An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

SPEECH | March 23, 2017

Adm. Tidd Prepared Remarks: Intelligence in Defense of the Homeland Symposium at Univ. of Texas


Adm. Tidd speech and Commanders' Perspectives panel with Gen. (Ret.) Norton Schwartz, Challcellor Adm. (Ret.) William McRaven and Christine Abizaid.

Bill, thanks for the introduction, and for including me in this important discussion.  It’s great to see you again.  As the Navy’s “old salt,” I can tell you that we really miss having a ‘bull frog’ like you in the pond.  It’s also great to see so many familiar faces. SOUTHCOM has long been charged with defending the southern approaches to the U.S. homeland from a wide range of threats. 

And while it might not make headlines, we’re seeing many of the same issues in Latin America that we’ve talked about in today’s conference.  Self-radicalization...ISIS recruitment via social media…creeping extremist influence in the Caribbean…foreign terrorist fighters: just as these are problems for the United States, they are problems for our immediate neighbors, too. I’d argue, however, that these problems are all symptoms of a much larger challenge: the challenge of networks. 

Networks are all around us.  Think about the internet, Facebook, Twitter.  Think about your networks.  How your social circle has helped you, supported you, and hindered you.[1] Networks are the defining aspects of our daily lives.  We rely on them.  We’re part of them.  We’re threatened by them.  Networks shape our world, but we don’t really understand their logic. 

They’re confusing and always changing.  What’s true about networks today, about who belongs to them and how they operate, isn’t necessarily true tomorrow. 

In the intel world, connections between different actors and the environment are often difficult to spot until after the fact.  Just look at the global financial crisis of 2008, or the Arab spring. We live in a world held together by networks.  We analyze them and sometimes try to degrade them, but we don’t normally use them to solve our common problems. 

So that’s what I’d like to talk to you about today: how SOUTHCOM is shifting our approach to confront the challenge posed by threat networks, in all their various forms.  For us, this involves a fundamental shift in how we think about these problems, how we fuse intel, ops, and open source info, how we talk about them, and how we act on them—ultimately, how we change as an organization.

So let’s start with the most basic shift.   Like many, we believe expressions like ‘war on drugs’ or ‘war on terrorism’ are obsolete and, frankly, misleading.  You can’t defeat a commodity or a tactic.  What you can defeat, degrade, and disrupt are the bad actors behind those illicit commodities and tactics…same goes for “security.” 

You can’t just ‘improve it’—but you can shape the surrounding environment and conditions that enable it.  We’ve started using the term “threat networks” to encompass a whole range of ‘bad actors’—violent extremist organizations, cartels, transnational criminal organizations, gangs, narco-terrorists, and the like.

Now, I’m not talking about ‘nexus’ or ‘convergence’ or some sort of hybrid super threat, or any of the words that are often topics of hot debate within the IC. What I’m talking about is recognizing there is far more overlap than division between extremist and criminal networks.  Years, we’ve talked about (and treated) issues like radicalization and drug trafficking as distinct problems…when in reality they are far more connected than they might appear. 

And the thing that connects them is a permissive security environment.

Extremist and criminal networks exploit existing governance gaps and entrenched socioeconomic vulnerabilities. These networks are products of their environment…but by their very existence, they make the environment that much worse.  The real, profound security threat lies not in the products they are moving or the people they are recruiting, but instead in the inter-related effects they are having. 

Threat networks are inherently destabilizing.  They engage in corruption, exploit vulnerable populations, undermine the effectiveness of governments, and challenge state sovereignty wherever they operate.  In a sense, threat networks operate like viruses, compromising the legitimate state’s immune system and making it harder for it to ward off internal and external threats. 

Like viruses, threat networks hijack their hosts’ own cells to reproduce and spread, with all sorts of negative consequences. Overwhelmed police forces can’t detect signs of trouble at the community level—be it the plotting of a radicalized group of individuals or a brewing turf war between cartels.  Ineffective judicial systems may only prosecute 10% of all homicides or may fail to even define terrorism as a criminal activity—which usually results in blanket judicial impunity and a ‘catch and release’ system. States that can’t stop the flow of foreign terrorist fighters to Syria and Iraq or monitor their potential return also can’t stem the smuggling of drugs, weapons, and people through their territories. Whether consciously or not, criminals and terrorists both understand the importance of a permissive environment—and they both take advantage of it. 

