IAFIE Outstanding Teacher Award 2009

IAFIE Outstanding Teacher Award 2009

Presently a full-time Technical Consultant, for Universal Technology Corporation at Space Countermeasures Hands-On Program [SpaceCHOP], Air Force Research Laboratory. There, he has been involved in asymmetric [simulating rogue nations/terrorist groups] vulnerability assessments dealing with Space Tracking and Surveillance System (STSS), Global Nuclear Energy Partnership (GNEP), GPS, UAS Chemical/Biological Attacks; and serves as a key Mentor in the Kirtland Air Force Base Junior Force Council TIgER program; and, the AFRL Commander’s Cup Challenge. In the latter, the KAFB Teams have won the CCC for the past three years by developing and field testing in competition with Wright-Patterson Air Force base, rapid prototype projects: vehicle stopper, long endurance UAS, and, Tagging and Tracking of humans and vehicles.

Dr. Holden-Rhodes brings 20+ years of seasoned experience in Intelligence, Intelligence Operations, and operations issues to the national security arena. A combat-tested USMC Infantry/Reconnaissance Officer thrice decorated for actions under fire, he has applied his military experiences and learning from advanced graduate work to the difficult issues facing the nation. As the first non-traditional Post Doctoral Fellow at Los Alamos National Laboratory he worked on unconventional nuclear issues, terrorism/counterterrorism, special operations, and force projection.

Involved in the world of terrorism/counter-terrorism long before terror was recognized as a primary threat to this country, he served as the Team Chief, Latin America, 9001st Military Intelligence Detachment [Terrorism Counteraction]. [It was this group that coined the term “narco-terrorism”]. This experience led to a “boots on the ground” assignment as the Counter Drug Intelligence Team Leader for LANL/US Southern Command and the identification and tracking of coca growing and cocaine production sites, and, transshipment routes to the United States.

A pioneer in the development of and applied application of Open Source Intelligence [OSINT] he is the author of the award-winning book, Sharing the Secrets-Open Source Intelligence and the War on Drugs. An accomplished, frequently published writer/author he also wrote and co-edited, Intelligence in Terrorism Counteraction for the US Army Intelligence Center and School.

He has lectured and taught at the National Drug Intelligence Center, National Security Agency, Central Intelligence Agency, Western European Union [Paris], University of New Mexico, New Mexico Highlands University, and New Mexico State University. He created and served as the Director, Intelligence Studies, NMSU. There, students were trained at the undergraduate and graduate level in analytical techniques prior to joining the US Intelligence Community. He is now Adjunct Associate Professor of Intelligence Studies at Embry-Riddle Aeronautical University [Albuquerque Center] where he leads the Certificate and Minor in Intelligence Studies and Security programs.

He recently led contractual work as a Project Manager for US Army Intelligence and Security Command [INSCOM] dealing with the monitoring, collection, and analysis/synthesis of OSINT production dealing with the policies and actions of nine Middle Eastern countries vis-à-vis their responses to United States operations in Iraq. He is also the Senior OSINT Analyst for the Food and Drug Administration/New Mexico State University project for food safety and bio-terrorism issues.

Essay Contest

One of the following four questions was answered in each essay:

1. 
   What impact have major events of this decade had on the role of the intelligence professional in national security, law enforcement or competitive intelligence? (Select major events based upon your choice of field.)
   

2. 
   Intelligence-led policing is in practice in several countries on several continents. Using real-world examples, what, in your opinion, are the strengths and weaknesses of intelligence-led policing?
   

3. 
   What do you think are the most important challenges facing the intelligence community over the next 10 years?
   

4. 
   What advantages do strategic analysis and futures thinking hold for the future of the intelligence professional and how can they be incorporated into the intelligence professional’s skill sets?
   

A panel of intelligence professionals judged all entries and selected the winners for each category (Professional, Graduate Student, and Undergraduate Student). Essays were evaluated on their relevance to the question, creativity, strength of argument, and writing quality.

