Terrorism

Stopping Us In Our Tracks

In a recent Boston Globe article, General Martin Dempsey, Chairman of the Joint Chiefs of Staff, says that “a cyber attack could stop our society in its tracks.”  That’s a bit of hyperbole, and plays into a growing trend in coverage of cyber security…  exaggeration.

Realistic solutions to these issues are hard to come by when we are facing overblown predictions of cyber doom and gloom.  We need to take a hard look at what policy makers are saying (and being told) to ensure that we are applying the correct resources to the correct problem.

Cyberattack in Iranian Oil Facility

Reuters is carrying an article on a suspected cyber attack on an Iranian oil facility.  I’ve spent the past couple of weeks updating our cyber-terrorism lectures and material, so I was immediately suspicious of the claims.  When reading the article carefully, several aspects jump out at me.

First, it’s described as a ‘virus’.  A virus may have infected the systems without any deliberate, malicious actions by an ‘attacker’.  Second, the virus affected “the main Internet and communications systems of Iran’s Oil Ministry and national oil company”.  In other words, it messed up their email and internet access. Again, this is not an indicator of an ‘attack’, but could be the result of a typical virus, worm or trojan.

Cyber events suffer from a need to be seen as ‘spectacular’, when in reality the simplest and most mundane explanation is the most likely.  In this particular case, the Iranians claiming this as a cyber attack is most likely a political move, and not based in reality.

Note on Cyber Terrorism

As I am re-writing a lecture on cyber issues for my terrorism class tonight, I find myself unconvinced that a lot of what gets called ‘cyber-terrorism’ should be classified as such.  While I read recent media blurbs like this “FBI on guard against terrorist cyber attacks (CNN)”, I doubt the accuracy of defining terrorist activity online as ‘terrorism’.

I feel that the term terrorism has been watered down in the past decade, and is now applied to actions and activities that perhaps it should not be.  That’s not necessarily a bad thing, but it certainly changes the public perception – and that may be detrimental in the long run.

FBI Agents Taught They Can ‘Suspend the Law’

From Wired’s Danger Room:  Read the FBI Memo: Agents Can ‘Suspend the Law’.

Here is a summation from the article: “The FBI once taught its agents that they can “bend or suspend the law” as they wiretap suspects. But the bureau says it didn’t really mean it, and has now removed the document from its counterterrorism training curriculum, calling it an “imprecise” instruction. Which is a good thing, national security attorneys say, because the FBI’s contention that it can twist the law in pursuit of suspected terrorists is just wrong.”

That’s some interesting reading, and certainly doesn’t read as though it went through any legal vetting process.  Th FBI, which did release the documents on request, has not disclosed when this training material was issued, how long it was used, or who the intended audience was.

Report Raises Questions About Threats to Great Britain

This BBC article points out that Britain may be facing an increase in ‘lone wolf’ and other self-radicalized terrorist attacks in the coming months and years.

“The Royal United Services Institute estimates about 50 Britons are fighting with Somali extremists Al Shabaab.  They and others returning from wars in Yemen and Nigeria could use their experience on UK streets, RUSI said.”

That is a very specific estimate, and I would like to see how they arrived that that figure. Surely it is not based on specific tracking of people or targets; if specific identities were known, I doubt they would remain a threat at large upon return to the UK. Whatever the method, it is true that this type of overseas on-the-job training is a serious threat to the security of most nations. While the article title focuses on the ‘lone wolf’ scenario, these experienced terrorists and fighters could easily coalesce into home grown terror groups, as well as serve as a nucleus for future terrorist recruitment.

Additionally, Britain is going to be facing some serious restructuring and austerity in counter-terrorism after the 2012 Olympics. While the United States isn’t facing an immediate crisis in that regard, it is only a matter of time before our funding begins to wane. In the U.S., disaster response and preparedness (at the Federal level) will go first, which will place a lot of communities at risk from a variety of both natural and technological hazards.

Abu Sayyaf and Jemaah Islamiyah Leaders Killed in Philippines

Philippine forces examine the site where Abu Sayyaf members were killed (via Voice of America)

According to Philippine officials, a raid has killed three terrorist leaders; two from Jemaah Islamiyah and one from Abu Sayyaf.   While all three were identified as terrorists by the United States, it’s unclear what effect this strike will have on the ongoing operations in Mindanao.

“The Abu Sayyaf group is quite decentralized,” Ms. Lau said. “When high-profile figures have been killed in the past, you still have the Abu Sayyaf operating. As to whether or not this is a significant blow to the group, that would be an extremely difficult judgment to make at this point.” (NYTimes)

The coverage and narrative regarding the attack is muddled.  Some sources say they were killed in a ‘raid’, while others call it an ‘airstrike’.  At least one article does not mention Jemaah Islamiyah at all, but places all the terrorists killed as members of Abu Sayyaf.  Here is some of the coverage:

NYTimes.com | ABC News | The Star (Malaysia) | Voice of America

The Philippine military has been unable (so far) to recover and identify the bodies.  There are also reports of as many as 15 Abu Sayyaf members being killed in the raid.  What strikes me is that despite the unclear situation and confusing reports, most of the media stories all include a reference to Al Qaeda.  It would seem that it is impossible to discuss any terrorist organization throughout the world without discussing a possible, potential, tenuous connection to Al Qaeda.

