Home » Articles posted by Sharon Cardash

Author Archives: Sharon Cardash

France and Counterterrorism: Recent developments

by

Since the November 2015 terrorist attacks in Paris, French officials have been pushing to undercut ISIS and other militant groups on a number of fronts. These measures reflect continuing concern with the threat level, as underscored in the recent Europol report on the changing tactics, techniques and procedures of ISIS.

In response to prevailing circumstances, France is working to minimize the seams between its inward and outward facing intelligence agencies. By upping information flows, the idea is “`to deepen coordination between interior and exterior intelligence services in France as well as overseas…particularly from transit zones and sanctuaries where terrorists gather who want to commit acts on [French] territory’…”. France is also walking the talk vis-à-vis partner countries, such as in West Africa, and is reported to have warned Ivory Coast and Senegalabout Islamist plans to attack cities there.

In addition to sharing information with partners in Africa, France persists in its counterterrorism activities there including Special Forces operations in Mali, and surveillance flights over Libya. While there is a definite logic to confronting militants abroad in order to help blunt their momentum, inclination and ability to attack the French homeland, continued investment in these overseas efforts is notable given the “state of economic emergency” in France declared by the President at the outset of 2016.

Invigorating the French economy is itself partly an exercise in building societal cohesion and combating violent extremism, as young people in diaspora communities within France experience relatively high levels of unemployment.

But this segment of the population is not the only one that is restive. Media reports indicate that French Jews are leaving the country “in record numbers.” There is also discontent within the broader populace, where some have called for a national commission to investigate the Paris attacks of 2015 in both January (Charlie Hebdo, kosher supermarket) and November, to better understand “what went wrong and…avoid a repeat.” The idea has yet to gain much traction within political ranks, however. And just days ago, the country’s Justice Minister stepped downbecause she disagreed with the government’s plan to amend the French constitution to allow for the revocation of citizenship from convicted dual-national terrorists.

Next steps for the bilateral relationship between France and the United States will unfold soon. Interior Minister Bernard Cazeneuve is scheduled to visit the United States in February to meet with Homeland Security Secretary Johnson and Attorney General Lynch, among others. Their discussion agenda is reported to include countering terrorist use of social media. The visit takes place in a broader context of challenge which French Defense Minister Jean-Yves Le Drian has described as “a new era in defense strategy,” marked by “a resurgent Russia[,]…a lack of European solidarity and war in the Middle East.”

New CCHS essay on “The Internet of Everything”

by

Earlier this week the US Chamber of Commerce Foundation convened a symposium, entitled “The Internet of Everything: Data, Networks and Opportunities,” and released a compendium of essays on that theme. CCHS Director Frank Cilluffo and I contributed to that volume, with an analysis that speaks to the challenges of critical infrastructure protection in the era of the “Internet of Things.”

Among our key points:

The smarter the device, the more likely an adversary can do harm—to it, to the owner, and to third parties. … This built-in weakness, which exponentially expands the surface for potential attack, is particularly problematic when it comes to critical infrastructure sectors…

Recall the widespread concern generated by the shutdown of the New York Stock Exchange in July of this year. The apparent culprit there was just a technical “glitch.” Imagine the damage and mayhem that an actor with malicious intent could cause. …

No system will be foolproof though, so resilience is an equally crucial aspect of the equation. The ability to bounce back and to do so quickly is perhaps the greatest deterrent to those who may wish to do us harm.

Read the entire article, titled “Vulnerability and Resilience in the Internet of Everything,” here.

Cyber attack on Canadian government points to need for resilience

by

Last week, the Canadian government was hit by a distributed denial of service (DDoS) attack. The hacktivist group Anonymous claimed responsibility, saying the attack was a protest against proposed federal anti-terrorism legislation that has since become law.

Curiously, the incident seems to have generated little analysis or comment in the public square, at least beyond the initial media reports. Perhaps we have simply become inured to the pace, breadth, and depth of cyber events in the headlines worldwide?

