Speaking on CBS’ Face the Nation this week, Secretary of Defense Mark Esper said, “I've signed out directives that address enhanced screening of all of our foreign students that address credentialing going forward, weapons policies, etc.. So, we're doing everything we can. The investigation is being conducted by DOJ and FBI. I'm sure they will release something on that in the coming days.”
National Security Advisor Robert O’Brien told Fox News Sunday that the US was exercising an “abundance of caution” after the shooting. “We’re being very careful,” said O'Brien. “Obviously, Pensacola showed that there had been errors in the way that we’ve vetted.”
Background:
- The FBI said it was investigating the shooting as an act of terror and identified the gunman as Mohammed Alshamrani, a 21-year-old second lieutenant in the Royal Saudi Air Force.
- Alshamrani was killed by a Sheriff’s Deputy who responded to the shootings.
- The Pensacola air station serves as a training facility for US allies.
- The Saudi government said it would fully cooperate with the FBI investigation. President Trump tweeted saying Saudi King Salman had called him “to express his sincere condolences and give his sympathies.”
- The Washington Post cites people familiar with the matter as saying that the FBI - which could release details from its investigation as early as this week - found “connections to extremist rhetoric, possession of child pornography, and a failure by a small number of people to report alarming behavior by the gunman.”
- The FBI has requested Apple’s help in unlocking two iPhones belonging to the gunman. In a statement, the technology company said, “We have the greatest respect for law enforcement and have always worked cooperatively to help in their investigations. When the FBI requested information from us relating to this case a month ago, we gave them all of the data in our possession and we will continue to support them with the data we have available.”
The Cipher Brief spoke with two of our experts: former Deputy Director of the CIA’s Counterintelligence Center Mark Kelton and former Deputy Director of the Defense Intelligence Agency Doug Wise, to provide a sense of how – from counterintelligence and military perspectives – incidents like this might be flagged before they ever occur.
The Interview:
Mark Kelton, former CIA Deputy Director of Counterintelligence
The Cipher Brief: As counterintelligence professional, what was the first question that popped into your mind when you heard about the shooting?
Kelton: Acknowledging at the outset that I don’t know anything more about the case than what has been in the press, the first question that occurred was when was the killer radicalized? The natural follow-on question thereafter was whether there were signs prior to that point that could have been detected that might have allowed his own people or the U.S. side to steer him away from that course? Thereafter, that is after he was radicalized, what signs might have been missed that, had they been detected, could have allowed U.S. or Saudi authorities to prevent him from acting?
The Cipher Brief: When you think about this unique type of insider threat, are there gaps that you see that need to be addressed in terms of vetting foreign students?
Kelton: The announced review of procedures governing foreigners receiving military training in the U.S. will surely speak to that point. I suspect that any gaps in the vetting process result not from a lack of authorities or capabilities, but rather from policies that put more emphasis on fostering good ties with participating countries than on the vetting of individual students. I also suspect the U.S. relied to a significant degree on vetting by the home nation of the trainee – in this case Saudi Arabia – rather than on independent verification of that vetting by the U.S. side.
The Cipher Brief: What level of monitoring of foreign students would you consider acceptable, to mitigate the risk of CI or CT threats posed by non-U.S. students who are training in the U.S.?
Mark Kelton, Former Deputy Director for Counterintelligence, CIA
As the students are not U.S. citizens, we should exercise all lawful and reasonable- in terms of available resources and capabilities –means to assure ourselves that such persons pose no threat to our own country and citizens, or to the citizens of other countries training in the U.S. That vetting should, of course, be directed most actively at students from countries that pose the greatest potential CT or CI threat based upon both past history and assessment of prospective future threats.
The Cipher Brief: How might the U.S. do a better job - in cases where there are warning signs that individuals share an ideology consistent with a terrorist group - of keeping abreast of those warning signs?
Mark Kelton, Former Deputy Director for Counterintelligence, CIA
The best course would be to establish a program akin to the government’s own continuous evaluation program - albeit a more robust version given that the trainees are not U.S. citizens- to provide ongoing vetting of trainees prior to and during their training programs. As noted above, the most scrutiny should be directed at students from countries with a past history of posing CT or CI threats.
The Interview:
Doug Wise, Former Deputy Director, Defense Intelligence Agency
The Cipher Brief: When you think about this type of threat, are there gaps that you see that need to be addressed in terms of how the US vets foreign students?
