Terrorism, by definition, is the unlawful use of violence and intimidation, especially against civilians, in the pursuit of political aims. Keep this definition in mind throughout this essay.
On September 11, 2001, I was a Special Agent in the Federal Bureau of Investigation (FBI) serving in the Newark, N.J., field office on a violent crime task force. I, along with my squad members, had just come back from an early morning of arrests and surveillance. We were located on the 21st floor of the Gateway office building in downtown Newark. There were three squads on the floor composed of approximately 100 special agents and task force personnel sitting at their desks, catching up on paperwork, and planning the day’s events. It was also day two of construction of the new FBI building being constructed just two blocks away on the banks of the Passaic River. Both locations had a clear view of the New York City skyline.
At some point around 9 a.m. I noticed a large gathering around the only television on the floor. I wandered over to see what the attraction was when my friend Ray said, “Looks like a Cessna crashed into the World Trade Center.” Immediately, another friend Karl, who was actually a Cessna pilot, stated, “That was NOT a Cessna.”
And so, it all began. Our lives as special agents in the FBI had changed forever. Our lives as Americans had changed forever. The world had changed forever.
By 11 a.m. our office had received all the flight manifests with detailed information of who was on the flights, which had already crashed into the World Trade Center, the Pentagon, and into the ground in Shanksville, Pa. There was obvious continuous panic about whether additional planes were still bound to crash as well as what was next. Was there a next? What could be next?
As we later identified, 15 of the hijackers either lived in New Jersey or spent considerable time in New Jersey. Everyone was assigned to investigative teams, putting the pieces together and tracing every step of the hijackers, potential accomplices, and were there more terrorists still lurking to do more harm to America.
Within a week, letters laced with anthrax began appearing in the U.S. mail. Five Americans were killed and 17 were sickened in what became the worst biological attacks in U.S. history. Subsequent investigation revealed that letters were mailed from a postal box located near the Princeton University campus, in Princeton, N.J. Not only was this also in the investigative territory of the FBI’s Newark Field Division, it was also just five miles from my home.
Were both of these terror attacks related? Were there more to come in the days and months ahead?
How did we not anticipate and identify this horrific terrorist behavior ahead of time?
Did we have warning signs? If so, did we miss them?
As you know, these were logical and rational questions at the time. Two significant, and yet very different, terror attacks on U.S. soil in a matter of a month. Plenty has been written about both of these events, and my rhetorical questions have been answered thousands of times via books, analysis, movies, think tanks and congressional hearings.
So, I ask, are we currently in the midst of a different kind of terror attack? An attack that is not kinetic or kills scores of people resulting in countless funerals and memorial services. An attack that does not occur on one day, or over a few weeks, but yet is slow and steady, and is also pernicious and destructive.
“We ARE in a terrorism event. A long, slow, methodical, strategic, persistent, pernicious and enduring event”
The past decade has provided us a very clear mosaic of nation-state threat actors conducting persistent, strategic, targeted and sometimes destructive cyber-attacks on American governmental institutions, U.S companies, their systems, their data, and their employees.
China, Russia, Iran, and North Korea all have had their moments in the sun, some more than others, and some more persistent and enduring than the others. From Sony to OPM, from Anthem to Marriott, from the Department of State to the White House, from Equifax to Microsoft and from SolarWinds to Colonial Pipeline and JBL. There are hundreds more to list, but you get the picture.
All of these cyber-related breaches, data exfiltration, and in the destructive case of Sony get attributed with little repercussions to the nation-state with dirty hands and origins. Our critical infrastructure is at significant risk. It has been. Adding the incredible proliferation of ransomware to the constant drumbeat of cyber breaches, we are at a vulnerable and precarious point as a nation. We do make incremental steps to protect infrastructure from yesterday’s technology vulnerabilities. I would stipulate to that. Eighty-five percent of our nation’s critical infrastructure is owned, operated and protected by the private sector. There continues to be little incentive for the private sector to significantly increase allocation of security-based resources to provided substantiative and modern protective measures within individual companies. Additionally, the U.S. government must be willing to both be more prescriptive as well as aggressively declassify real-time, and actionable intelligence, to help defend our critical infrastructure as well as critical technologies imperative for the U.S. to maintain our status as global leaders.
With all of the above cyber and ransomware threats, combined with the consistent, if not growing, insider threat epidemic facing our nation, it is time to take a modern view of counterintelligence. Counterintelligence is not just catching spies from adversarial countries. Granted, it is still an important role for the intelligence and law enforcement entitles to carry out, but it is just a small portion of countering the intelligence efforts from our adversaries.
The paradigm of counterintelligence has dramatically expanded in the past decade and the private sector has become the battle space for this neo-aggressive behavior. As an example, and just from an economic espionage perspective, the U.S. economy loses between $400 billion and $600 billion dollars per year from theft of trade secrets and intellectual property, just from the Communist Party of China. This equates to approximately $4,000 to $6,000 per year for each American family of four, after taxes. This does not consider the economic damage, as well as damage to brand, due to cyber breaches and data exfiltration to American companies and universities. Let’s not forget the trauma felt by communities as local gas stations shut down for a week or more pursuant to the Colonial Pipeline ransomware event.
Ransomware has become a terror event on its own. Is it not terrorism when a hospital, high school, police department, college, county services, or water treatment facility are shut down for a ransomware payment? How about a gas pipeline I referenced earlier? How about our electrical grid or natural gas being shut off in January in the Northeast part of the U.S., resulting in millions of households, and buildings, without heat? How about our telecommunications infrastructure going down one day because Verizon and AT&T are hit with ransomware on the same day? Or, our financial services sector having to go offline, for even a few hours, would cause international chaos and disruption. Are these not terror events? Again, “terror” must be redefined beyond loved ones dying.
It is time that we — as a government, Intelligence Community, Congress, and our entire nation — look at the current threat we face from nation-state threat actors and cyber criminals and treat them with the same sense of urgency, spending, and strategy we have done for preventing terrorism the past two decades. I would proffer that we ARE in a terrorism event. A long, slow, methodical, strategic, persistent, pernicious and enduring event to which I believe we have become numb. We must address this terror with vigor, aggressiveness and a true public-private partnership. We cannot wait for the ultimate crisis to occur, whatever that looks like.
The difference between now and prior to September 11, 2001, is we clearly see the terror occurring every day. We feel it. The private sector deals with it daily. It is costing trillions of dollars. We obtain the plans and intentions of nation-state leaders every day, we watch as zero days are promulgated and software is manipulated, we understand the current and future possibilities of state actors and their cyber capabilities, as well as their intent. We can and must use our collection and knowledge to protect our critical infrastructure on a more efficient and effective basis.
To address the rhetorical questions I referenced earlier about what we missed and what we didn’t see, the metaphor here is basic: Currently, with respect to counterintelligence and cyber, we are watching as letters are made, placed in envelopes and sealed, and then watch as they are getting placed into a blue postal box. We sometimes even know the addressee. This is a different type of terror, but terror nonetheless. Nation-state terror. We must see it as such and treat it as such, with a sense of urgency. Our nation’s sustainably and existential well-being require such.