MI5 is aware a further successful attack would bring renewed scrutiny
A report on the 7 July London bombings has concluded that a lack of resources may have prevented security services from intercepting the attackers.
BBC security correspondent Frank Gardner examines the issue.
Did the security services make mistakes over Mohammad Sidique Khan?
The parliamentary report that has looked into this says no.
It states that, given the resources they had, they did the best they could.
There was a major intelligence-led operation that was ultimately successful and intercepted what was thought to be a major plot to carry out an attack in Britain.
Mohammad Sidique Khan, and a number of others, cropped up on the periphery of that investigation, but they had not actually done anything.
They had talked about violent jihad, so it was decided that they should be followed up, although they were not a big priority.
However, along came another investigation that was far more urgent and more immediate, so resources were diverted to that.
There is no guarantee that if they had not been diverted, they would have caught Mohammad Sidique Khan.
How are security services likely to react to this report?
They are certainly not going to do it publicly - MI5 do not do that.
Security service officers are still gutted they did not manage to prevent the bombings.
MI5 has since recognised it has got to work more closely with the community to prevent radicalisation.
The report highlighted a lack of resources in some areas, but what exactly does that mean?
It comes down to manpower - it takes dozens of people to monitor one suspect.
At the time, in July 2005, MI5 estimated that there were about 800 pro al-Qaeda people that were susceptible to turning violent.
That figure is estimated to have since risen to 1,000.
This exceeds MI5's manpower, so it is all a question of prioritisation.
If the security services are not to blame, who is?
The blame here lies firmly and squarely with the four mass murderers who committed these suicide bombings.
The size of the threat that the security services face is so huge, and exacerbated by the invasion and occupation of Iraq, that they are not going to be able to stop it every time.
Even back in the 1980s, at the time of the Brighton bombing, one of the IRA militants said: "You've got to be lucky every time, we've only got to be lucky once." That is the case here.
Why was the threat level lowered before the July attacks?
The threat level and alert system is very complicated.
The government does not want to alarm the public, but the public have got to know what it means to them.
The threat level was lowered a few weeks before 7 July from "severe general" to "substantial".
That actually made no difference to stopping or not stopping the attacks, which in a way means maybe it is just irrelevant.
They have got to simplify it and I think they will. The Cabinet Office needs to work out what they want from this system and how much they want the public to know.
What lessons have MI5 learned and what action has been taken to prevent a further similar attack?
Like all intelligence agencies, MI5 is in the midst of an urgent recruitment drive. It's seeking to boost its field agents, analysts and especially those with languages like Arabic and Urdu.
But it takes years to find, recruit, vet and train someone, so the results may not show immediately.
MI5 is also setting up a number of field offices around the country. It plans to have eight operational by the end of the year, with the aim of co-ordinating more closely with the police and local communities to detect any radical al-Qaeda activists before they can cover their tracks.
Finally the security service is looking at new ways of handling data in-house to try to unravel terrorist networks at an early stage.
But the service is acutely aware that a further successful attack is likely to bring renewed scrutiny and perhaps criticism of its methods.