Updated: Sep 20, 2021
Much has been written on how to deter, fragment, attack, or otherwise cause various levels of discomfort to nefarious networks, but I have not yet seen anything written on how to actually win against networks.
In the book, The Starfish and the Spider: The Unstoppable Power of Leaderless Organizations, the authors Ori Brafman and Rod A. Beckstrom describe the differences and advantages of disaggregated organizations over hierarchical ones and relate them to starfish and spiders respectively. Some starfish can regrow entirely from one small piece, while if a spider loses any body parts, it is going to have a tough time at the potato sack race next Thanksgiving. So the first question is: How DO you kill a starfish? The answer is simple: poison it, then crush it entirely at once, grind it into powder, mix with gasoline, ignite, scatter the ashes into the wind.
Assuming that one could in fact destroy a network of any kind be it a Mega-network, Sub-network, or the cell of a network in such a manner, we still have not come close to winning a NetWar, in fact we haven’t even won a NetBattle, for when one network loses power it is simply reborn or that space is assumed by another which has solved nothing.
The important question is: How do you deny that space to future nefarious networks? I’ll tell you what the answer ISN’T: Put a friendly hierarchy in its place. The answer is that in a sea of “starfish” you can’t deny space to other starfish, but you can expend a great deal of resources trying. What one CAN do though considering that a nefarious network can be removed, is rapidly cultivate the open space to grow a healthy organic network who will itself fend off intruders for its own self interest.
It takes a network to REPLACE a network.
The greatest deterrent to decisive victory for the US over the past decades has not been the number and skill of enemy combatants, or asymmetric warfare, or politicians, or will of the American people, or even budgetary constraints. The greatest enemy of all for the United States in recent decades has been “time” because as time passes each of these and other eroding influences increase in orders of magnitude and soon dissolve the possibility for decisive victory. Incidentally, time is the greatest asset and ally of a nefarious network. It absorbs the blows of its enemies, and heals, and morphs, and stays lean, and evolves, and is constantly communicating, adapting and adjusting. It has to because of the forces at play against it, so it does, and it survives. If you agree with that statement, then you must admit to this in light of our current strategy of network attack: We are what keeps the enemy strong, lean, and adaptable. We are P90X for nefarious networks.
Osama bin Laden’s biggest military failure was his highly conventional attack of Jalalabad against the Soviet equipped Afghan government forces after the Soviet withdrawal from Afghanistan. It was documented in the book: Afghanistan – The Bear Trap: The Defeat of a Superpower by Mohammad Yousaf. Bin Laden attempted to take Jalalabad with a guerilla force, but using semi-conventional tactics and was brutally defeated. Why did Bin Laden use a conventional strategy against a conventional army? Because he was afforded the opportunity to do so. When the network is given a period of rest, it reverts in some ways to a hierarchical structure. Another great example from The Starfish and the Spider is the resistance of the Apache Indians against the Spanish Conquistadors, then later against the US Army. The fluidity of Apache command and control baffled all attempts at defeat. What finally and inadvertently gave the US the decisive victory that had so long eluded it? Cattle. The concept of ownership caused such a change in the socio-cultural construct of the Apache that it undermined their agility and autonomy of action and simultaneously created a point of leverage for the US Army. The US Army was a big hammer looking for a nail. With the introduction of cattle to the Apache, it got its nail. The Apache became only as agile as their newfound possessions. We have to Make Nails, because we have a lot of hammers. Not that we shouldn’t do things non-kinetically because therein lies the real victory, but when the time comes to hammer, you have to see a nail. Reducing pressure on networks for certain periods of time makes nails because it allows critical nodes to amass and centralize more power influence and control, and thus increasingly aligns the necessity of their existence to the health of the network.
The removal of heat from a network for a period of time results in a natural coagulation and centralization, which can be exploited with immensely greater effect if properly orchestrated.
A cooling period is not needed for many networks, but for those who have been under great pressure for long periods of time, it could prove valuable. The inclination will be to protest this at the tactical level, for it will likely result in ceding tactical ground to the enemy depending upon the capabilities of conventional or policing containment forces.
