Best Defense

Thomas E. Ricks' daily take on national security.

Can counter-terrorism lessons inform cyber ops?: The fight shapes structure

In the early days of the fight against al Qaeda in Iraq (AQI), those within the Special Operations community tasked specifically with counterterrorism missions spent countless personnel-hours gathering intelligence about al Qaeda.

Screen Shot 2015-05-05 at 11.15.41 AM
Screen Shot 2015-05-05 at 11.15.41 AM



By Chris Fussell
Best Defense report reviewer

In the early days of the fight against al Qaeda in Iraq (AQI), those within the Special Operations community tasked specifically with counterterrorism missions spent countless personnel-hours gathering intelligence about al Qaeda. As an AQI member was identified or detained, we sought immediate answers. What was his position in al Qaeda? Who did he work for in AQI? Who reported to this person? Was he being groomed to move up the ranks? All of this information was used, quite literally, to build large command and control org-charts of the AQI structure — with the very top spots feeding back into Osama bin Laden and his key lieutenants (the CEO and his C-Suite, so to speak). Understand the organization’s structure, the thinking went, and we can design a plan to dismantle it — ideally from the top down. “Cut off the head of the snake,” went the thinking.

This, of course, proved to be a fruitless exercise. Not because the intelligence was flawed (we were, in fact, flooded with good information), but because we were trying to force al Qaeda to be something that it was not — a hierarchy. What it was, and remains today in manifestations like ISIS and al Qaeda on the Arabian Peninsula, is a distributed network of likeminded radicals. Its structure is organic and ever adapting to the world around it. Efforts to give it a formal design approach the problem incorrectly.

The interesting and more dangerous corollary to our initial approach was not only to see al Qaeda as a hierarchy, but also to fight it as if it were one. The first is just bad theory, the latter is bad practice — in some cases, actions designed to dismantle the perceived hierarchy were actually increasing the strength of the al Qaeda network. We were making a classic mistake – but one that is becoming more and more prevalent in today’s world — and that is projecting old thinking onto new realities.

Hierarchies were the dominant force of the 20th century. As a result, the way that most modern organizations look at the external world, share information internally, and take action is bound by the norms of this model; which was fine when the world was symmetric, and when large parts of strategy were predicated on the ability to observe and anticipate the actions of your adversary. But in the age of networks, where information moves at light speed through an interconnected world, the old model falls short. Traditional hierarchies are designed to receive and forward raw data from the lowest levels, turn that data into understanding and decisions at the top, and then authorize actions in a top-down approach. Trying to force networked adversaries to play the same game is a Sisyphean task.

We stopped pushing the boulder up the hill with one simple mantra, and years of hard work — it takes a network to defeat a network (with a tip of the hat to the 1990’s Rand Corp work of John Arquilla and David Rondfeldt). To fight al Qaeda, we didn’t do more of the same with greater intensity; we adapted at a systems level and became a hybrid model that retained the strength and stability of the hierarchy, but was driven on a daily basis by internal networks that were in a constant state of adaptation to the moves of al Qaeda. Soon, everything about the Command and Control structures of the organization had shifted, and a global enterprise of thousands was able to move with the speed and precision required to outmaneuver the ever-morphing al Qaeda network.

In their new CNAS study, Digital Theaters Decentralizing Cyber Command and Control, Ben FitzGerald and Air Force Lt Col Parker Wright take a thoughtful look at the appropriate Command and Control (C2) structures that should be put in place, on a global scale, to facilitate the rapid expansion of the U.S. Cyber Command (USCYBERCOM). Their study looks at several examples of current C2 structures for organizations that must position forces and capabilities around the globe in support of the Geographic Combatant Commanders (GCCs). Scaling from highly centrally controlled to highly decentralized, the authors consider Space Command, Global Strike forces, Special Operations, and the Electronic Warfare community. Ultimately, they make a progressive argument that none of the existing structures provide a clear model for USCYBERCOM, as the cyber problem is clearly defined by a set of radically new variables. The authors offer four recommendations:

  • Delegation of Operational Control of CYBERCOM units to the GCCs,
  • Establish a Joint Cyber Component Command that is able to quickly synchronize efforts,
  • Deploy service specific cyber units that can provide immediate value to each service branch’s mission within a given GCC,
  • And finally, for now, maintain the Director of the National Security Agency as the dual-hatted commander of USCYBERCOM.

Their analysis and recommendations are all well and good, and a likely foreshadowing of what CYBERCOM will look like. But I would challenge the leadership considering this problem to look very hard at the lessons we’ve learned over the past decade of fighting networks. Granted, these are lessons of human networks — but human and cyber networks are more alike than most would like to admit. Both are organic in their ability to self organize information flows and to reroute around problem areas. Both quickly find and work through the seams of a traditional bureaucratic system. Both gain strength exponentially as they grow — neither are simply sums of their parts. And perhaps most importantly, the barrier of entry to become an active member of either (a distributed human network or the global cyber network) is extremely low when compared with the price of training and fielding a highly trained soldier. Therefore, we must consider the lessons we’ve learned over the past decade as we move into the cyber realm.

