Raffaello Pantucci

Another edited interview with a senior security official for the excellent CTC Sentinel. I realize that it has been quite a while since I wrote an actual researched article for them. Been working on one for a long time which I really need to get finished. Huge thanks to Paul and his excellent team for their work.

A View from the CT Foxhole: Robert Hannigan, Former Director, GCHQ

Robert Hannigan was Director of GCHQ, the United Kingdom’s largest intelligence and security agency and NSA equivalent, between 2014 and 2017. He established the United Kingdom’s National Cyber Security Centre (NCSC) and was responsible with military colleagues for the United Kingdom’s national offensive cyber program.  

He was Prime Minister’s Security Adviser from 2007-2010, giving advice on counterterrorism and intelligence matters. Prior to that, he worked as principal adviser to Prime Minister Tony Blair on the Northern Ireland peace process. He was awarded the U.S. Intelligence Distinguished Public Service Medal in 2017 and honored by Queen Elizabeth for services to U.K. national security in 2013.

Robert is currently Warden of Wadham College, Oxford, and European Chairman of the cyber security company BlueVoyant. He is a Senior Fellow at the Belfer Center, Harvard; Fellow of the Institution of Engineering & Technology; and Distinguished Fellow of the Royal United Services Institute. 

CTC: Shortly after you were appointed the director of GCHQ (Government Communications Headquarters) in 2014, the Islamic State declared a caliphate after taking control of large swaths of Iraq and Syria. When you retired as director in 2017, the group was well on the path to territorial defeat in Syria and Iraq. How would you describe the contribution GCHQ made to the global campaign against the Islamic State and protecting the United Kingdom from the group’s terrorism? How did GCHQ evolve to focus on the Islamic State threat, and what were the lessons learned?

Hannigan: There were two things in particular about ISIS that made it different. One was obviously the geographical hold: the fact that it had territory in northern Syria and northern Iraq—whether you want to call it a caliphate or not—which made it almost inaccessible from the ground in practice.

The other thing that made it different was generational. This was a group that understood the power of media, and particularly new media, in a way that previous Islamist extremist groups had not. Those were two big challenges. From GCHQ’s point of view, counterterrorism was at that stage the biggest single mission. There were, of course, lots of other missions, too, but [CT] was a huge investment of resources, for obvious reasons. To some extent, GCHQ was using the lessons it had learnt in Afghanistan, which had been a very strong counterinsurgency/counterterrorism effort where GCHQ had been embedded with the military. It was building on those lessons, but of course the SIGINT environment in Syria and Iraq was very different.

In Afghanistan, essentially the Allies owned the communications space, just as they owned the air space. That wasn’t the case in northern Syria, so it was a different kind of challenge. But a lot of the techniques and international cooperation had been well exercised in Afghanistan. To some extent, the first part was a traditional mission of ‘how do you disrupt and destroy a terrorist organization from its leadership downwards,’ but the second bit was genuinely new in the sense that ISIS was obviously trying to project attacks back, as well as recruit heavily from the West to travel into the caliphate. Both of those ISIS objectives, which were interconnected, were things which we needed to disrupt, and so a lot of the task was about understanding how ISIS media worked and trying to disrupt that. I cannot say how this was done from a U.K. perspective, but there is a great deal of media reporting and academic work on this available in the U.S.

ISIS were doing two things through their media campaigns. One was inspiring people and then actively grooming those they had inspired to either come to join the group or launch attacks. And both of the stages really needed disrupting. Disrupting global ISIS media was a much broader challenge, of course, but trying to prevent individual grooming and attack planning was traditional MI5 territory, supported by GCHQ. It would not be right to go into the details of how it was done, but I do not think there was anything conceptually different about how we went about doing that from disrupting traditional recruitment and attack planning. The big difference was that it was all at one remove.

I think there were two advantages [for ISIS] to having territory: one was the propaganda value and the fact that you can present, as you saw endlessly in Dabiq and the other glossy publications, what life in the caliphate was like. That gave them a romantic propaganda advantage to be able to say, ‘Here we have built this wonderful land for you, where you can live a religiously pure life.’ But it also gave them a safe place from which to mount operations, and all they needed apart from connectivity was the understanding of how to do that: How do you inspire, radicalize, and then manipulate people? So in a sense, it was a psychological campaign as much as a physical one.

