Contents: Keynotes, Panels, Sessions
- About the Summit
- The Madrid Agenda
- Related Links
- Document Library
- Media Room
March 10, 2005
Moderator: Brian Jenkins
Panellists: Anja Dalgaard Nielsen, Steve Lukasik, Peter Zimmerman, Declan Ganley, Mark Lampert
The panel and ad hoc working group Terrorism Goes High Tech discussed how modern society had become highly vulnerable. In one panellist’s view, terrorists increasingly act like venture capitalists in choosing targets that maximise the political and economic damage to their enemies. Specific vulnerabilities included the power grid and the internet. There was also a danger that terrorists may steal or acquire weapons of mass destruction. However, modern technologies could also be drawn on in the fight against terrorism, with one panellists arguing that technology could help to minimise the terrorist risk at every stage of a group’s development.
Complete audio of the conference
- Terrorism Goes High Tech
- Audio Archive (English) [1h. 21m., 19 MB, MP3]
Moderator, Brian Jenkins
We understand that a number of the panels are starting late this morning because of some backup set of the security line. We didn’t want to wait any longer so one or two can proceed.
In the following 90 minutes we are going to be discussing how terrorist exploit technology and how we can effectively exploit technology to improve our capabilities to fight terrorism. Although I will begin the discussion focusing on the threat side, most speakers are going to address both issues, that is, how terrorists may exploit technology and how we may use technology to more effectively combat terrorism.
Threat issues will in fact dominate the front part of these presentations and technology in the service of counterterrorism will dominate the later presentations.
We have assembled a diverse and a really different sort of group to address the topic of technology. Peter Zimmerman, Professor of War Studies at King´s College in London and Steve Lukasik, the former director of the U.S. Defence Advance Research Project Agency and former Chief Scientist at [...]. Two diabolically creative gentlemen will provide the scientific foundation for our work. Peter will be talking about some of the potential things that we are concerned about, that terrorist might do. Followed by Steve who will be talking about follow up on that topic as well as talking about some experiences that we have had working with red teams. Red teams try to mimic the planning process and the thought process of our terrorist advisories.
Declan Ganley will come next, he is one of two business entrepreneurs on our panel. He is a specialist in mobile broadband and wireless technology and also an officer in the Irish Army Reserve and he’s going to be talking about how terrorist exploit communications technology and how we can use the latest developments in communications technology to, again, improve our capability to combat terrorism.
Anja Dalgaard-Nielsen will come next, she’s a fellow at the Danish Institute for International Studies and advises the Danish Emergency Management Agency, Ministry of Defence, Ministry of Foreign Affairs and the day before yesterday led a spirited discussion of the ad-hoc working group on science and technology for which I thank her very, very much. She will be talking about how we might think about the technological component of an overall strategy on terrorism.
Then we will finish with Mark Lampert, our second entrepreneur who’s specialised in the biotech area. One of the things he is going to do is to speculate how another business entrepreneur, former business entrepreneur, Osama Bin-Laden, might make investment decisions among the operational proposals that are offered to him. Our intent here is not to offer conclusions but rather to provoke thinking about the issue in noble ways. So it not a simple presentation of frightening terrorist scenarios but rather how to think about this. Let me make a few general introductory remarks about the subject itself.
When we talk about terrorism going high tech, terrorist use of high technology, they may do so in several ways. One is to employ high technology weapons, that is to go in to the chemical, biological, radiological and, I suppose even potentially nuclear weapons or surface to air missiles or special conventional explosives. In other words, we are talking about the moving up to the high technology area on the weapon side. That is a concern because the terrorists are showing an increasing interest in this domain. Fortunately, at the present time, their capability trails their ambitions. Most of the attack that we have seen in this area whether involving Sarin as in the 1995 attack in Tokyo or some of the incidents involving Risin or other substances, these have been very primitive attacks with very primitive dispersal systems and although they create a big deal of alarm, fortunately the casualties were far less significant.
The second way terrorist may go high tech is to sabotage high tech targets using sophisticated or unsophisticated means. Clearly intending to simply kill a lot of people and only depending on the definition, only one or two percent would fall in to the category of traditional sabotage of vital infrastructure like power systems, water systems, things of this sort. Indeed it seems, at least historically, that effective sabotage requires a continued campaign that is difficult to bring down, whether often robust infrastructure systems with a single attack although there are some concentrations of consequences that we’ll be talking about.
The other thing that we know in general is that sophistication improves with frequent repetition, in other words terrorist are learning organisations. If they do something again and again and again, each time they are getting better and better at doing it. There will be some examples which Declan Ganley will be talking about in that dimension drawing on the history of the IRA as well as the recent resistant movement in Iraq.
Third, the third way is that terrorist may exploit existing technology, off the shelf technology, to support their operations, that is simply to make their own operations more effective and more efficient and here I'm talking about a terrorist use of the Internet for example, both as a communication tool and as a clandestine communication tool.
