Robert Schneier sums up the security implications from the Mumbai terror attacks. They are actually …well, I won’t say reassuring, but they are less depressing than one might think.
- Low-tech attacks (guys with automatic weapons and grenades) are effective. This reduces the need to worry about terrorists launching elaborate breeding-mutant-anthrax attacks, because they get more bang for their buck (if you pardon the expression) by going with what works.
- Attacks are less effective than you might think. Yeah, this contradicts the previous one, but the point is, think about how much damage (from action movies) a guy with an automatic rifle and grenades should be able to do. But with 200 dead and a few more than that injured, the body count per terrorist was actually pretty low. (I mean, it’s all ghastly, but still …)
- Terror attacks are rare. If all it takes is guys with guns and grenades, you’d think it could happen all the time. But outside of civil war settings like Iraq, it’s just not all that common.
- Lots of specific, high-tech, and intrusive anti-terror measures were ineffective. Metal detectors, bag screening, ID checks, none of them actually did anything to stop these attacks.
If there’s any lesson in these attacks, it’s not to focus too much on the specifics of the attacks. Of course, that’s not the way we’re programmed to think. We respond to stories, not analysis. I don’t mean to be unsympathetic; this tendency is human and these deaths are really tragic. But 18 armed people intent on killing lots of innocents will be able to do just that, and last-line-of-defense countermeasures won’t be able to stop them. Intelligence, investigation, and emergency response. We have to find and stop the terrorists before they attack, and deal with the aftermath of the attacks we don’t stop. There really is no other way, and I hope that we don’t let the tragedy lead us into unwise decisions about how to deal with terrorism.
I think the risk of high-tech attacks is influenced by the degree to which we guard against them, like any other attack. A terrorist’s cost/benefit analysis must take into account the cost of mounting the attack, the probability the attack will be detected and defused, and the value of a successful attack. Thus the degree to which anti-terrorist agencies guard against high-tech attacks influences terrorists’ cost/benefit analysis. So the fact that a hypothetical terrorist will go with “what works” because the cost of mounting such attacks is low must be balanced by the awareness that if the guard against high-tech attacks is too low, a terrorist might be tempted to forgo the low-cost method and go for the greater payoff that is presumably possible with a high-tech attack. This means that there is a sense in which the anti-terrorist agencies control the kinds of attacks that are likely to happen by virtue of the degree to which they are vigilant against such attacks. Anti-terrorist agencies must guard more stringently against high-tech attacks than one might expect strictly on the basis of their frequency because the value of a successful high-tech attack is so great for the terrorists.
I think that’s plenty depressing.
The problem being that high-tech attacks are more complicated, and thus more prone to failure — and relatively low-tech attacks are more difficult to prevent (since they have fewer complications, fewer “moving parts,” and use established criminal logisitics). While scoring a big outside-the-box attack like 9-11 would be tempting, if I were running a terror campaign in the US, I’d be focusing on many random and scattered attacks of violence, as something that would have more day-to-day impact and spread more fear amongst the populace.
The high tech attacks are more likely to come from government supported terrorists, simply because the facilities required to create the truly effective high tech attacks are so expensive in and of themselves and require so much precision.
Despite the dire warnings were hear about government sponsored terror . . it’s simply not a paying business for most governments. Not to mention that governments watch each other like hawks.
We are FAR more vulnerable to conventional attacks, and we’re going to get hit, time and again in the areas that we aren’t protecting, not the same place we’ve been hit before.