Seminar Sessions: Experts Talk Lone Wolf Terrorism, Seaborne Threats, and Islam Vs. Jihadism

Lone-operator terrorism will likely grow during the 21st Century, according to a seasoned terrorism analyst who spoke to Seminar attendees Tuesday.

Jeffrey D. Simon, a former RAND Corporation analyst and current president of Political Risk Assessment Company Inc., reminded a packed session that with the exception of the 1993 World Trade Center and 9-11 attacks, all of the major terrorist events in modern U.S. history were perpetrated by lone actors.

Among examples: the 1920 anarchist bombing that killed 33 people on Wall Street in New York City, the Unabomber, and Eric Rudolph’s campaign of terror, which included the 1996 Atlanta Olympic Park bombing and attacks on abortion clinics in the South. Both the 1992 Tylenol poisoning case and the 2001 Anthrax letters are believed to have been carried out by lone actors.

At the outset, Simon said that he avoids the popular term “lone wolf” because of its cartoonish characterization of a wild perpetrator. While some, if not a majority, of lone-operator terrorists are mentally ill, many are also highly intelligent, making them a critical threat to society.

Unlike state- or network-sponsored terrorists, lone operators are limited to the resources within their means. They have a critical advantage, however, in avoiding detection before and after their attacks because most of them have no communication whatsoever with others regarding their operations, which denies authorities a major opportunity to detect them, Simon said. He noted that despite the unprecedented investigation into Unabomber Ted Kaczynski, it took a tip from Kaczynski’s brother to place authorities on his trail.

Simon cited several factors to support his contention that lone-operator terrorism could trend upward in the coming years. First, the information revolution provides potential actors with unlimited access to both radicalization materials and data on how to carry out attacks. Second, he noted the shift toward “leaderless” terror as networked attacks become tougher to carry out. Third, veteran terrorists and insurgents from conflicts in Iraq, Afghan­istan, and other areas will fan out around the globe, bringing with them know-how in bombmaking and other areas of terrorist expertise.

The challenges in catching lone operators have fostered the attitude that they cannot be caught before they act and leave a forensic trail. Simon, however, said that “We need to challenge the view that there’s nothing we can do to prevent lone-operator terrorism.”

Prevention can begin at institutions like the U.S. Postal Service (USPS), which has already modified policies in response to cases like the Unabomber’s. The case led to the ban on packages weighing more than 13 ounces in USPS drop boxes, while the agency no longer ships packages with visible oil stains on the exterior. Further measures could include improved awareness training, Simon said.

CCTV technology also holds promise for detecting attackers, according to Simon, noting the potential of gait-recognition software to spot perpetrators wearing suicide vests. Expanded use of biometrics, especially voice recognition might also help, he said. Institutions might also improve their ability to detect the well-documented early warning signs demonstrated by lone-operator terrorism, such as poor functioning in social groups. Targeting this phenomenon, however, is exceedingly difficult without impinging on civil liberties, Simon said.

Finally, the government can work to boost public awareness of activity that raises suspicion of terrorist activity, such as unattended bags in public places. While such vigilance is fundamental for security professionals, Simon argued that public awareness has in fact waned in the eight years since the 9-11 attacks.

Threats to people and structures can be natural, like tornadoes and floods, or manmade, like bombs and arson, but the thing they have in common is that they create the necessity to get people out of harm’s way, said Joseph Smith, PSP, who discussed the topic at Tuesday’s session “Can Modeling and Simulation Really Save Lives?” Smith is senior vice president at Applied Research Associates, Inc.

Smith said he spent the earlier part of his career in the U.S. Air Force modeling the effects of weapons use on buildings and areas. His later career has focused on what he calls the “human effects” of disasters, like how many lives are lost and how many injuries occur. Through his years in the field, Smith has seen an evolution in the state of modeling and simulation.

Models and simulations are essential because it’s so difficult to realistically recreate large-scale evacuations in egress drills in real life. They are often impossible and unrealistic, for reasons ranging from cost to liability. In addition, there is more to take into consideration than simply evacuating individuals through the nearest exits. For instance, stairs and exits may be blocked and there may be chemicals or gases present that will impede the egress. Additionally, Smith said that alternative exits, such as windows, may have been hardened against blasts or hurricanes, inadvertently eliminating a potential alternate route.

Until recently, simplified event simulations have been lacking, said Smith. A popular model had been the hydraulic model, which essentially treats the egress of people as though they were fluid flowing out of a leaking tube. Smith said those models have many flaws, including the assumption that people start evacuating at the same time, and that everyone’s evacuation will be uniform. The model does not explicitly take into account the differences in human behavior. For example, Smith said that people will tend to always go out through the door they came in, even if there is a closer or more convenient alternative.

Smith said that modeling and event simulation abilities have vastly improved in recent times. There is now the ability to do “agent-based simulation,” which has each individual recognized as its own software agent with its own characteristics. The new simulators also provide the ability to maintain fidelity to the facility that’s being modeled. The models are dynamic, replete with the capabilities to model for various types of events, and they are realistic and multi-hazard and can perform event analysis.

