unesco.jpg

I have spent many years deeply embedded in the world of cybersecurity, and more broadly working with nations around the world on processes and methods for keeping citizens safe. The instability in the current-day Middle East, combined with recent attacks in California, Colorado, Lebanon & Paris, lead me to one thought: it is time to have a very different conversation about security. The dogma needs to change. We need to develop smarter, faster and more effective methods for protecting people, information and our future. We need to push the armchair experts and their tactical thinking to the side and be more thoughtful, more mature and take this, the largest challenge so far of the 21st century, much more seriously. When I think about all the recent terror attacks, my mind focuses sharply on good friends who escaped harm in Paris. While they are all safe, 129 innocent people lost their lives and hundreds of others were seriously injured. I waited a few weeks to write something – first to allow the tragedy to pass but also to consider some more thoughtful words, compared to the hyperbole and noise generated by so many in the immediate aftermath. Unfortunately, my waiting period was interrupted by the tragic events that unfolded in Colorado and San Bernardino this week. It certainly won’t be the last time.

It’s difficult to understand the mindset that drives terrorism. We are all experiencing the mental and emotional aftermath: anger, frustration and the unrelenting desire to ensure it doesn’t happen again. However, we urgently need to push past those emotional reactions and bring critical thinking to the scenario. We are decades into the global impacts of terrorism, into this clash of nations vs. terrorists, and it is time for more thoughtful and mature response.

It starts with the bigger narrative

Let’s not fool ourselves about these conflicts, who’s involved or what’s at stake. It’s good versus evil. It’s civilization against terrorists. Focusing on one particular religion, even a radicalized subset, is as pointless as focusing on one particular gun law or screening process. It doesn’t move the needle on fixing the real problem. That requires a broader conversation involving some uneasy, non-traditional partners.

Every time an attack occurs, we are (apparently) surprised all over again. The good news is that we prevent thousands of attacks each year, but it takes just one missed piece of intelligence to allow another successful terrorist attack. To truly discern the actors and activities involved in planning and executing terrorism, we need everyone and everything involved. That means a combination of religious institutions, schools, government, law enforcement, technology and other entities all acting in collaboration and in concert. This level of collaboration will take time, but it’s a critical first step. Trust is a huge issue. Sharing trust is a bigger obstacle. But in the end the armchair experts need to go away, and our focus needs to shift to this concept of community involvement. Creating relevant, impactful policies at the grassroots and civilized world level will help accelerate and change the playing field and accelerate the change we need.

Making actionable the war on terror with real data

Not too long ago, we fought a seemingly useless war against spam. While it may not seem like a comparable situation, traditional adversaries (i.e. the Chinese and American governments) did a marvelous job of rallying resources across borders and boundaries to create a cohesive, agreed state of policy and information sharing; in short an actionable plan that made immediate positive impact. We need the same concept to apply here – aimed at data that helps us identify and eradicate terrorism. Data is everywhere. We need to build a comprehensive framework of linkages across all the various technologies used in security, border protection, credit, banking and more. This of course requires cooperation between the community, law enforcement agencies and governments. We need to ensure common communications and execution processes not just between governmental entities, but across governments around the world. Without this collaboration, we will continue to develop fragmented responses. That will lead to more of the same tragedies, as actual opportunities to thwart terrorism are unfortunately mostly lost in politics.

There are those that would argue some governments are in fact sponsors of terrorism and by sharing information, sources, methods or anything else actionable with them we would be in fact enabling terrorism. No one should read this and assume we are sharing everything with everyone. We should be selective, thoughtful and organized in what we share with whom. Selective sharing is something we have been very successful at, both inside the United States as well as in the cyber security realm for many years.

Reducing the loophole count

One of the biggest gaps in current war on terrorism is the basic blocking and tackling of cybersecurity, and it’s also the best way for the general public to contribute to the fight. Terrorists exploit weaknesses to carry out their attacks, and everyone needs to get smart about locking down their own information and infrastructure. We are a digital society now, and we need to start treating our assets for the value they represent. It’s more than a terrorism issue. For instance, over the next few years, you need to assume and act as if your identity will be stolen. The threat is maturing from intermittent to persistent. Just like locking front door, you will need to address the “background noise” of everyday precautions. They are simple but effective – things like basic password maintenance, checking and locking down credit, health records, firmware updates, home router security and ensuring you embrace two-factor authentication. Treat these activities like changing the oil in car. In doing so, you create a higher overall security baseline, and that helps fuel the broader security strategy.

Getting to a better global process

There’s no question that governments, law enforcement agencies and other parties involved with fighting terrorism already share some information. The desire to collaborate might be present, but the speed at which we iterate how to protect ourselves globally needs to increase drastically. Not all tactics will work, and we cannot wait years for results when technologies iterate on the scale of weeks (and in some cases in as little as hours). Think about the evolution of screening at airports, a process we all know is riddled with opportunities for failure. Yet we still embrace it, largely unchanged or unchallenged. This complacency and lack of speed enables our enemy. Real lives have been and will be lost.

We need to focus on accelerating how we innovate in the war on terror, and in turn significantly slow down terrorists with the development of global response and process. Organizations like NATO are perfectly positioned to create an international clearinghouse of information, an INTERPOL for terror intelligence. Global “Red Teams” can be created that include the best minds in industry, academia and government to quickly develop and SHARE ideas and methodology. It’s an obvious crowdsourcing opportunity, blending the best intelligence, technology, agencies and approaches to create a real, proactive defense – and offense.

This is just the beginning, in terms of the threat and the solution. By shifting the scope and focus of the security conversation, the people and organizations involved, and sharing in raising the collective bar for all security, we can begin to make real progress against the evil that terrorism represents. Let’s not wait for another event, no one can afford that. We have the tools, technology and certainly the motivation to mitigate this risk. Terrorism has been with us for a long time, and we keep reacting to it instead of creating actionable measures to stem the tide. We need to be more mature, we need to be faster and we need to be more effective. Now. Let’s start investing the time and resources today no matter what the cost, and not wait for another event – no one can afford that.