9/11 to ISIS and Beyond: The Future of Terrorism (And What we can do About it)

Nathan A. Sales
Ambassador-at-Large and Coordinator for Counterterrorism 
Bipartisan Policy Center Conference
Washington, DC
September 8, 2017

As Prepared

I’d like to thank Governor Kean and Congressman Hamilton for inviting me to speak—and, more importantly, for their leadership of the 9/11 Commission. The 9/11 Commission drove the nation’s debate about how to respond to that dark day in our history, and it also served as a voice for the families of the victims. Governor, Congressman: Thank you for your vital work, which continues to play a central role in how we understand the terrorist threat and how we respond to it.

I mean that in a very literal sense: Two former 9/11 Commission staffers work for me, and I can assure you I’m keeping them very busy.

I’m also grateful to the Bipartisan Policy Center for keeping Washington’s focus on these critical issues. You’ve put together a remarkable lineup today, and I’m honored to be a part of it.

I was rereading the Tenth Anniversary Report Card just the other day, and I was struck by the continued relevance of the report and its 41 recommendations. One sentence in particular stood out: “We must constantly assess our vulnerabilities and anticipate new lines of attack.”

That’s basically our job description at the CT Bureau.

The run-up to the anniversary of 9/11 is a time to take stock, reflect, and analyze our counterterrorism efforts. It’s also important to reflect on how the enemy has evolved.

In these remarks I’ll outline the different threats we’ve faced since 9/11: al-Qa’ida, ISIS, and the emerging trend of what we might call self-directed terrorism—attacks that are inspired by terrorist groups, but not ordered or controlled by them. After that I’ll explore our responses to date, and where we should focus our efforts going forward.

I. The Evolution of the Threat Environment

Let’s start with AQ. From the 1990s up to the present day, AQ has had two salient features. First, it maintains a hierarchical, centralized, command structure. Osama bin Laden at the top, issuing orders to operatives at the bottom. Second, AQ seeks to carry out large-scale, “spectacular” attacks on high-profile targets.

In the late 1990s we saw AQ’s ability to make good on its threats. The 1998 bombings of two of our embassies in East Africa killed over 200 people and injured more than 4,500 others. Two years later, on October 12, 2000, AQ attacked the USS Cole while it was refueling in Aden harbor, killing 17 American sailors and injuring 39.

All of this led up to the “planes operation.” On September 11, 2001, 19 AQ operatives hijacked four commercial jetliners and turned them into missiles.

Two of the planes were flown into the World Trade Center’s twin towers, symbols of our nation’s economic might, causing them to collapse. A third hit the Pentagon, nerve center of the world’s most powerful military. A fourth, perhaps bound for the Capitol building, crashed in a field near Shanksville, Pennsylvania, when the 40 passengers and crew of Flight 93 heroically stormed the cockpit in an effort to overcome the hijackers.

In all, nearly 3,000 people were killed and more than 6,000 were injured. It was our nation’s deadliest day since Antietam.

Fast forward to 2014. After we killed Osama bin Laden and degraded AQ’s central leadership, a new form of the same threat emerged. Like its predecessor in Afghanistan, ISIS developed a centralized command to order attacks outside its false caliphate in Iraq and Syria.

We witnessed its work in Paris. On November 13, 2015, a group of suicide bombers and gunmen, dispatched by Raqqa, committed a series of six coordinated attacks. They targeted a soccer stadium, cafés and restaurants, and the Bataclan theatre during a rock concert. One hundred people were killed, including 89 at the Bataclan alone; 368 others were injured.

Yet alongside these and other centrally planned plots, a new threat has arisen. Terrorist attacks increasingly are being carried out by individuals and small cells who are inspired by ISIS, but who aren’t acting on the group’s orders. They are self-directed.

These smaller-scale, individually-planned attacks often involve soft targets like hotels, tourist resorts, and cultural sites. We’ve seen this deadly new trend in places like Berlin, Jakarta, London, Manchester, and Nice. We’ve also seen it here at home—in Orlando and San Bernardino.

What accounts for the rise of self-directed terrorism? I think a couple of factors are at work here.

First, ISIS is losing. The so-called caliphate is crumbling. With support from the Defeat-ISIS Coalition, local forces have liberated more than three-quarters of the territory ISIS held in Iraq, and about two-thirds of the territory it controlled in Syria. This loss of safe haven makes it harder—not impossible, but harder—for ISIS to plan external attacks.

