A Prevention Framework

When authorities recognize that they do not have sufficient information or adequate capability to destroy a terror cell or network, preemption should transition quickly to preventing the attack. Knowing precisely when to transition from “Preemption” to “Prevention” is often subjective—and for those officials who have extensive experience in law enforcement and counter-terrorism, it can also be instinctive—but there are key indicators that guide a decision to move toward “Prevention.” Intelligence plays a dominant role in this decision-making process. Intelligence reports that indicate terror cells have established a presence within our borders are the best signs. Other signs include the increased volume of SIGINT “chatter” and known movements of terror leaders. A general absence of information and intelligence may also push decisionmakers to “Prevention” as an operational precaution to save lives and preserve property. In these cases, authorities must ask difficult qualitative questions about the information on hand. They must also review their capability to actually preempt the attack.

If the decision is to retain preemption as a key objective, warnings can be expanded to a functional audience. Following this course of action generally implies a tightly controlled warning to need-to-know audiences with the stated goal to preempt a terror network, and with the minimum goal to prevent an attack. When preemption is no longer a realistic option, the warning can be expanded to a broader sector-wide audience such as the airline or petrochemical industry, or a national region, wherever the threat is perceived to exist.

As warnings are expanded, a cautionary note must be struck within interagency discussions: balancing the public’s need-to-know with the intelligence community’s mandate to protect sources and methods will always represent a challenge for crisis managers. Political leaders and intelligence operatives, and crisis managers will need to ask whether the two concerns are mutually exclusive, and which takes precedence. Other questions to consider: Does the public always have a need to know when such a situation arises? What can the government do if a public warning would elicit mass panic and gridlock?

Nowhere are the “red-lines” posed by these questions more immediately apparent than in the White House Situation Room environment. When a crisis occurs, the Homeland Security Council most frequently meets in the White House Situation Room. Officials who occupy seats around the table include principal decision-makers or their deputies when they are not available. One official who is often not invited to these discussions when terrorism is involved is the White House Press Spokesperson (who has Assistant-to-the-President commissioned officer rank and Top Secret SCI clearance/access). He is, at times, actually disinvited to be present in crisis management discussions. Deciding when to invite the press spokesperson into a crisis management discussion is therefore one of the most immediate outward physical manifestations of when the Preemption Phase transitions to the Prevention Phase.

One such decision to expand warning, while not coordinated with this overt purpose in mind, occurred in June and July 2001:

On June 28, [Richard] Clarke wrote [Condoleeza] Rice that the pattern of al Qaeda activity indicating attack planning over the past six weeks "had reached a crescendo." "A series of new reports continue to convince me and analysts at State, CIA, DIA [Defense Intelligence Agency], and NSA that a major terrorist attack or series of attacks is likely in July," he noted. One al Qaeda intelligence report warned that something "very, very, very, very" big was about to happen, and most of Bin Ladin's network was reportedly anticipating the attack. In late June, the CIA ordered all its station chiefs to share information on al Qaeda with their host governments and to push for immediate disruptions of cells.
The headline of a June 30 briefing to top officials was stark: "Bin Ladin Planning High-Profile Attacks." The report stated that Bin Ladin operatives expected near-term attacks to have dramatic consequences of catastrophic proportions. That same day, Saudi Arabia declared its highest level of terror alert. Despite evidence of delays possibly caused by heightened U.S. security, the planning for attacks was continuing.
On July 2, the FBI Counterterrorism Division sent a message to federal agencies and state and local law enforcement agencies summarizing information regarding threats from Bin Ladin. It warned that there was an increased volume of threat reporting, indicating a potential for attacks against U.S. targets abroad from groups "aligned with or sympathetic to Usama Bin Ladin." Despite the general warnings, the message further stated, "The FBI has no information indicating a credible threat of terrorist attack in the United States." However, it went on to emphasize that the possibility of attack in the United States could not be discounted. It also noted that the July 4 holiday might heighten the threats. The report asked recipients to "exercise extreme vigilance" and "report suspicious activities" to the FBI. It did not suggest specific actions that they should take to prevent attacks.

In hindsight, a cogent question to consider is whether expanding the warning outside official channels to a broader public audience might have successfully prevented the 9-11 plot.

Once the decision is made to move fully to “Prevention,” an expanded public warning can serve to either potentially disrupt or delay a terrorist attack. Maximizing awareness through public warning—raising the HSAS protective condition to orange for a threatened sector or region, for instance—may well have the desired affect of delaying an attack; but if crafted thoughtfully and deliberately, expanded awareness could also physically disrupt an attack if it leads to the arrest of one or more operatives in a terrorist network.

