Open-Source Warfare

[Eugen Leitl]

http://spectrum.ieee.org/print/5668

Open-Source Warfare By Robert N. Charette Photo: Jonathan Romano

ROAD TO PERDITION: In early 2005, engineers stationed in Iraq were
B-inspecting this road when an improvised explosive device went off. An
officer and his interpreter died in the blast. At the upper right is an
iRobot PackBot used to B-investigate IED sites.

On the afternoon of Thursday, 8 April 2004, U.S. troops stationed in Iraq
deployed a small remote-controlled robot to search for improvised explosive
devices. The robot, a PackBot unit made by iRobot Corp., of Burlington,
Mass., found an IED, but the discovery proved its undoing. The IED exploded,
reducing the robot to small, twisted pieces of metal, rubber, and wire.

The confrontation between robot and bomb reflects a grim paradox of the
ongoing conflict in Iraq. The PackBot's destruction may have prevented the
IED from claiming a soldier's lifebas of 31 August, IEDs accounted for nearly
half of the 3299 combat deaths reported by coalition forces. But the fact
remains that a US $100 000 piece of machinery was done in by what was
probably a few dollars' worth of explosives, most likely triggered using a
modified cellphone, a garage-door opener, or even a toy's remote control.
During the past four and a half years, the United States and its allies in
Iraq have fielded the most advanced and complex weaponry ever developed. But
they are still not winning the war.

Although there has been much debate and finger-pointing over the various
failures and setbacks suffered during the prolonged conflict, some military
analysts and counterterrorism experts say that, at its heart, this war is
radically different from previous ones and must be thought of in an entirely
new light.

bWhat we are seeing is the empowerment of the individual to conduct war,b
says John Robb, a counterterrorism expert and author of the book Brave New
War (John Wiley & Sons), which came out in April. While the concept of
asymmetric warfare dates back at least 2000 years, to the Chinese military
strategist Sun-tzu, the conflict in Iraq has redefined the nature of such
struggles [see photo, bRoad to Perditionb As events are making painfully
clear, Robb says, warfare is being transformed from a closed, state-sponsored
affair to one where the means and the know-how to do battle are readily found
on the Internet and at your local RadioShack. This open global access to
increasingly powerful technological tools, he says, is in effect allowing
bsmall groups tob&declare war on nations.b

Need a missile-guidance system? Buy yourself a Sony PlayStation 2. Need more
capability? Just upgrade to a PS3. Need satellite photos? Download them from
Google Earth or Microsoft's Virtual Earth. Need to know the current thinking
on IED attacks? Watch the latest videos created by insurgents and posted on
any one of hundreds of Web sites or log on to chat rooms where you can
exchange technical details with like-minded folks.

Robb calls this new type of conflict bopen-source warfare,b because the
manner in which insurgent groups are organizing themselves, sharing
information, and adapting their strategies bears a strong resemblance to the
open-source movement in software development. Insurgent groups, like
open-source software hackers, tend to form loose and nonhierarchical networks
to pursue a common vision, Robb says. United by that vision, they exchange
information and work collaboratively on tasks of mutual interest.  Photo:
Luke Wolagiewicz/WPN; Kareem Raheem/Reuters

FAST, CHEAP & OUT OF CONTROL: Improvised explosive devices made from
cellphones, radios, old mortars, and other low-tech mechanisms have exacted
an B-enormous toll in Iraq.

And just as in the software community, information technology and the
Internet play a pivotal role in bringing insurgents together. The
resurrection of al-Qaeda is a good example, says Brian Jackson, a terrorism
expert and associate director of the Homeland Security Program at Rand Corp.
bGiven the structural changes that were required of al-Qaeda to adapt to its
loss of Afghanistan as a safe haven,b Jackson says, bthe interconnections
among disparate parts of the decentralized organization that the Internet
made possible have been important for its survival.b

The reliance on IT also enables open-source groups to identify and respond to
problems much more rapidly than a more structured, top-down entity canbbe it
the Pentagon or a large software company such as Microsoft. According to some
estimates, it now takes Iraqi insurgents less than a month to adapt their
methods of attack, much faster than coalition troops can respond. bFor every
move we make, the enemy makes three,b U.S. Brigadier General Joe E. Ramirez
Jr. told attendees at a May conference on IEDs. bThe enemy changes
techniques, tactics, and procedures every two to three weeks. Our biggest
task is staying current and relevant.b

