To identify and understand how intrapreneurs can be recognized as insider threats, I will use a Rogerian approach.
The Rogerian school seeks to resolve conflict by enabling adversaries to understand one another, to empathize with each other and find common ground, seeking shared and mutual understanding and learning.
By ”listening with understanding”, one can”see the expressed idea and attitude from the other person’s point of view, to sense how it feels to him, to achieve his frame of reference in regard to the thing he is talking about.” (Rogers, 20171). Building on this notion, Baumlin (19872) stated that:
”we fight because we have forgotten that we can change ourselves, change each other, grow towards each other rather than apart”
James S. Baumlin, Persuasion, Rogerian Rhetoric, and Imaginative Play
Rapoport (19603) and later Young et al. (19704) contrasted Rogerian strategy against two other ways of changing people, namely the Pavlovian and the Freudian strategy:
Rogerian strategy recognizes people as protective against what they perceive as threatening. It proposes that people can change if the perceived threat in changing is removed. For such threats to be substantially removed, they must first be understood and articulated. It is in line with the Rogerian strategy that this thesis attempts to articulate ways to recognize intrapreneurs as insider threats.
Freudian strategy recognizes people as influenced by their unconscious motives, unknown to themselves. It proposes that people can change if their hidden motives are revealed.
Pavlovan strategy understands people as ”a bundle of habits that can be shaped and controlled” (Rapoport, 1960) through incentives and disincentives. In existing literature on innovation management and intrapreneurship, the Pavlovan strategy is often implicitly assumed, as when Elert & Stenkula (20205) concludes that ”the rules at different layers of society must be aligned in a way that results in a relative payoff structure that incentivizes fully productive intrapreneurship—at both the firm and societal level.”
Rogerian with a twist – of ignorance
In lack of access to sources that identifies Intellipedia and/or its proponents insider threats, this thesis is only equipped with the recorded statement by Dennehy that such accusations had been voiced (Havenstein, 20086). Instead, existing literature from a broad range of relevant academic fields have been searched for perspectives supporting such positions.
To attempt a Rogerian approach when at least one central part of the conflict is missing, and instead search for arguments to support its position – that intrapreneurs can be recognized as insider threats – in academic literature, is admittedly a bold enterprise.
To achieve meaningful understanding of the perspectives of these critics, in-depth interviews and/or participant observation would be more appropriate methods than a literary review. Nevertheless, as the perspectives of critics and sceptics cannot be attained within the scope of this thesis, a literature review with a Rogerian approach is applied instead: Rather than understanding (verstehen) the point of view of skeptics or critics of intrapreneurial ventures, this thesis aims to find support for sceptical and/or critical positions against intrapreneurial ventures in general, and propose how they might apply to the case of Intellipedia.
Hopefully, it also contributes to a deeper understanding of ”exploitation” positions, as opposed to ”exploration” positions, in the fight over organizational resources around intrapreneurial ventures.
Criticism of Rogerian argumentation
Rogerian argumentation has been criticized for its limitations (or fallibilities) in addressing structural inequities such as gender inequality (Lassner, 19907) and racism (Pâquet, 20198), and – in the context of nondirective psychotherapy – to hamper reflexivity amongst its practitioners (Margolin, 20209). The two former share a critique about how victims rather than perpetrators are proposed to address injustices, and they all concern ”underlying problems with power relations” (Pâquet, 2019) in Rogerian argumentation.
If “theories are stories” (Goodson, 201010), Rogerian argumentation can easily end up reinforcing the stories of the powers that be, even if they ought to be challenged, according to these critics.
In searching for possible perspectives on how intrapreneurs can be recognized as insider threats, this thesis has focused on perspectives beyond what Allison (197111) would call “governmental politics”. However, such perspectives beyond that of the rational actor-perspective (e.g. critical studies of how illegitimate leaders might exploit the concept of intrapreneurship to reaffirm their dominance by letting junior, loyal members “rebel” against more senior contestants for power, or of organizational incumbents labelling intrapreneurial challengers for power as insider threats to secure their own standing in the organization) might be very relevant.
An unreflective Rogerian approach would be to not admit this limitation in scope and reasoning. Although this thesis explores critics and sceptics to intrapreneurial ventures through a ”Model I”-perspective of participants as rational actors (Allison, 1971), other perspectives also apply for insider threats and intrapreneurship alike.
Intelligence services are arguably always in need of innovation in order to “create an agile and successful organization able to continuously adapt its business processes to the development of society and targets” (Nicander, 20111). Today, the challenges posed to intelligence services and their traditional tradecraft include the adaptation of technologies in fields such as biometrics, computer science and surveillance, the digital transformation of society in general and perhaps specifically cyber warfare (McLaughlin & Dorfman, 20192).
In military technology development, the US has enjoyed a “scientific advantage upon which U.S. military dominance relies” since the end of the Cold War (Javorsek et al., 20153). This dominance might be eclipsed by China in the future, Javorsek et al. suggested.
Last year, the U.S. House Permanent Select Committee on Intelligence’s Subcommittee on Strategic Technologies and Advanced Research (STAR, 20204) stressed the importance of innovation exploitation in the intelligence community (USIC):
We must act now. Studies, reports and commissions have warned for decades about the risks to national security from the steady erosion in our innovative capacity. Those risks are no longer abstract or speculative. They are upon us and presenting us with ever more adversity and ever more limited policy options.
The report recognizes that the USIC’s innovative capacity is ”constrained by necessary secrecy, compartmentalization and rules”, and ”a culture that often punishes risk and cements the status quo” (STAR, 2020, p. 1). The report identifies intolerance of risk as ”the most unsettling [stated problems of USIC] from the standpoint of innovation”, stating that its effect can be lethal (STAR, 2020, p. 10).
Earlier the same year, the CIA launched a research and development initiative, ”CIA Labs”, to better address such challenges (CIA, 20205).
The USIC’s different branches are not only prolific and well funded but also, in comparison with other countries’ equivalents, relatively open to study and scrutiny. This makes Intellipedia, serving many intelligence services of the USIC (Lardinois, 20096), a good case to help illustrate questions around intrapreneurs as insider threats in the USIC.
