CCTV security camera footage of gunman Abdulkadir Masharipov attacking the Reina nightclub in Istanbul on Jan. 1, 2017.

Negligence Bleeds: The Catastrophic Results of Dismissing Counterterrorism Intelligence

The Easter Sunday terrorist attacks on April 21 in Sri Lanka killed more than 250 people and injured more than 500. For the first time, Islamic terrorism has knocked Sri Lanka on its heels. The Sri Lankan government has stated that a local group, National Thawhith Jamaan (NTJ), carried out the attack with the help of an international terrorist group/network. Daesh (Islamic State) has claimed responsibility. Regardless of the perpetrator, Sri Lanka’s intelligence and policy failures squandered rare success in counterterrorism intelligence.

As always after every terrorist attack (and mass shooting) the term “intelligence failure” gets bandied about in addition to questions of whether the attack could have been prevented. In most of these cases, it is clear Hollywood has done quite the number on the public’s perception of intelligence work. As I presented at the Global Security Exchange (GSX) 2018 conference, and wrote in this article, “tactical warning” of terrorist attacks – knowledge of the specific timing, place, target, attack methods, etc. – is very rare. This is partly because terrorist groups spend only one percent (not a typo) of their time planning attacks, resulting in limited opportunities for security services to become aware of this planning, yet alone their “tactical” details. A vast majority of a terrorist group’s time is spent tending to administrative and logistical matters such as raising and moving money (to include money laundering), recruiting and moving personnel, and procuring false documents. Compounding this problem is the fact that terrorist groups — secretive and compartmented by nature — consider attack planning as their most sensitive activities and try to protect them from detection and disruption. As military planners like to say, “the enemy gets a vote.” Unfortunately, one way terrorists usually exercise this “vote” is by good operational security. For these reasons, what most people consider “intelligence failures” are actually unrealistic expectations of intelligence.

Hence, a realistic standard is “strategic warning.” Often lacking in the aforementioned attack specifics, it sometimes provides policy makers enough to inform or influence decisions regarding public security and safety. The intelligence leading up to the Sept. 11, 2001, terrorist attacks is an example. Of course, the mediocre coordination and collaboration between U.S. law enforcement and the Intelligence Community on terrorism prior to 9/11 means U.S. security services are not blameless for failure to “connect the dots.” Yet, based on the highly classified President’s Daily Brief (PDB) on Aug. 6, 2001, (“Nevertheless, FBI information since that time indicates patterns of suspicious activity in this country consistent with preparations for hijackings or other types of attacks, including recent surveillance of federal buildings in New York”) policy makers had enough to inform or influence policy, such as increasing aviation security (the Aug. 7, 2001, Senior Executive Intelligence Brief, distributed to a wider audience than PDBs, omitted some details that were in the PDB the day prior). The success of Osama bin Laden’s most notable attack was as much, if not more, of a policy failure than an intelligence failure.

All of this is why the attacks in Sri Lanka are not only shocking but also frustrating. Reportedly India and the U.S. provided intelligence to Sri Lanka that contained a surprising level of detail on April 4 and April 20. And additional intelligence two hours before the attacks warned of a threat to churches. CNN reports that, according to government spokesman Rajitha Senaratne, foreign intelligence on April 4 warned of attacks against Christian churches and tourist spots. The same reporting and the New York Times claim that, on April 9, the Sri Lankan Defense Ministry informed the Inspector General of Police of the plot, naming the NTJ terrorist group, the group’s leader, and a list of suspects.

The cover page of an April 11 advisory – 10 days prior to the attacks – from Priyalal Dissanayake, the Deputy Inspector General of Police, is publicly available. The advisory mentions the NTJ; the group’s leader Mohammed Zaharan; the names, phone numbers, addresses of the conspirators; the social media activities of one of the suspects; and even one of the suspect’s pattern of life – e.g., “Rilwan visits his wife and children at night (2300hrs -0400hrs) residing at [address redacted].” The advisory even mentions “Catholic Churches” as a sort of “field comment” often seen in intelligence reports. Intelligence on pending terrorist attacks doesn’t get much better than this. Additionally, this intelligence should have reinforced the 11 dossiers on local Islamist extremists that Sri Lankan Muslims gave to police officials in 2017. That information included Zaharan Hashim (the aforementioned Mohammed Zaharan), whom the concerned citizens identified as the “leader of ISIS team in Sri Lanka.”

So were the attacks in Sri Lanka a result of intelligence failure? Definitely, especially if law enforcement or intelligence officials did not distribute the information appropriately or did not brief the appropriate senior officials. In fact, lawmaker Wijedasa Rajapakse has written to President Maithripala Sirisena, claiming that the defense secretary and the inspector general of police “hid these facts from you and the prime minister.” Additionally, the Economic Times reports that senior Sri Lankan officials ignored the intelligence warnings from India under the assumption that India was attempting to foment tensions between Sri Lanka and Pakistan. This would be a clear and alarming case of intelligence failure in the form of cognitive biases (fundamental attribution error/bias and the “ostrich effect”).

Security or policy failure? More than likely that is also the case. President Sirisena acknowledged “lapses” leading up to the attack, and stated he will overhaul the security bureaucracy. And the Sri Lankan government is currently dysfunctional, largely due to the rivalry and tension between the president and Prime Minister Ranil Wickremesinghe. Both men claim to have known nothing of the aforementioned intelligence reports, and the prime minister was removed from the national security council in December. Answers to the age-old question often asked during presidential scandals in the U.S. – “Who knew what and when?” – will be interesting.

