A Thoughtful, Analytical Approach to NGO Security

NGO Security

Attackers target UN staff in Kabul guest house

Yesterday Taliban militants wearing police uniforms carried out a complex suicide attack on a privately owned guest house in Kabul. A two hour fire fight resulted in the deaths of six UN staff members.

This video from STRATFOR has a quick summary and analysis of the attack. Its well worth watching if you have the bandwidth.



In the aftermath of this attack we are already seeing the inevitable calls for a complete review of security procedures for UN and NGO staff in Kabul. There will be a flurry of activity as outside security consultants are called in and security assessment teams from regional NGO offices descend on Kabul. Numerous reports will be written, fingers will be pointed, and a couple of people may even lose their jobs. Unfortunately many will come to the conclusion that this incident was an unanticipated and unforeseen escalation of the threat.

The problem is that it is just not true. The writing has been on the wall for the past two years. There have been numerous incidents of surveillance on UN and NGO buildings and staff. The Taliban and their allies have also repeatedly made it clear, both in word and deed, that they do not view the UN and most NGOs as neutral.


Selected Attacks, Afghanistan and Pakistan, 2009

1 Feb 2009 - Charbagh, Pakistan - Two MSF medical staff were killed when their clearly marked ambulances were fired upon in Charbagh.

2 Feb 2009 - Quetta, Pakistan - A driver with the U.N. High Commissioner for Refugees (UNHCR) was killed and John Solecki, the head of the local UNHCR office, was kidnapped.

9 Jun 2009 - Peshawar, Pakistan - 5 U.N. workers are among those killed in a complex suicide attack on the Pearl Continental hotel in Peshawar.

18 Aug 2009 - Kabul, Afghanistan - Two Afghans working for the U.N. were killed during a suicide vehicle bomb attack on a NATO convoy.

5 Oct 2009 - Islamabad, Pakistan - Five World Food Program (WFP) staff were killed and four others injured after a suicide bomber disguised as a Frontier Corps soldier was allowed to walk into the WFP office under the simple pretext of being allowed to use the toilet. The Pakistani Taliban claimed responsibility with the following words: "We proudly claim the responsibility for the suicide attack at the U.N. office in Islamabad. We will send more bombers for such attacks. The U.N. and other foreign (aid groups) are not working for the interest of Muslims. We are watching their activities. They are infidels."


Recommendations

1. Dig out previous security risk assessments and physical security audits and make sure you've actually implemented the recommendations contained within.
2. If your existing security risk assessments and physical security audits are older than six and twelve months respectively update them now.
3. Ensure your Crisis Response Plan is current and practice it quarterly.
4. Implement a counter-surveillance plan.
5. Make sure you have a plan to respond if hostile surveillance is detected. Knowing your organization is being surveilled has little value if you are unable to respond to the fact.
6. Train as many staff as possible in personal counter-surveillance and surveillance detection.
7. Allow flexible work hours and 'work from home' policies.
8. Review access control procedures and ensure that guards are actually following them.
9. Limit visitors and insist on advance appointments.
10. Identify proper medical support.
11. Pull out all the stops on your active acceptance plan. You are unlikely to influence the Taliban and their supporters but you are going to need all the support and goodwill you can get from neighbours, beneficiaries, and local police.

The Future

As governmental and UN organizations continue to improve their security measures to deal with the militant threat in Afghanistan and Pakistan more and more of the risk burden will fall on softer targets, including NGOs. I assess their is a 70 to 80% chance that there will be VBIED or complex attack on an NGO facility in Afghanistan or Pakistan within the next twelve months. Are you ready?

Acceptance, ladders, kindness and WFP

If you read this blog regularly you undoubtedly already know of yesterday's suicide attack the the WFP office in Islamabad. If you somehow missed the news I suggest you take a look at Peter's post on the loss of five of his WFP colleagues. This brief coverage from Dawn news should also help bring you up to speed.



At this point there isn't much purpose in rehashing the copious news coverage of this tragedy but it might be worth looking for some tentative security lessons. I'm somewhat hesitant to do so for fear that it will be seen as pointing the finger of blame so I'll caveat by saying that is not my intent. I am in no way second guessing those who were forced to make difficult choices based on incomplete and often contradictory information.

No, they really don't like you...

I'm hoping this incident will finally lay to rest the persistent and dangerous myth that there is no evidence that the Taliban and other extremist groups are deliberately targeting the UN and humanitarian organizations in Pakistan. If the kidnapping of
John Solecki, the murder of his driver, the murder of Zil-e-Usman, and numerous death threats were not enough to convince perhaps these words from Taliban spokesman Azam Tariq will:

"We proudly claim the responsibility for the suicide attack at the U.N. office in Islamabad. We will send more bombers for such attacks. The U.N. and other foreign (aid groups) are not working for the interest of Muslims. We are watching their activities. They are infidels."

"The WFP is promoting the US agenda. They are silent on massacres and do not comment on killings in Waziristan and other areas."

Ladders and walls

The attack also highlights one of the limitations of passive physical security measures. As United States Secretary of Homeland Security Janet Napolitano put it, “You build a 50 foot wall, somebody will find a 51 foot ladder.”

Responding to the VBIED (vehicle-borne improvised explosive device) attacks in Baghdad in 2003, Algiers in 2007 and Hargeisa in 2008 the UN increased passive security measures to deal with the new threat. Significant sums of money were spent building and strengthening blast walls, hardening buildings, installing vehicle barriers and blocking access roads. These measures would have made it much more difficult for extremists to carry out an effective VBIED attack on a UN facility.


In this case however the Taliban adapted to the increased security measures and used the equivalent of Janet's figurative 51 foot ladder, a single suicide bomber with seven or eight kilograms of explosives and ball bearings strapped to his chest. This simple change in tactics accomplished what using a larger VBIED probably would not have. Given the success of this attack we can expect similar attacks in the future.

A small act of kindness

At this early stage in the investigation it appears likely that the suicide bomber, who was wearing a Frontier Corps uniform, was let in to the WFP compound under the pretext of needing to urgently use the washroom. Critics have been quick to
lay blame on the private security company guarding the WFP compound, calling them negligent even before investigations were fully underway. While I agree to some extent I think its important to point out that there was likely simple but brilliant social engineering at play here.

There were 13 private security guards, three Frontier Corps soldiers and two police officers on duty at WFP at the time. I have little doubt that every one of them knows what its like to stand outside under the blazing sun hour after hour only to have the very people they were charged with protecting refuse to provide them water or let them have use of their washroom facilities. Add to this the fact that many private security guards are former Frontier Corps men and it's easy to understand how any one of them might have been willing to bend the rules for what to them appeared to be a brother-in-arms.

The great tragedy of this entire event is that it may have been the result of a small act of kindness. I truly hope it's not the case.

Six scams that target aid workers and humanitarian organizations

scammed


1. Fake humanitarian conferences, events, and training opportunities


The script: You receive an e-mail announcing a conference, event or training opportunity related to some field of humanitarian endeavour in which your organization works. The email makes it clear that the sponsors will cover event cost, visa processing and handling, and travel arrangements. Your NGO only has to nominate two staff meeting certain criteria and the event organizers will arrange the rest.

Eventually your will be informed that, for example, hotel costs in Nairobi are not covered and you need to forward funds in advance before the participation of your staff can be confirmed.

This is a variation of the time tested advance fee fraud. Once you send funds the scammers disappear and you discover the event does not exist.

For example event scam emails see The Conference Con website.

Why it works: Conferences, and training opportunities, especially those that involve foreign travel are often seen by humanitarian organizations as a way to reward and develop hard working staff, especially junior or national staff who might otherwise not get such a chance. The promise that the vast majority of the event costs are going to be covered by the event organizers has great appeal to cash strapped NGOs.

How to avoid the con: Scammers have misused TakingItGlobal's name and reputation to carry out event scams so they have released this guide to spotting fake humanitarian event invitations.


text from a hitman scam email
2. The 'Taliban Hitman' scam

The script: The potential victim receives an email or series of text messages informing them of the following:

I was hired to kill you by the Taliban/AQ/a secret government organization. I have all the information on your daily activities that I need to kill you at any time. However, I recently became aware of your humanitarian activities and know that you are a good person at heart. If you send me 10,000 USD I will spare your life.

I have all the information needed to implicate my employer in the plot to assassinate you recorded on tape. If you me 1500.00 USD I will send you the tape. If you find the information on the tape useful you can send me the remaining 8,500.00. You can use the information on the tape to retaliate against my employer or you can go to the police with it.

Please be aware that my boys are watching you all the time. If you do not respond quickly I will be forced to carry out the contract despite my reservations.

Ahmad Killer


Why it works: Groups like the Taliban, Al-Shabaab, and Al-Qaeda have made it clear that they do not approve of many NGO activities. Often the victims have already received real threats warning them not to work for international NGOs. To a national staff member of an NGO in Afghanistan, Somalia, or Iraq it seems entirely plausible that one of these groups has hired someone to kill them.

How to avoid the con: Once you are aware of the existence of this scam the real nature of the messages become pretty obvious. The Taliban and their ilk don't need to hire a hitman to kill an aid worker. They have plenty of people willing and able to do the job for free and they are unlikely to have a change of heart.

Don't let fear overwhelm you. Don't respond to the threats and don't make counter threats. Keep the originals of all the threats and give them to your security officer so that the issue can be dealt with appropriately.

If you still suspect you are being targeted by a hitman take a look at the FBI’s 2007 post on the hitman scam.


3. The 'Intelligence Service' scam

The script: The victim is approached by a person or small group of people claiming to be undercover police officers or members of an intelligence service. The scammer tells the victim that he (the victim) is under suspicion but that for a small fee he is willing to look the other way.

Why it works: Fear... pure, simple, fear. Aid workers who belong to persecuted ethnic, religious or social groups are especially vulnerable.

How to avoid the con: Unfortunately this is a very difficult situation to deal with. Much depends on the local context. In some countries (*cough* Sri Lanka) where this scam is being run the perpetrators may actually be real police/inteligence agents. Is it better to throw them a few bucks and make your getaway? Or should you hold firm and refuse? I'll leave the choice to you. Hopefully, forewarned of this scam, you'll be able to make an intelligent choice.

Whatever choice you make you should report all such incidents to your security officer.


5. Emergency funds transfer scams

The script: The bank that holds an aid organization's funds receives a phone call and/or fax purporting to be from a program manager in the same aid organization. Usually this happens just before the bank closes for the weekend. The caller apologizes for not completely following the previously procedure for funds transfer but he explains that this is an emergency situation. Its seems that there are 250 families who have been stranded by the current emergency. They've been overlooked until now and they are in a desperate need . Unless the funds can somehow be transferred to a specified local NGO/CBO before the close of business the families will be forced to endure another weekend without food, water and shelter.

The local NGO is of course bogus and no one will know that anything is amiss until the following Monday at the earliest.

Why it works: Despite rumours to the contrary bankers are human. They don't relish the thought of their disaster stricken countrymen going without the essentials of life for another long miserable weekend. Usually the scammers have done enough research to help allay the bankers concerns. It is easy find basic information, such as the name and the contact details of the country director and finance officer on the internet. Account numbers can be found by going through the aid organizations garbage or conning a staff member to provide it.