Category winners:

Professional Category
“Events that Impact Intelligence Analysts: A Revised Bloom’s Taxonomy Perspective”
by Edna Reid, Ph.D.

Clarion University

Professional Category –

During this post-9/11 era of reforms in the intelligence community (IC), terrorist groups’ increased sophistication in using the Internet, and establishment of an Open Source¹ Center (OSC), it is time to further demystify and enhance the visibility of an under-the-radar career: intelligence analyst². With the increase in the size, complexities, and mission-critical tasks of the U.S. intelligence community, it is experiencing a critical shortage of intelligence analysts that doesn’t seem to be going away! Accordingly, analysts are needed in many of the 16 intelligence community agencies (e.g., FBI, CIA, DIA, NSA) particularly in the departments and agencies created since 9/11 (Shrader, 2004; Losey, 2007). For instance despite the current bleak economic environment, the FBI announced it wants to fill over 3,000 positions including intelligence analysts, language specialists, heathcare analysts, and records management professionals (Frieden, 2009).

According to Zegart (2006, p.44), a specialist in intelligence reforms, as early as in the 1990s there were intelligence warnings, reports, and high level presidential briefings about the dangers and threats of terrorist attacks within the U.S. by radical Islamic groups. Nonetheless, the intelligence warnings ‘failed’ to be translated into actionable plans. In many bipartisan commissions (e.g., Hart-Rudman Commission, Bremer Commission), policymakers shared the concerns, identified major deficiencies, and provided recommendations for improvement in the intelligence community to meet the national security challenges of the 21^st century.

Intelligence community reforms emphasize changes that are needed so that the community can proactively predict, monitor, and respond to current and emerging 21^st century national security threats such as terrorist groups that plan and execute their attacks using creative approaches and diverse technologies. The threats from these non-state actors are further complicated by the explosive growth and sophisticated use of the Internet that have enhanced global connectivity, communication, uncertainties, and the use of Web 2.0 social networking applications (e.g., online discussion forum, wiki, blog, YouTube) for all users.

In response, the Director of National Intelligence (DNI) has followed up with a recommendation from the Weapons of Mass Destruction Commission and established an Open Source Center (OSC) within the CIA. OSC is designed to enhance the capability of the intelligence community to maximize the use of publicly available domestic and foreign news, television, radio and Internet information (Bean, 2007).

As previously described major events have led to an increased demand for intelligence analysts who have cutting edge expertise and for a broader understanding outside of the intelligence community, of the characteristics of an intelligence analyst. To enhance the understanding and facilitate discussion among intelligence professors and other educators, the cognitive processes and knowledge associated with the intelligence analyst discipline are described using Bloom’s taxonomy.

Table 2: Knowledge Dimension of the Revised Bloom’s Taxonomy and Intelligence Analysis

In Table 2, examples of the different levels of knowledge in intelligence analysis illustrate the skills, challenges, and commitments required of intelligence analysts.

The 9/11 attacks, post-9/11 intelligence reforms, terrorist groups’ sophisticated use of the Internet, and the establishment of the OSC have major impacts on challenges, competencies, and career opportunities associated with the intelligence analyst. The events highlight the need for other educators (e.g., healthcare, information science, digital media) to join the debate and curriculum design teams so they can further discussions with intelligence professors about designing interdisciplinary intelligence-focused curricula that meet the demands of a customer-driven intelligence community that is dealing with increasingly complex cultural, technological, and global problems.

Analysis of competing hypothesis. (2008). Wikipedia. Retrieved January 3, 2009 from

http://en.wikipedia.org/wiki/Analysis_of_Competing_Hypotheses
Bean, H. (2007). DNI’s Open Source Center: an Organizational Communication

Perspective. International Journal of Intelligence and CounterIntelligence, 20(2),

240-257.
Bunt, G.R. (2003). Islam in the Digital Age E-Jihad, Online Fatwas and Cyber Islamic

Environments. London: Pluto Press.
DNI Open Source Conference. (2008). Retrieved January 7, 2009 from

http://www.dniopensource.org/

2009 from http://money.aol.com/news/articles/

Internet World Stats. (2009). Internet Growth Statistics: Global Village Online.

