Research Brief


Being able to understand the motivation of al Qaeda and other groups can help nations better disrupt, defend against, and prepare for and anticipate terrorist attacks. Three new studies, relying on a case study approach, offer insights into the terrorist mindset, focusing, in particular, on how terrorists try to get around defensive technologies, share technologies among themselves, and prioritize their targets.

In fighting any war, it helps to "get inside the enemy's mind." In the past, that meant understanding the motivations of a monolithic state enemy like the Soviet Union. But doing that today in combating terrorism is far more challenging, because, in battling al Qaeda and other groups, the United States is dealing with amorphous, ever-changing terrorist organizations.

Putting ourselves in the terrorists' shoes could help us answer a number of questions: When we put in place technological defenses against terrorists, what do they do to get around them? When terrorists seek to develop new technologies, how do they work with other terrorist groups to share information and technologies? And when terrorists target the United States, what guides their preferences?

Three new RAND Corporation studies seek to help answer these three questions, relying on a case study approach of al Qaeda and other terrorist groups to draw out some applicable lessons for policy planning.

Measure-Countermeasure: Defending Against Terrorist Attacks

Nations employ five basic types of defensive technologies to protect their citizens from terrorism by discovering and frustrating the plans of terrorists: information acquisition and management, preventive action, denial, response, and investigation.

But as nations use defensive measures, terrorists use countermeasures in response. Relying on case studies of four terrorist groups, researchers showed that terrorists (1) change how they carry out activities or design operations; (2) modify their own technologies, acquire new ones, or substitute different technologies for the ones they currently use; (3) avoid the defensive technology; or (4) destroy or damage the defensive technology.

Given that terrorists have been successful in using such countermeasures, the analysis suggests that, in designing protective measures, the United States should not immediately assume that the newest and most advanced technologies—the highest wall, the most sensitive surveillance—will best protect nations from terrorist attacks. Relying on a "fortress"—formidable but static defensive measures—is a limiting strategy. Assuming instead that adversaries are adaptive, it makes more sense to rely on a defensive model—a variety of security measures that can be adjusted and redeployed as terrorists discover their vulnerable points.

Disrupting Terrorist Technology- and Knowledge-Sharing

The attacks on al Qaeda after September 11, 2001, have changed the nature of the terrorist threat the United States is facing, leading some terrorist groups that lack the global reach of a pre-9/11 al Qaeda to form regional alliances and to share knowledge and technologies. Relying on case studies of 11 terrorist groups in three regions, researchers sought to understand what made for successful knowledge and technology exchanges as a way of determining vulnerabilities in these technology exchanges. Analysis pointed to three key conclusions.

Threat Assessments Must Focus on Intergroup Dynamics. This includes technology exchange. Terrorist groups thought potential gains or costs in operational capabilities more important than ideological similarities when deciding whether to participate in technological exchanges; thus, threat assessments should focus on operational as well as strategic motivations for alliances. Threat assessments should monitor individuals not just with chemical, biological, radiological, or nuclear expertise, but also those with expertise in conventional attack modes, such as remote-detonation technologies, rockets and missiles, improvised explosive devices, and converted field ordnance.

Attack Distribution by Hypothesis

Terrorists' Innovation Processes Should Be Disrupted. This will reduce the potential for a successful technology exchange. For example, governments have provided safe havens as incentives to get terrorists to participate in peace negotiations, but such safe havens facilitate technology transfers. Tightening porous borders can also help disrupt technology exchanges.

Policies Should Disrupt Trust Among Terrorist Groups. Policies such as blocking payment transfers can affect a terrorist group's cost-benefit analysis of getting involved in technology exchanges.

Prioritizing Targets of Terrorist Attacks

Al Qaeda seeks a restored Caliphate free of Western influence. Clearly, it uses terror as its means. But how does terrorism serve al Qaeda's ends? Understanding how al Qaeda's leadership thinks terrorism gets it closer to the Caliphate might suggest what U.S. targets it may seek to strike and why.

This research posits four hypotheses to link means and ends. The coercion hypothesis suggests that terrorists seek to cause pain, notably casualties, to frighten the United States into pursuing favorable policies (e.g., withdrawing from the Islamic world). The damage hypothesis argues that terrorists want to damage the U.S. economy to weaken its ability to intervene in the Islamic world. The rally hypothesis holds that terrorism in the United States is meant to attract the attention of potential recruits and supporters. Conversely, the franchise hypothesis argues that today's jihadist terrorists pursue their own, often local, agendas, with, at most, support and encouragement from al Qaeda itself. RAND researchers examined each hypothesis by analyzing 14 major terrorist attacks (shown in the figure) and al Qaeda's own statements, as well as by surveying terrorism experts.

Such research suggests that the coercion and damage hypotheses are most consistent with prior attack patterns, expert opinion, and al Qaeda's statements. Although the franchise hypothesis fits most of the post-9/11 attacks, unless franchises are active in the United States, that fact may not indicate what the next attack in the United States might look like.

Indeed, given al Qaeda's current resource limitations, such an attack may well favor using suicide bombers and could focus on soft (poorly defended) targets. Attacks on the food industry, particularly the agricultural sector, and the use of radiological dispersion devices merit attention.

This report is part of the RAND research brief series. RAND research briefs present policy-oriented summaries of individual published, peer-reviewed documents or of a body of published work.

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit

RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.