Lesson Readings Unit 3
Social Media Platforms Becoming a Tool of Terror
Social media platforms have a huge global reach and audience, with YouTube boasting more than 1 billion users each month. This breaks down into 6 billion hours of video that are being watched each month and 100 h of video are uploaded to YouTube every month (YouTube Statistics, 2014). Similarly, Twitter has on average 350,000 tweets being sent per minute and 500 million tweets per day (Twitter, 2014), whilst Facebook remains the largest social media network with 500 million active users and 55 million people sending updates (Fiegerman, 2014). As this study will show, Isis have been using both platforms as magnets that have attracted thousands of views, comments, forums and posts. For example, through the use of videos posted on YouTube, it began its' one billion campaign, which called upon Muslims to join Isis. The videos attracted huge audiences and were accompanied with the words: 'Proudly support the Muslim cause' (Irshaid, 2014). The breadth and length of the videos were also broadcast and shown in different languages and countries such as Algeria, Libya and Egypt, thus reflecting the transnational appeal of Isis. The videos specifically called for; 'young men and Muslims in various parts of the world to fight for Isis' (see Fig. 1). The Isis social media nerve centre is its Al Hayat Media Centre which is sending many of these messages which reveal the propaganda tools it is using. A number of these videos also depict Isis as fighters with a 'moral conscious' and show them helping protect civilians. Some of the videos also show Isis members visiting injured fighters in hospitals and offering children sweets (see Fig. 2). These videos also form part of a wider series called 'Mujatweets' and are produced with high quality HD and powerful imagery. Indeed, this is reinforced by online podcasts made by British Isis fighters on the ground, such as Abu Summayyah al-Britani. Speaking from an Internet cafe in northwest Syria, Abu Summayyah describes in detail the nature of the conflict. He states that: BWe have been successful so far in pushing back the regime^ and also described fighting in Syria as better than playing Call of Duty (Lucas, 2014). Much of the Isis literature also uses motivational powerful themes which aim to appeal to the youth and at the same time allow groups such as Isis to recruit and maintain its propaganda machine (Richards, 2014). Furthermore, Isis had released a free to download app which kept users updated with the latest news from the organisation. The app entitled: 'The Dawn of Glad Tidings' (see Fig. 3) was promoted online and was available on the google android system, before it was detected and suspended. The app once downloaded allowed users to see and monitor tweets, links, hashtags, images, videos and comments posted on their specific accounts. Most of the content was regulated by Isis's social media arm (Chasmar, 2014). The paper, below will now examine, how the use of cyber-terrorism and social media have converged in this virtual space for groups such as Isis.
Conclusion Projecting American Strength
This National Strategy for Counterterrorism marks a shift in America's approach to countering and preventing terrorism. We will lead with our principles and a cleareyed understanding of a constantly changing operating environment. While this strategy was necessarily formulated against a backdrop of the threats we face today, it provides flexible guidance to enable an effective approach against an agile and adaptive terrorist threat This new approach to counterterrorism does not rest on the idealistic hope of an easy and unthreatening world. Terrorism will persist as a tactic of those who view our democracy as a threat to their tyrannical aspirations, but the United States will remain secure through our strength, innovation, and independence of action. We will stay ahead of our terrorist adversaries by ensuring that we have the infrastructure, tools, authorities, practices, people, and the political will to apply the full range of our strengths against their vulnerabilities. As fascists and communists did before them, terrorists seek to use our openness, tolerance, and freedoms against us. They will fail. We will relentlessly pursue those terrorists that seek to harm our country and remain vigilant and vigorous in our prevention of attacks. We will not yield to adversaries who attack us with bombs, bullets, or propaganda. We will rise to every challenge, face the enemy on every front, and ensure a future of peace, security, and prosperity for our country and the world. We will protect the American dream.
Taking Greater Account of Denial and Deception
Claiming that analysts have often been years late in detecting menacing WMD developments, The Report of the Commission to Assess the Ballistic Missile Threat to the United States (July 1998) criticized intelligence for insufficient attention to Denial and Deception (D&D) and other obstacles to reliable judgments on national security threats. Known as the Rumsfeld Commission after its Chairman (and current Secretary of Defense) Donald Rumsfeld, the report insists analysts take greater account of what they do not know in providing policy officials with the intelligence back-up for planning against the threat of rogue regime missile developments. From the Commission's viewpoint, the analysts' bottom-line judgment on when and how an adversary will be capable of threatening US interests is often too dependent on assessing available hard evidence on what said adversary has achieved, and also on the highly-structured model for weapons development of the former Soviet Union. In a variant of Alternative Analysis, the report calls upon analysts to search for evidence that would disprove an adversary's reliance on alternative technologies, non-Soviet methodologies, and new paths toward a menacing potential. But as long as these more alarming paths cannot be ruled out, analysts must assess the implications of a rogue regime, say, buying or stealing missile technology and deploying weapons without elaborate (and thus detectable) testing. The report elaborates on employing the technique of "alternative hypotheses": This technique can help make sense of known events and serve as a way to identify indicators relative to a [missile] program's motivation, purpose, pace and direction. By hypothesizing alternative scenarios a more adequate set of indicators and collection priorities can be established. As the indicators begin to align with the known facts, the importance of the information gaps is reduced and the likely outcomes projected with greater confidence. The result is the possibility for earlier warning than if analysts wait for proof of a capability in the form of hard evidence of a test or a deployment. In other words, policymakers need to be warned of what the threat potential is if analysts are wrong in their major assumptions, as well as the level of threat if they are right. This standard for analyst participation in the warning process could be applicable whenever policymakers grapple with costly or politically charged defense issues. Commission member Paul Wolfowitz (now Deputy Secretary of Defense) opined in 1995 that the proper role of intelligence is to serve as a tool for effective debate among competing policymakers (via multiple outcome analysis)—and not as a weapon that one group of policymakers can wield against the others (single-outcome analysis). Kent School workshops on AA and D&D, and like units in the CAP, work to increase understanding of the general tradecraft challenges levied by the Rumsfeld report. Also, a Kent Center Fellow is currently working on a methodology that addresses the challenges specifically of keeping track of rogue regime ballistic missile developments. Strategic Warning: Role of the Analyst The Rumsfeld Commission's call for rethinking the analyst's role in the warning process echoes a 1996 critique of intelligence performance issued by the Working Group on Intelligence Reform of the National Strategy Information Center. The Future of US Intelligence defines governmental assessments of the character of threats in order to establish an appropriate level of national security readiness as the essential output of the warning process. The Working Group sets the same standard for warning analysis that it does for intelligence analysis generally—not to attempt to predict the future but to provide analysis that helps policy officials shape the future. Regarding the warning process: The measure of effectiveness is not "were we surprised" but "were we at an appropriate level of readiness." In case of a "surprise attack" it is better to be subjectively surprised [by a specific incident] but at a high level of readiness [regarding a general threat], than to be effectively unready, even though expecting the attack. The role of analysts in this strategic warning regime is to leverage their expertise on foreign developments, first to help government officials determine appropriate levels of preparedness for identified national security threats and second to provide actionable assessments to ward off or minimize the dangers. Once analysts perceive policymakers have taken their warning on board, their second obligation includes helping policymakers identify and examine critically various measures to deter and limit damage. This call for changing the analysts' role in the warning process was mostly overlooked in the heavy flow of recommendations for improving intelligence performance issued during the 1990s. Redefinition of the analysts' role, perhaps radical change, will likely get deliberate attention in the Congressional and other post-mortem assessments generated in response to the "surprise" terrorist attack of 11 September 2001.
3. Cyberterrorism
One important and rapidly growing type of terrorism involves terrorist attacks on computer networks and systems. Critical government and corporate computer systems are especially vulnerable to these potentially crippling and extremely costly attacks. But so are all other computer users who depend on the Internet and e-mail systems: ordinary and high-profile individuals alike, community and religious groups and other nongovernmental organizations, and others. A nation's information infrastructure qualifies clearly as a prime target for terrorist attacks, as it is vital to the effective functioning of economic and public sector operations. Cyberterrorist attacks may use any of a variety of devious devices created to overcome even fairly sophisticated identification log-on procedures and firewalls that protect data and software resources. They do so by creating viruses and worms that invade, attach themselves to, and disrupt government, corporate, or individual computers or by launching spam e-mail attacks that shut down entire systems and operations, destroy valuable information along the way, and do so in a matter of seconds. Or they may engage in cyberstalking, whereby attackers intimidate individuals through computer messages with either vague or explicit threats of terrorist attacks. The attacks may involve computer systems that control banking and finance operations, power supplies, communications, transportation, the processing and distribution of food supplies, and other manufacturing, wholesale, retail, or service operations. These attacks may occur alone, or they can be orchestrated to accompany major terrorist events, disrupting efforts to prevent and respond to those more conventional types of terrorist attacks (McQuade, 2006). An important early cyberterrorist attack was the "Code Red" attack on White House computers in July 2001. Marked with the phrase, "Hacked By Chinese," a generalized computer worm attack on the Internet launched the incident, which also included a denial-of-service attack targeting the White House Web server. The Federal Bureau of Investigation, Central Intelligence Agency, National Security Agency, and other agencies of federal and local law enforcement have created teams of experts to deal with this growing menace. At the same time, cyberterrorists work largely by attacking critical private sector resources - the very resources that are likely to be an essential weapon in any battle against cyberterrorism. While law enforcement agencies are increasingly acquiring the computerized filters and screens and the human resources needed to prevent such attacks, they must also rely on private agents with unique skills to help counter the attacks. Box 7.4 describes the combination of intelligence and patience that is typically needed to catch this rapidly growing class of cyberterrorists. One of the most worrisome prospects is the use of methods of cyberterror by militant extremists, especially when orchestrated with other terrorist attacks. Box 7.5 gives an account of a young jihadist based in London who committed serious crimes on behalf of al Qaeda through the Internet. He was caught, but the episode illustrated how easy it is for smart, young, like-minded people to put modern technology into the service of criminal activity and the support of international terrorist networks.
4. The Internet as a "Rage Enabler"
Technology can be used as an instrument of terror in yet another way, which is perhaps more powerful strategically and more pervasive than any other usage, and that is to spread hatred through the Internet. The Internet was developed largely for productive, commercial, and intellectual purposes: to expand access to and the dissemination of information and thus serve as a marketplace for ideas. The launching of the World Wide Web in the 1990s contributed substantially to the realization of these goals, and the prospects seemed virtually limitless a decade later, with few downside prospects. In time, however, extremists with hostile agendas found and began to exploit this powerful technology with much the same enthusiasm. The Internet thus opened the door to the spread of terrorism by providing extremists with vast access to like-minded people, enabling them to communicate and to enlist others, previously isolated in faraway places, in causes of hatred and violence. The creation of extremist Web sites has fanned these fires of hatred, helping spread local skirmishes into more heated transnational crises. Researcher Charles McLean refers to this perverse use of the Internet as its "rage enabling" capacity (Ignatius, 2006a). Daniel Benjamin and Steven Simon (2005) see the Internet as having contributed to a "new breed of selfstarting terrorist cells," spewing a brew of quasi-religious doctrine that calls for violence and provides instructions for carrying it out. They report an increase from just 12 Web sites for terrorist groups in 1998 to about 4,400 by 2005. This perverse use of the Internet by extremists has exploded since the attack of September 11, but it started earlier. The problem had in fact reached a sufficient level of alarm to cause a group of concerned people to launch counter-measures in the 1990s. In the United States, years ago, the Educational Resources Information Center began to create materials and guides for teachers, parents, and others in the community on misuse of the Internet. NetAction, a California nonprofit organization, established a Web site in 1997 to counter hate on the Internet. In Canada, the International Symposium on Hate on the Internet was launched also in 1997. Similar efforts began after 9/11. In the Netherlands, the International Network against CyberHate was created in 2002 to fight hatred and discrimination on the Internet. What is the appeal of Web sites of hatred? There are several sources of their seductiveness. First, they feed a paranoia common to anxious people everywhere, especially less educated young males (Cogan, 2002; Franklin, 2002; Martin, 1996). They provide superficially appealing conspiracy theories that often blame targeted groups for a variety of sins: religious, cultural, economic, and political. These theories are seductive because they validate the audience's ignorance through fabricated facts and seemingly authoritative writings, such as the Protocols of the Elders of Zion, an anti-Semitic hoax forged in Russia in the late nineteenth century using material heavily plagiarized from an earlier non-anti-Semitic political satire about Montesquieu and Machiavelli (Graves). Second, they often invoke references to holy scriptures, historical icons, or pseudo-scientific writings to suggest that their claims have been morally sanctified or authenticated by an ultimate authority (Media Awareness Network, 2008). These claims are typically accentuated by appeals to a need to maintain the survival of the religion or culture, maintain ethnic or ideological purity, or stave off an otherwise inevitable Armageddon. They are often accompanied also by appeals to patriotism and by historical revisionism, such as denial of the Holocaust. They often invoke symbols, such as the swastika or KKK letters, to instill an emblematic sense of loyalty to the cause. The Internet genie is out of the bottle, and there may be no way of putting it back, but there are ways of controlling the spread of hatred on the Internet. One way is through vigilance: tracking Web sites to see if they cross the line of legality. In the United States, state and federal laws protect people against crimes motivated by animus against race, religion, ethnicity, national origin, gender, sexual orientation or identity, or disability. If such laws have been violated, offenders can be prosecuted. If the violators live outside the country, the offending Web sites can be shut down. Another way is to inoculate children against the virus of hatred on the Internet and elsewhere through education and adult guidance on history and world events, facts about racism, and the false claims of extremists. Such campaigns begin at home and, with the help of the Internet, they can be made available to people abroad.
2. Attacks on Technology Infrastructures and Critical Systems
Over the past several decades, economies throughout the world have been fueled by extraordinary growth in technological efficiency and substantial increases in productivity in both the manufacturing and service sectors. These developments have been largely a product of advances in industrial engineering, computerized logistics, and the development of "tightly coupled systems" to reduce redundancies and delays. Sophisticated airport scheduling and "just-in-time inventory systems" are examples of such advances, which have contributed significantly to reductions in the costs of delivering goods and services in economies throughout the world (Barabasi, 2003). These developments have also made society more vulnerable to terrorist attacks, and they may actually invite terrorist attacks. Systems that are developed to accommodate only normal amounts of demand and occasional shocks due to weather and other random disruptions may be ill equipped to respond to severe shocks not previously encountered, as revealed by Hurricane Katrina in 2005 (see Chapter 11). The world may be no less vulnerable to shocks of terrorism. Of particular concern are critical systems and technology infrastructures: electric power plants, generators, lines, and grids; hydroelectric dams and facilities; telecommunication centers and lines; air and rail traffic control systems; oil and gas pipelines and other energy supply lines; agribusiness supply chains; and the Internet. A basic solution is to protect these systems by building redundancy into them, replacing single-file lines and bottlenecks with adaptive networks, parallel processes, and backups. Much of this redundancy had already been put in place before the 9/11 attack. Al Qaeda's planners may have anticipated that the attack on the world's financial center would cause more serious disruptions to the U.S. economy than actually occurred. Thanks largely to preparations for an anticipated "Y2K" calamity - computer systems would fail with the arrival of the new millennium - the U.S. financial system turned out to be well prepared to absorb the shock of September 11, 2001. Wall Street operations were hit hard, but not seriously set back by the attack. Essential financial markets, including banks and other financial intermediaries, remained open throughout the day and thereafter. Wholesale and retail payment systems remained operational, and many firms in the World Trade Center resumed business from other offices or from contingency sites within hours of the attack (Ferguson, 2004). Vulnerabilities remain, however, in many still-fragile systems. Here are three examples: 1. A fallen power line in Ohio in 2003 cascaded into a major power outage throughout the Midwest and Canada, causing a blackout for about fifty million people and producing losses estimated at more than six billion dollars (Anderson Economic Group, 2003). 2. In the deep cold of January 2006, a team of terrorists blew up two major Gazprom pipelines in the southern Russian republic of North OssetiaAlania, while another team attacked a power transmission pylon carrying electricity from Russia to Georgia. These two attacks effectively closed down both electricity and natural gas supplies to all of Georgia, a country about the size of Maine and home to nearly five million people. Georgian residents experienced great peril during the week of repairs needed to bring the country back to normal energy levels (Robb, 2007). 3. Iraq's oil pipeline system - more than 4,000 miles of it - has been hit repeatedly by terrorists since 2003. These attacks are inexpensive to launch, but they impose huge economic costs on the people of Iraq. The costs of these attacks could be reduced by improved systems of detection and remote control, but these systems are expensive to install and the workers operate under extremely perilous conditions (Robb, 2007). The National Academy of Sciences devoted a chapter of its 2002 report on the nation's vulnerability to terrorism to the problem of complex and interdependent systems. The report describes how these vulnerabilities can be dealt with through the use of systems analysis and systems engineering. It recommends specifically that governance should be protected through more effective management techniques and the use of decision analysis, which enables better management of the risks. It describes how preparedness can be enhanced by testing different policy responses through the use of simulation models that account for real-world system complexities
The Terrorist Adversary
The United States and our allies face an increasingly complex terrorist landscape, populated by a diverse array of actors employing new technologies and tactics to advance their agendas. The terrorist threat to the United States is growing more dynamic and diffuse as an increasing number of groups, networks, and individuals exploit global trends, including the emergence of more secure modes of communications, the expansion of social and mass media, and persistent instability across several regions Radical Islamist terrorists remain the primary transnational terrorist threat to the United States and it s vital national interest s. Prominent terrorist organizations, particularly ISIS and al- Qa'ida, have repeate dly demonstrated the intent and capability to attack the homeland and United States interests and continue to plot new attacks and inspire susceptible people to commit acts of violence inside the United States.1 These groups stoke and exploit weak governance, conflict, instability, and longstanding political and religious grievances to pursue their goal of eliminating Western influence in majority Muslim countries and remaking Islamic society. Radical Islamist terrorist groups have developed and used methods that have challenged United States counterterrorism efforts, including establishing state-like governing institutions within their safe havens, deploying sophisticated explosive devices to defeat aviation security measures, and using high-quality media products to recruit extremists in the West. Future radical Islamist terrorists and other terrorists will continually adapt these and other tactics to their circumstances and the technological advances of the age. It is, therefore, critical that the United States counterterrorism posture be agile enough to adapt as well. Radical Islamist terrorists have a violent extremist ideolog y that serves to create a common identity and sense of purpose for those susceptible to its core message. This vile ideology is used to indoctrinate new recruits to accept terrorist groups' goals and directives without question, and also allows these groups to maintain cohesion, ensure conformity, and justify the use of violence to meet the ideology's goals. It avails terrorists of a worldview that helps unify their efforts by fomenting conflict and attempts to legitimize terrorism by elevating the social status of group members and absolving individuals from culpability for their participation in violence. Because of this, we must ensure that our efforts will undermine the appeal of this ideology of hate. Its resilience, power, and appeal make it a grave danger to not just our own nation's security but also that of our allies across the globe. Without the appeal of this ideology, radical Islamist terrorism has no foundation. ISIS remains the foremost radical Islamist terrorist group and the primar y transnational terrorist threat to the United States, despite ongoing United States and coalition civilian and military efforts that have diminished the group's footprint in Iraq and Syria, killed thousands of its members, and curtailed its global expansion. ISIS retains the financial and material resources and expertise to launch external attacks—including against United States interests—and its senior leaders continue to call for attacks against the United States. The group's global reach remains robust, with eight official branches and more than two dozen networks regularly conducting terrorist and insurgent operations across Africa, Asia, Europe, and the Middle East. Despite many setbacks, ISIS maintains a sophisticated and durable media and online presence that allows it to encourage and enable sympathizers worldwide to conduct dozens of attacks within target countries, including the United States. The increase in attacks by persons mobilized to violence in the United States underscores the ability of ISIS to inspire terrorist attacks. ISIS has been innovative and determined in its pursuit of attacks in the West. The group has exploited weaknesses in European border security to great effect by capitalizing on the migrant crisis to seed attack operatives into the region. For instance, two of the perpetrators of the 2015 ISIS attacks in Paris, France, infiltrated the country by posing as migrants. Further, ISIS is continuing its efforts to circumvent European efforts to shore up border security by identifying new routes. Europe's struggle to screen the people crossing its borders highlights the importance of ensuring strong United States borders so that terrorists cannot enter the United States. In addition, the savagery of ISIS has caused a massive movement of millions of innocent refugees. Our battlefield successes, meanwhile, have given way to the flight of thousands of terrorists seeking to evade justice. As defeated fighters and their families disperse, the United States and our partners must remain vigilant to ensure that terrorists cannot evade our security measures to threaten our people and way of life. Meanwhile, al-Qa'ida's global network remains resilient and poses an enduring threat to the homeland and United States interests around the world. Consistent United States-led counterterrorism pressure has removed many of its senior leaders and reduced the group's ability to operate in South Asia, but its affiliates continue to plan and carry out terrorist attacks against the United States and our allies, as well as raise funds from individual supporters through the international financial system. Affiliate resources are primarily focused on local and regional conflicts, but key operatives and elements within the network continue to seek out new opportunities to strike the homeland and United States interests and to inspire attacks inside the United States. Veteran al-Qa'ida leaders are working to consolidate and expand the group's presence in several regions, including in Syria, from which it aspires to launch new attacks against the United States and our allies. Both ISIS and al-Qa'ida have inspired people susceptible to their malign influence to conduct terrorist attacks inside the United States. This will probably remain the most frequent form of radical Islamist terrorism in the United States for the next several years. Such attacks, motivated by a wide range of factors, will continue to be conducted primarily through the use of simple tactics against predominantly soft targets. ISIS is likely to remain the main inspiration for such attacks, particularly if the group can retain its prominence and use social and mainstream media coverage to promote its violent message. In addition to ISIS and al-Qa'ida, dozens of other radical Islamist terrorist groups are working to advance more locally focused insurgent or terrorist campaigns, while still posing a threat to United States persons and interests overseas. These groups, including Boko Haram, Tehrik-e Taliban Pakistan, and Lashkar-e Tayyiba, employ a range of political and terrorist tactics to undermine local governments and conduct attacks. These organizations will probably prioritize regional goals over attacks against the homeland or United States interests because of resource constraints or political considerations. However, many of these groups are hostile to the United States, maintain networks of sympathizers around the world, and retain ties to ISIS or al-Qa'ida, underscoring their potential threat to United States interests. Iran remains the most prominent state sponsor of terrorism, supporting militant and terrorist groups across the Middle East and cultivating a network of operatives that pose a threat in the United States and globally. These groups, most notably Lebanese Hizballah (Hizballah), use terrorism and other asymmetric means in partnership with Iran to expand their influence in Iraq, Lebanon, the Palestinian territories, Syria, and Yemen and to destabilize their rivals. Hizballah fields powerful military and intelligence elements, possesses large stocks of sophisticated arms, and maintains extensive networks of operatives and sympathizers overseas, including individuals in the homeland. Through the Islamic Revolutionary Guard CorpsQods Force (IRGC-QF), Iran's primary terrorist support arm, the Government of Iran provides financial and material support, training, and guidance to Hizballah and other Shia militant groups operating in Bahrain, Iraq, Syria, and Yemen. It also supports HAMAS and other Palestinian terrorist groups. With operatives deployed around the world, the IRGC-QF has the capability to target United States interests and possibly the homeland. There is also a broad range of revolutionary, nationalist, and separatist movements overseas whose use of violence and intent to destabilize societies often puts American lives at risk. For example, the Nordic Resistance Movement is a prominent transnational, self-described nationalist-socialist organization with anti-Western views that has conducted violent attacks against Muslims, left-wing groups, and others. The group has demonstrated against United States Government actions it perceives are supportive of Israel and has the potential to extend its targeting to United States interests. Similarly, the neo-Nazi National Action Group, a terrorist organization that was banned by the United Kingdom in 2016 for its promotion of violence against politicians and minorities, operates mainly in the United Kingdom but has engaged with like-minded groups in the United States, Estonia, France, Germany, Latvia, and Poland—expanding the potential influence of its violent ideology. Likewise, Babbar Khalsa International seeks, through violent means, to establish its own independent state in India and is responsible for significant terrorist attacks in India and elsewhere that have claimed the lives of innocent civilians. Such groups may avoid or deprioritize targeting United States interests for now to avoid detracting from their core goals but frequently conduct assassinations and bombings against major economic, political, and social targets, heightening the risk to United States personnel and interests overseas. Lastly, the United States has long faced a persistent security threat from domestic terrorists who are not motivated by a radical Islamist ideology but are instead motivated by other forms of violent extremism, such as racially motivated extremism, animal rights extremism, environmental extremism, sovereign citizen extremism, and militia extremism. Such extremist groups attempt to advance their agendas through acts of force or violence. Notably, domestic terrorism in the United States is on the rise, with an increasing number of fatalities and violent nonlethal acts committed by domestic terrorists against people and property in the United States. The economic harm caused by domestic terrorists has also increased sharply as domestic terrorists have continued to destroy property, disrupt business, and perpetrate financial crimes that are designed to damage certain sectors of the United States economy.
