Origins of the Kill Web
BlogSeptember 29, 2020
Ray Alderman
VITA Standards Organization
WARFARE EVOLUTION BLOG: DARPA (Defense Advanced Research Projects Agency) officials announced the concept of the Kill Web at the C4ISRNET Conference in May 2018. Throughout the history of war, many elements of the Kill Web were being developed independently, but the dots were not connected until Admiral William Owens wrote a paper about a “system of systems”. He proposed integrating command-and-control, the intelligence from the sensors, and the weapons together in the mid 1990s. He also coined the acronym ISR (for intelligence, surveillance, and reconnaissance).
In 1998, Vice Admiral Arthur K. Cebrowski took the next step and wrote a paper that explained how to link those systems together. He invented the term “network centric warfare.” Someone else coined the term “network of networks” after that. So, let’s go through the processes that initiated the idea for the Kill Web, from the perspective of my experiences in SIGINT (signals intelligence) in the ASA (Army Security Agency). ASA was the military arm of the NSA (National Security Agency). If the job was dirty, dull, complex, far away, and dangerous, NSA deployed the ASA units instead of their civilian assets. Read “Unlikely Warriors” by Long and Blackburn to understand our missions.
The simplest way to explain the evolution of the Kill Web concept is with a model. And the best model I have found is derivatives in calculus. That raises an interesting question: is the use of the derivatives model here a metaphor, an analogy, or a simile? I feel safe in saying it’s an analogy, since very few English majors read my articles on warfare. We won’t be doing any calculations here. We’ll be taking a small sample of the analogous concepts in calculus, diluting them with allegory, and mix them with a smidgen of poetic license. I am fully aware that combining calculus concepts and English concepts in this essay is hazardous, but the results should not be toxic to English majors, physicists, or mathematicians. I will be using derivatives here strictly as a tool, to show the hierarchy of methods used for extracting information from a target.
If (x) is the ability of a transmitter to send electromagnetic signals, then the function f(x), will give us the position of the enemy transmitter. The first derivative of position is velocity. The second derivative is acceleration. As a sidebar for the math-inclined, the mathematicians and physicists have come-up with 12 derivatives of position. Here they are: 1-velocity, 2-acceleration, 3-jerk, 4-snap, 5-crackle, 6-pop, 7-lock, 8-drop, 9-Larry, 10-Moe, 11-Curley, and 12-yet to be named.
Now, let’s apply derivatives to show how SIGINT progressed over time. We have defined f(x) as the ability to physically locate an enemy transmitter by anyone who can receive the signal, so who did it?. In 1915, Captain H. J. Round, a British intelligence officer and engineer, devised the method of radio direction finding (RDF). Multiple radio receivers in different locations can detect an enemy signal and the direction of its origin with azimuths. Where those multiple azimuths cross on a map is where that transmitter is located (triangulation). RDF was used to track German submarines in the North Sea during WWI and the German U-boat packs in WWII by the allies. That was the beginning of SIGINT.
Now that we know the position of the target, we can measure the velocity with the first derivative. If we plot the position of that enemy transmitter over time (seconds, minutes, hours, days, weeks), we will know its speed and direction. As we track that target, the second derivative will tell us the acceleration of that transmitter, whether it is speeding up or slowing down.
While the first two derivatives of position in SIGINT match the math in calculus and physics nicely, the next levels don’t. Just look at these higher level derivatives conceptually, not mathematically. The point here is that when we look at the raw SIGINT data differently, we gain more insight about the target. With that qualification, the third SIGINT derivative would be RFP (radio fingerprinting): we can identify each transmitter from its unique waveform characteristics, and relate that transmitter to a specific enemy unit (infantry, artillery, tanks, ships, aircraft, etc).
The fourth derivative is TA (traffic analysis), the moving average of the number of messages that an enemy unit sends and receives per time period, and any deviations from that average. That will inform us about any preliminary attack planning between enemy units. The fifth derivative is the ability to discover the enemy’s command-and-control structure. The unit that sends and receives the most messages is the enemy commander and the others are subordinates. After 9/11, Valdis Krebs (a social and organizational network analyst) expanded traffic analysis to include social network analytics, to discover terrorist cells and their leaders through their postings on websites.
