return to ICG Spaces home    ICG Risk Blog    discussions    newsletters    login    

The defender's dilemma: common threads in exploiting commercial supply networks


We devote substantial research to asymmetrical warfare exploits involving COTS (commercial off the shelf) openly available dual-use equipment and processes. As noted in COTS electromagnetic weapons from simple dual-use items, tools and weapons derived from such sources are perfect tools "for the asymmetrical warrior, and devastating to US commercial and military installations."

It is a truism in every COTS weapon system production capacity that we investigate that investigating authorities place self-imposed blinders upon themselves, too often assuming that their opponent is a mirror image state opponent, such as Russia, or state-sponsored opponent, such as Libya, and thus compelled to access the same production base, employ state-of-the-art production processes, assume a continuous production level when manufacturing is involved, observe common industrial manufacturing and recovery processes, and expect similar military delivery means.

Just as military forces habitually look for mirror image adversaries instead of an asymmetrical opponent exploiting a key weakness that you have overlooked, so does the FBI too often look first to new, retail commercial purchase instead of looking for "good enough" components from the used, resale, internet, closure, overstock, bankruptcy, or theft sources. The perp's goal is path of least resistance and not path of greatest production.

In almost every case we find the extraordinary ease with which perps can domestically produce under the radar, "one-time, good enough" amounts of a spectrums of weapons products by harvesting the dual-use industrial base of the US, Canada, UK, continental Europe, and Japan, for example. In each case there is no need to import or smuggle something through a nation's customs, or at least in an amount that responds readily to traditional inspection techniques. (Radioisotopic products are a rare exception due to the ability to detect inherent radiation.)

The problem is that the commercial production environment, in this case the "defender," is supremely exploitable as commercial supply chains are designed around economic efficiency and manufacturing efficiency rather than exploitation security. The asymmetrical terrorist view upends a supply chain by evaluating it from the tenets of achieving the desired outcome at acceptable risk (which could include member suicide). Products and processes are combined in ways that exploit a limited lifetime, "good enough" purity or production volumes, and easily absorb less-efficient means of production.

Cost and risk rise to the commercial defender as they try to backfill security needs atop a commercial structure. In this situation, it tracks with the difficulty in countering IP theft and diversion unless the process is built in from the onset. In all such environments, it is too easy to ask how often as opposed to if or when?

It is this capability that distresses me when I review the arrest of what appears to be an operational al Qaeda cell in the UK. It does not bother me that no substantive weapons or weapons-making materials were found in the immediate raids. What disturbs me was that "two of the British suspects... were found in possession of surveillance information on the same five American financial centers" that were discovered in Pakistan with the arrest of Muhammad Naeem Noor Khan.

I take a more threaten view of the info discovery as (a) I believe that the means of indigenous off scope weapons production to be relatively easy and getting easier, and (b) active effective surveillance is key to the setup for the attack team to carry out the assault. (DHS blundered with their media announcement by not describing the very lengthy and meticulous planning and surveillance done by al Qaeda and that the data showed both tradecraft and specific target monitoring. The age of the data was secondary.)

If I discount the production threshold of the device itself, I only need to see an operational cell capable of surveilling and basic production in order to constitute a serious threat.

We need to focus on effective, rather than expensive, solutions for early stage detection as the National Association for Business Economics (NABE) now ranks terrorism over weak job growth as the greatest perceived threat to the US economy. This drag supports our adversaries and nation-state competitors alike, incrementally weakening our economy and aiding the aims of terrorists without having to execute an actual attack.

British Charge 8 Tied to Terror Plot With Murder Conspiracy
New York Times
August 17, 2004

New Cooperation and New Tensions in Terrorist Hunt
New York Times
August 17, 2004

Gordon Housworth

InfoT Public  Infrastructure Defense Public  Intellectual Property Theft Public  Terrorism Public  
In order to post a message, you must be logged in
message date / author

There are no comments available.

In order to post a message, you must be logged in