a methodology for analyzing complex military command & control (c2) networks

25
A Methodology for Analyzing Complex Military Command & Control (C2) Networks For 10th ICCRTS, Track 4 (Assessment, Tools, and Metrics) Tysons Corner, Virginia June 14 th , 2005 By: David A. Jarvis Originally prepared under contract for Navy Warfare Development Command (NWDC) ©2005 Alidade Incorporated. All Rights Reserved

Upload: david-jarvis

Post on 16-May-2015

561 views

Category:

Technology


3 download

DESCRIPTION

The results from a “discovery analysis” of military social networks used during a US/UK naval exercise. Presented to the 10th ICCRTS conference.

TRANSCRIPT

Page 1: A Methodology for Analyzing Complex Military Command & Control (C2) Networks

A Methodology for Analyzing Complex Military Command & Control (C2) Networks

For 10th ICCRTS, Track 4 (Assessment, Tools, and Metrics)Tysons Corner, Virginia

June 14th, 2005

By: David A. Jarvis

Originally prepared under contract for Navy Warfare Development Command (NWDC)

©2005 Alidade Incorporated. All Rights Reserved

Page 2: A Methodology for Analyzing Complex Military Command & Control (C2) Networks

A Methodology for Analyzing

Complex Military

Command & Control (C2)

Networks

10th ICCRTS

June 14th, 2005

Purpose of Presentation

• Discuss the application of complex network theory principles to military C2 networks

• Present results of CJTFEX 04-2 analysis• Summarize validity and potential

applications of C2 Network Analysis (C2NA) method

Page 3: A Methodology for Analyzing Complex Military Command & Control (C2) Networks

A Methodology for Analyzing

Complex Military

Command & Control (C2)

Networks

10th ICCRTS

June 14th, 2005

Introduction • Problem / Issue: Warfighter is faced with increasingly

complex C2 networks– Increasing number of IP networks, communication networks, and

applications all creating a complex information environment– Warfighter’s capability and effectiveness of new applications and

networks are difficult to analyze– Traditional C2 analyses limited to IT performance and human

interface

• Possible Solution– New analysis techniques can now be applied to define the

structure, dynamics and evolution of collaboration in command and control networks

• A “network” is any collection of interacting elements arranged for purpose, not necessarily an IT network

– Techniques enable the analysis of how warfighters actually use networks, as opposed to how engineers tell us how to build them

– Metrics can be used in defining and measuring new information architectures

Page 4: A Methodology for Analyzing Complex Military Command & Control (C2) Networks

A Methodology for Analyzing

Complex Military

Command & Control (C2)

Networks

10th ICCRTS

June 14th, 2005

Trial of Network Analysis Method

• Introduction of analysis method within CJTFEX 04-2 (12-day joint US/UK exercise)– Existing Cross Domain Solution (CDS) Limited

Objective Experiment data collection used to validate method

– Performed in addition to traditional NWDC Analysis effort

• Analysis Focus - Email– The analysis is applicable to a wide range of

networks, email used as a stepping stone– Email is the primary method of asynchronous

electronic communication in the Information Age– Indicates structures of collaboration and command

and control

Page 5: A Methodology for Analyzing Complex Military Command & Control (C2) Networks

A Methodology for Analyzing

Complex Military

Command & Control (C2)

Networks

10th ICCRTS

June 14th, 2005

Analysis Assumptions & Scope• Analysis Assumptions

– A node is an email address – A link exists if at least one email has been exchanged

between two nodes, TO: and CC: are treated identically

– Structural analysis only, the content or intent of messages not considered

– Artifacts exist in the raw data (e.g. record message traffic), corrected where possible

• Analytical Scope– Overview Analysis of six hour timeframes (based on

battle rhythm), analyzing each independently– Detailed Analysis on two selected timeframes,

demonstrating structure and dynamics of C2 network

Page 6: A Methodology for Analyzing Complex Military Command & Control (C2) Networks

A Methodology for Analyzing

Complex Military

Command & Control (C2)

Networks

10th ICCRTS

June 14th, 2005

Questions for Analysis1. Does the email cross domain solution change

previously established operating procedures?

