Threat shifting is a
|“||response of adversaries to perceived countermeasures or obstructions, in which the adversaries change some characteristic of their intent to do harm in order to avoid or overcome the countermeasure or obstacle.||”|
Threat shifting can occur in one or more of several domains: the time domain (e.g., a delay in attack or illegal entry to conduct additional surveillance, etc.), the target domain (selecting a different, less-protected target), the resource domain (adding resources to the attack in order to reduce uncertainty or overcome countermeasures), or the planning/attack method domain (changing the weapon or path, for example, of the intended attack or illegal entry).
However, threat shifting is not always frictionless for the adversary — and therefore can be of some value to the defenders. The adversaries may delay their attack, consume additional resources, undertake complexity, expose themselves to additional countersurveillance and counter-terrorism scrutiny, and/or shift to a less consequential target.
- DHS Risk Lexicon, at 37.