Protecting the Systems We Depend On

Lauren Bean

The pervasive and rapid growth of globalization coupled with exponential advances in technology has resulted in near total reliance on the highly interdependent international networks system, both for the movement of goods and services and for sharing information and ideas. This system is composed of individuals; organizations; and assets; and the government, private, and public sectors; and includes telecommunications, finance, transportation, health services, and water and electricity. Openness and easy access to countless nodes of this system has created conditions of vulnerability for the US.  The consequences of disruption caused by a natural or man-made disaster, unintentional human error, or deliberate acts of terror would be severe.

Because international networks are highly interdependent, disruption in one network sector would result in degradation of other sectors and perhaps the entire system. For example, a temporary disruption to the US-Canada electric power system (recall the August 14, 2003 blackout in the US and Canada) would have a significant cascade effect on reliant networks. Also, a network disruption of a container shipment offloaded at the Port of Long Beach, California would debilitate the US transportation and retail sectors.

For terrorists seeking to disrupt US systems, international networks are relatively soft targets for attacks. Of equal concern is terrorists’ increasing reliance on the international networks system to operate, and they are developing new and creative ways to exploit the various communication (the Internet and open source information), financial (the international banking system), and transportation (aviation, transit, and maritime) modes.

Cybercommunications via the Internet have become the communication medium of choice for terrorists. This network can be used to collect, store, and send information without attribution. Terrorists use what is called a "dead drop" to avoid having emails and the information contained therein intercepted by US intelligence agencies. The dead drop technique involves opening a free email account with a public service (Yahoo, Google, etc.), writing a message and saving it in draft form, and then sharing the email account name and password via other means such as a secure online message board. As a counterterrorism tool, cybercommunications can be used by the US to disrupt terrorist communications networks, hinder recruitment and training efforts, and undermine terrorists’ trust and confidence in their collaborators’ networks. However, within the realm of "virtual reality" and cyberspace, the degree to which the US is able to surveil is limited due to embedded security v. privacy issues. How these issues will be resolved is yet to be determined.

Both Al Qaeda and Hezbollah operate highly complex financial networks, which are used to fundraise, launder, and transfer terrorist money for a variety of activities including the purchase of weapons. By examining illicit financial transactions, via an underground money system (Hawala), for example, and analyzing vulnerabilities of legitimate financial networks, the US can learn from observing how terrorists move money around the international financial networks system. Also, gathering terrorists’ financial information is becoming one of the most effective counterterrorism tools, by increasing the risk terrorists will be caught transferring funds and denying them access to funds.

Since September 11, 2001, US homeland and national security experts have emphasized the importance of thinking in terms of "networks", not only as a guide to understanding how terrorist organizations such as Al Qaeda organize and operate, but also as a framework for conceptualizing how to develop an effective counterterrorism strategy that both utilizes the international networks system to detect, prevent, and respond to terrorist threats and also protects reliant critical infrastructure from threats.

The relationship between the "network" concept and security is not new. DARPANET, now known as the Internet, was commissioned by the US Department of Defense’s Advanced Research Projects Administration (DARPA) nearly four decades ago. Also, the application of different network models has been the basis of tactical US counterterrorism, intelligence, and military operations, international counter-narcotic programs, and organized crime efforts for many years.

In recent years, the US national and homeland security post-9/11 adaptive strategies have resulted in both the reorganization of existing security and intelligence organizations and the creation of new ones, including the more recent Office of the Director of National Intelligence (DNI), which oversees the entire intelligence community. This has led to advances in information sharing among intelligence agencies, as well as between the private and public sectors, but more resources -- and greater stakes -- are required to achieve measurable results. Also, the expanded intelligence organizational network has created unanticipated challenges, requiring that the US national security and homeland security communities implement a more effective internal network strategy guided by greater communication, collaboration, a common mission, and a more inclusive approach.

While the use of international networks by terrorists is only one aspect of the 21st century threat landscape, it illustrates the present-day challenge of protecting a highly interconnected, physical and cyber-based system, which provides critical services to people around the world and supports US counterterrorism efforts, yet also facilitates the growth of terrorism and terrorist operations.

Developing creative solutions to protect this system from attacks, to use this system to counter threats, and to counter terrorist usage of this system to operate requires an understanding of all aspects of the contemporary and future threat array. •

Lauren Bean is Editor of the National Strategy Forum Review.