Criminal networks seek out places where state presence is minimal, corruption is pervasive, and governance is poor.  Extremist networks like ISIS or individuals with ties to terrorist groups seek out places where borders are porous, visa policies are lax, and interdiction capabilities are minimal.  More often than not, these places are one and the same. We also see overlaps in other areas. 

In Latin America and especially in the Caribbean, criminal and extremist networks both prey on the disadvantaged, the disaffected, and the marginalized.  Fact, both networks target this demographic for recruitment.  Thanks to entrenched socio-economic challenges, they seem to have an endless pool of eligible candidates.  It doesn’t matter which network you join—both will justify your moral outrage at an unfair system…and both will give you a sense of purpose and a taste of power.  Both networks glamorize violence and use it as a tool to intimidate local populations and inspire legions of wanna-bes. 

Both networks skillfully exploit social media and popular culture via high quality videos or music that promotes killing, intimidation, and a code of silence.  Both networks rely on the same capabilities—logistics, finance, communication and messaging, and transportation—to conduct their operations.  Both networks move in the same illicit underworlds and may even use the same key facilitators—crooked lawyers and accountants, document forgers, weapons dealers, money launderers —to support their activities.  This is where it gets complicated—because these activities are also inter-connected in time and space.  This is something many of us—intel analysts and operators included—struggle to wrap our heads around. 

Threat networks don’t operate in just one domain, at one point in time.  They don’t do just one discrete thing, in only one place.  They simultaneously operate across multiple domains, countries, regions, and continents.  They are also adaptive and dynamic, constantly reacting and learning from other networks, and from us.  Every action we take (or fail to take) impacts networks.  We respond to a crisis, and the networks look where we’re operating (and where we’re not) and exploit the opportunity. That means we can’t do just one thing, in just one domain, targeting only one illicit activity or commodity.  We can’t just identify a threat, feed intelligence into our operations, and call it a day. Everything we do has to be connected with our interagency, regional, multinational, and non-governmental partners. 

And with those partners, we have to create multiple, interlocking layers of defense that extend outward from our homeland.  In other words, we have to be networked.  This starts with building a better ‘friendly’ network—expanding our relationships and connections within and across the U.S. interagency.  We build this friendly network first to illuminate terrorist and criminal networks, and then to act effectively together against them. Sounds easy, right?  Not so fast…I think many of us in this room would agree that the U.S. interagency has, at best, an incomplete understanding of itself. 

This is a crowded and sloppy playing field.  Just look at the special interest alien (SIA) problem. 

In this hemisphere, HSI, CBP, ICE, the State Department, USSOCOM, USSOUTHCOM, USNORTHCOM, and the FBI are all involved in some aspect tracking and stopping migrants who may represent security threats.  So are the 30 plus countries where SIAs may be transiting.  All the right players are talking, but sometimes we don’t speak the same language.  We each have different mandates, authorities, and definitions of success.  We’re doing well…but we can and must do better.   This challenge doesn’t just apply to countering threat networks.  This is universal.  We talk a good ‘whole-of-government’ talk, but we don’t always align our respective activities and operations to shape the security environment in our favor. 

We strive for unity of effort, but we struggle to achieve unity of effect.  We zero in on one thing, but can lose sight of the bigger picture.  We don’t always trust each other as well as we should.   We’ve learned to share some of our toys, but federal agencies (mine included) have long memories and a propensity to hunker down over our respective rice bowls.  Add in an environment replete with resource constraints, and things can – and do -- get…sporty.  We tend to put the burden of illuminating threat networks on our IC partners, but that may not be enough to build a complete picture of all the interconnections out there. We need to tap blend a range of expertise—operators, planners, historians, academics, economists, development experts, bankers, red teamers, bloggers, you name it—to reach more accurate conclusions about what’s happening now and what’s likely to happen the future.[2]  And then we need to share that information with an even broader range of stakeholders, friends, partners, and allies, to help them disrupt financial, transportation, and leadership sub-networks wherever they reside. 

And so at SOUTHCOM, we’re doing our small part to be better partners to our interagency colleagues, to bring people to the table, to facilitate the sharing of information, to open avenues of communication, and to see connections better. 

We’re experimenting with new visualization tools that help us “see” the problem better.  We’re taking a hard look at how activities in other regions—like our military successes in Raqqa and Mosul—are changing the calculus of threat networks operating in this one.  We’re also asking tough questions—trying to understand how activities (seemingly unrelated to threat networks) inadvertently help them or cause them to adjust.   

And we’re aligning our direct “attack the network” kinds of support (where bad guys go to jail and terrorist attacks are thwarted) with longer-term, indirect activities focused on extending good governance, improving rule of law, expanding economic opportunity, and making the regional security environment less permissive. Within our HQ, we’re sending a team of analysts and operators to work shoulder to shoulder with FBI Miami to identify threat networks and enable their prosecution – and ultimately their disruption.   We’re expanding our use of publicly available information to enhance our intelligence capabilities.  We’re sharing intel, planning, and logistical support to DHS to combat SIA smuggling. 

We’re in the process of standing up a counter-threat network team in our HQ that blends together the CT, CN, CTOC, and CWMD communities, drawing expertise from our intelligence, operations, plans, and law enforcement liaison teams—to better support interagency partners charged with disrupting threat networks.  We’re also deepening our support to USAID and the state department in the development arena.  This isn’t just about doing a better job stopping extremist networks from exploiting illicit pathways, or about preventing homegrown attacks in this hemisphere.  We also have to do a better job addressing the conditions that allow those pathways to exist and those extremist messages to resonate in the first place. We’re working hard to do a better job enabling our regional network of partner nations, friends, and allies. We’re encouraging them to do more with us, and with each other, to illuminate and disrupt threat networks.  We’re building capacity to help our partners secure their borders and manage extremist and criminal threats. 

We’re facilitating the delivery of essential services like medical care and infrastructure to the region’s citizens.  We’re helping governments create public outreach campaigns to encourage citizens to speak out against both crime and radicalization.  We’re attacking barriers to information sharing and making everything as releasable and accessible to our foreign partners as possible.  We’re expanding our engagement on human rights, rule of law, and the importance of accountable institutions—all critical components of a strong state immune system. Ultimately, what we’re building is trust—so that when one of our partners sees something concerning on the threat network front, they pick up the phone and give us a call…and they answer our phone call when the situation is reversed. Finally, we’re deepening our partnership with academia, civil society, NGOs, and the private sector—to help us build a truly complete picture.

We’re leveraging research to help us understand how influence spreads via social networks, and to help us pay attention to weak or latent signals of emerging trends that we might otherwise miss.  We’re looking to experts to help us identify shifting social currents and anticipate trends that may change the trajectory or appeal of groups like ISIS or other violent groups.  We’re engaging in dialogue with NGOs to understand vulnerabilities at the community level that threat networks exploit, and looking to the private sector to gain better fidelity on illicit financial flows.

And here’s the thing.  When all these networks work together at once, sharing information and intelligence, coordinating our efforts to influence the way threat networks think and act, to drive them where they don’t want to go—it’s a pretty amazing sight.  We can have all sorts of cascading and positive effects across a range of interconnected missions. 

We can recognize emerging trends, rather than being blindsided by them.  We can get ahead of events, rather than being overtaken by them.  We can shape the future. That’s what we can do if we get this networked approach right.  If we don’t… no amount of investment, none of our individual efforts, none of our past successes, will matter.

These networks have adapted—now it’s time we do, too. Thank you.



[1] Network Logic: Who Governs in an Interconnected World? Edited by Helen McCarthy, Paul Miller, & Paul Skidmore, 221-225. London: Demos, 2004.

[2] “How Intelligence Works (When it Does).”