My last column of last year for the Financial Times, thinking some rather unseasonal thoughts about the terrorist threat and what is happening to responses towards it. In large part draws on some very specific discussions I had in the last quarter of last year. Am always a bit concerned about sounding like a doom-monger, but at the same time the problem with these threats is they can surprise and in the absence of concerted response get worse. Yet, if there is a response then the problem never appears. Better to be Cassandra or crying wolf?
The growing consensus among the UK national security establishment is that terrorism is no longer the biggest threat. As migration, Russia’s war in Ukraine and Chinese military expansion increasingly top the list of concerns within Whitehall, terrorism has fallen out of vogue.
To some degree this is a positive thing. Al-Qaeda’s September 11 attacks warped the global security apparatus, and the exaggerated response to this event, including the invasions of Afghanistan and Iraq, created their own security problems. But it is alarming how quickly the terror threat has been downgraded: capability and resources are now being reallocated towards state-based threats. For the security agencies, China, Russia and Iran are the priorities, and more attention is being paid to them. Generally this resource is reallocated (often from counter-terrorism) rather than created.
Terrorism has been a feature of human society for generations. Back in the early 2000s, the scholar David Rapoport posited the idea of this threat operating in 40-year “waves”. He traced an “Anarchist wave” (1880s to 1920), an “Anti-Colonial wave” (1920s to early 1960s), a “New Left wave” (mid-1960s to 1990s), and the current “Religious wave” that began with the siege of Mecca in Saudi Arabia, the fall of the shah of Iran and the Russian invasion of Afghanistan in 1979.
By his calculations, the religious wave is now receding. The UK and Australia have both recently lowered their terror threat levels. The question is where, and when, the next wave will emerge. Polarised politics, stratified societies, growing anti-establishment sentiment, public concern about climate change or other large-scale injustices and numerous global conflicts are all potential fissures.
Tracking potential new risks while keeping an eye on existing ones requires a monitoring mechanism. The signs are there if you are alert to them. Al-Qaeda loudly and repeatedly telegraphed its intention prior to its attacks in Africa, Yemen and the US. The emergence of the al-Qaeda-linked insurgency in Iraq and the consequent expansion of terrorist threats globally was clearly signalled in reporting prior to the invasion. The over-optimistic early responses to the Arab Spring masked the clear growth of threats in Africa as Libya’s weapons stockpiles were drained.
Meanwhile, the flame of conflict was ignited in Syria. The emergence of Isis on the battlefield may have been a surprise to some, but not to those who had been watching ISI, its precursor organisation in Iraq, in the wake of the 2009 US withdrawal.
Elsewhere, the growth of the extreme right in Europe was relatively predictable given the increasing disquiet about immigration and Muslim extremism. The 2011 attack in Norway by far-right terrorist Anders Behring Breivik was an early indicator which has subsequently proven to have inspired a wider neo-fascist community. Breivik’s attack was directly referenced by the 2019 Christchurch attacker Brenton Tarrant.
These things tend not to come out of the blue. But trying to divine where the next hazards may emerge requires careful observation, assessment and attention. While there was clearly a need to adjust the terrorist threat response given the growing state-based threats, the concern now is whether we are going too far the other way — especially when the picture is so confusing.
The UK Home Office has created a category of threat called “mixed, unstable and unclear”, referring to extremists with no clear ideology, or those citing multiple, and sometimes conflicting, influences. And while it is unlikely that another epoch-changing event on the scale of September 11 is around the corner, even smaller-scale terrorist events can prove deadly and scar societies.
Any reduction in resources, therefore, must be carefully thought through. Re-evaluating the risk is fine — forgetting it entirely is not.
The writer is senior fellow at the S Rajaratnam School of International Studies
Another piece from late last year, this time for RUSI looking at the threat assessment provided of the current threat picture to the UK and the work of his Service by MI5’s chief in November. It digs into what he said, and tries to draw on wider data to build up a more detailed picture of what is going on with the picture he painted.
As the government conducts a review of its counterterrorism strategy, a speech by the head of MI5 offered some pointers about the changing nature of the threat.
Main Image Credit Big picture: Director General of MI5 Ken McCallum gives a speech on threats to the UK on 16 November 2022. Image: PA / Alamy
In mid-November, MI5 Director General Ken McCallum gave his annual threat assessment speech, outlining the threats to the UK that his service was monitoring. Much of the focus of the subsequent media reporting was on the state-based threats that he covered (emanating from China, Russia and Iran), but he also highlighted that since his last presentation in July 2021 his service had disrupted eight ‘late-stage attack plots’. Only briefly mentioned was that during this same reporting period, the UK had suffered three terrorist attacks – leading to the death of one attacker and Sir David Amess MP. A close examination of all of this plotting suggests that some important tweaks are necessary to the UK’s CONTEST counterterror strategy to ensure it is able to deal with the complicated threat the UK continues to face.
In his speech, McCallum outlined that the plots the MI5 had detected emanated from ‘a mix of Islamist and extreme right-wing terrorism’ and that the ‘lines demarcating what is and is not terrorism’ were increasingly hard to draw. The focus was largely on lone actor plots (or self-initiated attackers), which his service found across ideologies. He also mentioned the continuing aspiration by groups to launch something more substantial, though this has become much harder for them. All of this may seem a fairly clear assessment, but it is in fact quite difficult to dig into in much detail given current levels of reporting around terrorist plots in the UK.
Security Service reporting around attack plots is increasingly opaque. The habit currently is to refer to disrupting ‘late-stage attack plots’, in which the investigators think that the individual was going down a path of trying to launch an attack rather than conduct some other form of terrorist activity (for example, dissemination of extremist material, radicalisation of others or fundraising in some way). Yet what exactly this looks like has not been clearly defined, and an examination of reporting around terrorism arrests in the UK since July 2021 (when he last gave the speech) reveals only six cases can in which some form of identifiable attack was reportedly being planned.
Many of these are still being managed through the courts, and consequently specific mention needs to be done carefully, but drawing on open source reporting, the following trends are visible in the caseload.
In ideological terms, half appear to have Islamic State inspiration, while the other half have elements of extreme right-wing (XRW) thinking in their make-up. In two of the XRW cases, the ultimate target was a 5G mast, suggesting the influence of conspiracy theories. Both of these cases had deep anger against the government also present in reporting, and both plots involved older individuals (38, 59 and 59). The 59-year-olds were a male and female pair who were reportedly in contact online.
All of the other cases are made up of teenagers, with two cases involving pairs (one two boys of 15 and 19, and the other a male/female 17/18-year-old pair). Of the Islamic State-inspired ones, only one case involves someone with a name of likely Muslim origin, while the others all appear to be non-Muslim origin names, with no reference to conversion in their cases. The targets are all quite general, but it appears that anger against the police or security state is high on their priority list, with two accused of conducting hostile reconnaissance of security establishments (one from each ideology).
They are scattered around the country, and were all active on various online platforms – from large established Telegram groups to gaming platforms and Discord. At least two of the younger boys are identified as being diagnosed with autism spectrum disorders.
When held up against the three attacks that took place during the reporting period which McCallum mentioned only briefly in his speech (Sir David Amess’s murder, the Liverpool Hospital bomber and the Dover migrant centre firebomb), the most obvious similarity is the older nature of the XRW terrorist who attacked the Dover migrant centre. A 66-year-old, his profile fit that of the last four older male XRW terrorists in the UK who launched lone actor plots (Jo Cox MP’s murderer; the Finsbury Park mosque attacker; a man seeking to kill Muslims who stabbed a person in Surrey in 2019; and a Britain First supporter who drove into a curry house owner in Harrow in June 2017). The previously mentioned two disrupted cases seeking to strike 5G masts also somewhat fit this profile.
The other two do not. The ideology of the Liverpool bomber remains unclear, and while he was a younger man, neither he nor Sir David Amess’s murderer were teenagers. Sir David’s attacker appears to have a been a residual case from the cohort of young men radicalised by Islamic State who waited years to launch his attack. This stands in contrast to the confused Islamic State-inspired teenagers in the arrested cohort.
It is hard to know what to draw from this. The most obvious point is the continuation of the previously identified trend of older men (for the most part) being those interested in launching XRW attacks. The fact that 5G masts are a desirable target highlights how the conspiracy theory-driven ideologies that thrived during the pandemic have taken hold among parts of this community. It does suggest a possible new profile of offender that security forces might need to focus on (as general as it might seem). On the violent Islamist side, the Sir David Amess case highlights that there are still residual concerns around the Islamic State-linked cohort, highlighting the long tail this problem can have.
