Adam Joinson & Brittany Davidson outline why we should study networks, and how doing so can provide insights for security practitioners.
What are networks? Human organisation has always involved a structure of some form or other. In the workplace we have hierarchies and processes that formalise both responsibilities and the process of work. Who we report to, and our own line management responsibilities, are usually explicitly recorded, but not who we spend lunch time with, bounce ideas off, dislike, or collaborate on a project with. Across an entire organisation, often it is the hidden actions and interactions that lead to the successful completion of a task, and generate value.
The point of studying networks (in particular, but not just, social networks) is to reveal not only the hidden structure of these interactions, but how that structure influences everything from competitive advantage, resilience to outside interference, the spread of ideas and illnesses, and how ideas and practises move across a population.
While many security practitioners will be well versed in link analysis (LI), network analysis provides ways to study the structure of a network mathematically, and from that to identify novel insights into its likely resilience, hidden elements or how quickly information will spread across it.
The foundation of network science can be traced to mathematician Euler’s “The Solution of a Problem Relating to the Geometry of Position” in 1736, also known as the Seven Bridges of Königsberg (see main image). The crux of the problem was to find a walking route around the town where you cross each bridge only once – something that Euler identified as impossible.
But, what actually is a network?
A network is anything with two or more entities that are connected in some way or other. Typically, the entities are called ‘nodes’, and the connections ‘edges’. In social network analysis, nodes are people, and edges ties between them (which can be kinship, communications or any other connection).
These edges can have weights, which can be used to represent strength of relationships or amount of information flow. More widely, network science has been used to investigate the relationship between a large range of objects, including organisational and state-level alliances, biological eco-systems and the spread of pandemics in a population.
We can understand and describe atoms and atomic structure in terms of their network, as well as understanding how this network structure may change (e.g., when a substance changes from a solid to a liquid state).
There are also social networks (online and offline), biological and ecological networks (e.g., fungal networks), and more recently, we have technological, informational (e.g., internet, world wide web) and infrastructural networks (e.g., railway systems, power grids).
Implications for security practitioners
Understanding networks provides critical insights for security practitioners. For instance, al-Qaeda (AQ) has always been seen as adopting a networked organisation, with the leadership acting primarily as a focus for the dissemination of communications rather than providing a direct command and control function.
This has made AQ highly resilient to outside interference, even when leadership members are disrupted. Meanwhile, Islamic State (IS) has tended to adopt a more traditional hierarchical command structure that reflected its territorial and governance ambitions.
Understanding how groups are structured not only provides intelligence on possible connections, but also provides an insight as to the likely resilience of a group in the face of disruption. For instance, a difficult to detect cell might have members with weak connections to each other, with perhaps a single member acting as the ‘bridge’ to other groups. Suicide bombers and others most likely to be identified or caught tend to be kept on the periphery of terrorist groups.
Networks can also be used to identify ‘unknown unknowns’. For instance, network science can help identify where hidden nodes or connections are likely to be based on the functioning of the network. It can also be used to help predict the likely impact of removal of a specific node (e.g., by arresting a particular individual).
This article appeared in Issue 5 of CREST Security Review. You can read or download the original article here.
As part of CREST’s commitment to open access research this article is available under a Creative Commons BY-NC-SA 4.0 licence. For more details on how you can use our content see here.