Intellipedia is a Wikipedia for the US Intelligence Community: a tool for collaborative, asynchronous information sharing within and between different U.S. intelligence agencies. It uses the same software as Wikipedia, and even had an ”import from Wikipedia”-option in an earlier version (Dennehy, 20081), where analysts could easily include data from Wikipedia.
Intellipedia is separately implemented on different clearance levels to compartmentalize sensitive information (CIA, 20092). In March 2017, one of its founders (Dennehy, 20173) stated that Intellipedia had received ”about 350 Million pageviews” since its inception more than ten years earlier.
Whilst the idea for the effort is attributed to the then head of the CIA’s unit for collaboration technologies, Calvin Andrus (Tomlin, 20054) and his article in Intelligence Studies, “The Wiki and The Blog” (Andrus, 20055), it was CIA’s Sean Dennehy and Don Burke that are credited for spearheading the initiative (CIA, 20086).
Tested in 2005 and announced formally in 2006, Intellipedia soon became something of a trophy project for the US Government. Dennehy later recalled how ”I thought I was working for our public relations office [because] I was up in their office so often about Intellipedia” (Dennehy, 2008). However, the Intellipedia project was also met by skepticism from members of the USIC (Dixon & McNamara, 20087). Sean Dennehy, later publicly recalled:
”We were called traitors, [and were told] we were going to get people killed”.
Intellipedia has been recognized as an intrapreneurial venture by consulting firm Deloitte (Arnold & Magia, 20139) and has been covered in many news articles, but is generally understudied in academic literature. The available research is a case study of Intellipedia as a main example for one of three ”distinct legislative approaches” to increase federal counterterrorism information-sharing by the U.S. Congress, where Intellipedia illustrates the consent approach (Peled, 201610).
Intellipedia is also named in a conference talk (not cited by Peled) about how the U.S. Information Sharing Environment (ISE), has benefited from Intellipedia (Willbrand, 201011). Both contributions mention Intellipedia as a response to the political pressure for more information sharing within the USIC, in the wake of the 9/11 terrorist attacks against the U.S. in 2001.
Other than this, Intellipedia is named in student papers, namely Ben Eli & Hutchins (201012) and Chomik (201213). The latter student also wrote an article mentioning Intellipedia published in a journal the year before he presented his master thesis (Chomik, 201114).
Also, there is an ethnographic study made by the Defense Intelligence Agency’s (DIA) Knowledge Lab, of how DIA analysts use and experience the Intellipedia, privately published online by one of the researchers (Dixon & McNamara, 200815). The DIA study is made from unclassified data extracted from interviews (with ten analysts identified as active users of Intellipedia and five identified as non-users), all anonymized. The researchers stated reluctance to call their results ”findings” and instead presented them as observations, as there was no systematic sample of respondents and because the sample size was relatively small (this study is one of two main sources used by Chomik in 2012).
Do you know of other published studies, papers or findings on Intellipedia?
The intelligence community needs innovation and innovation involves risk (STAR, 20201). Intrapreneurs are employees that use their entrepreneurial spirit for the benefit of their employer to produce impactful innovations (Pinchot & Soltanifar, 20212). The risks and negative spillover associated with intrapreneurial ventures and how they are perceived are not thoroughly explored in literature on intrapreneurship, although risks and non-productive outcomes have been observed (Elert & Stenkula, 20203). This thesis uses the intrapreneurial venture Intellipedia, the U.S. intelligence community’s digital information sharing platform – in essence an internal, compartmentalized Wikipedia – to tentatively explore existing literature for perspectives for deeper understanding of how intrapreneurs can be recognized as insider threats, as the intrapreneurs behind Intellipedia were. One of the two intrapreneurs awarded for Intellipedia (CIA, 20094), Sean Dennehy, has publicly recalled how ”We were called traitors, [and were told] we were going to get people killed” (Havenstein, 20085).
This thesis does not study the actual skeptics and critics of Intellipedia or their arguments and positions. Finding such critics and receiving high enough clearance and trust to have them speak candidly about their concerns was deemed beyond the scope of this thesis. Instead, it seeks arguments for recognizing intrapreneurs as insider threats in a broad range of academic literature. In this holistic literary review, a Rogerian approach is exercised insofar that it articulates skeptical and critical perspectives on intrapreneurship not necessarily held by the author, but investigated to better understand positions where intrapreneurs are recognized as insider threats.
This thesis main contributions to academic literature is as an orientation of white spots in science demanding further investigation, of connections between different conceptual frameworks, and of their relevance to the study of insider threats and intrapreneurship. Specifically, the connection between intrapreneurship and constructive and destructive employee deviance is a promising contribution. This thesis also offers perspectives on intrapreneurship and more generally intra-organizational innovation for practitioners, applicable to risk assessments and innovation management. In applying a Rogesian (rather than a Pavlovian) approach to the perspectives on intrapreneurs as insider threats, this thesis offers new insights to the field of intrapreneurship.
Intrapreneurs are employees who use their entrepreneurial spirit for the benefit of their employer, whilst supported by sponsors higher up in their organization (Pinchot & Soltanifar, 20216) also tend to evade their organizations’ control systems and/or resource management to achieve their missions (Pinchot, 1985, p. xi7).
The term was introduced by Pinchot (19858), who described them as “dreamers who do. Those who take responsibility for creating an innovation of any kind within an organization.” In the case of Intellipedia, detailed below, Sean Dennehy and Don Burke are identified as intrapreneurs (Arnold & Magia, 20139).
Insider threats are for this thesis defined as people who, through authorized access to an organization’s resources, have the potential to negatively affect the organization, its purpose and/or its stakeholders, and that risk doing so.
Several types of intentional insider acts have been identified, such as fraud, theft, terrorism, and espionage (Bell, Rogers & Pearce, 201910). However, most harm from insiders is ascribed to unintentional acts: ”honest people making honest mistakes” (Pfleeger, Lawrence Pfleeger & Margulies, 201511).
