PreprintPDF Available

A Process Mining Approach for Protecting Self-Organizing Critical Infrastructure Ecosystems

Preprints and early-stage research may not have been peer reviewed yet.


Self-organized ecosystems are found throughout the natural world, including critical infrastructure. Self-organized criticality is the tendency of some systems to naturally self-organize into critical states far from equilibrium and which are barely stable. Small changes or stimuli can result in cascading chain reactions which may have unwanted or devastating effects on economies or societies. Process technologies offer an expedient method for simulating self-organized critical infrastructure ecosystems, understanding criticality within these ecosystems, and adopting mitigation strategies analogous to controlled avalanches. Several case studies from broad domains present naturally occurring criticality as well deliberate ecosystem attacks designed to induce criticality or trigger catastrophic events.
(Submitted to the InfraGard National Journal on 10/20/2019)
A Process Mining Approach for Protecting Self-Organizing
Critical Infrastructure Ecosystems
John W. Bicknell, Jr.
CEO, More Cowbell Unlimited, Inc.
501 4th Street Unit 795, Lake Oswego OR 97034
Werner G. Krebs, Ph.D.
CEO, Acculation, Inc.
5482 Wilshire Blvd., #342, Los Angeles, CA 90036
Abstract: Self-organized ecosystems are found throughout the natural world, including
critical infrastructure. Self-organized criticality is the tendency of some systems to naturally
self-organize into critical states far from equilibrium and which are barely stable. Small
changes or stimuli can result in cascading chain reactions which may have unwanted or
devastating effects on economies or societies. Process technologies offer an expedient
method for simulating self-organized critical infrastructure ecosystems, understanding
criticality within these ecosystems, and adopting mitigation strategies analogous to controlled
avalanches. Several case studies from broad domains present naturally occurring criticality as
well deliberate ecosystem attacks designed to induce criticality or trigger catastrophic events.
Key Words: Critical Infrastructure, Process Mining, Self-organized criticality, Resilience
(Submitted to the InfraGard National Journal on 10/20/2019)
Critical infrastructures and the larger societies that sustain them are engaged in never-ending
internal and external competition, which creates the conditions for self-organized criticality.
By analogy to Lewis Carroll, the “Red Queen Hypothesis” (Valen 1973; “Red Queen
Hypothesis” 2019) suggests an explanation where these assets must constantly evolve merely
to stay competitive. Indeed, many specific types of critical infrastructure (Lewis 2010;
Dobson 2015) and geo-political dynamics, such as financial markets, power grids, public
health/hospital systems, nuclear energy systems, Internet activity, and strategic arms races
(“Red Queen Hypothesis” 2019) are known to exhibit aspects of self-organized criticality.
In this paper, critical infrastructure is described as vast, interconnected dissipative self-
organizing ecosystems. Next, process technologies utilizing petabyte scalable explainable
artificial intelligence (AI) (“Explainable Artificial Intelligence (XAI)” 2016; Gandhi 2019;
“AI Black Box Horror Stories – When Transparency Was Needed More than Ever” 2019) are
discussed which offer, potentially, a novel and expedient method for understanding these
ecosystems temporally. After that, a framework for policy planners is presented which
combines process mining and process simulations in order to mitigate and monitor critical
infrastructure vulnerabilities, along with some case studies.
Dissipative Ecosystems and Self-Organized Criticality
The Department of Homeland Security (DHS) is the United States’ agency responsible to
“provide strategic guidance, promote a national unity of effort, and coordinate the overall
Federal effort to promote the security and resilience of the Nation's critical infrastructure”
(“Presidential Policy Directive -- Critical Infrastructure Security and Resilience” 2013).
There are sixteen critical infrastructure sectors whose assets, systems, and networks--whether
physical or virtual--are considered so vital that their incapacitation or destruction would have
a debilitating effect on security, national economic security, national public health or safety,
or any combination thereof (“Critical Infrastructure Sectors” 2013). DHS operates at the
intersection of the Federal Government, state and local governments, the private sector,
international partners, law enforcement, intelligence, and defense communities--enabling
network defenders to “share technical information at machine speed (Manfra 2019).”
Many people think of processes as intentional groups of activities which serve profit seeking
businesses or mission driven government agencies. While this is true, order and complex
processes are self-organizing with no human intention (Whitehead 1979; Prigogine, Nicolis,
and Babloyantz 1972; Prigogine, Stengers, and Toffler 1984; Hidalgo 2015). Processes
underlie all complex naturally occurring phenomena; indeed, the Earth is a process
(Whitehead 1979). Humans have famously been defined as “complexes [of] processes (Fuller
1970).” Self-organizing ecosystems have defining dynamics and characteristics relevant to
critical infrastructure and homeland security.
Self-organizing systems emerge naturally from chaos--or ever increasing entropy (Prigogine,
Nicolis, and Babloyantz 1972). In order for self-organizing ecosystems to form and persist,
they feed continually off of the energy, matter, or information contained in the surrounding
environment while transferring information and disorder to the surrounding environment, as
For a comprehensive discussion about dissipative systems and self-organized criticality in a homeland
security and critical infrastructure context, the reader is referred to Dobson, “Entropy and Self-Organization
an Open System Approach to the Origins of Homeland Security Threats.”
(Submitted to the InfraGard National Journal on 10/20/2019)
well (Dobson 2015). They are called, aptly, dissipative systems. The idea of a dissipative
system is a foundational concept to understanding complex systems.
Self-organized criticality, another characteristic of dissipative systems, also has a major
impact on systems related to homeland security. Self-organized criticality is the natural
tendency of some systems to self-organize into a critical state far from equilibrium
(Prigogine, Nicolis, and Babloyantz 1972; Hidalgo 2015; Dobson 2015) and which are barely
stable (Bak, Tang, and Wiesenfeld 1987). Forest wildfires, power grids, the Internet, nuclear
energy systems, and financial systems all show self-organizing criticality. Small exogenous
additions to the ecosystem or changes within the ecosystem can result in cascading chain
reactions of different sizes (Kron and Grund 2009); however, ecosystem-level and node-level
measures of criticality enable monitoring and even control (Cajueiro and Andrade 2010).
