Skip to content
National Counterterrorism Center (NCTC) Worldwide Incidents Tracking System   

 

 

CRITERIA
19 June 2008

Methodology Utilized to Compile NCTC's Database of Terrorist Incidents

The data provided on the website consists of incidents in which subnational or clandestine groups or individuals deliberately or recklessly attacked civilians or noncombatants (including military personnel and assets outside war zones and war-like settings). Determination of what constitutes a terrorist act, however, can be more art than science; information is often incomplete, fact patterns may be open to interpretation, and perpetrators' intent is rarely clear. Moreover, information may become available over time, changing initial judgments about attacks. Users of this database should therefore recognize that reasonable people may differ on whether a particular attack actually constitutes terrorism or some other form of political violence. NCTC has made every effort to limit the degree of subjectivity involved in the judgments and, in the interests of transparency, has adopted a set of counting rules that are delineated below.

Terrorists must have initiated and executed the attack for it to be included in the database; failed or foiled attacks, as well as hoaxes, are not included in the database. Spontaneous hate crimes without intent to cause mass casualties were excluded to the greatest extent practicable. While genocidal events can be interpreted as the most extreme form of politically motivated violence against civilians, attacks in this category were excluded, in part because of the inherent difficulty in counting such events and because the inevitable undercount does not do justice to the scope and depth of such atrocities.

The database contains a field that allows analysts to categorize an incident by "event type." Event types are coded in the database as the following: armed attack, arson/firebombing, assassination, assault, barricade/hostage, bombing, CBRN, crime, firebombing, hijacking, hoax, kidnapping, near miss/non-attack, other, theft, unknown, and vandalism. While some incidents can clearly be coded using this taxonomy, other kinds of attacks are more difficult to define. When it can be determined, incidents that involve multiple types of attacks are coded as such. Incidents involving mortars, rocket propelled grenades, and missiles generally fall under armed attack, although improvised explosive devices fall under bombing. NCTC is working with outside experts to refine the fields and develop a more rigorous and consistent taxonomy.

In the cases of Iraq and Afghanistan, it is particularly difficult to gather comprehensive information about all attacks and to distinguish terrorism from the numerous other forms of violence, including crime and sectarian violence. The distinction between terrorism and insurgency in Iraq is especially challenging, as Iraqis participate in both the Sunni jihadist terrorist networks as well as the Baathist, former-regime-elements insurgency, targeting both civilians and combatants and often affecting both populaces. Therefore, some combatants may be included as victims in some attacks, when their presence was incidental to an attack intended for noncombatants. We note, however, that because of the difficulty in gathering data on Iraq and Afghanistan, the dataset does not provide a comprehensive account of all attacks in these two countries.

In an effort to provide greater granularity and analytic service, NCTC introduced to the database the concept of "targeting characteristics." The purpose was to capture, where possible, the underlying motivating factors for attacks. More specifically, the field was designed to allow users to identify those attacks perpetrated by similar types of groups or individuals, such as Islamic Sunni extremists. Victims are also coded, so as to enable searching for violence against specific targets-Westerners, Christians, and other groups targeted because of their cultural, ethnic, or religious identities. The intent of this field is not to identify all victims who happened to be Muslims, Christians, etc., but rather to identify victims who appeared to be targeted because they were Muslims, Christians, etc. Similarly, the field was not designed to identify every incident that may have been perpetrated by an extremist, but rather to identify violence executed by perpetrators because they were extremists.

To be of more analytic service, the database also enables greater granularity with respect to the impact of attacks. Killed, wounded, and kidnapped figures are provided. Kidnapped victims who were later killed are counted as killed; and kidnapped victims either liberated or still in captivity are counted as kidnapped. Any attack hitting a facility is now coded with a damage estimate of Light ($1 to $500 thousand), Moderate ($500 thousand to $20 million), or Heavy (over $20 million). While it is inherently difficult to make damage assessments for attacks in different countries with different economic circumstances, these estimates allow users to garner a general sense of the overall level of attacks.

Because terrorism is a tactic, used on many fronts, by diverse perpetrators in different circumstances and with different aims, NCTC cautions against using attack data alone to gauge success against the forces of terrorism. NCTC does not believe that a simple comparison of the total number of attacks from year to year provides a meaningful metric, for the following reasonings:

  • The very definition of terrorism relative to all other forms of political violence is open to debate; interaction with academics and outside terrorism experts convinces us that there will never be a "bright red line." We will continue to refine our counting rules as the study of terrorism evolves.
  • A quarter of the attacks in the database actually involve no loss of life whatsoever; while an attack against a pipeline and a VBIED attack that kills 100 civilians each count as one attack in the database, such a comparison hardly seems meaningful.
  • The nature of this exercise necessarily involves incomplete and ambiguous information. The motivation behind attacks, particularly those that don't involve mass casualties can be particularly difficult to discern.
  • As additional sources are found and as more information becomes available from remote parts of the globe we will continue to enrich the database. In the case of 2005, for example, incidents in Nepal grew dramatically; this data can't be meaningfully compared to 2004 because it is clear that attacks on civilians were occurring at a substantially higher rate than was reflected in previous years' accounting.
  • Finally, the very approach to counting attacks could skew results; for instance, in the morning of 17 August 2005 there were about 350 small bomb attacks in Bangladesh. WITS will count these as one incident; an argument could be made that they were 350 separate attacks.

In sum, tracking attacks against civilians and noncombatants can help us understand important trends related to the nature of the attacks, where they're occurring, victims, and perpetrators. However, year-to-year changes in the gross number of attacks across the globe may tell us nothing about the effectiveness of the international community in preventing attacks, reducing the capacity of extremists to wage war, or preventing extremists from advancing their agenda through violence against the innocent.