April 2024 Edition

Stay informed and never miss a beat in the ever-evolving geopolitical landscape. We look forward to your exploration of Refined Insight and welcome your valuable feedback.

To read the full edition of the newsletter on our website, please click here.

Global Overview:

A note from Associate Director and Head of Global Intelligence, Gareth Westwood

In what has been a tumultuous first quarter of 2024, Sibylline’s Global Intelligence Team (GIT) continues to innovate and deliver critical risk intelligence and geopolitical insight.

Our Middle East and Africa desk has enjoyed little respite this month due to the ongoing Israel-Hamas war (among other regional issues). Despite mounting international pressure for a ceasefire in Gaza, progress remains stalled. Overspill risks also continue to escalate. National and international protest activity has increased and there is growing escalation in the Red Sea. In Sub-Saharan Africa, Niger’s revocation of its military accord with the US threatens the future of the latter’s airbase at Agadez, the centre of US counterinsurgency, reconnaissance and rapid strike capabilities across the Sahel.

November’s US election continues to occupy the reporting bandwidth of our Americas desk. Nonetheless, the team has managed to keep a keen eye on developments in Canada, where heightened levels of immigration continue to strain public resources. Further south, gang control of the Haitian capital Port-au-Prince continues to pose severe risks for the local population.

Our Europe and Eurasia desk remains the leading source of Sibylline’s Ukraine coverage. In addition to the ongoing hostilities, Russian President Vladimir Putin’s electoral victory was marred by a deadly terrorist attack in Moscow. Sticking with this theme, our Europe team analysed the effects of far-right extremism in Germany as part of our latest Extremism Quarterly. The team also critically assessed potential security concerns ahead of the 2024 Paris Olympic Games.

Our Asia-Pacific desk faces a busy second quarter. The Indian government announced a date for the country’s general election, while the Sharif administration in Pakistan remains plagued by political and economic difficulties. Furthermore, terrorist attacks continue to grip the north and west of the country. In the East Asia and Pacific region, the team reported on China’s ‘Two Sessions’, highlighting the country’s priorities for the coming year. Meanwhile, Vietnam’s president resigned after serving just over a year in office amid an ongoing anti-corruption investigation.

As ever, our team is primed to answer your questions. I do hope you enjoy reading this month’s global insight briefing; please do not hesitate to get in touch with any questions or comments.

Middle East, North Africa and Turkey

Despite mounting international pressure for a ceasefire in Gaza, including a UNSC resolution, progress remains broadly stalled amid allegedly significant Hamas demands and persistent Israel Defense Forces (IDF) operations, including around health facilities. The impact of anti-West sentiment emanating from the conflict was reflected in the 5 March announcement by the Alshaya Group (the regional franchisee of Starbucks) that around 2,000 workers would be let go. Operational disruption was also driven in March by frequent protests targeting (among other sites) embassies, including in Jordan. Risks of regional escalation also increased; last month, the IDF conducted its furthest strikes into Lebanon to date. We also released our latest report on escalation in the Red Sea, in which we assessed that conflict between the US-led maritime coalition and the Iran-backed Houthis is increasingly likely to continue regardless of whether a ceasefire in the Israel-Hamas war is reached; this will sustain maritime disruption risks.

Sub-Saharan Africa 

In Senegal, the opposition Pastef party candidate Bassirou Diomaye Faye was victorious in the 24 March presidential election. Faye has since announced plans to renegotiate oil and gas contracts. This threatens to delay the development of substantial offshore deposits, while his commitments to enacting tax reforms will almost certainly drive heightened costs for businesses operating in the country. On 16 March, Niger’s junta revoked a military accord with the US, with immediate effect. The announcement significantly threatens the future of the airbase at Agadez, the centre of US counterinsurgency, reconnaissance and rapid strike capabilities across the Sahel.

