Enable breadcrumbs token at /includes/pageheader.html.twig

ISIS Takes Fight to Cyber Battlefield

Losing physical territory, militants evolve their skills in this arena with no boundaries.

Paratroopers from the 82nd Airborne Division engage ISIS militants in artillery fire to support Iraqi and Peshmerga fighters in Mosul, Iraq. U.S. success on the physical battlefield may drive fighting to the cybersphere.

Mulligan and Director of National Intelligence Daniel Coats discuss with Vice President Mike Pence evolving terrorism threats to America during Pence’s visit to the NCTC in September.

The United States should not underestimate the ability of terrorist organizations such as ISIS to mount cyber attacks against the homeland, says John Mulligan, former deputy director of the National Counterterrorism Center. As the nation works to shrink territorial control of the caliphate in Iraq and Syria, the battlefront extends virtually to the cyber domain, and America must be prepared.

“Unless we contest the other domains in which [terror groups] operate, the problem is going to continue to manifest itself in the years ahead,” he warns. “We need to anticipate that ISIS will move aggressively to develop increased competency in the cybersphere. This is going to occur.”

So far, ISIS has mounted low-level cyber attacks, including doxing-style assaults—stealing and releasing documents with the intent to cause harm—or gaining personally identifiable information to generate kill lists. The organization’s proven ability to evolve its capabilities consistently over time, such as its use and armament of unmanned aerial vehicles or exploitation of social media, warrants attention. “We live in an era in which the free flow of information means that individuals can achieve higher degrees of education, skill and tradecraft fairly easily,” Mulligan says. “They have access to all sorts of information.”

Furthermore, the United States should not make the mistake of minimizing the ability of ISIS to attract skilled hackers. “We can’t give them a pass,” he imparts. “We need to find ways to challenge their operations and find ways to identify those individuals who are operating in that sphere, then develop and apply the countermeasures that will make their operations difficult or impossible.”

The changing nature of U.S. terror threats—cyber and otherwise—is such that the National Counterterrorism Center (NCTC) has to remain vigilant on all fronts. Founded in the aftermath of the 9/11 attacks, the NCTC is responsible for five key counterterrorism missions. These include conducting the primary threat analysis for the U.S. government, leading the country’s intelligence management, coordinating information sharing across the U.S. intelligence community, performing strategic operational planning for counterterrorism activities, and identifying known and suspected terrorists.

The NCTC’s role will remain critical, as “more terrorist threats are coming from more actors operating out of more locations than anytime since 9/11,” Mulligan declares. “The threats are more than ever.” The challenge is that the threats are globally dispersed and difficult to characterize. The adversary is unpredictable, working to gain an advantage all the time, Mulligan emphasizes. ISIS now has better access to commercial technology, broader arrays of tools and greater connectivity globally than ever before.

“We live in an era where people can reach out across the globe, make contact with others, radicalize, operationalize and induce them to undertake terrorist acts,” the deputy director allows.

ISIS is employing what Mulligan characterizes as a modern management tool. It takes lower-level leaders, doles out degrees of responsibility, tools and capabilities—the basics to accomplish terrorist missions—and lets them display their initiative and take action. But the operations are only as good as their local ISIS leaders, he clarifies. And because the terrorists are trying to mount attacks from remote locations, they are not getting the kind of hands-on guidance on the ground that they need. “The challenge for ISIS is that they are trying to operate a globally dispersed operation with limited contact, and they are trying to energize these people from afar,” he relates.

This gives the United States the opportunity to remove major actors, disrupt their communications and processes, and reduce accessibility to potentially vulnerable places. “That is something we can take advantage of,” Mulligan says. “Their evolving model still gives us an advantage.”

As for the threat from foreign fighters moving out of the battlefields of Iraq and Syria—approximately 40,000 fighters from 120 countries joined the fight in Iraq and Syria over the last four years—the NCTC had anticipated that there would be a greater outflow. “At the present time, ISIS is maintaining pretty rigorous controls,” Mulligan observes. “They are not letting so many fighters leave. We are also seeing willingness by many to continue the fight all the way to the end. That being said, we can anticipate that there may be shifts in what the current dynamic is, so we need to be prepared for those shifts.”

