Tue, Jan 4, 2022
As the world slowly emerges from the pandemic and people return to offices, schools, malls, etc., we naturally expose ourselves to a terrorism threat that still exists. Terrorist tactics witnessed pre-pandemic will likely resurface in the form of violence from a lone wolf in a large public gathering with porous access control. It is just these types of attacks that can rock the soul of a nation. This month’s Kroll’s Security Concepts Podcast welcomes Christopher Palmadesso and Matthew Dumpert, Kroll intelligence and national security experts who have spent their careers combatting global terrorism. Listen now to learn how company leaders can look inward at business continuity plans so when there is an uptick in terrorism and violent acts, you are in a better place to address your vulnerabilities and lower your risk model.
What Are the New and Emerging Terrorism Threats
“Hello, and welcome to another Security Concepts podcast. Today, we're discussing the current trends in ideological terrorism and how the environment has changed in recent years. To have this conversation, we're bringing back Matthew Dumpert, who you've met on previous podcasts, and introducing to our podcast Chris Palmadesso. Chris came to Kroll after many years in the U.S. intelligence community, in roles such as the project lead for the DHS nationwide suspicious activity reporting initiative, and as a senior intelligence analyst and briefer in the U.S. National Counter Terrorism Center. Welcome to the podcast, gentlemen.” – Jeff Kernohan
“Hey Jeff, thanks so much. Happy to be with you again and happy to be talking about some of the emerging threats in terrorism, something top of mind for a lot of people.” – Matthew Dumpert
“Yeah. Jeff, Chris, over here. It's nice to be on the Kroll team and really excited to chat with you guys about the evolving terrorism threat and how the pandemic’s played a role in that.” – Christopher Palmadesso
“Yeah, it's a very interesting topic. We know that the risk managers out there, the security directors, the general councils, they've been heavily tasked with dealing with all of the risk that is out there. And we haven't had, even on this podcast, we haven't even talked about world terrorism and how it is changing and how it is still a threat. So, it's really interesting to be able to get you guys in, these intelligence people, the people that have used your entire careers, combating global terrorism in one level or the other to have you guys all on to talk about this. I will go right into some questions. Let's start with, can you talk about the new and emerging threats? We know that the Afghani government and the Taliban's return to power, some changes there, maybe introduced some additional threats, but what are you guys seeing as the emerging threats out there?” – Jeff Kernohan
“Jeff, that's an excellent place to start. After the fall of Afghanistan and the Afghani government and the rise of the Taliban back to power, I think we can expect an uptick in ideological and transnational terrorism, likely to be regional at first, in areas where they have a nexus of support or a sphere of influence, or areas where they can easily access through porous borders with Afghanistan now in the hands of the Taliban. Whether it regresses into the type of failed state of the past is yet to be seen. The Taliban has expressed on the world stage a desire to be at the table, to be at the negotiating table and to be part of the world dialogue that remains to be seen. What I fully expect to happen in short time here is, again, that uptick in ideological and transnational terrorism targeting typical venues that have symbolic significance, where there are large densities of Westerners or venues that shock the soul.”