The other side to the age question is the seeming lack of attacks involving teenagers. It is clear from other reporting that the volume of teenagers being arrested is up, but not many are actually launching attacks. Among the XRW community, there have not been any teenagers involved in attacks, and one has to go back to September 2017 and the attempted bombing of an underground train at Parsons Green to find a teenager inspired by Islamic State launching an attack. This is not to discount the potential threat posed by this group, or to suggest that security forces only need to respond to the threat they observe, but it is likely worth considering the extent of the menace actually posed by this young cohort. Jonathan Hall QC, the Independent Reviewer of Terrorism, has raised similar questions, identifying parts of this alarmingly young cohort as ‘keyboard warriors’.
It is also notable that in three of the cases, pairs of individuals were arrested, and in two others there is evidence that the individual was plotting with others online. Only one appears from reporting to be an isolated actor (though this may of course be untrue). This hammers home the oft-repeated point that lone actor terrorists are never really alone. It also raises questions around the three successful attackers – all of whom appear thus far to have been identified as isolated.
This picture is, of course, incomplete and the dataset too small to draw any scientifically satisfactory conclusions. McCallum referred to eight plots, while this author was only able to locate six. But taking this group alone, it is notable how there is a balance between the XRW and violent Islamist groups. The actual danger posed by all of them in national security strategic terms is questionable, though any threat to life clearly needs to have substantial resources dedicated towards countering it. Another aspect McCallum touched upon which is increasingly obvious in XRW plots is the desire to own or use 3D printers to manufacture weapons. Whether this is just for collection or for actual use is unclear, but it helps overcome one of the major hurdles faced by terrorist cells in the UK, which is sourcing weaponry that they can use to cause mass carnage. Guns are hard to obtain in the UK, while bombs require practice to make. Bladed weapons will always limit capability.
Bigger potential terrorist threats were hinted at in other ways. In his speech, McCallum also referred to at least 10 incidents since January of threat to life or kidnapping in the UK involving Iranian actors. This is not new behaviour for Tehran, but the volume when compared to the indigenous domestic threat is notable. It will be interesting to see how much he identifies similar threats from China and Russia, the two other adversaries highlighted, in the future – Russia of course already has form for such action in the UK – and how (or if) the counterterror strategy might seek to address this threat.
There are aspects of the threat beyond the speech which also bear noting. Earlier in November, a 20-year-old and a 17-year-old were arrested in Birmingham for planning to join Islamic State Khorasan Province. This followed earlier reporting of Taliban officials detaining a pair of Britons crossing over from Uzbekistan who were trying to join the group, and a video that emerged from Pakistan which showed an individual identifying himself as Asadullah from England calling for people to come and join the jihad in Pakistan in a strong British-sounding accent. There is a longstanding connection between the UK and jihadist groups in South Asia, and it appears to still be active.
Looking further afield, Syria continues to host a number of potentially threatening groups and UK-linked individuals in Kurdish custody, while Africa has been repeatedly identified as an area where a growing volume of terrorist groups affiliated with al-Qa’ida and Islamic State continue to gather and plot. While it is not clear how much of a threat any of this poses directly to the UK, it illustrates that the threat picture remains fairly constant across much of the globe.
But focusing back on the UK and McCallum’s speech, the most important thing is to try to unpick which aspects of the threat require additional consideration and engagement as the government goes through a review of the CONTEST counterterrorism strategy, and the long-awaited review of PREVENT is released. The threat has clearly changed; it remains to be seen in what way the response will.
My latest column for the Financial Times on Russia’s purported ‘counter-terrorism’ activity in Africa. Not so much CT as counter-influence operations really, none of which bodes well for the underlying problems.
When Russia was widely condemned for its illegal referendums in the Donbas at a vote of the UN General Assembly last month, it was notable that a clutch of African countries chose to abstain or stay away. Many of these had benefited from Russian counter-terrorism support; Burkina Faso – still reeling from a coup sparked by the government’s failure to stem an ongoing Islamist insurgency – might be about to ask for it. As al-Qaeda affiliates and Isis representatives converge in the Sahel region and across the continent, Moscow is increasingly bending terrorism to its advantage in the pursuit of political influence.
The terrorist threat picture across Africa has always been a messy one. Most groups are active locally, and the aspiration or capability to launch attacks beyond the continent’s borders tends to be confined to Isis networks in Libya or Egypt and al-Shabaab in Somalia. Terrorist groups across the region target foreigners, with mixed motives: attacking the Westgate Mall or DusitD2 Complex in Kenya, or the In Amenas gas facility in Algeria attracts attention; kidnapping can often be as much about profit as terror.
The situation is even more complex when groups without clear affiliations declare Isis as their inspiration. Almost half the deaths attributed to Isis worldwide in 2021 took place in sub-Saharan Africa. But it can be hard to distinguish between Islamist violence and longstanding regional conflicts. The jihadifuelled insurgency in Mozambique’s northern province of Cabo Delgado appears to have some international links but draws on a long history of local disenfranchisement.
Counter-terrorism support from the west has a chequered history. Former regional colonial powers like the UK and France have played a significant role in countries such as Mali, while the US has funded or trained special forces to varyincreased, degrees across the Sahel to help combat threats. Non-military aid in the region has been targeted at the underlying causes of instability.
Yet none of this has done much to suppress the overall threat and may even have been counter-productive. In September 2021, Guinean forces left their training with the US Green Berets to join the military takeover of Conakry. The 2020 coup in Mali, which led to the eventual breakdown in relations between Paris and Bamako, was led by forces built up by the French army over the previous seven years under Opération Barkhane. This project – established by the French after the near takeover of Mali by Islamist militants in 2013 – was undermined by loosely defined goals. As tensions with Bamako the Élysée finally announced in February a withdrawal of troops.
The result has been a turn by Malian authorities towards mercenaries such as the Wagner Group, which has close links to the Russian GRU intelligence agency. This is not unique to Mali: Wagner forces have also appeared in Libya, Democratic Republic of Congo, Central African Republic and Mozambique. In Bamako, members of this Russian proxy militia are celebrated in the streets. In exchange for their services, Wagner appears to be receiving access to minerals while Moscow wins strategic allies, as evident in UN voting patterns.
But the signature of Wagner deployments tends to be a focus on subduing civilian populations and harshly suppressing insurgencies. While the western approach may have not been as effective as intended, it at least avoids the indiscriminate brutality exercised by Russian-backed forces.
In Burkina Faso, the latest coup leader Ibrahim Traoré seems to be playing both sides: he reportedly told US diplomats that he did not intend to call on Wagner forces, but some of his local suping porters have called for a new strategic partnership with Moscow, and Russian flags were prominently on display as he took over the capital Ouagadougou. Wagner boss Yevgeny Prigozhin also posted his support for the takeover on Telegram, saying soldiers had done what was necessary.
Given the failure of many western counter-terrorism efforts, it is hard to see how this battle for influence can be resolved. Moscow is acting both to frustrate the west and benefit itself. It is imperative that the US, UK, France and their allies find ways to continue engaging with Sahelian countries and working to alleviate the disenfranchisement that is often a touchpaper for insurgency.
Security engagement around specific terrorist groups must continue, with better safeguards to prevent it backfiring. And crucially, these efforts must be disentangled from the wider geopolitical confrontation between Russia and the west. Otherwise, the Sahel will remain a region ripe for manipulation.
The writer is senior fellow at the S Rajaratnam School of International Studies
Another edited interview with a senior security official for the excellent CTC Sentinel. I realize that it has been quite a while since I wrote an actual researched article for them. Been working on one for a long time which I really need to get finished. Huge thanks to Paul and his excellent team for their work.
Robert Hannigan was Director of GCHQ, the United Kingdom’s largest intelligence and security agency and NSA equivalent, between 2014 and 2017. He established the United Kingdom’s National Cyber Security Centre (NCSC) and was responsible with military colleagues for the United Kingdom’s national offensive cyber program.
He was Prime Minister’s Security Adviser from 2007-2010, giving advice on counterterrorism and intelligence matters. Prior to that, he worked as principal adviser to Prime Minister Tony Blair on the Northern Ireland peace process. He was awarded the U.S. Intelligence Distinguished Public Service Medal in 2017 and honored by Queen Elizabeth for services to U.K. national security in 2013.
Robert is currently Warden of Wadham College, Oxford, and European Chairman of the cyber security company BlueVoyant. He is a Senior Fellow at the Belfer Center, Harvard; Fellow of the Institution of Engineering & Technology; and Distinguished Fellow of the Royal United Services Institute.
CTC: Shortly after you were appointed the director of GCHQ (Government Communications Headquarters) in 2014, the Islamic State declared a caliphate after taking control of large swaths of Iraq and Syria. When you retired as director in 2017, the group was well on the path to territorial defeat in Syria and Iraq. How would you describe the contribution GCHQ made to the global campaign against the Islamic State and protecting the United Kingdom from the group’s terrorism? How did GCHQ evolve to focus on the Islamic State threat, and what were the lessons learned?
