Small Wars Journal

Combating Domestic Terrorism: Observations from Brussels and San Bernardino

Mon, 07/18/2016 - 10:27am

Combating Domestic Terrorism: Observations from Brussels and San Bernardino

Peter Forster and Thomas Hader

On March 22, 2016, Brussels, Belgium experienced three nearly simultaneous suicide bomb attacks at its international airport and the Maalbeek metro station. These attacks appear to be indicative of an increasing strategy of globalized jihad being carried out by the Islamic State of Iraq and Syria (ISIS). Not surprisingly, just as it had done after the attacks in Paris on November 13, 2015, ISIS quickly took responsibility for the Brussels bombings by stating that, “a security team of the Khalifah… set out to target crusader Belgium, which has not ceased to wage war against Islam and its people.”[i] Analysis of the Brussels attack offers some new tactical and strategic lessons for counter-terrorism officials as they seek to combat this dynamic threat. For example quick claims of responsibility appear to be emerging as a hallmark of ISIS-directed attacks, whereas they are more reserved in praising ISIS-inspired attacks such as the one in San Bernardino, which are often spurred by their online presence. As ISIS continues to employ capable means to radicalize individuals and encourage directed and inspired attacks, the threat of homegrown attacks is unlikely to cease anytime soon. This paper examines several observations made from the Brussels and San Bernardino attacks, analyzes ISIS’ evolving direction towards globalized small scale attacks, and integrates those observations into a model for countering violent extremism.

The first observation from the Brussels attack is that ISIS’s structure in Belgium, and perhaps elsewhere in Europe, is more sophisticated than anticipated. Amidst the dismantling of the Paris cell following the November 2015 attacks, the affiliated operatives of the Brussels’ cell maintained operational capability and security. Not only did Salah Abdeslam, a lead suspect from the Paris attacks, safely transit to Belgium with help from a prison contact,[ii] but the Brussels cell also managed multiple safe houses that kept Abdeslam safe for over four months.[iii] Furthermore, after the arrest of Salah Abdeslam on March 18, the remaining members of the Brussels cell demonstrated both agility and command-and-control capabilities to accelerate an attack vector. Although evidence now shows that the pre-planning conducted by the Brussels cell focused on attacking France, the command-and-control capability to quickly adjust to Brussel targets and make a decision to execute the multi-target attack before being exposed reflects the cell’s agile structure, largely only seen among trained operatives.[iv] This provides additional insight into the sophistication by suggesting that it had a list of potential targets that had undergone preliminary surveillance. Facing arrest, Najim Laachraoui and the el-Bakraoui brothers promptly selected another pre-determined target with which they were familiar and was vulnerable to the type of weapons they had constructed. Last, while it may be assumed that the decision to change the attack’s timing was made in Belgium, encrypted communications during those four days with ISIS leadership have not been ruled out. If such close command-and-control occurred it would be an additional concern to counter-terrorism officials and reflect more of an ISIS-directed attack.

The group’s ability to act decisively despite an imminent threat of capture shows an ability to adapt and learn. Sophisticated groups such as the Brussels cell present a challenge to law enforcement and intelligence assets. When dealing with sophisticated cells, it becomes imperative for the intelligence community to exploit information, such as that gathered from Abdeslam, as quickly as possible before a host of processes from recruitment to communications to operational logistics are changed. Regretfully, the acquisition and exploitation of actionable information is time consuming. Perpetrators held in custody seldom provide clear information. Notwithstanding, the time constrained Belgian authorities attempting to derive information from the suspect on his involvement in the Paris attacks failed to focus on his knowledge of future attacks.[v] An observed lesson is that initial questioning for terror suspects should focus on any imminent threats.

The second observation revolves around trust, communication, and collaboration among law enforcement and intelligence agencies and at-risk communities. Despite being wanted for their roles in the Paris attacks, Abdeslam and Mohamed Belkaid were able to find refuge in Belgium and remained operational for four months. Their ability to do so is due in part to the group’s safeguarding adaptability in the wake of retaliation,[vi] and a lack of law enforcement resources, but it is naïve to ignore that this also was made possible by community compliance.

