ATTACKING AND DEFENDING NETWORKS
Since the turn of the century, open source warfare (OSW) has become the norm in conflicts from Iraq to Thailand to Nigeria to Pakistan to Russia and to Mexico. Traditional guerrilla and organized crime hierarchies and their associated patterns of activity have melted away in favor of loose collaborative communities that exhibit levels of resilience, efficiency, flexibility, and innovativeness far higher than our traditional foes. This transition has been due to rapid growth in connectivity (globalization and the Internet), organizational adaptation to external threats (primarily decapitation attacks), and a change in approach (an evolution in warfare described at length on this weblog). Additionally, these organizations are increasing mounting attacks on and through our networks (infrastructure, economic, and social). We're past the tipping point.
As a result of this shift, we need to think about security in terms of network dynamics. One of the few papers on this topic comes from Shishir Nagaraja and Ross Anderson (University of Cambridge) entitled "The Topology of Covert Conflict." In this paper, the authors apply game theory and various offensive (decapitation of highly connected or central nodes) and defensive (rapid replenishment, cliques, and delegation) strategies to determine potential outcomes. They found that decentralization (specifically cliques and delegation, see paper for descriptions of what these terms mean) provides a good means of defense against all types of decapitation attacks (against critical leadership targets or important infrastructure nodes).
This is exactly what we have seen. Real-world guerrillas have decentralized through open source techniques. However, our experience shows us that these networks have some additional defensive characteristics that make them even more resilient than suggested by Anderson and Nagaraja. I would add the following defensive dynamics to real world guerrilla networks:- Micro-markets as a means of automating the discovery process and implementation of delegation. These markets make delegation fast and efficient. See "The IED Marketplace in Iraq" for more.
- Broadcast stigmergy (if you don't know what this word means, read this). Methods of mass communication such as media coverage, viral videos/audio from symbolic leaders, and terrorist discussion forums supply a means for rapidly spreading ideas through the entire network. The broadcast links are only loosely coupled to individual nodes and therefore extremely robust. Further, the decentralized autonomy of open source warfare makes these broadcasts into a form of stigmergic communication (which may lead to emergent intelligence). This mechanism allows disconnected groups to reconnect to the open source warfare playbook.
- Rapid healing through lateral lines of interconnection. Connections between autonomous groups in an open source framework are rapidly manufactured through multiple social networks (mosque, tribe, extended family, gang, and economic) and modern infrastructure (communications, roads, etc.) that speed up interconnection. Therefore, an open source network can heal much faster than a traditional covert networks. This implied rate of healing is much faster than any mechanism (that I know of) that can identify and decapitate critical nodes (both by degree and centrality).
Yes, there will be lilypond-hopping NetJetsetters going from secure enclave to secure enclave but security is going to bubble up as well through such models as Howard Rheingold's smartmobs (http://www.smartmobs.com) and David Stephenson's (www.stephensonstrategies.com) cell phone security information systems.
Treehuggers, survivalists international development experts, and imaginative disaster victims will provide a diy renewable tech that is applicable from the refugee camp to the camper, from the starving African to Bill Gates or Warren Buffet. The one laptop per child project will put millions of handcranked battery powered devices out in the world. With battery switching and solar the seeds are already planted for a baseline low voltage electric infrastructure that could provide at least minimal service in case of emergency.
My bedroom radio is powered by sunlight and handcrank. My bedroom reading light is solar powered. On my backpack are two solar lights. My bike can easily charge another set of batteries while I ride. If I had a car, I'd add an extra battery to it for back up power just in case.
The poet Lew Welch is quoted as saying, "We remain alert so as not to get run down, but it turns out you only have to hop a few feet to one side and the whole huge machinery rolls by, not seeing you at all."
I certainly hope so.
Posted by: gmoke | Friday, 07 April 2006 at 11:36 PM
Please enable full feeds - that makes it much easier to read your important and interesting work, thanks!
Posted by: Roland Dobbins | Saturday, 08 April 2006 at 03:21 PM
John, I'm confused...you say:
"In regards to the developed world's critical networks, they remain highly vulnerable **scale-free** systems. As a result, this paper also suggests that infrastructure disruption increases, we will see a need for radical decentralization to enhance the survivability of our infrastructure, society, and economy."
Emphasis mine.
How are existing critical networks (I'm assuming you mean things like the U.S.'s 911 system, PTA phone-trees, etc..) considered "scale-free?" I don't understand the phrasing given the context of your article here.
Posted by: Jeremiah | Saturday, 08 April 2006 at 04:50 PM
Jeremiah, there are lots of physical systems (as opposed to social systems) that are scale free. For example, our electrical system is scale free.
Posted by: John Robb | Saturday, 08 April 2006 at 04:56 PM
Don't focus on the fish, focus on the water.
Posted by: Vet | Sunday, 09 April 2006 at 06:15 AM
Let me see if I get this capitation attack idea.
In the Lord of the Rings, when Frodo ( with Gollum's help ) destroyed the One Ring, he was performing a capitation attack by destroying the very source of Sauron's power.
Right?
And Sauron, by giving the nine rings to the Nazgul, had been performing delegation?
Posted by: Duncan Kinder | Sunday, 09 April 2006 at 02:46 PM
That metaphore isn't really relavent; Tolkien hated allegory. It's more like the mythical Hyra fighting Heracles.
Posted by: Sean | Sunday, 23 April 2006 at 11:33 PM