Hannigan: There were two things in particular about ISIS that made it different. One was obviously the geographical hold: the fact that it had territory in northern Syria and northern Iraq—whether you want to call it a caliphate or not—which made it almost inaccessible from the ground in practice.
The other thing that made it different was generational. This was a group that understood the power of media, and particularly new media, in a way that previous Islamist extremist groups had not. Those were two big challenges. From GCHQ’s point of view, counterterrorism was at that stage the biggest single mission. There were, of course, lots of other missions, too, but [CT] was a huge investment of resources, for obvious reasons. To some extent, GCHQ was using the lessons it had learnt in Afghanistan, which had been a very strong counterinsurgency/counterterrorism effort where GCHQ had been embedded with the military. It was building on those lessons, but of course the SIGINT environment in Syria and Iraq was very different.
In Afghanistan, essentially the Allies owned the communications space, just as they owned the air space. That wasn’t the case in northern Syria, so it was a different kind of challenge. But a lot of the techniques and international cooperation had been well exercised in Afghanistan. To some extent, the first part was a traditional mission of ‘how do you disrupt and destroy a terrorist organization from its leadership downwards,’ but the second bit was genuinely new in the sense that ISIS was obviously trying to project attacks back, as well as recruit heavily from the West to travel into the caliphate. Both of those ISIS objectives, which were interconnected, were things which we needed to disrupt, and so a lot of the task was about understanding how ISIS media worked and trying to disrupt that. I cannot say how this was done from a U.K. perspective, but there is a great deal of media reporting and academic work on this available in the U.S.
ISIS were doing two things through their media campaigns. One was inspiring people and then actively grooming those they had inspired to either come to join the group or launch attacks. And both of the stages really needed disrupting. Disrupting global ISIS media was a much broader challenge, of course, but trying to prevent individual grooming and attack planning was traditional MI5 territory, supported by GCHQ. It would not be right to go into the details of how it was done, but I do not think there was anything conceptually different about how we went about doing that from disrupting traditional recruitment and attack planning. The big difference was that it was all at one remove.
I think there were two advantages [for ISIS] to having territory: one was the propaganda value and the fact that you can present, as you saw endlessly in Dabiq and the other glossy publications, what life in the caliphate was like. That gave them a romantic propaganda advantage to be able to say, ‘Here we have built this wonderful land for you, where you can live a religiously pure life.’ But it also gave them a safe place from which to mount operations, and all they needed apart from connectivity was the understanding of how to do that: How do you inspire, radicalize, and then manipulate people? So in a sense, it was a psychological campaign as much as a physical one.
CTC: How would you describe the counterterrorism cooperation between GCHQ and U.S. agencies such as the NSA as well as other members of the Five Eyesa and European allies?
Hannigan: It is incredibly close and always has been, in particular with the NSA. But I think what happened over the ISIS campaign was that counterterrorism really drove the cooperation between SIGINT agencies in Europe. Cooperation amongst European partners has always been good on particular cases, but I think the pressures of terrorism really drove that in a very constructive way. So now the SIGINT agencies are [working] closer together, probably more than they have ever been as a result of terrorism, and there was very active cooperation right through the attacks in Europe and beyond, as well as cooperation with other services around the world.
Fortunately, with European partners, Brexit did not make much of a difference in terms of maintaining cooperation, partly because of the threat of terrorism; these joint efforts were too important to be damaged. Different Five Eyes partners will have slightly different relationships with different European countries. But for the U.K., the French and German relationships, for example, were very important. And the U.K.’s traditional military and intelligence relationships with the Scandinavian countries have remained very strong and strengthened in the context of Russia.
CTC: What for you have been the key lessons learned in balancing democratic liberties with intelligence gathering in counterterrorism in the 21 years since 9/11?
Hannigan: It’s always been a balance. Access to data is the key for SIGINT in particular, but probably for all the agencies, and what’s changed is that there’s been an exponential rise in the amount of data being produced by the private sector on citizens. This gives undemocratic states new possibilities to do surveillance, and it’s right that in a democratic society you need to have an active and constant debate about whether you’ve got the balance right. In the U.K., the [2016] Investigatory Powers Act was an attempt to do that after the revelations by Edward Snowden, though I think the legislation was coming anyway at the time, probably accelerated a bit by Snowden. In the U.K. context, that legislation seems to strike a balance that people are comfortable with.
It’s quite interesting that very quickly after the Snowden revelations, the debate moved on, because terrorism, then the resurgence of Russian aggression, and what the tech companies were doing with data really made what governments had access to seem quite secondary. Of course, it is very important that government should be held to a higher standard, and I think that it is a debate that needs to be had all the time, particularly as data processing and data holding in the private sector changes. But it does feel like the public debate has moved on, moved on to what companies like Facebook/Meta and the other tech companies are doing.
So I think the lesson for the intelligence community is not to be afraid of the public debate. Probably one of the mistakes made towards the end of the last century, and at the beginning of this one as the internet became available widely, was not to have that debate openly enough. Because consent is crucial to intelligence operations in democratic countries, and I think there was probably an assumption that everyone understood what was happening within this context and I am not sure people did. So one of the lessons is to get better at having that debate more often, especially as it is not a static thing and you are never going to come to a conclusion on the issue, rather it has to be a dynamic debate. Ultimately, we want the minimum necessary powers for agencies. But as the technology evolves, you have to evolve in response.
CTC: If we could pull on a few threads there, what was the impact of Edward Snowden’s revelations on counterterrorism capability, and how responsible do you think the social media platforms have been in keeping terrorists and extremist content off their platforms?
Hannigan: There was a clear reaction from terrorist groups and hostile states in particular, to the revelations, and yes, there were specific counterterrorism consequences, which at the time my predecessor Iain Lobban and his counterpart at the NSA Keith Alexander talked about.b There were things going dark that probably wouldn’t have gone dark otherwise.
With the tech companies, things have changed, but when I came into the job in 2014 I had a go at the companies1 (something that was unusual at the time). I thought they were at that point being irresponsible, and we were in a slightly ridiculous position where the agencies were having to ask a company’s permission effectively to help on particular operations. The companies would decide whether this met their threshold for what constituted terrorism, and there seemed to be something completely anti-democratic about that. For all their failings, governments at least get elected. Tech companies are not, and they do not have any expertise in this, so it is quite weird to be expecting a bunch of probably well-meaning people in Silicon Valley to make decisions about what is and what is not terrorism in a far-flung part of London.
And, to be fair to the companies, I think they felt deeply uncomfortable, too. They are money-making enterprises. Most of them are effectively advertising companies, if we are honest; Meta is a massive advertising company, and so was part of Google. That is their business, and they did not really want to be drawn into CT, which is where the narrative about them being neutral conduits and just platforms with no editorial control came from. I think they actually believed that narrative, and they really did not think they were enabling terrorist activity.
I think over the years—under public pressure but also as a result of terrorism and other serious crime—they have realized that they are not neutral and they have to take some kind of position on this, and they have to find a better way of doing it. Every major country is now looking at legislating on this; in the U.K., through the Online Safety Bill.c The manipulation of democratic institutions and elections has accelerated the feeling that we have to do something and put even more pressure on the tech companies.
So it does look very different now from when I said those things about ‘big tech.’ It was unfashionable to have a go at tech companies back in 2014; now everybody piles in and, if anything, it is a little one-sided. I think they are, on the whole, trying to address the problems, with varying degrees of success. But nobody quite has the answer. We know in the West that we do not want state control of these things, but neither do we want an unregulated private sector-driven landscape.
CTC: GCHQ has long been associated with signals intelligence. But in recent decades, there has been an information revolution with deep implications for intelligence gathering and analysis. Not only is there vastly more information (and dis- and mis-information) to sift through than ever before but open-source intelligence has become much more important and “the government’s ability to collect and analyze information is nowhere near dominant compared to what it used to be.”2 How have and should agencies like GCHQ be adapting? How important is AI and machine learning (ML) in this new era? Given “secret agencies will always favor secrets,” and given the calls for an open-source agency to be set up in the United States,3 does the United Kingdom now need a dedicated open-source agency, a new sort of BBC Monitoring?
Hannigan: Well, it’s interesting you mentioned BBC Monitoring as the Americans had the Open Source Center, which was a much larger version of that. It has now changed and become the Open Source Enterprise.d It was taken very seriously by the U.S. and did a great job. As does BBC Monitoring, though it has gradually been pared down over the years, and in any case was traditionally more focused on broadcast media than on new media or social media.