Intellipedia is a digital platform for collaborative, asynchronous information sharing within and between different U.S. intelligence agencies. It uses the same software as Wikipedia, and even had an ”import from Wikipedia”-option in an earlier version (Dennehy, 200812), where analysts could easily transfer information from Wikipedia to Intellipedia, and then add classified information and personal analysis. Intellipedia is separately implemented on different clearance levels to compartmentalize sensitive information (CIA, 200913).
Whilst the idea for the effort is attributed to the then head of the CIA’s unit for collaboration technologies, Calvin Andrus (Tomlin, 200514) and his article in Intelligence Studies, “The Wiki and The Blog” (Andrus, 200515), it was CIA’s Sean Dennehy and his colleague Don Burke that are credited for spearheading the initiative (CIA, 200816). Tested in 2005 and announced formally in 2006, Intellipedia soon became something of a trophy project for the US Government. Dennehy later recalled how ”I thought I was working for our public relations office [because] I was up in their office so often about Intellipedia” (Dennehy, 200817). However, the Intellipedia project was also met by skepticism from members of the USIC (Dixon & McNamara, 200818). Sean Dennehy, later publicly recalled: ”We were called traitors, [and were told] we were going to get people killed” (Havenstein, 200819).
The purpose of this thesis
Despite a clear potential for overlap of the two phenomenons of intrapreneurship and insider threats, this study has found no prior research in academic literature on intrapreneurs as insider threats. To better understand this question, the research posed in this thesis is:
This thesis does not try to reveal how or when recognizing intrapreneurs as threats might be justified or crucial. Its research question does however, in a Rogerian tradition, seek to enhance understanding between separate fields of research that could help each other. Moreover and in the same tradition, it ultimately also hopes to contribute to shared and mutual understanding and learning among antagonistic practitioners that could do better together. It might help organizations find, keep, understand and perhaps even articulate a balance between exploration and exploitation of available resources and opportunities.
To answer the research question, the thesis will present a number of findings and conceptual frameworks from research on intrapreneurship and related fields of study, and tentatively apply them as perspectives on a typical case of intrapreneurship in the intelligence services: Intellipedia. In proposing how different findings and conceptual frameworks can assist in understanding how intrapreneurs are recognized as insider threats, their explanatory power will be briefly explored rather than tested. Intellipedia is in this sense used to illustrate rather than to verify or falsify ideas.
In short, this smorgasbord of perspectives might serve:
researchers synthesising academic literature: a better understanding of insider threats, intrapreneurs and/or Intellipedia,
scholars seeking to problematize the role of the intrapreneur and of intrapreneurship: a more comprehensive review of critical literature, and
intrapreneurs in and beyond the intelligence community: perspectives on their lived experiences.
The rocket on a fishing rod connects to a story I heard some thirty years ago. It takes place in a very remote and maybe secret rocket launch site in Sweden, during the Cold War.
The site regularly launched reusable weather rockets that, after they had reached their target altitude, had parachutes deploy and bring them back safely to ground.
The only problem was that winds made it difficult to predict where the rockets would land, and retrieving them was often costly and complicated.
Here enters our intrapreneurial hero. It turns out that one of the few men posted on this isolated launch site was quite the inventor. He figured, as you might have done by now, that you could attach a line to the rocket and reel it in with a deep sea fishing rod once the parachute had deployed. According to the legend, it worked.
If true, the Swedish military probably saved lots of taxpayers’ money and time by reeling in rockets by hand, but that wasn’t this story’s pay-off.
As mentioned, this took place at a remote site. In fact, it was so isolated that headquarters decided to send a psychiatrist to assess the people working there. Of course, the first thing that the visiting psychiatrist saw out of her car window was a soldier pointing a big fishing rod to the sky.
Is this story true? Probably not. Swedish Defence Research Agency, FOI, Defence Materiel Administration, FMV, and the museum of launch site Vidsel, RFN Museum, have all been very helpful – Thank You! – but they have not been able to confirm nor deny this story. If you heard a similar legend set in another country, or know more about this one, please let me know!
I decided to keep the symbol though. Fishing for rockets is a good metaphor for taming the wild or catching the ephemeral (as in Karen Köhler’s short story). It’s probably a fitting picture for intrapreneuring.
Cats are a close second: Like intrapreneurs, they can be wonderful and useful, and definitely have a mind of their own. (Also, there are a lot more pictures of cats available than of rockets tied to fishing rods – and my wife writes children books about spy cats.)
Risk is acknowledged as a salient or even inherent feature of innovation and exploration in organizations123. However, the risks’ nature and consequences are often less explored than other features of intrapreneurship and intra-organizational innovation.
In fact, my main reason for starting this blog is to find more research on the risks involved in intrapreneurship and how they can be understood.
Below, I have compiled nine different conceptual frameworks – or perspectives – that might facilitate the understanding of the intrapreneur as an insider threat.
Before we proceed, I would like to define the two most central terms: Insider threat: ”Someone who, through authorized access to an organization’s resources, has the potential to negatively affect the organization, its purpose and/or its stakeholders, and risk doing so.” Intrapreneurs:”People who use their entrepreneurial spirit for the benefit of their employers, and whilst supported by sponsors higher up in their organization also tend to evade their organizations’ control systems and/or resource management to achieve their missions.”
So, to be clear, insider threats – in my definition – need not be harmful or malicious to pose a threat.
Also, as this is part of my thesis work in intelligence analysis, I am particularly interested in how these questions apply to the intelligence services in general and more specifically to the U.S. intelligence community (USIC). Later, I’ll explore Intellipedia as a typical case of intrapreneurship in this context.
Before and after each presentation of a perspective, you’ll see my personal comments on how this perspective relate to the question of intrapreneurs in a grey box.
As a short guide to the nine perspectives, here are a short summary:
Negative spillover: Brain drain This was the only negative spillover from intrapreneurship that I could find any elaborate research on: how intrapreneurs might be recruited by competing organizations, how that risk might be mitigated legally and the potential consequences of such legal measures.
Information security – a compromise As I investigate the USIC and the intelligence sharing platform Intellipedia, this is a central question. However, I would argue that the perspective offered here is applicable to most intrapreneurial ventures, even if the relevance is particularly strong for intelligence services.
