2 April 2017

*** Adjusting To An Imperfect Reality

by Scott Stewart

Security and counterterrorism procedures are often adaptive, for better or for worse. As attackers devise new methods to stage their assaults, authorities change their procedures accordingly. Following a recent attack in London, some people have been calling on British security services to do just that. At approximately 2:40 p.m. March 22, Khalid Masood jerked the steering wheel of his rented Hyundai Tucson sharply to the left at the entrance to London's Westminster Bridge, jumped the curb and pressed the accelerator.

Speeding along the sidewalk, he struck pedestrians who could not get out of his way; two people even jumped off the bridge to avoid being hit. As he neared the end of the bridge, Masood re-entered the roadway and sped toward the British Parliament building. He again jumped the curb to target more pedestrians before crashing into the building's perimeter fence shortly after passing Big Ben. Masood then leapt out of the wrecked car and ran around the corner of the compound to the Parliament's main vehicle entrance, where he attacked an unarmed police officer with a knife before being shot by a police officer inside the grounds. Though the attack lasted only 82 seconds, it killed five people (including Masood) and injured 50 more, some of them severely.

British authorities later noted that Masood, a Muslim convert formerly known as Adrian Ajao and Adrian Elms, had a violent criminal history and was previously investigated for his ties to jihadists involved in plots in the United Kingdom. Like many past attackers in the country and in Europe, Masood was a "known wolf." His background, in fact, is similar to that of Michael Adebolajo, one of two men convicted for the murder of British soldier Lee Rigby in May 2013. That British authorities knew of the assailant and determined that he didn't pose enough of a threat to merit additional surveillance led some to conclude that the United Kingdom's counterterrorism system needs an overhaul.

But no matter what changes are introduced to the British security services, authorities will never be able to anticipate and stop every simple attack by every potential actor. This is precisely why terrorist groups have embraced the leaderless resistance operational model. Masood's attack will doubtless offer lessons for law enforcement and counterterrorism officials going forward. I would argue, however, that based on the facts of the case, it is better to keep calm, adjust course and carry on than to scrap the current system and start over.
A Less-Than Surprise Attack

The London attack was not a surprise. Al Qaeda and the Islamic State have been threatening attacks in the United Kingdom for many years now. The Islamic State has even warned that it would conduct a massive "doomsday attack" in London - although Masood's attack fell far short of that. British Islamic State member Mohammed Emwazi, who beheaded several hostages on camera, including British aid workers Alan Henning and David Haines, also repeatedly threatened attacks in the United Kingdom - and specifically in London - before his death. Furthermore, British authorities have taken steps to prepare for the possibility of a vehicular attack in light of the recent assaults in Nice and Berlin, for instance by altering the changing of the guards ceremonies at Buckingham Palace.

Perhaps the most surprising aspect of Masood's attack is that it was the first terrorist attack in the United Kingdom since Rigby's murder - and the first claimed by the Islamic State. That's not to say jihadists haven't been trying, though. British Defense Secretary Michael Fallon said in a press conference that authorities in the United Kingdom uncovered and foiled 12 attacks in 2016 and were working more than 600 active terrorism cases. Other media reports suggest that the United Kingdom's domestic security agency, MI5, has some 3,000 individuals on its list of potential terrorist suspects.
Swimming in Jihadist Shoals

Sorting through the vast and diverse range of potential attackers to identify those most likely to conduct an assault is a daunting challenge for governments. Think of a shark trying to select a single fish from among a shoal of baitfish swimming in unison. The shark has an incredible sensory array that is extremely effective at identifying prey and rows of razor-sharp teeth to devour them. But the shoal's density provides security for the fish swimming in it by making it next to impossible for the shark to identify and target a specific fish. For the prey species, shoaling is adaptive: Though some fish get eaten, the species lives on. British authorities, likewise, have incredible intelligence capabilities and a competent police force. It's just that the sheer size of the shoal of potential jihadist attackers can overwhelm their intelligence and enforcement resources.

