The first Gulf War gave a jump start to al-Qaeda. The second Gulf War should step on the gas. Recruitment to the terrorist ranks is likely to burgeon, and anger against the U.S. and its chief ally, the U.K., to increase. By dealing with one strategic challenge -- the Iraqi threat to American interests in the Middle East -- Washington is aggravating a second, jihadist terror. This poses a growing threat to Western economic interests, particularly in the financial centers of New York and London.
A central goal of al-Qaeda and like-minded jihadists is to humiliate and kill “infidels.” This is how they express their mission, choose their targets and shape their plans. This was true before September 11, 2001 -- recently captured operative Khalid Sheikh Mohammed attempted to destroy a dozen jumbo jets over the Pacific Ocean in 1995 -- as well as after the World Trade Center attack, when al-Qaeda spokesman Suleiman Abu Ghaith declared that the group’s objective was to kill 4 million Americans and convert the rest to Islam.
We in the West find it hard to credit sheer slaughter as an end in itself. Economic gain and territorial conquest are understandable war aims; religious supremacy is not. After the faith-driven Thirty Years War depopulated large swaths of Europe in the 17th century, Europeans agreed in the Peace of Westphalia that they might fight over many things, but religion would never again be one of them. The horrors of World War II discredited war fought for territorial gain. In the postwar period the appeal of bloodless alternatives to battle grew. Economic sanctions became the preferred way for the U.S. to punish countries that defied the rules of the game. As war receded from the American consciousness, however, terrorism became a greater concern. Because we had grown used to thinking about war in economic terms, instead of as mass murder, we focused on potential attacks on domestic economic targets, including the threat of cyberterrorism against U.S. financial institutions and agencies.
Ironically, as the West talked more about the prospect of economic warfare, al-Qaeda was listening and drawing inspiration. Consider the destruction of the World Trade Center. Although Mohammed Atta, the ringleader of the September 11 attacks, wrote explicitly that his target was “Western civilization” and his aim was slaughter, many Western analysts immediately interpreted the attacks as a blow against U.S. financial power. That view was quickly echoed by many radical Islamic Web sites, which depicted the attacks as a strike against American prosperity. Shortly after September 11 the autobiography of Ayman al-Zawahiri, the bespectacled theoretician of al-Qaeda, was smuggled out of Afghanistan. In it, he wrote about the need to destroy the infidels’ economic and financial interests. Al-Qaeda’s failed attempt to sink a French oil tanker in the Indian Ocean last year marked the first time the group had attacked a purely economic target.
Among such targets, banking and finance occupy a special place on the jihadists’ list. The radicals are obsessed with an old czarist forgery, “The Protocols of the Elders of Zion.” According to this tract, Jews secretly control the world’s governments, forcing them to act against their own interests to carry out the will of their ruthless masters. An important theme within the story is the purported Jewish control of the world’s banking system. The radicals believe that this behind-the-scenes financial domination provides the Jews with overpowering leverage over the world’s governments and multilateral bodies. For the jihadists, there is no other sensible explanation for U.S. support of Israel or, for that matter, the American and British determination to topple Saddam Hussein’s regime. Many in the Arab world suspect this story is at least partly true -- the “Protocols” were recently the subject of a popular miniseries aired throughout the Middle East -- but the jihadists believe that something can and should be done about it. This deep-seated belief that Jewish-dominated banks contribute to the oppression of Muslims will continue to keep financial institutions at the forefront of targets for radical rage -- and will feed our own preoccupation with the vulnerability of the West’s banking system.
Physical attacks against financial institutions are just one possible terrorist tactic. In the mid-1990s the U.S. government began to plan publicly for the possibility of cyberterrorism, and it wasn’t long before the jihadists took the hint. Al-Qaeda had already been recruiting computer-literate militants for several years. Now radical operatives communicate frequently over the Internet using encryption to elude detection. A key section of the so-called Jihad Manual, discovered in a jihadist safe house in the U.K. and also found in Afghanistan, is dedicated to the evasion of detection and the importance of secure communication. Computer skills, however, also could be used to damage infidel infrastructure. The banking system is an obvious component of this infrastructure and therefore a logical target, especially given the digital-dependent nature of global financial transactions.
