Just before 11 PM on Thursday, July 14, a 19-ton truck turned onto a seaside promenade in Nice, France, where crowds had gathered to watch Bastille Day fireworks. The truck sped up, plowing into the people on the promenade. By the time French police shot the driver, the truck had traveled 1.1 miles, killing 84 people and injuring hundreds more. That attack came less than four months after three terrorists killed 32 people in explosions in the departure hall of Brussels Airport and a metro car near Brussels’ Maelbeek subway station. And it came eight months after a group of young men killed 130 people in Paris, in the deadliest attack on France since World War II. The self-proclaimed Islamic State, or ISIS, claimed responsibility for all three attacks.

These attacks have exposed deep flaws in continental Europe’s approach to counterterrorism. European intelligence agencies do not share information with one another fast enough. Europe’s porous borders allow terrorists to cross the continent with ease. Other European governments have lagged behind the United Kingdom in developing capabilities and legal frameworks for digital intelligence gathering and in cultivating effective cooperation between their many agencies.

In the aftermath of the attacks, continental Europe now has a unique opportunity to reform its intelligence infrastructure. Its leaders recognize the need for action. After the Paris attacks, French President François Hollande imposed a state of emergency, declaring that “France is at war.” A French parliamentary commission of inquiry into the Paris attack concluded that Europe was not up to the task of fighting terrorism, identifying failures in French intelligence and in the communication between intelligence and law enforcement bodies. Belgian authorities have accepted that their counterterrorism policies are inadequate: the Belgian interior and justice ministers offered their resignations over the evident failures in Belgian intelligence.

European governments must now commit to lasting reforms, ramping up investment and breaking down barriers to information sharing. The United Kingdom’s vote to leave the EU will not make things easier. Yet it also creates an opportunity to create other, stronger networks for international cooperation across the continent and beyond.

As they respond to ISIS’ threat, governments would do well to heed four main lessons from history. Governments must not forget the importance of understanding the enemy, formulating realistic goals that are consistent with democratic values, remaining flexible in the face of a threat that is unlikely to remain static, and, above all, forging partnerships based on earned trust.


Episodes from the 1990s and early years of this century illustrate the first key lesson of successful counterterrorism: the importance of understanding the nature of the threat. When intelligence agencies misdiagnose the danger after a plot is uncovered or after an attack, governments are less likely to invest to preempt future threats.

Throughout the 1990s, despite several warning signs, British and U.S. intelligence agencies failed to grasp the potential significance of the threat from Islamist terrorist groups. In 2000, the British Security Service uncovered the first cell of Islamist bomb-makers in the United Kingdom. But it treated the discovery as a one-off event, since at the time it did not seem similar to other threats that the intelligence agency had encountered. Later that year, the Security Service arrested a Pakistani microbiologist who was seeking pathogen samples and equipment suspected to be suitable for making biological weapons. Once again, however, the intelligence agency viewed the episode as an isolated incident. In fact, British and U.S. intelligence agencies later discovered that it was part of an al Qaeda plan to develop biological weapons. It would not be until after 9/11 that the British intelligence and security community would grasp the potential scale of the threat from radicalized extremists and would invest enough resources in response.

Many European intelligence agencies have been slow to recognize the threat that ISIS poses.

The U.S. intelligence community was similarly slow to understand the extent of the danger al Qaeda posed. In January 1993, Mir Aimal Kansi, a Pakistani jihadist, shot two CIA employees outside the agency’s headquarters, in Langley, Virginia. The CIA responded by fortifying its perimeter security, but its assessment of its counterterrorism strategy did not change. Just one month later, an al Qaeda truck bomb exploded under the North Tower of the World Trade Center, killing six but failing to topple the building. Intelligence agencies tend not to examine the causes of a near miss as seriously as they do the causes of an actual disaster. (Airlines, by contrast, routinely scour close calls for lessons.) Thus, after the 1993 attacks, they learned valuable tactical lessons—how to protect a building from attack, for example—but missed the larger message: that al Qaeda was actively plotting to cause mass casualties on U.S. soil.

Five years later, al Qaeda blew up the U.S. embassies in Kenya and Tanzania, killing more than 200 people. Within weeks, U.S. President Bill Clinton ordered cruise missile strikes on targets in Afghanistan and Sudan. Osama bin Laden became a high-priority intelligence target. But the U.S. government still massively underestimated the risk of a terrorist attack on the United States itself and did little to strengthen homeland security; the subsequent attacks on 9/11 came as all the more of a shock.

When intelligence agencies understand the threat they face, they’re more likely to adopt prudent reforms. In April 1993, the Provisional Irish Republican Army detonated a massive truck bomb in the City of London, inflicting more than $700 million worth of damage, killing one, and injuring 44. The British authorities, who understood the nature of the threat after decades spent fighting the IRA, assessed that the group had the explosives, personnel, and funds to continue to pose a danger. The case for boosting investment in security was clear. Within a few months, the British government had set up the “ring of steel,” a security cordon of checkpoints and surveillance cameras around the City of London that covered every entry point and major building. The police, local government, and private companies worked together to make London’s infrastructure more resilient.

France also successfully adapted its counterterrorism strategy after the Armed Islamic Group launched a series of attacks in the 1990s, hoping to deter France from intervening in the group’s struggle to seize power in Algeria. The French authorities understood the group’s motives and the methods it was likely to use and rapidly strengthened France’s security apparatus. The government made it a crime to associate with terrorists, by providing them with a vehicle, for instance, and intro­duced flexible pretrial procedures led by specialized counterterrorism magistrates and trials in dedicated courts. These moves made it easier to convict terrorists and deprived them of local support.

A Belgian soldier patrols a shopping street in central Brussels following the Paris attacks, Belgium, November 2015.
A Belgian soldier patrols a shopping street in central Brussels following the Paris attacks, Belgium, November 2015.
Yves Herman / Reuters

Today, however, many European intelligence agencies have been slow to recognize the threat that ISIS poses. They have largely failed to combine the work of their domestic and external intelligence services and have failed to integrate the work of the police with that of their security and intelligence agencies. For too long, they have ignored the risks inherent in the Schengen system of open borders, which leaves their security dependent on the effective intelligence of their neighbors. As a result, networks of terrorists, hardened by fighting in Iraq and Syria, in possession of European passports, and hiding among Europe’s many undocumented refugees, now reach across the continent.


The second lesson is the importance of setting a clear and realistic strategic aim, one that European governments can meet while staying true to their democratic values. After 9/11, U.S. President George W. Bush declared that his administration would do whatever it took to destroy al Qaeda. He authorized measures unheard of in peacetime, including extraordinary rendition, detention without trial, torture, and the targeted killing of enemy combatants far from any recog­nized battlefield.

Yet much of the United States’ response to 9/11 has proved counter­productive. The rhetoric of the so-called war on terror expressed resolve, but it led policymakers to overreact in their desperation to secure “wins.” Prevailing in a long war is not the same as winning tactical engagements or even a battle or two, and many of the extra­ordinary measures the United States implemented, such as the use of torture, helped reinforce extremist narratives and damaged the United States’ standing in the world. The invasion and occupation of Iraq helped produce a new generation of terrorists. The Bush-era drone program, which President Barack Obama has since expanded, has killed much of al Qaeda’s senior leadership and disrupted its ability to mount organized attacks. But the organization still represents a significant threat through its links to the al-Nusra Front in Syria, and the inevitable accidental killings of civilians in drone strikes have provided ready material for extremist propaganda.

The 9/11 attacks also shocked the British government. (Sixty-seven British citizens died that day, the largest single loss of British life in a terrorist attack.) At first, the United Kingdom responded in a similar fashion to the United States; by October, U.S. and British armed forces were fighting alongside each other in Afghanistan. But their counterterrorism strategies soon diverged. As the United States pressed on with its “war on terror,” the British government adopted a counterterrorism strategy known as CONTEST, which aimed to “reduce the risk to the UK and its interests overseas from terrorism, so that people can go about their lives freely and with confidence.” The government sought to reassure tourists, encourage investment, and stabilize markets. This approach emphasized the continuation and resumption of ordinary life. In contrast, the United States, in adopting extreme measures, preserved an abnormal situation, playing into the terrorists’ narrative.

The number 30 double-decker bus after the 7/7 attacks in Tavistock Square in central London, July 8, 2005.
The number 30 double-decker bus after the 7/7 attacks in Tavistock Square in central London, July 8, 2005.
Dylan Martinez / Reuters

So far, the British approach has worked. Since 9/11, there has been only one major successful attack in the United Kingdom: the bombings on London’s public transport on July 7, 2005, which killed 52 people. But the threat remains severe. British intelligence has thwarted several major al Qaeda attacks, including a sophisticated attempt to down U.S. airliners over the Atlantic in 2006. In February, the British security minister said that at least seven attacks had been stopped in the previous 18 months alone. Through tight cooperation between the Security Service and the police, sup­ported by the other British intelligence agencies, the government has successfully identified and prosecuted hundreds of terrorists (there were 255 terrorism-related arrests in just one year, between March 2015 and March 2016) without significantly infringing civil liberties.