These curves on the graph here are entirely freehand so they reflect no numerical values but if you look at that and think about it when we are talking about the terrorists moving in the area of doing some of these higher technologies or more consequential things we’ll think about the farther left of the graph there being the low level activity that we could potentially see, in say, chemical, biological, radiological or some of the more extreme conventional thing. The yellow line is representing the consequences of it as we proceed into some of these more sophisticated areas, part way up the use of Sarin in Tokyo or the anthrax letters that we experienced in the United States. As we move toward your right hand side of the chart, we are getting in to perhaps even the nuclear domain, we se that the consequences are getting up extremely sharply as we are going through this.
However, the red line represents the fear, alarm and disruption that these attack would cause. What we note here is that even a hoax, if credible, if broadcast, is capable of creating significant panic and that that comes up much more sharply; then, of course, as we come up to the line there, begins to level off because there’s only so much panic one can produce.
Historically, terrorists have operated in that area, in a sense, below the right hand bar or in the area, that’s where they carry out incidents of, fortunately, relatively modest violence but have really manipulated the fear and alarm. The perfect example of that would be the Sarin attack in Tokyo or the anthrax letters in the United States. Our concerns are of course that we will go on beyond that and get in to the area where we really begin to see ascending consequences.
Another thing we can note in this, as a general observation, is that for the most part terrorists tend to be conservative in their decision making, not in their ideology, because of the nature of the organisation the decisions are often made on the basis of consensus and there’s a perceived high penalty for operational failure. That really hurts the reputation of the terrorist organisation. In any organisation where decisions are made by a committee and where there is an abhorrence of risk, that is going to produce a very conservative decision making and therefore what we have seen is innovations over the last 35 years.
But incremental innovations, small steps, come not from the identified terrorist organisations but rather come from outside domain defined, officially, as terrorism. For example in 1995 in the Sarin attack in Tokyo the perpetrator was not the terrorist organisation net everyone was looking for but rather a bizarre religious cult. In the case of the anthrax letters we do not believe that they came from any identified terrorist organisation, but probably are the product of one mad scientist.
In California, many years ago in 1974, there was a mad bomber, truly a mad bomber, a mentally disturbed individual, who carried out a bombing campaign. He was called “the alphabet bomber” because he was going to “spell out” aliens of America with bombs beginning with A for Airports, L for Lobby and things like that, only he knew what the code was. When he was apprehended he was at work fabricating a binary nerve agent which as a chemical engineer he knew how to do and had all the ingredients except one. My point is that that’s a big problem for intelligence because as we focus on identified terrorist organisations we may really miss some of the frightening developments that are going to come in from a completely different dimension.
That brings me to the next slide. Again, it’s a data free presentation, but in this particular one, if we were to take our mad bomber type, at one of these ends of the spectrum, represented by MB for Mad Bomber, and go up through increasingly large, more sophisticated organisations, say all the way up to the right hand side to “Large Organisations” with many people with a constituency with something to loose, we would see if we talked about their willingness, their willingness alone to carry out this attack, they might be very willing to do so. We could find emotionally disturbed, mentally disturbed people who are ready to destroy the planet. Fortunately, their capabilities are very modest.
As we go to the right hand side, we see that the willingness may decrease as the capability may increase. It makes no difference if these axes are flatter or in the right place but there is a place where the X, the willingness, intersexes with capability. What we do know is that that X is not static but is migrating and that is as technology becomes more available, as knowledge of weapons becomes more available. Smaller and smaller groups are acquiring the capacity for large scale violence once possessed only by armies.
The second thing we see happening is that some terrorist organisations and terrorism in general is increasingly willing to engage in large scale indiscriminate violence. So our crossover point, unfortunately, is migrating in the direction of capability meeting willingness. That is a real challenge going forward.
Final point is that one stunning change, which is a consequence of 9/11, is that many of the scenarios, that are now on the table and in the headlines, are about terrorists that are using various weapons or are carrying out various kinds of sophisticated sabotages that are disrupting the society. Almost all of these were on the table 30 years ago. Perhaps 40 years ago they were on the table in the novels and the screenplays that we saw. Certainly not more than 30 years ago they were being seriously considered. So what is new is that we have redefined plausibility. That is one of those extreme scenarios that would have been dismissed as the stuff of novels and screenplays in the 1970’s are now the operative presumptions of our security planners.
Let me use that as an introduction to Dr. Zimmerman who will talk about some of the plausible and potential things that terrorists might do in the future.
Thank you Brian, I hope I can live up to some of that. My object is not really to frighten you but perhaps to make you think a little bit about things that maybe are uncomfortable.
Something like 30 years ago our chairman Brian Jenkins asked the most thought provoking and analysis provoking question in the history of the study of terror. He asked if terrorists wanted everybody watching or wanted everybody dead. The answer at the time was that they wanted everybody watching. They wanted [...] airplanes to the Jordanian desert, five airliners in one day, they blew them up with very little loss of life but with fantastically good television coverage.
Since 9/11 and M-11 I think we have come to realize that there is a category of terrorists that would like it to have everybody dead or at least really truly wishes to inflict mass death an mass casualties.
The taxonomy that says not to split the possible domain of terrorism into everybody’s watching and everybody’s dead is very powerful all by itself. In the everybody’s dead category there is really one best, most powerful solution and that is for terrorists to go nuclear. I started worrying about nuclear terrorism back in, I think, 1974 when an English novelist and I collaborated on a book call “Gadget”. We conceived a nuclear terror plot that culminated in a disastrous nuclear explosion. We didn’t let them sneak off at the end.
If you truly are looking for mass casualties, nuclear is the solution and the terrorist of the future will accept no substitutes. Certainly chemical weapons there are no way to cause enormous numbers of deaths and biological weapons aren’t either, under normal circumstances. I think that I’m one of the few people you have ever seen who has been the victim of a biological attack. I was working in the US senate when the anthrax letters came in. A nuclear weapon can either be an improvised nuclear device, or IND in our governments jargon, or it can be a stolen weapon. Can a terrorist build a nuclear weapon? The answer is: Certainly!
Steve and I have had long offline discussions during this group where we have gone through elements of the engineering, constructing and smuggling such a weapon. For some designs I'm perfectly happy to say: yes I think I can carry that out given the money and given the nuclear material. It is not a Manhattan project problem anymore. But of course it can also be a stolen weapon. There were something over 10 000 American built, man portable or two men portable weapons. That’s a lot! Most of them have been destroyed. The former Soviet Union built a comparable or perhaps larger number and we don’t know the status of these devices today. We really have no idea! Can you steel or bribe someone to give you a real nuclear weapon, a military weapon? I think the answer is yes. I don’t want to put a price tag on it because if I do, immediately someone will say that “that’s too much or that’s too little” and there’d be an argument over what is trivia.
What is not open to dispute is if there’s a terrorist group detonates a nuclear weapon in a major city at a time when it’s occupied, not Sunday at night but Monday at 15.00 there’d be casualties that would be numbered in hundreds of thousands and could be in the high numbers of the hundreds of thousands, it could easily be half a million. If you want everybody watching there are lot of good high tech approaches, you can build a radiological weapon a dirty bomb, you could take a thousand curies of radioactive Caesium 137 that you could steal from any cancer therapy clinic or you could fill an application in, in most countries of the world, and buy openly and legally on the market.
You could disseminate and distribute that anywhere you like. I don’t propose to help the terrorist by discussing here the good scenarios for doing it the best. We leave it to the conventional scenario of high explosive bombs and radioactive. You won’t kill a lot of people; you will shut down large chunks of a mayor city in a hurry because it would have to be evacuated, be decontaminated, surveyed and people would insist on being personally checked to make sure that they are not radioactive. This is an economic crime that might kill a few hundred people at the very most, but would do a serious damage to the society.
One can envision high-tech infrastructure attacks. Our society has become [...] because we have all these technical things, but things don’t degrade gracefully. If you want to do economic damage and have everybody watching for at least a few hours, the most daring and successful thing you can do is to attack a power grid. Not the internet but the power grid, because the power grid goes down all of a sudden, it can go down, as Americans have learned, over a broad area. It’s very hard to recover, it’s extremely expensive and it makes the internet irrelevant because four hours after it happens the last battery of the last “thing” (electric devices) dies and then who cares about the internet?
It’s not all doom and gloom. The technology gives us a few thing we can do ourselves. We can use the technology to look for the bad guys, to worry about what they are doing, to gain information and try to force them to attack our strengths and not our weaknesses. We can do that by pushing them to make errors, after all, when you know that you are under pressure, when you know that the good guys are on your trail, you may make mistakes. We can treat our defences as a system and not as single isolated components. Instead of asking every single section to be 99.99 % perfect we can let them be 99.9% perfect or even less because we’ll stack them and the terrorist would have to go through many gates.
We can tune our response, if we know there’s some uranium missing somewhere we’d step up our aggressive searches for radioactive material. In the same way we can act and lengthen the bad guys’ operational times and increase the time available to go and find them.
Finally I’ll give you one caution in the event of, in particularly a nuclear or biological attack; you must husband the resources that are your first responders. You cannot allow a first responder to operate on his own ethic, which is to just run in and save people, just as happened in New York.
Now, because you run out of first responders a long time before you run out of targets, and in particular against a nuclear attack. There are areas where there will be clearly still people alive. The first responders will want to rush in to these highly radioactive areas and pull out the people but the fact is; most, if not all of these people are going to be dead in a few hours from radiation. If the first responders run in to the affected area, they to will be dead in short order and we’ll run out of cops and we’ll run out of firemen etc. One of the hardest things the political decision makers will be asked to do is to do a triage in situations like that and say “No, I'm sorry, we have to let these people go because they are gone anyway and we dare not give up our first responder sources in vain.”
I’ll stop there and pass it on to Steve. I want to say something, I thought Brian would but I will. Steve, in an earlier life, was Director of the Advanced Research Project Agency and when you talk about the internet, blame him! He was the one who started the whole thing.
Steve, just for one moment. I was going to mention that Dr Lukasik is the father of the internet so we can give him credit for its achievements and at the same time blame him for all of the ills. We are honoured to have with us this morning Lieutenant General Kostin from Russia who has his interpreter translating directly from English into Russian so while we have the benefit of the earphones for translating between Spanish and English we are making a special provision for General Kostin this morning and I’d ask the indulgence of all our panel members if we can tolerate the modest interference of noise from General Kostin’s interpreter. General Costin is a member of the Intelligence Working Group and I think it’s very important that he has the full benefit of the presentations on the panel, so if you don’t mind.
Just to pick up on that last point, yes, you are looking at someone who allowed certain things to be built into the Arpanet that have been propagated in to the internet and I sometimes tell people that my punishment for this is having to spend the last ten years working on Cyber-Security.
The sort of two sided version that has been discussed that is the terrorist wanting people watching or want them dying, I think is incomplete because there’s a third thing they’ve said that they want. They can want us all poor! Bin Laden in his 1998 Fatwa directed his followers to plunder the wealth of all those who were seen as adversaries attacking Islam. Bin Laden is an engineer and he is a manager. Engineers work very hard to build things but of course they know very well how to tear things down. A manager usually has worked very hard to make things work well, but as well knows how to make things work poorly.
The UN definition of terrorism focuses solely on killing people and to that extent I think it’s too narrow, because I want to talk about classes of attacks that will destroy our civilisation. Maybe I'm going a bit too far, but essentially returning us all to a culture and a level of technology that is characteristic of the 10th century.
I'm going to talk about Brian’s two classes, high technology weapons and high technology targets. When you look at information technology which has changed the world so dramatically, we build complex systems that are based on information technology and we can attack those systems with computers. Are we talking about weapons and targets at the same time? We are building highly vulnerable systems for the support of our society. They are based on software, and they are based on software because doing things with software is cheaper than doing things in hardware. Hardware is very inflexible, software you can change easily.
The problem is, with all due respect to computer scientists, software engineers and very smart and hardworking people, the emperor has no clothes. My remark is that we don’t understand software, it’s too complicated! Millions and millions of computer instructions and we don’t know what’s in it, we don’t know whether it’s right or wrong, we don’t know whether someone inserted malicious software into it, we don’t know what its floors are, we don’t know what its failure modes are. So it just happened! The systems are very complex, they are distributed all over the world, they are all connected all over the world, we don’t have local systems, all these systems are global and they are used for a variety of purposes.
The internet is the most obvious one and it has already been mentioned several times. It’s a communication system, it’s an information system, it’s a product distribution system because more and more products are software. It is becoming as important as vehicles and roads! There’s lot of cyber problems, we’ve had accidents with power lines that are cut, fibre optic cables are cut, viruses, access denial etc. In all cases, basically what happens is that the computer stops running until someone fixes something and brings it up again.
I’m worried and the point I want to press upon you is that the really damaging attacks are when things brake, when things are destroyed. When you destroy pumps, when you destroy transformers, pipe line systems or water distributions systems is not just a question of restarting the computer. You have to go and find, with an often very long lead time, items. The transformers of the electric power grid, huge things, one of a kind made only by a few companies in the world, there’s a 14 months lead time. They are too expensive to basically build spares in stockpile.
There we have at least one kind of thing that represents an attack on the economy. There are a number of points that pressure time I’ll pass over. Brian mentioned advanced explosive technology, strapping a bomb around the waist of a suicide bomber or putting 500 000 pounds of explosive in a car or a truck is very simple technology. No military service employs force in that way. There’s a whole class of basically armaments, warheads, all sorts of devilish things, and we read them.
But all those things, in the 1980’s the training camp was Afghanistan and now the training camp is Iraq and Iraq is awash with military materiel. US or all of the other allies who were there, the Iraqi munitions so what we’re seeing is not only training and a new bonding of the next generation of terrorist but they are doing it in a totally different world than they did 20 years ago. As a matter of fact there were surface to air missiles that were used there and they would still be devilous. There’s a lot more stuff going on. These can be used to attack basically the solid infrastructures like bridges, overpasses, underwater tunnels and the like.
One last point on the use of technology that Brian mentioned is that technology can be used by terrorists in the support of their operation. We know they do recruiting on the internet and the websites spread their stories and they use it for covert communication. The one thing I’d point out to you is that between the mid 90’s when The World Trade Centre Attack was planned and today, computer based simulators for training have just moved enormously further. I worked for an aircraft company and a simulator would cost a million dollars, now you can buy a simulator and learn how to fly a plane for something like 25 000 dollars. All you need is one pilot lead you through, we can all do it with a simulator. So what we are seeing is that whatever complex device they want to learn to use, all our security services are watching the flight schools, they are not going to go to flight schools, they don’t have to flight schools anymore.
Just to shift over and be a little more optimistic, because I think that Peter and I have spread enough doom and gloom.
I’d like to talk about four classes of technology for counter terrorism.
First class is obvious, cargo inspections of commercial vehicles at control border crossings, passenger and luggage inspections at ports of entry. A lot of technology, x-ray, gamma-ray imaging technology, pulse neutron activation, a lot of stuff that you can read about anywhere.
Brian mentioned the very interesting experience he and I had on red teaming. One of the problems that the defender has is that he has all of these targets and there are so many ways to attack them. Where do you put your money? You can get very excited about this, [...] you better worry about what they really are going to do.
It’s really hard to ask terrorist what they are going to do. We tend to catch the lower members in the organisation and basically they don’t know.
