In the wake of the July 22 Oslo attacks,
as I have talked with people in the United States and Europe, I have noticed
two themes in the conversations. The first is the claim that the attacks came
from an unexpected source and were therefore impossible to stop. The second theme
is that detecting such attacks is the sole province of dedicated
counterterrorism authorities.
As discussed in last
week’s Security Weekly, even in so-called “unexpected” attacks there are
specific operational tasks that must be executed in order to conduct an
operation. Such tasks can be detected, and unexpected attacks emanating from
lone wolf actors can indeed be thwarted if such indicators are being looked
for. Alleged Oslo attack perpetrator Anders Breivik reportedly conducted
several actions that would have made him vulnerable to detection had the
authorities been vigilant and focused on those possible actions.
This is why it is critical to
look at the mechanics of attacks in order to identify the steps that must be
undertaken to complete them and then focus on identifying people taking such
steps. Focusing
on the “how” rather than the “who” is an effective way for authorities to
get on the proactive side of the action/reaction continuum.
Considering this concept of
focusing on the how, one quickly reaches a convergence with the second theme,
which involves the role and capabilities of dedicated counterterrorism
resources. The primary agency tasked with counterterrorism in most countries
tends to have limited resources that are stretched thin trying to cover known
or suspected threats. These agencies simply do not have the manpower to look
for attack-planning indicators — especially in a world where militant actors
are increasingly adopting the leaderless-resistance model, which is designed to
avoid detection by counterterrorism forces.
When these factors are combined
they highlight the fact that, as the threat posed by militants adhering to the
leaderless-resistance model (whom we frequently refer to as “grassroots
militants”) increases, so does the need for grassroots defenders.
Grassroots Threats
As we noted last week,
Breivik’s concept of self-appointed and anonymous “Justiciar Knights” who
operate as lone wolves or in small phantom cells is not a unique concept.
Breivik was clearly influenced by the militant-group case studies he outlined
in his manifesto. In recent decades, governments have become fairly efficient
at identifying and gathering intelligence on known groups that pose a threat to
conduct violent attacks. This is especially true in the realm of technical
intelligence, where dramatic increases have been made in the ability to capture
and process huge amounts of data from landline, cellphone and Internet
communications, but governments have also become quite adept at penetrating militant
groups and recruiting informants. Even before 9/11, government successes
against militant groups had led white supremacist groups and militant
animal-rights and environmentalist groups to adopt a leaderless
resistance model for their violent and illegal activities.
In the post-9/11 world, intelligence
and security services have dramatically increased the resources dedicated to
counterterrorism, and the efforts of these services have proved very effective
when focused on known organizations and individuals. Indeed, in recent years we
have seen a trend where jihadist groups like al Qaeda and its franchises have encouraged
aspiring militants to undertake lone wolf and small cell activities rather
than travel to places like Pakistan and Yemen to link up with the groups and
receive training in terrorist tradecraft. For several years now, STRATFOR has
emphasized the nature
of this decentralized threat.
We see no sign of this trend
toward leaderless resistance reversing in the near future, and our forecast is
that the grassroots threat will continue to grow, not only from the jihadist
realm but also from far-right and far-left actors.
Stretched Thin
As noted above, most
counterterrorism intelligence efforts have been designed to identify and track
people with links to known militant groups, and in that regard they are fairly
effective. However, they have been largely ineffective in identifying
grassroots militants. The focus on identifying and monitoring the activities of
someone connected to a known militant group is understandable given that
operatives connected to groups such as Hezbollah or al Qaeda have access to
much better training and far greater resources than their grassroots
counterparts. In general, militants linked to organizations pose a more severe
threat than do most grassroots militants, and thus counterterrorism agencies
focus much of their attention on the more potent threat.
That said, grassroots
operatives can and do kill people. Although they tend to focus on softer
targets than operatives connected to larger groups, some grassroots attacks
have been quite deadly. The July 2005 London bombings, for example, killed 52
people, and Breivik was able to kill 77 in his twin attacks in Norway.
One problem for most
counterterrorism agencies is that counterterrorism is not their sole (and in
some cases even primary) mission. Often, such as the case with MI5 in the
United Kingdom, the primary counterterrorism agency also has substantial
foreign counterintelligence responsibilities. In the case of the FBI, it has
not only counterterrorism and foreign counterintelligence missions but also a
host of other responsibilities such as investigating bank robberies,
kidnappings, white-collar crime, cyber crimes and public corruption.
The resources of the primary
counterterrorism agencies are also quite finite. For example, the FBI has fewer
than 14,000 special agents to fulfill its many responsibilities, and while
counterterrorism has become its top mission in the post-9/11 era, only a
portion of its agents (estimated to be between 2,500 and 3,000) are assigned to
counterterrorism investigations at any one time.
Counterterrorism
investigations can also be very labor intensive. Even in a case where a subject
is under electronic surveillance, it takes a great deal of manpower to file all
the paperwork required for the court orders, monitor the surveillance equipment
and, if necessary, translate conversations picked up from the surveillance
efforts and run down and or task out additional investigative leads developed
during the monitoring. Seemingly little things like conducting a “trash cover”
on the subject (sifting through the trash a subject places out on the curb for
evidence and intelligence) can add hours of investigative effort every week. If
full physical and electronic surveillance is put in place on a subject, such a
24/7 operation can tie up as many as 100 special agents, surveillance
operatives, technicians, photographers, analysts, interpreters and supervisors.
Again, given the potential
threat posed by known or suspected al Qaeda, Hezbollah or, currently, Libyan
government operatives, it is understandable why so many resources would be
devoted to investigating and neutralizing that potential threat. However, the
problem with this focus on known actors is that it leaves very little resources
for proactive counterterrorism tasks such as looking for signs of potential
operational activities such as preoperational surveillance or weapons
acquisition conducted by previously unknown individuals. Indeed, this is a huge
undertaking for agencies with limited resources.
Furthermore, in the case of a
lone wolf or small cell, there simply may not be any clear-cut chain of
command, a specific building to target or a communication network to compromise
— the specialties of Western intelligence agencies. The leaderless-resistance
organization is, by design, nebulous and hard to map and quantify. This lack of
structure and communication poses a problem for Western
counterterrorism agencies, as Breivik accurately noted in his manifesto. Also,
since this grassroots threat emanates from a large variety of actors, it is
impossible to profile potential militants based on race, religion or ethnicity.
Instead, their actions must be scrutinized.
Grassroots Defenders
All grassroots militants
engage in activities that make their plots vulnerable to detection. Due to the
limited number of dedicated counterterrorism practitioners, these mistakes are
far more likely to be witnessed by someone other than an FBI or MI5 agent. This
fact highlights the importance of what we call grassroots defenders, that is, a
decentralized network of people practicing situational awareness who notice and
report possible indications of terrorist behavior such
as acquiring weapons, building bombs and conducting preoperational surveillance.
Clearly, the most important
pool of grassroots defenders is ordinary
police officers on patrol. While there are fewer than 14,000 FBI agents in
the entire United States, there are some 34,000 officers in the New York City
Police Department alone and an estimated 800,000 local and state police
officers across the United States. While the vast majority of these officers
are not assigned primarily to investigate terrorism, they often find themselves
in a position to encounter grassroots militants who make operational security
errors or are in the process of committing crimes in advance of an attack, such
as document fraud, illegally obtaining weapons or illegally raising funds for
an attack.
In July 2005, police in
Torrance, Calif., thwarted a grassroots
plot that came to light during an investigation of a string of armed robberies.
After arresting one suspect, Levar Haney Washington, police searching his
apartment uncovered material indicating that Washington was part of a small
jihadist cell that was planning to attack a number of targets. Hezbollah’s
multimillion-dollar cigarette-smuggling network was uncovered when a
sharp North Carolina sheriff’s deputy found the group’s activities suspicious
and tipped off the Bureau of Alcohol, Tobacco and Firearms and Explosives, thus
launching the massive “Operation Smokescreen” investigation.
Traffic stops by regular cops
also have identified several potential grassroots jihadists. In August 2007, two Middle
Eastern men stopped by a sheriff’s deputy for speeding near Goose
Creek, S.C., were charged with possession of a destructive device. Likewise, a
traffic stop by a police officer in September 2001 in Alexandria, Va., led to
an investigation that uncovered the so-called Virginia
Jihad Network. At the time of the 9/11 attacks, the operation’s leader, Mohamed
Atta, was the subject of an outstanding bench warrant for failing to appear
in court after being stopped for driving without a license. More recently, in
May 2011 we saw the New
York Police Department disrupt an alleged jihadist plot. Then in June,
the Seattle
Police Department detected a plot that it thwarted with the
cooperation of the FBI. Both of these plots were disrupted during the
weapons-acquisition phase.
In some countries, networks
have been established to promote this concept of heightened local-police
vigilance and to provide training for officers and crime analysts. The U.S.
government has established something it calls the National Suspicious Activity
Reporting Initiative, which is an attempt to provide local police with training
to optimize their situational awareness and to help them collect and analyze
information pertaining to potential terrorist-planning activity and then to
share that information with other agencies enrolled in the program. However,
the initiative has only a handful of state and local law enforcement agencies
participating at the present time.
But police are not the only
grassroots defenders. Other people such as neighbors, store clerks, landlords
and motel managers can also find themselves in a position to notice operational
planning activities. Such activities can include purchasing bombmaking
components and firearms, creating improvised explosive mixtures and conducting
preoperational surveillance. On July 27, 2011, an alert
clerk at a gun store in Killeen, Texas, called the local police after a man
who came into the store to buy smokeless powder exhibited an unusual demeanor.
They located the individual and after questioning him learned he was planning
to detonate an improvised explosive device and conduct an armed assault against
a local Killeen restaurant popular with soldiers from nearby Fort Hood. The
clerk’s situational awareness and his decision to call the police likely saved
many lives.
And it’s important to remember
than an alert street vendor was the first person to sound the alarm in the
failed May
2010 Times Square bombing attempt, and it was a concerned family member who
provided authorities with the information to thwart a planned
November 2010 attack against a Christmas tree lighting ceremony in
Portland, Oregon.
Ordinary citizens exercising
situational awareness can and have saved lives. This reality has been the
driving force behind programs like the New York Police Department’s “If You See
Something, Say Something” campaign. This program was subsequently adopted by
the U.S. Department of Homeland Security as a means of encouraging citizens to
report potential terrorist behavior.
There is one other factor to
consider. As we have previously discussed, counterterrorism spending comes in a perceptible
boom-and-bust cycle. Next month will mark the 10th anniversary of the 9/11
attacks. Since those attacks there has not been a successful large-scale
terrorist attack on U.S. soil. This, along with the budget problems the United
States is facing, will increase the current downward trend of counterterrorism
funding in the United States and accentuate the need for more grassroots
defenders.
Scott Stewart,
Stratfor, August 03, 2011
Nenhum comentário:
Postar um comentário
Não publicamos comentários de anônimos/desconhecidos.
Por favor, se optar por "Anônimo", escreva o seu nome no final do comentário.
Não use CAIXA ALTA, (Não grite!), isto é, não escreva tudo em maiúsculas, escreva normalmente. Obrigado pela sua participação!
Volte sempre!
Abraços./-