This lesson is an important one for Europe’s current leaders. Since the attacks in Paris and Brussels, governments have ramped up protection at crowded public events. But there are limits to what they can do. A combination of effective intelligence and protective security measures can almost eliminate the risk of attack for a small number of high-value targets, such as a world leader or a nuclear power station. (ISIS may well be considering such targets; last November, investigators found video footage at the apartment of a militant linked to the Paris terrorist attack of a senior official at a Belgian nuclear facility.)

Yet there will always be a risk that terrorists will instead focus on softer targets—subway stations, cultural centers, concert venues—as they have recently done in Denmark, Belgium, and France. In response, authorities should do what they can to ensure that people feel safe when they use public transportation or congregate in public spaces, even if the government cannot eliminate the risk. They should deploy more armed police officers to areas of high risk and train rapid-response units to react to the sorts of attacks that have hit Mumbai, Nairobi, Copenhagen, Paris, and Brussels, where small groups of armed men have rampaged across the city.

Continental Europe now has a unique opportunity to reform its intelligence infrastructure.

States of emergency, such as the one France imposed, can empower authorities to take sensible immediate steps to protect the public. But they do not represent a long-term answer. If measures such as the widespread deployment of soldiers on the streets persist for too long, authorities risk creating a new normal—one that the public will think terrorists have imposed on them.

When officials communicate with the public about the risk of ter­rorism, they should temper expectations. It is difficult to stop those who are prepared to use extreme violence in the pursuit of an ideological end, especially if they are willing to die for their cause. Statements that pledge to eliminate the risk of a future attack may promise too much—and they may convince publics to accept weaker protections of their human rights in the pursuit of absolute security. Instead, governments should provide a truthful and convincing narrative to explain the causes of the attacks and lay out a clear road map for what the public can expect next.


A third lesson is that policymakers must remain open to adapting their strategies and methods as the jihadist threat evolves. To become more flexible, intelligence agencies should adopt a joint approach to counterterrorism, just as modern armed forces rely on joint mission planning and command. In 2003, for example, the United Kingdom created the Joint Terrorism Analysis Centre, in which staff from the intelligence agencies, the police, the military, and other government agencies analyze and process infor­mation together. One year later, the U.S. government launched a similar organization, the National Counter­terrorism Center. The French parliamentary commission of inquiry set up after the 2015 Paris attack has called for the French government to establish a similar joint organization in Paris to overcome coordination problems between the many French police services and security agencies.

French President Francois Hollande delivers a speech on constitutional reform and the fight against terrorism at the Elysee Palace in Paris, France, March 2016.
French President Francois Hollande delivers a speech on constitutional reform and the fight against terrorism at the Elysee Palace in Paris, France, March 2016.
Stephane de Sakutin / Reuters

The British Security Service provides a case study in how an intelligence agency can become more flexible. After the July 2005 attack in London, the agency set up eight regional counter­terrorism hubs, based alongside police counterterrorism units, outside the city in the places it considered most vulnerable to radicalization. By decentralizing its investigations and cooper­ating closely with regional police departments, the Security Service could better understand local communities. Other coun­tries affected by jihadist radicalization should consider this model. In a promising first step, France has already announced the creation of a dozen regional “reinsertion and citizenship centers” to help identify potential jihadists and prevent extremists from radicalizing them.


The final and most important lesson is that countries must build partnerships based on earned trust. On the national level, policymakers should reexamine the relationships between police and intelligence agencies, between external and internal security and intelligence services, between civilian and military services, and between govern­ment agencies and the private sector, looking to build trust wherever possible, by arranging more cross-postings, for example.

Investing more in digital intelligence should be a priority.

On the international level, European governments need to earn the trust of partners inside and outside the EU to protect sensitive intelligence that can lead to shared leads and joint operations. And they need to establish good relationships with the U.S. technology companies that may hold data vital to stopping future attacks. To do so, they should negotiate bilateral agreements with the United States that provide the necessary legal safeguards for companies to respond to legitimate requests without breaking U.S. law. EU governments should also consider revising their data-retention laws. An insistence, for privacy reasons, on short data-retention periods has hindered prosecutions in the past.

Investing more in digital intelligence should be a priority. Intelligence professionals understand the value of having bulk access to Internet communications (between Syria and Europe, for example), being able to hack the devices used by terrorists and criminals, and using data-mining techniques to identify suspects. In 2010, for example, British authorities foiled the plans of a group of jihadists to bomb the London Stock Exchange by uncovering their electronic communications. But the revelations of U.S. and British government electronic surveillance programs by the former National Security Agency contractor Edward Snowden have diminished public trust in the use of such techniques. It is essential to rebuild confidence across Europe in the use of these methods—under strict legal safeguards and with independent oversight. Leaders should acknowledge the important role that intelligence agencies play and defend their methods as essential to public safety. To get smaller states on board, the larger powers, such as the United Kingdom and France, should reach out to them to offer support and training. The Club de Berne, a non-EU body where the heads of the internal intelligence services of the EU countries, Norway, and Switzerland meet regularly and oversee the Counter Terrorist Group, which liaises with the EU, would be a good forum for coordinating such efforts.


The United Kingdom’s vote to leave the EU, or Brexit, has introduced great uncertainty for at least the next two years over the United Kingdom’s relationship with Europe. The United Kingdom is Europe’s major intelligence power and has long benefited from its close coordination with the United States on security and intelligence gathering. It remains at the cutting edge of digital intelligence—it has around 5,500 people working in this area, compared with France’s 2,800 and Germany’s 1,000. At the moment, the United Kingdom enjoys excellent bilateral and multilateral relationships with other European intelligence services. That should continue, but politicians will need to show steady nerves to ensure that the security needs of Europe as a whole are placed above the political interests of its individual leaders.

Policymakers must be prepared to cooperate internationally through informal networks, rather than waste time dreaming of new EU institutions, such as a European CIA or FBI. An effective international network could develop among counterterrorism centers, for example, especially to share threat assessments (preferably based on an agreed set of warning levels). The various European national intelligence coordinators, working with the U.S. director of national intelligence, could form another such network. And the United Kingdom will remain a major player in the Club de Berne. Intelligence and security professionals across Europe sincerely hope that the United Kingdom will remain fully engaged, even as they understandably regret the wider disruption that Brexit will cause.

The EU has done much to foster police and judicial cooperation while safeguarding fundamental rights. The common European Arrest Warrant speeds up the extradition of suspects between EU member states, a mechanism the United Kingdom used to return a suspected terrorist to Italy to face trial after the second wave of attempted attacks on London in 2005. Europol provides a valuable avenue through which police can liaise with one another. The Schengen Information System II allows police to share information about suspects, and the Schengen III information-sharing arrangements provide a network for sharing DNA, fingerprints, and vehicle registration databases (the United Kingdom had recently joined this network, but after Brexit, it will have to negotiate a new agreement). Policymakers will now need to put in place arrangements to ensure continued cooperation on law enforcement once the United Kingdom withdraws from the EU.

Close British-EU cooperation should not get in the way of creating a wider network of states, including the United Kingdom, to improve intelligence gathering on terrorist and criminal organizations within and outside Europe’s borders. But it will take good statesmanship on all sides to navigate the tough negotiations over the United Kingdom’s new relationship with the EU, while creating more powerful, mutually beneficial networks for intelligence sharing and security cooperation across Europe and beyond.

European countries were slow to respond to the rise of ISIS. But they now have the opportunity to override old prejudices, reexamine their counterterrorism strategies, and invest in modern intelligence methods. Even those states that justifiably pride themselves on their police and their ability to access and analyze intelligence can learn from recent events.

Above all, the goal should be to maintain normality—and to increase the ability to swiftly restore it when necessary. This will deprive terrorists of what they seek most: to stoke public fear and disrupt the everyday life of free and democratic societies. They must not be allowed to succeed.

You are reading a free article.

Subscribe to Foreign Affairs to get unlimited access.

  • Paywall-free reading of new articles and a century of archives
  • Unlock access to iOS/Android apps to save editions for offline reading
  • Six issues a year in print, online, and audio editions
Subscribe Now
  • David Omand is a Visiting Professor in the Department of War Studies at King’s College London and at Sciences Po, in Paris. He served as the United Kingdom’s Security and Intelligence Coordinator from 2002 to 2005.
  • More By David Omand