New Threats Require New Defense Strategies

As we enter a new phase of terrorism old counterterrorism measures need to be reviewed and updated. Since 9/11 the law enforcement community has been building counter terrorism strategies on the theory that each terrorist event requires significant pre-planning and that this pre-planning is done in a manner detectable by the public and law enforcement. Much of the counterterrorism industry is accustomed to the “Eight Signs” or pre-indicators; Surveillance, Information Gathering, Security Testing, Finance, Logisitics, Strange Behavior, Dry Runs, and Deployment. This strategy worked for several years because it was assumed major attacks would require significant time spent performing each pre-indicator. Today many of these pre-indicators have been compressed or eliminated which reduces the possibility of detection. Two types of attacks illustrate this, and the need for updated strategies; active shooters and cyber attacks.

Active shooter cases appear to be on the rise in the United States. In post-attack analysis certain patterns have emerged, but there is a lack of pre-incident “unifying behaviors” explicit enough around which to craft countering strategies. For example, in all active shooter cases the suspect required access to a firearm. Since the purchase of weapons is not prohibited, nor successfully monitored, there is no way to build a countering strategy around acquisition. Surveillance and Dry Runs are still possible gateways of prevention, but rely more on luck than science to be successful. To effectively combat active shooter attacks we need to look at core prevention strategies with an understanding that the risk of an active shooter attack will always be present. This assumption in place, prevention strategies need to focus on reducing the risk posed to potential targets. Re-writing emergency plans, identifying shelter-in-place locations, and proactive security measures are all proven methods for reducing the risk of active shooter attacks. These strategies are most successful when complimented by real-life training scenarios exposing participants to the sights and sounds of the real incident.

The complexities of cyber warfare are vast and numerous, and because the warfare is conducted in “cyber space” traditional pre-indicators are not valid. Whereas state secrets were once the currency of the realm now cyber collectives attack everyone from corporations to police agencies meaning it is virtually impossible to identify which specific data is at risk and which is not. The old adage of the best offense being a robust defense is very prescient in cyber warfare. By examining threats and trends, and being proactive with system security, the risk of a successful cyber attack is significantly mitigated. It is also vital to examine nontraditional security measures in data management and access controls. Finally, the use of preventative intelligence will add the final touch to a robust security posture. Preventative intelligence leveraged against cyber attacks will be addressed in another entry, however it is vital to understand how important it is in defending your networks.

As the world moves from one iteration of terror to another, counterterrorism strategies need to evolve. Counterterrorism strategies built around significant pre-planning operations needs to give way to current methods of protection, detection, and deterrence. While there is always an inherent risk of attacks regardless of time or place, using intelligence and building strong and flexible defense networks will mitigate risk and save lives.