Eurasia 

Russian President Vladimir Putin won the presidential election on 17 March, allegedly gaining more than 87% of the vote. We assessed that his re-election was almost certain; genuine opposition candidates were barred from competing, while heightened censorship and repression dominated the build-up to the vote. Before the election, the US embassy in Russia warned on 7 March that unspecified extremists planned to target large gatherings in the capital Moscow in the ensuing 48 hours. Although no incident occurred in that period, Islamic State (IS) later claimed responsibility for a terror attack at a concert venue in Moscow oblast on 22 March, in which at least 140 people were killed. The attack will likely drive ethno-religious tensions and xenophobia towards Central Asian migrants within Russia. Finally, Russian forces launched a mass wave of strikes against Ukrainian energy infrastructure on 21-22 March; these were highly likely in retaliation to recent attacks conducted by Ukraine against Russian oil refineries.

Europe 

In our latest Extremism Quarterly, we assessed that extremist far-right Alternative for Germany (AfD) factions are likely to win state elections in September, increasing government instability and domestic unrest risks. However, we also assessed that the AfD is unlikely to secure enough votes to govern. Meanwhile, we addressed some of the major security concerns facing France in the lead-up to the Paris 2024 Olympic Games. The French authorities will adopt a heavily augmented security posture across the capital that will help to mitigate against key threats, including Islamist terrorism and crime. Our report was accompanied by an interactive crime dashboard containing data from 2016 to 2023. Finally, we assessed that drug-related violence in Brussels (Belgium) is unlikely to abate in the medium term as the causes of this trend remain broadly unchanged.

East Asia and Pacific 

China’s annual ‘Two Sessions’ highlighted Beijing’s priorities for the coming year; they confirmed an ambitious GDP growth target of 5%, despite a lack of accompanying significant fiscal stimulus measures. There were also further signs of the centralising of power by President Xi Jinping. Financial regulatory reforms are part of Beijing’s plans to facilitate sustainable growth while strengthening financial resilience. Additionally, Hong Kong swiftly passed a new national security law, the Safeguarding National Security Ordinance, which will increase uncertainty for firms and erode civil liberties as the differences between the territory and mainland China continue to shrink. Meanwhile, Vietnam’s president resigned after serving just over a year in office amid an ongoing anti-corruption investigation, underlining what has become an increasingly volatile leadership structure under General Secretary Nguyen Phu Trong.

South Asia  

India’s election commission announced that the country’s general election will be held between 19 April and 1 June over seven phases. It will take place amid a highly charged political environment; risks pertaining to domestic unrest and ethno-religious tensions will be sustained throughout the lengthy election period. Elsewhere, Pakistan’s new government, once again led by Prime Minister Shehbaz Sharif, faces numerous challenges. While the IMF agreed to release the final USD 1.1 billion of its bailout package, a new package is needed to support Pakistan’s (still) fragile economy. Additionally, a string of attacks in the restive Khyber Pakhtunkhwa and Balochistan provinces (both Pakistan) highlight the security forces' inability to contain militant activity as tensions with Afghanistan remain strained; this situation will serve to embolden and facilitate the activity of militant groups in both countries.

North America 

In the US, the Supreme Court ruled that the state of Colorado does not have the authority to disqualify Donald Trump from the presidential ballot. The ruling lessened government stability risks as both Trump and President Joe Biden secured sweeping victories in the 5 March ‘Super Tuesday’ primaries. Congress passed all the FY2024 spending bills, though policy stagnation risks regarding border security and foreign aid remain elevated. Congress and the Biden administration announced new investments in domestic critical mineral production to decrease supply chain dependency on China in the long term. Activism-related domestic unrest risks increased as the Supreme Court heard a case related to abortion. This issue will continue to be divisive in the run-up to November’s election. In Canada, heightened levels of immigration continue to strain public resources. In response, the federal government imposed visa requirements on Mexican travellers and introduced a cap on the number of temporary residents allowed in the country, increasing labour flexibility risks. Additionally, opposition to a planned increase in the carbon tax has created strains between the federal government and a coalition of provincial leaders, increasing government stability risks.

