I’m writing this just a few hours after the news about the bombing in Boston. You won’t see any speculation here about who’s responsible, thoughts on the immediate response or similar things. Rather, I want to talk a bit about what the larger implications might mean in terms of threat and what how an intelligence shop might best respond in a situation like this.
Ok…first things first. A couple of rules to keep things in perspective.
- We should now know that with events like this, information that comes our way in the first hours is going to be confused, full of inaccuracies and speculation. Anyone who speaks with authority in the first few hours is likely to be a liar.
- The 24 news channels are terrible at covering events like this. Since there is so little information to report they have to fill their air time with anything they can. This means your signal to noise ratio will be off the charts. Once you get the broad outlines of the event and (possibly) see any footage of the event your best bet is to switch off the TV.
Since we’ve not got a few decades of data about terrorism from all around the world, there are some findings that might help us think about what might (might) come next.
First, a good place to look is the fine folks at the National Consortium for the Study of Terrorism and Responses to Terrorism (START). I’d recommend reading this piece about the (un)predictability of terrorism and its ‘burstiness’. I’d particularly like to mention this latter point.
As the people at START put it:
But in addition, terrorism has a bursty quality. When it is effective in a particular time and place, we get a lot of it rapidly.
Now, I think the key word here is the word ‘effective’. While, on some level, attacks like Oklahoma City, Mardrid, and 9/11 were successful but I’m not sure they would be considered ‘effective’. After all, in all of those cases the terrorist group (or individual) was captured or killed during or very shortly after the attack. There was, in short, no one left to follow up on the success and so no follow up occurred.
But, take something like London or (I’m sure) the terrorist activity we see in much of the Middle East and you’ll see a different definition of ‘effective’. Since a ‘successful’ attack isn’t a requirement for a terrorist to be successful (because, remember, the point of terrorism is to elicit a particular response…not generally to do direct damage) you can ‘fail’ but still be effective. I’d suggest that much of the Palestinian terrorism over the past few decades falls into this category.
So…if we don’t neutralize (in some way) the perpetrators in some reasonable amount of time, we might reasonably expect additional attacks by the same group or individual.
Conversely, this also means that if we might not need to be too worried about ‘copy cats’ or others being inspired to action. After all, al-Qaida has been trying to inspire people to take up the cause for years with little success. White supremacists have been trying for decades with little to show for it.
It also means that the data suggests that the threat is going to be localized in time and space. Might the perpetrators jet off to Idaho and launch attacks in Boise? Sure, I guess, but I’m not sure I’d consider it particularly likely.
Also from START is this piece which states that we might see an increase in hate crimes over the coming weeks as a result of this attack. Based on their data, the people at START have concluded that:
…in the weeks following a terrorist attack, the number of anti-minority hate crimes increased if the attacks were made against symbols of core American values (such as the Pentagon) or perpetrated by groups with a religious motivation.
Does the Boston marathon qualify? I’d guess definitely in the immediate area. I’m not sure how much resonance the event has on people further afield. But, depending on who is identified as suspects, this could be an issue.
Readers of this blog know I often talk about small intelligence shops. Events like the attack in Boston, because they are so rare, are going to attract the attention of just about every intelligence unit in the country. Almost every one of them will be expected to publish some sort of ‘product’ about the event. So, what should a small shop (I’m not talking the big three letter agencies of the federal government but rather the numerous state, local and joint agencies and centers around the country) do in situations like this?
Everything I’m going to write here is for those shops that don’t ‘own’ the territory where the attack took place. If this attack took place in your area of operations than that’s another story for another time.
First…take a breath. Look at observation #1 at the top of this post. You’re highly unlikely to get much of value during the first 24 hours after an event so don’t expect to do more than summarize basic facts.
BUT…everyone is going to want to be seen to be doing something. This is, after all, the big show. So, even if there’s nothing to say, there will be incredible pressure to say something anyway. In some cases this is from a very real desire to ‘help’. In other cases this is a very real desire to justify ones existence. It reminds me of a quote from Sir Humphrey:
“Politicians must be allowed to panic. They need activity. It is their substitute for achievement.”
Only politicians aren’t the only ones susceptible to this. If you don’t have a plan in place you’ll get sucked into the thankless (and useless) task of feeding regurgitated news to various overlords like a mother bird does with her chicks.
Instead of trying to compete with CNN, the New York Times or news agencies (which you’ll never succeed at doing) take advantage of this time to figure out what you need to know for your area of operations. So, let’s say I was in charge of a shop in…North Carolina (or Montana…whatever) when this attack happened. What’s going to be important to me initially? Probably:
- Who committed the attack
- The specific individual(s)
- Any affiliated group
- Any linkage to my area of operations
- Why did they commit the attack
- What was their motivation
- Why did they pick that specific target(s)
- How did they commit the attack
- How did they acquire the explosive device
- How did they carry out the attack (emplacement, detonation, escape)
Now, as those questions get answered you’ll have follow ups and more specific ones but even a list like that disseminated to your staff will help them separate the wheat from the chaff during the early hours and days of the story. Yes, eyewitness accounts may be compelling but if they don’t address those questions your people are really just wasting their time.
Second, if you do not have a compelling reason to call the agency(ies) responsible for handling the emergency do NOT do so before their first press conference at the earliest. Look, they’ve got a lot on their hands and the last thing they need to do is answer a bunch of questions from a yahoo like you because the leader of your agency 900 miles away wants the latest poop. Remember, there are now literally hundreds of intelligence shops in the U.S. now…many of them are going to be calling the scene in order to be the first on their block to put out a product with an exclusive tidbit to show how ‘high speed’ they are. The last thing you would need in that situation is an extra few dozen calls from people essentially saying ‘So…what’s up?’ Let them do their job and you’ll get your information when you need it.
Third, remember that one incident is NOT a trend. Don’t start reorganizing your whole shop based on one event. If you’re assessments of the threat were on solid ground before an attack like this, they should remain so. One event should not nullify your analysis. BUT…this is a good time (well, earlier was a better time but you slacked off, didn’t you? So we need to do this now) to identify the triggers that would cause you to reevaluate your analysis.
For example…I’ve been saying that al-Qaida is a has-been organization for some time now. Assuming they were behind this attack (for a moment) would not change my opinion. But I should be able to explain at what point I would say my analysis was crap. That’ll keep me straight both when my ego is on the line as well as when tensions are riding high and people start making claims that this or that event ‘changes everything!’
Forth…If you have nothing to say about an event…say nothing. The intelligence community is suffocating on a philosophy of ‘Send it to everyone…just in case they need it.’ This means it’s not uncommon to receive the same message three, four, five times or more. It’s not uncommon to receive products that have no relevance to your area of interest. Adding to the noise does nothing but guarantee that when you really do have something to say, it’ll be ignored.