Maintaining live telephone taps on a single target is a resource-intensive endeavor - to say nothing of round-the-clock physical surveillance. Because security services quickly reach capacity with the targets they can cover, they must use risk assessments to rank potential threats and deploy their resources selectively against the threats they consider most dangerous. That goes double in a democracy such as the United Kingdom, where a robust rule of law prohibits indiscriminate sweeps to arrest and confine every potential threat. And even in authoritarian countries, history has shown that governments cannot simply arrest (or kill) their way out of the problem. In fact, draconian measures usually only fuel anger and resentment among the public, further encouraging radicalization.

Security services personnel use a process similar to hospital triage protocols to ensure their time and attention are properly directed. Much as emergency rooms give precedence to the patients with the most serious problems, counterterrorism and intelligence officials focus first on the most dangerous threats. People who have direct contact with a terrorist group such as the Islamic State or those who have fought or received training in guerrilla warfare or terrorist tradecraft abroad are the top priority. They will receive the lion's share of the government's limited surveillance capacity, while lesser threats are covered as resources allow.

But the resources are never sufficient to follow every possible suspect 24/7, and some attackers inevitably slip through the cracks, no matter how proficient security services are. When that happens, investigators can quickly pick the perpetrator out of the shoal of potential threats in the wake of an attack and scrutinize them. And they will doubtless uncover warning signs and indicators that presaged the attack in the course of their investigations. Filling in a puzzle is easy once one has the right pieces and an idea of what the finished picture looks like. The task is much more difficult, however, when the right pieces are jumbled with those from thousands of other puzzles and there's no clear picture of the final product.
In Plain Sight

Masood conducted his attack using common items - a rental car and a knife - that he obtained legally. By all appearances, he acted alone, absent any criminal conspiracy. Until he steered his rental car onto the curb and began to strike pedestrians, he gave police no cause to arrest him (beyond perhaps possession of a knife in public, had officers known he was armed). Nor did his outward behavior suggest that he had gone operational. Assuming he did not conspire with anyone, Masood likely did little in his planning cycle that would have tipped off a government surveillance team that he was preparing an attack, save for the pre-operational surveillance he no doubt conducted. It wouldn't be surprising if in the coming weeks closed-circuit television footage surfaces of Masood running the attack route on multiple occasions before the afternoon of the attack. Pre-operational surveillance is still a critical vulnerability in the attack planning cycle, even in cases where grassroots attackers work alone and use simple weapons. But even if Masood had been under observation, the most authorities could have done to stop his attack would have been to notice his pre-operational surveillance and take him in for questioning. A surveillance team, after all, would have had little recourse to stop the rampage once Masood's car jumped the curb.

Though Masood managed to elude British security services and carry out an attack, his capabilities limited the amount of damage he caused. It is a sad reality that killing people is easy if one so desires - all the more so if one is willing to die in the process. The goal of counterterrorism planners is to keep the deadliest threats in check, since they cannot possibly stop them all. To expect them to do so is unreasonable, and one successful grassroots attack is no reason to call for an overhaul of the entire British counterterrorism system.
Adjusting Course

That said, we can take away some important lessons from Masood's attack. The incident, for example, revealed the need to keep cars from accessing straight channels full of pedestrians, particularly those like Westminster Bridge that are close to iconic sites. Since the attack, temporary steel bollards, as well as armed police officers, have been placed at popular British tourist attractions such as the Mall, Windsor Castle and Buckingham Palace to prevent vehicular assaults on crowds of sightseers.

Still, bollards and armed guards can't protect every possible target, and aspiring attackers will find venues for the future attacks that are sure to come. Plots like Masood's will crop up in the United Kingdom and beyond. Officials will thwart many of them, but some will inevitably succeed. In the face of this unavoidable danger, authorities and members of the public must keep calm, adjust course as necessary and, most important, carry on.

No comments: