Terrorist tactics, techniques, and procedures

"Tactics, Techniques, and Procedures" redirects here. For tactics, techniques, and procedures used by military units, see Military doctrine.

Tactics, techniques, and procedures (TTPs) is an essential concept in terrorism and cyber security studies. ^[1] The role of TTPs in terrorism analysis is to identify individual patterns of behavior of a particular terrorist activity, or a particular terrorist organisation, and to examine and categorize more general tactics and weapons used by a particular terrorist activity, or a particular terrorist organisation.

Requirement to identify individual terrorism TTPs

The current approach to terrorism analysis involves an examination of individual terrorist's, or terrorist organisations' use of particular weapons, used in specific ways, and different tactics and strategies being exhibited. ^[1] Broadly, a wide range of TTPs have been exhibited historically by individual terrorists, or terrorist organisations worldwide. ^[2]

Key concepts

Evolution of TTPs

All terrorists, or terrorist organisations, worldwide historically have exhibited an evolution in TTPs. This can be as a result of:

• changing circumstances
• resource availability
• changing ideologies, or "war-focus"

In the case of the Taliban, their tactics have consisted primarily of guerrilla-style improvised explosive device (IED) attacks and small-arms ambushes against international and state-level security forces and interests, such as police checkpoints and military supply convoys. However, more recently Taliban TTPs have expanded to include mass casualty attacks by suicide bombers and other suicide attacks in order to undermine the current government.

Kill-chain model

The kill-chain model, and kill-chain model variations

The kill-chain model (KCM) is a conceptual tool used in terrorism analysis and studies. ^[1] All terrorists' or terrorist organisations' TTPs form part of understanding the terrorist kill chain, which is the pattern of transactional activities, link together in order for a terrorist act to take place. Broadly, this involves describing the "hierarchy of tasks and sub-tasks that may be involved in the execution", or in making a terrorist act happen. ^[1] These can include the arrangement and sequence of activities a terrorist or terrorist organisation uses in planning, organizing, mobilizing, training, equipping and staging resources and operatives. These activities make up the terrorist's or terrorist organisations' modus operandi or "attack system". ^[1] Four sets of steps make-up the full KCM:

• The first set of activities are the "attack preparation steps". In terms of terrorism analysis, individual transactions, such as acquiring finances, acquiring expertise, acquiring materiel, munitions or capability, recruiting members, conducting reconnaissance, mission rehearsal, conducting an attack, have signatures that identify them as terrorist or criminal acts or are consistent with the operations of a specific individual, cell or group.
• The second set of activities are called the "execution timeline". This identifies the timeline, along which the terrorist, or terrorist organisations various activities, leading up to an attack process flows time-wise.
• The third set of activities are identified as "targeting". An individual or group would carry out some form of dedicated reconnaissance with the aim of identifying weaknesses in the site or operation; and with that information determine the best method of attack.
• The fourth set of activities are identified as the "planning stages". These involve some type of planning activity embedded into the "kill chain", and are part of the process of organizing, mobilizing, training, equipping, staging, collecting resources and operatives. These make up the terrorist's or terrorist organisations' modus operandi, or its system of attack.

The KCM "sequence of activities" ^[1] is not linear, but discontinuous. Three additional KCM scenarios can be identified: ^[3]

• An individual or group actively promotes a terrorist or extremist ideology on the internet, in books, pamphlets, etc. This is then picked up by another terrorist, or terrorist organisation, who then act on this.
• Two or more parallel kill chain sequences of activities (by various individuals or groups) which are only indirectly connected by intermediary individuals or groups. Sharing similar beliefs, but as well crossing over into complementary beliefs or ideologies. Many such intermediaries can operate in this space, passing ideas and resources, even recruiting between the various terrorists, or terrorist organisations, groups and cells.
• A terrorist or terrorist organisations picks up ideas, knowledge, etc., and jump-starts into various places along the "standard" concept of the KCM.

Transfer of TTPs

Terrorist TTPs are often transferred between various terrorists, or terrorist organisations, and they often learn from each other. ^[4] The degree to which the transfer of TTPs occurs depends on their relative success when transferred to a different conflict, and a different environment. The similarities in TTPs between various terrorists, or terrorist organisations, across conflicts and periods suggest a transfer of information.

• Explicit knowledge: This is the theoretical information which is often stored in hard copies, such as textbooks, manuals and on computers through PDF and video files. These are extremely easy to get a hold of, but without the appropriate teaching or experience, this easy access information is commonly not effectively used.
• Tactical knowledge: Most commonly taught or learnt through experience and hands-on teaching. This requires training establishments to be organised. For terrorists, or terrorist organisations, acquiring this information is harder; however, it is seen as a more effective transfer of knowledge.

Key tactical concepts related to TTPs

Several key tactical concepts can be related to TTPs, which are typically used in terrorism or insurgency operations.

• Interposing tactics ^[5]
• Mimicking operations ^[6]
• Rhizome manoeuvres ^[3]
• Three-dimensional (3D) tactics analysis
• Swarming tactics
• Dynamic defences ^[7]

References

1. Sullivan, J.P., Bauer, A. eds (2008). Terrorism Early Warning: 10 Years of Achievement in Fighting Terrorism and Crime. Los Angeles, CA: Los Angeles Sheriff’s Department.
2. Flaherty, C. (2012) Dangerous Minds: Attps://eccp.poste.dككك Monograph on the Relationship Between Beliefs –Behaviours – Tactics. Published by OODA LOOP (7 September 2012).URL: http://www.oodaloop.com/security/2012/09/07/dangerous-minds-the-relationship-between-beliefs-behaviors-and-tactics/
3. Flaherty, C. (2012) Dangerous Minds: A Monograph on the Relationship Between Beliefs –Behaviours – Tactics. Published by OODA LOOP (7 September 2012).URL: http://www.oodaloop.com/security/2012/09/07/dangerous-minds-the-relationship-between-beliefs-behaviors-and-tactics/
4. Hedges, M. Karasik, T. Evolving Terrorist Tactics, Techniques, and Procedures (TTP) Migration Across South Asia, Caucasus, and the Middle East. INEGMA Special Report No. 7. URL: "Archived copy" (PDF). Archived from the original (PDF) on 2012-09-04. Retrieved 2014-02-20.
5. Flaherty, C. (2009) Interposing Tactics. Red Team Journal.com URL: https://redteamjournal.com/archive-blog/2009/12/04/interposing-tactics Archived 2019-03-27 at the Wayback Machine
6. Flaherty, C.J. (December 2003) Mimicking Operations, Australian Army Journal. (1)2: 11-14. URL: http://www.army.gov.au/Our-future/LWSC/Our-publications/Australian-Army-Journal/Past-issues/~/media/Files/Our%20future/LWSC%20Publications/AAJ/2003Summer/02-InformationWarfareAndMi.pdf
7. Flaherty, C. (2009) 2D Verses 3D Tactical Supremacy in Urban Operations. Journal of Information Warfare. (8)2: 13-24.