First and most importantly, we must assume that the answers to these problems are unlikely to sit within our existing frameworks. Seeking an appropriate C2 model based on current structure constrains our options and walks us down the same path the Special Operations community experienced at the beginning of the post 9/11 conflicts. In short, we’re looking to an organizational system designed in the pre-information age for the answers to a 21st Century problem. As we ultimately learned when facing al Qaeda, we must first understand and accept the realities of the new problem in its true form, and then build a system that is able to overlay and defeat it.

As the authors rightfully note, regardless of what the C2 structure looks like for CYBERCOM, how it manifests in reality will morph to the requirements on the ground. Given that point, I’d offer several of the key drivers that were the critical cultural underpinnings in creating a network that was able to out think and out pace the Al Qaeda organism. Importantly, these were norms we saw working and we enhanced them through a hybrid and constantly maturing C2 model…not the other way around.

First, adaptability was the key. We knew that the Al Qaeda network did one thing extremely well — it changed constantly based on the demands of the environment. Once we accepted this reality, our organization assumed a fighter’s posture – constantly shifting and adjusting to the demands of the fight. If we went days, or sometimes hours, without some type of shift in our organization (forces, assets, etc.), our assumption was that we were behind the moves of Al Qaeda. CYBERCOM must be structured to do this – adapt at a pace that outmaneuvers the threat; which implies, of course, significant levels of decentralization (as highlighted by FitzGerald and Wright).

Second, we established Shared Consciousness throughout the organization. From the tactical level operators to senior staff to globally distributed support networks, the entire enterprise had a collective and near real-time understanding of strategic, operational, and tactical level changes. We accomplished this through a disciplined and high-cadence series of communication forums that connected and synchronized thousands of members around the world on a dependable 24-hour rhythm — and we followed this cadence for years on end. CYBERCOM must study the speed of the problem it is facing then structure itself to allow for a constant and enterprise wide awareness of the threats.

Third, with inclusion and transparency as the bedrock of our large communication forums, those closest to raw data could quickly separate the critical information from the white noise, solving for the modern problem of information overload. Rather than forwarding every new piece of information up the chain (the root cause of information overload in today’s bureaucracies), members were expected to listen to the network, think, and then send the relevant information into the system, naturally deselecting the clutter before it created unnecessary churn. A key implication here is the multi-organizational nature of this type of network; our team included partners from the entirety of the interagency. CYBERCOM should become the central node in a multi-organizational network driven by inclusion and transparency.

And finally, with the norms above established, those closest to the problem were both empowered and indeed expected to take independent actions quickly and accurately. Inviting everyone to the conversation on an operating rhythm that moved as fast or faster than AQI took away the excuse-matrix that normally paralyzes bureaucracies. When the enemy network morphed, those closest to the problem were expected to react in near-real time, leveraging existing networks (or creating new ones) of people, information, and assets to defeat problems as they arose. CYBERCOM must structure itself such that those closest to the ever-changing problem are empowered and expected to take immediate and precise actions.

USCYBERCOM is tasked with combating the ultimate network problem. Speed and synchronization on a global scale will be critical. If our answers come from within the norms of established organizational optics, the solution will lag the problem. Only by accepting the new realities of the information age, and learning from our experiences to date in combating distributed networks, will CYBERCOM set itself up for success against what could very well be the challenge that defines the next generation of warfare.

Chris Fussell served in the Navy SEAL Teams from 1998-2012. He is a partner at McChrystal Group, a Senior Fellow for National Security at New America, and a co-author with GEN (ret) Stan McChrystal of the forthcoming book “Team of Teams: New Rules of Engagement for a Complex World.”

Center for a New American Security 

Thomas E. Ricks covered the U.S. military from 1991 to 2008 for the Wall Street Journal and then the Washington Post. He can be reached at Twitter: @tomricks1

More from Foreign Policy

Russian President Vladimir Putin and Chinese President Xi Jinping give a toast during a reception following their talks at the Kremlin in Moscow on March 21.
Russian President Vladimir Putin and Chinese President Xi Jinping give a toast during a reception following their talks at the Kremlin in Moscow on March 21.

Can Russia Get Used to Being China’s Little Brother?

The power dynamic between Beijing and Moscow has switched dramatically.

Xi and Putin shake hands while carrying red folders.
Xi and Putin shake hands while carrying red folders.

Xi and Putin Have the Most Consequential Undeclared Alliance in the World

It’s become more important than Washington’s official alliances today.

Russian President Vladimir Putin greets Kazakh President Kassym-Jomart Tokayev.
Russian President Vladimir Putin greets Kazakh President Kassym-Jomart Tokayev.

It’s a New Great Game. Again.

Across Central Asia, Russia’s brand is tainted by Ukraine, China’s got challenges, and Washington senses another opening.

Kurdish military officers take part in a graduation ceremony in Erbil, the capital of Iraq’s Kurdistan Region, on Jan. 15.
Kurdish military officers take part in a graduation ceremony in Erbil, the capital of Iraq’s Kurdistan Region, on Jan. 15.

Iraqi Kurdistan’s House of Cards Is Collapsing

The region once seemed a bright spot in the disorder unleashed by U.S. regime change. Today, things look bleak.