Technical ReportPDF Available


Abstract : From an information warfare perspective, The Cold War never ended. Moreover, the 21st Century presents vivid new security challenges related to information weaponry. For instance, Russia sowed confusion and distrust during the 2016 United States Presidential election quite effectively with micro-targeted information and disinformation campaigns. Enhanced with reflexive control, Russia’s information warfare technique combines models of decision-making processes with vectors designed to exploit process weaknesses. For decades, Russia has been perfecting their highly analytical brand of information warfare enhanced with reflexive control, which meticulously introduces into human or machine processes data which inclines the adversary toward taking an action that favors the attacker. While Russia continually advances its techniques and after effects of the 2016 attacks smolder as a cantankerous strife throughout American discourse, Western governments do not seem to appreciate powerful reflexive control concepts. This paper describes an important capability gap in the United States’ information warfare solution set. Process mining technologies enable data driven techniques for understanding societal, cultural, political, military, and critical infrastructure process weaknesses, at scale. Algorithmic process models discovered from varieties of data augment other information warfare capabilities and give the United States actionable, data-driven intelligence to steel against reflexive control attack vectors. Creative and diverse use cases are described for the Department of Defense, national security agencies, and critical national infrastructures. Full-text available from:
Process Mining: The Missing Piece in Information Warfare
John W. Bicknell, Jr., More Cowbell Unlimited, Inc.
Werner G. Krebs, Ph.D., Acculation, Inc.
Abstract: From an information warfare perspective, The Cold War never ended. Moreover, the 21st
Century presents vivid new security challenges related to information weaponry. For instance,
Russia sowed confusion and distrust during the 2016 United States Presidential election quite
effectively with micro-targeted information and disinformation campaigns. Enhanced with
reflexive control, which has roots in cybernetics and game theory, Russia’s information warfare
technique combines models of decision-making processes with vectors designed to exploit
process weaknesses. For decades, Russia has been perfecting their highly analytical brand of
information warfare enhanced with reflexive control, which meticulously introduces into human
or machine processes data which inclines the adversary toward taking an action that favors the
attacker. While Russia continually advances its techniques and after effects of the 2016 attacks
smolder as a cantankerous strife throughout American discourse, Western governments do not
seem to appreciate powerful reflexive control concepts. This paper describes an important
capability gap in the United States’ information warfare solution set. Process mining is a
relatively new technology which enables data driven techniques for understanding societal,
cultural, political, military, and critical infrastructure process weaknesses, at scale. Algorithmic
process models discovered from varieties of data augment other information warfare
capabilities and give the United States actionable, data-driven intelligence to steel against
reflexive control attack vectors. Creative and diverse use cases are described for the
Department of Defense, national security agencies, and critical national infrastructures.
“The Mind Has No Firewall” (Thomas 1998)
America faces a strategic imperative to innovate and rapidly field emerging technologies to remain
ahead of other technical world powers. Peer adversaries, surrogate states, non-state actors, and
eroding competitive advantage (A New National Security Strategy for a New Era 2017; Mattis 2018;
Section 809 Panel n.d.) necessitate focused attention on dominating certain critical capabilities. This
paper suggests process dominance is such a capability. America must achieve and maintain a global
competitive advantage relative to this capability. The Department of Defense (DoD) and adjacent
national security agencies must embark on a cross-agency effort now to build out this capability which
effectively supports operations and sustains our security and solvency (Mattis 2018). Process
dominance has wide applicability throughout the Federal government and industry; however, this paper
focuses specifically on the information warfare space.
Countering adversarial information warfare attack requires a whole-of-government strategy using all
instruments of national power to harness the authorities, tools, and resources required to mitigate and
marginalize its harmful effects (Thomas 2017). Process mining is an emerging technique and missing
capability which must become an integral part of the United States’ security solution set – including
within the information domain.
© 2019 Copyright More Cowbell Unlimited, Inc.
At a foundational level, processes underpin all naturally occurring phenomena and may be modeled.
Process models should be used to understand ecosystem challenges or vulnerabilities in order to
improve the ecosystem, defend the ecosystem, and attack adversaries’ ecosystems. Process mining
uses algorithms to derive process models from data with no a priori
knowledge of the latent processes.
The business and military use cases are vast and have equally vast implications for our
information-saturated world.
Since the 1960s, Russia has enhanced information warfare with systematic psychological understandings
of adversary reflexive processes and continues honing the technique. Known as reflexive control (RC),
this highly analytical psychological method is a means of conveying to a partner or an opponent specially
prepared information to incline him to voluntarily (or reflexively) make a predetermined decision
desired by the initiator of the action (Thomas 2004). By itself, RC is not an information warfare
technique; rather, it is closely aligned with cybernetics and game theory (Chotikul 1986; King 2018;
Novikov and Chkhartishvili 2014; Thomas 2004). For brevity and simplicity, from this point forward, we
will use “RC” to mean “RC-enhanced information warfare.”
Based on the authors’ research, the United States neither sufficiently appreciates (Giles, Seaboyer, and
Sherr 2018; King 2018) RC nor deploys RC, and it should do both. Furthermore, Russia and other
adversaries may have already weaponized and incorporated sophisticated process mining algorithms
into their RC-enhanced information warfare solution sets. At a minimum, the United States must adopt a
scalable data-driven defense methodology to thwart Russia’s enhanced information warfare. Process
mining provides such a methodology.
We assert that process mining is a critical missing technique in our national information age strategy. In
fact, we believe that process dominance is a capability which must be pursued in earnest. Deployed
thoughtfully, process mining discovers non-intuitive process-related national security intelligence from
petabytes of unstructured and structured data, at scale. DoD and adjacent national security agencies
must embark on a cross-agency effort to infuse prioritized systems with process analytics and develop
detailed understandings of America’s human and machine process vulnerabilities in order to support
operations and sustain our security and solvency (Mattis 2018).
This paper is structured as follows. First, in the literature review, we provide a non-comprehensive
literature review relative to RC in an information warfare context and discuss previous efforts to model
large, complicated ecosystems. We call these complicated ecosystems: mega-processes. Several
historical examples of RC used in warfare are provided, as well. The literature review serves as a
background discussion on RC-enhanced information warfare. Next, the paper introduces process mining
and describes its fundamentals. After that, in an information warfare context, methods for discovering
processes algorithmically are discussed. This methodology seeks to augment current United States
information warfare, or perception management, efforts. Finally, the paper discusses ways to employ
process mining in an RC-enhanced information warfare context with various national security and
infrastructure use cases.
© 2019 Copyright More Cowbell Unlimited, Inc.
Literature Review
Reflexive Control Theory
This section reviews Reflexive Control Theory as a framework which informs this analysis. It bears
repeating, reflexive control and Reflexive Control Theory are not synonymous with information warfare.
Rather, Reflexive Control Theory was developed in the former Soviet Union and is heavily influenced by
cybernetics and game theory (Chotikul 1986; King 2018; Novikov and Chkhartishvili 2014; Thomas 2004).
Reflexive control is defined as a means of conveying to a partner or an opponent specially prepared
information to incline him to voluntarily make the predetermined decision desired by the initiator of the
action. The theory is similar to the idea of perception management, except that it attempts to control
more than manage a subject (Thomas 2004).
Well studied outside the West, Reflexive Control Theory presents a rigorous mathematical framework
that models geopolitical adversaries as well as perception management, propaganda, and cyber
attacks--especially those that alter information. By optimizing the predicted outcomes within the
theoretical reflexive control theory framework, putative disinformation campaigns may be evaluated,
potentially resulting in a real-life RC disinformation campaign being selected and carried out against an
Reflexive Control Theory is the major conceptual underpinning of this paper, and provides a rigorous
mathematical framework for all types of information warfare discussed herein, as well as modeling of
geopolitical adversaries as well.
Key Reflexive Control Theory thinkers include: Former Soviet mathematical psychologist V. A. Lefebvre,
who now resides in the United States; V. E. Lepsky, who is associated with the journal Reflexive
Processes and Control as well as the website (; and Soviet Colonel S. Leonenko.
Examples of Reflexive Control
Information warfare enhanced with reflexive control may be traced all the way back to Sun Tzu with
relevant classic strategies such as:
“The supreme art of war is to subdue the enemy without fighting.” (Tzu and Griffith 1964)
In the late 1980s, some claim the United States’ Strategic Defense Initiative (SDI) is a classic example of
US use of reflexive control. In this case, the US compelled the former Soviet Union to act according to a
plan favorable to the US. By doing so, it forced the Soviet Union to try to keep pace with America’s
achievements in the SDI arena, even if the SDI achievements were overstated or altogether false. This, in
turn, exhausted the Soviet Union economically as it spent money to develop corresponding equipment.
(Thomas 2004)
Also from the Cold War period, the Soviet Union tried to alter the US perception of the nuclear balance.
The goal was to convince the West that Soviet missile capabilities were far more formidable than they
actually were. To achieve this, they, amongst others, exhibited fake ICBMs at military parades in order to
create the illusion that a single missile could carry huge multiple warheads. At the same time Soviet
© 2019 Copyright More Cowbell Unlimited, Inc.
authorities made sure that military attachés and known western intelligence officers would observe the
parades closely. They further created a trail of collateral proof that western intelligence services would
discover when investigating the fake ICBMs, which would lead them even further astray. The ultimate
goal was to lead foreign scientists, who would try to copy the advanced technology, down a dead-end
street. By doing so, the West would be wasting precious time, money and scientific research capacity.
(Kamphuis 2018)
More recently, during Russia’s actions in Ukraine in 2014, they attempted to disguise the presence of
Russian forces by deploying men in uniforms without insignia and concealed its goals and involvement
by publicly denying Russian participation. Simultaneously, Russia continued to threaten NATO and the
West with overflights and hinting at the use of nuclear weapons. Together, these acts constitute a
‘denial and deception’ operation consistent with the concept of reflexive control. Ultimately Russia
achieved what it set out to do: they projected the Ukraine campaign as a response to NATO expansion,
dissuaded the West from getting involved, and managed to drum up support amongst Russians in
Ukraine by framing the violence as bottom-up. (Kowalewski 2017)
Russia employed similar tactics in the 2016 American elections. Throughout the general election
campaign, Russia produced bouts of false information by utilizing botnets, paid human ‘trolls’, and fake
news articles and sites. Studies link election stories such as Hillary Clinton’s perceived ill-health to
Russian fake news sites. Reflexive control in Russian national security strategy is specifically aimed at
manipulating and undermining a state’s decision-making process. While Russia may have preferred for
Donald Trump to win, the goal is not just to elect a certain candidate, but to fundamentally undermine
the democratic decision-making process to ‘win’ its information war against the West. Accordingly,
Russian disinformation will continue to undermine the American political system and act as a direct
national security threat to the United States for the foreseeable future. (Kowalewski 2017)
Finally, it is argued that RC and similar disinformation resulted recently in unnecessary Western measles
deaths (Eustachewich 2019; Howard 2018). In other cases, RC-like campaigns allegedly were used to
recruit foreign lobbyists, organize extremist political parties, and supposedly morphed from
foreign-funding of Western journalists into active physical sabotage operations in conflict zones (Clasen
and Lesser 2019; Schindler 2019a, 2019b).
