45.7 F
Washington D.C.
Saturday, March 2, 2024

State of Hostile State Actors: A Modern-Day Terrorist Group

The difference between now and prior to September 11, 2001, is we clearly see the terror occurring every day.

Terrorism, by definition, is the unlawful use of violence and intimidation, especially against civilians, in the pursuit of political aims. Keep this definition in mind throughout this essay.

On September 11, 2001, I was a Special Agent in the Federal Bureau of Investigation (FBI) serving in the Newark, N.J., field office on a violent crime task force. I, along with my squad members, had just come back from an early morning of arrests and surveillance.  We were located on the 21st floor of the Gateway office building in downtown Newark.  There were three squads on the floor composed of approximately 100 special agents and task force personnel sitting at their desks, catching up on paperwork, and planning the day’s events. It was also day two of construction of the new FBI building being constructed just two blocks away on the banks of the Passaic River. Both locations had a clear view of the New York City skyline.

At some point around 9 a.m. I noticed a large gathering around the only television on the floor. I wandered over to see what the attraction was when my friend Ray said, “Looks like a Cessna crashed into the World Trade Center.”  Immediately, another friend Karl, who was actually a Cessna pilot, stated, “That was NOT a Cessna.”

And so, it all began. Our lives as special agents in the FBI had changed forever. Our lives as Americans had changed forever. The world had changed forever.

By 11 a.m. our office had received all the flight manifests with detailed information of who was on the flights, which had already crashed into the World Trade Center, the Pentagon, and into the ground in Shanksville, Pa. There was obvious continuous panic about whether additional planes were still bound to crash as well as what was next. Was there a next? What could be next?

As we later identified, 15 of the hijackers either lived in New Jersey or spent considerable time in New Jersey. Everyone was assigned to investigative teams, putting the pieces together and tracing every step of the hijackers, potential accomplices, and were there more terrorists still lurking to do more harm to America.

Within a week, letters laced with anthrax began appearing in the U.S. mail. Five Americans were killed and 17 were sickened in what became the worst biological attacks in U.S. history. Subsequent investigation revealed that letters were mailed from a postal box located near the Princeton University campus, in Princeton, N.J. Not only was this also in the investigative territory of the FBI’s Newark Field Division, it was also just five miles from my home.

Were both of these terror attacks related? Were there more to come in the days and months ahead?

How did we not anticipate and identify this horrific terrorist behavior ahead of time?

Did we have warning signs? If so, did we miss them?

As you know, these were logical and rational questions at the time. Two significant, and yet very different, terror attacks on U.S. soil in a matter of a month. Plenty has been written about both of these events, and my rhetorical questions have been answered thousands of times via books, analysis, movies, think tanks and congressional hearings.

So, I ask, are we currently in the midst of a different kind of terror attack?  An attack that is not kinetic or kills scores of people resulting in countless funerals and memorial services. An attack that does not occur on one day, or over a few weeks, but yet is slow and steady, and is also pernicious and destructive.

“We ARE in a terrorism event. A long, slow, methodical, strategic, persistent, pernicious and enduring event”

The past decade has provided us a very clear mosaic of nation-state threat actors conducting persistent, strategic, targeted and sometimes destructive cyber-attacks on American governmental institutions, U.S companies, their systems, their data, and their employees.

China, Russia, Iran, and North Korea all have had their moments in the sun, some more than others, and some more persistent and enduring than the others. From Sony to OPM, from Anthem to Marriott, from the Department of State to the White House, from Equifax to Microsoft and from SolarWinds to Colonial Pipeline and JBL.  There are hundreds more to list, but you get the picture.

All of these cyber-related breaches, data exfiltration, and in the destructive case of Sony get attributed with little repercussions to the nation-state with dirty hands and origins. Our critical infrastructure is at significant risk. It has been. Adding the incredible proliferation of ransomware to the constant drumbeat of cyber breaches, we are at a vulnerable and precarious point as a nation. We do make incremental steps to protect infrastructure from yesterday’s technology vulnerabilities. I would stipulate to that. Eighty-five percent of our nation’s critical infrastructure is owned, operated and protected by the private sector.   There continues to be little incentive for the private sector to significantly increase allocation of security-based resources to provided substantiative and modern protective measures within individual companies. Additionally, the U.S. government must be willing to both be more prescriptive as well as aggressively declassify real-time, and actionable intelligence, to help defend our critical infrastructure as well as critical technologies imperative for the U.S. to maintain our status as global leaders.

With all of the above cyber and ransomware threats, combined with the consistent, if not growing, insider threat epidemic facing our nation, it is time to take a modern view of counterintelligence. Counterintelligence is not just catching spies from adversarial countries. Granted, it is still an important role for the intelligence and law enforcement entitles to carry out, but it is just a small portion of countering the intelligence efforts from our adversaries.

The paradigm of counterintelligence has dramatically expanded in the past decade and the private sector has become the battle space for this neo-aggressive behavior. As an example, and just from an economic espionage perspective, the U.S. economy loses between $400 billion and $600 billion dollars per year from theft of trade secrets and intellectual property, just from the Communist Party of China. This equates to approximately $4,000 to $6,000 per year for each American family of four, after taxes.  This does not consider the economic damage, as well as damage to brand, due to cyber breaches and data exfiltration to American companies and universities. Let’s not forget the trauma felt by communities as local gas stations shut down for a week or more pursuant to the Colonial Pipeline ransomware event.