[Dis/mis-information] is a huge challenge but is highlighted not so much by terrorism but by the attempts to subvert democratic processes by Russia. The U.K. and lots of countries were really caught napping here because there wasn’t any structural part of government whose responsibility was to monitor this. There were two reasons for this, I think. One is that the secret agencies have a lot of other things to do—countering terrorism, for example—and have limited resources. But secondly, it’s very uncomfortable for intelligence agencies to be doing open-source monitoring, particularly where social media is concerned. There is something instinctively difficult about secret agencies looking at mass social media use. The idea [of having] GCHQ or MI5 all over everybody’s Facebook accounts smacks too much of a surveillance state and would be unacceptable in a democratic society.
As a result, for both those reasons, lots of governments, including the U.K., have shied away from looking at this and attempted to do it in a tactical, well-meaning but arguably ineffective way in the Cabinet Officee or somewhere like that, where they are trying to get a small group of people to have a look at this information flow.
To me, the answer has to be a better use of the private sector. Most of this open-source material is being generated by the private sector. Look at Ukraine and the low-orbit satellite imagery that is being generated; it’s absolutely phenomenal, better in many cases than the military equivalent and available in theory to everybody. [The same applies to] the monitoring of social media trends. So I think the answer has to be government agencies using [private sector-generated data and analytics] better.
There are still lots of datasets that are secret, of course, and there are statutory-based accesses to data, which other people don’t have outside government. Focusing on that and what is genuinely secret and hidden is a much better use of agency time.
The real advantage comes from washing the secret and the open-source data together. In other words, you are, as a secret agency, doing your secret thing but you’re also washing that against the results of open source, and that’s where you get something particularly valuable and that’s where you ought to be able to spot some of the things we failed to spot: for example, Russian intervention in elections. But if I am honest, I do not know how much progress Western governments have made on this. The U.S. probably comes the closest because they have invested in it, but I think most governments have just danced around it, partly for resource reasons, but also because it is politically and ethically a very difficult area.
The answer is probably to use the private sector mechanisms that are there already and that are quite open; there are NGOs like Bellingcat that are already doing some extraordinary work in the public domain. They are not the only ones; there are plenty of academic NGOs and journalistic organizations who are doing really interesting work here and it is every bit as good as what governments do. So I do not think we need some huge new bureaucracy in government to look at open-source material; rather, we should synthesize what is already out there and use it intelligently with the secret insights that agencies generate to deliver some more effective results.
CTC: Another key part of this, which brings in the private sector, is encryption, and you regularly hear from politicians and serving security officials that end-to-end encryption is a danger that protects, among others, terrorists. What is your sense of the counterterrorism concerns around this?
Hannigan: The GCHQ view on this has always been slightly unusual because GCHQ is an agency that delivers strong encryption and, indeed, in the 1970s was involved in inventing some of the strongest encryption that is currently in use. So we think encryption is a good thing. It protects everybody—protects governments and protects business. I have always resisted the temptation to say encryption is bad somehow, and law enforcement and government should be given the key to everything, partly because I do not think that would be healthy and partly because it’s not practical. You cannot uninvent end-to-end encryption. It is a mathematical invention; it’s not something you can suddenly say is not going to be there.
What you have to do is keep it in proportion. Yes, it is misused by criminals and terrorists, but it is predominantly used by honest citizens and businesses who are protecting themselves, so we shouldn’t let the security tail wag the dog. As always, criminals and terrorists will use good technology for bad purposes. There are some ways around this. One is to work with the companies, as they themselves have offered to different degrees to do things that are short of decryption because, of course, they cannot decrypt it themselves if it’s genuinely end-to-end, but there are things they can do to help with the data around it. It is probably not helpful to go into the details here, but they themselves have said it is not all about the content.
Better relations between the companies and governments help. And there are some macro proposals that have been put out there but so far they have not found favor with the privacy lobby in the United States. And whatever you do, you will always have criminals who will use something else, move away from the big platforms and use something different, so you might just end up pushing the problem elsewhere. You already see a bit of that now, with, for example, a lot now coalescing around Telegram and away from some of the traditional Western platforms.
The short answer is that there is not an easy answer. And efforts should be focused on particular targets rather than trying to do anything at scale. I know some law enforcement people still hanker after large-scale solutions, but there is, frankly, no way that companies are going to give any kind of blanket access to law enforcement or governments in the future. And I cannot see any legislation that would actually compel them to do it. Of course, there are some countries that ban end-to-end services, for this reason. But I cannot see democracies agreeing to that, and I think it would be disproportionate. The task for the agencies in cooperation with the companies is to go after specific targets and help each other do that, where there’s general agreement that these are legitimate targets.
CTC: In July, FBI Director Chris Wray and MI5 Director Ken McCallum did a series of events in London in which, among other things, they identified the lone-actor threat as the heart of the terrorist threat both faced.4 Would you agree with this assessment, and how do you characterize the journey of how we got here?
Hannigan: They are much more current than I am on this, but it has been a trend for a while. In fact, it was ISIS and [Abu Bakr] al-Baghdadi himself that promoted the lone-wolf idea and propagandized it through their various channels, so it’s not unexpected. It was a perfectly logical response to better intelligence and law enforcement disruption because it’s extremely difficult to spot, disrupt, and prevent genuine lone actors. The thinking of the al-Baghdadi model was ‘we don’t need to control this. We do not even need necessarily to know who you are; if you go out and do something for ISIS, then you are part of the struggle.’ That’s quite a new departure for terrorist groups. They have always tended to be control freaks: The study of terrorist bureaucracy and leadership is instructive. By contrast, ISIS was crowdsourcing in quite an innovative way. The demise of the ‘caliphate’ made the lone wolf approach even more compelling for ISIS.
I would not write off organized terrorism in the future; I think there’s plenty of evidence that it has not gone away, but lone-actor terrorism does seem to be the trend at the moment and the thing that is hardest for agencies to spot. All I would say is, if you look at the lone wolves who have been successful or mounted successful attacks in a number of countries, they are very rarely completely ‘lone’ or completely unknown to their government agencies. And so it comes back to the age-old problem of prioritization. Most of them appear amongst the ranks of the many thousands of people of interest to police and law enforcement and intelligence agencies, and probably the task is to use data better to prioritize better.
Some of the criticisms around, for example, the London Bridge attacksf were about failures to do that and failures to use data better to understand where the priorities are and where the tipping points are. But all of this is very easy to say and very difficult to do, and it is never going to be [got] completely right. It is a constant struggle for MI5 in particular, but for all agencies to prioritize out of the thousands of people who might be a worry, who are the ones that you need to focus on now, and deploy your very, very limited surveillance resources on, because we all know how much it costs and how difficult it is to do.
But the reality is that even lone wolves usually display behavior and patterns of life [notwithstanding encrypted communications and the end-to-end problem] that says something about them; they are in touch with other people, even if they’re not involved in joint attack planning. The challenge has to be to use data to try to work out when they have reached a tipping point. You will never be successful 100 percent of the time, but it’s about trying to raise the percentage of success.
CTC: Not only does the West currently face the challenge of Russian aggression in Ukraine, but Directors Wray and McCallum identified China as the biggest long-term national security threat.5 Given the shift in resources on both sides of the Atlantic to great power competition, is there a danger of counterterrorism being underfunded? Where do you see the intersections between great power competition and counterterrorism?
Hannigan: It is a perennial problem of governments that you veer from one crisis to another, and [then] something has to be deprioritized. We have seen what happened after we deprioritized Russia after the Cold War. The ambition should be to try to reduce investment in particular areas without giving up your core capability and eroding the skills and knowledge that you have had on that subject. This applies to counterterrorism, too, because the threat hasn’t gone away.
It is clearly right to focus on China and Russia. When I started at GCHQ, I said I thought the two big challenges for the next 50 years in the West were managing a declining Russia and a rising China. We are seeing the declining Russia problem in the lashing out, and the nationalism, and the economic failure to reform, and the kleptocracy that has emerged as a result. We are experiencing that in Ukraine, and it’s a big challenge to confront and contain it, but I think it is a much easier challenge than a rising China, which is a complex mixture of opportunity and challenge. But there is a lot of threat there as well, as Wray and McCallum rightly said. So we should be focusing on that, and it is the right top priority, but that doesn’t mean we can neglect CT. There will have to be a difficult discussion about to balance resources. Quite a lot of the great power strategy is outside the remit of agencies. A lot of it is about industrial policy, investment decisions, and regulation. Regulating Chinese tech and Chinese tech ambition is not core intelligence work, so it doesn’t all fall on the agencies.
On the question of crossover, that is a potential worry because states obviously have used all sorts of proxies in the past. In the cyber world, they use criminal groups. And they have also used terrorist groups as proxies. It is not hard to imagine that in the future, they will do the same again to put pressure on Western countries either by using terrorist groups in whichever part of the world the conflict might be taking place, or even to target us at home. I do not know that we’re seeing a sudden upsurge in that yet, but it is certainly a concern for the future, and the more desperate a country like Russia gets, the more likely it is to be happy to foment that.