Chotikul’s Naval Postgraduate School Thesis (Chotikul 1986)
Chotikul’s Naval Postgraduate School these presents a good summary of the Soviet theory of RC in a
historical and psychocultural perspective. A key observation, especially relevant for this paper,
describes RC and how it is different from what the West is doing: "The government of the USSR sets a
high premium on understanding American words, actions, and cognitive processes
(emphasis added).”
The West does not attempt anything comparable despite large numbers of scholars engaged in studying
the former Soviet Union. Chotikul continues, “The American academic community focuses primarily on
historical issues, while government analysts concentrate on current news developments. In short, there
is nothing to compare with the great depth and extensiveness of Soviet analysis of the United States.”
Chotikul also relates RC theory with cybernetics, game theory, and the related discipline of operations
research noting that "control must be developed scientifically." Operations research is defined by the
Soviets as, "the application of quantitative, mathematical methods to prepare decisions bound to be
made in all the fields of objective bound human activity.” Many observe the great coercive and "mind
© 2019 Copyright More Cowbell Unlimited, Inc.
control" potential of mass media and commercial advertising as an American example of RC. However,
there are important differences which must be kept in mind when trying to equate Soviet RC with other
forms of influence. These include the scope, purpose, and intensity of the practices. Attempting to gain
influence is qualitatively different from attempting to gain total control.
According to Chotikul, the Soviet “emphasis on formulating goals to work toward, and gaining advantage
through thorough knowledge of the thought processes and orientation of opponents has been strikingly
absent from U.S. historical experience--both military and diplomatic--and has, in many instances, given
the Soviets a distinct advantage. The orientation toward RC may be as potentially dangerous as the
execution of the theory itself.”
She also describes three targets of RC:
Decision Processes or Systems of Decision Making
Individuals Responsible for Decision Making
Cultural Complex Within Which Decision is Embedded
Reflexive Control and Machines (Thomas 2004)
Noted as an information warfare expert, Thomas asserts that RC may be used against either
human-mental or computer-based decision-making processors.
One of the most complex ways to influence a state’s information resources is by use of RC measures
against the state’s decision-making processes. This aim is best accomplished by formulating certain
information or disinformation designed best to affect a specific information resource. In this context,
Thomas defines an information resource as:
“information and transmitters of information, to include the method or technology of obtaining,
conveying, gathering, accumulating, processing, storing, and exploiting that information;
“infrastructure, including information centers, means for automating information processes,
switchboard communications, and data transfer networks;
“programming and mathematical means for managing information; and
“administrative and organizational bodies that manage information processes, scientific
personnel, creators of databases and
“knowledge, as well as personnel, who service the means of informatizatsiya
Thomas also discusses integrated information technologies as they relate to RC theory. For example, he
cites Soviet Colonel Leonenko as saying, “computers could hinder the use of RC by making it easier to
process data and calculate options.” Continuing, “Computers speed and accuracy in processing
information can detect the RC measure. On the other hand, in some cases, this may actually improve the
chances for successful RC, since a computer lacks the intuitive reasoning of a human being. Computer
technology increases the effectiveness of RC by offering new methods adaptable to the modern era that
can serve the same ends.”
Colonel Leonenko foreshadows the current operational landscape, There is a need to act not only
against people but also against technical reconnaissance assets and especially weapons guidance
systems, which are impassive in assessing what is occurring and do not perceive to what a person
© 2019 Copyright More Cowbell Unlimited, Inc.
Thomas also observes that RC is similar to the idea of perception management. However, he cautions
that United States analysts make the simple comparison that perception management is equivalent to
RC; however, deeper examination reveals that there exists “quantifiable differences in the terms
manage and control.” He asserts that “the chief task of RC is to locate the weak link of the filter, and
exploit it.”
Hansen’s Naval Postgraduate School Thesis (Hansen 2013)
RC focuses on biasing the target’s decision-making process. An individual’s perception of reality results
from his “filter,” the way he evaluates and distinguishes important from unimportant information. Once
the weak links of the target’s filter are identified, the influencing agent can deliberately project
suggestive information that induces the target to arrive at specific conclusions about a situation. RC
involves creating a pattern or providing partial information that causes [a target] to react in a
predetermined fashion without realizing that he is being manipulated.
Reflexive Control in Cyber Operations (Jaitner 2016)
Jaitner applies principles of RC observing that adversaries may influence both the human and the
machine. She observes that decision-making is dependent upon accurate and timely intelligence; if this
intelligence is inaccurate or irrelevant or otherwise delays analysis then this may “seriously cripple a
decision-making process.” Therefore, opportunities exist for “false, irrelevant, or untimely information”
to be “introduced to the human, to the machine, or to both.”
Jaitner explains that “mapping of decision-making patterns may present an extremely challenging, but
still achievable task. It is the knowledge of patterns within the decision-making process that allows an
adversary to insert information into the process that would ultimately allow manipulation of the
She also describes two data layers which must be understood. The first layer is the sensors of technical
systems, which gather values that describe a context or a situation. The second layer processes or
makes sense of these gathered facts, as described in the first layer. This second layer could involve the
cognitive aspect of pure human decision-making or, increasingly in the information age, involves
machine decision-making. She cites withholding of information, information overload, and the altering
of information as RC techniques which may exploit process vulnerabilities in a cyber context. The latter,
altering information, may have the best likelihood of influencing analyses and guiding adversaries
towards the making decisions most favorable to the attacker.
Understanding the Environment in Great Detail (Garvin 2017)
In an Army Command and General Staff College monograph, Garvin makes a similar process-oriented
assertion as Chotikul: “To emphasize, deliberate employment of RC requires adequate understanding of
the environment as a system, framed by the context of operations.” Garvin also details at length how
Boyd’s OODA loop provides a systems reference point for understanding RC.
Garvin also provides a table to help visualize the cognitive processes incorporating RC within design. He
describes a continuous process which necessitates an understanding the operational environment,
defining the problem, and developing an operational approach. Garvin’s methodology recommends
understanding in great detail the:
© 2019 Copyright More Cowbell Unlimited, Inc.
Observed System, including
ohistorical context
omacro assumptions
oviews from multiple perspectives
Desired System of All Actors, including
oTensions and barriers between actors,
oShocks to the system
oRisk calculus
oCenter of gravity
Reflexive Control, Perspective, and Knowledge (Giles, Seaboyer, and Sherr 2018)
Instead of consisting simply of disinformation, RC implies a compound program of targeted
decision-making through multiple vectors, accounting for not only the adversary's logical processing of
information, but also the emotional, psychological, cultural and other frameworks within which
decisions are made. RC is therefore a very complex concept and its implementation depends on many
coordinated efforts over a very long time-frame.
Giles et al capture, in a general description, Russia’s paralyzing use of RC in the most recent United
States presidential election and its aftermath:
The Kremlin uses social media to achieve policy paralysis by creating chaos in the information
space. To achieve this effect, it introduces vast amounts of information specifically designed to
occupy both a population and its leadership with trying to process conflicting information. This
happens by eroding trust in governments and its institutions through spreading false narratives
that implicate the government of a target audience in wrongdoing.
They also contribute some countermeasures which are especially important for defending against RC. In
summary, these countermeasures are:
Knowledge of the adversary is as important as self-knowledge
Deterring and defeating ‘hybrid war’ demands local knowledge
The relationship between the military commander and political decision-maker is of the utmost
There are no ‘rear areas’
These countermeasures have both outward-looking and inward-looking, or self-examination,
components. Therefore, it is important to examine constantly friendly and enemy critical
infrastructures, key alliances, areas within spheres of influence, and surrogate states.
Mega-Process Modeling Review
Science and Consensus
Research shows one way to achieve political consensus and potentially counter disinformation
techniques is by achieving agreements across political divides on basic facts, often through the use of
© 2019 Copyright More Cowbell Unlimited, Inc.
scientific or expert research and analysis(Friedman 2018; University of Cambridge 2017). Computer
modeling is one means of providing objective information to policy makers. It should not be surprising
that peddlers of disinformation seek to attack science and expert opinion (arXiv 2018b) sometimes with
deadly consequences (Eustachewich 2019). We argue that world computer models need to account for
disinformation techniques such as RC.
“Big History” models
Researchers and experts across the political aisle turn to mathematical and computer modeling
techniques. Frequently cited by libertarians and some center-right economists are the
diminishing-return “big history” societal collapse models of Tainter (Acculation 2014; Strombert 2000),
whose seminal 1988 work (Tainter 1988) models, among other things, the declining return on patent
ROI that remains relevant 30 years later (Rotman 2019). Tainter argues that societies historically have
often grown exponentially before suddenly collapsing due to diminishing returns and resource
exhaustion (Tainter 1988). Other scholars from across the political spectrum have developed “big
history” mathematical social models with similar conclusions (Acculation 2014; Cline 2015; Kemp 2019;
Sociocultural evolution 2019; West 2011, 2018). Nevertheless, world modeling remains highly
controversial for a number of reasons, including due to anti-science RC campaigns as we argue here.