Unfortunately, the traditional weaponsB-acquisition process, which dictates
how the United States and other Western militaries define and develop new
weapons systems, is simply not designed to operate on such a fleeting
timescale. It can take years and sometimes decadesbnot to mention many
millions or billions of dollarsbfor a new military machine to move from
concept to design to testing and out into the field. Worse, the vast majority
of the battlefield technologies now wending their way through the acquisition
bureaucracy were intended to fight large force-on-force battles among
sovereign nations, not the guerrilla warfare that typifies the conflicts in
Iraq, Afghanistan, and elsewhere.

Meanwhile, time is on the insurgents' side. Since the start of the war, the
consumer-grade products on which they rely have undergone several generations
of improvement. Microprocessor speeds, for instance, have leaped by a factor
of at least four in that time, while the cost per MIPSbor million
instructions per second, a standard benchmark for processorsbhas dropped by
roughly 70 percent.

This past spring and summer I interviewed dozens of current and former
military officers, analysts, weapons developers, and others to try to
understand why the coalition forces' technological might has proved so
ineffectual. Nearly everyone I spoke with agreed there is a serious mismatch
between the West's industrial-age approach to warfare and the insurgents'
more fluid and adaptive style. All agreed, too, that the West will likely
face more such confrontations in the years and decades ahead. The big
concern, many people told me, is that once the war in Iraq has ended, the
innovation that has occurred there and the lessons learned will be lost as
the Pentagon returns to bbusiness as usualbbthat is, building enormously
complex and costly weapons systems and training troops to fight large-scale
wars.

To understand open-source warfare, it's instructive to revisit Eric S.
Raymond's 1997 manifesto, The Cathedral and the Bazaar, in which he describes
how a large community of open-source software hackers created the operating
system Linux.

bLinux is subversive,b Raymond wrote. bWho would have thought even five years
ago [1991] that a world-class operating system could coalesce as if by magic
out of part-time hacking by several thousand developers scattered all over
the planet, connected only by the tenuous strands of the Internet?b He
likened the rise of Linux to the public marketplace of the bazaar. The
programmers agreed to observe a few simple principles but were otherwise free
to innovate and create. Raymond contrasted that style with the bcathedralb
approach to software, in which a single organization, using highly planned,
sequentially structured steps, maintained tight managerial control over every
aspect of the process.

Eventually, the open-source culture would triumph over the proprietary world,
Raymond argued, not because it was morally right bbut simply because the
closed-source world cannot win an evolutionary arms race with open-source
communities that can put orders of magnitude more skilled time into a
problem.b Photo: Luke Wolagiewicz/WPN; Kareem Raheem/Reuters

BOMB BUILDING 101: These Arabic-language Web sites offer how-to tips on
constructing homemade explosives. The factual information is often sketchy,
though.

In studying the behaviors of insurgencies in Iraq and elsewhere, as well as
organized-crime syndicates and other groups, Robb noticed the many parallels
to the open-source model in software. In addition to working in
counterterrorism, he has also had a successful career as a software
entrepreneur.

Groups like al-Qaeda resemble in some ways the classic insurgents of the
past, such as the Palestine Liberation Organization, but several factors
distinguish them from their predecessors, Robb says. For one, they aren't
state-sponsored, which makes them harder to track down and eradicate. Being
self-financed, they generate significant income from donations as well as
from black-market commerce. Also, members of the group don't report to a
central authority; they operate relatively autonomously, and they tend to be
well educated, media-savvy, and comfortable operating in a globalized,
high-tech world. And the use of information technology has given modern
terrorists an operational edge their predecessors lacked.

