Theme: The failure of counterintelligence to prevent and pre-emptively disrupt terrorist plans and networks is highlighted in this paper as the single most critical flaw highlighted by the Domodedovo attack and other recent terrorist incidents in Russia.
Summary: When considering the terrorist attack at Moscow’s Domodedovo airport perpetrated on 24 January 2011 it is important to consider the broader security and policy implications. This paper describes how this latest incident in a long series of mass-casualty attacks in Russia is similar to and different from previous ones. It reviews some of the general flaws in public transport security and in the protection-centred measures undertaken in response to the blast. It notes that the fundamental socio-political causes of terrorism will persist in Russia for the foreseeable future, arguing that effective counterterrorism is about minimising terrorist manifestations under given conditions. It questions the excessive focus on physical protection measures and argues for a better balance between protection and resilience strategies. It identifies the failure of counterintelligence to prevent and pre-emptively disrupt terrorist plans and networks as the single most critical flaw highlighted by the Domodedovo attack and other recent terrorist incidents in Russia.
Analysis: On 24 January 2011 a man carrying around 7 kg of explosives blew himself up –or was blown up from a distance– at the international arrivals hall of Moscow’s Domodedovo airport, which was crowded with passengers and frequented by taxi drivers and Muscovites who were waiting to meet colleagues, friends or relations. Five days later, Russia’s Investigative Committee announced that the perpetrator had general links to the North Caucasus, but gave no specific information.
If the attack achieved its ‘surprise’ effect, it was largely due to the choice of target –after all, it hardly occurred out of the blue or in a vacuum–. Less than a month before the airport blast, another unrelated group was planning a terrorist attack in downtown Moscow for the New Year holidays but the plot failed, as the explosive device reportedly detonated prematurely at what was still a preparatory stage on 31 December. Barely two days after the Domodedovo attack, a major car blast occurred near a café in Khasav-Yurt, while five days later a bomb exploded under a train (both occurred in the unstable North Caucasus republic of Dagestan).
Nor was the latest Domodedovo attack unprecedented in scale. In terms of the overall number of victims and its political impact, it fell far short of the largest and deadliest terrorist attacks in Russia over the past decade and a half, including the Budennovsk and Kyzliar terrorist raids in 1995-96, the 1999 apartment-building bombings in Moscow and other cities, several passenger aircraft bombings and the large-scale hostage crises in Moscow (2002) and Beslan (2004). However, it was, indeed, a large-scale attack, with a single blast resulting in almost as many fatalities (35) and injured people (over 120) as the two previous terrorist bombings in Moscow –the nearly simultaneous blasts in the two central underground stations on 29 March 2010 that killed 40 people and injured 100–.
Still, this latest blast in the long list of large-scale terrorist attacks in Russian urban areas and transport systems has demonstrated at least two new inter-related features. Both have to do with the choice of target, with (a) a large central airport building (rather than passenger aircraft) successfully targeted for the first time, and (b) the clear intention by the perpetrators, whoever they may be, to have both domestic and foreign casualties involved. That said, the latter should not necessarily be seen as an indicator, let alone proof, of a foreign connection in the attacks. The hasty attempts by the media or certain commentators to link the attack to foreign sources, including absurd references to Palestinian or Pakistani connections, lack any solid evidence at the time of writing.
Politically, as always, the two focal points remain the same ‘main Russian questions’ that were formulated in the classic literature of the 19th century and since then have invariable been raised under dramatic circumstances in a variety of contexts: ‘whom to blame?’ and ‘what is to be done?’. What is distinctive about the political and security implications of the Domodedovo blast is that, for the first time, it is the latter question, not the former, that strongly dominates the political discourse in its aftermath. Normally, the reverse has been the case, with the emphasis being placed on the perpetrators –their identity, motivation, origin and links and on the role of the North Caucasus as a source of terrorism and instability–. But this time, like a dozen times before, the perpetrator’s general link to the North Caucasus was established relatively quickly and it appeared not only to hardly surprise anybody, but even to hardly bother anyone, at least inside Russia. Prime Minister Putin and representatives of the Russian Anti-terrorism Committee were careful to scotch any premature speculations about the specific involvement of Chechen or Nogai Islamists. Even the speculation about potential international implications, given a number of foreign casualties, fell far short of the familiar trend towards ‘al-Qaedaisation’.