How to avoid the con: Don't throw financial information in the garbage. Shred it. Even staff lists and contact information is useful to potential scammers. Make sure staff know and understand the risks of giving out information over the phone (see social engineering). Finally, make sure your bank understands exactly who can and cannot override previously agreed transfer and payment procedures.


6. The 'Build and Burn' scam

A badly damaged school in Afghanistan

The script: This scam is becoming more common in conflict plagued areas of Afghanistan and Pakistan. Essentially the scam works like this: a local contractor bids for a NGO funded contract to build a school or similar public building. Local militants allow the contractor to complete the contract but they take a cut of the contractors profits or divert building materials. Once the contract is complete the militants burn or blow up the school. Often an NGO, maybe even the same one, returns to rebuild the school and the scam starts over again.

Sometimes the contractor is an active participant in the scam at others times he is simply extorted.

Why it works: A poor security situation, remote management, and a certain amount of wilful blindness on the part of NGOs contribute to the success of this scam.

How to avoid the con: The only way I know of to avoid this scam is not to fund construction in contested areas. You'll need to balance the potential good of a new school (assuming it stays up) versus the bad of funding armed groups.

Aid Workers: Dying on the Front Line

I’m not sure who created this little video or what their motivation was but if you find that intellectual appeals for NGO security fail it can’t hurt to try appealing to emotion.

Al-Shabaab's NGO liaison office announces closure of UN offices in Somalia

It seems that Al-Ahabaab has an NGO liaison office. No... really! I’m not kidding. The official communication below announces the formation of the “Office for Supervising the Affairs of Foreign Agencies”. It also announces the closure of UNDP, UNDSS, and UNOPS offices in al-Shabaab controlled areas of Somalia.



In the Name of Allah, Most Gracious, Most Merciful

al-Shabaab logo

Harakat Al-Shabaab Al-Mujahideen
Department of Political Affairs and Regional Administrations

Date 27/07/1430H- 20/07/2009.

Press release on behalf of the Department of Political Affairs and Regional Administrations regarding the status of the various NGOs and foreign agencies operating in Somalia.

1. This is the official announcement of the establishment of The Office for Supervising the Affairs of Foreign Agencies. This office has been set up to coordinate all dealings with NGOs and foreign agencies and to fully monitor them.

It is mandatory upon all NGOs and foreign agencies operating in Somalia to immediately contact The Office for Supervising the Affairs of Foreign Agencies in their area. They must contact the Administration of the area that they are currently operating in and they will give out the address for the new office. The NGOs and foreign agencies will be informed of the conditions and restrictions on their work and on how their work may continue. Any NGO or foreign agency found to be working with an agenda against the Somali Muslim population and/or against the establishment of an Islamic State will be immediately closed and dealt with according to the evidence found.

2. As of (20/7/2009), a number of NGOs and foreign agencies currently operating in Somalia will be completely closed down and considered enemies of Islam and Muslims. The current list is as follows:

1. UNDP
2. UNDSS
3. UNOPS

This decision was finally concluded after thorough research and due to an ongoing investigation into the actions and motives of many of the NGOs and foreign agencies currently in operation. The above foreign agencies have been found to be working against the benefits of the Somali Muslim population and against the establishment of an Islamic State in Somalia. Some of the findings include evidence of training and support for the apostate goverment and the training of its troops. The research also found material support being given to the apostate militias in the border regions in hopes of destabilizing the regions and disrupting the safety and security that the Islamic administrations of those regions have accomplished by the permission of Allah. On top of that, it has not been hidden that over $250 million dollars have been gathered in Brussels on April 23, 2009 from various infidel countries and donors for the crusader Amisom troops to continue their mission of oppression and massacre of the Somali Muslim people.

Previously, CARE and IMC, two American agencies, were closed down as evidence was found of participation in activities against Islam. Proof was uncovered of spying for and aiding the intelligence agencies of the enemies of Islam. In addition, as it is well known, those agencies assisted in the assassination of Sheikh Maalim Adam ‘Aayro.

Allah is our Protector and our Sustainer.
Department of Political Affairs and Regional Administrations

A HELP! button for aid workers

If you are an aid worker and you have an iPhone you need the Safety Button Assault Alarm iPhone application. Although it is Billed by its makers, Sillens AB, as an assault alarm for women its good for a myriad of situations in which aid workers can suddenly find themselves. Whether it’s a simple traffic accident on a remote road or the sudden realization that your new ‘friend’ intends to kidnap you, the safety button can help.

safety_button_screenshot

The Safety Button application is extremely easy to use. First, install it on your iPhone and fill in the email, phone, and SMS details of a reliable colleague or your organization’s radio room. Safety Button can then be set to do any combination of the following:

  • text your position
  • email your position
  • make an emergency call
  • sound an alarm

start_guide

When you find yourself in a situation of impending danger simply start Safety Button. Your location data will be sent to the Sillens AB servers in Sweden and updated every 20 seconds. As long as you keep the application running your position will be tracked.

At this point, if your fears turn out to be unfounded, you can simply turn off the application. No emergency messages will have been sent and you won’t have bothered anyone. However, if your instincts were right, simply press the big red button and Sillens’s servers will notify your contact.

You can buy Safety Button from the iTunes store for $2.99. The price includes three alerts. You can buy additional messages from the Sillens website.

Sudan Rumours

Rumours and breaking news from Sudan:

* A mob burnt vehicles parked outside an INGO compound in Khartoum
* @robcrilly reports NGO staff held at gunpoint by national security in Nyala as they were trying to leave for airport.
* Delays for exit visas
* Some foreigners have had trouble trying to get laptops out of Sudan over the last couple of days. I recommend you sanitize your hard drive before trying to get it out of the country.

Rob Crilly is in Sudan at the moment. Follow him on Twitter (@robcrilly) for a journalists perspective of events.

Think you have acceptance? Take the quiz

Now that we have talked about acceptance as part of an NGO security strategy, highlighted a preference for an active approach to acceptance, and noted some contributing factors, it is time for a little quiz.

Simply answer the ten short questions below to see just how well your organization really does at pursuing acceptance. Be honest.

1. Does your organization have an acceptance plan?
a. A what? No, I don’t think so.
b. Yes
c. We don’t need an acceptance plan. We just build houses.

2. Is it written down?
a. No
b. Yes
c. We need a written acceptance plan?

3. Have you read it?
a. No
b. Yes
c. Yes, but it is thirty pages of buzzwords and humanitarian fluff and I still don’t know what my part in all this is.

4. Does your organization have a clear procedure allowing beneficiaries, community members, and staff to raise concerns and complaints at the Country Director level?
a. No
b. Yes
c. We don’t receive any complaints. Everyone loves our work.

5. How long does it take for the complaint originator to get a response?
a. More than a week
b. A week or less
c. We don’t bother responding. They’ll be happy enough once we finish building their new house.

6. Can the drivers, guards, receptionists and cleaners in your organization explain your organizations mandate in their own language?
a. No
b. Yes
c. They are just drivers and cleaners. They don’t need to know that stuff.

7. Do they believe it?
a. No
b. Yes
c. I have no idea.

8. Have all your staff read and understood the personal code of conduct?
a. We don’t have one
b. Yes
c. No

9. Does your organization enforce the personal code of conduct?
a. No
b. Yes
c. Codes of conduct are unrealistic. Corruption is the cost of doing business in countries like this.

10. How did your organization handle the last incident in which a staff member was threatened by beneficiaries, community members, armed groups, or local authorities?
a. We ignored it. It was probably just a one-time thing.
b. We have a good relationship with local power brokers. We’ve discussed the issue with them and they’ve promised to help.
c. Local community leaders don’t live long enough for us to develop a relationship with them and/or nobody dares to be seen talking to us.


Scoring

For every b. answer give yourself one point. For every c. answer take one point off. An answer of a. scores zero.

10 out of 10 — you probably have a good active acceptance plan. If your organization has an acceptance only security strategy this is the passing mark.

6 to 9 — not too bad. If your organization’s security approach is a mix of acceptance, protection, and deterrence strategies this is a pass.

1 to 5 — your organization has been assuming its acceptance. A lot of work needs to be done.

0 or less — are you sure you are working for a humanitarian organization and not the Marine Corps?

Note: If your organization is an INGO that has an acceptance only security strategy and you are working in Afghanistan, Somalia or Iraq it is an automatic FAIL. You should be looking for a new employer.

More on acceptance

Even active acceptance strategies have their limits as NGO security tools. As a wise friend pointed out acceptance doesn’t work very well with itinerant armed groups. Criminals, and others who make their living by preying on the weak, just don’t care that much about the good work your organization may be doing or how much the local population might like you. You’ll need something aside from an acceptance strategy to reduce the risk from these groups.

Acceptance strategies also have obvious limitations when it comes to dealing with groups and individuals who are fundamentally opposed to the values they perceive your group represents. Whether they object to your organization’s religious values, work with women, or status as ‘foreign meddlers’ it is going to be very difficult to change their perceptions even with two or three years of a consistently applied active acceptance plan.

Other factors that inhibit acceptance:

• rapid staff turnover (or rapid expansion after a disaster as in the Tsunami response or the Pakistan earthquake)

• recipient only programs that do not engage the wider community

• friction between national and international staff

• divisions between national staff along conflict lines or ethnicity

• failure to deliver on promises or perceived promises to communities


Factors that promote acceptance:

• a long term presence in the project area (but only if you have been pursuing acceptance during that period)

• knowledge of local customs and language

• A close relationship/understanding between national and international staff

Aid workers die in freak ferry accident

Sri Lankan newspapers are reporting the death of two foreign aid workers after they accidently drove their vehicle off the end of the Muttur to Trincomalee ferry in eastern Sri Lanka.

Local police have stated that the pair started their vehicle to run the air conditioning without realizing that the vehicle had been left in gear. The bodies of the yet unnamed aid workers have been recovered and are in the Trincomalee hospital.

Active acceptance

Last week we looked at the acceptance fallacies that sometimes prevent NGO’s from properly implementing an acceptance strategy as part of an overall NGO security plan. Today we’ll look at a more robust approach to pursuing acceptance for humanitarian actors and activity.

Real acceptance is ‘active acceptance’. It needs to be continuously pursued and won. In order for an NGO to develop an active acceptance strategy an acceptance plan needs to be written, resources allocated to it, and deliberate action taken. Active acceptance involves regularly communicating with governmental groups, non-state actors, armed factions, and other key parties. The communication can be direct or through intermediaries when discretion is required. The communication needs to be two way.

All NGO staff need to be involved in the acceptance effort. Whether they are program managers, humanitarian field staff, or drivers, they need to be able to clearly communicate the humanitarian mandate of their organization. They also need to act in a manner compatible with the mandate. One misbehaving staff member can quickly destroy an organizations acceptance.

Other considerations:

• Active acceptance is costly in terms of time and resources but is cheap compared to the consequences of poor acceptance.

• Acceptance can be difficult to achieve in fluid conflict environments. New factions require new negotiations and agreements need constant reinforcement.

• Negotiations, especially with armed factions can be particularly stressful for staff.

