Recent comments by Homeland Security Secretary Janet Napolitano highlight the growing threat of homegrown radicalization. The recent arrests in connection with thwarted terror plots, “remove any remaining comfort that some might have had from the notion that if we fight the terrorists abroad, we won’t have to fight them here,” Secretary Napolitano said. The lack of terrorist attacks in the United States since the devastating 9/11 attacks, coupled with our aggressive efforts to undermine al Qaeda overseas has created a false sense of security. Sure, we should have increased confidence in the state of our domestic security, but complacency is not an option. The threat of al Qaeda or some other homegrown terrorist motivated by jihad or another ideology (e.g., Unabomber, Tim McVeigh) striking again is a real problem that should not be taken lightly.
Just this week, federal officials charged Chicago resident David Hadley in a 12-count criminal information. The charges relate to his alleged role in conspiring with Lashkar-e-Taiba in the November 2008 Mumbai terror attacks and developing a plan to attack a Danish newspaper that published cartoons of the Prophet Mohammed.
This comes on the heels of the attack at Fort Hood. On the afternoon of November 5, U.S. Army Maj. Nidal Malik Hasan opened fire at Fort Hood, killing 13 and wounding 30 others. While his motivations are still under investigation, Mr. Hasan had been the target of suspicion for his radical extremism and connection to Anwar al-Awlaki. Born in America, Mr. al-Awlaki was the imam of the Dar al-Hijrah mosque where Mr. Hasan and two of the 9/11 hijackers attended in 2001. Mr. Hasan and al-Awlaki had at least 18 e-mail exchanges prior to the Fort Hood attack, according to published reports.
And earlier this fall, authorities uncovered what they call an al Qaeda-sponsored domestic terrorist attack plot involving a Denver airport shuttle driver, Najibullah Zazi. Mr. Zazi allegedly trained with al Qaeda in Pakistan in 2008 before he tested homemade bombs and drove cross country to New York with nine pages of hand-written notes on the manufacturing and handling of explosives. He faces charges of conspiring to use weapons of mass destruction.
Secretary Napolitano recently reminded real estate, professional sports, media and financial leaders in New York that “[t]he majority of America’s critical infrastructure is owned and operated by the private sector.”
What then, can corporate America do to protect itself, the country at large and prevent attacks from taking place?
Companies must be aware of who they are letting into their offices, plants and warehouses. Access to private sector infrastructure and technology can have devastating effects in the hands of al Qaeda operatives or sympathizers.
Background checks for employees and visitors are a vital first step toward ensuring workplace safety. It is important for companies to run background checks not only on their employees but on visitors as well.
“Insider” threats have the potential to have the most destructive results, as “insiders” are familiar with vulnerabilities and have access to areas that the general public typically would not.
Like David Hadley, who during five trips to India conducted surveillance and took photos and videos of various targets, including those attacked in Mumbai, visitors can gather information about a company’s facilities and use that information to plot an attack.
It is important for corporations to know that traditional criminal background checks typically only reveal arrests. As is clear from recent events, companies should drill down further in search of ticking time bombs like Mr. Zazi. An arrest is not the only indication of potential risk for terrorist connections.
The private sector must take Secretary Napolitano up on her commitment to build “meaningful partnerships with businesses across the country to secure the infrastructure vital to the safety of our citizens,” and work on implementing systems that would allow the public sector to disclose limited information on suspected terrorist connections of employees and visitors.
Additionally, companies can more vigorously institute security clearance levels that allow only certain employees access to specific locations, files and information. Implementing a “need to know” system for information access, similar to that used by government agencies, would limit access to the least number of people necessary. This would require corporations to conduct an in-depth evaluation of the way they store information to better determine who should have access to sensitive materials. While these measures might seem extreme, the security of the private sector is not only an issue of corporate security but of national security.
No additional security measures will be successful, however, without increased information sharing between the public and private sectors. The private sector must put in the work to ensure that its facilities and information are not being accessed by those seeking to harm the nation. But, the private sector can only do this if the public sector is willing to allow some form of access to information on which more informed security decisions can be made. There has been much post-9/11 talk about information sharing; however, one should question whether enough progress has been made.
In a recent interview, former Homeland Security Secretary Michael Chertoff discussed homegrown radicalization and stated that, “a larger trend has emerged that is not surprising, but is disturbing . . . . You are beginning to see the fruits of the pipeline that al-Qaida built to train Westerners and send them back to their homelands.” The private sector must develop, deploy and use technologies and processes that promote the sharing of reliable information – the first step in eliminating “insider” threats is to know who is in your hallways.
As FBI Director Robert Mueller has oft repeated, it is not a question of if another terrorist attack will occur. It’s a question of when.