Belgium’s jihadist challenge is complex and reflects the country’s political tensions as well as the socio-economic disenfranchisement felt by its ghettoized second and third generation of predominantly Moroccan descent. A disenfranchised population of nearly 100,000 reside in Brussels’ Molenbeek.[vii]  The population views the police and the government with disdain and are a ripe target for a longstanding and well-organized network of radical Islamists recruiters, such as Sharia4Belgium.[viii] These factors have contributed to Belgium having the largest number of foreign fighters per capita.[ix]  Abdeslam’s ability to avoid capture cannot simply be blamed on an intelligence failure, it also is a reflection of the government’s inability to mend societal cleavages. Abdeslam avoided associating with any close contacts that may have been under surveillance, and instead was shielded by a more peripheral circle. This indicates a broader communal network willing to delude investigators. The fact that recruitment and radicalization within Molenbeek is largely based on friendship and family ties also left Abdeslam with a much smaller digital trace than if he had been dependent on online relationships.[x] However, his ability to elude capture also rested on a systematic failure.

A major factor that compounded the violent radical extremist threat in Belgium was political factionalization. Existing political tensions between Belgium's Flemish and Walloon populations divided the intelligence and law enforcement communities.[xi] As a result, both communities were underfunded, undersized, and overly siloed. In addition to having six different police forces in Brussels, the former head of Belgian intelligence reported in an interview with Time that the intelligence service had been “sidelined” by the political establishment.[xii] These factors all came into play in the lead up to the Brussels attack. In spite of being overwhelmed by the number of open cases, the Federal Office of Threat Analysis identified 80 suspected violent radicals to the Molenbeek police. In response, local authorities investigated each case and turned the information over to the federal police. When Molenbeek’s mayor was asked what happened after that, she replied that it was up to the federal police to pursue the cases and that everyone has “their responsibility.”[xiii] This lack of inter-agency cooperation reflects a silo-mentality reinforced by the political divisions previously mentioned which undoubtedly led to the mismanagement of the investigation. However, it was not the only lapse made by Belgian authorities.

While the breakdown in intelligence was significant, the fact that no member of the communities in which the terror suspects were hiding came forward presents a much larger problem. The lack of community engagement reflects a lack of trust, and stands as a stark indicator of the societal cleavages that exist in Belgium, which contribute to an enhanced threat of homegrown terrorism. Countering the threat requires improved inter-agency coordination and government-community relations to act as a force multiplier by opening a dialogue between concerned citizens and investigators.

The last observation from Brussels is the need for intelligence sharing at an international level. A breakdown in intelligence sharing at the international level impeded local authorities from conducting proper investigations against the suspects of the Brussels attacks. For example, Abdeslam had longstanding ties to a known terrorist named Abdelhamid Abaaoud, who later was found to be a key player in the Paris attacks. The two were not only childhood friends but were even convicted together of an armed robbery in 2010.[xiv] Abaaoud’s ties to ISIS came to the attention of authorities for his having contact with Mehdi Nemmouche, the extremist responsible for the shooting at a Jewish Museum in Brussels,[xv] and appearing in an issue of Dabiq, in which he claimed to have returned to Brussels to plot attacks.[xvi] He was even sentenced in absentia on terrorism charges in a Brussels court.[xvii] After French officials confirmed his presence in Athens from a geo-tagged phone call,[xviii] the lack of inter-agency information sharing of his presence in Europe impeded an investigation by Belgian authorities, which may have yielded an interest into Abdeslam. His escape from France following the Paris attacks was possible because his ID did not raise any red flags during a checkpoint stop.[xix]