Cyber-Extremism: Isis and the Power of Social Media
Currently, there are estimated to be at least 750 Britain's who have travelled to Syria to fight against President Assad's forces (at the time of writing) (Whitehead, 2014). Within this heightened atmosphere, a hydra global insurgency from a plethora of extremist groups in Syria and Iraq, such as Isis, have emerged that all have links to an extremist narrative (International Centre for the Study of Radicalisation, 2013). As people continue to travel and fight with groups such as Isis, the organisation has also begun a campaign of cyber jihad, whereby they are using the Internet and social media sites to target young and impressionable people (Berger, 2014). Indeed, the threat groups such as Isis pose online has meant that the UK Government are in a continuous battle to remove online extremist material. The UK Government have currently removed 15,000 items of 'jihadist propaganda' (ITV news, 2014). This includes an online recruitment video, entitled: 'There's No Life Without Jihad' which featured three British fighters glamorising and encouraging people to come and fight for Isis. The video, however has reappeared and was available on YouTube and to date has 4, 289 views (at the time of writing) (Al Hayat Media Centre, 2014). Similarly, other videos have appeared online where the leader of Isis, Abu Bakr Al-Baghdadi has called for 'Sunni youths' to fight for Isis. He stated that: BI appeal to the youths and men of Islam around the globe and invoke them to mobilise and join us to consolidate the pillar of the state of Islam and wage jihad against the rafidhas (Shia), the safadis of Shi'ites^ (New Delhi Times, 2014). Isis tactics of using social media platforms to send out sound bites in this manner, allows them to have direct communication with a wider global audience and gives them a platform they could simply not reach if they were attempting to recruit people face-to-face (Denning, 2010). These slick and well equipped videos are able to entice those vulnerable to this extremist ideology. As a result, what we are witnessing is Isis being able to tap into the minds of young and impressionable people who are more likely to be watching YouTube and using Facebook and Twitter (Awan, 2013). Moreover, this allows groups like Isis, a direct channel whereby they can play upon individual grievances and dissatisfaction that makes those vulnerable feel as though they are significant and important (Awan and Blakemore, 2012). They are then able to use these videos, tweets, Facebook posts and forums into online radicalisation tools, whereby they are able to glamorise 'extremism' and make it appear as though fighting with them is 'cool'. This coupled with the excitement for many of these individuals can be used as a vehicle to create the myth that coming to join Isis will be an adventure and a once in a life time opportunity (Sekulow et al., 2014). This study examined 100 different Facebook pages, comments and posts and examined 50 different Twitter users which led to 2050 results in order to capture and contextualise the impact Isis was having on social media sites. Overall, the study found that Isis was playing a significant role in its use of social media as a platform to radicalise and recruit would be extremists. videos were also broadcast and shown in different languages and countries such as Algeria, Libya and Egypt, thus reflecting the transnational appeal of Isis. The videos specifically called for; 'young men and Muslims in various parts of the world to fight for Isis' (see Fig. 1). The Isis social media nerve centre is its Al Hayat Media Centre which is sending many of these messages which reveal the propaganda tools it is using. A number of these videos also depict Isis as fighters with a 'moral conscious' and show them helping protect civilians. Some of the videos also show Isis members visiting injured fighters in hospitals and offering children sweets (see Fig. 2). These videos also form part of a wider series called 'Mujatweets' and are produced with high quality HD and powerful imagery. Indeed, this is reinforced by online podcasts made by British Isis fighters on the ground, such as Abu Summayyah al-Britani. Speaking from an Internet cafe in northwest Syria, Abu Summayyah describes in detail the nature of the conflict. He states that: BWe have been successful so far in pushing back the regime^ and also described fighting in Syria as better than playing Call of Duty (Lucas, 2014). Much of the Isis literature also uses motivational powerful themes which aim to appeal to the youth and at the same time allow groups such as Isis to recruit and maintain its propaganda machine (Richards, 2014). Furthermore, Isis had released a free to download app which kept users updated with the latest news from the organisation. The app entitled: 'The Dawn of Glad Tidings' (see Fig. 3) was promoted online and was available on the google android system, before it was detected and suspended. The app once downloaded allowed users to see and monitor tweets, links, hashtags, images, videos and comments posted on their specific accounts. Most of the content was regulated by Isis's social media arm (Chasmar, 2014). The paper, below will now examine, how the use of cyber-terrorism and social media have converged in this virtual space for groups such as Isis.
COVID-19 Influence Narratives
Russian online influence actors are advancing misleading or (what they perceive as) inflammatory narratives about the COVID-19 pandemic probably to stoke fear, undermine the credibility of the U.S. government, and weaken global perceptions of America. Moscow probably will study the American public's reaction to its COVID-19 disinformation to improve future influence campaigns aimed at shaking public confidence in Washington, which it can unleash opportunistically during a crisis, hostilities, or a period of degraded relations. • Russian online influence actors have claimed that the U.S. President is incapable of managing the COVID-19 crisis and sought to exacerbate public concerns by amplifying content critical of the U.S. response to the public health crisis and the economic downturn. In contrast, the actors highlighted China's and Russia's alleged success against the COVID-19 outbreak and praised President Putin's COVID-19 plan and Russia's ample supply of tests. • Russian online influence actors spread misinformation and conspiracy theories about the origin of COVID-19, claiming it is a U.S.-engineered biological weapon that U.S. military officials spread in China. Chinese operatives probably are waging disinformation campaigns using overt and covert tactics—including social media trolls— to shift responsibility for the pandemic to other countries, including the United States. China might increase its influence activities in response to what it views as anti-China statements from the U.S. Government over China's role in the pandemic. • Since August 2019, more than 10,000 suspected fake Twitter accounts have been involved in a coordinated influence campaign with suspected ties to the Chinese Government. Among these are hacked accounts from users around the world that post messaging and disinformation about the COVID-19 pandemic and other topics of interest to China. • China's Foreign Ministry, state media, and official Twitter accounts promote overt narratives claiming the coronavirus may have originated in the United States, criticize the U.S. pandemic response, and publicize China's COVID-19-related medical assistance to U.S. cities and states. China has doubled the number of official government posts disseminating false narratives about COVID-19 and has carried out persistent and large-scale disinformation and influence operations that correlate with diplomatic messaging. • China most likely will continue amplifying narratives supportive of its pandemic response while denigrating U.S. official criticism that Beijing views as tarnishing its global image. Iranian online influence actors are employing inauthentic social media networks, proxy news websites, and state media outlets to amplify false narratives that seek to shift responsibility for the COVID-19 pandemic to the United States and other Western nations. Tehran probably will continue to malign the United States for enforcing economic sanctions, arguing these sanctions hinder Iran's ability to put forward an appropriate public health response to the pandemic. • Iranian actors have spread COVID-19 disinformation and false narratives through videos, cartoons, and news stories from state media outlets on popular social media platforms to appeal to U.S. and Western audiences. • Iranian operatives have covertly used proxy networks and sites to advance narratives suggesting that the United States created the virus as a bioweapon, that Western media is spreading lies about COVID-19 in Iran, and that the Iranian response to the pandemic was better than that of the United States.
Isolate Terrorists from Financial, Material, and Logistical Sources of Support
The technological advances of the past century have created an interconnected world in which it is easier than ever to quickly move people, funding, material, and information across the globe. The backbone of this interconnected system is information technology—largely created and facilitated by the United States Government and private industry—that is increasingly enabling faster transactions of all kinds across the world. Terrorists use these same publicly available technologies to command and control their organizations and to plot attacks, travel, and abuse the global financial system to raise funds and procure weapons, materiel, and basic necessities. Terrorists cannot sustain their operations without these resources. The United States and our par tner s abroad and in the private sec tor mus t , t h e refore, pre ve nt terrorists from using them while safeguarding these resources for legitimate use. To accomplish this, we will increase information-sharing with the private sector and will tear down existing barriers to information-sharing. Around the globe, we will promote effective enforcement of l e g i s l a t i o n a n d p o l i c i e s a im e d at p r ote c t in g t h e commerce, transportation, and communication industries. We will also identify policies that must change as terrorists adapt. Priority Actions E N H A N C E D E T E C T I O N A N D D I S R U P T I O N O F T E R R O R I S T TRAVEL: We will continue to collec t and share relevant information on terrorist travel and identities, with a focus on providing information that the public and private sector can use to identify and disrupt the movement of terrorists. We will also continue to work closely with our partners to enhance travel securit y and border protection to prevent terrorists fleeing conflict zones from infiltrating civilian populations. By sharing identity information and exploiting publicly available information, such as social media, we will identify these terrorists and enable law enforcement action against them in their home countries. In these efforts, we will take appropriate steps to protect privacy, civil rights, and civil liberties. COUNTER EXISTING AND EMERGING TERRORIST FUNDING METHODS: We will collaborate across the public and private sectors to enhance information-sharing regarding terrorists' financial data, transactions, and activities. We will use this information and our economic authorities, including financial sanctions and other financial measures, as well as law enforcement action, to deny terrorists the ability to raise funds, including by disrupting terrorist financing and dismantling terrorist support networks, to prevent terrorists from abusing the United States and global financial systems, and to dissuade people from providing funds or materiel to terrorists. We will also share this information and collaborate with foreign partners to support their own targeted actions against terrorist financing networks and promote the effective implementation of international standards to counter terrorist financing worldwide. PREVENT DEVELOPMENT AND ACQUISITION OF ATTACK CAPABILITIES: We will prevent terrorists from developing or acquiring knowledge and material that enables the development of WMD and other advanced weapons, including the capability to perform large-scale cyber attacks. We will work with partner nations, international organizations, and commercial entities to improve their capacity to secure dangerous materials and ensure that terrorists cannot exploit the scientific and academic communities to acquire new capabilities. EXPOSE AND COUNTER STATE SUPPORT TO TERRORISM: While some countries, such as Iran, continue to use terrorism as an overt tool of their foreign policy, most countries that provide support for terrorists do so clandestinely, exploiting legitimate commercial networks to conceal their support activity. The United States will continue to acquire evidence of these states' deceptive practices and work with allies and partners to identify and punish states that support terrorism.
Discussion
Social media sites such as Twitter and Facebook are extremely powerful platforms, whereby people can stay connected and keep up to date with key news feeds and updates. Equally, they have become popular platforms for groups like Britain First, the English Defence League and now Isis who have used it to create a hostile environment, whereby people can be radicalised and targeted because of what they believe in. This study found 1, 264 specific incidents of Isis propaganda and hate related messages which could be construed as inciting violence and actual offline physical threats. In particular, the word cloud frequency helped the author obtain key words that were being used to depict Isis. For example, from the top 20 words used, there were some key words that stood out as having direct influence over the recent actions of Isis recruitment propaganda. They included the words; 'Brothers' 'rise up', 'Claim' 'Victory'; 'Haya 'Jihad', 'Rush' and 'Battlefield' (see Table 3 for a full breakdown of terms). What was telling was how these words were accompanied by images, videos and texts that were posted following high profile incidents. For instance, after the Isis beheadings (see Figs. 4, 5 and 6 below-word cloud of terms). The use of the terms 'rise up' and 'victory' were also used in relation to Muslims as a justification and 'call for action'. For example, a large majority of words were referenced with accompanying text such as'IS', 'Islamic State', 'Rise Up' and 'Let's go for Jihad'. Below is a small sample of examples found via Facebook and Twitter: In December 2014, Runa Khan, from Luton, was arrested and charged for inciting terrorism offences in Syria, after posting a picture of a suicide vest and sending the details to an undercover police officer. During her sentencing, the court's held that these pictures could be intended to be used to radicalise people. Runa Khan argued that these pictures did not mean she was an extremist. She stated that: BAnd when I spoke about suicide missions, I only spoke about it because it's a much feared war tactic, which should only be used in a battlefield, not anywhere else.^ After she was arrested and charged Commander Richard Walton, who is the head of the Metropolitan Police's counter terrorism unit, argued that Runa Khan was using social media as a 'tool for terrorism'. Within this climate, this study has been able to assess and propose seven types of offender characteristics who have been engaged with Twitter and Facebook as a means to radicalise and target communities, either through specific pages, videos or comment's and posts. These seven types are the; Cyber Mobs, Loners, Fantasists, Thrill Seekers, Moral Crusaders, Narcissists and Identity Seekers. This typology is intended as a starting point for a framework around Isis on social media (see Table 1). The majority of people involved in these acts were Males (90%) and Females (10%) (see Table 4). Whilst, a number of the individuals were based in the UK, there were also a number of online users who were identified as being from the United States; Australia; Pakistan; Indonesia; Egypt; Germany; Canada; Saudi Arabia, Turkey and Libya (see Fig. 7 for map of users and hotspots identified). Indeed Lacus and Ceron have examined social analysis of Isis and found that support for Isis was mainly from Arab reappearing words for many individuals in different countries. Furthermore, through the use of Facebook, Isis were using merchandise as a means to sell the Isis brand and act as a recruitment tool. Interestingly, Isis on both Facebook and Twitter have been viewed with mix results. In a large amount of cases examined in this study, Isis were condemned by most users as a brutal and 'oppressive' group that did not represent Muslims and Islam. This was personified in the #NotinMyName hashtag that was used as a means to express how Muslim communities were angry at the actions of Isis. However, as this study has shown, there were also a number of groups and individuals that were willing to accept the Isis narrative, that they were victims. And some individuals cited various issues that Isis 'did not exist' and that 'they are fighting a global war'. In this study, five distinct categories were established after analysing the different methods used by Isis online for propaganda purposes. As noted previously, they included; 1) videos; 2) chatrooms; 3) websites; 4) images and finally the use of hashtags, retweets and likes (see Table 2) for a full breakdown.
The Terrorist Threat to the Homeland
Ideologically motivated lone offenders and small groups pose the most likely terrorist threat to the Homeland, with Domestic Violent Extremists presenting the most persistent and lethal threat. Foreign terrorist organizations will continue to call for Homeland attacks but probably will remain constrained in their ability to direct such plots over the next year. Iran will maintain terrorist capabilities, including through proxies such as Lebanese Hizballah, as an option to deter the United States from taking action Tehran considers regime-threatening.
A. Technology as an Instrument of Terror
It was noted in Chapter 4 that some of the same forces of globalization that have facilitated the growth of economies and encouraged cultural exchange throughout the world in the late twentieth and early twenty-first centuries have also become available to terrorists, who have used these technologies to expand their activities and make them more lethal. Political scientist Joseph Nye (2002) refers to this development as the "privatization of war." Terrorists have traditionally limited their activities to their local areas, targeting people of their own land. Because of the explosion of communication and information technologies used to move goods and financial capital, they have been able to broaden their horizons substantially. Advanced technology does not distinguish between saints and sinners; it is available to all who want it, regardless of the nature of the intended use. Terrorist organizations today can have realistic global aspirations that were previously inconceivable, and the leaders of many of these organizations have not hesitated to take advantage of opportunities to expand both their geographic horizons and the lethality and sophistication of their attacks. This expansion has happened quite quickly. As the superpowers invaded foreign lands, using massive force to control local populations - first the Soviet Union in Afghanistan and then the United States in Iraq - local insurgents found ways to repel and eventually defeat the technologically superior forces with a combination of cunning and unique ways of using newly available technologies. They succeeded in overcoming overwhelming disadvantages in resources and military technology, steadily improving their ability to bring mayhem to local authorities, to repel alien military forces, and to export the effective uses of technology to terrorists and insurgents elsewhere. Technology has, in short, made terrorism and its central strategy of asymmetric warfare more symmetric. warfare more symmetric. The 2006 National Intelligence Estimate, a consensus report of sixteen major U.S. intelligence gathering agencies, reached this conclusion: The radicalization process is occurring more quickly, more widely, and more anonymously in the Internet age, raising the likelihood of surprise attacks by unknown groups whose members and supporters may be difficult to pinpoint. . . . We judge that groups of all stripes will increasingly use the Internet to communicate, propagandize, recruit, train and obtain logistical and financial support Osama bin Laden's al Qaeda network used these technologies to facilitate the 9/11 attack and then spread propaganda throughout the world. These actions called attention to such opportunities for terrorists everywhere to level the playing field to their benefit. But the availability and use of these technologies were well underway prior to the attack. When linked to the prospect of terrorists using weapons of mass destruction (WMD), it became clear that more attention should be paid to their use of technology. We turn now to a review of these linkages between technology and terror WMD and technology pose parallel threats. Society is vulnerable to the proliferation of chemical, biological, and nuclear attacks. It is vulnerable also to conventional weapon attacks on complex, "tightly coupled systems" - highly efficient, interconnected systems used for transportation, communications, energy and utilities, information services, and health care delivery. The tight coupling of systems that brings efficiency to an open, contemporary society also makes society more vulnerable to terrorist attacks. These two developments - powerful WMD technologies in the hands of terrorists and the vulnerability of society associated with its openness and tightly coupled systems - give rise to what the National Academy of Sciences refers to as "catastrophic terrorism" Let us first consider the weapons of mass destruction.
C. The Limits of Technology
Romantic accounts of technology suggest that there are no limits to the extent to which it is capable of solving our problems. Others suggest that there are no limits to its capacity to destroy us. In the case of terrorism, both of these accounts may be exaggerated. As we have noted, technology is proving to be a critical tool in our effort to minimize the hazards of terrorist attacks - by helping identify threats, gather and analyze intelligence to assist in assessing those threats, and establishing effective strategies for preventing and intervening against terrorism. It is also a useful tool for supporting terrorists' schemes - technology is proving to have an awesome capacity to inflict damage on innocent people. Yet in both cases, the use of technology is now and will always be limited. Several factors play a role in limiting both the productive and destructive uses of technology. One is the human factor. The more complex the technology, the greater the requirement for capable management and use of the technology, and such skills are in short supply. In the case of intelligence, for example, the United States learned painfully that sophisticated technology surveillance and communication systems were unable to detect and prevent the 9/11 attack, to know whether weapons of mass destruction really existed in Iraq, or to quickly find any of al Qaeda's top three figures: Osama bin Laden, Ayman al-Zawahiri, or Abu Musab al-Zarqawi. These failures were the combined product of limited technology and even more limited human intelligence. Another factor grows out of a fundamental axiom of economics: resources are scarce. Over a limited time horizon, the resources needed to significantly advance any given technology must be allocated across a vast array of competing prospects. For example, after the transit attacks in Madrid in 2004 and London in 2005, Anne Applebaum (2007) wrote this: Here's the truth about mass transit security: There is no technology that can guarantee it. There are no machines that can reliably detect the presence of a backpack filled with homemade explosives in an underground tunnel. There is no point in putting metal detectors at every single subway entrance or at every single bus stop. There is no amount of money, in other words, that can guarantee that subways and buses will be completely safe from small-time bombers, suicidal or otherwise. It's going to be a temptation, especially for Washingtonians, New Yorkers and others who regularly ride mass transit, to lobby their politicians for more spending. Don't do it. There are moral objections to technology as well that cannot be ignored. For the German philosopher Martin Heidegger (1954), technology has taken humans from the world in which we were born into one that is purely of our own making. In this contrived, self-referential world, even nature itself becomes primarily an object of research: "man - investigating, observing - ensnares nature as an area of his own conceiving." Similar objections about a tendency for people to become dangerously infatuated with technology have been raised by social commentators Jacques Ellul (1967), Lewis Mumford (1963), and others. It is easy to dismiss such concerns about technology as quaint, characteristic of Luddite small-mindedness and fear of progress, but many of the concerns that people have about technology are legitimate. Somewhere between irrational fears of technology and inclinations to pray at its altar is a position that recognizes that we can improve the quality of our lives - and possibly our security in the process - by being more conscious of how technology is useful and how it is harmful. As the quality of life improves, so too may our capacity to appreciate our place on earth and how technology can be used against us, not just by terrorists, but by our own laziness - mental, moral, and other.
Illegal Immigration to the United States
The duration and severity of the COVID-19 pandemic will shape migration to the U.S. Southwest Border into 2021, along with traditional push and pull factors stemming from weak economic and political conditions in the region. COVID-19's impact on Caribbean nations increases the chance of a mass migration event from Cuba or Haiti. Although the majority of migrants do not pose a national security or public safety threat, pathways used by migrants to travel to the United States have been exploited by threat actors. As a result, surges of migrants could undermine our ability to effectively secure the border without adversely impacting other parts of the immigration system.
Implications for Business
The implications of all this for business are far-reaching. They suggest that there is a need for major changes in thinking about cyber-security and in planning and implementing security measures. These are particularly important if e-commerce is to reach its full potential and if individual companies are to avoid significant losses as a result of criminal activities. Perhaps the most important changes are in thinking. This has two distinct but overlapping dimensions: security has to be understood in broad rather than narrow terms, and security can no longer be an after-thought, but needs to be part of intelligence, planning, and business strategy. With this in mind, there are several specific recommendations that need to be considered carefully by firms in the high-tech sector. 1. Recognize the real problem is crime, not hacking Organized crime and cyber-crime are becoming an increasingly salient component of the business environment. Disruption, denial of service, and web site defacements will continue to be problems, but exploitation of access to information systems for profit is likely to become more pervasive. The trend towards accessing business systems, highlighting security holes, and offering one's services for a significant fee, for example, is a thinly veiled form of extortion. As such, it is very difficult from traditional hacking that is designed to highlight security problems and ways of dealing with them as simply a demonstration of expertise. 2. Business intelligence needs to include criminal intelligence analysis Indeed, criminal intelligence analysis needs to be integrated fully into business intelligence; risk assessment needs to incorporate criminal threats; and cybersecurity needs to be conceptualized as part of a broader security problem that cannot be understood or dealt with in strictly technical terms. Defending against such contingencies requires that high-tech firms develop broad security programs that incorporate cyber-security into a much broader program. Cyber-security needs to be one component of a broader security program that includes personnel, physical assets, the provision of services, and financial assets. An arrangement in which the security officer is responsible for cyber-security as part of a comprehensive mandate is likely to be more effective and appropriate than one in which cyber-security is seen as a distinct portfolio separate from other components of security 3. Beware of infiltration If cyber-extortion is likely to be a growing problem, another danger is that the hightech industry is vulnerable to infiltration by organized crime, especially when seeking foreign partners. Consequently, the kind of due diligence exercise that has long been common in the banking sector needs to be extended to other industries. For bankers "know your customer" has become standard practice. For the hi-tech business, it is perhaps even more important to know your partners, especially when they are from another country. Questions need to be asked about their financing, their clients, and their associates - as well as the extent to which there are laws against cyber-crimes. Thorough background checks are essential prior to allowing any joint use of data and communication systems, or to bringing in their representatives to work with one's own employees. When there is overseas expansion, these background checks need to be extended to new employees and consultants. Although this might appear to be an exaggerated concern, it is not. One characteristic of Russian organized crime, in particular, is the systematic way in which it has infiltrated and, in some cases, come to dominate particular economic sectors, often operating through apparently legitimate front companies. Organized crime has infiltrated large parts of the Russian banking system, dominates the energy sectors in St. Petersburg, and has made great inroads into the hotel system. There is no reason that the high-tech sector should be exempt. Indeed, Mikhail Cherny, a well-known Russian entrepreneur with a very dubious reputation, was expelled from Bulgaria in the summer of 2000. He had a controlling interest in Mobiltel, the largest provider of cellular telephones in the country, and had been engaged in several fraudulent activities as well as suspected money laundering. Although the dangers are greater when companies operate in other countries, even in the United States there are problems with organized crime. Russian criminals in the United States, for example, operate through émigré networks, and there is a growing Russian presence in the information technology sector that could very easily be connected in some ways to Russian organized crime. 4. Be sensitive to money laundering opportunities Companies offering financial services on the Internet - and particularly those offering mechanisms to facilitate financial transactions - need to take steps to identify opportunities for money laundering. Once this is done, they need to introduce safeguards to close loopholes and prevent money laundering. The more this is done by the firms themselves, the less likely they are to be embarrassed and the less likely they will be subject to government regulation. 5. Develop partnerships and information-sharing arrangements Another response to the growing overlap between organized crime and cybercrime is to develop a working partnership with government and law enforcement agencies. Once again, there are precedents for this in other sectors. In recent years, the major oil companies, although very competitive with one another, established information sharing arrangements and worked very closely with law enforcement to minimize infiltration by organized crime figures and criminal companies. Government-private sector cooperation of this kind is not always easy, and has been particularly fraught in the area of information security, particularly regarding the issue of reporting. There is broad agreement that cyber-crime is under-reported. One of the most important - and understandable - reasons is concern on the part of financial institutions and businesses about reputational damage. For e-commerce to continue to expand rapidly, transactions must be perceived to be secure - and there is a natural desire to avoid any disclosures that might undermine customer confidence and place a company at a competitive disadvantage. Unfortunately, this reticence works in favor of the criminals. There are three levels at which the disclosure issue can be understood: within the business sector itself, the relationship between business and law enforcement, and full public disclosure. Indeed, the more the first two options are developed and refined, the less need there will be for full public disclosure. One useful approach, therefore, would be for companies within a particular sector to agree to share information about cyber-crimes among themselves, on the assumption that similar methods and techniques that are used against one are also likely to be used against others. Even more important though is the development of mutual trust between business and law enforcement. Indeed, there are several instances of companies working closely with law enforcement in responding to cyber-threats. Perhaps the classic example is the failed effort to extort Bloomberg. The head of the company worked closely with the FBI and participated in a sting operation that led to the arrest of the extortionists. For cooperation to be effective, however, law enforcement agencies have to exercise considerable care and discretion not to expose company vulnerabilities, while the companies themselves have to be willing to report any criminal activities directed against their information and communication systems. None of these measures is a panacea. Nevertheless, each one can be understood as a key element of what needs to be a comprehensive response. Individual firms obviously have to tailor their security programs to their particular vulnerabilities and needs. Unless they recognize that organized crime and cyber-crime are becoming more convergent, however, their programs are unlikely to be sufficient.