CTC: How would you describe the counterterrorism cooperation between GCHQ and U.S. agencies such as the NSA as well as other members of the Five Eyes^a and European allies?

Hannigan: It is incredibly close and always has been, in particular with the NSA. But I think what happened over the ISIS campaign was that counterterrorism really drove the cooperation between SIGINT agencies in Europe. Cooperation amongst European partners has always been good on particular cases, but I think the pressures of terrorism really drove that in a very constructive way. So now the SIGINT agencies are [working] closer together, probably more than they have ever been as a result of terrorism, and there was very active cooperation right through the attacks in Europe and beyond, as well as cooperation with other services around the world.

Fortunately, with European partners, Brexit did not make much of a difference in terms of maintaining cooperation, partly because of the threat of terrorism; these joint efforts were too important to be damaged. Different Five Eyes partners will have slightly different relationships with different European countries. But for the U.K., the French and German relationships, for example, were very important. And the U.K.’s traditional military and intelligence relationships with the Scandinavian countries have remained very strong and strengthened in the context of Russia.

CTC: What for you have been the key lessons learned in balancing democratic liberties with intelligence gathering in counterterrorism in the 21 years since 9/11?

Hannigan: It’s always been a balance. Access to data is the key for SIGINT in particular, but probably for all the agencies, and what’s changed is that there’s been an exponential rise in the amount of data being produced by the private sector on citizens. This gives undemocratic states new possibilities to do surveillance, and it’s right that in a democratic society you need to have an active and constant debate about whether you’ve got the balance right. In the U.K., the [2016] Investigatory Powers Act was an attempt to do that after the revelations by Edward Snowden, though I think the legislation was coming anyway at the time, probably accelerated a bit by Snowden. In the U.K. context, that legislation seems to strike a balance that people are comfortable with.

It’s quite interesting that very quickly after the Snowden revelations, the debate moved on, because terrorism, then the resurgence of Russian aggression, and what the tech companies were doing with data really made what governments had access to seem quite secondary. Of course, it is very important that government should be held to a higher standard, and I think that it is a debate that needs to be had all the time, particularly as data processing and data holding in the private sector changes. But it does feel like the public debate has moved on, moved on to what companies like Facebook/Meta and the other tech companies are doing.

So I think the lesson for the intelligence community is not to be afraid of the public debate. Probably one of the mistakes made towards the end of the last century, and at the beginning of this one as the internet became available widely, was not to have that debate openly enough. Because consent is crucial to intelligence operations in democratic countries, and I think there was probably an assumption that everyone understood what was happening within this context and I am not sure people did. So one of the lessons is to get better at having that debate more often, especially as it is not a static thing and you are never going to come to a conclusion on the issue, rather it has to be a dynamic debate. Ultimately, we want the minimum necessary powers for agencies. But as the technology evolves, you have to evolve in response.

CTC: If we could pull on a few threads there, what was the impact of Edward Snowden’s revelations on counterterrorism capability, and how responsible do you think the social media platforms have been in keeping terrorists and extremist content off their platforms?

Hannigan: There was a clear reaction from terrorist groups and hostile states in particular, to the revelations, and yes, there were specific counterterrorism consequences, which at the time my predecessor Iain Lobban and his counterpart at the NSA Keith Alexander talked about.^b There were things going dark that probably wouldn’t have gone dark otherwise.

With the tech companies, things have changed, but when I came into the job in 2014 I had a go at the companies¹ (something that was unusual at the time). I thought they were at that point being irresponsible, and we were in a slightly ridiculous position where the agencies were having to ask a company’s permission effectively to help on particular operations. The companies would decide whether this met their threshold for what constituted terrorism, and there seemed to be something completely anti-democratic about that. For all their failings, governments at least get elected. Tech companies are not, and they do not have any expertise in this, so it is quite weird to be expecting a bunch of probably well-meaning people in Silicon Valley to make decisions about what is and what is not terrorism in a far-flung part of London.

