This month’s Threat Assessment includes:
- Green light for OPCW mission to investigate alleged Daesh mustard gas attack in the town of Makhmour in Iraq
- American poultry industry on high alert for possible return of highly pathogenic avian indluenza (HPAI) as bird migration season begins
- Investigative report finds that the civilian nuclear industry has become more vulnerable to cyber attacks and formulates measures to counter existing security challenges
- Modernization of American tactical nuclear weapons at military bases in Europe provokes Russia
- Attack capabilities of Khorasan group in Syria substantially reduced by killing main operatives, including its French explosives expert Eric Drugeon
The Threat Assessments are based on open sources. End date of collection: October 25, 2015
Green light for OPCW mission to investigate alleged Daesh mustard gas attack in the town of Makhmour in Iraq
In the previous threat assessment of September IBC reported on the recent alleged chemical attacks in Syria and Iraq, the most notable one being the attack in the Iraqi town of Makhmour on August 11, in which some 50 mortars were fired by Daesh at Kurdish positions along the frontline. Medical sources reported that there were some 15 casualties, some seriously injured, but no fatalities. The most vivid account came from Tony Schiena, a South African MOSAIC operative, who travelled with the head of Kurdish military intelligence in the area, and met with commanding generals, medics and victims of the attack. Fighters described being targeted by mortars that exploded to unleash clouds of a yellow gas that smelled like rotten onions and garlic. Those affected were treated in hospital for severe burns, and blisters and debilitating breathing problems.
Initial field tests indicated that mustard gas had been used in the attack. Soil and blood samples were collected and sent abroad fur further investigation. Kurdish government sources later reported that at least 35 peshmerga fighters tested positive for traces of mustard gas. Leaked reports from German and American intelligence organizations in September also indicated that mustard gas may have been used in the Makhmour attack
Following the Makhmour attack several other incidents have been reported in which chemical weapons may have been used. These incidents include attacks near Irbil and Mosul and in the provinces of Anbar and Salah Ed Din. In Anbar province, Iraqi troops reportedly were exposed to mustard gas during their offensive to win back Anbar University that had been captured by Daesh. The latest incident took place on October 20, in Salah Ed Din province. Shi’ite fighters of the Popular Mobilization militia reportedly cleared a road to a village. Iraqi security forces reportedly defused about thirty mortars filled with chlorine.
In late August, Kurdish sources alleged that their forces had destroyed a mustard gas plant in the industrial area of the city of Mosul that was used by Daesh as a site to manufacture IEDs. According to the source the plant was completely destroyed and caused the release of gas that affected citizens living in the neighborhood and dozens had to be treated in hospital. Western media ignored this report, probably because it was impossible to verify and because if could have been Kurdish propaganda.
The Kurdish government (KRG) has repeatedly issued calls on the international coalition to send more protective equipment against chemical attacks. So far, they received only limited aid and remain vulnerable to chemical attacks.
The multiple reports about the alleged use of chemical weapons by Daesh in Iraq raised the concern of the international community and the UN Security Council. In the meantime a mandate has been formulated for the Organization for the Prohibition of Chemical Weapons (OPCW) to investigate the use of chemical weapons in Iraq. In late October an OPCW team will visit Iraq to determine whether mustard gas had been used on the battlefield. The mandate of the OPCW team is limited to the Makhmour attack.
The Kurds in Iraq remain deeply concerned about the escalation and delivery methods of recent chemical attacks by Daesh. They signal a more desperate situation on the battlefield for Daesh, as the international coalition has intensified its military operations. Until now the number of casualties has been limited but this could change when more massive attacks are launched. In cornered positions Daesh may cause panic with chemical attacks with the aim to create escape routes.
The initial investigation of soil and blood samples related to the Makhmour attack indicated Daesh had indeed used mustard gas. With the OPCW mission underway more definite proof will be collected according to international standards. Although there is still no definite proof of the origin of the mustard gas, the most likely hypothesis still is that Daesh has developed a small research and production unit in the territory under its control, most likely in Mosul. The findings of the OPCW investigative team are expected to intensify the debate on the possible origin of the mustard gas in the hands of Daesh.
An alternative hypothesis is that the mustard gas originated from Syria. The Syrian government is currently in discussion with the OPCW about whether it accurately and fully disclosed its chemical weapons program. There is serious suspicion that the Syrian government did not declare the whole chemical stockpile.
