Countering Threat Networks: A Standard Lines of Effort Model

Christopher Goodyear, Brian Greata, Timothy Payment and Martin Wetterauer

Introduction and Thesis Statement

Understanding networked adversaries and countering threat networks (CTN) is an increasingly common challenge for joint force commanders. This challenge is likely to grow as asymmetric approaches and hybrid warfare become standard for those adversaries who are weaker and search for legitimacy in achieving their objectives. This implies that commanders must be armed with a generally accepted means to understand these threats and prepare plans to thwart them.

This phenomenon is not entirely new to U.S. and allied military forces, as joint force commanders have confronted terrorist networks in Afghanistan, Iraq, and around the world before and since 9/11. U.S. Southern Command has been fighting criminal threat networks for over 20 years through Joint Interagency Task Force-South (JIATF-S). Insurgent threat networks are an even older phenomenon, as old as nation-states and those who have sought to overthrow them. These are all valid examples of threat networks; however, a critical, relatively recent development is the convergence of criminal, insurgent, and/or terrorist capabilities into hybrid networks that leverage their respective strengths to create a synergistic threat effect.[1]

With the release of Joint Publication (JP) 3-25, Countering Threat Networks, on 21 December 2016, the joint force now has official doctrine to guide joint force commanders and their staffs as they formulate plans to oppose these most challenging problems. JP 3-25 provides a number of operational level considerations including the importance of interagency integration, planning to counter threat networks, and assessing progress towards victory against threat networks. It also covers the finer details of CTN activities such as fundamentals and best practices for analyzing network structure, counter threat finance, CTN in a maritime domain, identity intelligence activities, and exploitation to support CTN. However, it provides very few specifics for a commander or staff considering how to develop an operational approach, and specifically what lines of effort (LOEs) best achieve operational and strategic end states against threat networks. Finally, JP 3-25 only briefly considers CTN outside of conflict zones, where the full range of friendly military actions will usually be severely restricted.

JP 3-25 is deliberately broad, and in fact is a very good document for exposing personnel to concepts and orienting thought against these complex threats. This paper will – to the extent possible – attempt to refine the guidance found in JP 3-25 by proposing methodology to employ JP 3-25 doctrine through recommended lines of effort to counter threat networks. Specifically, we intend to prove the following thesis: In an Outside Declared Theater of Active Armed Conflict (ODTAAC)[2] environment, a whole of government solution leading to a judicial (i.e., rule of law) end state is best achieved through lines of effort aligned with threat network functions. In examining this thesis, we will attempt to define an optimal end state and supporting operational conditions, and consider potential lines of effort that align along the PMESII (Political, Military, Economic, Social, Information , and Infrastructure Systems)[3], DIMEFIL (Diplomatic, Information, Military, Economic, Finance, Intelligence, and Law Enforcement)[4], and Threat Network Function models.[5] Ultimately we attempt to identify a template with the optimal lines of effort along which to carry out military operations, actions, and activities that contribute directly to, or support, achievement of objectives to counter threat networks.

Background

Threat networks are not new. They have always existed in varying forms, activities, and degrees of power. They are, per JP 3-25, those networks whose size, scope, or capabilities threaten US interests.[6] Common types of threat networks are terrorist, criminal, and insurgent networks.[7] Criminal networks can include narcotics, human trafficking and human smuggling (to include the movement of special interest aliens), and weapons smuggling (potentially including weapons of mass destruction, WMD) amongst other illicit activities. The relatively recent convergence of these kinds of threat networks is what poses an increasingly significant threat. We have already seen the merging of all three in the Fuerzas Armadas Revolucionarias de Colombia (FARC) in Colombia. What began as an insurgent movement gradually adopted terrorist tactics, and then after funding themselves through narcotics trafficking this became a raison d’etre.[8] Likewise, the ability of criminal networks to utilize established trafficking routes to wittingly or unwittingly move terrorists and/or weapons of mass destruction constitute a serious threat. Finally, Hezbollah uses the drug trade and other illicit activities around the world to fund terrorist activities in the Levant.[9]

These kinds of threats, and the environments in which they operate, naturally drive friendly networks towards whole-of-government solutions due to the complexity of the problem and the requirement for a comprehensive approach.[10] To combat threats such as these, the U.S. Government has undergone a significant increase in interagency cooperation since 9/11.[11] The use of Title 10 forces under a Title 50 lead and authority is one area in particular that has been utilized to leverage the strengths of participating agencies to a greater overall effect.[12] Likewise, detailing Title 10 personnel to other federal agencies for a specific mission or purpose is another way that DoD can contribute to an other-than-military effect.