Modernize and Integrate a Broader Set of United States Tools and Authorities to Counter Terrorism and Protect the Homeland
Terrorists are typically clandestine actors, banding in small groups or acting alone and hiding in plain sight. We must stay ahead of terrorist attacks by advancing our detection capabilities and capacity to share early indicators with those who can piece together plot information and take action We will, therefore, move toward seamless integration and analysis of all information available to the United States and our partners and develop technology to enable lawful and appropriate responses that rapidly identify and stop terrorist threats. As we continue to protect information appropriately, we will deny terrorists the ability to take advantage of our open society, and we will stop them before they can attack. Priority Actions S E C U R E O U R B O R D E R S F R O M TERRORIST THREATS: We will integrate capabilities and authorities from across the United States Government and coordinate with our partners abroad to prevent terrorists from entering the homeland. Our efforts will begin overseas, where we will ensure that our partners share and use information, such as watchlists, biometric information, and travel data, to prevent terrorists and fleeing foreign fighters from traveling to the United States. We will also share technology that allows partners to screen cargo and baggage for threats, including WMD materials and precursors. At our borders, we will modernize our screening and identity intelligence capabilities to track terrorist travelers and prevent the entry of those who support terrorist ideologies and violence. D E P L O Y T H E I N T E G R A T E D FEDER A L COUNTERTERRORISM COMMUNITY AT LOCAL LEVELS: We will continue to appropriately staff and support joint terrorism task forces and interagency fusion centers with leaders and team members detailed from a variety of departments and agencies. This will ensure that the federal government is able to deploy our full range of exper tise and authorities where it will most effectively support state and local law enforcement partners. ADOPT TECHNOLOGIES TO PROCESS DATA: We will harness technologies that allow our counterterrorism efforts to keep pace with a dynamic environment and build holistic identities of terrorists. The technologies we develop will be usable and accessible across the agencies of the United States Government to ensure sharing and integration. We will also seek to enhance our ability to access terrorist communications, including by using technical tools and by law enforcement working with private industry to confront challenges posed by technological barriers. BUILD A HOLISTIC PICTURE OF TERRORISTS' IDENTITIES: We will enhance the collection, discovery, and exploitation of identity information supporting the counterterrorism mission, particularly biometric data. We will also identify and use other categories of identity information, including publicly available information, financial intelligence, and captured enemy material. We will improve the interoperability among United States Government systems to enable more efficient sharing of this information, bolstering our analysis and screening capabilities. INVESTIGATE AND INTEGRATE THREAT INFORMATION RELATING TO DOMESTIC TERRORISTS AND THEIR OVERSEAS COUNTERPARTS: Where lawful and appropriate, departments and agencies will investigate ties between domestic terrorists not motivated by radical Islamist ideologies and their overseas counterpar ts to more fully understand them. This investigation will include identifying indicators of mobilization to violence. Where applicable, we will better integrate domestic terrorism information into our analysis of homeland threats and continue information-sharing among our federal, state, local, and tribal law enforcement partners. UPDATE COUNTERTERRORISM POLICIES: We will fully empower the national security and law enforcement communities to pursue terrorist threats to their source and prevent terrorist attacks while respecting Americans' rights. We will focus on policies that have not kept up with the evolving threat picture and technology environment. For example, we will allow agencies to more easily share identity intelligence about terrorists and use publicly available information to preempt emerging threats.
1. Smart Identification Technologies
Conventional methods for screening people at border crossings and access points to areas vulnerable to terrorist attack, including the use of computerized name recognition systems and unaided human judgment, are notoriously flawed. A host of biometric technologies have been used for many years to identify dangerous people, including fingerprint systems, developed by Henry Faulds, Sir Francis Galton, and Juan Vucetich in the late nineteenth century, and DNA ("genetic fingerprinting") identification technology, developed by Sir Alec Jeffreys in the late twentieth century. Error rates (false matches and missed matches) are fairly low for fingerprint identification, and near zero for DNA identification, but both fingerprint and DNA data are useless without reference prints or DNA samples against which new screening results can be compared. More sophisticated biometric technologies have emerged to complement these conventional mixes of human judgment, name recognition systems, fingerprints, and DNA used for screening. Some are based on physiological characteristics other than fingerprints and DNA - retinal and iris features; ear distinctions; facial, hand, and finger geometry; and vascular maps - and others are based on behavioral characteristics, such as speech (a mix of physiological and behavioral attributes), handwriting, and computer keystroke patterns (Vacca, 2007). Retinal scans are among the most popular new biometric technologies - commonly used for verification in ATM transactions, in prisons, and to prevent welfare fraud - largely because they are unique even for monozygotic ("identical") twins. Still other, more controversial, biometric technologies measure stress levels associated with hostile intent at airports and other security checkpoints, based on well-established principles of behavioral psychology and polygraphy, and processed using artificial-intelligence software that makes use of sophisticated algorithms. The rates of both false positives and false negatives for prototypes of this technology are higher than for fingerprint and other biometric methods that require matching data, but the error rates are sufficiently low to make them potentially useful as complements to conventional methods, especially at extremely vulnerable sites; in addition, they do not require matching data (Karp and Meckler, 2006). The choice of which biometric identification device to use should be based on a variety of relevant considerations: Universality: Is this biometric feature commonly found in every individual? Uniqueness: Does this feature differ from each individual to every other? Permanence: Does this feature remain constant over the life of the person screened? Efficiency or collectability: How quickly and inexpensively can this biometric feature be measured and processed? Accuracy: How valid and reliable is the measurement of this biometric feature? Circumvention: How easy is it to fool the measurement device? Vulnerability: What are the social costs of a false-negative (failure to detect a real terrorist) result for the target that this screening system is designed to protect? Acceptability: Do the people screened see this method as intrusive? These factors can vary substantially from feature to feature, setting to setting, and across measurement devices (Jain, 2004). Retinal scans, for example, are unique even among identical twins, but they cannot be taken for many blind people, and they can change as people develop certain conditions, such as diabetes, cataracts, glaucoma, and retinal degeneration. It is otherwise the most reliable biometric identification instrument. Advanced DNA identification is unique for all except identical twins, but it can be time consuming and relatively expensive to administer. Fingerprints and photographs have the advantage of being available for many more people than retinal scans and DNA information, but they do not score as well on the uniqueness dimension, as they can produce ambiguous results. Setting matters too. Greater care must be taken, for example, in screening people about to meet a head of state than screening those wanting to cross a border. One of the many significant success stories with the use of biometric data has been in Iraq, where the U.S. military has taken fingerprints and eye scans from hundreds of thousands of Iraqi men and built a database to track suspected militants. U.S. troops stopped Iraqis at checkpoints, workplaces, and sites where attacks occurred; entered personal data using handheld scanners and laptops; and handed out ID cards to be used at checkpoints. The program met little resistance from Iraqis, who saw it as a way of making their communities safer. The program started in the Anbar province in 2004, a hotbed of insurgency, to root out people who showed up more than once in the vicinity of a bomb site. It was then expanded to the Baghdad area. The data are stored in West Virginia, as part of a much larger database designed to identify known insurgents at and within the borders of the United States (Frank, 2007). These technologies are being mandated under federal laws to protect against domestic terrorism as well. For example, the Intelligence Reform and Terrorism Prevention Act of 2004 requires the U.S. Department of Transportation to establish federal standards for state driver's licenses to make it more difficult for would-be terrorists to use fake driver's licenses to gain access to resources that might be used in a terror strike. The legislation includes making the cards more secure through advanced technology and a more rigorous issuance process.
Cybercrime
Cybercriminals increasingly will target U.S. critical infrastructure to generate profit, whether through ransomware, e-mail impersonation fraud, social engineering3 , or malware. Underground marketplaces that trade in stolen information and cyber tools will continue to thrive and serve as a resource, even for sophisticated foreign adversaries. • Ransomware attacks—which have at least doubled since 2017—often are directed against critical infrastructure entities at the state and local level by exploiting gaps in cybersecurit • Victims of cybercriminal activity in 2018 reported over $2.7 billion in losses—more than twice the amount lost in 2017. This figure does not represent the full scope of loss because some victims do not report incidents.
LR Homeland Threat Assessment
8-13, 17-23
Box 7.1. The Limits of the Bioweapons Threat
Could terrorists, intent on causing as much harm and societal disruption as possible, use new biotechnology processes to engineer a virulent pathogen that, when unleashed, would result in massive numbers of dead? Mark Williams, in his Technology Review article, "The Knowledge," suggests we should be contemplating this doomsday scenario in the twenty-first century. Williams's article might make you sleep less soundly, but are the threats real? The truth is that we do not really know. Part of the problem is that even if terrorists could create new pathogens virulent to humans, it's not at all clear that they could "weaponize" them - that is, put the pathogens into a form that is highly infectious to humans and then disperse them in ways that expose large numbers of people. Past experience suggests that this is not an easy task. During World War II, the Japanese dropped plague-infected materials on Chinese cities, to limited effect. In 1979, the Soviets caused 66 deaths from anthrax by accidentally releasing it from a bioweapons facility in Sverdlovsk. In 1984, the Rajneeshees cult contaminated salad bars in the Dalles, OR, with salmonella, but their actions killed no one. In 1993, the Aum Shinrikyo cult failed to kill anyone after carrying out multiple attacks with anthrax in Japan. The 2001 anthrax letter attacks in the U.S. killed five people. These were all frightening events. They were not, however, grave threats to national security. Yet estimates of bioweapons dangers tend to be dire, like those in Williams's article. The truth is that the data are too thin to make accurate projections of the effects of bioweapons attacks. I surveyed seven separate estimates of fatalities from a projected anthrax attack. The lowest estimate, by Milton Leitenberg, ranged from zero to 1,440 dead per kilogram of anthrax used, while the highest, by Lawrence Wein and others, put fatalities between 123,400 and 660,000 per kilogram of anthrax. Most of these estimates were made on the basis of little actual data. To predict accurately the effects of bioweapons, data are needed on the amount of agent required to infect a person, the percentage of people who survive an infection (which depends on the health of the population), the transmission rate if the agent is contagious, the ability to aerosolize and disperse an agent effectively (which depends, in turn, on climatic conditions), the environmental stability of an agent, the population density, and the abilities of the public health system, including when an attack is detected and whether prophylactics, vaccines, or antidotes exist and, if so, in what quantities. For any one pathogen - even one familiar to us, like smallpox and anthrax - not all of these variables are known, and therefore quantitative predictions are not possible with a high degree of certainty. In the words of the U.S. National Academy of Sciences in a 2002 report, "these factors produce an irreducible uncertainty of several orders of magnitude in the number of people who will be infected in an open-air release." For example, data on the infectiousness of an agent vary widely, depending on the agent. Because of limited experience with anthrax, susceptibility data have often been extrapolated from animal trials that have little bearing on human response to agents. In the case of smallpox, with which scientists had much experience in the twentieth century, some factors remain uncertain, such as the transmission rate. In the models of bioweapons attacks, the ability to weaponize an agent and disperse it effectively is estimated in part from open-air trials done by the U.S. Army between the 1940s and 1960s. These trials used live simulants of agents on major U.S. cities, but the behavior of a real bioweapon agent in such a situation remains uncertain. Williams's article doesn't describe in any detail the ability of terrorists to weaponize any of the theorized agents. Yet making effective bioweapons would take a tremendous amount of work. While a state-sponsored program might have the means to do that work, terrorist groups probably don't. With so much uncertainty surrounding the outcome of a bioweapons attack, it does not make sense to plan extensive biodefense programs when more certain threats, particularly those involving nuclear weapons, require attention
Box 7.4. Chasing Internet Villains Privately in Eastern Europe
Created in 2002, Microsoft Corp.'s Internet Safety Enforcement Team is part of the U.S. software giant's intensifying efforts to combat cyber crime at a time when consumers and businesses are becoming increasingly frustrated with fraud and virus attacks on their personal computers, most of which use Microsoft's Windows operating system. As Internet crime proliferates, law enforcement is relying more on the private sector to help counter it. That's because tracking cyber criminals requires a different set of skills than police have traditionally used. Compounding the challenge is the speed at which new online threats are morphing. Microsoft brings huge resources and technical expertise to the table, ranging from decrypting files to analyzing computer code. Through its security team, the company collaborates with police worldwide. Last month, Microsoft worked with the Federal Bureau of Investigation and authorities in Morocco and Turkey to trace suspects behind the "Mytob" and "Zotob" worms, which recently disrupted computer networks. In less than two weeks, two people were arrested. Microsoft's assistance "was essential," says David Thomas, head of the FBI's computer-intrusion section. Microsoft's cooperation with law enforcement is unusual. Companies are often reluctant to call in police to solve computer-related crimes, fearing business disruptions and bad publicity if computers are seized. Only about a third of U.S. cyber-crime cases are reported, says the FBI. Microsoft's efforts haven't stemmed the thousands of new viruses and worms that appear every year, even though arrests of virus writers have increased. In the past 12 months, Microsoft has made about 75 referrals to law enforcement around the world. It has also filed 243 civil actions related to Internet safety threats, such as spam. But Microsoft investigator Peter Fifka acknowledges he is often two steps behind the hackers. "The reality is that people will always try to find new ways to commit crimes," he says. Microsoft has a lot at stake. It potentially stands to lose its reputation and millions of dollars if customers defect to alternative software suppliers. Security experts have criticized the company's software as particularly vulnerable, and say Microsoft has focused on features at the expense of security. Viruses caused businesses worldwide $17.8 billion in damages last year including the cost of repairing systems and lost business, estimates Irvine, Calif., research firm Computer Economics. Microsoft's Windows, which dominates PCs with a more-than-95 percent market share, is the company's biggest moneymaker and generated $12.2 billion in revenue for the 12 months ended June 30. The company created a $5 million bounty fund in 2003 for tips that lead to arrests of virus writers. In July, the company said it would pay its first $250,000 reward to two informants who helped identify the author of a worm known as Sasser, which damaged computer networks worldwide last year. Microsoft is targeting virus writers and others who increasingly use malicious code for financial gain through identity theft, hawking counterfeit goods, and other crimes. Microsoft's Enforcement Team employs 65 people worldwide, including former policemen, lawyers and paralegals. The group, which gets a sevenfigure annual budget, has 25 investigators including Mr. Fifka. Mr. Fifka, 44 years old, began his career as an analytical chemist in his native Slovakia, researching antibiotic drugs. He joined the Slovak national police's forensic unit as a drug specialist in 1987. In 1995, he took a job with Interpol, the international police group based in Lyon, France, where he investigated drug smuggling and human trafficking. Microsoft hired him in 2001 to combat software counterfeiting. Mr. Fifka's role soon evolved into fighting hackers and virus writers who work with counterfeiters and spammers in Eastern Europe. The region is a cybercrime hotbed, experts say, because of a large pool of technical talent and a dearth of jobs. Working from Microsoft's Paris office, Mr. Fifka gathers intelligence on suspects and tries to lure them into the real world where police can nab them. He often trawls the Internet for clues to the identities of digital villains, mining discussion forums in different languages. It helps that he speaks six languages, including Russian and Hungarian. "Many people say it is easy to be anonymous" on the Internet, he says. "It's not true." Many cybercriminals leave digital trails. E-mails and Web sites typically carry a unique set of numbers, known as an Internet protocol address, which identifies each computer connected to the Internet. Publicly accessible databases can often provide details about the organization the number is assigned to - typically an Internet service provider, university, or company. Police can then subpoena the organization for the name, address, and other details of the person using that computer. While Mr. Fifka's investigations usually begin in cyberspace, he uses oldschool gumshoe tactics to pinpoint a suspect's physical location. He travels around Eastern Europe and Russia, sometimes working with private detectives. Armed with a laptop and a cellphone that rings to the theme tune of the Eddie Murphy movie "Beverly Hills Cop," he says he spends about two-thirds of his time on the road. Mr. Fifka says he often juggles 15 to 20 cases at a time. Some of his work involves educating authorities on new virus trends. In 2003, for example, he flew to the United Kingdom to teach police about a worm called Randex, which Scotland Yard and Microsoft suspected was being spread from England. The Randex worm was part of a new family of viruses known as bots. A bot virus allows people to hijack thousands of far-flung computers and marshal them for a specific task, such as overrunning a Web site with traffic to disable it. The Randex worm was being used to send spam from numerous computers at once. Mr. Fifka briefed U.K. police on how criminals in Russia and elsewhere used bots to make money, such as through hawking counterfeit goods with spam. He explained how bot-controlled networks of computers could be rented online from cybercriminals and what their going price was - between a few cents and $1 per machine. After the suspected Randex worm writer and his computer were seized around January 2004, Microsoft flew technical experts to London to provide forensic expertise. Scotland Yard credits Microsoft with helping to convict a British and a Canadian teenager for releasing the worm. The Canadian teen received a six-month suspended sentence last November. A month later, the British teen got a nine-month suspended sentence, the equivalent of nine months of probation. British and Canadian police wouldn't release their names because they are minors.
Isis on Twitter
Social media sites such as Twitter have also been used by Isis as a means to recruit would be jihadists (Klausen, 2015). They have been used to not only recruit people but to create an ideological stance that aims to intimidate and cause fear. Despite Twitter only allowing 140 characters to post a message, these accounts will send out posts, religious declarations and small bite size comments that maximise the appeal of the group. The aim of using and broadcasting messages on Twitter, means that the group are able to create a climate of fear and anxiety. Moreover, this also allows Isis them to reinforce their messages and use social media sites like Twitter to act an echo chamber. For example, Isis fighters have been reported to have been using Twitter to post pictures of beheadings. In one such case, Isis sympathisers and fighters were using the hashtag #WorldCup with the accompanying words: BThis is our ball...it has skin on it^. For Isis's media wing Al-Furqan, Twitter therefore allows them to be able to provide messages with speed and reinforce that narrative with retweets to thousands of followers. Twitter therefore acts as a megaphone by which Isis are able to send out live updates of fighters tweeting about what it feels like to be in Syria. Ultimately, the aim for Isis is to win hearts and minds and maintain the organisations appeal for young people. Katz (2014) states that Twitter allows Isis to maintain a strong global focus that stretches beyond Britain and Europe. Katz states that BIn addition to its general and local pages, ISIS is supported by approximately thirty other online media groups. For example, the al-Battar Media Group, with 32,000 followers, works constantly to mobilize Twitter members to support ISIS by translating ISIS releases and by independently producing media...^Moreover, Katz argues that (2014): BThe Billion Muslim campaign has generated over 22,000 posts within four days since its launch on June 13, 2014. On June 20, 2014, Twitter users began distributing images displaying words of encouragement or the phrases BAll Eyes on ISIS^ and BWe are all ISIS^ in Twitter posts that feature the hashtag B#AllEyesOnISIS.^ The hashtag now totals over 30,000 tweets.^ Whilst Twitter has been actively suspending many of the Isis accounts, Isis continues to have an online presence and as this study will show, are using this to intimidate and radicalise people. Isis sympathisers, fighters and groups have also begun to create multiple Twitter accounts such as the al-I'tisam page which are being used to promote the Isis brand. Furthermore, there are a number of prominent accounts such as the @Minbar_s, @hashtag_isis, @mghol1122, @Nnewsi, @alfurqan2013, @raqqa98, @w_raqqa, and @ShamiWitness accounts (see figure 4 for selection of tweets) which have transformed Twitter into an Isis megaphone. Most of the accounts have been giving an update on the group's activities and also promoting the organisation brand, despite many of them now being removed (Berger, 2014). A number of the Twitter accounts that have been examined and are used to propagate Isis have now been removed or suspended. Indeed, out of all the Twitter accounts propagating for Isis, the @ShamiWitness Twitter account has been one of the most successful and active accounts with over 17,700 followers. According to a Channel 4 news investigation the tweets, had been viewed 2 million times each month, with at least two thirds of all foreign fighters on Twitter also following this account. However, following a recent Channel 4 investigation, the identity of @ShamiWitness was revealed and the Indian police arrested a man named as Mehdi Masroor who is thought to have been @ShamiWitness. Despite this, supporters of the Islamic State demanded his release through the use of the #FreeShamiWitness hashtag. The account has since been reactivated (Channel 4 News Report, 2014).
Organized Crime and Cyber-Crime
Organized crime is primarily about the pursuit of profit and can be understood in Clausewitzian1 terms as a continuation of business by criminal means. Criminal organizations are not the only players in illicit markets, but they are often the most important, not least because of the added "competitiveness" that is provided by the threat of organized violence. Moreover, criminal organizations tend to be exceptionally good at environmental scanning in the search for new criminal enterprises and activities. In this context, the Internet and the continuing growth of electronic commerce offer enormous new opportunities. In recent years, there has been a massive increase in the sophistication of organized crime and drug trafficking groups. Colombian drug trafficking organizations, for example, have followed standard business practices for market and product diversification. Criminal organizations have increasingly hired financial specialists to conduct their money laundering transactions. This adds an extra layer of insulation while utilizing legal and financial experts knowledgeable about the layering of financial transactions and the availability of safe havens in offshore financial jurisdictions. Similarly, organized crime does not need to develop technical expertise about the Internet; it can hire those in the intruder community who do have the expertise, ensuring through a mixture of rewards and threats that they carry out their assigned tasks effectively and efficiently. Organized crime groups typically have a home base in nations that provide safe havens from which they conduct their transnational operations, such as various kinds of trafficking activities. In effect, this provides an added degree of protection against law enforcement and allows them to operate with minimal risk. The inherently transnational nature of the Internet fits perfectly into this model of activity and the effort to maximize profits within an acceptable degree of risk. In the virtual world there are no borders (a characteristics that makes it very attractive for criminal activity); yet when it comes to policing this virtual world borders and national jurisdictions loom large - making large-scale investigation slow and tedious at best, and impossible at worst. The Internet itself provides opportunities for various kinds of theft. Online thieves can rob online banks or illicitly gain access to intellectual property. The Internet offers new means of committing old crimes such as fraud, and offers new vulnerabilities relating to communications and data that provide attractive targets for extortion, a crime that has always been a staple of organized crime. The anonymity of the Internet also makes it an ideal channel and instrument for many organized crime activities. The notion of a criminal underworld connotes a murkiness or lack of transparency, where who is doing what is usually hidden from view. Secrecy is a key part of organized crime strategy and the Internet offers excellent opportunities for its maintenance. Actions can be hidden behind a veil of anonymity that can range from the use of ubiquitous cyber-cafes to sophisticated efforts to cover Internet routing. Organized crime has always selected particular industries as targets for infiltration and the exercise of illicit influence. In the past, these have included the New York garbage hauling and construction industries and the Fulton Fish Market, the toxic waste disposal and construction industries in Italy, and the banking sector and aluminum industry in Russia. From an organized crime perspective, the Internet and the growth of e-commerce can be understood as the provision of a new set of targets for infiltration and the exercise of influence - a prospect that suggests that Internet technology and service firms should be particularly careful about prospective partners and financial supporters. In sum, the synergy between organized crime and the Internet is not only very natural but also one that is likely to flourish and develop even further in the future. The Internet provides both channels and targets for crime and enables them to be exploited for considerable gain with a very low level of risk. For organized crime it is difficult to ask for more. It is critical, therefore, to identify some of the ways in which organized crime is already overlapping with cyber-crime.
