Thursday, March 19, 2015
StratFor: Understanding Terrorism Warnings
By Scott Stewart
The U.S. Embassy in Sanaa, Yemen, recently reopened after it and 18 other U.S. diplomatic posts suspended operations Aug. 4 in response to an alleged terrorist threat. The threat reportedly was based on an intercepted communication between al Qaeda leader Ayman al-Zawahiri and several al Qaeda regional leaders, including Nasir al-Wahayshi, the commander of Yemen-based al Qaeda in the Arabian Peninsula.
It is hardly surprising that the threat was taken seriously in Yemen. More so than any other al Qaeda franchise, al Qaeda in the Arabian Peninsula poses a transnational threat to Western countries. Indeed, the group has attacked Western targets there before. In September 2008, it conducted a coordinated vehicle bombing and an armed assault against the U.S. Embassy in Sanaa, and it has attempted to assassinate British diplomats, including the ambassador. But the most recent warning provides us with an opportunity to discuss how terrorism threat warnings work -- and why governments issue them.
Threat warnings necessarily are based on incomplete intelligence. If the authorities had complete intelligence regarding a particular threat, they would take action to disrupt the plot, not issue a warning. This is especially true in a country like Yemen, where the Central Intelligence Agency and the Department of Defense conduct airstrikes against militants using drones, cruise missiles and fixed-wing aircraft. But even in places where kinetic solutions to threats are impossible -- inside the United States or in Europe, for example -- complete and accurate intelligence would enable law enforcement officials to arrest or otherwise stop the plotter or plotters.
Since the 1990s, the United States has been quick to issue public terrorism warnings, due largely to air travel security reforms enacted following the attack on Pan Am Flight 103. The President's Commission on Aviation Security and Terrorism discovered that the U.S. Embassy in Helsinki received a threat Dec. 5, 1988, stating that "sometime within the next two weeks" a bomb would be placed on a Pan American flight from Frankfurt to the United States. The committee found that the Federal Aviation Administration and the U.S. Department of State had selectively disseminated this information, leading some to criticize the double standard in the authorities' decision to warn traveling government employees but not the general public. (In fairness, that specific warning was also selectively issued within the government. I lost two of my colleagues on Pan Am 103, Diplomatic Security Service special agents Dan O'Connor and Ron Lariviere, who were trying to get home for Christmas from their postings in Beirut, Lebanon.)
Having received the commission's report, the U.S. Congress passed the Aviation Security Improvement Act of 1990, which mandated that civil aviation threats could not be passed along only to selected travelers unless the threat applied only to those travelers. The George H.W. Bush administration expanded on that legal precedent to include the dissemination of all threat information, establishing what is now commonly referred to in the counterterrorism community as the "no double standard" policy. This policy requires that the public is apprised of terrorism threats, and it has been continued under subsequent administrations.
The "no double standard" policy initially was meant to be applied to timely, credible, corroborated and specific threats. Over time, however, it has been applied to almost every threat; most politicians and government bureaucrats do not want to be accused of withholding vital information or of making a poor analytic assessment about a threat, the 1990 law notwithstanding. Frankly, there is far less political risk associated with warning of a threat that does not materialize than failing to warn of a threat that does -- even if the threat is deemed only remotely possible. Thus, nearly every potential threat is shared with the public regardless of its veracity. (The political uproar over the September 2012 attack in Benghazi will serve to reinforce this mentality.) As a result, it very difficult for the public to determine which threats are more serious, and observers are left scrutinizing government statements for subtle indications of which warnings are more credible.
Indeed, credibility goes to the heart of the issue. Sometimes intelligence that leads to a threat warning, like any other intelligence, can be garbled or poorly analyzed. Other times it is the product of misinformation or disinformation, which is spread intentionally, or a combination of these factors.
One source of misinformation is fabricators -- human sources who concoct stories to sell to intelligence agencies. Quite often these fabricators base their stories on a shred of truth to make them sound believable and therefore more marketable. In the early 1990s, the U.S. Embassy in Beirut was closed on several occasions due to the bogus and exceedingly dire threat reports of a clever Lebanese fabricator, who milked the FBI for tens of thousands of dollars of confidential informant funds.
Disinformation also complicates the issue. Often times a militant organization will leak faulty information to mislead or confuse analysts. In retrospect, many warnings of seemingly imminent attacks against U.S. interests overseas before 9/11 -- during what the 9/11 Commission Report calls "The Summer of Threat" -- might have been part of an al Qaeda disinformation plot to distract the United States from the group's real plans. Terrorism suspects also can provide disinformation during their interrogations to redirect investigators and protect real operations that are underway or to detect informants in their midst.
Such disinformation attempts can help militants see how the U.S. government and its allies will respond to a threat. Known colloquially as "pinging the system," this can also work with false warnings to help induce alert fatigue.
In many cases, threat warnings are based on information provided by the intelligence services of other countries. Sometimes U.S. agencies will not have direct access to the source of the information, which is difficult to authenticate, and cannot obtain additional information regarding the threat. In addition, there are times when foreign liaison services pass "threat" information as part of a political agenda, perhaps to get a local insurgent group listed on the U.S. terrorism list -- or in some cases, to play mind games with American diplomats.
Another problem in intelligence is faulty analysis -- receiving intelligence and indicators and then drawing the wrong conclusions from them, or misinterpreting an innocuous item as a critical item of intelligence. In 2003, for instance, the U.S. national threat level was raised from yellow to orange during the holidays after a CIA analyst mistakenly claimed to have discovered a cache of secret al Qaeda messages embedded in the moving text at the bottom of the Al Jazeera news channel. While some have berated the CIA over the case, it exemplifies how the potential blowback for not taking such possible indicators seriously has caused the intelligence community to err on the side of caution in issuing alerts.
Warnings as Disruptors
But aside from fear of being held politically responsible for not issuing a threat warning, there are also valid tactical purposes for issuing them. First, in the event the government doesn't have all the details and believes an attack is coming, or in the event it lost track of an operative or cell it was following, the hope is that publicly issuing the alert will prompt increased security at the target, forcing the plotters to abort their plan or communicate to their superiors if necessary. This additional line of communication creates another opportunity to intercept their communications.
But warnings do not always guarantee that plotters will stop to reassess their plans. For example, in the attack against the U.S. Consulate in Jeddah, Saudi Arabia, on Dec. 6, 2004, the perpetrators continued their operation despite not only the issuance of a warning but also despite a government operation that resulted in the arrest of a second attack team. Several other attacks have also been preceded by warnings or security alerts, including the failed July 21, 2005, London bombing attack, which occurred while the city remained under a heightened alert following the bombings on July 7, 2005.
One downside of freely issuing threat warnings -- whether out of an abundance of caution or in an attempt to disrupt a plot -- is that once the government does issue a warning, whatever source the intelligence was coming from will likely be compromised and dry up. We have seen this happen historically with intelligence gathered from technical and human sources. So however the U.S. government acquired the communication between al-Zawahiri and the other al Qaeda leaders that led to the most recent terrorism warning, that channel is now in all likelihood closed.
The bottom line is that attacks rarely follow warnings. Most attacks are not preceded by warnings, simply because good operational security is required to conduct a successful attack. However, warnings should be heeded, and sustainable, commonsense security measures should be adopted if warranted. The key to responding to threat warnings is to keep them in perspective, not overreact to them.
Terrorism is an enduring reality and someone somewhere is undoubtedly planning an attack against a Western diplomatic facility or civilian soft target at this very moment. But buying into the hype and panic surrounding the warning only leads to alert fatigue and hampers good security.
# posted by Jim Ellinger @ 2:19 PM