American poultry industry on high alert for possible return of highly pathogenic avian indluenza (HPAI) as bird migration season begins
In the fall of 2014 and the spring of 2015, IBC reported on the outbreaks of HPAI in Europe and North America. The outbreak in the US was the largest recorded in history and had a devastating effect on the American poultry industry. It is estimated to have caused a market loss of about $ 1.6 b. At the June International Conference on Avian Influenza and Poultry Trade (ICAIPT) American delegates conceded that biosecurity in America was relatively poor compared with some other countries. At the conference there was a great deal of interest in the way HPAI outbreaks were dealt with in the Netherlands.
The spring outbreak of HPAI in the US forced authorities to start looking seriously at measures to improve biosecurity. The International Egg Commission announced the launch of an Avian Influenza Action Plan, which includes the creation of an Avian Influenza Task Force. The action plan is intended to provide support for the egg industry and to coordinate a series of actions internationally with the ultimate long-term goal of ridding the egg industry of the destructive disease.
Over the summer the US government and the industry have taken a wide variety of measures to improve biosecurity as it is expected that new outbreaks may occur as the new bird migration season begins this fall. In the event of a reported infection a cascade of measures will be set in motion, already scripted out in state and federal plans, including quarantines, depopulation and limited movement. The preventive measures are described in the HPAI Preparedness and Response Plan of the Animal and Plant Health Inspection Service (APHIS) of the US Department of Agriculture. (USDA)
The US is prepared for a worst-case scenario based on federal forecasting models that is twice the scale of the spring outbreak. The twenty critical worst-case scenario states have all made significant efforts in implementing detection preparedness and response capabilities for future HPAI cases. One of the measures is the introduction of a 24-hour window for culling infected flocks. Authorities claim that they are now better prepared to meet the goal to exterminate birds within 24 hours to prevent the further spread of the virus. If this goal can’t be reached by the conventional methods, farmers will be allowed to shut the ventilation systems of their barns to cull the birds.
Bird migration is widely seen as the main causal factor in spreading the virus. Since 2012, a total of 41 countries have reported outbreaks of HPAI. It is widely assumed that the virus is present in all wild waterfowl flyways around the world. Waterfowl like geese and ducks don’t necessarily get sick of the virus and can carry it for longer periods of time and from place to place as they migrate. There is a broad consensus that wild birds can infect commercial flocks. Once the first infection has occurred it is mainly spread by human activity due to poor bio-security. Migration patterns vary by species and other variables like cold winter weather. As of mid-October tests on ducks shot by Minnesota hunters this fall have turned up no signs yet of the kind of bird flu that devastated the Midwest poultry industry earlier this year.
Effective biosecurity requires an integrated approach to risk management. Recent outbreaks of HPAI have shown that current biosecurity measures have not always been effective. Everybody believes that their biosecurity protocols are effective but no one knows how effective they are until they are challenged. During the recent outbreak in the US it was found that humans were in some cases the cause of spreading the disease as they did not follow existing protocols.
The recent outbreak in Lancashire (UK) in July showed that the golden rule was broken that there shouldn’t be open water near a farm. The affected farm housed both free range and cage birds. The free-range birds picked up LPAI from ducks in a pond on the farm. This mutated into HPAI and infected the cage birds. Dutch research has shown that free-range birds have a 6.6 greater risk of contracting AI than housed birds. US experts doubted whether there was convincing evidence that outdoor access had been a significant factor in the spread of AI across the US. As a precaution the industry could avoid placing outdoor units in areas where here are many outdoor birds. Another precaution would be to reduce the density of farms in one area.
Although there is tremendous pressure to develop a vaccine for HPAI, it is widely disputed whether a vaccine would be effective. A vaccine may work under laboratory conditions but there is no certainty that it will prove effective in the field. The US Agricultural Department (USDA) has announced that it will stockpile several hundred million doses of bird flu vaccine. Two companies have been contracted to produce the vaccine. One of the companies involved claims that its technology platform will allow it to modify its vaccine to match any new strains of the virus that emerges. The USDA has said that any decision to use a vaccine will be made by state and industry officials and will be based on a trade impact assessment. Some research is focused on genetic engineering in an attempt to control HPAI. Health regulators around the world have not yet approved bread animals as genetically modified organisms (GMOs) for use in food because of long-standing safety and environmental concerns.
