December 4, 2018

IntelBrief: Costs and Consequences of Counterterrorism

Police counter terrorism officers  (AP Photo/Kirsty Wigglesworth) .
  • The U.K. Parliament has issued a report detailing shortcomings with how its security services handled five terrorism cases in 2017.
  • The challenges came not in the responses to these attacks, but rather the inability to ‘connect dots’ or deter people already identified as potential threats.
  • The U.K. is hardly alone in this quandary—every democracy struggles to balance liberties with potential threats, and face far too many threats to assess and prioritize.
  • Big data solutions, machine learning techniques and more ubiquitous video surveillance will be useful, but will not necessarily help to prioritize what are often individual decisions regarding threats and the allocation of resources.


As with many recent terrorist attacks in the European Union and the United States, the 2017 string of attacks in the U.K. was jarring. The threat of small-scale but devastating terrorist attacks by either a small cell or a lone actor has been elevated in the West since 2015, when the so-called Islamic State began conducting operations outside of its territory with attacks in Paris, Brussels, and elsewhere. Yet these attacks were also not surprising, after the fact, when authorities studied the perpetrators. In the case of the May 22, 2017 suicide bombing attack against a crowded concert in Manchester that murdered 22 people, the suspect, Salman Abedi,was already on the ‘radar’ of security services as a potential threat.Released on November 22, 2018, a report by the Intelligence and Security Committee of the U.K. Parliament analyzed the Abedi case in granular detail, finding that the intelligence and security services missed indicators and possible links that should have moved Abedi from the overall ‘terror watch list’ to the smaller list of people that receive closer scrutiny. It is that step, moving from a person of concern to a one associated with a higher-level threat, that is crucial for services to get right. Still, the scale of terror watch lists and the overall operational tempo of attacks makes it unrealistic to prevent every single incident.

At the end of the Executive Summary of the report entitled ‘The 2017 Attacks: What Needs to Change? Westminster, Manchester Arena, London Bridge, Finsbury Park, Parsons Green,’ the authors noted the following: ‘As can be seen from the points we have highlighted here, it has been striking how some of the issues which arose in relation to the 7/7 attacks and the killing of Fusilier Lee Rigby have also been seen as having been a factor in the 2017 attacks. We have previously made recommendations in these areas, yet they do not appear to have been acted on.’ Too often, ‘best practices’ and ‘lessons learned’ are never actually learned or internalized but merely reported on before fading, cast aside or victimized by organizational culture, budget constraints or other issues that commonly plague the intelligence community. The report makes several practical recommendations that, if acted upon, could reduce the chance that someone already known to authorities, a so-called ‘known wolf’ like Abedi, could further radicalize through an association with other known terrorist sympathizers. The report found that Abedi had visited ‘an extremist prisoner’ who was classified in a threat category less than the highest ‘Category A,’ which meant the visit went unflagged. As with many aspects of counterterrorism, the dots are obvious only in hindsight.

Some of the problems discovered in preventing the 2017 attacks are far larger than those to be handled by MI5 or Counter Terrorism Policing (CTP) and involve issues of law and policy— free speech and restrictions by internet service providers. The committee’s report laments the fact that terrorist content remains widely available online. And while the online aspect of terrorism receives significant attention in academic and policy circles, there are still major challenges facing law enforcement in the physical world. Since it can take between 20 and 25 individuals to maintain blanket surveillance on a suspected terrorist—24 hours a day, 7 days a week—the resource limitations are stark. Most security services lack the budget and personnel to conduct intensive surveillance and monitoring of more than just a few dozen individuals of concern at any given time. Considering that in some European countries like France, the list of potential terrorist sympathizers is nearly 20,000, there is a high likelihood that more ‘known wolves’ will inevitably evade further detection and go on to commit terrorist attacks within their home countries.

The Provisional Irish Republican Army, a terrorist organization that the U.K. is intimately familiar with, once warned the British government in the aftermath of an attempted assassination of Prime Minister Margaret Thatcher: ‘You have to be lucky all the time. We only have to be lucky once.’ Unfortunately, this remains true today, while the number of potential terrorist threats has metastasized, providing counter-terrorism officials with a tremendous challenge that will require significant resources and an agile approach that combines technology with traditional ‘beat-cop’ style policing and intelligence-driven counter-terrorism operations.


For tailored research and analysis, please contact:


[video width="960" height="540" mp4="" poster=""][/video]