Cells and the City: A Conversation with the Deputy Director for Intelligence Analysis, NYPD

Ravi Satkalmi

April 29, 2019

For much of the past decade, Ravi Satkalmi has helped lead the New York City Police Department’s (NYPD) Intelligence Analysis Unit, a team within the NYPD’s Intelligence Bureau that provides critical support on counterterrorism investigations, analyzes foreign and domestic terrorist threats to the city, offers input on policies pertaining to counterterrorism, and liaises with law enforcement and private sector partners. The bureau was retooled in the years following the September 11 attacks, and has served a unique role within the U.S. law enforcement community during the War on Terror. There are few experts as knowledgeable as Satkalmi on the terrorism trends that are most relevant to U.S. metropolitan areas and the following interview seeks to understand some recent dynamics, as he sees them:

Since you started your career with the NYPD, there has been much talk in intelligence and counterterrorism circles about the shift from cells and networks to lone wolves, or self-radicalized individuals. Unless you believe this trend to be overblown, what would you say are some key challenges when it comes to identifying or analyzing these kinds of actors?

We are definitely seeing “lone wolves” as a trend. In terms of numbers, NYPD counts one lone wolf plot targeting the city from 2001-2009; since 2009, we’ve seen 15. And the trend is not limited to just the Jihadi extremism or the radical Islam framework, but spans across ideologies and drivers. We’ve been seeing lone actors among extreme rightwing individuals and white supremacists as well, for example. The reason it is common across the board is because it is so easy to replicate. The challenges of identifying these kinds of threats early are also similar. Lone wolves are often looking to connect with just one individual who can validate their worldview; they don’t need to connect to a network anymore to operationalize. That means we potentially have fewer leads. The move toward bespoke chat platforms and encrypted apps is also a challenge. And then there’s the timeline to action. Many of the big attacks took months or years of preparation and logistics. With the lone wolf mentality, all they need to do is act on a grievance by turning everyday items into weapons. A week or two of planning is sometimes all it takes, giving us less time for interdiction.

Whether we are talking about networks or individual threat actors, how is the process of radicalization changing? Have you seen a “v. 2.0” in the role that social media plays in the process?

In the last few years, social media has fostered a “choose your own adventure” mentality for those exploring radical ideas. An individual with grievances can find ISIS propaganda but also any number of other ideological justifications that can be cherry-picked and woven into their own narrative. Zale Thompson, perpetrator of the hatchet attack against four NYPD officers in 2014, is a case in point. He expressed anti-law enforcement sentiment and was upset about treatment of minorities in the U.S., but immediately prior to the attack he was also researching ISIS and other jihadist groups. This approach to picking and choosing validation is an evolution of the conventional understanding of radicalization that existed at the beginning of the decade. Social media has also offered virtual direction to threat actors. An individual mobilizing towards violence can be guided in the execution of that violence by an agent of a terrorist group located half way around the world. One example involved a group of three individuals in Massachusetts who were directed by a prominent ISIS propagandist to behead a high profile NY-based conservative commentator. They were successfully interdicted.

Recent discussions on acts of mass violence in the U.S. note a rise in politically-motivated extremism. Have you seen an increase in the influence of what could be called domestic ideologies? If so, has this altered the way you approach identifying or analyzing threats?

There’s certainly been an increase, no dispute there. But I caution against the urge to assess the relative threat posed by different violent ideologies by counting the casualties inflicted by their followers: the numbers can be used to tell different stories. We can say that the extreme rightwing ideologies are increasingly concerning and that followers are copying tactics from the ISIS playbook—slick propaganda and low-tech attacks. At the end of the day, they are facing a similar challenge in trying to balance the needs of being public and getting propaganda out while maintaining enough privacy to allow for planning. A key difference with the extreme right threat is that it is missing a large, well-funded, organized, and global flag bearer like ISIS or al-Qaeda. There aren’t targets that lend themselves to overseas military action and so this becomes almost exclusively a law enforcement challenge. Also, we know that allegiances in this world are fluid with new groups and labels appearing frequently. The Christchurch, New Zealand mosque shooter’s self-identification as an “eco-fascist” is one such case. Learning to navigate that ecosystem is a challenge, but not an insurmountable one.

When it comes to terrorist tactics, attacks on so-called “soft targets” and the weaponization of crude objects such as vehicles has been in the news in the U.S. and Europe the last couple years. Anything more you can add on tactical trends for the operational and executive protection (EP) professionals out there?

The crux of it is anything you can get your hands on is legitimate and should be used. We haven’t seen it locally yet, but we are expecting an increased threat from weaponized hobby drones and we’re thinking about how to counter that tactic. There’s also the increasingly likely use of easily available cyber tools and malware available on the dark web. Another low-effort, high-impact tactic is doxing – essentially repackaging easily available open-source personal information as a “kill list.” We’ve seen that several times in New York. Even though we’ve assessed there to be no actual threat, the emotional impact to the victims can be real and massive. Having said that, at least in NY, there are still lots of plots involving explosives. Though there are many more opportunities to get caught in such a plot, some extremists are still interested in that kind of high-visibility impact, so that’s not going away as a concern.

Behavioral threat assessment constitutes another set of tools that are gaining ground among security professionals concerned with preventing mass violence and targeted attacks. Can you share a little bit about how your organization has adopted or adapted some of these methodologies?

As a team, we are focusing on identifying mobilization to action rather than radicalization. Our biggest concern is not people who have sympathies for radical causes, but rather those who are likely to channel those sympathies into criminal or lethal activities. Assessing an individual’s behavior helps us better understand the severity of any potential threat posed by that person. As part of our work in this area, we’re examining factors that demonstrate a willingness to act violently, such as a history of domestic violence, combined with indications that a subject is consuming propaganda that encourages violence toward some ideological end. We’re continuing to refine our approach, taking into account gaps in the collection or availability of key information while working with other stakeholders and experts with experience in this field.

Daniil Davydoff is Associate Director of Intelligence at AT-RISK International and director of social media for the World Affairs Council of Palm Beach. He has been published by ASIS International/Security Management, Risk Management Magazine, The National Interest, The Carnegie Council for Ethics in International Affairs, Foreign Policy and RealClearWorld, among other outlets. His views do not reflect those of his company.

Daniil Davydoff can be contacted on LinkedIn or at ddavydoff@at-riskinternational.com

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

Cells and the City: A Conversation with the Deputy Director for Intelligence Analysis, NYPD

Recent Articles by Daniil Davydoff

Will COVID-19 Change Everything? The Case for Being Skeptical

Why You Need TSCM Now More Than Ever

Conducting Due Diligence in Africa: An Interview with Eva Nolle

Don’t Forget Biological Threats

How to Balance Supply and Demand within Corporate Intelligence Programs

Security Magazine

2020 October

Cells and the City: A Conversation with the Deputy Director for Intelligence Analysis, NYPD

Recent Articles by Daniil Davydoff

Related Articles

Report Abusive Comment