Retrieved January 7, 2009 from http://www.internetworldstats.com/

Commentary. USA Today. Retrieved August 22, 2004 from http://www.rand.org

2008 from http://www.fas.org/irp/cia/product/analytic.pdf

Retrieved January 3, 2009 from http://www.federaltimes.com

14(2), 1-34. Retrieved on December 24, 2008 from http://www.allacademic.com

Current trends in the Islamist terrorist threat. General Intelligence and Security

Services (AIVD) of the Netherlands. Retrieved November 19, 2008 from

http://www.fas.org/irp/world/netherlands/violent.pdf

sciences. Journal of Family and Consumer Sciences Education, 25(1),

Spring/Summer 45-55.
Reid, E., Chen, H. (2007). Internet savvy U.S. and Middle Eastern extremist groups.

Mobilization: an International Quarterly Review, 12(2), 177-192. Retrieved

Jananuary 7, 2009 from

http://ai.arizona.edu/go/intranet/papers/Internet%20Savvy...etc.pdf
Shrader, K.P. (2004, December 30). Analysts are in great demand: Intelligence agencies

scramble for talent. Washington Post. Retrieved January 3, 2009 from

http://www.washingtonpost.com
Van Geder, T. (2006). Rational Thinking.

http://rtnl.wordpress.com/2008/12/15/future-trend-hypothesis-mapping- displacing-ach/

Special Report 116, U.S. Institute of Peace. Retrieved January 13, 2004 from

http://usip.org/pubs/
Willing, R. (2006, November 28). Intelligence agencies invest in college education. USA

Today. Retrieved September 5, 2007 from http://usatoday.com
Wilson, L.O. (2006). Leslie Owen Wilson’s Curriculum Pages. Beyond Bloom – A new

version of the cognitive taxonomy. Retrieved December 24, 2008 from

http://www.uwsp.edu/education/lwilson/curric/newtaxonomy.htm
Zegart, A.B. (2006). An empirical analysis of failed intelligence reforms before

September 11. Political Science Quarterly, 121(1), 33-60.

Graduate Category-
Patrick John Reyes Ramos

Information is to Intelligence as Cell is to Human

Introduction

A vast literature on the subject of intelligence have come up with the simple but precise formula that intelligence equals information plus analysis. While it is true that analysis spells out the major difference between an intelligence product and merely raw information, the latter still constitutes a critical half of the intelligence equation. Apparently, as cells are the basic building blocks of the human body, information are the fundamental elements of intelligence. Therefore, the intelligence field requires an effective strategy for identifying, gathering, collecting and organizing data and basic information. Against a background of rapid technological progress around the globe, the intelligence community surely encounters boundless possibilities and significant opportunities in the ambit of information sourcing and data collection. But at the same time, it is confronted with a number of important problems and growing concerns. Firstly, how can the intelligence community deal with the massive influx of data in this era of the internet and highly-advanced information and communications technologies? In particular, what prospects and barriers exist for the intelligence professional in carrying out a successful intelligence task in this time when huge information are easily accessible to almost anyone, anytime and anywhere? Secondly, which sources, tools, software and techniques can lead to the most reliable and efficient data gathering and collection methodology? Apart from these, what other skills and instruments can better equip and enhance the intelligence professional in fruitfully identifying good sources of data and information? Lastly, who can lend support and assistance in furthering the intelligence field in this period of unprecedented information and technological advance? More importantly, how can the intelligence community tap their resources and expertise to develop better ways of finding and gathering appropriate and useful information that will ultimately result to exceptional and valuable intelligence products? Consequently, this essay provides a brief discussion on the above vital challenges facing the intelligence community at present and over the next decade or so and likewise offers a number of ideas and suggestions on how to address and tackle some of these issues.

