The Westgate Mall Attack and the Future of Terrorism


Nairobi, Kenya. Image: Jonathan Stonehouse.

An immutable law of jihadist groups is that they carefully monitor attacks—both successful and unsuccessful—in order to replicate and build upon those that worked and to avoid repeating errors. Even before the Somali jihadist group al-Shabaab executed its devastating attack at Nairobi’s Westgate Mall, shopping malls were a rather obvious terrorist target, and they will certainly feature prominently in future terrorist plans.

The Westgate attack is itself a variation of a previous highly successful operation: an urban warfare assault in Mumbai, India, that the Pakistani group Lashkar-e-Taiba executed in 2008. In that plot, ten attackers split into four teams and struck multiple targets—including a train station, a café, and taxi cabs—with bombs and firearms before seizing hostages in the Oberoi Trident and Taj Mahal hotels, as well as the Nariman House (a Jewish community center). Due to this mix of tactics, rather than ending the attack in a matter of hours, Indian security forces took days to clear out the Mumbai attackers.

Westgate represented a more limited target set than Mumbai, but the attack was based on the same principles. Like Mumbai, the death toll in Nairobi was high, the target was a prominent public place important to the economy and to tourists, and the assault dragged on for days. Securing the targets in both Mumbai and Nairobi in advance would have been difficult because efforts to protect them from attack would likely also make them onerous to enter, thus cutting against their very purpose.

Therein lies another benefit to striking malls, from the terrorists’ perspective: if an attack succeeds, it presents the adversary with a dilemma about how to respond. Would Western countries implement stringent defensive measures—and thus make malls less attractive destinations—or would they allow the vulnerability to remain?

A similar dilemma caused another al-Qaeda affiliate, al-Qaeda in the Arabian Peninsula (AQAP), to do something that surely seemed odd to many observers. In November 2010, AQAP produced a special issue of its English-language online magazine Inspire celebrating an apparently failed attack. The previous month, AQAP had hidden bombs in printer cartridges then shipped them from Yemen on United Parcel Service and Federal Express planes. It was a close call, but ultimately good intelligence was able to prevent any casualties; the bombs were found and disabled before they were set to explode.

Why, then, did AQAP choose to celebrate a plot that killed nobody? As the radical Yemeni-American cleric Anwar al-Awlaki explained, the act of simply getting the bombs on board the planes could be considered a success, as it exposed a vulnerability. “With all the intelligence information the enemy had,” he wrote, “they could not detect the explosives even though the printers were inspected twice in the U.K. They only discovered the explosives when they had the exact tracking number of the package.” (Awlaki’s last claim was correct: one of the bombs was so difficult for screeners to find that British authorities actually needed the tracking number to locate it.)

This vulnerability, in turn, created a dilemma for the adversary that struck at its center of gravity—its economic might. “You either spend billions of dollars to inspect each and every package in the world,” Awlaki wrote, “or you do nothing and we keep trying again.” A successful shopping mall attack presents a similar dilemma to its victims.

It is not a question of whether the Nairobi attack will be modeled; it will, and likely with a Western country as the target. It should be noted, though, that Western countries enjoy two advantages when it comes to attacks like this. First, it was easier for Shabaab to slip operatives into Kenya undetected than it would be for them to place an attack team in the United States or Europe. Hopefully, Western security services could break up attempts to carry out a Nairobi-style attack before it became operational, just as they disrupted an attempted Mumbai-style attack in Europe in late 2010. Second, Western countries have greater capabilities in responding to such attacks once they are operational; they have a better chance of ending the crisis before days have slipped by.

That being said, it is well worth considering how we might respond were a shopping mall attacked in this manner. Would we create checkpoints at mall entrances to prevent people from entering with weapons? Would we increase the presence of security forces, perhaps providing them with instructions about how to identify possible perpetrators of an attack? Or would we encourage citizens to come to the mall armed, so that they could defend themselves in case terrorists strike? Perhaps we would decide that defensive measures were not worth the cost—especially since our ability to break up plots before they become operational remains strong—and find that a successful mall attack every 12 years or so is an acceptable cost for maintaining our current levels of convenience.

Often we seem blindsided by terrorist events. After failing to anticipate a particular attack, we struggle to respond, and our response might not address the underlying risk or may even be counterproductive. Considering possibilities is not the same as paranoia or fear, and the implications of a mall attack in the West are worth thinking through before it happens.


Daveed Gartenstein-Ross

Daveed Gartenstein-Ross is a senior fellow at the Foundation for Defense of Democracies and an adjunct assistant professor in Georgetown University’s security studies program. He has written extensively about the Somali jihadist group al-Shabaab, including producing one of the first academic studies on it.


  • September 23, 2013

    Michael R Cole

    I am retired law enforcement and I read your article on the Westgate terrorist attack in Kenya. . I agree with you completely and unfortunately the US will probably not spend the money to adequately prepare for this type of attack. If we do, it will be after the fact. We should learn from Israel.

  • […] organizations and their methods. Al Shabaab expert Daveed Gartenstein-Ross contextualizes “The Westgate Mall Attack and the Future of Terrorism” in the Georgetown Journal of International […]

  • October 13, 2013

    Ken North

    Irrespective of the target site, the hard lessons learned from Beslan, Mumbai, and a score of prior “complex attacks” ranging back to Munich, 1972, is that time is our relentless enemy. You have to assume that weaponry, ordnance, and even shooters have been pre-positioned, and that they will be fully deployed within an 8-12 minute window of event inception. Law enforcement and/or armed security must fully engage, if necessary, frontally, to degrade the operational tempo of the attack in the earliest moments. Unfortunately, while American law enforcement has the best command posts Federal money can buy, virtually nothing has been allocated to train state and local law enforcement officers on appropriate tactics for a complex assault. The “active shooter” tactics developed post-Columbine, while generally appropriate for lone wolf or mentally-impaired assailants, will assuredly result in numerous police casualties in the opening moments of the incident. The National Tactical Officers Association [NTOA] has correctly identified these event dynamics in their discerning report entitled “Project RED III”. That detailed assessment persuasively argues that special tactical units cannot possibly respond in time, much less Federal resources, and that it is accordingly incumbent on local law enforcement to stand in the gap. But how?

  • February 17, 2017


    Muchos Gracias for your article. Really Cool.

Leave a Reply