THIS PAPER IS
UNCLASSIFIED
Project MacDuff: Network Disruption
Frank C. MahnckeChief Analyst
Joint Warfare Analysis CenterDahlgren, Virginia
19th ISMOR: Oxford, UK
27-30 August 2002
Project MacDuff Overview
• Objective: – Identify network vulnerabilities and concepts for potential
operations against them
– Apply organizational science concepts to the disruption of opponent networks
• Process: Workshops with Academics and Military– Enablers of EmergenceEnablers of Emergence
– Case StudiesCase Studies
– Network Models and SimulationsNetwork Models and Simulations
– Vulnerabilities and “Rules of Thumb” for OperationsVulnerabilities and “Rules of Thumb” for Operations
UNCLASSIFIED
UNCLASSIFIED
Project Participants
• Academia & Consultants– UNC – Chapel Hill– U of Arizona– Boston College– Carnegie-Mellon– Clemson– Emory University– U of Nevada– U of Pittsburgh– U of Texas– Alidade– Aptima– Morgan Chase– NYMX– Orgnet– SAIC
• Government– JWAC
– OSD Net Assessment
– OSD SOLIC
– MCWL
UNCLASSIFIED
UNCLASSIFIED
Enablers of Emergence
• Search Agents (different models, diversity)
• Search Process (protected)
• Connections (external, internal)
• Selection Mechanism
• Time & Resources
UNCLASSIFIED
UNCLASSIFIED
Desert Storm v. Somalia
Case Studies: European Terrorists
• Three Generations– Charismatic
– Professional
– National Servicemen
• Characteristics– high loss tolerance
– autonomous cell structure
– ingenious
• Failure– erosion of the “cause”
– failure to regenerate and recruit
UNCLASSIFIED
UNCLASSIFIED
Social Network Example
Highest Centrality
Highest Cognitive Load Emergent Leader
UNCLASSIFIED
UNCLASSIFIED
Leadership Removal: Cellular NetworksUNCLASSIFIED
UNCLASSIFIED
Remove 15 at time 15
Remove 15, 1 each time period
Removal v. Time
505050505050505050505050505050505050505050505050505050505050 505050505050505050505050505050505050505050505050505050505050N =
ROUND
28.00
26.00
24.00
22.00
20.00
18.00
16.00
14.00
12.00
10.00
8.00
6.00
4.00
2.00
.00
95
% C
I P
ER
F
.98
.97
.96
.95
.94
KT
.00
1.00
Leadership RemovalCentral v. Cognitive
202020202020202020202020202020202020202020202020202020202020 202020202020202020202020202020202020202020202020202020202020N =
ROUND
28.00
26.00
24.00
22.00
20.00
18.00
16.00
14.00
12.00
10.00
8.00
6.00
4.00
2.00
.00
95%
CI P
ER
F
.98
.97
.96
.95
.94
KL
.00
1.00
The Most Central Agents
The Cognitive Leaders
Remove 20 people out of 100 at time 15
Implication:
remove cognitive leadership first
steady removal over time
Centrality and Betweeness
centrality
betweeness
UNCLASSIFIED
Activity Networks
• Network activities can be– mutually supportive, or
– in conflict
• Unexpected loads in high stress situations can cause network breakdown
Community
Service
Special Events
Customer Service
Stocking
Physical Maint.
Merchandising
Regulation
Administration
Intelligence
Vendors & DSD
Managing People
UNCLASSIFIED
UNCLASSIFIED
Notional Terrorist Activity Network
Most Disruptive
Disrupt Simultaneously
UNCLASSIFIED
UNCLASSIFIED
A Few Rules of Thumbfor
Disrupting Networks
UNCLASSIFIED
UNCLASSIFIED
Scouting Networks
• Some indications that full knowledge of the net is not needed to begin action
• Watch, stimulate “high betweeness” players– activation of activity network leads to communication
– no damage to the network
– no reformation or adaptation of the network
UNCLASSIFIED
UNCLASSIFIED
Disrupting Cellular Networks
• most disruption:
cognitive leaders across network
• some disruption:
central leaders across network
• small or random removals have small effect
• cellular networks are robust !
UNCLASSIFIED
UNCLASSIFIED
Time Pacing Disruption
• Disruption requires multiple and sustained attacks
• Takes time to show impact
• Networks recover by:– reorganization
– new agents
• Covert networks: slower recovery
UNCLASSIFIED
UNCLASSIFIED
Disrupting at the Seams
• Seams: where the organization interacts with:– major internal sub-organizations
– the outside world
• Disrupt at:– functional seams
– organizational seams
– boundaries• recruiting sources
• outside support structure
UNCLASSIFIED
UNCLASSIFIED
Notional Terrorist Network Seams UNCLASSIFIED
Disrupting Social Capital
• Trust is critical to terrorist groups
• Disruptions of trust:– deny leadership ability to create new links/reinforce
old ones
– inject elements of distrust in a paranoid organization• plant people and organizations to sew distrust
– capitalize on less-violent sub-networks
UNCLASSIFIED
UNCLASSIFIED
Disrupting Network Adaptivity
• Deny– search
– connections
– time & resources
• Attack innovative parts of the network
• Attack cohesion within network – break links between it and other organizations
• Attack redundancy
UNCLASSIFIED
UNCLASSIFIED
Disrupting Activity Networks
• Simultaneous attacks on the security, operations, recruiting, operations funding, and logistic support foci appear promising
• Attacks on public relations, strategic alliances, institutional funding, and community relations have little effect
UNCLASSIFIED
UNCLASSIFIED
Network Vulnerabilities (pro-tem)
• Leadership
• Seams
• Social Capital
• Adaptivity
• Activity Links and Nodes
UNCLASSIFIED
UNCLASSIFIED
Potential Future Research
• Activity Links and Nodes
• Leadership Dimensions
• Network Seams
• Social Capital Disruption
• Adaptivity Denial
• Intelligence Depth Required
• Covert Network Characteristics
UNCLASSIFIED
UNCLASSIFIED