Cell structures continue to evolve. Historically, clandestine organizations avoided electronic communications, because signals intelligence, SIGINT, is a strength of conventional militaries and counterintelligence organizations. New communications techniques, such as the Internet and strong encryption, may allow some inter-cell communications that were too dangerous in the past.
In the context of tradecraft, being covert and clandestinity are not synonymous. The adversary is aware that a covert activity is happening, but does not know who is doing it, and certainly not their sponsorship. Clandestine activities, however, if successful, are completely unknown to the adversary, and their function, such as espionage, would be neutralized if there was any awareness of the activity. A covert cell structure is tantamount to a contradiction in terms, because the point of the cell structure is that its details are completely hidden from the opposition.
A sleeper cell refers to a cell, or isolated grouping of sleeper agents that belong to an intelligence network or organization. The cell "sleeps" (lies dormant) inside a target population until it receives orders or decides to act. (See also Mole (espionage), Double agent, Sleeper agent.) A sleeper cell is a somewhat special case, if, for example, it is clandestine until activated, as with a sabotage or terror unit. Still, there can be cells (or singleton agents) who are both clandestine and sleeper. While most WWII UK espionage agents sent to the UK were almost immediately caught and neutralized, a few, who infiltrated an area long ahead of time, and set up a clock repair shop or something else innocent that was also near a naval base, were only activated when there was a specific operational requirement. Sleepers also provide support services, such as emergency escape routes, backup communications, etc.
Officially, the PIRA is hierarchical, but, especially as British security forces became more effective, changed to a semiautonomous model for its operational and certain of its support cells (e.g., transportation, intelligence, cover and security). Its leadership sees itself as guiding and consensus-building. The lowest-level cells, typically of 2-5 people, tend to be built by people with an existing personal relationship. British counterinsurgents could fairly easily understand the command structure, but not the workings of the operational cells.
The IRA has an extensive network of inactive or sleeper cells, so new ad hoc organizations may appear for any specific operation.
Especially through the French member, they would contact trusted individuals in the area of operation, and ask them to recruit a team of trusted subordinates (i.e., a subcell). If the team mission were sabotage, reconnaissance, or espionage, there was no need to meet in large units. If the team was to carry out direct action, often an unwise mission unless an appreciable number of the locals had military experience, it would be necessary to assemble into units for combat. Even then, the hideouts of the leadership were known only to subcell leaders. The legitimacy of the Jedburgh team came from its known affiliation with Allied powers, and it was a structure more appropriate for UW than for truly clandestine operations.
Also known as the Viet Cong, this organization grew from earlier anticolonial groups fighting the French, as well as anti-Japanese guerillas during WWII. Its command, control, and communication techniques derived from the experiences of these earlier insurgent groups. The group had extensive support from North Vietnam, and, indirectly, from the Soviet Union. It had parallel political and military structures, often overlapping. See Viet Cong and PAVN strategy and tactics.
The lowest level consisted of three-person cells who operated quite closely, and engaging in the sort of self-criticism common, as a bonding method, to Communist organizations.
In the case of the PIRA, its political wing, Sinn Fein, became increasingly overt, and then a full participant in politics. Hamas and Hezbollah also have variants of overt political/social service and covert military wings.
The rationale for the overt political-covert military split is to avoid the inflexibility of completely secret organization. This practice can become counterproductive once an active insurgency begins. Excessive secrecy can limit insurgent freedom of action, reduce or distort information about insurgent goals and ideals, and restrict communication within the insurgency. By splitting, the public issues can be addressed overtly, while military actions remain covert and intelligence functions stay clandestine.
External support need not be overt. Certain Shi'a groups in Iraq, for example, do receive assistance from Iran, but this is not a public position of the government of Iran, and may even be limited to factions of that government. Early US support to the Afghan Northern Alliance against the Taliban used clandestine operators from both the CIA and United States Army Special Forces. As the latter conflict escalated, the US participation became overt.
In a covert FID mission, only selected host nation (HN) leaders are aware of the foreign support organization. Under Operation White Star, US personnel gave covert FID assistance to the Royal Lao Army starting in 1959, became overt in 1961, and ceased operations in 1962.
