[ISN] Disconnect the Dots

From: InfoSec News (isnat_private)
Date: Thu Sep 20 2001 - 02:18:38 PDT

  • Next message: InfoSec News: "[ISN] Network warfare making progress"

    Forwarded by: William Knowles <wkat_private>
    
    http://www.washingtonpost.com/wp-dyn/articles/A41015-2001Sep16.html
    
    By Joel Garreau
    Washington Post Staff Writer
    Monday, September 17, 2001; Page C01 
    
    The essence of this first war of the 21st century is that it's not
    like the old ones.
    
    That's why, as $40 billion is voted for the new war on terrorism,
    35,000 reservists are called up and two aircraft carrier battle groups
    hover near Afghanistan, some warriors and analysts have questions:
    
    In the Information Age, they ask, how do you attack, degrade or
    destroy a small, shadowy, globally distributed, stateless network of
    intensely loyal partisans with few fixed assets or addresses?
    
    If bombers are not the right hammer for this nail, what is?
    
    Bombers worked well in wars in which one Industrial Age military threw
    steel at another. World War II, for instance, was a matchup of roughly
    symmetrical forces.
    
    This is not true today.
    
    That's why people who think about these things call this new conflict
    "asymmetric warfare." The terrorist side is different: different
    organization, different methods of attack -- and of defense.
    
    "It takes a tank to fight a tank. It takes a network to fight a
    network," says John Arquilla, senior consultant to the international
    security group Rand and co-author of the forthcoming "Networks and
    Netwars: The Future of Terror, Crime and Militancy."
    
    He asks: "How do you attack a trust structure -- which is what a
    network is? You're not going to do this with Tomahawk missiles or
    strategic bombardment."
    
    "It's a whole new playing field. You're not attacking a nation, but a
    network," says Karen Stephenson, who studies everything from
    corporations to the U.S. Navy as if they were tribes. Trained as a
    chemist and anthropologist, she now teaches at Harvard and the
    University of London. "You have to understand what holds those
    networks in place, what makes them strong and where the leverage
    points are. They're not random connections," she says.
    
    Human networks are distinct from electronic ones. They are not the
    Internet. They are political and emotional connections among people
    who must trust each other in order to function, like Colombian drug
    cartels and Basque separatists and the Irish Republican Army. Not to
    mention high-seas pirates, smugglers of illegal immigrants, and rogue
    brokers of weapons of mass destruction.
    
    But how to establish a target list in a network?
    
    The good news is that in the last decade we have developed a whole new
    set of weapons to figure that out.
    
    An industry has arisen to help corporations build new networks and
    junk old hierarchical bureaucracies in the age of merging and emerging
    companies, says Kathleen Carley, director of the Center for
    Computational Analysis of Social and Organizational Systems at
    Carnegie Mellon University. New tools have been developed that analyze
    how an organization interacts, yielding a kind of X-ray that shows
    where the key links are.
    
    There is a general set of principles to any network, says Stephenson,
    whose company, NetForm, has developed software that mathematically
    analyzes networks.
    
    She points out that typically a network is made up of different kinds
    of nodes -- pivotal people.
    
    The critical ones are "hubs," "gatekeepers" and "pulsetakers," she
    believes. Hubs are the people who are directly connected to the most
    people; they know where the best resources are and they act as
    clearinghouses of information and ideas, although they often are not
    aware of their own importance. Gatekeepers are those connected to the
    "right" people. They are the powers around the throne, and often they
    know their own importance. Pulsetakers are indirectly connected to a
    lot of people who know the right people. They are "friends of a
    friend" to vast numbers of people across widely divergent groups and
    interests.
    
    The classic example of how to use this analysis is "finding the
    critical employee in the company -- the lone expert who knows how to
    fix the machine," Carley says. Ironically, without network analysis,
    managers frequently don't recognize who that is and the nature of his
    importance.
    
    "But there's no reason it can't be turned around in the opposite way,"
    she says. There's no reason organizational glitches, screw-ups,
    jealousies and distrust that slow and degrade performance can't be
    intentionally introduced." A network's ability to adapt to new
    challenges can be degraded.
    
    Carley says: "One of the things that leads to the ability to adapt is
    who knows who and who knows what. The higher that is, the better the
    group's flexibility. But you can reduce the number of times the group
    can communicate or congregate. Or you can rotate personnel rapidly."
    And in war, this may have to be done by capturing or killing them.
    "You can also segregate the things people are doing, so they learn
    only on a need-to-know basis. The more isolated the tasks are, the
    more you inhibit their ability to function as a team.
    
    "Imagine in your office if you knew who went to whom for advice,"
    Carley says. "If you found a set of people who gave out more advice
    than anyone else and then removed them from the network, so they can't
    communicate with others, you would infringe on the ability of the
    network to operate."
    