Second, ISIS’s prolific use of social media has expanded its reach. That enables the group to radicalize and give advice on how to conduct attacks. Aspiring jihadis are attacking soft targets at home instead of traveling to the conflict zone.

II. Programs and Policies After 9/11

The question then becomes, how should the United States and its allies respond to these different threats?

After 9/11, we adopted a number of new tools geared at disrupting and defeating a hierarchical, centralized adversary like AQ.

For instance, we improved the intelligence community’s ability to intercept terrorists’ communications. One example is Section 702 of the Foreign Intelligence Surveillance Act, which made it easier to collect the emails and phone calls of non-Americans located overseas.

We also ramped up our efforts to block terrorist financing.

And we prioritized border security. We started collecting fingerprints from visitors to our country. We signed agreements with partners around the world to share information about known and suspected terrorists. And we started analyzing airline reservation data—known as passenger name records, or PNR—to flag people who ought to get a little extra scrutiny at the customs checkpoint.

These measures have proven extraordinarily effective against centralized adversaries like AQ and ISIS. And, make no mistake, we’ll need them for as long as that threat persists. But, in an age of self-directed terrorism, they’re not enough. We need to retool our approach in light of the more decentralized adversaries we now face.

Why do I say that?

Well, consider surveillance. Self-directed terrorists may not be communicating with headquarters, so they can be harder to surveil.

Or consider financing. Self-directed terrorists don’t need the deep pockets of a large organization to commit their atrocities. They can simply rent a truck and drive it into a crowd.

Or consider border security. Self-directed terrorists don’t have to cross borders to receive training, to receive funding, or to carry out attacks. Many are operating on their home turf.

III. Adapting to the New Environment

So what do we do about it? At bottom, we need to ensure that our CT toolkit is flexible and nimble enough to address evolving terrorist tactics, technologies, and trends.

Let me highlight a few specific measures that will be instrumental as we confront an increasingly decentralized, self-directed terrorist threat.

First, the protection of soft targets. Last month’s attacks in Barcelona were only the most recent reminder of the challenge of securing locations that are designed to be open and inviting.

That’s why the CT Bureau is working with international partners under the Global Counterterrorism Forum to draft a set of good practices on the protection of soft targets. We plan to finalize and announce these recommendations in the near future.

In the meantime, we’ve been training partner countries who have the political will to protect their soft targets, but may lack the necessary resources. For example, last year, in response to an attack on the Radisson Blu hotel in Mali, CT funded a program to build effective crisis response teams. On June 18 of this year, terrorists attacked Hotel Kangaba. The CT-trained team led the counter assault, killing the attackers and freeing civilians trapped in the hotel.

Second, there’s information sharing. After 9/11, we tore down the walls that kept our cops and spies and soldiers from talking to each other. Our friends and allies need to do the same.

For instance, the imam at the center of the Barcelona attacks was a convicted criminal—he’d served a sentence for drug smuggling. But he wasn’t on the radar of counterterrorism officials because none of his past offenses involved terrorism. This was also the case for the Nice attacker, who had a series of arrests and convictions.

These aren’t coincidences. A recent George Washington University study found that 57 percent of the people involved in terrorist attacks in Europe and North America between 2014 and 2017 had a prior criminal history.

We need to step up our work with our foreign counterparts to dismantle the stovepipes that block the free flow of information.

Third, there’s capacity building. At the CT Bureau, we’re helping partner countries improve their handling of terrorism cases. In particular, we’re building their capacity to investigate, prosecute, and adjudicate terrorism-related crimes.

A good example comes from the Balkans—a key transit route for foreign terrorist fighters heading to Syria and Iraq, or back home again. In the past few years, 131 people have been convicted under newly-passed foreign terrorist fighter laws in the Balkans. Justice Department lawyers, funded by the CT Bureau, assisted local prosecutors in evidence organization, analysis, prosecution strategies, and case-specific challenges through a case-based mentoring program. There are now about 33 more defendants indicted or on trial, all in Kosovo.


In conclusion, the terrorist threat is constantly evolving and—along with our friends and partners around the world—we must evolve to meet it. We must remain vigilant against an al-Qa’ida on the rebound and an ever-adaptive ISIS. And we must update our toolkit to ensure that we have the capabilities we need to confront the new scourge of self-directed terrorism.

The 9/11 Commission was exactly right: “We must constantly assess our vulnerabilities and anticipate new lines of attack.”

And so Governor Kean and Congressman Hamilton, thank you and your colleagues for that charge. And thank you for the inspiration to continue your indispensable work of securing our homeland and protecting our people.