Ransomware has become a terror event on its own. Is it not terrorism when a hospital, high school, police department, college, county services, or water treatment facility are shut down for a ransomware payment? How about a gas pipeline I referenced earlier? How about our electrical grid or natural gas being shut off in January in the Northeast part of the U.S., resulting in millions of households, and buildings, without heat? How about our telecommunications infrastructure going down one day because Verizon and AT&T are hit with ransomware on the same day? Or, our financial services sector having to go offline, for even a few hours, would cause international chaos and disruption. Are these not terror events? Again, “terror” must be redefined beyond loved ones dying.

State of Hostile State Actors: A Modern-Day Terrorist Group Homeland Security Today
Korean Central News Agency handout photo

It is time that we — as a government, Intelligence Community, Congress, and our entire nation — look at the current threat we face from nation-state threat actors and cyber criminals and treat them with the same sense of urgency, spending, and strategy we have done for preventing terrorism the past two decades. I would proffer that we ARE in a terrorism event. A long, slow, methodical, strategic, persistent, pernicious and enduring event to which I believe we have become numb. We must address this terror with vigor, aggressiveness and a true public-private partnership. We cannot wait for the ultimate crisis to occur, whatever that looks like.

The difference between now and prior to September 11, 2001, is we clearly see the terror occurring every day. We feel it. The private sector deals with it daily. It is costing trillions of dollars. We obtain the plans and intentions of nation-state leaders every day, we watch as zero days are promulgated and software is manipulated, we understand the current and future possibilities of state actors and their cyber capabilities, as well as their intent. We can and must use our collection and knowledge to protect our critical infrastructure on a more efficient and effective basis.

To address the rhetorical questions I referenced earlier about what we missed and what we didn’t see, the metaphor here is basic: Currently, with respect to counterintelligence and cyber, we are watching as letters are made, placed in envelopes and sealed, and then watch as they are getting placed into a blue postal box. We sometimes even know the addressee. This is a different type of terror, but terror nonetheless. Nation-state terror.  We must see it as such and treat it as such, with a sense of urgency. Our nation’s sustainably and existential well-being require such.

William Evanina
William Evanina
Mr. Evanina was confirmed by the U.S. Senate on May 6, 2020 to be the first Senate-confirmed Director of the National Counterintelligence and Security Center (NCSC). Mr. Evanina served as the Director of NCSC since June 2, 2014. In this position, he was the head of Counterintelligence (CI) for the U.S. Government. Mr. Evanina was responsible for leading and supporting the CI and security activities of the US Intelligence Community, the U.S. Government, and U.S. private sector entities at risk from intelligence collection or attack by foreign adversaries. Under NCSC, he oversaw national-level programs and activities such as the National Insider Threat Task Force; personnel security and background investigations; information technology protection standards and compliance; CI cyber operations; supply chain risk management; threat awareness to sectors of the US critical infrastructure; national-level damage assessments from espionage or unauthorized disclosures, CI mission management, and national CI and security training programs. Under Mr. Evanina’s leadership, NCSC produced the President’s National Counterintelligence Strategy of the United States of America 2020, which has been instrumental in raising foreign intelligence threat awareness to critical infrastructure sectors and the private sector executives regarding supply chain, economic security, cyber, and malign foreign influence. Mr. Evanina chaired the National Counterintelligence Policy Board, and the Allied Security and Counterintelligence Forum comprised of senior CI and security leaders from Australia, Canada, New Zealand, and the UK. Mr. Evanina also served as Chair of the NATO Counterintelligence Panel. Prior to his selection as the Director of NCSC, Mr. Evanina served as the Chief of the Central Intelligence Agency’s Counterespionage Group. Mr. Evanina previously served as Assistant Special Agent in Charge of the FBI’s Washington Field Office, where he led operations in both the Counterintelligence and Counterterrorism Divisions. Mr. Evanina served over 31 years of distinguished federal service, 24 of which as a Special Agent with the Federal Bureau of Investigation (FBI). At the start of his law enforcement career in 1996, he investigated organized crime and violent crimes through the FBI’s Newark Field Office. He then served on an FBI SWAT unit for 10 years, ultimately supervising this unit. He led some of the highest profile terrorism investigations in our nation’s history including the 9/11 attacks, the anthrax attacks, and the Daniel Pearl kidnapping. During his tenure with the FBI’s Joint Terrorism Task Force (JTTF), Mr. Evanina was selected as a Supervisory Special Agent and received the FBI Director’s Award for Excellence for his leadership in the investigation into convicted spy Leandro Argoncillo. Mr. Evanina’s government career began in 1989 as a Project Manager with the General Services Administration, in Philadelphia. Mr. Evanina was born and raised in Peckville, PA. He holds a Bachelor’s Degree in Public Administration from Wilkes University in Wilkes Barre, PA, and a Master’s Degree in Educational Leadership from Arcadia University in Philadelphia. Mr. Evanina currently serves as Founder and CEO of the Evanina Group advising CEOs and Board of Directors on strategic corporate risk.

Related Articles


- Advertisement -
National Fallen

Latest Articles