And, to be fair to the companies, I think they felt deeply uncomfortable, too. They are money-making enterprises. Most of them are effectively advertising companies, if we are honest; Meta is a massive advertising company, and so was part of Google. That is their business, and they did not really want to be drawn into CT, which is where the narrative about them being neutral conduits and just platforms with no editorial control came from. I think they actually believed that narrative, and they really did not think they were enabling terrorist activity.

I think over the years—under public pressure but also as a result of terrorism and other serious crime—they have realized that they are not neutral and they have to take some kind of position on this, and they have to find a better way of doing it. Every major country is now looking at legislating on this; in the U.K., through the Online Safety Bill.^c The manipulation of democratic institutions and elections has accelerated the feeling that we have to do something and put even more pressure on the tech companies.

So it does look very different now from when I said those things about ‘big tech.’ It was unfashionable to have a go at tech companies back in 2014; now everybody piles in and, if anything, it is a little one-sided. I think they are, on the whole, trying to address the problems, with varying degrees of success. But nobody quite has the answer. We know in the West that we do not want state control of these things, but neither do we want an unregulated private sector-driven landscape.

CTC: GCHQ has long been associated with signals intelligence. But in recent decades, there has been an information revolution with deep implications for intelligence gathering and analysis. Not only is there vastly more information (and dis- and mis-information) to sift through than ever before but open-source intelligence has become much more important and “the government’s ability to collect and analyze information is nowhere near dominant compared to what it used to be.”² How have and should agencies like GCHQ be adapting? How important is AI and machine learning (ML) in this new era? Given “secret agencies will always favor secrets,” and given the calls for an open-source agency to be set up in the United States,³ does the United Kingdom now need a dedicated open-source agency, a new sort of BBC Monitoring?

Hannigan: Well, it’s interesting you mentioned BBC Monitoring as the Americans had the Open Source Center, which was a much larger version of that. It has now changed and become the Open Source Enterprise.^d It was taken very seriously by the U.S. and did a great job. As does BBC Monitoring, though it has gradually been pared down over the years, and in any case was traditionally more focused on broadcast media than on new media or social media.

[Dis/mis-information] is a huge challenge but is highlighted not so much by terrorism but by the attempts to subvert democratic processes by Russia. The U.K. and lots of countries were really caught napping here because there wasn’t any structural part of government whose responsibility was to monitor this. There were two reasons for this, I think. One is that the secret agencies have a lot of other things to do—countering terrorism, for example—and have limited resources. But secondly, it’s very uncomfortable for intelligence agencies to be doing open-source monitoring, particularly where social media is concerned. There is something instinctively difficult about secret agencies looking at mass social media use. The idea [of having] GCHQ or MI5 all over everybody’s Facebook accounts smacks too much of a surveillance state and would be unacceptable in a democratic society.

As a result, for both those reasons, lots of governments, including the U.K., have shied away from looking at this and attempted to do it in a tactical, well-meaning but arguably ineffective way in the Cabinet Office^e or somewhere like that, where they are trying to get a small group of people to have a look at this information flow.

To me, the answer has to be a better use of the private sector. Most of this open-source material is being generated by the private sector. Look at Ukraine and the low-orbit satellite imagery that is being generated; it’s absolutely phenomenal, better in many cases than the military equivalent and available in theory to everybody. [The same applies to] the monitoring of social media trends. So I think the answer has to be government agencies using [private sector-generated data and analytics] better.

There are still lots of datasets that are secret, of course, and there are statutory-based accesses to data, which other people don’t have outside government. Focusing on that and what is genuinely secret and hidden is a much better use of agency time.

The real advantage comes from washing the secret and the open-source data together. In other words, you are, as a secret agency, doing your secret thing but you’re also washing that against the results of open source, and that’s where you get something particularly valuable and that’s where you ought to be able to spot some of the things we failed to spot: for example, Russian intervention in elections. But if I am honest, I do not know how much progress Western governments have made on this. The U.S. probably comes the closest because they have invested in it, but I think most governments have just danced around it, partly for resource reasons, but also because it is politically and ethically a very difficult area.

The answer is probably to use the private sector mechanisms that are there already and that are quite open; there are NGOs like Bellingcat that are already doing some extraordinary work in the public domain. They are not the only ones; there are plenty of academic NGOs and journalistic organizations who are doing really interesting work here and it is every bit as good as what governments do. So I do not think we need some huge new bureaucracy in government to look at open-source material; rather, we should synthesize what is already out there and use it intelligently with the secret insights that agencies generate to deliver some more effective results.

