DHS Targets Chemical Facilities

DHS has set its sights on U.S. businesses that manufacture, process, and store large amounts of chemicals, pointing out that such operations could be targets for terrorists (not to mention accidents):

The federal government will tell 7,000 businesses next week that they are considered high risk-terrorist targets because they house large amounts of chemicals.

The sites — which range from major chemical plants to universities, food processing centers and hospitals — will need to complete a vulnerability assessment so the government can decide how to regulate their security measures in the future.

U.S. intelligence officials say terrorist organizations, including al-Qaida, favor chemical attack methods because of the severe consequences they can inflict.

"This is never going to be an impregnable target set, but I want to introduce enough complexity into the mix that al-Qaida's going to go somewhere else," said Bob Stephan, assistant secretary of infrastructure protection at the Homeland Security Department.

As the department considers these 7,000 sites, it also will look at physical security; cyber security; insider threat potential; how hazardous a chemical release could be to the nearby communities; how dangerous the chemicals are if they are mixed with water; and whether the chemicals could be easily stolen from the sites and used to kill.

Sounds like purely protective intervention - harden the most potentially dangerous sites, thereby force the potential adversary to seek a softer target.

I like the move, because I've never been convinced that chemical facilities have been secured in proportion to the potential threat. The same goes for chemicals in transport via train and truck.

At the same time, it's important to contextualize this sort of action. No one should heave a sigh of relief, thinking that the possibility of a terrorist attack involving chemicals has just become vanishingly small. It remains necessary to fight terrorism at the source by complicating the efforts of potential terrorists to recruit, train, raise funds, organize into operational cells, and plan attacks. That sort of activity will do more to prevent a terrorist attack - via any attack mode - than any protection regime.

One point of fact in correction of the above: Historically, terrorist organizations have not favored chemical attacks. The overwhelming choice of attack is with conventional explosives. For a while in early 2007, al Qaeda in Iraq experimented with combining conventional explosives and chemicals (usually chlorine but also nitric acid in at least one instance), but that attack mode didn't seem to be much more deadly than the conventional explosives alone.

Does This Make Sense?

A pair of simultaneous reports has me scratching my head. First, from Syracuse, New York, we learn:

[Radiation] detectors are now in the hands of two local police agencies, as well as state police, as the Office of Homeland Security expands its radiological security program into Central New York.

The hope is if a terrorist is transporting radioactive material to make a dirty bomb, police will be alerted to the material in transit, at the assembly point of the device or at the plot's launch site, said Frank Tabert, deputy director of the state Office of Homeland Security.

The detectors are paid for by grants from the Office of Homeland Security. Twelve police agencies statewide with bomb squads shared $1.4 million in grant money.

Generally speaking, Deputy Chief Michael Kerwin of the Syracuse police, said the devices usually are given to traffic units on the highways and used at large events downstate, such as Times Square on New Year's Eve.

While radiation detectors have some utility in a protective system, their biggest limitation is that they are, for the most part, a last-minute intervention. For this type of intervention to work, you've got to have a bad guy who is already in the U.S., has procured radioactive material and is transporting it so that he can assemble it (i.e., the 11th hour) or deploy it (i.e., the 11th hour, 59th minute).

Granted, the article does say New York intends to station larger, more sophisticated detectors at toll booths and other locations - and this makes some sense, as it's a good idea to station such equipment at transportation bottlenecks. But detectors alone are far from sufficient to protect against radiological threats.

At the same time, in the UK there is doubt about whether European ports - another key bottleneck in the transportation system - will continue radiation scanning of US-bound cargo. The problem? Not enough money:

Doubt has been cast over whether the security scanning of containers bound for the US from Southampton docks will continue after questions were raised over the financial feasibility of the move long term.

The city's docks were among the first ports in the world to start scanning containers destined for the US for nuclear materials as part of a move to step up homeland counter terrorism measures.

[I]t has been reported that the European Union has expressed concern over the long term feasibility of the programme after it was calculated that imposing the scanning of all containers would cost in the region of $500 a unit to US trading partners, based on simple calculations.

Overseas radiation scanning of cargo containers makes a world of sense. It is part of a layered security strategy, aimed at preventing the theoretical bad guy from moving radiological materials into the U.S. in the first place.

Not only that, but ports themselves are key potential targets for a radiological attack. If a "dirty bomb" were deployed in a port and the area became contaminated with radiation, port operations might be shut down for an extended period, with significant economic effects (especially locally).

The idea that we are deploying a new, 11th-hour intervention but potentially losing another layer of the security system is a puzzler.

Heavily Armed Anti-Terrorism Police in NYC Subways

Operation Torch:

Part of New York City’s new effort to better defend against terrorism will include the introduction of machine-gun toting NYPD “Torch Teams” in the city’s subways.

In addition to the automatic weapons, the teams will also be patrolling subways with bomb-sniffing dogs. They will be outfitted with body armor as well. Beginning Thursday they will board trains and patrol platforms in Penn Station, Rockefeller Center, and Times Square.

Mostly a deterrent move. It requires the right balance. The deterrent effect won't be maximized unless the Torch groups have enough of a public presence to cause a potential adversary to seriously consider the possibility of running into them during the planning or operations of an attack. If an intervention doesn't have enough of a presence to change the adversary's risk calculus, then it's just theater.

On the other hand, if you go too far, you alter public perception in negative ways - making the city seem like an armed compound, which must be unsafe because all these guys are walking around with automatic weapons, right?

Update 2008-04-25: Newsday has the staffing figures:

Five or six teams -- six police officers and a dog -- each day will patrol heavily used subway stations and lines as part of Operation TORCH...

Anti-Crime? Counter-Terrorism? Both?

One of the risks of talking about fighting terrorism - especially in the public and political spheres - is the temptation to link everything to terrorism. Terrorism is recognized almost universally as an evil, so you can always pick up political and PR points by tying whatever you're doing to "counter-terrorism."

For instance, over the weekend, the Shelby County (TN) Sheriff's Office coordinated a regional "counter-terrorism" initiative called Operation Sudden Impact. From the advance press release:

In an unprecedented event among law enforcement agencies in Tennessee, Mississippi and Arkansas, Deputies with the Shelby County Sheriff’s Office will coordinate a regional crime suppression initiative this weekend that will involve Officers from more than 50 federal, state and local agencies.

"This is the first time a regional effort of this magnitude has ever been conducted. We are proud to be the coordinating agency for ‘Operation Sudden Impact.’ We’ll use this weekend’s initiative as a starting point to begin a routine of sharing crime information among the various agencies," said Shelby County Sheriff Mark H. Luttrell, Jr.

During “Operation Sudden Impact,” the police agencies from six counties in the tri-state area will simultaneously round up fugitives, conduct traffic safety checkpoints and be involved in other crime abatement programs ...

I like the regional, cooperative approach. I like the teamwork. I like the information-sharing. But ... rounding up fugitives? Traffic checkpoints? Is it accurate to call this a counter-terrorism initiative? Media outlets around the region certainly did. But the links seem somewhat tenuous:

The names of those who are arrested, issued traffic citations or noted in other criminal activity will then be reviewed by Intelligence Officers at the Shelby County Sheriff’s Office Homeland Security Operations Center. The crime information will then be forwarded to the State of Tennessee Homeland Security Center in Nashville to see if they might have possible ties to terrorist activity.

The main effort does seem to be an anti-crime effort; and since terrorists are known to commit "precursor crimes" I suppose it's possible to call anything counter-terrorism. But I'm not sure that helps.

For example, does law enforcement expect the public to accept this as counter-terrorism?

Sheriff's Department Patrolman Jason Case Kopacko pulled over a driver for improperly displaying a temporary tag. A closer look revealed the driver had no insurance and no license.