Ambidextrous organizations and shadow innovation The balance between exploration (innovation) and exploitation in organization can be described as an ambidextrous act. In this section, I describe how recent findings suggest that the balance is not (entirely) in the two hands of upper management but enacted through shadow innovation (exploration) and efficiency creep (exploitation) in lower levels of the organization.
Evasive entrepreneurship I suggest some parallells between the concepts of (threatening) evasive entrepreneurship and shadow innovation or ”intrapreneurship after dark”.
Transformational intrapreneurship Intrapreneuring might be regarded as an existential threat by incumbent players in an organization if its effects are transformational. In studying how adoption of digital tools transforms organizations (and how organizations transform to enable such tools), such a threat perception might be better understood.
Employee Deviance in organizations Intrapreneuring are more or less ”behavioral departures from norms of a reference group”, a definition of employee deviance. This, in turn, is more or less the definition of the insider threat of ”counterproductive work behaviors” (CWB). Here, a way to distinguish between constructive and destructive deviance is offered.
Tactical-level subcultures Intrapreneurial behaviour in war – i.e. deviations from rules of engagement or other protocol to achieve a tactical advantages – is explained as a form of street-level bureaucracy depending on tactical-level subcultures. This concept might also be applicable under less chaotic circumstances than the fog of war.
Ethics of Espionage Finally, some industry-specific deliberations on right and wrong are considered for guidance on how to assess whether intrapreneurial transgressions are justified or not.
Personal risk vs. organizational risk
Intrapreneurship is pitched to employees ”as a way to capture the creativity and excitement of entrepreneurship, albeit with more resources and less risk”4. But are intrapreneurs really less prone to put themselves at risk than their organization and its assets, or more so compared to entrepreneurs? Whilst this study fails to answer that question, it does contribute with several useful ways to understand and explain intrapreneurships relations to risk.
risk taking propensity as a general enduring psychological characteristic tends not to impact context specific risk-related cognitions and behaviours
Bostjan Antoncic, ”Risk taking in intrapreneurship: Translating the individual level risk aversion into the organizational risk taking”7
In essence, a careful person needn’t be careful in all situations.
Antoncic opens for the possibility that the premise for his article is not to be found: ”A radical conclusion […] might be that the risk paradox does not exist, since it apparently disappeared through the conceptual analysis”, but suggests the “more moderate explanation, that seems more plausible” that there is indeed a paradox, but that it doesn’t disturbe or harm organizational life or performance.
Antoncic recognizes that his approach (as its underlying theories) stipulate that individuals are ”relatively rational decision-makers in bounds of available information that shapes their cognitions and in turn their behaviours”8.
The question of organizational risk vs. personal risk is very interesting from an insider threat-perspective. However, the premise of this thesis might not that relevant to study the insider threat-perspective. Whether or not there is, generally, a paradox between organizational risk taking propensity and personal risk aversion is – to me – less relevant than the perception of organizational risk taking. However, as Antoncic notes, one can argue that ”risk taking behavior basically resides at the level of an individual even if it is finally translated into the firm’s risk taking behavior”. The fact that the paradox does not seem to be ”disturbing and harmful for organizational life and performance” might, if it stands, suggest that is doesn’t matter that much.
Negative spillover: Brain drain
Since this is the only example I have found that explicitly adresses a threat from intrapreneurship, this contribution a given item on my list of concepts and conceptual frameworks:
Law Professor Mirit Eyal-Cohen9 has explored the negative spillovers of intrapreneurial activities by “Innovation Agents“. She identified the loss of intrapreneurial talent and intellectual property either to incumbent competitors or new ventures, and the subsequent restrictive and wasteful arrangements to mitigate such risks, as potential negative spillovers of intrapreneurial firms.
This perspective is perhaps most interesting from a recruitment opportunity perspective for intelligence services. Apart from the threat of loosing resources like competence when employees leave an organization, an embittered intrapreneur could perhaps be recruited to a competing organization or state. To a host organization, managing expectations, needs and failures of intrapreneurs could be a matter of security. To a competing actor, areas of conflict around failed or threatening intrapreneurial ventures might present opportunities. Also, the fact that Bulmash & Winokur10 didn’t mention Eyal-Cohen in their article, might serve as proof that the research field of intrapreneurship is still fragmented. Bulmash & Winokur linked intrapreneurship opportunities with employers to lower employee turnover intention.
Information Security – a compromise
Information security is one feature of the U.S. Intelligence Community identified as competing with intrapreneurial endeavours. It is specifically relevant to the Intellipedia case as well.
Javorsek et al.11 recognized that ”the scientific advantage upon which U.S. military dominance relies” is threatened by the costs of compartmentalization. Javorsek et al.12 identifies four major repercussions with ”over-compartmentalization” of knowledge:
Intelligence consumers must rely on sub-optimal intelligence products for foreign policy decisions, as analysts are denied access to compartmented information.
Resources are wasted on parallel but independent development projects.
It limits the collective intellectual ability for problem solving.
It inhibits communication between the tactical and strategic level, preventing effective knowledge sharing during development and employment.
Quoting Kitrosser13, Javorsek et al. recognizes that ”security compartmentalization has both costs and associated benefits”. The candor argument brought forward by Kitrosser14 – that secrecy can further openness since ”candor may more likely emerge in a closed, confidential conversation than in a public one” – is seemingly ignored by Javorsek et al. when they conclude that compartmentalization equals ”increasing costs in research and development”15. It’s worth noting that Kitrosser’s article addresses congressional oversight of national security activities, and not intra-organzational development per se. One might assume that Javorsek et al. considers the candor-argument less applicable to technological R&D than intelligence analysis and intelligence operations, the fact that increased psychological safety affects team learning behavior16 aside. Kitrosser also concludes that ”The purpose and utility of funneling have been under-explored, and funneling’s propriety and implications thus are poorly understood.”17.
The conflict between information sharing and information security is old but accentuated by digitalization. In the case of Intellipedia, it’s been central.
