U.S. Counterterrorism strategy since 9/11 has focused on preemption by pursuing terrorist groups abroad before they might successfully direct operations against the homeland. The U.S. prioritized removal of terrorist leaders through kinetic strikes in their distant sanctuaries from where they would otherwise plan, direct, fund, train, and equip those who would undertake attacks on American soil. The doctrine was well suited to the centrally managed structure on which al-Qaeda relied in 2001.
Today’s landscape is dramatically different from that to which we awoke on Sept. 11, 2001. Today’s terrorist landscape is more fluid and complex than ever influenced by economic and social conditions that breed extremism and the threat landscape is less predictable. The Countries face an increasingly complex terrorist landscape, populated by a diverse array of actors employing new technologies and tactics across physical and cyber space to advance their agendas. The terrorist threat to the United States is growing more dynamic and diffuse as an increasing number of groups, networks, and individuals exploit global trends, including the emergence of more secure modes of communications, the expansion of social and mass media, and persistent instability across several regions. It is fair to say that we face more threats originating in more places and involving more individuals than we have at any time in the last fourteen years, said Nick Rasmussen, Director Counterterrorism Center .
The White House’s released National Strategy for Counterterrorism in Oct 2018 that recognizes the full range of terrorist threats that the United States confronts within and beyond our borders, and emphasizes the use of all elements of national power to combat terrorism and terrorist ideologies. It warns about the continued danger of the Islamic State even as the group has suffered major losses in Syria and Iraq, the more limited threat posed by al-Qaida affiliates, and the risks that state sponsors of terror like Iran pose to U.S. interests.
“We will deny terrorists the freedom to travel and communicate across international borders, and we will take action to limit their ability to recruit and radicalize online. We will combat the violent, extreme, and twisted ideologies that purport to justify the murder of innocent victims. We will also ensure that America’s critical infrastructure is protected, in order to deter and prevent attacks, and is resilient so that we can quickly recover should it come under attack, ” states the new strategy.
DHS has launched National Counterterrorism, Innovation, Technology, and Education (NCITE) COE, formerly referred to as the Terrorism Prevention Counterterrorism Research COE, which will be housed at the University of Nebraska Omaha. The University will lead a consortium of academic, industry, government, and laboratory partners to embark on a number of counterterrorism programs, including efforts to prevent terror attacks by countering the radicalization of people and their mobilization to violence. In addition to conducting research studies and developing technology solutions, the COE will also train a skilled workforce in the latest methods to identify and protect the nation from terrorist threats.
The terrorist threat to the United States has evolved considerably since the September 11th attacks. Despite our success in detecting and preventing multi-actor, complex terrorist attacks, terrorists continue plotting in search of any kind of vulnerability that may permit them to conduct an attack against the United States. While this significant threat looms, decentralized terrorist groups have exploited the Internet and social media to incessantly spread terrorist propaganda and training material that inspire and recruit individuals within the United States to radicalize to violence.
Terrorist narratives across the ideological spectrum increasingly encourage the use of simple tactics that target large public gatherings using vehicular attacks, small arms, homemade explosives, or chemical, biological, or radiological materials. These attacks often lack overt warning signs, which limits opportunities for intervention or apprehension.
ISIS remains the foremost radical Islamist terrorist group and the primary transnational terrorist threat to the United States, despite ongoing United States and coalition civilian and military efforts that have diminished the group’s footprint in Iraq and Syria, killed thousands of its members, and curtailed its global expansion. Meanwhile, al-Qa’ida’s global network remains resilient and poses an enduring threat to the homeland and United States interests around the world. Consistent United States-led counterterrorism pressure has removed many of its senior leaders and reduced the group’s ability to operate in South Asia, but its affiliates continue to plan and carry out terrorist attacks against the United States and our allies, as well as raise funds from individual supporters through the international financial system. The core of Al-Qaeda as we knew it has been dismantled. However, this does not mean that the threat from Al-Qaeda’s resident in the tribal areas of Pakistan or in eastern Afganistan has been eliminated entirely. So long as the group can regenerate capability, Al-Qaeda will remain as threat, said Nick Rasmussen, Director Counterterrorism Center.”
Iran remains the most prominent state sponsor of terrorism, supporting militant and terrorist groups across the Middle East and cultivating a network of operatives that pose a threat in the United States and globally. Through the Islamic Revolutionary Guard CorpsQods Force (IRGC-QF), Iran’s primary terrorist support arm, the Government of Iran provides financial and material support, training, and guidance to Hizballah and other Shia militant groups operating in Bahrain, Iraq, Syria, and Yemen. It also supports HAMAS and other Palestinian terrorist groups. With operatives deployed around the world, the IRGC-QF has the capability to target United States interests and possibly the homeland.
Terrorism, generally viewed as a ‘tactic’ used for ‘the deliberate creation and exploitation of fear through violence or the threat of violence in the pursuit of political change’, has also profoundly changed as a result of technological advance, becoming increasingly global, lethal and complex.
While most terrorist incidents are characterized by the use of the ‘gun and the bomb,’ threat groups are expanding into both low- (e.g. knives and vehicular overruns) and high-end (e.g. weaponized drone and teleoperated static weapons platform) technology use and the tactics, techniques, and procedures supporting it. Further, novel variations on mid-range technology use – such as the armoring of VBIEDs (vehicle borne improvised explosive devices) – are also taking place as is the use of homemade or 3D-printed firearms.
The 2008 Mumbai attacks, when ten terrorists assaulted six ‘soft’ sites across the city for a total of 60 hours, killing 164 people and wounding another 300, provide a striking example of how Web 2.0 enabled a new type of global jihadist tactic. This became known as a marauding attack, where numerous targets in a city are hit simultaneously to cause maximum casualties and media exposure while stretching response teams. The attacks highlighted the effectiveness of coordinated, but comparatively less planned, attacks against soft targets by terrorists with relatively basic weapons who were able to communicate in real time, and were willing to die.
But what was truly innovative about the Mumbai attacks was that, as a result of the plethora of social media updates from affected citizens—including pictures and geo-located GoogleMap tags—the attackers’ handlers in Karachi could monitor the incidents on the internet in real time and direct them to more targets, including relaying victims’ locations through their own social media updates, making the attacks even more lethal.
Modern terrorist attacks display increasingly sophisticated ICT skills in both conducting their attacks and communicating them globally through digital technologies, combined with, in some cases, an awareness of counter-intelligence measures, largely enabled by Web 2.0. The Paris attackers displayed the most sophisticated use of these, including so-called Dark Web platforms like Tor (a free and open-source software for enabling anonymous communication, launched in 2006) and Telegram (an encrypted instant messaging, file-sharing and voiceover service, launched in 2013), while some of the weapons used in the attacks are believed to have been bought from criminals using bitcoin on the Dark Web.
Bitcoin and other cryptocurrencies offer terrorists the benefit of anonymity, which they exploit to fundraise, and transfer and purchase weapons, illegally in a crowdsourced approach to terrorist financing.
Vehicle-borne improvised explosive devices (VBIEDs) – parked and then later detonated (used early on by the IRA) or driven into their targets as a martyrdom operation (used by numerous radical Islamist groups) – have existed for decades now and are a well-known form of terrorist attack. The armoring of such weapons systems, turning them into armored vehicle-borne improvised explosive devices (AVBIEDs), thus allowing them to better reach their intended targets in insurgent and conventional warfighting environments, was pioneered by ISIS, which utilized them in place of the artillery in which they were deficient. Impact: While the potentials of armored VBIED usage have not been realized in Europe and the United States, when or if such deployment takes place will represent a significant security threat to hardened facilities and venues. Further, the TTP of a tandem attack, in which the first AVBIED blows a hole in the defenses of a facility thereby allowing the follow-on one a clear path, must also be considered in physical counterterrorism planning.
The placement of an IED on a rotor or fixed-wing unmanned aerial system (UAS)/unmanned aerial vehicle (UAV), which then detonates upon contact or in proximity of the target. Impact: A significant threat now exists with ISIS having used these weaponized devices extensively in Iraq and Syria before the territorial Caliphate was overrun. All major terrorist groups recognize the utility of IED drones and many – including Hezbollah (early pioneers of their use), Hamas, and al-Qaeda – have fielded them as have some Latin American criminal groups. In certain instances, this form of drone usage has matured to the carrying of bomblet(s) that they then drop upon their intended targets, although this is presently more of an insurgent rather than terrorist TTP.
This evolution in the use of firearms is derived from the hardline cable or wireless control of an assault rifle or other type of firearm by means of a game controller, smart phone, tablet, laptop, or desktop computer interface for targeting and C2 purposes. These systems have existed since the early 2000s with their battlefield usage beginning in the 2010s. The remote sniping, virtual targeting presence, and remote combined arms capabilities gained by these systems would have a great deal of practical utility for terrorist groups. Impact: These systems are being seen sporadically overseas such as in the Iraqi, Syrian, and Libyan conflict zones with their deployment by insurgent and terrorist groups. Higher-end systems are also being developed by state military forces and even crowdsourced for Ukrainian military use (e.g. the Sabre Remote Weapon Station). Remote-controlled firearms have not yet been utilized for terrorist attack purposes in Western societies. This is due to a moderate technical and CONOPS hurdle that underlies the lack of sophistication and creativity of most terrorist organizations and their members operating in the West.