At an avian influenza summit held in September in Berlin, a warning was issued that the egg industry is facing a perfect biological storm. The World Organization for Animal Health pointed at the unprecedented global distribution of new and emergent pathogens and concluded that the epidemiological globalization is here to stay. Population growth, agricultural expansion and the rise of globe-spanning food supply chains, have changed how diseases emerge, jump species boundaries and spread.
In order to combat animal diseases that threaten human health, more funds are needed for monitoring and surveillance, epidemiological studies, prevention and control activities, the improvement of veterinary capabilities, and finally the promotion of links between the animal health specialists and the public health sector. The Food and Agricultural Organization (FAO) of the UN is the leading organization in tackling animal diseases in regions like Asia, Africa and the Middle East, with states lacking sufficient capabilities to deal effectively with the problem. As the organization has not been able to raise $ 20 million to combat the outbreak of HPAI in West Africa it is feared that the disease could become endemic.
Forecasting models have shown that the risk of new outbreaks with the beginning of the bird migration season are high and could cause a crisis that is even worse than the crisis of last spring, especially if the broiler industry will be hit. Over the summer a lot of effort has been put into improving the level of biosecurity. Whether the system will work effectively this time can only be determined when it is really challenged.
A major lesson learned during the earlier spring outbreak of HPAI is the speed of the culling of birds on infected farms. Following Dutch experience US authorities have introduced measures that allow for the culling of large numbers of birds within 24 hours. If this goal cannot be reached farmers will be allowed to a measure of last resort, the shut down of the ventilation systems of their barns.
It is still widely disputed whether a vaccine against HPAI will be effective. While the USDA has stockpiled a promising vaccine it is still not decided whether it will actually be used. Other types of research, including the application of genetic modification, are even more controversial. If not more investments are made in prevention and the improvement of the level of resilience, HPAI may become endemic in some regions of the world raising the risk of human infections and a pandemic. If that occurs authorities could be forced to remove the current obstacles to controversial countermeasures. More epidemiological research is necessary to get better insight in to how viruses may jump from animals to humans and which factors determine infection rates and the spreading of viruses.
Investigative report finds that the civilian nuclear industry has become more vulnerable to cyber attacks and formulates measures to counter existing security challenges
Early October, Chatham House issued an investigative report on the vulnerabilities of civilian nuclear reactors. The report was the result of an 18-month investigation based on interviews with engineers, policy makers and academics and three expert round tables. One of the key findings is that the conventional belief that all nuclear facilities are ‘air-gapped’ (isolated from the public internet) is a myth. Operators of nuclear facilities sometimes are not aware of so-called installed VPN connections that can be identified by search engines. Even when facilities are air-gapped this safeguard can easily be breached. The report emphasizes that the equipment used at a nuclear facility risks compromise at any stage due to supply chain vulnerabilities. The report also emphasizes that personnel working at nuclear power plants often lack an understanding of key cyber security procedures. The investigators also found that a nuclear facility might not know of a cyber attack until it is already substantially underway. They attribute this to the reactive rather than proactive approaches to cyber security. Nuclear power plant personnel may not realize the full extent of their cyber vulnerability and are thus inadequately prepared to deal with potential risks.
The cyber security risk is growing as nuclear facilities become increasingly reliant on digital systems. Commercial off-the-shelf software has become available, which offers considerable cost savings but increases vulnerability to hacking attacks. Hackers may use widely available automatic cyber attack packages targeted at known and discovered vulnerabilities. Advanced techniques used by Stuxnet are now known and being copied. Search engines help identify critical infrastructure components that are connected to the Internet.
The report identifies and describes four industry-wide challenges, five cultural challenges and three technical challenges for the nuclear industry. Based on the expert round tables a number of recommendations have been formulated which are related to integrated risk assessment, awareness raising, information sharing, the promotion of good IT hygiene and the adoption of regulatory standards.
The Chatham House report deals in a comprehensive way with the vulnerabilities of civilian nuclear reactors and identifies a number of industry-wide, cultural and technical challenges. If these challenges are not dealt with in the right way, civilian nuclear reactors will remain vulnerable to cyber attacks. State-supported hackers or terrorist organizations are actively looking for these vulnerabilities and seek opportunities for attack that can cause tremendous harm. With the increasing popularity of what is called hybrid warfare, attacks on the power grid may nowadays be part of the war plans of an enemy. By paralyzing the electricity supply the economy of an opponent can be destroyed which will negatively impact its fighting power. In asymmetric conflicts terrorist organizations may attack the power grid to cause economic and environmental damage. Some organizations explicitly define in their strategy documents to bring down their enemy economically. Their capabilities have increased in recent years by the availability of commercial cyber attack packages. Several terrorist organizations have actively recruited technically skilled operatives who are capable of advanced cyber attacks.
