During March and April of 2012, the University of Pittsburgh experienced what could only be termed a bomb threat epidemic. During that span, roughly 150 bomb threats resulted in creating a climate of fear and continuous disruption. Making matters worse, there seemed to be no discernible pattern to the bomb threats. Dormitories, classrooms, off campus facilities and even vacant buildings were targeted. Threatening communications were delivered to individuals, the university, local television and print media outlets, the Pittsburgh police department and other miscellaneous organizations. They would occur randomly, at any time, on any given day. Aside from the financial costs, it is nearly impossible to quantify the anxiety and havoc wreaked by the sporadic barrage of bomb threats.
A self-described intelligence analyst known simply as “Andrew” decided to set up a blog in an attempt to consolidate all the pertinent information. This person claimed to have no affiliation with the University of Pittsburgh. His motivation appeared to be purely altruistic. And let me be honest, if you examine his entries, you’ll quickly discover an unparalleled level of professionalism. He also exhibited ample discretion with an incredibly sensitive topic. I believe the stopthepittbombthreats blog is the superior, defining source for factual, public information related to the 2012 University of Pittsburgh bomb threat plague.
His blog contained a wealth of information. There’s far too much to adequately sift through and analyze. So instead, I’d like to take a look at his final comments and offer some additional insight.
It is absolutely imperative that law enforcement both locally and nationally take a long, hard look at this case. With bare minimal resources, the perpetrators managed to create a disproportionately high level of disruption. If these kinds of anonymous cyber “attacks” are executed at the macro level, the level of disruption could be off the charts. So four important takeaways to consider:
- Re-evaluate the warning-response threshold concerning bomb threats, specifically on the campus of educational institutions.
- Law enforcement and university policymakers must establish “best practices” concerning anonymous threats. This series of events has shown beyond a doubt the homeland security instructions on how to deal with bomb threats are grossly insufficient in the cyber age.
- Social media is a powerful tool to collect and disseminate information to the public, especially in situations where the media is unavailable to perform its duties (if indeed it is ethical to even do so).
- Social media is also a tool a perpetrator can use to collect counter-intelligence. Perpetrators can also use social media to analyze and manipulate public emotions.
I wholeheartedly agree with these recommendations and observations. Let’s take a closer look at the statement in his preamble…
If these kinds of anonymous cyber “attacks” are executed at the macro level, the level of disruption could be off the charts.
I have a hunch that Andrew may have been referring to the potential for artificially generated stampedes, in particular, a dominipede delivered via a viral blitzkrieg.
In 2012, I initiated a comprehensive letter writing campaign to alert the federal government about the potential for a dominipede. I contacted the Federal Bureau of Investigation and then wrote to the Department of Homeland Security, the Federal Communications Commission and the Department of Education. Of these three agencies, I received only one response. It was in a letter dated April 12, 2012 from the United States Department of Education, Office of Post Secondary Education.
It’s my contention that the DHS and FCC do not respond to civilian concerns regarding hypothetical national security threats. But not only did they fail to address my concerns, they wouldn’t even acknowledge receiving my correspondence (likely a result of the catch-22 – if you acknowledge a problem, you own it and if it happens, you’re to blame). This would appear to contradict the DHS “If you see something, say something” campaign. The federal government seems to be saying, “We desperately want to hear your concerns, but we will neither confirm nor deny them. Furthermore, in certain cases, we won’t even acknowledge them. Because in the event you’ve touched on a plausible concern, a tangible paper trail could eventually be a source of extreme embarrassment, exposed incompetence and severe political repercussions.”
I think it’s a safe assumption that in the aftermath of an artificially generated stampede, or worst case scenario dominipede, not only would the public demand answers but there would also be some very high profile resignations.
So why did the Department of Education respond instead of the other more seemingly relevant agencies? I believe the letter from the DOE (which appears to have been meticulously crafted) was composed in error. It should have neither been written nor sent. The DOE is likely not in the habit of receiving inquiries regarding sensitive, hypothetical national security issues. Their written response was likely the result of a procedural lapse or omission in policy. Regardless, I do appreciate their effort even though I feel it failed to adequately address the essence of my concerns.
The 2012 University of Pittsburgh bomb threat saga is a real-world microcosm. It represents a defining precursor to the legitimate concerns I have raised regarding the prospect of artificially generated stampedes. This issue must be addressed by the federal government. The only remaining questions are when and how.
When will the United States government acknowledge this looming asymmetric threat: before a tragedy or after a tragedy? I cannot answer this. But based on past government tendencies and behavior, I suspect it would be after.
How could the federal government go about acknowledging this issue? This one’s a little tougher. I would implore President Barack Obama to read an article I wrote entitled, “The Obama Solution.” At this time, I believe it’s the best viable solution from a national policy perspective.
On a final note, perhaps we need an overhaul in the manner by which our government assesses asymmetric national security issues, particularly those in the realm of communications and technology that fall under the jurisdiction of cyber warfare. At some point, it could be necessary to create an independent organization outside the scope and bureaucracy of the federal government. Their sole purpose: to analyze “easily identifiable yet untouchable” issues and directly report them to the highest levels within the presidential cabinet.
We the people, as a nation, cannot exclusively rely on the federal government to adequately protect its citizenry, especially in a situation like this where there appears to be a proven disinclination to acknowledge the existence of the problem in the first place.
Daytime talk show host Dr. Phil pretty much sums it up… “You can’t change what you don’t acknowledge.”