What a red team does is to collect a group of people, the particular group that I assembled and that Brian was a member of had air traffic controllers, it had transportations experts, it had financial experts, it had lawyers and engineers, it had weapon designers, etc. We were referred to as Al-Qaeda on steroids. We think it’s possible to systematically review the targets and how to approach them and how attractive they are. Because the issue wasn’t how worried are we about that wonderful building. The question is: does the terrorist think that that building is too hard to attack so he’d rather do something else? If you adopt the economist view that the terrorist is a totally rational actor, then the terrorist will do good sensible things that are technically feasible, easiest, cost the less, have the least risk, requires the least amount of skill.
For example taking down the two World Trade Centre towers in one morning, by means of buying ten airline tickets, was a rather creative use of the facilities we offered.
We think we have made great headway in this dimension and it helps us to understand how to allocate resources.
Border control technologies and control points of entry; smuggling works. Smuggling has been going on for hundreds, if not thousands of years, and you can just carry things across borders. One has to do something about that. Unfortunately it’s not cheap.
The last thing I’ll mention is pattern based searches. All of this is in computer databases because we travel, we own houses, we pay our bills, we use credit cards and so on. But they do to! But they do very funny things. Sometimes they are made up people so they have short credit histories. Sometimes they have the same digits that describe them as someone else does because they have stolen someone’s identity. They just do different things. After all, their job is a terrorist and that’s not the job of any of us, so none of our job patterns look at all like what a terrorist’s do. We thought about how to search those transaction databases to see what we could find out, looking at patterns not looking at personal identities.
To close, we were asked in of our briefing sheets; has technology made us more vulnerable to terrorist attacks or has it strengthened our defences against terrorism? The answer, unfortunately, is yes to both. We understand how to use technology against terrorism; most of it simply requires that you make the investments. Nations have lots of things to spend money on so you therefore you come down to this question about how to use the resource.
Some like patterns searches of database has a potential for violating civil liberties and for undermining democracy. The people who have been working in that area think it can be done anonymously without any reference to personal identifiers and that when a significant pattern is apparent you use that to go to a judge, to establish probable cause, to get a warrant to be able to go further. That has yet to be demonstrated.
Most important though, we must stop building technological houses of cards. In simple and single minded pursuit you can make economic efficiency. Thank you.
Thank you. Declan.
Thank you Steve. I'm going to take up on Brian’s point of terrorists as learning organisations and how that learning process evolves. Smart terrorists are the ones who generally stay alive longer than the other guys and learn to liberate assets that are readily available, of course technology is one of those assets.
If we look at the history of the IRA activity over the course of the late 1960’s through to the 1990’s, we can see that learning process in practise. Where in the early days of the IRA, IRA attacks were more likely to take the form of a sniper attack or a bomb attack against British forces deployed in Northern Ireland attacking hard targets in a security saturated environment. What tended to happen to those IRA active service units is that they were captured or killed. We are seeing the same thing in Iraq right now. It won’t take long for smart terrorist to learn that fighting US marines in Falluyah is not a winning prospect and we’re seeing that with the development of IEDs, Improvised Explosive Devices that are triggered with cellular telephone communications in the same way the Madrid bombs here were detonated using the cellular telecommunication infrastructure.
The IRA’s learning curve culminated, in their case, in their understanding, the best and most effective tool available to them was, to Steve’s point, to make us poor risk. What happened was that they changed to the “Sunday night form” of attack in a key bit of infrastructure. That being the Financial City Centre of London, Canary Wharf, blowing up the centres of these cities, I think there were two casualties-two too many-but two casualties, not thousands, but they successfully shut the down the financial capital of the UK for several days with both of those attacks. The last attack that they mounted was very telling; it was a pre-deployed device, buried mortar tubes, a Jason to Heathrow airport, where they dropped four mortar shells on to the runway of Heathrow without detonators. The mortars didn’t go off but they sent a message! We blew up the city twice, we can drop mortar shells on the runway of Heathrow airport whenever we want; you have got to deal with us! They didn’t cross the abhorrence line that empowers populations and makes them willing to seek revenge. That was the IRA’s learning curve.
One possible learning curve that we will see is that rather than put themselves in harms way these worldwide networks can be harnessed to follow these IEDs remote detonation trend. You don’t have to be in the same country as the device when it goes off, you can escalate a path, evolve a path of terror by pre-planting, as the IRA did, multiple devices over the course of a couple of years. Then you are harnessing our own infrastructure activating these devices, one after another over the course of hours, days, weeks or months and let it be known that you’re using our communication infrastructure to do that. In effect, hijack these infrastructures, if they learned anything from the September 11th is that you can shut down the air transportation infrastructure, what if you can harness communication networks and try to force the society to shut down those infrastructures to prevent escalating events. That’s to Steve’s point of make us poorer and those are things that we learn from the IRA.
How can we harness technology to help us to be more efficient in the fight against terrorism? Empowering first responders is one way. The first responders in our democratic societies are our first line of defence against terrorists. They need to have instant situational awareness and they need to be able to pass that situational awareness up their command chain and across their command chain, so it’s going to be vertical and horizontal communications capability and we need to empower these first responders by making data and voice communications available to them that utilised technology that is currently commercially available and is relatively inexpensive. 3G technology is only one of the examples that can be harnessed in that way.