The civilian nuclear industry is already in a difficult situation due to cost overruns and construction problems of new reactors, environmental damage and decommissioning problems caused by accidents like the recent Fukushima incident in Japan and he changes in the whole energy market that is currently in a transition phase. A cyber attack on a civilian reactor resulting in a leak of radioactive substances would have a negative impact on public opinion which could put the future of the whole nuclear industry at risk. A broad attention for the findings and the recommendations of the Chatham House report may contribute to an improved security environment and reduction of the existing vulnerabilities in the civilian nuclear industry.
Modernization of American tactical nuclear weapons at military bases in Europe provokes Russia
The US has announced plans to replace its tactical nuclear weapons in Europe with a modernized version in 2020. The presence of American nuclear weapons is never officially confirmed and NATO and the European governments do not comment on the matter for security reasons. Their information policy is neither to confirm nor to deny the presence of nuclear weapons in specific locations.
The US is currently involved in the modernization of security perimeters around nuclear bomb vaults and infrastructure at the six bases in Europe in preparation for the replacement. The US provides the bulk of the funding but extra’s such as runway refurbishments come out of the national budgets of the European countries. With the new security measures the European bases will meet American standards.
The so-called Life Extension Program(LEP) has been gradually expanded and more money has been invested in the development of a new bomb. The B61-12 nuclear bomb which has to replace the B61 and the B83, can be set to explode at various strengths of up to thirteen times the devastation inflicted in Hiroshima. The new bomb also has the capability to be steered toward a target placed between short-range tactical and long-range strategic atomic weapons. With this bomb the threshold for its use can be lowered and gives the US the possibility to attack underground complexes of rogue states.
Until now the American tactical nuclear weapons in Europe hardly had any military importance. Their effect was more political and psychological. Over the last years several parliaments discussed their future removal. But with the outbreak of the conflict in Ukraine the geopolitical situation has changed and is now pointing in a different direction. It is now become clear that a possible withdrawal in the coming years is unlikely. It is more likely that the older B61 bombs will be replaced with the more precise and digitally guided B61-12 bombs. Developments in Ukraine and US-Russian relations will determine whether the process will be speeded up.
Over the years there have been several terrorist plots involving military bases where nuclear weapons were stored. In the most recent plot of last July, Italian prosecutors said two arrested Daesh adherents, a Pakistani and a Tunisian, were suspected of listing the Ghedi military base among their potential targets.
The changing geopolitical situation has made a possible withdrawal of the American nuclear weapons stationed in Europe unlikely. With the announced replacement of the older B61 with a more precise and digitally guided B61-12 version the US lowers the threshold of the possible use of nuclear weapons and has provoked Russia. The Russian government has already announced that it will counter the replacement with the stationing of the short-range Iskander missile in Kaliningrad, closer to the border with NATO. It has also plans to develop the Sarmat missile to counter the ballistic missile defense of NATO in Europe. Nuclear weapons currently play a more active role again in military exercises and simulations of war on both sides. This is likely to result in higher risks of accidents and miscalculation.
Nuclear bases will continue to attract attention of terrorist organizations as long as NATO continues its military operations in the Middle East. Nuclear bases will, however, be difficult to penetrate for terrorist organizations.
Attack capabilities of Khorasan group in Syria substantially reduced by killing main operatives, including its French explosives expert Eric Drugeon
In one of the first threat assessments IBC reported on the terrorist threat of the Khorasan group to international aviation. Since the summer of 2014 Western intelligence agencies launched an intense search and destroy operation that has resulted in the death of several of its main operatives. When the US launched its air campaign in Syria in September 2014, Khorasan targets were first hit with cruise missiles. While several operatives escaped from these first attacks, the US has been more successful in recent months as training camps and other facilities were targeted. The group is said to include Kuwaiti, Saudi, French and possibly also Canadian operatives.