Shadow innovation – intrapreneuring after dark
In defining an insider threat as someone who, through authorized access to an organization’s resources, has the potential to negatively affect that organization, its purpose and/or its stakeholders (and risk doing so), I want to highlight that a conflict about scarce resources may not only be a competition for the use of such resources, but also a conflict around the consequences of using them. The conceptual framework around ”Ambidextrous organizations” and particularly the concepts of ”efficiency creep” and ”shadow innovation” can be useful to understand the integration of information security, and information resource management/enactment.
Since the early 1990s, one popular approach to study and describe the balance between innovation and efficiency within organizations has been the notion of ”Ambidextrous organizations”: where exploration is handled with one hand and exploitation with the other. March18 concluded that ”Both exploration and exploitation are essential for organizations, but they compete for scarce resources”.
More recently, Magnusson, Koutsikouria & Päivärinta19 found in studying IT governance in the Swedish Tax Authority (Skatteverket) a ”substantial misalignment of the tactical vs. the strategic and operative layers”. Whereas the strategic intent and the actual outcome aligned fairly well, project goals set by middle management all but eradicated exploration in favour of exploitation.The authors explained this as enactment (rather than management or design) of ambidextrous IT Governance, where ”efficiency creep” in the middle layer is balanced by ”shadow innovation” in the bottom layer in the organization’s hierarchy.
This could indicate that there is indeed need for exploration intent to ”go through the ‘clay layer’ of middle managers who are usually driven so hard to achieve short-term goals in established systems that they have no time for new ideas”, as Pinchot & Soltanifar suggests20.
A related field of research is that of evasive entrepreneurship. This pertains to companies’ relations to societies.
We define evasive entrepreneurship as profit-driven business activity in the market aimed at circumventing the existing institutional framework by using innovations to exploit contradictions in that framework.
(A complementary definition, one that I joted down and now can’t find the source of, is ”it’s when a company circumvents a society’s institutional framework (by exploiting regulatory vacuum, vagueness or incompetence) in order to achieve its goals.”)
Giving a number of examples, Elert & Henrekson concludes that while evasive entrepreneurship can be either productive, unproductive or destructive, it can also challenge status quo through disruption.
As observations and findings on evasive intrapreneurship or corporate civil disobedience might, at least in some cases, translate to intrapreneurs’ relations to their organizations, this could be a rewarding field to explore for someone interested in intrapreneurial shadow innovation(i.e. unsanctioned innovation activities23). One can be tempted to use a term like ”Evasive intrapreneurship” to describe shadow innovation. That might be a tautology though. Pinchot, who coined the term intrapreneur, recognized that intrapreneurs ”routinely bootleg company resources or ‘steal’ company time to work on their own missions”24.
This conceptual framework can help understand the effects of intrapreneurship, and how a digital intrapreneurial venture can threaten existing organizational life. Digital transformation is particularly relevant in contemporary research of intelligence services as ”It is only a small exaggeration to say that software has eaten just about everything in the [U.S. intelligence community]”25.
Hinings, Gegenhuber & Greenwood26 recognizes that digital transformation – ”the combined effects of several digital innovations bringing about novel actors (and actor constellations), structures, practices, values, and beliefs” – can threaten the existing ”rules of the game” in and for organizations. However, they also question the idea of total disruption, and suggest that existing literature on institutional change rather suggests that if and how new arrangements are accepted depend on already existing institutional arrangements.
Hinings, Gegenhuber & Greenwood, in citing Bitektine27 and Suchman28 among others, recognizes that both accommodation marketplace Airbnb and crowdsourcing platform GalaxyZoo (now Zoouniverse) were accepted by existing institutions because they were developed and promoted ”using language that aligned them with […] organizations/industries that already had legitimacy”29. They propose that radical digital transformers, to be successful, seek legitimacy through and in the institutions that they challenge, often by imitating them to some extent.
To exemplify how ”the difficulties of radical change spring from what is taken-for-granted in socio-cultural terms and the ways in which the legitimacy of particular ways of organizing become tied to issues of existing logics, power and interests”, the authors mention NASA’s shift towards ”open innovation” by crowdsourcing (citing Chesbrough30, Lakhani et al.31, and last but not least Lifshitz-Assaf32). Lifshitz-Assaf concluded that ”Only R&D professionals who underwent identity refocusing work dismantled their boundaries, truly adopting the knowledge from outside and sharing their internal knowledge”, illustrating ”the critical role of professional identity work in changing knowledge-work boundaries”33.
Earlier, Selander & Jarvenpaa34 have studied the SMO of SMOs: how Social Movement Organizations (SMOs) have changed their digital action repertoires for Social Media Optimization (SMO). They studied how those changes challenged the existing organization (Amnesty International) and observed a fraction between local team members and digital supporters of the organization, and how senior management and digital media employees tried to bridge that divide.
Of course, digital transformation of organizations is – like the other concepts explored here – not exclusive to intrapreneurship, neither is intrapreneurship necessarily digital. Digital innovations has however ”opened the path for new intrapreneurial opportunities”35and can be assumed to play a part in many contemporary intrapreneurial ventures, in and outside of the intelligence services.
Employee deviance in organizations
Intrapreneurial ventures are deviations from organizational comme il faut. If successful, they help their hosts and can be deemed beneficial or constructive. If not, they might be harmful or destructive. This makes Warren’s article very interesting.
Danielle E. Warren36 defined employee deviance as “behavioral departures from norms of a reference group” and noted that it can cause “disastrous consequences for not only organizations but also entire industries and society”, as well as bring about constructive change and help evade organizational failure or societal disaster, in 2003. She stressed the need for three advancements in the field of employee deviance for better scientific debate on the subject:
Specify the reference group: Who or what is the behavior studied a deviation from? ”Ultimately, the question ‘Deviant compared to what?’ must be answered”37. The reference group is the social group associated with the formal (e.g. protocol) or informal (e.g. routines) norms from which a deviation is made. Warren hoped that better speficiation can benefit the second point on her wishlist, and also facilitate ”identification of conflicts between norms of multiple reference groups”38.
Study a broader concept of deviant behaviours: Most existing literature on employee deviance was focused on either constructive or destructive deviance. According to Warren, this dichotomy is an obstruction towards more integrated contributions to science: ”the behaviors share a fundamental similarity: both require a departure from norms whereby employees must resist social pressure to conform. Further similarities appear in the theories and recommendations prescribed by proponents of the two views of deviance. For example, autonomy plays a role in both views.”39
Be explicit about on what normative foundations behavior is judged: Is national security, personnel safety, adherence to the rule of law or something else entirely the primary concern when deviance is evaluated? Warren refutes the idea that all departures from norms are destructive, claiming that ”such logic results in moral relativism, whereby the reference group dictates morality independent of all other outside groups” (a counter argument to this might connect to Matt LeMay’s ”Change the rules, don’t brake the rules”-principle of product management40, which I’ll return to in a later post.)
Judging what departures are destructive or constructive (or simply unproductive) requires a clear and detailed position, Warren argues in her third appeal for advancements in the research field. For example: simply saying that illegal behavior is to be deemed destructive overlooks the complexity in firms that operate in many and sometimes conflicting legislations (the same can of course be said for most intelligence services). The argument that societal values should define what constitutes constructive deviance or not faces the same problem: what society’s norms and values should define this? And how are those values agreed upon in the first place?
To facilitate future judgment, Warren suggest using hypernorms, i.e. ”globally held beliefs and values”. In contrast to ”universal norms”, where a person or a group decides what the rest of the world should agree on, hypernorms could be explained as the ”least common denominators” of what all people want and need: food, freedom, and physical security for example.
In essence, these metanorms provide a global standard for evaluating behavior that extends beyond organizational and country-specific boundaries. The appeal of using hypernorms as a standard for judging workplace deviance lies in their inclusiveness and ease of empirical application.
Hypernorms capture more than one normative approach to ethical theory, as they can encompass rights, justice, utilitarianism, duties, and virtue. They can be found by studying international organizations and practices, Warren argues.
By mapping deviance and conformance with both a defined reference group (e.g. an intelligence community) and hypernorms (e.g. human rights), Warren comes up with a four field matrix consisting of constructive and destructive deviance, as well as constructive and destructive conformity:
To me, this is gold. If I was surprised that there wasn’t much research on intrapreneurs as insider threats, I am amazed to not find any research on the relation between intrapreneurship and employee deviance of any sort, let alone on the duality in destructive and constructive deviance in regards to intrapreneurship. A common perspective of insider threat is that of ”counterproductive work behaviors” (CWB) that can be directed against the organization (CWB-O) or fellow individuals in it (CWB-I)42. CWB can be defined as ”employee behavior that goes against the legitimate interests of the workplace”43and one of its dimensions is ”deviance from accepted behavioral norms”44.
Oh, and please note that destructive conformity is not the same as malicious compliance (not mentioned by Warren), as the latter describes employees carrying out orders with the knowledge and/or intent that the consequences from their compliance will cause harm to their employer. Destructive conformity might serve the organization perfectly well, but it brakes hypernormative standards (e.g. by severely polluting a river).
Sub-cultures on the tactical/operative level
Intrapreneurial ventures, and institutional resistance against them, can only be designed and managed to a degree. Other factors might apply in the enactment of organizational floor, what the military calls the tactical level and civilian business calls the operative level. One such factor can be local subcultures.
Ingesson45 argues that decisions of lower-level military commanders can have ”major political and strategic impact”, and that these decisions are shaped by ”tactical-level subcultures”. Ingesson suggests that the likelyhood of deviance or conformity can be predicted by measuring how well (or not) such subcultures align with official strategy and policy.
The theory is developed as an alternative to – or perhaps synthesis of – two conflicting views prevailant in describing military dynamics:
That the rigid and unique military organization structure limits individual freedom46,
That the military is shaped by the agency of non-conformant leaders47, ”typically described as individualists and innovators”, who are ”ready to defy conventions and break old patterns”.48
The apparent clash between the automaton of the ideal type organization and the free agent of the military leader ideal illustrates the problematic dimensions inherent in both ideal types.
Ingesson argues that both these perspectives are both problematic and suggests instead to see military leaders on the tactical level as street-level bureaucrats. Street-level bureaucracy is a concept introduced by Lipsky in 198049 where the street-level bureaucrat is defined as ”a public service worker who interacts directly with citizens in the course of his or her job” and through their ”substantial discretion in the execution” and relative autonomy from organizational authority can ”make policy”.
In this manner, political policies with clearly expected results can be altered by the implementation of the street-level bureaucrats in such a manner that the outcome can diverge significantly from the expectations of the political decision-makers
Because decision-making in war (fighting hostile, life-threatening adversaries with limited information, time to decide and other resources, but ”an infinity of petty circumstances”50 adding friction) is stressful and ”extraordinary difficult” the street-level bureaucrats lean on subcultures, Ingesson argues51:
A tactical-level subculture is, in essence, a set of cultural norms, ideas and priorities, which are shared by the members of a military unit.
An effective tactical-level subculture is coherrent (i.e. straightforward and without inherent contradictions) and agreed upon by its members. This is achieved through focal points such as a role model or tradition: ”When the members of a unit become confused as to how they should act, the focal point provides clarity”52. As one example, Ingesson details how Swedish troops in Bosnia, 1993, had a ”a strong heritage of formalized autonomy”53, citing their tactical manual: “Indecisiveness and lack of action usually has more severe implications than if a commander makes a mistake regarding how to proceed”54. This helped build a ”Trigger-Happy, Autonomous, and Disobedient” tactical-level subculture that in turn help save civilian lives in spite of complicated and complicating rules of engagement.
Although intrapreneurship is routinely described as a individual activity, cultural factors are studied (e.g. Yun55, Hashmi56, and Benitez‐Amado57), and although most intrapreneurs fortunately aren’t exposed to the atrocities and fog of war, other uncertainties58 and stressors might apply. It is also worth noting that Street-level Bureaucracy (1980) and Intrapreneuring (1985) were both written by members of the “lucky few” generation in their late thirties and early forties (Lipsky was born in 1940, and Pinchot in 1942). It would be interesting to study how the times, its progressive politics and booming economy, and the authors’ generational place in it shaped their analyses and descriptions of autonomous, almost defiant, professionals.
