Terrorist Tactics, Techniques, and Procedures


Tactics, Techniques, and Procedures is an essential concept in terrorism and cyber security studies. The role of TTPs in terrorism analysis is to identify individual patterns of behavior of a particular terrorist activity, or a particular terrorist organisation, and to examine and categorize more general tactics and weapons used by a particular terrorist activity, or a particular terrorist organisation.

Requirement to identify individual terrorism TTPs

The current approach to terrorism analysis involves an examination of individual terrorist, or terrorist organisations use of particular weapons, used in specific ways, and different tactics and strategies being exhibited. Broadly, a wide range of TTPs have been exhibited historically by individual terrorist, or terrorist organisations worldwide.

Key concepts

Evolution of TTPs

All terrorists, or terrorist organisations, worldwide historically have exhibited an evolution in TTPs. This can be as a result of:
In the case of the Taliban, their tactics have consisted primarily of guerrilla-style improvised explosive device attacks and small-arms ambushes against international and state-level security forces and interests, such as police checkpoints and military supply convoys. However, more recently Taliban TTPs have expanded to include mass casualty attacks by suicide bombers and other suicide attacks in order to undermine the current government.

Kill-chain model

The kill-chain model is a conceptual tool used in terrorism analysis and studies. All terrorists' or terrorist organisations' TTPs form part of understanding the terrorist kill chain, which is the pattern of transactional activities, link together in order for a terrorist act to take place. Broadly, this involves describing the 'hierarchy of tasks and sub-tasks that may be involved in the execution', or in making a terrorist act happen. These can include the arrangement and sequence of activities a terrorist or terrorist organisation uses in planning, organizing, mobilizing, training, equipping and staging resources and operatives. These activities make up the terrorist or terrorist organisations' modus operandi or 'attack system'.
Four sets of steps make-up the full KCM:
The KCM “sequence of activities” is not linear, but discontinuous. Three additional KCM scenarios can be identified:
Terrorist TTPs are often transferred between various terrorists, or terrorist organisations, and they often learn from each other. The degree to which the transfer of TTPs occurs depends on their relative success when transferred to a different conflict, and a different environment.
The similarities in TTPs between various terrorists, or terrorist organisations, across conflicts and periods suggest a transfer of information.
Several key tactical concepts can be related to TTPs, which are typically used in terrorism or insurgency operations.