FBI Jacksonville SWAT team operators during a complex attack training exercise before the The Avenues mall opened on May 4, 2014. (FBI photo)

HSTinDepth: What is a Complex Coordinated Attack?

by

In 2017, FEMA awarded a total of $35.9 million to 29 public safety agencies across 19 states to strengthen complex coordinated attack (CCAs, also called complex coordinated terrorist attacks) preparedness. But preparing for a CCA is easier said than done, especially when homeland security authorities and experts continue to disagree about what a CCA is, even within single organizations. FEMA’s Office of Counterterrorism and Security Preparedness uses one definition, while FEMA’s National Exercise Program uses another – which makes about as much sense as Donald Duck never wearing pants but always wrapping a towel around his waist after a shower.

To prepare effectively, all CCA partners must understand and agree upon the events for which they are preparing. In other words, they need a robust, consensus definition of CCA to make sure everyone is on the same page. But few have even attempted to define CCA, and the few definitions that exist have key problems that are too important to ignore. Instead, homeland security partners should adopt the following definition.

A complex coordinated attack (or complex coordinated terrorist attack) is a violent assault or series of assaults that employs one or more types of weapons, intends to injure or kill large numbers of people, and meets the following two criteria:

  1. The attack is multi-phased or takes place at multiple sites, or both. (Phases can include assault phases, such as shootings, bombings, and arsons; and/or non-assault phases such as hostages, car chases, sieges, barricades, kidnappings, and manhunts, etc.)
  2. The attack must take place within geographic and temporal circumstances that result in unusual strain on command, information sharing/situational awareness, and/or resource allocation.

Since homeland security professionals started using “CCA” before fully defining it, a viable consensus definition must include attacks that homeland security authorities and experts already regard as CCAs. Identifying such a “CCA conventional wisdom” is something of a head-scratcher; however, researchers developed the following summary of CCA conventional wisdom by identifying points of agreement between homeland security authorities and/or experts about which attacks are CCAs.

CCA conventional wisdom thus includes attacks that have major differences, including disparities in numbers of attackers, numbers of assault locations, number of assault modes, whether assaults took place in confined spaces, and differences in time and distance between attack phases. By learning more about the attacks that are definitely CCAs, and understanding their differences, it is possible to work backwards and identify key characteristics that a viable consensus definition must have.

A usable consensus definition must include all 10 “conventional wisdom” CCAs from Table 1, but Table 2 shows that several existing definitions fail to include all 10 and are thus inconsistent and unusable. Six of the ten available definitions from reputable sources fail for at least one of the following five reasons:

  • Requires Multiple Attackers: Viable CCA definitions cannot require multiple attackers because doing so would exclude the 2007 Virginia Tech attack, where a single shooter killed a total of 32 at two campus locations.
  • Requires Multiple Assault Locations: Useable CCA definitions cannot require multiple assault locations because doing so would exclude the attack at Westgate Mall in Nairobi, Kenya, where four armed militants killed at least 67 people in 2013.
  • Requires Multiple Assault Modes: Feasible CCA definitions cannot require multiple assault modes. Doing so would exclude the San Bernardino (2015) and Virginia Tech (2007) attacks, which both involved only firearms, and the London attack (2005), which involved only explosives.
  • Requires Simultaneous Assaults: Suitable CCA definitions cannot require multiple assaults to take place simultaneously. Credible sources demonstrate that none of the 10 CCAs in Table 1 included multiple assaults at precisely the same moment.
  • Requires Assaults in Confined Spaces: Useful CCA definitions cannot require that assaults take place in confined spaces. Doing so would exclude the Boston (2013) and Paris (2015)

Any useable consensus CCA definition must also withstand at least a modicum of scrutiny, but as Table 2 shows, none of the 10 available definitions do so for at least one of two reasons.

  1. Failure to Include Non-Assault Phases: Non-assault phases of attacks should be specifically included in a robust, consensus CCA definition because they can be just as important as assault phases in establishing the unusual complexity that characterizes CCAs. Though non-assault phases posed key challenges in Boston (manhunt), Paris (hostages), and San Bernardino (car chase), none of the 10 existing definitions specifically include them.
  2. Ineffective Limits on Time and Geography:A robust CCA definition must also include limitations on the length of time and geographic distance between different portions of an attack. Conventional wisdom shows that CCAs can be spread over many miles and include days between phases, but common sense says that there must be some kind of limitations on time and space beyond which different phases cannot be regarded as part of a single attack. Yet, none of the existing definitions establish temporal or geographic limitations, and it is unclear how to do so.

Table 2 thus shows that none of the 10 available definitions are viable as robust, consensus CCA definition.


Uncertainty remains, however, about how to effectively include geographic and temporal limitations into a robust, consensus definition. One approach to solving the problems of where to draw the lines of time and geography is to consider the issue in reference to the specific aspects of CCAs that distinguish them from active shooters and other violent attacks — and make CCAs worth examining as a distinct phenomenon. Put differently, why do we care about CCAs in particular instead of just treating them as a type of active shooter or bombing incident? And do the reasons we care about CCAs help provide insight into how we should limit time and geography within the definition?

Specific CCA challenges can be summarized as unusual strain on three distinct aspects of managing a terrorist attack: command, information sharing, and resource allocation. It follows, then, that a robust CCA definition’s limitations on time and/or geography must reflect geographic and temporal circumstances that are sufficient to place unusual strain on resource management, information sharing, and/or command capabilities. Though identifying clear temporal and geographic limitations would be more ideal, this more general standard is a better fit for a consensus definition because it is flexible enough to be used by different organizations with vastly different capabilities.

Since no existing definition both withstands basic scrutiny and is consistent with the shared views of industry authorities and subject-matter experts, homeland security authorities and experts should adopt the definition recommended above.

For a deeper dive on this complex topic, read my white paper on the challenges of defining and understanding a CCA.

The views expressed here are the writer’s and are not necessarily endorsed by Homeland Security Today, which welcomes a broad range of viewpoints in support of securing our homeland. To submit a piece for consideration, email HSTodayMag@GTSCoalition.com. Our editorial guidelines can be found here.

Christopher Ryan is a Homeland Security Strategic Analyst currently employed by Joint Research and Development, Inc. (JRAD), a government contractor supporting the Department of Defense (DoD) and DHS and specializing in Chemical, Biological, Radiological and Nuclear Defense (CBRND).  He previously served as a Program and Policy Analyst in Maryland's Governor's Office of Homeland Security, and worked with the University of Maryland's Center for Health and Homeland Security to provide technical assistance to federal, state, local, and private sector partners on complex coordinated attack preparedness, critical infrastructure protection, capabilities assessment, strategic planning, and grant management.  His other written works appear in The Washington Post and DomPrep Journal. He holds a bachelor’s degree in history from Towson University and a master’s degree in history and public policy from The George Washington University.

Leave a Reply

Latest from Counterterrorism

Go to Top