Archive for the ‘Operational analysis’ Category

Resourcing proactive CT investigations

02/23/2011 3 comments

I spent most of yesterday eating a bucket load of  ice cream and reading the transcripts and evidence  from the 7/7 inquests and although much of this focussed on the resourcing of CT investigations in the period 2001 through 2006 in the UK, a few things really did stand out for me.  That turned into a 3000 word sugar fueled rant, which I decided to spare you all from and instead sleep on it and return today for a more coherent post, before the thesis arrives back tomorrow, with the final list of changes to be made.  But anyway, back to the inquest and the things it made me think about.

One thing that struck me was the ongoing problem of making sure officers assigned to particular tasks do not get dragged off every time the balloon goes up and another job becomes high priority. This is particularly important not only for keeping continuity across a range of investigations, which need to keep moving on too, but also for ensuring those staffed with what the security service calls Legacy reviews are not dragged off into other work. (see 42-43 for this mention)

Legacy reviews appear to be along the lines of looking for what I’ve coined as “edge of network” links, where a dedicated team sits and goes through previous investigations looking at the information and intelligence gleaned and at persons of interest who have not been deemed essential targets.  Properly conducted, it should move beyond even looking at lower targets and be combined with a methodology focussed on green fields targeting. That way you get what one of my bosses used to call the helicopter view as well as the bottom up review and hopefully prevent things falling through the gaps and not turning up after something goes boom or is perilously close to it. (You can find two earlier posts about edge of network connections I wrote earlier here and here if you are interested.)

The problem with this type of work is that agencies have to essentially measure their output against criteria,  and so with criteria not geared for this type of work, it can be difficult to show progress and on occasion, benefit viz resource output. The curse of *benchmarking* performance (I detest that word)  A good result might be finding you have your bases covered and not generating targets. Another result might be generating targets, investigating, but then no further activity needs to be, or can at that time be, conducted.  An LEA agency using this type of methodology may not produce investigations leading to prosecutions. It  may not always find new targets for investigation– that meet the threshold.  This may not be such an issue for intel services where the threshold is much lower and very different, but it can be a problem for LEA.  By that I mean an LEA cannot and should not go on a great big fishing expedition. But taking a wide view and using particular methodologies are key to properly understanding and examining your data holdings and ensuring people don’t fall through the gaps.  It’s a fine line to tread.

But this isn’t really the big problem. The big problem is that this type of work, whether in intelligence services or LEA, takes a long time, and people doing it can be seen to be doing something that is non essential.  Sometimes it is, sometimes, as was the case with my experience in this area, it turns up something that foresees and contributes significantly to a future investigation and prosecution.

The problem there too is that teams who do produce  work that contributes to or generates an investigation then get pulled off into the ‘new’ operation, and then the task of what the service calls Legacy review falls by the wayside.  Teams doing this type of work aren’t always well staffed versus other areas to begin with and when the balloon goes up, off they go.

There’s always the risk that a team doing this type of work can become isolated and insular in its focus too, but it really is an important aspect of proactive CT investigations, and one that consistently seems to suffer by being the first area tasked for operations support. That’s inevtiable to some degree because the corporate knowledge is there, but it is equally important for funding to be set aside and management support given to teams doing this type of work to be left alone to do it.  It doesn’t tend to work  when there is not good  management and government support as well as resourcing  to make these areas more robust, and also to support this activity with an additional capacity for green fields targeting.

As an aside, seeing this has given me the proverbial kick up the backside to make it a priority to flesh out my still underdeveloped theory (yes I use this word loosely) on “edge of network connections.” Once the thesis is finally bound and off to examiners, fingers crossed, by the end of March, I’m planning on re-visiting this, along with a great big lessons learned post on all the things I have managed to get wrong since I started blogging. I’m a big fan of critical self-reflection so chief on the list, making errors in attributing persons to groups where they are not members or vice versa, missing parts of the evolution of JAT in Indonesia, and getting it wrong in relation to Bekkay Harach.

So, these are the blogging plans, but with the thesis still needing a few last tweaks, the bigger item blog posts such as the above will be on hold until that damn thing is bound and sent off to torture some poor unsuspecting professor who has to read it. Cheers.

My Jane’s article on Al Qaeda command and control is now available

03/24/2010 1 comment

Folks, here is my Jane’s article on the evolving dynamics of AQ’s command and control structures and processes.

One caveat… I wrote this in September/October  last year so it is a little dated in terms of drone attacks etc. However, I still stand by the arguments I made in this piece.

Feedback, as always is welcome. But please bear with me if you’d like a response. I’m drowning with the dissertation at the moment, but I will try to answer any follow up questions.

Many thanks to Tim at Jane’s whose efforts to get me this pdf  I really appreciate.

