Information Security News
mailing list archives
Terrorism and the Tactics of Network Destruction
From: InfoSec News <isn () c4i org>
Date: Mon, 8 Oct 2001 03:08:13 -0500 (CDT)
CHICAGO - Open source and complexity theory hold the strategic keys to
managing risk in this age of terrorism, writes Eric Norlin of the
Denver-based Titanic Deckchair Rearrangement Corporation.
Let's explore a simple analogy...
The terrorist organization is a network a loosely affiliated group of
nodes that exhibit emergent properties as they form for a task and
then disband. Their organization fits within the standard model of
modern complexity theory: nodes of prominence emerge naturally as the
forces of co-evolutionary development (namely, natural selection and
auto catalysis) battle it out.
That is to say that terrorists are, in a sense, born and not made (and
no, I don't mean that as some slight on Arabs, Muslims or Islamic
The Internet is also a loosely affiliated group of nodes that exhibit
emergent properties. In fact, if the structure of the two were lined
up side by side, they would be nearly indistinguishable. As such, that
which seriously damages the Internet could, from a tactical
standpoint, teach us valuable lessons about damaging the terrorist
The Nimda virus hurt the Internet more than any major corporation is
willing to acknowledge, but make no mistake about it this sucker
seriously impeded performance and leaves certain systems still
cleaning up. In other words, a virus at least temporarily, brought a
large portion of the Internet to a crawl. This should be our first
Terrorist networks are distributed intelligence. Thus, they do not
respond to the attacks of a command and control architecture i.e.,
tank battalions are pretty senseless. Hacks against computer networks,
on the other hand, provide a useful outline for harm:
1) Take down a few key hubs.
OK, so Nimda didn't actually do this in theory, but in practice it
might as well have. In a terrorist network, this will mean the
physical destruction of known camps, training centers and monetary
sources (and a few key humans, if possible).
2) Begin a denial of service attack.
Nimda, at its core, did this on an individual node basis as it
occupied servers everywhere with its incessant spreading. Translating
this to terrorism means a little creativity, as a denial of service
attack is essentially a request for information.
I would think the analogy in the terrorist lexicon is something
similar to gathering intelligence at such a rapid rate that they
become alerted to your closing presence on a daily and repeated basis.
This forces the network to constantly attempt to reorganize its
connections to maintain viability.
3) Don't stop.
This is where the Internet analogy crosses over to complexity theory.
The lifecycle of a complex system (be it terrorist network, ecosystem
or Internet) runs as follows:
Initial conditions build to a point wherein auto-catalysis
(self-organization) occurs among the existing interactive elements.
The auto-catalysis leads to a organizational network of prominence,
wherein certain nodes gain levels of importance over other nodes. The
key here, though, is the process the value and viability of the system
lies in its ability to interact node-to-node. That is to say that
information is generated in the process between nodes, and it is at
that point that the co-evolutionary drives kick in.
(Note: We see this in the terrorist networks in the loose actions that
ripple across cells that do not actually know each other. The
operation only becomes viable as the nodes process interactions with
The system, once organized, will evolve so as to encourage maximum
levels of diversity. Essentially this means that the system will
naturally push itself to the now-famous "edge of chaos" as it seeks to
remain viable. Systems living on this edge achieve maximum
productivity (viability), but they also become increasingly vulnerable
to catastrophic, exogenous events that push them into a
reorganizational state equivalent to extinction. Alternatively,
systems that do not reach this edge become rigid in their responses to
information. This brings their extinction rate to 100 percent.
The extremely dynamic nature of the terrorist network implies that it
lives on the edge of chaos a network whose very viability depends upon
its ability to rapidly respond to incoming information. Thus, the
network is vulnerable to repeated deluges of assault not so much in
the physical sense as in the intelligence sense.
By forcing the network to adjust to ever-tightening circles of
intelligence, you're asking it to respond ever more rapidly to
information requests effectively setting up a denial of service
attack. Insistent, aggressive intelligence forces the network to
expend its energy reorganizing and ensuring survival vs. pursuing its
stated purpose for existence. This will push the network over the edge
of chaos and into a state of disarray. Whether it is able to
reorganize is anybody's guess.
So you see, the terrorist network can be effectively fought and it
would appear that Powell et al. have some clue as to how to go about
For business, this means that distributed approaches to organization
are now doubly important and while I hate to say we can learn
something from the open source movement (if only because Eric Raymond
wrote the single most asinine piece of the decade in response to the
terrorist strike) well, it's true.
Open source and complexity theory hold the strategic keys to managing
risk in this age of terrorism.
For those that are wondering, yes, I'm available for strategic and
tactical consulting in this area. What makes me qualified, you ask?
Four years working with the NSA doing (stuff) that I'll never tell you
about. Call me if you need help (and you know you do).
Eric Norlin is a defense analyst and CEO of the Denver-based Titanic
Deckchair Rearrangement Corporation. He can be reached at
enor- () uswest net
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
- Terrorism and the Tactics of Network Destruction InfoSec News (Oct 08)