Whatever the case, we would all do well to re-energize and refocus our efforts on cyber-resilience, given the scope and scale of global cyber challenges. See my commentary on the subject, which takes the Canadian case as jump-off point, and which was published today by IPI’s Global Observatory.

New CCHS analysis of the OPM cyber hack

by

Yesterday CCHS Director Frank Cilluffo and I published a commentary on the OPM hack traced to China and affecting millions of US government employees.  The article appeared in The Conversation and is entitled: “Massive government employee data theft further complicates US-China relations.” 

Details continue to emerge and it’s not yet clear whether the Chinese government was involved in the incident.  Interestingly however, the case has been revealed publicly just weeks before the annual US-China Strategic and Economic Dialogue scheduled for June 22-24.

Against this background, here’s the key takeaway from the piece:

If both sides are genuinely serious about addressing cybersecurity, this would be a timely and appropriate opportunity to demonstrate their commitment by skipping the pomp and circumstance to address the tough issues.

In short, if indeed this massive hack is the work of a criminal enterprise, then this is China’s opportunity to show that it is serious by conducting a joint investigation with the United States and by prosecuting wherever the facts and evidence lead.

Should China be reluctant to proceed in this manner, then the United States should look to its own legal instruments and invoke and apply them.

In that sense, the case is a litmus test for this country’s policies and practices as well.

You can read the full article at this link.

First-ever Interior Ministers meeting on foreign fighters at UN

by

In a first, the United Nations convened Interior Ministers last week to discuss a UN Security Council Counter-Terrorism Committee report on foreign terrorist fighters (FTFs), focusing on the state of play in terms of both threat and international response.

Here’s the key paragraph in the report that encapsulates the threat:

More than half the countries in the world are currently generating foreign terrorist fighters. Among the various Al-Qaida…associates around the world, including the splinter group Islamic State in Iraq and the Levant (ISIL)…, there are more than 25,000 foreign terrorist fighters involved, travelling from more than 100 Member States. The rate of flow is higher than ever and mainly focused on movement into the Syrian Arab Republic and Iraq, with a growing problem also evident in Libya.

The report goes on to state that UN member states need to do more to meet the threat; and it prioritizes specific actions that can and should be taken:

The full implementation of preventive measures under Security Council resolution 2178 (2014) would be a major step forward. Intensified efforts with regard to prevention and returnee policies, including further work in relation to the Internet and social media, are crucial. So too is accelerating the establishment of operational information links between Member States, including in relation to persons of interest and passenger data.

Various speakers addressed the assembled group, reinforcing the point that more must be done to combat the FTF challenge. Among them, INTERPOL Secretary General Jurgen Stock, and US Secretary of Homeland Security Jeh Johnson; for their remarks (plus video) see here, here and here.

INTERPOL’s Secretary General noted the heightened risk of “‘cross-pollination’ among conflicts beyond Syria and Iraq” as more extremists “from Africa to southeast Asia are shifting their allegiance to the Islamic State group…”.

In turn, Secretary Johnson identified several FTF-related priorities for the United States: “improving border and aviation security, bolstering legal and prosecutorial capacity, improving information sharing, and addressing the underlying conditions conducive to terrorism and preventing the problem by countering violent extremism.“

He also referenced a new “screening and analysis system” that the United States plans to share worldwide, free of charge, with both government and private sector entities, to help further interdiction efforts:

Within the next twelve months, DHS, through our Customs and Border Protection component, will be developing a new passenger data screening and analysis system. This Global Travel Assessment System, or GTAS, will be made available at no cost to the international community – for both commercial and government organizations, to use, maintain, customize, and enhance as needed.

For additional analysis of the UN report and the associated meeting, see these pieces in Voice of America and the Daily Star.

A recap of our event with NSA Director Rogers

by

Yesterday the Center for Cyber & Homeland Security convened a forum, “State of the Cybersecurity Union,” featuring Admiral Michael S. Rogers, Commander of U.S. Cyber Command, Director of the National Security Agency, and Chief of the Central Security Service. Below are some of the highlights of Admiral Rogers’ remarks, which spoke to the current state of cybersecurity threats to the United States, and what both CYBERCOM and NSA are doing to address these threats, in light of the new Department of Defense cybersecurity strategy released last month.

