You Can’t Defeat Tomorrow’s Terrorists by Fighting Yesterday’s Enemy

Countries from Sri Lanka and Israel to the United States and Norway have failed to prevent attacks because their intelligence agencies were fixated on the last threat rather than the next one.

A Sri Lankan security officer stands guard at a roadside checkpoint in Minuwangoda on May 14.
A Sri Lankan security officer stands guard at a roadside checkpoint in Minuwangoda on May 14. LAKRUWAN WANNIARACHCHI/AFP/Getty Images

As the dust settles on the jihadi terrorist attacks in Sri Lanka that killed more than 250 people, mostly Christian worshippers, on Easter Sunday last month, one of the most painful details emerging is that, in contrast to most terrorist attacks, the government received clear and precise warnings well in advance. The New York Times reports that the chief of Sri Lanka’s intelligence warned the police chief that, “Sri Lanka based Zahran Hashmi of National Thowheeth Jama’ath and his associates are planning to carry out a suicide terrorist attack in Sri Lanka shortly.” Specific warnings were issued about attacks on churches as well as the names and addresses of those suspected in the attack. Law enforcement officials rarely get better intelligence than that.

We still don’t know why Sri Lankan security forces did not act on this detailed warning. Bureaucratic incompetence and political rivalries are possible explanations. Another, ironically, is that Sri Lanka did not act on this terrorism warning because it was too focused on other terrorism problems. 

Indeed, Sri Lanka has long focused on a terrorism problem—just not the one that emerged on Easter. For decades, the country’s minority Tamils, who are mostly Hindus, rebelled against the Sinhalese Buddhist-dominated government; over 100,000 people died in a civil war that did not end until 2009. The Tamils used terrorism extensively in the conflict and were early and avid users of suicide bombing, among other tactics. Buddhist nationalists remained aggressive and even sought to destroy ancient mosques. But Muslim-Christian violence seemed a minor issue at best. 

Sri Lanka’s experience is tragic, but it is hardly unique—and it cannot be dismissed because Sri Lanka is a developing country with divided politics and weak institutions. The same has happened in countless countries, many of them wealthy and with highly skilled intelligence services. 

In 1995, a Jewish terrorist assassinated Israeli Prime Minister Yitzhak Rabin, dealing a devastating blow to peace talks that lingers more than 20 years later. A subsequent investigation found that Israel’s domestic intelligence service had considerable evidence of a threat from Jewish right-wingers, but it focused instead on the long-standing danger of Palestinian terrorism. 

When Yitzhak Rabin was assassinated in 1995, Israel’s domestic intelligence service had considerable evidence of a threat from Jewish right-wingers, but it focused instead on the long-standing danger of Palestinian terrorism.

Six years later, in the United States, the 9/11 attacks, the worst terrorist attack on U.S. soil in history, also suffered from an aspect of this problem. Although the U.S. government, and the CIA in particular, provided strong warning on the al Qaeda threat in general, much (though not all) of the warning focused on the danger of al Qaeda attacks on U.S. targets overseas. This was with good reason—al Qaeda had repeatedly launched devastating attacks on U.S. targets such as in the 1998 suicide bombings of U.S. embassies in Kenya and Tanzania and the 2000 suicide boat attack on the USS Cole in the Yemeni port of Aden but had not successfully targeted the U.S. homeland. Even the FBI, despite its domestic mandate, was focused on the risk to Americans overseas more than Americans at home. 

In 2011, a Norwegian white supremacist terrorist murdered 77 people, mostly youths at a camp for a left-leaning political party. A later investigation criticized the intelligence and police services for their lapses in preparedness. When the attack occurred, pundits first focused on what seemed obvious to them—the threat al Qaeda posed to Norway—because of the history of al Qaeda attacks in Europe and the group’s particular hatred of Norway, which may stem from Norway’s participation in the U.S. campaign in Afghanistan, treatment of jihadis at home, and toleration of cartoons mocking the prophet Mohammed. Police, to their credit, quickly determined that the killer was a right-wing terrorist, not a Muslim.

