PRIVATOPIA

Here's a brief on a fully privatized US "government" that I wrote over the holidays (download USA Inc.pdf). The draft is a little rough and needs some more work to fully incorporate the impact of additional trends. Once that is done and rich detail is added, it would be a wonderful magazine article.

The goal of this brief is to get people thinking about the future in a way that helps them make decisions today.

JOURNAL: System Disruption in Pakistan

The assassination of Bhutto (a critical social systempunkt that rose in importance due to the evaporation of the Pakistani government's legitimacy) has plunge the country into chaos. Ethnic tensions are on the rise and critical infrastructure has been been sabotaged. The train system has been particularly hard hit -- trains burned, track destroyed, bridges burned -- such that major sections of it will be closed for a month (once repairs begin). 200 bank branches were looted and factories were torched. There are widespread shortages of gasoline, water, and food mostly due to a nationwide shutdown (a combo of strikes, fear, and a three days of mourning). Road transportation is very dangerous due to local rioters (mostly in Karachi). Paramilitary Sindh Rangers have been given "shoot to kill" orders against protesters in Karachi.

JOURNAL: Random Links

Biowar for Dummies. A Paul Boutin classic.

Micro Nuclear Power Plants (via Toshiba). Decentralized resilience?

Update on Pelindaba attack in the Washington Post (more from Dan Yurman).

I'm speaking at the CTTSO threat day on January 10th in DC. Topic: "Open Source Counter-Insurgency."

Dennis Fisher has an excellent article on the rapid evolution of decentralized P2P platforms for cybercrime (which may explain where the RBN went in November).

Valdis Krebs on the value of physical location in social networks. More on how this may play a role within Cleveland's economy.

PCTools warning about flirting bots for cybercrime. This will grow -- particularly in regards to spoofing organizational e-mails for targeted assaults -- as in mimic style, send message.

I read a preview copy of John Arquilla's (of Netwar fame) new book ("Our Own Worst Enemy") on military reform. Worth a read when it comes out.

Currently reading: "A War on Two Fronts" by Col. Christopher (101st) Hughes. Combo Iraq battle memoir and Pentagon bureaucratic insurgency.

American indian group (Lakota Sioux) push for independence from the US via lawfare.

If you have any more links re: GG topics, please add them to the comments below.

BACK TO THE FUTURE IN IRAQ

Below is some thinking on why we are back to 2006 in Iraq (and why it's not necessarily a good thing).

The rate of attacks in Iraq (for all types) has stabilized at the levels of 2004/2005, which were prior to the bombing of Askariya. During this earlier period, Iraq's open source insurgency was highly decentralized. A good way to quantify this is through the analysis of Oxford's Neil Johnson, who plotted the number of attacks against casualties per attack. He found that the equilibrium point for Iraq's conflict (as well as the long running war in Colombia) was a power law with a coefficient of 2.5 . A conflict with a coefficient of 2.5 looks more like intensive terrorism than conventional warfare. It is also likely, given Colombia's experience, a level sustainable over decades of conflict. See my brief "War's New Equilibrium" and Johnson's paper "From Old Wars to New Wars and Global Terrorism" for more on this.

The best explanation for the spike in violence between February 2006 and June 2007 is that the Askariya bombings initiated a process that was leading the conflict towards total war. Total war (Ludendorf) is a form of non-trinitarian conflict that ignores moral, political, cultural, etc rules in favor of complete mobilization to achieve total victory (global thermonuclear warfare is the ultimate example of total war). In Iraq, total war means religious cleansing via militias. Up until February 2006, Iraq was a limited conflict where US and Iraqi forces under strict modern rules of engagement, kept a lid on the scale of conflict (although they were unable to win). The Askariya bombing changed that dynamic. It so completely sundered the domestic social system in Iraq that the conflict lurched towards total war.

By early 2007, Sunni forces were suffering defeat after defeat as large Shiite militias violently cleansed towns and neighborhoods across Iraq (if measured in terms of Johnson's coefficient, we would have seen a move towards 1.8, the coefficient of conventional warfare). This put the open source insurgency in a crisis. Sunni insurgents weren't able to form the large local militias needed to defend themselves as long as they were in conflict with the US (these formations would be easy targets). The US military saw this opportunity and enabled the Sunnis for form local militias under the protection of the US (putting 60,000 on a US/Saudi payroll) as long as they sacrificed jihadi groups associated with al Qaeda. The US also began to target Shiite militias. The result was that the onrush to total war in Iraq was averted as the Sunnis began to develop conventional forces. The return to limited war also means that the open source insurgency can now thrive again.