These efforts are commendable, but they are niche efforts, usually isolated in nature, and limited in achieving the overall end state. They don’t constitute a comprehensive approach, or provide a “best practice” for lines of effort that a joint force commander could use to organize operations to counter threat networks.

This is particularly true when considering the differences between a conflict zone and an ODTAAC environment. Joint Interagency Task Force-South (JIATF-S), which conducts detection and monitoring missions to combat illicit trafficking and is widely considered an example of successful interagency action, is still largely focused on one kind of commodity (narcotics) of one type of threat network (criminal) and does not function cross-domain (it is almost entirely limited to the Air and Maritime domains).[13] While its function concentrates on network disruption through evidentiary seizures and criminal prosecution, it is limited by charter from leveraging all elements of national power to achieve a comprehensive approach and strategy. However, one thing is clear from the JIATF-S example, and that is the fact that a judicial end state is the de facto “approved solution” for the Western Hemisphere (WHEM) when combatting threat networks.

The WHEM is not alone in this respect, and serves as a good example of an ODTAAC environment. In this environment the Military element of national power is de-emphasized, creating greater reliance on the remaining diplomatic, economic, and information instruments. This is representative of any ODTAAC area, considered diplomatic or “Title 22” environments. Although the military is used to great effect in these theaters, it is usually through soft power and influence – not kinetic strikes as used in theaters of conflict.

However, the DIME construct ignores some very powerful instruments of national power that are utilized not only in the U.S. Southern Command AOR, but around the world. These include law enforcement, intelligence, and financial entities that can achieve effects against threat networks and which don’t easily fall into one of the “DIME” bins.[14] For example, a Homeland Security Investigations (HSI) agent is not an instrument of diplomatic, military, economic, or informational power but the authorities and potential effect that HSI can bring to bear against transregional actors is significant. Likewise, the financial effects that the U.S. Department of the Treasury can apply to threat network finances presents a considerable threat to a network’s resources. The DIMEFIL construct better captures the full range of instruments of national power. This construct first appeared in the National Military Strategic Plan for the War on Terrorism in 2006, and although not official doctrine, does serve to address an expanded view of applicable national capabilities.[15]

This concurrent de-emphasis of military power and expanded consideration of other instruments of national power has resulted in a preference within ODTAAC environments for what is commonly referred to as a “judicial end state” for threat networks. But why should a judicial end state be desirable over any other? Is this just a political ploy, an effort to make US activities more palatable? While there is value in reinforcing the rule of law during CTN activities, there are also some good reasons why a judicial end state is desirable outside of a conflict zone.

First, there is the question of jus ad bellum, or the theory of just war. If a non-state actor happens to reside within a particular state that is friendly to the U.S., what exactly is the right of the U.S. to conduct military operations against that adversary? If we conduct clandestine warfare across regional and country boundaries, our actions no longer fit the status quo of justified use of force based on the law of armed conflict and theaters of armed conflict.[16]

Second, there is ambiguity regarding what level of violence rises above criminality to that of armed conflict. Without clear definitions of what constitutes a significant enough threat to warrant military action, a law enforcement solution is preferred.[17]

Third, we should consider the impacts to accepted norms of proportionality in an ODTAAC environment. Current rules regarding proportionality arose from conflicts in which civilians were deemed a part of the enemy, and could share in the hardships of war.[18] In an environment in which the threat network hides amongst civilians who may have no allegiance or even awareness of the threat network, a reassessment of the legal framework governing hostilities may be in order.[19] Ignoring this consideration, and the potential for collateral damage, risks alienating the indigenous population and US legitimacy.

For these reasons and others, there is a current of thought that emphasizes limiting or abandoning the use of military detention, limiting the use of lethal force, and a preference for criminal prosecution over military detention.[20] This effectively constitutes the judicial end state.

This, like any policy or generally accepted norm, is bound to run into occasional conflicts. For example, within law enforcement, one such source of tension is between disruption and dismantlement. Investigative entities are tasked, and are naturally inclined due to the nature of their work, to lean towards caution when considering disruption activities. They generally prefer to delay disruption in order to gain greater knowledge of an entire network, and thereafter achieve complete dismantlement. On the other hand, other law enforcement entities are tasked with disruption of criminal activities and are quick to move against threat network activities in order to disrupt imminent threats. Therefore, “judicial end state” implies a wide range of law enforcement and judicial/prosecutorial activities that achieve the desired end state and reinforce the rule of law within ODTAAC environments.