The use of arson attacks has been advocated in the Islamic State magazine Rumiyah (the January 2017 issue) and in the al-Qaeda magazine Inspire (the May 2012 and March 2013 issues). As evidenced by past jihadist attacks, the arson component is generally auxiliary in nature, overly complex, and applied at the tactical level as part of a martyrdom action.
Target sets such as “Apartment Buildings, Forests Adjacent to Residential Areas, and Factories,” as advocated in Rumiyah, would result in large-scale residential and urban fires and the potential for large death tolls and infrastructure devastation. In May 2019, ISIS claimed to have used wildfires for crop destruction in various regions of Iraq and Syria as an insurgent tactic although this TTP has not been applied overseas for terrorism purposes. Impact: While the origins of recent forest and brush fires in the American West, Australia, and other regions of the world are being closely monitored, links to terrorism have not been evident.
“Unfortunately, ISIS and Al-Qaeda’s affiliates in Yemen and Syria have filled the void. The tactics they use have changed, as well. Qaeda in the Arabian Peninsula no longer hides the fact that it builds bombs; it publicizes its instruction manual in its magazine, and publicly urges people to use it. ISIS in particular has perfected using social media to spread its online propaganda and recruit members to its ranks. These new tactics mean that we can no longer rely solely on military force to eliminate a terrorist threat.”
“Social media has allowed groups, such as ISIL, to use the Internet to spot and assess potential recruits. With the widespread horizontal distribution of social media, terrorists can identify vulnerable individuals of all ages in the United States — spot, assess, recruit, and radicalize — either to travel or to conduct a homeland attack. The foreign terrorist now has direct access into the United States like never before.”“It is no longer necessary to get a terrorist operative into the United States to recruit terrorists, in ungoverned spaces, disseminate poisonous propaganda and training materials to attract troubled souls around the world to their cause. They encourage these individuals to travel, but if they can’t travel, they motivate them to act at home. This is a significant change from a decade ago.”
First-person shooter (FPS) attacks later aired in online propaganda videos, and even livestreamed, allow terrorist groups to create a more immersive experience for their audiences. When livestreamed, these have an almost addictive quality. Livestreaming was utilized by the knife-wielding ISIS-linked terrorist Larossi Abballa in an FPS variant (first- person stabber or slasher) incident on June 13, 2016, in Magnanville, France. On March 15, 2019, white nationalist extremist Brenton Tarrant then livestreamed his Christchurch, New Zealand, shooting rampage on Facebook, showing its crossover appeal to a terrorist movement with far different ideological tenets than that adhered to by SOA [soldier(s) of Allah]. Impact: Limited use to date although the technique has spread to a Mexican cartel – Cártel Santa Rosa de Lima (CSRL) – with an FPS incident (later uploaded to social media) taking place in Valle de Santiago, Guanajuato, on Feb. 5, 2019.
Cryptocurrency has come to terrorism
Another recent threat that has come to terrorism is Cryptocurrency with an array of terrorist organizations exploiting the anonymity afforded by blockchain technology for fundraising and finances. The Islamic State appears to have been defeated as claimed by Trump with it’s revenue from oil and taxes have disappeared, but cryptocurrencies such as bitcoin, Dash, Ethereum, Monero, Verge and Zcash constitute an alternative funding source for the terrorists. Transactions are swift and anonymous, and disrupting them is difficult. On Nov. 26 2018 in a federal court in New York, 27-year-old Zoobia Shahnaz pleaded guilty to financially supporting the Islamic State terrorist group with a scheme that employed money laundering and bank fraud, along with bitcoin and other cryptocurrencies, according to prosecutors , The Washington Post, reported.
In addition to more-established terrorist organizations, an emerging cadre of terrorist groups and their affiliates, such as Al-Sadaqah, Malhama Tactical and the Ibn Taymiyyah Media Center, have begun using cryptocurrency, The Washington Post, reported. Communications about transactions often take place on encrypted messaging apps, such as Telegram, favored by terrorist groups because they are easy to use and offer a secure venue for planning and recruiting — and for advising Western supporters about how to use cryptocurrency.
Terrorists are difficult to disrupt because they are highly adaptive and use any means to achieve their ends. Within the United States, they exploit our open and free society to target civilians. They take advantage of technology, such as the Internet and encrypted communications, to promote their malicious goals and spread their violent ideologies. Overseas, they thrive in countries with weak governments and where disenfranchised populations are vulnerable to terrorists’ destructive and misinformed narratives, and they are adaptive in the face of pressure from countries with strong governments. Some are sheltered and supported by foreign governments or even do their bidding.
Terrorist groups like al-Qaeda have now transitioned to a more decentralized structure that empowered worldwide affiliates. New franchises sprung forth in Yemen, North Africa, and Syria, to name but a few, which operated with greater independence and agility in adapting tactics to meet changing local and international conditions.
