August 2007


After September 11th 2001 there has been a growing awareness in the West that counterterrorist efforts  will not be successful  against global jihadism without   a long-term strategy of soft power designed to conquer the hearts and minds of Islamic communities around the world. Although the struggle against Al-Qaeda must  necessarily  employ the instruments of hard power  (military and police force), the latter will not be effective in the long-run if the West does not  develop and implement  a  strategy of soft power  (the power of ideas,  of culture,  of information, of mass communication, of education) to undermine jihadism.   The arrest or physical elimination of one or more members of a jihadist organization will only be a short-term success if jihadism continues to recruit, indoctrinate and train new members. Al Qaeda is implementing its own soft power strategy including  propaganda, disinformation and psychological warfare activities. This strategy, which reflects an advanced adaptation to  the new environment  of  globalization and the information revolution pursues two basic objectives: (1) In the Islamic world (including Islamic communities in the West)  jihadist strategy aims  to radicalize Islamic populations, widen popular support for global jihadism and spread  feelings of  hatred  for the  West, the US, Israel and  Judaism.   One of the methods used is to spread paranoid conspiracy  theories of a “Zionist-Christian alliance”  against the Islamic world. (2) In the West, jihadist strategy aims to intimidate and demoralize public opinion,  undermine popular consensus and support to governments, weaken the public’s faith in the capacity of governments to protect them from terrorist attacks, spread confusion and guilt feelings in countries that have been attacked by jihadism

During the Cold War the West, led by the United States,  successfully employed soft power and strategic influence to contain the expansion of communism in Western Europe and in other regions of the world. This eventually led to the breakdown of the Soviet system.  One of the key challenges of the 21st century is   developing a  long-term Western strategy  to  undermine  jihadism using the instruments of soft power,  including the media,  education, cultural influence,   support of reformist and modernizing movements within Islam and  currents of Islamic thought that are critical of jihadism.  Such a strategy should aim at creating a more positive and attractive image of  Western societies and progressively diminishing the attractiveness of the jihadist world-view.       

softpowerejihad.pdf

For further information please contact me at the e-mail address below or prof. Sergio Germani, academic director of the conference(l.germani@unilink.it) . To register please contact Mr. Francesco D’Arrigo (f.darrigo@ceasonline.eu).

The Federal Bureau of Investigation, which has increasingly supplemented its traditional law enforcement role with new intelligence and counterterrorism functions, now says its paramount objective is to “prevent, disrupt, and defeat terrorist operations before they occur.”

New domestic intelligence collection activities that have been adopted in pursuit of this goal are described in unusual detail in the Bureau’s 2008 budget request.

http://fas.org/irp/agency/doj/fbi/2008just.pdf

Special attention is given to cultivating human intelligence sources.

“The FBI recruits new CHSs [confidential human sources] every day,” the budget request notes. But without increased budget support, the FBI says it will not be possible to validate these sources and to determine the credibility of the information they provide.

“With current resources, the FBI is unable to reach a point where all CHSs are successfully subjected to the CHSV [confidential human source validation] process.”

The budget request refers in passing to “more than 15,000” confidential human sources requiring validation (page 4-24).

The FBI also seeks new funds for intelligence collection training and operations.

“Without this training, the FBI would lack the full capacity to provide SAs [special agents] the comprehensive tradecraft, procedural, legal and policy direction needed to execute the significant and constitutionally sensitive domestic intelligence collection mission with confidence,” the budget document states (page 4-27).

The FBI’s budgetary focus on expanding its human intelligence capability was first reported by Justin Rood of ABC News. See “FBI Proposes Building Network of U.S. Informants,” July 25:

http://blogs.abcnews.com/theblotter/2007/07/fbi-proposes-bu.html

The same FBI budget document provides significant new detail on other FBI intelligence and counterterrorism activities, the FBI open source program, the National Virtual Translation Center, and other initiatives.

The Washington Post reported that there were nearly 20,000 positive matches of individuals seeking to enter the United States who were flagged by the Terrorist Screening Center, according to the FBI budget request. Despite the surprisingly large figure, only a small number of arrests resulted.

See “Terror Suspect List Yields Few Arrests” by Ellen Nakashima, Washington Post, August 25:

http://www.washingtonpost.com/wp-dyn/content/article/2007/08/24/AR2007082402256.html