Latin America  

Gang control of Haiti’s capital Port-au-Prince and the continued delay in installing a transition council have elevated the risk of attacks, government instability, human rights violations and a deterioration in socio-economic health. Meanwhile, the Argentine government’s deployment of the armed forces to Rosario (Santa Fe province) to combat growing ‘narco-terrorism’ has heightened the risk of the security forces’ militarisation. Narco-terrorism in itself has increased the risks of organised and violent crime. Elsewhere, the escalation of Venezuelan President Nicolás Maduro’s repression campaign points to continued human rights risks, as well as an erosion of regulatory framework and supervision quality. Should the opposition be entirely prohibited from taking part in the election, regional tensions with the US (and sanctions) are likely to follow.

Cyber

Sibylline observed several trends throughout March. The exploitation of software vulnerabilities by state-sponsored and cybercriminal groups remained consistent; they comprised a large percentage of attack vectors. Malware operations conducted by financially and politically motivated actors continued at a steady pace, though they were mostly observed during cyber espionage operations carried out by Russian state-sponsored actors. Conversely, ransomware continues to be one of the most effective profit-making tools for financially motivated cyber criminals. March highlighted a significant uptick in the sophistication of threat actors’ tactics, techniques and procedures (TTPs) as they carefully refine their campaigns and techniques to profit from more lucrative targets. Non-western governments – namely China, North Korea and Russia – have also markedly ramped up state-sponsored campaigns as bilateral tensions remain strained.

If you would like any of the reports referenced above or have any follow-up questions please contact us.

Thought Leadership:

Intelligence and the Private Sector – Demystifying the Landscape

Written by Gareth Westwood, Associate Director and Head of Global Intelligence

In 2020, during my second consecutive year of living and working in Afghanistan, I made the decision to join the private sector. My role in Afghanistan was contracted, though fully embedded within a UK Government Department. Having worked exclusively in the public sector prior to this, largely with the Military, this had been my first ‘taste’ of the role played by private companies in the security sector. Little did I know the sheer size and breadth of the industry I was set to join.  

This article aims to demystify what can be a confusing job landscape. Many reading this will be fully aware of the contents, having worked in the sector for several years. However, judging by the volume of calls I receive from both graduates and experienced professionals looking to leave the public sector, many may benefit from what will be a very basic introduction. 

In-house 

This term is used to reference security departments within what many would colloquially call ‘normal’ organisations. These could be in any sector; finance, energy, technology and IT, education, retail, hospitality all the way through to NGOs and non-profits. These teams are often seen as cost centres – by definition, if a security department succeeds, generally nothing should happen! As such, even global teams within large organisations can be small. However, over time, the value of a more robust security department, supported by an intelligence capability has become more apparent. The events of 9/11 catalysed this in the US, however the concertinaing effect of increasing global shocks since 2001 has slowly but surely proliferated this realisation globally.  

Given many centralised security teams remain relatively small, it is of no surprise that full-time employed intelligence personnel within any given organisation can number very few, often only one. As such, individuals employed in this role normally have some experience in security and intelligence (though this is certainly not always the case). Many individuals I’ve come across in these jobs have had experience in government, the military or law enforcement though the academic sector is playing an increasingly large role. Indeed, my first job after leaving Afghanistan was that of the solo Intelligence Manager within a multi-national pharmaceutical company. On the relatively rare occasion when in-house security teams have the resources to employ a small team of individuals, junior roles can be available to those with less experience or indeed, graduates. 

These small teams or individuals can have global responsibilities; evacuating staff from Sub-Saharan Africa following a coup, being aware of executive travel to a potential trouble spot, briefing the board on the likelihood of a China – Taiwan conflict, ensuring the passage of goods through a war zone – the list is potentially endless. Teams can also be responsible for multiple disciplines such as protective intelligence, threat monitoring, operational support to regional security managers, strategic forecasting, brand protection, corporate investigations and many more. As such, where organisations have an intelligence capability or requirements, they often seek the support of service providers, or ‘vendors’… 

Service providers 

Very few in-house intelligence and security functions, especially those who have a large footprint, could adequately cover the breadth of their responsibilities without investing in at least one vendor. Vendors such as Sibylline offer a large variety of services which cover many of the potential workflows faced by in-house teams. However, to drastically oversimplify, we will look at two main services currently provided in the sector, and the differences between them. Intelligence delivered to your doorstep – Subscriptions and tailored projects.