• A rapid expansion in the number of NGOs in a country during a humanitarian emergency can make it difficult for any organization to maintain an independent identity. The actions of NGO’s with no pre-crisis experience in the affected area can have a negative effect on the acceptance of more experienced organizations.

• Your organization doesn’t exist in a vacuum. The actions of other aid organizations effect the perceptions of yours. Joint acceptance strategies should be considered.

Acceptance and acceptance fallacies

burnt out humanitarian vehicles in Afghanistan
Vehicles burned by an angry mob — at least partially due to the ‘good program’ fallacy.

In the traditional version of the acceptance approach to security an aid organization seeks to cultivate an atmosphere of trust and familiarity with beneficiaries and the host community. The idea is that beneficiaries and host community members will not target their ‘friends’ and will provide warning of impending attack by criminals or outsiders.

It’s a good approach that fits well with humanitarian ideals. Unfortunately many aid agencies fall victim to one or more of three acceptance ‘fallacies’ that prevent proper implementation of a real acceptance strategy. The first two have been outlined in “Providing Aid in Insecure Environments: Trends in Policy and Operations”, by Abby Stoddard, Adele Harmer and Katherine Haver.

Passive or assumed acceptance fallacy: To put is bluntly this fallacy is the end result of faulty logic. The assumption is made that if the organization does not have protective and deterrent measures it must therefore have an acceptance based strategy.

The exceptionalist fallacy: The assumption that an organization can simply reiterate humanitarian principles and proclaim its neutrality and independence from all belligerent parties. The problem with this approach is that beneficiaries don’t read organizational policy documents and they often have learned to be suspicious of the moral proclamations of outsiders and those in positions of authority.

The good program fallacy: I sometimes refer to this as the ‘good houses’ fallacy. It is easy to assume that merely building ‘good houses’, or implementing good programming is all that is required to gain acceptance.

So how do we gain real acceptance? Stick around. We’ll discuss that in a future post.

The NGO security triangle

I’ve noticed that many readers of this blog are new to NGO security. Some are military or police personnel looking to move over to NGO security. Others are aid workers looking to expand their security knowledge. Either way I think that it might be time to review some NGO security basics. I would ask that more experienced readers be patient. Don’t worry, we’ll work our way up to some new ideas shortly.

Let’s start with the classic NGO ‘Security Triangle’. Most NGO’s use this model of risk reduction methodology. Essentially the model proposes that there are three primary means of reducing risk faced by NGO’s and their staff; acceptance, protection and deterrence. This diagram from a Tear Fund security manual sums it up nicely.

security triangle diagram - acceptance, protection, deterrence
Image from Tear Fund’s “Safety in Travel Guide”, April 2006.

Most NGO’s emphasize acceptance, and to some extent protection, over deterrence.

We’ll look at what these terms mean over the next few days. They are not as simple as they might seem at first glance and many people overlook their deeper ramifications.

Teaser: Personally I think it should be the NGO ‘Security Square’.

Two MSF staff killed in Pakistan

nasir_and_riaz

According to MSF two of their medical staff were killed during fighting in Swat district, Pakistan on Sunday 1 February 2009. The two staff were on their way to collect casualties of the heavy fighting when their clearly marked ambulances were fired upon in Charbagh.

Riaz Ahmad (24) and Nasar Ali (27) were killed in the attack. An MSF volunteer was also injured in the attack. The drivers of both ambulances escaped injury.



Attacks on independent medical staff strike me as extremely myopic. You might deprive your enemy of medical care but you also deprive yourself, your colleagues, and your community of the same care.

For more on attacks on aid workers in 2009 check out the aid worker fatalities map.


Obama and NGO Security

Can a change of president improve NGO security? It is possible, but only with effort from us.

The UN rights chief says the world’s hopes are pinned on Obama. Obama says he’ll listen to the people. Change.org is taking him up on the offer.

So what does any of this have to do with NGO security? Let me explain. Amongst the ideas submitted so far is this one from Michael Bear Kleinman; “The US Should Establish a Department of Development”. A Department of Development would help give some perceptual distance between US military foreign policy and development efforts. The rhetoric surrounding recent fatal attacks on NGO’s in Afghanistan and Somalia suggests that some see little difference between american soldiers and aid workers. Anything that can be done to draw a clear distinction between development policy and military foreign policy can’t help but improve the situation.

If you think the concept of a Department of Development is a good one you can use the link in the widget below to vote.

















German aid worker, parents abducted in Yemen

Bani Thabyan tribesmen kidnapped a German aid worker and her parents in southern Yemen on Monday. The aid worker and her visiting mother and father were seized by the tribesmen in Dhamar province, 105 kilometres south of the capital, San'a according to security officials. The kidnappers are demanding the release of imprisoned fellow tribesman.

German and Yemeni officials have yet to release the identity of the captives.

Kidnappings of this type are fairly common in Yemen. In the majority of cases, the hostages are freed unharmed after negotiations.

Map of Dhamar

Stop Walking! Updated

Warning: Rant Ahead

On 20 October Gayle Williams was shot and killed in Kabul while walking to work. This morning a French aid worker was reportedly kidnapped while walking in Karta Parwan.

I know that many international aid workers want to avoid “white 4x4 syndrome’” and hate the feeling of isolation that security precautions can bring. I know it. I understand it. However it is time to recognize that it is no longer safe for obvious foreign nationals to walk on the streets of Kabul. Certainly one may be only marginally safer in a vehicle but marginally safer is better than nothing.

As an international aid worker it might help to remember that the work you do has greater benefit than does your visible presence on the street.

Update: It looks like the French aid worker may not have been walking when he was kidnapped. I still stand by my advice though - stay off the streets until things improve.

Personal Security Assessment Form

Phil at itinerant and indigent has an interesting personal security assessment form that some may find useful. It is intended for ex-pat staff but I don’t see why it could be used, with some slight modifications, for national staff.

However, I recommend it with a caveat. It is important that the user of the form and the compiler of the data recognize that there is a difference (sometimes a very large difference) between feeling (un)secure and being (un)secure. People tend to underestimate threats to which they have become familiar and overestimate new threats especially if those threats are vivid and easy to recall.

I especially like question 5:

Describe a few things that could happen over the next two months,  that would cause you to review your posting here. Try to be very specific as you describe a threshold that, once  crossed, would make you radically reassess  being here in Afghanistan 



Having people assess their risk cut off level proactively might just help counter some of the cognitive bias that skews risk perception.

You can find the form here. Just scroll down to the bottom of the post.

Aid Worker Deaths Due to Violence

Aid Worker Deaths or Injuries Due to Violence

WFP Staffer Murdered in Somalia

Gunmen killed a WFP staffer on Friday. Abdinasir Adan Muse was murdered as he left a local mosque after evening prayers. The incident occurred in Merka, about 80 kilometres south-west of Mogadishu.

Read more:
Official says gunmen kill a Somali UN aid worker
UN aid worker gunned down in Somalia - AFP

Burnout

In many non-governmental organizations, especially smaller ones, it is the security advisor’s responsibility to monitor staff for, and advise on the effects of, excessive stress. Even if it is not on your formal job description it is in your best interest to keep an eye on staff stress levels. Overly stressed staff frequently make poor decisions regarding their own security and are inclined to take short cuts when it comes to following established security procedures.

Excessive, prolonged stress can lead to an emotional and physical exhaustion commonly referred to as burnout. It often begins as normal stress but then you start to feel overwhelmed and unable to meet constant demands. As the stress continues, you begin to lose the interest or motivation that led you to humanitarian work in the first place. If left untreated burnout can eventually threaten your job, your relationships, and your health.

According to the Mayo Clinic you may be at greater risk of developing burnout if:

* You identify so strongly with work that you lack a reasonable balance between work and your personal life
* You try to be everything to everyone
* Your job is monotonous
* You feel you have little or no control over your work
* You work in a helping profession, such as health care, counseling, teaching, aid worker or law enforcement


The signs of burnout tend to be more mental than physical. They can include:

* Feeling detached
* Isolating yourself
* Irritability
* Frustration
* Feeling trapped
* Feeling like a failure
* Despair
* Cynicism
* Apathy
* Feeling powerless
* Feeling hopeless
* Emotional exhaustion

It is important to catch burnout quickly. Doing so can save a valued, experienced aid worker. Failure to do so can result in yet another bitter, cynical, possibly alcoholic, aid worker who is merely going through the motions.

One final note of caution: NGO security officers are as prone to burnout as other aid workers. You’ll need to monitor yourself for the signs and symptoms and take action because there is a very good chance that no one else will. Don’t try to work through it. It won’t work... and the only thing more dangerous than a bitter, cynical, alcoholic, aid worker is a bitter, cynical, alcoholic, security officer.

IFRC Aid Workers Leave Chad After Threat

Aid workers from the International Federation of the Red Cross and Red Crescent Societies have been temporarily pulled out of Chad after an unstated but specific security threat. IFRC staff have been supporting the Chadian Red Cross.

Red Cross aid workers leave Chad after threat

Two Merlin staff killed in Afghanistan

On 19 June unidentified armed men killed two Merlin staff members at a medical clinic in Kunduz. Dr. Sayid Masoom, the clinic head, and Mohammad Ewazewaz, the unarmed duty guard for the clinic, were fatally shot in the attack.

You can read Merlin’s statement at the link below.

Justice for Muttur Video

ACF is calling for an international investigation into the Muttur Massacre, the killing of seventeen aid workers in Sri Lanka in 2006. You can help by visiting the Justice for Muttur site.

The WolfGroup

Raj Rana is back online with his new company’s website. The WolfGroup is a consulting group with expertise in civil-military relations, post-conflict peace building, critical incident management, NGO security, risk management, protection and advocacy. Recommended!

Don’t let the murder of 17 aid workers go unpunished!

On 4 August 2006, 17 aid workers were murdered in the town of Muttur in Sri Lanka. No one has been held to account for this outrageous slaughter of humanitarians dedicated to feeding the world’s hungry.

ACF is calling for an international investigation in order to shed light on the circumstances surrounding the Muttur massacre and to find those responsible. You can find a link to their petition below. If you can find it in your heart to help please sign it. If you are a blogger please write about it and link to the Justice for Muttur site.


NGOs Looted after Rebel Attack in Eastern Chad

Looting has been widespread in the eastern Chadian town of Goz Beida after the town was attacked and seized by rebels over the weekend. Armed men looted several NGO compounds while other compounds were struck by small arms fire. It also appears that one NGO compound burned after fuel supplies caught fire.

EUFOR, deployed to protect Sudanese and Chadian refugees, has reported that it has been providing armed escorts for aid workers seeking shelter in the nearby EUFOR camp.

It is likely that the government will attempt to retake the town over the next couple of days. Any government counter attack will likely be accompanied by air strikes. NGOs should plan accordingly.

Map Showing Location of Goz Beida

Some 300,000 Sudanese refugees who have fled the Darfur conflict live in camps in Eastern Chad. 187,000 Chadians displaced by fighting in Chad have also sought sanctuary in IDP camps in the area.

Rebels attack eastern Chadian town, aid worker says
Officials: Rebels attack in eastern Chad

Aid Workers Attacked by Camp Residents

On 12 June 2008 two aid workers were attacked at De Klerks Oord Centre in South Africa. A man with a knife attempted to attack one Red Cross volunteer before disappearing in the crowd. Another aid worker was slightly hurt when camp residents pelted them with stones, bread and bones.

The De Klerks Oord Centre serves as a shelter for 2,000 immigrants who were displaced by last month's xenophobic violence in Pretoria North.

Abduction of Sri Lankan Aid Worker

Sebastian Goodfellow, a Sri Lankan driver for the Norwegian Refugee Council, a humanitarian organization working in Sri Lanka, has not been seen since May 15. It is feared that he has been abducted, possibly by an armed group operating with the tacit support of the security forces.

You can help by going to Amnesty International’s Online Action Center and send a message to President Mahinda Rajapakse and Ambassador Bernard A. B. Goonetilleke.

If you are a blogger please help by linking to the Action Center’s message page.

Gunmen kill senior aid worker, driver in Mogadishu

Mohamed Abdulle Mahdi, the head of the Woman and Child Care aid agency (WOCCA), was killed by unidentified gunmen in Somalia on Wednesday 11 June 2008.

The gunmen opened fire on Mahdi’s car as he was travelling through the Suqbad neighborhood of Mogadishu. Mahdi’s driver was also killed in the incident.

Gunmen kill humanitarian chief, driver in Mogadishu: aid worker
Top Somali aid worker shot dead

30% of aid money is spent on security for aid agencies?



If you read this blog you’ve probably already seen the article above. I almost didn’t read it because it looked like yet another “aid is inefficient and ineffective article”. It was the reference to NGO security costs that caught my eye. According to Integrity Watch Afghanistan, “Between 15 to 30 percent of aid money is spent on security for aid agencies, the IWA report said...”

What? Really? Where did those numbers come from? Given the difficulty I’ve had in finding money for things as simple as burglar resistant doors and decent fencing I really have my doubts.

If you download the full report you’ll see this:

For instance, the contracted security of the Kabul-Kandahar road during its reconstruction* prevented the disarmament of the equivalent of a whole private militia. Serious estimates put the number of armed guards who were used by the aid agencies at tens of thousands. An estimated 15 to 30 percent of aid money has been spent on security.



Maybe that’s where things got confused. To be clear the meaning of the statement “15 to 30 percent of aid money has been spent on security” is nowhere near the same as, “Between 15 to 30 percent of aid money is spent on security for aid agencies...” While considerable donor money might go to ‘security’ in Afghanistan it includes things like security sector reform, demining, counter-narcotics, police training, etc. This is not the same thing as “security for aid agencies.”

I’m pretty confident that aid agencies are not spending 15 to 30 percent of their budgets on their own security. I know mine isn’t. Most NGOs do not use armed guards and security budgets are generally small even if you include what are traditional safety costs.

* To the best of my knowledge the vast majority of the work done on the Kabul-Kandahar road was done by private contractors, not aid workers.

Safer Access gets it!

I can’t believe I never blogged about Safer Access before. Its not that I didn’t know they were there. Its just that somehow I didn’t give them the attention they deserve. That is until I noticed this paragraph on their website.

Safer Access supports the open-source philosophy, and seeks to apply it to humanitarian access issues involving safety and security. Safer Access training documents and best practice are not regarded as proprietary material, and are intended to be shared widely and discussed within the humanitarian community as an open source resource. This philosophy, when applied to vital information and training, reflects our desire to ensure that our support reaches all of those that are in need.

Imagine that. No exclusive copyrights. No caveats. No weasel words. No “if you use our security manual we’ll sic our lawyers on you”. Just open source safety and security information provided for the benefit of the humanitarian community.

Be sure to check out their open source security documents and assessments. There are documents covering topics from personal trauma kits to laptop security as well as security assessments for a number of countries.

Volunteer Aid Worker Killed by 'Freak Wave'

On 3 June 08 an Irish volunteer aid worker drowned in Ghana after a freak wave dragged her out to sea.

Natalie Higgins was paddling with two colleagues at the water's edge when the wave struck and pulled all three into the Gulf of Guinea. A rescue effort managed to save her friends but Natalie was pulled under water. Her body was found a while later.

Natalie had been in Ghana for 10 days as part of what was to be a three month stint with UK-based Projects Abroad.


Body of drowned aid worker flown home.
'Freak wave' killed aid worker.

Old Choices Come Back to Haunt NGOs in Afghanistan.

The Ghosts of Alexander have a great post on the The Politicization and Militarization of Aid to Afghanistan. As the ghosts quite rightly point out the process did not begin in 2001. It began much earlier and NGOs are still feeling the impact today.

To quote the ghosts again, “All it takes is for either the US, the Taliban, the locals or the central government to see it as political and becomes so...” Unfortunately that means your organization’s carefully crafted, acceptance based, security strategy disappears along with your perceived neutrality.

Read the whole post to see how your NGO’s choice of friends in the 80’s might be affecting your security today.

More Cartoons and More Threats

A Norwegian newspaper recently published a drawing of a man with Turban, having his clothes open and displaying a t-shirt with the text: "I am Mohammed, no one dares to print me”. The artist says that the half naked caricature represents the naked face of terrorism. However, it is fairly obvious that others may interpret the cartoon differently.
 
The drawing seems to be circulating quickly on Arabic websites. 



In an apparently unrelated, but likely synergistic threat, AQ seems to include Norway as well as other EU countries on its target list as the story below highlights.



NGOs would be wise to monitor the situation closely. Any indicator of negative reactions to the new cartoon should be taken seriously and any necessary risk reduction and mitigation measures implemented.

Islamabad Bomb Damages Local NGO

The building of a local NGO, Devolution Trust for Community Empowerment, was damaged in an apparent VBIED attack on the Danish Embassy in Islamabad. Dozens of its staff were reported to have been injured by flying glass. A spokesperson for the NGO said that the organization had been concerned about their location across the street from the embassy.
more

Canadian Aid Worker Kidnapped in Haiti Released

Gunmen Threaten INGO Staff in Batticaloa, Sri Lanka

Gunmen in civilian clothing have reportedly threatened INGO staff and local residents in Batticaloa, Sri Lanka. In one incident an INGO staff member had a weapon pointed at his head.

Young gunmen in civilian clothing have caused a series of disturbances on the town streets in recent days, threatening civilians and aid workers in broad daylight.
 
At least one International NGO has gone into hibernation until the situation stabilizes.

Medecins du Monde Aid Worker Kidnapped in Haiti

A Canadian aid worker with Medecins du Monde was kidnapped on 21 May from the Tomasin neighborhood of Port-au-Prince.

Haiti has a well established kidnapping industry. At least 139 people have been kidnapped this year. Most kidnappings occur in the capital.

How Many Kidnapped Aid Workers?

Sometimes the mainstream media really makes my blood boil. You may recall that on 21 May three aid workers were kidnapped by gunmen in Somalia. The headlines that came in on my news feeds were maddening.

First off the mark was DawnNews via Twitter with the headline "Two Italians among three aid workers kidnapped in Somalia." OK, so we have two Italians and somebody else. Maybe they just don't know his nationality yet.

"Two Italians kidnapped in Somalia" - PRESS TV Hmmm... what about the other guy?
"Italian aid workers kidnapped in Somalia" - Independent Online
"Somali gunmen kidnap two Italian aid workers" - Reuters South Africa OK... so maybe its just two Italians?
"Officials say gunmen kidnapped aid workers" - Reuters Or maybe the other person wasn't an aid worker?
"Somali gunmen kidnap two Italian aid workers: officials" - Reuters
"Somali gunmen kidnap two Italian aid workers: officials" - Washington Post
"Witness: Somali gunmen seize 2 Italian aid workers" - The Associated Press Just two Italians I guess.
"Somali gunmen kidnap two Italian aid workers-officials" - AlertNet Newsdesk
"Witness, diplomat: Somali gunmen seize 2 Italians" - The Associated Press
"Somalia: Two Italian aid workers kidnapped" - آكي adnkronos
"Somali official: Gunmen seize 3 aid workers" - The Associated Press Five hours after the DawnNews report the AP editor realizes that it was three aid workers.
"Somali official: Abduction of 3 aid workers, including 2 Italians ..." - PR-Inside.com (Pressemitteilung)
"Somali official: Gunmen seize 3 aid workers" - The Associated Press
"Somali official: Gunmen seize 3 aid workers" - Adal Voice of Eritreans
"Somali official: Abduction of 3 aid workers, including 2 Italians" - Adal Voice of Eritreans
"Gunmen Seize 2 Italians, One Somali Aid Worker In Somalia" AHN via Hiiraan Online. And finally Hiiraan Online points out that there is such a thing as a Somali aid worker.

Of the seventeen headlines that crossed my virtual desk more than half would have had me believe that only two aid workers were kidnapped. Seven of seventeen acknowledged that in fact three aid workers were kidnapped. Only one clearly identified the nationality of the Somali aid worker.

With headlines like these it is no wonder that so many national staff in INGOs feel like the second class citizens of the aid world.

Three Aid Workers Kidnapped in Somalia

Three aid workers from Cooperazione Italiana Nord Sud were kidnapped by gunmen on 21 May in the Lower Shabelle region of Somalia. Two Italians, one male and one female, and a male Somali colleague were kidnapped early in the morning in the village of Awdhegle.

Two Italians among three aid workers kidnapped in Somalia: officials
Somali gunmen kidnap two Italian aid workers-officials
Witness: Somali gunmen seize 2 Italian aid workers

Military Humanitarian Relief?

Mother Jones has an interesting article that outlines the tensions between NGOs and military forces' involvement in what the US military calls "stability operations." While it should be nothing new to the experienced NGO security practitioner it is a good primer for those who may not understand the debate.


Red Cross Website Hacked to Steal Quake Relief Donations

A section of the Chinese Red Cross website has reportedly been hacked. Apparently the hacker gained access to the website and created four fraudulent bank accounts to steal earthquake relief funding. If you can read Chinese you can read the report here. Otherwise check out the link attached to the graphic below. Read the full report from The Dark Visitor.



Crossing Borders with your Laptop

Recent media coverage of the Ninth U.S. Circuit Court of Appeals' decision to allow border agents to search travellers laptops without cause has inspired a lot of coverage in tech media circles. However, as an aid worker it is important to remember that the US border is not the only place where your laptop can be searched. Aid workers have reported having their laptops searched by authorities in Sudan, and Pakistan. Sri Lankan security forces frequently demand access to aid worker's laptops when they are entering LTTE controlled areas or travelling by to or from Jaffna. In one case they even seized the computer of the Executive Director of an NGO.

So how do you keep prying eyes from accessing your sensitive files while travelling? The EFF has some good advice for protecting your laptop from arbitrary searches. Bruce Schneier has his take as well. Finally you shouldn't overlook Front Line's "Digital Security and Privacy for Human Rights Defenders".

Gunmen Kill Aid Worker in Southern Somalia

The director of the Somali aid organization Horn Relief was killed by masked gunmen as he arrived at his house in Kismayo, Somalia late Saturday. According to village elders the reason for the killing of Ahmed Bariyow was not readily apparent.

The killing comes as central Somalia enters a humanitarian emergency amid fears of a full blown famine.

Press TV: Somali aid organizer shot dead.

