Components of threat

T=I+C Threat equals intent plus capabilities.

This is, oddly enough, one of the hardest concepts to get across in the intelligence field. Frequently, I’ve seen decisions and priorities that twist the equation to look more like this:

T=I Threat equals intent

There are several reasons why I think this happens.

  • Shell shock – We remain locked in the post 9/11 ‘CYA’ mode where everyone wants to make sure they don’t end up in front of a Senate subcommittee having to say “I believe the title of the report was ‘al-Qaida plans to fly planes into buildings.’ But who knew they’d really do it?!” As a result, there’s a tendency to default the capability part of the equation all the way to ’11′ and assume if someone says they want to do something they automatically are a) telling the truth, b) actively seeking the capability and/or c) have the capability already.
  • Resources – It’s a bit of an old saw with me by now but our funding/resource system practically begs people to exaggerate threats. So, terrorist group Z claims to want to detonate a nuclear device in your capital. You aren’t going to get any promotions, funding or fancy new equipment by pointing out that none of them finished the fourth grade and don’t even know what a nuclear device is. The only balance you can consistently rely on is that a competing agency, anxious to secure it’s own revenue stream, will attempt to expose the capability issue. Of course, a quick glance at game theory might lead you to conclude that agencies might just elect to collude into a ‘I’ll endorse your threat if you endorse mine’ sort of bargin.
  • Uncertainty – Capabilities can be hard to quantify while intent can appear to be easier. If you assume people always speak the truth, then bingo. If you think that people may have a variety of motives for shading the truth (even with the best of intentions) then you’ve got a problem on your hands

I consider this a problem because it contributes to a mindset that is inherent reactive and backwards looking. Take, for example, our current posture regarding terrorism.

In my opinion (and, admittedly, I may be in a minority here) I think we’re in a lull of sorts. Al-Qaida and its a affiliates have both taken a considerable beating and seem to be spending a good chunk of their energy on establishing local bases of operation rather than flinging themselves at the bastions of Western civilization. Surely, they continue to declare their intent to strike the West but let’s fact it. Their attempts have been either half-hearted, incompetent or both. If the past decade hasn’t convinced those hoping that America hadn’t the stomach for long conflicts nothing will. The death by a thousand cuts strategy (hoping that the War on Terror will force us to spend ourselves in oblivion) may happen but that’s more of a wild hope than a real plan at this point, especially as those cuts get increasingly feeble. In fact, in terms of international terrorism, al-Qaida looks increasingly like a gambling addict. Always trying to recreate that one big score they keep trying to go ‘all in’ but the pot with which they can bet keeps getting smaller. So they move from the high roller table down to the $1 table and even their ‘wins’ are looking rather shabby.

But, those involved with the terrorism-industrial complex are (still) too wedded to the narrative that terrorism is an existential threat. And just as we had to find a new conventional enemy after the Soviet Union disappeared, we have to find new terrorist threats to scare our children with. Al-Qaida still has some cache but we’ve been looking for successors (Boko Harum? al-Shabaab? Anonymous? Occupy? Bueller? Bueller?). They’ve all said they want to attack the West and shepherd in a new global caliphate, replace capitalism for something else or want to redistribute wealth (all made to appear equally dangerous and scary).


But how about we not focus too much on threat groups. There’s all sorts of new, scary ways to destroy the world. Remember when bioterrorism was hot? Then nuclear terrorism (give it time, I’m sure we’ll start hearing recycled stories about all those suitcase nukes the Russians can’t find). Now it’s cyber-warfare. Yep, the Russians and the Chinese (or that snot-nosed 14 year old living down the street) are about to unleash hell upon us by shutting down our power grid, scrambling our bank accounts and denying us access to all those naughty internet pictures.

Of course, when we talk about that there’s very little discussion about capabilities or intent. Perhaps China can destroy our information infrastructure (I have no idea if anyone can do these horrendous sounding things but let’s assume so) and reduce us to 1950s life* but do they have the intent? And quite honestly, if we get to the point that China, or any other nation state, engaging in that level of hostilities with us, I suspect we’re going to have bigger problems to worry about than rampant malware. At that point, I’d be a bit more concerned about fallout patterns. And there, we can come back to deterrence theory (at least when talking about nations). Catastrophic cyber warfare will not be a whole lot different from catastrophic conventional or nuclear warfare. Participants will likely go in with everything they’ve got so, as Matthew Brodderick taught us, the only way to win is to not play.

Ok, getting off topic here. Back to threat.

All this comes up because it raises the question of what to do when the ‘T‘ drops down to a level where it’s not a concern that demands immediate action. If you buy my hypothesis, for example, that we’re in a terrorist lull how do we handle that? There are, I’d submit, at least two ways:

  1. Keep on, keepin’ on: Pretend there is no lull at all. Continue to say we face a fully capable and cagey adversary. The wolf remains at the door. Civilization hangs in the balance. Please increase our funding by 4%. This involves having to engage in increasingly complicated mental gymnastics to explain why, for example, we haven’t seen suicide attacks in the U.S., or waves of radicalized youth, prisoners, etc. engaging in wild street battles with authorities or other terrorist attacks.
  2. Come up with, and implement a real plan: Most of the past twelve years have been seat of your pants operations held together with duct tape and gum.** If we are in a lull, now’s the time to get our house in order, decide what sort of counter terrorism capabilities we need, develop, test and implement them. I get it, that’s really hard to do, particularly now when budgets are tight but that’s what the big kids get paid to do. Explain to legislators and the public why, even though the threat may be low now that we need to devote some resources to identify when that threat goes up and know how to deal with it.

*Sounds remarkably similar to the Romney platform, by the way.

**The industry metaphor remains ‘We’re building the plane as we fly it.’ There’s a reason why we don’t build planes as we try to fly them. That’s because they’d end in a horrendous crash. If you’re going to use a metaphor to explain your -ahem- process, it’s probably not a good idea to use one that ends in a fiery disaster.

2 Responses to Components of threat

  1. The equation is incomplete.

    Threat/intent/capability needs to be qualified by probability and impact…a couple of years ago, you suggested that some of us write on about a dozen or subjects relating to homeland security issues…my first (and, to date, only article – trust me, 2 1/2 years down the track the rest are STILL on my to-do list) article was ‘Accepting Risk’ ( In researching this (you are one tough task-master – normally I just lip off whatever I think at the time), I came across numerous variations on the theme of probability/impact matrices (the plural of Matrix). An element of this needs to be applied to your argument above to add the context to T/I/C as a threat warning is largely moot without a qualified assessment of its probability and impact…as examples I will see if I can find some of the crazy AQ ideas for attacks on the US that were allegedly discovered in the Abbotabad raid (I saved them at the time but have had a couple of meltdowns – computer meltdowns, just to be clear – since and may have lost them…some of them were just nuts and while T/I/C were all there, the assessed probability of them occurring was low and the the only likely to have been impacted was Jackass ratings…

    • You’re correct, of course. In my slipshod manner, I collapsed probability into capabilities and intent in some sloppy (and ultimately unsatisfactory) way.

      Hopefully, my core position stands…regardless of the components that actually make up threat, we aren’t well served by reducing threat to just one of those components (in this case, intent).

      Looking forward to the AQ stuff. Cheers!

Leave a Reply