CTC: Another key part of this, which brings in the private sector, is encryption, and you regularly hear from politicians and serving security officials that end-to-end encryption is a danger that protects, among others, terrorists. What is your sense of the counterterrorism concerns around this?

Hannigan: The GCHQ view on this has always been slightly unusual because GCHQ is an agency that delivers strong encryption and, indeed, in the 1970s was involved in inventing some of the strongest encryption that is currently in use. So we think encryption is a good thing. It protects everybody—protects governments and protects business. I have always resisted the temptation to say encryption is bad somehow, and law enforcement and government should be given the key to everything, partly because I do not think that would be healthy and partly because it’s not practical. You cannot uninvent end-to-end encryption. It is a mathematical invention; it’s not something you can suddenly say is not going to be there.

What you have to do is keep it in proportion. Yes, it is misused by criminals and terrorists, but it is predominantly used by honest citizens and businesses who are protecting themselves, so we shouldn’t let the security tail wag the dog. As always, criminals and terrorists will use good technology for bad purposes. There are some ways around this. One is to work with the companies, as they themselves have offered to different degrees to do things that are short of decryption because, of course, they cannot decrypt it themselves if it’s genuinely end-to-end, but there are things they can do to help with the data around it. It is probably not helpful to go into the details here, but they themselves have said it is not all about the content.

Better relations between the companies and governments help. And there are some macro proposals that have been put out there but so far they have not found favor with the privacy lobby in the United States. And whatever you do, you will always have criminals who will use something else, move away from the big platforms and use something different, so you might just end up pushing the problem elsewhere. You already see a bit of that now, with, for example, a lot now coalescing around Telegram and away from some of the traditional Western platforms.

The short answer is that there is not an easy answer. And efforts should be focused on particular targets rather than trying to do anything at scale. I know some law enforcement people still hanker after large-scale solutions, but there is, frankly, no way that companies are going to give any kind of blanket access to law enforcement or governments in the future. And I cannot see any legislation that would actually compel them to do it. Of course, there are some countries that ban end-to-end services, for this reason. But I cannot see democracies agreeing to that, and I think it would be disproportionate. The task for the agencies in cooperation with the companies is to go after specific targets and help each other do that, where there’s general agreement that these are legitimate targets.

CTC: In July, FBI Director Chris Wray and MI5 Director Ken McCallum did a series of events in London in which, among other things, they identified the lone-actor threat as the heart of the terrorist threat both faced.⁴ Would you agree with this assessment, and how do you characterize the journey of how we got here?

Hannigan: They are much more current than I am on this, but it has been a trend for a while. In fact, it was ISIS and [Abu Bakr] al-Baghdadi himself that promoted the lone-wolf idea and propagandized it through their various channels, so it’s not unexpected. It was a perfectly logical response to better intelligence and law enforcement disruption because it’s extremely difficult to spot, disrupt, and prevent genuine lone actors. The thinking of the al-Baghdadi model was ‘we don’t need to control this. We do not even need necessarily to know who you are; if you go out and do something for ISIS, then you are part of the struggle.’ That’s quite a new departure for terrorist groups. They have always tended to be control freaks: The study of terrorist bureaucracy and leadership is instructive. By contrast, ISIS was crowdsourcing in quite an innovative way. The demise of the ‘caliphate’ made the lone wolf approach even more compelling for ISIS.

I would not write off organized terrorism in the future; I think there’s plenty of evidence that it has not gone away, but lone-actor terrorism does seem to be the trend at the moment and the thing that is hardest for agencies to spot. All I would say is, if you look at the lone wolves who have been successful or mounted successful attacks in a number of countries, they are very rarely completely ‘lone’ or completely unknown to their government agencies. And so it comes back to the age-old problem of prioritization. Most of them appear amongst the ranks of the many thousands of people of interest to police and law enforcement and intelligence agencies, and probably the task is to use data better to prioritize better.

