In this in-depth briefing, a leading CT official discusses how to address diverse challenges ranging from border security and document forgery to online radicalization and far-right copycat attacks.
On November 8, Russell Travers, the acting director of the National Counterterrorism Center (NCTC), addressed a Policy Forum at The Washington Institute. The following is a rapporteur’ssummary of his remarks. For his full prepared speech, download the PDF version.
As U.S. authorities consider how best to counter terrorism amid other policy imperatives, they need to answer several questions. What does the risk equation look like in a country with such a complex national security environment? How should the government optimize allocation of counterterrorism resources in the country’s best interests when departments and agencies have differing priorities? And how can America continue the successes of its CT posture without reversing the gains made since the 9/11 attacks?
On the positive side of the ledger, neither the Islamic State nor al-Qaeda has executed a successful large-scale attack in the West in some time. The last significant al-Qaeda attack in a Western country was the January 2015 Charlie Hebdo shooting in Paris; the last major one by IS was the January 2017 Reina nightclub attack in Istanbul. The defeat of the IS caliphate and the capture and killing of its leaders have lessened the near-term potential for and impact of large-scale, externally directed attacks, as have the capacity-building efforts carried out in allied countries and the improvements made in global information sharing and border security. For example, Kenya’s response to al-Shabab’s January 2019 attack on a Nairobi hotel and apartment complex was far superior to how it handled the September 2013 Westgate Mall shooting.
The United States must avoid complacency, however. The homeland still faces a diverse, diffuse threat, comprising homegrown violent extremists, IS branches, al-Qaeda affiliates, Iran and its proxies (including Hezbollah and Shia militias in Iraq), and far-right radicals. These terrorist networks are particularly proficient at exploiting technology. They use encrypted communications for operational planning; spread propaganda and transfer knowledge via social media; rely on drones for swarm attacks, explosives delivery, and assassinations; employ high-quality fraudulent documents to evade border security; fund operations by means of cryptocurrency; and are likely experimenting with chemical and biological weapons. They are also innovative recruiters, targeting vulnerable populations and youths.
Today, a mix of personal, group, community, sociopolitical, and ideological factors continue to breed radicalization and mobilize people to violence. There are roughly four times as many radicalized individuals today as there were on 9/11, and the U.S. database of known or suspected terrorists (KSTs) has grown by a factor of twenty since then. As radicalized populations grow, America’s ability to identify, capture, and kill terrorists will decline. Furthermore, migration out of Africa, due in part to global warming, is engendering far-right extremism against refugees and asylum seekers in Europe. The burgeoning of the radicalized community requires robust terrorism prevention efforts.
Because threats revolve around people and networks, the U.S. national security community has expended an enormous amount of energy building a multilayered approach to screening individuals entering the country over the past eighteen years, processing 3.2 million people daily. The CT community now produces richer dossiers, makes better use of technology, conducts realtime classified screening to support unclassified watch lists, and, when possible, leverages biometrics to vet suspects intent on entering the country. There is no indication that foreign terrorist groups have attempted to exploit the U.S. refugee admissions program to gain entry over the past decade. Only two individuals arrived as refugees and subsequently perpetrated attacks in the United States, and both were radicalized after entry. To date, the screening and vetting system has performed extraordinarily well.
Nevertheless, each day, approximately three individuals who meet the NCTC’s criteria for KSTs seek to enter the United States. Another seven per day have potential connections to KSTs, though the government lacks sufficient derogatory information to classify them as such. Thus, authorities cannot rest on their laurels. As past attackers in Paris and Brussels demonstrated, even those who are known to security agencies can evade detection through high-quality fraudulent identification, highlighting the need for collection, integration, and sharing of biometric information. These efforts, along with business-process and information-technology improvements, are in the best interests of the CT and greater national security communities.