Most criminals caught by the sweep did not have terrorist ties, but law enforcers said you can't be too careful.

Or how about this?

Many agencies put an emphasis on traffic stops. A little after 8 p.m. Saturday in Hickory Hill, Sgt. Chris Harris of the Shelby County Sheriff's Office street crimes unit stopped a white SUV that was booming with music. The driver was driving on a suspended license -- he received a citation -- and there was marijuana residue in the car, but "not enough to weigh out," Harris said.

I suppose it's possible that these drivers could have been linked to terrorism. The Shelby County Sheriff certainly tried to make that case:

Still, every traffic stop holds the potential of netting much more than expected.

"Timothy McVeigh, who bombed the federal building in Oklahoma, was stopped because of a busted tail light," said Shelby County Sheriff Mark Luttrell.

Now, when you arrest someone or hand out a citation, it only makes sense to check their name against the state's terrorism database. This ought to be SOP. But this is serious needle-in-the-haystack time. It strains credibility to suggest that traffic checkpoints, targeting random drivers, are a serious counter-terrorism effort. (Worth reading again: This post from HLS Watch.)

However, having said all that, I do like one element of the program as a counter-terrorism initiative:

During the past few months, Deputies with the Shelby County Sheriff’s Office Homeland Security Bureau have made on-site inspections at various businesses throughout Shelby County to identify ways terrorists might damage the businesses.

About 500 Officers from the various law enforcement agencies also received specialized training about tactics used by terrorists.

Community education sessions were also conducted recently for the public in Shelby, Tipton and Fayette Counties in Tennessee and in Desoto County, Mississippi. The two-hour sessions helped the students learn to spot possible terrorist activity in their neighborhoods.

Unlike the traffic checkpoints, etc., which seem to have a slim link to counter-terrorism, these certainly can. Forewarned is forearmed. But even then, you have to be sure you're providing useful information, instead of adopting a general "see something, say something" model. If citizens don't have a good idea of what to look for, some of them may not trust their own judgment and won't supply any information. Conversely, others will supply useless leads. (Worth reading again: This post by Bruce Schneier.)

It seems like the agencies did a little of both - supplied some useful information and also asked residents to go fishing for "anything suspicious":

Lt. Perry McEwen with the Shelby County Sheriff's Office said, "Operation Sudden Impact" also is about involving the private sector and citizens in terrorism prevention. It's about people paying attention when something "just doesn't look right" and reporting it to authorities.

Possible indicators of terrorism that FBI intelligence analyst Sarah Pillsbury said citizens should be aware of include: Surveillance of buildings or places; suspicious questioning about employees or security; tests of security; purchases in bulk of items such as fertilizer; suspicious people; "dry runs" such as timing of traffic lights or map making; and the deploying of assets.

I do think businesses and citizens can be helpful partners, and I'd emphasize that their primary utility may be in preventing crime rather than terrorism. The odds of spotting a criminal are much higher than the odds of spotting a terrorist. And by creating an environment that's adverse to criminals, you also help to make it adverse to terrorists as well. (See last week's post about crime prevention in L.A.'s marinas.)

Or perhaps a better way to think about it is: "prevention is prevention." Preventing a crime is just as useful as preventing a potential terrorist incident, and the same process is useful for both.

Anti-crime and counter-terrorism, on the local level, are part and parcel of the same effort. A critical question: Will the law enforcement agencies follow up with the businesses and community groups, or will this be just a one-off effort? These relationships won't open up as trusted channels of information unless the relationships are built over time.

Update 2008-04-15: No word yet on the final tally of terrorism suspects:

The Sheriff’s Department says that altogether 332 people were arrested, 142 of whom are considered fugitives. No word on how many of those arrested may actually have ties to terrorism.

Watching the Water

Just a short note on this system the EPA developed to detect contaminants in municipal water supplies.

The system determines the best places to put sensors and then provides real-time data on potential contamination events:

TEVA sensor placement optimization tool (SPOT) enables water utilities to determine and evaluate sensor placement. TEVA-SPOT requires specific information from the utility and allows users to select design objectives and compare and contrast the benefits of different sensor placement.

The TEVA research program has developed CANARY, an event detection tool, that reads data from water quality sensors in real time and predicts whether the recorded water quality changes are actual contamination events.

I'm sometimes critical of protective interventions, because they can tend to be passive and offer a false sense of security. But assuming this system works as advertised, this is the sort of protective intervention that can yield real results, for a number of reasons.

First, it's capable of detecting both accidental and intentional contamination. This makes it a desirable protective element for any water-supply system, regardless of whether there is a legitimate threat of intentional contamination. Next, it detects things that behave in consistent, predictable ways. If there's a contaminant in the water, you can recognize it and act. You don't have to be concerned with shifting the danger to another place, as you do when your protective intervention is designed to alter the behavior of unpredictable, inconsistent agents (i.e., humans). Third, because this detection system is protective of the entire water system, it provides a real deterrent to any potential malicious actor. A comprehensive protection regime such as this can greatly reduces the chances that someone will use the water system as an avenue of attack.

On the municipal level, the other critical element in the system is communications with the public in the event of a contamination incident. Then you've got a solid protective regime.

We See Nothing? ... We See Nothing?

A very good post from Jonah at HLS Watch today, arguing that all too often our counterterrorism strategy is based on this kind of thinking:


Jonah argues that:

we should beware the tendency to shape our strategy based on the theory that “it could happen.”

Agreed. Although almost anything can happen you simply can't be prepared for everything all at once. (I should point out that DHS Secretary Chertoff, in justifying justify risk-based decision making and funding, constantly makes this point, arguing that it's impossible to protect against all threats.)

Jonah continues:

So it bothered me when Paul J. Browne, an NYPD police spokesman told the New York Times this week, “One call one day may be the one that stops an attempt to destroy the Brooklyn Bridge.” He was justifying the ubiquitous ad campaign across the City’s subway system urging riders to “say something” if they “see something.”

While some crimes were inadvertently uncovered by the callers – ranging from selling false IDs to illegal fireworks peddling – none of the calls resulted from or discovered actual terrorism threats. NYC’s subway riders were applying their own “no-fly list” to other riders. 13,373 callers would have sent fellow riders to secondary, but would have found no terrorists. This is the trickle down effect of “it could happen.”

The real issue, as I see it, is ignorance. When we are ignorant of the context in which we find ourselves, we cannot make good decisions. If we don't know what to look for, we look for anything and everything. As a result, we are likely to focus on the wrong thing, like the dog pictured above.

Jonah is absolutely right that all of this is a net cost. We spend (read: waste) time, energy and resources looking for needles in haystacks. Jonah puts it this way:

But if our homeland is secured by an “anything’s possible” strategy, we’ll wind up doing at least one of three things:

– Going broke
– Tying up anti-terrorism assets with non-threats
– Eroding our sense of community and eventually our ability to be resilient if we are attacked again

None of these outcomes will happen quickly. However, the prospect does force a cost-benefit analysis of a new kind. Is it worth $10 billion to reduce the chance of a successful MANPAD launch against an airliner? Does a terrorism hotline make us safer if we don’t know what to look for?

Risk-based CBA is essential. We are very good at defending against the last attack. Six years after Richard Reid, we are still removing our shoes at the airport. But is this the best way to spend our time and money? Perhaps not.

Other risks rise to the surface, and we have to prepare for them. In a world of finite resources, we have to make choices. The tough part is understanding and communicating the idea that there are some risks we will just have to live with.

There is a tendency to believe that Americans will not accept significant risks. I do not ascribe to this view. While it's true that we've created a society which has greatly reduced our personal risk (due to injury, illness, etc.), we are capable of living with and accepting great risk. We've survived existential threats in the past. With effective leadership, we can face them again.

