Homeland Security Today is proud to share our Editorial Board and expert community’s 2024 Threat Forecast. In an election year, with tremendous risks and vulnerabilities facing the nation, we take stock each year by asking our cadre of experienced homeland security practioners what they would like to share with you, our community of readers. This year is our most comprehensive collection to date from a diverse group of professionals who have served both in and outside government.
This year’s piece is presented in three parts:
- Terrorism- experts discuss both external and internal threats from terrorists, terrorist groups, and lone wolves.
- Cyber & Advanced Technology – experts discuss the varied and persistent threats from cyber attackers and from rapidly advancing technology.
- Internal Threat – this year many of our experts cited the numerous threats to our nation and our democracy from internal threats.
This collection underscores the varied nature of the threats against our way of life, and the voracity of those who wish us harm – personally, economically, militarily. We hope this compilation provides some insight into what you already know, and alerts you to some challenges you perhaps have not considered. If you are in the homeland security community and would like to weigh-in on something you do not see here, please reach out to [email protected] with the RE line: Threats for 2024. Please provide a bio if you would like to be considered for publication.
- Internal dissension and disagreement puts America and its institutions at great peril, from our elections to foreign policy to border security.
- Misinformation is misunderstood and our ability to combat it will determine the outcome of many critical challenges facing the country.
- Misunderstanding the activity, strength, and strategy of foreign nation’s like Iran, China, Russia, North Korea, and foreign terrorist groups like Hezbollah, Hamas, Al-Qaeda, and ISIS leads to a heightened risk and threat environment
- Our nation must devote more focus to strategic foresight and mitigate against “strategic surprise” by nurturing our people’s understanding, and mastery of, complexity.
- Allowing the potential of AI and quantum computing to benefit us while balancing the need for security will be pivotal to our future – collaboration is key to understanding the technology and its implications.
- Specific threats like individual violent perpetrators of terrorism, drones, biological threats, and vulnerabilities like lack of preparedness for natural disasters, continue to increase
- Ransomware is increasing exponentially and poses a considerable threat to critical infrastructure.
Part I: TERRORISM
The global counterterrorism strategies in the Middle East have been overfocused on ISIS and Al-Qaeda and their regional affiliates and have ignored the strengthening Shia militia groups backed by Iran. These militia groups have been even more capable than ISIS in Iraq to threaten the US’s regional interests since 2018. In Syria, they are well-settled and operate under the command of the Islamic Revolutionary Guard Corps (IRGC). The Global Terrorism and Trends Analysis Center (GTTAC) Records of Incidents Database (GRID) recorded 518 terrorist attacks by Iran-backed militia groups worldwide in 2021, which accounted for 6.2 percent of total incidents of the same year. It was 6 percent, with 440 attacks in 2022. The post-Hamas October 7 attacks period has recorded how these groups are capable of targeting American facilities in the Middle East. For instance, the newly formed Islamic Resistance in Iraq was able to conduct tens of rockets and missile attacks in the region. It should be noted that Hezbollah deserves particular attention in the list of terrorist groups backed by Iran. The group acts like a transnational criminal group with its involvement in trafficking and smuggling activities, as well as like a terrorist group that is involved in conflicts in the Middle East. Hezbollah conducted more than 200 terrorist attacks in the first month of the October 7 attacks, and 2024 will likely be recording increasing attacks by Hezbollah and other Iran-backed militia groups.
One of the consequences of the September 11, 2001 attacks in the world was its impact on the relationships between the Western world and Muslim countries. The generalizations and accusations about the Muslim communities created gaps, and both sides became biased toward each other for many years. These gaps were exploited and filled by jihadist ideologies in the Middle East and Africa (MENA), and these regions recorded the mushrooming of jihadist terror groups in many MENA countries. The counterterrorism strategies of the Western have focused on closing these gaps and establishing bridges with the Muslim world. As a result, these biases have faded over the years. However, Hamas’s October 7 terrorist attacks have damaged these bridges. Debates have revolved around whether Palestinians or Israelis are right in their causes but ignored Hamas’s capacity to use acts of terrorism and Israel’s overreactions that bring collateral damages. The results of Hamas’s October 7 terrorist attacks have already exceeded the borders of the region and have significant impacts worldwide. The radicalization trends within the Muslim communities will likely increase in the West Bank and the Gaza Strip. Salafi-jihadist terrorist groups will continue to exploit ongoing conflict in the region and aim to get more recruits and funding.