So far, the dispersals the NCTC has seen from the battlefield have largely been “pretty disorganized,” Mulligan reports. “It’s not like we believe that someone is directing folks to assign them to attack in other areas. We are seeing some of them more independently fleeing, but all in all, they really are trying to muster a very aggressive defense of the territory in Iraq and Syria that they are holding,” he says. The NCTC will remain “very flexible” in its monitoring because the situation could change suddenly, Mulligan adds.

Stateside, the biggest threat remains the possibility of violence from homegrown extremists, he cautions. Although the United States has developed great competencies in its national security structure by erecting layered physical defenses, ISIS will continue to attack however it can. “It really comes down to the point that the Islamic State is trying to increase the widespread terror factor in the collective psychology of our population,” Mulligan states.

To battle terrorism, the NCTC has to spread out its resources and work closely with stakeholders, among other activities. “Because terrorism against the homeland is coming from a broader range of actors, we need to be as adaptive at responding to terrorism in as an efficient way as possible. The key there is ensuring that the flow of information is optimized,” the deputy director says. “That’s the real challenge that we have now.”

The NCTC will harness the improved efficiencies and increased data access that cloud-based computing offers. Simply put, a cloud-based structure will give the NCTC greater latitude to perform its mission.

“This organization depends on effective data aggregation and correlation. The more data that we can bring in, the more efficiently we can work with the entire interagency community and global partners,” Mulligan imparts. “With greater confidence, we can ensure that the data streams that are entrusted to our stewardship are being protected and that the rights of our citizens are protected and guaranteed. A cloud computing environment will help us be more maneuverable in regard to that data movement and data storage. That’s the reason that the whole cloud platform makes sense to us.”

As for allied partnerships, the NCTC wants to increase its counterterrorism work with other countries to engage with them and share information as the threat of terrorism increases. Because every nation has its own rules and regulations about how the rights and privacies of its citizens are enforced, the United States needs to respect those rules and regulations, Mulligan advises. The goal is to make data sharing partnerships with allies more robust while balancing privacy rules. “We are trying to develop partnerships and mechanisms that will give confidence to each nation that there is accountability in data sharing,” he states.

When there are terror events, the United States often sees significant changes in partners’ behavior toward sharing data, conducting joint operations and ensuring intelligence flows. These partnerships will continue to develop over time, but the NCTC wants to accelerate that development. “I am encouraged by the way we are proceeding with working with our allies, but we have a long way to go,” the deputy director acknowledges.

The United States is exemplary in how it works intelligence across its own government agencies, Mulligan offers, but this did not happen overnight. “The relationships that we have forged and the partnerships that we have now, which we take for granted, were all built over time as a result of the attacks on 9/11,” he says.

The NCTC also is looking for tighter social media constructs. One important development is how U.S. social media companies have made the operating environment more challenging. “Initially, we saw ISIS and other terrorist organizations taking considerable advantage of the ability of individuals to sign up, get accounts and function on those platforms,” Mulligan observes. “Now the companies are developing increasingly capable mechanisms by which they are able to police their platforms. The companies are able to identify individuals who are violating their terms of service and are better at executing the means by which they can remove those individuals.”

For the most part, the social media companies have taken this step with only some degree of government encouragement. “They have largely pursued this independently, and we are grateful for it,” Mulligan declares.

Nonetheless, the NCTC would like to see more partnerships with those providers. “The fact of the matter is that the number of various platforms that the terrorists can choose to operate on is extremely large,” he warns. “It’s all wide open.”

The NCTC also will look to advanced biometric-based data, which offers additional confidence and precision to the center’s counterterrorism efforts. International partners already are gathering that kind of data. Many have rigorous biometric requirements to enter their borders—more so than the United States. To identify suspects, the NCTC will use advanced biometric data, along with more traditional biographical data—largely name-based information—and contextual information about activities and connections.

“Here, the inclusion of biometric data is intended to garner greater precision in the identification process,” Mulligan says. “This is just a question of us trying to be more precise in those individuals and in the characterizations that we are generating in our databases.”

The deputy director is looking to industry to continue developing advanced biometric technologies. “Because identity intelligence, particularly in counterterrorism, is of increasing importance, we definitely want to see what is developing on the commercial side and the potential applicability to help us,” he notes.