Crafting a Strategy of Public Warning for Terrorism

Crafting an operational strategy of public warning for terrorism requires both a framework and a focus for the desired ends to be achieved. When should a warning be specifically targeted to a compartmented audience? How can a compartmented warning be expanded—and to what end? When should a general public warning be released? Frameworks or models can assist in answering these questions, if they are fully integrated into the operational planning to defeat terrorist networks. Frameworks are not plans—nor are they strategies, operational templates or roadmaps; rather, they are tools: methods of conceptualizing how best to prioritize an effort, gather assumptions, analyze threats, plan a response, and implement courses of action.

Establishing a national policy to guide a strategy of public warning would not be difficult given the extensive amount of work already accomplished in creating the HSAS, updating the Emergency Alert System (EAS), and in improving information sharing and intelligence fusion functions under the DNI umbrella. Other national crisis management systems such as the Crisis Support Group, the NOAA weather alert system, COOP/COG programs, the Homeland Security Operations Center and White House Situation Room combine to form an operational capability for public warning that is unquestionably the most sophisticated in the world. The foundation for an effective policy of public warning, therefore, already largely exists. A national policy of public warning would incorporate these existing programs and direct a comprehensive inventory of the many disparate technical and procedural systems of warning already in our federal and state inventories, so that those systems can be synchronized wherever practicable.

Creating a National Commission for Public Warning would provide a dedicated group of experts to implement both policy and strategy. The daily function of the Commission would be oversight of all public warning programs, to include counter-terrorism. Their most important role, however, would be synchronizing the many disparate systems that have a public warning role in the U.S. inventory.

A principal tenet of a national policy for public warning would establish terrorism as separate and distinct from all other naturally occurring hazards. If the ultimate goal of public warning is to prevent terrorist attacks and preempt terror networks, this distinction is crucial to the formation of a coherent, effective strategy. Integrating Boyd’s “OODA Loop” Model and Warden’s “Five Rings” Model into the three phases of warning (Preemption, Prevention, and Mitigation) offers the operational mechanisms necessary to inform a national strategy for public warning. Loosely associating each phase to an HSAS protective condition (Severe, High, Elevated, Guarded) provides additional context, tying systems, models and frameworks together for a common strategic purpose.

Local Control of Public Warning Systems.

As the Lexington Warning System was implemented, local towns mustered their militias. The Groton historian describes that town’s expeditious deployment of its militia:

So well prepared were they for such an emergency and so expeditious their rally, that they arrived at the Groton rendezvous, five miles distant, before the companies there were ready to march.

Many families of militia members fled their homes with good reason as the British plundered and set fire to their homes. The clergy in the area played a role in calming fears; however, as David Hackett Fischer describes,

In the town of Framingham, ten miles southwest of Concord, a strange panic seized the women and children living in the Edgell and Belknap district. Someone started the story that “the negroes were coming to massacre them all!” An historian of that town remembered that “nobody stopped to ask where the hostile negroes were coming from; for all our own colored people were patriots. It was probably a lingering memory of the earlier Indian alarms, which took this indefinite shape, aided by a feeling of terror awakened by their defenceless condition, and the uncertainty of the issue of the pending fight.”

J.P. Campbell points to an additional ingenious characteristic of the Lexington Warning System (my emphasis added):

…a Revere parallel suggests the involvement of common citizenry. They were the viral response. They were the human network. Do today’s citizens get trained to look for certain things? Do ‘special citizens’ get sworn in and work as a ‘network of eyes’ on the street? Well, perhaps the first is a possibility.

The Neighborhood Watch Program has a long history in the United States. The days where each local neighborhood had a “Block Captain” is now being resurrected in some neighborhoods around the country. In order to achieve at least a passive surveillance capability throughout the country, it may be worth asking whether such a system can be formalized and systematized nationwide today. The issue, as J.P. Campbell says, centers around trust:

A critical part of any network’s success focuses on trust. Revere was known to Hancock and Adams. He was trusted. Inherently he must have trusted the authority of his source – Joseph Warren. He literally took his information and went with it. Who does today’s society trust to receive information and go with it?

As the Camden Yards scenario is intended to demonstrate, protecting our critical infrastructures and processes against contemporary terrorist threats requires active defensive strategies that incorporate innovative and often nuanced methods of warning. When asked whether he believed public warning could be used to preempt terror attacks, Tom Ridge paused thoughtfully and said: “Public Warning can be preemptive if it is adequate and targeted to a specific threat.” But, he cautioned, “It must be based on trust! There is a real danger in compartmenting information too tightly.”

The Defensive Components to Public Warning Strategy

The explosions are deafening. They occur in quick succession two minutes after midnight, awaking the citizens of Indianapolis and Raleigh-Durham in the vicinity of both factories. When first responders arrive at both locations, they find the team of security guards dead, shot execution-style outside the entrances to each factory.