Protect United States Infrastructure and Enhance Preparednes
The critical infrastructure of the United States—much of which is privately owned— provides the essential goods and services that drive American prosperity. Coordinated efforts are, therefore, necessary to strengthen and maintain secure and resilient critical infrastructure and to prepare Americans to respond appropriately should an attack occur. By integrating and improving preparedness across all levels of government as well as the private and public sectors, we will stop terrorists from undermining our security and prosperity. Critical infrastructure has long been subject to physical threats and is now increasingly exposed to the risk of attacks in cyberspace. Our infrastructure is also interconnected, meaning that damage or disruption of one infrastructure element can cause cascading effects impacting other forms of infrastructure. We will stop terrorists' attempts to break through our defenses by building strong partnerships and by implementing innovative methods for protecting our infrastructure from attack and disruption. In addition, working with a range of stakeholders, including those from the private sector and civil society, we will enhance preparedness and increase public awareness about national ef for ts and successes in confronting terrorism to increase public trust and confidence in America's strength. Priority Actions ENHANCE DEFENSIVE MEASURES FOR INFRASTRUCTURE AND SOFT TARGETS: As terrorists seek new ways to attack our infrastructure and soft targets— both at home and abroad—we will improve and innovate our layered defenses. We will ensure redundancy of our systems, including systems in cyberspace, an d de ve lop m ea s ure s for rapid recovery for systems if an attack should occur, facilitating their quick return to normal operations. BROADEN AWARENESS OF THE TERRORIST THREAT TO UNITED STATES CRITICAL INFRASTRUCTURE: We will ensure that key private sector and foreign partners are informed of the potential terrorist threat to their facilities. We will incorporate state and local law enforcement and emergency services personnel as well as critical infrastructure participants into national exercises featuring realistic terrorism scenarios. ENHANCE PREPAREDNESS AND PROMOTE READINESS: Partnering with an expanded network of organizations, individuals, and all levels of government, we will ensure that our society is prepared to withstand and quickly recover from a terrorist attack, including the possibility of a WMD attack. We will do this by conducting public information campaigns, training emergency response personnel, and ensuring the viability of our emergency notification systems. Recognizing that past terrorist attacks often targeted the private sector and civilians, we will welcome their partnership in sharing best practices in stopping and recovering from terrorist attacks and related incidents. DEVELOP A PUBLIC COMMUNICATIONS STRATEGY: Through a coordinated counterterrorism communications plan, we will educate the public on how to prepare for, respond during, and quickly recover after an attack. We will also train federal, state, and local interlocutors on interactions with the public that foster a culture of preparedness and resilience.
Methodology and Findings
This study examined 100 different Facebook pages, comments and posts regarding Isis and the role of the Islamic State and examined 50 different Twitter users which led to 2050 results. Overall, the study found that whilst there was a strong online backlash against Isis, that there too was also a pervading sense of online propaganda and an extremist narrative that was leading in some cases to the glorification of the role of Isis. With this in mind, the author created a typology of seven offender behaviour characteristics, which helps define and categorise those types of behaviour online. These include; the Cyber Mobs, Loners, Fantasists, Thrill Seekers, Moral Crusaders, Narcissists and Identity Seekers (see Table 1). These offender behaviours are situated and divided into different online means of promoting Isis propaganda and hate. This is done through videos, online merchandise, chatrooms, forums, websites and comments (see Table 4). The research questions in this article included & What, if any impact was Isis having on social media sites? & What types of recruitment strategies are Isis using online? & How is Isis being viewed on Facebook and Twitter? This article used a mixed methodology as part of a wider content analysis utilizing qualitative data gathering techniques embedded within grounded theory. The Facebook pages and Twitter accounts were analysed between January 2013 and December 2014 and utilised the electronic database NVivo. By using the software system NVivo, the author was able to collate 'high frequency' words and patterns that are directly related to Isis. Comments and all posts were then compiled into a large word cloud. The word cloud was analysed using a word frequency count which was created to explore core issues and recurring themes around Isis on Facebook and Twitter (see Table 2, for a full list of key terms and frequencies that appeared). The reason for choosing Twitter and Facebook was because they remain important social media platforms that allow people to stay up to date with the news of people in a way that makes them more accessible and stay connected through the exchange of quick and frequent comments and posts. They also through likes, retweets and views are able to have a wide reach which makes them easier to access and allows groups such as Isis to maximise their publicity. By focussing on the role of Isis on social media, I hope that this study will give us a better understanding of how social media sites in some cases can accelerate the online radicalisation process. Clearly, there are drawbacks to using and analysing data via social media sites. For instance, there are issues encountered in relation to anonymity and public and private posts. However, I hope this study has addressed some of those concerns with the use of electronic software, key terms used and the overall sample size. In order to carry out a Facebook and Twitter analysis, I searched for outputs using the terms Syria AND Isis, ISIL AND Islamic State, Syria AND Abu Bakr al-Baghdadi and Iraq AND IS. These searches generated over 2050 results. These searches were then used to examine 100 Facebook pages and 50 Twitter users. Following this, I examined each platform to try and better understand how Isis were using both spaces to target and radicalise young people to their cause. Some of the most common reappearing words used to describe Isis were then examined. As noted above, whilst there was clearly an online backlash opposing the Isis ideology, there was also the Isis recruitment tool targeting people online. The study also made the use of electronic software NVivo, because it allowed the author to collate and identify comments, posts and patterns that emerged. All the posts, tweets and comments were imported into NVivo and I was able to analyze the comments with the use of visualization tools such as the NCapture tool, which is a web browser extension that allowed me to quickly and easily capture web content via social media data for further analysis.
Strengthen the Counterterrorism Abilities of International Partners
While the United States will continue to lead and provide support to partners in the fight against terrorism, our country need not sustain the primary responsibility for counterterrorism activities around the world. To address this issue, we will work to increase our partners' awareness of terrorist threats and strengthen their capacity and willingness to address them. Central to this approach is the adoption of proactive diplomatic engagement, development assistance, and security assistance to help our partners act independently and, ultimately, invest more of their own capital in bolstering counterterrorism efforts. We will call on our capable and well-resourced partners to increase their support to countries lacking resources and capabilities. Some partners have better access, expertise, resources, and relationships in particular geographic and thematic areas, and we will encourage them to employ and refine such tools to more effectively internationalize counterterrorism efforts while reducing reliance on United States assistance. We will also continue to work with our less resourced, non-traditional, or novel partners who may make unique contributions to help advance our shared counterterrorism efforts. Over time, this will result in a more balanced, equitable, and effective global approach to counterterrorism. Priority Actions ESTABLISH A BROADER RANGE OF COUNTERTERRORISM PARTNERSHIPS: Our increasingly interconnected world demands that we prioritize the partnerships that will lead to both actions and enduring efforts that diminish terrorism. The United States will, therefore, partner with governments and organizations, including allied nations, the technology sector, financial institutions, and civil society. We will use diplomatic engagement with partner governments and further mobilize existing coalitions and multilateral and international fora to increase the will of capable partners to act against threats while encouraging the implementation of international counterterrorism standards and the coordination of international burden-sharing efforts. SUPPORT COUNTERTERRORISM CAPABILITIES OF KEY FOREIGN PARTNERS: We will continue to augment the capabilities of key foreign partners to conduct critical counterterrorism activities. We will help to professionalize the military, law enforcement, judicial, intelligence, and security services, as well as financial authorities, of key partners so that they are able to conduct counterterorrism operations effectively and justly. We will also work to ensure that partners meet their responsibilities in holding their citizens accountable for any acts of terrorism committed abroad. In addition, we will enhance the capabilities of key foreign partners to investigate and prosecute terrorism across borders through law enforcement cooperation, mutual legal assistance, and extradition. EXPAND PARTNER INFORMATION-SHARING: To stay ahead of emerging terrorist trends and methods, we will prioritize the sharing of information, such as biometric and geolocational data and information about new threats, including terrorists' initial research into new attack capabilities. Building on solid partnerships and processes for sharing information, we will continue to improve the capacity for information-sharing and work with partners to allow them to more effectively act on shared information. SUPPORT LOCALLY-DRIVEN TERRORISM PREVENTION: We will work with local stakeholders and civil society to mitigate the grievances that terrorists exploit. Internationally, where United States interests are at stake, we will seek and encourage locally driven solutions that target specific causes of terrorist radicalization and mobilization to violence. We will work with partners to encourage positive narratives that promote tolerance and security
Nation State Threats
Russia—which possesses some of the most sophisticated cyber capabilities in the world— can disrupt or damage U.S. critical infrastructure networks via cyber-attacks. Russian state-affiliated actors will continue targeting U.S. industry and all levels of government with intrusive cyber espionage to access economic, policy, and national security information to further the Kremlin's strategic interests. • Russia probably can conduct cyber-attacks that would result in at least localized effects over hours to days and probably is developing capabilities that would cause more debilitating effects. • We expect Russian cyber actors to use a range of capabilities including social engineering, publicly known software and hardware vulnerabilities, poorly configured networks, and sophisticated "zero-day" attacks that exploit security weaknesses in software. • Under Russian law, the Federal Security Service (FSB) can compel Russian firms doing business in the United States—or Russians working with U.S. firms—to comply with FSB information sharing and operational mandates, presenting additional routes for cyber espionage. China already poses a high cyber espionage threat to the Homeland and Beijing's cyber-attack capabilities will grow. Chinese cyber actors almost certainly will continue to engage in wide-ranging cyber espionage to steal intellectual property2 and personally identifiable information (PII) from U.S. businesses and government agencies to bolster their civil-military industrial development, gain an economic advantage, and support intelligence operations. China possesses an increasing ability to threaten and potentially disrupt U.S. critical infrastructure. • We expect China's cyber operations against U.S. companies to focus on the critical manufacturing, defense industrial base, energy, healthcare, and transportation sectors. • Beijing has targeted information technology and communications firms whose products and services support government and private-sector networks worldwide, while concurrently advocating globally for Chinese information technology companies that could serve as espionage platforms. • Under China's 2017 National Intelligence Law, Beijing can compel businesses based in China and Chinese citizens living abroad to provide intelligence to the Chinese government. • We remain concerned about China's intent to compromise U.S. critical infrastructure in order to cause disruption or destruction. • China's efforts to dominate the 5G world pose new challenges to U.S. efforts to national security, privacy, resistance to malign influence, and human rights. The exponential increases in speed, connectivity, and productivity could render American systems particularly vulnerable to Chinese cyber threats. While Russia and China are the most capable nation-state cyber adversaries, Iranian and North Korean cyber actors also pose a threat to U.S. systems, networks, and information. Iran continues to present a cyber espionage threat and is developing access in the Homeland that could be repurposed for destructive cyber-attacks. North Korean cyber capabilities, while sophisticated, probably will remain confined to criminal generation of revenue. If Pyongyang's intent changes, however, it probably could quickly build capabilities to conduct broader espionage activity or threaten infrastructure with disruptive cyber-attacks.
Social Media: Theoretical Considerations
The Social cognitive theory, purported by Bandura (2001) provides us with some important points to consider with regards, how online communication can be affected by the social environment. According to Bandura (2001), the use of this helps inform groups and creates 'motivating' factors. Bandura (2001: 265) states that: Bsocial cognitive theory provides an agentic conceptual framework within which to examine the determinants and mechanisms of such effects. Human behavior has often been explained in terms of unidirectional causation, in which behavior is shaped and controlled either by environmental influences or by internal dispositions.^ Within the construct of Isis motivation and behaviour, the group have been proactive in exploiting the online environment and are using worldwide events such as the crises in Iraq, to formulate ideas. For the social cognitive theory to work here, we see how members of groups can act as producers within an online social environment. Bandura (2001: 267) argues that: BAn extraordinary capacity for symbolization provides humans with a powerful tool for comprehending their environment and creating and regulating environmental events that touch virtually every aspect of their lives. Most external influences affect behavior through cognitive processes rather than directly.^ These use of emotional factors are symbols of how Isis and other online hate groups can also transform and galvanise online groups and transfer power of the environment to create cognitive models of judgement. Meyrowitz (1985) makes the case that electronic media has meant that the way in which we interact with each other has changed over time and that the Internet therefore has an impact on social behaviour. Moreover, Meyrowitz (1985) argues that these online behaviours are determined by different stages of online socialization. In the case of the behaviours noted in this study, than groups such as Isis play upon this identity crises as a means to create support. Meyrowitz (1985: 7) states that: B...electronic media have increasingly encroached on the situations that take place in physically defined settings. More and more, the form of mediated communication has come to resemble the form of live face-to-face interaction.^ This clearly is the case when examining how groups such as Isis have used the power of social media to construct different recruitment patterns. Lietsala and Sirkkunen (2008) argue that the power of social media, therefore has meant we are now producers as opposed to simply the audience, which means that we are taking a pro-active role in our interactions on the Internet. Furthermore, Pennebaker and King (1999) argue that language on social media sites can be used to create profiles. Selfhout et al. (2010) argues that social networks are built upon by these personality traits and friendships that are created on social media. By using the big five personality model which consists of five personality factors, i.e. openness, conscientiousness, extraversion, agreeableness, and neuroticism. Within this paradigm as discussed above groups such as Isis are able to use social media to create key friendships by selecting online 'friends' with users. Based upon the typology the author has proposed in this study, then clearly we are seeing a level of the five personality factors playing a role in particular with regards the 'openness' and 'agreeableness' traits which show a selection of online friendships emerging on social networks by Isis (discussed in more detail below). Moreover, Goodboy and Martin (2015) argue that such groups can build profiles upon certain traits. Their study examined the relationships between the Dark Triad personality traits and self-reported cyberbullying behaviours. They found three trait behaviours as being prominent in such cases, namely; Machiavellianism, Psychopathy and Narcissism. They state that: B...multiple regression analysis revealed that of the three Dark Triad traits, psychopathy emerged as the unique predictor of cyberbullying. These findings reinforce extant research suggesting that personality traits are important predictors of computer-mediated behavior^ (Goodboy and Martin (2015: 1). Similarly, this paper makes the case that Isis members act in a cybermob mentality, and are also using social media to cyberbully people through personal interaction with online members. Goodboy and Martin (2015: 1) argue that cyberbullies attempt to Bharass, denigrate, impersonate, or ostracize others^ and Bspend a considerable amount of time online and engage in risky online behaviors...For instance, cyberbullies tend to have personalities that lack self-control and sensitivity; they tend to be higher in psychoticism and verbal aggressiveness^. As this study found there were some clear overlaps with those aggressive behaviours and how members online were using videos and posts to coordinate aggressive responses and enter into hate-filled dialogue. Contena et al. (2015) examined the issues around selfdisclosure and how they are communicated on Facebook. Citing (Krasnova et al., 2009; Krasnova et al., 2010; Krasnova & Veltri, 2011) they examined how a proposed comprehensive conceptual model of online self-disclosure is used on social media sites, such as Facebook. They named a number of factors such as perceived benefits, privacy costs, trust factors, perceived control over information and awareness as being key instruments of self-disclosure indicators on Facebook. Joinson (2000) also makes the case that online groups are aiming to balance self-disclosure in computermediated communication with visual anonymity. Similarly, Christopherson (2007) argues that anonymity affords online protection for individuals and groups on social media. This level of anonymity, according to Christopherson (2007) can influence the way individuals behave within online groups. This forms part of social psychological concepts within online groups and includes the notions of 'bystander apathy' and 'social loafing.' This level of anonymity online was also described by Zimbardo (1969) as the deindividuation theory. This means that anonymity and personal social environmental factors can influence online behaviour. Dubrovsky et al. (1991) argue that face-to-face communication and electronic communication can vary in different groups depending on the social structure. Similarly, Hayne and Rice (1997) argue that anonymity in group support systems is used by groups to create an online presence whilst McKenna and Bargh (1998) make a compelling case that such anonymity can actually also relate to strong group identity. According to McKenna and Bargh (1998) these identities are built upon a sense of self-esteem and self-belonging. This means groups find and share personal experiences.
Analytic Tradecraft for Managing Substantive Uncertainty
The failure to provide strategic warning during the months prior to Iraq's 1990 invasion of Kuwait generated recommendations for revamping warning analysis by DDI Doug MacEachin (1993-1995) that spurred changes in the DI's analytic approach to substantive uncertainty generally. The DDI observed that the bottom-line judgment that Iraq was unlikely to initiate warfare in the near term, issued repeatedly in the year before the assault on Kuwait, was based on the assumption that Iraq needed several years to recover from the military and economic devastation of its long war with Iran. That assumption was so widely held by analysts that it was rarely examined critically. Nor was the heavy dependence of the no-war conclusion on the recovery-first assumption explicitly recognized. The DDI criticized the prevailing approach to substantive uncertainty as a "predictions sweepstake" that emphasized competition among analysts to control bottom-line judgments rather than a structured appraisal of the soundness of the analytic case for alternative plausible dynamics and outcomes. In contrast, the more rigorous tradecraft for dealing with substantive uncertainty he recommended—sometimes called "Linchpin Analysis"— requires careful attention to selecting the factors at play deemed most likely to drive and determine the outcome of a situation on which there is too little hard information to rely on a flat prediction. For example, analysts self-consciously assess alternative views on which players, forces, and relationships will likely determine whether country X will attack country Y. These key factors or linchpins are explicitly conveyed in the assessment as the basis for estimative conclusions. In a strategic warning regime, attention is then paid to identifying triggers (plausible developments that could uncouple the linchpins holding the argument together), and signposts (early indicators that the bottom-line judgment needs revision). The DDI conveys the essential character of what he labeled "forecasting" (the Linchpin process), which he differentiates from "fortune-telling" (intelligence judgments focused on asserting a bottom-line judgment) in an essay on "Tradecraft of Analysis," published in US Intelligence at the Crossroads: Agendas for Reform (1995, Roy Godson, et. al, editors). Analyses of potential developments are based on assessments of factors that together would logically bring about a certain future. These factors are the "drivers" or "linchpins" of the analysis. If one or more of them should change, or be removed, or turn out to have been wrong to start with, the basis for the forecast would no longer hold. Identifying the role of these factors in the analytic calculus is a fundamental requirement of sound intelligence forecasts. The policymaker needs to know the potential impact of changes in these "linchpins." The consumer especially needs to know if for any of these "linchpins" the evidence is particularly thin, there is high uncertainty, or there is no empirical evidence, but only assumptions based on past practice or what appear to be logical extensions of what is known. Careful attention to selection and testing of key assumptions to deal with substantive uncertainty is now well established as the doctrinal standard for DI analytic tradecraft, and is a key part of instruction in Kent School's CAP curriculum for new analysts.
Major Trends in Organized Crime and Cyber-Crime
The first trend is that organized crime groups use the Internet for major fraud and theft activities. Perhaps the most notable example of this - albeit an unsuccessful one - occurred in October 2000 and concerned the Bank of Sicily. A group of about 20 people, some of whom were connected to mafia families, working with an insider, created a digital clone of the Bank's online component. It then planned to use this to divert about $400 million allocated by the European Union to regional projects in Sicily. The money was to be laundered through various financial institutions, including the Vatican bank and banks in Switzerland and Portugal. The scheme was foiled when one member of the group informed the authorities. Nevertheless, it revealed very clearly that organized crime sees enormous opportunities for profit stemming from the growth of electronic banking and electronic commerce. Indeed, organized crime diversification into various forms of cyber-crime or Internet related crime is closely related to a second discernible trend - organized crime involvement in what was once categorized as white collar crime. The activities of the US mob and Russian criminal organizations on Wall Street fall into this category: during the late 1990s there were numerous cases of criminal organizations manipulating micro-cap stocks using classic "pump and dump" techniques. While much of this was done through coercion or control of brokerage houses, the Internet was also used to diffuse information that artificially inflated the price of the stocks. Among those involved were members of the Bonnano, Genovese, and Colombo crime families as well as Russian immigrant members of the Bor organized crime group. As criminal organizations move away from their more traditional "strong arm" activities and increasingly focus on opportunities for white collar or financial crime, then Internet-based activities will become even more prevalent. Since Internet-related stock fraud results in $10 billion per year loss to investors, it offers a particularly lucrative area for organized crime involvement. This is not to suggest that organized crime will change its character. Its inherent willingness to use force and intimidation is well suited to the development of sophisticated cyber-extortion schemes that threaten to disrupt information and communication systems and destroy data. Indeed, the growth of cyber-extortion is a third significant trend. Although extortion schemes — as the Bloomberg2 case showed — are sometimes bungled, they can be done in ways that incur only modest risks (because of anonymity) and yield high pay-offs. Indeed, this might already be a form of crime that is significantly under-reported. Yet it is also one that we can expect to see expand considerably as organized crime moves enthusiastically to exploit the new vulnerabilities that come with increased reliance on networked systems. A fourth trend is the use of what were initially nuisance tools for more overtly criminal activities. Perhaps the most notable example of this occurred in Fall 2000 when a variation of the Love Letter worm was used in an effort to gain access to account passwords in the Union Bank of Switzerland and at least two banks in the United States. Although this episode received little attention - and it is not entirely clear who the perpetrators were, it gives added credence to the point made above that there is a growing relationship between organized crime and intruders who provide the technical expertise. A fifth trend that we can expect to see is what might be termed jurisdictional arbitrage. Cyber-crimes - certainly when they are linked to organized crime - will increasingly be initiated from jurisdictions that have few if any laws directed against cyber-crime and/or little capacity to enforce laws against cyber-crime. This was one of the lessons of the Love Bug virus. Although the virus spread worldwide and cost business billions of dollars, when FBI agents succeeded in identifying the perpetrator, a student in the Philippines, they also found that there were no laws under which he could be prosecuted. Although more and more countries (including the Philippines) are passing legislation dealing with cyber-crime, there will continue to be what have been termed jurisdictional voids from which criminals and intruders can operate with impunity. Indeed, it is possible that some jurisdictions will increasingly seek to exploit a permissive attitude to attract business, creating both information safe havens (paralleling offshore tax havens and bank secrecy jurisdictions) that make it difficult for law enforcement to follow information trails and insulated cyber-business operations. A sixth trend is that the Internet is increasingly likely to be used for money laundering. As the Internet becomes the medium through which more and more international trade takes place the opportunities for laundering money through over-invoicing and under-invoicing are likely to grow. Online auctions offer similar opportunities to move money through apparently legitimate purchases, laundering money by paying much more than the goods are worth. Online gambling also makes it possible to move money - especially to offshore financial centers in the Caribbean. Moreover, as e-money and electronic banking become more widespread, the opportunities to conceal the movement of the proceeds of crime in an increasing pool of illegal transactions are also likely to grow. A seventh trend is what might be termed growing network connections between hackers or small-time criminals and organized crime. In September 1999, for example, two members of a group known as the "Phonemasters" were jailed for two years and 41 months respectively. They had penetrated the computer systems of MCI, Sprint, AT&T, and Equifax. One of them, Calvin Cantrell had downloaded thousands of Sprint calling card numbers that were sold to a Canadian who passed them to someone in Ohio, from whom they went to an individual in Switzerland and subsequently to organized crime groups in Italy. As well as intruders working directly for criminals, these network connections between the two kinds of groups are likely both to deepen and to widen. In addition, of course, organized crime groups use the Internet for communications (usually encrypted) and for any other purposes when they see it as useful and profitable. Indeed, organized crime is proving as flexible and adaptable in its exploitation of cyber-opportunities as it is many other opportunities for illegal activity. The implications are far-reaching and require a response not only from governments but also from businesses that can all too easily become the targets of organized crime and cyber-crime.
