By Colin P. Clarke, Chad C. Serena

As the Islamic State in Iraq and Syria continues to suffer defeats on the battlefield, it may be moving into terrain that is relatively nascent and somewhat unfamiliar to Western counterinsurgents—cyberspace.

Analysts have expressed concern that ISIS may turn to virtual currencies to fund future attacks. These currencies can be used as part of an effort to mask the organization’s illicit transactions while enabling it to support attacks in areas outside of its control. And the organization has a history of broadly using cyberspace and technology in innovative ways.

ISIS is attempting to develop its own social-media architecture to help its members avoid security crackdowns on communications exchanged and content posted by the group, according to Europol, Europe’s police agency. An expanded social-media presence would also enable ISIS to continue to encourage attacks abroad as the group retrenches, but perhaps with greater frequency.

ISIS is losing territory and struggling financially. Its fighters are fleeing, and its leadership is being targeted at a frenetic pace. Throughout the Arab and Islamic world, ISIS had been losing support through 2016—given the group’s military losses, that trend has likely continued in the past year. And in what appears to be a rather desperate attempt to continue fighting, the organization is increasingly relying on elderly militants to conduct suicide attacks.

Despite such adversity, it is highly likely that ISIS will not be defeated in the coming months and years. Even where ISIS is displaced or temporarily dislodged from physical territory, disenfranchised Sunni Arab populations will probably continue sympathizing with the group’s objective to establish a caliphate. Those not ideologically disposed to ISIS still perceive it a more suitable protector of Sunni interests than either the Syrian or Iraqi governments.

ISIS is essentially transitioning to the next phase of its life cycle, moving underground and online as it weathers the current onslaught from American forces supporting a patchwork of anti-ISIS forces arrayed against it in both Iraq and Syria.

Taking away territory from ISIS is a temporary stopgap that will merely push the group toward more clandestine activity in the near term, as Craig Whiteside, a professor at the U.S. Naval War College, and other terrorism experts have repeatedly noted. In conjunction, the group will probably shift the locus of its activities to other enclaves where it continues to hold power and can remain capable of resupplying its organization with weapons and other materiel. And, the organization will undoubtedly redouble its efforts and presence in cyberspace, where for years it has enjoyed relative sanctuary in the conduct of offensive and support operations.

How else might ISIS seek to regain momentum once its caliphate is gone?

One concern is that a successful attack on American soil could invite a prompt military response, further galvanizing ISIS and its supporters and making it seem both more powerful and relevant than it actually is. The recent attack in Manchester, England demonstrates ISIS’ reach—it retains a remarkable capability to inspire or direct attacks abroad, including in the West.

ISIS has also proved highly adept at capitalizing upon sectarian tensions in the Muslim world to burnish its image as a protector of Sunnis. This is part of its strategy in Egypt, where recent ISIS attacks have targeted Coptic Christians. If this strategy is deemed successful, there is little doubt that ISIS will replicate this behavior in other countries where it retains a presence, including Iraq, Saudi Arabia, Afghanistan and Pakistan.

Still, if ISIS is close to being defeated—as many analysts have claimed in recent months—why is there heightened concern about its potential to conduct attacks? Just this month, the State Department released a travel warning for Americans heading to Europe. In addition, the Transportation Security Administration issued a warning in early May about vehicle-ramming attacks. Concerns about the ability of terrorists to plant explosives in electronic devices have led to restrictions on the carrying of laptops on planes bound for U.S. destinations. The United Kingdom just elevated its threat level from severe to critical, suggesting that a terrorist attack may be imminent.

One reason for the intensified concern could be the impending arrival at the end of May of Ramadan, a Muslim season that has been tied to an increase in terrorist attacks in recent years; last year a major uptick in attacks specifically related to Ramadan was reported, with ISIS responsible for over three hundred deaths during the Muslim holy month. ISIS also recently urged its followers to take advantage of gun shows in the United States as a means of acquiring firearms without necessarily submitting to paperwork requirements that could create a record of the transaction or expose connections to ISIS.

While ISIS is a highly adaptive organization, some of its innovations—including dropping grenades from miniaturized drones—are more about generating fear of its capabilities than actual threat, even as ISIS’ use of drones proliferates. The terror group’s continued foray into the virtual sphere shows that it is far more agile as an organization than other terrorists groups in recent history.

Yet however shrewdly ISIS might use cyberspace to pursue its objectives as its caliphate crumbles, an overreliance on social media and technology can cause vulnerabilities. For instance, last year U.S. Cyber Command allegedly obtained the passwords to ISIS administrator accounts, deleted prominent propaganda and locked ISIS social-media specialists out of their accounts in an operation dubbed Glowing Sympathy.

While ISIS reaps the many benefits of being able to plan, encourage and support terrorist activities in and through cyberspace, drawing the attention of various U.S. military commands to its cyber activity is not one of them. The combined cyber capabilities now being brought to bear against ISIS should only continue to grow with additional investment and experience.

As ISIS loses territory and prestige, shifting resources to bolster its cyber activity makes sense but it increasingly comes at a cost as its adversaries continue to invest in expanded cyber capabilities. The more ISIS relies on cyberspace to continue its operations, the more likely it will expose important segments of its organization to detection and disruption. ISIS is likely to find that moving its activities underground and online has become much more difficult than it would have been just a few years ago.

Tags: ; ;