorem, a documentary based on the search to prove one of the most difficult mathematical theories in history.
Singh’s presentation in Geneva turned directors’ attention to “the history of secrecy,” a topic that he covers in his 1999 book, The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography (Doubleday). He pointed to writers of the popular TV programs, The Simpsons and Futurama, to highlight how unexpected points about mathematics and science hidden in plain sight and how susceptible we are to finding patterns that may have absolutely no meaning.
He cited several instances of codes being found in popular texts or songs, including in the rock band Led Zeppelin’s “Stairway to Heaven,” which when played in reverse has been interpreted to contain an evil message. When Singh queued up the song, at first no one in the audience heard any discernable words. Then he pointed to the lyrics on a slide deck and almost half of the audience “heard” the words. His point? To challenge the audience to be more skeptical and open to believing that which can be proven—or disproven—with rigorous evidence.
When the science of cryptography was introduced to the audience. Singh noted that messages can be found as a pattern almost anywhere—including in Moby-Dick, where one author found an inordinate number of passages pointing to history that had coincidentally happened since its publication in 1851. The human mind, however, has been able over the millennia to form some truly remarkable codes that have eluded prying eyes and minds for hundreds of years.
While some of the earliest computing machines, such as Enigma, developed during the First World War present nearly insurmountable odds against being deciphered, Singh reminded the audience that all ciphers are created by humans, and where there are humans, there is bound to be error. The same human curiosity and propensity to find patterns in behavior has led some skilled code-breakers such as those at the UK’s Bletchley Park who turned the tide of World War II by breaking codes.
Directors in the audience were challenged to think of the technologies that could protect their company’s own secrets while also considering the power—and foibles—of human error. Singh brought with him a prized possession: his very own Enigma machine.
When he turned to the audience to see if they had any questions about it after a brief demonstration, one attendee asked how the next frontier of quantum encryption would impact businesses. Singh pointed to the fact that scientists in Geneva were already sending messages encrypted at the quantum level within cities, and that others had sent quantum-secured messages via satellite. Quantum computing itself could make all encryption obsolete, he said. Such a development would render useless our current understanding of how to protect corporate assets, such as customer information and other data. He also noted that no one really knows what governments around the world have already achieved regarding this next frontier in information security.
Coverage of the full day of programming at the Global Cyber Forum is forthcoming in another installment of the blog and in the May/June issue of NACD Directorship magazine.
If there is one word that is capturing the new normal pace of the age we are in, it is acceleration. We are accelerating into the digital era, thanks to the explosion of data, accessibility of cheaper computing power, and broad adoption of technologies like machine learning and the growing web of connected devices composing the internet of things. An increasing number of companies are taking advantage of these trends to develop more innovative and compelling experiences for their customers, drive better and faster decisions, streamline their operations, and proactively reduce operational risks within their eco-system.
But while digital transformation promises accelerated innovation and economic advantages, the shift often creates unprecedented challenges for many companies steeped in legacy culture, process, technology, and ways of working. Not surprisingly, business model disruption and technology disruption are ranked as the top trends impacting their company over the next 12 months by the most recent 2017–2018 NACD Public Company Governance Survey. While board members are grappling to understand the implications of these changes for their organization, they must also turn their attention to the digital literacy and preparation of the company’s workforce to prepare it to face new challenges.
One critical challenge that can’t be ignored is the company’s role in preparing its workforce for intelligent automation. The World Economic Forum’s Future of Jobs Report predicts that 7 million jobs could be lost over the next five years through redundancy, automation, or disintermediation, with the most significant losses in white-collar office and administrative roles. Others argue the job losses could be less over the long term and there is much debate among economists, historians, and think tanks on the level of job destruction and creation that will come from automation. But two things are certain: one, in the near-term, we expect much workforce force disruption; and two, as artificial intelligence algorithms increase in sophistication and computational power, the pace of intelligent automation is likely to accelerate and push the workforce to focus on higher value activities. To meet that challenge, the workforce of the future will need to acquire a new set of skills rapidly in order to interact with the future of intelligent systems.
Unfortunately, many companies aren’t entirely equipped to assess and prepare their workforce for this disruption, especially in corporate functions like finance, treasury, risk management, and human resources. Research suggests these critical functions are still struggling to understand the full scope and impact of new technologies. For example, the 2018 AFP Risk Survey, supported by Marsh & McLennan Companies’ Global Risk Center, polled over 600 senior-level treasury and finance executives. The majority of respondents to the annual survey cited artificial intelligence, robotic process automation, and data engineering as technologies that could expose their companies to some risks, including disruption to business operations and regulatory risks. Only 14 percent of the same group surveyed say they are “significantly prepared” to manage these changes effectively and more than half (54%) say they are only “moderately prepared.” Similarly, the 2017 Excellence in Risk Management report, by Marsh and the Risk & Insurance Management Society (RIMS), found an awareness gap among many risk managers on the use of disruptive technologies by their organizations. The survey also found that more than half of organizations have not conducted risk assessments for disruptive technologies.
It is clear that the need to invest in re-tooling the workforce couldn’t have come at a more critical time. At the heart of this investment should be access for the workforce to a digital literacy program. Digital literacy is notably separate from computer literacy. Rather, it should be a focused program that educates employees in emerging fields such as big data, machine learning, process automation, blockchain, and the internet of things. The program would provide practical applications that are contextual to the employee’s role.
Thanks to advancements in online technology, there is now an array of learning opportunities available to employees and to board members alike. For example, Massive Open Online Courses offered through companies like edX and Coursera offer an array of courses, as well immersive, state-of-the-art educational content developed by top technology companies. Many of these platforms cater to the needs of individual enterprises and can customize digital literacy pathways for employees based on their industry and current skillsets. A small but growing number of companies are exploring these platforms as an avenue to accelerate learning within their organization.
A subset of technology companies is also opening up access to core technology courses beyond their employee population as a way to shore up interest in the technology used at the company and to close the skills gap. Microsoft recently announced the Professional Program for Artificial Intelligence for aspiring engineers and analysts with to a basic introduction of AI to mastery of the skills needed to build deep learning models for AI solutions that exhibit human-like behavior and intelligence.
Last but not least, there are more traditional ways to close the digital literacy gap. AT&T Corp., for example, sponsors a low-cost online master’s degree in computer science from the Georgia Institute of Technology’s school of computing and offers a variety of courses to retrain its employees who work in jobs that will become obsolete, such as landline installation and repair.
The concept of digital literacy is still at an early stage, but it is a critical foundational step that companies need to take to prepare their workforce for their future. Technology is disrupting everything in its path—including the demand for, and demands on, the workforce—and it’s not slowing down. The question boards need to ask is whether their organization is prepared to oversee the transformation of their company’s workforce proactively or passively react to the inevitable technological progress that will disrupt down the road.
Leslie Chacko is a director in Marsh & McLennan Companies Global Risk Center and leads research on emerging technologies. He has over 14 years of experience in advising clients in the financial services and high tech industries at the intersection of strategy, technology and risk.