Cells and the City: A Conversation with the Deputy Director for Intelligence Analysis, NYPD

For much of the past decade, Ravi Satkalmi has helped lead the New York City Police Department’s (NYPD) Intelligence Analysis Unit, a team within the NYPD’s Intelligence Bureau that provides critical support on counterterrorism investigations, analyzes foreign and domestic terrorist threats to the city, offers input on policies pertaining to counterterrorism, and liaises with law enforcement and private sector partners. The bureau was retooled in the years following the September 11 attacks, and has served a unique role within the U.S. law enforcement community during the War on Terror. There are few experts as knowledgeable as Satkalmi on the terrorism trends that are most relevant to U.S. metropolitan areas and the following interview seeks to understand some recent dynamics, as he sees them:

Since you started your career with the NYPD, there has been much talk in intelligence and counterterrorism circles about the shift from cells and networks to lone wolves, or self-radicalized individuals. Unless you believe this trend to be overblown, what would you say are some key challenges when it comes to identifying or analyzing these kinds of actors?

We are definitely seeing “lone wolves” as a trend. In terms of numbers, NYPD counts one lone wolf plot targeting the city from 2001-2009; since 2009, we’ve seen 15. And the trend is not limited to just the Jihadi extremism or the radical Islam framework, but spans across ideologies and drivers. We’ve been seeing lone actors among extreme rightwing individuals and white supremacists as well, for example. The reason it is common across the board is because it is so easy to replicate. The challenges of identifying these kinds of threats early are also similar. Lone wolves are often looking to connect with just one individual who can validate their worldview; they don’t need to connect to a network anymore to operationalize. That means we potentially have fewer leads. The move toward bespoke chat platforms and encrypted apps is also a challenge. And then there’s the timeline to action. Many of the big attacks took months or years of preparation and logistics. With the lone wolf mentality, all they need to do is act on a grievance by turning everyday items into weapons. A week or two of planning is sometimes all it takes, giving us less time for interdiction.

Whether we are talking about networks or individual threat actors, how is the process of radicalization changing? Have you seen a “v. 2.0” in the role that social media plays in the process?

In the last few years, social media has fostered a “choose your own adventure” mentality for those exploring radical ideas. An individual with grievances can find ISIS propaganda but also any number of other ideological justifications that can be cherry-picked and woven into their own narrative. Zale Thompson, perpetrator of the hatchet attack against four NYPD officers in 2014, is a case in point. He expressed anti-law enforcement sentiment and was upset about treatment of minorities in the U.S., but immediately prior to the attack he was also researching ISIS and other jihadist groups. This approach to picking and choosing validation is an evolution of the conventional understanding of radicalization that existed at the beginning of the decade. Social media has also offered virtual direction to threat actors. An individual mobilizing towards violence can be guided in the execution of that violence by an agent of a terrorist group located half way around the world. One example involved a group of three individuals in Massachusetts who were directed by a prominent ISIS propagandist to behead a high profile NY-based conservative commentator. They were successfully interdicted.

Recent discussions on acts of mass violence in the U.S. note a rise in politically-motivated extremism. Have you seen an increase in the influence of what could be called domestic ideologies? If so, has this altered the way you approach identifying or analyzing threats?

There’s certainly been an increase, no dispute there. But I caution against the urge to assess the relative threat posed by different violent ideologies by counting the casualties inflicted by their followers: the numbers can be used to tell different stories. We can say that the extreme rightwing ideologies are increasingly concerning and that followers are copying tactics from the ISIS playbook—slick propaganda and low-tech attacks. At the end of the day, they are facing a similar challenge in trying to balance the needs of being public and getting propaganda out while maintaining enough privacy to allow for planning. A key difference with the extreme right threat is that it is missing a large, well-funded, organized, and global flag bearer like ISIS or al-Qaeda. There aren’t targets that lend themselves to overseas military action and so this becomes almost exclusively a law enforcement challenge. Also, we know that allegiances in this world are fluid with new groups and labels appearing frequently. The Christchurch, New Zealand mosque shooter’s self-identification as an “eco-fascist” is one such case. Learning to navigate that ecosystem is a challenge, but not an insurmountable one.

When it comes to terrorist tactics, attacks on so-called “soft targets” and the weaponization of crude objects such as vehicles has been in the news in the U.S. and Europe the last couple years. Anything more you can add on tactical trends for the operational and executive protection (EP) professionals out there?

The crux of it is anything you can get your hands on is legitimate and should be used. We haven’t seen it locally yet, but we are expecting an increased threat from weaponized hobby drones and we’re thinking about how to counter that tactic. There’s also the increasingly likely use of easily available cyber tools and malware available on the dark web. Another low-effort, high-impact tactic is doxing – essentially repackaging easily available open-source personal information as a “kill list.” We’ve seen that several times in New York. Even though we’ve assessed there to be no actual threat, the emotional impact to the victims can be real and massive. Having said that, at least in NY, there are still lots of plots involving explosives. Though there are many more opportunities to get caught in such a plot, some extremists are still interested in that kind of high-visibility impact, so that’s not going away as a concern.

Behavioral threat assessment constitutes another set of tools that are gaining ground among security professionals concerned with preventing mass violence and targeted attacks. Can you share a little bit about how your organization has adopted or adapted some of these methodologies?

As a team, we are focusing on identifying mobilization to action rather than radicalization. Our biggest concern is not people who have sympathies for radical causes, but rather those who are likely to channel those sympathies into criminal or lethal activities. Assessing an individual’s behavior helps us better understand the severity of any potential threat posed by that person. As part of our work in this area, we’re examining factors that demonstrate a willingness to act violently, such as a history of domestic violence, combined with indications that a subject is consuming propaganda that encourages violence toward some ideological end. We’re continuing to refine our approach, taking into account gaps in the collection or availability of key information while working with other stakeholders and experts with experience in this field.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

How can security leaders charged with investigations handle the management of interviewers and interrogators, as well as handle interviewing, including dealing with false confessions and misleading information?