Skip to content

​flickr photo by USAG- Humphreys​​​​

The Fundamental Principles of Strategy

Security Management spoke with Ross Harrison, a professor at the Walsh School of Foreign Service at Georgetown University and author of the book, Strategic Thinking in 3D: A Guide for National Security, Foreign Policy, and Business Professionals (Potomac Books, 2013). Harrison, and his colleague Thomaz da Costa formerly a professor at National Defense University, will be keynoting the CSO Roundtable’s annual meeting in Miami on May 18-19, 2015. (Click here for details on the event.​)

SM: First, why the need for another strategy book? There are so many already.

RH: When I came out of the private sector, I started working with the U.S. Army War College. I discovered that when military leaders, business executives, and diplomats get into the same room to discuss an issue of common concern, say how to collaborate on stabilizing and creating security in Afghanistan, they were speaking about strategy using different languages. Strategy should fundamentally mean the same to everyone, but it often does not. What I discovered was each of the professions—military, business, government—had a different strategic culture which affected how they developed and implemented strategy.

SM: What practical problems would that cause?

RH: First, they couldn’t talk to each other from a common place of understanding. The biggest problem, though, is that business, government, and military become trapped in their own strategic paradigms. Business people might conceptualize strategy in terms developed by Michael Porter: cost leadership, differentiation, and focus. Military commanders, for their part, would be strongly influenced by Carl von Clausewitz’s formulation of strategy, a prominent part of which is attacking an opponent’s “center of gravity.” The groups would just talk past one another.

SM: And how do you free them from those cultures, or conceptual silos, if you will?

RH: Forget talking about strategy in terms of business, politics, or war. Let’s first step back and figure out what the common, fundamental principles of strategy are. Strategy is at its core a response to a human condition of finite resources, time, and space. What this means is that the fundamental principles of strategy are universal, but how they are applied in different contexts is anything but.

SM: So what are those fundamental principles?

RH: First, you want to create a multiplier effect on resources and efforts. If a company invests a billion dollars in a new product, it wants to create a return that multiplies that investment, not just matches it or moderately exceeds it. In other words, strategy is about creating large goals with proportionately smaller means. I can’t tell you how much strategic planning that occurs today involves merely matching resources with goals.

Second, there is both an outward face and inward face to strategy. An outward strategy involves either adapting to or shaping an environment, such as a particular industry, in a way that accomplishes certain goals. Inward strategies deal with converting inert resources into muscular capabilities and core competencies. Steve Jobs used inward strategies for Apple in 1997. His company had programmers, designers, and other innate resources, but it had lost its capabilities of cutting-edge design, brand management, and innovation. From these raw resources he manufactured new capabilities for Apple.

SM: How could security executives benefit from your message?

RH: In two ways. Security is often considered a cost center. But if you can justify your department’s strategy, you can be instrumental to generating profits for your employer. The key is to understand how your CEO conceptualizes strategy and to “nest” security’s strategy into the organization’s overall strategy to help the company accomplish its goals. Positioning security’s strategy this way not only helps to show value in terms of losses prevented, but it presents security itself as a competitive advantage to the company, whose protection and management of the company brand can spur growth. In Miami Thomaz da Costa and I will talk to security executives about how security can align its own strategy with the larger corporate strategy.

Second, my approach to strategy, along with Thomaz’s important contribution, might help CSOs to better visualize and approach their own threat environment. There may be more powerful and effective ways of viewing and dealing with threats such as hacks, industrial espionage, theft, and other concerns. We may explore that as well in Miami.

SM: Final question: your book talks a lot about Al Qaeda’s strategy. How does that differ from ISIS’s strategy, and what strategy of our own can we use to defeat them?

RH: The biggest difference between ISIS and al Qaeda strategically is that al Qaeda believes it must awaken the Muslim masses before it can create a new caliphate. They have a phased approach—prepare the masses, then can create a state. ISIS does away with the awakening phase. It says, create a state and mobilize the masses.

Another difference is that ISIS’s strategy is to capture large swaths of territory in Iraq in Syria, while al Qaeda, which we don’t believe has a central base anymore, doesn’t generally seek to control territory. 

To actually defeat ISIS, it can’t only be a military strategy, because it’s not just a terror group but also part of a political insurgency. The political strategy has to come from the region, meaning that adversaries such as Iran, Saudi Arabia, and other regional states need to work more closely together on improving the conditions that have given ISIS the ability to grow. Some cooperation is occurring, but it’s a very complex dynamic that defies any ready solutions.