Fast Knowledge: Innovating in Homeland Security by Learning in Near Real-Time for High-Threat Events

pdf icon - download pdf

Michael Marino


Knowledge is a limited currency that requires cultivation for the advancement of any organization.[1] However, homeland security as an enterprise is slow to learn, no matter the kind of learning: lessons-learned documents and after-action reports are inadequate for the homeland security enterprise to efficiently learn from high-threat events, especially in a timely manner.[2] The after-action process has been loosely adopted from the military experience, and increasing first-responder readiness for future events has been challenging, partly because no efficient or standardized way allows such responders to disseminate lessons learned from incidents of national significance.[3] Nor has any entity articulated a process by which either individual or organizational learning might occur in near real-time.[4] Thus, the homeland security enterprise is ill-equipped to learn from major events.

Violent, high-threat events, such as active-shooter/active-violence incidents, fire as a weapon, and responses to explosives, warrant immediate national-level learning for these complicated and complex threats given the multi-disciplinary coordination needed for mitigation. This is in part because threat actors iterate tactics and aggressors copycat incidents. Also, tens of thousands of departments and agencies across the United States need to learn simultaneously. The sheer size and diversity of the homeland security enterprise and the collective-action problem of who should champion knowledge capture all constitute barriers to learning quickly. The current after-action report process underappreciates the learning processes needed to get the right information to the end-user.

Fortunately, some learning organizations do exist and demonstrate recognizable characteristics that accelerate or contribute to enterprise-wide organizational learning.[5] First, such organizations embed a culture of learning into all processes, not just when an incident occurs or when something goes wrong.[6] Second, learning organizations embrace failure as critical to innovation and learning, rather than avoiding, fearing, or denying it.[7] Third, specific persons, entities, or teams own the learning process for the organization, which develops an organizational learning specialization, not an ancillary duty.[8] Homeland security possesses none of these features; therefore, a study of effective learning organizations may render a roadmap for efficient, timely, and more accurate learning for the homeland security enterprise (HSE).

This thesis investigated, through comparative case study analysis, two organizations purpose-built for organizational and enterprise-wide learning. Those two organizations, the Center of Army Lessons Learned (CALL) and the National Transportation Safety Board (NTSB), have demonstrated a repeatable learning process suitable for the HSE. A third analysis compared the learning efforts of official after-action reports with a novel learning team deployed by the High Threat Institute (HTI) following the 1 October massacre in Las Vegas. Each case study evaluated timeliness of reporting, sensemaking of facts, and dissemination to a broader community.

The United States Army formally created CALL in 1985 “as a unit for collecting new lessons as they emerged from army operations, either in a live situation . . . or during simulations.”[9] CALL’s framework for learning translates multiple sources of data into timely, meaningful outputs for end-users and optimizes how practitioners receive those products. Notably, CALL also uses lessons learned to their fullest extent by then initiating doctrinal change with the new information. CALL’s process embeds a learning culture into its parent organization and maintains a robust system to learn from action. In the case study of troops deployed to Haiti, real-time learning captured from an embedded learning team influenced how follow-on troops conducted operations. This ability to quickly transmit knowledge in the field shows promise for the HSE using the CALL framework.

The NTSB investigates significant accidents and incidents for the transportation community, employing a near real-time learning team to assess ground conditions and event information as soon as possible after an accident occurs. In 2019, the motor vessel Conception was involved in one of the deadliest maritime accidents in modern history.[10] This tragic incident served as an effective case study to demonstrate the attributes of a learning team: fast learning and knowledge transmission, both within and outside of the initial community of interest. Given the timeliness of the NTSB Go Team’s response, swift data collection under chaotic event circumstances, the ability to quickly collect and make sense of data from multiple systems, and an established and effective route of dissemination, the NTSB model could be applied to other high-impact and complex incidents that require near real-time information and analysis to improve industry practices or processes.