The reference information for those requiring it is JANE’S INTELLIGENCE REVIEW, 21 (12) November 2009, p 16-20


Edge of network connections and the undie bomber

01/17/2010 5 comments

Was just reading this piece about the Undie bomber and this little snippet from page two stood out.

Still, while he was seen to be “reaching out” to known extremists and appearing on “the periphery of other investigations” into radical suspects there, he was not considered a terrorist threat himself, according to a British counterintelligence official.

via Lonely Trek to Radicalism for Terror Suspect –

Edge of network connections–again. Of course the problem is always resourcing. There is never enough time to track down everything. But still, it seems to me that we see this over and over and over again. Once the dissertation goes in for examination I’m going to work up my little theory on edge of network connections into something substantive. Ok so it’s not a theory in the proper sense of the word, but I’ll be able to build a fairly robust analytical framework around it post thesis.For those of you new to the blog and wondering what the hell I am talking about you can find a little explanation here, and then a bit of background on it here. As I said I wanted to try to work this up, using a few cases and OS data, but it won’t be until post thesis now.

Some comments on Atran’s recent NYT op-ed

12/15/2009 2 comments

Scott Atran put out an interesting op-ed this week in the NYT.   He raised some good points in it, however, I also found a few things in his piece questionable.

  • That al Qaeda has not successfully attacked since 9/11.

No other way to say this except that this is just plain wrong, which is disappointing to see.  There is plenty of OS material that shows AQ’s clear involvement in attacks since then. And it is very clear that the London subway plots in 2005 were al Qaeda directed, and supported.

  • The US invasion of Afghanistan devastated al Qaeda’s core of top personnel.

It didn’t. Al Qaeda has lost a few of its top personnel but not nearly as many as people think because a good number of them were not al Qaeda to begin with. What has happened is that KSM’s network got routed, but al Qaeda recovered from this. It lost quite a few foot soldiers but its core strength remains essentially the same. There are new faces in the mix to replace those who were lost, and most of them have come in from other linked groups, or have re-joined the jihad so to speak.

  • The threat is home-grown youths who gain inspiration from OBL but little else beyond an occasional self-financed spell at a degraded Qaeda-linked training facility.

This quite frankly has me stumped. Aside from my intense dislike for “home-grown”, which is useless as an analytical term of reference, this comment goes against everything we know.

A spell at an al Qaeda linked or al Qaeda run training facility gives people a hell of a lot more than inspiration. It’s the most important element in the entire equation. And a desire to get training is universal. As I have noted repeatedly, going to prepare is a key part of jihadist doctrine and anyone worth their salt will try to do it. Of course there are always exceptions but I can think of only a handful of cases internationally where this hasn’t been one of the defining features of radicalisation (and also operationalisation) and even then its not clear that this wasn’t in the background.

The danger is precisely when people arrive at camps. Actually this is something I recall discussing with General Tito.  He has, I think, one of the best understandings of radicalisation trajectories around. He noted that once someone does hijra (and here in this context he meant to go off and head for a location for training and jihad) it becomes exceptionally more difficult to deradicalise them. Then of course there are the implications for counter terrorism once they return from such training.

Here I’d note too that most people who seek training don’t actually go with the intention of joining al Qaeda. They want training to fight jihad. Al Qaeda’s skill lies in ‘turning’ them to its agenda. So, I think that minimising this process of training or seeking training is  dangerous. It clouds understanding of the dynamics that are crucial to understanding how plots evolve and people are radicalised in that final stage–when they move from seeking training for armed jihad, to becoming involved with a group and carrying out a terrorist attack on its behalf and at its direction.

  • That we are pushing the Taliban into al Qaeda’s arms

Here I presume Atran is referring to the Pakistan Taliban, because this is certainly not the case with the Afghan Taliban. I note he later mentions that the Pakistan Taliban does not have an International Agenda so I found this statement confusing. I do agree that lionising al Qaeda makes it a bigger threat, but I don’t think that on the basis of this one can then make the analytical leap to this somehow causing the Taliban to jump into its arms.

  • I read Atran’s comments about using the Southeast Asian experience on al Qaeda with interest. While there are some similarities, I think this type of generalisation can be harmful. I may have misunderstood Atran here, but my reading of his argument is that the experience of Southeast Asia can somehow be transplanted onto either Afghanistan or Pakistan. Following on from this was the assumption that the Taliban or al Qaeda for that matter are similar enough in structure to use the same types of CT approaches used in Southeast Asia and Indonesia in particular.

I think this is confusing apples and oranges on many levels. First in terms of similarities between al Qaeda and Jemaah Islamiyyah and how they recruit and radicalise, and also in terms of similarities between JI and Noordin’s faction. And then the assumption that any of this can be parlayed onto the Taliban.

JI, as Atran would know has one of the most sophisticated recruitment programs around. It takes years to become a member of JI proper, unlike al Qaeda. The radicalisation, recruitment and membership process is completely different. And that’s because the doctrine and manhaj of al Qaeda is actually entirely different to JI when you get down to the nitty gritty of it.