Additionally, Turkish officials claimed they presented Belgian authorities with information that the suspect Ibrahim El Bakraoui, whom they deported to Holland, was a foreign fighter. However, Belgian authorities could not establish any ties to terrorism and released him due to a lack of evidence.[xx] The case of El Bakraoui illustrates the challenges related to information sharing which have been confirmed through discussions with intelligence practitioners.[xxi] The first is what information is shared. Intelligence organizations protect sources, hence, the shared information may not be sufficient to make a substantive inquiry.  The second challenge is how the receiving agency processes and accepts the information that has been shared.  Additionally, Turkish officials claimed they presented Belgian authorities with information that the suspect Ibrahim El Bakraoui, whom they deported to Holland, was a foreign fighter. However, Belgian authorities could not establish any ties to terrorism and released him due to a lack of evidence. The case of El Bakraoui illustrates the challenges related to information sharing. The first is what information is shared.  Intelligence organizations protect sources; hence, the shared information may not be sufficient to make a substantive inquiry.  The second challenge is how the receiving agency processes and accepts the information that has been shared. In discussions with intelligence practitioners, improving access to classified information without jeopardizing sources required a two-fold solution.[xxii]  To help correct this problem, a method needs to be implemented to sanitize shared information without removing critical data to make it actionable. Second, it is necessary for the receiving organization to develop the capacity to effectively use the actionable data.

Applying the Observations Learned to Understand the Threat Now and In The Future

On the morning of December 2, 2015, after Tashfeen Malik pledged allegiance to ISIS’ leader Abu Bakr Al-Baghdadi, she and her husband Syed Rizwan Farooq attacked the Inland Regional Center in San Bernardino, California killing 14 people and injuring another 22. The San Bernardino attack was the second deadliest ISIS-inspired attack in the United States. Unlike the attacks in Brussels, ISIS took several days to acknowledge Farooq and Malik’s actions eventually releasing a statement praising the attacks and acknowledging the couple as soldiers of the caliphate.[xxiii] The attacks in San Bernardino followed a similar pattern of other ISIS-inspired attacks in the United States. However, examining the San Bernardino shooting, in the context of the Brussels attack, provides strategic and operational takeaways for counter-terrorism officials.  

The first observation from the San Bernardino attack is the effectiveness and power of the online environment in mobilizing individuals to action. Unlike the Brussels cell, the San Bernardino shooters exploration into fundamentalist Islam was carried out almost exclusively online. As a result of their activities being largely confined to the internet, the couple avoided leaving red flags for authorities. Therefore, from the time they began to explore extremist ideology to the point of engaging in it, Malik and Farooq remained undetected. Farooq began viewing extremist content online as early as 2005 and by 2007 was discussing the extremist views of Anwar al-Awlaki and “expressing disdain” for American Muslims killing other Muslims.[xxiv] Over the course of several years he introduced his neighbor Enrique Marquez to Al-Qaeda’s Inspire and ISIS’s Dabiq online publications, and a series of extremist videos.[xxv] In 2011, Farooq expressed a desire to join Al-Qaeda in the Arabian Peninsula (AQAP) and was already conspiring with Marquez to conduct attacks in Southern California.[xxvi]

Malik became increasingly religious during college in Multan, Pakistan which  was home to two of the 2008 Mumbai attackers. Her belief in conservative Islam was so strong that she even declined to pose for a yearbook picture. Malik also had sent private messages via Facebook pledging support for jihad to friends in Pakistan as early as

2012[xxvii] but these were not discovered until after the attack. Malik and Farooq met through a dating site, and Malik entered the US on a K-1 fiancée visa in July 2014. By 2015, the couple had made their fundamentalist beliefs apparent on Facebook. Malik had begun using the Internet to find information on ISIS, and Farooq attempted to make contact with al-Shabaab and the al-Nusra Front.[xxviii] These inquiries offered  evidence of their state of mind if not also their ultimate intentions. The San Bernardino shooters like many other self-radicalized individuals did not have any links to external operators like the Brussels attackers. While the digital exhaust from their public online posts may have provided an indication of their intent, statements of fundamentalism unaccompanied by threats of violent action are not illegal in most Western nations. Hence, even if law enforcement identified the postings they had little recourse other than to monitor their public social media comments.

