Monday, February 20, 2012

More Bandwidth, Fewer Bayonets


Many of the weapons used by the military and police are growing long in the tooth.  The M16 assault rifle has been around, in various incarnations for almost fifty years.  The first Abrams tank entered service in 1980.  The F-16 Fighting Falcon first flew in 1974.  The design of the Glock pistols carried by many American police dates from 1982.  They haven’t been replaced for a couple of reasons.  One, they work, and continue to work well decades after introduction.  Two, the pervasive nature of information collection, analysis, management and distribution systems has magnified their effects to levels not dreamed of by their designers.  This article offers an introduction to post-industrial weapons systems, their effects and their vulnerabilities.

Often, it appears that the media and entertainment industries have gotten stuck in 1984 when it comes to weapons.  These industries focus, almost exclusively, on systems that achieve “target effect,” through “kinetic delivery mechanisms.”  (That’s weapon-geek speak for anything that launches some object that strikes something else…slingshot, bow, pistol, rifle, cannon, rocket…you get the idea.)  The “why” is reasonably obvious:   These types of weapons are sexy; they make for eye catching images on the evening news and fascinating accoutrements for heroines, heroes and villains.  The emerging reality is less photogenic, but no less fascinating:  War winning and bad guy defeating technologies don’t go bang and they don’t make things blow up in a spectacular fireball.  Instead, they silently retrieve, transfer, collate and analyze information and present decision makers with actionable knowledge.  These systems have become ubiquitous and indispensable.  As a result, their assured operation and protection has become critically important.

Millimeter Wave Hotspot Payload Being Loaded into UAV
The funds allocated to improving information management and access are significant.  Ongoing acquisition programs to provide the US Army the means to share real-time intelligence data with troops on the ground and to create a common network infrastructure for US Navy ships currently leverage almost $4 billion.  That’s right.  With a b.  And there are a number of information processing and management programs of similar magnitude.  And those are just the “big” programs.  On February 10, 2012, the Defense Advanced Research Projects Agency (DARPA) issued a broad agency announcement (BAA) soliciting proposals for a mobile hotspot program intended to use millimeter wave technologies to provide broadband data services for troops on the ground anywhere in the world.  Phase one of that program will be funded at a paltry $11.8 million.

It’s not just the military that is investing in information and intelligence sharing technology.  The US Department of Homeland Security boasts a Directorate of Science and Technology with a 2012 budget of almost $1.2 billion, much of which is dedicated to the development of data analysis and sharing technology.

To put that in perspective, the entire annual defense budget for the United Kingdom is approximately $55 billion.  (I’ll end the paragraph here to give the magnitude of the numbers a chance to sink in.)

The OODA Loop
These systems receive a large resource allocation because of their ability to magnify the effects of forces on the ground in general and their kinetic energy weapons in particular.  With respect to the forces on the ground, the connection is simple:  The greater the shared awareness, the more rapidly an organization can react.  To borrow a bit of jargon from the US Air Force, information analysis and dissemination systems shorten the “OODA loop.”  OODA stands for “Observe, Orient, Decide and Act,” and refers to activities associated with becoming aware of an event, making sense of the event, determining the proper course of action and executing that action.  The shorter the cycle time for these activities, the more rapidly an organization can react to an occurrence.  The faster the reaction time, the more effective the response.  

Let’s give a real world example.  Oscar the Burglar breaks into a building with a centrally monitored alarm.  

In a 1985 scenario, the alarm sends an indication to the monitoring center and the monitoring center employee places a phone call to the building’s security manager’s home.  The security manager isn’t awake, so the monitoring center calls local law enforcement.  The local law enforcement dispatcher sends out a bulletin to all cars, and multiple cars respond, drawing coverage away from other areas of the city.  In the time that it’s taken this sequence of events to occur, Oscar has made off with the family jewels and is long gone.  In command and control jargon, law enforcement was “not able to get inside Oscar’s OODA loop.”  Obviously, there isn’t any fault with respect to the officers in the patrol cars; they simply didn’t get the information they needed in time.

Now let’s shift to 2012.

