Seizures of Zetas' communications equipment have increased international attention on the group's comms systems, which the Associated Press says has spread across the isthmus. Security analyst Gordon Housworth offers this addendum to the recent coverage for InSight Crime:
Prior to recent interdictions, the Zetas operated a transnational private communications network stretching from the US through Guatemala to Honduras. (Interestingly the Mexican government has described it as a series of discrete networks intended for regional/local efforts.)
[See also InSight Crime's The Zetas Take to the Air]
From an operational standpoint, as well as the known Zeta footprint and intent, we support the single network theory as the Zetas have many reasons to want to gain regional control while denying access to competing Drug Trafficking Organization (DTOs).
From a technical standpoint, the greater network could have "airgaps" that break the network into zones so that if the US/Mexican assets roll up one segment, they do not roll up all segments. The 'gap' could also be as simple as 'sneaker net' (manual transfer) or as sophisticated as fiber optics links. If the Zetas could do it, they would likely go all fiber as that makes interception far more difficult.
Improving Cartel Communications
The Mexican DTOs are designing increasingly sophisticated communications systems using VHF and UHF COTS (commercial off the shelf) components for encryption and transmission. Unlike earlier captures, which show mixed equipment likely a result of many small lot purchases as well as theft, the newer captures display far more uniformity indicating mass purchase against a system architecture design.
Most if not all networks employ solar powered, high capacity battery banks that support rural placement taking advantage of terrain line of sight where power may not be present.
Earlier stacked arrays and folded dipoles are now being augmented by parabolic UHF antennas for greater gain and heightened beam pattern, i.e., greater range requiring fewer intermediate tower repeater arrays.
All are indicators of heightened professionalism and a commitment to fielding a stable, maintainable communications capability.
The use of best of breed COTS components as opposed to MILSPEC [military grade] hardware allows the DTOs to quickly roll out a low cost, highly extendable and maintainable network. The problem is that such a COTS system is vulnerable to adversary efforts to locate and map its nodes and infer information about its operational behavior.
Transnational Command & Control Net
The Zetas have equipped their lookouts and street-level operatives ('halcones') with commercially available short range handheld radios similar to those used by construction and emergency response sectors.
[See InSight Crime's Zetas profile]
Erecting a network of line of sight towers with repeaters that retransmit the signals of these handhelds, the Zetas were able to build a trans-regional command and control (C&C) independent of commercially available channels. (Line of sight means the signal path is unopposed by buildings, structures or terrain.)
It is equally possible that the Zetas were also attempting to intercept (monitor) police/military traffic in order to position their forces to either evade interdiction or gain the element of surprise in an attack of state and federal assets.
Post Dismantlement Options
Post dismantlement the Zetas, with other DTOs watching, have been performing damage assessment in an attempt to understand the level of compromise of its network traffic, its operational capacity and its sources and means.
Aware that their initial network was vulnerable to location and rollup, and now having a minimum knowledge of Mexico/US intercept capabilities, the Zetas must design a system less vulnerable, at a minimum, to traffic analysis and geolocation. (Traffic analysis looks for 'to-from' patterns of even encrypted message traffic which can build traffic sequence, infer operational patterns, then associate external events to those sequences.)
Sufficiently sensitive monitoring equipment can detect individual characteristics and variances in system clocks and crystals, permitting the tracking of a particular radio on the net. Operational patterns will ultimately emerge that enable interdiction.
The Zetas will want to reestablish regional command and control (C&C) but in an implementation that does not instantly expose them to renewed interception and rollup. Mere physical camouflage by vegetation and paint will no longer suffice.
A successor network will demand improved Electronic Protection (EP), that is, actions that protect friendlies from the effects of both friendly and adversary electronic warfare that would degrade the network.
Electronic Protection (EP) is both active and passive:
- Passive measures include siting, shielding, emission control (reducing the number of transmissions), alternative means (not delivering the entire message stream on a single channel), directional antennas, frequency management/agility and identical equipment.
- Active measures include encryption, anti-jam and techniques known as low probability of intercept (LPI) and low probability of detection (LPD).
DTOs will have to upgrade their skills to counteract allied efforts. Tools such as burst transmissions, mobile equipment, frequency agility and fiber optic links could make their appearance. One should also expect to see the appearance of military grade equipment, even countermeasures equipment, as well as the hiring of skilled EP staff.
The better a next generation Zeta net excels at Electronic Protection, the more difficult it will be to monitor, penetrate or spoof (pass oneself off as a net member) its network.
*Gordon Housworth is Managing Principal, Intellectual Capital Group LLC. Responsible for Risk Consulting & Competitive Intelligence (CI) - Geopolitical, Operational, Technology and Reputational. See his blog here.