Note: In an update to his post, Jonah backtracks a bit from his criticism of the "see something, say something" program:

I will concede this: the terrorism hotline serves another potential benefit beyond empowering subway riders. The notion of an overly alert ridership has the potential to introduce enough uncertainty on the part of a perpetrator to second guess the viability of an operation.

I'm still a skeptic. Not because "see something" is inherently a faulty idea, but rather because the person doing the "seeing" lacks critical characteristics that will make their "seeing" effective.

Put another way, the issue is not the alertness of subway riders. The issue is their knowledge level. If we assume that the typical transit attack employs an IED, a terrorist is going to be able to slip past an ignorant public if he does just a little bit of homework.

By way of making the point, let's contrast a bus in Jerusalem and a bus in Brooklyn. In Israel, hard experience and public education campaigns have taught the public what to look for. They are knowledgeable about the observable operational and psychological markers of a bus bombing. As a result, they do a relatively good job of spotting potential bombers (and yet some still can get through). In Brooklyn, however, a largely ignorant public is liable to look for all the wrong things.

If we're going to invest in a "see something" program, we ought to invest in a public education program that is going to create a public that's knowledgeable enough to give a potential terrorist pause - resulting in the deterrent effect that Jonah describes.

Stopping Nukes at the 11th Hour?

This week's Sunday LA Times ran a story about the multi-agency effort to hunt nuclear materials and interdict a potential nuclear terrorist attack before it happens.

About every three days, unknown to most Americans, an elite team of federal scientists hits the streets in the fight against nuclear terrorism.

More than two dozen specialized teams have been positioned across the nation to respond to threats of nuclear terrorism, and as many 2,000 scientists and bomb experts participate in the effort.

Scientists in specially equipped helicopters and airplanes use radiation detectors to scan cities for signs of weapons. They blend into crowds at major sporting events, wearing backpacks containing instruments that can identify plutonium or highly enriched uranium.

If the many layers of federal defense against nuclear smuggling break down, these unarmed weapons designers and physicists, along with experts from the FBI, could be the last hope of staving off a catastrophic attack.

They are supposed to rush up to a ticking nuclear explosive (or a "dirty" bomb, which would disperse radioactive material) and defuse it before it's too late -- a situation often depicted by Hollywood that seems less fictional every year.

Hoo boy. "Hollywood" is right.

While I don't deny that these are smart, capable people, I have serious doubts about the efficacy of these efforts. This is last-hour, last-minute stuff - which works great in a movie script but perhaps not so well in the real world.

It's worth noting that these teams are looking primarily for the materials in nuclear weapons - plutonium and highly-enriched uranium. These materials are comparatively difficult to detect. It's needle-and-haystack thinking to suggest that these teams will be likely to interdict them in a crowd at a sports stadium, or while walking down the Vegas strip or a Manhattan street. Moreover, if a terrorist team were ever to acquire a nuclear bomb and transport it to the U.S., they wouldn't have to detonate it at the sports stadium or Strip itself. With a nuclear weapon, "close" is good enough.

The real effort must always be at the earlier stages of prevention: Recognizing threats before they become fully operational, and deterring these threatening elements from acquiring dangerous materials.

We are, of course, doing some of these things - working to deter the threat before it reaches our shores:

[T]he United States is retrieving and locking down nuclear fuels abroad, has created a line of radiation detectors at foreign and domestic ports, and has increased intelligence efforts.

It's these efforts that have a chance of reliably preventing the threat. The best we can say about the last-minute approach is that it's "not impossible" to imagine it might work:

If those and other measures fail, the emergency response teams are a last hope, but one nobody should rely on, said Charles B. Curtis, president of the Nuclear Threat Initiative, which pushes for stronger efforts to prevent nuclear terrorism.

Intercepting a device "is a very, very, very difficult problem, but not impossible," said Curtis, a former Energy Department deputy secretary.

Vahid Majidi, a nuclear weapons chemist and head of the FBI Weapons of Mass Destruction Directorate, seemed more confident. Asked how good his chances would be to find a nuclear bomb in Manhattan with 24 hours' warning, he said, "Quite reasonable."

Well, yes. If we have solid intelligence and 24 hours' warning, then it's reasonable to think we might be able to interdict and remove the threat. But these types of threats don't script themselves so neatly.

It's much better to train first responders to recognize all aspects of the threat (as the FDNY does in its counterterrorism strategy) and attack it from its earliest stages.

The last minute is just too late.

Preventing Radicalization: What's Important?

The Danish Institute for International Studies (DIIS) has posted the proceedings of an August seminar on the radicalization process. The focus was on radicalization by Islamist groups, though some of the findings could certainly be applied to other radical groups.

As I've written - or perhaps it's "harped on" - before, understanding the radicalization process is extremely important for anyone who's interested in preventing terrorism on the local level. Recognizing a threat that's still emerging - and intervening at an early stage - can be far more effective and productive than trying to play defense against an array of more mature threats.

Unfortunately, much of the DIIS discussion focused on the question of "Who is likely to become a radical?" which I think is not the most critical question. For example, DIIS concluded that key factors in the radicalization process are:

The perception of personal marginalization combined with the perception of Western double standards in foreign policy appears to play a crucial role.

Additionally, individuals often join radical groups for political or religious reasons and in a search for empowerment but also in search for friendship and a sense of social belonging.

That's all very nice. If you wish, you can go about looking for marginalized young people who feel that the world is against them and are searching for "friendship and a sense of social belonging," along with a sense of purpose and meaning for their lives. But given that you've just described teen angst itself, you'll end up with a list so long as to be useless.

More important, from the perspective of prevention, is "During the radicalization process, what techniques and activities leave detectable traces?"

Unlike operational terrorists, for whom avoiding detection is a high priority, recruiters have to stick their heads above the ground and find the young people DIIS describes. Studying the recruiting process and recognizing its techniques will result in a more focused investigation.

There were, however, a few highlights worth noting. Kamran Bokhari from Strategic Forecasting (Stratfor) - a former member of Hizb ut-Tahrir - pointed out one of the significant vulnerabilities of radical groups:

The radical groups ... are often characterized by a “revolving door” phenomenon. Very few of the individuals who join the groups stay there in the long run. This was the case for Kamran Bokhari himself.

Another worthwhile point was made by Marco Zannoni of the Dutch Institute for Safety, Security and Crisis Management, who argued that the de-radicalization process needs to be systemic and holistic:

Multiple tasks are to be handled in a de-radicalization process. A key point is to acknowledge that different authorities should undertake different tasks in any de-radicalization process at different points in the process. Any intervention involves multiple sets of tasks such as preparing, preventing, spotting, gathering information, monitoring, interpreting and responding to radicalized individuals.

For example the roles of a teacher or a social worker are quite different from the roles of the Police and those roles are crucial at different points in time. Any intervention should be targeted at an individual who might be radicalizing, but additional interventions are needed. Those have to be targeted towards the individual’s context/situation. Possible leads for radicalization, but also for intervention, can be found in the radicalizing/radicalized individual’s immediate surroundings: at school, at work or when they perform acts such as writing messages on the internet.

I was also curious about this nugget, found in the Recommendations section:

It is recommended to find inspiration in the confetti-approach/the New Dutch model, which consists of supporting many micro-projects.

I need to find out more about the "confetti approach." It sounds like a model for innovating new approaches and finding out what works.

Overall, the seminar's findings and recommendations are difficult to argue with. Who'd take issue, for instance, with the idea that:

There is a need to look into how trust can be created between authorities and relevant communities in order to make effective counter-measures...