Indisputably, our world currently lives in an information age. With the proliferation of the internet and the unparalleled advancement of information and communications technologies, various data and information are truly within the fingertips of anybody with the sufficient means and resources. Of course, this translates to positive developments for the intelligence field given that information constitutes the necessary starting point of any intelligence-related endeavor. Unfortunately, not all information, whether publicly- or privately-sourced, can be reliable and useful to the intelligence community and in some instances may even be deceptive, burdensome and misleading. Moreover, whilst the accessibility of tons of data and superior technologies nowadays has considerable benefits to intelligence professionals, it also poses some danger and negative aspects including the availability of the same information and devices to the public and other organizations (which lessens the tactical advantage of the intelligence community) and more problematically, the possibility that such information and tools can be intercepted or fall into the wrong hands which can then be utilized for unlawful purposes that in the end would only instigate catastrophic and ill results. Thus, the intelligence community, aside from exploiting the benefits of prevalent information and technological breakthroughs, should also strive to find even more advanced ways and techniques of collecting and assessing the reliability of data and their sources, intensify the security, preserve the exclusivity and enhance the manner in which information are transferred within its networks as well as continue to discover and introduce much sophisticated technologies for data gathering and collection in order to maintain the organization’s intelligence and counterintelligence edges.

Definitely, the intelligence community is at a better position now more than ever to undertake its task. The availability of various information sources, tools and software packages opens up a myriad of possibilities for synthesizing valuable intelligence products. The challenge then lies in the identification, selection, optimum utilization and upgrading of these modern instruments in order to arrive at the most reliable data and information. For instance, geographic information systems (GIS) can offer large and relevant data which may be utilized in a wide variety of applications. The intelligence community must therefore master GIS to the fullest extent possible and likewise augment existing imagery systems with more high-level and specially designed features which can further contribute to better information gathering and processing. Similarly, electronic tools and various computer software packages provide other useful facilities not only for data sourcing and collection but also for the organization, sharing, safekeeping and analysis of information. Traffic and transportation modeling software packages, for instance, can simulate spatial movements and mobility scenarios according to specific changes or disturbances in a particular system (e.g., road and expressway blockage, terrorist bombings of certain buildings and structures, mass departure during natural disasters, etc.) which might proved invaluable to intelligence-related tasks like police entrapment activities, counterterrorism measures as well as disaster relief and mitigation. The internet, of course, affords another extensive resource of expedient, albeit not always reliable, information and scholarly articles which can facilitate the intelligence community in carrying out its function. However, caution must always be exercised whenever data and information are derived from this type of sources and verification and assessment should always form part of the whole data collection process. Evidently, information can now emanate from several sources and can likewise come in various forms and structures. Therefore, the intelligence community must always be adept, vigilant and conscientious in identifying, gathering and using existing data and their sources and at the same time continue exploring undiscovered and groundbreaking technical resources and methods.

While it is commonly accepted that security, confidentiality and exclusivity are essential pillars of the intelligence field, some degree of openness and receptiveness can actually benefit the intelligence community. Realistically, not every skill and ability can be secured internally within intelligence agencies. The number of times that outside experts from academic circles, businesses and scientific communities have been called upon to provide opinions and recommendations during intelligence operations plainly supports this argument. Hence, the intelligence community should encourage much wider participation of other specialists to assist in enhancing the institution’s data collection and organization procedures. Such skills as creative and critical thinking, ingenuity and innovativeness that many scientists, researchers, engineers and other practitioners share with most intelligence analysts and professionals can absolutely facilitate in the identification, gathering and organization of more reliable and accurate information. Strong ties and collaborations with these outside individuals would thereby fortify the capacity of the intelligence community and bring in fresh and modern ideas, technologies and supplementary resources. Joint researches and projects with academic institutions and commercial enterprises, forums, conferences and training workshops on multidisciplinary subjects and related areas as well as direct hiring or recruitment of scientific, technical and other relevant personnel are some of the ways through which the intelligence community can draw upon the expertise of these future crucial partners in the intelligence field. Obviously, prudence and strictness must always be observed in dealing with the above proposed encounters so as to preserve the integrity of the intelligence community but a certain amount of transparency and confidence should also be allowed in order to fully optimize the benefits from such cooperation and alliances.

