Methodology Utilized to Compile NCTC's Database of Terrorist Incidents

The data provided in WITS consists of incidents in which subnational or clandestine groups or individuals deliberately or recklessly attacked civilians or noncombatants (including military personnel and assets outside war zones and war-like settings). Determination of what constitutes a terrorist act, however, can be more art than science; information is often incomplete, fact patterns may be open to interpretation, and perpetrators' intent is rarely clear. Moreover, information may become available over time, changing initial judgments about attacks. Users of this database should therefore recognize that reasonable people may differ on whether a particular attack actually constitutes terrorism or some other form of political violence. NCTC has made every effort to limit the degree of subjectivity involved in the judgments and, in the interests of transparency, has adopted a set of counting rules that are delineated below.

Terrorists must have initiated and executed the attack for it to be included in the database; failed or foiled attacks, as well as hoaxes, are not included in the database. Spontaneous hate crimes without intent to cause mass casualties are excluded, though it should be understood that often there is insufficient information to judge whether an attack was planned or spontaneous. While genocidal events can be interpreted as the most extreme form of politically motivated violence against civilians, attacks in this category are excluded, in part because of the inherent difficulty in counting such events and because the inevitable undercount does not do justice to the scope and depth of such atrocities. Moreover, the question of whether or not acts of genocide should be included in the WITS database was posed to a panel of academics at the 2008 Brain Trust on Terrorism Metrics. The panel concluded that acts that meet the criteria for genocide should not be included in the database.

Determining when perpetrators have targeted noncombatants can also be difficult. Military personnel and assets outside war zones and war-like settings pose one challenge to the noncombatant provision of the definition, while police under military command and control, and organized groups of armed civilians inside war zones and war-like settings pose another challenge. With the approval of the 2007 Brain Trust on Terrorism Metrics, NCTC developed a combatant matrix which details the various areas of war-like settings, and the common actors such as military police, militias, soldiers and other combatant-like actors. The analysts use the matrix in complex cases to determine when an act targeting combatant-like actors should be included in WITS. The combatant matrix is adjusted as the circumstances in world conflicts change or evolve. The distinction between terrorism and insurgency in Iraq was especially challenging in previous years, as Iraqis participated in both the Sunni terrorist networks as well as the former-regime-elements insurgency, targeting both civilians and combatants and often affecting both populaces. Terrorist attacks against combatants count as reckless and indiscriminate when terrorists could have reasonably foreseen that their attack would result in civilian casualties. Therefore, combatants may be included as victims in some attacks when their presence was incidental to an attack aimed at noncombatants, and some attacks may be deemed terrorism when it recklessly affects combatants.

The WITS database contains a field that allows analysts to categorize an incident by event type. Event types are coded in the database as the following: armed attack, arson/firebombing, assassination, assault, barricade/hostage, bombing, CBRN, crime, firebombing, hijacking, hoax, kidnapping, near miss/non-attack, other, theft, unknown, and vandalism. While some incidents can clearly be coded using this taxonomy, other kinds of attacks are more difficult to define. When it can be determined, incidents that involve multiple types of attacks are coded with multiple event types. Incidents involving mortars, rocket-propelled grenades, and missiles generally fall under armed attack, although improvised explosive devices (IED) fall under bombing including vehicle-borne IEDs (VBIED). VBIEDs include any IED built into or made a part of a vehicle including cars, trucks, bicycles, and motorcycles. Suicide events are also captured, but the perpetrator must have died in the attack for the event type suicide to be included.

The WITS database categorizes victims of an incident. Civilians, business, students, military and police are some of the several dozen victims types captured in WITS. Additionally, the nationalities are recorded in WITS where open source reports such information. The methodology presumes most victims to be local nationals unless otherwise reported in the press.

In the cases of Iraq and Afghanistan, it is particularly difficult to gather comprehensive information about all attacks and to distinguish terrorism from the numerous other forms of violence, including crime and sectarian violence. During the past twelve months, analysts have noted a decline in open source reporting in some provinces in Afghanistan that have deteriorating security. Thus, WITS has limited attack information for these provinces. We note, however, that because of the difficulty in gathering data on Iraq and Afghanistan, the dataset undoubtedly undercounts the number of attacks in these two countries. Finally, separating crime from terrorism can be difficult, particularly when the criminal act is used to support future terrorist operations. During the 2007 Brain Trust on Terrorism Metrics, outside academics approved a decision tree used by analysts to determine when a crime committed in support of terrorism would be included in WITS. For instance, a kidnapping for ransom by a designated Foreign Terrorist Organization (FTO) would be included in WITS, but a bank robbery to fund future operations would not.

In an effort to provide greater granularity and analytic service, in 2007 NCTC introduced to the database the concept of targeting characteristics. The purpose was to capture, where possible, the underlying motivating factors for attacks. Victims and facilities are coded, so as to enable searching for violence against specific targets-Westerners, Christians, and other groups targeted because of their cultural, ethnic, or religious identities. The intent of this field is not to identify all victims who happened to be Muslims, Christians, etc., but rather to identify victims who appeared to be targeted because they were Muslims, Christians, etc.

Traditionally, NCTC only attributed attacks to perpetrators when a claim of responsibility was made or if reporting indicated a belief that a particular perpetrator was responsible. Fundamentally, only those groups that have already been designated as foreign terrorist organizations by the State Department; that have themselves claimed responsibility for terrorist actions or status as a terrorist group; or that have been repeatedly and reliably suspected of involvement in specific terrorist activities are included in WITS. As noted, we often get neither piece of information, and as a result many of the attacks list an unknown perpetrator; for instance in 2007 over 60 percent of all attacks were listed as unknown perpetrators. Where we had information, we provided a confidence level of likely, plausible or unlikely. In an effort to improve analytic capability, and at the request of a panel of outside academics, NCTC added a new confidence level in the 2008 data that is associated with perpetrators to assist researchers. The new value is Inferred.

In instances where available information provides neither a claim of responsibility nor a belief that a particular perpetrator was responsible, NCTC may now infer a perpetrator. Such inferences are based on an evaluation of the characteristics of the attack and other factors, such as whether only one group is active in a particular region. In cases where the attack characteristics match the modus operandi of a single group, or a group is known to be the only one operating in the region, for example, an inference is made that associates a group with the attack. If desired, these inferences may be filtered out of the result set by excluding the confidence level of Inferred in the Advanced Search facility of WITS as shown below.

Thus far, this data value is being utilized largely for the inference of Sunni extremist attacks in some countries and only applies to the 2008 data. Such an inference is based upon specific parts of the country in which the attack occurred, the attack method used, or both factors.

NOTE: Users must be aware that such an analytic reference has not been applied to earlier years and as such queries must be carefully constructed to avoid fallacious conclusions about the change in the number of attack conducted by Sunni extremists. If users do not wish to use this additional analytic reference they can maintain consistency across time-series data by filtering out the value as described above. Moreover, perpetrator characteristics may change over time. For instance, the Chechen rebels were previously categorized as secular/political, but are now categorized Sunni extremists because they declared themselves to be the Islamic Emirate of the Caucuses in October of 2007 and claimed attacks under this name.

To be of more analytic service, the database also enables greater granularity with respect to the impact of attacks. Killed, wounded, and kidnapped figures are provided. Kidnapped victims who were later killed are counted as killed; and kidnapped victims either liberated or still in captivity are counted as kidnapped. Any attack hitting a facility is now coded with a damage estimate of Light ($1 to $500 thousand), Moderate ($500 thousand to $20 million), or Heavy (over $20 million). While it is inherently difficult to make damage assessments for attacks in different countries with different economic circumstances, these estimates allow users to garner a general sense of the overall level of attacks.

Because terrorism is a tactic, used on many fronts, by diverse perpetrators in different circumstances and with different aims, NCTC cautions against using attack data alone to gauge success against the forces of terrorism. NCTC does not believe that a simple comparison of the total number of attacks from year to year provides a meaningful metric, for the following reasons:

• We continue to refine our counting rules as the study of terrorism evolves. Interaction with academics and outside terrorism experts convinces us that there will never be a bright red line around terrorist attacks, but instead the definition of terrorism will always be a point of thoughtful debate. This evolution in our methodology for counting attacks is reflected in WITS and means that some types of year to year comparisons may be misleading.
• A quarter of the attacks in the database actually involve no loss of life whatsoever; while an attack against a pipeline and a VBIED attack that kills 100 civilians each count as one attack in the database, such a comparison hardly seems meaningful.
• The nature of this exercise necessarily involves incomplete and ambiguous information. The motivation behind attacks, particularly those that do not involve mass casualties can be particularly difficult to discern.
• As additional sources of information are found and as more information becomes available from remote parts of the globe we will continue to enrich the database. In the case of 2005, for example, incidents in Nepal grew dramatically; this data can't be meaningfully compared to 2004 because it is clear that attacks on civilians were occurring at a substantially higher rate than was reflected in previous years' accounting.
• Finally, the very approach to counting attacks could skew results; for instance, in the morning of 17 August 2005 there were about 450 small bomb attacks in Bangladesh. WITS counted these as one incident because we judged the individual attacks to all be part of a larger coordinated attack; an argument could be made that these were 450 separate attacks.

In summary, tracking attacks against civilians and noncombatants can help us understand important trends related to the nature of the attacks, where they are occurring, victims, and perpetrators. However, year-to-year changes in the gross number of attacks across the globe may tell us nothing about the effectiveness of the international community in preventing attacks, reducing the capacity of extremists to wage war, or preventing extremists from advancing their agenda through violence against the innocent.