Current and Future Security Threats Ten Years after 9/11

Transcription

1 Transcript Current and Future Security Threats Ten Years after 9/11 The Honorable Michael Chertoff Managing Principal and co-founder, Chertoff Group; and former Secretary of the US Department of Homeland Security ( ) Chair: Nik Gowing BBC World News Monday 5 September 2011 The views expressed in this document are the sole responsibility of the author(s) and do not necessarily reflect the view of Chatham House, its staff, associates or Council. Chatham House is independent and owes no allegiance to any government or to any political body. It does not take institutional positions on policy issues. This document is issued on the understanding that if any extract is used, the author(s)/ speaker(s) and Chatham House should be credited, preferably with the date of the publication or details of the event. Where this document refers to or reports statements made by speakers at an event every effort has been made to provide a fair representation of their views and opinions, but the ultimate responsibility for accuracy lies with this document s author(s). The published text of speeches and presentations may differ from delivery.

2 Nik Gowing: My name is Nik Gowing. I m a main presenter for BBC World News we broadcast right around the world but my job today is to make sure you get as much access as you d like to Michael Chertoff, the former Director for Homeland Security until three years ago, who was in the job for four years. He now runs his own consulting company employing about 40 people in Washington DC. Before that he was a Federal Judge on the US Court of Appeals for the Third Circuit and spent a decade as a federal prosecutor. Michael Chertoff: Thank you for hosting me. I appreciate the opportunity to speak at Chatham House. Now all my public life I ve heard of Chatham House rules and people say: Oh we re going to do Chatham House rules so I thought great, I ll get to go to the original Chatham House where the rules were formed. And then imagine my surprise when I find out they re not operable here today. I guess that counts as irony but that s fine, I m happy to be on the record. I m delighted also to be here with such a distinguished group of people. I know you re very interested in world affairs and in security matters and I hope we can have a discussion about this today because I want to make sure I leave plenty of time for questions. There s no doubt, because of the impending tenth anniversary of September 11, that there is a heightened period of interest in what has gone on since September 11 in terms of security and what lies ahead and I want to cover both of those areas with you this afternoon. I d like to make the argument that while September 11 itself did not cause a paradigm shift in the notion of security, it did reveal that a paradigm shift had occurred. It made manifest a serious of trends which I believe had been latent in security during the latter part of the last century. And here s what I mean. If you go back to the 20th Century, to the Cold War, there was a view of security that neatly bifurcated security issues into two categories. On the one hand there were issues of war and those were dealt with through the military. There was a distinctive set of doctrines and legal authorities that governed military behaviour and that was generally thought to deal with matters that occur when you re having other nation states as your adversary and really dealing outside of your own borders. 2

3 Then on the other hand there was law enforcement. Law enforcement was viewed as focused on crime, something that was domestic generally speaking or had had effects mainly that were within one s own borders, and that had a completely different set of authorities and institutions and laws that governed and for much of the latter part of the 20th Century how we dealt with security issues depended upon which category we put the issue into. So when we had wars like we had in Kuwait in 1990, that was a military problem and it was dealt with exclusively through the military agencies of the United States. When we had problems with transnational organized criminal gangs, that was viewed as a law enforcement problem and although the military was able to assist in a certain restricted way, by and large the authorities and the institutions that were engaged in fighting organized crime were law enforcement. I think actually that that model began to break down during the last decade of the last century but what became clear on 9/11 was how far from reality that model was. Think for a moment about what happened. On 9/11 the organization that carried out the attack was a transnational network. It operated with its headquarters in Afghanistan but the principal leaders of the hijacking were trained and radicalized in Germany, the financing came from the Middle East and the attack occurred in the United States. It was most definitely an international and transnational attack. It was not a nation state but the devastation that was caused was comparable to that of the most serious attacks the United States has ever sustained in any of its wars. Pearl Harbor resulted in fewer deaths than 9/11. So that in terms of outcome and consequence it would be very difficult to describe it as a criminal act you d have to describe it as comparable to an act of war. And so in my view it took the concept of terrorism to an entirely new level, and I m not just talking about the issue of quantity of deaths or the fact that there was an astronomical impact on our economy because of the loss of the World Trade Center and all the economic side effects that we felt with air traffic and other areas of transportation, but because it actually broke a barrier. It moved terrorism into the kind of attack that could have an earth-shattering catastrophic affect on a city or state or even a country. Another way to look at this concept of paradigm shift is to go to an earlier stage of our history. If you go back to the 1940s and 1950s when the nuclear bomb was first developed and exploded in Japan and then of course the Soviets developed their own bomb, now some people argued: Well, that s 3

