On Easter Sunday, 21 April 2019, Sri Lanka became the site of one of the worst terrorist attacks since 9/11, as several Christian churches and luxury hotels were targets of coordinated bombing attacks. The number of victims comes to 253 individuals, including foreigners. On 23 April 2019, the Islamic State claimed responsibility for these attacks, proving that the local Jihadi group National Thowheeth Jama’ath had help from a much more powerful international Jihadi ally. The initial probe claimed that these bombings were retaliation for the attacks on mosques in New Zealand in March 2019, committed by a far right extremist and resulting in the deaths of over 50 Muslims. However, these claims were not backed by evidence or concrete intelligence. Soon after, the leader of the Islamic State, Abu Bakr al-Baghdadi, appeared in a video for the first time in five years, claiming that the Sri Lanka attacks were retaliation for the fall of Baghouz, the Islamic State’s stronghold in eastern Syria, which was taken by US-backed Kurdish forces in March 2019.

What is evident from these attacks is the failure of Sri Lanka’s national security services. The Sri Lankan authorities were unprepared for these attacks, due in large part to the legacy of the Sri Lankan Civil War (1983-2009), which helped form a national security system accustomed to combating terrorism based on ethnic and not religious/sectarian elements. Moreover, the security services on the island are much more adept at combating homegrown terrorism, as opposed to that perpetrated by the transnational Jihadi group that is the Islamic State.

In addition to the above, there are numerous other reasons for the failure of the Sri Lankan national security apparatus to detect and prevent these attacks. Twelve days prior to the attack, the national intelligence warned the police chief that Sri Lanka-based Zahran Hashmi of National Thowheeth Jama’ath planned to carry out a terrorist attack in the country. Not only was there no reaction from the police authorities – indeed, the intelligence warned the police without warning the country’s president first. This points to the major political, operational and bureaucratic failure of security services in Sri Lanka. However, one should not reduce the entire tragedy simply to an intelligence failure. As seen from the terrorist attacks in London in 2017 and Paris in 2015 there is always a lack of trust among security services, impeding effective information sharing. In the case of Sri Lanka, though, the reasons for the failure run even deeper.

As mentioned, the recent history of the island nation has been marked by a violent and bloody civil between the insurgent terrorist organization called the Tamil Tigers, which wanted independence for the island’s Hindu minority of Tamils, and the security forces of the central government, dominated by the island’s majority Buddhist Sinhalese community. As such, while terrorism and counter-terrorism are not unknown quantities in the world of Sri Lankan public policy and its security services, the former has been marked with an ethic element and not a religious one -- and particularly not one involving an Islamic factor.

Until their defeat in 2009, the Tamil Tigers, who invented the suicide belt and were the first to use women in suicide attacks, tended to target transit hubs, Buddhist temples, government officials and office buildings. Consequently, churches, which were not traditional terrorist targets, were left out of the protective vigilance of the national security apparatus. To make matters worse, since 2015, there have been stories of the government in Sri Lanka failing to guarantee security for the country’s Christian and Muslim minority, which make up 17 percent of the population. That made the Christian locations an easy target for attackers.

Another limitation to the Sri Lankan national security service lies in the fact that their victory over the Tamil Tigers was the product of a violent crackdown and full-scale armed combat, involving severe human rights abuses and collateral damage among the civilian population. As a result of this legacy, Sri Lanka has an experienced national security apparatus. However, this apparatus is more focused on repression and psychical enforcement rather than on the sophisticated intelligence operations that are needed in order to detect and prevent terror attacks, as with more formidable intelligence agencies like the CIA, MI6, or Mossad. 

The fact that the attacks were assisted and inspired by a Jihadi network like the Islamic State, with an international outlook, made the job easier for the perpetrators. In period leading up to the attack, the Islamic State had a very limited presence in the country. Only 32 Sri Lankan citizens from four families had joined the Islamic State by 2016. This implies not just a complacency on the part of Sri Lankan national security agencies, but also an unpreparedness to face a threat that did not emanate from local players, originating instead from a more sophisticated transnational player.

Sri Lanka has tried to respond in a swift and ardent fashion. Up to 40 suspects were arrested since the attacks, and authorities have engaged terror suspects in combat, as well. However, the more difficult path will be reforming the national security apparatus, as seen in the fact that the Sri Lanka police chief refuses to resign due to these failures, despite the resignation of the country’s defense minister. However, if Sri Lanka were to avoid similar tragedies, it would have to embark on building a more effective security apparatus – one that is more imaginative and more flexible in its execution, particularly as a tourism-focused island country in the Indian Ocean is always potentially vulnerable. Indeed, there are no countries that are off the radar for transnational Jihadi groups like the Islamic State anymore, as Sri Lanka tragically discovered.