“And I say shock the soul because when there's an attack at a shopping mall or a movie theater or a holiday market—those are places where people go every day without thinking twice. They pack their kids in the car, they bring their parents, their loved ones, their friends, and they go without thinking. And when an attack is taken out or perpetrated in those types of venues, it shocks the soul. It shocks the soul of a nation and it shocks the soul of the world. It rocks their psyche, and that's the ultimate goal. The individuals perpetrating this type of violence know the number of people that they're going to be able to hurt, maim or kill is limited, particularly if they're acting alone—and we'll talk about that later, which is what we're seeing more and more of. However, the psychological impact can be significant if they're able to disrupt the lives of millions of people.” – Matthew Dumpert
“Yeah. Matt, as we all know, that terrorism threat has been evolving over the past 20 years or so post-9/11, obviously, speaking about the larger attacks and the attacks on the World Trade Center on 9/11, we're not obviously going to see those larger attacks. The intelligence community has indicated thus that we will see, as you mentioned, a lot of those smaller attacks. The pandemic really playing into this risk model and really focusing on some of the vulnerabilities that were out there in the past that were no longer vulnerabilities, such as the shopping malls, and some of the commercial sectors are no longer that vulnerable because people were not there and those soft targets as we had spoken about. And so, what's really interesting to see is, as we get back to work, we get back to our buildings and our malls and our schools, we're really—the vulnerability now is exposing itself again. And as you had mentioned, this terrorism threat is still evolving with some of those lone offenders, homegrown violent extremists that are part of that ideological extremism element. So, as we do get back to work, that is something we really do need to pay special attention to.” – Christopher Palmadesso
“Chris, that's an excellent point. And you brought up something I want to amplify, and that's the notion of the soft target. The most likely manifestation in the U.S., I think at least is from those who may be inspired to conduct small acts of violence with homemade weapons, like we saw at the Boston Marathon bombing, for instance. And again, these homemade or these lone wolf–style attacks can involve firearms. They can involve knives, vehicles plowing into crowds or any other type of impromptu or homemade weapon. And again, the number of people that can be hurt, maimed or killed, it's not insignificant, but it's not large scale. The large-scale operation is getting harder and harder to perpetrate because of the international community, the global community of intelligence communities of law enforcement communities, the concerned citizenry who now know if they see something to say something—it's a lot easier to perpetrate one of those lone wolf–style attacks with homemade or impromptu weapons, and that notion of soft target that you just mentioned is critically important, particularly to our listeners here, because that's something that we can change. That's something that we can impact.” – Matthew Dumpert
How Supervisors Can Prepare for Post-Pandemic Terrorism
“The goal for any security director, risk officer, general counsel, or anyone tasked with a security portfolio is doing those things that are reasonable to make your facility, make your operation, as hard a target as possible. The last thing that any business wants—or any facility or risk manager or corporate council wants—is for their facility to be the target because of either porous security features or a lack of attention on the basics of securing facilities and securing people.” – Matthew Dumpert
“Yeah. Building resiliency is absolutely huge, you can't stress that enough. I mean, from the government sector to the private sector, we're going to be nailing that one home. Just the ability to identify the risk model, really taking into consideration the threat and by taking into consideration the threat it’s really important for our private sector partners to understand that there's a significance in understanding the intent of the adversary and the capability of the adversary in that particular threat. And then looking at the vulnerable elements within your sector, whether it's an insider threat, whether it's actual brick and mortar of vulnerability within your sector, and then the consequences and really what the consequence would be if that actor was able to exploit that vulnerability based on their intent, capability and what the consequence would be on your workforce, on your cyber infrastructure, on your actual brick and mortar infrastructure and your safety security—that all would be very key to assessing in part of the risk model and the scientific approach to it.” – Christopher Palmadesso
“Yeah, it means getting the basics perfect, right? I mean, in any security apparatus, there are some basic functions that can help thwart either criminal or terrorist incident. We talked about motives, we talked about preparedness, we talked about resources. We talked about the notion of the lone wolf versus the highly sophisticated, and what it boils down to in a lot of cases for private sector and even public sector security directors is making sure that the basics of security are fully functioning, right? And what that allows us to do is, when the basics of security are fully functioning and well-practiced, it makes it that much easier to tackle the hard things—the hard things like identifying preoperational surveillance, detecting threat indicators—those red flag indicators that violence is either being planned or immediately afoot.”