On the evolving threat: “A whole set of actors is increasingly using encryption to evade the law/law enforcement and intelligence. Being in an environment where threat is up and trust is down is bad for a nation. The greatest segment of capability in the cyber arena continues to be criminal.”

On cyber deterrence: “Cyber is a great equalizer. It doesn’t take millions of dollars or decades of R&D to achieve capability. It’s hard to convince actors that they won’t be successful at cyber-attacks, so we need to raise their costs. Merely because an opponent comes at us in the cyber domain doesn’t mean that our response has to be in that domain. Response is situation dependent.”

On offense, defense: “DOD intends to generate a series of offensive cyber capabilities that will be applied as necessary within a legal framework. The defensive piece is our priority and it’s also our challenge.”

On the role of the private sector: “Partnerships between nation-states and the private sector offer great promise. If we can’t do this it’s like fighting with one hand. In the United States we don’t use the capabilities of our intelligence community to generate benefits for our private sector.”

For more of Admiral Rogers’ thoughts, watch the archived event webcast here.

For selected media coverage and analysis of the event, see these articles: Agence-France Presse, CNN, FCW, Wall Street Journal, and Washington Post.

New Generation drug cartel threat to Mexico

by

According to Agence France Presse, Mexico is facing a new and growing security challenge from the Jalisco New Generation drug cartel. As the name suggests, the group first emerged in Jalisco in the western part of the country, as an offshoot of the Sinaloa cartel; but is now an independent entity with links worldwide to gangs and organized crime “in the United States, Latin America, Africa, Europe, and Asia.” In the estimation of a former senior U.S. Drug Enforcement Agency official: “`They are the fastest-growing cartel and if they continue to grow as they have been they will become more powerful than the Sinaloa cartel and the Zetas combined’.”

The Jalisco New Generation cartel is also targeting federal, state, and local security forces; and is taking the violence to an area that “is one of the country’s economic and cultural hubs.” This, plus the group’s growth, has placed the cartel firmly in the crosshairs of Mexico’s government; and commentators have therefore suggested that these tactics will ultimately work against the cartel.

Civil society may also prove to be an increasingly powerful force as these and other challenges continue to play out in Mexico. Recent reporting by The Economist suggests that Mexican NGOs “are gaining big influence” using “hard facts and solid arguments”; hence the government may experience pressure from an additional source, to deal with the latest incarnation of the cartel problem effectively and quickly.

To be fair however, that is no easy task, bearing also in mind the demand side of the equation. Domestic and international drug control policy remains a subject of heated debate; and the pitch of that discussion will undoubtedly rise as the 2016 Special Session of the United Nations General Assembly on the world drug problem draws nearer.

New report on use of cyber espionage in Russian warfare

by

In a recently released report entitled “Operation Armageddon:  Cyber Espionage as a Strategic Component of Russian Modern Warfare,” cybersecurity firm Lookingglass details evidence and constructs a timeline in support of the following argument regarding Russian activities in the conflict with Ukraine:

The campaign reveals a Russian state-sponsored cyber espionage campaign that is designed to give decision-making advantage to the Russian leadership by targeting Ukrainian government, law enforcement, and military officials in order to steal information that can provide insight into near term Ukrainian intentions and plans. Temporal analysis of the campaign indicates a direct correlation between the cyber attacks and the ongoing war in addition to highlighting an alarming blend between cyber espionage, physical warfare, and the driving political forces behind them.

While the suggestion that Russia has integrated cyber instruments and operations into its kinetic battlefield strategy should come as no great surprise (recall the 2008 war with Georgia for example), the report and this analysis by Aarti Shahani, NPR’s Business Desk Tech Reporter, make the interesting point “that when both sides negotiated a cease-fire last June, the cyber attacks stopped for that same period as well.”