If we accept that the judicial end state is preferred in an ODTAAC environment, then we must be concerned about how to design an operation to achieve it. Operational design is “the conception and construction of the framework that underpins a campaign or major operation plan and its subsequent execution.”[21] It results in the operational approach, “which broadly describes the actions the joint force needs to take to reach the desired state.”[22] Some of the components of an operational approach (particularly specific contributing factors or intermediate military objectives) cannot, and should not, be determined until faced with an actual problem and development of a proper understanding of the environment, the precise threat networks and their capabilities, and friendly network.

Notwithstanding this, the lines of effort for CTN within an ODTAAC environment should be relatively stable and applicable regardless of the specific environment or threat network.

Threat networks are formed at the confluence of a catalyst, a receptive audience, and an accommodating environment. The removal of any or all of these is necessary to eliminate the threat that any network poses, and achieve an acceptable end state. Therefore any articulation of an end state should at a minimum reflect a satisfactory achievement of effects against these three conditions (See Figure 1):[23]

End state #1 – No Catalyst. The catalyst for establishment of the threat network is eliminated or sufficiently addressed to reduce the perceived need to assemble or take action.

End state #2 – No Receptive Audience. Potential threat network audiences have more to gain by not participating, are not motivated to participate, or do not have the means to conduct actions that address the catalyst.

End state #3 – Unaccommodating Environment. The environment is inhospitable to the organization and activities of the threat network. (In an ODTAAC environment, law enforcement activities are critical to achieve this.)

The accomplishment of these three end states constitutes success vis-à-vis countering a threat network. A joint force commander may add to these to meet a peculiar additional environmental condition which they have been tasked to resolve, but cannot take away if they want to address the threat network completely.

In order to reach the end state, certain operational conditions must be achieved. In the case of countering threat networks, it is possible to backwards plan conditions that support the end states listed previously, and that are applicable to any kind of threat network. The following conditions must be met; each is listed with the end state(s) that it will support (see Figure 2).

Friendly network narrative or option seen as more legitimate and less risky than threat network practices or ideologies (End states 1,2,3). In order to achieve this condition, the risks associated with the threat network outweigh the benefit or profit; threat ideologies are seen as bankrupt; a narrative alternate to the threat network is developed and accepted; and the threat network, its objectives, and its actions are seen as illegitimate. These may constitute intermediate factors (potentially along with others) that fall along lines of effort to achieve this condition.

Effective governance presents a safer environment and greater economic opportunities than a threat network. (2, 3) In order to achieve this condition, a comprehensive approach will assist host nation development of available economic opportunities; promote effective and equitable governance including the rule of law; and establish a safe and secure environment through successful detention and prosecution of threat network members.

Threat network operations, intelligence, and sustainment degraded. (3) In order to achieve this condition, joint forces should consider degradation of threat network freedom of movement; disruption of their ability to gather intelligence or resources; and disruption of threat network operations, actions, and activities (OAAs).



The emphasis on the rule of law, the establishment of a safe and secure environment, successful prosecution, and disruption of threat activities all are areas where law enforcement and judicial processes will contribute heavily. The likely “judicial end state” desired given current policy and common practice, as well as compelling reasons given an ODTAAC environment, is reflected in a number of these conditions.

The precise actions that will fall along these lines of effort are too specific to be considered in this paper, and instead must be developed and refined once confronted by a specific threat network scenario. These can subsequently be tailored and scaled based on analysis of the peculiarities of a specific environment and threat network.

The key question that remains is how a joint force commander should select lines of effort that will support achievement of a judicial end state, articulate an appropriate DOD role in a whole-of-government solution, and apply an ideal application of instruments of national power to counter threat networks. The following description of models and analysis intend to provide a broad answer for future application.

Description

This paper considers three potential LOE models –the DIMEFIL, PMESII, and Threat Network Function models.