The tactical “tit for tat” exchange produces no advantage to US Forces other than containment. Alexander the Great always rode at the front of his maneuver element because it allowed him to create and shape gaps at the tactical level that he exploited immediately and decisively with his Operational force. Alexander was the master of true asymmetric warfare using precision, overwhelming exploitation, and momentum.
Step 1: Poison the Network
Networks are comprised of Nodes and Edges. With regard to human networks the edges primarily represent relationships. The weight of effort in analysis and targeting is focused on the Nodes. If a key node is removed, the network must adapt, and in some cases, is fragmented for a period of time until another node or nodes emerge or adapt to take on the burden of the missing one. The damage to the network is usually temporary in nature. However, this is not necessarily true of relationships. A relationship cannot be removed unless a node is removed, but it can be affected. The subtle and clandestine introduction of doubt or distrust can have a significant effect on a network. The Rhodesian Selous Scouts became masters of this art through the use of a mix of Pseudo Operations, Kill/Capture missions, I/O Campaigns and other types of operations meant to sow doubt, distrust, and dread into the fabric of enemy guerilla networks. It was hugely successful at paralyzing enemy networks due to fear and distrust of one another, in some cases to the point of actually fragmenting the guerrilla forces to the degree that they began fighting each other.
This is poisoning the network. The piecemeal removal of nodes does affect change upon a network, but as evidenced time and again, it has the tendency to produce more nodes through the effects of poor public sentiment and personal rage. The poisoning of a network through attacking relationships on the other hand causes permanent rifts, fragmentation, and infighting at the best, and doubt, suspicion, and fear at the very least.
Much more attention should be paid to attacking the edges versus the nodes, especially as a precursor to and during kinetic operations.
Step 2: Crush the Network
Crush: to reduce to particles by pounding or grinding (Merriam-Webster)
Crushing the network must be fully synchronized across the communities of authorities, action, and support, and should be conducted by with and through local authorities and forces.
1. Sudden, unforeseen isolation in multiple dimensions
A network by nature is and must be connected or it ceases to be a network. Isolation is the antithesis connection; therefore the components of a network must be isolated one from another, and from other networks in several dimensions. The lifeblood of a network under attack is time; if it can but survive, it wins. However, if one can temporally isolate a network while acting against it, one can kill a network.
Types of Isolation:
Temporal – surprise and massive simultaneous action during single period of darkness, like Santa Claus
Communication/Information – remove ability to warn of danger or heal
Financial – freezing or seizing of accounts and assets
Economic - ensure no capacity for acquiring more resources
Physical – interrogation and incarceration, deportation, exile etc.
2. Immediate, massive, simultaneous, persistent violence of action to the network writ large including all of its nodes, relationships, and interests
Types of Action:
Kinetic- Deadly force
Interrogation – On site and ongoing throughout kinetic operations
Sensitive Site Exploitation – Immediate with reach-back to analysts and ongoing throughout kinetic operations
Real-time Intelligence – Intel cells in support of each unit of action to the team level and conducting real-time analysis of SSE and interrogation data in order to build FRAGOs or launch Exploit Raids
Legal – Arrest and seizure
I/O - Undermine the character of the network to local populace, spread of rumor, and poisoning of relationships within the network including staged tip-offs etc.
Financial – Freeze or seizure
Judicial – Extradition, warrants, etc
There are many types of isolation and action to be levied against a network, all of which must be orchestrated and executed within as short a time as possible, and to the maximum extent possible and/or legal. A Total War Concept of Operations must be built for this phase of operations.
A limited scale example of this was carried out by a Marine Force Recon platoon in Al Hilla in 2004. The Platoon conducted a raid against a key member of the local network, carried out immediate on-site interrogation and site exploitation. This yielded information sufficient to conduct a second raid on another member of the local network. The platoon did the same at the next objective which led to another raid, then another and so on. When the sun came up the next day, the entire local network was gone. Annihilated.
