Small Wars Journal

In Amenas Attack: Can Corporates Learn from the Military in Hostile Operating Environments?

Fri, 10/25/2013 - 12:57pm

In Amenas Attack: Can Corporates Learn from the Military in Hostile Operating Environments?

Jason Thomas

Key Points

  1. The In Amenas terrorist attack in Algeria provides lessons for Western energy, resource and infrastructure projects in other parts of Africa.
  1. The US Energy Information Administration (EIA) has predicted that Uganda and Madagascar are poised to become Africa’s top oil producers.
  1. The Statoil Investigation Report sets a dangerous precedent for foreign owned companies operating in complex environments.
  1. Civilian or military, we are all in the fight together - this is also about thinking of new strategic shifts in how we protect our foreign interests that are aligned with regional stability in difficult and complex environments. 


On 16 January 2013 the BP and Statoil ASA In Amenas gas facility in Algeria was attacked by al Qaeda linked terrorists resulting in the deaths of 40 workers.  Statoil ASA has now published its report of the investigation into the attack which highlights conventional approaches for improving security measures.  However, the report itself contains fundamental weaknesses, setting a dangerous precedent for foreign owned resource and infrastructure companies operating in challenging environments.   There are also lessons that corporate sector could learn from U.S. and Coalition forces who have been applying and adapting village stability operations and community engagement in similarly operating environments. 

This paper has two aims.  The first is to focus on the flaws within the report, which can be summarised as failing to understand foreign projects are invasive actors within dynamic social-ecosystems and like conventional Western military forces, must become better at applying adaptable and unconventional security arrangements.  At the risk of sounding populist, call it community stability operations.  This approach can work within accepted standards such as the ISO 31000 Risk and Feasibility methodology.  

The second aim is to highlight that even though this attack occurred in the desert of Algeria, the lessons are applicable to Australian energy, resource and infrastructure companies operating in East Africa and other complex operating environments.  Given the Australian Department of Foreign Affairs and Trade estimates there are over 200 Australian mining companies with more than 700 projects operating in Africa it might be time to reassess their current approaches to community and security strategy for all Western owned and operated projects in hostile environments. 

Civilian or military, we are all in the fight together and given these resource and energy projects are often located within the area of operations for U.S. and Coalition Commands, they are the ones who in many crisis situations are called upon to respond.  This is also about thinking of new strategic shifts in how we protect our foreign interests that are aligned with regional stability in difficult and complex environments. 

Summary of Lessons from the Statoil In Amenas Report

Despite the Statoil investigation being undertaken by an impressive line-up of U.S and Norwegian intelligence and security professionals, it overlooks a fundamental part of any security arrangement – the community.   There are at least eight lessons that can be gleamed from the report, although Small Wars Journal readers may find more.  These are:

  1. Over reliance on government forces for everything outside the gate.
  2. Physical security measures couldn’t stop a large attack.
  3. No early warning information on a possible attack.
  4. No connection with the community
  5. Poor recognition of the threats from changes in the regional security and political situation.
  6. Security as a corporate function sat within health and safety units.
  7. Good communications, processes and procedures kicked-in once the attack was underway.
  8. Joint venture projects can have collaboration and coordination security challenges.

Let’s now turn to addressing some of the more interesting dynamic lessons from the report that are beyond the conventional, rigid security arrangements that continue to be mainstay or many multi-national corporations.

Lacking Imagination and an unconventional mindset

The In Amenas incident demonstrates the mindset of extremists which is an indicator of potential behaviour and the irrelevance of Western rules of engagement.  Ibn Warraq said, “Americans tend to think that deep down we all have the same values. Americans believe that all these terrorists, if you scratch beneath the surface, are looking for religious equality and justice. That's complete and utter nonsense. Americans can't face the reality that different people have different values.” (Ibn Warraq; Why I am Not a Muslim. 1995).   The global salafi-jihadi movement believes Western constructs are an antithesis to their view of the world.  It is also important to realise this mindset leads to creative strategies of attack that are not going to be obvious to organisations with a conventional, linear way of thinking.  This has important consequences for identifying and treating risks.