This time, the motivations underlying the attack were almost completely overshadowed by the primary focus on systemic flaws in transport infrastructure security and by the harsh criticism of the performance of security services, coming from both outside and within the government. The public focus appears to have shifted from ‘who’s to blame?’ to a broader ‘what went wrong?’. This can, in fact, be seen as a sign of the indirect general acknowledgement, rather than denial, of the long-term and persistent nature of the factors underlying terrorist violence in Russia. It appears to be no longer seriously questioned that terrorist attacks are likely to continue on a regular enough basis for Muscovites, and travellers in particular, to feel largely in the hands of fate in public places, but that at the same time they will be sufficiently irregular occurrences to prevent attacks from becoming banal and to maximise the public and political effects of every future major terrorist incident. A wary, but realistic understanding has been arising that counterterrorism capacity should be qualitatively upgraded on the assumption that the main underlying conditions and ‘root causes’ for continuing terrorist activity are likely to persist into the foreseeable and even distant future. As vividly illustrated by the reactions to the latest terrorist attack in Moscow, this assumption is becoming increasingly widespread, especially among the general public and security professionals, even if it is less willingly shared by some politicians and pundits.
Public Transport Security: State and Private Sectors
Major security breaches and overall security failure at the airport highlighted by the 24 January blast have not been disputed by anyone in Russia, the most senior officials included. While responsibility for the open-access space (‘dirty area’) at Domodedovo should have lain with all the main security structures, the airport’s own security service and the Ministry of Interior (MVD) airport unit have been singled out for particular blame.
The MVD’s poor handling of prophylactic measures in the airport’s public access area, including its failure to systematically employ existing X-ray checks and to apply them to all public entrances, should, however, be placed in context. What stands out in this context is the government’s clearly premature decision to dissolve the MVD’s specialised antiterrorism units in 2008 in response to a four-year-long decline in terrorist activity that has, however, been followed by a new surge. The move left such first-rate security issues as hedging against terrorists largely at the discretion of the privately-owned airport and its security service. The reality is that the issue of the state/private balance and partnership in public and other critical infrastructure security was not systematically addressed in Russia prior to the Domodedovo attack. However, much of the ensuing discussion boiled down to attempts by select officials to shift not only the main blame for the blast itself, but also almost the full burden of responsibility for airport security onto private businesses.
For the sake of a more balance view, according to existing regulations the airport security service was only entrusted with ensuring the maximum safety within the ‘clean access’ area past registration and the mandatory luggage and passenger security checks, as rightly noted by Domodedovo’s spokeswoman. This is exactly what the airport did by having qualitatively upgraded ‘clean area’ security over the past years and introducing and systematically applying to that object the best technical equipment to be found in Russian airports (it was the first in Russia to employ the highly-sophisticated full-body scanners). The upgrade came about as a result of the August 2004 terrorist attacks, when two outbound Domodedovo passenger planes were blown up in mid-air by female Chechen suicide bombers who managed to board the plane at the airport.
It should also be noted that, in the wake of the Domodedovo attack, the airport staff showed a significant degree of resilience in facilitating a rapid first response and in continuing operations, resuming full operational capacity within hours. Another minor, but positive, new development was a host of self-organised initiatives to help passengers after the blast (with people driving cars to the airport to offer free transport to the city). This came about through the medium of Internet-based social networks and blogs that were also one of the major sources of information on the attack and its aftermath (including, by some unverifiable bloggers’ accounts, the President himself). Remarkably, in both cases, it was a case of private initiative and actors (businesses in the former case, private individuals in the latter case), not about state policy and structures.
Some of the main differences between many Western states (societies), on the one hand, and other large states such as Russia or China, on the other, are in their degree of state and private control of critical infrastructures. In the West, the need to protect partly or largely decentralised privately-owned and run assets that make up a significant or even the lion’s share of critical, especially public transport, infrastructure (85% of all critical infrastructure in the US) has long been recognised as a security challenge in its own right, requiring comprehensive and precise regulation and division of responsibilities. In countries such as China or Russia, the much higher degree of default state control implies the need for a greater state role in infrastructure protection. The gradual privatisation of major public transport systems has deficiently taken into account the related security implications and has not been matched by the necessary adjustments to existing regulations and practices. The resulting security vacuum can quickly turn into chaos under stress, regardless of the cause (be it a terrorist attack or a major technological disruption). At present, in Russia, perhaps more than anywhere else, nothing can substitute for the state’s leading role and responsibility for public transport and other critical infrastructure security, especially as regards both more specialised counterterrorism tasks and broader antiterrorism activities. After all, security in general and antiterrorism in particular have been one the Russian government’s key declared priorities for the past decade.