The Night of the Long Knives
Operational, Intelligence, Information, and Logistical Preparation of the Operational Environment are essential to the proper conduct of Crush the Netwrok (CtN).
The first step, and most important to evaluating the success of the operation, is the establishment of a PMESII, Communication, Cyber, Information baseline for the region. This should be granular enough to make deviations from the norm obvious, and built to reflect effectiveness of all aspects of Blue/Green actions upon the environment. Clandestine source, sensor, and ISR emplacement and initiation of an I/O campaign must take place well before the initial strike. In order to appropriately feed the planning and execution process, this intelligence machine must be operational before and during the “cooling period” if one is appropriate, and throughout the remainder of the operation. It must be as robust as possible without being detected except in cases where this is impossible, (such as limited overt areal overflights, in which case they should be conducted frequently enough to become the norm).
Logistical Preparation of the Operational Environment (LPOE) will be a key and highly sensitive aspect to the operation, especially if kinetic operations are required. As many resources as possible should be prepared at secure locations well away from the area of operations in preparation for a logistics surge to coincide with the initial strike. Resources that require pre-staging, facilities preparation, and other elements of LPOE must be done clandestinely and with absolute secrecy so as not to “tip off” the enemy to an impending event.
Isolation Targeting: In order to effectively crush the network, target packages must be prepared for all known members of the network to the lowest level. The type of prosecution of these targets will likely vary from kinetic to non-kinetic, but all known members of the network must be isolated in some way, whether by arrest or deadly force.
Stabilization Targeting: In order to effectively replace the network, target packages must be prepared for all likely key nodes in a would be organic network, and plans must be prepared to bolster and support key nodes in this network through all means available (I/O, Civil Affairs, etc.) These target packages will support the rebuilding campaign/surge set for initiation during and following the destruction of the enemy network. The role of this campaign is not to win hearts and minds, nor to align its purpose with the interests of the United States per se, instead, the intent of the campaign is to build a healthy network capable of pursuing its own self interests in juxtaposition to the will of nefarious networks.
Concept of Operations
In the current modus operandi, the optimal Concept of Operations could be something like this: a single US Army Special Forces Operational Detachment Alpha (ODA) conducts attacks against key nodes in a network during every period of darkness for 90 days.
CtN’s reliance on isolation to defeat networks would look more like this:
- All assets related to network are seized or frozen
- Arrest warrants issued
- Extradition granted if possible
- Legal actions taken against network members and interests
- Any and all actions legally taken against the network are executed
- In concert with local military and Law Enforcement, every ODA in an Army Special Forces Group enters the area of operations from over the horizon and immediately executes missions against their primary target packages, then conducts on-site interrogation and SSE. Using real-time reachback to each team’s intelligence and exploitation cell a determination is made to prosecute their secondary targets, or act on intelligence gained at the initial target to prosecute an alternate target. In some cases, rapid exploitation raid teams are sent to prosecute targets identified by intel gathered at the objectives. Supplied by extra food, water, and ammunition staged aboard their insert platforms, the ODAs continue to prosecute target after target until sunrise. Intelligence cells develop the next target packages and monitor the environment for any sign of resurgence of the network. As the network seeks to communicate or otherwise react, more targets are identified for immediate prosecution. 30-90 operations are conducted during each period of darkness for 3-5 days. On the last day of targeted kinetic operations, the ODAs depart the AO.
A massive pre-planned I/O and CA campaign in concert with the local and regional government is initiated to “replace the network”.
Victory against Mega-networks
CtN would work most decisively if executed against three or more consecutive links in a Mega-network’s value chain, simultaneously. If only a single link (cell or network) is removed, it can be bypassed and/or restored eventually. If three consecutive links are annihilated, the entire value chain is compromised.
This could also be conducted globally against key nodes during a single period of darkness, which would not remove the network, but would equate to a massive strike against a global network with minimal public outcry due to the distribution of the operations across multiple regions.
Limited BOG time/increased DWELL time for SOF operators