One simulator that Smith helped develop is the Event Simulator E-Sim Agent. In that simulator, humans are autono­mous agents with individual characteristics. It can model based on optimal egress scenarios and other situations, and use realistic human behavior. Smith recommends involving a cognitive psychologist in modeling, as he says “the trouble with people is that they do strange things,” and their idiosyncracies must be accounted for in simulations. He adds that models must take into consideration everything from physical abilities, such as when people are evacuating when they have just awakened, to mental distractions, such as when someone is evacuating with their small children, when much more will be on their mind than if they were evacuating alone.

Most companies are aware of the harm that can be caused by threats to information assets, and many are taking a second look (or should be) at the systems they have in place to protect their intellectual property assets. The Tuesday session “Insider Risks—Threats to Information Assets: The Global Recession is the Perfect Storm for Losses” sought to educate attendees on how to use audit tools to manage and mitigate risks posed by insiders.

Panelist Lynn Fischer, Ph.D., program manager of the security management program research area at the Defense Personnel Security Research Center (PER­SEREC), noted some observations from IT insider case studies examined by PER­SEREC. He said the following situations are often present in cases of insider theft: personal stress and an adverse social climate exist in the workplace, management doesn’t respond to disgruntlement in a timely fashion, system administrators are permitted exclusive control without oversight, and remote access programs that are not adequately controlled.

PERSEREC developed some tools for organizations to use in self-examination, Fischer said. The six categories for question that he recommended are recruitment, policies and regulations, pre-employment screening, training and education, continuing evaluation and policy implementation, and management intervention policies.

Fischer also said organizations should be aware of cultural, political, economic, sector-specific, or organization-specific factors that may multiply insider risk. “Every organization has a social context or geographic context, things that happen to employees that impact the level of risk,” he said.

Fischer stressed the importance of background checks and related the story of one government agency that unknowingly hired an insider hacker, even though he had been fired from three previous jobs for hacking and abusive behavior. Just before the agency fired him, the employee learned about his imminent dismissal and installed three time bombs in the agency’s databases. His supervisor found them before they went off, but it cost the agency $300,000 to repair the damage. Fischer also cited a Carne­gie Mellon report that said 20 percent of those arrested for IT crimes in the banking industry had criminal records.

Fischer discussed the importance of training and education. Some questions that organizations may want to ask in an audit are these: Does the organization have a non-disclosure agreement and consistent enforcement policies? Does it track and record at-risk behavior and provide clear information to employees about what information needs to be protected?

In the global economy, business opportunities exist everywhere, even in some of the world’s most dangerous locations. Executives traveling to such insecure locales or more secure ones face a variety of threats ranging from illness to terrorism. At the session entitled “Executive Protection: Extracting Your Principal from a Hostile Environment” on Tuesday, security professionals heard from Robert Oatman, CPP, president of R. L. Oatman and Associates, Inc., about the advance planning and onsite maneuvers necessary to extract successfully a protectee from a threatening environment or situation.

Oatman discussed scenario-based planning and advised executive protection professionals to do the planning away from the office. He also recommended that the company use its own resources to do scenario-based planning rather than hire an outside consultancy to do it for them. “You need to observe interactivity and connectivity to be successful,” Oatman said.

He also addressed worst-case scenarios, advising companies to ask whether they have made plans for the principal in a number of types of scenarios, including personal medical emergencies, public health pandemics, broad-scale civil unrest, terror events, and transportation disruptions. More specifically, companies should ask if the principal is a special risk based on his medical past, whether local medical care would be sufficient if the principal were attacked or harmed, and what is the likelihood of unrest (like riots or strikes) in the country at the time when the principal is visiting.

Oatman said it is important for executive protection teams to physically go to the hospital where an executive might be taken in case of an emergency. In order to form a mental picture, “Go in, go to the front desk,” Oatman said. “There is a sense of empowerment when you are able to do that,” he added.

Other questions might include these: If a natural disaster occurs would the site be relatively easy or difficult to leave? Are the transportation options broad or limited? What government and legal conditions might necessitate evaluation? Have other executive protection teams experienced an evacuation of their principal? Oatman said it is important to learn from colleagues who have done recent evacuations.

He also said that emergency operations centers (EOCs) can be lifelines to traveling executives. Oatman recommended housing the EOC in a secure room within the corporate headquarters. He said the EOC should be staffed 24 hours a day, seven days a week and should be well equipped and well staffed.

Small vessels are a threat not only abroad, where such vehicles were integral in the 2000 bombing of the USS Cole and assisted in last year’s Mumbai terror attacks, but also on U.S. waterways, according to the speakers in Tuesday’s session, “USS Cole, Mumbai, and the Big Threat of Small Vessels.” The speakers were Gary Supnick, CPP, manager of maritime security and access at the SRI International’s National Center for Maritime and Port Security; Laurie Thomas, maritime security coordinator at the University of Findlay in Ohio; and Bill DeWitt, CPP, corporate security director of SSA Marine/Carrix Inc.