2. Who are the key nodes for email traffic flow?

3. How robust is the email network in light of the removal of nodes and/or links?

4. How does the structure of the email network evolve over the course of the experiment?

5. What are the internal dynamics of select sub-networks and how to the sub-networks interact with each other?

These are the questions…what metrics provide the answers?

Page 7: A Methodology for Analyzing Complex Military Command & Control (C2) Networks

A Methodology for Analyzing

Complex Military

Command & Control (C2)

Networks

10th ICCRTS

June 14th, 2005

Network Metrics (Example)

Characteristic path length (CPL)

CPL = 1.5 (median of the averages)

0

1

1

2

1

1

F

1.2

1.4

1.8

2.0

1.2

1.6

Avg

11211F

01212E

10322D

23012C

12101B

22210A

EDCBA

E

Link/node ratio = 1.33 (8 links, 6 nodes)

Degree distribution (histogram)

0

1

2

3

1 2 3 4 5 6 7 8

# of connections per node

# of

nod

es

Node Link

A

B

C D

F2

4

1 2

3

4

Degree

Page 8: A Methodology for Analyzing Complex Military Command & Control (C2) Networks

A Methodology for Analyzing

Complex Military

Command & Control (C2)

Networks

10th ICCRTS

June 14th, 2005

Network Metrics (Example)

A

B

C D

E

F

Clustering coefficient

C = 3 x 3 / 34 = ~0.26

nodes of triplesconnected ofNumber trianglesof #x 3

=C

Betweenness - A measure of network resilience and flow

ikjngkjg

inCgng

nC

ijk

jk

iB

kj jk

ijkiB

contain that and actors linking )(geodesics pathsshortest of # )( and actors two thelinking )(geodesics pathsshortest of #

nodefor centrality ss Betweenne)(

)()(

=

==

= ∑<

Page 9: A Methodology for Analyzing Complex Military Command & Control (C2) Networks

A Methodology for Analyzing

Complex Military

Command & Control (C2)

Networks

10th ICCRTS

June 14th, 2005

Increased network effects, decreased susceptibility, tipping points, max = n/2

(0, 2) Neutrality

Hubs should be kept obscure until needed, damage abatement/repair schemes

Low (random removal)High (focused removal)

Susceptibility/Robustness

Self-synchronizationlog(n)Path horizon

Cascade controlSkewedBetweenness

Hierarchy, organizationSkewedClustering

Short distances even for large networks (e.g., 104

nodes Average path length = ~4)log(n)Average path length

Hub appears, recedes by reconnection 5% of links< 100 linksLargest hub

Adaptivity, modularitySkewedDegree distribution

l << 2n, too brittlel >> 2n, too much overhead

l < ~2nNumber of links, l

Network effects unlikely to occur with n < 50n > ~100Number of nodes, n

Operational SignificanceRangeMetric

Network Metric Thumb RulesExperimentation and Analysis

©2005 Alidade Incorporated. All Rights Reserved

Metrics measure how people interact in a military context

Page 10: A Methodology for Analyzing Complex Military Command & Control (C2) Networks

A Methodology for Analyzing

Complex Military

Command & Control (C2)

Networks

10th ICCRTS

June 14th, 2005

• We found: – CDS increased integration between US and

UK networks – Additional baseline information required to

fully define cross domain email need and use• Method supports:

– Defining role for individual liaison officers

Question #1Does the email cross domain solution (CDS) change

previously established operating procedures?

Page 11: A Methodology for Analyzing Complex Military Command & Control (C2) Networks

A Methodology for Analyzing

Complex Military

Command & Control (C2)

Networks

10th ICCRTS

June 14th, 2005

CDS InteractionsAggregate Network of UK Interactions

Multiple conduits between domains

= UK= US

Question #1

Page 12: A Methodology for Analyzing Complex Military Command & Control (C2) Networks

A Methodology for Analyzing

Complex Military

Command & Control (C2)

Networks

10th ICCRTS

June 14th, 2005

• Based on multiple metrics, we found:– J2 ACOS– Information Operations– Asst. JOC Watch

• Method supports:– Developing network defense for most

important nodes– Providing input to plans for graceful

degradation of capability– Examining use of method to exploit adversary

networks and C2 structure

Question #2Question #2Who are the key nodes for email traffic flow?