Some of the criticisms around, for example, the London Bridge attacks^f were about failures to do that and failures to use data better to understand where the priorities are and where the tipping points are. But all of this is very easy to say and very difficult to do, and it is never going to be [got] completely right. It is a constant struggle for MI5 in particular, but for all agencies to prioritize out of the thousands of people who might be a worry, who are the ones that you need to focus on now, and deploy your very, very limited surveillance resources on, because we all know how much it costs and how difficult it is to do.

But the reality is that even lone wolves usually display behavior and patterns of life [notwithstanding encrypted communications and the end-to-end problem] that says something about them; they are in touch with other people, even if they’re not involved in joint attack planning. The challenge has to be to use data to try to work out when they have reached a tipping point. You will never be successful 100 percent of the time, but it’s about trying to raise the percentage of success.

CTC: Not only does the West currently face the challenge of Russian aggression in Ukraine, but Directors Wray and McCallum identified China as the biggest long-term national security threat.⁵ Given the shift in resources on both sides of the Atlantic to great power competition, is there a danger of counterterrorism being underfunded? Where do you see the intersections between great power competition and counterterrorism?

Hannigan: It is a perennial problem of governments that you veer from one crisis to another, and [then] something has to be deprioritized. We have seen what happened after we deprioritized Russia after the Cold War. The ambition should be to try to reduce investment in particular areas without giving up your core capability and eroding the skills and knowledge that you have had on that subject. This applies to counterterrorism, too, because the threat hasn’t gone away.

It is clearly right to focus on China and Russia. When I started at GCHQ, I said I thought the two big challenges for the next 50 years in the West were managing a declining Russia and a rising China. We are seeing the declining Russia problem in the lashing out, and the nationalism, and the economic failure to reform, and the kleptocracy that has emerged as a result. We are experiencing that in Ukraine, and it’s a big challenge to confront and contain it, but I think it is a much easier challenge than a rising China, which is a complex mixture of opportunity and challenge. But there is a lot of threat there as well, as Wray and McCallum rightly said. So we should be focusing on that, and it is the right top priority, but that doesn’t mean we can neglect CT. There will have to be a difficult discussion about to balance resources. Quite a lot of the great power strategy is outside the remit of agencies. A lot of it is about industrial policy, investment decisions, and regulation. Regulating Chinese tech and Chinese tech ambition is not core intelligence work, so it doesn’t all fall on the agencies.

On the question of crossover, that is a potential worry because states obviously have used all sorts of proxies in the past. In the cyber world, they use criminal groups. And they have also used terrorist groups as proxies. It is not hard to imagine that in the future, they will do the same again to put pressure on Western countries either by using terrorist groups in whichever part of the world the conflict might be taking place, or even to target us at home. I do not know that we’re seeing a sudden upsurge in that yet, but it is certainly a concern for the future, and the more desperate a country like Russia gets, the more likely it is to be happy to foment that.

CTC: You led the creation of the United Kingdom’s National Cyber Security Centre (NCSC), oversaw the country’s pioneering Active Cyber Defense Program, and helped create the United Kingdom’s first cyber security strategy.⁶ When it comes to cyber, much of the concern has focused on state actors such as China as well as criminal groups and the threat to critical infrastructure. How would you characterize the cyber threat posed by terror groups, including jihadi terror groups? Have we yet seen a cyber terror attack?

Hannigan: There have always been great scare stories about this, partly because the media loves the idea of cyber terrorism and terrorists being able to take down an entire infrastructure or electricity grid or something. Whether we have seen it or not depends on how you define it. You could say Hezbollah [cyber] attacks against Israel are cyber terrorist attacks.^g You could say that Iranian attacks on water treatment plants in Israel^h are a potential attack by a nation-state designed to instill terror.

So, it is certainly not unimaginable, but cyber is not necessarily the best weapon for terrorists to use. Firstly, it does require quite a degree of long-term commitment and knowledge. And terrorists in the past have been rather traditional in wanting spectaculars of one sort or another, so their mindset may not be geared towards it. This may change with the new generation. We certainly saw that with [their ability to exploit] social media, so there is a logic to saying, ‘Well, they might get good at this in the future.’ It has also got much cheaper and easier to do because [the technology] is something you can now buy as a service or commodity and use it. So, the trajectory suggests that it ought to be easier to do cyber terrorism in the future.

