Home > Commentary, Open Source Documents, Operational analysis > Resourcing proactive CT investigations

Resourcing proactive CT investigations

February 23, 2011, 4:42 pm Leave a comment Go to comments

I spent most of yesterday eating a bucket load of  ice cream and reading the transcripts and evidence  from the 7/7 inquests and although much of this focussed on the resourcing of CT investigations in the period 2001 through 2006 in the UK, a few things really did stand out for me.  That turned into a 3000 word sugar fueled rant, which I decided to spare you all from and instead sleep on it and return today for a more coherent post, before the thesis arrives back tomorrow, with the final list of changes to be made.  But anyway, back to the inquest and the things it made me think about.

One thing that struck me was the ongoing problem of making sure officers assigned to particular tasks do not get dragged off every time the balloon goes up and another job becomes high priority. This is particularly important not only for keeping continuity across a range of investigations, which need to keep moving on too, but also for ensuring those staffed with what the security service calls Legacy reviews are not dragged off into other work. (see 42-43 for this mention)

Legacy reviews appear to be along the lines of looking for what I’ve coined as “edge of network” links, where a dedicated team sits and goes through previous investigations looking at the information and intelligence gleaned and at persons of interest who have not been deemed essential targets.  Properly conducted, it should move beyond even looking at lower targets and be combined with a methodology focussed on green fields targeting. That way you get what one of my bosses used to call the helicopter view as well as the bottom up review and hopefully prevent things falling through the gaps and not turning up after something goes boom or is perilously close to it. (You can find two earlier posts about edge of network connections I wrote earlier here and here if you are interested.)

The problem with this type of work is that agencies have to essentially measure their output against criteria,  and so with criteria not geared for this type of work, it can be difficult to show progress and on occasion, benefit viz resource output. The curse of *benchmarking* performance (I detest that word)  A good result might be finding you have your bases covered and not generating targets. Another result might be generating targets, investigating, but then no further activity needs to be, or can at that time be, conducted.  An LEA agency using this type of methodology may not produce investigations leading to prosecutions. It  may not always find new targets for investigation– that meet the threshold.  This may not be such an issue for intel services where the threshold is much lower and very different, but it can be a problem for LEA.  By that I mean an LEA cannot and should not go on a great big fishing expedition. But taking a wide view and using particular methodologies are key to properly understanding and examining your data holdings and ensuring people don’t fall through the gaps.  It’s a fine line to tread.

But this isn’t really the big problem. The big problem is that this type of work, whether in intelligence services or LEA, takes a long time, and people doing it can be seen to be doing something that is non essential.  Sometimes it is, sometimes, as was the case with my experience in this area, it turns up something that foresees and contributes significantly to a future investigation and prosecution.

The problem there too is that teams who do produce  work that contributes to or generates an investigation then get pulled off into the ‘new’ operation, and then the task of what the service calls Legacy review falls by the wayside.  Teams doing this type of work aren’t always well staffed versus other areas to begin with and when the balloon goes up, off they go.

There’s always the risk that a team doing this type of work can become isolated and insular in its focus too, but it really is an important aspect of proactive CT investigations, and one that consistently seems to suffer by being the first area tasked for operations support. That’s inevtiable to some degree because the corporate knowledge is there, but it is equally important for funding to be set aside and management support given to teams doing this type of work to be left alone to do it.  It doesn’t tend to work  when there is not good  management and government support as well as resourcing  to make these areas more robust, and also to support this activity with an additional capacity for green fields targeting.

As an aside, seeing this has given me the proverbial kick up the backside to make it a priority to flesh out my still underdeveloped theory (yes I use this word loosely) on “edge of network connections.” Once the thesis is finally bound and off to examiners, fingers crossed, by the end of March, I’m planning on re-visiting this, along with a great big lessons learned post on all the things I have managed to get wrong since I started blogging. I’m a big fan of critical self-reflection so chief on the list, making errors in attributing persons to groups where they are not members or vice versa, missing parts of the evolution of JAT in Indonesia, and getting it wrong in relation to Bekkay Harach.

So, these are the blogging plans, but with the thesis still needing a few last tweaks, the bigger item blog posts such as the above will be on hold until that damn thing is bound and sent off to torture some poor unsuspecting professor who has to read it. Cheers.

Like
Be the first to like this post.
  1. February 24, 2011, 4:29 pm at 4:29 pm | #1

    The transcripts are fascinating arent they. But I wonder whether people think that it is actually useful in practical terms or is it simply resource consuming? I keep thinking that it might be more useful to do a similar event for a plot that almost got through – like the 2007 attempted bombing in London and Glasgow.

    • Leah Farrall, Australia
      February 24, 2011, 6:49 pm at 6:49 pm | #2

      Yes they are. And interesting question you AK. I think there’s lessons to be learned from the review process undertaken earlier and in particular (in relation to the transcripts of the service and their role) for some big lessons learned on reporting to inquests and other government bodies. As for review processes, I don’t know if UK has it, if so I’ve missed it, but we have a five year review here. I think it’s worthwhile because it keeps an eye on how interagency cooperation is going, something that is becoming increasingly important as more and more jobs are conducted as joint ops.

  2. davidbfpo
    March 13, 2011, 9:33 am at 9:33 am | #3

    I have read only a small proportion of the 7/7 Inquest testimony, when the focus was on predictability.

    Given the political reluctance of the UK government to have the inquest, let alone the resistance from the agencies, I cannot envisage a further public spotlight on such an event. Look how the ISC reports on 7/7 appear now. Whether this affects the credibility of the ISC to those who actually know it exists is a moot point, but I doubt if it satisfies.

    Now if the missed opportunities to avert 7/7 are presented in a similar format to Jeff Jonas power point on 9/11, then a valuable public service will be fulfilled.

    Incidentally a review of the 2007 London-Glasgow bombings, creating the time line of those three days would be interesting too. The fleeing bombers were “lost” and only reappeared in their second attack at Glasgow Airport.

    Good luck on examining the ‘edge of network connections’ where I’d expect to see the ‘usual suspects’ and ‘godfathers’. Plus those who have actively left the violent Jihad and for example still play football with their old comrades (which Scott Atran refers to in his new book). The current Jihad maybe too topical and sensitive, perhaps earlier terrorist campaigns? The Red Brigades and the Provisional IRA come to mind.

  1. No trackbacks yet.

Leave a Reply