ISIS has evolved from a regional threat to a global menace
Three coordinated attacks in 3 geographic regions marks a a very sinister moment in the evolution of the Ultra-islamist group ISIS. Their previous terror attacks were “one-of” events that were isolated in nature and carried out by “lone wolves” who were inspired by the extremist ideology of their exceptionally effective militant jihadist web forums. What is more disturbing is that if the three attacks are linked and by staging three coordinated attacks on the same day, ISIS will have demonstrated a level of sophistication not seen up until now but associated with it’s more operationally competent predecessor Al Qaeda. The first attack was an attempted VBIED in France, second a traditional explosive laden vest worn by a suicide bomber and the third a Mumbai style attack using an assault rifle. Each of these attacks has it’s own set of logistical and operational challenges. The French attack has not been claimed by ISIS yet. Smuggling weapons and explosives could compromise their operational security . Their operating model has found a successful “Work around”. Radicalizing in country means the attacker was directed to use resources that were readily available. The ability to radicalize a potential attacker in the country designated for attack negates the need for ISIS operatives to travel abroad and risk capture. This means that there are no financial trails to follow, no logistical threads to unravel and no ISIS operative to track. This effectively neutralizes the traditional Intelligence and Law enforcement methods used to intercept and prevent terror attacks. It’s a very cunning operations model. In order to to thwart attacks like these means that we will have to rely heavily on our SIGINT (Signals intelligence) capabilities to far greater extent than ever before. The ISIS radicalization model shows that their operations model has given them the ability to effectively communicate and coordinate attacks and slip through the traditional security dragnets of Western and Middle East Intelligence agencies. The attacks showed that they are quite capable of planning, developing and executing complex logistical and counter-surveillance operations with almost zero risk to their command and control structures. This means that there is a sophisticated communications network that has yet to be discovered . The only bit of good news is that the identity of the attackers are known and that there may be a good amount of forensics that the intelligence agencies can exploit. The outlier in these three attacks is the bombing of the shiite mosque in Kuwait. This appears to follow the more traditional method of recruiting a suicide bomber and someone delivering hi/her to the intended target. This may prove to be fruitful from an intelligence perspective. The attack in France also signals that ISIS has turned it’s attention to striking at Western business venue and shows a “proof of concept.” Critical infrastructures would be a logical targeting progression. For now, international companies will need to review their current travel and security policies for their overseas holdings. Now is the time to develop your personnel accountability capabilities and travel safety procedures. Key questions to ask are “what is our exposure ?” “Do have the ability to spot potential attacks before they occur?” “What would my company do if this type of event were to occur?”
What we know:
France: Type of attack: Attempted VBIED
The attack occurred in an industrial park southeast of Lyon and nearby the Lyon-Saint Exupery Airport. The business park is home to several western companies, however the attacker targeted the American owned Air products and chemicals company which is the third largest producer of Atmospheric gasses in France. The facility was gated had a fence around it and screened all visitors prior to entry. To gain entry, all vendors and visitors had to be cleared in. The attacker was reportedly known to French intelligence and security agencies and had been on a watch list since 2006 for extended absences and frequenting extremist jihadi circles outside of Lyon. His file lapsed around 2008 and no specific reason was given. He had been identified as 35 year old Yassin Salhi who lived in Saint Priest, France. There are several factors here that could point to the fact that Salhi was a sleeper and was activated for the attack.
- The attacker gained employment with a delivery service that was cleared to enter the facility
- He killed the delivery service owner by beheading him
- He wrote ISIS graffiti on the severed head along with banners associated with militant jihad.
- He drove up to the facility and crashed the gate
- He pinned the severed head on top of the gate
- He then attempted to use his vehicle as a suicide “Bomb” by crashing into gas containers at high speed
- The attempt failed, he then exited his vehicle and began opening the gas valves on the containers in an attempt to set them off when he was apprehended by French authorities.
Kuwait: Type of Attack: Suicide Bomber wearing a Suicide vest
The attack occurred at roughly 2:00 PM during a Friday afternoon prayers in a predominately Shiite Mosque in Kuwait City. It is the first attack in Kuwait since 2005.
- The Imam Sadiq Mosque in al Sawaber district has a large following especially on Fridays during the muslim holy month of Ramadan.
- What else is interesting is that the mosque is closely located next to a high end shopping area that is popular with foreigners who live and work in Kuwait.
- The Suicide bomber was dropped off by an unknown person and a manhunt is underway
- As of now, witnesses have stated the suicide bomber walked into the rear of the mosque before blowing himself up.
- Historically, ISIS has targeted Shiite Mosques in Saudi Arabia.
Tunisia: Type of Attack Mumbai style with Assault rifle
The attacker used an AK -47 and specifically targeted western tourists who were staying at the Riu Imperial Marhaba and soviva hotels in the oceanside luxury resort area in Sousse. As of the writing of this, 28 people were killed and another 36 wounded. This is the second “Soft target” attack in Tunisia which has been claimed by ISIS. On March 21st, ISIS claimed responsibility for the Bardo museum attack in Tunis. There are reports that the attacker also worked in the tourist industry and lead to his ability to successfully navigate the hotels security. Security and intelligence services will need to discover whether he was radicalized prior to the attack or whether he had become radicalized while working for the resorts. If it is the former, ISIS will have demonstrated the ability to successfully infiltrate their operatives into their targets.
- The attacker is reported to have worked in the tourism industry
- The attacker hid his AK-47 under an Umbrella and started shooting once he was amongst the tourist on the beach
- From the beach, the attacker entered one of the hotels via the pool
- He specifically targeted foreigners as he carried out the attack
- The attacker was then killed by security forces.