Understanding the Threat

In an environment where new media and information technology can summon the world to live in real time the fear and pain of distant communities, nefarious groups are empowered to strike in earnest for maximum impact and global exposure. Non-state actors, in particular, thrive in unstructured, unregulated, and unconfined settings. Their ability to remotely inspire, network, and direct action comes without the burdens of personal or professional accountability that guides the behavior of modern states and civilized communities.

What is more, they do not carry nor assume the burdens of governance; hence, the responsibility to deliver tangible services and benefits to their proclaimed ‘constituencies’. And there in lies one of the important differences between a threat like ISIS and one represented by groups like AQAP. The latter can hunker down in small sanctuaries and focus on harvesting the broader cyber space, whereas the former seeks to conquer and hold on to large swaths of territory. As the responsibility for governance kicks in and the hollowness of the rhetoric is exposed, disenchantment and ultimately desertion follows. Put simply, ideological fervor is a great motivator when it doesn’t have to put food on the table. In that sense, ISIS is a threat that will be degraded and defeated, in part, by its own inability to provide for the people it pretends to serve. To be sure, ISIS is a grave security and military threat that cannot be underestimated, but one that is going to be done-in by its own territorial ambitions. The remnants of that threat, however, will retreat into that ambiguous space occupied by groups like AQAP using cyber as their vehicle for inciting, inspiring, and enabling autonomous terror.

So, despite the current prominence of battlefield engagements, the long-term struggle is being waged on the cyber domain.

Unfortunately, cyber threats and security risks are enduring because we live in an interconnected and flat world where innovation is not the exclusive property of any one group. But, that reality should not translate into a sense of inevitability. Nefarious activity can be deterred and threats thwarted by adopting multilateral cyber strategies that:

  1. Enlist the private sector and innovation community into the fight;
  2. Enhance threat information sharing with stakeholder communities and coalition partners;
  3. Strengthen cyber security infrastructure and build resilience and adaptability across people, processes, and tools within the cyber enterprise.