The other point, though, is that while you can disrupt things and you can make people’s lives difficult [through cyber-attacks], it is quite difficult to do destructive activity that is really long lasting. Having said that, I did notice that one of the American consultancies on tech that issues reports every so often, and is usually quite a cautious organization, projected that by 2025 operational technology would be weaponized to cause death.⁷ They were certainly thinking of nation-states rather than terrorists, but the fact that they were saying this is interesting.

These kinds of destructive cyber effects will be accidental for the most part. The first cyber homicide that I can think of is the case in Germany two years ago where a woman was being transferred to a hospital that had been paralyzed by ransomware and so she was diverted to another hospital and died on the way. German police decided to treat this as cyber homicide.⁸ Those sorts of things—ransomware out of control—might well cause people’s deaths, either through interfering with operational technology that is running power, water, or healthcare, or just by accident. But all of that is more likely than a planned cyber-terrorist event. But it is not unimaginable, and it is not unimaginable for the nation-state to find it convenient to false flag something [it has perpetrated against an adversary], to mask a cyber attack as a terrorist attack. We have, of course, seen the Russians doing that in their [2015] attack on [the French television station] TV5,ⁱ which they flagged as a terrorist attack.⁹ So cyber terrorism is not unimaginable but probably not top of the list of worries at the moment.

CTC: In the September 2021 issue of CTC Sentinel, former acting CIA Director Michael Morell assessed that following the Taliban takeover of Afghanistan, “the reconstruction of al-Qa`ida’s homeland attack capability will happen quickly, in less than a year, if the U.S. does not collect the intelligence and take the military action to prevent it.”¹⁰ It’s been a year since the Taliban assumed power. How do you assess the international terror threat from jihadi groups operating on its soil?

Hannigan: My biggest concerns are, do we know what the threat is and how would we know if it is growing? We have lost most of our insight into what’s going on in Afghanistan, for all the obvious reasons, and the biggest worry is we simply won’t see a problem—from ISIS in particular but also al-Qa`ida—until it’s well formed and mature. Now, I may be wrong; maybe we have great insight. But I have not seen it, and I doubt it is actually there. The successful U.S. attack on al-Zawahiri this summer seems to me to be about a determined long-term manhunt: It does not imply great understanding of Afghanistan in general. In addition, there are so many other things going on in the world that even if we had some insight, I doubt it’s top of the list for most governments. So I think it is a real concern from an intelligence point of view as to who actually knows what the CT threat emerging or growing in Afghanistan is, and how much of it might be projected outwards. Most of it is currently focused internally, but these things have a tendency to get externally directed over time.

CTC: According to the 2021 U.K. government integrated review, “It is likely that a terrorist group will launch a successful CBRN attack by 2030.”¹¹ In the wake of the COVID-19 pandemic, what is your assessment of the CBRN terror threat?

Hannigan: It is a bigger worry to me than cyber terrorism by a long way. Partly because organizations have seen the chaos you can cause through CBRN, and whether it’s pandemics, chemical weapons in Syria, or the near disasters in Ukraine through radiological mismanagement during the war, there must be people thinking, ‘Well, if I want to cause an enormous amount of suffering and disable a country, this is a better route to go.’ A key problem is that the global instability tends to make the control of the substances more difficult. We have been pretty effective [in past decades] in having organizations like the OPCW [Organisation for the Prohibition of Chemical Weapons] that could control and monitor the materials you need to conduct such an attack. However, in a world of chaotic great power relationships, that gets much harder, and so the opportunity to get hold of this material, or to manufacture it, becomes easier. Afghanistan is one of those places where we have seen in the past, and could certainly see in the future, terrorist programs to this end. It is certainly a bigger worry to me than cyber terrorism.

CTC: Given the strong nexus to far-right extremism of Russian paramilitary groups involved in the fighting in Ukraine and given the history of such ties also on the Ukrainian side,¹² do you see any terrorist or foreign fighter threat emanating from the war in Ukraine?