Thank you very much Declan. Anja.
Thank you, Brian. You’ve heard by now about a variety of different potential threats looking at the area of high-tech and terrorism. You’ve heard about a variety of different potential vulnerabilities and attack scenarios and also about some possible answers.
I'm going to take a responder or a policy maker view and follow on from one of Steve’s points, how do we prioritise, how do we allocate resources given this vast amount of different threats, vulnerabilities and potential attack scenarios, and given the uncertainty about the intention of the terrorists intentions, what is it they really want?
I'm not going to present you with an answer, unfortunately, but I will present you with a way that one can try to think about this. Think about the question how do we prioritise, what part and how a greater part of technology can play in a grand strategy against terrorism and if technology corroborates? Which it does.
I have a slide here which has a life cycle you can say. It starts out with some root causes that might be social, political or economic. Then comes the recruitment phase and following that the preparatory phase of training, planning and casing of potential targets. Next comes attacks and then comes immediate consequences, calling for a first response, and then there can be some longer term consequences which can be direct or indirect in the sense that the things we do to protect ourselves against terrorism might have long term negative impact on our society like the right of privacy and the protection of civil liberties.
So there are different phases in the life cycle of a terrorist attack.
Now, what I have listed in the right hand side of the column are different things that you can think of doing with technology to protect yourselves during different steps of this life cycle.
You might think of trying a very upstream approach and use technology to interfere with the terrorist’s recruitment process. You might try to connect European prisons where we know that a lot of recruitments take place with virtual libraries with Islamic texts as a way to circumvent radical preachers you to mention one idea.
You might move further down and focus on some of the things that Steve and Peter have talked about. You can use pattern recognition; you can use technology to try to intercept the smuggling of WMD materials; you can use it to make the lives of the terrorists in general more difficult to force them to stick their neck out a little bit further. You can also, if you are a little bit creative, move all the way down and fight fire with fire in a sense and use the technology that we have available to try to protect privacy by depersonalising data sets and monitoring who’s got access to these data sets when you are going around doing data mining.
The question is, what do we want to prioritise and where do we want to focus? That, of course, depends on what the goals are. What are the goals in our overall strategy against terrorism? What are the priorities? What are the threats that we think are the most important? What are the most critical vulnerabilities? Of course it’s a political task to try to set priorities to define the goals. In general you can say that from a human, economical and societal perspective. The further upstream you can get in the life cycle, the better.
One approach to try to determine what part and how a greater part of technology could play, where we should focus? It could be for example using “Red Teaming” to try to fill in the right hand side of this table; use red teaming of, in if you want to start upstream, psychologists, sociologists and scientists to see if we can come up with ways to get at the problem already at the roots and at the recruitment processes. You can combine that with a venture capital approach trying to harness the creative potential of the private sector and try to see if we can get some good things out at the right hand side of the column that we believe will give us a bank for the buck. We might find that with current imagination, current technology we have to move a little bit down in this life cycle before we can find useful applications but that’s okay because the current instruments we have available to tackle the problems in these different phases are imperfect. We might also find that there are feedback loops, so the things you can do, for example in phase 4 or 5, might have an impact in phase 3 through a [...] denial logic.
The rough guides would be here; look for upstream initiatives and ideas and invest in them, and of course that goes without saying that you can’t fill in the right hand column once and for all since we are working with a very dynamic area, it has to be a recurrent process. Thanks!
Thank you. We began this panel with an overview of how terrorists have used technology in the past, we’ve gone through the science and technology portion of the panel talking about how terrorists could us technology in the future and how we might us technology to combat them. We’ve heard Anja laying out a structure for how we might think about incorporating technology in an overall strategy of terrorism. We now come to the final speaker in our panel to whom we gave two assignments, one; using his entrepreneurial skills to think as a terrorist leader entrepreneur and how an investment decision might be made on the terrorist side to use various kinds of technology. Second; to step over to the other side and talk of some of the issues on the other side, from the perspective of an entrepreneur.
Thank you. First I’d like to say that I'm very honoured to be here with this esteemed group of people and this is a deadly serious business we are talking about. If I could leave you with two thoughts that I’ll probably cycle back to.
The first thought is that I don’t believe we are behaving like a society which faces the real risks that has been talked about in this panel. I think there’s a state of denial that prevails and I hope to be able to at least communicate some of that.
The second point, which Anja talked about, I believe that of the greatest weapon of the West and The United States is the innovation of the entrepreneurial class, and I believe that that weapon, I live in California and I’ve seen what it can do, has been largely absent from this discussion and this campaign and that has to change.
I manage a biotechnology investment fund; I’ve been doing it for 10 years, we have assets about a billion dollars and for my job as a venture capitalist, what I basically need to do is to take resources and allocate them around a set of very high risk, high reward opportunities in an environment of great uncertainty. That’s what I do and I’d argue that that’s exactly what the terrorists do; they must allocate their resources amongst a pool of possible scenarios. I’d argue that’s what we do in counter terrorism. We have a pool of resources and we have to allocate them across various investments.