Before examining these models there are a few notes on considerations that should be common to any LOE model adopted by the joint force commander. Any solution will have to take into consideration conflicting priorities and determine a method for resolving such conflicts. The Unity of Effort Framework Solution Guide provides a useful tool to guide operational-level planning and development of conflict resolution procedures between departments/agencies.[24]

One area in particular that will have to be taken into account during planning is the tension and balance required between the desire (and sometimes requirement) to disrupt imminent threats versus the desire, particularly amongst investigative and intelligence entities, to leave certain threats in place in order to facilitate a longer-term dismantlement of a network. Clear triggers and acceptable levels of risk must be identified to guide this decision making.[25]

All three pillars of “network engagement” must be considered when developing specific actions along whatever LOE construct is adopted. That is, while countering the threat network, the whole-of-government must also partner with the friendly network and engage with the neutral network.[26]

Finally, a comprehensive approach should always be pursued and incorporated. Other military partners, the Interagency, partner nations, intergovernmental and nongovernmental partners, and the capabilities they all bring to bear should be incorporated when and where they are willing and able in order to achieve a comprehensive approach.

The first Line of Effort model considered is Friendly Network oriented; the DIMEFIL construct (see Figure 3). DIMEFIL consists of Diplomatic, Information, Military, Economic, Financial, Intelligence, and Law Enforcement instruments of friendly national power. DIME is well established, but as discussed previously in the Background, the additional FIL instruments are appropriate given the nature of the threat, the ODTAAC environment considered, and the desire for a law enforcement oriented approach. In this model, lines of effort are aligned directly with (and are named for) each of the seven DIMEFIL instruments of power. DoD has its own Military LOE, and can support each of the other LOEs to varying degrees.

The second LOE model considered, a Threat Network oriented model, was PMESII (political, military, economic, social, information, and infrastructure). This is a systems-based model intended to define the structures of an adversary through examination of the PMESII characteristics of the state. [27] This can be applied towards threat networks in that can exhibit these characteristics, and instruments of friendly power can be applied against each of the threat PMESII systems. As with the DIMEFIL example, lines of effort are aligned with and named for each of the six systems. (See Figure 4.)

The final LOE model has a mixed Threat Network and Friendly Network orientation. In this model, three Threat Network Functions (Information, Operations, and Sustainment/Logistics) are supplemented with the addition of a Host Nation (HN) Development LOE. The Threat Network Functions are derived from various functions identified in JP 3-25, and generalized to fit any type of threat network. The Information LOE can include actions against threat intelligence, propaganda, and strategic communications (either to build their legitimacy or tear down that of the friendly network). The Operations LOE includes actions against training, drug manufacturing, operational elements, weapons manufacturing, C2/leadership, and clandestine network components. The Sustainment/Logistics LOE includes potential actions against threat finance; recruiting; transport of drugs, weapons, people, etc; and other logistical capabilities. The addition of the Host Nation Development LOE provides sufficient attention on the Friendly Network for a comprehensive approach toward development tasks which support conditions that can meet the desired end states. (See Figure 5.)

Analysis and Discussion

In developing criteria to evaluate the proposed LOE models, we considered first the thesis and what criteria would lead us to an optimal model for CTN in an ODTAAC environment. Based on this analysis, we selected the following criteria: 1) The maximization of whole-of-government coordination and a comprehensive approach, 2) Applicability to the ODTAAC environment and a desired “judicial end state”, and 3) Alignment with end state conditions.

First Criterion. Our previous discussion of threat networks showed that CTN naturally requires a whole-of-government solution due to the complexities and multifaceted underlying problems that give rise to threat networks. Therefore, the first criterion is: Maximization of whole-of-government coordination (all instruments of national power) and a comprehensive approach.

At first glance it would appear the DIMEFIL model is preferred because it captures in dedicated lines of effort a broad range of instruments of national power. In reality, this is counterproductive because in building lines of effort along narrow roles, agencies may become myopic in focusing only upon “their” line of effort, and tend to ignore how they might contribute to the other lines of effort. This can lead to stove piping of thought and action, and the comprehensive approach will suffer as a result.[28] This is considered in Joint Publication 5-0, which even goes so far as to recommend against this approach.[29]

PMESII is threat- and result-oriented, which should drive greater collaboration amongst instruments of power to arrive at better coordinated activities along the LOEs. However, it doesn’t completely eliminate the potential organizational “lane” problem, in that the Military LOE remains, and may drive military contributions unnecessarily along a sole line of effort.

The Threat Network Function model doesn’t establish these organizational lanes, and instead encourages cross-cutting application of the instruments of national power across all the lines of effort (See Figure 5). A potential disadvantage of this model is that this requires a significant effort to coordinate in order to integrate, deconflict, and synchronize interagency contributions. But on balance, this process will result in more deeply analyzed and coordinated results. For this reason, the Threat Network Functions model is preferable under this criterion.