The Limits To Growth
The Limits to Growth
(Meadows 1972; Meadows, Randers, and Meadows 2004) was a 1972 international
bestseller in 30 languages that detailed a controversial computer world simulation, World3 (The Limits
to Growth 2019; World3 2019). Although computer world models go back at least to the 1950s, World3
is arguably the most famous (Jacovkis and Castro 2015). Considered bleeding-edge then (The Limits to
Growth 2019), today World3 can be run inside a modern web browser (Meadows 1972; The World3
Model n.d.). Under most parameter settings, world population climbs before collapsing sometime in the
mid 21st century. Innumerable critics have pointed out very real technical and political flaws (Jacovkis
and Castro 2015; The Limits to Growth Criticism Section 2019; World3 2019, 3). Among these is similarly
dire (but inaccurate) prediction when the model is back-tested against 19th century data (Sussex 1973),
a Realpolitik-incompatible modeling of the world as a single country, and dubious assumptions (The
Limits to Growth Criticism Section 2019). World3 may have been simultaneously too conservative and
too liberal: it did not adequately model climate change, technological responses to overpopulation (The
Limits to Growth 2019; World3 2019) nor the ongoing insect mass extinction event (Carrington 2019;
Kolbert 2014). This debate continues to the present (Chakrabarti 2019), with critics cited by the right
arguing (interestingly) that overpopulation models are inherently racist (Rothman 2018) coupled with
recent shock “empty planet” predictions (Bricker and Ibbitson 2019). Experts respond that United
Nation predictive models, which are often inspired by World3 (Jacovkis and Castro 2015), have largely
been accurate (NPR 2019) and that World3 has tracked actual population growth well over the last 40
years (Perspectives on Limits to Growth: Challenges to Building a Sustainable Planet 2012; G Turner
2008; Graham Turner and Alexander 2014).
Process-mining and World Models: Agent-based Models from Process Mining
Another modeling technique used in many computer simulations, including some world models, involves
agent-based models (Goertz 2007; Jacovkis and Castro 2015). Agent-based models rely on the
simulation of the decision-making processes of individual decision-making “agents” within the
© 2019 Copyright More Cowbell Unlimited, Inc.
simulation in order to study how collective behavior emerges at higher scale (Agent-based model 2019).
Agent-based models can be used in connection with non-agent-based world models (e.g. World3) by
helping to estimate parameters and verify simulation accuracy. Non-agent-based models are sometimes
called equation-based models or analytical models, and tend to be much more computationally efficient
than agent-based models (Analytical Models n.d.; Hunter, Namee, and Kelleher 2018) in that they do not
need to simulate activity at the individual level, but have the disadvantage that they typically require
higher-level insights into aggregate behavior. In particular, agent-based models can be used to verify
and validate equation-based models (Kennedy et al. 2006).
Process mining typically results in Markov or Bayesian statistical descriptions of studied organizations,
and has consequently been used to construct agent-based model simulations (Jimenez et al. 2018;
Szimanski et al. 2013). The resulting process mining-derived agent-based models can then be compared
with and used to improve more computationally efficient non-agent-based models (Hunter, Namee, and
Kelleher 2018). With varying degrees of success, agent-based models (including those derived from
processing mining) can sometimes also be converted de novo
into a more efficient equation-based
model, either automatically or through the insights of a human analysts (Conte and Paolucci 2014). For
example, records of major life events from sources such as vital statistics offices could be treated as
event logs, which process mining could convert into Markov or Bayesian descriptions of individuals,
which in turn would generate an agent-based world model. Given the often low cost of modern
computer time versus human analyst time, many organizations often simply run agent-based models
outright in the cloud as their model (French 2018; Taylor et al. 2014), in which case process mining AI
can be used to generate new computer models, including world models or models of entire subsections
of societies, with little or no human intervention.
Reflexive Control and World Modeling
The phenomenon of RC affects world models at multiple levels, and not merely as an additional
behavior to be modeled. In the 1970s World3 and related world computer models were immediately
seized upon by the left as justification for stronger international regulations (Company 1979).
Historically, calls for greater environmental or international regulations have received well-funded push
back from groups opposed to regulation (Anti-environmentalism 2019). It has been noted that
environmental groups frequently become the target of conspiracy theorists, which some attribute to the
workings of anti-environmental interests (Global warming conspiracy theory 2019; Hinkes-Jones 2012).
With the advent of attempts to data mine known hostile intelligence Internet trolling operations, it has
become possible to quantitatively and conclusively connect some anti-climate-change propaganda,
hostile intelligence activity, and funding sources (arXiv 2018a; Yoder 2018), also known as RC operations
as described elsewhere in this article. We thus argue that at least some of anti-environmental
conspiracy theories are the results of RC operations.
Interestingly from the standpoint of World Modeling, The Club of Rome became famous primarily for its
association with Limits to Growth.
Perhaps not surprisingly, in view of the social media data connecting
hostile intelligence operations to anti-climate change conspiracy theories, The Club of Rome has been
the subject of a vast, decades-long trove of conspiracy theories (The Club Of Rome 2018). Although
social media data did not exist in the 1970s when the Limits to Growth
conspiracy theories first began to
circulate, we suggest these might simply be further examples of the already well-established pattern of
hostile intelligence RC operations against environmental causes.
© 2019 Copyright More Cowbell Unlimited, Inc.
Interestingly, RC theory establishes that false information injected by disinformation operations need
not be internally consistent (Murphy 2018), and proponents of the “horseshoe theory”(Horseshoe
theory 2019) argue that ongoing RC actively seeks to influence both ends of the political spectrum
(McKenzie 2017). Consequently, one would expect to find not just anti-environmental or anti-regulation
conspiracy theories but also pro-environmental and pro-regulatory disinformation themes. It appears
that in the use of “microtargeting” pro-Brexit online ad campaigns, this was indeed the case, with
contradictory pro-environmental and anti-environmental ad themes running deceptively side-by-side
through micro-targeting of individuals (BBC 2018; Watson 2017). A common response from the political
right to overpopulation predicted by world modeling is increased investment in space and other
advanced tech (Siegel 2017; Wall 2013). Just as predicted by the “horseshoe theory” of RC, space
exploration is also a frequent victim of conspiracy theories (Howell 2017). RC, it seems, is a problem
across the political spectrum.
In this sense, as science’s apolitical strivings helps counter-RC (University of Cambridge 2017), regardless
of any perceived bias, world models are likely to be targets of hostile intelligence RC operations, as are
scientists in general (Bourguignon 2018). Interestingly, World Modelers have needed to add terms to
their models to account for operations opposed to world modeling, which they term “resistance to
change” effects (The World Change Model n.d.). In this sense, RC and related operations were a
significant enough factor in geopolitics that world models needed to be updated for the hidden effect,
although world modelers used different terminology (The World Change Model n.d.). If these additional
model terms didn’t already reveal a hidden keen interest in world modelling efforts, there is also direct
evidence of the Soviets developing their own world computer simulations, although these Soviet models
were largely ignored by the West (Jacovkis and Castro 2015).
Although it cannot be known for certain, social media quantitative data on trolling operations (arXiv
2018a) suggest this interest in both world modeling and RC operations against the West’s world models
presumably continues today in the Russian Federation as successor state to the Soviet Union.
Reflexion and Control: Mathematical Models (Novikov and Chkhartishvili 2014)
Novikov et al, who are affiliated with the Institute of Control Sciences (part of the Russian Academy of
Sciences), discuss modern approaches to mathematical modeling of reflexive processes in control. The
authors consider reflexive games that describe the interaction of subjects (agents) making decisions
based on an hierarchy of beliefs regarding (1) essential parameters (informational reflexion), (2)
decision principles used by opponents (strategic reflexion), (3) beliefs about beliefs, and so on. Analyzing
the behavior of phantom agents (existing in beliefs of other real or phantom agents) and the properties
of informational and reflexive structures (reflecting the mutual awareness of real and phantom agents)
enables suggesting informational and reflexive equilibria as solutions of corresponding games. The
mentioned equilibria generalize a series of well-known equilibrium concepts in noncooperative games
and models of collective behavior.
Novikov et al. present a sophisticated mathematical theory of RC that rigorously connect RC theory to
better-known concepts such as Game Theory, the Nash equilibrium, and Bayesian network analysis. It is
worth noting that Markov state matrices, when describing a geopolitical adversaries’ decision making
process, are a simplified or special “flattened” case of the more general Bayesian decision network
framework. Thus, Novikov et al. effectively relate RC Theory to the Markov Models traditionally used in
© 2019 Copyright More Cowbell Unlimited, Inc.
Process Mining, although Novikov et al. prefers the more general mathematical framework of Bayesian
processes over Markov processes. Markov parameters extracted from process mining algorithms can be
directly plugged into the equations used in Novikov et al. (by first converting the Markov processes in
Bayesian processes). Of course, Bayesian process frameworks are also relevant to process mining, and
both AI algorithms and human process analysts can generate non-Markov Bayesian process trees in
addition to more common Markov analyses in the West. Extension of file formats and AI algorithms to
facilitate non-Markov Bayesian analysis in a process mining framework would better connect Western
process mining to existing RC mathematical theory, and is potentially a low-hanging fruit for further
process mining research and development in the West that, to the knowledge of the authors, is not
currently being actively researched.
Literature Review Summary and Themes
“You have to understand what it is objectively that sits behind the way they do business. It is different
than us. And once that is understood, you have a base from which you can then begin to respond.”
(Thomas 2017)
The literature suggests that American adversaries, especially Russia, are seeking to understand our
cognitive processes with painstaking precision, while we may not be pursuing the same level of
understanding towards our peer competitors. Based upon our review of the literature, there are several
themes worth noting.
First, RC is a highly technical and more encompassing endeavor than perception management. At the
risk of simplifying a very complex information warfare technique, RC may be thought of as process
mining combined with perception management. Understanding adversary cognitive processes, systems
processes, and mega-processes are all necessary pre-work for effective defensive and offensive RC
campaigns. The authors hypothesize that the West does not employ any significant process-oriented
discovery analysis – manual or algorithmic – in information warfare.
Many believe that RC is deployed primarily against human soft targets, such as society and individual
influencers. While this is certainly true, the literature describes lesser understood information targets.
For example, RC may be deployed with devastating effect against machines, information systems, and
physical infrastructures. False, irrelevant, altered, untimely information, and/or overwhelming
information may significantly slow or cripple critical information infrastructures. RC is almost assuredly
being adapted into the cyber domain and being deployed against automated data-processing systems
which contain significant decision-making processes.
World modeling is an active research space with significant national security equities. Results and
critical reactions are mixed. Decades old attempts to model the world have been met with mixed
reviews, and emerging methods are too new to validate. Modeling of hostile RC operations would
enable better “resistance to change” parameter estimates in world models. None of the empirical
modeling techniques we reviewed suggests that process mining is being deployed algorithmically and at
scale, in support of defensive or offensive cyber or RC operations.