4 just a bigger bomb, there s nothing different, there s no paradigm shift; an atomic bomb is just a bomb with a bigger bang. But I think wiser heads recognize that it wasn t just a matter of scale. It had actually qualitatively changed the nature of warfare and out of that arose a doctrine that created a very clear red line about not moving from conventional bombs to nuclear, even low-yield nuclear bombs, because of the recognition that would put you in a different paradigm. What I would argue is that terrorism likewise on 9/11 shifted paradigm and we began to see a scale of terrorism that demonstrated that conventional ideas of criminal prosecution were not adequate to the task. Looking back ten years where are we? I would argue that strategically what has happened is the concept of security has no longer relevance as a binary system between war and law enforcement. It s now about a spectrum where the tools that you use to combat terrorism have to be all of the tools of national power that includes the military, it includes law enforcement, it includes in fact elements of civilian agencies like the health authorities, like the disaster management authorities. In many respects this is encapsulated in the mandate of the Department of Homeland Security which I led from 2005 to 2009 because the doctrine of that department recognized that the variety of tools that would have to be applied to security would be much greater than was conceived of in the last century. If you look for example at the kinds of tools that the Department of Homeland Security coordinated or deployed and many of these were actually owned by other Departments but organized and managed through the Department of Homeland Security we had of course law enforcement authorities but we also coordinated with the military authorities at the Department of Defence. The health authorities were involved in the event that we were dealing with a biological threat or biological warfare. Transportation was involved because any attack on the United States obviously implicated the integrity of the transportation system, and so on and so on. So what you see is that the concept of security became much broader than could be embraced by the prior doctrine. Now this has some real implications for our doctrine and our legal authorities because we built the series of legal authorities in the 20th Century that were very much driven by the idea that some agencies focused on war fighting and overseas security and some focused on domestic security, and very little overlap between the two. In fact those of you who are familiar with our intelligence community know that there were very, very serious restrictions placed upon the ability of our 4

5 intelligence agencies to collect information about US persons on domestic matters and that was a reflection of this binary attitude and yet in the modern day and age, and 9/11 exemplifies it, it s very hard to see where overseas and at home separate. The plots span the borders, the personnel may easily be US persons as well as foreign persons, the communication, the travel, everything will involve both things that occur inside the United States and outside the United States and a set of authorities built on the premise that you can have a centre of gravity with security problems that is either overseas or at home simply doesn t mesh with reality. So it s my contention that we have to actually model a brand new strategy and doctrine for national security, one that embraces a very broad spectrum of capabilities, one that involves both traditional law enforcement agencies but also those that have been viewed as social services or civilian agencies, and they have to be coordinated in a way that allows them to operate seamlessly when they re responding to an emergency, particularly one that s driven by an act of terrorism. That is I think where we are with the modern doctrine of national security. You may ask the question, why has it changed. Why has this new paradigm arisen? As I said earlier, it s not because of 9/11 but it s what 9/11 made manifest and represented. Two trends have caused what I think is a profound change in the threat picture one is globalization, and the other is technology. Globalization means that for the first time a network can span the globe, it can communicate, travel and move money around the globe and it can form a set of relationships and in fact an agreement or a conspiracy as easily as a group of people meeting in a particular single geographic location. That s an enormous increase in scale. It means that like-minded people bound only by an ideology can now find each other and work together and can actually carry out activities simultaneously on other parts of the world. The second and equally profound change is the technological leverage that these groups now have. In the old days if you really wanted to have an impact in terms of damage you had to be a nation state, you had to be able to bring artillery and eventually bombers and missiles into the battlefield in order to really have major destruction of your enemy. Terrorists, even back in the days of the IRA, could detonate bombs and they could kill a relatively small number of people but they couldn t bring a catastrophic result to a city. 9/11 demonstrated that technology has now moved beyond that and I venture to say actually that was relatively modest compared to what we could see. A 5