1. Weapons of Mass Destruction: Chemical, Biological, Radiological, and Nuclear
Terrorists have relied heavily on conventional explosive devices to inflict harm on their victims. Bombs are widely accessible and easily transported by trucks and cars and strapped to suicide terrorists. The September 11 attacks on New York and Washington opened a new chapter in the development of unconventional approaches to calamitous terror. It raised awareness of the prospect that more lethal forms of weaponry can inflict even more horrific harm on people virtually anywhere. Foremost among these lethal forms are WMD: chemical, biological, radiological, and nuclear weapons. These can be vastly more lethal and toxic than conventional explosive devices. They can be delivered in a variety of ways, and each type presents a unique set of challenges both to the terrorist and to societies that must protect themselves against attacks involving such weapons. gainst attacks involving such weapons. Weapons of mass destruction vary in several ways. Some are more lethal than others; they range from mildly toxic agents to a single nuclear weapon capable of killing hundreds of thousands of people. Some WMD are more toxic than others - for example, polonium is extremely toxic, and a very small amount can be lethal to hundreds of people. The toxic agents of WMD are ingested in different ways: through the skin, the lungs, or the digestive system. They cause harm to the body in a variety of ways: from nausea or disorientation to radiation burns, asphyxiation, blindness, or the destruction of organs. They vary as to the length of time between exposure and the manifestation of symptoms and harm and the length of time they remain toxic in the area where deployed. Chemical Weapons. Chemical weapons use toxic, usually lethal chemicals, typically dispensed in a gaseous form through an aerosol delivery system. They are among the easiest types of WMD to deploy. Michael Moodie has identified five categories of chemical weapons: 1. Blister agents (e.g., mustard gas, lewisite): Delivered in vapor, aerosol, or liquid form, they attack the lungs, eyes, and skin. They remain a hazard for some time after deployment. 2. Blood agents(e.g., hydrogen cyanide, cyanogen chloride): Delivered in vapor form, they attack the lungs. They evaporate quickly, posing only a short term threat. 3. Choking agents (e.g., chlorine gas, phosgene): Delivered in vapor form, they attack the lungs, eyes, and skin. They evaporate quickly. 4. Incapacitants (e.g., lysergic acid diethylamide [LSD], BZ): Delivered in aerosol or liquid form, they attack the lungs and skin. They evaporate quickly. 5. Nerve agents (e.g., sarin, tabun, soman, VX): Delivered in vapor, aerosol, or liquid form, they attack the lungs, eyes, and skin. Some evaporate quickly, whereas others persist The deadly chemical weapon sarin, a nerve gas, was used in a lethal terrorist attack in Japan in 1995. It was planned and executed by the Aum Shinrikyo gang, which deployed the gas on a Tokyo subway, killing twelve people and sickening thousands of others. Sarin is appealing as a WMD because it is easy to obtain the ingredients needed to make sarin from supply house catalogues; in fact, two of sarin's main ingredients - rubbing alcohol and methyl alcohol - can be purchased at any drug store Most sovereign nations have signed the Chemical Weapons Convention, a treaty that went into effect in 1997 prohibiting the development, accumulation, distribution, and use of chemical weapons. Formally known as the Convention on the Prohibition of the Development, Production, Stockpiling and Use of Chemical Weapons and on their Destruction, it was designed to augment the Geneva Protocol of 1925 by providing for extensive on-site inspection and other verification measures and the eventual destruction of chemical warfare devices. In the meantime, stockpiles remain in many countries, including Russia and the United States, and could remain for years to come without action to accelerate and aggressively enforce the terms of the treaty Biological Weapons. Biological weapons make use of either natural or artificially engineered bacteria, viruses, or biotoxins. They are potentially more deadly than other WMD because of their capacity to spread naturally after initial contact with a living host organism. Biological weapons can make use of agents that are spread through the air or water or in food (sometimes referred to as "agroterrorism," dispersed through the soil, seeds or crops, feed, or livestock or at food-processing plants or warehouses). They can be difficult to detect and do not cause symptoms or illness for several hours or even days after exposure. Some bioterrorism agents, like the smallpox virus, can be spread from person to person. Others, like anthrax, cannot. Biological agents are attractive to terrorists largely because of their capacity to produce widespread panic and mass disruption in a target population. The United States experienced such a panic in 2001, starting just a week after the 9/11 attacks, when letters postmarked in New Jersey and containing anthrax spores were mailed to several news media offices and two U.S. Senators.1 Five people were killed and seventeen others infected in the bioattack, with direct government costs for the decontamination of buildings and other damages estimated at more than one billion dollars (Lengel, 2005). To date no one has been arrested or convicted for these crimes as been arrested or convicted for these crimes. Biological toxins are limited as weapons, however, by their uncontrollable nature. When Japan unleashed fleas infected with bubonic plague on Chinese forces in Manchuria in 1942, many Japanese soldiers became infected with the organism (Stone, 2001). Years later - in 1979 - dozens of people died of poorly managed anthrax in Central Russia. These weapons are capable of doing more damage to the terrorists and their communities than to an affluent foreign target population, especially to the extent that poorer societies tend to be more susceptible to contagion because of weaker public health systems, less sophisticated utility infrastructures, less sanitary environments, and less healthy people living in densely populated areas Several biological agents other than anthrax and smallpox, noted above, are potential sources of bioterrorism, including botulism, brucella, cholera, the ebola virus, Escherichia coli ("e. coli"), lassa fever, plague, Q fever, recombinant viruses, ricin toxin (from castor beans), salmonella, shigella, tularemia, typhoid fever, and viral encephalitis. Here is a brief description of the most prominent (in terms of the viability of the threat and lethality) of these organisms: Anthrax: Anthrax is a bacterium that can occur naturally in humans when they eat or are otherwise exposed to dead animals infected by the bacterial spores. The spores can be used as a biological weapon when grown outside the body and inhaled by a victim. Anthrax does not pass from human to human, but people who die of anthrax can be a dangerous source of anthrax spores. Anthrax vaccines require multiple injections and produce dangerous side effects; they are considered unsuitable for the general public. Botulism: The toxin commonly known as "botulism" is produced by the Clostridium botulinum bacterium, one of the deadliest known toxins. Botulism causes death by respiratory failure and paralysis. It is especially dangerous when spread through food, because many people can be poisoned from a single contaminated source. Persons infected with the bacterium may require treatment on a breathing machine for weeks, together with complementary medical care. Induced vomiting can expel much of the toxin when still in the digestive system; after that, patients can be treated with a horse-derived antitoxin that blocks the circulation of the toxin in the blood. Ebola: Ebola is a virus that causes hemorrhagic fever, with fatality rates in the neighborhood of 70 percent. No cure exists, although vaccines are in development. Both the United States and former Soviet Union investigated the use of ebola for biological warfare, and the Aum Shinrikyo group based in Japan had cultures of the virus. Ebola kills its victims through multiple organ failure and hypovolemic shock (a sharp drop in the body's supply of blood plasma). Plague: The plague is a disease caused by the Yersinia pestis bacterium. It has been the source of several pandemics over the centuries, the most serious of which was the Black Plague, which killed about 40 percent of the Eurasian population from 1347 to 1350. Rodents are the usual host of plague, and the disease is transmitted to humans either through flea bites or through the air (a form known as "pneumonic plague"). The disease is dangerous both because it is easy to culture and because it can remain lethal for months - as long as it circulates among local rodents. Recombinant viruses: Recombinant viruses are artificially engineered combinations of viruses, the "dark side" of genetic engineering. Also referred to as "chimeras" or "designer diseases," these human-made mutants combine the genetic material of two or more organisms, at least one of which is a virus. They are a serious threat for several reasons: their manufacture does not require great scientific sophistication, they can be difficult to detect and trace, and they can be conceivably extremely lethal and communicable (Alibeck, 1999; Block, 1999; Pearlstein, 2004). Smallpox: Smallpox is a highly contagious virus transmitted through the air, with a mortality rate in the vicinity of 30 percent. The disease occurs only in humans, and it has no external hosts or carriers. Smallpox was eliminated in the 1970s after implementation of an international vaccination program, but samples are still available in Russian and American laboratories, which is a source of concern for many people. In the face of this threat, stockpiles of the vaccine antidote to smallpox have been restored in recent years, reducing much of the risk. Tularemia: Commonly referred to as "rabbit fever," tularemia is a generally nonlethal but severely incapacitating disease caused by the Francisella tularensis bacterium. It has been a popular weapon in biological warfare because it is both highly infectious and easily dispensed in aerosol form.
Substantive Uncertainty and Strategic Warning
The central task of intelligence analysis is to help US officials—policymakers, warfighters, negotiators, law enforcers—deal more effectively with substantive uncertainty, and especially to provide timely warning of military attacks and other threats to US national security interests. Tactical (incident) warning is a major DI responsibility, focusing on hot-button issues such as terrorism, WMD developments, and political instability. Identifying when, where, and how a declared or potential adversary will strike the United States directly, mount a challenge to US interest abroad, or make a weapons breakthrough is the highest priority of the DI's current intelligence effort. Recent post-mortem studies have focused however on strategic warning, the subject of this memorandum. Strategic warning can be defined as timely analytic perception and effective communication to policy officials of important changes in the level or character of threats to national security interests that require re-evaluation of US readiness to deter or limit damage. The goal is to prevent strategic surprise. The issues addressed here are changes in the level of likelihood that an enemy will strike or that a development harmful to US interests will take place and changes in his mechanisms for inflicting damage. Illustrative threats on which intelligence can help policy officials determine an appropriate level of general preparedness include (1) attacks against the United States and its interests abroad by states and non-state actors via military, terrorist, and other means, (2) collapse of stability from domestic dynamics in a country important to US security, (3) major changes in an adversary's strategy and practice affecting WMD proliferation or international terrorism. Strategic warning is an unrelenting, often painful, challenge to both intelligence analysts and policymakers. Major surprises over the decades—that is, failures to warn effectively—include Pearl Harbor (1941), Communist attacks on South Korea (1950), Soviet invasion of Czechoslovakia (1968), the Iran revolution (1979), and Iraq's invasion of Kuwait (1990). Key to the warning challenge is that the substantive uncertainty surrounding threats to US interests requires analysts, and policymakers, to make judgments that are inherently vulnerable to error. Analysts must issue a strategic warning far enough in advance of the feared event for US officials to have an opportunity to take protective action, yet with the credibility to motivate them to do so. No mean feat. Waiting for evidence the enemy is at the gate usually fails the timeliness test; prediction of potential crises without hard evidence can fail the credibility test. When analysts are too cautious in estimative judgments on threats, they brook blame for failure to warn. When too aggressive in issuing warnings, they brook criticism for "crying wolf." Analysts face two special challenges regarding strategic warning: overcoming their own mindset and that of policy officials. Especially with issues of major policy interest on which analysts have reached an agreed estimate judgment and reported it often, they find it difficult to take the measure of disconfirming information and to explore alternative plausible meanings of gaps in diagnostic information caused by adversarial Denial and Deception (D&D) operations. Especially on issues on which US leaders have not yet focused and analysts have not reached a confident consensus, it is difficult to overcome decisionmaker aversion to undertaking costly, unpopular, and otherwise inconvenient countermeasures. Policymakers face their own thankless challenges regarding warning. US military and other national security resources are limited, including the time and attention of national leaders, who usually must deal with domestic political and policy issues as well as foreign challenges. The opportunity costs can be high if these resources are inappropriately allocated to ward off one threat that does not materialize to the neglect of another threat that does. A thoughtful senior policy official has opined that most potentially devastating threats to US interests start out being evaluated as unlikely. The key to effective intelligence-policy relations in strategic warning is for analysts to help policy officials in determining which seemingly unlikely threats are worthy of serious consideration. For better or worse, neither the DI nor its critics keeps a scorecard of strategic warnings that have been successfully executed. As indicated below, real and perceived failures to warn have brought forth critical internal as well as external examinations of analytic performance. It is mostly from study of failure, then, that DI analysts can learn lessons about the challenges of uncertainty, surprise, and warning.
Nuclear Weapons.
Nuclear weapons are bombs that make use of nuclear reactions of fission (the splitting of the nucleus of atoms) or fusion (the process by which atomic particles are joined together to form a much heavier nucleus, accompanied by the release or absorption of vast amounts of energy). The bombs used in Hiroshima and Nagasaki in 1945 were fission devices; uranium was used in the Hiroshima device, plutonium in the bomb detonated over Nagasaki. Modern nuclear weapons, including both hydrogen and thermonuclear weapons, combine thermonuclear fusion with at least one fission stage. They are substantially more lethal than the devices used against Japan in World War II and vastly more powerful than any conventional explosives. A single thermonuclear bomb detonated in a densely populated city is capable of killing hundreds of thousands of people by intense heat, massive projectiles of debris, building collapse in the immediate area, and irradiation in adjacent areas. Nuclear devices could fall into the hands of terrorists through either of two plausible avenues: state-sponsored terrorism or the black market purchase by wealthy private individuals of either highly enriched uranium (a chemical composed of at least 20% U-235 or U-233) or intact nuclear devices.2 Under the first scenario, a state that either has nuclear weapons or has access to them makes a device (one or more) available to a terrorist agent or a team of agents, taking care to destroy all evidence linking it to the operation. With the nuclear club of five (France, Britain, Russia, China, and the United States) growing to ten (now including India, Pakistan, Israel, South Africa, and North Korea), and beyond (Iran and others), state-sponsored terrorism is likely to be a continually growing threat. In the second scenario, the terrorist acquires a "loose nuke" from a black market supplier. Although this would be extremely difficult for several reasons - there would be difficulties in finding a holder who actually has and would sell weapons-grade highly enriched uranium, in moving the material across national borders, in assembling the device, and then in moving it to a target location - one can presume nonetheless that a sufficiently committed effort could conceivably overcome the obstacles. Such a presumption will help also provide a constant reminder that adequately redundant safeguards must be maintained against such threats. Failure to provide such safeguards has led to serious breaches in the past, as evidenced by reports that at least twelve Ukranian cruise missiles, each capable of carrying a 200- kiloton nuclear warhead, were smuggled to China in 2000 and Iran in 2001 (Holley, 2005). The security problem is compounded by the need to move nuclear warhead missiles around frequently both for tactical purposes and for periodic maintenance to repair internal corrosion and prevent decay. This frequent movement increases exposure to sabotage and theft. These problems are compounded each time a new nation joins the "nuclear club." The worst-case outcome of nuclear proliferation in the era of terrorism is a "decapitating strike," a nuclear attack that would cripple a government by taking out a critical part of one or more of its major branches: executive, legislative, or judicial. This prospect is dealt with in Box 7.3 by public policy analyst Norman Ornstein. Although the best approach is to prevent this scenario from happening in the first place, that approach may be unrealistic over the long term. Ornstein reminds us that it is irresponsible to operate in the meantime as though such an event will not happen - to ignore the unthinkable - rather than develop contingency plans that can prevent a political and social collapse in the event of such a catastrophic event. One way to reduce the risk of a nuclear catastrophe is to counter the threat of "loose nukes" falling into the hands of terrorists. Toward this end, Senators Sam Nunn and Richard Lugar initiated the Cooperative Threat Reduction (CTR) program in 1992, aimed at securing and dismantling weapons of mass destruction in former Soviet Union states. The CTR provides funding and expertise for republics of the former Soviet Union - Russia, Ukraine, Georgia, Azerbaijan, Uzbekistan, and Kazakhstan - to decommission nuclear, biological, and chemical weapon stockpiles, as agreed by the Soviet Union under disarmament treaties such as the Strategic Arms Limitation Treaties I and II. Under the scrutiny of American contractors, nuclear warheads are to be removed from their delivery vehicles, then decommissioned or stockpiled at designated sites in Russia. The CTR program reports to Congress annually on the status of the initiative as a whole and on the progress made in individual states. Additional threats associated with Cold War nuclear policies continue even decades after the fall of the Berlin Wall in 1989. The U.S. and former Soviet Union nations possess the vast majority of nuclear devices. Analyst Bruce Blair is concerned about more possibilities than nuclear devices from these spheres getting into the hands of terrorists through black markets, as described earlier. There are other nuclear-related terrorist threats, such as terrorists from Chechnya or elsewhere aiming a non-nuclear missile at nuclear weapon sites in any former Soviet Union country or in the United States in an attempt to set off a Cold War calamity. Blair argues that such terrorist threats loom much larger today than the unlikely risk that either the United States or Russia would deliberately attack the other with nuclear weapons. He concludes, "We need to kick our old habits and stand down our hair-trigger forces." Related concerns about trafficking in weapons-grade uranium have been raised by Lawrence Sheets. Sheets describes three unrelated incidents of attempts by Russians to sell such material on the black market. He observes that while all three attempts failed, they nonetheless reveal the ease with which extremely dangerous materials can be acquired and sold to interested buyers, including terrorists. Information about the manufacture and use of all types of weapons of mass destruction - biological, chemical, and radiological - has become widely available through the Internet and other channels. Given the large number of people willing to use these devices and the unlimited array of prospective targets, it is virtually inevitable that someone, somewhere will make use of this information, get their hands on a weapon of mass destruction, and eventually set off a major biological, chemical, radiological, or nuclear attack. To the extent that we understand these weapons and how to protect ourselves against them, we can ward off attacks and, when the defenses against them are overcome, minimize the damage they inflict.
3. Technology for "Connecting the Dots"
Once the data are collected, they must be analyzed. Because terrorism is both a crime and military problem, it is useful to draw both from the analysis of crime data and from the analysis of more conventional military intelligence processes, to consider the limits of each approach for dealing with the problem of terrorism, and to see how technology plays a role in both approaches. A more in-depth treatment of the intelligence analysis process is presented in Chapter 11. Science and technology have made powerful tools available to criminal investigators to help in solving crimes by identifying linkages among people and organizations. These tools have helped solve street crimes and conspiratorial crimes such as narcotics trafficking and corruption, and the technology can be useful as well to the analysis of terrorism and organized hate crimes. Foremost among these are techniques of crime analysis and intelligence analysis that establish who is doing or planning to do what to whom, and when and why they plan to do it. An integral part of this analysis is the identification and deciphering of historical or recent crime patterns spatially and by type of crime and situation (Ronczkowski, 2003). Crime analysis begins with the collection and validation of crime and victimization data. Statistical tools are then used to describe and explain patterns in these data so that they can be analyzed as to causes and the trends projected forward. Unfortunately, the most serious terrorist events are not predictable using these methods. They are unpredictable primarily because of a factor that we can applaud: there have been too few terrorist events in the West to form a distinct pattern or provide a basis for statistical prediction. The tools of crime analysis are likely to be more helpful in places where terrorist activities are frequent and committed by fairly unsophisticated people. Terrorist events are less predictable for another reason as well: ordinary criminals are less inclined to rely on effective methods of deception and concealment than are terrorists. Terrorists do not have the luxury of being frequently caught and released, as is the case with most street offenders. Conventional intelligence techniques can be more helpful for learning about the activities and plans of individual terrorists and terrorist groups. One example of the use of technology for identifying terrorist networks is through the analysis of patterns in the time and frequency of telephone calls made by known terrorists. The National Security Agency does this "data mining without snooping" routinely. It does not listen to individual calls. Rather, it tracks and records the time each call was placed, the length of the call, and the origin and destination of electronic transmissions. It then analyzes the data for patterns that permit an analysis of networks and of the direction and relative intensity of individual branches within the network. This data mining may be an effective use of the West's comparative advantage in technology. With appropriate constitutional safeguards, it can legitimately enable the collection of information that human intelligence has great difficulty providing, given the formidable barriers to penetrating the cells of radical Islamists, at home and abroad (Harris and Naftali, 2006; Zuckerman, 2006). Technology can also help overcome one of the greatest obstacles to analyzing data about viable terrorism threats - language barriers. There is, to be sure, a real threat of home-grown terrorism by people born and raised in the same societies they have chosen to terrorize. But at least for the United States, the greater threat that has been identified by the 9/11 Commission and other authorities is that of acts committed by Muslim extremists determined to bring harm to targets in the West. There is a huge backlog of material collected in Arabic, Farsi, and other languages of the Middle East waiting to be translated. The primary bottleneck in the analysis of intelligence data is the lack of analysts with needed language skills, especially in Arabic and its many dialects and unique local colloquialisms, as well as familiarity with cultural nuances of countries and cultures such as those from which the nineteen 9/11 attackers came (9/11 Commission Report, 2004; Pincus, 2006). Technology can help significantly by performing computer translations of foreign languages and flagging items in need of careful scrutiny by people who speak the language
Counter Terrorist Radicalization and Recruitment
Over the past seventeen years, we have built a robust counterterrorism architecture to stop attacks and eliminate terrorists, but we have not developed a prevention architecture to thwart terrorist radicalization and recruitment. Unless we counter terrorist radicalization and recruitment, we will be fighting a never-ending battle against terrorism in the homeland, overseas, and online. Our strategy, therefore, will champion and institutionalize prevention and create a global prevention architecture with the help of civil society, private partners, and the technology industry Priority Actions INSTITUTIONALIZE A PREVENTION ARCHITECTURE TO THWART TERRORISM: We will support local solutions and empower stakeholders, providing them with the knowledge and resources they need to address terrorist threats. Early warning systems, including bystander reporting, will be a critical component of this architecture. We will also work closely with foreign partners, the technology sector, religious leaders, local stakeholders, and international fora to identify and share best practices. We will also seek to promote voices of pluralism and tolerance. Through these efforts, we will prevent radicalization and mobilization to violence across all violent extremist ideologies. COMBAT VIOLENT EXTREMIST IDEOLOGIES: We will undermine the ability of terrorist ideologies, particularly radical Islamist terrorist ideologies, to create a common identity and sense of purpose among potential recruits. We must combat the resilience of terrorist narratives by acknowledging that their ideologies contain elements that have enduring appeal among their audiences. To undercut terrorist recruiting, we will demonstrate that their claims are false and do not offer effective solutions. We will exploit doubts among potential recruits to reduce terrorists' ability to incite violence and recruit. We will also communicate alternatives and promote off ramps from violence to prevent individuals from becoming more committed to these ideologies and their violent means. Throughout this cycle of recruitment and mobilization, we will take advantage of our operational, diplomatic, and development successes to demonstrate the futility of terrorist violence. I N C R E A S E C I V I L S O C I E T Y ' S R O L E I N T E R R O R I S M PREVENTION: Through engagement, public communications, and diplomacy, we will strengthen and connect our partners in civil society who are eager to expand their limited terrorism prevention efforts. We will raise awareness of radicalization and recruitment dynamics, highlight successful prevention and intervention approaches domestically and overseas, and empower local partners through outreach, training, and international exchanges. We will also promote grassroots efforts to identify and address radicalization to insulate civilian populations from terrorist influence. S U P P O R T I N T E R V E N T I O N , R E I N T EG R AT I O N , A N D COUNTER-RECIDIVISM EFFORTS: We will identif y signs of violent radicalization and mobilization to focus real-world and online intervention efforts to prevent terrorist attacks. We will work to limit prison radicalization by training prison staff and supporting rehabilitation. We will also work with foreign partners to address the challenge of reintegrating returning foreign terrorist fighters, their families, and children into their communities. COMBAT TERRORISTS' INFLUENCE ONLINE: We will combat terrorist use of cyberspace as a global stage to showcase their violent ideologies, to fundraise, and to radicalize, recruit, and mobilize individuals to violence. In concert with our partners, we will expand relationships with technology sector entities to empower them to combat violent extremism online and terrorists' abuse of their platforms. We will continue to expose and counter the flood of terrorist ideology online. COUNTER R A DIC A LIZ ATION THROUG H S TR ATEG IC COMMUNICATIONS: Within the United States Government, we will create a common operating picture of terrorists' propaganda activities to detect and combat terrorists' narratives and better understand the audiences that they try to influence. With coalition members and our partners in civil society and international media, we will explain our counterterrorism efforts, highlight examples of non-violent means to address grievances, amplify success stories of development and recovery, and promote positive narratives
LR: TECHNOLOGY & TERRORISM
This chapter considers the importance of technology from two fundamentally different perspectives: first, as an instrument of terror, and, then, as a means of preventing and responding to acts of terror. Specific technologies are described in both domains. For terrorists, technology is involved in both the means of terror, including weapons of mass destruction and use of the Internet, and the targets of terror, including technological infrastructure targets. Technology can be a critical tool in counterterrorism too, through smart identification systems, sophisticated technologies for intelligence gathering and analysis, and the use of the Internet as a bridge builder to reduce tensions that can lead to terrorism. The chapter closes with a reflection on the limits of technology both for terrorists and for peace-loving people.