    In the case of terror networks, people are linked by family ties,
    marriage ties and shared principles, interests and goals. They thus
    can be all of one mind, even though they are dispersed and devoted to
    different tasks. They "know what they have to do" without needing a
    single-central leadership, command or headquarters.
    
    There is no precise heart or head that can be targeted, Arquilla says.
    Even if you take out an Osama bin Laden, his organization, al Qaeda
    ("The Base"), still has the resilience of a classic human network. Bin
    Laden's, for instance, is made up of an estimated two dozen separate
    militant Islamic groups in the Philippines, Lebanon, Egypt, Kashmir,
    Algeria, Indonesia and elsewhere, with hundreds of cells, some of them
    located in Western Europe and even the United States, as we've
    discovered in the past week.
    
    On the other hand, depending on the structure of the network, removing
    a few key nodes can sometimes do a lot of good, says Frank Fukuyama,
    author of the seminal work "Trust: The Social Virtues and the Creation
    of Prosperity" and now a professor at the School of Advanced
    International Studies at Johns Hopkins University.
    
    "Some are so tightly bound to each other that they are not embedded in
    other networks. Kill a few nodes, and the whole thing collapses. Take
    the case of the Sendero Luminoso [Shining Path] in Peru. It couldn't
    have been that hierarchical. It was designed for the mountains of
    Peru. It couldn't have been terribly centralized. It had a scattered
    cell structure. It was hard to infiltrate. It was dispersed. And yet
    when you got [Shining Path founder and leader Abimael] Guzman and a
    few top aides, the entire thing fell apart.
    
    "The idea that there is no end of terorrists, no way to stamp them all
    out, that if you kill a hundred, another hundred will spring up -- I
    would be very careful of that assumption. The network of people who
    are willing to blow themselves up has to be limited. Sure, there are
    sympathizers and bagmen and drivers. But the actual core network of
    suicide bombers is probably a much smaller population. It is also
    tightknit and hard to infiltrate. But it is limited. It is not obvious
    to me that there is an endless supply."
    
    Another tactic: advancing the cause of the weakest link.
    
    "Suppose I've got a really powerful pulsetaker," says Stephenson,
    "vying for a position of dominance. But I also know that a member of
    the blood kin group is moving forward who is weaker. If you arrange an
    accident to eliminate the pulsetaker, and let the weaker family member
    come in, you've helped corrupt the network."
    
    The beauty of seeding weakness into an organization is that you can
    degrade its effectiveness while still monitoring it, and not causing a
    new and potentially more efficient organization to replace it. "You
    don't want to blow away the organization. You want to keep some
    fraudulent activity going on so you can monitor it. If you blow them
    away, you lose your leads," says Stephenson. "Better the devil you
    know. Like [Moammar] Gaddafi. Keep him alive, because you know him.
    Who knows what sort of clever mastermind might replace him."
    
    Intelligence is crucial to analyze the network's weak links so you can
    destroy it.
    
    "You're talking about what amounts to a clan or a tribe or brotherhood
    of blood and spilled blood. That is really tough to crack. Trying to
    infiltrate it -- we're talking years," says David Ronfeldt, a senior
    social scientist at Rand. However, from outside the network you can
    also look for patterns that stand out from the norm, like who talks to
    whom, e-mail exchanges, telephone records, bank records and who uses
    whose credit card, says Ronfeldt.
    
    "I would attack on the basis of their trust in the command and control
    structures by which they operate," says Arquilla. "If they believe
    they are being listened to, they will be inhibited. If we were to
    reduce their trust in their infrastructure, it would drive them to
    non-technical means -- force them to keep their heads down more. A
    courier carrying a disk has a hell of a long way to go to communicate
    worldwide. If you slow them down, interception is more likely."
    
    Human networks are distinct from electronic networks. But technology
    is the sea in which they swim.
    
    "What made nets vulnerable historically is their inability to
    coordinate their purpose," says Manuel Castells, author of "The Rise
    of the Network Society," the first volume of his trilogy, "The
    Information Age."
    
    "But at this point," he says, "they have this ability to be both
    decentralized and highly focused. That's what's new. And that's
    technology. Not just electronic. It's their ability to travel
    everywhere. Their ability to be informed everywhere. Their ability to
    receive money from everywhere."
    
    This is why Arquilla is dubious about some traditional
    intelligence-gathering techniques, and enthusiastic about new ones.
    For instance: You can talk about turning one of the network members
    over to your side, but "that's problematic," he says. "You don't know
    if they're playing you as a double agent or are simply psychotic." He
    is also dubious about the value of satellite reconnaissance in
    determining what we need to know about these networks.
    