In JI the role of ustads is critically important in recruitment process as Atran notes when he observes that discipleship is a key element. But there is more to it than this. One of the main keys to understanding this is the different oaths of allegiance taken during the radicalisation process. Often those in the study group under their ustad don’t know they are being recruited for JI  but during their study they make an oath to follow their ustad, so their oath isn’t for JI at this point. But it ties them to their ustad and this relationship is crucial to their further progression into JI. But here’s where it gets interesting and where it also gets complicated.

NT’s faction didn’t work like this. He didn’t recruit along the same ways JI did. He couldn’t obviously because he was on the move and JI’s recruitment process is not only long but quite static.

NT was able to stay on the run for so long and continue his attacks by hitting up his old mates in JI. He just went along to an old ustad mate (here’s where the Afghan alumni plays in) and asked him for some help. The ustad agrees and gives him shelter and some students to help out with hiding and logistics.

Those students swore an oath to their ustad. They then essentially get transferred by virtue of their oath to their ustad to NT—without their knowledge for the most part. Besides which an oath is an oath, and so they end up being bound by it, and are radicalised enough to not break it. This is why many of them didn’t know they were working for NT or his faction or have knowledge of JI or chose to go along if they did know. Those he wanted for operational roles were targeted for further radicalisation, which tended to occur quite quickly. They often moved on with him unlike the others who were only limited to providing support while he was hiding out with a particular ustad’s support.

Here I’d add I’m not contradicting what General Tito says, because I understand the context in what he was saying because it was the same discussion I had many many times with the INP in the course of my work with them. What I am trying to highlight is that these factors were especially key to nabbing those senior figures who supported Top and his faction.

They don’t work so well in getting recruits of JI proper because not all ustad are aulumni, nor are the recruits these days, and the recruits are often not as interrelated in the early stages of their radicalisation process. Again something I discussed many times and something the INP has got a great handle on, especially now with General Tito at the helm of CT efforts.

I think the context in where the factors Atran identified are applicable is important to point out, if we are talking about transferring CT approaches, especially when the JI and NT case is the most unique in many respects.

Bottom line: Apples and Oranges.

Al Qaeda doesn’t recruit in the same way JI does. It’s not structured in the same way. It doesn’t have the same organisational processes, or even doctrine. And the Taliban is a completely different case again.

Having said all of that I do agree wholeheartedly with Atran’s general argument that less is more, and the importance of appreciating local dynamics in resolving the Afghan conflict.

However, it is precisely the point I would make in relation to using Indonesia and SEA in general as an example. While CT efforts in Southeast Asia have been truly impressive, they deal with a unique local dynamic, and also have a functioning state and juridical system to underpin them, as well as a great police force. This cannot be transplanted onto the Afghan conflict. Nor should it. Al Qaeda and the Taliban in any of its manifestations do not function in the same way as JI.

Edge of network ponderings

11/25/2009 Leave a comment

Sadly a bit too busy to go into this in much depth.

But was walking along today wondering ( as one does when shopping) whether or not the Somali arrests/those charged in US also have edge of network connections or whether because they are diaspora based around a particular conflict the networks are more discrete and more pathway based.

A similar case here had very peripheral edge of network connections, but nothing like the types that have characterised AQ core operations. In other words they were not instrumental.

I suspect the network structures will be slightly different between these two examples. With the Somali case and others like it they will probably tend to be more discrete.

Curious though if the radicalisation pathways are that much different– at least on the way in.

Ooooh I so wish I had some time to go digging on this. But I just raise my little shopping epiphany as something some of you folks out there interested in network behaviour might be interested in.

For those of you wondering what the hell I am on about… See here for an earlier post on it and here. I still have to get around to doing the post on the Op Crevice/Airline plots too.

Something interesting about the IMU

11/09/2009 9 comments

I’m currently doing a little bit of writing on this crew for the pesky dissertation. Anyway, I just stumbled upon an interesting little fact, which I thought I would share. The IMU, under Tahir Yuldashev (who I am now presuming is still out there and alive and kicking) has a policy that once you join the IMU, you cannot leave. Yup, that’s right. No leaving. Ever. Unless that is you want to meet your maker earlier than you had otherwise planned.

They do however have a longer vetting and screening process before membership and apparently recruits are made aware of this before joining. I’m not sure of the time-span of this vetting process, and don’t have the time to go find out at the moment.

Anyway, just a quick post because I find this quite fascinating. There aren’t many groups I can think of who have such a strict policy.


Aaron on As Sahaab and how it works

11/02/2009 Leave a comment

Aaron has made some great comments about As Sahaab and how it operates. For any of you interested in how Sahaab operates this is a must read.

Actually check out all of his postings for Nov2, there’s some good stuff there.