DESIGN FLAWS: METHODS OF ATTACKING CRITICAL INFRASTRUCTURE
Complex infrastructure often exhibits extreme levels of vulnerability to non-planned events. The reason for this is may be found in an area of complexity research called highly optimized tolerance (HOT). HOT research has found that complex networks, like most global infrastructure, exhibit behaviors explained by the design considerations of its makers. The end-result of this planning is a network that is extremely robust against certain types of anticipated failures/insults but conversely is hypersensitive to unanticipated classes of uncertainty. NOTE: this isn't as obvious as it seems. Complex systems, like the Internet, operate well beyond the influence of any central management group and the thinking of the original designers. This research shows that the core design and operational decisions made by these groups does have a major impact on the ability of the system to respond to damage.
Design Flaws
The crux of this analysis is that global guerrillas can exploit the assumptions of designers to create major distruptions in complex networks. Further, once this is done, the network will likely work for the attacker by causing damage to itself (from outage responses gone awry to increased costs of operation). NOTE: This is very much the approach Lawrence of Arabia used in his Arab revolt. He attacked the Turk's train system which the designer's/users assumed to be safe because it was well to the rear of the front lines and it traversed remote areas.
NOTE: This next section is an area that I am spooling up on. I do think it is possible to exploit system designer/operator assumptions. These assumptions create systemic flaws and not just spot opportunities. When I get it right, this will be a very useful section.
Global Guerrilla Operations Manual>Infrastructure Attack>Planning
(NOTE: this is a red-hat/oppositional approach to diving into a topic, don't be alarmed). When planning an attack on infrastructure (oil, electricity, gas, etc.), it is important to consider what the designers of the network had in mind. An examination of assumptions can lead to methods of exploitation. Let's walk through the exercise.
General considerations. All large-scale infrastructure network designers follow the same general process:
- The economic performance of the network needs to be optimized (efficiency often trumps safety).
- They don't have sufficient resources to defend against all potential threats (limited means).
- Security is focus on the most recent, highest profile, and common threats (all of which have some historical basis) NOTE: I know that good network designers would say they make no assumptions as to what future threats would be and they are constantly updating systems in response to new threats and ongoing assessments. However, that isn't the case in the vast majority of deployed systems, particularly large infrastructure networks.
Here are some general assumptions planners use in network design. They will not apply to all systems. These questions are better used as a way to start a thinking process on the topic (NOTE: I am working on these. This list is in the process of revision.).
Make your own list of design assumptions that can be exploited within the system you are focusing on. Rank the potential attacks unearthed through this process according to operational factors.
Sources: Carlson, Doyle (1999) "Highly-optimized tolerance: A mechanism for powerlaws in designed systems."
Hitting critical infrastructure in Saudi Arabia is much easier than you suspect. All water supplies for the city of Riyadh, for instance--and with the exception of a limited number of deep wells--is brought in from the Eastern Province through three, above-grade pipes. While there's certainly "protection" on these, as on oil pipelines, the 300-mile distance mitigates against complete coverage.
Target choice seems to be the main variable on the part of the terrorists. What are the residual costs of any particular attack?
Posted by: John | Monday, 06 December 2004 at 05:35 PM
John,
Exactly. Here's my early take on a Saudi scenario. I've improved it substantially since then.
http://globalguerrillas.typepad.com/globalguerrillas/2004/06/the_disruption_.html
Posted by: John Robb | Monday, 06 December 2004 at 06:05 PM
For people doing this for the first time the whole thing could be overwhelming. You only have so many security forces and so many targets to protect. I provide a link to an article in Police magazine which may be of assistance.
(Quote from Article)
"In 1952, the U.S. Army Special Forces developed a matrix for evaluating the threat against various industrial systems. When the “Green Berets” had to help protect foreign interests, they used this matrix. When they had to destroy those same types of systems, the matrix helped identify the weakest places to hit.
The Special Forces target matrix goes by the acronym CARVER, which stands for criticality, accessibility, recuperability, vulnerability, effect on populace, and recognizability."
http://tinyurl.com/34bakz
Posted by: felixdzerzhinsky | Saturday, 26 May 2007 at 04:01 AM