Intelligence

By Van Jackson New Zealand may appear to be a paradise in the Pacific, but it is afflicted by many of the problems facing other liberal democracies, such as a rising suicide rate and deep socioeconomic inequalities with no clear solution. To this list of shared problems, tragically, one can now add white nationalist terrorism. The terrorist attacks in Christchurch on March 15, in which fifty were killed and dozens more wounded, was the worst such attack in New Zealand history. Focusing on transnational strategic threats, and looking from New Zealand, policymakers generally have not viewed white nationalist terrorism as a strategic concern, though both New Zealand and Australia have histories of white nationalism, including long histories of exclusionary immigration laws. But the brand of terrorism that resulted in the massacre in New Zealand is a strategic threat, and one that has been a blind spot for New Zealand and the national security establishments of its Five Eyes partners—the United States, Australia, Canada, and the United Kingdom, whose bureaucratic-level intelligence sharing was established decades ago. The Five Eyes intelligence partnership among these five states has, over time, been effective in monitoring and responding to the challenges of the Cold War, the threat of Islamist terrorism, and more recently in managing the evolving strategic threat that China poses in the Asia-Pacific and other regions. The threat of terrorism from white nationalists, however, is in some ways a more dangerous threat than either of these challenges, simply because it has been largely ignored by policymakers. Terrorism from white radicals is a transnational threat. Similar attacks to the Christchurch killing have occurred in Canada, European countries like Norway and the United Kingdom, and the United States. More will come, and these extremists view themselves as part of a war that is only just beginning. A manifesto from one of the alleged New Zealand attackers says as much, but white nationalist groups in the United States have discussed the idea of a battle emerging around the world as well. Radical white nationalist terrorism has been a blind spot for the national security communities in many countries. Although law enforcement agencies like the FBI have highlighted the threat—the FBI and the Department of Homeland Security noted in a report in 2017 that white nationalist extremists had committed more attacks in the United States between 2001 and 2017 than any other group—policymakers still often have not taken this threat seriously enough. In part, national security leaders and politicians in many states may have ignored white nationalist terrorism as a transnational threat since white nationalists traffic in theories and ideas that echo rhetoric found in some more mainstream political circles. The extremists express shared beliefs about a white race under threat, the inferiority of other races and non-Christian religions, and other conspiracy theories. White nationalist terrorists are acting on ideas of hate that transcend borders, using technologies, like social media and live streaming, that transcend borders, and celebrating other white nationalist figures from around the world, to create an imagined future (of theirs) that they believe transcends borders. The national security communities of the Five Eyes countries need to work together to combat the transnational ideas and the technologies that can be used to turn extremist ideas into action, and ensure that mainstream politicians’ rhetoric does not dampen a meaningful response to this growing threat, or obfuscate its character. Yet while intelligence officials have noted that Five Eyes partners have created a massive intelligence sharing network regarding other types of transnational terrorism, they also have noted that this intelligence sharing has not generally extended to domestic terrorists and terrorist groups, even white nationalist ones. Indeed, intelligence officials told the Washington Post that while Five Eyes countries might tell a partner state about a potentially imminent terrorist attack by a domestic extremist in that other country, they do not routinely share information about domestic terror threats in partner states. Now, that must change. Van Jackson is a Senior Lecturer in International Relations at Victoria University of Wellington, the Defense & Strategy Fellow at the Center for Strategic Studies: New Zealand, and a Global Fellow at the Woodrow Wilson International Center for Scholars.

After more than thirty years of federal government service, CFR's Michael P. Dempsey shares his reflections on the state of U.S. national security, global conflicts, and the U.S. intelligence community.

China is once again conducting cyber-enabled theft of U.S. intellectual property to advance its technological capabilities. A new Council on Foreign Relations brief provides recommendations to combat this new old threat.