At a strategic level, these sorts of discussions are worthwhile. On a more tactical level, you've got to ensure that your actions are focused on the right things. It helps to start with the right question.

Stopped at the Last Second

Yet another tale of a last-second intervention: A guy in Austria walks into the US Embassy with a sack of grenades and nails:

A Bosnian man carrying a bag of hand grenades and nails has been arrested after trying to enter the US Embassy in Vienna.

He was detained after a metal detector alarm sounded as he attempted to walk into the building, according to reports.

He dropped the backpack, fled on foot, but was arrested a short distance away. The bag also contained Islamic literature, Austrian police say.

"There were a lot of nails in that bag. Had it exploded, it would have had an enormous shrapnel effect," Doris Edelbacher, of Austria's counterterrorism office, said.

Great news, everything worked out, except...

It was only the last layer of security that stopped him. You can't count on last-second stops as a prevention strategy.

Viral Transmission of Information on Explosives

Here's another post from Douglas Farah that's well worth the time. The threat from terrorists is quickly evolving, allowing them to rapidly learn how to use deadly technologies more effectively.

One of the most alarming things about the new transnationalism among terrorist groups is the rapid ability to transfer knowledge and technology, both through the the Internet and through individual training.

A possible point of relevance: In a post last week I wondered if it's reasonable to conclude that travel overseas is necessary before a jihadist can become an operational threat. Farah's piece lends credence to the idea that, from a technological perspective, overseas in-person training is becoming less necessary.

In this case, the more significant reason for overseas travel seems to be to take the last steps toward ultimate allegiance to the cause - a finding which the recent NYPD report on the radicalization process also indicated.

Farah again:

[W]hat is making the current situation different is that, instead of having to travel and hold clandestine meetings to trade information and methods, much of the information can now be transferred in the blink of an eye or the touch of a computer key.

Military sources say that the switching from low tech Improvised Explosive Devices (IEDs) to high tech back to low tech is mirrored almost in real time between insurgents in Iraq and those fighting in Afghanistan.

What's becoming clear is that the operational information that permits someone to learn the terrorist trade is becoming commoditized:

With decentralized networks, sort of like Napster in the music world or Skype in the computer/telecommunications world, once a technology is invented to solve a certain problem, it is put out there with no strings attached. People can take it, improve it, merge it, and it belongs to no one and everyone.

In reality we are fighting a viral network that can be disrupted, hurt, but which has a regenerative capacity that is only limited by the number of people wanting to wage jihad against us.

Farah's last point is instructive. Strategic success in the war against jihadists is determined by the number of people wanting to wage jihad, because it is becoming increasingly difficult to keep a lid on the operational knowledge required to commit a terrorist act.

The operational knowledge for committing terrorism is becoming a commodity.

However, developing the motivation for committing terrorism is still entirely reliant on social networks. It is this aspect of the terrorist threat (and here I'm extending terrorism beyond jihadist terrorism) that provides a real vulnerability for the terrorist and a real opportunity for those seeking to prevent terrorism.

Final thought: Are we sharing information as well as the insurgents in Iraq and Afghanistan?

Pandemic Preparedness and Non-Pharmaceutical Interventions

The public health folks at Effect Measure do their usual good job as they analyze a study (subscription only) in the Journal of the American Medical Association (JAMA), which Time also covered.

The JAMA study examined the effectiveness of various non-pharmaceutical interventions (NPIs) in mitigating the spread of the 1918 Spanish Flu pandemic. For local communities, examining such a study is useful in light of the fact that the CDC's interim Community Flu Planning Guide emphasizes the early, layered, targeted use of non-pharmaceutical interventions (also see this post).

In examining the JAMA study, Effect Measure finds:

They classified the non pharmaceutical interventions (NPIs) into three broad categories: school closures; bans on public gatherings; isolation and quarantine and looked at timing and timeliness as well as combinations of NPI categories for effects on excess mortality, height of epidemic peak and timing of epidemic peak, using multivariate analysis.

What is quite clear from the analysis ... is that information about when, how long and in what combination NPIs were used in relation to the onset of the epidemic in a city explains a great deal of the variation in epidemic experience.

The analysis showed that combinations were more effective than single interventions.

Short answer: Layered interventions work.

The bottom line is that the earlier a city acts and the more coordinated and multifaceted its response the better off it seemed to be -- in general. The data certainly do not demonstrate that quarantine itself is effective -- they are not able to make that statement. Cities that acted using isolation and quarantine did seem to do better, especially if in combination with other measures, but we don't know the effectiveness of either separately or in combination since they were not reported or analyzed separately in the paper.

What these data do seem to establish is that the better prepared and organized a community is, the better off it will be. And the more a community ignores and denies a problem, the worse off it will be. This is the real message, not that "quarantines work."

There is nothing surprising in learning that preparation is critical for an effective, coordinated response. It's always good to review empirical data, however.

Prevention Fails in London and Glasgow Bombings

The title of this post is not an error. I'm calling these the "London and Glasgow Bombings" because they were bombings; they just fizzled. As AFP has reported, the car bombs failed for purely technical reasons:

The attempted London car bombings were meant to be detonated by calls to mobile phones in the two vehicles, but failed for technical reasons...

The bombers twice called the car outside the "Tiger Tiger" nightclub on Haymarket off Piccadilly Circus and the one in nearby Cockspur Street off Trafalgar Square four times.

In short, prevention failed. In the absence of technical glitches, we'd be talking about another Bali instead of a "successful counterterrorism operation." We're simply lucky the suspects were doctors and not engineers. We're also lucky they were - at least initially - reluctant to engage in suicide terrorism, in which case the driver could have detonated the bomb without relying on a remote device. (Note that I'm only addressing the London incident here, not Glasgow as yet.)

On the Counterterrorism Blog, Walid Phares asks (and answers) a good question: Did Britain's silent army of surveillance cameras really help, or would it have been better to intervene earlier?

The UK pride itself for having installed more cameras in their capital than all other European cities combined. But when one wonders why the dense surveillance is so extended one realizes that Britain had to develop an extreme system of monitoring because it was forbidden to be preemptive in the war. Over the years, authorities were pressured by lobbies not to engage the Jihadists "before" they become terrorists and before they strike. So resources were reverted to spy on the Jihadis (and other terrorists) "after" they attack but not before...

My view, as I've written about before, is that one of the best opportunities to prevent terrorism occurs during the recruitment phase. Not only is this a vulnerable time for the terrorist, because he has to reveal himself, but it is also the time during which a potential recruit may most easily be "flipped."

Phares also clearly sees the implications for the U.S.:

Should the US be worried about this development in London? Is there a potential link? ... There is no question that Americans and British alike should be worried about a terror act anywhere on both sides of the Atlantic. For the Jihadi campaign targets both nations, and all other societies obstructing their goals. But on the other hand, terror operations taking place in one country do not have to replicate automatically in another country. Unless al Qaeda has coordinated an international spectacular campaign worldwide (which may not be impossible), uncovering car bombs in London don't have to mobilize police forces necessarily in US cities. We must be logical in perceiving the enemy's moves. Both extremes are unreasonable.

The Glasgow bombings were something of a different animal. Again, prevention failed. The bombers reached their intended target. Fortune smiled again, though, as they were quite inept. For first responders, an initial problem was failing to recognize that the crash and fire were intentional:

As the driver, a massive man, described as over 6ft tall with a broad build, struggled with the boot, Stephen Clarkson, an off-duty police officer, snatched up a fire extinguisher and tried to put out the flames. The man turned and is alleged to have screamed: "It's a bomb. It's a bomb."

A confused struggle then took place with police officers who arrived and squirted CS spray into the driver's face.

Meanwhile, witnesses said the Jeep's passenger tried to run into the terminal with canisters of gas or petrol, before being tackled by security guards, police and members of the public.