Often, in-house teams will opt to invest in a subscription service, provided by a vendor, which will provide services such as regular intelligence reporting, in-person briefings, online webinars, access to technology platforms, country risk profiles and potentially, tailored project work.  In-house teams may also opt to commission larger tailored projects that can cover the breadth of potential intelligence support responsibilities described in the previous section.  

At Sibylline, we have our own centralised team of analysts, known as the Global Intelligence Team, which work to provide this service. The team comprises of regional desks supplemented with cyber, data and quality control capabilities. Our portfolio includes support from tactical alerting to strategic forecasting and our analysts divide their often extremely busy working days between research and report writing, online client briefings, webinars, podcast appearances and in-person client meetings. 

Analysts in the Global Intelligence Team have several redeeming qualities and are ultra-high-performing individuals. However, given the nature of work undertaken by the team, the lion’s share of reporting will be written by individuals with specific regional interests, often accompanied by requisite languages and lived experience. The obvious exceptions are specialist desks such as cyber, editorial, data analysis, defence, or region-agnostic capabilities such as protective intelligence. 

Augmenting an in-house team with contractors – the ‘Embed’ model 

When bidding for extra resources, it is sometimes easier for in-house teams to hire contractors over full-time employees. In this sector, they are often referred to as ‘embeds’. Many will approach a vendor to help fill these roles.  At Sibylline we have embedded personnel across the globe in pretty much every sector you can think of performing a huge variety of tasks. 

Embedded personnel often cover an extremely wide scope of security and intelligence responsibilities both individually and as a cadre. These can range from strategic intelligence support, protective and threat intelligence, physical security monitoring, security management, security operation centre responsibilities or support to specific business functions.  The role can also be global in nature and on many occasions, not confined to a specific geographic region. 

As such, generalist intelligence personnel can often find a home within the embedded cadre. This could include individuals from a government/military background or those with less regionally focussed intelligence and security degrees. In some cases, former regional experts ‘cross over’ to work in the embedded space, leveraging their advanced research skills to operate in a less regionally focussed environment.  In essence, the embed is augmenting the in-house intelligence team – or may actually be the team – and as such, many of the same qualities apply as was discussed in that section. However, most of all, the embedded individual must prioritise the specific operational need of the organisation in which they are embedded. The embed is in effect a [insert organisation here] expert first and foremost who is applying their skills as an analyst/security manager etc to further the client’s specific needs.  

If you’ve got this far, you clearly have an interest in learning more about the sector. Indeed, the above serves as a very basic overview and there are a plethora of functions and nuances that could extend the article ad infinitum.  We have not discussed training and consulting or corporate investigations (both of which we provide at Sibylline) and the host of other niche responsibilities undertaken by in-house teams and provided by vendors.  We have not discussed private sector support to governments, nor have we gone into outsourced ‘HUMINT’ services, which often augment some of the responsibilities cited elsewhere in the article. 

If you want further reading on the subject, I’d wholeheartedly recommend ‘Corporate Security Intelligence and Strategic Decision Making’ written by Sibylline CEO, Justin Crump. Even in an increasingly diverse and important sector, there is still very little written about the topic and this book serves as the go-to resource. 

In addition, please feel free to reach out directly, I know many of you have.  The key to working in this sector is understanding it and whilst we’ve scratched the surface here, I’d be delighted to talk in more depth. 

Finally, if you haven’t already, do follow our company on LinkedIn, where you will often have the opportunity to access free reporting and briefings from our analysts. This will give a flavour of what we do and how we do it. You can also access our media output on Spotify, Apple Podcasts, YouTube and Instagram. 

Enjoy the rest of the newsletter and do reach out to us with any comments or questions. 

To read the full edition of the newsletter on our website, please click here.