The Royal Commission of Inquiry into the Attack on Christchurch Mosques, unlike most government inquiries, has refrained from accusing the intelligence agencies of failure. A careful reading, however, points to some common strategic intelligence errors observed prior to the 9/11 attacks. These arose from the failure of threat identification, interagency coordination and intelligence-consumer relationship. Nevertheless, the overall conclusion still remains that lone-wolf terrorist attacks are almost impossible to thwart, except maybe in reducing their lethality.
The report says that an overwhelming focus on Islamist terrorism contributed to the limited assessments about “threats of terrorism from other sources.” This fundamental assessment failure was compounded by the failure of the New Zealand Security Intelligence Service (SIS), the Government Communications Security Bureau (GCSB) and the New Zealand Police to coordinate their efforts. Between the SIS and the police, the report identifies, “a shared understanding of the threat of the extreme right-wing” had not developed due to the two agencies working in “parallel rather than jointly”.
Nearly 20 years ago, the 9/11 Commission Report had made similar observations regarding the failure of threat identification – focused exclusively on overseas targets – which in turn obstructed coordination between foreign and domestic agencies. Subsequent to the attacks, the National Security Agency (NSA) was authorised to spy domestically under the ‘Terrorist Surveillance Programme’. In 2014, the Snowden revelations invited a host of criticisms against the agency despite the testimony of Gen. Keith Alexander, the Director of the NSA, that the programme had helped thwart at least 50 terrorist plots in 20 countries.
The NZ report cited the loss of public confidence due to the Snowden controversies, which led the GCSB to operate as a “customer-led organisation”. This implies that without a request from the consumers, the GCSB did not conduct intelligence operations on its own. The obvious challenge in shifting the initiative on to the consumers was to demand a certain degree of knowledge of signals intelligence from the latter. Therefore, despite the report claiming no intelligence failures, there were indeed strategic intelligence pitfalls that can only be rectified through regular intelligence-policy dialogue. Even while making these arguments to improve strategic intelligence performance, it is important to be aware of the inevitability of lone-wolf successes. The difference between strategic and tactical intelligence in counterterrorism is the ability of the former to understand a terrorist movement whilst the latter focuses on individual operations. Time, technique and target are considered the three most important inputs required to thwart a terrorist attack. But to thwart a lone-wolf attack, another factor – the targetter – becomes crucial.
Typically, the intention of a terrorist group to attack is a given, while the intelligence question is about capabilities. In a lone-wolf scenario, the question of intention assumes criticality. For instance, since February 2015, the British MI5 has been running the ‘lone actor triage process’. The agency has employed behavioural specialists to assess the intelligence picture developed on certain individuals to determine the potential for crime. Nonetheless, an MI5 officer described this as “an art rather than a science”, hinting at its obvious imprecision, also known as ‘false positives’.
The challenge of inaccuracy is worsened by information overload. At any given point, thousands of suspects are under the radar of intelligence agencies. Taking preventive action against all would be counterproductive. Yet, Israeli intelligence officials claim to have prevented nearly 590 knife-intifada attacks through intel-driven operations. Israeli Military Intelligence has been using technology to monitor the online activities of suspected individuals and analysts use a ‘scoring system’ to predict future behaviour of the suspect. This analysis is complemented with human intelligence efforts to prevent lone-wolf attacks. Notwithstanding the success rate, some observers have acknowledged the possibility of false positives leading to the arrests of innocents.
In the NZ case, flagging a suspicious online activity was the responsibility of the analyst of the SIS’ CT Unit, who in the agency’s opinion “was qualified to judge” whether the information “warranted escalation”. To avoid accusations of cry-wolf, analysts look for connections between the suspect and known terrorists. When such patterns emerge, detection and frustration of the attack become relatively easier. In its absence, detection is almost impossible; in this case, the assailant had also possibly used a VPN to evade online detection. In such a scenario, the best option is to limit the lethality by checking the means of the attack.
Lone-wolf attacks are rarely devastating. Many of the attacks attempted in the last two years have been mere attempts or succeeded with few casualties. Even during the height of the knife-intifada, only 34 were killed in over 350 attacks.
In contrast, the shootings at Christchurch alone cost 51 lives. Thus, the report rightly highlights that the police failed to enforce checks on firearms licences, which could have had a telling impact.
(The writer holds a PhD in Intelligence Studies from the University of Leicester, UK)