avril 24, 2019

Terrorist Attacks in Sri Lanka: Assessing the Response to the Threat and the Attacks

On Sunday, April 21, 2019, nine suicide bombers launched their attacks on nine different targets in Sri Lanka. As of writing this text, the current death toll is at 360 (and likely to climb) and the number of injured at well over 500. In truth, the real casualty toll including trauma victims is well over 1,000. This makes the terrorist attack in Sri Lanka one of the deadliest attacks this century.

Since this tragic day, the focus has essentially been on the Who (local groups with international support? ISIS? Al Qaida?), the How (suicide bombers, planning, sophistication) and the Why (motivation? Was it in response to Christchurch?). For this text however, I wish to focus on the response of the Sri Lanka government and security officials both to the early warning intelligence and the response after the attack. Bearing in mind the attack is still very recent and that circumstances may change, this is an assessment of the response based on the three days since the attacks.


Two key aspects help put these attacks into context. The first is the rapidly growing number of extremist groups in south-east Asia over the last six years. A result thereof has been an increasing number of terrorist attacks in the Philippines, Thailand and Indonesia since 2016, with a dozen attacks in the Philippines for the year 2017. Over the same six year period, larger organizations, such as Al Qaida and ISIS, have been more active in terms of recruitment and involvement in the region, notably with the creation of Al Qaida in South Asia (AQSA or AQIS) or the pledge of the organization Abu Sayyaf to the “Islamic State” in the Philippines. This allowed extremist organizations to benefit from a wider range of support, notably in terms of networking, logistics, training and financing.

This situation is compounded by the various ethnic, religious and political tensions the region has experienced for decades, which have been sharpened in recent years. Again, this creates fertile ground for extremism and terrorism, more so for countries like Sri Lanka, who is still recovering from a brutal civil war. As such, Sri Lanka could be deemed as the next domino to fall in an expanding extremist and terrorist environment.

The second aspect are the extreme political tensions between Sri Lanka’s president and its prime minister. These tensions led to an actual fight between MPs in Parliament and to a constitutional crisis in the latter months of 2018. The divisions within the country’s political class are extreme, which not only hinders the management but fosters political positioning and politicking within decision making and bureaucratic circles. People are choosing sides and becoming a part of the power struggle.

If the first aspect can help explain why Sri Lanka was the victim of such a violent attack, it is the second that has framed the country’s response to the attacks and likely played a role in the management of the intelligence warning about the attacks.

The Response

The immediate response could be described as shaky. While emergency responders acted quickly to try to save lives, locking down secure perimeters to prevent possible suspects from fleeing and making sure emergency responders can work without interference did not occur rapidly. In fact, most of the methods used in reaction to the attacks were ones stemming from the civil war, including the deployment of the military and censorship of information. Experience has its benefits but Sri Lanka security personnel were clearly not prepared for such an attack, and it showed on every level.

For example, the idea of shutting down social media after the attacks occurred to prevent rumours and false information from circulating. In itself, this is a good idea, all the more after the attacks in Christchurch. But it is not a good idea if you don’t provide alternative means of communications or channels for people to communicate with loved ones to inquire about their well being. Hotlines can be useful, but in this day and age, an SMS based system allowing people to inquire about potential victims could be very useful in a context where social media and instant messaging platforms are suspended. By not providing an alternative, shutting down these platforms only increased the worries and stress of anyone trying to get answers on the status of victims and others in the country.

The public relations management of the attacks can only be described as abysmal. One of the lessons learned following terrorist attacks around the world in recent years is that only clear and accurate information must be shared with the public in order to avoid any confusion and rumours. Since Easter Sunday, Sri Lanka decision makers have done only the contrary, focusing rather on damage control than crisis management. The consequences of “damage control” PR following attacks are usually fuelled by finger pointing, fear, the need to appear to be doing something and perhaps worst of all, making each shred of the investigation public, even before the information can actually be verified.

This results exactly in what we have seen in Sri Lanka since Sunday: Leaked documents on withheld intelligence about the attacks; “it’s not me it’s them” rhetoric from the government; accusing one group then another of the attacks; announcing a motive (Christchurch attack) which no other involved party can confirm; direct accusations of ill will; and then sacking department heads, a form of scapegoating, to begin reforms. Even if the accusations and the statement are eventually proven correct, it is poor crisis management to share this information and the suspicions now, as it only fuels rumours and false leads, creates huge amounts of confusion and hinders both the crisis management process and the investigation itself. The focus is on image, not on clarity, answers or security. The management of the crisis so far can only serve as an example of what not to do following a terrorist attack.

The Issue of withheld Intelligence

This was one of the first things mentioned following the Easter day attacks: The PM and the Cabinet were not informed of intelligence suggesting attacks were planned on churches and hotels. In the days since, information has come out that Sri Lanka security services were warned multiple times about these attacks and did not act on it. Worse, it was revealed on April 24 that security officials may have deliberately withheld this information.

That these suspicions have been made public is counter-productive and can only amount to being a distraction under the current circumstances. It should be dealt with internally, with the results being made public once the investigation is completed, but this is another topic.

While this may sound like a conspiracy theory at first, withholding vital information is unfortunately a very common practice. I know from experience that security officials withhold information from key decision makers like prime ministers – especially in presidential systems – if they believe the information could give the person it is to be shared with “too much power”. Intelligence is politicized, turned into an instrument of power, to be shared only with like-minded people regardless of the intel’s importance. So when the Sri Lanka prime minister says he and the cabinet were deliberately kept out of the loop – especially under the current political climate – sadly, I am anything but surprised and think it is likely. It does not rule out additional reasons for not sharing, such as bureaucratic issues, poor analysis and threat appraisal, poor communications or incompetence, but I have little doubt at this point that politics played a role in refusing to share vital intelligence with the cabinet and acting on it.

This is a practice that is also widespread in western countries, albeit differently. Here, it will be less about power politics than agency and service rivalries, ideological sympathy or nationalism, just to name a few. Regardless of the country, information is power and can be instrumented for various purposes, from the pettiest to the greater good. We may have just witnessed one of its pettiest uses and Sri Lankans have paid a terrible price.

We will never know if sharing the information could have prevented the attacks from occurring because regardless of the intelligence’s quality, it is only valuable if properly analyzed and acted upon. As usual, prevention begins and ends with the human factor, and there is little doubt the human element massively failed in the lead-up to the attacks in Sri Lanka.


From a counter-terrorism perspective, what stands out to me in the response to the bombings is that nothing was learned from other terrorist attacks around the world. Some argue that the cultures, the threats and the experiences are different and therefore lessons can be poorly exported. However, that is not true. There are enough common denominators to learn from others’ experiences with terrorism, and these denominators can be exported. Immediate post-attack victim care, information management, the need to avoid politicking of vital information, investigation and crisis management methods, all of these can be exported. We can all learn from the French, Spanish, American, Canadian, British, Nigerian, Malian, Indian and countless others’ mistakes in dealing with terrorism, especially the immediate response. Still, for a variety of reasons, including arrogance and false sense of security, countries are very reluctant to look elsewhere for input on counter-terrorism, especially for the policy and political aspects of it. Experience and history are good advisors but can also lead to arrogance and complacency if the awareness to learn and adapt is lacking. Let us learn from the mistakes and poor response in Sri Lanka, to make sure attacks on this scale do not happen again anywhere.