Appendix Two: A Word on Threat Assessment Definitions

In assessing the threat posed by terrorist groups, this report adopts two key distinctions that need to be defined.

First, this report distinguishes between threats to the United States homeland, threats to regional stability—that is to the United States’ preferred order writ broadly in areas outside of the United States, and threats to specific U.S. persons outside of the United States. Threats to regional stability can be subdivided further for analysis by the region in question, for example differentiating threats to Europe from threats to Middle Eastern states.¹

Second, in assessing the level of threat a terrorist group poses, this report distinguishes between directed, enabled, and inspired attacks. Directed attacks are those attacks in which a terrorist organization either carries out an attack itself or provides meaningful material support to an associated third party (e.g., training, payment, or specific intelligence) that played an important role in the attack. Enabled attacks are defined as attacks where there is communication specific to the development of an attack, generally online, between a terrorist organization and an attacker, but the attacker has not received material forms of support for the operation from the terrorist group. Finally, inspired attacks are those attacks in which the attacker is influenced by the propaganda or ideology of a terrorist group but has not had communication with members of the group specific to their attack plans. Given the covert nature of terrorist organizations and the trend towards decentralization many groups have embraced, it can be difficult to fully determine which category an attack falls into.

It is important to distinguish because these different forms of attacks represent different types of threats that require different responses. For example, disruptive military action can succeed in eliminating a group’s material capability to direct an attack, but if the group’s attacks are actually inspired rather than directed, such military action is less likely to be successful in preventing attacks or is at least more contingent on how the action is interpreted by public opinion. While enabled attacks have gained notoriety in part due to fears over the role of encrypted communication in facilitating connections between foreign terrorist organizations and terrorists in Western countries in the absence of training, it is far from clear that such enabled plotting is capable of making a material impact on the lethality or success of attack plots, let alone in replicating the expertise and impact of a traditionally directed plot.² Moreover, even if one concludes that such online coaching does have an impact, it is unclear why such online coaching would not be resilient to military destruction of safe havens given its networked nature.

Terrorist groups often seek to blur the distinctions between these forms of attacks because, in their mind, there is not a clear distinction and also because attributing organizational ties to attacks that the organization had little material role in grants greater power and prestige to the organization. Analysts should be wary of adopting methods that support their branding efforts by blurring these critical differences.