Kidnapped Aid Workers Released in Pakistan

On 17 May, Taliban fighters operating in Mohmand Agency, Pakistan, released four employees of two NGOs. The four were kidnapped by the Taliban on 23 April.

The aid workers were reportedly released after a local Peace Jirga facilitated talks between the Pakistani government and the Taliban.

Darfur 'No Fly Zone'?

According to sources the Government of Sudan is creating a 'no fly zone' for UN and humanitarian operations in Darfur. There are contradictory reports of airport closures and the grounding of flights. Nyala and El Fasher airstrips were closed on 13 May.

NGO security advisors are advised to reassess their medical evacuation plans for Darfur. The lack of reliable aeromedical evacuation capability increases the threat to life and limb of even relatively minor medical events.

WFP Head of Sub-office Killed by Gunmen in Northwestern Kenya

On Wednesday, 7 May 2008, gunmen shot dead 37-year-old Zimbabwean Silence Chirara outside a UN compound in Lokichoggio, north of Nairobi, near the border with southern Sudan. He was ambushed while driving a clearly marked UN vehicle.



See also:
UN food agency shocked by killing of staffer in Kenya
Zimbabwean Aid worker killed in Kenya

Another WFP contracted driver killed in Somalia

On 7 May another WFP contracted driver was killed by militiamen at an illegal checkpoint in Somalia. The incident occurred when 12 WFP contracted trucks were stopped at gunpoint at a checkpoint 30 km north of Galkayo. The driver was injured and later died when a gunman opened fire on the trucks.

A similar incident occurred on 13 February when the leader of a WFP contracted aid convoy was shot and killed by militia in southern Somalia.

Sending GPS Coordinates from your Thuraya to Twitter

Aid Worker Daily has instructions for sending GPS co-ordinates from your Thuraya satellite phone to Twitter via an SMS message. This might come in handy if you get into trouble and need help like James Karl Buck.

Save the Children Aid Worker Killed in Chad

Save the Children aid worker, Pascal Marlinge, was shot and killed by armed men in Chad on 1 May 2008. The link below has more detail from Save the Children.

UNDP Worker Arrested with Pistol - Snarky Comments Follow

This article about a UNDP worker being arrested while carrying a pistol is interesting but its the comments that stand out. Some are funny... some just sad. What does it say about acceptance as a security strategy in Sri Lanka? Have we been doing a good job communicating what it is we do and who we are?

WVI Employment Fraud Warning

World Vision International is warning that fraudulent recruiters are bilking applicants out of "training" and "recruitment" fees. If you have received any of these bogus offers please help out by forwarding them to emp_fraud@wvi.org.

IFRC Releases Two New Security Manuals

IFRC has released "Stay Safe", its new security manual. I've only taken a quick look at it but so far it looks good. There is also a security manager's version.

Learning to Think Analytically with Video Games

According to Wired US intelligence agencies are using custom video games to teach analytical thinking. Despite what the graphics might suggest the games' emphasis is on critical thinking skills and the use of the analytical process rather than violence.

I'd love to see an NGO version of something like this. It shouldn't be too hard to come up with an interesting story with a humanitarian slant that would challenge the players reasoning. Perhaps based on Darfur with the player attempting to shift through opposing claims and counter claims. Or how about a scenario based in Gaza?






Only the eight principles of intelligence analysis can save him? Oh my Gawd! I don't remember them! I'm hoping that its Richards J. Heuer's eight step Analysis of Competing Hypotheses otherwise little DIA dude is doomed.

NGO Security Scenario - Valuables Snatched

In homage to NGO Security's Security Scenario videos I offer the following. Unfortunately (perhaps fortunately) I can't find any video for this scenario so you'll have to read the article below. I swear it is real!



A staff member has refused to report to working claiming to have been victimized by one of the snatchers. The remaining staff of your organization have requested that you brief them on the risks. Identify the two threats in this scenario. What are the probabilities associated with each. How do explain the risks to the staff. How do you deal with the absent staff member.

Black Swan Lessons - You Can't Graph the Future

Something about most UN and NGO security reports has always made me uneasy. Don’t get me wrong. It’s not that they aren’t thorough. A lot of work goes into fact checking and ensuring that what they say is ’correct’. It’s just that the typical security report is a comprehensive list of recent past incidents combined, if we are lucky, with their assessed causes. Incident statistics are then charted and 'trends' are identified. This always made me a little nervous.

To be fair I never really knew why it made me nervous until I read “The Black Swan”. Nicholas Taleb raises several points that help explain my unease.

The first is that more information is not necessarily better. Its very easy to get bogged down in detail that has no real relevance to the issue at hand.

The second factor is what Nicholas calls the Ludic Fallacy. In brief this is the assumption that the unexpected can be predicted by extrapolating from statistics based on past observations. Nicholas argues that while this holds true for theoretical models based on games of chance it seldom holds true in the real world for the following reasons:

We don’t know what we don’t know. (See the Unknown Unknown)
Very small (perhaps imperceptible) changes in the variables can have a huge impact in the outcome. This is commonly referred to as the Butterfly Effect.
Theories based on experience are fundamentally flawed as events that have not occurred before (or are outside living memory) cannot be accounted for.

The Washington Post graphic below, which shows the frequency and lethality of suicide attacks since 1981, illustrates the problem. If we had examined the chart in 2000 would it have led us to predict 9/11(a classic Black Swan)? If we had re-examined it in 2003 would it have led us to predict the sudden increase in the frequency of attacks in 2007? What does 2007 tell us about 2008? Looking at the trend from 1981 to 1989 how many researchers would have concluded that suicide attacks were in decline and opined that such attacks were ineffective in accomplishing the attackers goals.


Action Against Hunger Leaves Sri Lanka in Protest

ACF has made the difficult decision to withdraw from Sri Lanka due to lack of confidence in the government's investigation into the massacre of 17 ACF staff two years ago. This couldn't have been an easy decision for ACF. Concerns over the impact of their withdrawal on beneficiaries must weigh heavily. However, ACF's action may well help raise the profile of attacks on NGOs in Sri Lanka and help end the culture of impunity that grips the island.

I applaud ACF for making morally courageous choices under difficult circumstances.

Afghanistan Non-Government Organization Safety Office Quarterly Data Report

ANSO has released it's quarterly data report titled "Afghanistan Non-Government Organization Safety Office Quarterly Data Report (January 1st 2008 - March 31st 2008)".

Abstract:

NGOs have been directly targeted for attack on 29 occasions in the first quarter of this year with 16 of those attacks associated to Armed Opposition Groups (AOG) and 13 to criminals. Although comparable to last years figures in volume (30), the attacks of this year have resulted in many more fatalities indicating an escalation in the seriousness of attacks on NGO. This assessment is demonstrated in the fact that NGO incidents attributed to AOG have doubled from in first quarter of 2007 to 16 in the same period this year. The NGO incidents include, amongst others, seven AOG armed attacks which between them resulted in nine fatalities, nine injuries and near total destruction of two NGO compounds; seven armed abductions accounting for 12 persons kidnapped and an additional two fatalities including a female US citizen; and ten serious armed robberies accounting for one additional NGO staff injury and a long list of losses and damages to property. These figures are all higher than last year by a significant margin.


You can download the full .pdf report here.

Security Incidents Map - Nepal - March 08

OCHA Nepal has released a security incidents map for Nepal covering March 2008.

nepal_security_incidents_mar

Talks with a UN Security Guard

I didn't know whether to laugh or cry when I read this. On the plus side I guess it means there is still lots of work available for NGO and UN security officers.

Darfur, Afghanistan, Beer, and Breakfast

Google Trends can be a useful tool for context analysis. If you've ever wondered why your security budget is dwindling despite the rise in security incidents or why the head office seems to have forgotten you it can be a pretty useful tool.

For those who haven't seen it before Google Trends compares the relative Google search frequency of up to five user specified terms. For example if you want to compare relative search interest in various hot beverages you might enter "coffee, tea, cocoa" and press search. Google Trends returns a nice neat chart that shows how many searches were made for each term over time. It also shows a "news reference volume" chart, or in other words the frequency with which the term has shown up in the media.


Relative frequency of search terms Darfur, Iraq, Afghanistan, Congo and Sweden

The chart above was generated when I compared relative interest in Darfur, Iraq, Afghanistan, and the Congo, with Sweden as a control.
The results were pretty interesting. Searches for Iraq seem to correspond with increases in media coverage. No surprises there. The big surprise for me was Sweden. Google user are more interested in Sweden than they are in Darfur, Afghanistan, and the Congo. Talk about forgotten conflicts!

Flag B is interesting. It marks George Bush's call for more NATO troops in Afghanistan and clearly shows an increase in media coverage of Afghanistan. It even overtook coverage of Iraq for a short while. However, the general public took no notice.

Headlines associated with country comparison

Relative search frequency by region

The regions chart is enlightening. Americans are predominantly interested in Iraq and seem to have forgotten about Afghanistan. The Canadians, who have troops in Afghanistan but not Iraq seem equally interested in both countries. And finally, the Swedes seem to be totally obsessed with Sweden.


beer_comp

Not without trepidation replaced Sweden with "beer" in my search terms. I shouldn't have. I now know that your average computer using westerner is more interested in beer than they are in Iraq and Afghanistan combined. "Darfur?... never heard of it... do they have good beer?"

If you are feeling particularly masochistic try breakfast or worse boobs. For a brief while in 2004 your average Google user was more interested in what was happening in Iraq than what they were going to have for breakfast. That aberration hasn't repeated itself since. Its also interesting to note that while American's seem equally fascinated by Iraq and breasts, Canadians have a distinct preference for the later.

More on Espionage Against Pro-Tibet NGOs

You might recall that a couple of weeks ago NGO Security and humanitarian.info covered cyber attacks on NGO's in Tibet. Now Wired magazine has a more mainstream follow up article on the issue. Most alarming perhaps is that some of the malware used in the attacks was designed to steal PGP encryption keys. PGP is used by many human rights groups to secure their email from prying eyes.




If you'd like to know more about how to protect your organization's information from prying eyes be sure and check out "Digital Security and Privacy for Human Rights Defenders".

Are aid groups doing too much newsgathering?

The frontline club introduces "The News Carers: aid groups doing too much newsgathering?", with the following:

Are the media relying too much on aid groups and NGOs to provide pictures and video of the world's forgotten crises? Or does it make no difference where we source our material? Does the public even know the difference?



These are interesting questions but I'd rather switch it around a little. Do NGO's rely too much on mainstream media to get the word out about forgotten crises? How do governments, non-state armed actors, and others view our relationship with the media? How do these perceptions affect NGO security? How do they affect our ability to access those in need?


Appropriate Response to NGO Kidnappings and Abduction


Image of a man in a blindfold



In the past most NGO kidnappings were conducted by criminal groups seeking economic gain. However in at least the past five years we have seen a marked increase in the number of NGOs who have been kidnapped for political reasons. Confusing the issue are indications that some recent kidnappings may have been 'speculative' in nature. That is to say they were carried out by groups that were primarily criminal in nature but with the intent to sell the victim to the highest bidder.

"Experienced Advice Crucial in Response to Kidnappings" outlines the nature of the kidnapping threat and the steps NGOs should take to prepare themselves. Kidnap insurance, crisis management plans, family support, and media liaison plans are all covered in an accessible manner. If you are an NGO security officer the article might be useful for opening a discussion with senior staff. If you are a programme person you should read it and raise any questions you might have with your security officer.

The article was authored by Bob Macpherson, former director of the CARE International Safety and Security Unit, Christine Persaud, and Norman Sheehan. Between them they have a wealth of experience dealing with NGO security issues.

"...we keep them alive, until they are massacred."

The Carnegie Council has an interesting presentation by Jan Egeland, former UN Under-Secretary-General for Humanitarian Affairs, in which he introduces his book, "A Billion Lives: An Eyewitness Report From the Frontlines of Humanity". Its all good but a couple of quotes really caught my attention.

Jan Egeland on the need for more than just humanitarian aid:

"...in the old days, they said, "Send the Marines." Now it's, "Send the humanitarians. They will keep them alive, and we can maybe forget about it." Well, we keep them alive, until they are massacred."



Jan on humanitarian security in a post UN Bahgdad bombing world:

"...it is a watershed when we go from just preparing ourselves to survive in crossfire with militias, with child soldiers, with drunken soldiers, with mines, and so on—we have lots of procedures to survive in such circumstances, but we do not know how to survive when a well-financed, ruthless organization plans for one month to kill you."




You can watch a video excerpt of the presentation below.



If you have good bandwidth you can watch the full video presentation...
or you can listen to the audio archive...
or if your connection is very slow take a look at the transcript.

NGO Security is Compiling a Security Training Directory

NGO Security is compiling a humanitarian security training directory. If you or your organization want to be included in the directory drop them a line. If you know someone who might want to be included please pass the word.


Breaking NGO IT with Low Tech - Suggested Readings

Discussion (here and here) regarding Bruce Schneier’s recent post on security mindset combined with recent interesting posts from friends regarding NGO IT security issues (here, here and here) has me thinking. It seems to me that social engineering, rather than a purely technological attack, is still the easiest route into most NGO’s networks. There is no need for anything too complicated. Most aid workers are somewhat trusting and helpful by nature making them easy targets for even relatively inexperienced social engineers.

Kevin Mitnick’s book, “The Art of Deception - Controlling the Human Element of Security” is a great introduction to social engineering. Kevin Mitnick was one of the world’s greatest hackers. He gained great notoriety for his ability to penetrate telephone and computer networks seemingly at will. What surprised many is that it wasn’t sophisticated technology that allowed him to do it. It was his ability to con or ‘pretext’ people into giving him the information he needed to access their systems. As he explains in the book the human factor was security’s weakest link.

Hint: If you search for “Kevin Mitnick The Art of Deception.pdf” Google you just might be able to find a free copy of Kevin’s book floating around the net.

To further develop your security mindset check out "No-Tech Hacking" by Johnny Long. Its a sample chapter from "Techno Security's Guide to Managing Risks for IT Managers, Auditors and Investigators". Johnny has since turned the chapter into a book in its own right. In the freely available sample chapter he covers tailgating, faking ID cards, lock bumping, shoulder surfing, dumpster diving and other low tech means of gaining forbidden access.

Happy reading and don't blame me if it keeps you up at night.

A Calmer Look at Fitna, the Movie

Viewed by some in the Islamic world as symbols of western influence INGOs are vulnerable to the sometimes violent backlash over perceived insults to Islam. Attacks on INGO compounds after the release of the now infamous Danish cartoons and the erroneous TIME magazine article claiming that an American military prison guard had flushed a copy of the Quran down a toilet highlight just how vulnerable we are. Most physical security measures cannot survive a sustained assault by hundreds of angry protesters. Host country security personnel are generally reluctant to open fire on their fellow countrymen nor would most INGOs want them to. Frequently underpaid and undermanned security forces may lack the breadth and depth required to protect all the potential targets in their country. All of which begs the question of how do organizations whose security relies primarily upon acceptance maintain security when they are no longer accepted?

Unfortunately I don't have any easy answers but I am hoping the following clip by Radio Netherlands Worldwide will help cooler heads prevail if the Geert Wilders 'Fitna' film is released. The version below is in English but there are Arabic and Indonesian versions as well. Link to these, email copies to friends, show them at your next staff meeting and maybe, just maybe, we can counter some of the hype and propaganda that Geert Wilder thrives on.

Very rarely has a film sparked off as much pre-release controversy as Dutch MP Geert Wilder’s ‘Fitna, the movie’. Even without knowing what’s in it, 'Fitna’ has got the world asking questions. Questions about the man who made it and his motives, about the country he lives in where his film is allowed. Questions about that country’s government – which issues warnings about the film but does nothing to stop it. And questions about the position of Muslims in The Netherlands. The central character in this film is also struggling with these questions, and decides to travel to The Netherlands in search of answers.


Kidnapped Aid Workers Reportedly Killed in Afghanistan

Aid workers Cyd Mizell and Muhammad Hadi have apparently been killed in Afghanistan according to this statement by Asian Rural Life Development Foundation. The pair had been kidnapped by armed men in Kandahar while they travelled to work in the morning.



Our prayers are with the families and friends of Hadi and Cyd.

Trunk Monkey Security System

Thanks to Sources and Methods for pointing out the Trunk Monkey Vehicle Security System. Hopefully they'll develop a ruggedized version for NGO use. Just imagine how useful it could be at militia checkpoints or when the police want to search your vehicle for the fifth time that day.



For more about Trunk Monkey go to trunkmonkey.com.

Mexico's kidnapping business

According to AlJazeera kidnappings are big business in Mexico with an average of 900 kidnappings per day last year.



Watching the video reminded me of a kidnapping conference I attended a couple of years ago. Among the participants was Rachel Briggs, the author of "The Kidnapping Business". Her publication is well worth reading even without the extensive references to the NGO community.

To paraphrase her report a kidnapping business hotspot country can be identified by the following characteristics:

1. The presence of networked groups that can support the crime. Tribal groups, fringe political groups, religious groups, and pure criminal groups are the major classifications and they are by no means mutually exclusive.

2. Political or economic transition that results in ineffective policing, corrupt judiciary, or weak laws but avoids outright conflict which would likely limit the number potential victims.

3. A local middle class, significant numbers of expatriate businessmen, or I would argue the presence of large numbers of aid worker.

4. Areas where potential victims are poorly protected and do not manage risk well.


Does the country you work in have some or all of these characteristics? Does your organization have a kidnap and ransom policy? Do you know what it is? Do you know what personal security measures to take to reduce your risk? Do you actually use them?

Security Links

Suicide attacks, bomb warnings, damage to undersea internet cables, and SMS service cuts have all conspired to keep me from finishing my comparison of SMS tools so you'll have to settle for some links.

10 Ways We Get the Odds Wrong: Psychology today takes a look at why our brains are so bad at assessing modern risks. There is an interesting if strictly US-centric quiz at the end that will let you test your risk knowledge.

Finding a Job: The AidWorkers Network has a good guide for anyone looking to break into the aid worker job market. Its not limited to security jobs but it doesn't exclude them either.

Travel Safely: Gadling shows you how to create your own DIY personal first aid kit for the road. Note that this kit is for travel related "nuisance illnesses". For field work I carry a larger first aid kit as well.

Aid Agencies Lack Focus on Security: According to a former aid worker who was evacuated from Chad last year some aid organizations don't focus enough on security.

Custom Garmin GPS Maps: NGO Security explains where to find open source Garmin GPS maps. This is a very good resource. I was able to find a street map for Colombo and some good Afghanistan maps.

You Thought My Banana Was a Bomb: The Strategist's take on the Transportation Security Administration's new blog. Funny in a very sad sort of way.

Family Statement Regarding Cyd Mizell, Aid Worker Held in Afghanistan

Cyd Mizell's father asks for his daughters safe return in this video statement.



If your connection is too slow for the video you can read the text of the statement below.

SEATTLE, Feb. 3 /CNW/ -- The family of Cyd Mizell, an American aid worker currently being held in Afghanistan, today released the following statementfrom her father, George Mizell: "I am Cydney's father. My family and I want to thank all those who have shown their deep concern for the safety and well being of my daughter, Cydney Mizell, and Muhammad Hadi. I am indebted to the Afghan people for their support of Cydney and Muhammad. "My family and I love Cyd very much. I'm confused why my daughter would be taken because she's a gentle, caring and respectful person. "When we talk to Cyd, she tells us about the friends she's made and the kindness that's been shown to her and her desire to help them. "To those people who are holding our daughter, please let Cyd come home. Each day that passes without knowing about Cyd is difficult for our family andfriends. "We ask that you work with us so Cyd can come home. Cyd knows how to contact us and her co-workers. All of us are waiting to hear from you."

For further information: Bill Curry, spokesman for the Mizell family, +1-206-697-3684 Web Site: http://www.onlinefilefolder.com

Afghan Security Tight After American Kidnapped

Cyd Mizell, an aid worker with the Asian Rural Life Development Foundation, and her driver, Abdul Hadi, were reportedly kidnapped in Kandahar on 26 January. This short AP video has a plea from her organization for her quick release.



According to relief web hundreds of Afghan women in Kandahar demonstrated to protest the kidnapping and demand her safe release.

Imminent Threat: Potential for Violent Backlash over Anti-Qur'an Film

Although Geert Wilders, the leader of the Dutch Freedom Party, has agreed to delay the release of his controversial anti-Qur'an short film the potential for a violent backlash remains. The pending release of the film has led to fears of a repeat of the worldwide Prophet Mohammad cartoon riots in 2006.

Wilders says his short will show that the Qur'an is "a source of inspiration for intolerance, murder and terror." Little else is known about the contents of the yet to be viewed video leading some to speculate that it may contain deliberately provocative acts.

NGO’s working in Islamic countries or in countries with significant Muslim communities should review their exposure to the risk of a violent backlash. Organizations that might be labelled as “Western”, “Christian”, “Dutch” or “Israeli” are especially vulnerable. Security plans should include responses for civil disobedience, demonstrations, and riots. With luck cooler heads will prevail and the plans won’t be needed but, as always, it is better to be prepared.

Suicide Attacks in Pakistan 2007

The Pak Institute for Peace Studies' Security Report has some interesting data on suicide attacks in Pakistan in 2007. Actually there is all manner of data covering many aspects of the violence plaguing Pakistan but I've only had time to play with the suicide bombing data. Digging deeper into the numbers reveals some interesting facts.

Suicide Attacks by MonthCasualties Due to Suicide Attack by Month

If we examine the number of suicide bomb attacks per month we see a peak in July 2007. This coincides with an active suicide bombing campaign against predominantly military and police targets. However if we compare it to the adjacent chart showing casualties due to suicide bomb attacks we can see another peak in November and the start of one in December. The July, November and December peaks coincide with attacks on Pakistan Peoples Party rallies and/or attacks on the party chair, Benazir Bhutto.

Incidents of suicide bomb attacks and casualties by region of Pakistan
This chart reveals that most of 2007's suicide attacks occurred in the NWFP. The single but very lethal attack in Karachi also stands out.