Second while there has been decrease in frequency of large scale, complex plotting efforts that sometimes span several years, we have seen a proliferation of more rapidly evolving threat or plot that emerge simply by an individual encouraged to take action, then quickly gathering a few resources needed and moving into an operational phase.. This is something I would tie very much to modus operandi of ISIL-inspired terrorists, The so called “flash-to bang” ratio in plotting of this sort is extremely compressed, and allows little time for traditional law enforcement and intelligence tools to disrupt or mitigate potential plots.
Other are Lone wolves operating independently in our own backyards could not be neutralized by operations abroad. Moreover, they were hard to identify through existing domestic law enforcement and foreign intelligence collection tools and techniques. Receiving inspiration, technical guidance, and examples through online communications, publications, and resources, such wouldbe terrorists required no direct command, control, communications, training, personnel support, or material resources.
A new report on terrorism financing shows that for most Americans who sought to join or support ISIS, the trip was cheap and the money came easily, making it harder for investigators to track would-be terrorists. The Sep 2020 report, by the George Washington University Program on Extremism and the federally funded National Counterterrorism, Innovation, Technology, and Education Center at the University of Nebraska-Omaha, examined 209 individuals charged with ISIS-tied crimes from 2013 until August of this year.
Most of those charged were able to use their personal savings for their alleged terrorist activities. One would-be jihadi used a tax refund, and others sold cars, laptops and items as small as phones and shoe racks to pay for plane tickets or weapons. “Since most of their expenses … were no higher than a few thousand dollars,” said the report, “this could sustain them.” The scarcity and inconspicuous nature of the financial transactions of many U.S.-based IS supporters can represent a challenge for investigators, which often rely on fnancial operations to uncover terrorism-related individuals and as evidence in prosecutions against them.
Very few of those arrested had a criminal background — a stark contrast to those arrested for ISIS related activities in France, Spain, and other parts of Europe, the study found. Just four cases had connections to with violent crime and drug trafficking. While the U.S. system has been overall effective during the ISIS-related mobilization of the last decade, it will have to adapt to modern financial tools that will be part of the future threat from terrorism groups, including “technological developments such as online crowdfunding, cryptocurrencies, and deep/dark web transactions.”
We live in a technologically driven society and just as private industry has adapted to modern forms of communication so too have terrorists. Unfortunately, changing forms of Internet communication and the use of encryption are posing real challenges to the FBI’s ability to fulfill its public safety and national security missions. The difficulty in collecting precise intelligence on terrorist intentions and the status of particular terrorist plots is increasing over the time.” There are several reasons for this: exposure of intelligence collection techniques; disclosures of classified information that have given terrorist groups a better understanding of how we collect intelligence; and terrorist group’s innovative and agile use of new means of communicating, including ways in which they understand are beyond our ability to collect. This real and growing gap, to which the FBI refers as “Going Dark,” is an area of continuing focus for the FBI; we believe it must be addressed given the resulting risks are grave both in both traditional criminal matters as well as in national security matters.
DHS Counter terrorism approach
To thwart these attacks, the Department and its partners must engage in a comprehensive counterterrorism approach to prevent both foreign and domestic terrorism and more decisively confronts the terror threat to the Homeland. The Department also requires the tools and capabilities necessary to address targeted violence in all its forms, including threats to our schools, infrastructure, and houses of worship.
In recent years, terrorists and criminals have increasingly adopted new techniques and advanced tactics in an effort to circumvent homeland security and threaten the safety, security, and prosperity of the American public and our allies. The rapidly evolving threat environment demands a proactive response by DHS and its partners to identify, detect, and prevent attacks against the United States. The Department of Homeland Security’s counterterrorism responsibilities focus on four goals: Expand All Sections; Collect, Analyze, and Share Actionable Intelligence; Detect and Disrupt Threats; Protect Designated Leadership, Events, and Soft Targets; and Counter Weapons of Mass Destruction and Emerging Threats.
The Department of Homeland Security Science & Technology Directorate’s newest Center of Excellence launched in 2020 is Led by the University of Omaha-Nebraska. It’s lead Gina Ligon, told GovernmentCIO Media & Research that she’s focusing on four themes to guide NCITE’s research.
“The first theme is the nature of counterterrorism operations, devoted to helping support the counterterrorism professional and the technology she might need to solve some of the problems she’s faced with,” Ligon said. “We have some of the HoloLens tech happening with different types of augmented reality and AI programs loaded onto it for [Customers and Border Protection] agents so they have all of this different info that they’re trying to make decisions about in one place.” Like the other centers of excellence at the agency, NCITE functions as outsourced research and development for DHS. NCITE’s research and technological solutions, if they fit DHS needs, will transition to DHS use.
