The Paris attacks. A case of intelligence failure


On November 13th, 2015, a coordinated terrorist attack in Paris killed 130 people and injured 352 others. The attack was carried out by a commando of at least 8 Islamic State terrorists divided in 3 groups, and masterminded by Belgian national Abdelhamid Abaaoud, killed in a raid in Saint-Denis on November 18th. Some of the perpetrators were already known to the authorities as dangerous radicalized individuals, while others were identified foreign fighters with battlefield experience in Syria.

While France and Belgium remain on high alert for fear of further attacks, some questions on the skills, resources and coordination of European intelligence agencies should be raised.

An intelligence failure?

The Paris attacks are an example of intelligence failure, which will require a deeper investigation – a post mortem analysis – in the coming months. A post mortem report is an evaluation of what went wrong in the intelligence cycle, leading the security services failure to detect a threat or prevent an attack. From what we know so far about the profiles of the attackers, the intelligence failure manifested itself in three areas:

  1. Failure in the detection and prioritization of threats;
  2. Failure in surveillance;
  3. Failure in information-sharing.
  1. Failure in the detection and prioritization of threats

The most common mistake in the intelligence cycle is not recognizing a threat as such, or not placing it in the right rank of risk priority. This can happen for two reasons. Firstly, the intelligence apparatus is focusing on specific, already known, threats that tend to reduce their “field of view” on new ones. This means that new threats may not be noticed or acknowledged by intelligence officers and remain undetected. The second reason occurs when a threat is recognized as potential but it is not evaluated as either imminent or causing a high impact. In the Paris attacks case, both dynamics materialized as some of the attackers were already known to the authorities, while others were not identified as a threat. This leads to the second factor in the intelligence failure.

  1. Failure in surveillance

Once the threat is identified, a constant and effective monitoring has to be put in place. France has about 11,000 radicalized individuals, out of which about 1,200 are foreign fighters. Considering that for a 24/7 surveillance of a suspect, a security apparatus needs to deploy at least 15-20 men, France would need about 220,000 officers to monitor its suspects. Certainly not a viable option, considering its limited resources.

However, in the Paris case the surveillance of identified threats has miserably failed. The Bataclan suicide bombers Ismael Omar Mostefai and Samy Amimour were monitored by French intelligence since 2010-2012, and they were known to have travelled to Syria to fight for the Islamic State. The same is true for the mastermind of the attacks, Abdelhamid Abaaoud. All three foreign fighters were known to the authorities and were able to escape surveillance and move back and forth between Europe and Syria unnoticed.

Although they were identified as a threat, the surveillance system failed to spot them in the Belgian and French territory. This would have allowed the security services to raise their alert level, and possibly prevent the attacks. According to Turkish authorities, Turkey notified France twice about the presence on its territory of suicide bomber Mostefai in December 2014 and June 2015, but did not receive any feedback from Paris. This leads us to the third area of intelligence failure: information-sharing. 

  1. Failure in information-sharing;

The Paris attacks highlighted an information-sharing problem among the European Union and NATO countries. If the French and Belgian security services are to be blamed for losing track on their suspects, other European countries that have seen these suspects crossing their territory should also bear their share of responsibility. Information sharing is of paramount importance considering that once within the Schengen zone an individual can travel freely across the continent. More practically speaking, this means that the known suspects should have been monitored in Syria and put under strict surveillance since they entered Europe again. This implies that EU countries should share a list of suspected extremists, allowing partner countries to “reset their radars”, keep track and notify about important information regarding the suspect(s). In the above mentioned example on the lack of information sharing between France and Turkey on Mostefai, the intelligence failure is even more alarming taking into account that it took place between two NATO allies, whose intelligence sharing should have been trained in decades of military cooperation.

Lack of resources?

France interior intelligence agency DGSI has approximately 3,300 officers, who are tasked with monitoring 20,000 people on national security watch lists, out of whom 11,000 are identified Islamist extremists. Simply put, intelligence operatives are extremely overstretched and incapable of coping with the threat.

Security and defence agencies in most of European and NATO countries have suffered conspicuous budget cuts over the past 7 years, as a result of the economic crisis and the consequent implementation of austerity measures. The 9/11 attacks in Washington and New York were already too far in the memory of decision makers and public opinion. National security ended up being threatened more by economic factors than terrorism or other forms of hard security threats.