    However, Arquilla likes the idea of understanding how the network
    works by using clandestine technical collection. For instance, he
    says, when any computer user surfs on the Web -- looking for travel
    tickets, say -- more often than not a piece of software, called a
    cookie, is transmitted to his computer. The device monitors his every
    move and reports back to some database what he's done.
    
    Now, Arquilla says, "think of something much more powerful than
    cookies." They exist, he says. One way to use them is by creating
    "honey pots." This involves identifying Web sites used by activists or
    setting up a Web site that will attract them, and seeding them with
    these intelligent software agents. When the activists check in, they
    can't leave without taking with them a piece of software that allows
    you to backtrack, getting into at least one part of the enemy network.
    "That likely gives you his/her all-channel connections, and maybe even
    some hints about hubs or the direction of some links," says Arquilla.
    
    There are other possibilities.
    
    "You know those little cameras that some people have on top of their
    monitors? Let me just say that it is entirely possible to activate
    those and operate them and look through them without the machine being
    turned on," he says.
    
    Software also exists that "allows you to reconstruct every single
    keystroke. One after the other. Why is that important? If you do find
    the right machine, you can reconstruct everything that happens. Even
    with unbreakable encryption, you have all the keystrokes."
    
    Much of this is hardly new, of course. Divide and conquer has worked
    for a long time. Whenever the police got a Mafia wiseguy -- Joe
    Valachi, for instance -- to betray the others, no Mafiosi could trust
    another one as much anymore. Machiavelli, in "The Prince" of 1505,
    wrote about the strategic deployment of betrayal to undermine trust.
    
    What's different is our technological ability to track groups in real
    time and see patterns that may be invisible on the surface. "Our
    technology is sufficient that you can now handle realistic-ized
    groups. We can deal with 30 to several thousand," says Carley. "You
    couldn't do that before."
    
    In 1996, Arquilla and Ronfeldt wrote a slim but highly prescient
    volume called "The Advent of Netwar" for the National Defense Research
    Institute, a federally funded research and development center
    sponsored by the Office of the Secretary of Defense, the Joint Chiefs
    of Staff and the defense agencies.
    
    It predicts that in a war between human networks, the side with
    superior intelligence wins. It also makes some tactical suggestions
    about countering human networks with counter-networks that actually
    have been used to combat computer hackers.
    
    They include:
    
    * Find a member of the enemy group who is clearly a harmless
      idiot; treat him as if he were the most important figure and the
      only one worthy of being taken seriously.
    
    * Single out competent and genuinely dangerous figures; write them off
      or call their loyalty to the cause into question.
    
    * Control the stories people tell each other to define their reason
      for living and acting as they do. The terrorist story, says
      Ronfeldt, "gives these people common cause -- us versus them. Right
      now the U.S. would seem to have the edge at the worldwide level. But
      within the region, there was the dancing in the streets in Palestine. 
      Part of the story is that America's evil, and that America's
      presence is to blame for so many of the problems in the Middle
      East. We have to attack that part."
    
    * Find the list of demands extorted by the network; grant some that
      make no sense and/or disturb and divide their political aims.
    
    * Paint the enemy with PR ugly paint so that they seem beyond the
      pale, ridiculous, alien, maniacal, inexplicable.
    
    * Destroy their social support networks by using "helpful" but
      differently valued groups that are not perceived as aggressive.
    
    * Divide and conquer; identify parts of the network that can be
      pacified and play them against former allies.
    
    * Intensify the human counter-networks in one's own civil society.
    
    Adds Manuel Castells: "We should be organizing our own networks,
    posing as Islamic terrorist networks. We should then demand to join
    one of these networks and then destroy the trust structures. Only way
    to infiltrate. Oldest technique in the world."
    
    Few of these ideas involve flattening Kabul, all of these analysts
    note.
    
    Stephenson worries that massing the Navy near Afghanistan is "a
    symbolic show of old-fashioned strength. It's not about that anymore.
    This whole playing ground has shifted."
    
    "In order to do anything, you cannot be blind," says Castells. "The
    most extraordinary vulnerability of the American military is it looks
    like they do not have many informants inside Afghanistan. It also
    looks like the majority of the components of this network do not
    relate directly or essentially to nation-states. That is new. Unless
    we have a fundamental rethinking of strategic matters, it's going to
    be literally, literally exhausting and impossible. It will be
    desperate missile attacks at the wrong targets with a lot of
    suffering. Massive bombardments turn around the opinion in many ways."
    
    "Basically," says Ronfeldt, "you have to find somebody to wipe out."
    
    
    
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ================================================================
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Sep 20 2001 - 06:48:04 PDT