Another way of looking at this is how the mindset displayed during the In Amenas attack can quickly get inside a Western organisation’s Observe – Orient-Decide-Act Loop.  The OODA Loop was devised by United States Air force pilot, Col. John Boyd (1927 – 1997).  He developed the concept to assist fighter pilots in directing their energies to defeat an adversary and survive.   The terrorists who attacked In Amenas easily got inside the OODA Loop of the BP and Statoil security arrangements; destroying all previously held assumptions and frameworks they had established to protect staff and assets.   The Statoil report highlights a lack of imagination senior management from designing and planning for potential security threats of this nature.   A superb lesson on the importance of having a disruptive, strategic mindset or imagination was a favourite lecture topic of Boyd.

One of Boyd’s most insightful and eclectic discourses was put forward in his, “The Strategic Game of? and?” presentation, where he would ask the audience to consider what is strategy. Fortunately, this discussion has been put together in a presentation by Chet Richards (2006) who worked with COL. Boyd on his first paper, Destruction and Creation, and on Patterns of Conflict. Richards (2006) compiled a presentation from Boyd’s 1987 original hand-written notes, setting out the Boyd snowmobile metaphor. 

Boyd would get his audience to imagine they were on a ski slope and fix that image in their mind. He then asks to imagine they are at a sunny beach resort on motorboat. Now he gets them to think of other ways of moving around, such as on a bicycle. Boyd then tells them to imagine they are a parent at a department store and where their child notices toy tractors with rubber caterpillar wheels. Taking all those retained images at once, what could they create? Boyd’s punch line began, if you took the skis, the motor from the boat, the handlebars from the bicycle and the rubber from the toy tractor and throw away the rest, you would have designed a snowmobile. Boyd stated in his work, “a winner is someone (individual or group) who can build snowmobiles, and employ them in the appropriate fashion, when facing uncertainty and unpredictable change.”

Western organisations and military forces need to have regular “snowmobile” sessions with security and senior management teams. As Statoil agreed, this security and community risk should not sit within the health and safety box.  However, having a strategic imagination in these types of operating environments does not mean disregarding international rules and values embedded within the resource and oil and gas sectors, such as the Voluntary Principles on Security and Human Rights, even though extremists have complete and utter disregard to such Western values.   The In Amenas terrorists are also unlikely to have a single dose of empathy with the hearts and minds approach.  Given oil, gas and resource projects will need to push into more and more unstable environments to find undeveloped reserves, it would be prudent to adopt an imaginative mindset that is prepared to think like a terrorist and plan accordingly.

Regional Situational Awareness

The In Amenas incident demonstrates how a company’s situational awareness needs to extend beyond the compound walls or the facility’s gates to detect, assess and adapt to changing regional events.  While the current atmospherics in any given project area may be benign, events in neighbouring countries or other hotspots around the world can ignite local extremists and therefore shift the security preparedness for those who travel and work to foreign countries.   Similarly, an insurgency or terrorist groups successful use of a means of attack will may be publicised across social media and be adopted by other perpetrators of guerrilla style tactics and violence.

France’s military intervention on the Islamic extremists in Mali, who have direct links with al-Qaeda in the Islamic Mahgreb (AQIM), Ansar Dine the Tuareg insurgency and a group calling itself the Movement For Oneness and Jihad in West Africa (MUJAO) should have set off a warning light on the dashboard of the security operations across all Western businesses in the region.   Companies such as BP who operate in Algeria, Chad, Libya, Nigeria, Morocco and other neighbouring countries should not have assumed their long term presence and social-licence to operate would protect them from salafi-jihadists.  Many Western resource and energy companies who provide local employment and hand out millions in community programs believe that because they are carrying out humanitarian work, this will make them immune from being attacked and leads to a state of denial.  This sounds very similar to the non-kinetic aspects of counterinsurgency programs.  This has nothing to do with indigenous rights or arguments over the value of land and a company’s corporate social responsibility programs mean little to the minds of extremists.  Many who have worked in places like Iraq and Afghanistan will know that handing out large quantities of development funding does not immunize you from being shot at or blown-up in the same village.  Alternatively, the support is retained as long as the money pump keeps flowing.