When considering where cells exist with respect to the existing government, the type of insurgency needs to be considered. One US Army reference was Field Manual 100-20, which has been superseded by FM3-07. Drawing on this work, Nyberg (a United States Marine Corps officer) extended the ideas to describe four types of cell system, although his descriptions also encompass types of insurgencies that the cell system supports. At present, there is a new type associated with transnational terrorist insurgencies.
Some recruits, due to the sensitivity of their position or their personalities not being appropriate for cell leadership, might not enter cells but be run as singletons, perhaps by other than the recruiting case officer. Asset BARD is a different sort of highly sensitive singleton, who is a joint asset of the country B, and the country identified by prefix AR. ARNOLD is a case officer from the country AR embassy, who knows only the case officer BERTRAM and the security officer BEST. ARNOLD does not know the station chief of BERRY or any of its other personnel. Other than BELL and BEST, the Station personnel only know BERTRAM as someone authorized to be in the Station, and who is known for his piano playing at embassy parties. He is covered as Cultural Attache, in a country that has very few pianos. Only the personnel involved with BARD know that ARNOLD is other than another friendly diplomat.
In contrast, BESSIE and BETTY know one another, and procedures exist for their taking over each others' assets in the event one of the two is disabled.
Some recruits, however, would be qualified to recruit their own subcell, as BEATLE has done. BESSIE knows the identity of BEATLE-1 and BEATLE-2, since he had them checked by headquarters counterintelligence before they were recruited. Note that a cryptonym does not imply anything about its designee, such as gender.
The diagram of "initial team presence" shows that two teams, ALAN and ALICE, have successfully an area of operation, the country coded AL, but are only aware of a pool of potential recruits, and have not yet actually recruited anyone. They communicate with one another only through headquarters, so compromise of one team will not affect the other.
Assume that in team ALAN, ALISTAIR is one of the officers with local contacts, might recruit two cell leaders, ALPINE and ALTITUDE. The other local officer in the team, ALBERT, recruits ALLOVER. When ALPINE recruited two subcell members, they would be referred to as ALPINE-1 and ALPINE-2.
ALPINE and ALTITUDE only know how to reach ALISTAIR, but they are aware of at least some of other team members' identity should ALISTAIR be unavailable, and they would accept a message from ALBERT. Most often, the identity (and location) of the radio operator may not be shared. ALPINE and ALTITUDE, however, do not know one another. They do not know any of the members of team ALICE.
The legitimacy of the subcell structure came from the recruitment process, originally by the case officer and then by the cell leaders. Sometimes, the cell leader would propose subcell member names to the case officer, so the case officer could have a headquarters name check run before bringing the individual into the subcell. In principle, however, the subcell members would know ALPINE, and sometimes the other members of the ALPINE cell if they needed to work together; if ALPINE-1 and ALPINE-2 had independent assignments, they might not know each other. ALPINE-1 and ALPINE-2 certainly would not know ALISTAIR or anyone in the ALTITUDE or ALLOVER cells.
As the networks grow, a subcell leader might create his own cell, so ALPINE-2 might become the leader of the ALIMONY cell.
Modern communications theory has introduced methods to increase fault tolerance in cell organizations. In the past, if cell members only knew the cell leader, and the leader was neutralized, the cell was cut off from the rest of the organization.
If a traditional cell had independent communications with the foreign support organization, headquarters might be able to arrange its reconnection. Another method is to have impersonal communications "side links" between cells, such as a pair of dead drops, one for Team ALAN to leave "lost contact" messages to be retrieved by Team ALICE, and another dead drop for Team ALICE to leave messages for Team ALAN.
These links, to be used only on losing contact, do not guarantee a contact. When a team finds a message in its emergency drop, it might do no more than send an alert message to headquarters. Headquarters might determine, through SIGINT or other sources, that the enemy had captured the leadership and the entire team, and order the other team not to attempt contact. If headquarters can have reasonable confidence that there is a communications failure or partial compromise, it might send a new contact to the survivors.
When the cut-off team has electronic communications, such as the Internet, it has a much better chance of eluding surveillance and getting emergency instructions than by using a dead drop that can be under physical surveillance.
Due to cultural differences, assuming the al-Qaeda Training Manual
is authentic, Islamic cell structures may differ from the Western mode. "Al-Qaida’s minimal core group, only accounting for the leadership, can also be viewed topologically as a ring or chain network, with each leader/node heading their own particular hierarchy.
"Such networks function by having their sub-networks provide information and other forms of support (the ‘many-to-one’ model), while the core group supplies ‘truth’ (of interpretation of Islam in this case—spiritual and political) and decisions/directions (the ‘one-to-many’ model). Trust and personal relationships are an essential part of the Al-Qaida network (a limiting factor, even while it provides enhanced security). Even while cell members are trained as ‘replaceable’ units, ‘vetting’ of members occurs during the invited training period under the observation of the core group.
Cells of this structure are built outwards, from an internal leadership core. Superficially, this might be likened to a Western cell structure that emanates from a headquarters, but the Western centrality is bureaucratic, while the Islamic (or structures in other non-western cultures) builds on close personal relationships, often built over years, perhaps involving family or other in-group linkages. Such in-groups are thus extremely hard to infiltrate; infiltration has a serious chance only outside the in-group. Still, it may be possible for an in-group to be compromised through COMINT or, in rare cases, by compromising a member.
The core group is logically a ring, but is superimposed on an inner hub-and-spoke structure of ideological authority. Each member of the core forms another hub and spoke system (see infrastructure cells, the spokes leading to infrastructure cells under the supervision of the core group member, and possibly to operational groups which the headquarters support. Note that in this organization, there is a point at which the operational cell becomes autonomous of the core. Members surviving the operation may rejoin at various points.
Osama, in this model, has the main responsibility of commanding the organization and being the spokesman on propaganda video and audio messages distributed by the propaganda cell. The other members of the core each command one or more infrastructure cells.
While the tight coupling enhances security, it can limit flexibility and the ability to scale the organization. This in-group, while sharing tight cultural and ideological values, is not committed to a bureaucratic process.
"Members of the core group are under what could be termed ‘positive control’—long relationships and similar mindsets make ‘control’ not so much of an issue, but there are distinct roles, and position (structural, financial, spiritual in the sense of having the ‘correct’ interpretation of Islam) determines authority, thus making the core group a hierarchy topologically.
In the first example of the core, each member knows how to reach two other members, and also knows the member(s) he considers his ideological superior. Solid lines show basic communication, dotted red arrows show the first level of ideological respect, and dotted blue arrows show a second level of ideological respect.
If Osama, the most respected, died, the core would reconstitute itself. While different members have an individual ideological guide, and these are not the same for all members, the core would reconstitute itself with Richard as most respected.
Assume there are no losses, and Osama can be reached directly only by members of the core group. Members of outer cells and support systems might know him only as "the Commander", or, as in the actual case of al-Qaeda, Osama bin Laden's face is recognizable worldwide, but only a very few people know where he is or even how to contact it.
Other functions include psychological operations, training, and finance.
A national intelligence service has a support organization to deal with services such as finance, logistics, facilities (e.g., safehouses), information technology, communications, training, weapons and explosives, medical services, etc. Transportation alone is a huge function, including the need to buy tickets without drawing suspicion, and, where appropriate, using private vehicles. Finance includes the need to transfer money without coming under the suspicion of financial security organizations.
Some of these functions, such as finance, are far harder to operate in remote areas such as the FATA of Pakistan, than in cities with large numbers of official and unofficial financial institutions, and the communications to support them. If the financial office is distant from the remote headquarters, there is a need for couriers, who must be trusted to some extent, although they may not know the contents of their messages, or the actual identity of sender and/or receiver. The couriers, depending on the balance among type and size of message, security, and technology available, may memorize messages, carry audio or video recordings, or hand-carry computer media.
