Introducing the Worldwide Incidents Tracking System (WITS)

Introducing the Worldwide Incidents Tracking System (WITS)

by John Wigle


For researchers looking for an authoritative data source on terrorist attacks: The Worldwide Incidents Tracking System (WITS) is the U.S. Government's authoritative database on acts of terrorism, and is used to enumerate statistical data for the annual publications Country Reports on Terrorism (from the U.S. Department of State) and the NCTC Report on Terrorism. This article provides a brief tutorial on WITS and, by way of example, a cursory look at trends in terrorism lethality.

Origination of WITS

With the publication of the 2003 Patterns of Global Terrorism report and the ensuing criticism, [1] the U.S. Government (USG) performed a zero-based review of all business processes, information technology, and staffing necessary to perform the delicate work of terrorism data collection and analysis. [2] Out of this review, the WITS database was born. It is now housed at the National Counterterrorism Center (NCTC), which is committed to an open and transparent process for the data behind the report. Interested social scientists, scholars, and the public can find the detailed data used to enumerate the statistics for the report on the NCTC's public website or at As a part of the zero-based review, the USG reviewed the congressional requirements behind the report. There were some inconsistencies between the definition [3] and inclusion filters for the report, as well as measures that were seemingly outdated for today's terrorism concerns. As a result, NCTC opted to drop the filters and track international and domestic acts of terrorism, regardless of significance.

Challenges with International and Significant Filters

During 2004, several acts of terrorism underscored the difficulty with two of the criteria used to limit the types of terrorist incidents covered by Patterns of Global Terrorism. In order for an attack to qualify for inclusion in the report, it had to be both international and significant. International meant any acts that involved the citizens or territory of more than one country.[4] A seemingly simple definition, but cramming all of humanity into computer bits, ones and zeros, creates many occasions for gray areas, as shown below. What constituted a significant act was even fuzzier and was legally left to the opinion of the Secretary of State,[5] although there were some prescribed rules promulgated by the State Department. For example, a significant attack meant an act of terrorism that either killed or seriously injured a person, or caused USD $10,000 in property damage. Asking intelligence analysts to diagnose the severity of injuries from a distance is a challenging request. Difficulty also arises when estimating the amount of property damage, particularly when the US dollar equivalent is stronger or weaker in other areas of the world. Finally, another area of complexity was aggregation and disaggregation of multiple attacks that might be coordinated. Coordinated attacks can take place over minutes or even hours.

Depending upon the information available and counting rules, an incident like the 9/11 attack might be counted as 1, 2, 3 or even 4 attacks. Is the World Trade Center 1 attack or 2? Do you count the Pentagon as a separate attack or combine it? Ultimately, NCTC realized these counting rules were too complicated and the filters did not address today's concerns about terrorism. To anyone involved in a terrorist attack, it is significant, regardless of casualty levels and cost estimates.

Here are three real examples that gave NCTC some headaches in 2004:

  1. On August 24, 2004, two Russian jetliners were targeted by Chechen black-widow bombers. Both planes were Russian flagged, had Russian aircrews, were targeted by a Russian terror group, and flew in Russian airspace when they exploded. These two bombings were a part of one coordinated attack, but only one plane counted for the report since two Israeli passengers were on board,[6] thereby making it an "international" event. Hypothetically, if the Israeli passengers had missed the plane, then neither of the planes and the scores of people killed in the attacks would have been mentioned in the report.
  2. In February 2004, a Filipino terror group targeted a ferry carrying local nationals between Philippine islands. The attack killed more than 100 people and may be the deadliest act of terrorism ever recorded at sea, but it did not count for the purposes of the report. The attack took place within the territorial waters of the Philippines, the ship was Philippine flagged, it had a Filipino crew, and a domestic group perpetrated the attack. Given that it may be the largest maritime terrorist attack ever, regardless of "definitions" it seems the USG should probably pay attention to this attack.
  3. In May of 2004, bombings in Turkey targeting four Automatic Teller Machines (ATM) operated by the same bank probably exceeded USD $10,000 in total, but if separated, the ATM incidents did not count for reporting purposes unless NCTC could demonstrate they were a single coordinated attack.

During 2004, NCTC recorded 3,195 incidents that met the definition of terrorism and, of those attacks, NCTC determined 651 met the filtering criteria for international and significant following the procedures used in Patterns of Global Terrorism. That only 20 percent of the incidents made their way into the report seemed to undermine the spirit of the report. Ultimately, NCTC opted to discard the two filters and track all acts of terrorism. Increasing the radarscope on terrorism had its pros and cons. NCTC would not be blind-sided by seemingly smaller and less fatal acts of terrorism, and it would have a larger universe of terrorism to study. It would, however, require more resources to carry out the needed work within appropriate quality tolerances to assure a statistical baseline was meaningful for time-series trends and analysis.

Data Collection for WITS

To provide a robust collection effort for WITS, NCTC addresses two areas of concern: it practices basic knowledge management techniques to ensure consistency in data collection during analyst turnover, and it casts a wider net on political violence than may be considered terrorism. Casting a wider net ensures all candidate events are given fair consideration. I will describe these two areas of concern in further detail.

NCTC gathers data from open sources manually using commercial subscription news services, the USG's Open Source Center (OSC), local news websites reported in English, and, as permitted by the linguistic capabilities of the team, local news websites reported in foreign languages. Although a manual and labor-intensive process, the team strives to maintain consistency in collection by centrally maintaining knowledge of the search strings and Internet web sites commonly used by the analysts. A senior intelligence analyst performs an important quality control function on the team: maintaining the list of sources and search strings, or "knowledge capital," used by the analysts in their work. This knowledge capital provides consistency during turnover on the team. In theory, if an analyst won the lottery and quit the next day, NCTC would have a list of sources and search strings the lucky analyst used to cull through open source to find data. Although this knowledge capital does not resolve individual bias introduced by analytic interpretation of the data, at least different analysts could duplicate the data collection. To reduce interpretation bias further (or increase inter-rater reliability), NCTC has analysts maintain account notes of commonly used terms and phrases found in the press, recurring political and ethnic issues, terrain notes, weather related trends, and other factors that influence a mastery of context surrounding acts of violence in countries assigned to their area of responsibility.

The second key principle behind the collection effort is the need to cast a wider net on what may be considered terrorism. The statutory definition is inclusive by itself. But to ensure NCTC gives fair and proper consideration to all the events available in open source, NCTC collects information on attacks that have any indications of terrorism. It is very difficult and more time consuming to go back and try to retroactively collect data. Other collection efforts have noted the same challenge with historic data collection.[7] Many web sites delete or archive content after a number of months or weeks, making a complete historical collection impossible. Additionally, assuming all the data is still available, experience has taught NCTC that sorting through a haystack to find missing data is more time consuming than collecting all the data when harvesting. Therefore, NCTC prefers to cast a wider net to collect a large set of candidate incidents, rather than going back to find missing candidates.

Human and Computers – Decision Making Theory

NCTC designed the WITS data coding process to make the best use of humans and computers. There is plenty of evidence to suggest that statistical models based on expert human judgment in older cases tend to outperform the same expert human judgment in newer cases. [8] Studies show that humans are good at categorizing and recognizing discrete objects and concepts, but often lack the ability to make effective aggregate judgments. This is part of the reason humans designed computers, which can aggregate data quickly and make logical conclusions. Using the best of both worlds, the analysts pull apart the specific components of an act of violence and code them into the database, and the WITS system reads the record and makes a logical decision on whether the act meets the statutory criteria for terrorism. To illustrate this in everyday life, I give an analogy of a grocery store. Humans can easily recognize items on a store shelf, like a gallon of milk, a carton of eggs, or a loaf of bread, and they will generally know the costs of those items. However, if you filled your shopping cart with food items and pushed it to the checkout line and the cashier flatly asked: "how many items do you have, and how much does all that cost?" you would have no idea. You might have to empty your cart, and place each item, one by one, back on the conveyor as you counted each item and added up the prices.

Additionally, you might have to stop and restart the whole process because you lost count. Ultimately, when you are done and have calculated a total, you likely will have made an error in counting the items or adding up the total cost. To resolve this issue, humans put UPC labels on products because they know what the products are (computers do not). The Universal Product Codes (UPC) on each item then allow the computer to quickly read all the labels and tell you how many items you have and how much they cost. A computer can also tell you how much is taxable and nontaxable, how much is dairy, meat, or vegetable, and if nutrition labeling were linked to UPCs, it could tell you how many calories, sugars, and fats you have in your cart.

