The United States and the Islamic State are battling each other in a declared state of cyberwar. Which side is winning?

That’s a hard question to definitively answer, as the struggle is largely being played out in the shadows of cyberspace. But it’s clear that ISIS is effectively using the Internet, including social media, to recruit Americans to commit domestic acts of terror.

Few people have more counterterrorism experience than John D. Cohen, who has served in national-security roles such as senior adviser in the Office of the Director of National Intelligence and counterterrorism coordinator in the U.S. Department of Homeland Security.

The Parallax recently asked Cohen, who today teaches at the School of Criminal Justice at Rutgers University, for his take. Here is an edited transcript of our conversation.

Q: About a year ago, ISIS declared an “electronic war” against the United States. Could it use the Internet to attack facilities?

Cohen: To date, we have not seen ISIS demonstrate a level of sophistication high enough to carry out a crippling attack against critical infrastructure. However, that should not give anybody a sense of comfort.

John D. Cohen

Counterterrorism expert John D. Cohen

What’s your more immediate concern?

ISIS members have demonstrated a high level of sophistication in the way they use Internet-based platforms to inspire and recruit people to their cause. And they’ve been able to use a significant amount of financial resources to acquire technical expertise when they need it.  

Social media has played a role in almost every ISIS-inspired act of terror against the United States, including the recent Orlando attack. Why is law enforcement scrambling to keep up?

ISIS’ social-media campaign is designed to inspire people to join its cause in a way such that they are acting independently of the organization. That makes detection of those individuals, through traditional counterterrorism methods, very difficult.

ISIS members also aren’t just targeting the Muslim community; they are targeting people who share a common underlying mental or behavioral health characteristic—people who are searching for something that provides a social connection, a social identity, or a sense of meaning in their lives.

They’re adept at identifying platforms on which to broadcast messages that incorporate Western music, language, and visual imaging specifically intended to resonate with this vulnerable part of our population. One has to be concerned that they could demonstrate a similar level of sophistication and utilization of other technology capabilities, such as in launching cyberattacks.

Are efforts to create a counter-ISIS narrative having much of an impact?

Those efforts fly in the face of what we’ve learned about the people who are becoming inspired by the ISIS rhetoric. In most cases, these aren’t people with a thorough understanding of the ideology itself. Trying to dissuade them from violence through a narrative that attacks the ideology is really not going to resonate.

We need to focus on understanding the underlying issues that result in these people deriving inspiration from the narrative. Until we incorporate our knowledge of these individuals’ behavioral characteristics into our broad efforts to counter violent extremism efforts, I fear that we will continue to see events just as those we just saw in Orlando.

Do you expect the government to put more pressure on technology companies to change their terms of service and disable accounts linked to terrorism?

It’s tricky. History has demonstrated that when speech is incendiary, you place industry in a very uncomfortable position by asking them to determine whether a post is illegal or qualifies as incitement.

This entire enforcement area is complicated because the role of government and law enforcement is not to police or regulate thought, but rather to prevent violent attacks. Drawing the line between something that serves as the catalyst for a violent act and something that’s constitutionally protected free speech is difficult.

We should instead focus on understanding why a subset of our population is vulnerable and influenced by social-media campaigns. We need to become more effective at identifying people at risk of planning these attacks. In addressing those issues with community-based strategies, we’ll help prevent acts of violence.

Is ISIS learning to interact with cybercriminals—say, hackers in Europe—who could provide access to advanced malware?

In my 32 years of law enforcement experience, I have found that people who were engaged in illegal activity tended to network with each other. I have never believed that terrorists don’t deal with criminals.  

How has the overall threat of terrorist groups on the Internet evolved?

Over the last few years, terrorist groups have focused more of their attention on cyberintrusions and hacking to support their criminal or illegal objectives. They have been hacking into financial institutions or other commercial entities to acquire financial resources.

The Internet and our evolving communications and technical capabilities have made the world more global and networked, forever changing how we trade. We should expect those same capabilities to be used by terrorists in chasing their objectives.

When it comes to this particular cyberwar, if there’s no “fall of the Berlin Wall” moment, how will we know when we’ve won?

The threats of yesterday are not necessarily going to be the threats of tomorrow. One indication that we have turned the corner will be when we are just as adept at visualizing and addressing emerging threats as we are in dealing with the threats of yesterday.