The alarm sends an indication to the monitoring center.  However, instead of notifying anyone, the automated system immediately gauges the nature of the intrusion, determines that there is only one intruder and the intruder’s exact location within the building.  It then contacts the local law enforcement system with information including the nature of the event and the location.  The local law enforcement system immediately identifies all patrol cars within a given distance of the building, excludes any that are responding to higher priority calls and sends an alert indicating the nature of the event and routing information to the nearest free patrol car and the patrol supervisor.  This sequence of events has taken place in under ten seconds.  Oscar has barely had time to start bagging the jewels before the police arrive and he’s arrested.  

Note that the police officers themselves aren’t necessarily any better at their basic job skills than their 1985 counterparts.  What made the difference was their dominance of the information space.  Poor Oscar never had a chance.

In many ways the policemen in the example are analogous to today’s kinetic energy weapons.  The guided bombs and missiles aren’t necessarily more accurate or lethal than their counterparts of a decade ago.  The huge leap forward has been in the speed at which soldiers and commanders are aware of where and when to employ the weapons.  Knowing that the enemy is massing to attack an outpost an hour after the attack starts isn’t particularly useful to a commander who wants to use artillery, GPS guided bombs or, for that matter, an motorized infantry battalion to spoil the attack.  Knowing that the enemy is beginning to marshal his forces almost as soon as the activity is reported by a sensor, a scout or a spy allows the commander to pick the time, place and weapon type best suited to counter the threat almost at his leisure.

Blue Force Tracker - Modern Commander's Eyes
As can be imagined, this type of capability is seductive, and the systems that provide it assume paramount importance to the political, military, law enforcement and even corporate leadership who come to depend on it.  Because of the degree of importance, these systems are a prime target for hostile forces.  Throughout the world, nations are developing cyberwarfare capabilities to disrupt and destroy the capabilities fostered by advanced information systems.  The degree of proliferation of this silent warfare is stunning.  Two short examples serve to illustrate this point:

  • According to the commander of US Cyber Command (CYBERCOM), American defense systems are probed by hostile forces seeking to penetrate the networks six million times a day.  That’s 250,000 times an hour, 4,167 times a minute, 70 times a second.  That means in the time it’s taken you to read this paragraph, hostile hackers have made more than a thousand attempts to take down vital American military capabilities.  
  • In August 2008, Russian and Georgian forces clashed over disputed territories in South Ossetia.  As the military drama was unfolding, a multi-faceted cyber attack began against the Georgian infrastructure and key government web sites. Attack types included website defacement, web based psychological operations, a fierce propaganda campaign and a distributed denial of service attack (DDoS).
At one point, multiple Georgian government websites were down or inaccessible for hours, and in the most strategic move to date in cyber warfare, the Georgian Government relocated President Mikhail Saakashvili’s web site to a web site hosting service in Atlanta, Georgia in the United States.  The Georgians were simply not prepared for the use of computer weapons against their communications infrastructure.
Hacked Georgian Government Website
Most telling about the nature of the cyber attacks against Georgia was their source.  The attacks were carried out by groups sympathetic to, undoubtedly funded by, but also completely deniable by the Russian government.  Think of them as an ultra-nationalist version of Anonymous, written in Cyrillic characters.  As a result, even if the hackers were discovered or traced, there was very little that could be done to stop them.
So what does this mean for your novel or screenplay?  I’m glad you asked.  (Ok. I’m glad *I* asked…)

  • Your heroes, heroines and villains can get much more bang for the buck (pun intended) behind a keyboard than behind a gun.
  • The ability to collate information and recognize linkages between data is as important as the ability to collect the data.  Your detectives are no longer just finding the clues, they’re putting them together into a three dimensional model of reality.
  • Nothing and nobody is safe – on either side.  Target knows what you want before you do, the men in black know where you’ll be before you get there, and the Mountain Dew swigging, Twinkie scarfing hackers can take down the network faster than either.
  • Cyberwarfare is increasingly becoming the province of well, but loosely, organized groups that are not beholden to, but may act in concert with governments.  This means they are nearly impossible to identify and harder to eradicate.