The successes have been attributed to improved electronics eavesdropping by the National Security Agency (NSA), coupled with overhead imagery, social media analysis and other work done by the National Geospatial Intelligence Agency (NGA). Detailed ‘human terrain’ mapping of the Syrian tribal leadership and village structure resulted in better insights, and the CIA developed a better understanding of what a modern terrorist organization looks like and how it behaves. The CIA and DIA also attempted to improve their HUMINT capabilities in Syria.
After surviving attacks in September and November 2014, Eric Drugeon (aka Hamza al-Faransi), the French explosives expert of the group, was reportedly killed on July 5 in an American air strike near Aleppo. It wasn’t clear whether he was specifically targeted or whether it was a so-called signature attack. His friend Abu Qatadah al-Tunisi died alongside him. Drugeon trained other terrorists and allegedly was involved in the planning of external attacks against Western targets. The French convert defected to al-Qa’ida after having received military and intelligence training from France in the apparent hope of planting him inside the terrorist organization and using him as an informant. When he arrived in Waziristan in 2010 he reportedly told the al-Qa’ ida leadership that he was a French spy and wanted to join their ranks. He was accepted and received training in the assembly of explosives and became an expert bomb-maker. In early 2014, he was identified in Syria. He reportedly wasn’t high in the hiearchy of the organization, but he was considered dangerous because of his explosives expertise and influence among Western jihadis. He was working on non-metallic IEDs that could be used to get through airport detection systems unnoticed.
On July 8, Muhsin al-Fadhli was killed in an American air strike on a vehicle near the town of Sarmada. He was said to be one of the leaders of the Khorasan group and was previously based in Iran where he was active as a facilitator to transfer fighters from Pakistan to Syria and as a fundraiser. He had been falsely reported dead in 2014. In Syria, Muhsin al-Fadhli oversaw the training of foreign fighters in camps in regions under control of the Jabhat al-Nusra (JaN). The Khorasan strategy was to talent-spot Western foreign fighters arriving in Syria and identify those suitable to be trained and deployed back to the West. Sleeper cells may already be present in several European countries. Several returning foreign fighters have been implicated in attack plans in Europe and counterterrorism officials speak of an unprecedented terrorist threat level in Europe. Several terrorist plots have been foiled in Europe this year.
On October 18, the death was confirmed of the alleged leader of the Khorasan group, Sanafi al-Nasr (real name Abdul Mohsen Abdallah Ibrahim al-Charekh). He was killed in an air strike on October 5. Before he took charge of the Khorasan group he was part of al-Qa’ida’s Iran-based network and played an important role in facilitating the transfer of operatives from Pakistan to Syria, via Turkey, and its finances. He moved to Syria in 2013 and lead al-Qa’ida’s Victory Committee (Shura al-Nasr), which is responsible for developing and implementing al-Qa’ida’s strategy and policies. Sanafi al-Nasr has six brothers and most of them played roles in various theaters of the global jihad. Some of them were handpicked by the al-Qa’ida leadership for special missions.
The Khorasan operatives were sent to Syria by al-Qa’ida leader Ayman al-Zawahiri to recruit Europeans and Americans whose passports allow them to board Western airplanes with less scrutiny. The operatives reportedly worked with bomb-makers from al-Qa’ida on the Arabian Peninsula (AQAP) in an attempt to design advanced IEDs that would be difficult to detect by airport security and could be used in an aviation plot against the West. The cooperation between the two groups was the reason for the TSA to introduce a ban in July 2014 for uncharged mobile phone and laptops for flight to the US from Europe and the Middle East.
In a systematic search and destroy campaign that necessitated improved intelligence capabilities and new analytical methods, the US has been able to kill several key operatives of the Khorasan group that allegedly was involved in external attack planning against the West. The attack planning was characterized as old school terrorism with a high level of operational security and the involvement of a limited number of top cadre. The killing of the key operatives, including a major explosives expert, may have disrupted the attack plans significantly.
It is, however, feared that the recent release of a number of top al-Qa’ida operatives by Iran, may result in a revitalization of the existing plans or the development of new plans to attack Western targets. Some of these operatives are important strategists and have specialized skills, including expertise on weapons of mass destruction. Due to the recent stepped up counterterrorism activities in Syria, it is likely that they will coordinate attacks from a country other than Syria. Due to the chaotic situations, Yemen and North Africa would be good candidates. In recent operations AQ affiliates have been able to capture new territory and bring logistical hubs under their control.