6 terrorist group, for example, that fabricated a biological weapon could potentially cause an earth-shattering impact on a society, particularly if it was a contagious biological agent. likewise a terrorist group that got hold of a radiological bomb not a nuclear bomb, just a radiological bomb while it might not cause mass casualties, could render uninhabitable a significant part of a city. So that smaller and smaller numbers of people can now do more and more damage and when you add that to the global reach which I described that is a recipe for a much heightened threat environment from a much smaller group of people. So how do we deal with this? Fortunately, in the seeds of globalization and technology are also the solutions to some of these threats. For example, as I said, globalization relies on travel, communication and money but every time a terrorist group engages in one of these activities it creates a vulnerability and if you look at what has happened over the last 10 years, what you ll see is that much of what has developed as a national security strategy and again I m talking about everything from law enforcement to kinetic military action and all in between much of what has developed has focused on these three pillars of globalization: travel, communication and finance. For example, we collect much more data about travellers who come into the United States than was the case prior to 9/11 and through that data we are able to connect up and find links among people that would not have been evident to us without that information that allowed us to make those linkages. We ran an experiment some years back using passenger name record information which is collected by the airlines and we discovered that had we used that information on 9/11 or in 2001 we would have been able to connect 15 of the 19 hijackers to each other and to terrorists overseas. That would of course have been a huge step forward in terms of warning. Communications. As you know, ability to use electronic surveillance has given us the ability to penetrate plots while they re in the planning stage rather than waiting until the plot actually comes to fruition and again, that set of capabilities, whilst one that we ve used in the past, has probably become more important now from a security standpoint than ever before. And third, finance. You know because it was made public some years back. Regrettably, the US government was able to use legal authorities to use the interbank system to trace the financial flow of money that was used to finance terror and, again, it was that linkage that enabled us to identify and target people who were potential terrorists. 6

7 What all these have in common is that they re intelligence based security and I would argue that in the 21 Century, much as radar was the early-warning system in the last century, intelligence is the early-warning system of this century. That s why increasingly the focus of our security has to be how do we better collect intelligence, how do we better analyze intelligence and how do we better integrate and operationalize intelligence, because that is going to be how we move forward in the decades to come. With this in mind in terms of where we are tactically and strategically, I want to spend a little bit of time talking about where I think we are with respect to the actual security threats that we face. I m going to omit some things because there s a limited amount of time and I want to leave an opportunity for questions, so I won t talk about Iran and North Korea and the dangers that they pose in terms of geopolitical impact of nuclear weapons in those hands, I m not going to talk about the rise of China and what their new assertiveness in the Pacific is going to be. What I do want to talk about though is certain kinds of threats and I m agnostic as to whether the person who wields the threat is a nation state or not a nation state, although I ll talk a little bit about the terrorists. What is important is the capability in a global environment to use this kind of attack on the West and what the consequences of that are. I have to begin and obviously talk about al-qaeda because that was the group responsible on September 11 almost ten years ago and I think the general consensus view is that the traditional leadership of al-qaeda has been significantly damaged by years of relentless pressure, beginning with the invasion of Afghanistan which drove them out and which disrupted the planning and training and laboratory installations that they had set up within Afghanistan. Does that mean the leadership is decimated and finished? No. Even the death of bin Laden, while a welcome measure of justice, doesn t mean there isn t a younger generation of leaders that are rising. There are folks like Anwar al-awlaki in Yemen or Adnan Shukrijumah, presumably somewhere in South Asia, who actually have experience living in America and they re younger, they may not be as bound by some of the preconceptions that bin Laden and his generation of leaders had and in that sense they could be more innovative and therefore more dangerous. Even with that being said though, the loss of a good deal of accumulated experience in terrorism, most recently symbolized by the reported death of Atiyah Abd al-rahman that s a real loss of assets. It also means the ability 7

