• Prevention involves disrupting the terrorists’ networks and keeping the means of mass destruction out of the hands of would-be terrorists, as in safeguarding fissile materials or foiling plans for the hijacking of airliners.

  • Protection is needed should detection and prevention fail. In military parlance, protection means hardening the target so that destruction or disruption becomes more difficult for the terrorist. Examples include technological design and procedures for making borders, buildings, airplanes, and critical infrastructures more difficult to breach, disrupt, or destroy. Protection might also mean the use of vaccination and other public health measures to make people more resistant to disease.

  • Interdiction, or crisis management, seeks to detect an imminent attack and prevent its occurrence either by disrupting and destroying potential perpetrators of catastrophic terrorism and their base of support before they can mount an attack, as in the current campaign against al Qaeda in Afghanistan, or, when an attack is imminent, by identifying the attackers, preventing their access to the target, or frustrating the attack itself by technical means.

  • Response and recovery, also called “consequence management,” means containing and limiting the level of damage and the number of casualties by organizing emergency responses and public health measures and restoring critical functions in the aftermath of a terrorist attack.

  • Attribution refers to the ability to identify the perpetrators of an act (by typing an anthrax culture, for example, or performing radiochemical analysis of nuclear bomb debris) and is key to the choice of responses, such as retaliation or prosecution.

In addition, all of these phases benefit from analysis and invention, which involve systematic learning from incidents that do occur, studying terrorist tactics and devising countermeasures through “red team/blue team” exercises,3 understanding motivations and factors that influence deterrence, and developing systematic plans for ongoing operations, future investments, and scientific and technological innovations.


Red teaming and blue teaming are an approach to defining the weaknesses of a system and devising ways to mitigate the resulting vulnerabilities: “The red team tries to devise attack tactics, and the blue team tries to design countermeasures. When the United States developed the first stealth aircraft, for example, the Air Force created a red team to try to detect and shoot them down. When the red team identified a weakness in the stealth design, the blue team was charged to fix it, systematically balancing risk of detection against the cost and inconvenience of countermeasures” (Ashton B. Carter, “The Architecture of Government in the Face of Terrorism,” International Security, Vol. 26, No. 2, Winter 2001-2002, p. 17).

The National Academies of Sciences, Engineering, and Medicine
500 Fifth St. N.W. | Washington, D.C. 20001

Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement