http://eprairie.com/analysis/viewanalysis.asp?newsletterID=3010 10/4/2001 CHICAGO - Open source and complexity theory hold the strategic keys to managing risk in this age of terrorism, writes Eric Norlin of the Denver-based Titanic Deckchair Rearrangement Corporation. ---------------------------------------------------------------------- Let's explore a simple analogy... The terrorist organization is a network a loosely affiliated group of nodes that exhibit emergent properties as they form for a task and then disband. Their organization fits within the standard model of modern complexity theory: nodes of prominence emerge naturally as the forces of co-evolutionary development (namely, natural selection and auto catalysis) battle it out. That is to say that terrorists are, in a sense, born and not made (and no, I don't mean that as some slight on Arabs, Muslims or Islamic culture). The Internet is also a loosely affiliated group of nodes that exhibit emergent properties. In fact, if the structure of the two were lined up side by side, they would be nearly indistinguishable. As such, that which seriously damages the Internet could, from a tactical standpoint, teach us valuable lessons about damaging the terrorist network. The Nimda virus hurt the Internet more than any major corporation is willing to acknowledge, but make no mistake about it this sucker seriously impeded performance and leaves certain systems still cleaning up. In other words, a virus at least temporarily, brought a large portion of the Internet to a crawl. This should be our first clue. Terrorist networks are distributed intelligence. Thus, they do not respond to the attacks of a command and control architecture i.e., tank battalions are pretty senseless. Hacks against computer networks, on the other hand, provide a useful outline for harm: 1) Take down a few key hubs. OK, so Nimda didn't actually do this in theory, but in practice it might as well have. In a terrorist network, this will mean the physical destruction of known camps, training centers and monetary sources (and a few key humans, if possible). 2) Begin a denial of service attack. Nimda, at its core, did this on an individual node basis as it occupied servers everywhere with its incessant spreading. Translating this to terrorism means a little creativity, as a denial of service attack is essentially a request for information. I would think the analogy in the terrorist lexicon is something similar to gathering intelligence at such a rapid rate that they become alerted to your closing presence on a daily and repeated basis. This forces the network to constantly attempt to reorganize its connections to maintain viability. 3) Don't stop. This is where the Internet analogy crosses over to complexity theory. The lifecycle of a complex system (be it terrorist network, ecosystem or Internet) runs as follows: Initial conditions build to a point wherein auto-catalysis (self-organization) occurs among the existing interactive elements. The auto-catalysis leads to a organizational network of prominence, wherein certain nodes gain levels of importance over other nodes. The key here, though, is the process the value and viability of the system lies in its ability to interact node-to-node. That is to say that information is generated in the process between nodes, and it is at that point that the co-evolutionary drives kick in. (Note: We see this in the terrorist networks in the loose actions that ripple across cells that do not actually know each other. The operation only becomes viable as the nodes process interactions with each other.) The system, once organized, will evolve so as to encourage maximum levels of diversity. Essentially this means that the system will naturally push itself to the now-famous "edge of chaos" as it seeks to remain viable. Systems living on this edge achieve maximum productivity (viability), but they also become increasingly vulnerable to catastrophic, exogenous events that push them into a reorganizational state equivalent to extinction. Alternatively, systems that do not reach this edge become rigid in their responses to information. This brings their extinction rate to 100 percent. The extremely dynamic nature of the terrorist network implies that it lives on the edge of chaos a network whose very viability depends upon its ability to rapidly respond to incoming information. Thus, the network is vulnerable to repeated deluges of assault not so much in the physical sense as in the intelligence sense. By forcing the network to adjust to ever-tightening circles of intelligence, you're asking it to respond ever more rapidly to information requests effectively setting up a denial of service attack. Insistent, aggressive intelligence forces the network to expend its energy reorganizing and ensuring survival vs. pursuing its stated purpose for existence. This will push the network over the edge of chaos and into a state of disarray. Whether it is able to reorganize is anybody's guess. So you see, the terrorist network can be effectively fought and it would appear that Powell et al. have some clue as to how to go about it. For business, this means that distributed approaches to organization are now doubly important and while I hate to say we can learn something from the open source movement (if only because Eric Raymond wrote the single most asinine piece of the decade in response to the terrorist strike) well, it's true. Open source and complexity theory hold the strategic keys to managing risk in this age of terrorism. For those that are wondering, yes, I'm available for strategic and tactical consulting in this area. What makes me qualified, you ask? Four years working with the NSA doing (stuff) that I'll never tell you about. Call me if you need help (and you know you do). -------------------------------------------------------------------- Eric Norlin is a defense analyst and CEO of the Denver-based Titanic Deckchair Rearrangement Corporation. He can be reached at enor-@uswest.net - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Oct 08 2001 - 03:01:54 PDT