Today, we locate and copy every cellphone call in Iraq and Afghanistan. We extract the phone number and IMSI number (International Mobile Subscriber Number) from the SIM card with systems like Triggerfish, Stingray, and IMSI-catcher. From an analysis of the conversations, we can discern the members of a terrorist cell and its leader. This program was called "Real Time Regional Gateway,” initiated in the 1990s by DIRNSA (Director-NSA) General Keith Alexander. Additionally, this derivative is an integration of radio fingerprinting and traffic analysis. Integration is another analogous calculus concept that we could use here, but I’m already pushing my luck with derivatives.
The sixth derivative is cryptanalysis: copying the encrypted messages sent by the enemy transmitters, looking at the recurring format of those messages (the externals), and decrypting them into plain text (the internals). This intelligence collection method began when the ancient Egyptians started using hieroglyphics around 3100 BC.
We could use the derivative model to understand the advances in radar too. One frequency will tell us the position of an enemy aircraft. By manipulating frequencies, waveforms, pulse widths, and power levels, we are simply uncovering the higher-level derivatives of the aircraft’s position. That way, we can discover speed, direction, altitude, the location of the airfield or carrier at sea where the aircraft took-off, aircraft type (fighter plane, bomber, transport, drone, missile, helicopter), the number and types of weapons on hard points under its wings, fuel load, etc. IR (infrared) sensors provide additional ways to look at enemy aircraft, tanks, ships, and ground forces. This was the beginning of MASINT (measurement and signature intelligence). You get the idea here: the more derivatives of position we uncover, the more we know about the enemy's signals, aircraft, ships, missiles, troops, and tanks.
Now, let’s look at other intelligence collection disciplines. Technology gave our military the ability to intercept, analyze, and possibly manipulate the telemetry data being transmitted by enemy missiles and weapon systems. That was the beginning of TELINT (telemetry intelligence), which is now called FISINT (foreign instrumentation signals intelligence) . All through history, military forces have been extracting information from spies and captured enemy soldiers. This is called HUMINT (human intelligence). In the 20th century wars, intelligence analysts were reading enemy newspapers, listening to their public radio broadcasts, and watching their television programs. The information extracted from this activity is called OSINT (open source intelligence).
Pilots in airplanes, holding film cameras, took pictures of enemy positions and weapons on the battlefield during WWI and WWII. This was the beginning of IMINT (imaging intelligence). This collection discipline has advanced with the use of spy planes (U-2, SR-71), drones (Predator, Reaper, Global Hawk, RQ-170), and satellites using electro-optical cameras. GEOINT (geospatial intelligence) is the collection of information on topography, mountains, rivers, lakes, swamps, hills, valleys, roads, and bridges on or near the battlefield. This information goes into terrain analysis by field commanders. If you need to move a 70-ton tank across a bridge, it’s important to know if that bridge will support it. And you don’t want a heavy tank to get stuck in a boggy swamp on the way to the battlefield.
Then, there’s TECHINT (technical intelligence). That is information about the enemy’s weapons and the equipment he will use in the fight. CYBINT/DNINT (cyber intelligence/data network intelligence) is the collection of information about the hardware and software our enemies use in their computers. MEDINT is the collection of information about the health, nutrition, and common diseases of the enemy’s soldiers. A subset here might be AGINT (agricultural intelligence), monitoring the crop yields of enemy countries to see if they can feed their people. Both are perfect analysis segments for North Korea.
FININT (financial intelligence) is the collection of data about the financial condition of the enemy, and his ability to buy weapons, ammunition, food, and fuel for his army to continue the war. A subset might be INDINT (industrial intelligence), the collection of data on the enemy’s industrial capability to build weapons, vehicles, aircraft, and ships. Watch for another segment to show-up soon: ENVIRINT: the collection of data about the negative effects of global warming on enemy countries.