Finally, at least one adversary, Russia, is painstakingly modeling United States’ processes in order to
make their information warfare more effective. Given the technical prowess China demonstrates, they
may also be developing process modeling which enables advanced RC operations. Furthermore, it does
© 2019 Copyright More Cowbell Unlimited, Inc.
not appear the West is adequately studying RC and is not attempting adequately to model the processes
of geopolitical adversaries needed to have RC mastery. At a minimum, this suggests a process analysis
gap -- if not a process mining gap. It is possible that some of our adversaries, again Russia, have already
weaponized algorithmic methods for enhancing information campaigns. The existence of prominent
Russian language-friendly business analysis SaaS platforms (Business Process Simulation Modeling
Software BP Simulator n.d.; Онлайн симулятор
бизнес-процессов БП Симулятор n.d.) suggest citizens of the
Russian Federation are not unfamiliar with the concept of SaaS-based process analysis technologies.
Process Mining Background and Fundamentals
Process mining is a powerful emerging artificial intelligence technique with expansive use cases
throughout the corporate and government world. Early quick return on investment (ROI) use cases
enable better decision-making and help organizations
save on costs and re-purpose savings into prioritized
capabilities. Deeper and more impactful use cases
increase organizational agility and enhance
competitive advantage in the information age. The
first and most obvious use case is greatly speeding the
discovery and accuracy of process models, but that is
just the tip of the iceberg.
Process Mining resides at the intersection of Data
Science and Management Science, Figure 1. Data
science and management science are vast and
ever-changing interdisciplinary fields which help
organizations make better decisions and better use of their scarce resources while simultaneously
producing additional value. Process Mining combines artificial intelligence and machine learning to help
organizations derive insights from their data. The technique applies human-thought-like processing to
system-generated log data, and it learns latent processes from these data.
Process mining is platform agnostic and highly extensible. It works for any information technology
system and any process. As the name implies, algorithms “mine” time stamped event data and surface
latent processes from within those data with no a priori
knowledge. Compared to traditional
interview-based process mapping methodologies, process mining learns processes more accurately and
in a fraction of the time. It is fast, repeatable, and scalable. Most frequently, process mining data are
system log data or "data exhaust," which are produced by all systems. However, any event data which
can be arranged sequentially may be mined to understand non-intuitive processes contained therein.
At a minimum, there are three pieces of information needed to analyze processes in a data-driven
fashion; additional information enrichens the analysis.
Case ID: This is an instance identifier that represents a specific execution of the process. Depending
on the process, this might be an identifier for a patient, job applicant, purchasing order, or a chain of
emails with a common subject .
© 2019 Copyright More Cowbell Unlimited, Inc.
Event or Activity Name: This represents one of several steps performed within a process. It could also
represent a status change or a transaction step. For example, in a web-based eCommerce process,
activities might include “Add Item to Cart” or “Initiate Checkout.”
Time Stamp: This orders the activities within each Case ID. If start and complete timestamps are
available, then improved performance and capacity calculations are possible, such as wait time
between activities.
Other Attributes: When other information is available and tied to activities, social nets of interactivity
between process activities may be displayed in order to reveal important insights and troubleshoot
bottle necks. Cost attributes may also be applied which help organizations understand expenses
associated with processes.
Figure 2 contains a simple example of how a process is discovered. Assuming the example is sorted by
event time, we observe that Cases 1 through 3 all contain the same activities, labeled “A” through “E.”
In Case 1, the activities happen in natural order. In Case 2, we observe that Activity “C” precedes “B.”
Finally, in Case 3, Activity “D” is repeated before concluding with Activity “E.” The discovered process
accounts for these different process
Real world processes tend to be
significantly more complicated. Process
mining is like an x-ray machine for
processes. Process mining tools enable
visualizations, which help leaders and
process owners understand quickly where
challenges reside. In an information
warfare contect, process models reveal
non-intuitive critical machine
vulnerabilities or social behaviors,
otherwise unavailable.
Discovered process models come baked
with descriptive statistics, transition probabilities, and capacity estimates. These data allow
organizations to quickly understand processes, simulate change assumptions, target improvements
without guesswork, re-measure upgraded ecosystems, and report on improvement savings. Process
mining provides a springboard for organizations to adopt technologies like robotic process automation
or AI-enhanced process conformance checking, to further automate process transformation. It is the
foundational capability for continuous data-driven digital transformation and complex ecosystem
Process Mining in an Information Warfare Context
DoD and national security agency analysts may employ process mining algorithms and get a process
map. At first, and with little development, process maps enable manual process analysis in the context
of political, cultural, societal, and infrastructure information operations. This methodology may be
greatly enhanced and scaled defensively across critical national infrastructures, integrated with NATO
partners, and weaponized.
© 2019 Copyright More Cowbell Unlimited, Inc.
Process mining may be adapted to assist world modeling groups understand how RC may be deployed to
attack their work. In such a way, they may anticipate and defend against such attacks. If they are better
able to communicate their research to policy makers, due to having anticipated and mitigated RC, their
research will be more effective, giving the United States a strategic advantage by reducing or at least
shaping future grey zone conflicts.
The authors assume there are groups within DoD and national security agencies which are attempting to
understand mega-models of culture and society. In a similar way, process mining may enhance the
understanding of RC and how it is used to attack their work, they will be better able to anticipate and
defend against such attacks, even if these models are separate from the World Models. If they are
better able to communicate their research to policy makers (due to have anticipated and mitigated RC)
their research will be more effective, giving the United States a strategic advantage by reducing or at
least shaping future conflicts.
In this section, methodologies for using process mining in an information warfare context are presented.
First, a novel process mining technique is described which may be prototyped with limited research and
development. Next, a future world of information warfare, enhanced with process mining, is described
which may be scaled assuming research and development resources are applied.
Possibilities with Limited Research and Development
Many types of log data may be mined potentially, providing both an insight into the human operations
of a target as well as machine decision making processes. Insights into human operations are useful in
social engineering attacks. Machine process insights are useful for identifying process weak points and
systems near capacity, which could be subjected to Distributed Denial-of-Service (DDoS) attacks or
attacks that closely simulate normal operations so as to avoid detection.
Importantly, event logs are process agnostic; nearly any data source which chronicles events is usable.
Thus, there are vast amounts of data suitable for process mining. These data may be obtained from
cybersecurity and related information system logs, Internet of Things networks, social media activity,
signals intelligence, human intelligence, political speeches, open literature from adversarial publications,
friendly and adversarial broadcasts, and perhaps dark web data and even numbers stations. These data
may be converted into natural language text, and then simple natural language programming (NLP)
techniques used to convert such text into timestamped event logs detailing processes. A list of most
common keywords, phrases, or verbs in the natural language text might provide a data-driven dataset of
common “operations” into which the NLP messages can be pigeonholed. Then, the resulting event logs
connecting each presumed operation with a timestamp may be mined for latent processes to provide
analysts with insights.
From a wide-variety of log data, Markov statistical models are derived from process signals using open
source academically-developed artificial intelligence software (Aalst 2016; van Dongen et al. 2005) as
well as more specialized, fully-automated proprietary solutions such as those provided by More Cowbell
Unlimited (Automated process discovery SaaS n.d.).
These Markov models can be re-interpreted trivially as “flat” Bayesian decision networks, and then
processed manually by human RC analysts in accordance with Novikov et al. (Novikov and Chkhartishvili
© 2019 Copyright More Cowbell Unlimited, Inc.
2014). Markov models, from which inferences may be made about information warfare activity, and
accompanying machine-readable BPMN process diagrams can theoretically be fed into fully automated
cyber attack software (which may or may not exist at the time of this writing) and weaponized at scale.
Scalable Possibilities with Research and Development
Scaling process mining capabilities in support of defensive and offensive information warfare is enabled
with better integration and log file data upgrades. At a minimum, government systems’ log data should
be configured intentionally for analysis and retained for periods of time adequate for analysis. Log file
metadata standardization to facilitate automatic parsing and follow-on analysis (e.g., XML Schemas and
related technologies) is increasingly becoming a recommended practice from the standpoint of Data
Governance and related issues, for example GDPR (Borlea 2017; Padmanabhan and Nguyen 2018;
Polikoff and Spivak 2017), although it is not strictly necessary for process mining. While metadata
standardization efforts may be practical for structured data (and potentially even mandated under
evolving data governance standards), artificial intelligence may be required to process unstructured
data. Although beyond the scope of this article, the recent effort to bring data governance and the
already “universal jurisdiction” GDPR EU regulation (General Data Protection Regulation 2019) to
California and the nation (Baraniuk 2018; Middleton 2018) is partially because GDPR-like regulations are
seen as anti-RC responses (Petro 2018). Consequently, investment in data standardization technologies
(including bleeding-edge data parsing AI) should also indirectly help anti-RC efforts through improved
data governance, and maybe increasingly required by emerging international, federal, and state
Natural human language is inherently an unstructured data format, but it is also a highly flexible format
consequently favored by evolution (Universal grammar 2019). Due to the expense of converting often
one-off unstructured data to structured data, most organizations hold perhaps the majority of their
information in unstructured formats such as emails, chat messages, and spoken communication formats.
Historically, such information would not be accessible to automated processing, but recent advances in
Artificial Intelligence have made such information more reliably machine-parseable (Schneider 2016;
Welsh 2018). Natural language communications like emails and radio messages can naturally be thought
of as event logs with appropriate AI pre-processing.
Data-governance efforts, meta-data systematization, unstructured data AI technologies, NLP, and
related technologies obviously have many benefits far beyond process mining. From a purely process
mining perspective, these technologies may be deployed to ingest, understand, and transform data from
disparate systems, at scale, and run the data through continuously monitored process mining
applications. These bleeding-edge, rapidly-evolving, but already partially existing pre-process-mining AI
technologies (Schneider 2016; Welsh 2018) and ongoing data parsing standardization efforts (Borlea
2017; Polikoff and Spivak 2017) potentially enable defensive process mining at scale across United
States critical infrastructures to detect and communicate vulnerabilities. Over time, post-process mining
AI and human process analysts armed with process mining AI may further automate the discovery of
process-related vulnerabilities, prioritize these vulnerabilities, and suggest mitigation efforts.