The HTI is a non-profit grassroots effort founded in December 2016, “focused on developing an innovative framework for instituting a public safety–oriented platform of research, training, and education.”[11] In 2017, the HTI assembled a team of researchers, including this author, to test a concept of operations for near real-time learning from a high-threat event, deploying October 2–5, 2017, to the 1 October incident in Las Vegas, Nevada, to collect interview accounts of responders. The data collected and the resulting findings demonstrate that the HTI information was equal or superior to official after-action reports, yet rendered in near real-time.

Each case study demonstrates that quick, effective learning is possible even within large and complex agencies. What differentiates sub-optimal from meaningful learning is a systemic learning culture, and an emphasis on sensemaking and speed. This thesis examined effective organizational learning frameworks that can be applied to the HSE to accelerate knowledge acquisition from major events in near real-time. The results demonstrate that speed is not inhibitory to the learning process. Recommendations highlight the need for adaptive change in how the homeland security environment evolves, through the creation of an entity responsible for organizational learning. Such an approach would also leverage local learning officers to achieve bi-directionality in a novel knowledge acquisition process. Homeland security must embrace new approaches to rapid learning that account for near real-time data collection and sensemaking. Sensemaking will require incubators to embrace failure as a learning tool and to test concepts and novel approaches. The testing and testers will inherently act as the advocacy networks required for a new HSE systemic learning process. This concept promotes HSE organizational learning momentum, thus avoiding recurrent failures and enabling fast learning for optimized performance.


[1] Mark Easterby-Smith, Handbook of Organizational Learning and Knowledge Management, 2nd ed. (Chichester, UK: Wiley, 2011), 383; Antonio Ramírez and Rodrigo Rojas, “Knowledge Creation, Organizational Learning and Their Effects on Organizational Performance,” Inzineriné Ekonomika 22, no. 3 (2011): 309.

[2] Amy Donahue and Robert Tuohy, “Lessons We Don’t Learn: A Study of the Lessons of Disasters, Why We Repeat Them, and How We Can Learn Them,” Homeland Security Affairs 2, no. 2 (July 2006): 1–28.

[3] Donahue and Tuohy.

[4] For the purposes of this research, “near real-time” is defined as one to seven days after initiation of the event. As the learning is to be assessed by an external team, 24 hours represents a lower estimate of placing a multi-disciplinary team on site. Given that collection, analysis, and dissemination of incident data would still have to occur once at the incident scene, seven days is offered as the upper limit to still be timely and meaningful. The author acknowledges that many factors, such as distance to the incident and method of travel, number of complexity factors (multiple threat vectors, new tactics, severe lethality), and number of incident evaluators performing research, can influence these estimates, which would change the timeframe of one to seven days.

[5] Peter Senge, The Fifth Discipline: The Art and Practice of the Learning Organization, rev. ed. (New York: Doubleday/Currency, 2006).

[6] Steven Mains and Gil Ad Ariely, “Learning While Fighting,” Prism 2, no. 3 (June 2011): 166.

[7] Bill Roberts, “Innovation Quotient,” Electronic Business 26, no. 13 (December 2000): 98.

[8] Cynthia C. Lebow et al., Safety in the Skies: Personnel and Parties in NTSB Aviation Accident Investigations (Santa Monica, CA: RAND, 2000),‌monograph_reports/‌MR1122.html.

[9] Alton Y. K. Chua and Wing Lam, “Center for Army Lessons Learned: Knowledge Application Process in the Military,” International Journal of Knowledge Management 2, no. 2 (2006): 72, https://doi.‌org/10.4018/jkm.2006040105.

[10] National Transportation Safety Board, “Preliminary Report Marine DCA19MM047” (Washington, DC: National Transportation Safety Board, September 12, 2019),‌Accident‌Reports/Reports/DCA19MM047-preliminary-report.pdf.

[11] “Home Page,” High Threat Institute, last updated February 4, 2020,

No Comments

Post a Comment