The extremist militant group ISIS’s aggressive global use of social media is acknowledged as a strategic strength in its jihadist war of terror. Assessing ISIS’s potential to go further and do harm to the American homeland through deployment of offensive cyber operations, however, requires a broader perspective.
While ISIS forces sweep across Iraq and Syria, claiming villages, cities, oil resources and swaths of land, their sophisticated global social media campaigns flash across the globe seeking to claim the hearts and minds of like-minded Muslims to join their fight.
Well-shot YouTube videos, professional-quality magazines, engaging Facebook and Twitter campaigns and orchestrated use of other social media platforms are deployed with the sophistication rivaling that of many U.S. corporations. Radicalization, recruitment, training, spreading fear and dissent, and fund raising headline their objectives, and the world their market.
But does an even more dangerous threat lie with ISIS’s possible use of cyber weapons against American critical infrastructure, financial system or other targets? Will such attacks be attempted and do the capabilities exist within ISIS to do so?
There are opinions to support each point of view.
The Will to Act
One question is whether ISIS will be consumed with the protection and continued expansion of its immediate fighting fronts, i.e., the “near enemy,” or whether its scope of vision includes America’s homeland. The Economist advances a strong case that desire for such expansion not only exists but will be exercised: “With its ideological ferocity, platoons of Western passport holders, hatred of America and determination to become the leader of global jihadism, ISIS will surely turn, sooner or later, to the ‘far enemy’ of America and Europe.”
And perhaps any doubt the militant’s sights are on America was removed by ISIS leader Abu Bakr al-Baghdadi’s Sept. 22 call for jihadists to not wait for the order but to rise, take up arms, and “kill Americans and other infidels” wherever they are. Clearly the group is showing no hesitancy in its desire to strike the U.S. heartland on a personal scale.
Cyber Operations Capability?
As to whether ISIS will have the capability to mount cyber operations against the U.S., David DeWalt, head of cybersecurity firm FireEye, believes that ISIS will follow in the footsteps of the Syrian Electronic Army and the Iran-based Ajax Security Team to target the United States and other Western nations.
“We’ve begun to see signs that rebel terrorist organizations are attempting to gain access to cyber weaponry,” DeWalt stated recently. He added that booming underground markets dealing in malicious software make offensive cyber weapons just an “Internet transaction” away for groups such as ISIS.
Alternative opinions posit that ISIS’s adroit use of social media does not necessarily translate into a real cybersecurity threat for the United States. One such point of view comes from Craig Guiliano, a former counterterrorism officer with the Department of Defense, who pushes aside possibilities of ISIS acquiring cyber weaponry, stating, “I don’t think anyone has proof that ISIS has acquired the manpower or the resources to launch an attack on U.S. infrastructure.”
Jim Lewis of the Center for Strategic and International Studies agrees. “You need to have hardcore programmers. ISIS does not have those capabilities,” Lewis said.
Indeed, ISIS, al Qaeda or any of the militant extremists may not possess such capabilities, but with their financial resources may very well be able to acquire them on the markets of the dark web.
About this subject much is unknown. But one point is known for certain: The battle with militant extremists is coming to American soil. There is little reason not to believe that such attacks will, at some point, include a cyber dimension. There is thus every reason to prepare for and take preemptive measures to disrupt potential extremist cyber operations before those attacks come to us.
Tom Keane and Lee Hamilton, the authors of the 9/11 Commission Report, recently stated this: “One lesson of the 9/11 story is that, as a nation, we didn’t awaken to the gravity of the terrorist threat until it was too late. We must not repeat that mistake in the cyber realm.”
The speed at which geopolitical conditions are changing globally and with regard to ISIS and similar groups specifically means the U.S. will need canary-like sensitivity to such developing threats and act accordingly. Given the current inadequate state of U.S. national cyber defenses, let’s hope the canary lives.