The authors envision an information warfare future with process mining constantly probing for
weaknesses--both defensively and offensively--and suggesting appropriate actions. For example, world
or national or regional mega-models of society, culture, and politics may be interrogated with NLP
© 2019 Copyright More Cowbell Unlimited, Inc.
process mining algorithms designed to understand where human soft target vulnerabilities exist or
where active RC attacks are evident. Imagine a future command post that displays suspected
contradictory information campaigns, such as those used to influence recent elections via psychological
microtargeting (BBC 2018), and counters them by alerting victims or temporarily degrades ad
personalization. Such real time analyses suggest to analysts and leaders where to focus mitigation
efforts. On the offensive, derived models of adversaries’ societies and political landscapes may be
probed for weaknesses as well and suggest information vectors which exploit those weaknesses.
Use Cases in an Information Warfare Context
“If you know the enemy and know yourself, you need not fear the result of a hundred battles.” (Tzu and
Griffith 1964)
In this section, several use cases are described for DoD and adjacent national security agencies as well as
for other critical infrastructures, and world modeling efforts. As this technology matures and gets
proved, many more use cases will become evident.
In keeping with lessons learned from the literature review, America and the West should seriously
consider numerous and diverse RC defensive prototypes in order to assess the national value. Assuming
the value is evident, the next step is to develop methods to scale the technique horizontally across
critical infrastructures and NATO partners and vertically from the strategic to tactical levels, as well.
Red Team Projects
An extremely valuable project, which would also double as a proof of concept, would be to “Red Team”
the United States from the perspective of Russia or China looking specifically for process vulnerabilities.
“Red Team” projects are intensive self-examinations from an adversary’s perspective.
A number of experts caution the West against purely copying Russia in developing RC as an offensive
capability, as it could be harmful to democratic society (Bagge 2019). However, United States scholars
urge increased understanding of RC techniques on purely defensive grounds (Bagge 2019; Chotikul 1986;
Thomas 2004). Red Teams are a well-known technique to build up defensive capabilities by having
friendly forces simulate enemy tactics to discover weaknesses (Zenko 2015).
Cybersecurity, in particular, is an area where both Red Team and event log collection strategies are
well-known (Diogenes and Ozkaya 2018), the latter being especially ripe for process mining technologies
(Huynh and Le 2012). One immediate application for process mining in cybersecurity applications is thus
for Red Teams to mine target log data in preparation for attacks. To the authors’ knowledge, this
low-hanging cybersecurity strategy is rarely mentioned in textbooks -- even when Red Team techniques
and (computer) process log monitoring techniques are mentioned side-by-side.
Many types of log data can potentially be mined by Red Team cyber security analysts, perhaps starting
with the stipulation that the attacking Red Team has an internal mole providing such logs, providing
both an insight into the human operations of a target as well as machine decision making processes.
Process mining also has uses for Blue Team cyber security defenders, such as potentially connecting
disparate attack vectors in cyber security attack logs, but such defensive use of process mining is
somewhat more widely known (Huynh and Le 2012; Mishra, Sivasubramanian, and Jeevanandham 2017;
Schut 2014) and does not directly involve RC.
© 2019 Copyright More Cowbell Unlimited, Inc.
The Red Team could also feign a series of attacks or otherwise provoke the adversary (such as with noisy
“kiddie scripts” or DDoS attacks in a cybersecurity context) and then mine the resulting mole-obtained
email messages to learn the enemy’s response patterns. Valuable insights, such as typical alerting and
response times, might be gleaned from process mining of adversarial responses to feigned attacks. Even
if the adversary follows strict email-silence in discussing cyber security matters, email or other
communications logs (including signals intelligence) might still detect adversarial responses in the form
of canceled meetings or other unusual activity patterns that could provide insights into otherwise
hidden attack detection and response by the adversary.
Enemy-obtained email messages with follow-on RC effects have been the subject of much recent press
coverage, and thus a legitimate Red Team anti-RC starting assumption (2016 Democratic National
Committee email leak 2019). Along these lines, the authors recently completed a prototype using Enron
emails from the 2001 to 2002 time period (Enron Email Dataset 2015). After creating some simple NLP
classifiers, process mining results derived from various segments of the Enron emails yield logical post
financial corporation patterns. Though these results are preliminary, the authors assert that this
approach contains much promise for process mining all natural language and unstructured data records
(refer to previously discussed unstructured data process mining possibilities).
As described earlier, Red Team attackers may derive Markov statistical models of target operations and
feed them into cyber attack software to understand vulnerabilities through a new lens or process mine
the information manually to gain insights.
In another example, which does not assume an internal mole, adversarial radio communications might
be converted into natural language text and mined as described earlier to suggest adversarial processes
providing the Red Team analyst with insights on how common operations are typically sequenced
together in time by the adversary.
Nearly any natural language communication stream susceptible to adversarial modulation via Red Team
provocations can be process mined this way. Consequently, Red Team process mining methodology is
not limited to emails or cybersecurity, but to nearly any sphere of human activity from which event data
can somehow be obtained. Nor is process mining limited to the human sphere, for, as previously noted,
machine operations and decision processes can also be mined and subjected to Red Team analysis.
World Modeling Meta Analysis
Soviet-era RC theory anticipated both (or multiple) adversaries in a conflict simultaneously using RC on
each other, requiring mathematical analysis of multiple iterations (or recursions) of RC (Novikov and
Chkhartishvili 2014). As previously noted, World Modelers discovered an apparently organized
resistance to their modeling efforts (and the conclusion drawn from them); while in the West they did
not generally appear to recognize this as involving RC, the effect was often significant enough to require
inclusion in their modeling as “Resistance to Change” (The World Change Model n.d.).
World modelers could use the process mining analysis techniques to extract Markov/Bayesian process
terms for RC and Meta-RC after the mathematical framework established by Novikov (Novikov and
Chkhartishvili 2014). These terms can then, in turn, help estimate “Resistance to Change” terms in World
Models. Since “Resistance to Change” terms appear to be harmful on a global scale (by mitigating or
dampening otherwise appropriate reactions to world modeling results, such as apparent RC-inspired
© 2019 Copyright More Cowbell Unlimited, Inc.
anti-environmentalism as previously discussed), a more sophisticated model of these terms in world
models may also reveal how to influence or dampen “Resistance to Change.” This type of world
modeling in itself would be the kind of Meta-RC modeling unfortunately already anticipated by Novikov
(Novikov and Chkhartishvili 2014). Understanding these RC operations using a process lens will provide
valuable intelligence about the mindset of our adversaries and how/why they are attempting to
discredit potentially extremely valuable projects.
At any rate, modeling of hostile RC operations would enable better “resistance to change” parameter
estimates in world models.
Defending Financial Markets
Understanding United States financial markets, a critical national infrastructure, through a process lens
would be very useful to help steel this infrastructure from RC attacks. Per the President’s Management
Agenda, “shifting From Low-Value to High-Value Work” is a major priority (President’s Management
Agenda n.d.). Assessing at scale and mitigating critical infrastructures vulnerabilities is arguably a
high-value activity.
The 2008 financial crisis prompted DoD to sponsor wargames simulating an adversarial attack on
financial markets (Javers 2009). Regulatory agencies also responded to the financial crisis by further
increasing the already vast amounts of data collected from firms (FINRA 2010).
Regulatory agencies like FINRA process enormous amounts of data each day (Chen 2018; FINRA 2018b)
to provide “market surveillance” to mitigate (and simulate) financial risks (Cook 2017; FINRA 2018a)
including risks to national security. This market process surveillance can help the United States
understand process vulnerabilities which are susceptible to cyber RC attack (as well as facilitate
regulatory agency’s normal attempts at understanding the behavior of otherwise often secretive market
participants). Vast daily regulatory filing data (Chen 2018; FINRA 2018b) should provide more than
sufficient data for process mining to allow both regulators and DoD to help protect the nation’s financial
This technique has the added benefit in that it is non-intrusive to sector operations.
Defending Other Critical Infrastructures
Other industries critical to national security provide regulators with enormous continuous data feeds
(FERC 2016; IEEE Smart Grid Big Data Analytics 2017; Smart grid in the United States 2018) that are likely
amenable to process mining techniques, similar to the technique described for Financial Markets. The
Department of Homeland Security names sixteen critical infrastructure sectors whose assets, systems,
and networks -- whether physical or virtual -- are considered so vital to the United States that their
incapacitation or destruction would have a debilitating effect on security, national economic security,
national public health or safety.
Energy, banking, chemical, transportation, vital human services, and telecommunications, plus others
are all critical infrastructures which may be examined and protected, as described above for financial
© 2019 Copyright More Cowbell Unlimited, Inc.
Process mining may be scaled across these critical infrastructures, auto-surface process-related
vulnerabilities, and prioritize mitigation efforts. For starters, an analysis of sector regulatory documents
would likely discover vulnerabilities which were not known previously or would help prioritize
vulnerability mitigation efforts. Another analysis technique may transmit or stream system log data via
secure transfer protocols to classified cloud process mining environments for understanding, again at
scale, machine-related information vulnerabilities. IT systems which are near capacity are especially
susceptible to DDoS attacks or attacks that closely simulate normal operations; machine nodes which
receive information from outside sources are also susceptible to attack.
As with the financial services sector use case, these cloud-based machine information warfare
vulnerability detection techniques are non-intrusive across sector operations.
Interacting with Computer Social Models
The authors hypothesize that process mining algorithms may interact meaningfully with computer
models of society, culture, and politics, including world models. As previously discussed, process mining
AI may be used both to generate de novo
agent- and equation-based models, as well as help validate
and verify existing models and model parameters. In this way, process mining may be adapted to
understand social or cultural “contours” (seams, gaps), either by automatically generating new
computer models, or by helping to improve already existing social models, and then using previously
discussed techniques to probe these models for vulnerabilities.
In combination with larger modeling projects, process mining and the resulting social models may thus
be adapted to derive or infer conceptual avatars or archetypes in a data-driven fashion which describe
segments of society. Using ontologies associated with events extracted from data feeds or model
outputs, societal avatars emerge which, understood in an information warfare context, offer clues about
social strengths, vulnerabilities, and propensities. “Microtargeting” may be one example where such
automatic classification of society into different psychological strata has already been weaponized by
United States adversaries (Watson 2017). In a defensive posture, understanding this information and
how adversaries might use it may help protect against attack.
If valid as a cross-cultural feature of humanity, universal archetypes are especially useful in an
information warfare context. Menus of exploitation vectors, customized by universal archetype, are
possible theoretically which will have expectable effects when applied against segments of society
where an archetype is derived with applied process mining.
