Mumbai: a Lesson to Learn From

Interview with Brian Powrie

Last November a group of extremists attacked the historic Taj Mahal hotel located downtown in one of the most symbolic Indian city, Mumbai. The final official count put death toll at 171 bodies: a level of carnage that again raises questions surrounding the necessity of facing these kinds of threats, and whether it is concretely possible to prevent such random killings in our cities. In terms of ensuring security, knowing to which matrix the terrorist group who carried out the Mumbai attack belongs, does matter, but only to a small extent. More important, is to have an understanding of the modus operandi and the choice of target.



With particular regard to the latter, the terrorist’s plan was to aim at large, crowded venues in order to spread fear and avoid a coordinated response by the security services. This was clear from previous major attacks such as London, Madrid, Beirut, and New York, and it is also the same reason for which improving the management of the security and safety of the citizens is becoming increasingly crucial.

In order to explore these considerations, we posed some questions to Brian Powrie, Senior Consultant on security at the United Nations and former security planning director for 2005 Gleneagles G8 in Scotland, to investigate how far a renewed approach to the security can affect the fight against terrorism and the broader dimension of security.
Mr. Powrie, the Mumbai terrorist assault has shown us how operating with a different military strategy, compared to those implemented in other cases, can bring a protracted siege to vulnerable targets. What are the lessons we can learn from this experience?
There were significant differences in terms of the organization and execution of the attacks in Mumbai. What it seems to be emerging is the existence of a number of groups that are operating autonomously without necessarily central direction of control from groups like Al-Qaeda while claiming to be operating underneath that banner. It seems obvious from London, Glasgow, and other attacks that have taken place in the world that these individuals are working together in much smaller groups and planning and executing these attacks, using means that they are relatively comfortable with, but which in reality do not require significant skills, and money to fund and deliver.

To what extent do the different sizes and organizational structures of these groups affect the policy that has to be put on the table in order to cope with such groups?
According to the security perspective there are 4 different phases in terms of attempting to overcome the challenges presented by these threats. The first is obviously in terms of intelligence information gathering and dissemination; the second in terms of prevention on a daily basis; the third is the effectiveness of the responses in the event of an attack; and the fourth is the capacity of the victims to recover from such an attack.
These are the four different stages that have to be considered in terms of any contingency planning and operational activity. As has been shown in a certain number of occasions, with respect to these more autonomous groups, perhaps the traditional methods of information intelligence gathering, analysis, and dissemination which have developed from the more traditional means of delivering operational responses to traditional criminal cases are not sufficient. This may be given when you look at the background of the individuals that have become involved, such as the attack in Glasgow airport where a lot of medical doctors were engaged; and the previous attacks in England, one involving a school teacher.
Of course we have to be very careful when dealing with new and innovative strategies to combat those forms of terrorism, as it is obviously likely to have an effect on the human rights of individuals. There is the need for balance. But there is probably significant community intelligence that needs to be inculcated into the more traditional methods of gathering information and then making sure that this information is disseminated as widely as possible. Obviously, bearing in mind from time to time the reason for confidentiality, people need to be kept informed and objectively appraised. Not scared, not frightened but objectively appraised of what the real risks are.