8 to focus on substantial planning of major operations is hampered by the fact that terrorists are worried about their own protection. On the other hand, and there s always another hand here, what we ve seen as pressure on South Asia has grown is the spread of the network and the invigoration of the network in other parts of the world. We see that in Yemen where Awlaki was involved in training the underwear bomber who got on the plane to go to Detroit and tried to detonate a bomb in his clothing. He was the inspiration apparently [inaudible] Army Major Nidal Hasan who was the US Army medical doctor who picked up a gun and killed over a dozen people in Fort Hood, and apparently Yemen was the source of the recently disclosed plot to take explosives and put them in printer cartridges and then send them by cargo jets. So clearly we re dealing with much more entrepreneurial terrorism coming from locations that are no longer located in the core where al-qaeda was for the last ten years. We see similar developments in Somalia, in the Maghreb in North Africa, and this suggests that we re going to have to be mindful that we don t get so focused on our operations in one area that we lose sight of the challenges in other areas. Another feature of what has happened in terms of our post 9/11 security is again another tactical shift by the enemy. One of the major focuses that we had in the US, and I think you had it here as well, was making it more difficult to bring operatives from other parts of the world into the United States, and so we put into effect quite a robust system of security at the airports and at the seaports and we also stepped up what we do between our ports of entry at the border. The consequence of this is, it s not impossible, but it s considerably more difficult to replicate the kind of movement of people into the United States that occurred in 2001 prior to September 11, and that s a very good thing. Not surprisingly though, the enemy, seeing this occurring and obviously being averse to being deterred by our increased security, began to think of an alternative method of developing operatives and the obvious answer is you pick people who are in place, American citizens, American legal residents, and thereby create weapons actually who are present in the homeland, home grown terrorists. We had home grown terrorism as early as You may remember there was a group up in Lackawanna, New York that had done some training with al-qaeda but no question that the frequency and seriousness of this has increased in the United States and it has certainly been a challenge here, 8

9 witness 7/7 and the August 2006 airline plot which I had the privilege of working with my counterparts here on [inaudible]. This is a challenge because the traditional tools we have built up on collecting and integrating information overseas don t work at home in quite the same way. The signal as they say is quite a bit a lower, the need to communicate using electronic communication is less people can meet face to face and travel, which has been one of the great vulnerabilities of global terrorism, is unnecessary because the people are here already. So that s causing us again to think about what we can do tactically to increase our ability to detect the plots in the homeland. Some of that involves changing our methods of collection and analysis with law enforcement, some of it involves driving education and training to the local police level so that we have many more people who are sensitive to what might be the precursors of a plot, and a lot of it frankly involves enlisting the community, getting the community to recognise that it is in their interest to speak up when something is afoot. And I have to say in many cases some of the most significant progress we ve made in frustrating plots in the United States that are home grown has been because members of the community stepped forward and alerted the police and the law enforcement. There are a couple of other areas that I d like to highlight before we take questions and these are the two areas at the other end of the scale. I ve talked about home grown terrorism. I ve said that the tactics are likely to change. We may see more Mumbai-style attacks and dynamic firearm attacks as opposed to big bombs but in the end I think that on the conventional side in the short-term, while we may see even greater frequency of terrorist attacks, they re likely to be smaller scale in terms of consequence. There are, however, two medium and long-term threats, actually one shortterm and one medium-to-long-term threat, which I think are potentially catastrophic and which we do have to focus on and here again I ll be agnostic as to who might carry these out. The first is cyber attacks. This has become thankfully somewhat more a matter of priority I think for security agencies around the world but it s been going on for a long time. We have seen one person estimated, or one group estimated, a trillion dollars in intellectual property [was] stolen through cyber attacks over the last several years. We ve seen millions of peoples personal data stolen and then those people victimized by cyber criminals. In Estonia in 2007 there was an attack on the government. In Georgia, when the Russians invaded in 2008, they accompanied that invasion with a cyber 9

