A reader of this blog and an important ICS security
researcher, Joel Langill, has asked on TWITTER a number of times over the last
24 hours (the
latest here) why DHS hasn’t posted an alert on the National Terrorism
Advisory System (NTAS) as a result of the Joint Intelligence Bulletin (I can’t
find a link to this oft reported Bulletin) from the FBI and DHS that
warns faith-based organizations
in the United States and U.S. embassies abroad that “the risk of violence could
increase both at home and abroad as the film continues to gain attention.” I tried last night,
unsuccessfully, to explain in 140 characters why such an alert is ‘not
appropriate under the NTAS’. Since DHS isn’t going to explain, I thought that I
would try again in more detail.
The Old System
To fully understand the NTAS you have to first remember the
problems we had with the old color-coded. The old system would describe the
current state of alert based upon a vague definition of a threat. It provided
no real guidance to the public other than to be vaguely ‘alert’ to unusual or
suspicious activity. And it stayed at an ‘elevated’ level for so long that it
was effectively ignored.
The NTAS
When DHS brought the new NTAS into operation in April of
2011 Secretary Napolitano assured the public that the new system would only be
activated when there was a clear and specific threat to the public or a substantial
portion of the public. She also promised that the alert would provide specific
information to the public about what actions they should take. Finally, it was
made clear that any alerts issued would be for a specific, limited time-frame
associated with the specific threat.
The NTAS was immediately questioned just a couple of days
after its establishment when no alert was issued after the assassination of
Osama Bin Laden. I noted in a blog post at the time:
“Today, and for the last five days,
we have been under a new National Terrorism Advisory System that requires that
“NTAS Alerts will only be issued when credible information is available.” It is
way too soon to have any ‘credible information’ available on an organized
threat, and much of the unorganized threat will not be planned well enough for
there to be much if any chance for the intelligence community to find any
credible information.”
Surprisingly there was relatively little in the way of
counter-attacks by al Qaeda after Bin Laden’s death; especially here in the
United States. In hind sight DHS was absolutely correct that there wasn’t any
need for issuing an NTAS alert. Besides, there was more than enough
communications from DHS through the media that notified people of the possibility
of terrorist actions and reminding them to report suspicious activity. No alert
was justified or necessary.
Consulate Attack in Libya
There are certainly initial indications that the attack on the
Consulate in Bengasi, Libya was probably a planned terrorist attack specifically
targeting Ambassador Stevens. He was a locally popular figure who presented a
good image of the United States to the Libyans. As such he was a threat to the
success of radical Islamic forces in the area. It even looks like the
demonstration outside of the Consulate may have been planned and fabricated as
a cover for the attack.
That there might be similar attacks planned at other
consulates in Muslim countries is entirely possible. One would like to think
that the State Department is taking appropriate precautions. It is unlikely
that such a complex attack, however, could be executed in the United States.
Potential for Homeland Attacks
It is clear from what we have heard of the FBI/DHS Joint Intelligence
Bulletin, that neither agency has any actionable intelligence about specific
related attacks in the United States. What they have announced is a standard
warning that this video trailer is objectionable enough to Muslims that it would
not be unexpected for it to be capable of being the final straw in the
radicalization of some small number of individuals here in the United States;
just as was the death of Bin Laden.
That one or more of these individuals could get excited
enough in the short term to execute some sort of impromptu attack on perceived targets
is always possible. Even though we are unlikely to catch these types of short
term attacks before they occur, neither are they expected to be overly
effective. Effective attacks take planning, weapon acquisition and training,
and reconnaissance. These are the activities that suspicious activity reporting
(SAR) is designed to detect; not public alerts.
Save the NTAS Alerts for Expected Attacks
The NTAS is designed to notify the public when the
intelligence/law enforcement folks have detected an incipient attack and need
the public to take specific measures to protect itself against the specific
attack. The whole point of the NTAS alert is to be so rare as it captures the
public’s attention and causes widespread compliance with the directives of the
alert.
If we go back to the old color code standard of initiating
active alerts every time that something occurs in the world that will stir up
potential radicals, we will always be under alert without being provided
specific protective actions. If and when either the Department or the FBI comes
up with a specific credible threat of a terrorist attack, we need the NTAS to
be an appropriate and watched notification system.
Posts
No comments:
Post a Comment