The goal is to ‘inject’ complexity into adversary’s computers and networks in a surgical manner, damaging or debilitating systems such as PLC, DCS, SCADA, in particular the hubs of those systems, which can quickly propagate on a large-scale the effects of an attack. The goal is to increase network/process complexity to levels in the vicinity of critical complexity, so as to induce fragility, vulnerability and cascading failures. In essence, we’re looking at a targeted alteration of specific sensitive network functions.
Inducing critical complexity levels in strategic networks can offer an effective preemptive measure which can soften the enemy’s critical infrastructures/networks prior to a more conventional attack (cyber or not).
Complexity-based aggression, when implemented on a large-scale level (i.e. when targeted at large networks or interconnected systems of networks) can offer a ‘subtle’ low-intensity and low-visibility intervention in virtue of its highly distributed nature. In other words, instead of a highly concentrated attack, a more diluted action may result potentially difficult to trace and counter and, at the same time, lead to devastating systemic consequences.
Our Quantitative Complexity Theory has verified the above statements on an empirical and numerical basis (science, not opinions, has always been our motto).
When it comes to complex systems – by the way, before you say something really is complex you should actually measure its complexity – failure isn’t always something obvious and may even be difficult to design. In fact, there are many ways, modes, in which such systems can fail (or be made to fail). In reality, failure is a combination (superposition) of various failure modes. Some of these modes can be quite likely, some can require high energy expenditure in order to trigger them, some can be triggered with little effort but may require an unlikely set of circumstances.
This means that it may be possible to provoke the collapse of large networks/systems by identifying first what their failure modes are and, in each mode to pinpoint the key variables (nodes) that can cause a cascading failure. Once these nodes have been identified, that’s where the attack should be concentrated. The way this is accomplished is not intuitive. It is not sufficient to ‘invert’ the conventional QCM-based process of system ‘robustification’ in order to arrive at the complexity-as-a-weapon logic which induces systemic fragility. What is certainly needed, though, is plenty of supercomputer fire power.
Who would be the target of a large-scale systemic ‘complexity attack’? Rogue states that are threatening global peace and support terrorism.
Author of nine books on uncertainty and Complexity Management, Jacek has developed in 2003 the Quantitative Complexity Theory (QCT), a new complexity-based theory of risk and rating. In 2005 he founded Ontonix, a company delivering complexity-based early-warning solutions with particular emphasis on systemic aspects and turbulent economic regimes. Read more publications by Jacek