Data, people and terrorism

A lot of people are fascinated with technology. Maybe a little too fascinated.  I am not suggesting that the use of technology is bad: after all, I am writing this blog on my Dell laptop and not the manual Smith-Corona typewriter (if you are under 30 look up the word “typewriter” in a dictionary) that I tapped my MA thesis on eons ago.

But there is nevertheless an unhealthy arrogance that technology is the best solution to all the problems we have.  I thought of this today as I read a neat article by Dr. Helen Ofosu, an HR consultant and head of I/O Advisory Services.  She wrote that the weakest link in cyber security is not the strength of your firewall or encryption but whether the people who have access to computer networks can be trusted.  She goes on to say that some employees come to work with “baggage” (rough marriages, addiction problems, personal grudges, etc.) and that these problems may lead them to act in their own self-interest and not that of their employer.  Dr. Ofosu notes that 50% of all data breaches come from within, not through outside hackers.

In Dr. Ofosu’s words, these are “insider threats”.  I of course have been writing about insider threats for almost two decades (even the title of my first book is The Threat from Within). And just as trying to ensure that your employees are happy and not prone to screwing the company takes a human touch, so does good counter terrorism.

No I am not saying that technological tools are useless: after all, I worked in SIGINT for 17 and a half years and I would like to think that that time was not wasted.  But I fear that we see technology as a panacea for defeating terrorism.

The bottom line is that a well-placed human source (or agent) can do things no technology can.  Humans can react to changing circumstances in a very short time.  They can ask questions and seek clarification about the nature of the threat.  And they can influence terrorists in ways that are good (disruption) or not so good (entrapment).  Of course there are challenges as well.  Human sources are hard to recruit and are sometimes not so willing to go into situations that are dangerous and could expose them to serious harm.  It is in those cases that technical resources may be better.

As with most things in life, a bit of this and a bit of that is best.  Intelligence agencies are good at both human and technical sources and where to deploy them.  Too much of a reliance on one over the other is generally not a good thing.  Perhaps there were times when this actually happened.  For instance, there was this rumour in intelligence circles some time ago that the US had depended far too much on SIGINT and neglected HUMINT in the years leading up to 9/11.  I do not know this to be true but it is nevertheless a good reminder that weighing multiple options is usually the better way forward.

We need to put the use of technology in counter terrorism in proper perspective.  It has a role as does the much-hyped (but still promising) field of data analytics, but when push comes to shove I’d put my money on a human source nine times out of ten.  I don’t have the data to back this up, but my instinct tells me that more plots have been foiled by people than by intercepted communications.  Humans rule!


By Phil Gurski

Phil Gurski is the President and CEO of Borealis Threat and Risk Consulting Ltd. Phil is a 32-year veteran of CSE and CSIS and the author of six books on terrorism.

Leave a Reply