If, on the other hand, archetypes are not taken seriously, then the authors assert there are data-driven
methods to “let the data talk” and reveal meaningful descriptions of populations at scale. Data-driven
narratives may be constructed which describe segments of populations. Generalized themes from
which latent societal phobias, likes, and incentives may be inferred using computer models generated or
tweaked from process mining data. As process mining can also be applied to newly evolving artificial
intelligent machine behaviors, or hybrid machine-human societies like the Internet, the generalized
behaviors mined need not be limited to traditional or currently existing human societies which tend to
be bounded by geography.
© 2019 Copyright More Cowbell Unlimited, Inc.
The Cold War never ended--especially when examined using an information warfare lens.
The United States is not the world leader in information warfare. Russia is, and China is likely expending
significant resources to improve their information warfare capabilities. Moreover, these competitors do
not appear constrained by the same ethics adopted by the West.
America and the West should seriously and quickly consider numerous, diverse, and creative RC
defensive prototypes in order to assess the national value. For example, the authors demonstrated an
NLP process mining technique with results that warrant additional investigation. Furthermore, we
provided non-intrusive, scalable vulnerability assessment and persistent classified cloud-based
monitoring methodologies using process mining for critical infrastructures. Assuming national security
value is evident, the next step is to develop methods to test and scale these and other techniques
horizontally across critical infrastructures and vertically from the strategic to tactical levels, as well.
The United States has an opportunity to dominate this information space. However, this opportunity is
fleeting and should not be taken for granted. DoD and adjacent national security organizations require
sufficient runway to establish a strategic process dominance capability with sophisticated process
analytics woven into prioritized systems. Although the United States is thought to lead in many other
areas of artificial intelligence research (Knight 2017), it should be noted that the current world leader in
process mining artificial intelligence today is thought to be the Netherlands (What is the best software
for process mining? - Quora n.d.)--one reason that process mining artificial intelligence may still be
unfamiliar to some United States policy makers.
Defensively, a fully developed process mining capability constantly identifies vulnerabilities, presents
improvement options, and potentially resolves them autonomously with AI. Offensively, perception
management campaigns enhanced with process mining inform information warfare maneuver at the
strategic and operational levels of conflict. For unified combatant commanders, this means meeting the
enemy on the cyber battlefield and gaining decisive advantage on kinetic battlefields.
Process mining and process analytics are relatively new fields which are rapidly evolving. DoD must
deploy these capabilities creatively and aggressively across the enterprise. Process Dominance is a
critical capability for staying ahead of the enemy across today’s diverse kinetic and non-kinetic battle
landscapes and out-pacing adversaries in strategic areas of interest such as industrialized space and in
the information domain.
The authors are grateful to XXXX, and YYYY, etc for their comments and suggestions.
“A New National Security Strategy for a New Era.” 2017. The White House
. (February 20,
Aalst, Wil M. P. van der. 2016. Process Mining: Data Science in Action
. 2nd ed. 2016 edition. New York,
NY: Springer.
© 2019 Copyright More Cowbell Unlimited, Inc.
Acculation. 2014. “Singularity Might Not Happen: Predictive Apocalypse Analytics.” Acculation
. (February 22,
“Agent-Based Model.” 2019. Wikipedia
. (February
22, 2019).
“Analytical Models.” Mathematical and Statistical Models
. (February 22, 2019).
“Anti-Environmentalism.” 2019. Wikipedia
(February 19, 2019).
arXiv, Emerging Technology from the. 2018a. “Data Mining Has Revealed Previously Unknown Russian
Twitter Troll Campaigns.” MIT Technology Review
ussian-twitter-troll-campaigns/ (February 19, 2019).
———. 2018b. “The Tricks Propagandists Use to Beat Science.” MIT Technology Review
(February 22, 2019).
“Automated Process Discovery SaaS.” More Cowbell Unlimited
. (February 20, 2019).
Bagge, Daniel. 2019. Unmasking Maskirovka: Russia’s Cyber Influence Operations
. Defense Press.
Baraniuk, Chris. 2018. “Apple Boss - ‘Personal Data Is Weaponised.’” (February 22, 2019).
BBC. 2018. “Targeted Pro-Brexit Facebook Ads Revealed.” BBC
. (February 22, 2019).
Borlea, Tudor. 2017. “12 Steps to GDPR Compliance (and How a Data Governance Platform Can Help).”
latform-can-help/ (February 22, 2019).
Bourguignon, Jean-Pierre. 2018. “Scientists Can Lead the Fight against Fake News.” World Economic
(February 22, 2019).
Bricker, Darrell, and John Ibbitson. 2019. Empty Planet: The Shock of Global Population Decline
. New
York: Crown.
“Business Process Simulation Modeling Software BP Simulator.” (February 19, 2019).
Carrington, Damian. 2019. “Plummeting Insect Numbers ‘Threaten Collapse of Nature.’” The Guardian
n-collapse-of-nature (February 22, 2019).
Chakrabarti, Meghna. 2019. “The Road To 10 Billion: Where Is Global Population Actually Headed?” On
hn-ibbitson-darrell-bricker (February 22, 2019).
Chen, James. 2018. “Order Audit Trail System - OATS.” Investopedia
. (February 20, 2019).
Chotikul, Diane. 1986. The Soviet Theory of Reflexive Control in Historical and Psychocultural Perspective:
© 2019 Copyright More Cowbell Unlimited, Inc.
Preliminary Study.
Monterey, California: Naval Postgraduate School.
(February 19, 2019).
Cline, Eric H. 2015. 1177 B.C.: The Year Civilization Collapsed
. Revised edition. Princeton University Press.
Company, Rand McNally and. 1979. Our Magnificent Earth
. First Edition edition. New York: London:
Rand McNally.
Conte, Rosaria, and Mario Paolucci. 2014. “On Agent-Based Modeling and Computational Social
Science.” Frontiers in Psychology
5. (February 22, 2019).
Cook, Robert. 2017. “Equity Market Surveillance Today and the Path Ahead | FINRA.Org.”
-ahead (February 20, 2019).
Diogenes, Yuri, and Erdal Ozkaya. 2018. Cybersecurity – Attack and Defense Strategies: Infrastructure
Security with Red Team and Blue Team Tactics
. Birmingham, UK: Packt Publishing.
van Dongen, B. F. et al. 2005. “The ProM Framework: A New Era in Process Mining Tool Support.” In
Applications and Theory of Petri Nets 2005
, Lecture Notes in Computer Science, eds. Gianfranco
Ciardo and Philippe Darondeau. Springer Berlin Heidelberg, 444–54.
“Enron Email Dataset.” 2015. (March 12, 2019).
Eustachewich, Lia. 2019. “Russian Trolls Blamed for Spreading Anti-Vaccination Propaganda.” New York
da/ (February 22, 2019).
FERC. 2016. “FERC: Industries - Smart Grid.” (February 20, 2019).
FINRA. 2010. “SR-FINRA-2010-044 | FINRA.Org.” (February 20, 2019).
———. 2018a. 13 13: How the Cloud and Machine Learning Have Transformed Market Surveillance |
Episode 13
. (February 20, 2019).
———. 2018b. “FINRA Handles Record Volume of Market Activity through First Six Months of 2018 |
st-six-months-2018 (February 20, 2019).
French, Thomas. 2018. “Sandman: A Cloud-Based Platform for Facilitating Scalable, Agile Agent-Based
Modelling.” Medium
le-agile-agent-based-modelling-bb73a4313b6d (February 22, 2019).
Friedman, Thomas L. 2018. “Opinion | Where American Politics Can Still Work: From the Bottom Up.”
The New York Times
(February 20, 2019).
Garvin, Wilford L. 2017. “Reflexive Control in Operational Art: Designing Emergent Opportunity in the
Vicksburg Campaign.” School of Advanced Military Studies
: 58.
“General Data Protection Regulation.” 2019. Wikipedia
2135 (February 22, 2019).
Giles, Kier, Anthony Seaboyer, and James Sherr. 2018. “Russian Reflexive Control.” ResearchGate
. (February 19,
© 2019 Copyright More Cowbell Unlimited, Inc.
“Global Warming Conspiracy Theory.” 2019. Wikipedia
721 (February 19, 2019).
Goertz, Gary. 2007. “Agent-Based Modeling and Complexity.”
Hansen, William G. 2013. “Influence: Theory and Practice.” Naval Postgraduate School
: 327.
Hinkes-Jones, Llewellyn. 2012. “The Anti-Environmentalist Roots of the Agenda 21 Conspiracy Theory.”
piracy-theory/3091/ (February 19, 2019).
“Horseshoe Theory.” 2019. Wikipedia
. (February 22,
Howell, Elizabeth. 2017. “25 Space Conspiracies That Just Won’t Die.”
. (February 22, 2019).
Hunter, Elizabeth, Brian Mac Namee, and John D. Kelleher. 2018. “A Comparison of Agent-Based Models
and Equation Based Models for Infectious Disease Epidemiology.” In AICS
Huynh, Viet H., and An N. T. Le. 2012. “Process Mining and Security: Visualization in Database Intrusion
Detection.” In Intelligence and Security Informatics
, Lecture Notes in Computer Science, eds.
Michael Chau, G. Alan Wang, Wei Thoo Yue, and Hsinchun Chen. Springer Berlin Heidelberg,
IEEE Smart Grid Big Data Analytics. 2017. “Big Data Analytics in the Smart Grid - IEEE Smart Grid.”
(February 20, 2019).
Jacovkis, Pablo, and Rodrigo Castro. 2015. “Computer-Based Global Models: From Early Experiences to
Complex Systems.” Journal of Artificial Societies and Social Simulation
18(1): 13.
Jaitner, Margarita. 2016. “Applying Principles of Reflexive Control in Information and Cyber Operations.”
ol_in_Information_and_Cyber_Operations (February 19, 2019).
Javers, Eamon. 2009. “Pentagon Preps for Economic Warfare.” POLITICO
. (February 20, 2019).
Jimenez, Jose-Fernando, Gabriel Zambrano-Rey, Santiago Aguirre, and Damien Trentesaux. 2018. “Using
Process-Mining for Understating the Emergence of Self-Organizing Manufacturing Systems.”
51(11): 1618–23.
Kemp, Luke. 2019. “Are We on the Road to Civilisation Collapse?” BBC Future
(February 22, 2019).