Supnick provided an in-depth look at the details of the Cole and Mumbai attacks, including the way small vessels were used and the short- and long-term consequences of the attacks. The Cole, a U.S. Navy destroyer, was damaged when a small vessel that had built-in explosives pulled up next to the ship and detonated. Seventeen sailors were killed and more than 30 were wounded. The vessel that bombed the Cole was a small boat that was painted and built to resemble the other small boats in the area. The attackers did not speed into the Cole, rather they approached at a normal pace and acted like they belonged in the area, according to Supnick.

In the Mumbai attack, the small boat, which the terrorists used to leave Paki­stan and get to a larger vessel waiting with supplies, served as a support to an attack rather than a means of an attack. The attacks caused damage in two hotels, a train station, a Jewish center, and other areas. The attacks have had a negative impact on tourism and public perception in India, as well as its relationship with Pakistan, where the attackers were from, said Supnick.

Although the small vessels were used in different ways in the attacks, Supnick said that in both cases, the attackers were clever and used a low yield to generate a huge impact.

Thomas spoke about efforts to prevent such attacks or use of small vessels in the United States. She explained that small vessels are not just tiny dinghies or sporting vehicles—they can be anything under 300 gross-registered tons. She added that it’s unclear how many such vessels are active in the United States, although there are at least 13 million registered small vessels.

Some of the vulnerabilities in the United States’ inland waterways are choke points, such as the St. Mary’s River in the Great Lakes region; heavy traffic; and dangerous cargo like chlorine, ammonium nitrate, and petroleum products.

Thomas cited various government efforts to increase small-vessel security. One of the initiatives was launched by the U.S. Department of Homeland Security (DHS) in 2007, and consisted of organizing national and regional small-vessel security summits. The summits provided a forum for federal, state, and local law enforcement to interact with the small-vessel community. DHS released the Small Vessel Security Strategy (SVSS) in April 2008, which laid out goals including the development of strong partnerships between the small-vessel community and the public and private sectors, better planning, effective use of technology, and enhanced coordination. Thomas said that DHS is still working on an implementation plan for the SVSS, and that the plan is expected to provide timelines and translate the goals of the SVSS into actionable items.

In a session yesterday that spanned the last nearly 1,400 years, a retired military officer attempted to combat the stereotypes, prejudice, and ignorance that hinders the West and the security profession’s understanding of Islam. Michael Trapp, CPP’s session acted as an hour-and-a-half fact check, compete with statistics and a broad historical overview of a religion and a people the West was forced to confront in the aftermath of 9-11.

Trapp, a manager at Applied Research Associates, reviewed the founding of Islam by the prophet Mohammed and its early Caliphs, as well as the civilization’s descent into civil war to help attendees grasp how Islam’s past helps explain how a fringe of extremists in the 20th century hijacked a religion and associated it unjustly with terrorist atrocities.

He also reeled off many common mistaken beliefs Westerners hold of Muslims, and of themselves. Muslims, for instance, aren’t more religiously extreme than Christians. “The same number—55 percent—of Americans believe the Bible should be law as Iranians believe Sharia should be law,” Trapp said.

The harsh and repressive treatment of women commonly associated with Muslims is not based on Islam’s Holy Scriptures, he noted, but Arab culture. Trapp said that women are treated much differently in other Muslim cultures, especially Indonesia, the world’s largest Islamic population.

“People are people: same hopes, same dreams,” Trapp observed.

Despite many in the West’s belief that Islam’s holy book, the Quran, defines jihad as holy war, Trapp exposed that as another oft-repeated fallacy. Often the flexibility of the Arabic language makes it easy for readers to make Islam’s scriptures say what they want it to. This is why some believers see Islam as a peaceful religion and others as a violent religion. The devil is in the interpretation.

Barnes estimated that of the world’s 1.5 billion Muslims, there are only 10,000 to 14,000 jihadists and 100 million sympathizers. Barnes said these jihadists exploit the often legitimate grievances that many Muslims have of the West, especially bias towards Israel, the desire for cheap oil, and Western forces occupying holy ground.

Barnes also stressed that there is a mainstream, but underreported, movement in the Islamic world to combat jihadism that the West must support.

While Trapp’s historical and cultural corrections sought to correct widespread prejudices associated with Muslims, he did not refrain from assessing the real threat and totalitarian goals of the jihad­ist enemy the West faces in battle. Taking Iraq as a starting point, the plan has five prongs: expel U.S. forces from Iraq; overthrow all secular and corrupt regimes in the Middle East; eradicate Israel and purge the Middle East of any Jewish or Christian influence; reestablish the lost Islamic Empire, known as the Caliphate; and dominate the world