One of the things I’ve learned in what I do is to make a high return on investment, in my case that’s trying to make a profit for my investors, in case of a country it is to try to maximise our security. To make a high return on an investment leads to some very non obvious conclusions and I’ve learned that the hard way in my life and those lessons are very important and I believe those lessons have not been a part of this discussion.
I'm going to walk through a few of those and then turn my conversation onto what I’d do if I was a terrorist.
The obvious way to allocate resources in an environment of high uncertainty is to list out the potential threats, write them down on a piece of paper, take your pool of resources and place your bets according to your list. That’s the obvious way to do it, that’s the way you invest in a mutual fund.
It feels very good when you go buy your stock and it has a high price and it’s going up and it feels very good when you buy your stock. It feels good to spend resources. But it does not lead to a high return on your investment and I believe what we are doing is exactly what I’ve articulated, which is the fairly obvious. If I were Bin Laden what would I do? Or if I were a terrorist, what would I do? What I’d do is what a venture capitalist does. He says: where is the big corporation spending its money? Let me make a list of where the big corporation i.e. the governments, where are they spending their money? Where are they most protected? Where do they think I'm coming?
Then I’d say, now let me make a list that is not on that list. As a venture capitalist, what you’re trying to do is to go where the others aren’t because that’s the easy way to go. Some places you go to, where others aren’t going aren’t going to work out, but that’s the cost of doing business.
Some places where you go where others aren’t are going to work out brilliantly. Better than you ever could have expected, because others aren’t there. So I believe that that is the way that I would think. To make money easily, you go where others aren’t, that’s where the fertile ground is. I believe that there are plenty of opportunities that aren’t on our list.
The lessons as an investor that I think are relevant to this discussion; the first one is that human nature, human psychology is driven by the past not by the future. We are all talking about these scenarios, these terrible scenarios, but I don’t believe that in our psyches we believe them.
I think that 9/11 and 3/11 left a legacy which in some way are doing us a disservice. That legacy is that the worst case scenario is what we’ve seen. I don’t believe that, I believe that the worst case scenario is what the other panel here has pointed out and I think the probability is far higher than we are really behaving.
The second thing I’d like to say is really that the unfamiliar and the really extreme scenarios are far more likely than we are giving them credit for.
If you had canvassed every single investor in Enron or WorldCom or any of these big companies, canvassed ten million investors and asked them how many of you think this company is going to be bankrupt in three months, you probably would have had zero. And I see this all the time which is the extreme, what seem like extremely unlikely probabilities; because they are unfamiliar we discount them. Then they happen and now we give them proper credit.
Flying an airplane into a building before the 9/11 we discounted. Today we appreciate the probability. But that’s rear looking, the question is looking forward to what are the real probabilities. The only thing I could say is that the unfamiliar has a much higher probability than we give them credit for.
The last thing I’ll tell about what’ve learned is; beware of assumptions. I hear so many assumptions, in my life, in what I do beware of assumptions, we need humility to understand that we don’t know everything, we really don’t know how they’re thinking. We don’t know, and there so much we don’t know and we are making all these assumptions and we spend the resources according to the assumptions we make. In an environment of uncertainty if you appreciate how much you really don’t know, it can lead you to make the resource allocation very differently. I could talk on and on about that but I won’t.
Adaptive learning, how does a venture capitalist behave in an environment of uncertainty? They place a lot of small bets. We start ten companies, we may give all of them a million dollars, and then we take the five that look like they are doing well and we give them five million dollars. Then we take the two of them that are doing well and we give them 20 million dollars and then we take the one and we give it 50 million dollars and that’s our winner. That’s adaptive learning, you start a lot of things and then you let the data drive you to your further resource allocations. I don’t believe that is going on here, I think we are making our assumptions and spending our money and we are not using the adapted learning process to drive our resource allocations.
The final thing I’ll say is that, it’s inevitable but that’s the way it’s going to work; governments are like corporations, they are very good at certain things which is that they are really good at spending a lot of money, they are very good at things that require scale, mass and brute force. What governments aren’t good at, and we shouldn’t try to make them good at it because they are just not good at it, is cleverness and creativity and nimbleness. That’s what the terrorist are good at. We need to fight fire with fire, was Anja’s comment, we need to mobilise our cleverness, our nimbleness, our creativity, our depth of learning to go up against this and that infrastructure does exist, we’ve seen what it can do, like the thousands of internet companies that are started, thousands of biotech companies that are started.
We have seen the power of what it can do but it’s not part of this discussion and I believe that the best chance we have, is to somehow find a way to catalyse that. Thank you.
Thank you very much Mark. We are close to the end of our time here but we’ll be happy to stay on here to take some more questions.
I’d say that one of the lessons I’ll take away from Mark’s, a couple of lessons, are that we do make our lists in terms of what we expect the opponent to do and of course one has a growing anxiety that their list begins where our list ends. That is that they are looking at precisely the things that we are not looking at on our list and that we don’t really admit that the degree of uncertainty is the second thing in the terms of placing a lot of small bets. From what we know about the historic Al-Qaeda, perhaps not the more decentralised jihadist enterprise we are looking at today, but certainly there was this process of many proposals, many pitches being made up to the top, some of them receiving resources from the central leadership and then as projects became more promising through subsequent iterations ultimately putting a great deal of resources in the one very high payoff attack.