CTC: You led the creation of the United Kingdom’s National Cyber Security Centre (NCSC), oversaw the country’s pioneering Active Cyber Defense Program, and helped create the United Kingdom’s first cyber security strategy.6 When it comes to cyber, much of the concern has focused on state actors such as China as well as criminal groups and the threat to critical infrastructure. How would you characterize the cyber threat posed by terror groups, including jihadi terror groups? Have we yet seen a cyber terror attack?
Hannigan: There have always been great scare stories about this, partly because the media loves the idea of cyber terrorism and terrorists being able to take down an entire infrastructure or electricity grid or something. Whether we have seen it or not depends on how you define it. You could say Hezbollah [cyber] attacks against Israel are cyber terrorist attacks.g You could say that Iranian attacks on water treatment plants in Israelh are a potential attack by a nation-state designed to instill terror.
So, it is certainly not unimaginable, but cyber is not necessarily the best weapon for terrorists to use. Firstly, it does require quite a degree of long-term commitment and knowledge. And terrorists in the past have been rather traditional in wanting spectaculars of one sort or another, so their mindset may not be geared towards it. This may change with the new generation. We certainly saw that with [their ability to exploit] social media, so there is a logic to saying, ‘Well, they might get good at this in the future.’ It has also got much cheaper and easier to do because [the technology] is something you can now buy as a service or commodity and use it. So, the trajectory suggests that it ought to be easier to do cyber terrorism in the future.
The other point, though, is that while you can disrupt things and you can make people’s lives difficult [through cyber-attacks], it is quite difficult to do destructive activity that is really long lasting. Having said that, I did notice that one of the American consultancies on tech that issues reports every so often, and is usually quite a cautious organization, projected that by 2025 operational technology would be weaponized to cause death.7 They were certainly thinking of nation-states rather than terrorists, but the fact that they were saying this is interesting.
These kinds of destructive cyber effects will be accidental for the most part. The first cyber homicide that I can think of is the case in Germany two years ago where a woman was being transferred to a hospital that had been paralyzed by ransomware and so she was diverted to another hospital and died on the way. German police decided to treat this as cyber homicide.8 Those sorts of things—ransomware out of control—might well cause people’s deaths, either through interfering with operational technology that is running power, water, or healthcare, or just by accident. But all of that is more likely than a planned cyber-terrorist event. But it is not unimaginable, and it is not unimaginable for the nation-state to find it convenient to false flag something [it has perpetrated against an adversary], to mask a cyber attack as a terrorist attack. We have, of course, seen the Russians doing that in their [2015] attack on [the French television station] TV5,i which they flagged as a terrorist attack.9 So cyber terrorism is not unimaginable but probably not top of the list of worries at the moment.
CTC: In the September 2021 issue of CTC Sentinel, former acting CIA Director Michael Morell assessed that following the Taliban takeover of Afghanistan, “the reconstruction of al-Qa`ida’s homeland attack capability will happen quickly, in less than a year, if the U.S. does not collect the intelligence and take the military action to prevent it.”10 It’s been a year since the Taliban assumed power. How do you assess the international terror threat from jihadi groups operating on its soil?
Hannigan: My biggest concerns are, do we know what the threat is and how would we know if it is growing? We have lost most of our insight into what’s going on in Afghanistan, for all the obvious reasons, and the biggest worry is we simply won’t see a problem—from ISIS in particular but also al-Qa`ida—until it’s well formed and mature. Now, I may be wrong; maybe we have great insight. But I have not seen it, and I doubt it is actually there. The successful U.S. attack on al-Zawahiri this summer seems to me to be about a determined long-term manhunt: It does not imply great understanding of Afghanistan in general. In addition, there are so many other things going on in the world that even if we had some insight, I doubt it’s top of the list for most governments. So I think it is a real concern from an intelligence point of view as to who actually knows what the CT threat emerging or growing in Afghanistan is, and how much of it might be projected outwards. Most of it is currently focused internally, but these things have a tendency to get externally directed over time.
CTC: According to the 2021 U.K. government integrated review, “It is likely that a terrorist group will launch a successful CBRN attack by 2030.”11 In the wake of the COVID-19 pandemic, what is your assessment of the CBRN terror threat?
Hannigan: It is a bigger worry to me than cyber terrorism by a long way. Partly because organizations have seen the chaos you can cause through CBRN, and whether it’s pandemics, chemical weapons in Syria, or the near disasters in Ukraine through radiological mismanagement during the war, there must be people thinking, ‘Well, if I want to cause an enormous amount of suffering and disable a country, this is a better route to go.’ A key problem is that the global instability tends to make the control of the substances more difficult. We have been pretty effective [in past decades] in having organizations like the OPCW [Organisation for the Prohibition of Chemical Weapons] that could control and monitor the materials you need to conduct such an attack. However, in a world of chaotic great power relationships, that gets much harder, and so the opportunity to get hold of this material, or to manufacture it, becomes easier. Afghanistan is one of those places where we have seen in the past, and could certainly see in the future, terrorist programs to this end. It is certainly a bigger worry to me than cyber terrorism.
CTC: Given the strong nexus to far-right extremism of Russian paramilitary groups involved in the fighting in Ukraine and given the history of such ties also on the Ukrainian side,12 do you see any terrorist or foreign fighter threat emanating from the war in Ukraine?
Hannigan: One of the lessons we should learn from ISIS is relevant to this discussion. One of the reasons the lone wolves or more often the small groups who were effective in launching attacks—for example, in [Paris in November] 2015—were so effective was that they were battle-hardened and they knew what to do. They knew how to withstand firefights. They were not just ideologically hardened; they actually had battlefield experience. You have to assume that the same could be true of other kinds of extremists returning from any conflict. We have seen similar things emerging from Chechnya in the past as well. It seems plausible that the many current theaters of conflict may produce battle-hardened and radicalized individuals.
CTC: What is your assessment of the current security outlook in Northern Ireland?
Hannigan: We obviously underestimated, in around 2007, the resilience of dissident Republicanism, and I think that was partly because nobody foresaw the economic downturn. People assumed that there would be a great tidal wave of economic benefits and a peace dividend for lots of communities that did not materialize. But you cannot just pin it all on economics. There is a cyclical side to Republican violence in Irish history that is unlikely to ever go completely away, but the problem now is that the politics can get destabilized relatively quickly. I do not foresee a sudden return to violence, but I think the more the politics frays, the more instability there is, and the more you tinker with what was a political settlement that everybody could just about buy into, the more you run the risk of the fringes becoming violent again. And all of this might start successfully radicalizing young people. It was never a particular concern that the older generation of dissidents were still there—diehards who never signed up to the peace process and were never going to change their minds—but what was concerning was young people being recruited in their teens and 20s into dissident activity. That’s much more worrying. It is the key thing you have to guard against for the future. And clearly, the best way to do that is through political stability and political progress.
CTC: What were you most proud of in your work in counterterrorism? From a CT perspective, what worries you most today?
Hannigan: I am very proud of what GCHQ did in preventing attacks in the U.K., with MI5 and others. Most of those are not seen because they are prevented, but that was great work that I do not take any personal credit for, but was done exceptionally well. Personally, the thing I found most rewarding in counterterrorism was in Northern Ireland because this was a domestic threat where pretty much all the levers were in the U.K.’s hands—security and intelligence, economic and political. It was probably the last time that the U.K.’s top national security threat, as it was then, was a domestic one. It taught me a lot about terrorism, not least through talking to members of the Provisional IRA and other organizations, which gave me a greater understanding of how terrorist organizations think and work, and how individuals are motivated. In the end, it was, over a 30- to 40-year period, a successful process. There were, of course, mistakes, but it was a good marriage of security policy and political process, that addressed the underlying causes of the Troubles and, partly through good CT work, created space for politics to work.
I do not think Islamist extremism has gone away and the rise of the extreme-right is clearly a concern, but terrorism will continue to bubble up in all sorts of areas that may not yet have been predicted: where people feel either disenfranchised or disadvantaged, or feel that their identity is threatened. In a chaotic international environment, where outrage can be generated and manipulated on a larger scale than ever before, not least through technology, there will be more of this, and it will be more unpredictable. Right-wing extremism is just the latest [threat to gain prominence], but in reality, it has been around a long time. I suspect there may be all sorts of new causes, and people may resort to violence more quickly than they did in the past. CTC
Substantive Notes [a] The Five Eyes (FVEY) is an intelligence alliance of Australia, Canada, New Zealand, the United Kingdom, and the United States.
[b] Editor’s Note: In a November 2013 hearing before the UK Parliament’s Intelligence and Security Committee (that provides oversight of the UK’s intelligence agencies), Sir Iain Lobban revealed “we have actually seen chat around specific terrorist groups, including close to home, discussing how to avoid what they now perceive to be vulnerable communications methods or how to select communications which they now perceive not to be exploitable.” “Uncorrected Transcript of Evidence Given By, Sir Iain Lobban, Mr Andrew Parker, Sir John Sawers,” November 7, 2013.
[d] Editor’s Note: In October 2015, the Open Source Center (OSC) was “redesignated the Open Source Enterprise and incorporated in CIA’s new Directorate of Digital Innovation. The Open Source Center, established in 2005, was tasked to collect and analyze open source information of intelligence value across all media – – print, broadcast and online. The OSC was the successor to the Foreign Broadcast Information Service (FBIS), which gathered and translated world news coverage and other open source information for half a century.” Steven Aftergood, “Open Source Center (OSC) Becomes Open Source Enterprise (OSE),” Federation of American Scientists Blog, October 28, 2015.
[e] Editor’s Note: The Cabinet Office is a central U.K. government function that supports the Prime Minister and his Cabinet, drawing on input from across government to help deliver on policy goals.
[f] Editor’s Note: On June 3, 2017, three terrorists launched a knife and van ramming attack on London Bridge and in the nearby area of Borough Market, murdering eight before dying themselves. On November 29, 2019, Usman Khan, a formerly incarcerated terrorist attacked and murdered two people at an event at Fishmonger’s Hall, before being shot by police on the nearby London Bridge. In both attacks, subsequent investigations revealed that authorities were aware of the individuals and may have failed to prioritize the level of threat that they posed. For more on the 2017 attack, see the inquest page at https://londonbridgeinquests.independent.gov.uk/ and the 2019 attacks, its own inquest page at https://fishmongershallinquests.independent.gov.uk/
[i] Editor’s Note: In April 2015, TV5 Monde was taken off air in an attack carried out by a group of Russian hackers. It was reported that they “used highly targeted malicious software to destroy the TV network’s systems.” An Islamic State-linked group going by the name the Cyber Caliphate had first claimed responsibility. Gordon Corera, “How France’s TV5 was almost destroyed by ‘Russian hackers,’” BBC, October 10, 2016.
A short piece for the Financial Times looking forwards on how terrorism might evolve and melt into the wider greater great power conflict that currently consumes international affairs.
Some countries such as Iran persist in using armed proxies to advance their goals
Veteran al-Qaeda leader Ayman al-Zawahiri was killed by a drone strike on a safe house in Kabul
The writer is senior fellow at the S Rajaratnam School of International Studies
Terrorism is the past and the future is great power conflict. In a moment of nearly perfect public narrative, the death of al-Qaeda leader Ayman al-Zawahiri was almost entirely overshadowed by the visit of US House Speaker Nancy Pelosi to Taiwan. Yet the risk is that we miss how the two problems can become entangled and make each one worse.
As national security agencies turn their focus to states, they will inevitably deprioritise terrorist threats. Yet the shift is unlikely to be as tidy as this suggests. Even more worrying than the risk of paying less attention to terrorist groups is the potential for the two threats to interact with each other. In a worst-case scenario, great power conflict might make global terrorism worse.
The use by states of terrorist groups as proxies is not new. Iran has a long history in this regard. Hizbollah in Lebanon is the largest of numerous proxies that Iran has used to attack its adversaries. In recent years, Tehran has become more overt about using terrorist tactics directly itself.
In July 2018, an Iranian diplomat was arrested in Germany alongside a pair of Iranians in Belgium for planning to bomb a high-profile dissident rally in Paris. Rudy Giuliani, Donald Trump’s former lawyer, and several British MPs were due to attend the event. This month, the US Department of Justice charged a member of Iran’s elite Revolutionary Guards with directing agents in the US to murder John Bolton, Trump’s national security adviser.
Tehran may be the most blatant about it, but it is not the only power to use such groups or engage in such plots. Moscow’s hand can be seen behind some extreme-right terrorist networks in
Europe. India detects Chinese intelligence playing in the shadows of some of its domestic conflicts. India and Pakistan have honed the art of manipulating such groups against each other, and sufunderlying fered the blowback as a result. Furthermore, all these powers see supposedly all-powerful western intelligence agencies lurking behind various networks and plots that they perceive as threats.
The second risk comes from how the war on terrorism has been pursued around the world. As the west grows frustrated with longstanding counterterrorism campaigns in distant places, resources have been pulled back or withheld. Clearly, some capability is retained, but in certain places a vacuum has emerged and Russia has frequently filled it. Private security group Wagner has stepped in to bolster local authorities and launch offensives in the name of counter-terrorism. It is questionable how much this helps. It often appears as though these campaigns exacerbate the anger that creates the terrorist groups in the first place.
Mali is the most obvious example, with the situation escalating to the point that the country’s government is now accusing France – a previous leader in providing counter-terrorism support – of working with jihadis. At the same time, Wagner is celebrated in the streets of Bamako, the capital. But Wagner forces have also been deployed in the Central African Republic, Libya and Mozambique, all places suffering from terrorism that the west has failed to address or is not focusing on.
According to one view, it is a relief to have someone else deal with such problems. But the risk is that they are only making the situation worse, or that they may try to manipulate groups on the ground to their own ends, with little regard for any backlash that might strike the west. Or, this could be their intention.
The other side to this shift in attention is that taking pressure off terrorist groups may end up with no one focusing on them. We do not really know whether the reason we are now seeing a lowered terrorist threat is because the threat has gone down or because of the pressure that was on it.
The exact nature of how threat and response play off against each other is poorly understood. But just because we have stopped worrying about a problem does not mean it no longer exists. It is hard to say with confidence that any of the underlying issues that spawned the international terrorist threat have been resolved. Some analysts think they have grown worse.
Twenty years of conflict have changed the international terrorist threat that we face. But it has not gone away, and in a nightmarish twist it may start to fuse with the great power conflict we find ourselves locked into. The world has a habit of throwing multiple problems at us. In a growing world of threat, disinformation, proxies and opacity, terrorist groups offer a perfect tool. The west may one day rue the fact that it no longer has the relative clarity of the early years of the war on terror.
Been a bit slow in posting of late, lots going on. New book, radio documentary replaying, and lots of projects am late on as well as new ones starting up. That on top of life has been keeping me occupied. But need to catch up here and plan for the next wave. First up, a new journal piece for Current History, the oldest current affairs journal which have written a few times before though mostly focused on China and connectivity in Central and South Asia.
“Perpetrators no longer seemed to have a coherent motivation based on only one ideology (or any external direction), but often created highly idiosyncratic ideologies that pulled in ideas from a wide range of sources.”
Two decades on from September 11, 2001, the terrorist threat in Europe has been almost entirely transformed. Far from mass casualty spectaculars like the public transportation attacks in Madrid in 2004 and London in 2005, the greater danger now is isolated individuals murdering politicians or stabbing random people in public places. Yet the dwindling scale of terrorism has only made plots harder to detect.
This was pointed out in the latest annual threat assessment by Europol (the European police coordinating agency), which noted that “more jihadist terrorist attacks were completed than thwarted” during 2020, the last year of reporting. Though less directly lethal, these low-scale attacks pick at social divisions in a way that can be even more dangerous than the large-scale, spectacular attacks directed by al-Qaeda or Islamic State (ISIS).
Europe has always seemed to be a secondary battlefield in the war on terrorism. But whereas the United States appears to have insulated itself from the threat at this point, Europe continues to confront a scenario that is noticeably more complicated and chronic. Terrorism’s evolving presence still poses a deep threat to European society.
POST-9/11 SPECTERS
In the immediate aftermath of the 2001 attacks on America, Europe became a key battlefield in the “Global War on Terrorism.” Revelations that a substantial part of the logistics, planning, and even recruitment for the al-Qaeda attacks had happened in Europe awakened the continent to a threat that it had inadvertently hosted. But only a few months later, Paris became a springboard for a follow-up attack on the United States. On December 22, as the world was just starting to return to normal, a radicalized young Briton, Richard Reid, unsuccessfully tried to bring down a transatlantic flight to Miami with a bomb concealed in the heel of his shoe. Reid was part of a two-man teamof Britons who had been sent by the al-Qaeda leader responsible for 9/11, Khalid Sheikh Mohammed. His co-conspirator, Saajid Badat, had backed out at the last minute.
From a European perspective, these two failed attackers were in many ways even more terrifying than the 9/11 group, for which the blame could be laid on foreign shores. The notorious Hamburg cell that produced key 9/11 hijackers Mohammed Atta and Ziad Jarrah was, for the most part, made up of foreigners like them who were in Europe studying or seeking employment. Similarly, Europe was simply a backdrop for the planning meetings that took place in Spain, or the network in the United Kingdom that facilitated the dispatch of a pair of suicide bombers to Afghanistan to carry out the assassination of leading Taliban adversary Ahmed Shah Masood. In all these elements of the attack plan, Europe served as a convenient staging point for the conspirators, who drew on the continent’s Middle Eastern population.