The second observation from the San Bernardino attack is that homegrown terrorist groups tend to operate either as lone wolves or in small tightly linked groups, which in turn increases operational security and reduces the chances of exposure. According to authorities, the San Bernardino cell, to date, was composed of three individuals, the shooters Farooq and Malik, and Marquez. Although Marquez discussed prior plots with Farooq, there is no evidence that Farooq and Malik shared their new plots with Marquez nor did they discuss it with others online, except for a Facebook post pledging allegiance to ISIS right before the attack.[xxix] As a result they were able to stay off the authorities’ radar. Whether intentional or not, their small structure was beneficial to maintaining operational security allowing them to plan and attack without warning. Other successful ISIS-inspired attackers in the United States such as the Garland, Texas shooters operated in a similar fashion. For example, although the FBI were investigating one of the shooters, Elton Simpson, for terrorist-related activities, they were not aware of him posing any credible threats. The FBI did issue a warning to the Garland Police Department three hours before the start of the Garland cartoon exhibit, indicating that an incident was possible. However, authorities were unaware of anything specific. The only warning came from a tweet twenty minutes before the attack by one of the gunman stating, "May Allah accept us as mujahideen, #texasattack."[xxx] Similarly, the Brussel's cell leader Salah Abdeslam managed to avoid detection for several months after the Paris attacks by operating within a small confined network. Authorities caught a break and were able to track Abdeslam only after he reached out to an acquaintance that was being monitored.[xxxi] These cases are indicative of the fact that small operational networks naturally provide good operational security, and largely only become compromised if the actors publicize their intentions or reach out to outsiders.

The third observation from the San Bernardino shootings is that gaining recognition from ISIS is becoming a larger factor in the evolving homegrown terrorist threat. ISIS’s attraction to foreigners combined with their ability to mobilize small groups through their online material and communications efforts supports the assumption that the virtual cell is replacing “lone wolf” terrorism as a new emerging threat.  Although Farooq traveled to Pakistan, there is no evidence that he was radicalized there. Instead, he was largely motivated from the material he viewed during his self-radicalization process. The material he downloaded, such as Inspire, also provided directions for building simple bombs. Farooq also attempted to establish communications with international terrorist groups by using publicly available online tools. Ultimately, the couple pledged allegiance to ISIS and al-Baghdadi through Facebook, in the hopes of being recognized by the group for their actions.[xxxii] Similarly, six months later as the Orlando shooter Omar Mateen was held up inside the nightclub he attacked, he explicitly called 911 to pledge his allegiance to ISIS.[xxxiii] The desire for independent followers such as Simpson, Farooq, Malik, and Omar to gain acceptance from ISIS provides a definitional difference between ISIS-inspired attacks, those seeking acceptance, versus ISIS-directed attacks, those who are or were in contact with ISIS such as the Brussels attackers. However, the resulting actions are both deadly.

The geographic isolation that has so far afforded the United States a preventative measure against an ISIS network cell infiltrating the mainland unfortunately does not provide any deterrence online. Unlike the attacks orchestrated in Brussels and Paris, attacks committed within the United States have been solely inspired. The fact that Farooq's pathway into fundamentalist Islam and connections to both Marquez and later Malik remained undetected is a huge concern. Notwithstanding, counter-terrorism officials should not become complacent and focused solely on inspired or directed attacks. Although small cell and "lone wolf" attacks appear to be the most likely in the near future, the collapse of ISIS will in all likelihood lead the group to finding less conventional ways to encourage attacks. For example, the presence of encrypted communications may lead to the emergence of virtual cells coordinated by an experienced handler to exercise command-and-control. Furthermore, as ISIS continues to lose its resources and command capabilities, it will increasingly turn to criminal organizations and establish a terror-crime nexus in order to smuggle fighters across international boundaries and acquiesce weapons. The greatest observation from Brussels and San Bernardino remains that the implications from a changing terrorist landscape will continue to pose a risk to international security for years to come.

