In this Edition:
Change Edition

Counterterrorism-Cybersecurity Strategy over Soundbites

Counterterrorism is not easy.

Last week’s terrorist attacks in Belgium served as yet another horrific reminder of the complexity and intractability of counterterrorism (CT). Unfortunately, complexity is often met with choler, and, just as occurred following last year’s Paris and San Bernardino attacks, there is a tendency in the media and among politicians to call for easy but archaic solutions, like physical and virtual walls, that are ill-equipped to handle the complex elements of CT.

Here is what we all—angry politicians and talking heads alike—do need to understand: As George Kennan noted while discussing the Vietnam War, strategy cannot be simplified to sound bites, and there are dangers inherent in foreign policy by bumper sticker. Given the complexities of terrorism and technological diffusion, this is just as true today as it was fifty years ago. Continuing to instigate a string of policy proposals that run counter to democratic ideals and the free flow of information, in order to provide an easy solution to a problem that doesn’t have one, will fail to achieve stronger security. As these CT challenges and responses are inextricably linked with cybersecurity, an integrated socio-technical CT-cybersecurity strategy, while a less digestible point for pundits, is much more likely to succeed.

The Counterterrorism Analytical Framework in the Counterterrorism Joint Publication 3-26 lists nine critical factors or centers of gravity of terrorist networks: leadership, safe haven, finance, communication, movement, intelligence, weapons, personnel, and ideology. Every factor relies heavily on the Internet, from research and distribution of weapons, money transfers, and spreading ideology. Social media has garnered the most attention, especially with regard to recruitment, while the Apple-FBI case has elevated the encryption debate and concerns over security-privacy trade-offs. Further, terrorist groups rely on digital technologies as instruments of power across the spectrum of all critical factors. Members of the Syrian Electronic Army are facing criminal charges in the US for online criminal activity and hacking, while groups like al-Shabaab in Somalia rely on mobile money transfers for financial transactions and funding. In short, technology supports all critical factors of terrorist networks.

Given the diverse and nuanced use of digital technologies by terrorist groups, it is disheartening that many reactive policy proposals fail to understand how intertwined technology and CT are on and offline, or that there are many parallels between CT proposals in the physical and virtual world. The most worrisome trend is the increased rhetoric demanding the closing of borders, or withdrawal from regional collaborative institutions such as the European Union or NATO. On the geopolitical realm, this push for domestic isolation will set back decades’ worth of gains that have been made in the economic and social realms, not to mention their pacifying impact on interstate relations. Simultaneously, the misperception that information isolation is possible has led to a patchwork of proposed or instituted policies that are segmenting the free flow of information. The French proposal to ban Tor and block public Wi-Fi, and discussions of blocking the Internet, are just two recent examples of how CT responses fail to take into account the negative externalities of such policies as well as the technical realities of the modern era. There have also been proposals to regulate Bitcoin and virtual currencies, despite the spread of technologies that obfuscate money trails, or Europol’s findings that ISIS does not use Bitcoin when planning attacks.

Many of the proposed solutions actually hurt those who use the Internet normally and daily, while having no impact on bad behavior. 

This regression inward is accompanied by calls to build both physical and virtual walls to combat terrorism. While this may have previously worked to varying degrees, it has at times had unanticipated consequences (e.g. the Maginot Line), and simply doesn’t work today. Just as a physical wall can be circumvented, closing parts of the Internet is outdated and ineffective. Moreover, as the most recent attacks in Europe and the U.S. indicate, building walls completely ignores homegrown terrorism. Similarly, any fragmentation or barrier to the Internet is ineffective against insider threats which have had the biggest impact on national security.

CT and cyber experts rarely are one in the same, but these two areas are increasingly interconnected, with CT driving many of the policy and public debates in the cyber realm. Government policy representatives recently met with Silicon Valley tech leaders to discuss CT, seeking assistance in limiting the role of social media as a recruitment and propaganda tool. While the outreach to the tech community is a good first step, this meeting would have benefitted from the participation of CT experts. Policies that focus solely on the technological aspect of CT will address the means used, not the root causes of terrorism, and will discount insights on the social, economic, and political causes of terrorism. The whack-a-mole approach to CT by experts in the tech sector has proven ineffective, but unfortunately that is the current state of CT policies in the digital domain, as every suspended Twitter or Facebook account is easily replaced with many more new ones. To date, most of the CT proposals that pertain to the Internet fail to understand the organizational structures of terrorist networks and the various critical factors that are necessary for group survival.

Similarly, most CT experts’ proposed policies fail to take into account modern technical realities. Many of their proposed solutions actually hurt those who use the Internet normally and daily, while having no impact on bad behavior. Encryption, Wassenaar, banning Tor, cutting off the Internet, and so forth—all of this hurts the average citizen and civil rights movements and has no impact on criminal or terrorist activity. Unfortunately, with the reoccurrence of high profile terrorist attacks, the immediate, reactionary responses are too often misaligned with root causes and technical realities.

Too often, politicians seek quick sound bites to demonstrate they are tough on terror, but these have little alignment with the threat and technology. It’s time to move beyond bumper sticker CT and cybersecurity policies, and pursue strategies that take into account both the social and technical complexities of the modern era.


Andrea Limbago is the principal social scientist at Endgame.