For about two hours after the Jeep crashed, they also did not recognize a potential - though eventually false - secondary threat:

The driver of the Jeep Cherokee, who had been extensively burned, had been taken to the Royal Alexandra Hospital in Paisley. He was admitted to the accident and emergency department, accompanied by police officers armed with sub-machineguns.

At about 5:30pm, the entire unit was swiftly evacuated as hospital staff, after removing the suspect's clothes, discovered what they believed to be a suicide belt. Fearful that the device could detonate in the ward, police officers picked it up and sprinted to the nearest open ground - the Ferguslie Cricket Club.

Angela Docherty, a minibus driver, saw a man run down the hill carrying an object. He shouted: "Run for your f****** life." When the bomb squad arrived, they found it was not an explosive device.

Compare this to the response to an incident in Israel in 2006, described in a case study on the In Homeland Security blog. The response was pre-emptive, quick, and coordinated:

The driver of the van, who aroused the suspicions of police, ignored orders to stop the vehicle and a high-speed highway chase ensued. The police, their weapons drawn, eventually surrounded the van, which was stopped in traffic due to multiple roadblocks erected by police on the highway, were able to arrest all 10 men inside the vehicle. During the arrest, police ordered all the passengers to strip and lie on the ground as police searched their bodies for explosive belts. Ambulances rushed to the scene, fearing the occupants would try to detonate the explosives. Police sappers neutralized the explosives on the scene.

In this incident, similar to other incidents in Israel in the past, intelligence was received and disseminated down to the local precincts for their response and interdiction. The dissemination of information between the agencies is an imperative tool for interdicting the bombers and their supporters before the explosive device is detonated.

Police officers are specifically trained in counterterrorism:

As a result of Israel’s history with terrorism, the patrol officers in Israel, and especially in Jerusalem, have been trained both in a law enforcement capacity, but also hold a dual role as a counter terror unit that can interdict on its own and mitigate or defuse many adversarial schemes of maneuvers.

The police training includes vulnerability analysis:

It is not enough to simply control the entrances and exits to the city while awaiting the arrival of the adversary. Understanding the tactic of the adversary and the targets the enemy has chosen in the past, law enforcement must consider securing locations where the bomber may target. Taking into consideration that the bomber was able to bypass the overt checkpoints established based on the intelligence that was disseminated to law enforcement, the command should increase the presence of both covert and overt officers at assets where the bomber may target. These sites include the highly populated areas, transportation venues, Center City, business districts, hospitals and other sites within the jurisdiction.

Israeli counterterrorism operations also involve close collaboration with private security (as this previous post on mall security also indicated):

Considering operational security and the disclosing of intelligence secrets to personnel without clearance, law enforcement can disseminate the information in a format that can be passed on to private security forces. Based on the information relayed to relevant private entities, security managers would be able to initiate an elevated threat level with responses that may include the hardening of their respective assets. ... Testing of such cooperation between public and private enterprises needs to be a part of the routine relationship between the management.

Collaboration with other first responders is a key part of the plan, too:

As part of the response to such incidents, the Jerusalem Police attempts to secure immediately, adequate means for emergency medical services and supporting agencies, easy access to the scene while ensuring a secure perimeter.

The successful response to such an incident is dependent upon the preplanning between all the agencies at all the levels of the command. Dissemination of information, and at a fast pace to the other security agencies is critical in interdicting such a threat. This needs to be done on a regular basis, with open dialogue and cooperation between all agencies.

The London and Glasgow bombings were successes only in the sense that no one was killed and the terrorists were caught.

Prevention failed. The plot was not discovered until the first bomb was fizzling outside Tiger, Tiger. Earlier intervention is essential. More "successes" like this are unacceptable.

Disrupting Terrorist Recruitment

The U.S. State Department recently published an e-journal titled Countering the Terrorist Mentality.

A couple of the articles in there dealt with one of my particular interests, countering terrorist recruiting. Some highlights follow.

First, in its article entitled "A Strategic Assessment of Progress Against the Terrorist Threat," the State Department's Office of the Coordinator for Counterterrorism pointed out, as others have before, that al Qaeda's current focus is on using propaganda to develop a worldwide "franchise" organization:

Overall, however, al-Qaida's current approach focuses on propaganda warfare—using a combination of terrorist attacks, insurgency, media broadcasts, Internet-based propaganda, and subversion to undermine confidence and unity in Western populations and generate the false perception of a powerful worldwide movement.

[In 2006] Radicalization of immigrant populations, youth, and alienated minorities in Europe, the Middle East, and Africa continued. It became increasingly clear, however, that such radicalization does not occur by accident, or because such populations are innately prone to extremism. Rather, there was increasing evidence of terrorists and extremists manipulating the grievances of alienated youth or immigrant populations and then cynically exploiting those grievances to subvert legitimate authority and create unrest.

The process of indoctrination is slow and gradual:

Terrorists seek to manipulate grievances in order to radicalize others by pulling them further and further into illegal activities. This is best represented as a "conveyor belt" through which terrorists seek to convert alienated or aggrieved populations, convert them to extremist viewpoints, and turn them, by stages, into sympathizers, supporters, and, ultimately, members of terrorist networks. ...

Countering such efforts demands that we treat immigrant and youth populations not as a source of threat to be defended against, but as a target of enemy subversion to be protected and supported. It also requires community leaders to take responsibility for the actions of members within their communities and act to counteract extremist subversion.

As I've argued before, terrorist organizations and sympathizers are highly vulnerable when they recruit. They must expose their violent desires, and they must work carefully to ensure that their audience is receptive, without being detected by anyone who might compromise their security.

To counter these recruitment and radicalization activities, the Office of the Coordinator for Counterterrorism argues that:

[W]e must seek to build trusted networks of governments, private citizens and organizations, multilateral institutions, and business organizations that work collaboratively to defeat the threat from violent extremism.

Such networks, over time, help wean at-risk populations away from subversive manipulation by terrorists and create mechanisms to address people's needs and grievances, thus marginalizing terrorists.

Youth organizations, educational networks, business partnerships, women's empowerment, and local development initiatives can all play a role, with government as a supportive partner.

Note that these types of networks are best suited to the local level, as are two of the three strategic components to the terrorist threat:

To make such active measures effective, the three strategic components of the terrorist threat that must be neutralized are leaders, safe havens, and underlying conditions.

Leaders provide a motivating, mobilizing, and organizing function and act as symbolic figureheads.

Safe havens, which are often in ungoverned or undergoverned spaces, provide a secure environment for training, planning, financial, and operational support, and a base for mounting attacks. They may be physical or virtual in nature.

In addition, underlying conditions provide the fuel, in the form of grievances and conflicts that power the processes of radicalization.

Safe havens, assuming they are not virtual, will always be best detected on the local level. Underlying conditions are also best detected and countered at the local level.

Finally, the article argues that collaborative counterterrorist efforts should include the entire community:

Because the enemy is a nonstate actor who thrives among disaffected populations, private-sector efforts are at least as important as government activity. Citizen diplomacy, cultural activity, person-to-person contact, economic cooperation and development, and the application of media and academic resources are key components of our response to the threat. Motivating, mobilizing, and supporting such privately led activities are key leadership tasks in the new environment.

Another article that focuses on terrorist recruitment is "From Profiles to Pathways: The Road to Recruitment" by John Horgan, PhD, senior research fellow at the Centre for the Study of Terrorism and Political Violence.

Horgan focuses on the individuals who perpetrate and support terrorist acts.

Although terrorism can bring about significant and large-scale consequences, it remains, in essence, low-level, low-volume, and disproportionate activity perpetrated by individuals.