10 attack on the command-and-control systems in Georgia. What this tells us is that both as a matter of criminality and as a matter of war because I would argue that Georgia s an example of warfare cyber has now become a domain that is as critical as air, land and sea. And what s particularly challenging about cyber is this; again, although nation states may have the edge in terms of sophistication, a sophisticated network can do quite a bit of damage. Second challenge attribution. In the old days if you were attacked it was pretty easy to figure out where the attack came from and that allowed us to come up with a doctrine and a regime of deterrence and response that was actually quite effective during the Cold War. The problem with the lack of attribution for cyber is: how do you deter what you can t prove, because you have deniability and that means we need to think very carefully about what our response would be to certain kinds of attacks. Obviously when we get theft of data we don t treat it as an act of war but supposing we had a major attack on a power system, a power grid or an air traffic system, one that potentially caused not only enormous economic damage but loss of life, would we regard that as an act of war and, if so, what would we feel it necessary to prove in order to retaliate and who would we prove it to? Would we take the position that if the server from which the attack was launched was in another country, that s sufficient grounds to eliminate the server or would we require some proof that it was malicious in intent and it wasn t really a server that was hijacked by some third party? How would we deal with collateral consequences if taking a server down to protect ourselves might have an impact on others who were innocent, who rely on data and the network that runs off of that server? These are very difficult questions and the problem is the notion of an attack is no longer theoretical, it s real, and that means we have to begin to answer these questions sooner rather than later. The second area I worry about is biological terrorism and biological warfare. We know, and the 9/11 Commission Report disclosed, that the terrorists in Afghanistan were experimenting with chemical and biological weapons. In 2001 there was a biological terror attack on the United States. That attack was launched apparently by a single individual who had an agenda in which I think he was trying to warn people about the problem and he was actually quite measured in how he distributed the anthrax. It was highly weaponized but he distributed it by mail and so the number of people who actually died was, again, comparatively small; obviously it s terrible when anybody dies but 10

11 it was comparatively small. Had that anthrax been put in a New York subway system there would have been many more deaths and probably an unusable subway system. So it s not a theoretical issue. It s a real issue. The ingredients to make a biological weapon exist in nature. What is needed and wanted is the know-how and the intent and that s why I think sooner or later we re going to have to confront this issue. Again, the good news is that there are counter-measures for many of the most likely and dangerous types of biological weapons. The difficulty is in getting governments to focus on the long-term investment, not just in money but in planning and operational training that is necessary to make sure we have an effective response. What I can tell you is that a serious biological attack would have consequences that could rival a nuclear bomb. It might not kill quite as many people in one moment but over time it could have huge casualties and huge economic impact and to make matters more complicated it would be widely distributed because if people had weaponized anthrax or something similar you can bet they wouldn t just fire once, they would fire multiple times. So to me these are two areas that require a lot of work and that we face in terms of challenges. I recognise that we re at a curious time now, ten years after 9/11. There is a great deal of hope that the tenth anniversary and the death of bin Laden can mark a turning of the page and in many ways it may turn the page on a chapter. Maybe al-qaeda 1.0 is wrapping up. The question is, what is al- Qaeda 2.0 going to be, and is it going to be more dangerous? The Arab Spring has caused a lot of hope and promise but I m reminded of the comment that Zhou Enlai is supposed to have made when asked about his views of the French Revolution and he said too soon to tell. I think it s too soon to tell what the Arab Spring means. It could be on the one hand a tremendous example of a way to deal with some of the challenges in the Middle East and South Asia that accomplishes results using the ballot box and the rule of law, and if that succeeds that s going to be a tremendous counter narrative to al-qaeda, but it could also result in a failed state or a partly failed state which experience shows is a fertile breeding ground for terrorism and for criminality. And finally, although I haven t talked much about transnational organized crime, that remains a big challenge and particularly in parts of my own hemisphere you have organized drug cartels that President Calderon of Mexico recently described as having really been terrorists because they 11

12 burned down a casino and killed dozens of people in it. This is a threat again that will mount over time because of globalization and technology and worse yet, we may yet see a time that terrorists and organized criminals make common cause. In North Africa for example, there is evidence that al-qaeda in the Maghreb has been providing a weigh station for narcotics travelling from South America into Europe. All of these lead me to believe that the security challenges of the 21st Century will be right across the spectrum, they will be fragmented rather than one or two big adversaries you have to deal with, they will require a much greater group of capabilities and a much larger group of hands as part of the team, and they will challenge our traditional doctrines and our traditional legal processes for how to deal with security. So welcome to the second decade of the 21st Century, and there ll be very big challenges ahead of us. Thank you. 12