Two weeks later the IS role in the Easter Sunday attacks in Sri Lanka is becoming clearer – wasn’t that obvious?

No sooner had the smoke cleared from the multiple terrorist attacks in Sri Lanka on Easter Sunday than many immediately said, some with alarming certainty, that the acts were definitely carried out by Islamic State (IS). These claims were made despite the complete lack of evidence at the time and seemed to suggest that IS, and only IS, was capable of such a barbaric set of attacks against churches and hotels. The fact that this was not true – any number of terrorists can perpetrate such heinous crimes – did not seem to dissuade those who were absolutely sure it was IS.

Well, it is looking more and more like these early predictors were right (for the record I was much more circumspect in the hours following the carnage, for reasons I will expound upon below). I suppose the only proper thing to say to the victorious prognosticators is well done, well done! You are either in possession of information no one else had, or a crystal ball, or are very good IS experts, or just assumed IS was behind the attacks, or just got lucky. Whatever the reason, congratulations are in order. I am not at all hesitant to recognise the success of others, which contrasts sharply with my own reluctance to be more confident.

How do we now know that IS was responsible? An article in today’s New York Times provides a good summary of what we have learned over the past two weeks. To wit:

  • The suicide bombs were packed with ball bearings, iron nails and the explosive TATP, all hallmarks of the way the Islamic State likes to commit mass murder.
  • One man arrested hours after the attacks had commuted between Sri Lanka and Syria, leading investigators to identify him as a possible middleman between IS and Sri Lankan militants.
  • Although few outside counter-terrorism experts believed Sri Lanka was in imminent danger, many Sri Lankans knew that IS was ‘eyeing’ them.
  • In November 2016, the justice minister told Parliament that more than two dozen Sri Lankans had recently joined IS.
  • A few months later, a group of moderate Muslims presented police officials with 11 dossiers on local Islamist extremists, including Zaharan Hashim, whom they identified as the “leader of ISIS team in Sri Lanka.”

I think you get the point. What began for many, including me, as a possible IS-inspired attack, or even a massacre claimed by a terrorist group that has lost virtually all the territory it once held and hence was in desperate need of ‘good news’, has become the handiwork of IS. There do not appear to be that many stones left to turn over to draw this conclusion.

So, should more people have cottoned on sooner? Not necessarily. There are good reasons why most people did not see Sri Lanka on the IS radar: after all, there are a lot more places that have really pissed off the terrorist group (let’s start with the members of the coalitions that destroyed their self-styled ‘Caliphate’). Many of us knew Sri Lanka as the home of the recently ended quarter-century civil war pitting the Sinhalese against the Tamil Tigers, and a few of us were following Buddhist extremist violence against Muslims and Christians on the island. But Sri Lanka as a priority target for IS? Not really.

What then are the lessons to draw from this? I can think of several:

  • IS is not dead, not that any real terrorist analyst thought they were;
  • terrorism can strike anywhere, anytime, even in places no one expected (a good example from Canada would be Strathroy, Ontario);
  • terrorists have deep wells of hatred and can vent it where they want to (IS had no real grudge against Sri Lankan Catholics and yet it chose to hit churches during Easter Sunday masses);
  • predicting future targets is really hard and we cannot protect everything.

I for one do not regret holding off and not declaring ‘IS!’ as soon as I heard of the attacks. In intelligence analysis you do everything to collect more data, especially from multiple sources to collaborate what you have, you think about what you have before you, you compare all this to what you know, and then, only then, do you carry out your analysis. Not minutes after an event, unless you had solid info that led you to draw those conclusions in short order. I have been wrong before when I ‘jumped the gun’ and that is not a feeling I wish to repeat.

In this vein I will continue to be cautious when similar incidents occur. That may make me lose out to those who weigh in with authority right away, but that’s ok. I have learned that not every initial call is the correct one. I’d rather be safe than sorry.

By Phil Gurski

Phil Gurski is the President and CEO of Borealis Threat and Risk Consulting Ltd. Phil is a 32-year veteran of CSE and CSIS and the author of six books on terrorism.

Leave a Reply