As we approach the 20-year mark of 9/11, we all have unforgettable memories of that morning and the period afterward. I still imagine the thoughts of those trapped in buildings and aircraft, the resolve of the first responders who rushed into the sites, knowing the dangers, and of course, the impact on those who were left behind.
One of my lasting memories was at the WTC site in 2004, where I visited a special building set aside for families of the victims to pay their respects and leave personal mementos. One in particular hit me hard. It was a crayon drawing of a tall building, a stick figure in one of the windows, and “I love you Daddy” at the bottom.
Fortunately, CIA facilities were not the target of this attack, but no one knew that at first. As events unfolded over the next two hours, I was impressed with the steady work of the security staff, particularly in the security operations center where our team members stayed calmly at their posts, with the full knowledge there was a fourth plane unaccounted for and probably headed for Washington.
In the days and weeks following the attack, a couple of things came into focus. Not surprisingly, both these were part of the rationale for the eventual creation of the Department of Homeland Security and the Director of National Intelligence.
First, several of my contemporaries concluded that we didn’t know what we didn’t know. We needed to build and strengthen our relationships with our partner agencies to ensure that we were all consistently aware of threats, protection strategies, and current intelligence. More simply, there is no point in collecting intelligence if it cannot be shared with those who need to put it to use.
Second, and more problematic, we needed to think about new tactics. In early 2001, (Ret.) Adm. Harold Gehman, co-chair of the Cole Commission, noted there were “striking similarities” to attacks in the U.S. and abroad. He said, “They were all truck bombs – the USS Cole was attacked by a truck bomb with an outboard motor, and went on to ask, “So, what is the next one going to look like?” The answer, nine months later, was four truck bombs with wings – and none of the physical barriers that had been devised following previous attacks had any meaningful impact on the results.
This points to the need to continually reimagine the threat environment. 20 years later, while the “old” tactics are not abandoned, we need to ask what behaviors or technical advances expand the opportunities and enable a broader population – whether terrorists, criminals, or nations – to conduct disruptive activities. And increasingly, the evidence points to cyber as the battleground. Early evidence was the 2008 Russian invasion of Georgia which began not with a bang, but with a wide-spread denial of service attack on Georgia’s infrastructure, rendering them ineffective when the Russian troops marched in.
In addition to the constantly changing technology which can enable cyber attacks, there are two other elements to consider. First, these attacks are initiated from afar, where the perpetrator is usually in a safe environment with no fear of capture or injury - the consequences that often deter bad behavior. Second, the usual physical barriers – gates and guards – are ineffective in these instances. Now virtually every employee on the network is a de facto access control officer, making decisions – or mistakes – that open the door for the entry. This is a significant countermeasures challenge.
In the last two decades the attack space has exponentially widened, and while old tactics have not been abandoned, more sophisticated and risk-free attack capabilities have evolved greatly. Then, now, and for the future, we need to remain attuned to this evolution if we are going to be successful at protecting our homeland, this nation.