Those pointing fingers at Sri Lankan security services that failed to stop the Easter attacks should remember that they were not the only officials who focused on the wrong threat. Israel, Norway, and the United States had competent governments with excellent and well-resourced intelligence services, yet they too made mistakes that allowed devastating terrorist attacks in their countries.  

Failure has many potential sources. One is simply cognitive, as even the best analysts suffer from a range of analytic biases. Confirmation bias, for example, leads analysts to screen data to back up their existing preconceptions. So if the terrorism threat is known to come from Tamils or Sinhalese and there is no serious history of Muslim-Christian violence, it is tempting to downplay the jihadi threat and play up data that implicates known dangers.

Resources also come into play. It is easier to allocate money, people, and collection assets to a danger that has already manifested itself rather than a potential one. Vested interests can rightly point to past dangers to justify future threats, while more hypothetical risks do not have a built-in constituency to argue for people and budgets. Israel, for example, had entire directorates devoted to the very real Palestinian threat, so focusing more on Jewish terrorism, particularly when Palestinian terrorism risked jeopardizing the peace process, was difficult to justify.

Resources and biases shape the collection of intelligence, and collection in turn shapes the evidence available to assess the threat. If the danger is from Tamil or Sinhalese violence, then there is less reason to collect information on potential jihadism. As a result, officials know less about dangers that might emerge. This problem is particularly acute for right-wing violence in the United States today. There is at best uneven collection at the state and local levels for data on violence by white supremacists, as much of it is not counted as terrorism and thus skews comparisons of different types of threats. Only after a massive attack like the 2018 Pittsburgh synagogue shooting, where the death toll rivals that of high-profile jihadi attacks, do comparisons between the two become common. 

Internal divisions within and between security services often play a significant role. Different parts of a government may know different aspects of the threat, with the information only coming together in its aftermath. Coordination between the CIA and the FBI before 9/11 has come under considerable criticism and is often blamed for the attacks happening. Such problems are far more acute in countries where civil-military relations are poor and leaders deliberately coup-proof their militaries and security services in part by compartmentalizing to prevent them from coordinating with each other and thus inhibiting information sharing.

Libya’s Muammar al-Qaddafi, Iraq’s Saddam Hussein, Syria’s Hafez al-Assad, and other dictators often put rivals in charge of different security agencies, valued loyalty above professionalism by placing relatives in key positions, and created additional security agencies so the spies could spy on one another. This made them less of a threat to the leadership’s power but also less effective at stopping terrorism.

Even if the intelligence and police services get it right, they still need to convince policymakers to act, which seems to have been one of the key failures in Sri Lanka. The scholar Richard Betts has found that policymaker disbelief is one of the most common causes of what are often called intelligence failures. Policymakers determine the focus of intelligence collection and prioritize targets, so even when there is clear warning, their focus on other problems can inhibit an effective response. In addition, they may choose not to act on a threat and then later claim they did not have sufficient information.

It is all well and good, as the 9/11 Commission did, to lament a “failure of imagination” after an attack. But imagination, by itself, is not enough to stop the next attack. Better training can mitigate, but not end, cognitive biases. Most of the other problems, however, stem from inevitable difficulties linked to politics and prioritization. 

Too often what helps cure one problem causes or exacerbates another: Greater sharing of information, for example, makes it easier for a traitor like Edward Snowden to access and then reveal information. We can hope policymakers and intelligence professionals alike learn lessons from Sri Lanka and similar tragedies, but history suggests that while we look over our shoulders for the next threat, it might be lurking just around the corner.  

Daniel Byman is a professor at Georgetown University and a senior fellow at the Brookings Institution. He is the author of the new book Road Warriors: Foreign Fighters in the Armies of Jihad. Twitter: @dbyman

Trending Now Sponsored Links by Taboola

By Taboola

More from Foreign Policy

By Taboola