A series of terrorist attacks in late 2014 and early 2015 prompted the head of the UK's Security Service to comment on the need to improve the information flows available to the service in order to deal with the emerging task demands that it faces. The comments highlighted the tensions that have been created in the post-Snowden revelations around domestic surveillance and intelligence gathering and these concerns span both public and private sector organisations. The intervention by the head of MI5 raises a series of questions about the design of security organisations and their function, and does so within a wider systems context, where changes in the environment require corresponding changes in the core processes and functions of the organisation. This is a central domain of security ergonomics and the manner in which an organisation can frame its response to an ever more complex threat matrix is the main purpose of this article. The question becomes one of how one might 'design' such a high performing organisation and especially one that can satisfy the zero-failure mandate that is often required of the security function. The argument presented here is that those organisations that see security as a 'bolt-on' function to existing organisational activities will invariably fail to capture the wider strategic dynamics of threat-response interactions and, more significantly, the role that other organisational activities can play in shaping that process. This article approaches the question from the perspective of two related bodies of research -Soft Systems Methodology and Ergonomics/Human Factors. Security Journal (2016Journal ( ) 29, 5-22. doi:10.1057Journal ( /sj.2015 Keywords: security ergonomics; soft systems methodology; organisational design; human factors; socio-technical systems The online version of this article is available Open Access
IntroductionMy sharpest concern as Director General of MI5 is the growing gap between the increasingly challenging threat and the decreasing availability of capabilities to address it (Parker, 2015) The quote from Parker, the Director General of MI5, highlights the core challenge facing the provision of a security function in modern organisations (and especially state-based security institutions), namely to ensure that the capabilities of the organisation match the everchanging task demands that are imposed upon it. These threats currently include: the shift to mass casualty suicide terrorism (especially where no warnings are given of the attack) (Bowen, 2004;Fischbacher-Smith et al, 2010); the increasing threats from cyberattacks carried © 2016 Macmillan Publishers Ltd. 0955-1662 www.palgrave-journals.com/sj/ out by organised criminal gangs and state-actors (Choo and Smith, 2008;Farwell and Rohozinski, 2011;Collins and McCombie, 2012); the increased use of social media to recruit and train hostile actors; and the threats posed to those critical infrastructures upon which modern societies depend (Boin and Smith, 2006). These threats have all increased the task c...