Assessed Intended Target of Suicide Bomber

Attacks probably intended to target the military accounted for 47% of suicide attacks with attacks against the police accounting for another 20%. Assessing the actual target of suicide attacks is difficult since the perpetrators are no longer around to explain their intent so these numbers are approximate. The 'mixed' category in particular may be the result of bombers attempting to attack police or military targets without regard for nearby civilians.

Nine percent of the attacks were assessed to be primarily intended to target civilians while 13% where assessed as being intended to attack government personnel and/or political entities, including VIPs.

A comparison of BBIED vs VBIED as method of attack

In 2007 suicide bombings in Pakistan were almost evenly split between Vehicle Borne Improvised Explosive Devices (VBIEDs) and Body Borne Improvised Explosive Devices. There were a small number of 'complex attacks' involving either multiple bombers or combinations of suicide bombers and conventional attacks.

Relative lethality of VBIEDs and BBIEDs

It was a comparison of the relative lethality of the variants of suicide attacks that surprised me somewhat. I had expected complex VBIED attacks to produce the highest number of casualties per incident yet we can see that complex BBIED attacks on average produced two and a half times as many casualties. However, on second examination it becomes apparent that suicide bomber on foot are able to get much closer to their targets and are able to merge easily with large crowds. Even a relatively small quantity of explosives will cause many casualties when employed indiscriminately at political rallies and religious festivals. In addition it appears that VBIEDs were employed primarily against harder military and police targets.

I would have liked to compare civilian victims of suicide bombers against total casualties but unfortunately the data fidelity is just not there. However PIPS did have a table showing total civilian casualties as a result of 2007's cumulative attacks and clashes. Once again civilians seem to bear the brunt of the violence as the chart below shows.

Casualties of Clashes in Pakistan 2007

So what does all this mean for NGO's and others wanting to increase their personal security? Well there shouldn't be any surprises here. The data supports the tried and true advice:

* Avoid potential targets including military and police personnel and facilities as best you can.
* Don't wear clothing that might be mistaken for a uniform.
* Don't mingle with military or VIP convoys while driving.
* Avoid travelling on routes and at times used by military convoys and/or VIPs.
* Avoid political rallies especially when VIPs are present.
* Avoid large crowds including during religious festivals.

Beware Barbara Moratek of the Ivete Foundation

According to Sunbelt, a security software company, there is a new email scam going around where small non-profit organizations are being targeted by a “Barbara Moratek” of the “Ivete Foundation“. Not only does the email seem to be a scam but Googling either name can take you to sites with fake codec Trojans and other potentially damaging sites. NGOs, especially smaller ones eager for donors, should also be aware of this potential threat.

Go to their site to read the whole post.

Free Media and NGO Security

Yesterday the Free Media Movement (FMM), Sri Lanka, sent me an e-mail announcing their new website. A quick review of the new site reminded me of how valuable FMM and similar sites can be to NGO security officers. The risks faced by independent journalists are similar to those faced by NGOs working in the same area. Official and factional attitudes towards free media often reflect attitudes towards NGOs, especially human rights organizations. Therefore actions against journalists can be indicative of impending risks for NGOs.

There is another reason as well. Sooner or later you and your organization are going to face a crisis. When you do there is a very good chance you are going to have to talk to the media. Independent media sites can help you find credible, non-partisan journalists who will be willing to listen objectively to your side of the story.

The FMM site also has a link to “On Assignment: A Guide to Reporting in Dangerous Situations”, a security guide for journalists working in conflict zones. Although it is intended for journalists much of the information is of value to NGOs as well. It is worth the download just for the resource links.

Sri Lanka 2008

2008 is going to be a very difficult year for humanitarian organizations working in Sri Lanka according to this post in groundviews. I wish I could disagree with the author as the predictions are grim indeed.

"Senior leadership of pro-democracy NGOs will face ever increasing hate speech by those in power and their local and international apparatchiks. Field workers of local and international human rights and humanitarian organizations in particular will suffer the brunt of physical attacks, including outright murder and torture with total impunity. Further, organizations working on media freedom and the freedom of expression will find themselves painted as agents of foreign government’s with no real legitimacy in Sri Lanka. The Administration will become more rabid and parochial in its definition of what is local, authentic, Sinhala and Sri Lankan and essentially kosher in civil society initiatives. Anything and anyone that falls outside these self-styled definitions will be dealt with extreme prejudice."


Unfortunately I think that Sanjana has it right. You might want to make sure your contingency plans are in place and up to date.

Twitter Tracking for NGO Security

Two months ago Twitter added the ability to track keywords. Essentially this capability means that whenever someone sends a public update containing the word or phrase you’ve told Twitter to track you’ll receive a copy of the SMS.

Since its introduction I’ve been examining this feature’s potential utility for NGO security officers. I’ve tracked the names of several towns in trouble areas, the term Tsunami, and a variety of other keywords. The effort produced some positive results.

While most of the results were tweets sent by news services there were some other useful messages. On two occasions the messages containing tracked terms tipped me off hours before the issue made the media. On another occasion the issue never even made it to the mainstream media. In each case we were able to take pre-emptive action to reduce our potential risk.

There are caveats however. You get ALL public updates containing the search term, even ones in languages you don’t speak. It’s also surprising how terms are used sometimes. ‘Information Tsunami’ seems to be making its way into the modern lexicon. Apparently Tsunami is also the name of a very popular Sushi restaurant. It must be on the other side of the world from me because people’s lunchtime “enjoying Sushi at Tsunami” messages would arrive in the middle of the night. Needless to say I’m not tracking Tsunami any more.

Risk Homeostasis: Is NGO Security a Sham?

Risk homeostasis theory, developed by Gerald J.S. Wilde, has some serious potentially serious implications for NGO security.

At its core risk homeostasis theory has two basic premises. The first is that every individual has an inbuilt, personal, acceptable risk level that does not readily change. The second premise is that when the level of acceptable risk in one aspect of an individual's life changes there will be a inverse change of acceptable risk elsewhere. In other words everyone has their own risk ‘set point” at which they are comfortable and which they will endeavour to remain at.

In an NGO context it suggests that increased security precautions encourage greater risk taking amongst staff in other areas of their lives. Better vehicles and improved communications would therefore result in staff to pushing the envelope in their field activities. In effect, according to risk homeostasis theory, security measures merely serve to "move risk-taking behaviour around".

Wilde’s book, Target Risk, is full of citations from studies showing that vehicle safety improvements increase risky driving and fail to decrease the accident rate. He also cites examples of industrial safety programs that don’t decrease overall work related injuries and anti-smoking campaigns that come to nothing.

All of this begs the question of whether or not current security programs are, or even can be, effective. Do security officers, security training programs, and improvements in equipment merely shift the risk? Do aid workers compensate for decreased risk by pushing harder and farther than they would otherwise? Should we be concentrating on mitigation rather than risk reduction?

Note: The out of print first edition of “Target Risk, Dealing with the Danger of Death, Disease and Damage in Everyday Decisions” is available for free online. The expanded “Target Risk 2: A New Psychology of Safety and Health” is available from online bookstores.

Front Line: Accessible Security for Human Rights Defenders

I like Front Line more and more as time goes on. They get it. They put a lot of effort into making their security related materials accessible and understandable. Their newly updated website is clean, easy to navigate, and full of valuable resources. They have a good primer on security for human rights workers, and a great manual titled "Digital Security and Privacy for Human Rights Defenders".

Even their site licence is a breath of fresh air. They have a nice simple Creative Commons licence. Front Line understands that its job is protecting people not content. Try comparing their licence to the pages of unfriendly legalese found on the websites of some large NGOs.

Front Line is also making good use of internet video as these two examples released on YouTube demonstrate.


Video: Front Line - Protection of Human Rights Defenders


Video: NGO in a Box - Security Edition

Evacuation and Relocation Training

Several months ago I did evacuation, relocation and hibernation training with one of our offices. We were all very busy at the time and my planned eight-hour training day turned into three hours. I insisted we go ahead with the training despite my concern that everyone was too tired to learn anything of value.

It turns out I needn’t have worried. Last week we were forced to temporarily relocate a sub-office due to security issues. The relocation went very smoothly and staff were keen to point out that it ‘was just like the training’.

The method we used for the training is outlined below.

The team with thier creations


Materials:

1. Index cards or construction paper

2. Flipchart paper – or any other type of paper you can use to cover several desks

3. Pens and markers

4. Note paper


Preparation:

1. Create cardboard representations of all your vehicles. They can be as simple as an index card with the vehicle details or as complex as the three-dimensional models shown in the photo below. The models in the photo are accurate down to the vehicle plate number and communication equipment on board.

2. Draw a large map that covers your operational area and potential relocation sites. The map will probably need to be large enough to cover several desk tops.

3. Prepare an equipment list outlining items needed at the relocation site and items staying behind.

4. Write each major piece of equipment on a separate small square of cardboard. Minor items can be grouped together i.e. “staff luggage - one load”.

5. Prepare a staff list that indicates who will relocate and who will stay behind. It is a good idea to brief staff on agency and individual responsibilities during evacuation/relocation a day or two before the exercise. They should also be encouraged to discuss the issue with their families.

6. Write the name of each staff member being relocated on a cardboard square.

cardboard vehicles and map

Exercise process:

1. You’ll start the exercise at your desired end state. Place the cardboard squares representing equipment and people and the vehicle models on the map at the relocation site. Divide everything into two piles: ‘essential’ and ‘nice to have’.

2. Working backward, load the equipment and staff pieces onto the vehicles. Record what equipment and which people go on which vehicle. Be realistic about how much your vehicles can carry. You’ll also need to record how long the unloading process will take.

3. Continue to work backward recording travel times, rendezvous points, rest stops etc for several alternative routes.

4. Repeat the process until all equipment and staff are back in their place of origin.

5. Using this reverse process will allow you to come up with realistic planning times, load lists, and staff lists for relocation based on your own unique situation.


Some questions to ask:

1. Have you allowed enough time for delays? Nothing ever goes perfectly to plan. Also, convoy travel is generally slower than that for an individual vehicle.

2. Will you need to make more than one trip to move all your equipment and staff? Is this going to be possible?

3. Have you allowed time for acquiring travel permission from the relevant authorities? Drafting Performa requests in advance will save time.

4. Will you be able to travel after dark? Will it be safe to do so?

Although training is important it is how it is applied in the field that matters. I'm happy to say that the team passed their real life test with flying colours.

Security Links - 2 Dec 07

Maia over at the people search site spock has kindly added the details of the 17 ACF workers who were killed in the Muttur massacre to the spock database. You can view the results on this page or you can search for "murdered aid worker" at the spock site.


The NGO Security blog has been running a series of "What would you do if....?" scenarios based on videos from YouTube and other online sources. They are well worth checking out. The video makes the exercise a little more visceral. You don't need to be a security officer to participate. In fact I would guess that non security officers would benefit the most.

Watch the videos and imagine what you would do. Imagine yourself actually being there. Do it with as much detail as your imagination will allow. How would you respond? How would you feel? You don’t need to worry about getting the “right” answer. You don’t even need to leave an answer for the exercise to be beneficial. Visualization is a powerful tool. It will help you cope mentally with future crises.

