Archive for the ‘Operational analysis’ Category

Resourcing proactive CT investigations

02/23/2011 3 comments

I spent most of yesterday eating a bucket load of  ice cream and reading the transcripts and evidence  from the 7/7 inquests and although much of this focussed on the resourcing of CT investigations in the period 2001 through 2006 in the UK, a few things really did stand out for me.  That turned into a 3000 word sugar fueled rant, which I decided to spare you all from and instead sleep on it and return today for a more coherent post, before the thesis arrives back tomorrow, with the final list of changes to be made.  But anyway, back to the inquest and the things it made me think about.

One thing that struck me was the ongoing problem of making sure officers assigned to particular tasks do not get dragged off every time the balloon goes up and another job becomes high priority. This is particularly important not only for keeping continuity across a range of investigations, which need to keep moving on too, but also for ensuring those staffed with what the security service calls Legacy reviews are not dragged off into other work. (see 42-43 for this mention)

Legacy reviews appear to be along the lines of looking for what I’ve coined as “edge of network” links, where a dedicated team sits and goes through previous investigations looking at the information and intelligence gleaned and at persons of interest who have not been deemed essential targets.  Properly conducted, it should move beyond even looking at lower targets and be combined with a methodology focussed on green fields targeting. That way you get what one of my bosses used to call the helicopter view as well as the bottom up review and hopefully prevent things falling through the gaps and not turning up after something goes boom or is perilously close to it. (You can find two earlier posts about edge of network connections I wrote earlier here and here if you are interested.)

The problem with this type of work is that agencies have to essentially measure their output against criteria,  and so with criteria not geared for this type of work, it can be difficult to show progress and on occasion, benefit viz resource output. The curse of *benchmarking* performance (I detest that word)  A good result might be finding you have your bases covered and not generating targets. Another result might be generating targets, investigating, but then no further activity needs to be, or can at that time be, conducted.  An LEA agency using this type of methodology may not produce investigations leading to prosecutions. It  may not always find new targets for investigation– that meet the threshold.  This may not be such an issue for intel services where the threshold is much lower and very different, but it can be a problem for LEA.  By that I mean an LEA cannot and should not go on a great big fishing expedition. But taking a wide view and using particular methodologies are key to properly understanding and examining your data holdings and ensuring people don’t fall through the gaps.  It’s a fine line to tread.

But this isn’t really the big problem. The big problem is that this type of work, whether in intelligence services or LEA, takes a long time, and people doing it can be seen to be doing something that is non essential.  Sometimes it is, sometimes, as was the case with my experience in this area, it turns up something that foresees and contributes significantly to a future investigation and prosecution.

The problem there too is that teams who do produce  work that contributes to or generates an investigation then get pulled off into the ‘new’ operation, and then the task of what the service calls Legacy review falls by the wayside.  Teams doing this type of work aren’t always well staffed versus other areas to begin with and when the balloon goes up, off they go.

There’s always the risk that a team doing this type of work can become isolated and insular in its focus too, but it really is an important aspect of proactive CT investigations, and one that consistently seems to suffer by being the first area tasked for operations support. That’s inevtiable to some degree because the corporate knowledge is there, but it is equally important for funding to be set aside and management support given to teams doing this type of work to be left alone to do it.  It doesn’t tend to work  when there is not good  management and government support as well as resourcing  to make these areas more robust, and also to support this activity with an additional capacity for green fields targeting.

As an aside, seeing this has given me the proverbial kick up the backside to make it a priority to flesh out my still underdeveloped theory (yes I use this word loosely) on “edge of network connections.” Once the thesis is finally bound and off to examiners, fingers crossed, by the end of March, I’m planning on re-visiting this, along with a great big lessons learned post on all the things I have managed to get wrong since I started blogging. I’m a big fan of critical self-reflection so chief on the list, making errors in attributing persons to groups where they are not members or vice versa, missing parts of the evolution of JAT in Indonesia, and getting it wrong in relation to Bekkay Harach.

So, these are the blogging plans, but with the thesis still needing a few last tweaks, the bigger item blog posts such as the above will be on hold until that damn thing is bound and sent off to torture some poor unsuspecting professor who has to read it. Cheers.

My Jane’s article on Al Qaeda command and control is now available

03/24/2010 1 comment

Folks, here is my Jane’s article on the evolving dynamics of AQ’s command and control structures and processes.

One caveat… I wrote this in September/October  last year so it is a little dated in terms of drone attacks etc. However, I still stand by the arguments I made in this piece.

Feedback, as always is welcome. But please bear with me if you’d like a response. I’m drowning with the dissertation at the moment, but I will try to answer any follow up questions.

Many thanks to Tim at Jane’s whose efforts to get me this pdf  I really appreciate.

The reference information for those requiring it is JANE’S INTELLIGENCE REVIEW, 21 (12) November 2009, p 16-20


Edge of network connections and the undie bomber

01/17/2010 5 comments

Was just reading this piece about the Undie bomber and this little snippet from page two stood out.

Still, while he was seen to be “reaching out” to known extremists and appearing on “the periphery of other investigations” into radical suspects there, he was not considered a terrorist threat himself, according to a British counterintelligence official.

via Lonely Trek to Radicalism for Terror Suspect –

Edge of network connections–again. Of course the problem is always resourcing. There is never enough time to track down everything. But still, it seems to me that we see this over and over and over again. Once the dissertation goes in for examination I’m going to work up my little theory on edge of network connections into something substantive. Ok so it’s not a theory in the proper sense of the word, but I’ll be able to build a fairly robust analytical framework around it post thesis.For those of you new to the blog and wondering what the hell I am talking about you can find a little explanation here, and then a bit of background on it here. As I said I wanted to try to work this up, using a few cases and OS data, but it won’t be until post thesis now.

Some comments on Atran’s recent NYT op-ed

12/15/2009 2 comments

Scott Atran put out an interesting op-ed this week in the NYT.   He raised some good points in it, however, I also found a few things in his piece questionable.

  • That al Qaeda has not successfully attacked since 9/11.

No other way to say this except that this is just plain wrong, which is disappointing to see.  There is plenty of OS material that shows AQ’s clear involvement in attacks since then. And it is very clear that the London subway plots in 2005 were al Qaeda directed, and supported.

  • The US invasion of Afghanistan devastated al Qaeda’s core of top personnel.

It didn’t. Al Qaeda has lost a few of its top personnel but not nearly as many as people think because a good number of them were not al Qaeda to begin with. What has happened is that KSM’s network got routed, but al Qaeda recovered from this. It lost quite a few foot soldiers but its core strength remains essentially the same. There are new faces in the mix to replace those who were lost, and most of them have come in from other linked groups, or have re-joined the jihad so to speak.

  • The threat is home-grown youths who gain inspiration from OBL but little else beyond an occasional self-financed spell at a degraded Qaeda-linked training facility.

This quite frankly has me stumped. Aside from my intense dislike for “home-grown”, which is useless as an analytical term of reference, this comment goes against everything we know.

A spell at an al Qaeda linked or al Qaeda run training facility gives people a hell of a lot more than inspiration. It’s the most important element in the entire equation. And a desire to get training is universal. As I have noted repeatedly, going to prepare is a key part of jihadist doctrine and anyone worth their salt will try to do it. Of course there are always exceptions but I can think of only a handful of cases internationally where this hasn’t been one of the defining features of radicalisation (and also operationalisation) and even then its not clear that this wasn’t in the background.

The danger is precisely when people arrive at camps. Actually this is something I recall discussing with General Tito.  He has, I think, one of the best understandings of radicalisation trajectories around. He noted that once someone does hijra (and here in this context he meant to go off and head for a location for training and jihad) it becomes exceptionally more difficult to deradicalise them. Then of course there are the implications for counter terrorism once they return from such training.

Here I’d note too that most people who seek training don’t actually go with the intention of joining al Qaeda. They want training to fight jihad. Al Qaeda’s skill lies in ‘turning’ them to its agenda. So, I think that minimising this process of training or seeking training is  dangerous. It clouds understanding of the dynamics that are crucial to understanding how plots evolve and people are radicalised in that final stage–when they move from seeking training for armed jihad, to becoming involved with a group and carrying out a terrorist attack on its behalf and at its direction.

  • That we are pushing the Taliban into al Qaeda’s arms

Here I presume Atran is referring to the Pakistan Taliban, because this is certainly not the case with the Afghan Taliban. I note he later mentions that the Pakistan Taliban does not have an International Agenda so I found this statement confusing. I do agree that lionising al Qaeda makes it a bigger threat, but I don’t think that on the basis of this one can then make the analytical leap to this somehow causing the Taliban to jump into its arms.

  • I read Atran’s comments about using the Southeast Asian experience on al Qaeda with interest. While there are some similarities, I think this type of generalisation can be harmful. I may have misunderstood Atran here, but my reading of his argument is that the experience of Southeast Asia can somehow be transplanted onto either Afghanistan or Pakistan. Following on from this was the assumption that the Taliban or al Qaeda for that matter are similar enough in structure to use the same types of CT approaches used in Southeast Asia and Indonesia in particular.

I think this is confusing apples and oranges on many levels. First in terms of similarities between al Qaeda and Jemaah Islamiyyah and how they recruit and radicalise, and also in terms of similarities between JI and Noordin’s faction. And then the assumption that any of this can be parlayed onto the Taliban.

JI, as Atran would know has one of the most sophisticated recruitment programs around. It takes years to become a member of JI proper, unlike al Qaeda. The radicalisation, recruitment and membership process is completely different. And that’s because the doctrine and manhaj of al Qaeda is actually entirely different to JI when you get down to the nitty gritty of it.

In JI the role of ustads is critically important in recruitment process as Atran notes when he observes that discipleship is a key element. But there is more to it than this. One of the main keys to understanding this is the different oaths of allegiance taken during the radicalisation process. Often those in the study group under their ustad don’t know they are being recruited for JI  but during their study they make an oath to follow their ustad, so their oath isn’t for JI at this point. But it ties them to their ustad and this relationship is crucial to their further progression into JI. But here’s where it gets interesting and where it also gets complicated.

NT’s faction didn’t work like this. He didn’t recruit along the same ways JI did. He couldn’t obviously because he was on the move and JI’s recruitment process is not only long but quite static.

NT was able to stay on the run for so long and continue his attacks by hitting up his old mates in JI. He just went along to an old ustad mate (here’s where the Afghan alumni plays in) and asked him for some help. The ustad agrees and gives him shelter and some students to help out with hiding and logistics.

Those students swore an oath to their ustad. They then essentially get transferred by virtue of their oath to their ustad to NT—without their knowledge for the most part. Besides which an oath is an oath, and so they end up being bound by it, and are radicalised enough to not break it. This is why many of them didn’t know they were working for NT or his faction or have knowledge of JI or chose to go along if they did know. Those he wanted for operational roles were targeted for further radicalisation, which tended to occur quite quickly. They often moved on with him unlike the others who were only limited to providing support while he was hiding out with a particular ustad’s support.

Here I’d add I’m not contradicting what General Tito says, because I understand the context in what he was saying because it was the same discussion I had many many times with the INP in the course of my work with them. What I am trying to highlight is that these factors were especially key to nabbing those senior figures who supported Top and his faction.

They don’t work so well in getting recruits of JI proper because not all ustad are aulumni, nor are the recruits these days, and the recruits are often not as interrelated in the early stages of their radicalisation process. Again something I discussed many times and something the INP has got a great handle on, especially now with General Tito at the helm of CT efforts.

I think the context in where the factors Atran identified are applicable is important to point out, if we are talking about transferring CT approaches, especially when the JI and NT case is the most unique in many respects.

Bottom line: Apples and Oranges.

Al Qaeda doesn’t recruit in the same way JI does. It’s not structured in the same way. It doesn’t have the same organisational processes, or even doctrine. And the Taliban is a completely different case again.

Having said all of that I do agree wholeheartedly with Atran’s general argument that less is more, and the importance of appreciating local dynamics in resolving the Afghan conflict.

However, it is precisely the point I would make in relation to using Indonesia and SEA in general as an example. While CT efforts in Southeast Asia have been truly impressive, they deal with a unique local dynamic, and also have a functioning state and juridical system to underpin them, as well as a great police force. This cannot be transplanted onto the Afghan conflict. Nor should it. Al Qaeda and the Taliban in any of its manifestations do not function in the same way as JI.

Edge of network ponderings

11/25/2009 Leave a comment

Sadly a bit too busy to go into this in much depth.

But was walking along today wondering ( as one does when shopping) whether or not the Somali arrests/those charged in US also have edge of network connections or whether because they are diaspora based around a particular conflict the networks are more discrete and more pathway based.

A similar case here had very peripheral edge of network connections, but nothing like the types that have characterised AQ core operations. In other words they were not instrumental.

I suspect the network structures will be slightly different between these two examples. With the Somali case and others like it they will probably tend to be more discrete.

Curious though if the radicalisation pathways are that much different– at least on the way in.

Ooooh I so wish I had some time to go digging on this. But I just raise my little shopping epiphany as something some of you folks out there interested in network behaviour might be interested in.

For those of you wondering what the hell I am on about… See here for an earlier post on it and here. I still have to get around to doing the post on the Op Crevice/Airline plots too.

Something interesting about the IMU

11/09/2009 9 comments

I’m currently doing a little bit of writing on this crew for the pesky dissertation. Anyway, I just stumbled upon an interesting little fact, which I thought I would share. The IMU, under Tahir Yuldashev (who I am now presuming is still out there and alive and kicking) has a policy that once you join the IMU, you cannot leave. Yup, that’s right. No leaving. Ever. Unless that is you want to meet your maker earlier than you had otherwise planned.

They do however have a longer vetting and screening process before membership and apparently recruits are made aware of this before joining. I’m not sure of the time-span of this vetting process, and don’t have the time to go find out at the moment.

Anyway, just a quick post because I find this quite fascinating. There aren’t many groups I can think of who have such a strict policy.


Aaron on As Sahaab and how it works

11/02/2009 Leave a comment

Aaron has made some great comments about As Sahaab and how it operates. For any of you interested in how Sahaab operates this is a must read.

Actually check out all of his postings for Nov2, there’s some good stuff there.

Some thoughts on the Tahawar Hussain Rana case

10/30/2009 Leave a comment

I have been meaning to put up a small post about Tahawar Hussain Rana and David Headley and their arrest for plotting attacks against the Danish newspaper who published cartoons depicting the Prophet Muhammad. See the article and the charge sheets here.

Two things keep coming back to me about this case. First, the usual energizer bunny element. They just kept going and going.  Which brings me to the second point. While this is not uncommon, I was struck by the fact that they shopped around. Again this isn’t new either. But what has me fascinated is that they managed to have pretty high level dealings with those they contacted in these respective groups. That’s not so common.

And it begs the question of how they did this? Was it just a case of referrals, and once trust was established in one group or network it gave them access to others? However, it’s still a pretty big thing to get that level of access. I’m curious as to how that happened.

It is common place to seek out figures of authority for permission and sanction for attacks and not to act alone because it is a doctrinal requirement, especially in cases like this where it is a new target set and class. However, it  strikes me as a bit odd that they were doing this across multiple groups, apparently at the same time.

What a CT mission in Afghanistan would actually look like | The AfPak Channel

10/14/2009 Leave a comment

This is an interesting read. However, what I have noticed missing from this debate about moving to a more CT focused structure and strategy as part of a potential draw down/withdrawal is how any future strategy will deal with a change in how al Qaeda and presumably even the Taliban will operate.

They are not going to go back to their old operating structure of fixed camps and bases in either Pakistan or Afghanistan if the US maintains a limited in country force. The introduction of predator drones has been effective but it has also been a game changer.

In fact even if the US/NATO fully withdrew it would take them some time to get complacent enough to start rebuilding camps (if they ever did). Bin Laden *finally* seems to have gotten that message after being lobbied for years by the likes of Abu Walid al Masri and Abu Musab al Suri (and even Hafs al Masri) to avoid fixed camp structures and move to mobile camps to reduce damage. Though one thing plays to advantage here and that is he is a control freak and likes to personally oversee things when he can. So if he felt comfortable enough he just might do something stupid like revert back to fixed camps, but I doubt it. Besides this relies on the Taliban having control of territory since al Qaeda is too weak to defend itself and *always* has been.

I suspect the Taliban will try to stay as decentralised as it can with US forces still operating in the country, even in a limited capacity. This is good because it means that its capacity to harbour al Qaeda will be limited because the operating structure required to function in a decentralised manner but still hold the territory will mean that it can’t harbour AQ in the way it has done so previously. They would be on their own, effectively, with limited links and use of compounds of those it could rely on. And the usual joint cooperation on matters. But it would not and could not be the way it was. Which means a lot of it is going to underground.

So this brings me to my point. If we’re going to talk CT strategies then up front of this  has to be how you will deal with an al Qaeda and a Taliban who use mobile camps and compounds. Where’s the beefed up Intel capacity? You’re going to need it. And even more than now you’re going to need far more indepth knowledge of the nuances in the relationships between the two groups. Who’s in favour, who will shelter, who has an alliance with al Qaeda. Again back to my bug bear of really isolating what you are dealing with in terms of al Qaeda core and who they are *affiliated* with instead of lumping many very different groups under the al Qaeda label. It does no favours and *when* the inevitable draw down of US forces starts, this nuanced knowledge is going to be critical to making sure targeted strikes are effective.

I’m an analyst by trade not a military boffin but nowhere do I see any talk of beefing up analytical capacity or intelligence capacity in general to deal with this eventuality. Actually I don’t even see it, nor have I seen it in relation to properly supporting the ongoing  airstrike campaign in Pak. I doubt you’d find analysts out there who say that has been appropriately and fully resourced.

What a CT mission in Afghanistan would actually look like | The AfPak Channel.

Understanding how al Qaeda functions and interacts with other groups

10/12/2009 8 comments

I’ve had an awful lot of emails from you all asking me about  how al Qaeda functions and why I take the position I do on matters such as radicalisation trajectories, how people come under al Qaeda’s authority and  why it is so important to delineate it from the Taliban and differentiate between al Qaeda’s core, franchises and its human base.  It’s too big to cover in a blog post. In fact it’s almost too big for my dissertation.  But this is where most of it is contained and unfortunately I can’t publish before I submit  for many reasons I’m not at liberty to discuss here but one rather compelling reason I can discuss is that if I do my supervisors will have me for dinner.

However, having said that  I have decided to place here one item from my dissertation because I think it will assist in helping people to understand these differentiations and hopefully answer a lot of your questions. As they say a picture is worth a thousand words ( and in my case probably many more because I ramble on so much!)

This diagram has really helped me to narrow down the focus of my thesis over the past few years and get to the heart of the matter.

What I am about to post here is a translated diagram from my thesis of a chart Abu Walid al Masri did, which is a broad outline of how al Qaeda functions and interacts with other groups. It’s the most amazing thing I’ve seen put out by a senior militant.

It’s been crucial to verify my line of argument in my thesis. I think it will be very useful to those of you out there wanting to get a better idea of how al Qaeda works. Because  like many things with al Qaeda, there is tremendous continuity in how it operates. Having a resource like this also provides a baseline to determine what has changed in terms of how it operates.

I also think in terms of the Al Qaeda- Taliban relations debate and also more generally in terms of delineating exactly what al Qaeda is, this document provides some much needed clarity.

As you all know I have strong feelings on the importance of delineating exactly what is al Qaeda so you can really target it. Obviously the other groups its interacts with too are important, but getting at the al Qaeda core cadre — those 200 or so people that constitute it and manage to keep replenishing at that level–is key to any successful strategy.

To do so requires understanding exactly who constitutes that core, how they fit into the leadership hierarchy, what their responsibilities are, how they carry them out and how they deal with external groups and the human base  in al Qaeda’s orbit.

So as I said I’ve decided to share this translation. I ask that you properly attribute it to me if you make reference to it.  Also I might add that I will find out if you don’t (since this has never before been published) and I will hunt you down and complain very loudly and publically.

Some quick notes follow after the translated chart. If you want the original without the watermark let me know. Here is a link to download a clearer copy of the file. Sorry still new at figuring out how to get images up etc.

thesis diagram final

Well first things first, there is the obligatory conspiracy theory with Israel at the top, but this doesn’t impact upon the credibility or accuracy of the depiction of al Qaeda that follows it. I have verified the accuracy of this chart so you’re looking at the the best insider depiction of how the group operates that I have seen in a long time, probably ever actually.

As I said I can’t really go into too much here in a short blog post but the points I would reinforce from this are:

  • It shows that al Qaeda’s relationship with other groups and organisations requires no oath of allegiance be provided to bin Laden. There is also no provison of  management services from al Qaeda’s core cadre. This means the command and control relationship is extremely limited if existing at all. Al Qaeda essentially buys support.
  • Military training is the common nexus point here and so the key vulnerability. This is why I keep harping on about delineating who is who because of the opportunities this offers up for particular types of targeting…
  • Note the two different streams of oaths of allegiance and three different manifestations of command and control stemming from bin Laden (and more generally the al Qaeda senior leadership). As I’ve already noted, relationships with groups and other organisations has the most limited C&C and no oath.
  • The Blood cadre have the strongest links and ties via oaths. This is al Qaeda core, which has stayed consistent at around 200 people, which was al Qaeda’s core size pre 9/11. They haven’t expanded their core, but they have managed to replenish it. This is what causes me the most concern and what I think has been overlooked in most analysis of the group, as I have repeatedly posted about on this blog.
  • The blood core operate under a different oath to those who are volunteer recruits or in the combat groups, which is where it gets tricky. Again I explain all of this both in terms of how it works on the ground and the doctrinal underpinnings of different oaths and their operational manifestations in my thesis. But simply put this is a critical difference and one that has important implications for analysis especially in relation to command and control issues.

So in lieu of being able to answer the questions you are asking or respond better to comments  (both of which I really do enjoy getting I might add) I humbly offer up this, which I hope you find useful.

Ok I’ve had virtually no sleep so I need to go have a nana nap before trying again to get some tech support from ZA about my data disaster.


Get every new post delivered to your Inbox.

Join 6,224 other followers