Risk Considerations as Domestic Terrorism Evolves

Sept. 9, 2021, 8:00 AM

In January 2021, the U.S. was shaken by a brazen assault on its Capitol and elected officials. This was not a replay of September 11 or the act of a foreign terrorist organization (FTO). Rather, this attack was carried out in large part by U.S. nationals, followers and perpetrators of domestic terror groups and ideologies.

Domestic Terrorism (DT) is not a new phenomenon in the U.S., but the scale and impact of the invasion of the U.S. Capitol revealed how serious the threat has become, with clear indicators that the capabilities of these groups and lone actors (once considered fringe) have reached a maturity with devastating consequences. The rapidly evolving threat of DT poses increased risk to a wide array of industries, including financial services. As the list of external threats continues to grow exponentially, in-house security teams are partnering with sophisticated cybersecurity and intelligence firms to help inform and protect their companies from potential DT events.

What makes the DT threat so difficult for in-house teams at financial institutions to address is its nimbleness and ability to swiftly react to spontaneous targets of opportunity. While FTOs may plan and prepare their attacks for weeks, months, or even years, DT events often coincide with groundswell public gatherings and community-organized demonstrations with little to no advance planning. As reported by the Center for Strategic & International Studies in their brief, The War Comes Home: The Evolution of Domestic Terrorism in the United States, the data shows a distinct correlation between the increased volume of public demonstrations in 2020 and DT events that occurred in response.

DT actors can organize and execute so quickly because their methods and resources are primitive. Their goal is most often to frighten and intimidate, rather than inflict mass fatalities, and this can be easily accomplished with even a few individuals armed with easily acquired weapons—knives, clubs and bats, bricks, vehicles, etc. These terror acts do not require extensive planning, laborious orchestrations, or even significant financial backing. A DT actor can initiate a terror act as quickly as making a stop at the local hardware store en route to a public protest they learned about five minutes prior on social media.

These factors, combined with civil liberties and other legal considerations, make it nearly impossible to identify would-be domestic terrorists and their networks through the same financial industry tools used so effectively to investigate FTOs. Gone are the international wire transfers, carefully concealed payments, and vast financial resources network. And how is one to distinguish the intentions behind every purchase of bricks or hammers?

The most valuable source of information regarding DT threats is to be found online, through a vast array of social media platforms, websites, and forums. But with this ease of accessibility comes an overwhelming volume of information—far beyond anyone’s ability to effectively sift—and within that information exists a staggering number of false positives and false alarms. How many people espouse violent or extremist rhetoric behind the comfort of virtual anonymity without any real intention of action? This tendency leads modern law enforcement to suffer alert fatigue and diminishes the effectiveness of investigations.

This leaves financial and other private institutions exposed to three primary vulnerabilities related to DT events:

1. Physical threat of harm or damage done to facilities and/or personnel, whether deliberately targeted or as collateral damage.

2. Public relations and threat to institutional reputation. A company may face crippling consequences if a radical extremist or DT actor is found to be an employee or otherwise affiliated with its brand or if it does not respond swiftly and emphatically enough to the DT action.

3. Theft of intellectual property and/or cyber threat.

Though most DT events are currently unsophisticated and focus on physical intimidation, it is the nature of extremists to evolve and enhance their capabilities. The next progression in the evolution is for DT actors to target their victims via cybercrime. DT is rooted in outrage and a desire for retaliation against perceived grievances. A DT actor offended by a business’s operations or code of ethics could just as easily intimidate, disrupt, or collapse that institution through a cyberattack. Consider the potential damage if the next attack on a major oil pipeline is motivated by radical rhetoric and not just a money grab.

No entity exists that can scrape, scour, and analyze the limitless volume of open-source intelligence that lives on the internet. As a result, businesses operating in the financial services industry and beyond are increasingly addressing this challenge by employing a team of on-demand, external, multidisciplinary experts to conduct criteria-based data mining and bespoke real-time, human-driven research. Although many financial institutions and other organizations maintain a security team proficient in traditional investigations, external advisers can help address the proliferation of information and also extend an in-house team’s reach without adding permanent overhead costs.

How Can Organizations Prepare?

Ideally, augmenting in-house security capabilities will involve sophisticated threat assessment intelligence from a cross-functional team of cyber leaders, advanced data analysts, and those with proven visibility into dark web forums. To stay on track, the workplan of the external resource should closely align with the four pillars of the U.S. national security strategy. Specifically:

  1. Assess the threat: External advisers can tap into proprietary human source networks and connect the dots between publicly available information to better understand the nature of the domestic terrorism threat holistically. They can also be on point to push that information out to state and local law enforcement, as well as any relevant industry groups.
  2. Social media scraping and incident preparedness: Skilled researchers and data analysts should focus on behavioral indicators toward radicalization, especially among departed employees and/or disgruntled customers. Input from groups outside the federal government can help hone likely scenarios for DT attacks in order to structure a playbook and effective response plan.
  3. Leverage federal resources: DHS and CISA play a key role in securing critical infrastructure, and their real-time reporting and guidance in the wake of threats should be relied upon.
  4. Addressing challenges long-term: Data analytics and risk assessment should be utilized to pinpoint and address the vulnerabilities that often underpin domestic extremism events. Addressing these challenges is a lofty goal but can be broken down into a practical framework and action plan with input from skilled advisers.

The world presents a complex and ever-changing risk landscape. For better or worse, dynamic changes in technology and means of instantaneous communication empower growth in society and private enterprise just as effectively as they also expose vulnerabilities, conceal criminal activity, and mask those who threaten our communities. These same technologies when paired with vigilant monitoring can enable your organization to anticipate and thwart potential DT threats.

This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.

Author Information

Julie Copeland is a partner and Nathan Fisher is a managing director at StoneTurn.

Bloomberg Tax Insights articles are written by experienced practitioners, academics, and policy experts discussing developments and current issues in taxation. To contribute, please contact us at TaxInsights@bloombergindustry.com.

To read more articles log in. To learn more about a subscription click here.