In her groundbreaking book, Handbook on Warnings Intelligence: Assessing the Threat to National Security, author Cynthia Grabo defined warnings intelligence and indicators as “information in various degrees evaluation all of which bear upon the intention of a potential enemy to adopt or reject certain course of action.”
In counterterrorism, the challenge is to determine whether the adversary intends to commit an act of terrorism and, of equal importance, where and when. A new actor in terrorism may present a challenge to the existing system of indicators we have employed with remarkable success.
A valid indicator accurately correlates to the concept it is intended to measure. In counterterrorism, the indicators have been shown to have correlational validity; that is, they correlate with one another or are seen occurring together. They have also shown predictive validity — the correlation to planned acts of terrorism. What these indicators lack is discriminant validity. In other words, they cannot reliably discriminate between terrorism and otherwise innocent activities or common criminal activities.
For example, is the purchase of three 2’ lengths of lead pipe to fix a plumbing problem or to make a pipe bomb? Is the theft of explosives from a construction site (a not uncommon occurrence) simply a theft, or preparation for an act of terrorism?
Speculating upon the future actions of any human being, especially one who may be actively concealing his plans or engaging in disinformation, is an uncertain business. Because of this, we have adopted the prudent policy underpinned by a bias toward action. When even one indicator of a potential act of terrorism is reported, it is investigated.
Recognizing that potential indicators of terrorism planning may be found in reports of suspicious activity, the Nationwide Suspicious Activity Reporting Initiative, managed by the Department of Justice, is a program for the collection and sharing of suspicious activity reports. The indicators are divided into two categories: defined criminal activity; that is those things that are inherently illegal and potential criminal or non-criminal activity requiring additional information.
They include testing security, surveillance, photographing a target and so on. Fundamentally, these indicators rely upon the terrorists making operational mistakes. Those mistakes we see as suspicious activity. This has worked very well, and dozens of potential acts of terrorism have been thwarted through the system. Someone observes the activity, recognizes it as suspicious and reports it.
An effective reporting system is based upon three fundamental principles: redundancy, which is a bias toward reporting and a common basis of knowledge. In redundancy prior to 9/11, terrorism was principally the concern of the FBI. Today, however, thousands of law enforcement officers have been trained to identify suspicious activity that may be related to terrorism and how to report it.
Anotherimportant layer is Mr. and Mrs. Front Porch. The Institute for Homeland Security Solutions conducted a study that asked a simple question: in terrorism cases, where did the initial clues come from? In over 50 percent of the cases, the initial clues came from local law enforcement and citizen reporting. Any reporting model with redundant layers is more effective than one without.
Then there’s a common basis of knowledge: this has been accomplished by training people what to look for. A bias toward reporting simply means a person is more likely to report something suspicious or out place than not. The Department of Homeland Security’s (DHS) “If You See Something, Say Something” campaign which began in New York City has been effective in creating this bias in the civilian population. Police officers not only have been trained to report, but forward thinking law enforcement agencies incentivize reporting.
While there is controversy regarding the suspicious activity program — principally because some of the activities that are reported are not inherently illegal — there is wide agreement in law enforcement and national security circles that the reporting of suspicious activity works. The empirical data also tends to support that assessment.
Since 9/11, dozens of potential terrorists have been arrested. Most, however, were amateurs. That is, they were not trained by, or as, professional terrorists. One must be careful when characterizing what makes a “professional” terrorist.
For purposes of this discussion, we use one who has received formal, detailed training, has a strong commitment to the cause and is highly motivated to attack. Foreign fighters — those who travel from third countries to the battlefields of militant Islam who have been trained by a battle hardened cadre who have been shot at and have shot back and have a higher tolerance for risk and a greater capacity for violence — could be called professionals.
Why is this important? Because the professional will make fewer and more likely than not different mistakes than the amateur will. The professional will not go into a chat room and look for likeminded coconspirators. The professional also will be less likely to be observed photographing a potential target.
So, the question that remains is, will our current constellation of suspicious activities that has worked so well allow us to identify the professional terrorist?
The answer lies in part with the laws of physics. No matter how talented, the terrorist must engage in certain preparatory behaviors. For example, if you wish to construct an improvised explosive device, you must first acquire the components and you must have the expertise and the place to mix them properly. You will be required to conduct surveillance of your target and so on.
Because these activities are necessary, the infrastructure of an effective program is in place. Now we must take it to a new level.
One way to do this is through Red Teaming in which we assume the role of the terrorist, think him competent and carry out the notional act terrorism against a potential target that represents a class of likely targets. This will tell us which of the preparatory activities are most likely to be observed and, more importantly, how they will come to our attention.
As we identify new indicators through this process, they can be incorporated into police training and civilian awareness campaigns. These activities are vital until we have the opportunity to observe the professional in action. We must speculate as we build our body of knowledge. And as we do so, the need for speculation will decrease, and the chances of error with it.
And while we prepare, we must also engage in watchful waiting while remaining vigilant for the professional to make himself known.
David Cid was the former executive director of the Oklahoma City-based Memorial Institute for the Prevention of Terrorism (MIPT) from 2006 to 2014. MIPT was a nonprofit training and professional development center that trained street cops in the successful Information Collection on Patrol (InCOP) program for front line police officers across the nation. InCOP was a program designed for street and beat cops to spot indications of terror activity and criminal activity.
The DHS funded program developed by Cid is used by over 450 agencies nationwide, including the NYPD and Boston Police Department. Despite inCOP’s widely acclaimed success, DHS abruptly defunded the program, speciously blaming sequestration.
InCOP was the nation’s only program to train front line law enforcement officers on how to spot potential terrorist activity, recognize signs of possible threats and how to effectively gather crucial intelligence that possibly could result in actionable intelligence to be shared with other state and federal agencies.
InCOP was designed to improve the fundamental and essential skills of information collection for uniformed officers. InCOP concepts were reinforced by the Nationwide Suspicious Activity Reporting (SAR) Initiative (NSI) which MIPT was an official training provider for the Nationwide SAR Initiative.
Under DHS’s paucity of funding of InCOP, MIPT was supposed to eventually train 850,000 law enforcement officers throughout the United States. Tens of thousands of officers fortunately were trained.
It was because the majority of police departments lack the funding for this sort of very specific training that DHS funded the InCOP program to begin with, which, by all accounts, produced results in a number of large metropolitan cities whose police officers MIPT trained, including one rookie street cop who, using his training, identified and helped thwart an individual who was making and selling IEDs to Central American-based gang members in the United States.
Cid noted that “our training is right on point with what the line officer needs,” stressing InCOP improved the quantity and quality of reporting by the line officer.”
For more information on DHS’s killing of the program, read Editor-in-Chief Anthony Kimery’s “Editor’s Letter” in the December/January Homeland Security Today.
A seasoned 20-year veteran of the FBI where Cid served as a counterterrorism specialist assigned to the FBI International Crisis Response Team, Cid currently is director of the Homeland Security Institute at Rose State College near Oklahoma City.
While assigned to the New York FBI field office, Cid was a member of the FBI Special Weapons and Tactics team; was an on-scene commander in extortions, kidnappings and acts of terrorism; led special events security planning for the World Series, the Special Olympics and the US Open; and in 1996 supervised the first successful investigation and prosecution under the Biological Weapons Antiterrorism Act, interdicting a plot to assassinate federal and local officials.
A native of New York, Cid joined the FBI in 1981, retiring as an Inspector and Assistant Special Agent in Charge of the Oklahoma City Field Office. A Vietnam War veteran, he recently wrote, “Understanding Counterterrorism A Guide for Law Enforcement, Policy Makers and Media.”