New START Report on Terrorism Clusters

This report, recently published by the National Consortium on the Study of Terrorism and Responses to Terrorism (START), draws some interesting conclusions about geographic clustering of terrorist attacks in the United States.

In particular, it appears that around a third of all terrorist attacks in the US are clustered around four or five metropolitan areas. Also, as the nature of terrorism shifted, targets changed. For example, during the 70′s San Francisco was a popular target choice. As the radical fervor of that decade waned, targets moved elsewhere. Despite all of that, New York and Los Angeles are consistently targets, presumably because of their size and public profile.

I’m looking forward to taking this apart in more detail, and incorporating some of it into our terrorism courses. More information on START is available online.

The Decline of Public Health Preparedness?

In the years since 9/11, we have seen great progress in the fields of public health preparedness. We have better systems to detect biological attacks, better labs to isolate these agents, and trained personnel who understand the threat and how to respond. Additionally, many of our largest cities received funding to increase readiness, conduct public outreach and responder training, and provide additional planning resources.

This is a great piece by Rick Russotti that all EM practitioners and educators need to read. It lays out his observations that all our progress is in danger of disappearing.

Why? Because we have prepared, prepared, prepared…. And nothing has happened. Not since 2001 (Both 9/11 and Amerithrax) have we seen a major public health disaster event, and that hurts the field. This is a simple governmental truth… Money is tight, and needs to be spent where it is “needed”. Since the apparent need for disaster public health preparedness is low, those programs are in danger of getting cut or eliminated.

Avian Flu and H1N1 did nothing to help the case. We spent a lot of time and money preparing for these pandemics, and they had very minor real world impacts. This trickles down into public perception, and drives the feeling that maybe these funds could be better spent elsewhere. This type of rationalization is common in most aspects of emergency management, and will remain a real risk for any response or preparedness assets that go ‘unused’ for too long.

The problem here, or course, is that while Swine Flu was a dud, the next disease may not be. The next bioterrorism attack may be even more effective that Amerithrax. The next hurricane may create as large a public health crisis as Katrina did… The list drags on, and if we cripple our public health preparedness and response programs, we run the risk of encountering unpleasant outcomes.

Emergency management is all about changing the outcomes of events we can’t prevent in the first place. Sitting idly by and hoping and praying for a better result is seldom an effective way to do that. We need to stay proactive, and we need to stay ahead of the threats, and we need to spend the money needed to maintain our preparedness.

Interview with Laurie Garrett on Bioterrorism

This interview is a fascinating.  I’ve heard theories that Bin Laden’s Al Qaeda was behind the 2001 Anthrax attacks, and Laurie Garrett lays out some logical reasons why this is possible.  Additionally, there is some good commentary in here about how the response to 9/11 affected the response to Amerithrax – a lesson we cannot afford to forget.

From the abstract:

Award-winning radio and newspaper reporter Laurie Garrett, now a senior fellow for global health at the Council on Foreign Relations, describes the mistakes and misjudgments made by government officials in response to the anthrax attacks of 2001 and provides recommendations for what should be done now. Garrett says it is important to view 9/11 and the anthrax mailings as connected events in any evaluation of the government response.

Laurie Garrett – Reporting on biosecurity from America to Zaire.

Extremist Bomb Plot Disrupted in Tampa

This one looks and feels like the real deal.  The details provided make it appear as if the suspect had a plan, was working to acquire the required weapons and materials, and was willing to carry out the attack.

Suspected Islamic Extremist Arrested In Alleged Florida Bomb Plot.

Man charged with Tampa car bomb plot

Man Arrested in Tampa-Area Bomb Plot

When we discuss terrorism and homeland security in the classroom, I always emphasize the fact that intelligence operations are the most effective way to interdict attacks.  This case is an example of that.  The initial indication of the threat was an informant’s tip to the FBI, which started an investigation.

At the same time, this case illustrates the threat of a lone terrorist scenario.  If the suspect had approached a different person about finding al Qaeda flags, the attack could have been carried out without detection.

Last, don’t get hung up on the ‘Islamic’ angle of this story.  This type of attack can be perpetrated by individuals of any religion or creed.

Marital Dispute Leads to Terrorism Hoax

Yes, this actually happened.  A woman in Los Angeles got into a fight with her husband, then called in a false terrorist threat regarding the AirTran flight the husband was scheduled to take.

