Senior government officials met in Canberra this week to discuss how to ensure more young Australians don’t seek out or become drawn in to the militant Salafist orbit of ISIS, al Qaeda and other such groups. Arranged following the Parramatta shooting earlier this month, the meeting was reportedly seen by officials as chance for a stocktake of current counterterrorism policies and initiatives, with the Prime Minister wanting to focus on how efforts can be made more effective.
Although the meeting was policy focused, it was likely to be intelligence driven. This is because a stocktake of what is and isn’t working must necessarily be informed by assessments of the state of the militant community in Australia, and the influence of our militants operating offshore. But can our agencies offer a clear intelligence picture of how the operating space of ISIS militants intersects with the extremist community in Australia, particularly in the online and social media context, and the threat this poses?
Media reports on Wednesday, for example, claimed the Parramatta shooting perpetrator had an active online presence and was in open communication with Australian militants overseas and their fellow ISIS members. If such reports are true, how the Parramatta perpetrator was missed openly interacting with these militants, and what can be done to ensure others like him don’t fall through the cracks, will have no doubt featured on the agenda.
In recent months several ISIS militants, including one Australian, have increased their efforts to encourage and direct young people in Western countries to carry out attacks. These militants hold roles where giving instruction on how to carry out attacks, both openly and via private messaging, is part of their official ‘work’ in ISIS. At least one of the Australian militants claimed to have been in contact with the Parramatta perpetrator holds such a role. In the past six months, this militant and his ISIS co-worker have been observed to use over a dozen different social media and messaging accounts to interact with those they seek to draw into the ISIS orbit, or to carry out acts at their behest.
Following the Parramatta attack, senior figures in both the NSW and Federal Police maintained that it’s impossible for them to monitor everyone of investigative interest. That’s true. A huge amount of intelligence, surveillance and investigative resources can be required to disrupt an attack plot, let alone build a case for prosecution. This can leave scant time and resources available for identifying additional persons of concern, categorising the (often fast changing) level of threat they can pose, and deciding what additional development, investigation and monitoring is required.
There are, however, ways in which intelligence can better work to ensure that persons such as the Parramatta shooter are located and investigated before they are able to carry out attacks. But those ways take time and money to develop and maintain. As it currently stands, a changed threat climate and an overstretched counterterrorism community have led to our agencies becoming locked in a cycle of reaction. What our police leaders mean when they say that monitoring everyone is impossible, is that in the current operating climate there are only enough resources for focusing on visibly immediate threats. In law enforcement and intelligence circles this is sometimes referred to as being in a constant state of ‘putting out spot fires’.
Putting out these ‘fires’ always takes priority and so when a threat is identified or an attack takes place, it can be a case of all intelligence hands on deck. Intelligence staff often get moved from analytical work such as building an overall strategic picture or developing targets, to providing support to high priority investigations. This is exactly how people and plots get missed and attacks come to take place—a process that’s well documented in reviews into terrorist attacks and intelligence failures in a number of countries. Dealing with immediate threats must always take priority but threats often become immediate when intelligence is missed. It’s a problem that has long plagued counterterrorism communities.
The public is unlikely to hear much about the intelligence side of Thursday’s discussions but events this month show that better ways of going about counterterrorism intelligence collection and analysis need to be developed and put into practice. It’s possible to build and maintain a more comprehensive intelligence picture to inform and help lead counterterrorism investigations, but doing so requires significant additional resourcing.
Developing intelligence processes that can draw from data already held to more effectively uncover ‘edge-of-network’ connections and convergences between counterterrorism investigations is a crucial part of capacity-building in this area. However, as the events of this month show us, those capacities aren’t enough. Additional ways of conducting and incorporating counterterrorism intelligence collection and analysis that draw from a range of outside sources, particularly from online, also need to be developed. But the kinds of innovative intelligence work that, for example, illuminates how the online ISIS presence influences the extremist community in Australia, and from this, works to proactively identify threats, can’t be done when agency resources are limited and operating in a mostly reactive mode.
That type of intelligence work needs continuous staffing, even when high priority investigations emerge and require additional support. It also requires investment in training, software solutions, and people to develop the kind of corporate knowledge, intelligence methodologies and practices that drive successful proactive intelligence work. To build this type of capacity in the current threat climate, our agencies and our police in particular, need additional support from the federal government.