The Globalized Jihad

Since the declaration of a Caliphate by Abu Mohammed al Adnani in June 2014, ISIS has committed to an ideologically based global strategy that has leveraged local grievances and strengthened connections via foreign terrorist fighters (FTFs) to increase recruitment.[xxxiv] Its success at attracting foreigners has surpassed all previous terrorist organizations to date, totaling over 30,000 FTFs from more than 100 countries. Within three months of establishing the caliphate, Al Adnani also urged followers to strike at home, mimicking the tactics of Al-Qaeda’s Zawahiri who promoted lone wolf attacks.[xxxv]

The ongoing military operations being conducted against ISIS threaten to intensify many of the factors that lead to the Brussels and San Bernardino attacks. Coalition military operations have reduced ISIS controlled territory by 40% in Iraq and 20% in Syria. As its leadership is depleted, its financial resources eroded, and its territorial control reduced, ISIS will seek increased attacks on the Western world.[xxxvi] CIA Director John Brennan’s report on June 16, 2016, supports this assumption.[xxxvii] Since the attack on Charlie Hebdo in Paris in January 2015, ISIS has directed 52 and inspired 13 attacks in 14 countries.[xxxviii] Days after the Brussels attack, ISIS released a video calling for its followers to rise up and perform jihad against coalition forces.[xxxix] The slow compression of the group’s control in Iraq and Syria is a step towards stabilizing the region, however it also presents a backlash for the West.  Martha Crenshaw argues that “extremist groups may be most dangerous when they feel beleaguered and on the defensive,” and points out that groups “moving to a greater destructiveness may be a reaction to a need to retain initiative.”[xl] Therefore, it is likely that as the caliphate balloon is squeezed, ISIS’s leadership will increasingly urge foreigners to attack at home rather than traveling to join them. Simultaneously, as the caliphate constricts, an unknown number of FTFs who have traveled to the caliphate will be more likely to leave the conflict zone and returning home or to another location. According to Thomas Hegghammer’s finds “the presence of foreign fighter returnees increase the effectiveness of attacks in the West,” and that “46% of all plots included at least one veteran.”[xli] Completing the trifecta is the exploitation of the migrant crisis confronting Europe, which has lead ISIS to smuggle operational commanders and trained operatives into Europe and perhaps beyond, as a way to organize recruitment efforts, spread their ideology, and lead small-scale attacks.

The repercussions facing the West from an increase in returning fighters, inability of recruits to join the caliphate, and a migrant crisis are in themselves grave, but may be made progressively worse when coupled with ISIS' social media capabilities. To date, a majority of the propaganda released by ISIS has focused on portraying the caliphate as a sanctuary in the hopes of attracting foreigners to come abroad. The success of the group’s media efforts were a major influence in the recruitment of the approximately 30,000 fighters that joined. If the same degree of resources are re-directed to encouraging domestic attacks, then the results are likely to be grave.

ISIS’ online presence has not only allowed the group to recruit individuals to Iraq and Syria, but has inspired those unable to make the trip to commit domestic attacks. The group has successfully used several publicly available platforms to deliver their message. For example, they have created websites dedicated to promoting their propaganda such as the Al-Hayat media center. Additionally, ISIS has successfully flooded sites such as YouTube and Wordpress with viewable and downloadable material ranging from speeches, to full-length movies, as well as regular releases of their magazine Dabiq. Not surprisingly, in Dabiq issue 13, ISIS praised the San Bernardino shooters and used the tragedy to encourage more domestic attacks “in America, Europe, and Australia.”[xlii] Additionally, Al-adnani released a speech available in audio and print during the month of Ramadan calling for “a month of suffering for the Europe and America.”[xliii]

