THE BAZAAR'S OPEN SOURCE PLATFORM
Earlier analysis (see the "The Optimal Size of a Terrorist Network" for more) indicates that the disruption of al Qaeda network mega-hub in Afghanistan has put strict limits on the size of the surviving virtual network elements. This size limitation may represent a barrier to attacks on the US, but is likely well within the capabilities of what is necessary for limited regional attacks. However, new innovations in group dynamics and the emergence of new unaffiliated guerrilla networks in Iraq may provide a method for regaining strategic capability.
The Bazaar
The decentralized, and seemingly chaotic guerrilla war in Iraq demonstrates a pattern that will likely serve as a model for next generation terrorists. This pattern shows a level of learning, activity, and success similar to what we see in the open source software community. I call this pattern the bazaar. The bazaar solves the problem: how do small, potentially antagonistic networks combine to conduct war? Lessons from Eric Raymond's "The Cathedral and the Bazaar" provides a starting point for further analysis. Here are the factors that apply (from the perspective of the guerrillas):
- Release early and often. Try new forms of attacks against different types of targets early and often. Don’t wait for a perfect plan.
- Given a large enough pool of co-developers, any difficult problem will be seen as obvious by someone, and solved. Eventually some participant of the bazaar will find a way to disrupt a particularly difficult target. All you need to do is copy the process they used.
- Your co-developers (beta-testers) are your most valuable resource. The other guerrilla networks in the bazaar are your most valuable allies. They will innovate on your plans, swarm on weaknesses you identify, and protect you by creating system noise.
- Recognize good ideas from your co-developers. Simple attacks that have immediate and far-reaching impact should be adopted.
- Perfection is achieved when there is nothing left to take away (simplicity). The easier the attack is, the more easily it will be adopted. Complexity prevents swarming that both amplifies and protects.
- Tools are often used in unexpected ways. An attack method can often find reuse in unexpected ways.
Scaling the Bazaar
The bazaar dynamic -- replete with stigmergic learning and entrepreneurial ventures -- is vibrant enough to keep Iraq in a state of chaos. The statistics speak for themselves. However, can the bazaar be exported to regional nations or strategic targets? Can it serve as a post Afghanistan (post al Qaeda) model for global guerrilla warfare? Yes. Here's why:
- Leveraged attacks. As we see in Iraq, if appropriately planned, small attacks can have amazing impact. The reason behind this are the system dynamics that amplify results. ROIs (returns on investment) in excess of one million fold have been measured in Iraq. This means that smaller groups can have tremendous impact at the strategic level if they adopt the Iraqi method.
- Swarms vs. single group activity. The bazaar offers the potential of many smaller attacks that can in aggregate have an impact equal to several large attacks. Many hands make light work. Combined with system leverage, this could reduce a nation to economic chaos in short order.
- Rapid innovation. The bazaar's demonstrated ability to provide rapid innovatation makes defense much extremely difficult. Rather than a single 9/11 style attack, we may see small attacks (less planning and training, fewer people, less support) against a plethora of targets. With a sufficient number of guerrilla networks unearthing vulnerabilities (particularly ones with system's leverage), security forces will likey be outmatched.
John - There must also be parallels to draw from the world of network/systems security. Specifically, Intrusion Detection and Prevention strategies for viri, worms and spyware. Concepts like scanners, "signatures"... It strikes me that at some point someone will be offended that your work is an instruction manual for a guerilla organization when it's clear they're already way ahead of you and you're playing catch up. I had a copy of "Hacking Exposed" in my office and it offended some co-workers, yet, I'm responsible for keeping the portals secure. I need to know where I'm vulnerable before I discover that systems have been breached (again). -McD
Posted by: mcdtracy | Friday, 24 September 2004 at 05:21 PM
Thanks. There are lots of ideas that can be drawn from the computer security world -- they are working on ways to defend against a decentralized threat too. It is also important not to conflate the global guerrilla threat with computer hackers -- they aren't the same people (unfortunately, digital Pearl Harbor scenarios dominate our Homeland Security effort).
Knowing the enemy is an important first step to building an effective defense. My site is focused on understanding how the enemy is fighting this war. If we continue to think that this is merely random terrorism, we will lose. Thanks again.
Posted by: John Robb | Saturday, 25 September 2004 at 08:47 AM
". If we continue to think that this is merely random terrorism, we will lose. "
This is a topic you've perhaps already addressed but here goes: What is losing here? What is winning? Is there anyway to get some sort of large scale progress report, even if it's not perfect? What would the criteria be ( aside from the obvious "a nuke has blown up DC" )?
Posted by: WeSaferThemHealthier | Saturday, 25 September 2004 at 03:43 PM
Bush has a very noble idea - spreading freedom. However, I don't think it's pratical. That being said, I stand behind the President.
Posted by: Jennifer | Sunday, 09 January 2005 at 11:27 PM
I just came across this blog. Very insightful.
I wrote a piece that is similar to this one, called The Delphi Age.
http://betweenhopeandfear.blogspot.com/2004/09/delphi-age_17.html
Posted by: Marcus Cicero | Monday, 08 August 2005 at 01:58 PM
If you can't beat em, join em
http://www.strategypage.com/htmw/htlead/articles/20060521.aspx
Posted by: kevin | Tuesday, 23 May 2006 at 02:34 AM
Interesting analogy, but I'm afraid I do not find it quite apt...for one key reason...most guerrilas use destructive disruption as their major tool, and all their strategies centre around this concept...the open source community is disruptive as well, but in a constructive way...this small terminological different - destructive vs constructive - results in a significant practical difference...hence many of the aspects you have mentioned as aspects of guerrila warfare just don't appear to fit for the open source community...
I could be wrong ( and I usually am), but I thought I'd let you know my thots
F/LOSS Database @ http://www.eit.in/sw/free_software/free_software.html
Posted by: F/LOSS | Tuesday, 20 June 2006 at 05:19 AM
John, this is brilliant.
Posted by: Chris Abraham | Saturday, 29 July 2006 at 12:50 PM
http://www.chrisabraham.com/2006/07/open_source_dev.php
Posted by: Chris Abraham | Saturday, 29 July 2006 at 12:57 PM
Excellent article and comments.
http://www.1-satellite-tv-facts.com
Posted by: docsharp01 | Wednesday, 26 March 2008 at 10:45 PM