Emergent Warfighting in the Physical and Digital Realms: “Swarming”
I recently mused on the preponderance of articles on the Ansar boards concerning insects. The postings all centred on Bee’s Ants, and other insects that, as it was pointed out to me later, “swarm” It was after this epiphany, that the person who reminded me of this fact, sent me a link to a pdf file written by the military back in 2000 and updated in 2005. This document produced by the RAND Corporation has hit the mark today especially for me post the Wikileaks DDoS and I should think that others have picked up on this, namely, the Jihadists.
Al Qaeda,” or “the Base,” as Osama bin Laden’s terror network is known, may be trying
to engage in “strategic swarming”—an effort to strike simultaneously, or with close
sequencing, at widely separated targets (e.g., the embassy bombings in Kenya and
Tanzania). But, so far, his ability to mount operations of strategic significance seems lim-
ited. Also, to the extent to which the Base’s operations depend upon bin Laden’s direct
leadership, this is a case that differs from the “leaderless” quality of classic swarm theory.
The Jihadists have learned from this swarming pattern to actually create an infrastructure of communications (their websites and boards) that are not solely housed on any one server, but instead, many servers that can be used as a backup when one fails. This has made it harder for sites to be taken down just as much as the nature of the Internet itself has made it difficult to put a halt to these sites being stood up quickly and easily missed by authorities. By extension though, the jihadi’s have also begun I think, to make the connection between swarming tactics, guerrilla warfare, and the position they find themselves in today being shunted into certain areas of the Asiatic.
What has come of this is that AQ, GIMF, AQAP, AL Shabab, and others are branding their propaganda wings, creating a virtual infrastructure for recruitment, and attempting to create “hives” of malcontent’s that will swarm when the signal is given. What’s worse, is that I fear the Jihadists will learn from our pals at Anonymous and perhaps use the technologies at hand (LOIC and an IRC server) to attempt a combined attack of digital and kinetic that could be problematic for us all. Which brings me to the digital realm…
What the DDoS is at its heart is in fact a “swarming” maneuver for the digital age. With the prevalence of inter networked technologies that we have become inextricably connected to, a swarm attack could potentially kill a non resilient network infrastructure and render the country inert in many ways. This has been proved out with the cyber attacks on Georgia by Russia in tandem with the kinetic attacks of bombing and other internal guerrilla warfare that was carried out there. The Rand report does a great job at not only describing the physical swarm used in warfare to date, but also goes on to cover the nascent internet (its writing was in 2000 but citing 1994 documentation)
Swarming has two fundamental requirements.
First, to be able to strike at an adversary
from multiple directions, there must be large numbers of small units of maneuver that
are tightly internetted—i.e., that can communicate and coordinate with each other at
will, and are expected to do so.
The second requirement is that the “swarm force” must
not only engage in strike operations, but also form part of a “sensory organization,” pro-
viding the surveillance and synoptic-level observations necessary to the creation and
maintenance of “topsight.”
Thus, swarming relies upon what Libicki (1994) calls “the
many and the small,” as well as upon Gelernter’s (1991) notion of a command element
that “knows” a great deal but intervenes only sparingly, when necessary. These two fun-
damental requirements may necessitate creating new systems for command, control,
communications, computers, and intelligence (C4I).
Clearly, digital communications enable the rise of swarm networks. They provide for
smooth cascades of information and for the level of information security that will be
needed in an increasingly dispersed, nonlinear battlespace of the future. The conse-
quence of poor information security will be high for a swarm force if it becomes com-
promised—but then the cost of intercepted and decoded communications has always
been high. In 207 B.C., during the later years of the Second Punic War, a Carthaginian
messenger was caught by the Romans, leading to the deadly ambush of Hasdrubal’s
army at the Metaurus—and to the overall defeat of Carthage (Creasy, 1851, pp. 84–110).
Two millennia later, at the Battle of Tannenberg in the opening month of World War I,
German radio intercepts of Russian field movements allowed an outnumbered force
under Hindenburg to win a signal victory that tipped the scales much in Germany’s
Robust communications that help with both the structuring and processing of informa-
tion will enable most pods and clusters to engage the enemy most of the time—a key
aspect of swarming. If this can be done consistently, it holds out the possibility of creat-
ing a new kind of force-multiplying effect, whereby a skillful blending of the technologi-
cal and organizational aspects of information operations can enable a relatively small
force to outperform an ostensibly larger one.
There you have it, they called this back in 2000, of course there had been DoS attacks already, in fact one of them was actually named operation SWARM. So the precedent and the idea had already been in use and thought about. My question is why then, with all of the knowledge about how this works, NOTHING really has been substantively done about creating meshed networks that could withstand and respond to a SWARM/DDoS attack? Even if the heart of the problems today may lay at the application layer, what else could be done aside from load balancing that would re-mediate this attack?
In the last few days all I have been seeing on the blogs and RSS feeds are predictions for the 2011 threatscape. Of course DDoS is right at the top of that list now because of Anonymous and others who have been using this attack schema for their own purposes. Anonymous though, at the level of theory and practice, truly has been a “swarm” attacker. They have used innumerable personal machines through a C&C infrastructure that can in fact be anywhere. All you need to do it put out the word (IP address/channel) and anyone who wants to can just give cycles to the cause. Of course this is proving to be a little problematic as the FBI is seizing servers already from the DDoS campaigns against Mastercard and other vendors.
Done right though, with no skiddie technology, but instead with proxies, and protections for the end users (John Q. Public) then it would be much harder to catch anyone after the fact as well as if you handled it deftly, you could in fact create a mesh network that could hand off the traffic should there be a counter attack against the aggressors. Similarly, if those being attacked had a resilient network (dare I say cloud computing.. alas.. I did..) then it is possible to absorb the traffic, or deflect it so as to not have a situation where the systems are down because of a single node of failure, so to speak.
In conclusion, I think that this paper is very important to not only the military, but also the security and networking industry itself. Think not only about the potential for DDoS attacks, but also picture the next gen of “Stuxnet” with not only the features of PLC injection, but also botnet/p2p capabilities (it had p2p of a sort built in already) that could infect machines with multiple 0day, lay in wait until the “swarm” order is given. This could be the largest swarm attack yet.