Evolutionary studies of criticality suggest that complex systems compete with one another
and require increasing amounts of energy in order to gain or maintain advantage (“Red Queen
Hypothesis” 2019).
Self-organized criticality makes critical infrastructure vulnerable to both natural internal
fragility (Taleb 2014) and subtle hybrid warfare tactics such as weaponized interdependence
(Farrell and Newman 2019) in addition to other forms of cyber and information threats.
National security considerations dictate that policy planners adopt techniques to defuse self-
organized criticality by understanding these systems and adopting mitigating strategies, such
as solution analogues to controlled avalanches (Cajueiro and Andrade 2010; Lewis 2010;
“Avalanche Control” 2019) or hazard reduction burning in forests (“Controlled Burn” 2019).
Understanding these systems sufficiently to assess, quantify, and defuse criticality typically
requires sophisticated models and simulations.
In some critical infrastructure sectors, regulators already gather data to model these assets
(Cook 2017; Chen 2018; FINRA 2010; 2018a; 2018b; Bicknell and Krebs 2019b). For other
sectors, especially new or emerging types of critical infrastructure, such models either do not
exist, or at least are not widely-known to exist. Therefore, generalized techniques for rapidly
prototyping models and process simulations of critical infrastructure assets, especially
techniques that employ AI to reduce development costs, would appear to be needed.
Societies and the critical infrastructure which support them may be viewed through an
antagonistic co-evolutionary lens with relevance for homeland security and defense. All
aspects of critical infrastructure ecosystems may be modeled contextually and monitored
continually with temporal process technologies.
Process Technologies
Process technologies exist today which are an effective means to analyze time-domain
relationships. As Figure 1 suggests, process mining is inherently interdisciplinary--providing
additive capability to data scientists, process improvement experts, operations researchers,
organizational design practitioners, and national security analysts.
Process mining was conceived originally in a business context. Data science and management
science practitioners, Figure 1, use process mining to speed the discovery of business process
models while improving accuracy and preparing organizations for digital transformation
(Bicknell 2019). It is a highly versatile technique with vast utility beyond corporate process
improvement. Combined with other analytic disciplines such as game theory and complex
systems theory (again, Figure 1), process mining may inform critical infrastructure defense,
(Submitted to the InfraGard National Journal on 10/20/2019)
information warfare vulnerability detection, network fragility and resilience analysis,
geosurveillance, and many other domain analyses.
The goal of process mining is to turn event data into insights and actions (Aalst 2016).
Traditional process mining analyses use organizational enterprise resource planning system
logs to obtain event logs. For example, a talent hiring process might include the following
activities: Create Job Requisition; Post Job Announcement; Conduct Phone Screening;
Conduct Phone Interview; Conduct On-site Interview; Extend Offer; Accept Offer.
Process technologies elucidate ecosystem information flows, decision-making probabilities
and temporal measures. Machine-readable process outputs and models of complex natural
phenomena enable numerous applications. As the name implies, process mining AIs “mine”
data and surface (e.g. Markov or Bayesian) models of decision-making processes from
various input formats with no a priori knowledge. Process mining is also a human-
understandable, human-verifiable, and human-explainable AI, which is an increasingly
important consideration (“AI Black Box Horror Stories – When Transparency Was Needed
More than Ever” 2019) .
Structured system tables are suitable for process mining with relatively little pre-processing;
however, any structured, semi-structured, or unstructured data sources which chronicle events
is usable--cyber security logs, Internet of Things networks, satellite on-orbit characteristics,
hyperspectral imaging, social media data, etc. Three pieces of information are needed to
discover processes; additional features enrichen the analysis:
Case ID: An identifier that represents a specific execution of a process.
Activity: One of several steps performed within a process. For example, cyber exploit
attempts or corporate actions contained in regulatory documents.
Time Stamp: This orders the activities within each case and enables sophisticated
Figure 2 contains a trivial example where an event log is converted into a temporal process
model. Process cases 1 through 3 all contain the same activities, labeled “A” through “E.” In
Case 1, the activities happen in natural order. In Case 2, Activity “C” precedes “B.” Finally,
(Submitted to the InfraGard National Journal on 10/20/2019)
in Case 3, Activity “D” is repeated before concluding with Activity “E.” The discovered
process accounts for these process variations. Real world processes are significantly more
Process models are temporal representations of events organized by process case. Software
outputs may include machine-readable business process model notation (BPMN) diagrams,
various Markov transition probability matrices, descriptive statistics associated with the
process, capacity estimates for process activities, and distribution probabilities associated
with activity state arrival data.
Framework and Case Studies
This section presents a red team-like framework for policy planners plus some motivating use
cases. DHS and critical infrastructure analysts may use this technique to understand self-
organized criticality thresholds, infer vulnerabilities which may be exploited by clever
adversaries, and apply controlled avalanches which lessen catastrophic event likelihood. Red
Team projects are intensive self-examinations from an adversary’s perspective and are a well-
known technique to build up defensive capabilities by having friendly forces simulate enemy
tactics to discover weaknesses (Zenko 2015). Naturally self-organizing critical infrastructure
ecosystems interact dynamically in the borderless, interconnected environment of the
Information Age. The resiliency, security and defense challenge is, therefore, not limited to
State- and non-State actors; natural laws of physics may also be considered adversarial in the
context of critical infrastructure stability. Macro-level critical infrastructure red team analyses
model, simulate, and understand vulnerabilities and inform homeland security and defense
Process simulations of self-organizing criticality typically first require understanding of the
industrial process involved, such as through a BPMN process flow diagram (Bequette 2003;
“Process Simulation” 2017). Historically, such process flow diagrams were created through
extremely labor-intensive methods. However, today the explainable AI technique of process
mining can deduce process flow diagrams by analyzing event log data (Aalst 2016),
potentially greatly accelerating simulation development. Patent-pending implementations of
process mining combine Simple Queueing Theory with Monte Carlo simulations as well as
(Submitted to the InfraGard National Journal on 10/20/2019)
specialized data ingestion AI to enable detailed prototype simulations of complex industrial
processes to be automatically modeled and generated from event log data (Bicknell 2019;
Bicknell and Krebs 2019a; 2019b; 2019c; 2019d; Application 2019a; Application 2019b).
