The Triple Challenge of Confronting Lone Wolf Attacks

Michael Zehaf-Bibeau, Wikimedia Commons

By Dan Mahaffee, Columnist


The shocking attack in Ottawa on October 22, 2014, demonstrated the challenge of preventing and responding to self-radicalized active shooters. In the attack, Michael Zehaf-Bibeau shot and killed Corporal Nathan Cirillo, who was standing guard at the Canadian National War Memorial. Zehaf-Bibeau then entered the Canadian Parliament, where he was killed in an exchange of gunfire with security staff.[1]

This incident embodies a triple challenge counterterrorism officials now face—an individual active shooter, the self-radicalization of so-called ‘lone wolves,’ and the balance of openness and security at major government buildings. As a self-radicalized active shooter, Zehaf-Bibeau was not part of a broader network that, by virtue of its size, could have created significant ‘chatter’ intelligence or law enforcement agencies could intercept. The targets, the war memorial and the parliament, were important sites for both political leaders and the Canadian public. While thorough security screening and police presence are requisite for entry into these buildings, it is also important the public be able visit these sites and interact with their elected leaders.

As groups such as the Islamic State seek to radicalize individuals overseas to carry out attacks, it is important for counterterrorism professionals to detect radicalization before an attack can occur, and to secure the various memorials, parks, plazas, and other open areas surrounding government buildings. Technology alone will not be a panacea, but combined with increased patrols, plainclothes presence, and pattern recognition of radicalization, it can help to improve the overall defense-in-depth against such attacks.

‘Lone wolves’ who have carried out attacks often struggle with mental illness, possess criminal backgrounds, or have a history of unemployment or poor job performance, a pattern of vulnerability to radicalization.[2] Not only did Zehaf-Bibeau’s history check all of these boxes, but other self-radicalized individuals—including Richard Reid, the ‘shoe bomber’; Zale Thompson, the man responsible for the October 23, 2014, hatchet attack on NYPD officers; and Major Nidal Malik Hasan, the Fort Hood shooter—also fit this pattern.[3] In addressing these challenges, it is important for policymakers to understand the nexus among mental health services, law enforcement surveillance, and identifying at-risk individuals.

When a lone wolf undergoes self-radicalization and prepares an attack, there is often evidence of communication with other radicals, often within places of worship or through online communications such as email or social media. As terrorist groups increasingly use social media for recruitment—and the self-radicalized increasingly post their vitriolic viewpoints—monitoring social media can be an important tool for counterterrorism efforts.[4] In the post-Snowden era, the debate over civil liberties and monitoring online communications remains a thorny issue. Still, as Robert Hannigan of the British Government Communications Headquarters points out, “The challenge [of the Islamic State’s online presence] to governments and their intelligence agencies is huge—and it can only be met with greater co-operation from technology companies.”[5]

Finally, a mixture of improved technology and technology adapted from the private sector, combined with an increased presence by law enforcement, can potentially neutralize or mitigate an attack. The increased presence of plainclothes police can provide security among visiting crowds, without raising the suspicion of a terrorist or inciting fear among the public. Technology, such as heads-up displays, which provide an image overlay over glasses or helmet visors, can also reduce the chance of plainclothes police being confused with active shooters by SWAT and other first responders during an incident. These systems can also help provide immediate intelligence to other first responders, thus cutting through the ‘fog of war’ that often surrounds the early stages of an attack.[6] Additionally, at a protected site, camera surveillance technology can help to spot suspicious behavior that might indicate an individual is preparing to launch an attack. Already, there is a wealth of knowledge about such technology in the casino industry—for detecting theft and card counting—and law enforcement and security contractors could adapt this software for surveillance of areas surrounding government buildings.[7]

These are just a few steps that can be taken to better confront the difficult challenge of lone wolf terrorism while ensuring that the public has access to the many great monuments and government buildings that represent our values and way of life. While there is indeed the triple challenge created by these self-radicalized individuals, intelligence monitoring of social media, improved identification of at-risk individuals, and expanded use of technological tools are three potential solutions within the grasp of policymakers.


Dan Mahaffee is currently enrolled in the Georgetown Center for Security Studies Master’s Degree program. He graduated from Georgetown University in 2009 with a Bachelor of Arts in Government with an emphasis on international relations and security studies, with minors in Mandarin Chinese and History. His work has been published in CSPC’s Triumphs and Tragedies of the Modern Congress, POLITICO, Real Clear World, Real Clear Religion, the Pittsburgh Tribune-Review and the CSPC Fellows Review. His media appearances also include the Wall Street Journal, CNN, Politifact, on the Bloomberg and Xinhua Wire Services, Dunay News (Pakistan), Channel News Asia (Singapore), and France 24 TV.


[1]John Ivison et al., “Masked Gunman Killed after Canadian Soldier, Cpl. Nathan Cirillo, Fatally Shot at National War Memorial,” National Post, October 22, 2014,

[2]Tim Lister, “How Do We Stop ‘Lone Wolf’ Attacks?,” CNN, October 27, 2014,

[3]Lister, “How Do We Stop ‘Lone Wolf’ Attacks?”; Julian E. Barnes, “Gates Makes Recommendations in Ft. Hood Shooting Case,” Los Angeles Times, January 15, 2010,

[4]Bill Gertz, “Islamist Terrorists Shifting from Web to Social Media,” Washington Free Beacon, October 23, 2013,; Catherine A. Theohary and John Rollins, Terrorist Use of the Internet: Information Operations in Cyberspace (Washington, D.C.: Congressional Research Service, March 8, 2011),

[5]Robert Hannigan, “The Web Is a Terrorist’s Command-and-Control Network of Choice,” Financial Times, November 3, 2014,

[6]Lambert Ninteman, “Active Shooter Events: Detection & Prevention,” The CIP Report, Center for Infrastructure Prevention and Homeland Security, George Mason University School of Law, 11, no. 9 (March 2013): 12–14.

[7]Ellen Nakashima, “From Casinos to Counterterrorism,” The Washington Post, October 22, 2007,



Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.