Similarly, NCTC analysts look at the discrete pieces of an act of violence, for instance, the event types, weapons, victims, and facilities. The analysts then code these discrete pieces into the database and the computer logically analyzes the coding to determine if an act of violence meets the statutory criteria for terrorism. Having the computer assist NCTC with what is or is not terrorism allows an analyst to compare the computer's answer with human thinking about the attack. In a vast majority of cases when there is a disagreement between the human (or expert) judgment and the computer's conclusion it is the result of a human error in the (UPC) coding: a combatant flag for a military victim was not set to true, or a kinetic event type was accidentally selected for a non-kinetic event. This objective conclusion by the computer reinforces proper coding of the attack and serves as a quality control function. In the vast majority of remaining cases where the coding is correct but humans and computers disagree, the computer has still been right and the expert judgment wrong, typically because the human element has allowed emotions or bias to enter into the aggregate decision making process. For example, in one very tragic event, the 2005 Baghdad bridge stampede, the experts insisted the event was an act of terrorism. Nevertheless, a simple cursory review of the statutory criteria revealed that the computer had arrived at the correct conclusion when it did not categorize it as such. For those less familiar with the incident: Muslims had gathered in large numbers to pilgrimage to a Mosque in Baghdad. A bridge near the historic shrine was closed. During the height of the crowd, a rumor started among the pilgrims that a suicide bomber had infiltrated the crowd. Panic ensued and thousands of people began rushing over the closed bridge; the railings gave way and hundreds of people fell into the river and drowned. Nearly 1,000 people died during the stampede. An investigation into the incident revealed no perpetrator was involved. The experts, nonetheless, felt that terrorists had succeeded in creating an atmosphere of fear and intimidation and that this incident reflected that success and should be considered an actual act of terrorism in and of itself. However, the statutory definition does not consider the atmosphere of fear and terror. Instead, it requires that there is a kinetic event (violence) and that it should be premeditated. There were no indications of either of these two criteria, so the computer concluded correctly that it was not terrorism. In those cases where there is some question of whether the computer or human is wrong, the debate quickly turns to the key coding pieces tied to the statutory definition. Such constructive arguments on the specific attributes of the definition and whether or not the fact pattern of the attack fits the definition is healthy. Such debate insures that NCTC is making a best effort to properly code all attacks and pay close attention to those that fall in gray areas of coding.

Conversely, in cases where humans cannot code values for things so easily (such as the amount of property damage caused by an attack) then human judgment should be limited to broad stroke conclusions. Reusing the grocery store analogy, if you have to make a guess on how many items you have in your cart, it's best to make it a broad estimate, such as 15 items or less, or more than 15 items. Just imagine the chaos that would ensue in a grocery store that had checkout lanes for 15 items or less and other lanes for 16 to 19 items, 20 to 38, 39 to 52, 53 to 71, etc. It might be best to limit your shopping to 15 items per visit in order to avoid being attacked by someone with a loaf of French bread for inadvertently choosing the wrong lane. It is best to leave aggregate judgments to broad strokes when relying on humans to make the call. Such broad strokes make easier and more consistent calls, and thus maintain an enduring statistical baseline.

Humans often include bias and emotion in their aggregate judgment process, which hampers their ability to make factual conclusions. The computer algorithm in WITS assists NCTC with staying on the narrow path of objectivity. There are plenty of examples of computers assisting humans with making decisions. Recently, inventors created a Bluetooth® enabled stethoscope that transmits the audio to the doctor's computer or a handheld device running software that can check for heart murmurs and other ailments. [9] Before computers were in hospitals, doctors used statistical prediction rules (SPR) to make a diagnosis and determine a course of action for treatment. The SPR process takes discrete components of the diagnostic process and calculates the probability of a diagnosis or treatment outcome.[10] The SPR process assists the doctor, no matter his or her level of expertise, in making an accurate prediction. Today, doctors enter the data into a computer that provides the probability of a diagnosis or treatment outcome in seconds. This same principle is used in the WITS database.

Methodological Principles

NCTC developed the following guideposts, or methodological principles, to assist in the formulation and maintenance of its coding practices.

  1. Consistency Principle – Can a variety of analysts or coders arrive at the same result using a proposed rule or procedure? It is better to place a threshold where a decision can be most consistently applied, even if less useful, than it would be to place it where confusion abounds during coding. The easier it is to make the call the stronger the inter-rater reliability.
  2. "Who Started It?" Principle – NCTC excludes actions initiated by the State. For instance, police raids, counter-terrorism, or counter-insurgency operations are considered State-initiated actions. Conversely, a checkpoint is a passive state action, and if attacked would count as an incident.
  3. Police Shooting Principle – Perpetrators are responsible for the deaths and injuries resulting from a reasonable State response. If a civilian is killed in a gun battle between police and terrorists, the terrorists are responsible for the death even if it is determined police fired the fatal shot. Unreasonable responses are determined in context to the norms of the society where the use of force and incident took place. In those cases, the analysts parse through the casualties to assign responsibility and must document their reasoning.
  4. Too Vague Principle – There comes a point when missing information makes the remaining known data meaningless. If a press account does not provide enough detail to identify a time span, location, and type of attack, it is considered too vague and is not counted.
  5. Terrorist-on-Terrorist Principle – Attacks between terrorist cells or groups are not counted as acts of terrorism.
  6. The George Washington Test – Yasser Arafat once said, "one man's terrorist is another man's freedom fighter." Settling this bias is tough. Certainly, people can understand legitimate resistance, such as General George Washington and his troops taking up arms against the King of England. Nevertheless, where is the boundary between legitimate resistance and terrorism? More to the point of the test, what if, hypothetically, George Washington targeted colonists and bombed the colonial governor's home? Would that constitute terrorism? This is the essence of the George Washington test: If NCTC seats General Washington into the fact pattern of a given attack today, has the act crossed the imaginary boundary of legitimate resistance and into terrorism? This principle provides a challenge to analytic bias to over subscribe terrorism to events if they occur outside the United States and on the other hand keep the process impartial and fair using George Washington as an imaginary bar or threshold on civility involving violence by resistance fighters.
  7. Threshold Principle – To insure the fishing net is cast wide enough on acts of political violence, NCTC requires analysts to capture incidents where an attacker has crossed the threshold of his or her base of operations to conduct an attack. Incidents prior to crossing the threshold, for instance mishaps in mixing chemicals at a terrorist safe house that result in the death or injury of innocent people, do not count. They usually lack premeditation.

A Suggestion for Future Event Databases

Using the same technique that NCTC uses for WITS, a next generation events database could simultaneously track multiple definitions of terrorism or political violence from discretely coded data. Knowing that 9 out of 10 definitions say a specific act constitutes terrorism has some intriguing utility and could be used as a form of "confidence level" in whether or not an act is broadly accepted as terrorism. Automated decision analysis allows various academics or governments to use the same set of data for a variety of reasons, increasing both its value and utility.

Table 1 below shows various select attributes that researchers could hand-code for the definitions shown in the table. As more definitions are added to the table, it is very likely that only a few additional attributes are needed to track them.

Table 1 – Common Attributes of Terrorism Definitions


Discrete Attribute

State Dept Report

UN [11]

US Criminal Code [12]

US Reg, 28 CFR 0.85 [13]

US DOD [14]

European Union [15]

UK [16]












Threat of violence?






Crime committed?







Politically motivated/ designed to coerce a population or government?


Noncombatants targeted?







Sub national group or clandestine agent?







Unlawful or illegal use of force?




Life threatening?







Cause fear or terror?








Destabilizes structure of society, country or NGO?







Advances political, religious or ideological causes?






By coding a couple of dozen discrete attributes, the next generation events database could track different definitions of terrorism. Finally, it would be possible for a scholar to invent or test their own definition of terrorism by mixing a cocktail of attributes. The University of Maryland START, Global Terrorism Database (GTD) has a similar feature allowing the researcher to select one or more inclusion criteria to filter data.[17]

A Cursory Look at Trends in Terrorism Illustrated by the WITS Data

One of the trends seen as early as 2006 by the Worldwide Incidents Team at NCTC is the increasing lethality of acts of terrorism.[18] Some credit the rising death toll to an increased use of technology by perpetrators, while others credit seasoned and hardened terrorists improving their battle readiness.

In Robert Pape's book "Dying to Win: The Strategic Logic of Suicide Terrorism," he analyzes a data set on suicide terrorism maintained by the University of Chicago.[19] His research revealed, that "the raw number of suicide terrorist attacks is climbing" with the average number of attacks increasing each year. Although Pape's book infers a questionable conclusion that terrorist use suicide tactics in cases of occupation,[20] I focus solely on the raw data in his book, which states that an average of 10 suicide attacks took place per year during the 1990s, more than 40 in 2001 and 2002 each year, nd almost 50 in 2003.

I often stress to researchers and scholars that, if possible, they should test their hypothesis and verify empirical conclusions using another data set. For instance, although several professors at Princeton University praised Pape's data collection on acts of suicide terrorism, they provided a critical analysis of his research findings summarizing that his work selects on the dependent variable because the data set only has acts of suicide terrorism. The WITS data include a variety of acts of terrorism, and might be useful to test Pape's hypothesis. Practicing what I preach—although my beautiful and always correct wife would argue that I do so only occasionally—I decide to use the publicly-available WITS data set to test several easy questions that are on my mind about his work:

  1. Does the WITS data also show the same raw data trend found in Pape's research?
  2. Is the increasing use of suicide attacks driving the lethality rate upward?
  3. Is the same lethality trend found inside Iraq and Afghanistan?

A reading of Pape's book reveals that NCTC and the University of Chicago database use slightly different definitions for suicide attacks,[21] but the trend I find in the data far outpaces the subtle difference. In the chart below I have imprudently mixed baselines between Pape's research and WITS data, but I still find some value in its rendering.

Chart A1 – Suicide Attacks (Pape and WITS baselines)


* 2009 data is doubled to crudely estimate year end totals

The WITS data shows there were 102 suicide attacks in 2004,[22] 385 attacks in 2005, 342 in 2006, 520 in 2007, 405 in 2008, and 225 during the first three-quarters of 2009. I divide 225 by 0.75 to crudely estimate a 2009 total of 300. I estimate the 2009 total because I see the overall number is trending lower than 2008. Plotting this on a chart with the numbers from Pape's book suggests that suicide attacks appear to be on the rise, but might be trending downward since 2007. I double-check with the University of Maryland START program's Global Terrorism Database (GTD).[23] GTD has a baseline through these years, and their data also suggests the same trend in suicide attacks, but 2008 and 2009 data are unavailable. If the suicide trend is dropping in starting in 2008, then GTD cannot see it yet.

Chart A2 – Suicide Attacks (GTD baseline)


Assuming that I have answered question A within the affirmative—the raw totals of suicide terrorism is on the rise—I can test my next question that suicide terrorism correlates (not necessarily causally) with a rise in overall lethality noted by NCTC in early 2006, and further look at the data in Iraq and Afghanistan.

Is Suicide Terrorism Raising Lethality Levels?

I pulled the data in the tables below from the WITS database on Saturday, February 6, 2010. The WITS data were current through September 30, 2009, at that time. I calculated the data in a third table using the first two tables of data from WITS. I intentionally separated out Iraq and Afghanistan, as many would say that these two cases are outliers. The separate data will allow others to compare totals with and without Iraq and Afghanistan, and it will assist me with question C. Below is the data I pulled from WITS:





I have listed the 2004 data in the tables, but I have not used them in the graphs because NCTC has stated the 2004 data are not compatible with the baseline for the data for 2005 and onward (see endnote 22). Also the data tables above show the original total for 2009 pulled from WITS through the end of September 2009. I have divided the 2009 numbers by 0.75 to crudely estimate the year-end totals for 2009 and have used them in the charts below.

I first examine the ratio of fatalities to all attacks in the rest of the world to replicate what NCTC had published in the past several years. The charts published in the NCTC reports included Afghanistan and I want to verify that the exclusion of the Afghan data did not skew the trend observed by NCTC. To observe the pattern easily I add a linear trend line to the charts. Chart B1 reveals that the growing lethality trend is present even with the exclusion of the Afghan data from my research.

Chart B1 – All Attacks and Deaths (excludes Iraq and Afghanistan)


*2009 year end total is estimated.

Next, Chart B2 examines the trends for suicide attacks only. The lethality is very high, visible by the widely separated linear trend lines.

Chart B2 – Suicide Attacks and Deaths (excludes Iraq and Afghanistan)


*2009 year end total is estimated.

Finally, Chart B3 examines the trends for all attacks, except suicide attacks. The trend in lethality is also increasing, visible by the crossing trend lines. This appears to negatively answer question B.

Chart B3 – All Attacks Except Suicide Attacks and Deaths (excludes Iraq and Afghanistan)


*2009 year end total is estimated.

I then plot the fatalities per attack in Chart B4. Examining data from all attacks (green line) and non-suicide attacks (dashed purple line), lethality rates are essentially the same. This is not surprising since suicide attacks only represent about three to four percent of all attacks in the WITS data. The lethality for suicide attacks (red line) is very visible.

Chart B4 – Deaths per Attack by Attack Type (excludes Iraq and Afghanistan)


*2009 is based upon estimated totals.

As a result of this cursory look, there does not appear to be a noteworthy correlation between the increase in lethality rate and suicide attacks.

A Cursory Look at Iraq and Afghanistan

Chart C1 plots the WITS data for all attacks, including suicide attacks and associated deaths in the countries of Iraq and Afghanistan. The lethality of attacks is declining in these two countries combined. To me, this is an interesting find as one might expect the attacks in these two countries to be more spectacular and lethal.

Chart C1 – All Attacks and Deaths (Iraq and Afghanistan Only)


*2009 year end total is estimated.

Chart C2 plots the WITS data for just suicide attacks and associated deaths in the countries of Iraq and Afghanistan. The lethality of attacks is also declining in these two countries. Another interesting find.

Chart C2 – Suicide Attacks and Deaths (Iraq and Afghanistan Only)


*2009 year end total is estimated.

I plotted the data on all attacks except suicide attacks in Chart C3. The trend in lethality is also declining, contrary to the rest of the world.

Chart C3 – All Attacks Except Suicide Attacks and Deaths (Iraq and Afghanistan Only)


*2009 year end total is estimated.

In chart C4, I plot data for deaths per attack for suicide (red line), for all attacks including suicide (green line), and for all attacks except suicide attacks (dashed purple line). The chart appears to show the lethality ratio holding at about 8 people killed per attack in Iraq and Afghanistan.

Chart C4 – Deaths per Attack by Attack Type (Iraq and Afghanistan Only)


*2009 is based upon estimated totals.

The worldwide trends for all locations were substantially affected when Iraq and Afghanistan were included: The lethality of the attacks in these two countries is diminishing, dragging the rest of the trend downward toward a flat line for suicide attacks, or a declining rate of lethality for all attacks including, and excluding suicide attacks.

Areas of Additional Research

This cursory look does not take into account many variables that need to be controlled in a complete study, and any correlations suggested are not likely to be causal. For instance, is this rise in lethality simply temporary due to suicide campaigns in other parts of the world (i.e. Somalia)? To properly study and control the infinitely relevant variables, no database is comprehensive enough in and of itself. As such, the WITS data will need to be compared with other data sets to correlate relationships about terrorism. Other academics have used the WITS data in this fashion with some interesting findings.[24]

Does Chart B4 shows the ratio of fatalities to attacks as a monotonic increase or is the top of the curve in 2007? What is the driving factor behind the spike in 2007 shown in several of the charts?

As Robert Pape's research suggested that suicide terrorism is tied to foreign occupation rather than Islamic fundamentalism,[25] can the WITS data show this same correlation if tied to a data set on foreign occupations? Such an examination using the WITS data would address the concerns raised in Pape's research by the four professors at Princeton.

Why is the trend for terrorist lethality declining in Iraq and Afghanistan? One could speculate the trend – relative to other places – is due to heightened security, better intelligence gathering, or countermeasures utilized to mitigate suicide attacks.[26] Can any of these speculative guesses be tested to see if they are true?

Can the use of technology to assist with data classification, analysis, and decision making improve terrorism data sets? The Rutgers University used the WITS data in an experiment to test a new algorithm it has developed for automatic classification called High Order Naïve Bayes (HONB).[27] The results were very promising, and they showed it out performed Naïve Bayes and Latent Semantic Indexing (LSI) at lower training rates, including with minority classes. Such work shows that WITS and other terrorism data sets can be quickly evaluated and potential correlations can be identified quicker and more reliably than manual and human processes.

Final Word About the WITS Data

The WITS data set is a living database, and as such the data can change from quarter to quarter as new attack data are added and older data are revised with new insights and information. Therefore, I have included the date I pulled my data from WITS, and for the period through which it was current.

The entire WITS data set is available for download, free of charge, to anyone. There are three formats: two in XML format, one for databases and one for spreadsheets; and the other is the raw database export format used to load the public website with the data. NCTC requests that when using their data to properly cite any works to WITS. For cites to specific attacks, the incident control number (ICN), visible in the upper left hand corner of the incident detail screen, provides the unique reference number to the attack. For aggregate works, cite the database generally, provide the website address, and date accessed. If using the WITS search capability, it would also be helpful to record the search string used when aggregating the data. The WITS system shows the search string at the top of the query results listing. This will let people know which attack records were retrieved from WITS and would be helpful when verifying results.

Cite to WITS, for example, as: "Worldwide Incidents Tracking System," National Counterterrorism Center, , accessed on: . or: ICN 200912345, "Worldwide Incidents Tracking System," National Counterterrorism Center, , accessed on: . The WITS data, like any other data set, has its strengths and weaknesses. NCTC does endeavor, however, to maintain it as accurately as open sources allow. With that in mind, NCTC analysts use some subjective judgment when there is incomplete or inconsistent information coming from multiple open sources about the events tracked. NCTC endeavors to minimize incidents of subjective judgment to reduce bias in the data. If your researchers modify the WITS data to correct errors or judgment calls, properly indicate so in your work.

There are other data sets out there, but I am confident that you will find the WITS data the most comprehensive of its kind that is freely available. The WITS methodology and coding practices are the result of a lot of time, energy, and effort by NCTC and academia. NCTC hopes the WITS data are useful to scholars as well as USG officials. Having access to the same data the USG uses for its annual reports can only improve the necessary debate and dialog about the causes and possible methods to aid in the suppression of violence against the innocent.

*The findings, recommendations, and opinions in this essay are those of the author and do not necessarily represent the official position of The Johns Hopkins University, or the National Counterterrorism Center, the Office of the Director of National Intelligence, the Department of Homeland Security, and the US Government.

About the Author:John Wigle is an adjunct senior lecturer in the Division of Public Safety Leadership at the Johns Hopkins University School of Education, and serves on the board at the Center for Security Studies at the University of Maryland University College, Graduate School of Management and Technology. Wigle served in law enforcement for 7 years and has been an intelligence analyst for over 20 years working most recently with the MITRE Corporation within the Center for Integrated Intelligence Systems, and the Science Applications International Corporation (SAIC). He is an analytic member of the National Native American Law Enforcement Association, and is a member of the Institute of Electrical and Electronic Engineers (IEEE). Currently, he advises the Tuscarora Indian Nation on law enforcement and homeland security matters, and he serves as the Chief of the Worldwide Incidents Team at the National Counterterrorism Center. The unit is responsible for maintaining the WITS data and for enumerating the statistics for the State Department's annual congressional report, "Country Reports on Terrorism," and the "NCTC Report on Terrorism." Wigle studied at the graduate level at Harvard University before receiving a master's from the Johns Hopkins University, Carey Business School. His research interests focus on improving analytic competence, improving data collection on terrorism, bridging mission with technology, and fostering analytic collaboration between researchers and government to improve national security outcomes.

[1] Alan Krueger and David Laitin. "Faulty Terror Report Card," 17 May 2004, Washington Post, pp. A 21.

[2] Josh Meyer. "The Nation; Doubts Fly on Terror Report's Reliability; The State Department finds that flaws in what is supposed to be a definitive analysis of the global threat go much deeper than suspected," 21 Nov. 2004. Los Angeles Times, pp. A-1.

[3] The definition of terrorism prescribed in the congressional reporting statute, 22 U.S.C. § 2656f (d)(2), reads, "the term 'terrorism' means premeditated, politically motivated violence perpetrated against noncombatant targets by subnational groups or clandestine agents." Some documents erroneously cited the statutory definition by adding the following phrase at the end of the definition, "intended to influence the audience." This subtle difference was probably not the biggest culprit in my estimation. For instance, the Federal Bureau of Investigation frequently cites the title 18 statutory definition of terrorism used in criminal cases.

[4] The definition from the statue, 22 U.S.C. § 2656f (d)(1), reads: "the term 'international terrorism' means terrorism involving citizens or the territory of more than 1 country."

[5] The definition from the statue, 22 U.S.C. § 2656f (a)(1)(A)(i), reads: "in which acts of international terrorism occurred which were, in the opinion of the Secretary, of major significance."

[6] ICN 200460002, "Worldwide Incidents Tracking System," National Counterterrorism Center, , 17 Nov. 2009. See also, "The Moscow Times: 'Something Happened Fast' in Crashes," Moscow Times, 27 Aug. 2004. NewsBank: Access World News, 17 Nov. 2009 < >

[7] Gary LaFree and Laura Dugan. "Introducing the Global Terrorism Database," Terrorism and Political Violence, Vol. 19: 181-204, 2007. Footnote 33. See also, "Using GTD: Data Collection Methodology", Caution about Data Consistency section, < >

[8] Robyn Dawes. "The ethical implications of Paul Meehl's work on comparing clinical versus actuarial prediction methods," Journal of Clinical Psychology, Oct. 2005. Vol. 61, No. 10: 1245–1255, at 1252.

[9] Chris Seper. "A Bluetooth stethoscope (BlackBerry software pending)," MedCity News, 19 Aug. 2009. < >

[10] Abraham P. Schwab. "Virtual Mentor," American Medical Association Journal of Ethics, July 2006. Vol. 8, No. 7: 469-472.

[11] UN Security Council Resolution 1566, dated 8 October 2004, says acts of terrorism are "… criminal acts, including against civilians, committed with the intent to cause death or serious bodily injury, or taking of hostages, with the purpose to provoke a state of terror in the general public or in a group of persons or particular persons, intimidate a population or compel a government or an international organization to do or to abstain from doing any act…"

[12] From the United States Code, 18 U.S.C. § 2331.

[13] From the federal code of regulations, 28 CFR 0.85(l), "Terrorism includes the unlawful use of force and violence against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives."

[14] US Army Field Manual 100-20 and Air Force Pamphlet 3-20. "Military Operations in Low Intensity Conflict," Washington, D.C. , 5 Dec 1990, pp. 3-1.

[15] "Official Journal of the European Communities," Vol. L164 [EN], 22 Jun. 2002. Council Framework Decision on 13 June 2002 on Combating Terrorism, Article 1, Section 1.

[16] "Terrorism Act of 2000,"20 Jul. 2000, UK Parliament. Available at < >

[17] START, "Global Terrorism Database Codebook 3.0," May 2009, University of Maryland. < >

[18]See the last chart in the 2006 NCTC Report on Terrorism, and chart 16 in the 2007-2008 editions of the NCTC Reports on Terrorism, available at .

[19] Robert Pape. "Dying to Win: The Strategic Logic of Suicide Terrorism," 2005. New York, Random House Publishers, p. 6.

[20] Scott Ashworth et al. "Design, Inference, and the Strategic Logic of Suicide Terrorism" American Political Science Review, Vol. 102, Issue 2, May 2008, pp 269-273.

[21] Ibid. Pape, pp. 10-11.

[22] Although I used the 2004 data here, NCTC does not recommend relying on the 2004 data since this was a transition year, and the statistical baseline is relatively soft for acts that did not meet the international and significant filters for the report. See the 2005 NCTC report's methodology section for more details.

[23] University of Maryland Study of Terrorism and Responses to Terrorism (START) program is a DHS Center of Academic Excellence: . START and DHS are not responsible for the conclusions or opinions of the author.

[24] Alan Krueger and Jitka Malecková. "Attitudes and Action: Public Opinion and the Occurrence of International Terrorism." Science, 18 Sep. 2009: Vol. 325. no. 5947, pp. 1534 – 1536.

[25] Pape, Supra, at p. 237.

[26] Intuition is not science. One must be empirically prove such correlations in a study with data beyond the scope of WITS.

[27] William Pottenger. "Automatic Classification of Confidence in Identification of Perpetrators in WITS Using Higher Order Naïve Bayes." 5 Jan. 2010. Submitted for publication.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.


Perspectives on Terrorism is  a journal of the Terrorism Research Initiative and the Center for Terrorism and Security Studies

ISSN  2334-3745 (Online)

Disclaimer, Terms and Conditions