When the Democratic National Committee realized they had been hacked in April 2016, they turned to experts from a private company: the cybersecurity firm CrowdStrike. Within a day, the company had identified two Russian state-sponsored hacking groups inside the DNC network. Within a few weeks, it publicly explained its analysis in a detailed blog post. It wasn’t until months later that the US government publicly confirmed Russia’s role. As government-backed hackers in Russia, China, Iran, and North Korea continue to infiltrate and attack American companies, it’s often private cybersecurity firms, rather than the US government, that are publicly assigning blame. By stepping aside to let private firms expose nation-state hackers, the US government preserves its intelligence capabilities and options to retaliate. It’s an informal arrangement that has been good for business and government and bad for state-sponsored hackers. Unfortunately, it’s a situation that is too good to last. Though cybersecurity firms are proliferating, there are no agreed-upon standards for making accusations of cyber-attack, increasing the risk that business incentives will tempt companies to name culprits without sufficient evidence. States themselves may even spread misinformation about the source of an attack. As the waters get muddied, the government needs to take on a larger role in naming and shaming state-backed hackers. The process of assigning blame for cyber-attacks, known as attribution, is a mix of art and computer science. It requires weaving together subtle forensic clues with past attack methods, current operational techniques, and knowledge of adversaries’ geopolitical objectives to identify a likely perpetrator. Hackers are always looking for new ways to cover their tracks or throw blame on others. Successful attribution makes hackers’ jobs harder. As the risk of getting caught goes up, the likelihood of a country conducting an attack to obtain illicit information declines. When cybersecurity firms are able to call-out nation states for engaging in data theft, destruction, and espionage, hackers and the countries that employ them must consider real costs in the form of public embarrassment and potential retribution. Nation-states that conduct cyber-attacks, unlike criminal groups, are sensitive about their reputations and the impact that accusations of hacking have on their foreign policy interests. We know this because of the vehement denials issued by countries caught in the act. Even North Korea, known for its reclusive behavior, regularly denies accusations of hacking. American government agencies are often loathe to speak publicly about the origin of cyber-attacks because they fear exposing their methods of monitoring nation-state hackers. Officials commenting publicly can also undercut efforts to pursue prosecution, apply diplomatic pressure, or retaliate in other ways. So the US government has been perfectly happy to let private companies take the lead while they formulate a response. But by avoiding public comment, the United States is forgoing a powerful tool in deterring attacks: timely public exposure that causes hackers and their sponsors to question the value of such activity. In exceptional cases, the US Department of Justice or Intelligence Community have officially attributed attacks. These attributions tend to be detailed and laced with damning facts, like the identities of specific foreign government hackers and names of military or intelligence units involved. Official announcements—particularly in the context of criminal indictments—can be powerful deterrents, but they are infrequent and require considerable time and resources, sometimes coming years after the attacks have occurred. For now, private security firms continue to lead the way on public statements of attribution. But their work is not done for altruistic reasons alone; cybersecurity firms’ ultimate goal is to sell software and services. In particular, there is value in being the first company to publicly attribute an attack because it is typically the firm most widely cited in the press. The most prominent of these private companies are believed to adhere to high technical standards. But as the cybersecurity sector gets more competitive, firms will seek to distinguish themselves by capturing headlines. The cybersecurity industry is expanding rapidly—by some accounts, at 15 percent a year—and new firms are constantly entering the market. These up-and-comers will be under pressure to make a name for themselves by attributing attacks quickly and loudly. Because there is no standard for what attribution looks like, these firms have flexibility in how rigorous their assessments are. Attribution will become less and less reliable as firms race to the minimum level of certainty before going public. Hackers may even exploit this phenomenon by deliberately including misleading clues to ensnare firms. There is also real risk of so-called attribution pollution, spurious claims of responsibility. It’s not hard to imagine a situation in which malicious foreign cybersecurity companies are founded simply to provide erroneous attribution or to dispute others’ conclusions. Indeed, we got a taste of this in the 2014 North Korean hack of Sony Pictures, when credible companies offered competing narratives to the official attribution. The uncertainty lasted weeks, undermining efforts to hold North Korea accountable. Although those disagreements appeared to be legitimate, the situation underscored that for states seeking to avoid responsibility, eroding confidence in attributions can be an effective tactic. Owing to these factors, the value of private attributions will decline—that much is obvious. Already, the Justice Department is increasingly naming hackers in documents, and US Cyber Command has begun posting samples of malicious code in a public repository. But it's clear that the US government needs to partner with private firms to better share information about malicious actors and establish industry-wide standards and methods for attribution. It won’t be easy. It’s not in firms’ interest to share proprietary data and techniques with their competition. But without a major effort to share intelligence and set attribution standards, the small island of accountability provided by private cybersecurity firms will be subsumed in the ever-rising ocean of malicious activity.

The United States still does not have an effective strategic foresight system to assess and mitigate geopolitical risks. 

President Trump’s revocation of a former CIA director's security clearance has stirred up a debate about access to government secrets, free speech, and democratic norms.  

In his book A Great Place to Have a War, Joshua Kurlantzick tells the story of the CIA’s covert war in Laos during the Vietnam War. He examines how the country became, surprisingly, a U.S. policy priority, and analyzes why and how the CIA was able to build the war into one of the biggest covert operations in U.S. history. He further uses the Laos war as a prism to examine the CIA’s operations in the global war on terror today.

According to the New York Times, the White House wants to further limit China's access to U.S. technologies by barring their citizens in U.S. universities from performing sensitive research. That might do more harm than good. 

A growing list of brazen foreign operations signals that there are few constraints on Russian intelligence under Vladimir Putin’s leadership.