In this light, the recent arrest of a Saudi doctoral student in Idaho could be indicative of the militants’ broadening strategy. Sami Omar al-Hussayen was arrested on February 26 for visa fraud and making false statements on government documents. According to the government, Al-Hussayen was a key link in large fund transfers to militant groups and individuals in Canada, Egypt, Pakistan, Saudi Arabia and the U.S. Among other things, he is alleged to have administered Web sites calling for violence, maintained contact with the same clerics who were telephoned from the Hamburg apartment used by Atta and stayed in Herndon, Virginia, in the vicinity of three of the hijackers who perished in the attack on the Pentagon. What was al-Hussayen studying on a Saudi stipend at the University of Idaho? According to the government’s indictment, he specialized in computer security and intrusion techniques.
The radicals’ agility in reading our fears and shaping their strategy to exploit them is one of their great strengths. This is not just a challenge for governments. As the militants focus more on turning our infrastructure against us, they put a greater burden on those who own 95 percent of the infrastructure in the U.S. and other Western countries: the private sector. But there is a dilemma facing our societies. The government cannot easily protect what it does not control, and market forces are ill-suited to prod companies to allocate resources to protective measures.
Washington initially toyed with a regulatory approach to infrastructure security, but no administration would likely commit to such a politically costly strategy. Policymakers then briefly considered using the insurance industry to compel companies to remedy vulnerabilities. That idea has been abandoned, at least for now, but it highlighted the potential legal liability for companies should they fail to deliver services if attacked. The corollary to this fear -- the risk of free-falling stockholder confidence in managements perceived not to have exercised due diligence -- was not lost on analysts, either.
Neither of these insights suggests what companies can actually do about the problem. Some executives remain in denial, insisting that the threat of attack is a national security problem and therefore solely Washington’s responsibility. Others complain, with some justification, that the government is pressing them to erect defenses against a shadowy enemy with unclear objectives. What, they ask, is the precise threat to their businesses, and what should they be doing to protect themselves? Still others have been cowed by their corporate counsels, who argue that the surest road to legal perdition would be to tacitly recognize a threat by taking protective measures that then fail in a contingency. Better, they contend, to do nothing, so that if disaster strikes, the company can assert that it had no way of knowing its operations were at risk of terrorist assault.
Apart from major New Yorkbased financial institutions that have established secret reconstitution facilities 30 or more miles from Manhattan, defensive action on the part of the private sector in the U.S. is paralyzed by these conceptual, legal and operational uncertainties. In the past few years, the U.S. government has attempted to draw industry into a dialogue about the risk of terrorist attack. This effort was hobbled by bureaucratic infighting among the Commerce Department, which had tried to nurture a public-private partnership that would result in a deeper sense of corporate responsibility for security; the Federal Bureau of Investigation, whose prosecutorial approach to the problem alienated corporate boards; and the White House, which sought to dictate policy outcomes to skeptical executives and fractious officials. Congress bears some of the blame for the resulting impasse: It failed to back the Commerce Department with the budget and clout it needed to make its prudent efforts succeed in a hostile environment.
The American experience holds valuable lessons for European firms and their governments. This is especially true for companies and financial institutions in the U.K., which are high on the target list of Islamic terrorists because of the country’s collaboration with the U.S. in Iraq. Throughout the West, however, there must be an ongoing dialogue between the government and the private sector about the nature of the threat and the way the adversary’s motivations and tactics might presage dangers to specific businesses and their operations. The dialogue must make clear what vulnerable companies can do to help themselves and what governments can do to protect them. There are limits on the capacities of both sides. In particular, there must be well-understood criteria for corporate due diligence. No one can ever answer the question, How much is enough? But governments must help companies approximate an answer. With the threat to Western institutions unlikely to wither away in our generation, it behooves us to foster public-private cooperation now.
Steven Simon, co-author of The Age of Sacred Terror, served as senior director for counterterrorism on the National Security Council in the Clinton administration.