There are some issues and concerns arising with regard to the collection and organization of data and information for the purpose of intelligence during this period of rapid technological growth. Against a background of too many accessible but not necessarily dependable physical and electronic sources, highly-sophisticated information tools and varied communication methods, this essay identifies three important challenges facing the intelligence community now and in the years to come, namely: (1) how to carefully identify, choose, access, evaluate and utilize reliable and accurate information and their sources, (2) how to further improve data sourcing, collection, sharing and storage techniques, and (3) how to explore new resources and tap outside specialists to help in developing more and more intricate systems of information gathering, interpretation and safekeeping. To respond to such challenges, the intelligence community should at the outset be experienced and well-versed on recent innovations in the information and communications fields as well as in other scientific and engineering disciplines. It must adequately build its capacity and competence in utilizing new developments in these areas to continuously enhance its data sourcing and collection processes. At the same time, it should maintain its resourcefulness, imaginativeness and creative nature to also gather and find information via other non-mechanized and unconventional ways. Next, the intelligence community must exploit the capabilities of modern technical instruments like highly-developed imagery systems, electronic and communication apparatuses, computerized tools and software packages and the ever evolving internet to improve and expand its data gathering activities. On the other hand, it should also develop its know-how in other subjects such as regional languages, global political systems and world cultures to encompass a broader resource of raw data and basic information. Finally, the intelligence community should reach out to experts in the scientific and other specialized domains to become more responsive and well-prepared for the latest advancements in the field of information collection and organization. Accordingly, it must foster strong ties and partnerships with businesses, industries and academic institutions which can undoubtedly provide ample support, guidance, resources as well as new perspectives and direction. By imbibing some of the foregoing suggestions, the intelligence community can most likely fulfill its mandate much effectively and successfully and likewise be able to nourish its competitiveness and ascendancy in this current era of information and technological revolution.

1. 
   Bureau of Justice Assistance, Office of Justice Programs, U.S. Department of Justice. Intelligence-Led Policing: The New Intelligence Architecture. September 2005. http://www.ncjrs.gov/pdffiles1/bja/210681.pdf (last accessed on January 5, 2009).
   
2. 
   New Jersey State Police; Center for Policing Terrorism at the Manhattan Institute; Harbinger. Practical Guide to Intelligence-Led Policing. September 2006. http://www.cpt-mi.org/pdf/NJPoliceGuide.pdf (last accessed on January 5, 2009).
   
3. 
   Robert Hutchings, National Intelligence Council. Strategic Choices, Intelligence Challenges (Speech delivered at the Woodrow Wilson School, Princeton University). December 1, 2003. http://www.dni.gov/nic/speeches_choices_challenges.htm (last accessed on January 5, 2009).
   

The Threat From Cyberspace

In a tragically ironic turn of history, a remnant of perhaps the greatest struggle of the 20^th century helped spark what threatens to be the defining challenge of the 21^st. On April 27, 2007, the Estonian government relocated the Bronze Soldier of Tallinn, a memorial to the millions of Red Army soldiers who died fighting Nazi Germany. The move stirred simmering ethnic rivalry and, in response, a group of rogue actors moved to exact revenge upon the Estonian government. Ten years ago, such a response would have likely involved bombs and bullets and burning buildings. However, this attack came through a very 21^st century medium: the Internet.

A carefully orchestrated denial-of-service campaign employed a massive network of hijacked computers to flood websites critical to Estonian infrastructure. An Estonian government spokesman confirmed that websites normally receiving 1,000 visits each day were being inundated with 2,000 visits every second.⁹ Sites belonging to Estonia’s government, political parties, media outlets, and leading businesses were all forced to shut down. The infrastructure of an entire society grinded to a halt; a sovereign nation was, albeit temporarily, toppled without a single shot fired.

Intelligence agencies the world over must treat the Estonian cyberattack as a wakeup call; as a grave signal that the age of cyberwarfare and cyberterrorism is here and, perhaps, has just begun. The increasingly interconnected world of the 21^st century has ushered in an era of new personal luxuries and technological innovations that have truly transformed human society. Yet, this era’s greatest strength – the proliferation of information technology that has connected and empowered so many – may also be its greatest weakness. Threats from cyberspace – from warfare to espionage, from organized crime to terrorism – will constitute the intelligence community’s greatest challenge as it confronts the difficult and dangerous decade to come.

The Estonian cyberattack stands out as a particularly ominous example of how a nation can fall prey to an online offensive, but it is neither the first nor even the greatest strike of its kind. For years, hackers on the Indian subcontinent have been engaged in a cyberconflict, with scores of denial-of-service attacks exchanged over the Pakistan-India border. After the disqualification of South Korean speed skater Kim Dong-sun effectively awarded a gold medal to American rival Apollo Ohno at the 2002 Winter Olympics in Salt Lake City, outrage in South Korea manifested itself in a massive denial-of-service attack that brought down several large American servers. Perhaps the largest and most damaging cyberattack to date was a series of China-based hacks on United States government computers that the FBI has codenamed Titan Rain, though Titan Rain stands out from this list because it was not a denial-of-service attack.

Denial-of-service attacks are often launched using bot networks, or botnets. Responsible for both the Estonian and Olympic cyberattacks, botnets are constellations of computers that have been compromised and infected with a malicious code. The code allows them to be remotely controlled by a hacker (known as the botmaster) over the Internet. Remotely controlling thousands (sometimes hundreds of thousands) of computers enables the botmaster to flood and disable websites, potentially wreaking havoc on any electronic system. How can a threat to computer systems, in the age of seemingly greater threats including nuclear proliferation and Islamic extremism, comprise the most important challenge to the intelligence community? The problem is that computer systems now control nearly every facet of military and civilian life. Joel Brenner, the National Counterintelligence Executive put it this way:

Our water and sewer systems, electricity grids, financial markets, payroll systems, air and ground traffic control systems ... are all electronically controlled, electronically dependent, and subject to sophisticated attacks by both state-sponsored and freelance terrorists.¹⁰

Clearly, the threat of a botnet attack transcends the inconvenience and monetary toll of mere website failure. The fact that a botnet attack on the United States civilian or military infrastructure has not yet inflicted significant and lasting damage, experts agree, does not mean that America is safe. In fact, the threat appears to be growing as cybercriminals in general and botmasters in particular have grown dramatically more adept and powerful in recent years. One reason for identifying the threat from cyberspace as the most important challenge facing the intelligence community over the next 10 years is to examine what has happened on this front over the past 10 years. A decade ago, cybercrime was a blip on the radar of intelligence agencies. Today, according to the FBI, it costs American industry alone almost half a trillion dollars per year.¹¹ Dr. James Lewis, Director of the Technology and Public Policy Program at the Center for Strategic and International Studies in Washington, D.C. explains:

Ten years ago, they were amateurs; now they are professionals who stay on top of their game. Cyber crime is a risk… and we’re having a hard time getting a handle on it.¹²

Botnets in particular seem to be evolving in two major ways. First, the mechanism of infection is changing. Botnets used to be transmitted by hiding in software and programs that people open from their email or download from the Internet. A well-informed individual could largely avoid botnets by not downloading pirated software, not following malicious links, and not opening spam email. Unfortunately, those days are long gone. Avoiding such risky online practices is no longer sufficient because bots are increasingly transmitted through “drive-by downloads” from legitimate websites.¹³ This means that bots can spread simply through the viewing of innocent websites (no conscious download is required), and such transmission can occur without the knowledge of either website owner or viewer. Since bots are often very good at hiding their presence, the owners of infected computers generally do not know they are carriers of the botnet… and one does not need to be a practicing physician to know that it is very hard to cure an illness when the patient has no symptoms at all.

The second major aspect of the deeply troubling botnet evolution involves the flattening of the botnet organizational hierarchy. Until 2004, all botnets operated in basically the same fashion: As the network grew, the botmaster communicated with its herd using an Internet Relay Chat (IRC) server.¹⁴ Under this system, every bot has a direct link to the botmaster. If the authorities could successfully locate a bot and track the IRC address of the computer on the other end of the botnet communication, then the authorities had successfully found the botmaster. From there, arresting the botmaster and disabling the botnet was relatively easy work.

Then, in 2004, the first P2P botnets began to terrorize the web. P2P botnets, or peer-to-peer bot networks, operate much as they sound: The bots communicate as peers, so a direct IRC connection no longer links each bot to its master. Since trapping a bot does not easily lead authorities to the ringleader, the proliferation of these advanced botnets are even harder to stop.

The case of Jeanson Ancheta is a rare example of a major botmaster who was tracked down and convicted in federal court. Ancheta alone, a 21-year-old California hacker and member of a group known as “Botmaster Underground,” had taken over more than 400,000 computers.¹⁵ These advanced botnets are staggeringly – almost incomprehensibly – vast and potent threats. In 2006, the prominent Internet security firm Symantec announced that it had detected over 6 million bot-infested computers.¹⁶

It is critical that intelligence agents understand the way in which this new type of cybercrime fits into the existing criminal and terrorist framework. Ancheta reportedly earned over $100,000 from Internet advertising companies for permission to access the botnet, and may have rented out the botnet as well.¹⁷ The Estonia attack was also carried out via a rented botnet, or more likely, several rented botnets. The attack finally subsided on May 10^th, not because Estonian authorities had defeated the hackers and cracked their malicious code, but because the time for which the botnets were rented simply ran out.

Thus, organized crime is an integral component of the cyber threat. Botnets are commonly owned and operated by online gangs like “Botmaster Underground” and turf wars and bot-based extortion are all too common. Intelligence professionals are well aware of the fact that, wherever organized crime runs rampant, the terrorist link is not far away. That many nations, largely in the Middle East and Southeast Asia, are quickly becoming world leaders in both information technology and anti-American ideology, presents a pressing concern. One fear is that cyberweapons might fall into the hands of terrorists. This scenario should not sound like science fiction. In fact, terrorists have long used cybercrime to plan and fund their objectives. It is clear that advanced technology is playing an increasingly critical role in Al-Qaeda operations:

Ramzi Yousef, who was sentenced to life imprisonment for the previous bombing of the World Trade Center, had trained as an electrical engineer, and had planned to use sophisticated electronics to detonate bombs on 12 U.S. airliners departing from Asia for the United States. He also used sophisticated encryption to protect his data and to prevent law enforcement from reading his plans should he be captured.¹⁸

It seems only a matter of time before those who harbor extreme anti-American sentiment and computer mastery find a way to combine those two passions on an unprecedented scale… especially given the vulnerabilities that exist in American military and civilian infrastructure. For example, federal authorities were forced to deal with gaping holes in the Supervisory Control And Data Acquisition (SCADA) system and the Simple Network Management Protocol (SNMP) in recent years, both of which control critical components of American infrastructure. The Congressional Research Service report on Botnets, Cybercrime, and Cyberterrorism explains:

Some experts believe that the importance of SCADA systems for controlling the

critical infrastructure may make them an attractive target for terrorists. Many

SCADA systems also now operate using Commercial-Off-The-Shelf (COTS)

software, which some observers believe are inadequately protected against a cyberattack… In August 2003, the “Slammer” Internet computer worm was able to corrupt for five hours the computer control systems at the Davis-Besse nuclear power plant located in Ohio (fortunately, the power plant was closed and off-line when the cyberattack occurred).¹⁹