Furthermore, ISIS uses social media platforms with direct messaging capabilities such as Twitter, and increasingly smart phone apps such as Telegram to communicate with hopeful recruits who identify with the group’s ideology. ISIS even created its own android app which streams live updates,[xliv] and achieved the capability to send untraceable mass text messages.[xlv] Last, ISIS has shifted a portion of its online activities to the Dark Web. This transition has allowed ISIS to not only raise money through illegal means using Bitcoins but also allows users to access their sites with almost complete anonymity. As ISIS leadership began suspecting that their access through Tor may have been compromised, they informed users to switch to an operating system known as Tails to enhance operational security, creating yet another hurdle for the law enforcement and intelligence community.[xlvi] ISIS’s online approach is illustrated in figure 1:

Figure 1

Although counter-terrorism officials’ efforts at combating ISIS’s online presence have had some success, challenges remain. Contrarily, these successes have also inadvertently pushed ISIS into adapting and pursuing new avenues to make themselves heard. The group started off using platforms such as Facebook, YouTube, and Twitter to reach their audience. When authorities began by shutting down ISIS’s accounts, the group simply adapted and found new ways to communicate. For example, after Facebook expanded its campaign to shut down ISIS linked accounts, there was an increase of ISIS related accounts on Twitter.[xlvii] Not surprisingly, after Twitter shut down nearly 125,000 ISIS related accounts[xlviii] the group began using an encrypted telephone app named Telegram, and even after ISIS accounts on Telegram began to get shut down they simply found a work-around.[xlix] While shutting down accounts has some benefits, this needs to be integrated into a more comprehensive strategy that includes counter-messaging and community awareness to dangers of online content as well as closing accounts and tracking known high-risk individuals.

As the intelligence and law enforcement communities become more aggressive in curtailing ISIS’s presence online, they are colliding more frequently with privacy law limitations. The FBI’s recent confrontation with Apple Inc. over creating a workaround to gain access to an Apple iPhone, which was used by the San Bernardino shooters is a prime example.[l] Although the FBI was able to gain access to the phone without the help of Apple, the fact that this level of encryption has been broken will likely cause terrorist groups such as ISIS to find other methods to communicate securely. The data on the devices may provide additional information that may be crucial to investigators; however, it will also lead groups such as ISIS to find new ways to keep their data encrypted, which in turn only leads to an ongoing game of cat and mouse. Determining the line between privacy and security will become more difficult for governments as new technology continues to emerge. Once privacy tools become accessible by authorities, organizations such as ISIS find new ways to conceal their communications. Government officials may find it easier to keep privacy laws intact, which would inhibit the need for criminal enterprises to continue to find new ways to hide. This in turn not only protects the rights of law-abiding citizens, but also eases the amount of resources needed to continually decrypt new methods being used by criminal organizations. 

Countering the Threat

Brussels and San Bernardino are a stark reminders of the evolving threat posed by ISIS and the difficulties faced in combating their multi-faceted strategy. The threats confronting European agencies and their American counterparts are immense but observations from both the Brussels and San Bernardino attacks that can inform efforts at countering violent extremism.

International efforts on countering violent extremism are offered in the Organization for Security and Cooperation in Europe’s Preventing Terrorism and Countering Violent Extremism and Radicalization that Lead to Terrorism: A community policing approach, the European Union’s The European Union Strategy for Combating Radicalization and Recruitment to Terrorism, and UN General Secretary Ban Ki-Moon’s comments in January 2016 when he presented a new UN plan of action to prevent violence stemming from “poisonous ideologies.”[li] Each of these plans recognize that the causes of radicalization are multi-faceted and have no definable pathway.  It is the unique nature of violent radicalization, evolving from a convergence of factors that make a response so challenging. From an international perspective countering violent extremism requires addressing political, socio-economic, and humanitarian issues while seeking to maintain security. The challenge remains not the identification of the problem or even possibly the development of policy recommendations, but establishing the framework, processes, and political will to implement effective countermeasures.

