Adaptation by intelligent adversaries to defensive measures: framing adaptation options and demonstrating assessment of attacker preferences using proxy intelligence data

Abstract

Addressing adaptation by intelligent adversaries and its implications for risk modeling and security planning requires understanding the ways attackers can respond to new defensive measures. Adversaries can make various types of tactical or target substitutions, seek to hide from defenses, avoid them without changing targets or locations, attack them directly, simply absorb and tolerate their effects, or make other organizational changes to compensate for them. Each of these options has distinct risk effects created directly or due to opportunity costs. Operationalizing this type of analysis requires linking the theoretical options adversaries have to what is known about their behavior. We illustrate that process by using a set of data sources to demonstrate how attacker preferences can be assessed. We use open-source historical data on past responses by al-Qa’ida and associated groups as a way to characterize the groups’ “expressed adaptation preferences.” As a prospective data set, we use a convenience sample of material from jihadist internet posting boards and a small selection of publicly released seized documents using quantitative coding for attacker preferences or decision drivers. The results of both sets of analyses demonstrate complementary ways for exploring preferences that have advantages for taking adversary adaptation into account in risk analysis and security planning.