He is clear to point out, as others have before, that profiling is not useful when trying to identify terrorists:

Psychologist and terrorism expert Ariel Merari has correctly argued that it is more precise to state that "no terrorist profile has been found" rather than that "there is no terrorist profile."

I would strongly argue that there are several real dangers associated with the continued effort to construct such profiles, particularly as far as understanding recruitment to terrorism is concerned.

I'd be inclined to say it a bit differently: There's no useful terrorist profile. People who join terrorist organizations, especially young people, are generally interested in finding a cause that gives meaning to their lives, joining a supportive social group, and establishing an identity for themselves. This is certainly a "profile," though not a useful one, as it generally describes almost every young person in the world.

Horgan argues that in developing counterterrorist strategies, it's not the psychological profile of the terrorist that's important, but the process by which that terrorist is radicalized:

In assuming the existence of a profile, we tend to miss several critical features associated with the development of the terrorist. These include, but are not limited to:

• The gradual nature of the relevant socialization processes into terrorism
• A sense of the supportive qualities associated with that reruitment (e.g., the "pull" factors, or lures, that attract people to either involvement in terrorism in a broad sense, or those positive lures that are used to groom potential recruits)
• The sense of migration between roles (e.g., moving from fringe activity such as public protest to illegal, focused behavior—in other words, moving from one role to another)
• A sense of the importance of role qualities (e.g., what attractions does being a sniper hold as opposed to becoming a suicide bomber, and how do these "role qualities" become apparent to the onlooker or potential recruit?)

When we assume static qualities of the terrorist (a feature of profiles), we become blind to the factors and dynamics that shape and support the development of the terrorist. One further consequence is that we also obscure the basis from which a more practical counterterrorism strategy might develop to prevent or control the extent of those who initially become involved in terrorism.

Using the process of "creating" a terrorist as his guide, Horgan identifies risk factors that shape the development of a terrorist:

I have identified a series of what I have termed predisposing risk factors for involvement in terrorism. In no particular order, these include:

• Personal experiences of victimization (which can be real or imagined)
• Expectations about involvement (e.g., the lures—such as excitement, mission, sense of purpose—associated with being involved in any "insider" group and its various roles)
• Identification with a cause, frequently associated with some victimized community
• Socialization through friends or family, or being raised in a particular environment
• Opportunity for expression of interest and steps toward involvement
• Access to the relevant group

So, instead of looking for formulations such as, "terrorists tend to come from low- to middle-class families, have an interest in politics, etc. etc" we would be better off focusing on what it means to be and become a "terrorist":

In order to move beyond rather sterile and unhelpful debates about profiling, it might be useful to consider what involvement in terrorism implies ...

While many of the activities that terrorist movements engage in are not actually illegal per se (and cannot be meaningfully encompassed under the label "terrorism," but perhaps instead "subversion"), without them actual terrorist operations could not exist.

For the most part, engagement in violent activity is that which we most commonly associate with terrorism. However, the reality of terrorist movements today is that this most public of roles and functions tends to merely represent the tip of an iceberg of activity. Supporting the execution of a violent attack are those directly aiding and abetting the event, those who house the terrorist or provide other kinds of support, those who raise funds, generate publicity, provide intelligence, and so forth.

The person we think of as "the terrorist" is therefore fulfilling only one, albeit the most dramatic in terms of direct consequences, of multiple functions in the movement.

Along the process of radicalization, an individual can fill any of these roles and functions:

Overall, we can say that involvement in terrorism is a complex process, comprising discrete phases that could be encapsulated as an individual terrorist engages in a gradual process of accommodation and assimilation across incrementally experienced stages. There is a sense of ongoing movement into, through, and, sometimes, out of different roles and functions.

In short, a terrorist is not what someone is, but rather what someone becomes.

And as long as commitment and dedication to one's socialization further and further into the movement remains positive for the follower, this eventually results in the formation of a new—or at least effectively consolidated—identity.

If we want to appreciate what, if anything, is the "terrorist mind," it is probably best thought of as the product of:

• Increased socialization into a terrorist movement and its associated engagement in illegal activity
• Focused behavior, more generally, that is increasingly relevant to the context of a terrorist movement

From a personal and social perspective, this often means that a socialization into terrorism, and those associated with it, sees a socialization away from nonrelevant friends, family, and the person's former life.

The key, then, is to interrupt this process.

One of several consequences that would seem to emerge from making distinctions between these phases is that we might begin to develop phase-specific counterterrorism initiatives, depending on what it is we can ascertain is the most effective intervention point; that is, whether it be initial prevention of involvement, subsequent disruption of engagement, or eventual facilitation of disengagement.

I found Horgan's analysis to be similar to this one by RAND analysts Scott Gerwehr and Sara Daly. (My post here.)

Cross-posted in IPS Blogs at the Institute for Preventive Strategies.

DNDO Again: Secure Cities Initiative

Just a quick link to this post on HLS Watch, which advocates funding DNDO's Securing the Cities Initiative (SCI). That's the progam through which major U.S. cities purchase and install radiation detectors.

HLS Watch makes a number of valid points, first pointing out that the threat is both internal and external:

The scenario of nuclear material smuggled across U.S. borders, while dangerously possible, is perhaps as likely as nuclear material obtained from within the United States for use against a major U.S. city. Dangerous source material for a dirty bomb can be found in unsecured commercial locations or universities where nuclear material is located for legitimate uses.

Second, regarding the current and possible efficacy of the sensors:

Whether or not SCI will be successful is difficult to say at this stage, but some precedence already exists that indicates such an effort could indeed be effective. The Department of Defense (DOD) already deploys their own version of SCI focused exclusively on protecting bases within the U.S.

In justifying the $30 million pricetag, HLS Watch argues that it's a small amount relative to other costs, and it's a worthwhile investment because if the technology improves the payoff could be significant. But the technology is somewhat unproven (at least the advanced technology), so it remains true that:

SCI is equal parts R&D and strategy.

I'm not as optimistic about using detectors as a primary means of prevention, mostly because by the time the detector senses the radiological material, the plot (if indeed there is one) would be far advanced. The group would be fully operational and would have already assembled the materials necessary for an attack. It's an eleventh-hour strategy. For me some remaining questions include:

1. How will cities make the buying decision? GAO has pointed out that so far, DNDO has not shared information with states and cities to help them make an informed decision. If this situation remains, then the benefit of the DNDO-DOD collaboration is lost. Local buyers should be able to tap into DNDO-DOD expertise.
2. What will local homeland security professionals do to secure the unsecured radiological sources in their communities?
3. Will more cities take advantage of the opportunity to get background radiation maps?

Radiation Detection Update

An update on earlier posts regarding radiation detection:

HLS Watch points out that the Domestic Nuclear Detection Office (DNDO) is starting a project to evaluate radiation detection systems at ports - specifically, at the transfer point from ship to rail:

The U.S. Department of Homeland Security (DHS) will soon begin conducting multiple projects in the Port of Tacoma, Wash., to evaluate technology and concepts of operations for radiation detection that will scan cargo at various points in transfer from ship to rail. By establishing a Rail Test Center (RTC) at the port, DHS will identify and evaluate radiological and nuclear detection solutions for intermodal rail port facilities that can be used across the country.

As I've argued before, a detection system is necessary but not sufficient to address the threat. A system of detectors, no matter how robust, is essentially a series of nets intended to snare an adversary.

Nets can be avoided, however. A comprehensive preventive scheme should exploit all aspects of the threat: the adversary, his motivations, his capabilities, his financial and human resources, his access to weapons, and his access to the target.

Cross-posted in IPS Blogs at the Institute for Preventive Strategies.

Radioactive Sources, Come Home!