More Cowbell Unlimited’s process mining platform uses AI heuristic filters combined with
Simple Queueing Theory provide tools which allow users to conceptualize event logs as
various types of Markov models, including time-inhomogeneous, time-homogeneous, and
Continuous-Time Markov Chains (Bicknell and Krebs 2019d). Other researchers have
proposed Continuous Time Markov Chain and other Markov processes as models studying
for self-organizing criticality (Mao and Zhong 2007; Swart 2014). Statistics such as
relaxation times and range of time scales can be used to inspect the resulting rapidly-
prototyped models for self-organizing criticality-like behavior, such as a wide range of time-
spans for the different processes together with rapid relaxation times (Diamond and Zhang
2016). Thus, inspection of the standard statistics associated with time-homogenized Markov
matrices or Continuous Time Markov Chains can provide clues to identifying ecosystems
which are at or close to criticality. These various rapidly prototyped models can then be
further rapidly prototyped into automatically generated agent-based simulations and cellular
automata. Additional linkages between the automatically prototyped agent-based or cellular
automata models can then be manually added, as needed. When appropriate, with certain
types of self-organizing criticality, the individual cellular automata (or simulation agents)
have an associated geospatial interpretation, in which case real-world phenomena can
potentially be simulated and assigned GPS coordinates, indicating intervention points to
prevent criticality (such as controlled avalanches).
This framework may be deployed throughout critical infrastructure ecosystems and even as a
tool to understand social ecosystems.
Weaponized Interdependence Case Study
Weaponized interdependence of critical infrastructure networks is possible through economic
sanctions, trade policies, and reduced multilateral interstate negotiations (Farrell and
Newman 2019). States with political authority over the central nodes in the international
networked structures through which money, goods, and information travel are uniquely
positioned to impose costs on others. If they have appropriate domestic institutions, they can
weaponize networks to gather information or choke off economic and information flows,
discover and exploit vulnerabilities, compel policy change, and deter unwanted actions
(Farrell and Newman 2019).
To mitigate against weaponized interdependence, policy planners must first understand
critical global economic flows. Ideally, policy makers would use data-driven modeling and
simulation tools that can automatically update and keep pace with the ever-changing patterns
of the global economy. Process mining, and process simulation tools based off of process
mining, are one form of AI that can help automatically model global economic flows and
probe for weaponized interdependence.
Corporate Dynamics Case Study
Process models of email subject line data suggest ways information may be used as a
maneuver element in a larger cyber or information operations kill chain against critical
infrastructure firms (Bicknell and Krebs 2019d). Corporate email systems as a proxy for
corporate worker tasks have previously been studied as a model for self-organizing criticality
(Swart 2014). By virtue of their size and scope of operations, many Fortune 500 companies
(Submitted to the InfraGard National Journal on 10/20/2019)
and large corporations are considered critical infrastructure. The adversarial arms-race
between large corporations would suggest they exhibit naturally occurring self-organized
criticality. Customers depend on reliable services provided by large corporations, suggesting
self-organized criticality between these corporations and the large United States economy
(Sverdlik 2018; Daoudi 2019). For example, the failure of Enron severely undermined
investor confidence in United States regulators and markets, resulting in a market sell-off, as
well as the eventual failure of Arthur-Anderson, one of the former Big 5 Accounting firms
that play a vital role in auditing the United States markets (“Pub. No. GAO-03-864, Public
Accounting Firms: Mandated Study on Consolidation and Competition” 2003; McLean and
Elkind 2004; Cunningham 2006).
Tools that can help corporate managers, auditors, and regulators simulate corporate processes
as well as corporate interactions with the larger economy can potentially mitigate self-
organized criticality issues around large corporations and their global engagements. More
Cowbell Unlimited developed custom AI tools to ingest Enron email data to create process
models and process simulations (Bicknell and Krebs 2019d), a potential first step towards
understanding and mitigating corporate self-organized criticality.
Adversarial Propaganda Case Study
Information warfare detection and defense are active areas of process mining research
(Bicknell and Krebs 2019a; 2019b; 2019c). Complex feedback loops between social media
and critical infrastructure are already known. For example, some Wall Street algorithms trade
the financial markets based on Twitter sentiment or news items, which are, in turn, influenced
by those same financial markets (Sheridan et al. 2012; “Big Data Analytics: Articles, Movies,
Songs Robo-Written by Computer?” 2014). Tweets, “fake” or deceptive news items as well
as algorithmically-manipulative financial filings have been known to move markets (“SEC
Charges: False Tweets Sent Two Stocks Reeling in Market Manipulation” 2015; Carr 2013;
Arnoldi 2016).
Financial markets are a known example of critical infrastructure that displays self-organizing
criticality (Bak, Tang, and Wiesenfeld 1987; Cajueiro and Andrade 2010). Links between
social media and suspected adverse and potentially illicit influence on critical democratic
institutions have dominated mainstream media in recent years (Mueller 2019; “Russian
Active Measures Campaigns and Interference in the 2016 U.S. Election” 2019; Krasodomski-
Jones et al. 2019; Eustachewich 2019; Howard 2018). Both social media in general and
purveyors of adverse influence are believed to rapidly evolve their tactics, often themselves
employing AI (Waltzman 2017; Singer and Brooking 2018; Jones 2019). Automatically
generated process models and process simulation AI tools to both track illicit influence
operations as well as monitor the larger impact of potential criticality would seem to be
useful tools. Recently, More Cowbell Unlimited partnered with Texas A&M University to
add AI twitter propaganda monitoring capabilities to its cloud SaaS process mining
dashboard. ISIS Terrorist bot-driven propaganda, which would otherwise be difficult to
detect, latent within Twitter data were elucidated with a derived hidden Markov model
(Bicknell and Krebs 2019c).
Earth Pattern of Life Operations Case Study
AI is accelerating technological advancement (“Singularity University” n.d.), and in an
increasingly chaotic world AI tools should be used to rapidly prototype process simulations
that can defuse dangerous criticality. Process mining AI, and automated simulation
(Submitted to the InfraGard National Journal on 10/20/2019)
generation from process mining results, provide one form of rapid simulation prototyping
capability. Recently, More Cowbell Unlimited partnered with satellite AI provider
Spectrabotics to develop geospatial dashboards that ingest drone or satellite imagery, convert
them into event logs for process mining, automatically prototype simulations, and integrate
the resulting information into a geospatial dashboard to facilitate rapid action by on-the-
The Federal government and geo-intensive industries are using satellite data to monitor
critical infrastructure assets, including agriculture, oil pipelines, electrical grids, as well as
environmental conditions that may have a large scale impact (“Improve the Quality of Your
Crop” 2017; “Vegetation Clearances Automatically Analyzed Across a Power Line Network”
2018; “Large Data Aggregation from Small Satellites to Determine Patterns of Life
Modifications” 2019). Natural environments such as wildfire-prone areas and snow-packed
mountains are also known to exhibit dangerous self-organized criticality (Bak, Tang, and
Wiesenfeld 1987; Lewis 2010; Cajueiro and Andrade 2010; Dobson 2015). Simulations
informed by real-world data are one way to detect and find ways to defuse criticality. For
example, simulations of mountain snowpacks can be used to plan controlled avalanches.
Resiliency has many definitions which vary from one end of the spectrum as a system’s
ability to recover from a significant stressful event to the other end as a system’s ability to
adapt to ever-changing environments (Fisher 2015). This paper examined critical
infrastructures as dissipative ecosystems which exhibit self-organized criticality. Systems at
or near criticality may, with very little warning or perturbation, fail with chain reactions that
cascade throughout the system and even into adjacent ecosystems. This natural phenomenon
may be exacerbated in the Information Age as nation states compete for dominance.
Developing methods to understand self-organized criticality dynamics empirically and
dissipate energy in a controlled manner is important for critical infrastructure ecosystem
resiliency and protection from natural internal fragilities and deliberate attacks.
Process technologies are proving to be useful in a critical infrastructure and national security
context--especially for discovering emergent process ecosystems from semi-structured data.
Temporal process models offer an expedient method for simulating self-organized critical
infrastructure ecosystems in order to better understand criticality and mitigation strategies.
Future research should test the hypotheses presented in this paper with goals to induce
controlled avalanches in simulated ecosystems and dissipate energy as moderate sized events.
If successful, controlled avalanches--like controlled forestry burns--may reduce the likelihood
of large critical infrastructure catastrophes, improve resilience, and mitigate information-
related vulnerabilities.
The authors are grateful to Mary Lasky of the Johns Hopkins University Applied Physics
Laboratory for her invaluable comments on earlier versions of this article.
(Submitted to the InfraGard National Journal on 10/20/2019)
Aalst, Wil M. P. van der. 2016. Process Mining: Data Science in Action. 2nd ed. 2016
edition. New York, NY: Springer.
“AI Black Box Horror Stories – When Transparency Was Needed More than Ever.” 2019.
Open Data Science - Your News Source for AI, Machine Learning & More (blog).
October 2, 2019.
Arnoldi, Jakob. 2016. “Computer Algorithms, Market Manipulation and the
Institutionalization of High Frequency Trading.” Theory, Culture & Society 33 (1):
“Avalanche Control.” 2019. In Wikipedia.
Bak, Per, Chao Tang, and Kurt Wiesenfeld. 1987. “Self-Organized Criticality: An
Explanation of the 1/f Noise.” Physical Review Letters 59 (4): 38184.
Bequette, B. Wayne. 2003. Process Control: Modeling, Design and Simulation. 1 edition.
Upper Saddle River, N.J: Prentice Hall.
Bicknell, John W. 2019. “Process Mining Technologies.” ORMS Today 46 (5).
Bicknell, John W, and Werner G Krebs. 2019a. “Process Mining: The Missing Piece in
Information Warfare.” ResearchGate, February.
———. 2019b. “FOCAL Information Warfare Defense Standard.” ResearchGate, June.
———. 2019c. “Detecting Botnet Signals Using Process Mining.” Manuscript submitted for
———. 2019d. “Process Mining Organization Email Data and National Security
Implications.” Manuscript submitted for publication.
———. Application 2019a. Methods and Systems for Estimating Process Capacity. United
States, filed May 2, 2019.
———. Application 2019b. Methods and Systems for Inferring Behavior and Vulnerabilities
from Process Models. United States, filed June 13, 2019.
“Big Data Analytics: Articles, Movies, Songs Robo-Written by Computer?” 2014. Acculation
(blog). March 19, 2014.
Cajueiro, Daniel O., and R. F. S. Andrade. 2010. “Controlling Self-Organized Criticality in
Sandpile Models.” Physical Review E 81 (1): 015102.
Carr, David. 2013. “Using Twitter to Move the Markets.” The New York Times, October 6,
2013, sec. Business.