Page 13: A Methodology for Analyzing Complex Military Command & Control (C2) Networks

A Methodology for Analyzing

Complex Military

Command & Control (C2)

Networks

10th ICCRTS

June 14th, 2005

Collaboration Measures

1

10

100

1000

1 10 100 1000 10000Out-Degree (kout)

In-D

egre

e (k

in)

Broadcasters

Receivers

Collaborators

504 (33%)146 (10%)894 (58%)Day 8 1200-1800441 (36%)91 (7%)684 (56%)Day 6 1200-1800

Xmit & ReceiveXmit OnlyReceive OnlyTimeframe

Question #2

Page 14: A Methodology for Analyzing Complex Military Command & Control (C2) Networks

A Methodology for Analyzing

Complex Military

Command & Control (C2)

Networks

10th ICCRTS

June 14th, 2005

• We found:– Resilient to random node removal– Vulnerable to targeted node removal– Network structure makes rapid recovery

possible• Method supports:

– Critical node placement in distribution of staff– Development of alternate C2 paths – Improving node counter-targeting

Question #3Question #3How robust is the email network in light of the

removal of nodes and/or links?

Page 15: A Methodology for Analyzing Complex Military Command & Control (C2) Networks

A Methodology for Analyzing

Complex Military

Command & Control (C2)

Networks

10th ICCRTS

June 14th, 2005

Robustness MeasurementDetailed Timeframe – Day 8 1200-1800

1100

1150

1200

1250

1300

1350

1400

1450

1500

1550

1600

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

Number of Nodes Deleted

Size

of G

iant

Com

pone

nt

Targeted Random

In targeted case ~2% of nodes removed, ~25% of network lost

Degradation is not linear

Question #3

Page 16: A Methodology for Analyzing Complex Military Command & Control (C2) Networks

A Methodology for Analyzing

Complex Military

Command & Control (C2)

Networks

10th ICCRTS

June 14th, 2005

Degree DistributionDetailed Timeframe - Day 8 1200-1800

Skewed distribution is evidence of a scale-free network

Question #3

1

10

100

1000

1 10 100

OUT DEGREE (<101)

IN DEGREE (<118)

y = 170.52 * x^(-1.2346) R= 0.98488

y = 625.1 * x^(-1.4355) R= 0.9956

FRE

QU

EN

CY

DEGREE

Page 17: A Methodology for Analyzing Complex Military Command & Control (C2) Networks

A Methodology for Analyzing

Complex Military

Command & Control (C2)

Networks

10th ICCRTS

June 14th, 2005

• We found:– Network structure follows staff daily battle

rhythm, significant events did not alter the network structure

– Distance to get information from one person to another remained roughly constant

• Method supports:– Re-engineering networks based on user

behaviors to assist in meeting warfighter requirements

Question #4Question #4How does the structure of the email network evolve

over the course of the experiment?

Page 18: A Methodology for Analyzing Complex Military Command & Control (C2) Networks

Number of Nodes

0

500

1000

1500

2000

2500

Day 11800-2400

Day 21800-2400

Day 31800-2400

Day 41800-2400

Day 51800-2400

Day 61800-2400

Day 71800-2400

Day 81800-2400

Day 91800-2400

Day 101800-2400

Day 111800-2400

Day 121800-2400

n

• Network size cycles with daily battle rhythm• Link activity cycles with daily battle rhythm• Clustering coefficient has no obvious pattern