Kennedy, Ryan, Xiaorong Xiang, Thomas Cosimano, and Leilani Arthurs. 2006. “Verification and
Validation of Agent-Based and Equation-Based Simulations: A Comparison | Request PDF.”
ased_and_Equation-based_Simulations_A_Comparison (February 22, 2019).
King, Francis. 2018. “Reflexive Control and Disinformation in Putin’s Wars.” : 40.
© 2019 Copyright More Cowbell Unlimited, Inc.
Knight, Will. 2017. “The U.S. Leads in Artificial Intelligence, but for How Long? - MIT Technology Review.”
w-long/ (February 20, 2019).
Kolbert, Elizabeth. 2014. The Sixth Extinction: An Unnatural History
. 1st edition. New York: Henry Holt
and Co.
Mattis, Jim. 2018. “Summary of the 2018 National Defense Strategy.” : 14.
McKenzie, Jay. 2017. “Understanding Provokatsiya: Alt-Right in Cahoots with Alt-Left ‘Resistors.’”
eft-resistors-e7db70612ab4 (February 22, 2019).
Meadows, Donella H. 1972. Limits to Growth
. First, 8th printing edition. Signet.
Meadows, Donella H., Jorgen Randers, and Dennis L. Meadows. 2004. Limits to Growth: The 30-Year
. 3 edition. White River Junction, Vt: Chelsea Green Publishing.
Middleton, Chris. 2018. “California Passes Landmark Data Privacy Act. GDPR for USA?” Internet of
(February 22, 2019).
Mishra, Ved Prakash, Yogeshwaran Sivasubramanian, and Subheshree Jeevanandham. 2017. “Detecting
Attacks Using Big Data with Process Mining.” International Journal of System Modeling and
2(2): 5.
Murphy, Jack. 2018. “Russian Reflexive Control Is Subverting the American Political Landscape.”
ndscape/ (February 20, 2019).
Novikov, Dmitry A., and Alexander G. Chkhartishvili. 2014. Reflexion and Control
: Mathematical Models
CRC Press. (February 20, 2019).
NPR, On Point-. 2019. “‘They Have Made Projections for Decades and Those Projections Have Turned
out to Be Quite Accurate,’ John Bongaarts of @Pop_Council Says about the United Nations.
‘Their Best Guess Is That It Will Be 11 Billion.’” @OnPointRadio
. (February 22, 2019).
Padmanabhan, Aroop, and Tiffany Nguyen. 2018. “Big Data Governance - Metadata Is the Key.”
a-is-the-key/a/d-id/1333358 (February 22, 2019).
“Perspectives on Limits to Growth: Challenges to Building a Sustainable Planet.” 2012.
Petro, Greg. 2018. “Facebook’s Scandal And GDPR Are Creating New Opportunities For Retail.” Forbes
-new-opportunities-for-retail/ (February 22, 2019).
Polikoff, Irene, and Jack Spivak. 2017. “Metadata Management Is Key to Data Governance Initiatives.”
ment-in-edg/ (February 22, 2019).
“President’s Management Agenda.” (February 21,
Rothman, Noah. 2018. “Over-Population: The Malthusian Myth That Refuses to Die: A Dangerous Idea
Makes a Comeback.” Commentary
/ (February 22, 2019).
© 2019 Copyright More Cowbell Unlimited, Inc.
Rotman, David. 2019. “AI Is Reinventing the Way We Invent.” MIT Technology Review
. (February
22, 2019).
Schneider, Christie. 2016. “The Biggest Data Challenges That You Might Not Even Know You Have.”
(February 22, 2019).
Schut, Martijn. 2014. “Cyber Process Mining Ag Intelligence.” (February 20, 2019).
Section 809 Panel. “Section 809 Panel – Streamlining & Codifying Acquisition.” (February 19, 2019).
Siegel, Ethan. 2017. “Why Exploring Space And Investing In Research Is Non-Negotiable.” Forbes
ting-in-science-is-non-negotiable/#2a183a171647 (February 22, 2019).
“Smart Grid in the United States.” 2018. Wikipedia
0 (February 20, 2019).
“Sociocultural Evolution.” 2019. Wikipedia
(February 22, 2019).
Strombert, Joseph. 2000. “The Old Cause by Joseph Stromberg.” (February 22, 2019).
Sussex, University Of. 1973. Models of Doom: A Critique of the Limits to Growth
. 1st edition. eds. H. S. D.
Cole and K. L. R. Pavitt. New York: Universe Pub.
Szimanski, Fernando, Célia G. Ralha, Gerd Wagner, and Diogo R. Ferreira. 2013. “Improving Business
Process Models with Agent-Based Simulation and Process Mining.” In Enterprise,
Business-Process and Information Systems Modeling
, Lecture Notes in Business Information
Processing, eds. Selmin Nurcan et al. Springer Berlin Heidelberg, 124–38.
Tainter, Joseph A. 1988. Collapse of Complex Societies 1ed
. Reprint edition. Cambridge: Cambridge
University Press.
Taylor, S. J. E. et al. 2014. “A Tutorial on Cloud Computing for Agent-Based Modeling Amp; Simulation
with Repast.” In Proceedings of the Winter Simulation Conference 2014
, , 192–206.
“The Club Of Rome.” 2018. Knowledge Fight
. (February 19,
“The Limits to Growth.” 2019. Wikipedia
(February 19, 2019).
“The Limits to Growth Criticism Section.” 2019. Wikipedia
(February 20, 2019).
“The World Change Model.” (February 19,
“The World3 Model: A Detailed World Forecaster | Insight Maker.”
(February 19, 2019).
© 2019 Copyright More Cowbell Unlimited, Inc.
Thomas, Timothy. 2004. “Russia’s Reflexive Control Theory and the Military.” The Journal of Slavic
Military Studies
17(2): 237–56.
———. 2017. “Statement by Mr. Timothy L. Thomas, Senior Analysts, Foreign Military Studies Office,
Fort Leavenworth, KS, before the House Armed Services Committee on Emerging Threats and
Turner, G. 2008. “A Comparison of The Limits to Growth with 30 Years of Reality.” Global Environmental
18(3): 397–411.
Turner, Graham, and Cathy Alexander. 2014. “Limits to Growth Was Right. New Research Shows We’re
Nearing Collapse | Cathy Alexander and Graham Turner.” The Guardian
search-shows-were-nearing-collapse (February 19, 2019).
Tzu, Sun, and Samuel Griffith. 1964. The Art of War
. Oxford: Clarendon Press.
“Universal Grammar.” 2019. Wikipedia
. (February
22, 2019).
University of Cambridge. 2017. “Presenting Facts as ‘consensus’ Bridges Conservative-Liberal Divide over
Climate Change.” ScienceDaily
. (February 22, 2019).
Wall, Mike. 2013. “What 11 Billion People Mean for Space Travel.” Live Science
. (February 22, 2019).
Watson, Sara. 2017. “Perspective | Russia’s Facebook Ads Show How Internet Microtargeting Can Be
Weaponized.” Washington Post
show-how-internet-microtargeting-can-be-weaponized/ (February 22, 2019).
Welsh, Alex. 2018. “Unstructured Content: An Untapped Fuel Source for AI and Machine Learning.” SD
(February 22, 2019).
West, Geoffrey. 2011. The Surprising Math of Cities and Corporations
nguage=en (February 22, 2019).
———. 2018. Scale: The Universal Laws of Life, Growth, and Death in Organisms, Cities, and Companies
Reprint edition. New York: Penguin Books.
“What Is the Best Software for Process Mining? - Quora.” (February 19, 2019).
“World3.” 2019. Wikipedia
(February 19, 2019).
Yoder, Kate. 2018. “Russian Trolls Shared Some Truly Terrible Climate Change Memes.” Grist
(February 19, 2019).
Zenko, Micah. 2015. Red Team: How to Succeed By Thinking Like the Enemy
. 1 edition. New York: Basic
Онлайн Симулятор Бизнес-Процессов БП
Симулятор.” (February 20, 2019).
© 2019 Copyright More Cowbell Unlimited, Inc.
... For instance, Russia sowed confusion and distrust during the 2016 United States Presidential election quite effectively with high volume and multi-channel (Paul and Matthews 2016) micro-targeted information and disinformation campaigns (Mueller 2019). Russia's highly analytical information warfare (IW) technique combines models of decision-making processes with information attack vectors designed to exploit process weaknesses--meticulously introducing into human or machine processes data which incline the adversary toward taking an action that favors the attacker (Chotikul 1986;Thomas 2004;Bicknell and Krebs 2019). As of 2017, domain scholars observe that technologies exist for scaling IW attack manually; the next stage of IW technology development is to automate it (Paul and Matthews 2016;Waltzman 2017). ...
... There are many ways to harness AI in an offensive capacity to commit warfare. For example, derived models of adversaries' societies and political landscapes may be probed for weaknesses and suggest information vectors which exploit those weaknesses (Bicknell and Krebs 2019). Additionally, convincing text "spambots" could lead to hard-to-stop torrents of realistic fake text information "too dangerous to release" into the public domain . ...
... Additionally, convincing text "spambots" could lead to hard-to-stop torrents of realistic fake text information "too dangerous to release" into the public domain . IBM's Project Debater has shown considerable progress in enabling machine intelligences to persuasively debate humans, unethical marketing micro-targeting in which AI is used in conjunction with advertising microtargeting to transmit otherwise contradictory marketing messages to unsuspecting recipients as was heavily covered in the media (Bicknell and Krebs 2019;Cambridge Analytica Scandal Raises New Ethical Questions About Microtargeting 2018;IBM Research AI -Project Debater 2018;Watson 2017). Recent concern about the potential use of AI "DeepFake" technology (DNI Worldwide Threat Assessment 2019) as a more advanced form of traditional propaganda video manipulation as seen in a recent viral fake video of United States House Speaker Nancy Pelosi (Wait, is that video real? ...
Technical Report
Full-text available
The information age is a glorious dawning which promises hope, abundance, and solutions to vexing challenges. It has also turned every smart device into an information warfare attack vector delivery vehicle and the entire planetary ecosystem into a cognitive battlespace. The United States and its Allies are under information warfare attack at this very moment. Moreover, adversarial offensive cyber domain capabilities are likely to exceed abilities to defend critical infrastructure for at least another decade. This should be considered a chronic disease with no cure; however, it may be managed. This technical paper presents a holistic Information Warfare Defense Standard, which may be adopted by any organization or country to protect freedom and individual liberty. Authors' Note This technical paper is an apolitical analysis focused on a vivid national security concern-information warfare. Geopolitics, statecraft, and culture are timeworn information warfare battlefields. It is natural, therefore, that many examples used in this paper are culled from highly charged contemporaneous public discourse. These examples and other scenarios contained in the Appendix are intended to draw the reader's attention to events which are verified information warfare, could be information warfare, or contain technology which could be weaponized into information warfare attack vectors.