“And then, of course, the hard duty of counteracting or mitigating a more sinister act. And what do I mean when I talk about basics? It's access to control, it's training our people, our citizenry, our employees, to recognize suspicious activity and pick up on it early in the terrorism life cycle, and I'll talk about that in a second. It's knowing the indicators of potential violence so that people can stand up and say, and report, “I saw something suspicious and it needs to be investigated and assessed as suspicious activity.” We know—I just alluded to the terrorism attack life cycle—we know that both criminal elements and ideological extremists or terrorist actors conduct what we call preoperational surveillance and we know it happens, generally, and at least twice before any attack.” – Matthew Dumpert
“Matt, we've also seen how well the reporting of suspicious activity and those behaviors that are reasonably indicative of preoperational behavior is successful. I mean, we saw that in Point Pleasant when there was the marathon down there, and a couple of folks saw some suspicious behavior—turned out there was a homegrown, violent extremist that was attempting to plant an IED to disrupt the marathon down there in Point Pleasant. So, it's only as good as the communication that our security directors out there able to build with their employees to know how to report those suspicious indicators, really knowing what is unusual to that particular workplaces. It's only as good as the information that we gather from our workforce and from the folks that really can identify something that's out of the ordinary.” – Christopher Palmadesso
“That's exactly right. And having the infrastructure set up, having those communication pipelines established so that your employees, if they see something around the workplace, or in the immediate neighborhood, or in the immediate vicinity of their workplace that seems odd or out of place, right? This is an environment that they interact with regularly. So they know what's normal and what's abnormal. Sometimes it's difficult to get folks to call the police or call 911 if they see a suspicious package or a suspicious individual, but it's a lot easier if the workplace, if the employer, has a threat-reporting process established, right? It can even be anonymous, it can be an inbox that's monitored where they can report suspicious activity. And that goes directly to those within the organization who are tasked with safety, security, investigations and assessment.”
“I mean, the other basics that we're talking about here are robust access control to keep bad actors out of facilities so that if they do intend on violence, the ability for them to carry out something large scale is limited—Vehicle access controls, the screening of vendors, mail screening, so that suspicious mail items can't circulate throughout the business place, isolating your workplace.”
“So that if a bad actor does get in and they intend on violence, limiting their access throughout the workplace, thereby mitigating the amount of damage that they can inflict. Notification systems, evacuation procedures–these are all basics of security that security professionals and security directors and risk managers and general counsels deal with every day When those things are buttoned up, when those things are well in place and well-practiced, there's a fluency. And it frees up the bandwidth for our security staff to then deal with these more sinister acts, with picking up on the preoperational surveillance, with picking up on threat indicators of violence. If those basics are not fluent, then so much of our daily bandwidth is taken up maintaining those basic processes. We don't have the time, the energy or the bandwidth to deal with the more sinister stuff.”
“So, really, it's now that companies need to be looking inward and looking at their policies, procedures and protocols. It's now where they need to be looking at their business continuity and resiliency plans. Now's the time to do it so that if there is an uptick in transnational violence and violent extremism, we're in a better place to deal with it at that point.” – Matthew Dumpert
“Yeah. Yeah. Listen, Matt, I can’t agree with you more on this. The threat, the external threats, the evolving threats that we spoke about, that's out of our control. I mean, we're talking about agencies with three letters that are working this kind of stuff every single day to mitigate these threats, but what you had mentioned there, building your security plan business continuity, is just so vital. You look at the model, the risk model, obviously every element of threat, vulnerability and consequence, it's going to be very important, but from a director of security, at a private sector industry, really going to be looking at that vulnerability piece and how to build that resiliency and identify what is vulnerable about your particular element.”
“It's only as good as what you know about your particular entity. Also, the knowledge from the outside agencies and outside private sector entities that might be able to weigh in on what exactly is vulnerable about your sector, based on the threats that were seeing, and really what the consequences would be by playing out some scenarios and really looking at what the return on investment of building your resiliency would be just focusing on the vulnerability and how significance that has significant that is to a particular entity. I just can't really hammer home how important that is in just this podcast alone.” – Christopher Palmadesso
The Importance of the Public and Private-Sector Partnership
“Absolutely, Chris. We both come from the federal law enforcement background, and you spent a bit of time in the intelligence industry. There are very serious professionals out there that are every day and every night and every morning keeping tabs on international and transnational terrorism activity. Those are things that are outside the control of the business sector, right? But I want to highlight that the public-private partnership is critically important here.”