It is not a conflagration. It is later learned that the ammonium nitrate bombs were delivered aboard five U-Haul trucks at each location and driven into the corners and center of the factories, and detonated simultaneously. The effect of the combined placement and composition of the devices is devastating—both factories implode, causing the roof of each building to collapse onto the specialized machinery and sensitive equipment used to manufacture insulin: nozzle and plate separators, fill and finish lines, fermentation vessels, bulk media vessels, storage tanks, refolding suites and downstream processing facilities, filtration suites machinery, clean-in-place facilities, cooling/refrigeration plants, high performance liquid chromatography (HPLC) columns, high capacity water purification plants, ozone generators for sterilization, laboratories and insulin stockpiles. All are destroyed—damaged beyond repair. It takes some time for the extent and scope of the destruction, and too, the long-term implications to be fully realized. There are only two insulin production factories in the United States. Both of them are now destroyed.

It takes two weeks for the supply of insulin already at hospitals, local pharmacies and in the national pharmaceutical stockpile to be depleted. Because insulin is required to be refrigerated, maintaining large stockpiles of insulin in a centralized location is nearly impossible. By the next day, it becomes clear in hospitals around the country that widespread "just-in-time" business practices (reducing inventory stockpiles and delivering products as they’re needed) has further limited the availability of insulin for diabetics.
The National Coordinator for Counterterrorism recalls that indicators emerged at least a year ago of a plan to attack the insulin production plants: an inordinately high volume of internet searches relating to U.S.-based insulin production factories on Google and Yahoo were detected from a known IP located at a madrassa in Peshawar, Pakistan. An Al Qaida notebook discovered in a terrorist training camp had also been found, listing both U.S. and European insulin production plans:

Penza, in the Volga region of Russia.
Tianjin, China.
Aventis Recombinant Insulin Plant, Frankfurt, Germany.
Novo Nordisk factory in Clayton, North Carolina
Novo Nordisk Insulin Bulk Plant, Kalundborg, Sweden

NSA signals intelligence intercepts of encoded digital cell phone conversations in Islamabad six months prior to the attacks pointed to two separate groups of men and women seeking student visas for attendance at the University of Indiana and University of North Carolina. UNC reported to the NC Bureau of Investigation two months prior to the attacks that a group of international students from Pakistan had enrolled, but never attended classes. In Valparaiso, Indiana, a local police investigation was initiated after a farm CoOp reported a warehouse break-in and the theft of an estimated five hundred 50lb sacks of fertilizer. A large automobile dealership along Route 1 in Raleigh, NC reported the theft of nine 50 gallon barrels of waste oil from their premises. In Indianapolis, a U-Haul center reported that five U-Haul trucks had been rented by a group of students of "Middle Eastern origin." Two days prior, one of the Pakistani "students" was issued a ticket for illegal parking on a main thoroughfare in Triangle Research Park, directly across from the insulin production plant. After the attacks, tour logs from both facilities indicated that tours were attended by five to eight Pakistani nationals on student visas.

In some cases, positive actions were taken to investigate and warn the public of a possible terror threat. In a daily secure video teleconference a week prior to the attacks, National Counterterrorism Center (NCTC) and DHS incident management officials requested that the FBI investigate the "lost" Pakistani students. A retired former high-level FBI official made a personal call to the Director of the FBI to express his concern after hearing about the Pakistani students from a former colleague, and reading about the mass thefts of oil and fertilizer in Indiana and North Carolina two days apart in USA Today. When he felt the call was politely listened to, but largely ignored, he appeared on a local Delaware news station summarizing his concern and outrage at the FBI's unwillingness to take the emerging and imminent (yet unspecified) threat seriously. Given his widely-known reputation and media contacts, national media quickly arranged for him to participate in broadcast and print interviews following the attacks.

In response, DHS denied that it ignored the threat and responded by raising the threat level to red or "severe" at all stand-alone government buildings and major financial institutions across the nation. Notices are immediately sent out to other insulin production plants abroad advising them of the threat.
In a press conference a day and a half after the attacks, the Attorney General releases the names and photographs of the Pakistani "students," identifying them as terrorist suspects.

The President declares the situation an “Incident of National Significance.” In the wake of the attacks, hospitals quickly become overwhelmed with patients of all ages with Type 1 and 2 Diabetes, all suffering the emerging onset of insulin shock, many from extreme anxiety. The official national commission appointed to investigate the terror attacks on the U.S. insulin production plants ultimately concludes that the insulin plants are not included in national vulnerability analyses and that a host of intelligence and public warning failures have contributed to the inability of the federal and state authorities to preempt the attacks and mitigate their devastating effects to an entire disabled population.

Fortunately, this is a fictional scenario. And fortunately, scenario-based interagency drills that assume national strategic vulnerabilities, and that work “in reverse” to identify problems and apply broad interagency and intergovernmental strategies to address them are standard procedure with each of the States. Nonetheless, the strategic vulnerability described above does exist, and the gaps in public warning that could prevent such an attack persist. Scenarios such as the insulin production plant attack serve an important primary purpose: linking vulnerabilities—known and unknown—to strategic solutions. Once a threat to our national infrastructure is even remotely detected, a strategy to meet that threat is required. Templated or passive strategies are insufficient when we face terrorist threats because the adversary is capable of deliberate, strategic thought.

To be effective, warnings should be oriented toward the people and sectors of society that are actually at risk, and must include the first responders and officials charged with preventing, responding to and mitigating damage and loss of life. To this end, the Lexington Warning was focused first on the revolutionary movement’s “center of gravity,” the political leadership of Sam Adams and John Hancock. The secondary focus was the militia and their ability to defend the revolution by force, if necessary.

John Boyd’s OODA Loop Model

Terrorist threats, whether manifested as IEDs or WMDs, require deliberate planning processes. Colonel John Boyd (USAF, Ret.) coined the term “OODA Loop,” and developed the concept of “Observation, Orientation, Decision, Action” as a strategic decision-making model that he first applied to the military, but quickly applied to the business and academic arenas as well.

Source: mindsim.com

Boyd’s “OODA Loop” model above is useful in broadly framing how a terrorist organization proceeds in targeting a government’s population and infrastructure. As such, it provides cogent insight in crafting a strategy of public warning against terror threats. The OODA Loop model is relevant for counter-terror strategy because all terrorist organizations go through these four phases of decision-making in targeting U.S. interests at home or abroad. In short, effective planning requires observation and orientation to a target before a final decision is made to carry out the attack. Once the decision is made, the attack becomes the follow-on action.

Source: mindsim.com

The expanded OODA Loop model above shows the array of factors that interact together in decision-making processes leading from observation to action. In his book, The Essential Boyd, Grant Hammond explains the model’s fundamental theses and dynamics (my emphasis added):

Knowledge of the strategic environment is the first priority. Secondly, one must be able to interact with the environment and those within it appropriately. You must be able to observe and orient yourself in such a way that you can indeed survive and prosper by shaping the environment where possible to your own ends, by adapting to it where you must. Doing so requires a complex set of relationships that involve both isolation and interaction. Knowing when each is appropriate is critical to your success. In OODA Loop fashion, one must continually observe, orient, decide and act in order to achieve and maintain freedom of action and maximize the chances for survival and prosperity. One does so through a combination of rapidity, variety, harmony, and initiative. It is these that are the core of “Boyd’s Way.” Rapidity of action or reaction is required to maintain or regain initiative. Variety is required so one is not predictable, so there is no pattern recognition for a foe to allow him to know of your actions in advance and thus plan to defeat them. Harmony is the fit with the environment and others operating in it. Initiative—taking charge of your own destiny—is required if one is to master circumstances rather than be mastered by them. All of course, would be focused on attaining the specified Objective that is implicit in this discussion.

As terrorists progress through their stages of planning and execution, many operational counter-terrorist measures directly target the phases of this model. Warning strategy, if it is to play an effective role in countering terror threats, must assume a similar approach and perform actively in each of the OODA phases. Public warning as it relates specifically to terrorism must not only be systematized (as it must be for All-Hazards public warning); to be successful as a tool in countering terrorist threats, it must also be operationalized as a strategy.

The Offensive Dimensions of Public Warning

The anonymous telephone call to the Homeland Security Operations Center on Nebraska Avenue in Washington, D.C. indicated a threat to the rail transport system on the east coast sometime during the next month. In Pennsylvania, a policeman investigating reports of a series of explosions in an abandoned rail yard reveals entire sections of rail cut from the expert emplacement of plastique explosives. A CIA source in Bagram, Afghanistan reports that a sleeper cell in Newark, New Jersey has been activated by Al Qaida’s leadership to carry out an attack at a large sporting event during the next “several weeks.”

Informed of the CIA report, but equipped with very limited information, CTC officials work with the FBI field office in New Jersey to identify the identities of the sleeper cell members. A DHS review of major east coast sporting events reveals no less than forty-eight professional sporting events on the east coast, from Florida to Maine, scheduled during the next four weeks. State Department and Customs investigators conduct a search of all valid visas for temporary residents of New Jersey and find 134 student and work visas originating from Afghanistan and Pakistan—nearly half are men.

A hardware store owner just outside Newark calls the police, reporting the cash purchase of five sets of large, heavy duty bolt cutters by a man with a heavy foreign accent, olive skin and a dark, thick mustache, wearing sunglasses. The department store surveillance camera shows grainy images of the man. A survey of credit cards from the 134 Afghani and Pakistani men and women issued entry visa reveals the rental of an oversize van by Mohammed I. Khan during the last day.

Armed with scant information about the possibility of a major sporting event being targeted by terrorists, the Homeland Security Council convenes a twenty-four hour CSG to monitor information and coordinate the combined interagency response to the threat. One night, when a senior homeland security incident manager shows up for a late night secure telephone call in the Homeland Security Operations Center, a Coast Guard communicator overhears his conversation about threats to east coast rail transportation and a major sporting event and points to the national playoffs scheduled in two days at Camden Yards, in Baltimore. Pulling out a map of Baltimore, the communicator shows the incident manager the close proximity to the railway running through the city, past Camden Yards. The incident manager looks at the map and then back at the communicator, clearly alarmed. The communicator concludes by saying, “You see, I’m from Baltimore, Sir.”

Further investigation at DHS that night reveals a shipment of industrial chemicals to include chlorine, sulfuric acid and hydrochloric acid from Pittsburgh, Pennsylvania to Apex, North Carolina scheduled to depart in two days, passing through Baltimore during the seventh inning of the first playoff game at Camden Yards.

Without knowing the whereabouts of the sleeper cell members, the Playoff game is quickly moved to Chicago. The Homeland Security Advisory System protection level is elevated to Severe (Red) for the East Coast cities and for the rail cargo transport system. Surveillance is placed in airports at all international ticket counters. Five men in their 20s and 30s are apprehended at the check-in counter in Newark. After an professional nanny recognizes the remaining Al Qaida cell members from published photos on CNN, five men are arrested by the Maine State Police, as they cross the Canadian Border at Houlton, Maine into Belleville, New Brunswick. The hardware store owner who reported the information regarding the suspicious purchases from his store was publicly awarded a $100,000 reward for the tip that helped lead to the arrests of the terrorist cell.

Scenarios like this illustrate how public warning can assist in preempting a terrorist network. If used creatively and deliberately, public warning can work in concert with intelligence and law enforcement efforts by providing needed “connective tissue” between seemingly disparate pieces of information to answer stated information requirements (unknowns). Once established, information linkages can be crucial in interdicting a planned terrorist attack. In some cases, public warning can actually be used to induce terrorists to take desired actions that may lead to their arrest. Blogger, J.P. Campbell, advocates a counter-network that uses public warning strategically, employed fully in the offense:

Any counter or proactive network must somehow predict or lead terrorists to where you want them. Further, it has to do this more than once, virally, or it too will face extinction through their adaptation.

Steve Delonga, CEO of Ste-Del Services in Alexandria, Virginia points to the value of offering rewards to citizens who report information that prevents a terrorist attack from occurring.

Public warning shouldn’t just be about spreading awareness. It’s much more than that. When it comes to defeating terrorists, the public needs to be the eyes and ears of law enforcement. What’s wrong with offering rewards? Ultimately, dollars and cents matter to people…if the public perceives a monetary reward for reporting suspicious activity, they’ll be more likely to do so, regardless of risk because they’ll also be looking. The video store clerk responsible for reporting the information that led to disruption of the terrorist cell [planning to attack Fort Dix] should receive a very public reward to encourage others to do the same when they see something that’s not quite right. Why isn’t his photo on the front page of every newspaper around the country, giving him full credit?

Steve Delonga’s opinion is representative of many corporate CEOs I interviewed, who see the government’s efforts to manage public perceptions in the war on terrorism as severely flawed.

Public-Private Partnerships

With the full range of stakeholders who depend on public warning, the need to cultivate public-private partnerships seems obvious. Because the success of public warning is contingent on information sharing between federal, state, local and corporate entities, complex obstacles stand in the way. Corporations are concerned about preserving the confidentiality of certain types of information that allows them to remain competitive. They are also concerned about the potential cost of homeland security measures and the forecasted gains or losses that would result from their integration into a national warning system. The Partnership for Public Warning makes an effective argument for how best to integrate the corporate sector into a public warning system by advocating “market-based solutions:”

Industry needs a clear statement of government intent and clearly articulated standards that specify required interoperability for a national warning capability. Industry will be naturally motivated to augment basic interoperability with competitive capabilities and refinements. Industry also needs an official stream of all-hazard warnings that industry can deliver without liability for the content.

Information that is critical to public warning should be freed of liability issues, whether publicly or privately generated. Indemnifying corporations against liability when they contribute information to government authorities that is useful in enhancing vulnerability analyses, and in assisting with counter-terror investigations requires legislative, executive and organizational solutions if corporate intelligence is to be integrated into public warning. Maintaining trade secrets is vital to that effort. When the government requests that corporate information be shared—whether it relates to databases, sales trends or telephone records—an immediate area of concern that emerges within the mind of a CEO is how proprietary information can be safeguarded.