The Research Project
This study examined the role of Isis on social media by examining two main platforms, namely Facebook and Twitter. In doing so, this paper will be examining how, this medium is being used to create an online space where radicalisation can occur through online communicative technology and cyberspace. This is particularly important as an online extremist narrative and presence can act as an echo chamber whereby extremist thoughts are populated, redistributed, disseminated and reinforced. This study will show that there is a need for government and policy makers to re-examine the role of social media and the impact it may be having upon the online radicalisation process
Box 7.5. Catching a Jihadi Cyberterrorist
For almost two years, intelligence services around the world tried to uncover the identity of an Internet hacker who had become a key conduit for al-Qaeda. The savvy, English-speaking, presumably young Webmaster taunted his pursuers, calling himself Irhabi (Terrorist) 007. He hacked into American university computers, propagandized for the Iraq insurgents led by Abu Musab al-Zarqawi, and taught other online jihadists how to wield their computers for the cause. Suddenly last fall, Irhabi 007 disappeared from the message boards. The postings ended after Scotland Yard arrested a 22-year-old West Londoner, Younis Tsouli, suspected of participating in an alleged bomb plot. In November, British authorities brought a range of charges against him related to that plot. Only later, according to our sources familiar with the British probe, was Tsouli's other suspected identity revealed. British investigators eventually confirmed to us that they believe he is Irhabi 007. The unwitting end of the hunt comes at a time when al-Qaeda sympathizers like Irhabi 007 are making explosive new use of the Internet. Countless Web sites and password-protected forums - most of which have sprung up in the last several years - now cater to would-be jihadists like Irhabi 007. The terrorists who congregate in those cybercommunities are rapidly becoming skilled in hacking, programming, executing online attacks, and mastering digital and media design - and Irhabi was a master of all those arts. But the manner of his arrest demonstrates how challenging it is to combat such online activities and to prevent others from following Irhabi's example: After pursuing an investigation into a European terrorism suspect, British investigators raided Tsouli's house, where they found stolen credit card information, according to an American source familiar with the probe. Looking further, they found that the cards were used to pay American Internet providers on whose servers he had posted jihadi propaganda. Only then did investigators come to believe that they had netted the infamous hacker. And that element of luck is a problem. The Internet has presented investigators with an extraordinary challenge. But our future security is going to depend increasingly on identifying and catching the shadowy figures who exist primarily in the elusive online world. The short career of Irhabi 007 offers a case study in the evolving nature of the threat that we at the SITE Institute track every day by monitoring and then joining the password-protected forums and communicating with the online jihadi community. Celebrated for his computer expertise, Irhabi 007 had propelled the jihadists into a twenty-first-century offensive through his ability to covertly and securely disseminate manuals of weaponry, videos of insurgent feats such as beheadings, and other inflammatory material. It is by analyzing the trail of information left by such postings that we are able to distinguish the patterns of communication used by individual terrorists. Irhabi's success stemmed from a combination of skill and timing. In early 2004, he joined the password-protected message forum known as Muntada al-Ansar al-Islami (Islam Supporters Forum) and, soon after, al-Ekhlas (Sincerity) - two of the password protected forums with thousands of members that al Qaeda had been using for military instructions, propaganda, and recruitment. (These two forums have since been taken down.) This was around the time that Zarqawi began using the Internet as his primary means of disseminating propaganda for his insurgency in Iraq. Zarqawi needed computer-savvy associates, and Irhabi proved to be a standout among the volunteers, many of whom were based in Europe. Irhabi's central role became apparent to outsiders in April of that year, when Zarqawi's group, later renamed al Qaeda in Iraq, began releasing its communiques through its official spokesman, Abu Maysara al-Iraqi, on the ´ Ansar forum. In his first posting, al-Iraqi wrote in Arabic about "the good news" that "a group of proud and brave men" intended to "strike the economic interests of the countries of blasphemy and atheism, that came to raise the banner of the Cross in the country of the Muslims." At the time, some doubted that posting's authenticity, but Irhabi, who was the first to post a response, offered words of support. Before long, al-Iraqi answered in like fashion, establishing their relationship - and Irhabi's central role. Over the following year and a half, Irhabi established himself as the top jihadi expert on all things Internet-related. He became a very active member of many jihadi forums in Arabic and English. He worked on both defeating and enhancing online security, linking to multimedia and providing online seminars on the use of the Internet. He seemed to be online night and day, ready to answer questions about how to post a video, for example - and often willing to take over and do the posting himself. Irhabi focused on hacking into Web sites as well as educating Internet surfers in the secrets to anonymous browsing. In one instance, Irhabi posted a 20-page message titled "Seminar on Hacking Websites," to the Ekhlas forum. It provided detailed information on the art of hacking, listing dozens of vulnerable Web sites to which one could upload shared media. Irhabi used this strategy himself, uploading data to a Web site run by the state of Arkansas, and then to another run by George Washington University. This stunt led many experts to believe - erroneously - that Irhabi was based in the United States. Irhabi used countless other Web sites as free hosts for material that the jihadists needed to upload and share. In addition to these sites, Irhabi provided techniques for discovering server vulnerabilities, in the event that his suggested sites became secure. In this way, jihadists could use third-party hosts to disseminate propaganda so that they did not have to risk using their own Web space and, more importantly, their own money. As he provided seemingly limitless space captured from vulnerable servers throughout the Internet, Irhabi was celebrated by his online followers. A mark of that appreciation was the following memorandum of praise offered by a member of Ansar in August 2004: To Our Brother Irhabi 007. Our brother Irhabi 007, you have shown very good efforts in serving this message board, as I can see, and in serving jihad for the sake of God. By God, we do not like to hear what hurts you, so we ask God to keep you in his care. You are one of the top people who care about serving your brothers. May God add all of that on the side of your good work, and may you go careful and successful. We say carry on with God's blessing. Carry on, may God protect you. Carry on serving jihad and its supporters. And I ask the mighty, gracious and merciful God to keep for us everyone who wants to support his faith. Amen. Irhabi's hacking ability was useful not only in the exchange of media but also in the distribution of large scale al Qaeda productions. In one instance, a film produced by Zarqawi's al Qaeda, titled "All Is for Allah's Religion," was distributed from a page at www.alaflam.net/wdkl. The links, uploaded in June 2005, provided numerous outlets where visitors could find the video. In the event that one of the sites was disabled, many other sources were available as backups. Several were based on domains such as www.irhabi007.ca or www.irhabi007.tv, indicating a strong involvement by Irhabi himself. The film, a major release by al Qaeda in Iraq, showed many of the insurgents' recent exploits compiled with footage of Osama bin Laden, commentary on the Abu Ghraib prison, and political statements about the rule of then-Iraqi Interim Prime Minister Ayad Allawi. Tsouli has been charged with eight offenses including conspiracy to murder, conspiracy to cause an explosion, conspiracy to cause a public nuisance, conspiracy to obtain money by deception, and offenses relating to the possession of articles for terrorist purposes and fundraising. So far there are no charges directly related to his alleged activities as Irhabi on the Internet, but given the charges already mounted against him, it will probably be a long time before the 22-year-old is able to go online again. But Irhabi's absence from the Internet may not be as noticeable as many hope. Indeed, the hacker had anticipated his own disappearance. In the months beforehand, Irhabi released his will on the Internet. In it, he provided links to help visitors with their own Internet security and hacking skills in the event of his absence - a rubric for jihadists seeking the means to continue to serve their nefarious ends. Irhabi may have been caught, but his online legacy may be the creation of many thousands of 007s
Human Smuggling
Mexico-based cartels play an influential role in human smuggling, often facilitating illicit migration over and near the border. Mexico-based drug cartels control large sections of territory just south of the United States southwest land border and have traditionally taxed human smugglers and traffickers to move migrants through their areas of operation. Since the COVID-19 pandemic began, these criminal groups have continued efforts to facilitate the movement of migrants throughout most of their routes.
EVOLVING INFLUENCE TRADECRAFT AND TARGETING
Russian influence actors are evolving their methods of interacting with target U.S. audiences and obfuscating detection of their online influence activity. • We expect that influence actors will evolve their ability to create and operate fake social-media accounts, thereby obfuscating their online influence activity. • Russian influence actors likely will use U.S.-based servers and other computer infrastructure—including virtual private networks—to mask their location, obscure login activity, and prevent account banning. • Russian influence actors probably will leverage artificial intelligence to automate the creation and distribution of memes with socially divisive messages on social media. Previously, Russian actors mass produced politically themed picture memes called "demotivators," some of which they produced under the guise of U.S. activist groups
Cyber-Terrorism and the Power of Social Media
Both the use of cyber-terrorism through the Internet and social media have been used by extremist groups in order to manufacture a process of online hate. In the case of many of the tweets and videos analysed in these cases, the Internet and social media sites act as a knowledgeable database on how to promote violence as a strategy through the social learning theory (Freiburger and Crane, 2008). This theory asserts that individuals learn deviant behaviour from other groups, which may lead to extremist learning that is categorised by association, definitions, differential reinforcement, and imitation. They argue that mechanisms of the social learning theory are used by terrorist groups on the Internet as a tool to facilitate attacks and recruitment. This perspective of deviant behaviours offers a thought provoking insight into the processes that transform naïve individuals like Andrew Ibrahim into violent extremists (Desmond, 2002). It also shows how social media sites online have been used by Isis to create a terror network. Indeed, Freiburger and Crane refer to a European case study where Peter Cherif was recruited by Al-Qaeda over the Internet through a similar learning process (Powell et al., 2005). They argue that if groups become marginalized they become more susceptible to using the Internet for terrorist purposes. The use of social constructionism as a mechanism to understand the competing definitions of cyber-terrorism is crucial in getting a better understanding of the phenomena. Clearly, social practices and social behaviour change with time and thus our understanding of online extremism will also evolve. Within this context social constructionism offers both criminologists and sociologists a means to examine the various social processes that emerge when looking at interpretations of online extremism (Felson, 2002). McKenna and Bargh (1998) research suggests cyber space and terrorism have converged thus allowing terrorists to use the Internet for terrorist purposes. As a result of such conflicting opinion there is a real and present fear, which critics argue means the Internet and social media sites, have become a safe haven for potential extremists to 'groom' vulnerable people. Moreover, Tsfati and Weimann (2002) argue that terrorist groups are using the Internet to groom vulnerable individuals by justifying violence against innocent civilians as a retribution for the invasions and crimes committed against Muslims across the globe (Verton, 2003). They have a high level of technological knowledge, spending endless hours honing their skills. They simply enjoy the challenge of trying to get into cyberspace. Their aims are not the same as extremists (Furnell and Warren, 1999). Klausen (2015) argues that social media sites are being used by Isis and others as a global cyber war tactic in places like Syria. In Klausen's (2015) study of social media networks, Klausen (2015) found that Twitter was being used by Isis members as a means to create an illusion that the group was more powerful than it actually was. This was being done, as this paper has found through Twitter accounts and daily feeds as a means to whip up support. Indeed, in a previous study by Klausen et al. (2012) they also found that Jihadist groups were using YouTube as a means for propaganda purposes. They examined the group, Al-Muhajiroun's YouTube Propaganda Campaign and found that the group were using YouTube media channels to politicize support and create powerful terror networks
Exploitation of Others for Profit
Criminal elements will continue to exploit others to facilitate their pursuit of illicit profits. • Human trafficking—both sex trafficking and forced labor—remains a significant issue. Top threats include sex trafficking and juvenile sex trafficking, domestic labor trafficking and indentured servitude, and goods imported into the United States that were produced by forced labor. These illicit activities often have a nexus to criminal organizations, such as those operating illicit massage businesses or engaged in exploitation of migrant and undocumented populations. • Child exploitation is also a significant issue. Top threats in this area include the proliferation of online Child Sexual Abuse Material, live streaming of child sexual exploitation, online enticement and extortion, and child sex trafficking. • Criminal networks engage in multiple types of illicit financial activities to maintain affirmative control of their proceeds, including bulk cash smuggling, trade-based money laundering (TBML), third party money laundering (3PML), virtual currency-based money laundering and fraud, and transnational financial fraud schemes. The top threats in the illicit finance area are Chinese TCOs, money laundering organizations specializing in supporting drug trafficking organizations, Colombian money brokers, West African TCOs, and cyber hacking groups
Policy Box 7.2. A Treaty to Control Biological Weapons
One way to reduce the prospect of bioweapons finding their way into the hands of terrorists is to eliminate them wherever they are known to exist. In 1975 a multinational agreement - the Convention on the Prohibition of the Development, Production and Stockpiling of Bacteriological (Biological) and Toxin Weapons and on their Destruction, referred to more commonly as the Biological Weapons Convention (BWC) - went into effect to prohibit the development, production, and stockpiling of biological and toxin weapons. Over a period of three years starting in 1972, the agreement was signed by the United States, the former Soviet Union, and twenty other nations. The treaty was extraordinary in that it banned an entire class of weapons. Today more than 150 nations have signed on to the agreement. It is widely considered to be a useful vehicle for condemning biological weapons, as well as a valuable legal and political instrument. The BWC complements the Geneva Protocol, which banned biological warfare methods in 1925. The primary problem with the BWC is the difficulty in enforcing it. In 1973, the former Soviet Union created a secret agency with more than 25,000 employees, known as "Biopreparat" devoted to the manufacture of bioweapons, in clear violation of the BWC (Alibek, 1999; Stone, 2001). Decades later - because the treaty continues to have no verification mechanism for ensuring that the signatories honor its terms - it remains among the weakest of international arms control agreements. Agreements on other weapons of mass destruction, particularly nuclear and chemical weapons, have established technical systems for monitoring compliance, but the BWC remains an agreement based on trust. However, even if the treaty has only symbolic value, it may serve nonetheless to complement the unilateral exercise of decency and common sense. A compelling reason for any nation to honor the terms of the BWC - and perhaps every other agreement on weapons of mass destruction - is to preserve its own security and legitimacy. Stockpiles of such weapons have become too inviting a target of opportunity for terrorists, lunatics, and disgruntled people. With the possible exception of nuclear weapons, they are likely to have little deterrent value, and possibly have a stronger counter deterrent stimulus. If used, they could sooner or later produce an effective blowback response. Bioweapons can scarcely be of value to a nation that regards their use as a violation of the most basic principles of just warfare and self-preservation.
Summary Recommendations
No matter what the future role of intelligence in the strategic warning process, the challenge to DI analysts of effective battle against substantive uncertainty will remain unrelenting—at times punishing. Three summary recommendations are worthy of consideration. Analysts, including new analysts, must balance their professional commitment to increased mastery of what can be known of their accounts (substantive expertise) with their commitment to enhanced skills for dealing with what cannot be known (tradecraft expertise). Perhaps the most painful lesson of 11 September 2001 is that, at least regarding individual incidents, surprise attacks are inevitable. Analysts will often have to decide whether and how to provide strategic warning convincingly despite the absence of a "smoking gun" report. While there is no magic bullet for averting strategic surprise, tradecraft skills for undertaking Alternative Analysis and for countering D&D can improve the chances of success, and thus are every-day professional responsibilities for all DI analysts, not just for methodologists and specialists. Analysts must master the skills for effective challenge of their own assumptions and tough-minded evaluation of the authenticity and general adequacy of classified as well as open source information—before, not after, taking on difficult substantive assignments. The more analysts know about the US policymaking process and the more they understand the challenges facing their policymaking counterparts, the better positioned intelligence will be for any assigned role in strategic warning. Absent a windfall of smoking-gun information, for analysts to warn effectively they must understand how their key clients set their issue priorities, debate and otherwise process decisions with their policy peers, absorb experts' views and "bad news," and prefer to deal with substantive uncertainty.
B. Technology as a Tool Against Terrorism
Technological advances have helped the terrorists, but they help in the cause of counterterrorism too. Soon after the 9/11 attack, the National Academy of Sciences formed a Committee on Science and Technology for Countering Terrorism. The mission of the Committee was threefold: to identify vulnerabilities to subsequent attack, assess critical means by which science and technology could be used to reduce those vulnerabilities and lessen their consequences when they do occur, and develop a strategy by which the strengths of U.S. science could serve the defense of the nation against terrorism. A motivating idea was that - in much the same manner that the scientific community had engaged effectively to meet the challenges of Sputnik and Soviet science during the Cold War and respond to the AIDS epidemic in the 1980s and '90s - it ought to be able to rise as well to meet the challenges posed by the burgeoning threat of terrorism. The Committee set out to do so by generating proposals specific enough to be useful, but taking care not to provide information that could give terrorists new ideas of how to launch attacks. The Committee - consisting of scientists from universities, industry, government, and professional societies - did its work over a fairly short time span, from December 2001 through May 2002. It focused on nine areas: nuclear and radiological threats, human and agricultural health systems, toxic chemicals and explosive materials, information technology, energy systems, transportation systems, cities and fixed infrastructure, the response of people to terrorism, and complex and interdependent systems. They recommended fourteen initiatives, seven for immediate implementation and seven to encourage research on specific issues in need of systematic inquiry. The recommendations are itemized in Box 7.6. The Committee also identified a set of general principles that spanned the specific areas of focus: Identify and repair the weakest links in vulnerable systems and infrastructures. Use "circuit breakers" to isolate and stabilize failing system elements. Build security into basic system designs where possible. Build flexibility into systems so that they can be modified to address unforeseen threats Search for technologies that reduce costs or provide ancillary benefits to civil society to ensure a sustainable effort against terrorist threats. The Committee made several other noteworthy recommendations: The United States should accelerate its bilateral materials protection, control, and accounting program in Russia to safeguard small nuclear warheads and special nuclear materials, particularly highly enriched uranium. A focused and coordinated near-term effort should be made to evaluate and improve the efficacy of special nuclear material detection systems that could be deployed at strategic choke points for homeland defense, especially for the detection of highly enriched uranium. The United States should develop new tools for the surveillance, detection, and diagnosis of bioterrorist threat agents. The United States should strengthen its decontamination and bioterrorism forensic programs critical to deterrence, response, and recovery. The Food and Drug Administration should develop criteria for quantifying hazards in order to define the level of risk for various kinds of food-processing facilities. The Environmental Protection Agency should direct additional research on determining the persistence of pathogens, chemical contaminants, and other toxic materials in public water supplies. Scientists and engineers from different settings - universities, companies, and federal agencies - should work together to advance filtering and decontamination techniques by improving existing technologies and developing new methods for removing chemical contaminants from the air and water. The National Institute of Standards and Technology, the national laboratories, and other agencies should undertake research and development leading to improved blast- and fire-resistant designs. Research and development should be undertaken to produce new, small, reliable, quick-reading sensors of toxic materials for use by first responders. The Office of Homeland Security and the Federal Emergency Management Agency (FEMA) should coordinate with state and local officials to develop and deploy threat-based simulation models and training modules for emergency operations centers training of first responders. The National Science Foundation, FEMA, and other agencies should support research - basic, comparative, and applied - on the structure and functioning of agencies responsible for dealing with attacks and other disasters. All agencies creating technological systems for the support of first responders and other decision makers should base their system designs and user interfaces on the most up-to-date research on human behavior, especially with respect to issues critical to the effectiveness of counterterrorism technologies and systems. To reduce the vulnerabilities of complex interconnected systems, threat and infrastructure models should be extended or developed and used in combination with intelligence data. The Committee concluded its report by strongly urging the U.S. scientific and engineering communities to cooperate with like-minded efforts in other countries, thereby enhancing the prospects for successful counterterrorism efforts both at home and abroad. Since publication of the 2002 report, three specific technologies have been shown to be particularly well suited for countering the threat of terrorism: for screening people at border crossings, beginning with the ability to verify their identity; for identifying the "dots" of potentially relevant intelligence data, and then for making connections among the relevant dots; and for enhancing the ability of the Internet to serve as a bridge builder among people throug
Violent Extremism in the United States
The primary terrorist threat inside the United States will stem from lone offenders and small cells of individuals, including Domestic Violent Extremists6 (DVEs) and foreign terrorist-inspired Homegrown Violent Extremists7 (HVEs). Some U.S.-based violent extremists have capitalized on increased social and political tensions in 2020, which will drive an elevated threat environment at least through early 2021. Violent extremists will continue to target individuals or institutions that represent symbols of their grievances, as well as grievances based on political affiliation or perceived policy positions. The domestic situation surrounding the COVID-19 pandemic creates an environment that could accelerate some individuals' mobilization to targeted violence or radicalization to terrorism. Social distancing may lead to social isolation, which is associated with depression, increased anxiety, and social alienation. Similarly, work disruptions, including unexpected unemployment and layoffs, can also increase risk factors associated with radicalization to violence and willingness to engage in acts of targeted violence. • Violent extremist media almost certainly will spread violent extremist ideologies, especially via social media, that encourage violence and influence action within the United States. • Violent extremists will continue their efforts to exploit public fears associated with COVID-19 and social grievances driving lawful protests to incite violence, intimidate targets, and promote their violent extremist ideologies. • Simple tactics—such as vehicle ramming, small arms, edged weapons, arson, and rudimentary improvised explosive devices (IEDs)—probably will be most common. However, lone offenders could employ more sophisticated means, to include advanced and/or high-consequence IEDs and using crude chemical, biological, and radiological materials. • While ISIS and other Foreign Terrorist Organizations (FTOs) have called for attacks in the West using "all available means," biologicalfocused attempts would likely involve crudely produced toxins and poisons. Similarly, during the COVID-19 outbreak, domestic extremists have called for the spread of the SARS-CoV-2 virus through unsophisticated means. While significant expertise and infrastructure limits the threat by low-level actors, even rudimentary actions can result in economically significant costs and incite fear without a corresponding risk to health. Some DVEs and other violent actors8 might target events related to the 2020 Presidential campaigns, the election itself, election results, or the post-election period. Such actors could mobilize quickly to threaten or engage in violence. Violence related to government efforts to mitigate the COVID-19 pandemic and amidst otherwise ongoing lawful protests has exacerbated the typical election-season threat environment. • Some DVEs have heightened their attention to election- or campaign-related activities, candidates' public statements, and policy issues connected to specific candidates, judging from domestic terrorism plots since 2018 targeting individuals based on their actual or perceived political affiliations. • Open-air, publicly accessible parts of physical election infrastructure, such as campaignassociated mass gatherings, polling places, and voter registration events, would be the most likely flashpoints for potential violence. Among DVEs, racially and ethnically motivated violent extremists—specifically white supremacist extremists9 (WSEs)—will remain the most persistent and lethal threat in the Homeland. Spikes in other DVE threats probably will depend on political or social issues that often mobilize other ideological actors to violence, such as immigration, environmental, and police-related policy issues. • WSEs have demonstrated longstanding intent to target racial and religious minorities, members of the LGBTQ+ community, politicians, and those they believe promote multi-culturalism and globalization at the expense of the WSE identity. Since 2018, they have conducted more lethal attacks in the United States than any other DVE movement. • Some WSEs have engaged in outreach and networking opportunities abroad with like-minded individuals to expand their violent extremist networks. Such outreach might lead to a greater risk of mobilization to violence, including traveling to conflict zones. • Other racially or ethnically motivated violent extremists could seek to exploit concerns about social injustice issues to incite violence and exploit otherwise peaceful protests movements. Another motivating force behind domestic terrorism that also poses a threat to the Homeland is anti-government/anti-authority violent extremism. • These violent extremists, sometimes influenced by anarchist ideology, have been associated with multiple plots and attacks, which included a significant uptick in violence against law enforcement and government symbols in 2020. This ideology is also exploited by hostile nation-states, which seek to promote it through disinformation campaigns and sow additional chaos and discord across American society. • Anti-government and/or anti-authority violent extremists are likely to be emboldened by a perceived success exploiting otherwise peaceful protest movements and concealing violent tactics. These violent extremists are increasingly taking advantage of large protest crowds to conduct violence against government officials, facilities, and counter-protestors. • We also remain particularly concerned about the impacts from COVID-19 where anti-government and anti-authority violent extremists could be motivated to conduct attacks in response to perceived infringement of liberties and government overreach as all levels of government seek to limit the spread of the coronavirus that has caused a worldwide pandemic. • Ideologies driven by such DVE's often are reinforced by a variety of online content, including conspiracy theories and political commentary they view as controversial. Current events that DVEs perceive as infringing on their worldviews often contribute to periods of increased ideologically motivated violence, including recently during the COVID-19 pandemic and nationwide lawful protests. • The domestic threat environment is rapidly evolving. Operational reporting shows that DHS law enforcement officers suffered over 300 separate injuries while they were present during months of nightly unrest in Portland, Oregon. This is but one example among many across the country, including in Brooklyn, New York, and Kenosha, Wisconsin, where law enforcement officers have been injured or killed. These increasingly pervasive incidents highlight the threat of anarchist violence that has accelerated in our cities in recent months
Averting Strategic Surprise through Alternative Analysis
Because of competing priorities (for example, production speed vs. analytic rigor), doctrinal innovation does not always determine analyst practice. Later in the decade, two additional critical studies of warning intelligence were triggered by the perceived failure to anticipate that a new government in India would act quickly on its campaign pledge to resume nuclear testing (as it did in May 1998). The Jeremiah Report (Intelligence Community's Performance on the Indian Nuclear Tests, June 1998) and the Office of Inspector General (OIG) report (Alternative Analysis in the Directorate of Intelligence, May 1999) reiterated criticism of insufficient attention by managers as well as analysts to testing assumptions and taking account of alternative dynamics and outcomes. Both critiques commented on organizational as well as analytic shortcomings. The Jeremiah report recognized the constraints on strategic warning of collection and analytic resource limitations brought on by post-Cold War "downsizing" of intelligence. And the OIG report pointed to pressures on Agency analysts for speed, conciseness, and judgmental decisiveness as obstacles to employing more deliberate analytic tradecraft for combating substantive uncertainty. The reports called for greater recourse to the techniques of Alternative Analysis, first for more rigid testing of prevailing judgments and then to take more deliberate account of seemingly less likely but potentially high-impact developments. Admiral Jeremiah stressed the need to institutionalize use of alternative analytic approaches on complex issues when a change of government or other threshold event increases the likelihood of departures from prevailing analytic assumptions about political and military dynamics. One of the main cognitive traps analysts must overcome is mirror-imaging—estimating the risk-benefit calculations of a foreign government or non-state group based on what would make sense in a US or Western Europe context. In addition to enhanced training and other internal mechanisms to ensure greater critical thinking by the analysts themselves, Jeremiah recommended two external fixes to ensure that "more rigor...go[es] into analysts' thinking when major events take place." A) Bring in outside substantive experts in a more systematic fashion [so that we work against this "everybody thinks like us" mind set]. B) Bring in experts in the process of analysis when the IC faces a transition on a major intelligence issue. These analytic thinkers would serve, together with substantive specialists, as "Red Teams" on major analytic problems and would work with analysts to study assumptions, mirror-imaging, and complex analytic processes The OIG report acknowledged numerous useful DI activities to promote critical thinking, but made a series of recommendations calling for greater management buy-in and analyst training to ensure more frequent and more effective use of Alternative Analysis. Establish guidelines...for when and how alternative analysis techniques and approaches are best applied to an intelligence issue and...fuller representation of sound minority views and outcome uncertainties are to be incorporated in...finished intelligence products. Establish a mechanism for routinely identifying best practice in alternative analysis both within and outside the DI. Articulate a comprehensive plan for improving alternative analysis that clearly links investment priorities to specific goals. Review [and improve] the Directorate's... analytic methodology support infrastructure. Implement a training curriculum...that provides in-depth exposure to...alternative analysis tools and presentation techniques ...focusing first on training for managers. The DI in response to both critical studies has substantially increased attention to the wide range of undertakings and tradecraft techniques under the rubric of Alternative Analysis. For example, the Offices have expanded use of outside substantive experts to generate and test analytic assumptions. Analysts have increased their use of techniques such as red teaming (role-playing an adversary's calculations), Devil's Advocacy (deliberate challenge of a DI team's strongly-held analytic views), and Team A-Team B analysis (competitive assessments) in order to focus greater attention on High Impact-Low Probability threats to US national security interests. Regarding formal training, Kent School runs a monthly Alternative Analysis Workshop and has introduced an AA unit into the CAP. Through the Global Futures Partnership, the Kent Center sponsors scenario exercises on key issue trends and conferences on organizational and conceptual requirements for anticipating changes affecting US security interests.
