Published by The Lawfare Institute
in Cooperation With
On Tuesday, Nov. 5, the Senate Homeland Security and Governmental Affairs Committee held a hearing on the evolving threats facing the United States. The committee heard testimony from several senior government officials: Christopher Wray, the director of the FBI; Russell Travers, the director of the National Counterterrorism Center (NCTC); and David Glawe, the undersecretary of homeland security for intelligence and analysis.
In their written and opening remarks, the witnesses outlined a dizzyingly broad array of threats—from domestic and international terrorism to transnational organized crime, cyber and economic espionage, election interference, data insecurity, and potential chemical and biological attacks on the homeland.
But as the hearing wore on, senators’ questions and witness testimony narrowed in scope, focusing primarily on three aspects of America’s security challenges: how to optimize information sharing to combat domestic terrorism; how to counter Chinese cyber and counterintelligence operations; and how to address the growing problems posed by new technologies, namely, ransomware, cryptocurrency and unmanned aerial systems (UASs). Wray testified repeatedly that homegrown violent extremists (HVEs)—individuals inspired by the virulent ideology of the Islamic State and al-Qaeda but not formally affiliated with the groups (the bureau uses HVE to describe Islamist terrorism, not white nationalist violence)—pose the single greatest threat to Americans’ lives, but HVEs received less attention in the hearing than the aforementioned policy concerns.
With the mass shootings of the summer and the recent arrest of a man plotting to bomb a Colorado synagogue in mind, senators seemed intent on ensuring that the senior officials before them were coordinating an all-of-government response to domestic terrorism. Sen. Kyrsten Sinema asked the witnesses how they planned to enhance information sharing between federal, state, and local law enforcement to ensure that entities across government have appropriate access to information on threats and trends in domestic terrorist suspects’ behavior. Wray testified that the FBI engages daily with state and local law enforcement, most significantly through its joint terrorism task forces (JTTFs). He explained that 200 JTTFs exist across the country. And in many cases, task force officers are state and local law enforcement officials who work full or part time on the FBI task forces. The director also noted that the FBI and the Department of Homeland Security (DHS) regularly disseminate bulletins to state and local law enforcement with granular detail on the agencies’ perception of the threats Americans face, including domestic terrorism threats. Glawe added that his office hosts the Homeland Security Information Network, which facilitates the sharing of “sensitive but unclassified” information compiled by FBI, DHS, state and local partners, and the private sector on the threats facing American communities. The undersecretary testified that overall engagement with the network has risen substantially in the past two years, jumping from 17,000 views in 2017 to more than 90,000 in 2019. He attributed this to DHS’s efforts to draw attention to the detailed resource.
The witnesses recognized, however, that domestic terrorism, a term often used to refer to white supremacist violence, is hardly a purely domestic phenomenon. Indeed, Travers described the concept of “domestic terrorism” as “a bit of a misnomer” given the transnational links between these violent extremists. As Wray explained, white supremacists and neo-Nazis in the U.S. frequently connect with like-minded individuals from other countries online, and some have even traveled abroad to train. Accordingly, Wray said, the U.S. is working extensively with its partners in the Five Eyes Alliance—Australia, Canada, the U.K. and New Zealand—and with other countries to tackle this threat. Travers added that NCTC brings both “analytic horsepower” and extensive collection capabilities to bear on the international side of the problem, complementing the FBI’s work.
Senators were also acutely concerned with the threat China poses to American national and economic security. Sen. Mitt Romney, for instance, decried China’s “hourly” incursions into U.S. corporate and government databases. He pointedly asked the government’s witnesses whether there were ways to limit these incursions other than by adopting a policy he termed “mutually assured disruption”—a reference to the Cold War nuclear doctrine of mutually assured destruction. A posture of mutually assured disruption, Romney suggested, would involve persistent and severe U.S. cyberattacks on Chinese government and business databases, a move that Romney argued would vastly increase the costs of China’s incursions into American systems. Wray countered that offensive cyber operations are effective but not the only way to push back against Beijing’s aggression. The FBI director submitted that cybersecurity today is more about detecting and mitigating incursions than preventing them outright. In particular, the director highlighted the FBI’s efforts to help the private sector to better defend itself against foreign incursions, stating that the bureau’s focus, in tandem with DHS, is to collaborate closely with companies to identify cyber threats, isolate and confine the problems and prevent any damage from worsening.
Sen. Josh Hawley pressed the witnesses on a related problem he believes receives too little attention: the practice of U.S. companies storing large amounts of consumer and corporate data in China. Wray noted that the bureau is deeply concerned about this practice because Chinese laws require that the communist government have sweeping access to data stored in the country.
Senators turned their focus next to the issue of Chinese counterintelligence operations and theft of American intellectual property. Pointing to Canada’s arrest of Huawei’s chief financial officer, Meng Wanzhou, Sen. Ron Johnson asked whether the U.S. government should direct law enforcement to deny entry into the U.S. for management-level officials in Chinese companies. While acknowledging the important role law enforcement plays in countering China and holding it accountable for intellectual property theft, Wray stressed that a more effective counterintelligence strategy would integrate trade, diplomacy and engagement from the private sector and academic institutions. To minimize the success of Chinese counterintelligence, the FBI director contended that companies should fire individuals who violate the terms of their contract by stealing U.S. secrets or intellectual property, and that universities should terminate researchers who do the same. The FBI, Wray continued, is “more forward-leaning” now than it has previously been in providing universities and private sector entities with detailed information about the Chinese threat. The hope is that companies and universities will voluntarily begin to protect themselves from Chinese assets and exploitation. Though universities’ responses and level of cooperation with the FBI have varied, Wray noted that he has been “quite encouraged” by a number of universities, which have agreed to a partnership with the bureau.
When asked whether the bureau has sufficient resources to combat Chinese counterintelligence operations, Wray stated that the FBI’s counterintelligence division is “in need of growth and resources.” He underscored the division’s need for more linguists and “data analytics” to make sense of the terabytes of data the FBI receives and collects. The director did not specify what he meant by “data analytics,” however—whether more data analysts, new software programs, both, or something else altogether.
As for the growing threat technology poses to homeland security, Sen. Maggie Hassan asked Wray to discuss what the FBI is doing to track and counter ransomware attacks on businesses and healthcare providers. Wray noted that ransomware attacks have increasingly targeted small municipalities and involved enterprise-level assaults that infect every computer in an organization. The FBI director testified that the bureau, in some cases, has been able to reverse engineer decryption keys that allowed companies to regain control of their systems. But Wray offered up little additional information, save a broad comment about the bureau’s joint efforts with DHS to address the problem.
The hearings revealed that terrorists, too, have become increasingly adept at using technology to achieve their aims. Sen. Romney asked whether Congress should take action to address the burgeoning problem of cryptocurrency, particularly as it relates to terrorism. Wray agreed that something must be done, but cautioned that he was unsure whether adding new regulation would be the appropriate response. The FBI, he continued, approaches the cryptocurrency problem from an investigative perspective, and accordingly works to find ways to continue to “follow the money” even though cryptocurrency complicates that task by “anonymizing” terrorists’ transactions. Earlier in the hearing, Travers testified that terrorists have already turned to cryptocurrency to fund their operations and will continue to do so in the future.
Finally, senators pressed the witnesses to elaborate on the threat of UAS attacks on critical infrastructure and large public gatherings. Glawe remarked that DHS has documented an increase in drone incursions over critical infrastructure. And while Wray noted that the FBI and DHS appreciated the drone legislation Congress passed last year—referring to the Preventing Emerging Threats Act, which gave DHS the authority to identify, monitor, track, disrupt, seize control of, or use reasonable force to destroy UAS endangering public safety—he added that state and local law enforcement hope to obtain similar authorities to confront the problem and that the bureau will soon send a report to Congress on gaps it has identified in its existing authorities. Johnson, the committee chairman, seemed unsurprised to hear this, saying that he always considered last year’s legislation to be a first step in a longer process of addressing the dangers of drones. Wray concluded by stating that the FBI continues to work with DHS and the Departments of Justice, Defense and Transportation to find safer means of addressing the threat that UAS poses to large civilian areas.
While senators asked a number of insightful initial questions, they often failed to follow up on some of the most important points the witnesses made in response. When Sen. Thomas Carper asked Wray about America’s partnership the Kurdish-led Syrian Democratic Forces, for instance, Wray responded that the FBI “and others” have conducted biometric “enrollment” of ISIS fighters on the battlefield. That is, the bureau and its counterparts have fingerprinted and taken DNA samples from ISIS insurgents, and made that information available to America and its allies to advance efforts to capture insurgents who flee Syria. Glawe noted that the collection of biometric information is crucial for DHS given the agency’s responsibility for vetting individuals entering the U.S. But neither Carper nor any other senator inquired further about the status of this biometric enrollment. That left several important questions unasked, particularly about the progress the intelligence community made in biometric enrollment, how recent upheaval in northeast Syria has affected enrollment, and how the administration plans to resume fighters’ enrollment if instability in the northeast has disrupted that process.
Earlier in the hearing, senators also failed to follow up on a series of incisive points that Travers made in his opening statement. The NCTC director noted that “looking out five years, we are particularly concerned with the growing adverse impact encryption will have on our counterterrorism efforts.” The director also stressed that military and law enforcement operations alone will not eliminate terrorism. That terrorist groups are far more numerous today than they were on 9/11, he said, is proof enough of the grave threat the groups continue to pose. To address that threat adequately, Travers contended, the U.S. and its allies must do more in the “non-kinetic realm to deal with radicalization and underlying causes.” But senators neither pushed the director to elaborate on what a better, “non-kinetic” strategy might entail nor pressed him to speak about the problems encrypted communications pose, or about potential solutions to those problems. Instead, Travers’s remarks—some of the most emphatic and astute at the hearing—likely became passing and forgotten blips on a cluttered Senate radar.