Hannigan: One of the lessons we should learn from ISIS is relevant to this discussion. One of the reasons the lone wolves or more often the small groups who were effective in launching attacks—for example, in [Paris in November] 2015—were so effective was that they were battle-hardened and they knew what to do. They knew how to withstand firefights. They were not just ideologically hardened; they actually had battlefield experience. You have to assume that the same could be true of other kinds of extremists returning from any conflict. We have seen similar things emerging from Chechnya in the past as well. It seems plausible that the many current theaters of conflict may produce battle-hardened and radicalized individuals.

CTC: What is your assessment of the current security outlook in Northern Ireland?

Hannigan: We obviously underestimated, in around 2007, the resilience of dissident Republicanism, and I think that was partly because nobody foresaw the economic downturn. People assumed that there would be a great tidal wave of economic benefits and a peace dividend for lots of communities that did not materialize. But you cannot just pin it all on economics. There is a cyclical side to Republican violence in Irish history that is unlikely to ever go completely away, but the problem now is that the politics can get destabilized relatively quickly. I do not foresee a sudden return to violence, but I think the more the politics frays, the more instability there is, and the more you tinker with what was a political settlement that everybody could just about buy into, the more you run the risk of the fringes becoming violent again. And all of this might start successfully radicalizing young people. It was never a particular concern that the older generation of dissidents were still there—diehards who never signed up to the peace process and were never going to change their minds—but what was concerning was young people being recruited in their teens and 20s into dissident activity. That’s much more worrying. It is the key thing you have to guard against for the future. And clearly, the best way to do that is through political stability and political progress.

CTC: What were you most proud of in your work in counterterrorism? From a CT perspective, what worries you most today?

Hannigan: I am very proud of what GCHQ did in preventing attacks in the U.K., with MI5 and others. Most of those are not seen because they are prevented, but that was great work that I do not take any personal credit for, but was done exceptionally well. Personally, the thing I found most rewarding in counterterrorism was in Northern Ireland because this was a domestic threat where pretty much all the levers were in the U.K.’s hands—security and intelligence, economic and political. It was probably the last time that the U.K.’s top national security threat, as it was then, was a domestic one. It taught me a lot about terrorism, not least through talking to members of the Provisional IRA and other organizations, which gave me a greater understanding of how terrorist organizations think and work, and how individuals are motivated. In the end, it was, over a 30- to 40-year period, a successful process. There were, of course, mistakes, but it was a good marriage of security policy and political process, that addressed the underlying causes of the Troubles and, partly through good CT work, created space for politics to work.

I do not think Islamist extremism has gone away and the rise of the extreme-right is clearly a concern, but terrorism will continue to bubble up in all sorts of areas that may not yet have been predicted: where people feel either disenfranchised or disadvantaged, or feel that their identity is threatened. In a chaotic international environment, where outrage can be generated and manipulated on a larger scale than ever before, not least through technology, there will be more of this, and it will be more unpredictable. Right-wing extremism is just the latest [threat to gain prominence], but in reality, it has been around a long time. I suspect there may be all sorts of new causes, and people may resort to violence more quickly than they did in the past.     CTC

Substantive Notes
[a] The Five Eyes (FVEY) is an intelligence alliance of Australia, Canada, New Zealand, the United Kingdom, and the United States.

[b] Editor’s Note: In a November 2013 hearing before the UK Parliament’s Intelligence and Security Committee (that provides oversight of the UK’s intelligence agencies), Sir Iain Lobban revealed “we have actually seen chat around specific terrorist groups, including close to home, discussing how to avoid what they now perceive to be vulnerable communications methods or how to select communications which they now perceive not to be exploitable.” “Uncorrected Transcript of Evidence Given By, Sir Iain Lobban, Mr Andrew Parker, Sir John Sawers,” November 7, 2013.

[c] Editor’s Note: The Online Safety Bill is a wide-ranging piece of legislation currently under consideration by the UK Parliament that will provide government with powers to regulate online content, as well as impose large fines on companies for failing to fulfill their responsibilities. The draft bill under consideration was submitted in May 2021 and can be found at https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/985033/Draft_Online_Safety_Bill_Bookmarked.pdf

[d] Editor’s Note: In October 2015, the Open Source Center (OSC) was “redesignated the Open Source Enterprise and incorporated in CIA’s new Directorate of Digital Innovation. The Open Source Center, established in 2005, was tasked to collect and analyze open source information of intelligence value across all media – – print, broadcast and online. The OSC was the successor to the Foreign Broadcast Information Service (FBIS), which gathered and translated world news coverage and other open source information for half a century.” Steven Aftergood, “Open Source Center (OSC) Becomes Open Source Enterprise (OSE),” Federation of American Scientists Blog, October 28, 2015.

