Tactical Realities in the Counterterrorism War

Fred Burton
Chief Security Officer, Stratfor
13 MINS READMay 18, 2006 | 04:10 GMT

The British government last week released two reports concerning the July 7, 2005, suicide attacks in London. The first, by Parliament's Intelligence and Security Committee (ISC), examined government efforts to collect and analyze intelligence pertaining to the case; the second, by the Home Office, outlined findings about the bombers, their backgrounds, motives and actions in greater detail. The reports have, not surprisingly, generated political reactions: Some members of Parliament have claimed that MI5 was not completely forthcoming in response to the ISC queries, and a few MPs have called for an independent investigation into events surrounding the attack — similar to the 9/11 Commission in the United States. Be that as it may, the reports do provide a very interesting window into the internal workings of the British intelligence and security services. Even more significantly, they speak to problems of collection and analysis that occur whenever a Western government, through its intelligence and security apparatus, attempts to pre-empt vague, potential threats or to thwart an amorphous enemy. The same problems and issues now have surfaced several times following attacks by Islamist militants, whether in the United States, the Netherlands or Spain. In short, government bureaucracies do not deal well with ambiguity — and jihadist groups, particularly at the grassroots level, are nothing if not ambiguous. They are insular and dedicated, and they might not be meaningfully connected to the command, control and communication mechanism of any known militant groups or actors — which makes them exceedingly hard to identify, let alone pre-empt, before an attack is carried out. As the political debates in London and, predating that, in Washington have shown, there is an expectation that governments somehow must prevent all terrorist attacks. When one occurs, there are political investigations into the cause of intelligence failures and, on occasion, finger-pointing and reorganizations result. The public, after all, needs to feel secure. But the uncomfortable truth in the war against jihadists is that there is no such thing as complete security. Given the nature of the threat and the enemy, no intelligence or security service in the world is capable of identifying every aspiring militant who lives in or enters a country and pre-empting their potential acts of violence. This is impossible even in states that employ draconian security measures; the challenges obviously are amplified in societies that value civil liberties and due process. Within that context, the tactical challenges and expectations faced by counterterrorism agencies are useful to consider.

Threat Assessments

Before the July 7 rail bombings occurred, British authorities recognized the high risk that London would be attacked by jihadists. Government ministers and police had stated publicly on several occasions that it was "not a matter of 'if' such an attack would occur, but 'when'." This assessment was supported not only by external analysis and al Qaeda's targeting criteria, but also by the fact that several significant terrorist cells had already been neutralized in Britain. These included the group behind the ricin plot, the al-Hindi cell and others. Furthermore, following the Madrid attacks in 2004, both British and American authorities assessed the passenger rail systems in their countries and found them vulnerable. It is little surprise, then, that in the period directly before July 7, the British government's official assessment was (to quote the Intelligence and Security Committee's report) that "available intelligence and recent events indicate that terrorists have the capability to mount an attack and that such an attack is within the group's current intent. It is assessed that an attack is likely to be a priority for the terrorists and might well be mounted." And following the arrests of Richard Reid, Babar Ahmed, Sajid Badat, Abu Qatada, Abu Hamza, Sheikh Feisal, and other militant operatives and leaders — all British citizens — it clearly was possible that some attacks could be planned and carried out by homegrown militants. With all of that knowledge, then, why was it not possible to keep the strike against London's rail system from being carried out?


If the July 7 bombings are viewed in isolation, it would seem obvious that there were clues — pieces of a puzzle — that could have been fitted together to indicate the existence of a cell that posed a threat and warranted focused intelligence collection efforts — including physical surveillance, signals intelligence (sigint) and human intelligence (humint) penetration. Anyone can be brilliant after the fact, but it is very difficult to read tea leaves in real-time — especially considering that the bombers did not exist in isolation. London is not Pyongyang, a homogeneous society where the few resident foreigners can be easily monitored. Britain's capital has not been dubbed "Londonistan" for nothing; it is a huge, multicultural city, home to many religious and political dissidents and refugees from the Middle East. Within the large Muslim populace are many of Pakistani origins. Thus, even when using profiling techniques, locating radical Islamists — who proportionally make up only a small percentage of this population — would be a tremendous undertaking. Within that, there is the further challenge of differentiating between what could be called "jihadist cheerleaders" — radicals who voice political or ideological support for al Qaeda and its cause, but are not actually violent — from the combat-hardened veterans of Afghanistan, Bosnia and other jihads, as well as all those falling in between. In order to cope with this and sort through the galaxy of potential suspects, the British government developed three categories for targets — and allocated intelligence resources to each accordingly. The levels were:

  • Essential: someone likely to be directly involved in, or to have knowledge of, plans for terrorist activity.
  • Desirable: someone associated with people involved in, or with knowledge of, plans for terrorist acts; who is raising money for terrorist purposes; or who is in jail and would be an essential target if at large.
  • Other: someone who might be associated with people directly involved in, or who have knowledge of, plans for terrorist activity.

If someone is known to be directly linked with al Qaeda, it obviously would be a no-brainer to classify them as an "essential" intelligence target. These suspects would merit 24x7 physical and electronic surveillance — an endeavor that, on the back end, could tie up as many as 100 surveillance operatives, supervisors, snipers, technicians, photographers, analysts and interpreters. But in the real world, intelligence is seldom, if ever, so black-and-white. And the very structure of al Qaeda, its offshoots and sympathizers is a further problem. Al Qaeda has been described as a "network of networks" or a "network of relationships" — a characterization that is ever more apt as the capabilities of the central leadership are degraded in the war. In application, this means there may not be any clear-cut chain of command, a specific building to target or communications structures on which to focus intelligence resources. The organization itself is nebulous, the targets hard to map and quantify. The existence of grassroots operatives further complicates the equation; by definition, such jihadists might have limited or no interaction or relationship with known militants. This means that, without hard intelligence to fall back on, government agencies must place these operatives squarely into the "other" category, which warrants the least intelligence monitoring. And the difficulty of gathering hard intelligence about a person's true status and intentions is at the crux of the dilemma facing the British and other governments.

Resources and Limitations

From a practical standpoint, how does one go about developing information that can identify or pre-empt terrorist plots? Three tools are standard: humint sources, signals sigint and analysis. All of these are useful, but none are perfect. Recruiting human sources from the communities in which militants are likely to live and move is invaluable, but any source can only see what is within his field of vision. Militant cells are built on relationships and trust — which are difficult to establish quickly. And when the concern is about militants at the grassroots level, the universe of people that human sources would need to establish close relationships with becomes very large indeed. Moreover, even if a source is well-placed, it can be difficult to judge a suspect's intentions unless one knows him or her intimately. In the case of the July 7 attacks, even many who knew the bombers well were surprised to learn of their involvement. The utility of sigint also is limited; it does not work well when suspects practice careful operational security (such as, in al Qaeda's case, foregoing the use of satellite telephones, which emit trackable signals). In the case of grassroots operatives, escaping scrutiny simply would mean not committing acts that would bring someone to the attention of authorities — such as communicating with known members of terrorist groups or visiting radical Internet sites. In any setting, intelligence is little more than raw data until analysis is applied — but drawing the correct conclusions is difficult if one has incomplete data, is given the wrong kinds of material to analyze or lacks the proper mindset and training to make useful inferences. In terms of pre-empting the July 7 bombings, then, the cards were stacked against the British intelligence community. The ability to identify the plotters and their plans was not a matter of putting a few puzzle pieces together, but more like sifting through the pieces of thousands of puzzles, all jumbled together in one big pile, and creating a picture — without the benefit of a box to show what it should look like in the end.