“Theme two is suspicious activity reporting, or TSAR projects,” Ligon said. “When you think about what [DHS] was stood up for, it’s really about collaboration across state, local and federal information sources and threat assessment at these different levels. What is the technology we can use to support individuals who are combining data from all these different levels of authorities to put together a clear assessment of the threat picture for our country?” Ligon called the first two themes “really big data issues” that need data visualization. “All the different types of collection authorities … the answers are all there, it’s really about our ability to streamline that information to what’s relevant for the counterterrorism [officials] and their decisions,” she added.
The third theme is all about preventing terrorism before it starts. “One of the projects we have in this particular theme is federally incarcerated extremists and what happens when they’re released back into society,” Ligon said. “It’s a really challenging technical issue because once you’ve served your prison sentence, you can no longer be monitored. So this is more of a support to offer community resilience. It’s such a rare and nuanced problem what type of extremists each community might have.” Ligon is working on a project to evaluate what risk individuals incarcerated for violent extremism and terrorism pose to society upon release. Academics and the federal government haven’t studied this issue much in the past because domestic terrorism has a low base rate, she said.
NCITE’s partner in London, The King’s College, will supplement this research with social media analysis to see how foreign extremists and terrorists use social media to inspire and radicalize. “Every team has a STEM member on it that’s actually trying to translate these findings into algorithms, data analytics, machine learning,” Ligon said. The NCITE team structure also feeds into the fourth NCITE theme: a focus on workforce development and encouraging more STEM individuals and computer scientists to pursue careers in the counterterrorism space. “All of our teams have students on them, so we’re inspiring the future workforce for DHS as well because they’ve gotten training on how to apply their STEM research to a DHS problem,” Ligon said. “That’s the other thing the COEs do; they expose the best and brightest.”
Collect, Analyze, and Share Actionable Intelligence
Effective homeland security operations rely on timely and actionable intelligence to accurately assess and prevent threats against the United States. Accordingly, DHS works diligently to enhance intelligence collection, integration, analysis, and information sharing capabilities to ensure partners, stakeholders, and senior leaders receive actionable intelligence and information necessary to inform their decisions and operations. A critical and statutorily charged mission of DHS is to deliver intelligence and information to federal, state, local, and tribal governments and private sector partners. As such, DHS has the broadest customer base for intelligence products of various subjects and classification requirements. This responsibility requires an integrated intelligence network to eliminate redundancies and a mission-focused approach to producing and sharing intelligence.
Detect and Disrupt Threats
To thwart these attacks, the Department and its partners must engage in a comprehensive counterterrorism approach to prevent both foreign and domestic terrorism and more decisively confronts the terror threat to the Homeland. The Department also requires the tools and capabilities necessary to address targeted violence in all its forms, including threats to our schools, infrastructure, and houses of worship.
Transnational criminal organizations and their offshoots also pose serious threats to the American people and the Homeland. Their crimes include trafficking and smuggling of humans, drugs, weapons, and wildlife, as well as money laundering, corruption, cybercrime, fraud, financial crimes, intellectual property theft, and the illicit procurement of export-controlled material and technology. DHS is using its full breadth of law enforcement, border security, immigration, travel security, and trade-based authorities to proactively prevent, identify, investigate, disrupt, and dismantle these organizations.
Protect Designated Leadership, Events, and Soft Targets
Ensuring the protection and safety of our Nation’s highest elected leaders is a paramount responsibility that demands operational perfection. DHS maintains a highly skilled and motivated workforce combined with innovative technologies and advanced countermeasures to protect designated leadership, visiting foreign heads of state and government, and National Special Security Events.
Counter Weapons of Mass Destruction and Emerging Threats
The spread of rapidly evolving and innovative technology, equipment, techniques, and knowledge presents new and emerging dangers for homeland security in the years ahead. Terrorists remain intent on acquiring weapons of mass destruction (WMD) capabilities, and rogue nations and non-state actors are aggressively working to develop, acquire, and modernize WMDs that they could use against the Homeland. Meanwhile, biological and chemical materials and technologies with dual use capabilities are more accessible throughout the global market. Due to the proliferation of such information and technologies, rogue nations and non-state actors have more opportunities to develop, acquire, and use WMDs than ever before. DHS is strengthening and integrating its detection and counter-measure capabilities to address this profound risk to the United States.
Similarly, the proliferation of unmanned aircraft systems, artificial intelligence, and biotechnology increase opportunities for threat actors to acquire and use these capabilities against the United States and its interests. DHS is assessing how these technologies will affect homeland security and developing proactive solutions to limit future risk.
“Terrorist tactics continue to evolve, and we must keep pace. Terrorists seek sophisticated means of attack, including chemical, biological, radiological, nuclear and explosive weapons, and cyber-attacks. Threats may come from abroad or be homegrown,” says Department of Homeland Security. Homeland Department works for prevention of terrorist attacks on the nation. Aside from that, it also works to fight against cyberfraud and espionage, as well as to detect and protect against threats like cross-border terrorism, cybercrime, piracy, the drug trade, human trafficking and separatist movements.