An important rule of systems disruption that was ignored

With Askariya, the open source insurgency's attackers ignored Lawrence of Arabia's advice on the use systems disruption. Lawrence correctly argued that limited disruption (partial disruption) allowed the attacker to control the direction or flow of a system. Complete disruption forces fundamental changes to the system that will likely result in negative consequences for the attackers. Open source insurgents that ignore this will pay the price (as al Qaeda is today). This is from my June 2005 brief, "Partial vs. Complete Disruption":

Complete collapse would create total war (via a bloody civil war). A complete urban/country takedown would prompt the state to launch a total war. This is a type of warfare that global guerrillas are not prepared or able to fight (in contrast, states are well suited to this). By keeping the level of damage below what would be considered fatal to the state, total war is avoided.

JOURNAL: DNA Hacking

"We're heading into an era where people will be writing DNA programs like the early days of computer programming..." Drew Endy, MIT.

"I see a cell as a chassis and power supply for the artificial systems we are putting together..." Tom Knight, MIT.

Great introductory article on synthetic biology (synbio) by Rick Weiss in the Washington Post:

At the core of synthetic biology's new ascendance are high-speed DNA synthesizers that can produce very long strands of genetic material from basic chemical building blocks: sugars, nitrogen-based compounds and phosphates. Today a scientist can write a long genetic program on a computer just as a maestro might compose a musical score, then use a synthesizer to convert that digital code into actual DNA. Experiments with "natural" DNA indicate that when a faux chromosome gets plopped into a cell, it will be able to direct the destruction of the cell's old DNA and become its new "brain" -- telling the cell to start making a valuable chemical, for example, or a medicine or a toxin, or a bio-based gasoline substitute.

A nod towards platform development (smart):

If biology is to morph into an engineering discipline, it is going to need similarly standardized parts, Knight said. So he and colleagues have started a collection of hundreds of interchangeable genetic components they call BioBricks, which students and others are already popping into cells like Lego pieces.

Essentially, the tinkering networks we see in the software industry will be mirrored in synbio. Further, the skill sets associated with synthetic biology will be as widely dispersed as software programming is today and the tools will be just as inexpensive/ubiquitous. The implications of this for open source warfare are world altering.

JOURNAL: The Google of Online Crime?

The most interesting aspect of the Russian Business Network (RBN) is that it has used the concept of platforms to create a large and rapidly growing criminal ecosystem (estimated at 60% of online crime). Here's what I mean: a difficult and shared problem for all online criminal activity is finding and maintaining a presence online (a server host from which to operate). The inability to maintain a (semi) stable presence online stunts the growth of the activity.

The RBN solves this problem by selling what it calls "bulletproof" hosting. This includes all the standard features of hosting but also front/shell companies, spoofing, counter-attacks (against investigators), corruption (pay offs to the right officials or potentially connections to nation-state intel agencies), geography shifting (even a move of hosts to China), and much more. All of this is bundled into a neat package sold at a graduated rate (you pay more if based on the level of negative feedback). The result is:

• Customers are empowered to focus on innovative new methodologies of attack rather than hosting shutdowns and worries about arrest. Specialization and segmentation occurs within the network, which allows a deeper exploration of avenues of improvement. The safety - productivity - challenge of this environment allows the RBN and its ecosystem partners to attract (with Wall Street level salaries) the top graduates of major universities.
• Internal markets and sharing networks develop that allow different efforts to sell spare capacity and share successful methodologies/tools. The RBN has even expanded its operations into a couple of killer apps that are widely desired.
• Stability (a reduction of uncertainty) in operations enables rapid market growth. Investment flows faster due to an increased ability to forecast future returns.

THE US DoD AND CYBERWARFARE?

In 2008, the US military will start to fund a new Air Force "Cyberspace" Command (which will essentially attempt to create an ability for the US to wage warfare within civilian information infrastructures). As is typical with most post-conventional military efforts, the new command will sport:

• A huge budget (in tens of billions of dollars) and a massive uniformed/private bureaucracy (tens of thousands of "cyberwarriors"). Standard DoD scaling rules apply -- as in a gaggle of personnel drawn from multiple organizations and companies with a patina of training in "cyberwarfare."
• Extreme confusion over its mission -- it will attempt to cover not only information systems, but the entire electromagnetic spectrum.
• Extensive rules of engagement (ROEs). The new Command will require a complex legal and regulatory framework within which to operate.

Success On The Playing Field

This new Command's ability to wage cyberwarfare will be judged based on its success in three areas:

• Real-world experience and rapid (open source) innovation. Most, if not all, of this experience and innovation in cyberwarfare is gained through criminal activity. Innovation is a product of rapid cycles of competition with software vendors and computer security companies.
• Massive self-replication. Think in term of small teams (the smarter, the better) designing software that seizes control of tens of millions of computer systems through various forms of infection.
• Deniability. Nearly all of the successful operations conducted in offensive cyberwarfare will require deniability. Post-attack forensics must not point back to a government since these wars/battles will be fought in peacetime.

What This Means

Given these requirements, this new Command will likely fail (and badly). To provide contrast, the Russian Business Network (the RBN is a computer criminal syndicate responsible for an estimated 60% of online criminal activity), gets top marks in all of these areas. Here's a round up of what this means:

• Nation-states that protect or maintain close ties to computer criminal networks will gain advantages in emerging cyberwarfare capability. Early example: Russia's use of the RBN against Estonia and China's use of vigilante hackers for control of domestic dissent and computer espionage.
• US institutional cyberwarfare will create public embarrassments as it attempts to operate in this environment. This will generate friction with allied nation-states and run afoul of domestic privacy advocates. As a result, ROEs will tighten mightily (debilitating).
• The Command will become almost exclusively defensive over time. It won't be able to innovate at rates even remotely comparable to the competition. As a result, its activity will likely devolve to the "active" defense of government systems (most corporations will stay with private security companies for support). Additionally, its scale will be only a small fraction of the competition's hundreds of thousands of contributors and its tens of millions of infected computers (it will be out-mobilized).

NOTE: Cyberwarfare, although nascent today, will become a major form of warfare in the next decade as computing power increases by 100 fold and computer automation creeps into every nook and cranny of the global economy. NOTE2: Much of this analysis/synthesis will also apply to the emergence of open source biowarfare in the next decade.

JOURNAL: Neofeudalization

Neofeudalization: A process whereby entire cities or neighborhoods within complex cities, become tightly controlled walled enclaves disconnected from the wider polity.

While neofeudalization reduces violence, it is at the expense of:

• Economic activity. Commuting is nearly impossible. Retail dries up.
• Movement. Travel speed is reduced by six fold (based on examples). Few cars are allowed (due to the danger of VBIEDs).
• Privacy. All residents are monitored and biometrically detailed.

See for more: Sam Dagher writing for the Christian Science Monitor: "Baghdad Safer, But It's A Life Behind Walls"

JOURNAL: Oil disruption effectiveness in Iraq

Iraqi oil ministry figures indicate that during 2006 (based on the data, 2007 will be nearly identical), there were 159 attacks on its people and facilities. The result was a sustained loss of production calculated to be 400,000 barrels a day. At an average price of ~$80 a barrel, that's over $11 billion in lost production during 2006 -- or an average value per attack of ~$73 million. That's a Return on Investment per attack of ~3.6 million percent (assuming a generous $2,000 per attack average).

The effectiveness of these attacks is even greater than the above if you include:

• Systemic effects. Many of these attacks had knock on effects on Iraq's refined fuels. This has forced Iraq to spend its limited funds to import over $200 million a month in gasoline and other products. It has also had an impact on electricity production.
• Future effects. Investment in Iraq's oil fields has stalled. Oil firms are unwilling to invest the billions due to the uncertainty caused by these attacks. Since it takes up to five years to realize returns on new investment, Iraq will not see any major improvement until well into the next decade.
• Global effects. Global oil production has stalled/slowed (for a variety of systemic factors) in the face of rapidly rising demand (mostly Chinese). Further, new sources of production are barely able to match declines in existing fields. Prices have risen to near historic highs as a result. So, given that Iraq is the only major oil exporter with large amounts of untapped potential, its dysfunction will have a major impact on future prices (and very likely, global economic health).