These communities were the product of trends that had been playing out for some time. As authoritarian Arab countries cracked down on dissidents, many fled to Europe’s more liberal and protective environment, from where they could agitate for change back home. This diaspora was a constant source of tension between Arab and European governments. Arab authorities lobbied their European counterparts to crack down; Europeans pushed back, claiming that these dissidents were simply calling for legitimate political rights, in ways that were legally protected in Europe. The dissidents were often harbored in the former colonial powers that had once ruled their home countries, giving a historical resonance to the clash.
Almost caught up with myself now, this time with a short piece for the Times Red Box which sought to highlight the rather ill-advised comments by the UK Foreign Secretary which seemed to actively encourage people to go and join the fighting in Ukraine. Considering what we have learned about foreign fighting, the legislation that has been passed and the people who have been prosecuted for doing it (not also forgetting the optics of a minister calling for vigilantism), it seemed particularly unfortunate comment to make, and in fact a number of other senior figures have now come out pushing back on the comment. Unfortunately, I keep seeing it being referred to by people who say they want to go and fight so the damage is likely done.
Two foreign fighters from the UK asked to be identified as “Scouser” and “Jacks” pose for a picture as they are ready to depart towards the front line in the east of Ukraine following the Russian invasion, at the main train station in Lviv, Ukraine, March 5, 2022. REUTERS/Kai Pfaffenbach
The foreign secretary’s seeming encouragement for Britons to go and fight alongside the Ukrainian armed forces is a comprehensible impulse given current tensions, but is the wrong message for a government minister to be sending. The commentary creates potential legal problems, risks fostering divisions at home, fans the flames of emotion when calm is needed and is unlikely to materially help the conflict on the ground.
This is not the first time a foreign conflict has generated an emotional call to arms. Famous foreign fighters from the past include authors like George Orwell or Lord Byron.
There were the famous international brigades mobilised to fight the Franco regime in Spain in the pre-war period. There were the international Mujahideen who went to eject the Soviets from Afghanistan. During the civil wars that followed the disintegration of Yugoslavia in the 1990s, people mobilised from around the world to help the various governments that emerged.
More recently, however, we associate the phenomenon with those who went to fight in Syria, both alongside and against Islamic State, with the al-Qaeda-linked Nusra Front, as well as other factions who were fighting against the cruel Assad regime.
The impulse for most of those who go to fight in these campaigns is the same. A sense of injustice being committed and the world watching as nothing is being done. There are some who are simply drawn to the excitement and violence of conflict, seeking the thrill of fighting and killing. But most are drawn by romantic narratives imagining themselves as latter-day Che Guevaras.
Yet in the UK, the government has chosen to prosecute some of those who have gone to fight alongside these groups. A number of people have been jailed for having fought alongside Isis, other jihadist groups in Syria and even some who joined the Kurdish forces fighting Isis (whom the government was actively supporting).
The act of going to fight itself was not illegal but the decision to join a proscribed terrorist organisation was.
This may feel different to the context in Ukraine, but there are some worrying precedents there as well. An unknown number of British nationals have in fact already been to fight in Ukraine (and may still be). Ever since the 2014 annexation of Crimea and war in the Donbas, Ukraine has been a hotspot for radicalised westerners, mostly of an extreme right-wing inclination, seeking to join a battlefield.
In Italy, people have gone to fight on both sides. Some alongside the Russian-backed separatists and others alongside the Ukrainian side. An investigation into one of these networks in 2019 uncovered a cell in northern Italy who had accumulated a vast cache of weapons including an air-to-air missile.
In the UK, Britons linked to the proscribed terrorist group National Action are believed to have gone, while a number of North Americans linked to far-right groups have tried to join the fighting in the Donbas but were turned back by Ukrainian authorities.
Nowadays it is doubtful they would be rejected, but the issues raised by their travel remain. Battle-hardened extreme right-wing group members are clearly worrying people to have running around.
And the bigger narrative issues this raises need consideration. While there is no doubt that going to join Isis is different to going to fight in Ukraine (Isis has openly spoken of attacking the UK), there are some similarities in the motivations that drive individuals.
The danger becomes that a racial analysis is used to distinguish the two. Government is seen as being eager to prosecute people who go to fight Muslim conflicts, but when it comes to European wars, they encourage it. This is hardly going to soothe tensions between communities.
We are in the midst of a major security crisis in Europe whose peak has not yet come. This is exactly the moment emotions need to be calmed rather than inflamed. And it is exactly not the moment to start encouraging activity which until now has been prosecuted and which in other contexts we would never dream of countenancing.
Raffaello Pantucci is senior associate fellow at the Royal United Services Institute
A different kind of post this time, to highlight a radio series that I worked on for BBC Radio 4 with excellent and patient producer Richard Fenton-Smith. We worked for some time on the series, with much of it remotely which was an interesting experience. Spoke to lots of interesting people as part of it, including practitioners, experts, offenders and family members. The idea was to try to dig into the question of how mental health intersects with the terrorist threat and to explore what is being done to try to mitigate threat. We ended up spending a lot of time looking into autism spectrum disorders in the end, and it feels like there might be more on this topic out there in the future. It is a complicated edge of the current threat picture which touches on a number of bigger issues. Many thanks to all of those who spoke to us as part of it, including the various family members of offenders who were willing to tell their stories. Anyway, the first of two big projects to land this year, and doubtless more on this particular topic to come. Download, listen and enjoy!
The Mental Health Frontline: which looks in particular at the Vulnerability Hubs which have been developed to try to work alongside the UK’s Prevent counter-terrorism policy to steer people away and address mental health issues amongst some of those flagged to Prevent.
Talking to Terrorists: which tries to look at the history of the question of mental health and terrorism, trying to unpick the research which underpins thinking into how the two issues intersect.
Getting the Balance Right: which focuses on what is actually being done at the prosecutorial end, and spends a lot of time looking at questions around autism spectrum disorders in particular which appear to be a major part of the caseload that authorities (in the UK at least) find themselves dealing with.
Catch up posting which appears a bit incongruous with current events, with a title which was certainly not one I suggested, though in the interests of consistency I have kept it as the title of this post. In any case, a piece commissioned by the Telegraph in the wake of the death of the ISIS leader.
There is a danger that in the wake of a leader’s removal, different groups will compete to show they are the most worthy heirs to the crown
The death of Isis leader Abu Ibrahim al-Qurashi is unlikely to be the end of the group. Terrorist group decapitation can sometimes generate a new series of problems as groups fragment, face internal competition and feel the need to prove themselves with even more dramatic attacks. Which raises the long-standing question about the actual value of eliminating terrorist leaders.
Historically, there are very few groups that can be found where the removal of a leader led to the group’s disintegration. The one analysts most frequently point to is the Shining Path in Peru which largely shrank away after its leader was jailed. But it is exceptional with most other cases groups continuing on with someone new in charge.
This is not to say that leaders are not significant. In rising to the top they will establish a web of contacts and plans which will potentially fall apart with their removal. Funding contacts, plans in train, and grand visions will be sharply stopped, and will require picking up by whoever comes next.
But there is an interesting theory which suggests that in fact a more effective way of managing a terrorist leader is to find a way of cutting him off from his organisation. By making it hard for him (or her) to lead will potentially leave the group stymied and blocked. There is some evidence that the protective measures put between Osama bin Laden and al Qaeda actually may have led to group stasis.
Hidden in his compound in Abbotabad, only able to get messages in and out through a complicated courier system, meant it was very difficult to get rapid decisions passed down. This in turn made it hard to direct a global organisation like al Qaeda but also meant that the organisation had to wait for the leader to answer when they made inquiries to him. And Osama was a hesitant leader who it appears was often blocking plans his fighters were eager to advance. Yet, the method of communications meant it was difficult to debate and discuss.
None of this of course eradicated the group, but it made it much harder to function. And likely played a role in its decline in the late 2010s. The leader who replaced him Ayman al Zawahiri seems equally aloof, but has the additional problem of suffering from a notable lack of charisma, creating a lethal combination for al Qaeda.
A danger in removing leaders is they become martyrs to their cause. But it also potentially creates an internal dynamic within the organisation as various factions vie for the top job. Given terrorist organisations ways of showing off is by launching large scale attacks, this presents a danger that in the wake of a leader’s removal, different groups will push themselves forwards with great violence to show they are the most worthy heirs to the crown.
It is not clear how internally fragmented Isis in Syria and Iraq is these days. The organisation has in recent days launched some notable large-scale incidents, including a mass prison break. While it is hard to link this uptick in activity with the death of the group’s leader, it does suggest a dynamism within the group which is quite menacing.
What is unlikely is that any upward trajectory is going to be stopped with Abu Ibrahim al-Qurashi’s death. Rather, it may be accelerated in an attempt to avenge him, or as different groups seek to push themselves forwards at a moment of flux. Isis in Syria and Iraq will undoubtedly come out of this stronger than it was before.