Cyber threats and Cyber Security
The nature of the terrorism threat facing society has changed considerably in the last 20 years as new technologies and opportunities reveal themselves to terrorist organizations. The growing digitization of Critical Information Infrastructure (CII) and predicted growth of 30 billion connected IoT devices by 2030, are creating more assets susceptible to attack and adding more vulnerabilities to be exploited.
“An element of virtually every national security threat and crime problem the FBI faces is cyber-based or facilitated. We face sophisticated cyber threats from state-sponsored hackers, hackers for hire, organized cyber syndicates, and terrorists. On a daily basis, cyber-based actors seek our state secrets, our trade secrets, our technology, and our ideas — things of incredible value to all of us and of great importance to the conduct of our government business and our national security. They seek to strike our critical infrastructure and to harm our economy,” said James B. Comey Director FBI
We continue to see an increase in the scale and scope of reporting on malicious cyber activity that can be measured by the amount of corporate data stolen or deleted, personally identifiable information compromised, or remediation costs incurred by U.S. victims. Terrorists continue to adapt their methods to exploit procedural, technological and security gaps in our cyber and aviation sectors. A recent CNN report noted a skyrocketing number of cyberattacks against federal agencies, with more than 61,000 attacks in 2013.
FBI agents, analysts, and computer scientists are using technical capabilities and traditional investigative techniques — such as sources, court-authorized electronic surveillance, physical surveillance, and forensics — to fight cyber threats. We are working side-by-side with our Federal, State, and local partners on Cyber Task Forces in each of our 56 field offices and through the National Cyber Investigative Joint Task Force (NCIJTF), which serves as a coordination, integration, and information sharing center for 19 U.S. agencies and several key international allies for cyber threat investigations.
Through CyWatch, our 24-hour cyber command center, we combine the resources of the FBI and NCIJTF, allowing us to provide connectivity to Federal cyber centers, government agencies, FBI field offices and legal attachés, and the private sector in the event of a cyber-intrusion.
Counterterrorism demands new technologies
As traditional ways of developing law enforcement technologies become inadequate for dealing with the current strategic realities, several companies within and beyond the defence sector are partnering with governments to bolster public safety. New technologies to counter global terrorism are being developed actively across several parts of the world.
Most states focus on preventing terrorist attacks, rather than reacting to them. As such,prediction is already central to effective counterterrorism. There are two means to prevent terrorist attacks. One is deterrence: through the protection of infrastructure, the application of security checks and the promise of punishment. Another is the denial of the ability to conduct attacks: by apprehending terrorists before their plots come to fruition, countering recruitment and radicalization of future terrorists, and placing restrictions on the movement and freedom of individuals.
We will modernize and integrate existing counterterrorism tools so we can secure our borders through, among other things, more rigorous scrutiny of entry applications. We will also deploy new technologies precisely where they are needed and protect critical infrastructure in the United States from terrorist attacks. Finally, we will incorporate two of the most potent tools in the information environment: cyber operations and strategic communications, says new strategy.
As terrorists seek new ways to attack our infrastructure and soft targets—both at home and abroad—we will improve and innovate our layered defenses. We will ensure redundancy of our systems, including systems in cyberspace, and develop measures for rapid recovery for systems if an attack should occur, facilitating their quick return to normal operations.
“We will harness technologies that allow our counterterrorism efforts to keep pace with a dynamic environment and build holistic identities of terrorists. The technologies we develop will be usable and accessible across the agencies of the United States Government to ensure sharing and integration. We will also seek to enhance our ability to access terrorist communications, including by using technical tools and by law enforcement working with private industry to confront challenges posed by technological barriers,”says new strategy.
US has employed drones for counter terrorism operations like in advanced surveillance and precision technology because of their low-cost features –– of being unmanned and inexpensive. Recently, Yaya J. Fanusie, a former CIA counterterrorism analyst has identified Data analysis innovation area for national security sector. The author gives example of Palantir, founded in 2004 to provide big data analysis for the intelligence community and which now earns $1.5 billion in revenue. The firm’s software helps clients connect the dots within large data sets, using technology inspired by PayPal, where some of Palantir’s leadership used to work.
Advances in artificial intelligence (AI) algorithms with powerful predictive abilities can be used in predicting terrorist activity or individual involvement in terrorism. The AI methods use machine learning to build models based on data, and then make inferences from those models. Developments in AI have amplified the ability to conduct surveillance without being constrained by resources. Deep learning technologies also help analyze and process vast streams of footage. AI-driven text analysis could be used to ‘understand’ the content of private messages without requiring the attention of a human analyst.