"These cells are socially embedded (less so than the core group, however), structurally embedded, functionally embedded (they are specialized into a domain), and knowledge base-specific (there does not seem to be a great deal of cross-training, or lateral mobility in the organization). Such cells are probably subjected to a mixture of positive and negative control (“do this, do these sorts of things, don’t do that”)."
|Anton||Military training/operations 1|
|Hassan||Military training/operations 2|
|Kim||Communications and propaganda|
The leaders of military cells are responsible for training them, and, when an operation is scheduled, selecting the operational commander, giving him the basic objective and arranging whatever support is needed, and then release him from tight control to execute the meeting. Depending on the specific case, the military leaders might have direct, possibly one-way, communications with their cells, or they might have to give Kim the messages to be transmitted, by means that Anton and Hassan have no need to know.
Note that Anton does not have a direct connection to Kim. Under normal circumstances, he sacrifices efficiency for security, by passing communications requests through Anton. The security structure also means that Hassan does not know the members of Anton's cells, and Kim may only know ways to communicate with them, but not their identity.
Kim operates two systems of cells, one for secure communications and one for propaganda. To send out a propaganda message, Osama must pass it to Kim. If Kim were compromised, the core group might have significant problems with any sort of outside communications.
Terrorist networks do not match cleanly to other cell systems that regularly report to a headquarters. The apparent al-Qaeda methodology of letting operational cells decide on their final dates and means of attack exhibit an operational pattern, but not a periodicity that could easily be used for an indications checklist appropriate for a warning center. Such lists depend on seeing a local pattern to give a specific warning. .
Note that Hassan has two subordinates that have not yet established operational cells. These subordinates can be considered sleepers, but not necessarily with a sleeper cell.
"Operational cells are not created, but instead ‘seeded’ utilizing individuals spotted or that request assistance (both groups are ‘vetted’ by being trained under the observation of the core group, which dramatically restricts the opportunity for passing off walk-ins under false flag). Categorization of operational cells appears to be by capabilities, region, and then task/operation. Operational cells are composed of members whose worldview has been firmly tested—necessary to front-load, because such cells are dispersed back to their own local control (or negative control—proscribed behavior—with positive control only coming in the form of contact for synchronization or support)."
If operational cells routinely are "released" curved dotted lines on link to military cells to select their final operational parameters, they use a different paradigm than governmental clandestine or covert operations. On a number of cases, US special operations forces had to wait for Presidential authorization to make an attack, or even move to staging areas. Admittedly, a country would have to face the consequences of an inappropriate attack, so it may tend to be overcautious, where a terror network would merely shrug at the world being upset. Assuming that the al-Qaeda operational technique is not to use positive control, their operations may be more random, but also more unpredictable for counterterror forces. If their cells truly need constant control, there are communications links that might be detected by SIGINT, and if their command can be disrupted, the field units could not function. Since there is fairly little downside for terrorists to attack out of synchronization with other activities, the lack of positive control becomes a strength of their approach to cell organization.
The operational cells need to have continuous internal communication; there is a commander, who may be in touch with infrastructure cells or, less likely from a security standpoint with the core group.
Al-Qaeda's approach, which even differs from that of earlier terrorist organizations, may be very viable for their goals:
"While Al-Qaida has elements of the organization designed to support the structure, but such elements are insufficient in meeting the needs of such an organization, and for security reasons there would be redundant and secondary-/tertiary-networks that are unaware of their connection to Al-Qaida. These networks, primarily related to fundraising and financial activities, as well as technology providers, are in a ‘use’ relationship with Al-Qaida—managed through cut-outs or individuals that do not inform them of the nature of activities, and that may have a cover pretext sufficient to deflect questions or inquiry."
Writing in the U.S. Army journal Military Review, David W. Pendall suggested that a "catch-and-release program for suspected operatives might create reluctance or distrust in such suspects and prevent them from further acts or, perhaps more important, create distrust in the cell leaders of these individuals in the future." The author noted the press release describing Ramzi Binalshib's cooperation with the United States "are sure to prevent reentry into a terrorist cell as a trusted member and most likely limits the further trust and assignments of close cell associates still at large. The captor would determine when to name names and when to remain silent." Indeed, once intelligence learns the name and characteristics of an at-large adversary, as well as some sensitive information that would plausibly be known to him, a news release could be issued to talk about his cooperation. Such a method could not be used too often, but, used carefully, could disturb the critical trust networks. The greatest uncertainty might be associated with throwing doubt onto a key member of an operational cell that has gone autonomous.
* * * * * * *