So it’s intriguing that, Bin Laden given his business background indeed may be thinking less like the ideologue, less like the traditional terrorist and in fact more like the entrepreneur that in fact he began his career as.
With that, let me open the floor to any questions you may have before we adjourn.
The attack given the investment, an even more difficult way to be looking at it, is the ultimate cost to our society which are continuing, that includes not only the dollar cost, that potentially could be up to the trillion dollar mark, to say nothing of the political and the psychological effects that that leaves on society.
If we were looking at it purely in cold blooded terms as return on investment, that success of return on investment can’t be beaten. If we listen to these other gentlemen on the panel I think there’s no question about that modest investments can bring them even higher returns. Any other questions or comments. Mr Minami[?].
Delegate from the floor
My name is Minami from Tokyo. Brian mentioned about the Sarin attack in Tokyo and I was in charge of the investigation there during that time so I’d like to comment on what he said according to the curve line.
Also you (Brian) mentioned that it was too late for the Japanese law enforcement to start an investigation because we are hold by the rigid regulations to investigate about extremist religious groups.
Still I think that the investigation started at the low level of the left side because the Sarin gas that was used in the subway was not pure Sarin gas that was made in a laboratory. It was used in a very primitive way, like using the tip of the umbrella, so the casualties were not so many. But they could have been successful, like with one more year or so. When we confiscated their arsenal we got really shocked because they were planning to produce two tons of Sarin a day. So if they would have been successful no one know what could have happened. Also they had already purchase a Russian made helicopter.
In order to fight against this kind of terrorism I think the preventive treatment is very necessary.
If I got that correctly you were saying two tons of Sarin a day? Two tons of Sarin a day and a helicopter, presumably for aerial dispersal, which of course would have had devastating consequences.
Any other questions or comments? Yes, sir.
Delegate from the floor
A couple of years back there was a report that listed biometrical identification technology as one of the top ten technologies that would change our world within the next ten years. I was just wondering if you could comment on the use of biometric technologies in the fight against terrorism. What are the benefits and concerns? We are seeing the U.S. visit system being put in place now with the SIS system, the [...] system in Europe is now incorporating biometric systems for security reasons. If you wouldn’t mind commenting on that?
I’ll make one comment on that and then refer to any member on the panel that wants to talk about this.
I think we are definitely moving towards biometrical identification systems in the future for travel documents and for other types of transactions, it’s definitely a trend. To be able to tell you what the Trade Office are considering, between the various biometric systems that are on author, I can’t comment upon but I definitely think we are moving to biometrically confirmed identity documents as a long term evolution, there’s no question in my mind about that.
Biometrics clearly work. We’ve been using fingerprints for a long time, quite effectively, in forensics. There are two issues of course. That is, the person that presents themselves for a recording of whatever biometric you are using is another issue. So one way to sneak through that net is, of course, to fool it at the gate.
Then you always think about ways to changing the biometric. Putting contact lenses in, retinal scanning is maybe a little bit harder to fake although I have personally had my retina, had scar tissue removed from my retina so there’s no problem of getting any retina and doing things with lasers and so on. All of these things are not as easy.
The other thing about any biometric is that you have to look at it from a system and you have to put all those readers in all those places and they all have to work without mistakes. There will be false positives but you want to keep that down. So from a system stand point these things are not all that easy. One can project in the future that one can do virtually real time genetic sequencing. But, you know, those machines cost a lot now and I'm sure if they got faster they wouldn’t get any cheaper. I think the real issue is that there are no silver bullets. Everything helps and in a particular circumstance particular things work but you really have to fit it to the need and it’s not just a question of the great big database in the sky, which by the way, all of my hackers immediately break into and change the data if they can.
That is the point in terms of two vulnerabilities. The most biometric systems can do is say that you, in person, are the person identified on that particular document, whatever that document is, a passport, a drivers license or whatever. If, in fact, that person has been created, fabricated at the beginning, that is a way of beating the system. The second way of beating the system is to corrupt the system itself. The most difficult way is the one of attempting to change the biometrics; there are others, more easier ways around it.
It does provide a significant improvement, I think it will become increasingly present throughout our society, particularly in travel documents, which will make at least somewhat more difficult for people to steal travel documents and then reconfigure them and utilise them. But if you have access to corrupt officials, or through supporting states to the originals so that you can fabricate the person at the beginning, then the biometrics don’t help there. It simply says, you are you; it’s not a x-ray through a man’s soul.
Any other questions we have time for one more, if not we will take our break.
Thank you very, very much!
'Terrorism Goes High Tech' panel; left to right Brian Jenkins, Special Advisor to the President of RAND Corporation, USA; Anja Dalgaard-Nielsen, Research Fellow, Danish International Studies Institute, Denmark; Declan Ganley, Chairman, Rivada Communications, Ireland. (Photo: Club de Madrid)