Mimicking open-source developers, insurgent groups bhack at the source code
of warfare,b Robb says. By that, he means they aren't bound by the
traditional rules of military engagement; they use whatever works, with their
tactics, techniques, and procedures all open to scrutiny and improvement by
the community. Although such groups are weak by conventional military
B-benchmarksbthey'd clearly be outgunned and outmanned on an open
battlefieldbthey can still threaten strong national militaries. That's
because they don't aim to invade, hold, or govern territory, but rather to
exert political influence by exhausting an adversary's capacity to fight
back. Their preferred method of attack is to disrupt infrastructure, whether
physical, financial, or political [see photos, bWorld at Warb bSystem
disruption is going to be the main thrust of warfare for quite a long time,b
Robb predicts.

Rand CORP.'s Jackson has also studied terrorist organizations with an eye
toward how they learn and share informationbwhich he discussed in a recent
report titled bAptitude for Destruction.b Access to the Internet, Jackson
says, has given such groups ba quantum leap in capability to get their
message out.b

Many of the insurgent groups in Iraq, he notes, bare very Internet-savvy in
terms of using it as an information-B-dissemination medium.b The number of Web
sites run by terrorists climbed from fewer than a dozen in 1997 to nearly
5000 in mid-2006, according to Gabriel Weimann, a professor of communications
at the University of Haifa, in Israel, who has studied terrorism and the mass
media. Not all of those sites pose a significant threat. Last year, a team of
Pentagon analysts told Congress that of the thousands of jihadist sites they
monitor, they closely watch fewer than 100bthe ones they deem the most
hostile.

Whereas the mass media used to control access to the public, Jackson says,
insurgents now post videos and descriptions of their attacks online within
hours of their occurrence, many of which are then picked up and replayed in
the global media. AlbQaeda has a media affiliate that produces slick, branded
video and audio files for online distribution. The videos are often encoded
in multiple formats, so you can watch them on your cellphone or play them on
a big-screen television. Some insurgents are even shooting in HDTV.

Terrorist Web sites serve not only to spread propaganda but also to share
knowledge among insurgent groups, Jackson says. That helps explain why the
learning cycles among Iraqi insurgents are some 20 times as fast as the Irish
Republican Army's were in Northern Ireland in the 1980s, according to
military estimates. The SITE Institute, a group in Washington, D.C., that
monitors terrorist Web activities, has documented numerous cases of technical
know-how being exchanged online. These include a slide presentation posted on
a password-protected Arabic-language forum purporting to teach bbeginner
jihad fightersb how to rig a car bomb, as well as a training manualblinked to
from various jihadist forumsbthat claims to cover explosives, poisons, and
forgery, among other topics.

To be sure, the technical information that goes up on such sites is not
always to be trusted, notes Michael Kenney, an assistant professor of public
policy at Pennsylvania State University in Harrisburg. bSome of the terrorist
instructional manuals and online chat rooms that have received so much
attention in the press are, in fact, littered with basic mistakes,b Kenney
says. He had one of the world's leading explosives experts review some online
training manuals. The expert found that bfor every four or five recipes, one
may work, [but] only a trained eye can catchb the errors, Kenney says.
Photo: Staff Sgt. Jason Robertson/DOD Photo

HELP IS ON THE WAY: The Pentagon plans to send thousands of mine-resistant
ambush-protected vehicles to Iraq in the coming year. But MRAP supply is
lagging far behind demand.

Kenney also wonders how much a budding guerrilla can learn by simply reading.
bBuilding bombs with your bare hands is still the best way to learn how to
build bombs,b he says. bShooting a firearm over and over is the best way to
become a sharpshooter. These are skills that cannot really be learned from
recipes that you download through the Internet.b& The reason Iraq has proven
to be such a rich learning environment for insurgents has more to do with
practical, on-the-ground opportunities for learning that the fighting
provides.b

Nevertheless, he agrees with Jackson that terrorist groups are proving to be
fast learners. They're able to change their activities in response to
practical experience and technical information, store this knowledge in
practices and procedures, and select and retain routines that produce
satisfactory results. As they gain experience, their learning cycles will
only continue to shorten.

All the bomb-building advice in the world would be meaningless, of course, if
the materials to build those bombs weren't also easy to come by. But they
are, and terrorist groups are proving adept at using commercial,
off-the-shelf technology to create effective and low-cost weapons systems.