Special care, however, must be taken to ensure that when a corporation releases information that it is not doing so to evade or gain immunity from federal oversight, penalty or prosecution. Checks and balances are therefore critical to the long-term success of the system, as well as to its credibility. The potential for leaks in such a framework, while very real, can nonetheless be mitigated by keeping the congressional oversight audience limited to a core group of congressmen and senators—and by aggressively investigating the unauthorized release of sensitive information when it occurs.

Profits and losses will also remain a prevailing core concern for any corporate involvement in public warning and information sharing. Tom Ridge states: “The corporate focus will always be ROI [Return on Investment]. Many things can be done to make public warning attractive to corporations but it requires creative, innovative solutions.” Andrew Lundquist, former Director of the National Energy Policy Development Group agrees:

Private and public companies don’t want to increase their costs. If you can prove long term cost savings, possibly through lower liability and insurance protection premiums, corporate leaders are more likely to quickly fall in line. If you can find a way to spread out liability, that may be a way to drive it. Another concern of corporate leadership are government ratings regarding compliance—tailoring public warning and homeland security programs so that they evaluate compliance to government programs is also an effective approach to consider.

Business advisory councils are a method DHS has taken in finding these solutions.
Collateral benefits to business advisory councils are the habitual relationships that are formed as corporate and governmental officials assemble and search for mutually beneficial solutions.

Strategic Dimensions of Public Warning

Good strategies have offensive and defensive components. If protecting population and national infrastructure is the defensive challenge for public warning strategy, attacking an enemy’s strategy comprises the offensive component. Public warning for terrorism has habitually represented the sole focus of public warning in its effort to mitigate—and whenever possible with the hope of preventing—terrorist attacks. The offensive opportunities and dimensions of public warning have been largely ignored—and most frequently, not ever conceived.

Citing the fact that the United States has not been attacked on its own soil since September 11, 2001, some argue that a purely defensive public warning strategy is sufficient. Others have implied that no strategy or system is required at all. Former White House counter-terror expert Roger Cressey asks hypothetically whether a nation-wide alert system is actually needed, when “public acceptance hinges on the additional information provided by federal officials while the dilemma at the federal level is ‘what can be disseminated?’” There have been widespread calls for scrapping the Homeland Security Advisory System altogether, but in almost every case no alternatives are provided. While “No Strategy” is certainly a strategy, it must be asked whether it is the right strategy when life, limb and property hang in the balance. A purely defensive strategy may be politically most palatable given the overwhelming and well-placed concerns over privacy issues. The emotional debate surrounding the Patriot Act best illustrates those concerns. But is even a defensive strategy of public warning sufficient?

Carl von Clausewitz theorizes that "The defensive form of war is not a simple shield, but a shield made up of well-directed blows." He warns that while the defense is indeed the stronger form of warfare, it is only useful when the goal is to maintain stasis. The primary issue of making the defense the cornerstone of a strategy is that by doing so, you effectively cede the initiative to your opponent. Clausewitz argues: “…it follows that [defense] should be used only so long as weakness compels, and be abandoned as soon as we are strong enough to pursue a positive object.”

Adding an offensive component to public warning for terrorism does come with its fair share of controversy. It involves injecting potentially invasive and controversial information-based components into public warning systems that, to date, have not been wholly attempted as part of a deliberate strategy such as profiling and delaying warning to the public at large. As one high-level Homeland Security official told me, “Profiling may be controversial, but it does work and it will remain a key part of our strategy to defeat terrorists.” Delaying public notification of a terror threat in order to preempt also carries with it a full array of risks and liability issues--issues that may require targeted solutions from all three branches of government. In fact, all three branches of government must be involved in crafting a strategy of public warning. It cannot be created in a vacuum. For it to be accepted, it must be a bipartisan effort with inclusive protocols that keep all parties with a need to know, informed (and involved).

The Statecraft of Public Warning

For public warning to have a preemptive capability it must not only operate across federal, state and local boundaries, it must also have a sophisticated international warning component that has the ability to predict and intercept terrorist attacks before they occur. Just as international fugitives and criminals can be investigated and tracked by organizations such as Interpol, the United States must incorporate its public warning systems into a larger international system that works in cooperation with other nations and international intelligence and law enforcement organizations. This is the essence of statecraft for public warning.

While the United States has established relationships abroad, a formal system of international warning does not currently exist. Security classification and the typography of information that is releasable or strictly compartmented by government agencies or corporations combine to create formidable barriers to public warning. Overcoming barriers through agreements, legislation, executive order, and litigation should be aggressively pursued wherever such efforts can be proven to benefit public warning and public safety. Treaties and formal agreements between countries will certainly play an important role in this regard; however, relationships built on trust are crucial requisites to long term strategic success.