Citing Indiana University law professor Fred Cate, the NPR piece elaborates: “It looks like the hackers see themselves as part of the battlefield…, `and so they stop those attacks when a cease-fire’s in place — as opposed to thinking of themselves as just intelligence gathering, which usually continues even during a cease-fire’.”  In other words, “`It’s like the adversaries are actually thinking of themselves as attacking’.”

As a corollary, Shahani observes:  this also “raises the question of when hacking constitutes an act of war.”  Again, not a new question — but it springs from a set of circumstances that give new pause for thought.

New EU strategy proposes a “European Counter Terrorist Centre”

by

The European Union now has a new Agenda for Security for the period 2015 to 2020. It specifies “three priorities for EU action” — terrorism and radicalization, organized crime, and cybercrime — based on the “level and complexity” of these threats, as evolved since the formulation and release of the previous Security Strategy for 2010 to 2014.

Among the “concrete actions” that are envisioned to address these threats within the EU are the following:

…the Agenda proposes to step up Europol’s role by setting up a European Counter Terrorist Centre as a secure centre for information exchange among national law enforcement authorities, building upon the successful experience of the Cybercrime Centre (EC3). …

To prevent radicalisation online, the Commission will launch an EU-level forum with IT companies to develop tools against terrorist propaganda.

…the Agenda aims to put in place effective measures to “follow the money”, by reinforcing the powers of financial intelligence units to better track the financial dealings of organised crime networks and enhance the powers of competent national authorities to freeze and confiscate illicit assets. 

The next step is for the European Parliament and the European Council to consider and, potentially, endorse the Agenda (which emanates from the European Commission). The previous Strategy was criticized on the ground that, among other things, it failed to incorporate sufficient input from institutional stakeholders.

For more on the new Agenda as whole, see here and here. For further analysis of the new Counter Terrorist Centre, “with limited powers that will not amount to the equivalent of a European FBI,” see here.

New Pentagon strategy focuses on cyber deterrence

by

Yesterday the Department of Defense released its 2015 Cyber Strategy. Its purpose is threefold according to Defense Secretary Carter: “to guide the development of DoD’s cyber forces and strengthen our cyber defense and cyber deterrence posture.” The emphasis on deterrence is significant as the previous Departmental Strategy for Operating in Cyberspace, released in 2011, did not treat the subject in like detail. At the same time, critics have characterized existing U.S. efforts to cyber-deter as “`remarkably ineffective’”. Arguably, fresh focus on the matter may prove helpful.

From the standpoint of cyber deterrence, a key passage in the new Strategy is this:

The United States must be able to declare or display effective response capabilities to deter an adversary from initiating an attack; develop effective defensive capabilities to deny a potential attack from succeeding; and strengthen the overall resilience of U.S. systems to withstand a potential attack if it penetrates the United States’ defenses. In addition, the United States requires strong intelligence, forensics, and indications and warning capabilities to reduce anonymity in cyberspace and increase confidence in attribution (p. 11).

In essence, America’s ability to respond and bounce back must be credible and made known, so as to minimize the benefits that would accrue to an attacker — thereby altering the adversary’s attack-calculus ex ante. Attribution is a critical component because it underlies “response and denial operations” (p. 12).

In order to reach these various ends in practice, the Strategy calls upon US Strategic Command to assess whether DoD is building the requisite capabilities (pp. 25-26). In doing so, STRATCOM is to build upon the work of the Defense Science Board’s Task Force on Cyber Deterrence, whose terms of reference are elaborated here. Notably, the Strategy specifies further that STRATCOM’s assessment is to incorporate the DoD capabilities needed for “deterring non-state actors that may fall outside of traditional deterrence frameworks but which could pose a considerable threat to U.S. interests” (p. 26). This is a crucial caveat given the prevailing threat spectrum.

The challenge ahead is considerable, bearing in mind that deterrence is complicated enough when it involves state actors (including those whose propensity to act rationally may not always be apparent). For a fuller analysis of the Strategy plus the Defense Secretary’s trip to Silicon Valley this week and the new initiatives he announced there, see here and here.