I get this from STRATFOR.  They send out free emails...worth looking at.  As a former intel weenie I still like to keep up to date on events that can affect us and try to plot or predict the next event.  

   I posted the older article last week

Detection Points in the Terrorist Attack Cycle

---

By Scott Stewart
Last week's Security Weekly discussed the fact that terrorism is a tactic used by many different classes of actors and that, while the perpetrators and tactics of terrorism may change in response to shifts in larger geopolitical cycles, these changes will never result in the end of terrorism. Since that analysis was written, there have been jihadist-related attacks in Afghanistan, Nigeria, Yemen and Pakistan, an assassination attempt against the president of Abkhazia, and a failed timed-incendiary attack against the Athens subway. (The latter incident, which militant anarchists claimed, reinforces that jihadists are not the only ones who practice terrorism.)
But while terrorism is a continuing concern, it can be understood, and measures can be taken to thwart terrorist plots and mitigate the effects of attacks. Perhaps the most important and fundamental point to understand about terrorism is that attacks do not appear out of nowhere. Individuals planning a terrorist attack follow a discernible cycle -- and that cycle and the behaviors associated with it can be observed if they are being looked for. We refer to these points where terrorism-related behavior can be most readily observed as vulnerabilities in the terrorist attack cycle.

The Attack Cycle

Many different actors can commit terrorist attacks, including sophisticated transnational terrorist groups like al Qaeda; regional militant groups like India's Maoist Naxalites; small, independent cells like the anarchists in Greece; and lone wolves like Oslo attacker Anders Breivik. There can be great variance in attack motives and in the time and process required to radicalize these different actors to the point that they decide to conduct a terrorist attack. But once any of these actors decides to launch an attack, there is remarkable similarity in the planning process.
First, there is the process of selecting or identifying a target. Often an actor will come up with a list of potential targets and then select one to focus on. In some cases, the actor has preselected a method of attack, such as a vehicle-borne improvised explosive device, and wants to find a target that would be vulnerable to that specific type of attack. In other cases, the actor will pick a target and then devise a method of attack based on that target's characteristics and vulnerabilities. Simply put, the execution of these steps can be somewhat fluid; some degree of planning or preparation can come before target selection, and sometimes target selection will be altered during the planning process. The time required to execute these steps can also vary considerably. Some attacks can be planned and executed within hours or days, while more complex plans, such as those used in the 9/11 or Mumbai attacks, may take months or even years to complete.
Frequently, those planning an attack will conduct detailed surveillance of potential targets to determine what security measures are in place around the target and to gauge whether they have the ability to successfully attack it. If the target is too difficult to attack -- commonly known as a hard target -- the attack planners will typically move on to their next target, which may prove easier to attack. (When they do continue with attacks against targets whose security measures exceed the attackers' capabilities, those attacks fail.) We refer to this stage as preoperational surveillance, which means surveillance that is conducted before the operation is fully planned.

        Read the rest here