“We learned from 9/11 and some other subsequent smaller instances of violence that communication between public and private sector is critical. There are resources out there that are available to security directors, to general councils, to risk managers, not only that pass unclassified information from government to private sector, but there's a tremendous amount of business-to-business and peer groups out there that are actively sharing information, whether it's based on your sector, based on your region, based on your city. And I encourage every security director out there, or whoever's responsible for the security program within your organization, to seek out those opportunities because there's a tremendous amount of information that is shared in these public, private and in these business-to-business—and even, in some cases, ad hoc partnerships like-minded companies, like-minded individuals get together and they talk about these things and you'd be surprised on how much information is passed in these types of venues.” – Matthew Dumpert
“Yeah. There's some great resources out there, Matt, for sure. And you know what, there is no room for failure with what's going on with this evolving terrorism threat. Over the last few years, there is no room and we need to be 100% effective for our own private entity as well as for the public infrastructure. That's important.”
“All that works together, hand in hand, and there really is no room for error, that's why it's so important to have these conversations. I call this the prevention of September 10th. Well, we don't want to have that happen again. We don't want it to be September 10th, 2001. We want it to be what it is now, which is an open, rich communication and dialogue, an ability to identify vulnerabilities and also protect that critical industry structure information, it's really vital. I know there's a lot of government programs out there that run some of the vulnerability assessments and ensure protection of critical infrastructure information. I think that Kroll parole does a pretty good job at making sure that we identify that as well and make sure we don't expose those vulnerabilities, which is very important to meet these assessments.” – Christopher Palmadesso
“That's an excellent point. I mean, when you reference back to September 10th, we've learned a lot as a nation and as a global citizenry, and recently, if you haven't heard, colleagues of ours, Steve Palumbo and John Friedlander, were recently on a panel about the evolution of security. The public-private partnerships that have evolved since 9/11, and how 9/11 really changed the entire landscape, not only for our nation—and that's clear, I mean, we have institute that didn't exist. We have all types of intelligence and law enforcement capabilities now that never existed previously, but more importantly for us here today and for our listeners is how the landscape has changed for the private sector and how the private sector is better at coordinating and collaborating with public sector. And if you haven't had the opportunity, I urge you, it can be found on our website on Kroll’s security risk management website, but Steve Palumbo and John Friedlander really had a great panel discussion on how the effects of 9/11 totally transformed private security and the relationship between public and private sector.” – Matthew Dumpert
How Terrorism Continues to Evolve
“It's been fascinating talking about the changes to what's happened in world terrorism, but what I really want to focus on now is what are the main targets of this ideological extremism? Who are they looking for? What are they trying to attack at this point based on intelligence that we've been able to gather?” – Jeff Kernohan
“Yeah, Jeff, there's a lot of talk about that, and what we've seen is really two macro-level target preferences for ideological extremism, terrorism violence. We've got, on one hand, the highly iconic “trophy win” scenarios, of course, “trophy win” in air quotes, and we're talking about critical infrastructure, government facilities, iconic brands and landmarks. These types of targets for an adversary can be very costly, time-consuming, and have a fairly low success rate because our intelligence in our law enforcement community and our private sector community is aware of these types of targets. There's a high likelihood that plans will be disrupted. However, they're still attractive because of significant ideological and propaganda wins if they're successful, even partially successful. What we see more often on a global scale are these high-damage, low-risk type of attacks. These are your lone wolf or your small group attacks in largely publicly accessible spaces, whether it's soft target commercial or government buildings.”
“These are places where there's a high likelihood of success, right? These are places with porous access control. These are publicly accessible venues. These are places where you can go freely. There's not a tremendous amount of planning or resourcing needed for a lone wolf or a small group to carry out an attack of this nature. There's a low likelihood of disruption and the wins can also be significant while they don't have that banner effect. They don't have that trophy effect that these attacks can, like we said earlier, rock the soul of a nation and make a citizenry really question their safety on and security on a day-to-day basis. Think of attacks at shopping malls, or government facilities, or publicly accessible parks. Obviously, we at Kroll have no reason to believe anything like this is afoot now or imminent, but there's a reason why those types of attacks, those types of activity, have become more and more popular because they're effective, not in the numbers of people that they injure, maim or kill or disrupt, but really in that psychological effect and the propaganda value of carrying out a significant attack like that.”