... It is a highly versatile technique with utility beyond corporate process improvement. For example, ISIS Terrorist bot-driven propaganda within Twitter data, which would otherwise be difficult to detect, were elucidated with a derived hidden Markov model (Bicknell and Krebs 2019b). Additionally, process models of email subject line data suggest ways information may be used as a maneuver element in a larger cyber or information operations kill chain against critical infrastructure firms (Bicknell and Krebs 2019c). ...
... For example, ISIS Terrorist bot-driven propaganda within Twitter data, which would otherwise be difficult to detect, were elucidated with a derived hidden Markov model (Bicknell and Krebs 2019b). Additionally, process models of email subject line data suggest ways information may be used as a maneuver element in a larger cyber or information operations kill chain against critical infrastructure firms (Bicknell and Krebs 2019c). ...
Full-text available
Objects in space from four different countries are examined from a process ecosystem perspective using explainable artificial intelligence. For all countries, objects tend to remain predominantly in the same process activity state. Process activity state transitions (movement between orbital characteristic descriptive bins) are observed, however, which suggests intentional maneuver, object degradation, or other ecosystem behaviors. Our temporal analysis based entirely on open-source data suggests quantitative differences in national behavior that are statistically significant under certain assumptions, and which support observations that describe maneuvering behavior differences as a geopolitical concern. We find that United States maneuver behavior is statistically distinguishable separately from both Russian and Chinese behavior to significant p-value within our dataset. Moreover, subsets of only a few months of our data were sufficient to detect statistically significant differences in these fleets’ behaviors. We also found evidence of serial correlation and hidden Markov states, and discuss simple techniques for detecting and mitigating serial correlation in the data. Future work is suggested which advances temporal space situational awareness.
... Since the 1960s, Russia has enhanced information warfare with systematic psychological understandings of adversary reflexive processes and continues honing the technique. Known as reflexive control (RC), this highly analytical method has roots in cybernetics and game theory (Chotikul 1986;Novikov & Chkhartishvili 2014;Bicknell & Krebs 2019e) and is a means of conveying to a partner or an opponent specially prepared information to incline him to voluntarily (or reflexively) make a predetermined decision desired by the initiator of the action (Thomas 2004). ...
Full-text available
Tremendous intelligence is contained within unstructured organizational data sources. Properly analysed, these data provide government and private organizations with actionable management and risk mitigation insights. Using explainable process technologies combined with natural language processing, a private critical infrastructure participant's organizational process model is discovered from semi-structured email data. Data derived from the process model are presented which elucidate internal operations. National security implications and future research needs are described.
Many think of processes as sequential, deliberate activities which sustain businesses and government agencies; employees integrate themselves into defined organizational processes. From an ecosystem vantage, however, emergent processes exist and are discoverable. Emergent ecosystems form without human intention and may be especially influenceable. If emergent organizational processes–especially critical infrastructure processes–were explicit, they may be exploited. Tremendous intelligence is contained within semi-structured and unstructured organizational data sources. Properly analyzed, these data provide government and private organizations with actionable management and risk mitigation insights. Using explainable process technologies combined with natural language processing, a private critical infrastructure participant’s organizational process model is discovered from semi-structured email data. Data derived from the process model are presented which elucidate internal operations and contribute to automated situational awareness of dynamically evolving events. National security implications and future research needs are described.
Full-text available
Detecting and elucidating botnets is an active area of research. Using explainable, highly scalable Apache Spark-based artificial intelligence, process mining technologies are presented which illuminate bot activity within terrorist Twitter data. A derived hidden Markov model suggests that bot logic uses information camouflage in order to disguise intentions similar to World War II Nazi propagandists and Soviet-era practitioners of information warfare enhanced with reflexive control. A future effort is presented which strings together best of breed techniques into a composite classification algorithm in order to improve continually the discovery of malicious accounts, understand cross-platform weaponized botnet dynamics, and model adversarial information warfare campaigns recursively.
Full-text available
Reflexive control (RC) is the term used to describe the practice of predetermining an adversary’s decision in your favor, by altering key factors in the adversary’s perception of the world. The term is primarily encountered in discussion of Russian techniques of information warfare.1 In this context, the practice represents a key asymmetric enabler to gain critical advantages, neutralizing the adversary’s strengths by causing him or her to choose courses of action that are damaging to the adversary and further Russian objectives. The first section of this report (pp. 5-27) examines a number of case studies that may be considered the successful application of principles of reflexive control by Russia. In order to do so, it first introduces theories of reflexive control as described in Russian and other foreign sources. It then breaks down these theories into key operational components, each of which can be observed in the case studies of successful implementation. This section also notes a number of false positives in the form of Russian actions that have been described elsewhere as reflexive control but which should not be considered as such because they do not display its key criteria and characteristics. Social media has vastly increased the ways RC can be applied, has reduced implementation costs, and offers better deniability of operations. The second section (pp. 28-42) discusses how social media is exploited for RC operations by Russia. The third section (pp. 43-48) looks at possible countermeasures to RC operations and summarizes a number of key themes and principles to help targets defend against potential future RC attempts. The report concludes with a section (pp. 48-52) on thoughts on the application of RC-like mechanisms by the CAF.
Full-text available
In current digital world, Security has become the major issue for the organization. Every day the amount of data is growing in the world. Processing and analyzing of the data is becoming the new challenge for the analyzers. For this purpose, big data is useful to process the high volume of data in less time. Current security tools like existing firewalls and Intrusion Detection Systems are still not able to detect and prevent the attacks and intrusions in full proof manner and giving many false alarms. Big Data analytics concept could be very useful for analyzing, detection and providing full security to the organization because of the ability of handling the large amount of data. In this paper, we have described the concept and the roll of big data. We have also proposed a model using process mining to generate the alerts in the case of attacks. Index Terms— Big Data, Process Mining, Intrusion Detection System, Logs.
Full-text available
According to Russian methodologies, the theory of Reflexive Control (RC) allows an initiator to induce an adversary to take a decision advantageous to the initiator through information manipulation. The RC theory encompasses a methodology where specifically prepared information is conveyed to an adversary, which would lead that adversary to make a decision desired by the initiator. The methodology is generally understood by Russian planners to be applicable in a wide variety of situations, and is deeply rooted within Russian Information Warfare concepts. Because theory envelops the Russian understanding of information as both technical data and cognitive content, ‘information resources’ are understood as technological as well as human. In principle, a well-developed (global) cyberspace presents theorists and operators of RC and RC methodology with numerous possibilities to affect their adversaries. This paper explores ways in which RC can be exercised with the help of the cyberspace.
Full-text available
During the 1960s but mainly in the 1970s, large mathematical dynamic global models were implemented in computers to simulate the entire world, or large portions of it. Several different but interrelated subjects were considered simultaneously, and their variables evolved over time in an attempt to forecast the future, considering decades as time horizons. Global models continued to be developed while evidencing an increasing bias towards environmental aspects, or at least the public impact of models with such a focus became prevalent. In this paper we analyze the early evolution of computer-based global modeling and provide insights on less known pioneering works by South American modelers in the 1960s (Varsavsky and collaborators). We revisit relevant methodological aspects and discuss how they influenced different modeling endeavors. Finally, we overview how distinctive systemic approaches in global modeling evolved into the currently well-established discipline of complex systems.
Full-text available
This book is dedicated to modern approaches to mathematical modeling of reflexive processes in control. The authors consider reflexive games that describe the interaction of subjects (agents) making decisions based on an hierarchy of beliefs regarding (1) essential parameters (informational reflexion), (2) decision principles used by opponents (strategic reflexion), (3) beliefs about beliefs, and so on. Analyzing the behavior of phantom agents (existing in beliefs of other real or phantom agents) and the properties of informational and reflexive structures (reflecting the mutual awareness of real and phantom agents) enables suggesting informational and reflexive equilibria as solutions of corresponding games. The mentioned equilibria generalize a series of well-known equilibrium concepts in noncooperative games and models of collective behavior. The models of informational and strategic reflexion allow: - describing and studying the behavior of reflexing subjects; - investigating the relationship between payoffs gained by agents and their reflexion ranks; - posing and solving the problems of informational and reflexive control in organiza-tional, economic, social and other systems, in military applications, etc. (an interested reader would find in the book over 30 examples of possible applications in these fields); - describing uniformly many phenomena connected with reflexion, viz., implicit control, informational control via the mass media, reflexion in psychology, art works, etc. The present book is intended for experts in decision making and control of systems having interdisciplinary nature, as well as for undergraduates and postgraduates.
Self-organizing systems, a class of distributed systems, aim to maintain the purpose and intentions of the system regardless internal and external perturbations. These systems are composed of reconfigurable architectures and intelligent decisional entities that allow the achievement of both performance and reactivity needs. Beside other needed characteristics, such as modularity or customizability, the functioning of self-organizing systems is reliant on the degree of diagnosability during the system execution. An adequate diagnosis of the system dynamics allows the understanding the information contained and provides valuable input for the decision-making process. Process mining is a tool that permits identifying trends and patterns from event logs. This paper focuses on the use of process-mining for the diagnosis of a self-organizing manufacturing system. The approach is tested considering two self-organization rules based on the machine selection within a manufacturing environment. The approach was experimentally tested on a simulation model of a flexible manufacturing system. This exploratory research suggests that process-mining is a promising approach for the diagnosis of the behaviour of self-organizing systems.
In the first part of the paper, the field of Agent-Based Modelling (ABM) is discussed focusing on the role of generative theories, aiming at explaining phenomena by growing them. After a brief analysis of the major strengths of the field some crucial weaknesses are analysed. In particular, the generative power of ABM is found to have been underexploited, as the way back processes from the macroscopic effects of interaction to the modification of generating rules have been poorly investigated. In the second part of the paper, the renewal of interest for Computational Social Science (CSS) is focused upon, and several variants of it deductive, generative, and complex CSS, are identified and described. In the concluding remarks, an integrated variant, which takes after ABM, reconciling it with the quantitative one, is proposed as a fundamental requirement for a new program of the CSS.