Catching up on posting from late last month on a longstanding topic of interest for Foreign Policy, China’s threat from international terrorist groups. Afghanistan has I think changed things a bit, and it will be interesting to see in many different ways how this develops going forwards.
International terrorist organizations long considered Beijing a secondary focus. That’s changed.
A silhouette of a demonstrator is seen behind a Chinese flag outside the Chancellery in Berlin on May 31, 2019, as German Chancellor Angela Merkel and Chinese Vice President Wang Qishan are holding talks. (Photo by Odd ANDERSEN / AFP) / ALTERNATIVE CROP (Photo by ODD ANDERSEN/AFP via Getty Images)
In early October, an Islamic State-Khorasan bomber killed nearly 50 people at a mosque in Kunduz, Afghanistan. That the militant group claimed responsibility for the attack wasn’t surprising, but, in a worrying new twist for Beijing, it also decided to link the massacre to China: The group said that the bomber was Uyghur and that the attack was aimed at punishing the Taliban for their close cooperation with China despite its actions against Uyghurs in Xinjiang.
China was long seen as a secondary target by international terrorist organizations. Groups like al Qaeda and the Islamic State were so focused on targeting the United States, the West more generally, or their local adversaries that they rarely raised their weapons toward China, even though they may have wanted to due to, for example, China’s mistreatment of Uyghur Muslims. But in Kunduz, this narrative was brought brutally to a close. China can now consider itself a clear target.
China’s history with violent Islamist groups is complicated. For a long time, Beijing’s ability to project a status as a “developing world” power meant it could hide to some degree behind a veneer of not being a “first world” former colonial power that antagonized the world’s downtrodden. Before 9/11, al Qaeda theorists went so far as to speak of Beijing as a possible partner. According to their logic, China was against the United States, al Qaeda’s sworn enemy, and therefore the old “my enemy’s enemy is my friend” trope might apply.
There’s very little evidence that happened. The tolerance China appeared to show in the late 1990s toward al Qaeda figures who occasionally used Chinese territory for transit and support operations was more likely due to ignorance than to plotting. By 2004, this dynamic had changed, and Chinese intelligence was willing to work with Western services to hand over suspected terrorists who passed through China’s airports.
During the first Taliban-led government in the 1990s, Chinese officials were hesitant but willing interlocutors with Mullah Mohammad Omar’s regime. China was never a full-throated Taliban supporter but instead preferred to find ways of working with the group in the background. This mostly took the form of China providing limited investment and support that was encouraged by Pakistan, with the expectation that the Taliban would restrain the Uyghur groups that had established themselves in Afghanistan under Mullah Omar’s protection from attacking China. Beijing didn’t seem to be very concerned about what the Taliban’s larger goals were, as long as Afghanistan’s leaders acted on this key request. Still, there is little evidence that Beijing linked this domestic problem to a broader international terrorist threat.
With the U.S.-led invasion of Afghanistan, and later Iraq, the problem of international terrorism took off globally, with groups targeting an expanding range of countries. Yet China’s successful push to get some of its own domestic Uyghur groups added to the United Nations and U.S. roster of terrorist organizations did not bring the country much international jihadi attention. Meanwhile, in the years immediately after 9/11, China became wary of the Taliban. A Uyghur group reportedly fought alongside the Taliban for years, as a video by al Qaeda leader Ayman al-Zawahiri highlighted in 2016 and as U.S. intelligence information from Guantánamo Bay indicated earlier.
As the 2010s went on, more Chinese citizens started to be harmed in terrorist incidents around the globe, but, for the most part, these seemed incidental—a case of being at the wrong place at the wrong time. Al Qaeda and then Islamic State leaders released some statements that threatened Beijing for its treatment of Uyghurs—and indeed Muslims more generally—but for the most part, they were limited and didn’t lead to any major push to target China.
Now, it’s undeniable that China is being targeted, especially as its footprint in Afghanistan grows. Beijing has long skirted around formal engagement in Afghanistan, and while it continues to do this to some degree, it has also been the most willing of the major powers in the region to engage with the Taliban directly. The Islamic State-Khorasan clearly sees the Taliban bowing to Beijing as a weak point to capitalize on, and the group’s message is clear: It is offering itself as a home to Uyghurs who are unhappy with the Taliban regime, as well as others in Afghanistan appalled at China’s treatment of Muslim minorities.
The new Taliban government has publicly stated its desire to work with the Chinese government—something Beijing has made clear is conditional on action against Uyghur militants. Taliban leaders are especially keen to attract Chinese investment and economic partnerships. In late October, Chinese Foreign Minister Wang Yi met with the group’s leaders in Doha, Qatar. Taliban Foreign Minister-designate Amir Khan Muttaqi presented Wang with a box of Afghan pine nuts, reflecting one of the many goods Afghanistan is hoping to export to the Chinese market. Wang, meanwhile, focused on the need for stable government in Afghanistan and appealed to the Taliban once again to sever their links with Uyghur militants.
But the degree to which the Taliban are able—or want—to entirely sever this Uyghur connection is an open question. Over the past few months, the group has said that they would not let their territory be used by militants to launch attacks abroad and that Uyghur militants had left the country. Yet while rumors circulate of anti-Uyghur action behind the scenes—and of the Taliban moving Uyghurs within Afghanistan away from China’s borders—Beijing is not entirely convinced. After the meeting in Doha, the Chinese foreign ministry wrote that Wang had expressed that China “hopes and believes” that the Taliban “will make a clean break with the ETIM” (the “East Turkestan Islamic Movement,” the name China uses to describe militant Uyghur networks), suggesting that the group hasn’t yet fulfilled Beijing’s desires.
It is this dynamic that the Islamic State-Khorasan capitalized on when it used a suicide bomber in the Kunduz attack with the battlefield name Muhammad al-Uighuri. In the message released by the Islamic State’s media channels claiming the attack, the group linked the attacker directly to the Taliban and China’s cooperation, stating, “the attacker was one of the Uyghur Muslims the Taliban has promised to deport in response to demands from China and its [China’s] policy against Muslims there.”
The message has many layers. First, it is a signal to the Taliban highlighting their inability to protect minorities in the country they now purport to control. Second, it is a message to China, attacking Beijing for its policies in Xinjiang and linking those to the group’s interests. Third, it is a message to other Uyghurs who feel abandoned or threatened by the Taliban and may be seeking to join other groups that will advance their interests. Finally, it is a message to the world, showing that the Islamic State-Khorasan is a capable organization that’s continuing the Islamic State traditions on the battlefield and speaking up for oppressed Muslims. These messages will resonate with potential supporters around the world.
Publicly, China was circumspect in its response, which decried the loss of life. No official comment was made about the attacker’s identity, though a Chinese academic published an opinion piece in the state-owned Global Times accusing the Associated Press of fabricating the narrative of the attacker being Uyghur. He instead advanced Taliban narratives that Uyghurs who had been fighting with the Taliban in Afghanistan had left the country and praised the Taliban’s control and cooperation with China.
But Beijing likely knows that this is a dangerous development—especially in a region where it is facing greater threats. There have been new reports of a growing Chinese security presence in Tajikistan aimed at strengthening its ability to address potential threats from Afghanistan. A growing range of militant groups in Pakistan are targeting Chinese interests there, with attacks in Dasu and Karachi coming from local Baluchi and Sindhi separatists. China’s embassy in Bishkek, Kyrgyzstan, was struck in 2016, as was its consulate in Karachi in 2018, an attack that killed four people (and three attackers). Local protest movements, militant groups, and politiciansare all looking at China as an adversary. Until now, however, most of the attacks were conducted by local separatist movements. The addition of the Islamic State-Khorasan to the roster finally brings the country firmly into jihadis’ crosshairs.
The problem for China is that it is ill prepared to handle such threats. Its military may be large and well equipped, but it has little experience countering militant organizations and often relies on other countries to do so for it. Yet, as Beijing is increasingly discovering in Pakistan—one of its more reliable allies—this is difficult to guarantee. Taliban leadership may project great strength and hubris, but they will face the same difficulties as others in the region in quelling militant groups in their territory, and they may find it difficult to entirely protect China from determined terrorist organizations.
In a sense, Beijing is stuck. China is Afghanistan’s most powerful and influential neighbor, which partly explains the growing attention toward its role in the country. Beijing is increasingly seen as the Taliban’s great supporter on the international stage. In assuming this role, China runs the risk of being seen as filing the vacuum the United States left in Afghanistan—something Beijing is keen to avoid. The reality, however, is that it is already getting sucked in. The Islamic State-Khorasan’s attack in Kunduz merely highlighted how far down this path Beijing has already gone.
Raffaello Pantucci 