[e] Editor’s Note: The Cabinet Office is a central U.K. government function that supports the Prime Minister and his Cabinet, drawing on input from across government to help deliver on policy goals.

[f] Editor’s Note: On June 3, 2017, three terrorists launched a knife and van ramming attack on London Bridge and in the nearby area of Borough Market, murdering eight before dying themselves. On November 29, 2019, Usman Khan, a formerly incarcerated terrorist attacked and murdered two people at an event at Fishmonger’s Hall, before being shot by police on the nearby London Bridge. In both attacks, subsequent investigations revealed that authorities were aware of the individuals and may have failed to prioritize the level of threat that they posed. For more on the 2017 attack, see the inquest page at https://londonbridgeinquests.independent.gov.uk/ and the 2019 attacks, its own inquest page at https://fishmongershallinquests.independent.gov.uk/

[g] Editor’s Note: For instance, “over the past decade, companies in the US, UK, Egypt, Jordan, Lebanon, Israel and the Palestinian Authority have been targeted by a hacker group called ‘Lebanese Cedar’, also known as ‘Volatile Cedar,’ which seems to be linked to Hezbollah, ClearSky Cyber Security announced” in January 2021. Tzvi Joffre, “Israel targeted by Hezbollah hacker group, remained unnoticed for 5 years,” Jerusalem Post, January 28, 2021.

[h] Editor’s Note: Iran reportedly attempted to trick computers to increase chlorine levels in the treated water for residential areas during an April 2020 cyberattack against Israel’s water systems. Mehul Srivastava, Najmeh Bozorgmehr, and Katrina Manson, “Israel-Iran attacks: ‘Cyber winter is coming,’” Financial Times, May 31, 2020.

[i] Editor’s Note: In April 2015, TV5 Monde was taken off air in an attack carried out by a group of Russian hackers. It was reported that they “used highly targeted malicious software to destroy the TV network’s systems.” An Islamic State-linked group going by the name the Cyber Caliphate had first claimed responsibility. Gordon Corera, “How France’s TV5 was almost destroyed by ‘Russian hackers,’” BBC, October 10, 2016.

Citations
[1] Editor’s Note: Robert Hannigan, “The web is a terrorist’s command-and-control network of choice,” Financial Times, November 4, 2014.

[2] Don Rassler and Brian Fishman, “A View from the CT Foxhole: Amy Zegart, Senior Fellow at the Hoover Institution and Freeman Spogli Institute for International Studies, Stanford University,” CTC Sentinel 15:1 (2022).

[3] Ibid.

[4] Gordon Corera, “Terrorism: Lone actors make stopping attacks harder, say FBI and MI5 chiefs,” BBC, July 8, 2022.

[5] Gordon Corera, “China: MI5 and FBI heads warn of ‘immense’ threat,” BBC, July 7, 2022.

[6] National Cyber Security Strategy 2016 to 2021, HM Government, November 1, 2016.

[7] Editor’s Note: “Gartner Predicts By 2025 Cyber Attackers Will Have Weaponized Operational Technology Environments to Successfully Harm or Kill Humans,” Gartner press release, July 21, 2021.

[8] Editor’s Note: See Joe Tidy, “Police launch homicide inquiry after German hospital hack,” BBC, September 18, 2020.

[9] Editor’s Note: “Hacking of French TV channel was ‘terror act,’” Local (France), April 9, 2015.

[10] Paul Cruickshank, Don Rassler, and Kristina Hummel, “Twenty Years After 9/11: Reflections from Michael Morell, Former Acting Director of the CIA,” CTC Sentinel 14:7 (2021).

[11] Global Britain in a competitive age: The Integrated Review of Security, Defence, Development and Foreign Policy, HM Government, March 2021.

[12] Don Rassler, “External Impacts and the Extremism Question in the War in Ukraine: Considerations for Practitioners,” CTC Sentinel 15:6 (2022).