The lesson to be learnt here is the need to develop a better understanding of the requirements for establishing effective regional situational awareness.  This will build a more complete operating picture and information product, much of which will regularly point to a low probability of local consequence but will from time to time point towards those with a catastrophic consequences.   This will be even more important for the resource and oil and gas sector when in the exploration and pre-construction phases.  Senior management and security leaders should make creating robust regional situational awareness packages a priority when entering a greenfield site.  There may continue to be challenges with knowing how to deal with ambiguous acts and the level of uncertainty associated with information.   That said, while having a plan is paramount in these environments, as Laurence Gonzelas explains in Deep Survival, don’t fall in love with the plan.  

That said, with respect to the In Amenas attack, even though at the outset there appeared to be a link between France’s military intervention into Mali, the sophistication and scale of the Algerian attack, knowledge of the facility and employees travel indicates that this may have been planned well before.  However, Statoil believes no organisation could foresee or be expected to have early warning of such an attack.  This is a poor approach to security and community operations and is the next flaw in the Statoil report to be addressed.  A corporate or community stability operations framework used by many Special Force units, could be applicable within these dynamic and hostile regions.

Absolving Responsibility to Know

The investigation found no evidence that Statoil or its joint venture partner, BP, were aware of any specific threat or actionable warning prior to the attack.  The investigation says, “nor should companies be expected to do so in the future.”  The Statoil report absolves companies of any responsibility to know.  This is a weakness of the investigation and sets a dangerous precedent for the future of oil and gas as well as other foreign owned resource and infrastructure companies operating in complex environments.    Would you want to work for an organisation that had such a poor appreciation of the power of HUMINT through community networks that could be provide an early warning system?  Most Small Wars Journal readers will know even the most basic criminal attacks have a cycle.  The Al Shabaab attack on the Nairobi Westgate Shopping Complex and the 2008 Mumbai attack both involved surveillance, planning and logistical preparation.  

Consider the following:

  • Given the attack was of such a large scale involving 32 heavily armed terrorists they could not have appeared out of the desert sands without prior planning and surveillance.  
  • The terrorists had accurate information on the plant’s management, operational and physical security vulnerabilities to the extent that there would have been pre-operational surveillance, before the attack was fully planned.
  • After the In Amenas planted was selected, a second round of surveillance would have been conducted to provide information for planning the attack. For example, attacking a static facility such as In Amenas, will require obtaining a detailed description of the physical security features and security force procedures.
  • The terrorists would have established a baseline understanding of the activity expected around the facility at the time of day the attack is anticipated.  In this case it kicked-off at 0530 and began by attacking the worker’s transport bus.

It would appear that even though many of the Statoil staff were experienced in the oil and gas industry, that tends to be located in dynamic operating environments, they had poor visibility outside their physical and conventional security arrangements.  This prevented Statoil from detecting suspicious behaviour and having strong information networks with external stakeholders.

Statoil’s resumption, that no company should be expected to have any awareness of an attack being planned, completely disregards the importance of information networks built from community engagement or HUMINT.  A significant number of terrorist attacks since September 11 2001, have been detected and defeated through intensive human intelligence networks that provided early warning of an imminent threat and planning.  There was not even an indication that Statoil or BP utilised the networks of the Algerian military.  Instead, it took the military for granted as a personal security detail rather than working proactively with them to detect and deter against potential threats.

Key Lessons for the Resource Sector: TE Lawrence

While TE Lawrence engineered the military defeat of the Turkish in the Middle East during World War I, it was through a careful study of the human terrain and resisting the urge to impose Western constructs that enabled his extraordinary campaign to succeed.   It is remarkable how modern-day social consultants, international lawyers and non-government organisations construct blindingly complex and often inappropriate well-meaning frameworks to deal with other cultures.  They are almost missionary in their zeal.  If only they had taken the time to learn from deep disruptive thinkers and practitioners.

Fearing his demise on the battlefield, Lawrence’s superiors asked him to put his strategy in writing following the battle at the Jordanian port of Aqaba. In August 1917, Lawrence published his now legendary 27 Articles in The Arab Bulletin.  They could easily be a prescription for resource companies operating in hostile, culturally complex or high-risk environments. Lessons to reduce community conflict and violence as well as improving security and creating a more predictable operating environment can be found in Lawrence’s work.  Simply, TE Lawrence was apply the good-old “by, with and through” approach.

Combining lessons from likes of COL. Boyd and TE Lawrence with the Statoil report, the following are lessons from the In Amenas terrorist attack that could be useful for those who have an interest in complex and insecure operating environment:

  1. Establish strong, coordination with government security forces that includes regular information exchanges and build community networks.
  1. Conduct “red-team” sessions where the security, senior management and local military and police develop, assess and test scenarios and threats for their likelihood, vulnerability and scale of impact as well as business continuity measures that would need to be in place - think like a terrorist, then determine measures required to detect and defeat an imagined attack.
  1. Take seriously changes in the regional security and political environment and carefully monitor potential effects in the local environment – groups like to “copy-cat” to gain public exposure or take advantage of government forces being distracted.
  1. In countries with higher security risks operate under the assumption that security may be compromised by insiders or staff.
  1. Ensure all physical, personal, communications security measures are integrated.

In addition, a corporate culture that accepts conditions based adaptability combined with conventional physical and personal protection measures will be a more resilient security arrangement for staff and assets.


Following the In Amenas attack it may be worth Western energy and resource companies with operations in East Africa or Asia, considering how a conventional, linear mindset to security will not treat risks that evolve from changes in the community or political dynamics.   There are lessons that can be learnt from U.S and Coalition forces who have been operating in similar environments.  They have had to constantly turn their OODA Loop to adapt to the unconventional mindset of insurgents and terrorists.

Many security incidents are the result of a lack of imagination and developing conditions based arrangement, across community, tribal, cultural and political domains.    Western corporations can fall into a trap by assuming that a combination of community goodwill programs and metrics such as training as many people as possible on the Voluntary Principles of Security and Human Rights will tick enough boxes to comply with their responsibilities.   These are not appropriate measures of effectiveness.  That does not mean one cannot adopt international standards such as the ISO 31000 risk and feasibility framework to appropriately and proportionately treat risks.  However, organisations and security providers adopting this methodology can neglect all the political, local and community context, and instead focus too much on trying to predict kinetic events and neglecting the power of developing a deeper understanding and interaction in the human terrain. 

As current ore bodies and developed resources near the end of their lifespan, corporations will need to push further afield into even more complex operating environments.   These assets form part of our foreign direct interests.   There are often in the same geographical location as operational commands of U.S. and Coalition forces who are required to constantly monitor the dynamics in these areas for emerging risks.   This is an area where the corporate and military sectors could cooperate and share tactic, techniques and procedures.   Employing senior management and security personnel with imaginative and disruptive mindsets will also be important.  This does not mean conventional physical and personal security measures are redundant, or militarising resource projects.  Far from it; and when combined with an adaptable, unconventional view of risk, this will better protect staff and assets.  Just because the situation changes does not mean your operation shuts down.  It may simply mean a change of plans or operating style that makes you and your company a not just a hard target but an adaptable one.

About the Author(s)

Dr. Jason Thomas teaches post-graduate risk management at Swinburne University and specialises in field-based assessments of complex project environments that has included Afghanistan, Iraq, Syria, Cote d’Ivoire, Turkmenistan, Pakistan, Jordan, PNG and the Philippines. This has included working alongside US and other military partners.



Sun, 10/27/2013 - 12:37pm

Superb article.
One of the things missing is the aftermath, Many of the contractors who survived and the contractors families of the deceased have been ignored, neither Statoil or BP are helping these people, the answer they give is that these contractors didn't work for them directly.
When the terrorists went around gathering people up, to later slaughter, at no point did they ask if you were a contractor or a company man, the terrorists didn't differentiate but the oil companies do, the bullets and explosives that killed, killed anyone and everyone.
The plant is now running on two of the three trains, output is two thirds max production, the oil companies are again making money