Question #4Number of Links

0

2000

4000

6000

8000

10000

12000

14000

16000

18000

Day 11800-2400

Day 21800-2400

Day 31800-2400

Day 41800-2400

Day 51800-2400

Day 61800-2400

Day 71800-2400

Day 81800-2400

Day 91800-2400

Day 101800-2400

Day 111800-2400

Day 121800-2400

k, k

d

# of total links # of distinct links

Clustering Coefficient

0.00

0.05

0.10

0.15

0.20

0.25

0.30

Day 11800-2400

Day 21800-2400

Day 31800-2400

Day 41800-2400

Day 51800-2400

Day 61800-2400

Day 71800-2400

Day 81800-2400

Day 91800-2400

Day 101800-2400

Day 111800-2400

Day 121800-2400

C

Page 19: A Methodology for Analyzing Complex Military Command & Control (C2) Networks

Link to Node Ratio (Distinct)

0.50

1.00

1.50

2.00

2.50

3.00

3.50

Day 11800-2400

Day 21800-2400

Day 31800-2400

Day 41800-2400

Day 51800-2400

Day 61800-2400

Day 71800-2400

Day 81800-2400

Day 91800-2400

Day 101800-2400

Day 111800-2400

Day 121800-2400

k d/n

Number of Nodes vs. Number of Distinct Links

0

500

1000

1500

2000

2500

0 1000 2000 3000 4000 5000 6000 7000

k d

n

• Ratio approximates thumb rule• Link activity grows linearly with addition of nodes

Question #4

Page 20: A Methodology for Analyzing Complex Military Command & Control (C2) Networks

A Methodology for Analyzing

Complex Military

Command & Control (C2)

Networks

10th ICCRTS

June 14th, 2005

Network ProgressionDay 5

Question #4

= US & UK

0.203.474.832.487.502928886711831800-2400

0.123.644.522.999.12432913,20914491200-1800

0.053.744.782.698.07555816,70020690600-1200

0.082.995.021.774.7398426365570000-0600

Clog(n)CPLkd/nk/nkdknTime (EDT)

Page 21: A Methodology for Analyzing Complex Military Command & Control (C2) Networks

A Methodology for Analyzing

Complex Military

Command & Control (C2)

Networks

10th ICCRTS

June 14th, 2005

• We found: – Structures of the sub-networks were very different

from entire CJTFEX email network, the CJTFEX was scale-free, the staff sub-networks were not

– Identifiable nucleus of communications in each staff– The two nuclei of Staff #1 and Staff #2 were well-

connected– Using different link definitions (reciprocal, threshold)

can provide additional information about the network

• Method supports:– Development of techniques to split staffs between

assets

Question #5What are the internal dynamics of select sub-networks and

how to the sub-networks interact with each other?

Page 22: A Methodology for Analyzing Complex Military Command & Control (C2) Networks

A Methodology for Analyzing

Complex Military

Command & Control (C2)

Networks

10th ICCRTS

June 14th, 2005

Network DiagramStaff #2 Sub-Network Interactions – Entire Exp.

(Reciprocal Link Definition)

= nucleus node

Question #5

Page 23: A Methodology for Analyzing Complex Military Command & Control (C2) Networks

A Methodology for Analyzing

Complex Military

Command & Control (C2)

Networks

10th ICCRTS

June 14th, 2005

Future Applications• Information Operations / Information Assurance

– Focus network defense on most important nodes– Improve node counter-targeting– Examine use of method to exploit adversary networks and C2

structure• C2 Structure and Information Flow

– Support decision of critical nodes placement in distribution of staff

– Develop alternate C2 paths – Measure and understand key command and staff relationships

to more effectively use Collaborative Information Environment• Network and Information Management

– Assist warfighter in defining requirements and providing feedback on engineering design parameters

– Provides metrics for evaluation and design of information management practices

– Provide input to plans for graceful degradation of capability

Page 24: A Methodology for Analyzing Complex Military Command & Control (C2) Networks

A Methodology for Analyzing

Complex Military

Command & Control (C2)

Networks

10th ICCRTS

June 14th, 2005

Next Steps• Next experiment to use methodology

CDS LOE II (JTFEX 05-2)• Multi-level C2 analysis, combining

multiple C2 systems– Email– Chat– Voice Over IP

• Content analysis• Incorporation of lessons learned from

CDS LOE I (JTFEX 04-2)

Page 25: A Methodology for Analyzing Complex Military Command & Control (C2) Networks

Questions?