A good example is last year's plot to smuggle common chemicals on board
commercial flights using drink containers. The chemicals would then be mixed
together to form explosives, which if detonated by a small charge from, say,
a few modified AA batteries, could be powerful enough to bring down the
aircraft.  bAs the war winds down, the forces of standardization will
reassert themselves. Thatbs likely to kill many of the innovations now in use
on the battlefield.bb)

Here again, information technology plays a crucial role. Fast and efficient
worldwide distribution channels set up by the lhouses. bNothing they're doing
is going to win any prizes from the Department of Defense for high tech, but
the stuff is deadly,b says Lawrence Husick, a senior fellow at the Foreign
Policy Research Institute, in Philadelphia. bThey're using a huge variety of
cheaply available stuff.b One recent innovation is IED detonators made from
battery-powered doorbells. The doorbells consist of crude 400-kilohertz
transmitters and receivers. bThey're sloppy as hell, but they are really hard
to jam,b Husick says.

That unconventional style of mine warfare is something coalition forces
clearly didn't anticipate, and response has been slow. Earlier this year, for
instance, the Pentagon decided to spend $25 billion on mine-resistant
ambush-protected (MRAP) armored vehicles, whose V-shaped hulls and raised
chassis make them better than armored Humvees at fending off bomb blasts [see
photo, bHelp Is on the Wayb The price tag includes $750 million to airlift
the 12-metric-ton vehicles to Iraq, instead of sending them by ship. In
August, though, the Pentagon scaled back its schedule, saying only 1500 of
the planned 3900 vehicles would be delivered by year's end.

It's a race against time. As happened first to unarmored Humvees and then to
armored Humvees, insurgents have made destroying MRAP vehicles a high
priorityba btrophy kill,b as some observers call it. MRAP designs are already
reportedly being rethought to deal with emerging insurgent tactics.

You might think that the lag time was due to bureaucratic screwups, but in
fact, that's just how long the bureaucracy takes to respond. Marine
commanders in Iraq first requested MRAP vehicles in May 2006. Acquisition
officials reviewed the request and ultimately approved it late in the year.
By April, five suppliers had demonstrated they could meet survivability
requirements, production numbers, and delivery timelines, and they were then
awarded contracts. But ramping up production doesn't happen overnight. Before
MRAP vehicles became a high priority, the sole manufacturer, Force
Protection, in Ladson, S.C., was making only about five per month.  Photo:
from top left: Sultan al-Fahd/Reuters; Anjthe Cold War endedband with it, the
pressure to build large numbers of complex weapon systemsbdecisions made
decades earlier continued to prevail.

There has been no shortage of attempts to streamline B-weapons acquisition.
Since 1975, at least 129 studies have been conducted on how to reform the
process and make it more rational and responsive. Few of the recommendations
have had any lasting impact, though. A March 2006 GAO report found that for
the largest acquisition programs, the average estimated development time has
risen from 11 years to 14 years. Even if you could design an F-22 in a single
day, it would still take years to prepare the paperwork to win funding and
more years of operational tests before the plane could go into full-scale
production.

The financial stakes work against reform. In a report to Congress earlier
this year, David Walker, comptroller general of the United States, said that
annual U.S. investments in major weapons systems had doubled between 2001 and
2006, from $750 billion to more than $1.5 trillion.

Many of the defense experts I spoke with advocate a separate acquisition
process to deal with the type of irregular warfare now being fought in Iraq.
Robb, for one, isn't convinced that this would make much of a difference.
bThe big-war crowd doesn't want to understand open-source warfare,b he says.