The transnational nature of terror threats makes international cooperation a modern day imperative for the United States, and her allies. Even among states that historically have been at odds with one another on substantive and divisive issues have the opportunity to cooperate in the public warning and counterterrorism arenas. Information on terrorist threats may originate from other countries, officially and unofficially, at all levels, most often through well-established relationships and well-cultivated sources—in much the same way as a veteran reporter operates with confidential sources that remain “off the record.”

Formal and informal international arrangements designed to enhance each country’s respective public warning systems rely upon established relationships between officials with both political and operational roles. These relationships once established, must be actively cultivated if they are to retain their value in providing information and intelligence for advance warning of terror plans. Policies that encourage mid- and high-level foreign military and governmental (civilian civil servant) exchange programs are invaluable to this long-term effort.

Once solely the domain of the CIA, information and intelligence obtained from abroad now extends across agencies and departments to corporations and even private entities who all play a potential role in warning of a terrorist threat beyond our own borders. The challenge faced by the CIA, FBI and fusion organizations such as the National Counterterrorism Center (NCTC), are primarily recognition and triage, but department clearances and organizational cultures remain issues. A Washington Post article offered this insight into how the NCTC functions:

Three times each day -- at 8 a.m., 3 p.m. and 1 a.m. -- representatives from across the intelligence community meet to update the nation's threat matrix. The meetings -- held most days via videoconference -- are chaired at NCTC headquarters, a nondescript, unlabeled office building in Northern Virginia, around a massive, football-shaped wooden table. The table, designed as neutral ground, has 16 seats, pop-up computer terminals and ceiling-mounted screens that can show al-Jazeera broadcasts as well as highly classified graphics.

Participants include representatives of the CIA and FBI; the Defense Intelligence Agency and others under the Pentagon umbrella; the departments of State, Homeland Security, Treasury and Energy; and other subsidiary agencies such as the Drug Enforcement and Transportation Security administrations. Topics include individual suicide bombers, movements of groups and people, potential targets, reliability of information on specific threats, and actions being planned or already taken.

Material for the meetings is gathered by the 24-hour operations center deep within the ultra-secure building. The room is dark, with a high ceiling, drop-down video screens and sound-muffling walls; its carpeted floor is covered with desks where integrated intelligence teams examine and share incoming data from their separate agencies in 12-hour shifts. At opposite ends of the room, the CIA and FBI counterterrorism divisions have satellite offices representing their own headquarters.

The thrice-daily meetings are the substantive and symbolic core of NCTC's melding of the intelligence community. But most of the center's activities take place in offices and cubicles where officials plumb 28 databases of raw and processed intelligence from across the community.

The analysts turn out reports, adding context and information about response actions already taken, that are disseminated to more than 5,500 policy and intelligence officials with the security clearances required to read them.

Rarely will a threat manifest itself with a clear and whole picture. Instead, it will often arrive piecemeal from anonymous or questionable sources, and with no imminent overt threat apparent. Recognition of terrorist’s trends and past practices will be helpful; but as terrorists become more sophisticated, surveillance and analysis at home and abroad must be more discerning, technologically advanced and risk acceptant. Warning that is obtained from abroad is often more advantageous to authorities because it can provide them with information earlier on in the terrorist’s planning cycle. In these cases, when time permits, preemption can be an option that authorities can actively pursue.

Once terrorist networks have infiltrated the United States, their planning processes will often already be extremely advanced, rendering preemption more difficult. As risk escalates over time, and as terrorist networks secure positions within the United States, the pressure to move from Preemption to Prevention will also increase. When an attack is imminent, the effort will quickly transition to Mitigation. The decision to warn is undertaken at multiple points within each phase of a terror threat as risk to the nation escalates, and as the operational situation dictates.

Preemption, Prevention and Mitigation

Combating terrorism requires a nuanced policy of information conveyance aimed at preemption, prevention and mitigation. Preemption can and should be regarded as the highest purpose and the functional goal of public warning, with prevention and mitigation as secondary and tertiary objectives. If preemption is not possible, it is logical to assume that governmental priorities would transition to preventing the attack through the broad dissemination of information to first responders and the public at large. Where preemption is defined as preventing an attack by destroying a terrorist network or cell planning a terrorist attack, the goal of prevention is simply to disrupt or stop an attack in order to save life, limb and property. Similarly, mitigation occurs just prior to an expected attack and after an attack occurs. Its goal is to minimize the damage of an attack and to defend against another potential follow-on attack.