Disclosure: One of the original inspiration for this thesis research was Ingesson’s article about the Nordbat 2 mission to Bosnia in the early nineteen-nineties59 as I saw it as an potential example of intrapreneurship. (Perhaps because it was shared by an old intrapreneurial sponsor of mine, fond of quoting Grace Hopper. This year, I realized that it was written by one of my teachers, and quite possibly the one who will grade my thesis.
The ethics of espionage
In trying to do the right things regarding intrapreneurship, most conscientious people will run into ethical dilemmas. The examples given by Warren on Employee Deviance highlights that these questions can be particularly hairy in organizations operating in different or vague jurisdiction. Like an intelligence service for example.
Pfaff & Tiel60 tried to help intelligence professionals determine ”when it is appropriate to set aside the usual prohibitions in order to achieve national objectives”. They provided a framework inspired by Kant & Locke to find a balance between ”ethical restraint and intelligence effectiveness”.
They concluded that modern liberal republics are built on the grounds that all persons are created equal, and that acting against this principle ”would be an act of betrayal”61. They added that although this should constrain the actions of intelligence professionals, they don’t have the same obligations to citizens of other nations as they do to citizens of their own. In seeking what Warren would call hypernorms, Pfaff & Tiel agree that two salient features appear to be critical to human value: 1. Metaphysical freedom: Humans can reflect upon and decide their actions independently. 2. Rationality. Humans can recognize that they are humans among humans, and that we share our freedom for choosing with the other persons we identify as humans. From this follows the Golden Rule, similar to what Kantians refer to as Categorical Imperative and Lockeans call Natural Rights.
Pfaff & Tiell goes on to argue that in line with there hypernorms, it is ethical to respect humans accordingly ”unless they consent to be constrained by something in addition to these boundaries”, as we must respect other humans’ right to choose for themselves. This logic justifies killing a soldier in the battlefield, as that person ”accepts the training and equipment of a soldier” and not only poses a threat but is a player in the game of war62.
Recognizing that people can participate more or less willingly to different degrees in a spy game, Pfaff & Tiell then goes on to sort actors in five categories of ”legitimate targets of espionage” – from the ordinary, uninformed citizen to the informed intelligence professional – specifying what different actions can be justified taking against the different categories of ”players” in the spy game, and why.
The authors recognize the problem of collateral damage: ”intelligence operations directed against legitimate targets might have nonconsensual consequences for illegitimate targets”. Their solution proposed to this problem is the doctrine of double effect, attributed to Christopher (1994)63: that there is ”a moral difference between the consequences of our actions that we intend and those we do not intend, but still foresee”, and that it is permissible to do something good that (also) have bad consequences, given that four conditions are met:
Nastiness is not intended,
Nastiness is proportional to the good effect’s worth,
Nastiness is not a direct means to the good effect and,
Nasty effects are mitigated, even at more high-risk expenses.
The doctrine of double effect could help in assessing intrapreneurial transgressions, such as unsanctioned risk taking, midnight resource allocation, or other evasive innovation activities. It also relates to the concepts of acceptable loss and acceptable risk, all too present and pressing in today’s debate on Coronavirus.
The doctrine of double effect might also give perfectly well-intentioned people reason to – knowingly and deliberately – cause harm.
Also, I am not suggesting that official or popular judgement on intrapreneurial transgressions will ever be made solely on moral grounds (practicalities and politics apply).
Pfaff & Tiell published their article in 2004, as western intelligence professionals were involved in very controversial activities during the ”War on Terror”, after Al-Qaeda’s attack on U.S. civilian and military targets in September 11, 2001. Although the timing might put their proposal in an unfavourable light, it’s worth to consider their contribution.
Insider threats are mainly studied from two different perspectives in academia: cyber security research and intelligence research. These two perspectives intersect as both explore questions of security and information. Scholars researching intelligence, counterintelligence and national security perspectives of insiders and insider threats refer to studies in cyber security1 and vice versa 2.
The lack of a standard definition of “insider threats” and “insiders” has been a problem in research, Mundie, Perl & Huth 3 noted when they explored 42 different definitions of the terms. Their own definition of the term ”insider threat” reads as follows:
Current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization’s information or information systems.
This definition equates “insider threat” with “insider”, as harm is already done. In contrast, others describe a threat as “a set of circumstances that has the potential to cause loss or harm” 4. People that have already caused harm, i.e. threats that have performed (at least some of) their harmful potential, are referred to simply as “insiders”5 and their actions as “insider acts”. Deliberate actions with the intent to cause harm are described as ”insider attacks”6, and their perpetrators ”malicious insiders”, whilst human threats without intent to cause harm are defined as benign or non-malicious7. With this definition of the term, Pfleeger, Lawrence Pfleeger & Margulies identify benign insiders as the most common harmful insider in computer security: “The vast majority of harm from insiders is not malicious; it is honest people making honest mistakes”8. A similar term is “unintentional insider threat (UIT)”, describing those “whose actions unintentionally expose the organizations to risk”9.
In academic literature, intrapreneurship is recognized as initiatives driven by employees, whether as responses to “requests and challenges from a firm’s leadership” or as spontaneous bottom-up initiatives1.
In both cases, intrapreneurial enterprises are approved by upper management as they align with the organization’s strategy. Intrapreneurs “use their entrepreneurial spirit for the benefit of their employer”2.
However, intrapreneurial initiatives are also recognized for “working to circumvent or even sabotage the formal systems that supposedly manage innovation” and “routinely bootleg company resources or ‘steal’ company time to work on their own missions”3.
This seemingly paradoxical duality can be explained as a way of upper management to circumvent or “go through the ‘clay layer’ of middle managers who are usually driven so hard to achieve short-term goals in established systems that they have no time for new ideas”4, by explicitly or implicitly sponsoring intrapreneurs and their actions.
To Pinchot, from a corporate management perspective, “Intrapreneuring is a more timely and effective way of conceptualizing the control task, not an abdication of control” since,
As one intrapreneur put it after a ‘midnight requisition’ of a major piece of capital equipment needed by his team, ‘Nothing is as out of control as a large control system.’
