The Terrorism Warning Process: A Look behind the Curtain
MIN READMay 16, 2007 | 15:59 GMT
By Fred Burton U.S. and German officials fear terrorists are in the advanced planning stages of an attack against U.S. military personnel or tourists in Germany, ABC News reported May 11. The report followed the issuance of a Warden Message by the U.S. Embassy in Berlin on April 20 announcing that U.S. diplomatic and consular facilities in Germany were increasing their security posture in response to a heightened threat situation. The message, which remains in effect, also encouraged Americans in Germany to increase their vigilance and take appropriate steps to bolster their own personal security. Continuing chatter from a number of sources indicates the threat is real. The warning comes as no surprise. Like much of Europe, Germany has a large Muslim population, and within that population is a small but dedicated radical element. It was in Germany where a diverse group of Muslim students from various countries was radicalized and later organized into the "Hamburg Cell." Members of the cell, including Mohamed Atta and Ramzi Binalshibh, would go on to attend al Qaeda training camps in Afghanistan, where they were selected to form the nucleus for al Qaeda's 9/11 operation. Even after the Hamburg Cell was dismantled, the jihadist network in Germany has remained active in publishing Internet propaganda and recruiting and sending young Muslim men to fight in places like Iraq. Additionally, jihadists left two timed incendiary devices on trains in the German towns of Dortmund and Koblenz on July 31, 2006. The group allegedly responsible for the attack comprised mainly Lebanese Muslims living in Germany, who reportedly had been incensed over the Prophet Mohammed cartoon controversy. German prosecutors have alleged that the men charged in connection with the attack were also radicalized after arriving in Germany. In many ways, then, Germany is facing the same tactical realities as the United Kingdom and other countries in that it faces a threat from homegrown militants as well as from professional al Qaeda operatives. The warning in Germany, however, does provide an opportunity to draw back the curtain on the U.S. terrorism warning process — to examine what drives it, why it sometimes works and why it sometimes does not. Reasons for Warnings The U.S. government issues public warnings for a number of reasons. One of these, of course, is genuine concern for the welfare of U.S. citizens. A second reason (although perhaps not the second in priority for some officials) is simple bureaucratic butt-covering. The last thing a government official wants to do is to end up before a congressional committee or a governmental accountability review board and answer pointed questions about why he or she had threat information that was not shared with the American public. Indeed, following the bombing of Pan American flight 103, an investigation conducted by the President's Commission on Aviation Security and Terrorism discovered that the U.S. Embassy in Helsinki, Finland, received a threat Dec. 5, 1988, stating that "sometime within the next two weeks" a bomb would be placed on a Pan American flight flying from Frankfurt to the United States. The committee found that this threat information had been selectively distributed by the Federal Aviation Administration and the U.S. Department of State, giving rise to the charge of a double standard in the authorities' choice to warn traveling government employees but not the general public. Upon receiving the commission's report, the U.S. Congress passed The Aviation Security Improvement Act of 1990, which said civil aviation threats could not be passed along only to selected travelers unless the threat applied only to those travelers. The Bush administration expanded on that legal precedent to include the dissemination of all threat information, establishing what is now commonly referred to in the counterterrorism community as the "no double-standard policy." This policy requires that threats be disseminated to the public in addition to government employees. The "no double-standard" policy was intended to be applied to timely, credible, corroborated and specific threats. Over time, however, it has been applied to almost any and every threat. Bureaucratic butt-covering inevitably leads to this type of overreaction because nobody wants to be caught not sharing information after the fact, or being accused of making a bad analytical assessment of the threat. Therefore, nearly everything is reported, regardless of its veracity. Obviously, this type of overreaction leads to the release of many more alerts — many of which are not well-founded. This leads to alert fatigue. Warnings also can be issued in an effort to pre-empt an attack. In cases in which authorities have intelligence that a plot is in the works, but the information is insufficient to identify the plotters or make arrests, announcing that a plot has been uncovered and security has been increased is seen as a way to discourage a planned attack. In practical applications, however, this does not always work. Although it might seem logical that militants would abort an operation in the works once a warning is issued, history has shown otherwise. In the Dec. 6, 2005, attack against the U.S. Consulate in Jeddah, Saudi Arabia, for example, the perpetrators not only continued their operation despite the issuance of a warning, but also despite a government operation that resulted in the disruption of a second cell that was supposed to participate in the attack. Several other attacks also were preceded by warnings or security alerts, including the failed July 21, 2005, London subway attack, which occurred while the city remained under a heightened alert following the bombings two weeks earlier. Sources of Warnings The intelligence that leads to a warning can come from a variety of places. Sometimes the warning is spawned by good, hard intelligence from a technical or human source. Other times it can be a tidbit picked up after the arrest of a suspect, such as the warnings in 2004 of the plot to attack financial targets in the United States that followed the arrest of Mohammad Naeem Noor Khan