“And I really do think that these types of high-damage, low-risk lone wolf or small group attacks in public venues are the most likely types of incidents we're going to see. And a lot of the training that's offered to employees—when we talk about threat management, when we talk about the recognition of red flag indicators of violence, or that terrorism life cycle we talk so much about—when we bring our employees, our colleagues into the fold on what we know and do in the safety and the security business every day, those lessons can be applied in their private lives as well. Being aware that suspicious activity could lead to a criminal or a terrorist event can help everybody in their private lives as well. Think about you're on the weekend, you're at the shopping mall with your family, and you pick up on suspicious activity. Okay, rather than report it to my corporate infrastructure for threat management or suspicious activity, I now know that I need to report it elsewhere. Law enforcement, mall management, facility management. So, these lessons are applicable in all aspects of life.” – Matthew Dumpert
“Yeah, Matt, that's a great point about the advisories and not really being aware of what's happening right now and realizing that the terrorism threat is consistently evolving, it did not go away. That's the importance of that national terrorism advisory system that Homeland Security has. So, gathering that as a consumer of intelligence and understanding the threats that are out there, for instance, the bolt that went out about 2 or 3 weeks ago now regarding malls in Northern Virginia and the significance of just understanding, hey, you know what, that's a threat. And then the implication of that on the private sector and on the public is just invaluable. What happened in Liverpool a few days ago just was a great illustration of what we were talking about with regards to how it impacts the global awareness of the terrorism threat. We're talking about an attempted attack on the healthcare sector, right? So, it did not occur inside the building, or really have enabled the actor to execute that particular attack, but it showed the implications to the global awareness of how this evolving terrorism threat could impact public awareness of that evolving threat.” – Christopher Palmadesso
“Yeah. And talking about public awareness, I'd be remiss if I didn't highlight the milestone events, the anniversaries, the holidays that are so significant in the terrorism and the extremist violence mindset. And that it's really no secret, it's something that's been talked about, and it's talked about every year that you're most likely to have an incident like this, or an attack like this in and around milestone events, anniversaries, or holidays, whether they're spiritually or religiously significant, or significant on a national level. These holidays and milestones—again, if an attack is perpetrated around these times, when people are home with families, when they're taking vacation, when they're on leave, when they're celebrating, these types of attacks can rock the soul. We're talking about holiday markets, we're talking about national day festivities. We're talking about significant public gatherings. And there's a reason why we see a spike in activity around these times, but I do want to point out that it's not necessarily the day of the anniversary or the day of a holiday, right? It's the days leading up to after, you have to understand that those who are planning these types of attacks are gathering resources, people—they're putting plans together. And this isn't a production facility that's run smoothly in all cases.”
“So, what you might see is an uptick in violence around the holiday season, and the reason for that is a terrorism plan or plot is going to be carried out. Typically, as soon as the perpetrators have all the resources and personnel in place, because at that point, it becomes tremendously risky to have everything in place without carrying out a plan. There are threads out there that law enforcement and intelligence communities can pick up on the longer they wait, the more likely they are to be disrupted or caught. So, you might see a plan carried out in the days leading up to, or the days immediately following one of these anniversaries, holidays or milestone events.” – Matthew Dumpert
“Well, gentlemen that was a fantastic conversation so much so that I almost forgot we were doing a podcast and I have some role to play here. That being said, I think it's time to wrap this one up. I want to thank everybody on the podcast for coming and joining us for this one. I also want to thank all the listeners, and we'll see you on the next one.” – Jeff Kernohan
In today’s fast-paced world, disruptions can happen anytime. Kroll’s full suite of business continuity, resiliency and disaster preparedness capabilities is designed to prepare your enterprise for unexpected risks and maintain competitiveness throughout the full lifecycle of any disruption.
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.