The July 7 Puzzle

As it turns out, the British still do not know all the details about how the July 7 attacks were planned and carried out, even with nearly a year of hindsight to aid them. From the pieces that have been connected so far, they have learned that Mohammad Sidique Khan — the apparent leader of the cell — visited Pakistan in 2003, and that he returned and spent several months there with another of the bombers, Shahzad Tanweer, between November 2004 and February 2005. The piece that would tell authorities who the men met with while in Pakistan is still missing, but it is believed that they had some contact with al Qaeda members. Indeed, al Qaeda distributed a copy of Sidique Khan's martyrdom video — which was likely taped in Pakistan — along with edited footage from Ayman al-Zawahiri, supporting the notion that the July 7 cell was somehow connected to al Qaeda. It also is likely that the cell leader was trained in the manufacture of explosive mixtures and devices during one of his trips to Pakistan. Sidique Khan has been a troublesome figure for British authorities, because he first came to their attention in the course of another matter: He was identified as a figure on the periphery of the investigation begun by the arrest in Pakistan of another suspect, computer expert Muhammed Naeem Noor Khan, and that led to the rollup of the al-Hindi cell in Britain. When one reads the ISC report, it is hard to understand how Sidique Khan even rose to the level of an "other" when authorities had not been able to identify him by name in the earlier investigation. However, Sidique Khan was among hundreds, if not thousands, of people whose names surfaced during the course of that investigation, and authorities did not have other evidence at that time that would have pulled him from the "other" category into the "essential" or "desirable" tiers for further monitoring.

The fact is, the resources available for surveillance, recruiting human sources and completing analysis from the field are finite for any government. In the British case particularly, one of the problems was that authorities had to devote significant resources to monitoring the "jihadist cheerleaders," like Abu Hamza and Omar Bakri Muhammed, in the "Londonistan" environment. Steps have, of course, been taken to address such problems in the months since the attacks. The Prevention of Terrorism Act of 2005 was passed to make it easier to imprison some of these targets or force them to flee the country, and police and MI6 have received funding to hire more staff — thus giving them ability to expand their intelligence coverage. But none of this addresses the problems inherent in the "other" category — those who have not been identified as being directly involved in terrorist planning. It is from this tier that the July 7 bombers and the follow-on cell, which failed to complete a similar attack on July 21, arose. The question becomes, how, with limited resources, does one justify monitoring a group whose connections to terrorism are highly questionable, when one is also fully engaged in monitoring groups whose connections, it is believed, are not in question at all? This is how grassroots jihadists can slip through the net, sometimes with deadly effect.

There is a further tactical consideration here: How does one track the sale or purchase of materials that are used in building bombs, when the buyers are not otherwise of much interest to authorities? It is significant that the devices used in the July 7 attacks were much smaller than some of the massive "lorry bombs" employed by the IRA, and not nearly as sophisticated as many of the IRA devices. They cost very little to assemble, and efforts to collect the materials and assemble the devices would not have drawn much attention. Nevertheless, the devices used by the July 7 cells caused more deaths than any terrorist attack in Britain since the Pan Am 103 bombing over Lockerbie, Scotland, in 1988. The cell purposely chose soft targets and then used suicide operatives to guide their crudely assembled devices into the heart of the strike zone.


It is impossible to tell how many jihadist cells are or might be planning attacks in Britain, or even in the United States, at this time. There are many variables involved, and no government agency could be expected to provide complete security against potential — but unknown — threats. Moreover, with each arrest, each intelligence find, each videotaped speech or warning, the game changes: Each side shifts, adjusts and adapts to the moves being made by the other side in order to attain or maintain an advantage. During the Cold War — which pitted two monolithic entities against each other — it sometimes happened that a single, extraordinarily well-placed informant or agent of influence could deliver a breakthrough that could, at least for a time, shift the advantage to one of the players. But in the game of grassroots jihad, hundreds such miracles would be needed. None of this is intended to argue that the missions of intelligence and security agencies are futile, that funding should be cut off or efforts abandoned. In a world where complete safety is not possible, the question becomes one of funding and aligning resources to prevent the most serious threats to a society and mitigating the effects of attacks that cannot be prevented. Clearly, operations involving weapons of mass destruction would be viewed as unacceptable in any society, and government reasonably can be expected to use every available means to protect its citizens from such attacks. From the public's perspective, acknowledging that it is impossible to prevent all acts of violence ideally could be the starting point for creative discussions about new and smarter ways to focus efforts, collect information and turn it into actionable intelligence. It could be argued that if unreasonable expectations of government were shattered, members of the public will view more seriously their own need to assist in identifying and reporting potential threats — for the sake of their own safety, if no other reasons.

Connected Content

Regions & Countries

Article Search

Copyright © Stratfor Enterprises, LLC. All rights reserved.

Stratfor Worldview


To empower members to confidently understand and navigate a continuously changing and complex global environment.