In 2002, a major vulnerability was discovered in switching equipment software that threatened the infrastructure for major portions of the Internet. A flaw in the Simple Network Management Protocol (SNMP) would have enabled attackers to take over Internet routers and cripple network telecommunications equipment globally… the security flaw could have been exploited to cause many serious problems, such as bringing down widespread telephone networks and also halting control information exchanged between ground and aircraft flight control systems.²⁰

The terrorist fascination with aircraft is clearly nothing new. In this day and age, though, the intelligence community must focus as much on securing the information technology that controls air travel as on securing aircraft themselves. America and the world can ill afford a vulnerability in SCADA or SNMP to be discovered and exploited by terrorists before it is found and fixed by federal intelligence authorities. This Congressional Research Service report captures another critical part of the cyber threat, the interconnection between military and civilian infrastructure and software. The presence of commercial-off-the-shelf (COTS) software in government infrastructure is troubling because cybercriminals and terrorists have access to very similar if not identical programs. The fact that about 85% of American infrastructure is privately owned also presents grave security challenges, as private firms often prefer to spend shareholder funds on profit-maximizing innovations instead of costly security measures that may only seem important when it is too late.²¹

Another worry is that cyberciminals might sell botnets and other cyberweapons to terrorist organizations. This is perhaps a more likely scenario, as most cybecriminals are more interested in making a buck than making jihad against America and its allies. The anonymity that characterizes the black markets in which these sorts of cyber secrets are exchanged could easily place botnets or cyberweapons in hostile hands.

Perhaps the greatest threat of all, however, is that of a coordinated attack. Some experts have expressed the opinion that a massive cyberattack does not fit the Al-Qaeda modus operandi because Al-Qaeda tends to prefer more spectacular attacks that cause real-life bloodshed, thus sending a clearer message to the world. However, a cyberattack would be an ideal way to supplement a conventional attack – perhaps a nuclear, biological, or chemical strike – and amplify its effects by hindering the response effort. Ronald Dick, director of the FBI’s National Infrastructure Protection Center, elaborated on this threat:

The event I fear most is a physical attack in conjunction with a successful cyber-attack on the responders' 911 system or on the power grid… [One in which] the first responders couldn't get there . . . and water didn't flow, hospitals didn't have power. Is that an unreasonable scenario? Not in this world. And that keeps me awake at night.²²

Espionage, as experienced during Titan Rain, represents another serious danger in cyberspace. The threat of nations or corporations hacking into government computer systems and retrieving classified data is certainly a leading challenge for the intelligence community, as is the growing possibility of an insider stealing vast amounts of data on a flash-drive or other tiny media device that can easily be hidden and smuggled past security checkpoints.

However, in this era of globalization, cyberattacks designed to cripple major transportation or financial infrastructure are more likely to come not from a nation state (China, for example, is almost as dependent on the American financial system as is the United States) but from a rogue group that rejects the world economy altogether.²³ The global network of extremists that the United States is currently confronting in the War on Terror fits that description to a downright chilling extent. Testifying before the House Committee on Homeland Security, former NSA Director’s Fellow O. Sami Saydjari described what the aftermath of a massive cyberattack might look like. His poignant description is as frightening as it is critical to 21^st century intelligence:

As another day turns to night, looting starts, and the traffic jams get worse. Word begins to spread that the US has been attacked—not by a conventional weapon, but by a cyber weapon. As a result, our national power grid, telecommunications, and financial systems have been disrupted—worse yet, they won’t be back in a few hours or days, but in months. The airports and train stations have closed. Food production has ceased. The water supply is rapidly deteriorating. Banks are closed so people’s life savings are out of reach and worthless. The only things of value now are gasoline, food and water, and firewood traded on the black market. We’ve gone from being a superpower to a third-world nation practically overnight… We are a nation unprepared to properly defend ourselves and recover from a strategic cyber attack.²⁴

Working to ensure that that day never materializes is truly the greatest challenge facing the intelligence community in the coming decade and beyond.

Conference Center Floor Plan