This kind of behavior (false threats) isn’t new, per se, but it is indicative of how the threat of terrorism has pervaded every aspect of our society.   Or am I reading too much into this?

L.A. Times:  Woman made false terrorism threat to delay husband’s flight, FBI says.

Baghdad Violence Continues

Despite the fact that all U.S. troops have pulled out of Iraq, the violence there continues.  The simple reality is that the country is not nearly as stable as it should be, and the threat of sectarian violence still looms.

While OIF is over, Iraq continues to be an issue for the United States, as sectarian violence and civil war there would destabilize an already fragile region.

The Washington Post:  Deadly blasts rock Baghdad in first major violence since U.S. pullout.

Domestic Terrorists in Northern Georgia

News is breaking that four men have been arrested in northern Georgia for plotting terrorist attacks, including a plot to manufacture and use the toxin ricin.

The four men are part of an unnamed ‘militia’ group, and expressed sentiments that the only way for them to ‘save’ the country was to commit illegal acts, including murder.

No acts were committed and no ricin was manufactured, though one of the men did have a ‘sample’ of the source beans.  What strikes me is that the men range in age from 65 to 73, and their plots are based on an online novel.

It will be interesting to see if we have a geriatric version of the McVeigh-Nichols cell that would have carried out an attack, or if we have four old, disgruntled men dreaming about making a statement.

Feds arrest 4 in alleged Ga. ricin attack plot – AP

Ga. men arrested for allegedly plotting ricin attack: What’s ricin?

How Ready Are We for Bioterrorism? Not Very, As Usual

Quick post this morning….   great article from the New York Times Magazine on preparedness for bioterror.

One of the best concepts in the article is that of the bioterror ‘reload’.  Coined by Richard Danzig, former Secretary of the Navy under Clinton, the term refers to a key difference between biological weapons and other WMDs.  If a terrorist organization acquires a nuclear, radiological, or even chemical device, for the most part, they have a device.  With biologicals, the threat is a terrorist organization acquiring not a single device or stockpile, but the capability to produce biological weapons.  This available supply creates an continual threat, which in turn drives the critical need for effective and available vaccines.  While countermeasures and antibiotics offer some protection, only vaccines can ultimately nullify the threat.

The article describes several vaccine programs, some of which are not pretty (politically) to read about.   It’s a long read, but well worth your time.

How Ready Are We for Bioterrorism?.

Stuxnet Type Attacks May Become More Common

Attacks similar to the Stuxnet worm launched against the Iranian nuclear program may become more common in the future, and require fewer resources. According to an AP wire article (available nearly everywhere), researchers and security analysts all over the world are finding new vulnerabilities in SCADA control systems. SCADA (Supervisory control and data acquisition) systems act as the control interface between computers and physical industrial processes and are used to control manufacturing equipment, power generation systems, and other physical plants.

The Stuxnet worm, thought to be the work of one or more governments in an attempt to cripple Iranian production of nuclear material, was the first highly publicized SCADA attack. It was assumed that Stuxnet required large amounts of time, talent and resources to accomplish – but that may not be the case. One U.S. researcher discovered dozens of similar SCADA exploits in only a few months and spending only $20,000. That’s well within the reach of many fringe elements and terrorist organizations.

Other security analysts inspected a power company and a correctional institution and discovered vulnerabilities that would allow unauthorized control of systems connected to the controllers. In the prison this included facility doors, alarms, and video surveillance feeds.

Sounds bad, but it may not be. One point that the article doesn’t mention – the air gap. SCADA systems have long been known to be vulnerable when the attacker is sitting right next to the controller and is connected directly to it. Any system is vulnerable once the attacker has physical access. The real-world vulnerability, which the article does not address directly, is whether or not these attacks could succeed with the attacker sitting in a basement in Chicago, while the target is 2,000 miles away. Since SCADA systems are not supposed to be connected to the internet, this attack scenario seems less likely. Sure, some SCADA systems that shouldn’t be are connected to the internet, either deliberately or accidentally, but I doubt the described scenarios would be effective from outside the facilites.

Stuxnet intrigues me not only because of what it did, but the fact that it got onto the SCADA systems in the first place. Yes, these vulnerabilities exist (and will for years), but the real danger is the introduction of worms capitalizing on these vulnerabilities onto the isolated systems.  The Air Force has experienced some similar issues recently, and any commercial enterprise knows the threat of malicious code introduced via USB drives and other removable media.  Even on systems that are properly air gapped from the internet, if users are attaching removable media to workstations connected to the SCADA controller, some types of attacks could be successful.    These scenarios are still a long way from the Hollywood style ‘take control of everything’, but an attacker could still wreak a lot of havoc in a short amount of time.

In summary, the article is worth a read, but tends to overestimate the threat.  Attackers are not able to remote control prisons, nor re-route power, etc. – at least not with any type of external control.  Security analysts are already aware of these types of attacks, and the air gap remains the best defense.