EINSTEIN system: an intrusion detection and prevention system
First, we have prioritized full deployment of our EINSTEIN system: an intrusion detection and prevention system that uses classified information to protect unclassified networks. EINSTEIN has demonstrated its value. Since its introduction, E3A has blocked over 650,000 requests to access potentially malicious websites. These attempts are often associated with adversaries who are already on federal networks attempting to communicate with their “home base” and steal data from agency networks.
Importantly, EINSTEIN 3A is also a platform for future technologies and capabilities to do more. This includes technology that will automatically identify suspicious Internet traffic for further inspection, even if we did not already know about the particular cybersecurity threat.
Second, DHS helps federal agencies identify and fix problems in near-real-time using Continuous Diagnostics and Mitigation programs – or “CDM.” Once fully deployed, CDM will monitor agency networks internally for vulnerabilities that could be exploited by bad actors that have breached the perimeter. CDM will allow agencies to identify, prioritize, and fix the most significant problems first. It will also provide DHS with situational awareness about government-wide risk for the broader cybersecurity mission.
Third, information sharing is fundamental to achieving our mission. We must be able to share information in as close to real time as possible while ensuring appropriate privacy protections. We have made excellent progress by leading the development of a system that makes automated information sharing possible. By November we will have the capability to automate the distribution and receipt of cyber threat indicators.
Advanced data analysis using Artificial Intelligence
Advanced machine learning called topological data analysis allows computers to identify patterns that can’t be discerned through traditional algorithms. Instead of relying on the analyst feeding the search engine clues, the software learns from the data to discover hidden relationships which may prompt investigators to connect new dots.
Ayasdi is one Silicon Valley Company offering such technology, particularly suited toward helping the national security sector predict and prevent terror threats. It translates data into three-dimensional shapes and colors to help analysts visualize nonlinear patterns. It received early funding in 2008 from the Department of Defense’s Defense Advanced Research Projects Agency (DARPA), and has to date received $100 million in total.
Build a holistic picture of terrorist identities
We will enhance the collection, discovery, and exploitation of identity information supporting the counterterrorism mission, particularly biometric data. We will also identify and use other categories of identity information, including publicly available information, financial intelligence, and captured enemy material. We will improve the interoperability among United States Government systems to enable more efficient sharing of this information, bolstering our analysis and screening capabilities.
Air travel security has caused the demand for explosive detection systems, body scanners and baggage screening systems to increase. Likewise, the need for advanced technologies for identification, biometrics and security checks is necessary
Magnetometers, CT scanners, backscatter X-ray machines, explosive trace detectors and body scanners are all employed by authorities to counter terrorists’ advances in their efforts to target aircraft. Aviation Security Advisory Committee (ASAC) addressed concerns about whether aviation workers with airport identification badges could bypass security and smuggle weapons or explosives into an operations area or even onto an aircraft
Transportation Security Administration (TSA) took several immediate actions, including “real-time recurrent” criminal history background checks coordinated with the FBI, reducing the number of access points to secured areas, and encouraging airport workers to report suspicious activity. US, United Kingdom and other countries now have passed legislation for both near and long-term enhancements to cabin baggage screening requirements.
Our successes depend on interagency cooperation. We work closely with our partners within the Department of Homeland Security and the National Counterterrorism Center to address current and emerging threats, James B. Comey Director Federal Bureau of Investigation.
PositiveID Corporation’s Firefly DX
A medical device company, PositiveID developed the Firefly Dx, a handheld device that can test anyone or anything from contamination or other illnesses ranging from smallpox, E.coli, influenza, anthrax and MRSA within 20 minutes. The device was used by the U.S. government to screen refugees and is part of the country’s Department of Homeland Security (DHS) SenseNet Phase I program as a more cost-effective biothreat detection system.
Zix Corporation’s email encryption and data protection
Emails and data are also not safe from cybercrime as hackers can acquire companies’ confidential information such as their list of clients and the schematics and specifics of their products and services. Used by the healthcare, finance and government sectors, Zix Corporation provides products for email data protection, unique data loss protection (DLP) solutions and innovative email BYOD (bring your own device) solutions.
One area is looking for evidence on a confiscated laptop or smartphone, or clues scattered across one’s digital footprint. Canadian company Magnet Forensics has developed a key technology called the Internet Evidence Finder, an application which helps investigators comb through digital files to find evidence in criminal cases – for example, the FBI used the software to probe 30 recovered electronic devices owned by the Boston Marathon bombers. Since its launch in 2011, Magnetic Forensics’ revenues have grown 11-fold.
Forensic science experts at Flinders University are refining an innovative counter-terrorism technique that checks for environmental DNA in the dust on clothing, baggage, shoes or even a passport. The Flinders-led research, led by postdoctoral research associate Dr Jennifer Young, will developed a system to trace the source of dust on suspect articles to match a soil profile of a specific area or overseas country. This could help provide evidence of where a person of interest might have travelled based on the environmental DNA signature from dust on their belongings,” says Dr Young, from the College of Science and Engineering at Flinders University.