To combat homegrown radicalization, it is important to more openly share intelligence including having counter-terrorism officials sharing resources, within reason, with countries lacking the means to conduct proper investigations. In Brussels such an approach may have prevented the attack, however more information sharing and resources may not have stopped the San Bernardino shooters.

Moving forward, sharing information and allocating resources will not be sufficient. Sharing must be combined with a concerted effort on the part of government and civil society to build trust with at-risk communities such as establishing processes that encourage cooperation between communities and government. In Molenbeek, the sense of disenfranchisement allowed the Paris perpetrators to remain free for four months allowing the Brussels cell to plan an attack. Although not known as an at-risk community, the San Bernardino community still needed to be more engaged. At least two people, Marquez and an unidentified acquaintance, were aware of Farooq’s extremist behavior but said nothing. In other US cases, there have been others who knew something or recognized a deviation but remained quiet. Tip-offs from concerned individuals have been highly influential in preventing terrorist attacks, the raid on the Paris attack mastermind Abdelhamid Abaaoud was solely executed because a Muslim woman came forward and provided French authorities with his whereabouts.[lii] As a result, raising awareness in at-risk communities, engendering trust with concerned citizens, creating low-risk communication avenues to report problematic behavior, and providing pathways for exit from radicalization are essential. 

Third, governments should not strip privacy rights away from its citizens under the guise of providing security. Terrorist organizations such as ISIS have proven their ability to adapt and find innovative ways to mask their criminal activities. Restricting privacy will only lead criminal organizations to find more innovative methods to stay hidden, whereas lawful citizens will be the ones most affected by laws that strip away their privacy and rights. To be successful in this evolving terrorist struggle an integrated model, depicted in figure 2 is needed:

Figure 2

The events in Brussels and San Bernardino are a stark reminder of the evolving threat posed by ISIS and others’ ability to inspire and direct attacks in the West. Both attacks demonstrated the two different methods (i.e. direct vs. inspired attacks) that ISIS is likely to use to continue to perpetrate chaos in the West as the organization’s area of operations continues to be depleted. While different in nature, both demonstrated a higher level of sophistication and operational security than is normally seen in homegrown domestic attacks, which should raise concerns for the intelligence and law enforcement communities. Preventing other Brussels and San Bernardino style attacks requires a strategic response that focuses on intelligence sharing, promoting community engagement with law enforcement, and the protection of core western values/

End Notes






[vi] Brophy-Baermann and Conybeare (1994) “Retaliating against Terrorism: Rational Expectations and the Optimality of Rules versus Discretion” American Journal of Political Science v 38 n1 Feb p 196-210

[vii] Ibid


[x] The Offline Allure of the Islamic State, The Soufan Group February 8, 2016.

[xii] Ibid.





[xvii] Ibid.

[xviii] Ibid.



[xxi] Forster, Peter K. interview with anonymous sources. Partnership for Peace Consortium Combating Terrorism Working Group TableTop Exercise, “Migration Crisis; Security Challenges and Policy Recommendations” Garmisch, Germany, June 1 - 3, 2016.

[xxii] Forster, Ibid.


[xxiv] United States of America v. Enrique Marquez Jr, US District Court in the Central District of California Criminal Complaint 5;15 MJ498, filed December 17, 2015.

[xxv] Ibid.

[xxvi] Ibid.


[xxviii] Bergen, Peter United States of Jihad, Crown Publishers, 2016






[xxxiv] Daniel L. Byman (2105),, Why ISIS might regret the decision to go global, Brookings Institution November 16 online @ http:/www.brookings.ed/blogs/markaz/posts/2015/11/16-isis-big-mistake




[xxxviii] updated March 22, 2016 The number of  inspired attacks have been updated in accordance with the Orlando, Flordia attack which occured on June 12, 2016. 


[xl] Crenshaw, Martha. "Theories of Terrorism: Instrumental and Organizational Approaches." Journal of Strategic Studies 10.4 (1987): 13-31.