in Pakistan. Threat intelligence also often results from interrogating captured militant operatives, as was seen in the raft of warnings that followed the September 2002 arrest and interrogation of al Qaeda operational planner Khalid Sheikh Mohammed. Threat information can even come from a previously unknown source who walks into an agency and volunteers information. The intelligence services of other countries also will share information they have obtained with their U.S. counterparts — though without direct access to the source, the U.S. agencies might find it difficult to determine whether the information is credible and to obtain additional information. Additionally, there are times when foreign liaison services pass "threat" information as part of a political agenda, perhaps to get a local insurgent group listed on the U.S. terrorism list — or merely to jerk the Americans around. Of course, all intelligence can be problematic. For one thing, there is the problem of fabricators, human sources who concoct stories to sell to intelligence agencies for financial gain. Quite often these fabricators base their stories on a thread of truth that makes them appear genuine. During the early 1990s the U.S. Embassy in Beirut was closed on several occasions due to the bogus and exceedingly dire threat reports of a clever fabricator who milked the FBI for tens of thousands of dollars. Secondly, there is the problem of disinformation, or information purposefully leaked by an organization to mislead or confuse analysts. In retrospect, the great number of warnings of pending attacks against U.S. and Israeli interests overseas before the 9/11 attacks — during what the 9/11 Commission Report calls "The Summer of Threat" — might have been part of an al Qaeda disinformation plot to distract U.S. attention from the group's real plans. Disinformation also can be provided by terrorist suspects during their interrogations in an effort to create red herrings and protect real operations that are under way. Such disinformation attempts by militants also can be useful for pinging the system in order to judge U.S. responses to threats. This also can serve to help induce alert fatigue. Another problem in intelligence is misinterpretation. That is, receiving intelligence and indicators and then drawing the wrong conclusions from them, or even misinterpreting an innocuous item to be a critical item of intelligence. In a 2003 case, for instance, the U.S. national threat level was raised from yellow to orange during the holidays after a CIA analyst mistakenly claimed to have discovered a cache of secret al Qaeda messages imbedded in the moving text at the bottom of the Al Jazeera news channel. Though some have scoffed at the CIA over the case, the potential blowback for not taking possible indicators seriously has caused the intelligence community to err strongly on the side of caution in issuing such alerts. The Warning Track Record Because of the problems inherent in intelligence work, and the amount of bureaucratic butt-covering going on because of the political environment, the historical track record of warning messages has been mixed. Though the vast majority of warnings have proven to be false alarms, at times and in some specific places the warnings have been quite accurate. For example, on Feb. 15, 2006, the U.S. Embassy in Manama, Bahrain, issued a Warden Message concerning the threat of al Qaeda attacks in the region. The Australians issued a similar warning six days later. On Feb. 24, al Qaeda's Saudi node attacked the Abqaiq oil processing facility near Bahrain. In fact, there was a clearly discernable pattern in Saudi Arabia in 2004 in which a warning would be issued and then followed shortly by an attack or raid that resulted in the arrest of militant suspects. Another example is the Bali suicide attacks in October 2005. The U.S. Embassy in Jakarta had been warning about attacks against foreigners at soft targets in Indonesia since spring 2005, and on Sept. 30, the day before the attacks, issued a Warden Message warning against possible attacks in "… places where Americans and other Westerners live, congregate, shop or visit, including hotels, clubs, restaurants, shopping centers …" The Oct. 1 attacks targeted restaurants. The Israelis also have had good intelligence on jihadist threats in the Sinai. In fact they issued a warning to Israeli citizens to avoid the area prior to the October 2004 attack against the Hilton hotel in Taba. This kind of intelligence penetration of al Qaeda has occurred far more frequently at the local or regional level. It has been far harder to penetrate the central core. Moreover, after certain intelligence methods have been disclosed to the public — such as monitoring the satellite phone conversations of al Qaeda leaders — those intelligence sources that had provided insight into the activities of the core group have dried up. This intelligence penetration on the tactical level is frequently short-lived because the type of access that provides the timely and accurate intelligence needed to predict threats often is then used to dismantle the organization. Jemaah Islamiyah in Indonesia, al Qaeda in the Arabian Peninsula and the jihadists linked to al Qaeda in the Sinai — regional nodes that were subjects of accurate threat reporting over the past few years — were all hammered hard by local security forces. Afterward, though, the quality of the threat information dropped noticeably, with an increasing spike in the number of false alarms. For example, after highly accurate threat reporting in Saudi Arabia in 2004 (and a string of successful actions against al Qaeda by the Saudi government), a rash of warnings in Saudi Arabia in 2005 about pending attacks against U.S. government and commercial targets proved to be unfounded. The U.S. Embassy in Riyadh was even closed for two days in August 2005 because of a threat that did not materialize. A similar pattern was seen in Indonesia and the Sinai. As long as there are attackers — and bureaucrats concerned about being grilled by Congress — there will be terrorism threat warnings. The difficulty will be deciphering which are bogus and which are based on timely, accurate and specific intelligence.