Nonattributional Warfare

View Latest Activity

Home Forums Information & Intelligence Nonattributional Warfare

  • This topic has 13 replies, 5 voices, and was last updated 6 years, 1 month ago by Max. This post has been viewed 65 times
Viewing 13 reply threads
  • Author
    Posts
    • #77054
      Corvette
      Participant

        I wanted to get the warfighters’ thoughts on the concept of nonattributional warfare.

        (http://guerrillamerica.com/2014/05/nonattributional-warfare/)

        I just read an interesting article entitled, “Epic Landpower Fail,” in which the author, a US Army Major and strategy professor at West Point, makes the point that today all landpower is attributional. What he means is that landpowers – armies – can be attributed to a specific country. You can’t just mass a force in a foreign country without the entire world knowing to whom it belongs. As we saw recently with Russians in Ukraine, even putting a small contingent of troops in a country is going to draw attention. They may look different, act differently, or exhibit all those ‘C’ factors (Contrasts) that good analysts look for when identifying threat characteristics. Those threat characteristics, or signatures, are going to lead analysts to believe that those men were/are Spetnaz or FSB.

        But the opposite – what we might call “nonattributional warfare” – is the fight against an enemy who’s intent is to remain hidden or anonymous. This thought reminded of me being in Iraq and Afghanistan and trying to decipher which group, cell or leader perpetrated specific attacks. There were what we call ‘indicators’, which are Signatures.

        A made up example: Mullah Ahmad liked to use pressure plates for his IED triggers. Therefore, within his known or suspected area of operations (AO), we could attribute all those pressure plate IED attacks to his specific IED cell. This is what we call TECHINT, or Technical Intelligence. The same could be said for sniper events, or mortar and rocket attacks, or murder and intimidation campaigns against the populace. I remember being at a small FOB and getting hit with rockets that landed inside our base. It seemed like we always had incoming during one of two times: right during dinner or in the early, early morning. Pretty much the times when you were tired and just wanted to be left alone. But we pretty much knew who was doing it. Even with our limited organic intelligence assets, that was the easy part; finding those rockets while they were being set up and/or before they were launched was more difficult. And finding and killing the leader and his cell members proved even more difficult.

        And then there were these new attacks, or a new tactic, technique and procedure (TTP) we hadn’t seen before. It might be a variation of an old TTP, or it might have been a completely new TTP. Either way, part of our task was to identify who was responsible and then start up the targeting process. What indicators were there about this anonymous insurgent? Did he leave any clues? Is he accidentally telegraphing critical information? (For instance, if his rocket attacks became significantly more accurate, then he likely has a spotter observing the impacts on our base — is his spotter already on our base? That’s an imminently critical threat for counterintelligence.) Is he a new player that recently came into our unit’s AO? Did we kill the old cell leader and just haven’t heard about it, and is this the work of the new leader? These are pretty standard questions that analysts ask themselves during an up-close and personal counterinsurgency. But this is the nature of fighting an anonymous enemy. Had Facebook and social media been as popular in Iraq and Afghanistan as it is in America today, the fighting in these wars could have been over within a matter of a few years (that’s my own personal opinion). America has really given up the ghost on the privacy front, and that’s even before we get into NSA programs. (As a student told me during the NC PATCON, “If you aren’t paying for the product, then you are the product,” in regards to Google, Yahoo, Facebook, etc. Wise words.)

        Fighting an enemy whose attacks go unattributed by design gives him an advantage. By going low tech and avoiding the strengths of the US Intelligence Community (IC), namely Signals Intelligence (SIGINT), the adversary removes that significant advantage. The guerrilla adversary’s Battlefield Operating Systems (BOS) – Maneuver, Fire Support, Mobility/Countermobility/Survivability, and Combat Service Support (re: Auxiliary) can largely operate without scrutiny of active surveillance because they’re hidden in plain sight, use strict Operations Security (OPSEC) and Communications Security (COMSEC), and play against the weaknesses of their larger and technologically superior adversary. Every strength is also a weakness. The US IC over relies on SIGINT; therefore when the targets stop communicating electronically, that SIGINT well dries up. The Army is really big and powerful, but it’s slow to move large forces that aren’t specifically designed for rapid deployment, and for every tooth deployed, there has to be several tails all working to keep that tooth in the fight.

        In addition to remaining ‘off the radar’ so to speak, nonattributional warfare gives even skilled analysts fits. In short, if one or two or three different guerrilla cells all operate within the same relative AO, and whose identities and organization are unknown to the regime intelligence element, the regime analyst can plot the attacks on the situational template, generate beaucoup intelligence requirements, and task all available collection assets until he’s blue in the face; however, what he’s not going to do is tell the difference between attacks from Cell A and attacks from Cell B or Cell C. Being able to identify specific cells and tell their differences is a pretty critical task for the All-Source analyst.

        Now, that analyst going to look for all the SPACE characteristics (it’s what I would do, at least) – Signature, Profile, Association, Contrast, and Exposure – to draw conclusions about the perceived differences in TTPs. He’s going to use battlefield biometrics to identify Signatures (fingerprints off expended brass in this case), develop those Signatures into a Profile (Cell A/B/C), form Associations between the attacks (time, location, target, TTPs), and identify Contrasts in between those Associations until he can build a cumulative Profile for each cell. But the fewer clues these guerrilla cells leave behind, the less likely it becomes that he’s going to form an accurate conclusion. Poor guy; he can only work with what he has. But the less he has, the better off those guerrilla cells become (which is why security is so important to understand at a practical and academic level).

        So a few days ago we talked about the guerrilla’s need for hearts and minds, for developing a human terrain that provides cover and concealment. Nonattributional warfare — warfighters who we can’t identify or necessarily associate to a specific cell, team or cause — should be a corollary to the tenets of guerrilla warfare. Guerrillas can’t remain anonymous as long as their villages and communities are outing their identities. An identity, even a pseudonym, is the loose end of a ball of yarn that a good analyst will pull. Sorting identities helps to build these cell profiles and identify their structure. Even knowing that each cell is comprised of three to five guerrillas is important to learn. It may take a while – it may take longer than the analyst has – but he’ll get the whole ball unraveled eventually, all the while pushing out targeting packages on the highest payoff targets. (If you’re a cell facilitator, it’s not going to end very nice for you.)

        So if anything is ever truer, it’s that once you’ve been identified, you can’t un-identify yourself. Once you been associated, you can’t be un-associated. When catastrophe can start with an identity, it’s always best to stay anonymous. The guerrilla’s goal is to fall through the cracks. That’s where he survives.

      • #77055
        Max
        Keymaster

          It’s well known that the “attack the network” approach to CIED was far more successful than the reactive approach of focusing on countering the device. The use of forensic techniques and other LE-type tools to unravel the clues that allowed CF to roll up the networks should be a cautionary tale for any would-be guerrillas. It’s noteworthy that this approach was far more effective in Iraq than it has been in Afghanistan.

          I think the cat’s out of the bag as far as anonymity goes at this stage of the game. If you draw enough attention to yourself, you can be found. However, I believe two mitigating factors are at play here: the vast pool of potential targets creating information overload and the fact that the government and military are so thoroughly infiltrated at all levels by “sympathizers” that OPSEC would be nearly impossible to maintain unless there was a thorough purging and vetting of key personnel and organizations along with insertion at all levels of “political officers” to monitor and ensure reliability and loyalty to the regime. Such a development would be a colossal red flag for anyone who is paying even the slightest bit of attention.

        • #77056
          Joe (G.W.N.S.)
          Moderator

            Cool stuff! I was reading some of your work last night and saw this in the upcoming article section.

            Well like you said, the importance of anonymity for insurgent operations can’t be stressed enough, but how to maintain it?

            I believe it starts with having a variety of TTP’s for each type of attack. Obviously we aren’t talking about our SUT TTP’s, that would be a nightmare in both training and execution. No what I am talking about is sabotage, IED’s, indirect fire, sniping, etc… by varying methods and negating biometrics (or leaving specific ones for misdirection or ambush). Plotting out specific methods to lead OPFOR where we want them to be lead. This can be the difference between limited success and victory.

            The random TTP selection for different tasks and/or the creation of fake cell signatures for misdirection needs major focus and effort. As underdogs the insurgent needs to play the strengths and arrogance of the OPFOR against itself.

            Initial thoughts, will address more later.

          • #77057
            Corvette
            Participant

              I should add an additional clarification: nonattributional warfare isn’t as much about remaining anonymous as it is having your operations remain anonymous; i.e, either not having them attributed to you or having them attributed to a non-existent adversary of your own creation. We might also simplify, and just call it clandestine or covert warfare.

            • #77058
              Joe (G.W.N.S.)
              Moderator

                The distinction between covert and clandestine has been blurred in recent years.

                Years ago the basic difference was covert action prevented identification of party conducting such action until mission was accomplished or discontinued.

                While clandestine operations focus was preventing the discovery who conducted said operation, basically forever or least until decided by originating party.

                Edited:see Samuel Culper definition below.

              • #77059
                Max
                Keymaster

                  I should add an additional clarification: nonattributional warfare isn’t as much about remaining anonymous as it is having your operations remain anonymous; i.e, either not having them attributed to you or having them attributed to a non-existent adversary of your own creation. We might also simplify, and just call it clandestine or covert warfare.

                  Important clarification and one that suggests many possibilities, especially for a clandestine underground.

                • #77060
                  Corvette
                  Participant

                    I’ll provide the distinction we use for others’ clarity.

                    Covert: I think plausible deniability first. The existence of the organization (or their sponsor) is more important to protect than the existence of the operation. Typically, these CIA SAD, DEVGRU or SFOD-D ops are not publicized or acknowledged (except through White House leaks). Bad things happen to bad people, but no one knows who’s responsible. Dudes just turn up dead or missing, and that’s the end of it.

                    Clandestine: focuses on the secrecy of the action instead of the actors. The way in which it’s used today, clandestine action is hidden or concealed, and no one is ever supposed to know that anything happened in the first place.

                    My two cents on the difference, however, those are the official ‘definitions’.

                  • #77061
                    Joe (G.W.N.S.)
                    Moderator

                      Thanks, terms like covert and clandestine were not part of popular use. Now they are thrown around and misused.

                      I am also somewhat rusty. :yes:

                    • #77062
                      Ronald Beal
                      Participant

                        The way I learned:
                        Overt: No attempt to hide or disguise the operation
                        Covert: The operation happens under the “cover” of something else. Example: a spy posing as a salesman, to get into an area.
                        Clandestine: an operation that is executed without the target even knowing it happened.
                        Example: a spy sneaking in undetected, getting what they need, and leaving, all while never being detected.

                        RB

                      • #77063
                        Ronald Beal
                        Participant

                          Found a link t a more thorough definition:

                          http://weaponsman.com/?p=13344

                        • #77064
                          Pericles
                          Participant

                            The main reason to try to hide the identity of the attacker in the UW context is to mask the vulnerabilities of the attacker in terms of lack of military power or the need to hide identity because of the lack of a support network – i. e. “lone wolf”.

                            Keep in mind that G warfare is in reality area denial – you are not strong enough to control and defend an area, you are limited to trying to make your opponent get tired and quit. In the context of Afghanistan / Iraq, the US has no long term strategic goal there, so as soon as the political will erodes, forces leave.

                            Closer to home, the opponent has nowhere to go. Like China in the 1930s to 1940s, or Greece in the 1940s, the partizan groups will fight each other for control as much as they fight an invader. Such actions turn conventional warfare aming themselves rather quickly.

                          • #77065
                            Joe (G.W.N.S.)
                            Moderator

                              The main reason to try to hide the identity of the attacker in the UW context is to mask the vulnerabilities of the attacker in terms of lack of military power or the need to hide identity because of the lack of a support network – i. e. “lone wolf”.

                              The vulnerabilities such as lack of military power is a given for the insurgent, they have no reason to hide them.

                              In fact the opposite is true!

                              Hiding increased capability is a legitimate desire for self-preservation. This is far more pertinent to our discussion, as the reason to not be correlated to particular actions is about not getting increased notice and active specific targeting by OPFOR.

                              Example: Area 123 has five suspected insurgent groups. OPFOR has only so much manpower and must spread the wealth to hunt them all. Insurgent group A is the most effective. Obviously A doesn’t want OPFOR to know this in order to avoid the full focus of OPFOR.

                              In fact there are only three insurgent groups, A has created two artificial groups B and C by varying tactics, THECHINT, and forensics left behind. This increases difficulty of OPFOR to isolate A.

                              Group D works close to the area of E, E’s leader is much more concerned about power and spreading his influence. E has attacked D on several occasions as it sees D as a threat to its power. D has developed good relations with A.

                              A teaches D to create a new group F using same methods A has used.

                              In addition D starts to mimic E, to increase OPFOR notice of E. D also uses a series of Cut-outs to deliver information on E to OPFOR.

                              The end result, OPFOR eliminates E who was a threat to A and D.

                              Keep in mind that G warfare is in reality area denial – you are not strong enough to control and defend an area, you are limited to trying to make your opponent get tired and quit. In the context of Afghanistan / Iraq, the US has no long term strategic goal there, so as soon as the political will erodes, forces leave.

                              Closer to home, the opponent has nowhere to go. Like China in the 1930s to 1940s, or Greece in the 1940s, the partizan groups will fight each other for control as much as they fight an invader.

                              I think you are looking at this from the wrong perspective, however continuing this here can only disrupt the point of original post in my opinion.

                            • #77066
                              Max
                              Keymaster

                                This might be slightly off topic, but the citizen who fights in their backyard would be wise to keep a low operational fingerprint, literally and metaphorically. Let’s be honest, most of us have our fingerprints stored somewhere, whether through youthful criminality or military or LEO service. While an “ironclad” vetting process can keep out infiltrators, your one latent fingerprint away from being run through the system and green lighted. I’ve noticed it’s the little things that vary, and that draw attention. You twist your tape a certain way on your demo charge, fold your wires over or source them from a specific vendor, all of these things build a profile on you..there is more than one Abdullah across the pond who has an entire short story written by us about his TTPs, but no face or name to go with his work…citizens in the backyard don’t have that luxury. Just my random thoughts

                                I should add an additional clarification: nonattributional warfare isn’t as much about remaining anonymous as it is having your operations remain anonymous; i.e, either not having them attributed to you or having them attributed to a non-existent adversary of your own creation. We might also simplify, and just call it clandestine or covert warfare.

                              • #77067
                                Max
                                Keymaster

                                  I don’t disagree with your definition Sam, but I think personal and operational discipline go hand in hand. I think we’re probably all saying that in one way or another.

                                  Nonattributional warfare is about anonymous operations, but destroying operational anonymity can be accomplished through one of 2 major ways – either Opfor finding accurate but anonymous intel, or by Opfor identifying a person that has been sloppy with personal anonymity and is eventually linked to operations. So, to tie up one of the loose ends of operational anonymity, we need to constantly practice personal anonymity.

                                  Remember Lizard Farmer’s “How They Hunt”.
                                  How They Hunt

                              Viewing 13 reply threads
                              • You must be logged in to reply to this topic.