Wise: That's a good question. In all fairness to the DOD, the first thing is that vetting, and the counterintelligence aspects of vetting are just not ingrained in the DOD culture, particularly this part of the DOD, which handles training, and more specifically the Navy. It's important that we are careful how we use the term ‘vetting’, because as soon as somebody says it, the word implies a rigor that quite frankly didn't exist in this case. The first thing DOD cares about, in terms of pre-screening foreign students is, does this guy have a human rights record? Next, they make an assessment as to whether or not the individual is going to be a defection risk?
Defection by Saudis is probably rare to non-existent. If these were Afghan pilots being trained here in the United States, the risk of defection would be significantly higher. So human rights abuse is the top priority and defection risk is the second priority. Then, as part of the overall assessment at whether we want to bring an individual in under DOD sponsorship, I think there is a belief in ‘coalition behavior’, that all allies are friends and our allies generally don't represent a risk. The DOD would be reluctant, particularly given the administration's strong support of the kingdom of Saudi Arabia, to not allow this Saudi to train in the U.S. without having the Saudi in question lose face and creating an awkward bilateral international incident. I think there's a face-saving avoidance of international embarrassment both to us and to the Saudis. I think this is a significant issue in situations like this.
Way down at the bottom of the list, I think there may be a look at whether Saudi Arabia in general represents a counterintelligence threat to the United States. And I think the answer to that would be probably not, the Saudis don't mount significant intelligence operations against us. I think that most likely the U.S. training mission in Saudi Arabia probably bears the bulk of this risk versus gain assessment.
There is a significant dependency on the Saudis to actually vouch for this guy. None of this is unique to Saudi Arabia. With any foreign student, whether he was Romanian, British or Saudi, I think the DOD puts a lot of faith and confidence in the allied nation to help them make a risk versus gain decision.
The Cipher Brief: You mentioned the CI threat being low, but if you were to talk about the CT threat, certainly with 800 or 1,000 students from Saudi in the US training, would that change your risk calculus or your opinion on that?
Doug Wise, Former Deputy Director, Defense Intelligence Agency
You notice I didn't mention at all any concern about the terrorism risk, because the DOD never considered anybody from Saudi Arabia a terrorism risk in spite of the evidence over time.Despite the significant proportion of al-Qaeda members, particularly senior members having been Saudis and the 9/11 hijackers being Saudis, counterintuitively, the DOD never looked at this Saudi student or the 800 or 1,000 others in the U.S. as terrorism risks.
They looked at them as human rights risks and a defection risk. And then they looked at the risk of not allowing the person to come to the United States. And so those are the three risks that they looked at. They never considered terrorism to be a significant existential risk with the Saudis to come to the United States.
The Cipher Brief: What level of monitoring of foreign students would you consider acceptable going forward?
Doug Wise, Former Deputy Director, Defense Intelligence Agency
From a DOD perspective, they do no monitoring for the most part once they come to the United States, unless there is a red flag. In which case then you'd think, maybe if there's a flag antecedent to arrival, maybe he shouldn't arrive. But once he gets here, I don't think the DOD pays a lick of attention. It's just not part of the DOD culture.
Wise: Counterintelligence, particularly when it applies to foreign students going through training, is not really in the consciousness at DOD. DOD counterintelligence resources are very capable and they're very good but the scale of threats they're dealing with from Russia and China and Iran and other countries consumes all of their very capable CI resources.
I can state based on personal experience, those counterintelligence professionals are exceptionally good, but there just aren’t enough of them to monitor the scale of foreign students coming to the US for training.
The Cipher Brief: What does the US need going forward to stay in front of these threats? What level of response or technological surveillance should be considered appropriate going forward?
Wise: The DOD focus is on human rights and war crimes. If there is not an acknowledged terrorism risk, then none of that capability for social media monitoring is applied to the assessment process for foreign students. I think it probably will be in the future. But the fact is that the DOD doesn't have those threats, meaning counterintelligence and terrorism, as a priority when it looks at foreign students. Because it has an implicit and explicit trust in not only their own ability to root out a war criminal, human rights violator, and to root out a defection risk. The trust and competence center on its relationship with the student’s host nation. But your point is well taken that given the fact that DOD has significant social media monitoring resources, that could be applied to all foreign students in the future, particularly those who come from those countries that provide the seed corn and the majority of the operators for al-Qaeda and ISIS.
Read more expert national security insights in The Cipher Brief and sign up for our free newsletter here or become a member, with full access to all of our expert-driven content for just $10 a month for an annual subscription.
The Cipher Brief Threat Conference is proud to welcome Mark Kelton and Doug Wise to the U.S.’ premiere national security briefing March 22-24 in Sea Island, GA. The Cipher brief Threat Conference provides an apolitical forum for public and private sector leaders to engage with experts for in-person briefings on critical national security issues facing government and business. Seats are limited. Request your conference pass today.