In 1940, Gen. Heinz Guderian put 2-way radios in the German tanks and invaded France with the Blitzkreig (Lightning War) during WWII. This is the first example of electronically-coordinated maneuver with tanks (3rd generation warfare) and the beginning of TNC (tactical network communications). Sometime during WWII, the U.S. Army Air Corp used special radio receivers on their aircraft, to intercept German radar signals, fix them, and bomb their locations. This was the beginning of ELINT (electronic intelligence). Somewhere on this list is WEATHINT (weather intelligence). That’s the analysis of historical weather patterns in the potential war zone during different seasons. Napoleon and Hitler discovered how important that information was after they invaded Russia.
In 1904, Japan and Russia went to war (the Russo-Japan War). At the battles of Port Arthur and Tsushima, the Japanese ships jammed the radio frequencies the Russians were using to coordinate their attack, and Japan defeated them. This was the beginning of EW (electronic warfare). In the summer of 2010, the Stuxnet Virus invaded the computers controlling the centrifuges making enriched uranium at the Natanz Nuclear Facility in Iran. It destroyed over 1,000 of those centrifuges by manipulating their operating parameters. This was the beginning of CW (cyber warfare).
In the 1950s AF Col. John Boyd, a fighter pilot, conceived the OODA loop (observe, orient, decide, and act). He introduced the manipulation of space and time into the warfare model. Basically, he says that if an American fighter pilot goes through his OODA loop faster than the enemy pilot goes through his OODA loop, the American will win the fight even if the enemy has better aircraft and weapons. When you expand Boyd’s theory, you get the 5F Kill Web tactical model: find (identify), fix (track), fire, finish, and feedback. I recommend that you read Robert Coram’s book, “Boyd.”
Craig Lawrence of DARPA was the man who announced the strategic hypothesis of the Kill Web in 2018, but he couldn’t expose the details at the time. Today, we know more about how it will work. We will connect SIGINT, ELINT, MASINT, FISINT, HUMINT, OSINT, IMINT, GEOINT, TECHINT, CYBINT/DNINT, MEDINT, AGINT, FININT, INDINT, WEATHINT, ENVIRINT, command-and-control, and the weapons systems together on a battlefield network, an enlargement of what Admiral Owens and Vice Admiral Cebrowski had proposed. That is becoming a reality with the integration of the Air Force ABMS (Advanced Battle Management System), Project Maven (artificial intelligence), DARPA’s TRACE program (Target Recognition and Adaptation in Contested Environments), DARPA’s CODE program (Collaborative Operations in Denied Environments), the Air Force JADC2 program (Joint All Domain Command and Control), the Army IBMS project (Integrated Battle Management System), and the Navy CEC program (Cooperative Engagement Capability). We’ll get into that in the next article.
The Kill Web is coming together a little at a time, as the new computing technologies and software elements are tested and integrated. In early 2018, the Patriot short-range missile defense radar system and the THAAD (Terminal High Altitude Area Defense) radar system shared their tracking data and electronically negotiated which one should take the shot based on the range, speed, altitude, and direction of an incoming cruise missile target drone. Lots of derivatives were being calculated in those radar systems.
The shortest execution time of the 5F tactical Kill Web model in the 2003 Iraq war was about 45 minutes. After intelligence information made it through the system, weapons were fired at the al-Saath restaurant in Bagdad, where Saddam Hussein was reported to be having dinner (he wasn’t there when the weapons hit). In June 2006, it took 600 hours of Predator IMINT time and 10 minutes of F-16 time to eliminate the al Qaeda leader in Iraq, al-Zarqawi, in a safe house in Habhib. For the first time, tactical operations met AF General John Jumper’s goal: to destroy any identified enemy target inside the Kill Web in 10 minutes or less. If you want to dig deeper into this topic, I suggest you read “The Kill Chain” by Andrew Cockburn and “Army of None” by Paul Scharre.
There are hundreds of people who have contributed to the Kill Web concept, by figuring-out the next-level derivatives, but they are not documented in the books and articles I have studied. Analysts will continue to find new ways to enhance and integrate the 17 different intelligence collection disciplines. However, the bigger issue is….how do we process the massive amount of data that will be generated inside the Kill Web? The answer is cloud computing and supercomputers, and that’s the topic for our next adventure. In the meantime, brush-up your knowledge of integral calculus.