Human Trafficking
Human traffickers continue to use force, fraud, and coercion against millions of victims worldwide, as many of them attempt to gain entry to the United States via the southwest land border. Many victims never seek assistance from law enforcement because of language barriers, fear of retaliation from their traffickers and/or fear of law enforcement. This allows traffickers to force victims into labor or commercial sexual exploitation. Traffickers continue to target people they believe to be susceptible for a wide variety of reasons including but not limited to psychological or emotional vulnerability, economic hardship, natural disasters, political instability or a lack of a social safety net. • Increased illegal immigration to the U.S. Southwest Border will require United States Citizenship and Immigration Services (USCIS) to re-examine how resources are properly aligned at the Southwest Border, likely impacting the larger asylum system. Increasing numbers of apprehensions will lead to an increased number of fear claims, requiring USCIS to dedicate additional resources to protection screenings and away from addressing case backlogs such as the asylum case backlog. • Social distancing requirements could continue to affect work taking place in detention facilities along the Southwest border. Budgetary impediments towards immigration enforcement and lack of bipartisan support of detention measures continue to undermine U.S. immigration enforcement policies. Such inconsistent practices continue to lead to the release of dangerous criminal aliens and absconders who may then commit additional crimes when they might otherwise have been expeditiously detained and removed from the United States. • Since 2014, DHS has experienced repeated illegal immigration surges at the Southwest Border. DHS anticipates that the number of apprehensions at the border will significantly climb post-pandemic, with the potential for another surge as those who were previously prevented from seeking entry into the United States arrive at the border and as poor economic conditions around the world fuel migration. This high volume of illegal immigration, including unprecedented numbers of family units and unaccompanied alien children arrivals, stretch government resources, and create a humanitarian and border security crisis that cripples the immigration system. • Record migration at the Southwest Border took up limited U.S. Immigration and Customs Enforcement (ICE) detention resources, drove increases in the agency's average daily population (ADP), resulted in decreased interior arrests (including arrests of criminals), and forced ICE to balance its critical public safety mission in the interior with its support for DHS efforts to secure the border. As the pandemic subsides, ICE will conduct additional enforcement operations to uphold its public safety mission and address the growing fugitive backlog. • DHS projects that until fundamental changes are made to the immigration enforcement process, including legislation that addresses current legal loopholes that incentivize high levels of illegal immigration, the United States will periodically experience additional humanitarian and border security crises.
LR: National Strategy for Counterterrorism
Introduction The Path to Victory The United States occupies a special role among nations as a vanguard of freedom, democracy, and constitutional governance. These luminous ideals must be assiduously defended in a world of increasing challenges and dangers from the forces that threaten America's people, our vital interests, and the security and prosperity of our allies and partners. Terrorists seek to undermine American ideals and the United States Government by using violence and propaganda to advance their depraved goals. After seventeen years of armed conflict and significant costs in American blood and treasure, our efforts to prevent and counter terrorism have met with mixed success. While we have succeeded in disrupting large-scale attacks in the homeland since 2001, we have not sufficiently mitigated the overall threat that terrorists pose. Today's terrorist threats have changed, and terrorist groups are now more geographically dispersed and their tactics more diversified. To address this evolving terrorist threat across the globe and within the homeland, our approach to counterterrorism must evolve. As President Donald J. Trump has stated, "America is committed to adjusting our strategies to meet evolving threats and new facts. We will discard those strategies that have not worked—and will apply new approaches informed by experience and judgment." We must confront terrorists with the combined power of America's strengths—our strong military, our law enforcement and intelligence communities, our civilian government institutions, our vibrant private sector, our civil society, our international partnerships, and the firm resolve of the American people. Harnessing our full potential, the spirit of innovation that has been key to our national greatness, and our tradition of working together toward our common goals, we will prevail and prevent terrorism from disrupting the American way of life. Through the National Strategy for Counterterrorism, we will achieve the following end states to safeguard our homeland, way of life, and shared interests: • The terrorist threat to the United States is eliminated; • Our borders and all ports of entry into the United States are secure against terrorist threats; • Terrorism, radical Islamist ideologies, and other violent extremist ideologies do not undermine the American way of life; and • Foreign partners address terrorist threats so that these threats do not jeopardize the collective interests of the United States and our partners. To achieve these aims, this strategy adopts an America First approach to counterterrorism—one that is guided by United States interests; shaped by realistic assessments of both our challenges and our capabilities; and attuned to the important roles of our allies and partners, both foreign and domestic, in our shared counterterrorism efforts. This strategy differs from previous strategies in that it adopts a more agile and expansive approach that addresses the full spectrum of terrorist threats to the United States, including our enemies overseas and the people they seek to influence and mobilize to violence in the United States. We will also confront the threat of terrorists in the United States who seek to further their political or social aims through unlawful acts of violence without foreign direction or inspiration. In this pursuit, we will continue to protect American freedoms, and we will be unwavering in our commitment to defeat all those who turn to violence in an attempt to destroy, disrupt, or impair our society. Importantly, this America First approach will harness the full span of United States power and use every available tool to combat terrorism at home, abroad, and in cyberspace. This includes military and intelligence op er at ions overseas, law enforcement actions at home and abroad, diplomatic engagement, and the use of financial tools. We will modernize and integrate existing counterterrorism tools so we can secure our borders through, among other things, more rigorous scrutiny of entry applications. We will also deploy new technologies precisely where they are needed and protect critical infrastructure in the United States from terrorist attacks. Finally, we will incorporate two of the most potent tools in the information environment: cyber operations and strategic communications. These tools are an integral part of our counterterrorism activities, and we will continue to incorporate them when appropriate to maximize their effects. In addition, this strategy prioritizes a broader range of non-military capabilities, such as our ability to prevent and intervene in terrorist recruitment, minimize the appeal of terrorist propaganda online, and build societal resilience to terrorism. This includes leveraging the skills and resources of civil society and non-traditional partners to diminish terrorists' efforts to radicalize and recruit people in the United States. To defeat radical Islamist terrorism, we must also speak out forcefully against a hateful ideology that provides the breeding ground for violence and terrorism. We will expose the destructive, totalitarian nature of the ideology that fuels violent radical Islamist movements, such as ISIS and al-Qa'ida. We will reveal the way violent radical Islamist terrorists have killed, exploited, and betrayed Muslim communities, including women and children. Through our efforts, we will thwart terrorists' ability to exploit the Internet for directing, enabling, or inspiring attacks. We will not do this alone. This strategy recognizes that effective counterterrorism requires a wide range of public and private sector par tners as well as foreign par tnerships. A s President Trump stated, "We must seek partners, not perfection—and to make allies of all who share our goals." Accordingly, from civil society and state, local, tribal, and territorial governments to private sector partners and foreign allies, the full range of our partnerships must be enhanced to effectively prevent and counter terrorist activity, particularly as tactics and actors can change quickly. We will expect more of our partners in this fight, but they will never doubt our resolute commitment to defending our shared interests. All the while, we will be pragmatic in our approach and mindful of the need to use our resources carefully. This strategy, therefore, prioritizes United States counterterrorism efforts against those terrorists with the ability and intent to harm the United States and our vital national interests and limits United States efforts overseas to those that directly bolster our national security. Likewise, to maximize the effectiveness of our actions, we will continue to integrate United States Government counterterrorism efforts. Finally, we will continually review the efficacy of our approach through independent assessments (informed by research, intelligence, and analysis) to ensure that we are making measurable progress toward our strategic objectives. By rigorously monitoring our progress and measuring the impact of our activities, we can make informed adjustments when needed to advance our counterterrorism efforts. Guided by this strategy, rooted in American principles, and harnessing our inherent strengths as a nation, we will eliminate terrorists' ability to threaten America, our interests, and our engagement in the world. The United States—forever the sentinel of democracy and freedom—will prevail over terrorism and preserve the American way of life. Through our triumph, we will demonstrate that American strength remains a lasting force for good in the world
TCO Threats to U.S. Security
Transnational Criminal Organizations (TCOs)—especially those based in Mexico—will continue to undermine public health and safety in the Homeland and threaten U.S. national security interests. They represent an acute and devastating threat to public health and safety in the Homeland and a significant threat to U.S. national security interests. Beyond their complicity in the 71,000 drug overdose deaths in the U.S. last year, TCOs destabilize partner nations, decrease citizen confidence in good governance, foment corruption, and destroy confidence in the international banking system. Countering these organizations' malign activities will remain an enduring challenge to US safety and security. TCOs will continue to take advantage of illegal migration flows to enter the United States and attempt to exploit legal immigration avenues. Criminal elements attempting to provide a level of legitimacy to their illicit immigration claims by intermingling with migrants travelling to the US Southwest border pose an intrinsic risk to the U.S. lawful immigration system.
Amplifying U.S. Socio-Political Division
• Russian influence actors will continue using overt and covert methods to aggravate social and racial tensions, undermine trust in U.S. authorities, stoke political resentment, and criticize politicians who Moscow views as anti-Russia. Although some of this activity might be framed in the context of the U.S. election—seemingly in support of or opposition to political candidates— we assess that Moscow's overarching objective is to weaken the United States through discord, division, and distraction in hopes that America becomes less able to challenge Russia's strategic objectives. • Russian influence actors will engage in media manipulation—across social media platforms, proxy websites4 , and traditional media, to include state-controlled outlets—to exacerbate U.S. social, political, racial, and cultural fault lines.5 • Russian actors will attempt to undermine national unity and sow seeds of discord that exploit perceived grievances within minority communities, especially among African Americans. Russian influence actors often mimic target audiences and amplify both sides of divisive issues to maximize discord, tailoring messaging to specific communities to "push and pull" them in different ways. • The Russian government promulgates misinformation, threats, and narratives intended to incite panic or animosity among social and political groups. For example, Russian actors amplified narratives such as U.S. law enforcement ignoring ICE detention requests and releasing an illegal immigrant accused of rape; assaults on supporters and opponents of the President; and portrayals of U.S. law enforcement as racially biased. Russian influence actors also have exploited national tragedies, such as the 2017 mass shooting in Las Vegas, and protest movements—sometimes magnifying both a protest and a counter-protest—such as the 2017 protest activity in Charlottesville.
OPPORTUNITY FOR CYBER ACTORS TO EXPLOIT COVID-19
Both cybercriminals and nation-state cyber actors— motivated by profit, espionage, or disruption—will exploit the COVID-19 pandemic by targeting the U.S. healthcare and public health sector; government response entities, such as the U.S. Department of Health and Human Services and the Federal Emergency Management Agency; and the broader emergency services sector. • Cybercriminals most likely will deploy ransomware for financial gain, whereas nation-state cyber actors might seek to capture insights into U.S. response plans and scientific information related to testing, therapeutics, and vaccine development. • We expect that cybercriminals and nation-state cyber actors will target victims in the United States with COVID-19-themed spear-phishing e-mails, which we already have observed overseas. These e-mails appear to claim to be from official government sources, including the U.S. Centers for Disease Control and Prevention and the U.S. Department of State.
The Cyber Threat to the Homeland
Cyber threats to the Homeland from both nation-states and non-state actors will remain acute. U.S. critical infrastructure faces advanced threats of disruptive or destructive cyber-attacks. Federal, state, local, tribal and territorial governments, as well as the private sector, will experience an array of cyber-enabled threats designed to access sensitive information, steal money, and force ransom payments.
Foreign Influence Activity in the U.S.
Foreign influence activity will target U.S. foreign and domestic policy, international events such as COVID-19, and democratic processes and institutions, including the 2020 Presidential election. Russia is the likely primary covert influence actor and purveyor of disinformation and misinformation within the Homeland. We assess that Moscow's primary objective is to increase its global standing and influence by weakening America—domestically and abroad—through efforts to sow discord, distract, shape public sentiment, and undermine trust in Western democratic institutions and processes.
Foreign Terrorist Threats
Foreign terrorist organizations (FTOs), including al-Qa'ida and the Islamic State of Iraq and ash-Sham (ISIS), will maintain interest in attacking the Homeland but we expect the primary threat from these groups to remain overseas in the coming year due to sustained U.S. counterterrorism pressure. Nevertheless, these groups can adapt quickly and resurge, and terrorists overseas will continue to probe for vulnerabilities in U.S. immigration and border security programs. Collectively, vulnerabilities may create an illegal migration environment that FTOs could exploit to facilitate the movement of affiliated persons towards the United States. • The primary threat to the Homeland from FTOs probably will manifest as "inspired" attacks. FTOs seek to inspire violent extremism in the United States and continue to use social media and other online platforms to call for attacks against the United States. Despite territorial defeats in Iraq and Syria, ISIS continues to draw support from HVEs in the United States and the group's global calls for attacks have intensified since the death last year of senior leader Abu Bakr al-Baghdadi. • Transportation infrastructure—especially the aviation sector—almost certainly will remain a primary target for terrorists plotting overseas. While terrorists continue to pursue flight school training and the use of insiders, plotting against domestic aviation targets most likely will remain aspirational among FTOs and their supporters over the next year. • Terrorists and other criminal actors might look to unmanned aircraft systems (UAS) to threaten critical infrastructure. In 2019, there were nearly 4,000 reports of unique incidents of UAS activity near U.S. critical infrastructure or public gatherings. Although we have no indication that any of these events were terrorism-related, it is possible that malicious or criminal actors will turn to UAS tactics. Iran and Lebanese Hizballah Iran will continue to develop and maintain terrorist capabilities as an option to deter the United States from taking what Tehran considers regimethreatening actions or to retaliate for such activity, real or perceived. The Government of Iran and its proxy, Lebanese Hizballah (LH), have demonstrated the intent to conduct an array of operations in the Homeland. Iran or LH could advance an attack plot—with little to no warning—in response to heightened tensions. The U.S. Government in recent years has arrested several individuals acting on behalf of the Government of Iran or LH who have conducted surveillance indicative of contingency planning for lethal attacks in the U.S. Weapons of Mass Destruction and Other Chemical, Biological, Radiological, and Nuclear Threats The overall global WMD threat will continue to rise in 2021. Spurred by continued capability expansion, modernization, low yield weapons development, eroding international norms, information proliferation, emerging drone concerns and increasing actor awareness; the risk of intentional chemical, biological, radiological or nuclear incidents in the homeland and abroad has likely increased. • Biological threats (deliberate, accidental, and naturally occurring) are more diverse and continue to expand with increased global interconnectivity and rapid advances in biotechnology, genomics, and other legitimate-use capabilities that could introduce risks to global health and food security and the potential for adversaries to develop novel biological warfare agents. Notably, the biological agent attribution shortfalls coupled with the now known devastating impacts may lead to a resurgence of state and non-state biological weapon pursuits. • Chemical threats are particularly notable as we continue in the most significant and sustained period of chemical weapons use in decades. The publicity of emerging chemical weapons compounds and increases in information availability is evolving the chemical threat landscape. This global trend could manifest as an increased domestic threat. • Radiological attacks are less likely, guidelines for hazards and safe handling of radiation sources reduce the likelihood of radiological attacks; however, actors driven by extremist ideology could pose a threat if they have knowledge and access of locations to aid radioactive materials acquisition. The major licensed users of radioactive material in the United States are in the energy, healthcare, and construction sectors with larger activity sources protected by physical security measures. The amount of radioactive material in use is not expected to increase in the short term. • Nuclear threats remain enduring and will remain largely unchanged. The number of nuclear weapons states will probably remain unchanged over the next year. Concerns remain related to lower yield weapons development and regional expansion of nuclear capabilities by several nuclear weapons states and the subsequent increasing risks of weapons loss or nuclear conflict that could have global impacts. Non-state actors continue to face significant barriers to acquiring special nuclear material for use in an improvised nuclear device, but vulnerabilities remain. Experts do, however, estimate the rate of nuclear security improvement around the globe has decreased since 2018. The COVID-19 pandemic has drawn government resources away from normal functions, similar to resource shifts observed globally in military and other defense sectors; nuclear security may also be vulnerable to resource shifts which could increase risks of theft or sabotage of nuclear facilities. Domestic and foreign-based non-state actors attempting to steal special nuclear material for use in a nuclear weapon will continue to pose a threat to the Homeland.
Radiological Weapons ("Dirty Bombs").
Radiological weapons spread deadly radioactive materials such as uranium, plutonium, radium, or cobalt through conventional explosive devices, commonly referred to as "dirty bombs." They differ from nuclear weapons in that they use radioactive material as a poisoning agent, rather than as a medium for setting off a much larger explosion through a chain reaction. They are less dangerous than nuclear weapons, but are much easier and less costly to assemble and detonate. After deployment either in large population centers or to contaminate public food or water networks, they represent a considerable threat to life and health through radiation poisoning, which often leads to leukemia and other cancers. Dirty bombs threaten property damage as well, with potentially huge decontamination costs following the explosion of such devices. The effectiveness of a radiological terrorist attack is likely to depend on several factors: the source and nature of the material, its toxicity and amount, the size of the explosion, the rate of decay of the material used (usually measured as its half-life, the length of time it takes to decline to half of the original amount delivered), the size of the explosion, population density in the vicinity of the explosion, prevailing wind and other weather conditions, and the response of the target population. The ease with which radioactive material can be obtained makes radiological weapons particularly attractive to terrorists. Two sources of radiological material suitable for terrorism involving such a weapon are military stockpiles and spent fuel from nuclear power plants (Ballard and Mullendore, 2003; Pearlstein, 2004). Former Soviet Union republics such as Kazakhstan, Kyrgyzstan, and Tajikistan are widely believed to be especially rich sources of such material, much of which is unaccounted for (Church, 1991; Collina and Wolfsthal, 2002; Woolf, 2003). Other sources include legitimate commercial and private vendors of new material and radioactive waste, as radioactive material has widespread commercial uses - in medicine, industry, household appliances, wristwatches, and so on. At the shadier end of the market is used radioactive material routinely disposed of by hospitals and other users, which can be bought and sold on the Internet through eBay and other online markets One type of radiological weapon, polonium, re-emerged in 2006, after having been widely ignored for decades. Discovered in 1898 by Madam Marie Curie and her husband Pierre, polonium is an extremely toxic metalloid (i.e., a near-metal, like arsenic, boron, and tellurium) that occurs in uranium ore. Polonium gained notoriety in 2006 as the substance used to assassinate Alexander Litvinenko, a former lieutenant colonel of Russia's Federal Security Service, who died of multiple organ failure due to radiation poisoning over an excruciating three-week period. Polonium has a radioactive intensity such that a relatively small amount - 16 curies of polonium 210 - is enough to produce about 5,000 lethal doses
Illicit Drugs
The COVID-19 pandemic has slowed the pace of drug trafficking into the United States; however, the threat of illicit drugs—including the rates of overdoses—will persist as traffickers adapt and drug compositions become more potent. TCOs continue to distribute synthetic narcotics such as fentanyl and methamphetamine. • Potent opioid narcotics like fentanyl and heroin almost certainly will continue to cause alarming levels of overdose in the United States over the next year. The use of stimulant drugs like methamphetamine and cocaine will continue, and distributors will explore new markets in the United States beyond major transportation hubs and regional cities. • TCOs engaged in the manufacturing of fentanyl and methamphetamine will likely experience mid-term disruption due to COVID-19 response measures that may hinder their receipt of chemicals from international suppliers. Production and transportation of heroin, cocaine, and marijuana also has been affected by travel restrictions and stay-at-home orders within the Western Hemisphere.
Illegal Immigration at Sea
The impact of COVID-19 very likely will affect maritime migration from both migrant origin and transit countries in the Caribbean through 2021. Weak socio-economic conditions in Cuba, political instability and food insecurity in Haiti, and the uncertainty of COVID-19 impacts in the region will increase the chances of a maritime mass migration event, although the overall risk remains low. • Interviews of interdicted migrants reveal that some still desire to come to the United States, regardless of the risk posed by COVID-19, rather than face the deteriorating economic conditions in their home countries. • Measures such as border closures, quarantines, and a reduction in legitimate vessel traffic can disrupt migrant flows; however, increased food insecurity and unemployment, reduced economic opportunities, a lack of medical infrastructure, and other second- and third-order effects in migrants' home countries serve as likely push factors resulting in increased maritime migration to the United States. • In the event of increased maritime migration, the U.S. Coast Guard and USCIS will need to increase interdiction and screening resources in the region. This could result in the reallocation of limited resources, impacting the ability to conduct other operations.
Box 7.3. Worst-Case Scenario: The Decapitating Strike
The recent car-bomb threats in Britain were stark reminders that terrorists continue to probe for ways to attack us - and not every attempt will fail or be repelled. That this danger extends to the United States was made clearer in May when the White House announced National Security Presidential Directive 51 and Homeland Security Presidential Directive 20 to create a national continuity policy - ensuring that federal agencies could still operate, with clear lines of authority, in the event of a devastating surprise attack on Washington. These largely sensible directives have received only modest attention. Yet they spotlight the abject failure of our leaders in all three branches to make sure our Constitution remains intact if and when terrorists hit us again. During the Cold War, elaborate top-secret plans existed, including bunkers for the president, vice president, Supreme Court justices, and members of Congress. If nuclear missiles were launched by the Soviet Union, there would be 30 to 90 minutes' notice to evacuate top officials by plane, train, or automobile. On Sept. 11, 2001, the era of notice preceding attacks ended. This underscored the fact that none of our branches of government had plans to keep operating if hit in a serious way. An attack on Congress that killed or incapacitated a large number of members would mean no Congress for months. Each house needs half of its members to be present for a quorum to do any official business. The House of Representatives can replace deceased members only by special elections that take, on average, four months. The Senate, under the 17th Amendment, allows states (usually governors) to appoint replacements to fill vacancies, but neither house has a mechanism for replacing incapacitated members. Presidential succession after the vice president is set by statute; every person in the line is based in Washington. The Supreme Court requires a quorum of six justices to function; if all or most of the justices are killed, there would be no Supreme Court until a president or acting president nominated successors and the Senate confirmed them. If an attack damaged all three branches, replenishing the court could take months or longer. Consider the worst-case scenario: a suitcase nuclear attack at a presidential inauguration, with the outgoing and incoming president and vice president, most of Congress, and the Supreme Court present; the outgoing Cabinet scheduled to leave office; and no incoming Cabinet members yet confirmed. There would be chaos - no clear president to take over, probably many Al Haig wannabes announcing that they were in charge, no quorum to reconstitute Congress, no court to sort out the conflicting claims. This scenario may be unlikely - but the new presidential directives make clear that it is not outlandish. In the aftermath of Sept. 11, I wrote a series of pieces pointing out the vacuum in governance that could be created by another attack. I helped create a Continuity of Government Commission, co-chaired by former senator Alan Simpson and the late Lloyd Cutler, former White House counsel, to consider and recommend reforms to ensure we could quickly constitute legitimate and representative institutions to keep our form of government functioning. There were, and are, straightforward ways to do so: creating temporary appointments to ensure a representative legislative branch that can function until real and meaningful elections can occur to fill vacancies; revamping presidential succession to ensure that some designated figures are geographically dispersed; creating a temporary Supreme Court, consisting of the chief judges of the federal appeals courts, to adjudicate key constitutional issues until a regular court can be reconstituted. But my efforts and those of others over the past five-plus years have been met with indifference or hostility. The response of congressional leaders, especially former House speaker Dennis Hastert, was aggressive opposition to serious consideration of any meaningful proposals and slapdash passage of poorly drafted and unworkable stopgap measures to quell the criticism. Former Senate majority leader Bill Frist had no interest. So far, their respective Democratic replacements, Nancy Pelosi and Harry Reid, have shown no greater proclivity to act. Several times I raised the question of presidential succession directly with Vice President Cheney, to no avail. I discussed Supreme Court succession with Chief Justice John Roberts soon after he took the post. Roberts said, "I just got here, and you want me to deal with the issue of my demise?" The lack of interest in continuity may stem from the same reasons some smart people refuse to create wills, even though failure to do so leaves behind horrific messes for their loved ones. Yet the threat is real. Our leaders' failure to establish plans to ensure that our Constitution survives is irresponsible. Do we really have to wait until the nightmare scenario becomes a reality to do something?