“This microscopic environmental trace evidence, based on soil geochemical, bacterial and fungal analysis would complement and enhance current forensic intelligence tools,” she says in new research in Forensic Science International: Genetics. The project has received a State Government Defence Innovation Partnership (DIP) grant of almost $150,000 to develop the intelligence and forensic potential of dust traces for counter-terrorism and national security, working with the Australian Federal Police and university partners (University of Adelaide and University of Canberra) to match the DNA extraction and amplification technique to Australian soil profiles from Geosciences Australia.
Professor Linacre, chair in Forensic DNA Technology at Flinders, says environmental samples serve as ideal forms of contact trace evidence as detection at a scene can establish a link between a suspect, location and victim. “Environment samples extracted via the ‘massively parallel sequencing’ technology provide biological signatures from complex DNA mixtures and trace amounts of low biomass samples,” he says. The project is among more than $1 million in funding announced in the fourth round of the Defence Innovation Partnership’s Collaborative Research Fund.
Blockchain for business registries
“When law enforcement investigates suspected front companies involved in terror finance, one of the first places it looks is corporate registries. Every US state manages its own registry, as does every foreign country, and there is no reliable way to search across registry databases. The job gets more difficult when trying to crack the opaque offshore jurisdictions that illicit financiers favor.”
Enterprising startups are now experimenting with the blockchain technology that underpins virtual currencies like Bitcoin. Blockchain is an authenticated ledger that records digital transactions, but is increasingly used for validating all types of records. If a blockchain system were set up to hold corporate registry information internationally, it would help governments manage business data and identify firms and individuals engaged in illicit activity.
“Critics of Silicon Valley from the national-security community charge that technology is enabling terrorists to operate undetected. This same technological knowhow, however, could help the intelligence community thwart those plotting against us and our allies. Silicon Valley has become renowned for innovation, but it could one day become a byword for something even more important: keeping America and the world safe,” says Yaya J. Fanusie.
An exclusive report by Transparency Market Research projects that the global market for counter terror and public safety technologies will witness a steadfast growth in the approaching years. According to the research study, the global counter terror and public safety technology market will be worth nearly US$ 100 Bn in 2017. With the emergence of autonomous security robots and breakthroughs in data analysis, the demand for counter terror and public safety technologies will gain impressive traction in the next five years. By the end of 2022, the global counter terror and public safety technology market will reach a value of US$ 192.1 Bn, creating an overall incremental opportunity of around hundred billion dollars. During the forecast period, 2017-2022, the global counter terror and public safety technology market will expand robustly at a CAGR of 14.1%.
In terms of development, the advanced technological infrastructure in the US, coupled with its expansive military and homeland security forces, will contribute to the growth of North America’s counter terror and public safety technology market. Through 2022, North America will dominate the global market and bring in close to US$ 60 Bn revenues. Europe and Asia-Pacific excluding Japan (APEJ) are also observed to be leading regions in the global counter terror and public safety technology market. During the forecast period, the counter terror and public safety technology market in these regions is anticipated to showcase expansion at more than 13% CAGR.
The study projects the chemical, biological, radiological, and nuclear (CBRN) safety and security will be the largest end-user of counter terror and public safety technologies. By 2022, over US$ 33 Bn worth of counter terror and public safety technologies will be used in the field of CBRN safety & security. Concurrently, the report also reveals intelligence services as the largest technology segment, and will account for more than 16% share on global revenues in 2017. Electronic fencing technologies will also witness steady revenue growth, and will create over US$ 10 Bn incremental opportunity between 2017 and 2022.
According to a new market research report “Homeland Security & Public Safety Industry, Technologies & Markets – 2017-2022”, published by Homeland Security Research Corp., this market is forecast to grow at a CAGR of 5.7% during 2016-2020.The market is also expected to reach $544.02 billion this year.
Technology trends such as automation, artificial intelligence, and data analytics are aiding the development of robust solutions on public safety. System integration technologies will also play an instrumental role in development of advanced public safety solutions. These technologies will be responsible in bringing considerable efficiency in information sharing, value assessment and redundancy lowering operations of a national counterterrorism system.
Tech giants such as International Business Machines Corp., popularly known as IBM, are also actively participating in the global counter terror and public safety technologies market. Other leading companies in the global counter terror and public safety technology market include, AT&T Inc., Accenture PLC, ABB Ltd., 3xLOGIC, Inc., AeroVironment, Inc., ACTi Corporation, Avigilon Corporation, The ADT Corporation, Alcatel-Lucent France, S.A., and Airbus SE.