The global coalitions against ISIS and Al Qaeda have made terrorism the most critical issue. This period also has recorded how non-democratic regimes have exploited terrorism. Seeing terrorism as a strong and convincing term, these regimes have labeled the opposition as terrorists using scant and ungrounded evidence. Russia, Turkey, Saudi Arabia, Egypt, and Iran are several countries that exploit terrorism and accuse the opposition of terrorists. For example, the GRID recorded 432 terrorist attacks, committed mainly by the PKK terrorist organization, from January 2018 to 2023 in Turkiye, but the Turkish government has launched more than 2.2 million terrorist investigations against its own people in the same period. These non-democratic regimes will likely continue to exploit counterterrorism strategies and repress their own people with ungrounded terrorism charges. It is crucial for the Western World to be aware of how these regimes exploit terrorism and harm counterterrorism strategies.
Mahmut Cengiz, Ph.D.
Research Associate Professor
Terrorism, Transnational Crime and Corruption Center (TraCCC)
While terrorist group use and exploitation of technology is not a recent development (e.g. al Qaeda’s Asrar al Mujahideen encryption tool; exploitation of Tor Browser or Cyberghost VPN, etc.), their current strength does not primarily stem from their capacity to produce or own sophisticated technologies but rather their aptitude in leveraging available technologies alongside more traditional, less sophisticated automated data collection and dissemination tools (e.g. bots). The exploitation of generative AI remains particularly worrisome, as it allows for creation of new extremist and terrorist content (e.g. images, memes, deepfakes, etc.). For instance, although most of the deepfakes shared by terrorist groups online exhibit poor quality, rendering them discernible to even untrained observers, terrorist groups continue to demonstrate their potential to exploit deepfake technologies to engage in sophisticated targeting campaigns centered around disinformation, misleading content, and discrediting counter-messaging.
Terrorist group exploitation of AI technology has the potential to significantly engulf existing social media content detection and removal infrastructures. Case in point, the speed and scale with which new terrorist content is created may present long-term challenges in terms of timely detection and swift removal of such content from online platforms. Equally confounding is the fact that current hash-based detection systems may become overwhelmed by voluminous and constant modifications to existing terrorist content, coupled with sophisticated “deep learning” models designed to assimilate insights from previous removal and take-down efforts and aid terrorists in channeling a constant flow of evasive terrorist content.
In 2024, the counterterrorism efforts should focus on observing and understanding terrorist group historical and current adaptability to AI-driven technologies and the manner in which such technologies serve to facilitate recruitment, spread ideologies, and disseminate terrorist content. The vast repositories of terrorist content online (“digital libraries”) and the widespread exploitation of encrypted social media apps further underline the danger posed by terrorist groups in the way of mobilizing support, providing access to terrorist content, and enabling immersive settings for radicalization and training terrorist attack scenarios. Lastly, the advancement of Open-Source Intelligence (OSINT) and sophisticated AI tools and methodologies stand poised to facilitate real-time threat assessments and analyses of terrorist group activity online and beyond.
Ardian Shajkovci, Ph.D.
Director & Co-Founder, American Counterterrorism Targeting & Resilience Institute (ACTRI)
Subject Matter Expert, CT,P/CVE, Counter-Messaging, Research Design, Legal, Linguistic & Cultural Expertise to Intelligence Community, U.S. Military, and domestic and international organizations
For the past four years, Iranian Supreme Leader Ayatollah Ali Khamenei and his leadership have held an annual rally, attended by thousands, for the assassination of former head of the Iranian Revolutionary Guard Corps – Qasem Soleimani. This event has become a pseudo “State of the Union” in which Iranian leadership sets out their “goals” for avenging and carrying out the late Soleimani’s military strategy.
During the January 2022 commemoration Khamenei and his deputies promised revenge against specific former U.S. officials for the killing of Soleimani. In 2023, Ayatollah Khamenei and other Iranian leadership directed their efforts at strengthening the “Ring of Fire” – an amalgamation of strategic Iranian proxy military capabilities from Iraq through Syria, Lebanon, Gaza and Yemen. Of particular note, they emphasized transforming HAMAS and Palestinian Islamic Jihad in Gaza from “fighting with stones” to a heavily armed and capable fighting force, noting that Iran’s enemies would not “sleep easy;” foreshadowing HAMAS’ terrorist attack on October 7th.
They called for use of cyber-attacks and media messaging as elements of Iranian military capability. We are witnessing this real-time as U.S. infrastructure has seen an uptick in cyber-attacks and social media networks flooded with disinformation aimed at influencing domestic U.S. politics. And Iranian proxies have played a significant role in attacks on Israeli assets and global trade through the Bab-Al-Mandab Strait and Red Sea, and on U.S. Forces and diplomatic assets in the region. Additionally, several arrests have been made in Brazil, Argentina, and Europe related to Iranian Proxy terrorist threats since the Israel-HAMAS war started.