Chen, James. 2018. “Order Audit Trail System - OATS.” Investopedia. May 22, 2018.
“Controlled Burn.” 2019. In Wikipedia.
Cook, Robert. 2017. “Equity Market Surveillance Today and the Path Ahead | FINRA.Org.”
September 20, 2017.
(Submitted to the InfraGard National Journal on 10/20/2019)
“Critical Infrastructure Sectors.” 2013. Department of Homeland Security. March 5, 2013.
Cunningham, Lawrence. 2006. “Too Big to Fail: Moral Hazard in Auditing and the Need to
Restructure the Industry Before It Unravels.” GW Law Faculty Publications & Other
Works, January.
Daoudi, Mehdi. 2019. “2019’s Increasingly Fragile Internet: How Can Businesses Respond?”
Forbes. September 18, 2019.
Diamond, P H, and Y Zhang. 2016. “1/ f Noise and Self-Organized Criticality.” Physics 235
Lecture Notes. University of California San Diego.
Dobson, Thomas Kirwan. 2015. “Entropy and Self-Organizationan Open System Approach
to the Origins of Homeland Security Threats.” Thesis, Monterey, California: Naval
Postgraduate School.
Eustachewich, Lia. 2019. “Russian Trolls Blamed for Spreading Anti-Vaccination
Propaganda.” New York Post, February 15, 2019.
“Explainable Artificial Intelligence (XAI).” 2016. August 10, 2016.
Farrell, Henry, and Abraham L. Newman. 2019. “Weaponized Interdependence: How Global
Economic Networks Shape State Coercion.” International Security 44 (1): 4279.
FINRA. 2010. “SR-FINRA-2010-044 | FINRA.Org.” 2010.
———. 2018a. “FINRA Handles Record Volume of Market Activity through First Six
Months of 2018 | FINRA.Org.” 2018.
———. 2018b. 13: How the Cloud and Machine Learning Have Transformed Market
Surveillance | Episode 13. Vol. 13. FINRA UNSCRIPTED.
Fisher, Len. 2015. “More than 70 Ways to Show Resilience.” Nature 518 (7537): 3535.
Fuller, R. Buckminster. 1970. I Seem to Be a Verb: Environment and Man’s Future. 1st
edition. Bantam Books.
Gandhi, Preet. 2019. “Explainable Artificial Intelligence.” January 2019.
Hidalgo, Cesar. 2015. Why Information Grows: The Evolution of Order, from Atoms to
Economies. Basic Books.
Howard, Jacqueline. 2018. “Why Russian Trolls Stoked US Vaccine Debates - CNN.” CNN.
“Improve the Quality of Your Crop.” 2017. Spectrabotics (blog). June 6, 2017.
Jones, Marc Owen. 2019. “The Gulf Information War | Propaganda, Fake News, and Fake
Trends: The Weaponization of Twitter Bots in the Gulf Crisis.” International Journal
of Communication 13 (0): 27.
(Submitted to the InfraGard National Journal on 10/20/2019)
Krasodomski-Jones, Alex, Josh Smith, Elliot Jones, Ellen Judson, and Carl Miller. 2019.
“Information Operations in the Digital Age.” Demos.
Kron, Thomas, and T. Grund. 2009. “Society as a Self-Organized Critical System.” Text.
“Large Data Aggregation from Small Satellites to Determine Patterns of Life Modifications.”
2019. 2019.
Lewis, Ted. 2010. “Cause-and-Effect or Fooled by Randomness?” Homeland Security Affairs
6 (1).
Manfra, Jeanette. 2019. Role of the United States Government in Securing the Nation’s
Internet Architecture. Washington DC.
Mao, De Tao, and Yisheng Zhong. 2007. “Markov Chain Hidden behind Power Law
Mechanism of Self-Organized Criticality.” ArXiv:0709.2404 [Cond-Mat], September.
McLean, Bethany, and Peter Elkind. 2004. The Smartest Guys in the Room: The Amazing
Rise and Scandalous Fall of Enron. Reprint edition. New York: Portfolio Trade.
Mueller, Robert S. 2019. “Report On The Investigation Into Russian Interference In The 2016
Presidential Election.”
“Presidential Policy Directive -- Critical Infrastructure Security and Resilience.” 2013. The
White House.
Prigogine, Ilya, Gregoire Nicolis, and Agnes Babloyantz. 1972. “Thermodynamics of
Evolution.” Physics Today 25 (11): 2328.
Prigogine, Ilya, Isabelle Stengers, and Alvin Toffler. 1984. Order Out of Chaos. First Edition
edition. New York, NY: Bantam.
“Process Simulation.” 2017. In Wikipedia.
“Pub. No. GAO-03-864, Public Accounting Firms: Mandated Study on Consolidation and
Competition.” 2003. United States General Accounting Office.
“Red Queen Hypothesis.” 2019. In Wikipedia.
“Russian Active Measures Campaigns and Interference in the 2016 U.S. Election.” 2019. S.
Rpt II6-XX. Russian Active Measures Campaigns and Interference in the 2016 U.S.
Election. Washington DC: Select Committee on Intelligence United States Senate.
“SEC Charges: False Tweets Sent Two Stocks Reeling in Market Manipulation.” 2015. U.S.
Securities and Exchange Commission. November 5, 2015.
Sheridan, Cris, Senior Editor, Co-Host, and Financial Sense. 2012. “Feedback Loops: HFT,
Black-Scholes, and Cicadas.” Financial Sense. October 10, 2012.
(Submitted to the InfraGard National Journal on 10/20/2019)
Singer, P. W., and Emerson T. Brooking. 2018. LikeWar: The Weaponization of Social
Media. Eamon Dolan/Houghton Mifflin Harcourt.
“Singularity University.” n.d. Singularity University. Accessed October 19, 2019.
Sverdlik, Yevgeniy. 2018. “AWS Says It’s Never Seen a Whole Data Center Go Down.”