As Upton Sinclair once said, bIt is hard to get a man to understand something
if his living depends on him not understanding it.b

Faced with the crisis in Iraq, the Pentagon has made a number of attempts to
speed up the acquisitions process. The U.S. Army, for example, has
established a Rapid Fielding Initiative to try to shorten the time it takes
to get requested equipment to soldiers. That has enabled the deployment of
the Advanced Combat Helmet, which offers better protection, comfort, and
hearing, and an improved first-aid kit for treating bleeding and removing
airway obstructions. The Army's Rapid Equipping Force identifies
unconventional commercial products that may be of use on the battlefield.
Industrial leaf blowers, for instancuiring the equipment they'll ultimately
get. No sustained attempt has been made to create an insurgent-resilient
model of acquisition.  bWhat do you do when women and children come out with
spray cans and hammers and start attacking your robots?bb)

What all this likely means is that when the wars in Iraq and Afghanistan
finally end, the Pentagon's current bcathedralb approach will envelop robots,
UCAVs, and any other interesting technology developed in the heat of battle.
bAs the war winds down, the forces of standardization will reassert
themselves,b says Rand Corp. vice president Thomas McNaugher, an expert on
defense acquisition. bThat's likely to kill many of the innovations now in
use on the battlefield.b

Robb says the solution is for defense acquisition to move away from what he
calls bpoint innovationsbbthat is, stand-alone systemsbto platform-based
systems. A platform, he explains, is a collection of services and
capabilities that everyone gets access to. Think of the Internet and how eBay
and Google exploit it.

How would such platforms work in the military sphere? Consider a project
under way at the Space Vehicle Directorate at Kirtland Air Force Base, in New
Mexico. Researchers are attempting to design inexpensive bplug and playb
satellites that could be fielded in six days or less. Each satellite would be
built from a set of standard components that could then be quickly programmed
to fit the specific mission.

To avoid getting trapped in a one-size-fits-all mentality, says Jim Lyke,
technical advisor to the project and its principal electronics engineer, bWe
intentionally made it easy to swap out a small battery for a big battery,
[an] X-band radio for a Ku-band radio, and so on.b The concept is sort of
like adding components and loading software onto your PC, depending on
whether you want to create spreadsheets, play games, or listen to music.

bWe are waging a battle against complexity,b Lyke says. The six-day target
bbecame a rallying theme to force us way out of our comfort zone.b

Lind of the Free Congress Foundation says it's also important to capture the
innovations going on in the trenches. bThere is a tremendous amount of
creativity at the junior level, but there is no outlet for it. We need to
richly resource sergeants and let them tinker,b he says. bThe kinds of
technology that are useful in these wars are what I call garage and junkyard
technologies.b The original armor for Humvees, for instance, was cobbled
together by soldiers in the field, who dubbed it bhillbilly armor.b Once a
useful technology has been discovered, Lind adds, that information can be
rapidly conveyed using the military's secure intranets. The idea is to make
use of information and IT just as the insurgents do.

Meanwhile, what is happening in Iraq and Afghanistan is only a foreshadowing
of the types of conflicts that Western countries will likely face in the
coming decades. Insurgent learning will continue long after coalition forces
have withdrawn from those countries. To face this future, it seems clear that
the West urgently needs an insurgent-resilient process for developing and
fielding effective military systems and tactics, along with a radical change
in strategic thinking.

bWe have to look outside the normal bureaucratic way of doing things,b U.S.
Secretary of Defense Robert M. Gates noted at a press conference in June.
bFor every month we delay, scores of young Americans are going to die.b If
the United States and its allies fail to embrace the need for change, they
will inevitably pay the cost in both treasure and blood.  About the Author

Contributing Editor Robert N. Charette is an IEEE B-member and risk-analysis
expert in Spotsylvania, Va. His blog Risk Factor is at
http://blogs.spectrum.ieee.org/riskfactor.  To Probe Further

Michael Kenneybs From Pablo to Osama: Trafficking and Terrorist Networks,
Government Bureaucracies, and Competitive Adaptation(Penn State University
Press, 2007) looks at the learning styles of terrorists and drug traffickers.

John Robb's Brave New War: The Next Stage of Terrorism and the End of
Globalization (John Wiley & Sons, 2007) describes the emergence of
open-source warfare.

The author plans to explore the topic of weapons development and acquisition
in a future issue of IEEE Spectrum.

For exclusive insights into how terrorist and insurgent groups are leveraging
information technology to organize, recruit, and learn see Robert Charette's
interviews with:

Lawrence Husick on how insurgents spread their message via the Web

Tom Kellermann on how terrorists are using the Internet for money laundering,
fundraising, and identify theft

Michael Kenney on how extremists are really using the Internet