On January 3, 2024, thousands once again gathered to commemorate the assassination of Soleimani. While this event was meant to be an address aimed at unifying proxies across the globe, two bombs killed approximately 80 attendees and wounded hundreds of others. On January 4th ISIS took credit for the bombings which is consistent with a similar attack in 2017. ISIS was likely taking advantage of Iran’s focus vis-à-vis the Israel-HAMAS war to strike a blow against a distracted regime. While ISIS is an enemy of both the US and Israel, they also were a chief target of Soleimani given their attacks against Shiite entities in the region. This attack, combined with continued escalation of conflict in the region, will undoubtedly heighten tension and probability of additional threats globally.
The Homeland Security community must be ready to prevent and mitigate the action that could result from the exponentially increasing conflict in the region.
“We must be ready for attacks on U.S. bases and international trade routes as well as heightened cyber-attacks on U.S. critical infrastructure and instigation of locally based actors. International locations where Iran proxies operate, such as South America, should be on a higher alert.”
We must plan for increased disinformation and campaigns across social media seeking to garner support for the “resistance cause” across the Middle East, Europe, and the U.S.
If we have learned anything from the January 2023 address and increasing intensity of attacks in the Middle East region, it is that the U.S. and regional partners should take such threats with the utmost seriousness.
Former Legislative Fellow, U.S. House Subcommittee for the Middle East
Partner, Guidehouse – Defense and National Security Practice
This year has started off with a proverbial “bang,” or should I say “bangs” on multiple fronts. The Russian invasion of Ukraine, Hamas’ attack on Israel, calls for violence and retribution from pro-Palestinian groups – including the Iranian-backed Houthis in Yemen – a school shooting, weariness of the upcoming 2024 elections, and a continued undercurrent of conspiracy theorists fueling violent extremism are among the threat vectors bearing down on 2024.
Under the countering terrorism lens, the savage attacks perpetrated by Hamas on October 7, 2023, have resulted in widespread carnage on both sides of the Israeli-Palestinian fences and have electrified discord across the U.S. We have witnessed alarming numbers of “Pro-Pick Your Group” rallies and counter demonstrations denouncing “The Other Side.” Colleges and Universities across the U.S. became hotbeds of demonstration activities occasionally culminating in reports of harassment and in some cases assaults. This violence and upswelling of anti-Semitic and pro-Palestinian sentiments have certainly caught the attention of the FBI. On October 31, 2023, during testimony before the Senate Homeland Security Committee, FBI Director Christopher Wray noted, “We assess that the actions of Hamas and its allies will serve as an inspiration the likes of which we haven’t seen since ISIS launched its so-called caliphate years ago.”
From my optic, acts of targeted violence by lone offenders or small groups are not just the 25 but the 5 meter target. Here’s the good news: Those who mobilize to violence consider, plan and prepare. Whether inspired by calls for violence from an overseas terrorist organization, fueled by the hatred for a group of people (for whatever reason), or achieving “permission to act badly” based on an amalgamation of violent ideologies (“Ideology Promiscuity”), observable behavioral indicators have been studied and proven to be invaluable data points left of boom. If these behavioral changes are pieced together quickly enough, a targeted attack can be prevented. Remember, there’s no such thing as a veiled threat.
Supervisory Special Agent, FBI (ret.)
Ransomware attacks, a persistent threat in recent years, are expected to continue their upward trajectory in 2024. Cybercriminals are likely to target not only corporations, but also critical infrastructure and municipal services. The potential for disruption and financial loss remains significant, necessitating organizations to prioritize robust backup solutions, table-top exercises, and vulnerability assessments to mitigate the impact of ransomware.
Attacks on the homeland by domestic extremist groups have been on the rise in the last several years, spurred on by political strife, conspiracy theories, overseas wars and other tensions. This trend will continue as we march closer and closer to the Presidential election. These attacks will be motivated by the spread of misinformation propagated throughout social media channels.
The expanding Internet of Things landscape will introduce new vulnerabilities in 2024. Many IoT devices lack adequate security measures, making them attractive targets for hackers. Addressing IoT security issues promptly is essential, as these devices continue to become more integrated into daily lives and critical infrastructure. Manufacturers and consumers must prioritize security features, firmware updates and robust authentication mechanisms to protect against IoT-related threats.
Lastly, supply chain attacks will persist, with threat actors focusing on compromising software and hardware providers to infiltrate downstream targets. These attacks can have geopolitical roots and significant, far-reaching consequences. Businesses must implement stringent supply chain security measures, conduct thorough vendor assessments, and adopt a proactive approach to detecting and mitigating potential threats.
Former Assistant Secretary for Infrastructure Protection
U.S. Department of Homeland Security
The threat to the Homeland from drones continues to increase. Drones are dropping contraband into prisons, transporting drugs across borders, disrupting law enforcement operations, evading border patrol officers, delivering explosives to rival gangs and disrupting major sporting events. The NFL alone saw 2200 drone incursions during life games. INTERPOL reported that criminal use of drones has increased by 10 percent over the last year.