Data Center Knowledge. November 29, 2018.
Swart, Jan M. 2014. “A Simple Rank-Based Markov Chain with Self-Organized Criticality.”
ArXiv:1405.3609 [Math], May.
Taleb, Nassim Nicholas. 2014. Antifragile: Things That Gain from Disorder. Reprint edition.
New York: Random House Trade Paperbacks.
Valen, Leigh van. 1973. “A New Evolutionary Law.” In .
“Vegetation Clearances Automatically Analyzed Across a Power Line Network.” 2018.
Enview (blog). August 16, 2018.
Waltzman, Rand. 2017. “The Weaponization of Information.” Product Page. 2017.
Whitehead, Alfred North. 1979. Process and Reality. 2nd edition. New York: Free Press.
Zenko, Micah. 2015. Red Team: How to Succeed By Thinking Like the Enemy. 1 edition. New
York: Basic Books.
ResearchGate has not been able to resolve any citations for this publication.
Full-text available
Liberals claim that globalization has led to fragmentation and decentralized networks of power relations. This does not explain how states increasingly “weaponize interdependence” by leveraging global networks of informational and financial exchange for strategic advantage. The theoretical literature on network topography shows how standard models predict that many networks grow asymmetrically so that some nodes are far more connected than others. This model nicely describes several key global economic networks, centering on the United States and a few other states. Highly asymmetric networks allow states with (1) effective jurisdiction over the central economic nodes and (2) appropriate domestic institutions and norms to weaponize these structural advantages for coercive ends. In particular, two mechanisms can be identified. First, states can employ the “panopticon effect” to gather strategically valuable information. Second, they can employ the “chokepoint effect” to deny network access to adversaries. Tests of the plausibility of these arguments across two extended case studies that provide variation both in the extent of U.S. jurisdiction and in the presence of domestic institutions—the SWIFT financial messaging system and the internet—confirm the framework's expectations. A better understanding of the policy implications of the use and potential overuse of these tools, as well as the response strategies of targeted states, will recast scholarly debates on the relationship between economic globalization and state coercion.
Full-text available
To address the dual need to examine the weaponization of social media and the nature of non-Western propaganda, this article explores the use of Twitter bots in the Gulf crisis that began in 2017. Twitter account-creation dates within hashtag samples are used as a primary indicator for detecting Twitter bots. Following identification, the various modalities of their deployment in the crisis are analyzed. It is argued that bots were used during the crisis primarily to increase negative information and propaganda from the blockading countries toward Qatar. In terms of modalities, this study reveals how bots were used to manipulate Twitter trends, promote fake news, increase the ranking of anti-Qatar tweets from specific political figures, present the illusion of grassroots Qatari opposition to the Tamim regime, and pollute the information sphere around Qatar, thus amplifying propaganda discourses beyond regional and national news channels.
Full-text available
In this article we apply the theorem of self-organized criticality from complexity theory to explain social transformations. We show that modern society meets all criteria of a critical system: close couplings, permanent addition of energy and the ability to slowly disequilibrate. The explanatory power of this approach is outlined by discussing the outbreak of World War I. Finally, we present possible intervention strategies to prevent social systems from collapsing.
Full-text available
We show that dynamical systems with spatial degrees of freedom naturally evolve into a self-organized critical point. Flicker noise, or 1/f noise, can be identified with the dynamics of the critical state. This picture also yields insight into the origin of fractal objects.
Business and government leaders are hearing more and more about process mining. So, what is process mining? If you’ve asked yourself that question, you’ve come to the right place. This article defines process mining and how it works, describes the “right” way to adopt it within your organization, suggests where the industry is heading with some bleeding-edge possibilities, and concludes with the assertion that process technologies will become ubiquitous. Welcome to the growing world of process mining. Submitted to INFORMS ORMS Today for Volume 46, Number 5, October 2019 The full text of the article is here:
EXECUTIVE SUMMARY TO VOLUME I RUSSIAN SOCIAL MEDIA CAMPAIGN The Internet Research Agency (IRA) carried out the earliest Russian interference operations identified by the investigation- a social media campaign designed to provoke and amplify political and social discord in the United States. The IRA was based in St. Petersburg, Russia, and received funding from Russian oligarch Y evgeniy Prigozhin and companies he controlled. Pri ozhin is widel re orted to have ties to Russian President Vladimir Putin [redacted] In mid-2014, the IRA sent employees to the United States on an intelligence-gathering mission with instructions [redacted] The IRA later used social media accounts and interest groups to sow discord in the U.S. political system through what it termed "information warfare." The campaign evolved from a generalized program designed in 2014 and 2015 to undermine the U.S. electoral system, to a targeted operation that by early 2016 favored candidate Trump and disparaged candidate Clinton. The IRA' s operation also included the purchase of political advertisements on social media in the names of U.S. persons and entities, as well as the staging of political rallies inside the United States. To organize those rallies, IRA employees posed as U.S. grassroots entities and persons and made contact with Trump supporters and Trump Campaign officials in the United States. The investigation did not identify evidence that any U.S. persons conspired or coordinated with the IRA. Section II of this report details the Office's investigation of the Russian social media campaign. RUSSIAN HACKING OPERATIONS At the same time that the IRA operation began to focus ·on supporting candidate Trump in early 2016, the Russian government employed a second form of interference: cyber intrusions (hacking) and releases of hacked materials damaging to the Clinton Campaign. The Russian intelligence service known as the Main Intelligence Directorate of the General Staff of the Russian Army (GRU) carried out these operations. In March 2016, the GRU began hacking the email accounts of Clinton Campaign volunteers and employees, including campaign chairman John Podesta. In April 2016, the GRU hacked into the computer networks of the Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC). The GRU stole hundreds of thousands of documents from the compromised email accounts and networks. Around the time that the DNC announced in mid-June 2016 the Russian government's role in hacking its network, the GRU began disseminating stolen materials through the fictitious online personas "DCLeaks" and "Guccifer 2.0." The GRU later released additional materials through the organization WikiLeaks. The presidential campaign of Donald J. Trump ("Trump Campaign" or "Campaign") showed interest in WikiLeaks's releases of documents and welcomed their otential to damage candidate Clinton. Beginning in June 2016, [redacted] forecast to senior Campaign officials that WikiLeaks would release information damaging to candidate Clinton. WikiLeaks's first release came in July 2016. Around the same time, candidate Trump announced that he hoped Russia would recover emails described as missing from a private server used b Clinton when she was Secreta of State he later said that he was speaking sarcastically). [redacted] WikiLeaks began releasing Podesta' s stolen emails on October 7, 2016, less than one hour after a U.S. media outlet released video considered damaging to candidate Trump. Section lII of this Report details the Office's investigation into the Russian hacking operations, as well as other efforts by Trump Campaign supporters to obtain Clinton-related emails. RUSSIAN CONTACTS WITH THE CAMPAIGN The social media campaign and the GRU hacking operations coincided with a series of contacts between Trump Campaign officials and individuals with ties to the Russian government. The Office investigated whether those contacts reflected or resulted in the Campaign conspiring or coordinating with Russia in its election-interference activities. Although the investigation established that the Russian government perceived it would benefit from a Trump presidency and worked to secure that outcome, and that the Campaign expected it would benefit electorally from information stolen and released through Russian efforts, the investigation did not establish that members of the Trump Campaign conspired or coordinated with the Russian government in its election interference activities. The Russian contacts consisted of business connections, offers of assistance to the Campaign, invitations for candidate Trump and Putin to meet in person, invitations for Campaign officials and representatives of the Russian government to meet, and policy positions seeking improved U.S.-Russian relations. Section IV of this Report details the contacts between Russia and the Trump Campaign during the campaign and transition periods, the most salient of which are summarized below in chronological order. 2015. Some of the earliest contacts were made in connection with a Trump Organization real-estate project in Russia known as Trump Tower Moscow. Candidate Trump signed a Letter oflntent for Trump Tower Moscow by November 2015, and in January 2016 Trump Organization executive Michael Cohen emailed and spoke about the project with the office of Russian government press secretary Dmitry Peskov. The Trump Organization pursued the project through at least June 2016, including by considering travel to Russia by Cohen and candidate Trump. Spring 2016. Campaign foreign policy advisor George Papadopoulos made early contact with Joseph Mifsud, a London-based professor who had connections to Russia and traveled to Moscow in April 2016. Immediately upon his return to London from that trip, Mifsud told Papadopoulos that the Russian government had "dirt" on Hillary Clinton in the form of thousands of emails. One week later, in the first week of May 2016, Papadopoulos suggested to a representative of a foreign government that the Trump Campaign had received indications from the Russian government that it could assist the Campaign through the anonymous release of information damaging to candidate Clinton. Throughout that period of time and for several months thereafter, Papadopoulos worked with Mifsud and two Russian nationals to arrange a meeting between the Campaign and the Russian government. No meeting took place. Summer 2016. Russian outreach to the Trump Campaign continued into the summer of 2016, as candidate Trump was becoming the presumptive Republican nominee for President. On June 9, 2016, for example, a Russian lawyer met with senior Trump Campaign officials Donald Trump Jr., Jared Kushner, and campaign chairman Paul Manafort to deliver what the email proposing the meeting had described as "official documents and information that would incriminate Hillary." The materials were offered to Trump Jr. as "part of Russia and its government's support for Mr. Trump." The written communications setting up the meeting showed that the Campaign anticipated receiving information from Russia that could assist candidate Trump's electoral prospects, but the Russian lawyer's presentation did not provide such information. Days after the June 9 meeting, on June 14, 2016, a cybersecurity firm and the DNC announced that Russian government hackers had infiltrated the DNC and obtained access to opposition research on candidate Trump, among other documents. In July 2016, Campaign foreign policy advisor Carter Page traveled in his personal capacity to Moscow and gave the keynote address at the New Economic School. Page had lived and worked in Russia between 2003 and 2007. After returning to the United States, Page became acquainted with at least two Russian intelligence officers, one of whom was later charged in 2015 with conspiracy to act as an unregistered agent of Russia. Page's July 2016 trip to Moscow and his advocacy for pro-Russian foreign policy drew media attention. The Campaign then distanced itself from Page and, by late September 2016, removed him from the Campaign. July 2016 was also the month WikiLeaks first released emails stolen by the GRU from the DNC. On July 22, 2016, WikiLeaks posted thousands of internal DNC documents revealing information about the Clinton Campaign. Within days, there was public reporting that U.S. intelligence agencies had "high confidence" that the Russian government was.behind the theft of emails and documents from the DNC. And within a week of the release, a foreign government informed the FBI about its May 2016 interaction with Papadopoulos and his statement that the Russian government could assist the Trump Campaign. On July 31, 2016, based on the foreign government rep01ting, the FBI opened an investigation into potential coordination between the Russian government and individuals associated with the Trump Campaign. Separately, on August 2, 2016, Trump campaign chairman Paul Manafort met in New York City with his long-time business associate Konstantin Kilimnik, who the FBI assesses to have ties to Russian intelligence. Kilimnik requested the meeting to deliver in person a peace plan for Ukraine that Manafort acknowledged to the Special Counsel's Office was a "backdoor" way for Russia to control part of eastern Ukraine; both men believed the plan would require candidate Trump's assent to succeed (were he to be elected President). They also discussed the status of the Trump Campaign and Manafort's strategy for winning Democratic votes in Midwestern states. Months before that meeting, Manafort had caused internal polling data to be shared with Kilimnik, and the sharing continued for some period of time after their August meeting. Fall 2016. On October 7, 2016, the media released video of candidate Trump