Additionally, comprehensive intelligence collection is imperative to detecting local threats that might transform into threats against the homeland. This means focusing on everything from non-affiliated fringe groups like Sri Lanka’s National Thowheeth Jamaath (which conducted this year’s Easter Sunday attacks) to local indigenous insurgencies and formal terrorist affiliates. As the United States reduces its human footprint abroad, particularly in Iraq and Syria, it will have fewer HUMINT sources and less liaising with on-the-ground partners. Officials should therefore do a cost-benefit analysis of the risk posed by this reduction in assets.
Data is the lifeblood of counterterrorism, but incomplete, sometimes-ambiguous, and often-inaccurate data poses a tremendous challenge to NCTC analysts. Counterterrorism has an abysmal signal-to-noise ratio. For example, embassies and consulates receive about 300 threats per year, while the NCTC operations center receives about 10,000 terrorism-related reports daily containing around 16,000 names. Although most of these threats are not credible or actionable, they cannot be ignored.
Another challenge is that public safety sometimes comes into conflict with privacy considerations by necessity. What information should be accessible to which organizations, for what purpose, and when? What level and type of CT risk should Americans be willing to tolerate in order to preserve crucial freedoms? How should the national security community deal with exploitation of the Internet?
Whole-of-government integration is also increasingly important in the current threat environment. Successfully integrating efforts is difficult but not impossible, as seen in the post-9/11 screening and watch-list architecture. Deputies and principals held regular committee meetings in the years following those attacks, but the trend toward decentralized decisionmaking has been notable since the previous administration. Decisions formerly made by the National Security Council are now being sent back downstream to individual departments and agencies. Yet interagency “muscle memory” is a must for rapid response in the event of a crisis.
In addition to collaborating within, U.S. agencies need to collaborate externally. Public-private partnerships are key to hindering terrorist recruitment efforts, propaganda distribution, and sharing of information to support attacks. Industries have made tremendous strides in rendering cyberspace less hospitable to terrorists, particularly through the Global Internet Forum to Counter Terrorism (GIFCT), a consortium of major social media companies. Facebook, Twitter, and YouTube have reported that they automatically detect over 90 percent of terrorist content before it is made public.
Nonetheless, greater transparency on content takedown efforts could further CT gains. Reports by social media companies currently lack detail on the type of content purged and methods of removal. Providing the government with the content, geolocation, and attribution of terrorism-related posts would be useful for effective assessment of trends in propaganda, new/emerging groups, key radicalizers, and the credibility of potential plots. Insights could then be passed back to the companies to improve their algorithms. The National Cyber-Forensics and Training Alliance (NCFTA), which operates in the cybercrime arena, is an archetype for this type of synergistic relationship.
Last but not least, the United States must address the global dimension of non-Islamist terrorism, known broadly as “racially and ethnically motivated violent extremism” (REMVE). Several far-right terrorists have gained international reverence and inspired copycat attackers. For instance, Norwegian terrorist Anders Breivik has been praised or researched by at least five other attackers since 2014; American terrorist Dylan Roof has inspired at least two since 2015; and New Zealand terrorist Brenton Tarrant has inspired at least three this year alone. Because REMVE is not organized by hierarchical organizations with monolithic ideologies, identifying potential attackers is particularly difficult. The challenge is compounded by the lack of a federal domestic terrorism statute and associated material support charges, as well as the complexity of constitutionally protected free speech.
The United States has pointed at other countries as exporters of jihadist ideology for nearly two decades, but absent a more active approach to REMVE, America itself may soon be seen as an exporter of extremism. The U.S. government should therefore do more to understand the scope and scale of international linkages within REMVE (including among active paramilitary groups, ideological organizations, and extreme individuals), with the goal of developing effective tools to address this growing threat. In crafting legislation or reforms to bring REMVE suspects to justice, however, legislators must be careful not to paint all far-right ideologues as terrorists.
Despite the strides made in American CT efforts over the past eighteen years, the U.S. security architecture will never be risk-free. With competing state and non-state threats demanding attention and resources, leaders inside and outside government need to carefully consider how they should be prioritized, both to optimize CT resources and avoid inadvertently reversing CT gains.