This drone threat combined with the border invasion and the highest number of people on the terror watch list is dangerous; the threat level is at the highest ever as stated by FBI Director Christopher Wray due to numerous factors.
Congress continues to slow walk giving the authority for SLTT agencies to detect and mitigate drone threats. Even if Congress passed legislation today, it would take years to train and implement these programs. The clock is ticking and time is running out.
Chief Charles L. Werner (Emeritus-RET)
Former Acting Deputy State Coordinator & Senior Advisor UAS Program, Virginia Department of Emergency Management
Former Fire Chief, Charlottesville, VA
Director, DRONERESPONDERS Public Safety Alliance
Homeland Security Today Person of the Year 2019
We have multiple military threats, (symmetrical) as well as from non-state actors and terrorist organizations (asymmetrical). We have a significant issue on our borders and are facing an array of new technologies that can be used against our most vital critical infrastructure. I believe we will experience a significant threat from the use of drones or Unmanned Airborne Systems (UAS) against our Homeland and in particular our transportation infrastructure. Looking at the use of drones in Russia’s invasion of Ukraine, and by Houthi rebels to attack international shipping is a clear foreshadowing of the threat we face. Unfortunately, in my opinion we are not ready to face the UAS threat. Unlike our military, our Homeland Security agencies face the challenge of legal restrictions, lack of technology and lack of training against the UAS threat.
Former Deputy Administrator, U.S. Transporation Security Administration
President, Raloid Corp
Editorial Board Member, Homeland Security Today
The greatest evolving threat to the homeland in 2024 will come from individual violent perpetrators who fly under the radar, thereby avoiding identity and detection until after they strike. These will include individual violent terrorists from across the political and religious spectrum, many of whom will not follow any radicalization process but instead react spontaneously to events both at home or overseas. There will also be a growing threat of mass shootings and other forms of violence by individuals who are motivated solely by personal grievances or mental disorders. Since individual violent perpetrators can strike anytime, anywhere without any early warning indicators, they will pose the greatest threat for security personnel in both the public and private sectors.
Jeffrey D. Simon
Author, The Bulldog Detective: William J. Flynn and America’s First War Against the Mafia, Spies, and Terrorists; America’s Forgotten Terrorists: The Rise and Fall of the Galleanists
President, Political Risk Assessment Company
The U.S. Department of Homeland Security (DHS) management of the Chemical Facility Anti-Terrorism Standards (CFATS) program brings stability to the chemical industry and our nation’s high-risk chemical facilities. Its primary objective is preventing acts of terror on these facilities, which play a critical role in the manufacturing, storage, transportation, use, and delivery of essential chemicals used in nearly every U.S. industry, including agriculture, energy, electronics, paint and coatings, water treatment, health care, pharmaceuticals, and more. Initially authorized by Congress in 2006 through the DHS Appropriations Act of 2007 and created in mid-2007, this program, developed in collaboration with, and supported by, regulated industries, requires high-risk chemical facilities to prepare Security Vulnerability Assessments and implement Site Security Plans that meet the risk-based, performance-based security standards appropriate to their unique security challenges and risk-tier level.
Congress has reauthorized the CFATS program four times – each time on an overwhelmingly bipartisan basis. Despite near-unanimous bipartisan support in both chambers of Congress, the CFATS program unexpectedly expired last July and has yet to be reauthorized. The expiration of this program leaves our nation’s sensitive chemical facilities grappling with a multitude of national security risks —ranging from physical threats to cyber and emerging artificial intelligence risks. The CFATS program plays an indispensable role in securing our nation’s high-risk chemical facilities against potential terrorist threats. Reinstating the CFATS program is crucial to protecting U.S. critical infrastructure, bolstering supply chain resilience, and preventing the misuse of chemicals for malicious intent. By implementing robust security measures and risk-based performance standards, CFATS fortifies our defenses, mitigates risks, and enhances the resilience of chemical facilities across the country.
Eric. R. Byer
President & CEO, Alliance for Chemical Distribution (ACD)
Editorial Board Member, Homeland Security Today
The greatest evolving threat to our country in the field of biometrics is the increasing sophistication of deepfake technology and its potential to undermine identity verification systems. Homeland security professionals should be vigilant against malicious actors utilizing advanced AI algorithms to create convincing forged biometric data, compromising the integrity of security protocols. In 2024, anticipatory measures should include enhanced biometric encryption, continuous system updates, and interdisciplinary collaboration to stay ahead of emerging threats and protect national security.
Antonio J. Trindade
Former Associate Chief, United States Border Patrol
Vice President, Dev Technology Group, Inc.
Read the other 2024 Threat Forecasts here: