18 March 2015
Terrorist attacks are not always security failures. Anti-terrorism is more about weighing risks than combating every threat.
Simon Palombi
Simon Palombi
Former Consultant, International Security


Armed British Transport Police officers patrol the Eurostar platforms at St Pancras railway station on 8 January 2015 in London. Photo by Peter Macdiarmid/Getty Images.
Armed British Transport Police officers patrol the Eurostar platforms at St Pancras railway station on 8 January 2015 in London. Photo by Peter Macdiarmid/Getty Images.


Recently the security services in the UK, France and Denmark have found themselves under scrutiny for failing to intercept individuals that have gone on to commit terrorist acts. But such a view fails to consider the ultimate purpose of risk assessments for individuals with known extremist tendencies. That is to ensure the proper allocation of resources to detect, interfere with and intercept terror plotters, not to predict future events.

In the United Kingdom, terrorism is managed through a risk-based approach called the CONTEST strategy. This is designed to streamline resources into disrupting terror plots deemed to have the highest chances of success. One point that the three enquiries into the 7/7 London bombings reached a rare consensus on is that countering terrorism is a resource heavy undertaking, both in terms of manpower as well as bureaucratic and legal processes. With the number of individuals in the UK who are ‘known to police’ for terror related activity numbering in the thousands, the security services rely on a process to pragmatically filter the wolves from the sheep. 

In the cases of Islamic State’s ‘executioner’ Mohammed Emwazi, Charlie Hebdo killers Said and Cherif Kouachi, and Copenhagen shooter Omar El-Hussein, all were ‘known to police’, but this phrase does not automatically mean that a person or group is believed to pose a significant threat of terrorism to society. It merely describes individuals or groups who are designated to be risk assessed. And it is only when such assessments have been carried out that the threat posed by an individual or group is ‘known’. In this sense, risk assessments provide the security services a way in which to decide who is worth the investment of resources to investigate, disrupt and intervene.

By their very nature, these assessments are not always accurate.  Indeed, despite risk assessment methodologies being applied to terrorism since the 1980s, predicting human ingenuity remains a significant difficulty. All risk assessments rely on input information. In the case of terrorism, such inputs may relate to an individual’s known network, the organization they are a part of or seek to be a part of, or a previous known history of extremist behaviour, information usually gathered as intelligence.

But intelligence is often incomplete, and without access to clear information, assessors will turn to specialist knowledge to fill intelligence gaps. The problem with this is that the subject matter, terrorism, is thankfully comparatively rare. Thus, unlike natural hazards, it is almost impossible to independently verify the conclusions of a terrorism expert for a risk assessment. Governments and insurance companies use climatologists and geologists to help foresee the risk of flooding, but these scientists can form solid, independent conclusions on the frequency of floods in an area by, for example, examining soil samples.

Terrorism specialists, however, do not have this capacity, and the security services have yet to identify a body of research on which to develop it. And although every new terrorism case adds to the body of knowledge, such knowledge cannot account for new innovations to avoid detection until after a plot’s discovery.

Also, as terrorism has evolved, security services now have to deal with smaller plots that lack the complexity that large plots demand. A car, knife and an antique revolver is all that is necessary to carry out a successful attack and cause widespread fear. Accordingly, these smaller plots are much more difficult to both detect and risk assess.

Risk assessments should be seen as a resource allocation tool, a preliminary step of a process leading to preventative measures being implemented. Although unconfirmed, it is plausible that in the recent cases of Emwazi, the Kouachi Brothers and El-Hussein, the known intelligence on them did not raise any red flags, as defined by current knowledge, but may have simply warranted follow-up investigations.

This in and of itself should not be seen as a failure. Mistakes will happen, despite the low public appetite for risk. The problem with pointing to the misses, rather than the hits, and crying failure in regards to these assessments, is that it risks a loss of focus on the bigger picture – and that is to ensure that the security services are able to target, with relative accuracy, the true threats.

The author would like to acknowledge Detective Chief Inspector Craig McCann, head of strategy at the National Counter Terrorism Policing Headquarters for his assistance with this article.

To comment on this article, please contact Chatham House Feedback