Once you’ve done these yourself try them with your peers or your family. You’ll be surprised how your responses can differ radically from those of others. In Scenario 5 it wouldn’t do you any good to know that backing up quickly is a good idea if your driver thinks the best option is to jump out of the vehicle and hide in the ditch.


Silobreaker has updated their site. It is now easier to make sense of what you are seeing. The graphs and link diagrams are especially useful.

Complacency Management

"Complacency Management" is a great term that I just ran across at World Changing. It is a term that accurately describes what many NGO security advisors end up spending much of their time doing.

Security Tip: Increasing Your Visibility

After a recent series of lethal ambushes and Claymore mine attacks against civilian vehicles we were warned by local subject matter experts to increase our visibility. They pointed out something that is blindingly obvious in retrospect. People conducting an ambush or Claymore attack will generally be laying down so they'll likely see something like this:

NGO Vehicle front - low visibility
NGO Vehicle - Low Visibility

Believe it or not there is a large flag mounted on this vehicle. Now imagine the vehicle is travelling down a dusty road just before dusk. What would you be able to see if you were laying near the road? Would you be able to distinguish this vehicle from a police vehicle, a 4x4 full of combatants, or one of the infamous "white vans" that plaque parts of Sri Lanka?

The Solution:

Taking the warning to heart one of the teams designed a short portable flag mount for attaching to the front bumper of NGO vehicles. They are also in the process of putting logos on the bumpers of their vehicles.


Flag Mount

Flag Mount Closeup
Flag Mount Close-up

Thanks to Cader and his team for passing this tip on.

The Security Implications of Global Climate Change

"The Age of Consequences: The Foreign Policy and National Security Implications of Global Climate Change" is must reading for NGOs and others doing long term security assessments. It examines the security implications of three climate change scenarios. The consequences of even the most moderate scenario are alarming:

* Large-scale human migration due to resource scarcity, increased frequency of extreme weather events, and other factors, particularly in the developing countries in the earth's low latitudinal band.
* Intensifying intra- and inter-state competition for food, water, and other resources, particularly in the Middle East and North Africa.
* Increased frequency and severity of disease outbreaks.
* Heightened risk of state failure and regional conflagration.
* Significant shifts in the geostrategic roles of every major fuel type.
* Increased U.S. border stress due to the severe effects of climate change in parts of Mexico and the Caribbean.
* Increased uncertainty over how China's political leadership will respond to growing domestic and international pressure to become a "responsible stakeholder" in the global environment.
* Strain on the capacity of the United States -- and in particular the U.S. military -- to act as a "first responder" to international disasters and humanitarian crises due to their increased frequency, complexity, and danger.
* Growing demand for international institutions to play new and expanded roles in the management of refugee crises and in providing forums for the negotiation of climate agreements.


The chart on page 104 summarizes the potential impacts succinctly. It would serve as a very good starting point for any longer term planning discussions by NGOs and other stakeholders.

The report is the result of a joint Center for Strategic and International Studies and Center for New American Security project.

"...becoming a better NGO security officer"

I was feeling a little depressed over the weekend. I’d reread Paul’s post on why he wasn’t liveblogging the Global Symposium +5 in Geneva. It bothered me. I could sense his frustration at what he sees as the slow progress in the world of humanitarian information exchange. Maybe I’m reading too much into it but I thought I could detect a similar sentiment at the NGO security blog in recent weeks as well. Of course there is a good chance it’s just me.

When I started this blog I had a vague idea that I could share some ideas and maybe pass on a little hard won wisdom. I suppose I also thought that I could, in a small way, influence the course of the NGO security world. Seeing people I respect have doubts made me question whether I could make a difference. In effect, “what the hell makes me think I can change anything when these guys, so much more articulate and educated than myself, are feeling stymied?”

Fortunately for me, and my mood, serendipity intervened. I received three packages. Two are ‘tech toys’ with a security bent (I’ll post about them over the next couple of days). I’m a geek at heart so shiny gadgets, software, and such always pick me up. It was the third package that really made the difference however.

OK, I confess that it wasn’t really a package per se but ‘three packages’ just sounds better. Actually it was a video I downloaded off the web and hadn’t watched until this morning. It’s a presentation by a guy named Stephen Downes at the National Research Council, Institute for Information Technology, in Canada. I won’t bore you with the details. You can watch it yourself below. Go ahead, don't let the lead frame fool you.



Stephen’s presentation made me realize that I had it wrong. This blog is not about me teaching. It’s about me learning. It’s about learning the way I always wanted to learn. It’s about me becoming a better NGO security officer... or maybe just better.

Through blogs, RSS feeds, email, YouTube, Skype and a myriad of other online tools I’m connected to, and learning from, people who aren’t afraid to push the boundaries and strive for something beyond the status quo. I have access to teachers who are also fellow students. I have access to fields of endeavour too niche for textbooks and lectures. When was the last time you saw a textbook about “Security Reporting, Accessible Maps and GeoRSS” or “YouTube for Security Training”?

All of this has been a round about way of getting to what I really want to say. To all my teacher-students out there, you are making a difference. Thank you.


Note: If you’re not sure if I mean you I probably do. You can also check out the sidebar on the resource page for some hints if you are still unsure.

Twitter Tracking for Security and an Answer

Twitter has added the ability to track keywords. Now whenever someone sends a public update containing your word or phrase of interest you’ll receive a copy of the update. How is this useful for NGO security officers? I’m currently tracking several towns in trouble areas, Tsunami, and a variety of other keywords. You’re only limited by your creativity. One word or warning though: you’ll get ALL public updates with the search term, even ones in languages you don’t speak.

I've also finally added the solution to our geographic distribution analysis problem.

Social Networking Tools Part 2 - Twitter and Tsunamis

On 12 and 13 September there were a series of earthquakes near Indonesia spawning fears of another Asian Tsunami. It proved to be a good test of our Twitter based NGO security tree.

I was in Mannar, Sri Lanka at the time and I didn’t have a useable Internet connection. My first warning of the situation came when a concerned staff member called wanting to know “when is the Tsunami going to hit!” As the fear of a Tsunami spread I started to receive more and more calls from staff. Soon the mobile system was completely overburdened in many parts of the country and creaking under the strain in others. The very slow, single line dial-up Internet connection continued to work but proved to be all but useless for gathering timely information.

Fortunately I quickly started to get SMS’s. Some came from feeds I was following on Twitter: BBC, Reuters, CNN, EQTW, etc. Others came directly or were forwarded from UNOCHA, the Sri Lankan Disaster Management Centre, the Met office, the police and assorted individuals. Twitter allowed me to quickly forward the useful ones to all my followers while limiting the strain on the overburdened mobile system.

There were some glitches however. I continued to receive forwarded text message warnings long after credible sources had given the all clear. In some instances it seems that text messages became trapped in the telephone companies’ SMS system and were released as the queue began to clear. In some cases staff, confused by contradictory information, continued to forward outdated information.

Unfortunately the biggest problem with the Twitter based NGO security tree was one of buy in. Only a fraction of the staff who were intended to be served by the tree had bothered to sign up. The manual SMS security tree, which had been left in place as a backup, failed for much the same reason.

Lesson Learned: While emergency communications tools continue to improve, and become easier to use, buy in remains the number one problem. NGO staff members, especially office staff, often prove reluctant to dedicate even minimal effort to their own personal security until it proves too late.

For some background, check out “Social Networking tools for NGO Security – Part 1”.

To see a live feed of the NGO Security stream check out the demo page here. There is a Jaiku based stream as well.

IT Security and NGOs - A Little Knowledge?

The other night I was having dinner with some NGO friends when the subject of government eavesdropping on NGOs came up. One of the people at the table said that in the past they had used an email trick to allow sharing sensitive information amongst team members. Essentially the premise was that one could sign up for a free web mail account and share the account password amongst team members. Members would draft emails as usual but rather than sending them they would simply leave them as drafts. Other team members would then read them by going to the account.

The idea was that as long as the email wasn’t sent it couldn’t be monitored. Unfortunately it is just not true as Nart Villeneuve points out here.

I recalled the conversation a few days later and wondered what the problem was. It is not that my friends weren’t aware of the potential risks, and they are certainly not unintelligent. I think the issue is that most aid workers already have more than enough work to do without trying to keep up with the latest developments in IT security. So the problem becomes one of learning about IT security in small, manageable, easily absorbed bits.

Fortunately there are resources that can help. Thanks to Bruce Schneier at Schneier on Security for pointing out securitycartoon.com. I don’t think it is meant to be funny but it does present IT security in a straightforward and comprehensible manner. Subscribe to the RSS feed to make it even easier.

Privaterra is a good resource that covers data privacy, secure communications, and information security for Human Rights NGOs.

Over course you shouldn’t miss Nart’s blog. It isn’t NGO specific but it covers Internet privacy, freedom of expression, censor-ware, security, surveillance and anonymity. Whether you are interested in "Cyber-Cafe Monitoring in India" or need to know how to avoid internet filtering Nart’s blog is a good place to start.

NGO Security Blog

Nick seems to be posting again on the NGO Security blog. This is good news! Welcome back Nick.

The Economist on Tech, Response, and NGOs

The economist has an interesting article on how technology is changing the power dynamics between NGOs and their beneficiaries. There are even a couple of paragraphs covering concern about how mobile phones and similar technologies might impact on NGO security.

NGO in a Box - Security Edition

NGO in a Box has a Security Edition that includes Free and Open Source Software (FOSS) to aid NGOs in securing and protecting their data and online activities. The package seems ideally suited to human rights, anti-corruption, and womens groups, as well as independent media outlets. Any other group that wants to protect their data from abuse, misuse, and vandalism might want to check it out as well.

Social Networking tools for NGO Security – Part 1

I was experimenting with Twitter when it occurred to me that it was an ideal tool for NGO security officers. Rather than using the service to merely update friends on what I was having for breakfast I could be sending out security information alerts and updates. All my “followers” would then get current, low cost, security information.

This method has many advantages over the SMS security tree method commonly used by NGOs. Traditional security trees tend to fail when one or more members (the branches of the tree) do not receive or pass on the text messages they receive to those below them, typically because they are on leave or because the tree information is not up to date. Traditional trees can also be expensive. Each SMS sent by every member of the tree comes out of someone’s budget. This can add up quickly if you are sending out several messages a day to a two hundred-member security tree.

Social networking services like Twitter or Jaiku allow us to avoid these problems. Essentially Twitter and Jaiku allow the head of the security tree to send one SMS to the service’s server. The service then distributes the SMS to all the “followers” (subscribers) of the account more or less simultaneously. This means the tree still works even if members are missing. In addition you only pay for the SMS to the service’s server. SMS messages from the server to each of the followers are free*.


* Most mobile service providers only charge for text messages that are sent while those received are free.


Other Stuff

Subscribe to Patronus in a feedreader
Subscribe to Patronus Analytical RSS Feed by Email

Low on bandwidth? Try this low graphics version


Lijit Search

Bloggers' Rights at EFF Global Voices: The World is Talking, Are You Listening?



Support CC - 2007

Creative Commons License
This work by Kevin Toomer is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 Canada License.
Jun 2008
May 2008
Apr 2008
Mar 2008
Feb 2008
Jan 2008
Dec 2007
Nov 2007
Oct 2007
Sep 2007
Aug 2007
Jul 2007