The trend seems now to be reversing. With European economies on a recovery path, though slow, and the threat of domestic terrorism raising, new resources for intelligence agencies are made available. Following the attacks, President Hollande announced that 8,500 new personnel will be added to the security services.

In the UK, the intelligence services personnel will increase up to 15%, with approximately 1,900 new officers. In addition, special operations forces from the Special Air Service (SAS) and Special Boat Service (SBS) will be incorporated within Scotland Yard ’s Counter Terror Command. Last but not least, the budget for aviation security will doubled to 18million GBP (approximately 24.7 million euro), and additional security measures will be taken to secure aircrafts and airports in North Africa, the Middles East and Asia. This new reassessment in the aviation sector is also driven by the bombing of Russian Metrojet flight 7K9268 in North Sinai on October 31st by Islamic State-affiliated “Sinai Province” terrorist group.

However, will increasing resources be enough to avoid further attacks on European soil? The answer is no, and the explanation is twofold. First of all, the effect of this new recruitment will only be noticeable in the medium/long term, as it will take some time for new personnel to be trained and methodologies to be re-assessed and eventually improved. Secondly, security services are not only limited in terms of resources, but also by the laws regulating intelligence services in a liberal democracy. This implies a trade-off between security and privacy that in most of the case ends in favour of the latter. 

The security vs. privacy dilemma 

On October the 3rd, 2015, France’s new intelligence act came into force. Certainly, one month was not enough to see results and drive conclusions. However, what emerged in the political debate in the months preceding the approval of the bill, the balance between security and privacy leaned towards the latter.

According to the new law, the French foreign intelligence service (DGSE) can only target international communications and should not monitor those communications which are linked to the French territory. This establishes a clear-cut division of tasks between the foreign and interior intelligence (DGSI). A question that may arise considering the issue of the foreign fighters (a domestic problem that becomes external, to then return domestic) is if the dichotomy interior vs. exterior still makes sense, especially given the risk of discoordination between the agencies.

In addition, the Prime Minister is responsible for approving the monitoring of communications’ systems on a case-by-case basis. This means, for example, that the DGSE will need the explicit authorisation of the Prime Minister to start monitoring any potential new communications’ system. This limitation in surveillance was due to the constitutional review operated last summer. In July, the French Constitutional Court considered unconstitutional three articles from the draft bill, two of which are relevant to this case. The first article would have established an “operational emergency procedure” (urgence opérationelle), allowing the intelligence agencies to take decisions without waiting for the approval of the Prime Minister in the context of specific investigations. The other article would have given broad and unclear “international surveillance” powers to intelligence agencies. These points are particularly relevant if we think that the Paris attacks were probably planned on encrypted communication tools like Telegram and Playstation 4.

It is difficult to conclude that these provisions would have helped in preventing the attacks. What is certain is that intelligence agencies are limited not only by a lack of resources but also by legal boundaries.


The November 13th Paris attacks were the third terrorist attack occurred on the French soil in 2015, following Charlie Hebdo in January and the shooting on the Amsterdam-Paris train in August. Therefore, they cannot be considered a “wake-up” call on the terrorism threat in France, and Europe in general. Rather, the Paris attacks should call for a deep review of European intelligence services, their risk assessment methodologies, and the financial and legal resources at their disposal. On the other hand, this is the last call for the European intelligence community to agree on a more efficient intelligence sharing framework, which does not necessarily imply the creation of a European Intelligence Agency. If we fail to plug these leaks, the question to be answered will no longer be if another terrorist attack will occur, but when and how bad it will be.

Photo credit: Wikipedia

About Author

Edoardo Camilli

Edoardo Camilli is the founder and director of the International Security Observer. He is also CEO and Co-Founder of Hozint – Horizon Intelligence, a global risk and travel security solution provider. His research activities focus on intelligence, insurgency, organised crime and national security policies. Edoardo holds a Master in International Relations and a second level Master in Intelligence and Security. Edoardo is alumnus of the International Visitor Leadership Program (IVLP) and European Young Leader Under 40 (EYL40). He is fluent in English, French, Spanish and Italian.

Comments are closed.

Get Amazing Articles

Get our articles delivered straight to your inbox. Sign Up Now.
Email address
Secure and Spam free...