One way to prevent a dirty bomb attack is to restrict access to radiological materials. The NTI Newswire reports that Los Alamos has brought 15,000 radioactive sources back to roost:

The Los Alamos National Laboratory has recovered more than 15,000 U.S. radioactive sources, ensuring they are not used in a radiological "dirty bomb," the National Nuclear Security Administration announced May 7.

The sources, collected through the Global Threat Reduction Initiative, come from U.S. medical, academic, agricultural, research and industrial entities that no longer need the material.

This is a nice protective intervention, though it doesn't eliminate the threat, of course. There are millions of radioactive sources in the world, though only a small fraction of them are suitable for use in a high-grade dirty bomb. The number would be in the tens of thousands. (Good background in this paper.)

Still, it's good to get these sources under control. Unneeded sources are more likely to become orphaned and used for nefarious purposes.

See Something, Say Something?

Bruce Schneier wrote an interesting post yesterday on the relative usefulness - or uselessness - of citizen reporting of suspicious activity: the "See Something, Say Something" paradigm.

He argues that without proper training, peoplw who report suspicious activity will typically send investigators down false trails. But with training, reporting improves substantially:

People trained to be alert for something hinky will do much better than any profiler, but people who have no idea what to look for will do no better than random.

It seems to me that what he's really doing is focusing on the right question. In the aftermath of any terrorist incident or serious crime (e.g., Virginia Tech), there is a tendency to ask:

"What kind of person would do this?"

While that's an interesting question for cable news hosts and pop psychologists to chew over, it's not the most useful question for prevention efforts. Focusing on "the kind of person" can lead to all sorts of errors of misperception, especially to an untrained or minimally trained eye:

A much better question is:

"What are the precursor activities that indicate the potential for crime or terrorist activity?"

Identifying those activities provides much better - and much more objective and defensible - evidence that someone may be up to no good. It seems to me that Schneier's description of "hinky" is really about making that crucial distinction.

Cross-posted at the Institute for Preventive Strategies.

More on Radiation Detection

An update on last week's post on radiation detectors.

GovExec reports that the Domestic Nuclear Detection Office (DNDO) wants to go ahead with deployment of next-generation Advanced Spectroscopic Portals (ASPs). The tests aren't complete, but DNDO feels like it has enough information to go forward:

Heartened by recent test results in Nevada, the director of the Domestic Nuclear Detection Office said he expects to recommend next-generation nuclear detectors be cleared for deployment in July.

The detection office, a division within the Homeland Security Department, is about halfway through a test run of new radiation detection technology at the New York Container Terminal in Staten Island. The detectors have already undergone testing at the Energy Department's Nevada Test Site.

While DNDO Director Vayl Oxford declined to describe the results of the February and March tests in any detail, he characterized the results as positive. "We are very optimistic that when we go to [Homeland Security Secretary Michael Chertoff] this summer he will give us permission to go to production," Oxford said.

A GAO report said Oxford's office should systematically compile test data on the existing monitors to fully understand their benefits and limitations before making the multibillion dollar investment the deployment plan requires.

Regarding the recommendation to compile testing data, Oxford said, "That's a prudent thing to do."

For the record, it's a $1.2 billion project. And the "prudent" comment is a bit odd. As I read it, Oxford is saying it's prudent to compile testing data before making the deployment decision - but he's planning to deploy without doing so anyway?

He added, however, that "some of that test data we've already looked at, and I'm not sure it's relevant to the decision we're making."

Even as the office works to enhance the nuclear detection network at the nation's borders and ports, DNDO officials are enlisting help from outside experts and the intelligence community to probe gaps in the system. In some cases, that includes testing the systems and detectors by having people trying to smuggle real nuclear material. Tests with mock terrorists have already begun, said Huban Gowadia, the detection office's assistant director for assessment.

I'm not an technical expert on radiation detection, so I can't say whether DNDO is making a sound technical decision. But a detection system, no matter how robust and no matter how many concentric rings it contains, should be only one system among a number of systems to prevent and mitigate radiological incidents.

It's worth remembering that only a fraction of the potential radioactive sources are legitimate threats for "dirty bomb" use, combining the high levels of radioactivity, long half-life, and sufficient quantity to be a realistic threat (source). Controlling radioactive sources is obviously important.

Other steps are also necessary. To mitigate the fear caused by a dirty bomb, communication would be vital. Recalling the DoD's estimate that no one would be killed by radiation in a 100-pound dirty bomb attack (source), it's not difficult to infer that a primary impact of such an attack would be fear.

In the case of a radiological attack, healthcare resources could be overwhelmed if there were a large number of "worried well." That's a contingency that should be prepared for. It's also possible that there could be a lot of refugees from the affected area.

At the most basic level, anyone involved in the response to a radiological event should be aware of who would respond. The list is long and involves a lot of agencies that local first responders generally do not work with (e.g., DoD assets, the National Nuclear Security Administration, etc.). Simply understanding the response structure is a simple first step.

One last thought on the DNDO news: The GAO argued that, since state and local governments will be making the buying decisions for radiation detectors within their jurisdictions, DNDO should provide better information about the detection equipment. DNDO responded with what I perceive to be a rather bland platitude:

The [GAO] report also recommends the office provide state and local authorities with information on radiation detection technologies to help them make more informed purchasing decisions.

"We strongly agree with this statement, as the DNDO feels that bolstering preventive [radiological and nuclear] detection capabilities within the domestic interior is an essential part of our nation's defense," the detection office wrote in response.

It's nice to hear this, but it's not clear what DNDO is proposing to do about it.

Updated 2007-04-30: This is a couple of weeks old, but Reuters has reported that the U.S. is giving radiation detectors to Mexican ports:

The United States will donate radiation detectors to Mexico and help install them in busy sea ports to prevent a terrorist attack with a "dirty bomb" or other radioactive material.

The U.S. Department of Energy will provide equipment and train customs officers at major ports on the Pacific and Gulf of Mexico coasts, Mexico's Finance Ministry said.

Mexico increasingly receives cargo ships from Asia destined for the United States. Cargo is unloaded in Mexico and transported by land to its northern neighbor.

The detection equipment will be installed in Manzanillo, Lazaro Cardenas, Altamira and Veracruz, ports that account for 92 percent of the Mexico's maritime trade.

The first set of equipment should be installed and working by the end of the year, the ministry said.

Preventing Terrorist Recruiting

Tuesday's post about radiation detectors, and how they're just one element of a preventive system against radiological terrorism - regardless of how ubiquitous they become - got me to thinking more about how local homeland security professionals can work to prevent terrorist attacks in their communities.

Protective regimes - detectors and the like - are certainly important. But by themselves they are essentially just a series of nets. If something slips through, then prevention has failed. And terrorists are adept at evading detection; their experience with non-terrorist related crime teaches them this (if nothing else does).

But local homeland security people can take the offensive. One method that has always interested me is intervening to prevent terrorist recruitment. In any terrorist attack, the irreplaceable element is always the terrorist. Without the terrorist, there's no terror.

With that in mind I turned to the recent testimony of Brian Michael Jenkins before the U.S. House Committee on Homeland Security - Subcommittee on Intelligence, Information Sharing and Terrorism Risk Assessment.

His presentation, entitled "Building an Army of Believers: Jihadist Radicalization and Recruitment," is a good primer on terrorist recruiting and what can be done to stop it at the local level. It echoes some of the ideas from his excellent book Unconquerable Nation, which I reviewed here.

Jenkins starts by defining the problem:

Although the United States and its allies have achieved undeniable success in degrading the operational capabilities of jihadist terrorists worldwide, they have had less success in reducing the radicalization and recruitment that support the jihadist enterprise.