The three phases of public warning, therefore, can be described in terms of the dominant actions to be taken by homeland security officials as they occur along a continuum of time. These phases are:

I. Preemption
II. Prevention
III. Mitigation

When does each phase of public warning occur? Determining precisely when the window to one phase closes and another opens depends on the circumstances of each terror threat; and it is in this area, while observing adept crisis managers deal with this very question, that the “art” of public warning lies.
There is a certain “fungibility” to each phase. Often the transition points between phases are less than obvious. Furthermore, finality is a relative term in public warning as much as it is in counter-terror strategy—there are many circumstances and factors that could cause a phase, once “closed,” to “reopen.” Generally, however, each phase has its own anchor points:

• Notification of a potential threat;
• The point at which authorities recognize that a lack of information and intelligence excludes any real possibility for preempting a terror network—but leaving open the possibility of preventing it from striking through general (or targeted) public warning;
• The point at which an attack occurs.

Graphically, the relationship between each anchor point and phase would appear as a phased continuum:

PREEMPTION: Notice of Potential Attack
PREVENTION: Recognition of Incomplete Information
MITIGATION: Point of Attack

Figure 2: Toward a Strategy of Public Warning for Terrorism

However intuitive this may seem, this model does not reflect contemporary thinking about public warning. Instead, the purpose of public warning is widely seen as mitigating or “reducing” a threat. As such, public warning is not viewed strategically—but as a reactive and defensive tool that is often disparaged.
There is a general reluctance on the part of law enforcement and homeland security officials to use public warning for prevention of terrorist attacks because releasing information is often equated with losing control. From an operational perspective, such reluctance is understandable given the uncertainties and risks these officials routinely face in countering terrorist threats. Indeed, if the act of warning is likely to interrupt an investigation or a counter-terrorism operation, or if it is likely to create mass panic, a decision to delay warning may be the wisest course of action until adequate controls can be implemented. Public safety is not only the fulcrum used to determine whether or not to warn; but also, crucially, in the strategic decision of determining when and how to warn.

Applied strategically, public warning can provide a separate and distinct function that transcends its usefulness at the point of attack. “All-hazard” public warning provides the essential ability to mitigate against loss of life or damage to property by disseminating information to the potentially affected region or population. Where it falls short, however, is in its ability to deliberately prevent or preempt terrorist attacks. Precisely because it seeks to warn against all hazards—whether seismic, biological, environmental or man-made—all-hazard warning systems are passive insofar as they are able to actually stop a terrorist attack from occurring. “Although it may sound like an attractive concept,” Tom Ridge said, shaking his head, “warning against terrorism cannot be performed in the same way we warn of naturally occurring hazards…It’s a different animal than people think.”

And yet, incorporating select lessons and integrating capabilities from all-hazards public warning could have enormous utility in constructing both a system and a strategy for public warning for terrorism. Adopting a multi-dimensional, “blended” approach to public warning can have immense value in creating a public warning strategy for terrorism. Public warning for terrorism should work in tandem with all-hazard systems. On the surface, this may sound contradictory, given the premise that such systems are not wholly conducive to prevention and preemption efforts. If warning for terrorism must rely on compartmentalization, exclusive release of information and classified intelligence, it also must rely upon the all-hazards public warning capabilities of mass communication technology. In fact, “public warning” need not be public in the strictest sense— when it is used in a deliberate, targeted way it, too, can be employed selectively with decisive results.

Limiting warning to those who have a need to know carries with it its own set of risks. There is the danger that a limited warning, when it is communicated, may be addressed to too narrow an audience. There is also the risk, as counterterrorism expert Roger Cressey pointed to, that the right hand of government at the Federal level may not be synchronized with the far right hand at the State and local levels: “Trust is a factor. You will typically have 50 different decisionmakers and they’re going to do 50 different things.” If preemption remains the overriding goal without shifting focus to prevention and mitigation, the credibility of the warning system may be tarnished if a threat is not publicly announced after it has been carried out. Because the call is almost always subjective on when, who and how to warn, there will always be risks to be managed.

And yet, the risks inherent to public warning strategy, while substantial, are not insurmountable. The government’s responsibility to protect it citizens against harm is inviolable and constitutes a principal rationale for its very existence. Likewise, the government’s responsibility to warn is equally absolute. The subjective factors inherent to the way in which a government warns are strategic choices that require informed judgment, sound management and above all, concerned, experienced leadership. If capable, experienced leaders are selected to manage crises and use public warning strategically, the art and science of public warning can be quickly mastered.

The lens through which government officials view environmental hazards and terrorist threats cannot be the same if the goal is to prevent a terrorist attack before it occurs. To carry this metaphor further, if the lens used in planning for environmental hazards is transparent (meteorological data, for instance), the lens used in warning about terrorism is almost always opaque. Why? In short, sources must be protected and operational plans must be kept secret if they are expected to realistically succeed. All-hazard warnings have the ability to communicate the full spectrum of information early, and to a wide audience. Conversely, for terrorism, warnings will often be delivered to a very narrow audience and the information will typically be strictly compartmented (private) during the initial stages of an investigation. Over time, the warnings may progress to more open dissemination (public) for a given threat.