By Mary O. Foley Most businesses have made sure to protect computer systems and networks from hackers. But the majority of data leaks or breaches of sensitive company information or intellectual property are often inside jobs.You’ve installed protective software, adjusted your hardware, and developed a range of new office policies, all in the name of protecting your computer networks and systems from hackers, phishers, and scammers. Externally, your system seems protected.But what are you doing to prevent an inside job? Do outgoing or disgruntled employees, or on-site contractors, have too much access to your company’s top-secret data?The answer could well be yes. According to a March 2006 Enterprise Strategy Group survey of 227 IT professionals, “employees and on-site contractors were cited as the most likely threat to confidential data security.” They even outranked concerns over off-shore outsourcers and random hackers. A separate 2005 study by PriceWaterhouseCoopers found that 33 percent of all security breaches involved current employees, and another 28 percent involved former employees or former partners.And the stakes are high: According to those surveyed, up to 50 percent of the data used in their offices could be considered confidential.The survey warned that while many companies use gateway filtering technologies to protect their network perimeter, they are much less likely to have adopted access controls and other policies to protect their systems from within.What can your company do to protect itself inside and out? For answers, IncTechnology.com looked up Kevin Mitnick, the former hacker-turned-IT security consultant. Mitnick, who served jail time in the 1990s for illegally gaining access to computer networks, now runs his own small business, Mitnick Security LLC, in Las Vegas, Nev., and helps firms address IT security problems.Have a planThe first step is to create a company-wide policy. Ideally, this policy should include “physical, technical, and human factor elements,” says Mitnick. For example, terminated employees should immediately lose access to not only the physical office, but to the computer network as well.Develop access controlsIn smaller businesses in particular, almost anyone in the company can access any data they choose. Eliminate this risk by setting up internal firewalls, Mitnick says, “so that sales people can’t access the payroll.” Through the operating system, set restrictive missions on files and directories or certain information, and allow only select employees access to it.Keep your OS up to dateMitnick notes that a lot of companies, especially smaller ones on a budget, don’t update their computer operating systems often enough. “I’ve seen businesses still using Windows 2000,” he says. The newer systems, especially Vista, have better access-control options.New password policiesDon’t let employees share passwords, Mitnick warns. “And don’t post passwords on Post-it notes in your office,” he adds. In fact, for very small offices with less than 20 employees, Mitnick recommends that all employees change their passwords every time a person leaves the company.  Larger companies might consider changing out passwords periodically, or developing additional passwords for sensitive information. Whether passwords get changed or not, however, terminated employees should lose their access to the network immediately.Monitor employee computer useIf an employee has put in notice to leave the company — on pleasant terms or not — your IT staff should start watching their computer habits. “Most employees take work product,” says Mitnick. IT staff should watch for e-mails the employee might be sending him or herself, e-mails that the employee’s friends within the company might be sending to them, or downloads to CDs, DVDs, or iPods. In addition, companies should block employee access to free storage sites, such as Yahoo’s Briefcase, notes securityinfowatch.com.Seek out helpIf your business, or simply your IT department, is too small to handle this type of project, consider hiring a consultant or VAR to help put a system in place, says Mitnick. With luck, taking these steps will help you to protect your computer networks inside and out.

Politicians and industry unite over need for security research forum

A new European Security Research and Innovation Forum (ESRIF) received the backing of the European Commission, the European Parliament, the EU Member States and industry, at a conference on security research Berlin, Germany, on 26 and 27 March.

German Minister for Education and Research Annette Schavan emphasised how security has been achieved during 50 years of European unity as she made the case for security research at European level.

‘The central objective of the security forum is to develop strategic innovation partnerships with users and suppliers – that is to say, alliances between research, science, industry, operators of security-relevant infrastructures and authorities which are responsible for security in the Member States and the EU,’ explained Ms Schavan.

The development of alliances is indeed a priority. While innovative security technologies do already exist in some sectors, and are being produced by small and young companies, ‘we are still a long way from developing and exploiting these many innovative technologies to such an extent that they provide optimum protection for our freedom,’ said the minister.

Speakers also urged the private sector to become more actively involved in security research. EU Commissioner for Justice, Freedom and Security, Franco Frattini, insisted that the state, the private sector and individual citizens share responsibility for securing information technology.

‘The private sector sees its interests strongly threatened by the same globalisation process which is pushing its economic growth. Private investment in innovative technologies is needed, in cooperation and in accordance with the public side,’ said Mr Frattini. The Commissioner also welcomed the pulling together of the supply and demand sides of security research within ESRIF, which, he said, should guarantee the relevance of research results and their use in policy-making.

Investing now will also reduce the likelihood of needing to introduce, for example, unpopular security measures at airports. Such measures are both unpopular and costly for business.

German businesses have already recognised the importance of investing in security, according to Ms Schavan. Some 80% of all security-relevant infrastructures are owned by the private sector in Germany, and the market for security solutions is growing by 7% to 8% annually. The German market has already reached a volume of €10 billion. ‘It is creating jobs; it is creating export opportunities. We must take advantage of these opportunities – among other things in order to safeguard freedom in Europe to the best possible extent,’ said the minister.

Both Mr Frattini and Ms Schavan linked security with freedom. Ms Schavan declared that the two go hand-in-hand and quoted the scholar Wilhelm von Humboldt, who once said: ‘Without security man is neither able to develop his strengths nor to enjoy the fruits thereof; for there is no freedom without security.’

The Commissioner pointed to the need to protect and promote human rights, and to consider the potential implications for fundamental rights of new technologies: ‘Technology can help us in defending fundamental rights – to start with our right to live in a secure environment. But I would also think of what is sometimes referred to as privacy enhancing technologies, such as systems which allow only the identification of data between specified sets, without revealing more than that.’

Security research has entered the EU domain with its inclusion in the Seventh Framework Programme for research (FP7). In making provisions to support projects on security, the EU is facilitating the development of new instruments to protect Europe’s democratic states and their citizens from threats, said Ms Schavan.

For further information on security research under FP7, please visit:
http://cordis.europa.eu/fp7/cooperation/security_en.html
Category: General policy
Information Source: European Commission; German Government
Document Reference: Based on speeches by Franco Frattini and Annette Schavan