On Wednesday 28 January, a group identifying itself as the ‘Islamic State in Tripoli Province’ claimed responsibility for the attack on Tuesday against a hotel in Tripoli that resulted in the deaths of 10 people, including at least 5 foreign nationals. The group said the attack was carried out in retaliation for the recent abduction by US Forces of Nazih Abdul-Hamed al-Ruqai, AKA Abu Anas al-Libi, who died this month in a New York hospital following liver surgery, ahead of his appearance in court over his role in the 1998 bombings of US embassies in Kenya and Tanzania.
The attack highlights a number of critical issues for North Africa as a region, and for corporate and government actors operating, or seeking to operate, there.
Libya is becoming a global jihadist front.
Unfortunately, Libya not only provides a permissive environment for several jihadist groups to operate freely but has become an active jihadist theatre. This is extremely concerning for the regional threat picture in general, but in particular for governments – including the UK – that have invested in the development of a stable Libyan state, and for companies operating, or seeking to operate, in Libya that face increasing levels of exposure to geopolitical and security risk across a number of sectors, putting further constraints on the investment needed to put Libya on its feet.
A new global jihadist 'brand and franchise' model is emerging.
The apparent actions of the ‘Islamic State in Tripoli Province’ signals the emergence of a new global jihadist ‘brand and franchise’ model.
Following 9/11, Pakistan-based al-Qaida Core, headed by Usama bin Laden, served as a franchisor of a brand propagated by regional AQ franchises operating in Iraq (AQ in Iraq), Saudi Arabia (AQ in the Arabian Peninsula) and Algeria (AQ in the Islamic Maghreb). During the course of the 2000s, this model changed as AQ Core’s power diminished and the AQ movement became multi-polar.
In a post-UBL world and in the absence of a strong AQ Core, it appears that one of the former AQ franchises – AQI – has gained the power and influence to act, deliberately or not, as a franchisor of its own ‘Islamic State’ brand. This reflects a significant change in the global jihadist ecosystem and gives an indication of the international reach of the Syrian conflict, and future terrorism trends that could drive the global risk picture.
Another In Amenas style attack is a distinct possibility.
The January 2013 attack on the Statoil/BP gas facility in In Amenas, Algeria, served as a wake-up call for multinational companies operating across North Africa. The creation of the Signed-In-Blood Battalion around the veteran figure Mokhtar Belmokhtar, who left al-Qaida in the Islamic Maghreb (AQIM) over frustration with the group’s direction, was a clear signal of a growing threat.
The attack, therefore, was shocking in its scale but not entirely surprising to those familiar with the regional threat picture. The exposure of relatively low levels of protective security at high-profile targets in the region, however, was surprising given their degree of vulnerability.
Two years on from the In Amenas attack, Belmokhtar’s group has merged with another AQIM splinter group – the Movement for Unity and Jihad in West Africa (MUJWA) – to form al-Murabitun. Since the summer of 2013, Belmokhtar and his al-Murabitun associates have exploited permissive operating spaces in Libya to avoid detection and disruption.
It is safe to assume that Belmokhtar retains his intention to target high-profile symbols of the Algerian state and foreign presence in North Africa, and that his capability to undertake these attacks has increased. The ever-declining levels of security and stability in Libya, the presence of capable jihadist groups in Libya, and the power of the ‘Islamic State’ brand to inspire and mobilise jihadists in Libya, all contribute to an ever-growing regional threat.
Governments and companies need to take resilience, as well as risk-management, seriously.
If risk = threat + vulnerability, it follows, therefore, that actors operating in the region must reduce their levels of vulnerability to the growing threat in order to effectively manage risk. The steps that need to be taken are two-fold:
1. Companies and governments need to be in a position to identify and assess security risks, in order to mitigate them. That means understanding threats and taking action to protect themselves against them in order to reduce their level of vulnerability;
2. Companies and governments need to maximise resilience in the event that something bad happens. As I indicated in my recent piece on the ‘new’ terrorism threat, it’s becoming more difficult to protect against high-impact threats that are harder to detect and disrupt. Companies, in particular, need to build the capacity to maintain acceptable levels of operational, strategic and reputational health in the face of high threat, high vulnerability risk, against which it is impossible to achieve 100% protection.
By Chris Mackmurdo Founding Director of Contest Global www.contestglobal.com