Beyond Protection: Resilience
So far, the reaction of the state to the Domodedovo bombing has in many ways resembled the typical upgrade of general, mostly defensive, measures centred on physical protection that has followed every large-scale attack in Russia since the late 1990s and that then somehow fades away, although not without leaving some trace. Other typical measures include the amendments to anti-terrorist legislation that have been abundant in the past years. Along these partly chaotic and usually short-term and temporary reactions, some measures, however, are likely to stay for good and might even have a limited, but not negligible, longer-term security impact. Some of the measures suggested have already made it into Presidential orders to various Ministries. They include the drafting of a federal law on explosives and their marking for the purpose of detection by mid-2011, exploring the need for an integrated inter-agency body to supervise the development, production and use of technical security equipment on transport systems and in other public places and expanding the special cynologist service. Existing practices and regulations in a number of foreign countries affected by terrorism (including Spain, especially with regards to security measures on both air and rail transport) could be quite useful in this respect.
While tougher protective measures to increase transport and other critical infrastructure security are needed, a policy that emphasises protective measures is hardly fully adequate to the task. The basic starting point is that not all infrastructures can be protected from all threats and the level of protection cannot be the same for all critical infrastructures by default. While not all infrastructure systems are ‘soft targets’ (civil nuclear power plants are some of the best-guarded facilities), many other physical infrastructures and especially transport, information and communications systems are much less protected and often physically too extended to be fully protected. The range of vulnerable non-military targets is very wide and no state or society, however developed and economically advanced, can afford to protect them all. The large number and diversity of vulnerable ‘soft’ targets and the variety of forms and manifestations of terrorism, even in Russia where terrorism of North Caucasian origin still predominates, make it hard to predict the location and time of the next massive attack, including concrete critical infrastructure targets.
The past and present dynamics of terrorist attacks reveal that the main vulnerabilities to massive terrorist attacks have been underscored by the conjunction of major public gatherings and public infrastructure, especially public transport systems. However, as security increases around more predictable targets (for instance, airports and airlines), terrorists tend to shift their focus to less protected assets. In other words, if terrorists need a ‘critical’ target, they will find one: putting sophisticated scanners at airport entrances may increase the risk of explosions in passenger crowds just outside the airport building as they wait to go through security checks. More generally, enhancing counterterrorist protection measures for one target only makes it more likely for terrorists to favour another. This can be illustrated by the relatively recent worldwide trend of an increasing number of mass-casualty attacks against transport infrastructures other than air transport (in parallel to the generally enhanced security measures for air transport).
In sum, a better balance between protection measures and resilience strategies (aimed at strengthening adaptation, flexibility and endurance capacities), rather than a mere obsession with physical protection measures for select targets against select threats, could prove to be a sounder guiding principle for policy.
Counterterrorism and counterintelligence
Neither transport-system managers, nor specialised state counterterrorist units –in Russia or elsewhere– can be held responsible for the persisting political conditions necessary for terrorism, nor for its deeper and poorly-addressed socio-political and other causes. But effective counterterrorism in a narrower sense –as a specific task, function and segment of the state’s security sector– is not about removing the deeper underlying causes of terrorism. That is a long-term task which requires the combined efforts of both state and society, but for which the ultimate responsibility lies with a country’s political leadership (in state systems that involve a degree of government accountability). The essence of effective counterterrorism is to minimise terrorist manifestations under given conditions –even when acting on the assumption that the basic causes of terrorism will not be removed in any foreseeable future–.
Hence, the critical role in counterterrorism centres on prevention, pre-emption and the pre-emptive disruption of terrorist networks, plans and actions. These tasks will not be solved by adding more metal detectors, while popular calls for introducing advanced profiling techniques at a few select locations only affect the tip of the iceberg. Effective prevention and pre-emptive disruption require sophisticated and solid professional state counter-intelligence capacities tailored to counter-terrorism needs and specifics. This also brings us back to the need for a better knowledge not only of the general nature and type of terrorist threats, but of the methods, organisational systems and ‘routes’ of terrorist actors. Such a counter-intelligence capacity involves, and is completely dependent on, not only accurate and solid intelligence of a strategic, psychological and tactical nature, collected on a permanent, rather than case-file basis through all available human and technical means, but also the analytical capacity to interpret this intelligence in a timely manner and, above all, the ability to take decisions promptly based on it, including targeted special operations.
The Domodedovo blast, in the general context of terrorist activity in Russia, has highlighted again, but hardly for the last time, the lack or ineffectiveness of such a capacity. This is particularly striking in view of the major role and almost unparalleled clout of the security service in Russia’s domestic politics and governance. This general counter-intelligence failure is perhaps the least discussed, but the single most critical flaw in the ability of the Russian state to hedge against terrorist threats. Above all, the latest in a series of deadly terrorist attacks in Moscow underscores the urgent need for the qualitative upgrading of the state’s counterterrorist intelligence capacity to prevent and pre-emptively disrupt more attacks –even if the general level of terrorist threats remains high–.
Lead Researcher, Institute of World Economy and International Relations (IMEMO), Moscow