The Emergency Management and Response—Information Sharing and Analysis Center (EMR-ISAC) recently received the research brief, “Building on Clues: Methods to Help State and Local Law Enforcement Detect and Characterize Terrorist Activity" (PDF, 199 KB), published by the Institute for Homeland Security Solutions (IHSS).
The Institute is a research consortium established to conduct applied research in the social and behavioral sciences to address a wide range of homeland security challenges. The consortium focuses on developing near-term solutions to practical, real world problems including an understanding and analysis of homeland security threats.
This particular research concentrates on describing methods for finding and analyzing information indicating potential terrorist activity. Within this context, the paper addresses the following two central challenges:
 How to find initial “clues” or “cues” indicative of potential terrorist activity.
How to collect additional information to determine whether an attack really is being planned and, if so, how to characterize the plot.
The EMR-ISAC acknowledges the focus of the research is on the role of state and local law enforcement agencies in terrorism prevention; however, the information presented is also relevant to federal agencies tasked with protecting American citizens and critical infrastructure.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
EDITOR'S NOTE: Here's a sample of the info that might be helpful for the community in the report:
 |
|
Broadly speaking, there are three types of initial clues:
• Discoveries adjacent to law enforcement investigations. These can be discoveries
made during routine law enforcement activities, as in the case of the plot to bomb a
Florida Islamic center, in which police discovered weapons and plot details while
responding to a domestic dispute call. These discoveries can also result from efforts
to monitor people and activities known to be of interest; for example, the “Liquid Explosives Plot” to destroy transatlantic airlines was discovered as part of police
efforts to monitor a person of interest (in this case, searching the suspect’s luggage).
• Direct reports that a person or group is planning an attack. Examples include reports
from an informant, a telephone or e-mail tip that a person is planning a terror attack,
or an investigative report. Reports from intelligence agencies describing the threat
posed by a person or group can also be included in this category.
|
| |
• Reports on suspicious behavior that may pertain to terrorist activity. The Memorial Institute for the Prevention of Terrorism has found that the following types of activity “consistently” precede a terrorist attack: acquiring explosives, weapons, or chemical precursors; conducting site surveillance (especially taking video, pictures, or notes of private areas and structural components of potential targets); conducting supply staging, as indicated by abandoned vehicles or concealed packages; carrying out “odd activity” (most commonly involving chemical odors or stains); and leading criminal activity to finance the attack (Memorial Institute for the Prevention of Terrorism, 2007). Data sources for suspicious activity include call-in or e-mail tips, police incident and field interview reports, 911 calls for service, suspicious financial transactions, and suspicious travel reports. Some of the reports are formerly labeled as suspicious activity reports (SARs) potentially related to terrorist activity. Other events are obscured in larger data sources reporting on more innocuous activity, including “ordinary” forms of crime (e.g., loitering, trespassing, theft, fraud, robbery).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
There are multiple types of challenges involved in both the initial reporting of incidents
and in recognizing the significance of particular events. These include challenges related to
(1) people (i.e., how well individuals involved are trained to recognize, handle and share the reports of suspicious activity),
(2) process (i.e., how well processes exist to capture and analyze the reports),
(3) organization (i.e., how well the organizations involved are structured to capture and analyze the reports), and
(4) technology (i.e., how effective information technology methods and tools are at filtering, storing and analyzing the reports). |
With respect to “people,” training of both law enforcement personnel and the general
public is critical if suspicious activity reports are to be made in the first place. The importance
of training is evidenced by the “Millennium Plot” to blow up Los Angeles International Airport, in
which an alert border agent picked up on the suspect’s suspicious behavior, helping lead to his
detainment (WGBH Educational Foundation, 2008). Conversely, prior to the 2002 Paradise
Hotel bombing in Kenya, a farmer saw the vehicle that would carry out the attack and noted
the occupants behaving suspiciously, but he did not know of any way to report the activity
(Wax, 2002). More recently, in the 2008 Mumbai attacks, fishermen reported the arrival of the
terrorists to local police, describing them as foreign trespassers who told them to “mind their
own business,” but the local police did not respond (Moreau & Mazumdar, 2008). Training
must be discriminating, teaching both examples of genuine suspicious activity and examples of
activity that may seem suspicious but is not, such as explaining differences between tourists
taking photos and actual instances of site surveillance. The general public also must be given
clear directives on how to report suspicious activity.
NOTE: There's much more info inside the report.
Download it HERE |
|
|