Confronting and curbing such complex and articulated organizations and groups, which are all related by a common purpose and modus operandi, requires at least the same degree of cohesion and sharing of knowledge and information.
Is the international intelligence system as organized and integrated as the terrorist sphere seems to be?
In terms of international cooperation and sharing I think there is a significant work going on that the general public observes, but might not be entirely aware of.
There is a consistent work of prevention that has been done to prevent such attacks taking place, and this work seldom receives any exposure. There are a number of different methods of prevention going on as a result of international cooperation, much of which never reaches the eyes and ears of the public.
In fact, I would stress the fact that the number of attacks carried out in the world is relatively low when compared with other crimes. I am sure there is a lot of very good cooperation which has been translated into positive effects in terms of preventing such attacks.
For obvious reasons the people who are working in that regard do not always receive the acclaim they perhaps deserve.
The strikes on Mumbai called into question the necessary cooperation, coordination and mutual commitment of the public and private sector when it comes to security and prevention matters. Without going deeper into what happened during the Indian terrorist attack, one should consider the crucial importance of prevention.
To be absolutely effective in terms of preventing such attacks while ensuring the rights to freedom of the individuals, there is the need to be ready to respond rapidly.
To respond to your question as to whether the relation between the public and private sector has to be reviewed, I am convinced that the role of the law enforcement agencies should perhaps been examined. In fact, the police alone do not have sufficient resources to protect vulnerable targets 24h a day.
So let’s move away from the perspective that the police can do everything towards another attitude of sharing responsibilities, and work together with security companies in the private sector (in terms of controlling soft targets) to bring a larger and much more secure environment.
How far can a new approach to security (as you suggest with the security governance) affect the fight on terrorism, and how?
Public and private partnerships can make a real contribution to the prevention of terrorist attacks. The concept creates a dynamic and mutually advantageous security governance environment across which the combined action and joint utilisation of resources of all the different stakeholders involved can deliver a much more effective preventative response than the sum of the individual component’s actions.
Are there examples of private-public best practices? Where? What they have brought in terms of significant changes?
The English Griffin Operation is an example of a public private partnership. Resulting from an older and strong experience form the Northern Ireland, leading onto the more recent in the cities, this project that has been created, brings together  the public sector, the police, the metropolitan police, the city of London police, the largest institutions that operates within particular areas such as banks and private companies and the private security companies within identified areas with the specific purpose of making a lot of soft targets into one much more secure individual entity.
The project consisted in disseminating information available to each single entity to all the others in order to enable them to plan their activities to block and avoid all illegal and terrorist actions. This means that, in terms of prevention, there is a much bigger blanket in place, that there is dialogue and communication. In this way, security is seen as an investment and not as a cost, and both the economic and social elements are taken into consideration in the implementation of such a strategy. This also takes into consideration that this sort of policy does not only involve the area in which public-private sector coordination is provided and operating, but it clearly extends much further into the count.
This kind of program has been adapted to be used in other regions and countries of the world.
Around the world there are very few other examples of effective public-private partnerships in terms of security, and that’s obviously what we should seek to promote.
There is also another area where the public-private partnerships have an impact in terms of security, which is the security during major events. Such big events can involve massive gathering of people.  What are the main problems to be analysed when it comes to organizing such events, and what is the importance of having this kind of cooperation between the private and public spheres?
When one has to start analysing the critical points of such events, of course the anti-terrorist units have to be alerted, but there are also elements such as the prevention of crime, safety and security, the threat of public disorder and, clearly the continuation of day-to-day business.
These are all the different elements, and they are all the individual pieces of the jig saw that have to be implemented; there are clearly constraints to consider, the available money to carry it out, the skills and expertise available, and the fact that the community has to continue around these issues.
And again its about prevention, it’s about making sure that the security is structured in such a way that it facilitates individuals to attend these events, and enjoy them, for the purpose that they’re meant to be there but at the same time it provides a certain level of security but that we don’t feel that security starts at the boundary of the event. What we’re talking about there is taking the security blanket much further out even to the borders and including border security for these truly mega-events. It’s about early detection of the threats and it’s about developing strategies to counter these threats at locations that are appropriate when it’s suitable, with the aim of preventing loss of life obviously.

So it is mainly about coordinating with all the stakeholders?
It’s about coordinating with the widest imaginable amount of stakeholders. It’s about making sure that there is understanding as to what each other’s roles are. It is important to understand what each individual group has to achieve, in terms of their role in that particular major event, and it’s about continuing to talk to make sure that their aims can be met as well as is reasonable, while at the same time providing an adequate level of security. It’s about major critical infrastructure; it’s about water, electricity, gas, transport. It’s about making sure that attacks that are displaced from the principle venues, that other vulnerable areas are protected and it’s about ensuring that the community are properly informed and are playing their part in terms of providing information that the professional security providers can thereafter act upon effectively, can take effective action. It’s about taking that blanket out to make sure that as many vulnerable targets as possible are covered. There are many resources in the private sector that are very well equipped and capable to assist in that effort but they have to be provided with accurate, reliable and timely information so they can properly plan, train and brief their security personnel, and deploy them in an intelligence-led approach.
To come back to the Mumbai attacks, looking at the images, we saw young people carrying guns. This was carried out in a different way. No more bombings, planes, kamikazes. They were aware of the possibility of dying, but they did their best to avoid it. What is the main difference in this way of attacking vulnerable targets, from the point of view of police forces?
In terms of the method of attack, I think it’s much deeper than just analysing the method of delivery. I mentioned before that individuals so motivated to carry out these attacks will use whatever means available to them, if they feel they can, with a fairly good probability of causing massive disruption and chaos and getting maximum exposure, which is what these attacks are all about.
Clearly this situation, however the individuals became radicalized, is no exception. There is always the likelihood that others will, having seen what occurred in Mumbai, seek to copy these attacks. This is something we see all along. This is one of the problems we mentioned before. While it is somewhat simpler to profile a criminal, in terms of their modus operandi, it is very difficult for people who operate in a very objective professional basis on a day-to-day basis, to get inside the heads of these individuals, to try to understand their motives and to try to develop the appropriate responses in the future.

Brian Powrie is Senior Advisor for the International Permanent Observatory (IPO) programme at UNICRI. Prior to joining UNICRI he was the National Security Planning Director for the 2005 G8 Summit at Gleneagles.