A reader of this blog and an important ICS security researcher, Joel Langill, has asked on TWITTER a number of times over the last 24 hours (the latest here) why DHS hasn’t posted an alert on the National Terrorism Advisory System (NTAS) as a result of the Joint Intelligence Bulletin (I can’t find a link to this oft reported Bulletin) from the FBI and DHS that warns faith-based organizations in the United States and U.S. embassies abroad that “the risk of violence could increase both at home and abroad as the film continues to gain attention.” I tried last night, unsuccessfully, to explain in 140 characters why such an alert is ‘not appropriate under the NTAS’. Since DHS isn’t going to explain, I thought that I would try again in more detail.
The Old System
To fully understand the NTAS you have to first remember the problems we had with the old color-coded. The old system would describe the current state of alert based upon a vague definition of a threat. It provided no real guidance to the public other than to be vaguely ‘alert’ to unusual or suspicious activity. And it stayed at an ‘elevated’ level for so long that it was effectively ignored.
When DHS brought the new NTAS into operation in April of 2011 Secretary Napolitano assured the public that the new system would only be activated when there was a clear and specific threat to the public or a substantial portion of the public. She also promised that the alert would provide specific information to the public about what actions they should take. Finally, it was made clear that any alerts issued would be for a specific, limited time-frame associated with the specific threat.
The NTAS was immediately questioned just a couple of days after its establishment when no alert was issued after the assassination of Osama Bin Laden. I noted in a blog post at the time:
“Today, and for the last five days, we have been under a new National Terrorism Advisory System that requires that “NTAS Alerts will only be issued when credible information is available.” It is way too soon to have any ‘credible information’ available on an organized threat, and much of the unorganized threat will not be planned well enough for there to be much if any chance for the intelligence community to find any credible information.”
Surprisingly there was relatively little in the way of counter-attacks by al Qaeda after Bin Laden’s death; especially here in the United States. In hind sight DHS was absolutely correct that there wasn’t any need for issuing an NTAS alert. Besides, there was more than enough communications from DHS through the media that notified people of the possibility of terrorist actions and reminding them to report suspicious activity. No alert was justified or necessary.
Consulate Attack in Libya
There are certainly initial indications that the attack on the Consulate in Bengasi, Libya was probably a planned terrorist attack specifically targeting Ambassador Stevens. He was a locally popular figure who presented a good image of the United States to the Libyans. As such he was a threat to the success of radical Islamic forces in the area. It even looks like the demonstration outside of the Consulate may have been planned and fabricated as a cover for the attack.
That there might be similar attacks planned at other consulates in Muslim countries is entirely possible. One would like to think that the State Department is taking appropriate precautions. It is unlikely that such a complex attack, however, could be executed in the United States.
Potential for Homeland Attacks
It is clear from what we have heard of the FBI/DHS Joint Intelligence Bulletin, that neither agency has any actionable intelligence about specific related attacks in the United States. What they have announced is a standard warning that this video trailer is objectionable enough to Muslims that it would not be unexpected for it to be capable of being the final straw in the radicalization of some small number of individuals here in the United States; just as was the death of Bin Laden.
That one or more of these individuals could get excited enough in the short term to execute some sort of impromptu attack on perceived targets is always possible. Even though we are unlikely to catch these types of short term attacks before they occur, neither are they expected to be overly effective. Effective attacks take planning, weapon acquisition and training, and reconnaissance. These are the activities that suspicious activity reporting (SAR) is designed to detect; not public alerts.
Save the NTAS Alerts for Expected Attacks
The NTAS is designed to notify the public when the intelligence/law enforcement folks have detected an incipient attack and need the public to take specific measures to protect itself against the specific attack. The whole point of the NTAS alert is to be so rare as it captures the public’s attention and causes widespread compliance with the directives of the alert.
If we go back to the old color code standard of initiating active alerts every time that something occurs in the world that will stir up potential radicals, we will always be under alert without being provided specific protective actions. If and when either the Department or the FBI comes up with a specific credible threat of a terrorist attack, we need the NTAS to be an appropriate and watched notification system.