Nearly five years after 9/11, a 2006 National Intelligence Estimate concluded that “activists identifying themselves as jihadists … are increasing in both number and geographic dispersion.” As a consequence, “the operational threat from self-radicalized cells will grow in importance to U.S. counterterrorism efforts, particularly abroad, but also in the Homeland.” In testimony before the Senate, FBI Director Robert Mueller indicated concern about extremist recruitment in prisons, schools, and universities “inside the United States.” In March of this year, Charles Allen, Assistant Secretary of Homeland Security, concurred that “radicalization will continue to expand within the United States over the long term.”

More than a military contest, the jihadist campaign is above all a missionary enterprise. ... Recruiting is not merely meant to fill operational needs. It is an end in itself: It aims at creating a new mindset.

There is a distinction between radicalization and recruitment. Radicalization comprises internalizing a set of beliefs, a militant mindset that embraces violent jihad as the paramount test of one’s conviction. It is the mental prerequisite to recruitment. Recruitment is turning others or transforming oneself into a weapon of jihad. It means joining a terrorist organization or bonding with like-minded individuals to form an autonomous terrorist cell. It means going operational ...

So ... who are likely jihadist recruits?

Al Qaeda’s brand of jihad offers a comprehensive and uncomplicated solution ... It is a message that is especially attractive to angry young men and frustrated, compliant individuals.

Potential jihadist recruits in Western countries are part of a marginalized immigrant subculture or are themselves cut off even from family and friends within that community. The more vulnerable are those who are at a stage of life where they are seeking an identity, while looking for approval and validation. They are searching for causes that can be religiously and culturally justified, that provide them a way to identify who they are, and that provide a clear call for action. The jihadist agenda is action-oriented, claims to be religiously justified, and appeals to this relatively young, action-oriented population. ... This is the group that currently poses the biggest danger to the West.

Personal problems also play a role. Recruits often come from dysfunctional families, have experienced disruptive relocations, suffer identity crises, face uncertain futures, feel alienation; many are in trouble with authorities. ... But jihadists also include sons of well-off families, people with promising careers, and individuals who are seemingly well-adjusted. There is no single psychological profile and no obvious indicator to permit targeted intervention.

It's probably worth noting here that there is a difference between a terrorist recruit and someone like the Virginia Tech gunman. The Va. Tech shooter was a deeply disturbed individual who apparently developed violent fantasies within his own mind. It's very hard to intervene to stop that sort of actor unless he reveals his thoughts and desires - which this man apparently refused to do in multiple rounds of counseling and mental health treatment.

But unlike the anti-social Va. Tech gunman, terrorist networks are inherently social. Terrorists must come together in social spaces to reinforce their own belief systems, share strategic and tactical information, and make plans for future actions. Because terrorism in general - and terrorist recruiting specifically - is an inherently social activity, it can be discovered and exploited more easily than a single disturbed individual can.

So ... what are the tactics that jihadists use to entice recruits? What social spaces do they use? What are the implications for counter-recruitment efforts?

Jihadists recruit one person at a time.

Volunteers move on by self-selection. There may be powerful peer pressure, but there is no coercion. Submission is voluntary. Not all recruits complete the journey. Commitment is constantly calibrated and re-recalibrated. Some drop out along the way. A component of our counter-recruiting strategy must be to always offer a safe way back from the edge.

While the jihadist message is widely and increasingly disseminated, the actual connection with the jihadist enterprise, outside of Middle Eastern and Asian madrassahs, appears random, depending on personal acquaintance, finding a radical mosque, or being spotted by a recruiter. That, in turn, suggests that the numbers are driven not merely by the appeal of the jihadist narrative, but also by the number of “retail outlets” where recruiters can meet potential recruits.

The recruiting process, therefore, seems to be not very efficient—the yield is low. However, only a few converts suffice to carry out terrorist operations. Nevertheless, this suggests that reducing the number of suspected recruiting venues would seriously impede jihadist recruiting.

To what degree are jihadist recruiters operative in the United States?

[A]rrests, along with intelligence operations, indicate that radicalization and recruiting are taking place in the United States, but there is no evidence of a significant cohort of terrorist operatives. We therefore worry most about terrorist attacks by very small conspiracies or individuals ...

How can our counter-recruitment efforts be more successful?

This suggests that efforts should be made to enhance the intelligence capabilities of local police, who through community policing, routine criminal investigations, or dedicated intelligence operations may be best positioned to uncover future terrorist plots.

Of these, continued intelligence operations are the most important. Radicalization makes little noise. It occurs in an area protected by the First and Fourth Amendments. It takes place over a long period of time. It therefore does not lend itself to a traditional criminal investigations approach.

Recruiting for jihad takes place both inside and outside of identified radical mosques and other known venues. These “retail outlets” can be identified and monitored. Surveillance, real and imagined, of recruiting venues can inform authorities of possible terrorist plots and may discourage recruiting. ... Prisons are another recruiting venue that could be better controlled.

Society’s purpose in this area is twofold: to deter vulnerable individuals from recruitment into destructive paths and to protect society itself against destruction—this may require preemptive intervention before manifest criminal behavior occurs.

Are there any unintended consequences to be avoided?

[T]he first principle must be to do no greater harm, to avoid misguided policies, needless hassles that only create enemies.

Who is best positioned to engage in counter-recruitment?

It is important to keep lines of communication open at all levels of government. This is community policing in its broadest sense, but the collection of intelligence and initiatives aimed at maintaining dialogue among communities and faiths are best handled at the local community level.

It is clear that local efforts to stop jihadist recruiting are vital. It is also clear that more can be done within local communities, as this report suggests. (Also see my post.) Community relationships are irreplaceable - not just to protect vital assets and to detect the signs of potential terrorism - but also to prevent conversion to radicalism and recruitment into terrorist operations.

Tomorrow I'll have more on preventing terrorism in local communities.

Foiled Maritime Terrorism in Morocco

Reuters is reporting today that a group of 12 would-be bombers have been foiled in Morocco. Their targets were foreign ships - an indication that jihadists continue to view economic targets as desirable, including maritime targets.

At least 12 would-be suicide bombers planned to blow up foreign ships at the Casablanca port and other Moroccan landmarks, top security officials were quoted as saying on Thursday.

They said at least six of the suspected bombers were still on the run, but others were arrested after their presumed leader blew himself up on March 11 to stop police taking him alive.

Abdelfattah Raydi, the 23-year suspected leader of the group of bombers, walked into an Internet cafe in Casablanca's Sidi Moumen slum on March 11 with another suspected bomber.

Raydi, who had worn an explosives belt for four days to avoid police catching him alive, detonated the device when the cafe owner shut the door and called authorities after he saw him consulting a jihadist Web site, newspapers said.

"Investigations showed that 12 suicide bombers among 30 terrorists linked to March 11's Casablanca plot were prepared to attack economic and security targets including blowing up foreign ships at Casablanca port and tourism facilities in Marrakesh, Essaouira and Agadir," wrote al Ahdath al Maghribia daily.

It's being called a "lucky accident" that the plot was prevented, but I'd say it's a good example of civic engagement in anti-terrorism. The Internet cafe owner could just have easily looked the other way, but he recognized a potential threat and decided to intervene.

The bad news out of the incident is that it provides further evidence of jihadists' attraction to the idea of mixing chemicals or biological agents with their bombs, as demonstrated on a number of recent occasions in Iraq.

The [Moroccan] papers also quoted officials as saying the would-be bombers planned to use "poison" in their planned attacks, showing a change in the country's home-grown terror.

Al Ahdath said the "poison" was a byproduct of tetanus pathogenic bacteria ...

These guys do a good job of sharing information via the Internet. If a tactic seems to work in one place, it begins to pop up in other places. So information sharing has to go on here, too, regarding vulnerability and risk.