About the Author(s)

Dr. Forster is a professor emeritus of Security & Risk Analysis in Penn State’s College of Information Sciences and Technology (IST), and an affiliate professor in Penn State’s School of International Affairs. As a member of a number of research centers, he studies risk and crisis management, situation awareness, social network analysis, counterterrorism policies and strategies. His work includes using simulations and tabletop exercises to improve command and control in counterterrorism and engaging government and civil society in addressing terrorist threats. Dr. Forster is the co-chair of the NATO/OSCE Partnership for Peace Consortium Combating Terrorism Working Group (CTWG), co-editor of NATO’s Counter Terrorism Reference Curriculum and co-course academic director of NATO's Defence Against Terrorism course. 

Dr. Forster’s primary areas of interest are terrorism/counter-terrorism, risk and crisis management, and national and homeland security. Forster has co-developed a course on cybersecurity for the US government, facilitated international counterterrorism tabletop exercises and led grants exploring process and technology integration to improve law enforcement’s situational awareness.   He is the co-author of Multinational Military Intervention, Stephen J. Cimbala & Peter K. Forster 2008 and Cognitive Systems Engineering Michael D. McNeese & Peter K. Forster, 2017, has authored articles on using technology in counter-terrorism, extremist recruitment models in the United States, understanding distributed team cognition in crisis situations, and American foreign policy and interests in Central Asia and the Caucasus.  Dr. Forster holds a PhD. in Political Science (International Relations) from Penn State.


Thomas Hader is a 2ndLt. in the US Marine Corps. He previously held the position of Lead Researcher at the Counter-Terrorism Research Initiative (CTRI) in the College of Information Sciences and Technology (IST) at Penn State.  He has also held research positions at the National Consortium for the Study of Terrorism and Responses to Terrorism (START) and the International Center for the Study of Terrorism (ICST).



Tue, 08/09/2016 - 5:07pm

This is an interesting article by two academics and deserves a response from a former CT practitioner who remains interested in the problems we face.

The fact is that Western societies have an abundance of targets for any terrorist, where mass casualties are possible whether by an individual or group, trained or not. The Nice attack on Bastille Day shows the potential – where a lorry drove into a packed public space. Defended public or private targets so far have been rarely attacked, notably government buildings, but not airports which have ‘security’.

There is very little information in the public domain that initial questioning of a suspected terrorist attacker results in them providing information. The legal regimes differ, but remaining silent is the suspects choice – only with a legal penalty much later on. A person convinced terrorism is justified is hardly going to suddenly change their mind and help us the enemy.

The role of the community and by implication the Muslims who reside in places like Molenbeek, Belgium is given prominence. The authors ask is the ability to plan, recruit and hide after an attack due to community compliance. The role of ALL the public in providing information to the authorities or intermediaries is a far more complicated; it is covered in part by a Forum thread:

Back to Molenbeek, Belgium. Given the community’s composition, attitude towards the nation-state and reported level of organised criminal activity, notably drug dealing and forged documents, it is hardly surprising in such a location few see what is happening around them. Those who do need to be motivated to talk and can find safe ways of reporting. Add in the cited use of operational security and a small personal network used by Abdeslam – no wonder he could hide.

I note the reference to sharing sanitised information without removing crucial data to make it actionable. Plus a capacity to effectively use this actionable data. This is a KEY issue when the criminal justice route is used. Disclosure of the prosecution’s evidence and supporting documents is often now a legal requirement.

It took the UK a long time to get this right, even with the Northern Ireland experience.

To develop a robust structure that can takes time, practice and deep, often difficult thinking.

It is not unusual for some in the UK to cite that ‘national security’ precludes disclosure to law enforcement, the public and the criminal courts. Public safety can over-ride this, not without argument and delay.

At times one does wonder whose interest is being served when some US newspapers have ‘exclusive’ reports citing European police, intelligence and other sensitive government documents and sources.