speaking in graphic terms about women years earlier, which was considered damaging to his candidacy. Less than an hour later, WikiLeaks made its second release: thousands of John Podesta's emails that had been stolen by the GRU in late March 2016. The FBI and other U.S. government institutions were at the time continuing their investigation of suspected Russian government efforts to interfere in the presidential election. That same day, October 7, the Department of Homeland Security and the Office of the Director of National Intelligence issued a joint public statement "that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations." Those "thefts" and the "disclosures" of the hacked materials through online platforms such as WikiLeaks, the statement continued, "are intended to interfere with the US election process." Post-2016 Election. Immediately after the November 8 election, Russian government officials and prominent Russian businessmen began trying to make inroads into the new administration. The most senior levels of the Russian government encouraged these efforts. The Russian Embassy made contact hours after the election to congratulate the President-Elect and to arrange a call with President Putin. Several Russian businessmen picked up the effort from there. Kirill Dmitriev, the chief executive officer of Russia's sovereign wealth fund, was among the Russians who tried to make contact with the incoming administration. In early December, a business associate steered Dmitriev to Erik Prince, a supporter of the Trump Campaign and an associate of senior Trump advisor Steve Bannon. Dmitriev and Prince later met face-to-face in January 2017 in the Seychelles and discussed U.S.-Russia relations. During the same period, another business associate introduced Dmitriev to a friend of Jared Kushner who had not served on the Campaign or the Transition Team. Dmitriev and Kushner's friend collaborated on a short written reconciliation plan for the United States and Russia, which Dmitriev implied had been cleared through Putin. The friend gave that proposal to Kushner before the inauguration, and Kushner later gave copies to Bannon and incoming Secretary of State Rex Tillerson. On December 29, 2016, then-President Obama imposed sanctions on Russia for having interfered in the election. Incoming National Security Advisor Michael Flynn called Russian Ambassador Sergey Kislyak and asked Russia not to escalate the situation in response to the sanctions. The following day, Putin announced that Russia would not take retaliatory measures in response to the sanctions at that time. Hours later, President-Elect Trump tweeted, "Great move on delay (by V. Putin)." The next day, on December 31 , 2016, Kislyak called Flynn and told him the request had been received at the highest levels and Russia had chosen not to retaliate as a result of Flynn's request. On January 6, 2017, members of the intelligence community briefed President-Elect Trump on a joint assessment-drafted and coordinated among the Central Intelligence Agency, FBI, and National Security Agency-that concluded with high confidence that Russia had intervened in the election through a variety of means to assist Trump's candidacy and harm Clinton's. A declassified version of the assessment was publicly released that same day. Between mid-January 2017 and early February 2017, three congressional committees-the House Permanent Select Committee on Intelligence (HPSCI), the Senate Select Committee on Intelligence (SSCI), and the Senate Judiciary Committee (SJC)-announced that they would conduct inquiries, or had already been conducting inquiries, into Russian interference in the election. Then-FBI Director James Corney later confirmed to Congress the existence of the FBI's investigation into Russian interference that had begun before the election. On March 20, 2017, in open-session testimony before HPSCI, Corney stated: I have been authorized by the Department of Justice to confirm that the FBI, as part of our counterintelligence mission, is investigating the Russian government's efforts to interfere in the 2016 presidential election, and that includes investigating the nature of any links between individuals associated with the Trump campaign and the Russian government and whether there was any coordination between the campaign and Russia's efforts .... As with any counterintelligence investigation, this will also include an assessment of whether any crimes were committed. The investigation continued under then-Director Corney for the next seven weeks until May 9, 2017, when President Trump fired Corney as FBI Director-an action which is analyzed in Volume II of the rep01t. On May 17, 2017, Acting Attorney General Rod Rosenstein appointed the Special Counsel and authorized him to conduct the investigation that Corney had confirmed in his congressional testimony, as well as matters arising directly from the investigation, and any other matters within the scope of 28 C.F.R. § 600.4(a), which generally covers efforts to interfere with or obstruct the investigation. President Trump reacted negatively to the Special Counsel's appointment. He told advisors that it was the end of his presidency, sought to have Attorney General Jefferson (Jeff) Sessions unrecuse from the Russia investigation and to have the Special Counsel removed, and engaged in efforts to curtail the Special Counsel's investigation and prevent the disclosure of evidence to it, including through public and private contacts with potential witnesses. Those and related actions are described and analyzed in Volume II of the report. * * * THE SPECIAL COUNSEL'S CHARGING DECISIONS In reaching the charging decisions described in Volume 1 of the report, the Office determined whether the conduct it found amounted to a violation of federal criminal law chargeable under the Principles of Federal Prosecution. See Justice Manual § 9-27.000 et seq. (2018). The standard set forth in the Justice Manual is whether the conduct constitutes a crime; if so, whether admissible evidence would probably be sufficient to obtain and sustain a conviction; and whether prosecution would serve a substantial federal interest that could not be adequately served by prosecution elsewhere or through non-criminal alternatives. See Justice Manual § 9- 27 .220. Section V of the report provides detailed explanations of the Office's charging decisions, which contain three main components.
The article discusses the use of algorithmic models in finance (algo or high frequency trading). Algo trading is widespread but also somewhat controversial in modern financial markets. It is a form of automated trading technology, which critics claim can, among other things, lead to market manipulation. Drawing on three cases, this article shows that manipulation also can happen in the reverse way, meaning that human traders attempt to make algorithms ‘make mistakes’ by ‘misleading’ them. These attempts to manipulate are very simple and immediately transparent to humans. Nevertheless, financial regulators increasingly penalize such attempts to manipulate algos. The article explains this as an institutionalization of algo trading, a trading practice which is vulnerable enough to need regulatory protection.