LR: Improving CIA Analytic Performance: Strategic Warning
A host of reports have been written over the 50 years of CIA history evaluating analytic performance and recommending changes in priorities and tradecraft. These "post-mortem reports" have been issued by Agency leaders and components as well as by Congressional committees and commissions and non-governmental organizations concerned about intelligence performance. Starting with the 1990s, post-mortem reports increased in number, generated both by charges of specific intelligence failures and by general recognition that the post-Cold War period presented new challenges to intelligence. The recent post-mortem reports have helped Directorate of Intelligence leaders to examine current doctrine and practice critically, and to address identified challenges in training programs. This Occasional Paper is one of a series of assessments of what recent critiques have said about the key challenges facing the DI in the new century. The present paper addresses the challenges of strategic warning. It reviews five post-mortem critiques: (1) Douglas J. MacEachin, "Tradecraft of Analysis," U.S. Intelligence at the Crossroads: Agendas for Reform (1995); (2) Adm. David Jeremiah (R), Intelligence Community's Performance on the Indian Nuclear Tests (1998); (3) CIA, Office of Inspector General, Alternative Analysis in the Directorate of Intelligence (1999); (4) Report of the Commission to Assess the Ballistic Missile Threat to the United States (1998); (5) Working Group on Intelligence Reform of the National Strategy Information Center, The Future of US Intelligence (1996).
2020 U.S. Presidential Election
Ahead of the 2020 U.S. elections, adversaries are using covert and overt influence measures to try to sway U.S. voters' preferences and perspectives about candidates, political parties, policies, and the electoral process itself. Influence actors will adjust their goals and tactics as the election nears. Russia uses online influence operations in its attempt to sway U.S. voter perceptions. As noted earlier, although some Russian influence activity appears to be in support of or in opposition to specific political candidates, Moscow's overarching objective is to undermine the U.S. electoral process and weaken the United States through discord, division, and distraction in hopes America becomes less able to challenge Russia's strategic objectives. • Russian online influence actors have attacked or praised multiple 2020 U.S. Presidential candidates—including candidates of both major political parties. Russia uses divisive measures to disrupt the electoral process— including denigrating former Vice President Biden and what it sees as an anti-Russia "establishment"—as part of a broader effort to divide and destabilize America. Russian online influence actors' have opined on a wide swath of socio-political issues relevant to the 2020 elections. Russian online influence actors probably will engage in efforts to discourage voter turnout and to suppress votes in the 2020 U.S. election using methods they have deployed since at least 2016. Before the 2016 U.S. Presidential election, Russian trolls directed messages at specific audiences with false information about the time, manner, or place of voting to suppress votes. Russian influence actors also posed as U.S. persons and discouraged African Americans, Native Americans, and other minority voters from participating in the 2016 election. Ahead of the election, China likely will continue using overt and covert influence operations to denigrate the U.S. Presidential Administration and its policies and to shape the U.S. domestic information environment in favor of China. China will further use its traditional "soft power" influence toolkit—overt economic measures and lobbying—to promote U.S. policies more aligned with China's interests. Iran will continue to promote messages supporting its foreign policy objectives and to use online influence operations to increase societal tensions in the United States. Tehran most likely considers the current U.S. Administration a threat to the regime's stability. Iran's critical messaging of the U.S. President almost certainly will continue throughout 2020. Russian influence actors see divisive issues regarding the 2020 Census, such as the consideration of adding a citizenship question, as an opportunity to target a fundamental democratic process. In addition to potential cyber operations, Russia might use social media messaging—much like it does in the context of US elections—to attempt to discourage public participation in the census, to promote a loss of confidence in census results, or to undermine trust in public institutions.
Mexico-based Cartels
Among TCOs, Mexico-based cartels pose the greatest threat to the Homeland because of their ability to control territory—including along the U.S. Southwest Border—and co-opt parts of government, particularly at a state and local level. Although COVID-19 has disrupted some cartel operations, their ability to move large quantities of illicit goods into and throughout the Homeland remains largely intact. • Of the Mexico-based TCOs, the Sinaloa and Jalisco New Generation Cartel (CJNG) networks pose the greatest cross-border drug smuggling threat in the near-term; they dominate the lucrative trafficking of cocaine, heroin, fentanyl, and methamphetamine to the United States. • Mexican TCO fracturing, disruption of previous drug supply chains, and territorial disputes— especially over important cross-border plazas—almost certainly will lead to increased violence in Mexico, along the U.S. Southwest Border, in the year ahead. Mexican border states experienced nearly 12,000 homicides in 2019, most of which involved TCOs. • As U.S.-based gangs—some of which provide retail-level drug distribution and sales for Mexican TCOs—vie for access to new users, the United States may face increased criminal violence in some parts of the country. Social distancing lockdown measures, however, probably will moderate any increase in the near term, as opportunistic crimes become less frequent
Prioritization and Resourcing
As President Trump has noted, "America is a sovereign nation and our first priority is always the safety and security of our citizens." The United States must, therefore, relentlessly focus on countering terrorism that jeopardizes American citizens and interests. We will not dilute our counterterrorism efforts by attempting to be everywhere all the time, trying to eradicate all threats. We can and will, however, optimize and focus our resources to effectively prevent and counter those terrorists who pose a direct threat to the United States homeland and vital national interests To combat what has become a more complex and geographically dispersed terrorist threat, the United States will prioritize integrated actions and resources against those terrorists that have both the intent and capability to attack the United States and our interests abroad. As noted, radical Islamist terrorists present the most dangerous transnational terrorist threat to the United States and our vital national interests as defined in the National Security Strategy. At the same time, the United States also faces threats from Iran-backed terrorist groups and other transnational terrorist organizations. In the homeland, we will continue to confront the rising threat of attacks committed by persons inspired and mobilized to violence by both radical Islamist ideologies and domestic terrorist ideologies. Terrorists and the threats they pose, however, are not monolithic. The dangers posed by different terrorists vary by group and by region. The National Strategy for Counterterrorism, therefore, will guide the tools and approaches used for counterterrorism efforts and will generally defer to regional, functional, and group-specific strategies to prioritize terrorist groups based upon the threat they pose to our homeland and vital national interests. In addition, counterterrorism efforts must be properly balanced across all instruments of national power and include the efforts of traditional and non-traditional partners. While the United States must retain the ability to strike at terrorism around the globe, non-military tools—such as law enforcement, intelligence, diplomacy, financial measures, stabilization, development, prevention, and inter vention and reintegration programs—are also required to prevent and counter terrorism. We must, therefore, increase our focus on developing domestic and foreign partners' non-military counterterrorism capabilities so they can act independently against terrorists. Finally, as we embark on this new approach, we must rigorously monitor and assess our effectiveness and adjust operations accordingly. Annual independent strategic assessments informed by research, intelligence, and analysis will ensure that we are making measurable progress toward our strategic objectives. These assessments will identify the impediments to our effectiveness and recommend adjustments to the strategy to outpace dynamic adversaries. They will also ensure that our progress is sustainable as we continue to address the full raange of contemporary national security challenges
FOREIGN INFLUENCE DEFINITIONS:
Foreign Influence. Any covert, fraudulent, deceptive, or unlawful activity of foreign governments—or persons acting on their behalf—undertaken with the purpose or effect of influencing, undermining confidence in, or adversely affecting U.S. democratic processes or institutions or otherwise affecting socio-political sentiment or public discourse to achieve malign objectives. • Covert Influence: Activities in which a foreign government hides its involvement, including the use of agents of influence, covert media relationships, cyber influence activities, front organizations, organized crime groups, or clandestine funds for political action. • Overt Influence: Activities that a foreign government conducts openly or has clear ties to, including the use of strategic communications, public diplomacy, financial support, and some forms of propaganda. • Disinformation: A foreign government's deliberate use of false or misleading information intentionally directed at another government's decisionmakers and decision-making processes to mislead the target, force it to waste resources, or influence a decision in favor of a foreign government's interests. • Misinformation: Foreign use of false or misleading information. Misinformation is broader than disinformation because it targets a wide audience rather than a specific group.
Influencing State and Local Governments
Foreign governments—principally China—seek to cultivate influence with state and local leaders directly and indirectly, often via economic carrots and sticks such as informal and legal or social agreements that seek to promote cultural and commercial ties. Chinese officials calculate that U.S. state- and local-level officials enjoy a degree of diplomatic independence from Washington and may leverage these relationships to advance policies that are in China's interest during times of strained relations. • China views a state or locality's economic challenges—including healthcare challenges due to COVID-19—as a key opportunity to create a dependency, thereby gaining influence. Beijing uses Chinese think tanks to research which U.S. states and counties might be most receptive to China's overtures. • During the beginning of the COVID-19 outbreak, Beijing leveraged sister city relationships with U.S. localities to acquire public health resources. In February, Pittsburgh shipped its sister city, Wuhan, 450,000 surgical masks and 1,350 coverall protective suits. Pittsburgh also established a GoFundMe account that raised over $58,000 to support Wuhan response efforts by providing medical supplies. • In Chicago, Chinese officials leveraged local and state official relationships to push pro-Chinese narratives. Also, a Chinese official emailed a Midwestern state legislator to ask that the legislative body of which he was a member pass a resolution recognizing that China has taken heroic steps to fight the virus. • The Chinese government invites U.S. officials and business leaders on carefully choreographed trips to China, promising them lucrative investment projects and business deals. Although visits this year largely have been postponed due to COVID-19, the Chinese government probably will continue to cultivate state and local relationships virtually and by offering enticements, which might include bailing out U.S. companies, investing in real estate in economically hard-hit areas, and selling medical equipment and supplies at reduced cost.
Box 7.6. Recommendations of the National Academy of Sciences Committee on Science and Technology for Countering Terrorism: Fourteen Important Technical Initiatives
Immediate Applications of Existing Technologies 1. Develop and utilize robust systems for protection, control, and accounting of nuclear weapons and special nuclear materials at their sources. 2. Ensure the production and distribution of known treatments and preventatives for pathogens. 3. Design, test, and install coherent, layered security systems for all transportation modes, particularly shipping containers and vehicles that contain large quantities of toxic or flammable materials. 4. Protect energy distribution services by improving security for supervisory control and data acquisition (SCADA) systems and providing physical protection for key elements of the electric-power grid. 5. Reduce the vulnerability and improve the effectiveness of air filtration in ventilation systems. 6. Deploy known technologies and standards for allowing emergency responders to reliably communicate with each other. 7. Ensure that trusted spokespersons will be able to inform the public promptly and with technical authority whenever the technical aspects of an emergency are dominant in the public's concerns. Urgent Research Opportunities: 1. Develop effective treatments and preventatives for known pathogens for which current responses are unavailable and for potential emerging pathogens. 2. Develop, test, and implement an intelligent, adaptive electric-power grid. 3. Advance the practical utility of data fusion and data mining for intelligence analysis, and enhance information security against cyberattacks. 4. Develop new and better technologies (e.g., protective gear, sensors, communications) for emergency responders. 5. Advance engineering design technologies and fire-rating standards for blast- and fire-resistant buildings 6. Develop sensor and surveillance systems (for a wide range of targets) that create useful information for emergency officials and decision makers. 7. Develop new methods and standards for filtering air against both chemicals and pathogens as well as better methods and standards for decontamination
Conclusion
Isis tactics of propaganda, recruitment and radicalisation all emerge within the online virtual space. The power of social media for groups such as Isis is immense as demonstrated when the Iraqi government blocked access to many social media accounts, because they were being used to plan attacks. As Isis continue to use social media sites for such purposes there are important questions about understanding the motivations and actions of Isis fighters online. This study has shown that seven key characteristics are emerging about the types of people who are likely to be sympathisers to the Isis narrative, as well as those on the ground fighting for the organisation. From the collection of data analysed it does appear that in some cases these individuals are seeking an adrenaline rush and are looking for excitement. This leads to different people with various aims and views. Clearly, the situation in Syria is developing fast and the role of the police and other agencies is trying to keep up-to-date, arrest and prosecute people but at the same time ensure that they understand the power of social media for groups such as Isis.
2. Technology for Gathering Intelligence Data
Much of the data collected for intelligence purposes aimed at preventing terrorist events are gathered using technology, ranging from simple to extremely sophisticated. Chapter 11, on the prevention of terrorism, describes the role of intelligence, distinguishing three basic sources of intelligence: humans, signals (from telephone, computer, radio, or electromagnetic pulse), and imagery (from high-altitude photography). Technology in the form of agents recording visual or sound images at close range can be an important part of the gathering of human intelligence, but technology is not the central aspect of human intelligence. It is a more integral part of both signal and imagery intelligence. Signal intelligence can involve continuous eavesdropping on an entire radio spectrum in an area, including public broadcasts and military shortwave. It can also involve the interception of radar; microwave telephone, telegraph, and satellite signals; and cables, both land and sea - with real-time computer-assisted interpretation of the data. A modern intelligence arsenal also includes the use of satellites to intercept cell phone and pager traffic. Certain phone numbers or radio frequencies used by terrorists are likely to receive high-priority intercept status, with instantaneous computerized translating. Some traffic will be secret and encrypted, requiring advanced de-encryption software. Technology is, in short, an essential aspect of signal intelligence. Technology is an important part of imagery intelligence too. Sophisticated equipment is needed to position cameras precisely so that they can take detailed, high-resolution photographs or videos of the activities of known or suspected terrorists, typically from a high altitude and often at a precise moment, and while penetrating misinformation and other obstacles in the process. New technologies permit constant real-time satellite and aircraft detection of electromagnetic activity, radioactivity, or traces of chemicals through cloud cover and even buildings and underground bunkers (Warrick, 2007). This technology, together with the expertise needed to use it effectively, can be an indispensable tool in the arsenal of counterterrorism.
Cyber Threat to the U.S. Democratic Processes
Some state or non-state actors likely will seek to use cyber means to compromise or disrupt infrastructure used to support the 2020 U.S. Presidential election and the 2020 U.S. Census. Given the national importance of these events, any related cyber activities—or mere claims of compromise—might fuel influence operations aimed at depressing voter turnout or census participation, misinforming about democratic processes, or shaping perceptions about the integrity or outcome of the election or census (see subsequent section regarding Foreign Influence in the Homeland). • Advanced persistent threat or other malicious cyber actors likely will target election-related infrastructure as the 2020 Presidential election approaches, focusing on voter PII, municipal or state networks, or state election officials directly. Operations could occur throughout the 2020 election cycle—through pre-election activities, Election Day, and the post-election period. • Adversaries' cyber capabilities vary greatly— as does the cyber defensive posture of electoral boards to stymie such actors. Adversaries could attempt a range of election interference activities, including efforts to target voter registration systems; to compromise election system supply chains; to exploit poor cybersecurity practices on protected election systems or networks; or to hack official election websites or social media accounts. • Unidentified cyber actors have engaged in suspicious communications with the U.S. Census public-facing network over at least the last year, including conducting vulnerability scans and attempting unauthorized access. Cyber activity directed at the U.S. Census could include attempts to gain illicit access to census-gathered bulk data; to alter census registration data; to compromise the census infrastructure supply chain; or conducting denial-of-service attacks.
Priority Actions
TARGET KEY TERRORISTS AND TERRORIST GROUPS: Using both military and non-military capabilities, we will target the terrorists and terrorist groups who pose the greatest threat to American citizens and interests. This will include terrorist leaders, operational planners, and individuals deploying their expertise in areas such as WMD, explosives, cyber operations, and propaganda. We will apply persistent pressure through sustained United States and partner intelligence, law enforcement, economic and financial measures, and military action to disrupt, degrade, and prevent the reconstitution of terrorist networks. ENHANCE REACH INTO DENIED AREAS OVERSEAS: Where we cannot establish a physical presence to protect our interests directly, we will develop innovative means and work with partners to expand our capability to identify and mitigate emerging threats before they can strike the United States and our national interests. EFFECTIVELY USE L AW OF ARMED CONFLICT (LOAC) DETENTION AS A COUNTERTERRORISM TOOL: The detention of enemies under the LOAC permits the United States to humanely remove dangerous terrorists from the battlefield and enhances our ability to collect intelligence from captured terrorists. This capability, in certain circumstances, also permits detention of terrorists pending their transfer to the United States for criminal prosecution. We will, therefore, retain LOAC detention as a counterterrorism tool, preserve our ability to detain terrorists at the detention facilities at United States Naval Station Guantanamo Bay, Cuba, and explore ways to better integrate and maximize the utility of this capability where lawful and appropriate. FURTHER INTEGRATE FEDERAL, STATE, AND LOCAL COUNTERTERRORISM INFORMATION-SHARING: We will improve the ability to share timely and sensitive information on threats and the individuals p er p et r at ing t hem, whet her mot i vate d by domestic or foreign terrorist ideologies, across all levels of government. We will continue to ensure that law enforcement agencies across all levels of government have the information that they need to identify and act swiftly against terrorist activity. A M P L I F Y T H E I M P A C T O F C O U N T E R T E R R O R I S M OPERATIONS WITH STRATEGIC COMMUNICATIONS: We will integrate our strategic communications capabilit y across our ef for ts to send a clear message: those who threaten the United States will pay a serious price, and America stands in solidarity with the populations upon which terrorists prey. This message will aim to discredit terrorist narratives, dissuade potential terrorist supporters, and demonstrate that the effects of our counterterrorism operations are not limited solely to direct action.
Recruitment and Propaganda in Cyberspace
Terrorist's use of social media and the Internet to pursue their ideological aims is well documented. This includes terrorist groups such as Isis who are using the Internet and social media sites, as a tool for propaganda via websites, sharing information, data mining, fundraising, communication, and recruitment (Conway, 2003). For Weimann (2004), however it means terrorists, using the Internet for psychological warfare, publicity, propaganda, fundraising, recruitment, networking, sharing information and planning (Lachow and Richardson, 2007; Whine, 1999). Recruiters therefore may use more interactive Internet technology (Kohlmann 2008; 2006) to go through and use online chat rooms and cyber cafes (Furnell and Warren, 1999), therefore looking possibly for enlisting support from vulnerable people. Marc Sageman states that this form of interaction and chat rooms helps build ideological relationships and are a key tool in radicalising young people (Sageman, 2008). Schmid (2005), argues that online terrorism, therefore has become the new psychological warfare and Arquilla and Ronfeldt (2001) make the case that terrorist groups are now using online networks to create and cause hostile virtual environments. The nature of participation on the Internet and participation in online discussion via social media is the new political activism. This is the process of turning to political violence is an active one, and not a passive one. Indeed, following the murder of Lee Rigby in Woolwich, the British Home Secretary, Theresa May was quick to identify the Internet as a potential source for radicalisation. She stated that: BThere is no doubt that people are able to watch things through the internet which can lead to radicalisation^ (Cited by Wintour and Jones in the Guardian, 2013). As a result, the UK government has announced a new taskforce called TERFOR, which will examine ways of restricting what people can see on the Internet. The British government is also considering a new Communications Data Bill (at the time of writing) which it hopes will allow the UK government, the power to filter extremist content and the flow of content and work more closely with Internet Service Providers in helping remove material which is considered to be inciting people to commit acts of terrorism or violent extremism (Kohlmann, 2006).
Pursue Terrorist Threats to Their Source
Terrorists are difficult to disrupt because they are highly adaptive and use any means to achieve their ends. Within the United States, they exploit our open and free society to target civilians. They take advantage of technology, such as the Internet and encrypted communications, to promote their malicious goals and spread their violent ideologies. Overseas, they thrive in countries with weak governments and where disenfranchised populations are vulnerable to terrorists' destructive and misinformed narratives, and they are adaptive in the face of pressure from countries with strong governments. Some are sheltered and supported by foreign governments or even do their bidding. In the past, when the United States and our partners have disrupted terrorist plots, some terrorists remained in hiding, only to reemerge when pressure subsided. Therefore, the United States must do more than disrupt individual plots—we must pursue the entirety of the network involved in terrorist plotting to prevent the remaining terrorists from reviving their operations. At home, law enforcement at all levels of government will continue to pursue known or suspected terrorists, integrating all sources of information available. Overseas, we will disrupt terrorist networks that pose a credible threat to United States interests by conducting military, intelligence, and law enforcement operations and employing financial measures against discrete targets—working by, with, and through partners where possible. We will also enhance intelligence-sharing arrangements, increasing the timeliness and quality of exchange to identify the entire network involved in terrorist activity and maintain pressure on key terrorists and terrorist organizations.
4. The Internet as Bridge Builder
The Internet was described as a "rage enabler" in a previous section, but it is also a bridge builder. Well over a billion people use the Internet today.3 It is, for all users, a technology that allows people to reach others more quickly and inexpensively than any other alternative. Although precise estimates are not available, most of the Internet demand is for commercial, personal, political, and recreational uses. Much Internet traffic also involves extremist, terrorist, and illegal activities, including fraud and crimes such as identity theft, embezzlement, larceny, and human trafficking. Yet, another large component supports individuals and organizations interested in building dialogue with others throughout the world, for service, educational, and philanthropic purposes. Some see this bridge-building component today as a basic feature of global civilization - an international revolution that has transformed civil society mostly for the better, and will continue to do so
LR Cybercrime Business
The capabilities and opportunities provided by the Internet have transformed many legitimate business activities, augmenting the speed, ease, and range with which transactions can be conducted while also lowering many of the costs. Criminals have also discovered that the Internet can provide new opportunities and multiplier benefits for illicit business. The dark side of the Internet involves not only fraud and theft, pervasive pornography and pedophile rings, but also drug trafficking and criminal organizations that are more concerned about exploitation than the kind of disruption that is the focus of the intruder community. In the virtual world, as in the real world, most criminal activities are initiated by individuals or small groups and can best be understood as "disorganized crime." Yet there is growing evidence that organized crime groups or mafias are exploiting the new opportunities offered by the Internet. Organized crime and cyber-crime will never be synonymous - most organized crime will continue to operate in the real world rather than the cyber-world and most cyber-crime will continue to be the result of individuals rather than criminal organizations per se. Nevertheless, the degree of overlap between the two phenomena is likely to increase considerably in the next few years. This is something that needs to be recognized by business and government as an emerging and very serious threat to cyber-security. Accordingly, this analysis sets out to do three things: 1. Explain why the Internet is so attractive to criminals in general and to criminal organizations in particular. 2. Identify some clearly discernible trends that provide important clues about ways in which organized crime and cyber-crime are beginning to overlap. 3. Identify a series of measures necessary for business to respond effectively to the growing exploitation of the Internet by organized criminals
Illegal Immigration via Land
The duration and severity of the COVID-19 pandemic in the United States and within Central and South America and the Caribbean will shape illegal immigration to the U.S. Southwest Border, exacerbating the underlying economic and political conditions in the region. As COVID-19-related restrictions on mobility ease, we are seeing an increase in illegal immigration flows to pre-pandemic levels. • Illegal immigration flows within the Western Hemisphere have begun to increase after a short-term decline in response to the world-wide COVID-19 pandemic and countries instituting border transit restrictions. Over the medium term, mass migration might occur if the economies of the Caribbean, Central and South American countries continue to decline and if the health and humanitarian response capabilities continue to deteriorate due to COVID-19. Mass migration especially might occur if these negative conditions are coupled with an economic resurgence in the United States. • COVID-19-related international travel restrictions that many countries have instituted have curtailed some illegal immigration from outside the Western Hemisphere. When these measures are lifted, there will be sporadic illegal immigration into and through the region. • Weak job markets, high crime rates, and governmental or non-state repression will remain key drivers of U.S.-bound migration from the Caribbean and Central and South America, especially as COVID-19-related citizen mobility restrictions ease in the region. Seasonal weather changes and perceptions of U.S. and Mexican immigration and enforcement policies and measures also will shape migration patterns as inter-governmental division and inconsistent messaging continue to impede Congressionally mandated immigration enforcement policies.
Bioweapons can be counteracted by boosting the immune systems of prospective targeted victims (Alibek, 1999). DNA technology can also be used to counteract bioterrorism by increasing a target population's ability to analyze and identify unique strains of a biological agent and trace them back to particular sources. DNA technology has also heightened
certain risks of bioterrorism. Genetic engineering that makes use of DNA science raises the troubling prospect that organisms could be made resistant to current medicines or developed to increase their capacity to spread into the environment (Centers for Disease Control and Prevention). Several authorities point to biological weapons as the most threatening of all WMD because of the large number of people who know how to deploy them and the even larger corps of prospective terrorists inclined to pay for the services of those people. Richard Pearlstein argues that a potentially effective way to prevent biological attacks is to encourage affluent nations to give gainful employment to biologists who might otherwise serve the interests of terrorism. might otherwise serve the interests of terrorism. Perhaps the most effective strategy is for each nation to recognize that bioweapon stockpiles pose a grave threat to any nation that harbors them and therefore it should destroy them, regardless of what other nations do