Second Criterion. Considering the ODTAAC environment and the desire to reinforce the rule of law, we determined that an operational approach and associated lines of effort should lead a joint force commander toward a framework which supports successful prosecution and other law enforcement activities. Therefore, our next criterion is: Applicability to the ODTAAC environment and a desired “judicial end state”.

PMESII provided no apparent advantage in the ODTAAC / judicial end state environment. DIMEFIL dedicates an entire LOE to law enforcement activities, which have a clear tie to the judicial end state. The Financial LOE in DIMEFIL includes Counter Threat Finance activities, which would also support law enforcement and prosecution. Threat Network Functions avoids a specific LOE for law enforcement, instead intending that each instrument should integrate activities within each LOE. This is slightly more difficult in that it requires a concerted effort to coordinate, much as with the first criterion.

Third Criterion. Any line of effort model should naturally align with end state conditions, not crosscut across most or all of them. In this way, there should be an alignment between cause and effect. Therefore the final criterion is: Alignment with end state conditions.

DIMEFIL fares the worst against this criterion, precisely because DIMEFIL are the “means” for carrying out lines of effort, and LOEs are the “ways”. As such, the DIMEFIL instruments should be applied across all lines of effort. As a result, DIMEFIL is not a good model for demonstrating a flow from lines of effort, to conditions, to end state. While the DIMEFIL elements will certainly support achievement of conditions and end states, they do not align or “flow” towards the end states. This became painfully obvious when creating a diagram of operational approaches, creating a spider web of contributions from every LOE to each operational condition (see Figure 3).

PMESII aligns somewhat better with the conditions in that there’s an exact alignment between the Social LOE and the Legitimacy condition, and the Infrastructure LOE and the Good governance/economic opportunities condition. (See Figure 4.) Two LOEs (Political and Economic) support two conditions. Only two LOEs contribute to all three conditions – the Military and Information LOEs. (There is some overlap in these two LOEs, as potential military information support operations exhibit characteristics of both.)

The Threat Network Functions model also aligns with the identified conditions and end states. The Operations and Sustainment/Logistics LOEs align well with the Threat Network condition; the Information LOE aligns with the Legitimacy and Threat Ops/Intel/Sustainment conditions, and the Host Nation Development and Information LOEs align with the Good governance/economic opportunities condition. This is overall a much cleaner, straightforward alignment than the other two LOE models offer.

After considering these criteria, the Threat Network Functions model is the best model identified for lines of effort that lead to end state achievement. The other two models simply had deeper flaws when compared against the evaluation criteria. The problem with the PMESII model is that it’s based on a tool designed to analyze an adversary and its “system of systems” in order to identify critical capabilities, requirements, and vulnerabilities for center of gravity analysis – not to themselves become lines of effort.

DIMEFIL is usually considered the “means” of achieving operational and strategic objectives, and making them lines of effort (i.e., the “ways”) is potentially problematic and should be carefully considered during planning. DIMEFIL should cut across all LOEs, not define LOEs. Its potential for stove piping along organizational/authority lines makes this model less than ideal.

While DIMEFIL arguably dedicates an entire LOE to a core interest – that of the primacy of law enforcement and rule of law – the Threat Network Functions model better aligns with conditions and end states, and if properly implemented will foster better whole-of-government solutions including support to achieving a judicial end state.

Conclusion

In an ODTAAC environment, a whole of government solution leading to a judicial end state is best achieved through adopting lines of effort aligned with Threat Network Functions of Intelligence, Operations, and Sustainment/Logistics, together with Host Nation Development. Our analysis shows that when confronted by a threat network, adopting lines of effort that conform with Threat Network Functions is advantageous as a standardized template for developing operational design. (See Figure 6.)

There will always be local conditions and factors that cause planners to reevaluate their understanding of the environment, assessment and definition of the problem, what conditions constitute acceptable end state(s), and how to achieve them. Likewise, a joint force commander may face a scenario in which countering a threat network is not the only challenge. This is very likely in the real world. Besides the threat network, there will likely be other environmental conditions that force a hybrid approach to developing end states, conditions, and lines of effort. In that case, the recommendation we make in this paper will serve as a base from which to develop a more complex, tailored operational approach to address other challenges within the OE.

But based on current policy and practice, as well as conformance with the various criteria identified in this document, organizing elements of national power along the Threat Network Function lines of effort will best serve a joint force commander searching for an effective approach to counter threat networks.

End Notes