Also, in his opening “Memo to the CEO” Pinchot states that “There is a revolution about to happen in your corporation. Let it start with you.”5.
Can intrapreneurs be insider-threats?
So, how can you tell if an intrapreneur aligns with the organization’s strategy? How do you know if she, he or they indeed “use their entrepreneurial spirit for the benefit of their employer”? How can you make sure that they are not in fact insider threats?
If Pinchot’s two prerequisites are to be combined – if an intrapreneur must be someone who “align with the organization’s strategy” AND someone who act “for the benefit their employer” – then their organization must not only have a strategy that is understood and agreed upon, it must also be the most beneficial one.
An extreme, litteral interpretation of the two prerequisites would probably be that intrapreneurs cannot exist in anything but highly rational and successful organizations: Only a rational organization would have a perfectly communicated, unanimously agreed upon and beneficial strategy. And if there is such an organization, it would probably also be highly successful. Would such an organization really need intrapreneurs breaking protocol and circumventing established systems?
The Essence of Decision
One way to analyze an organization’s and its decisions is by viewing it and its actions through different lenses. In “Essence of Decision”, Allison6 challenged the perception of states as “rational actors” whose actions are products of careful consideration of all available options. Noting that any and every action could be explained by an imagined account a careful consideration, Allison suggested two additional ways to explain or understand international behaviour: “Organizational Behavior” and “Governmental Politics”:
“Organizational behaviour” proposes that states’ behaviour is to a large extent the creation of habit when faced with new challenges. In short, they tend to rely on established repertoires and patterns, “settle on the first alternative that is good enough”7, and opt to limit short term (rather than long term) uncertainty.
Organizations, like house thermostats, rely on relatively promt corrective action to eliminate deviations between actual and desired temperatures, rather than accurate prediction of next month’s temperature.
Also, each participant sharing central power “sits in a seat that confers seperate responsibilities” and they are bound to judge an executive’s preferences “in the light of their own responsibilities” rather than that of their superior’s8. Moreover, even if a leader is more or less supreme, the leader must still persuade other participants (i.e. key stakeholders) to accept and enact supreme decisions as intended. The alternative is that the leader’s politics is misperceived, misinterpreted, misexecuted or even ignored.
Agreement on what must be done about ‘the issue’ does not suffice to guarantee action.
Does “Intrapreneuring” only see one side of organizations?
In reading Pinchot’s Intrapreneuring9, it’s clear that he does not see organizations as 100% rational actors. He recognizes elements of both creations of habit (e.g. “the clay layer” described above10) and turf wars (e.g. recognizing the Not Invented Here-syndrome11 and turf politics12).
To Pinchot, it seems, intrapreneurs and sponsoring them are antidotes to problems of too much organizational habits and politics.
Unfortunately, such a perspective does not quite resolve the question of when intrapreneuring is justified, and when it’s not.
”Intrapreneurship as a sub-field of entrepreneurship has increased in importance.”1
”Intrapreneurship […] has become crucial for organizationsto survive and maintain their competitive advantage”2
”Intrapreneurship declared must-have skill for 2020”3
There seems to be quite a lot of interest for intrapreneurship these days, right? But is it really popular, or only very interesting to a small group of believers?
Google Ngram Viewer
One way to measure the popularity of intrapreneurship as a concept over time is to look att how often it is mentioned in literature.
N-grams are any (n) number of words put together in a particular sequence4. ”Intrapreneurship” is a 1-gram, ”Corporate innovation” a 2-gram, ”public sector innovation” a 3-gram etcetera.
What Google Ngram Viewer does is chart n-gram frequencies in a large corpus of books and scientific literature (about eight million books, or six percent, of all books ever published5. The charts are generated by dividing the number of an n-gram’s yearly appearances by the total number of n-grams in the corpus in that year.
Short explanation of other n-grams charted above: • Corporate innovation: Another term for (corporate) intrapreneurship • Corporate ventures: Another term for (corporate) intrapreneurship • Public sector innovation: Another term for (public) intrapreneurship
Trends for some of the corresponding terms in French, German and (simplified) Chinese are different but also indicating a rise in quantitative popularity. One main difference is that the n-grams catches on later in these languages. Moreover, similiar terms and words in English can be used to compare trends in their quantitative popularity (e.g. six sigma’s decline).
The term ”organizational innovation” is both older and more often mentioned in literature than intrapreneurship, but less precise. It also (and perhaps primarily) addresses change introduced from outside the organizations7. By comparison, ”corporate innovation” is more focused on internal processes.
One big problem with Google Ngram Viewer is that does not show how many people that have actually paid any interest in the work published.
What about the actual interest then? Can we check for trends there? Well, there’s always Google Trends for that.
Google Trends shows ”largely unfiltered sample”8 of search requests made to Google. In the words of Trends’ FAQ: ”those relying on Google Trends data should understand that it’s not a perfect mirror of search activity.” Possible reasons for Google to obscure data are:
to protect personal information,
to mitigate unwanted manipulations of search results9 and
to protect other business interests.
Google explain their decision to make only samples of search requests available to searches in Trends with performance optimization: ”Providing access to the entire data set would be too large to process quickly.”
When plotting changes in search frequency and differences between different search queries, Google normalizes the data:
• Each data point is divided by the total searches of the […] time range it represents to compare relative popularity.
• The resulting numbers are then scaled on a range of 0 to 100 based on a topic’s proportion to all searches on all topics.
Some search terms are also grouped in ”Topics” by Google. The topic ”Intrapreneurship” shows a somewhat more decisive uptick than queries like the pictured above, where ”search terms” and not ”topics” are used.
Another way to get a sense of how popular interest has changed over time is to see how often a Wikipedia article has been viewed over time, with the help of Wikishark for example. Here, the result is interesting. There seems to have been a sudden increase in interest for the page ”intrapreneurship” in 2015, only to then decline gradually.
This does not, as far as I can see, quite correlate with an increased interest in editing the term:
So, has the term intrapreneur really gained momentum in later years?