The professional negligence and policy failures leading up the attacks in Sri Lanka are reminiscent of those prior to the Daesh attack on the Reina nightclub’s New Year’s Eve celebration in Istanbul a couple years ago. The early morning Jan. 1, 2017, attack, which killed 39 and injured 69, occurred after both the venue and government failed to heed general and specific intelligence warnings. Reina was one of Istanbul’s most well-known symbols of Westernism, and a place for the rich and famous to be seen. The “atmospherics” and attack indicators began at least two and a half years before the attack and should have prompted increased armed security at the nightclub for the New Year’s party. One of these indicators included a disrupted Daesh suicide bomber plot against New Year’s Eve celebrations in Ankara exactly one year prior. Additionally, Daesh and Kurdish militants committed almost 30 terrorist attacks in Turkey in 2016, eight of which were in Istanbul. And according to the owner of Reina, American officials warned him of threats prior to the attack on his nightclub. A warning provided to the owner of a specific nightclub is oddly specific. On Dec. 22, 2015, the U.S. embassy in Turkey published this security message: “U.S. Mission Turkey reminds U.S. citizens that extremist groups are continuing aggressive efforts to conduct attacks throughout Turkey in areas where U.S. citizens and expatriates reside or frequent. As we approach the end of 2016, U.S. citizens should be mindful of this when deciding to attend public gatherings for New Year’s Eve celebrations.”

Yet, the only security at the Reina was one armed police officer in addition to the club’s unarmed security guards. At the time (and possibly still the case), establishments were not allowed to have armed private security. Of note, there were between 17,000 and 35,000 police officers on the streets of Istanbul, engaging in a security operation named PEACE34 and also in support of New Year’s holiday festivities. The failure to not bolster the security of Reina, a venue known to attract an international crowd, with even a few of these armed police is bewildering. This negligence was deadly.

Both Turkey and Sri Lanka have experience in fighting decades-long, brutal insurgencies. The former’s insurgency is in its 35th year (including a couple “ceasefires”) and has killed more than 40,000. Sri Lanka’s war with the Liberation Tigers of Tamil Eelam (LTTE, or Tamil Tigers) lasted 26 years (1983 to 2009) and killed between 80,000 and 100,000 people. Yet both countries’ intelligence and security-related lessons learned – if any – during those decades of extreme violence have apparently been forgotten. Whether they failed to fine-tune their policies and procedures, or failed to mitigate against cognitive biases in their intelligence analysis, or failed to mitigate against bureaucratic dysfunction, they did not take advantage of intelligence successes that provided unprecedented specifics on impending terrorist attacks. As the world saw again on Easter Sunday, this type of negligence can be catastrophic.

K. Campbell, CPP®, is a security and intelligence professional with experience and training in intelligence; risk, threat, and vulnerability assessments; executive protection; counterterrorism; and business continuity. He is a Certified Protection Professional, board certified in security management by the American Society for Industrial Security (ASIS) International. In his past experience as a U.S. military intelligence officer, his responsibilities included classified and protective intelligence; degrade, disrupt, and destroy recommendations against various state and non-state entities; and establishing and managing military-to-military classified intelligence sharing with other governments. Mr. Campbell has collaborated with and shared classified & unclassified information and intelligence with 15 countries on behalf of the U.S. Government. He has senior leadership experience in the U.S., Middle East, Europe, and Pacific. His executive protection experience includes a foreign government dignitary, a corporate client at both 2016 presidential conventions, and high-profile Hollywood celebrities. His counterterrorism experience includes identifying the need to, and orchestrating, an overhaul of a major U.S. counterterrorism plan for the Middle East; establishing and leading collaboration with the U.S. Customs & Border Protection, resulting in the placement of 79 terrorists on the No-Fly List; prioritizing 1,000+ names for U.S. Customs & Border Protection to prevent terrorist entry into the U.S.; and initiating and leading production of one of the U.S. Intelligence Community’s first analyses on the Islamic State’s financial vulnerabilities. He also predicted the arrests and terrorist attacks in Belgium that occurred in 2015 and 2016. Mr. Campbell’s article “3 Keys to Hardening Concerts, Event Venues Against Inevitable Attack Attempts,” was published in Homeland Security Today Magazine in November 2018. He presented on “Hardening Concerts & Special Events in a New Era” at the Global Security Exchange (GSX) 2018, the 20,000-attendee flagship conference for the international security industry in September 2018. He also presented a briefing on risk assessments at the 2018 Domestic Violence Safety and Security Conference in Washington, D.C. in October 2018. He will present on “The 2020 Olympics: Red Teaming Enterprise Security Risks” at GSX 2019. Mr. Campbell obtained a Master of Arts degree in global risk from Johns Hopkins University’s School of Advanced International Studies, a Master of Arts degree in military operational art and science from the Air Command & Staff College at the U.S. Air Force’s Air University, and a Bachelor of Arts degree in political science from Virginia Tech. He’s a member of ASIS International, InfraGard (a partnership between the FBI and private sector), the Association of Certified Sanctions Specialists, the Association Of Threat Assessment Professionals, the Association of International Risk Intelligence Professionals, and the International CPTED (Crime Prevention Through Environmental Design) Association.

Leave a Reply

Latest from Counterterrorism

Go to Top
Malcare WordPress Security