Overview

At approximately 22.40hrs local time on Saturday 17 August 2019, a suicide bomber initiated an Improvised Explosive Device (IED) in the crowded Dubai City Wedding Hall, located on Darulaman Road in Kabul, Afghanistan. Reports suggest that the perpetrator of the attack arrived at the Dubai City Wedding Hall by bicycle, before making his way to a stage in the men’s reception area (to which guests were returning following the Nikah ceremony) and initiated the device. 63 people were killed and more than 180 injured, including a number of women and children. The majority of the victims belonged to western-Kabul’s minority Shia Hazara community.

On Sunday 18 August, the Islamic State (IS) affiliate grouping known as Islamic State Khorasan Province (ISKP) claimed responsibility for the attack, identifying the suicide bomber as Abu Asim al-Pakistani, a man they referred to as a Pakistani fighter seeking ‘martyrdom’. A statement released by the Taliban questioned why United States security forces based in the country had failed to identify and interdict ISKP in advance of the attack.

Analyst Comment

Weddings and religious ceremonies are often targeted by militants operating in Afghanistan, as they provide attackers with a ‘soft target’, with a concentration of people and minimal security to circumvent. On 12 July 2019, a suicide bomber attacked a wedding congregation in Nangarhar, eastern Afghanistan. The wedding celebrations were taking place in the house of a pro-government commander in Pachir Aw Agam district. IS claimed responsibility, and at least six people were killed. In November 2018, at least 50 people were killed when the Uranus Wedding Palace, Kabul, was attacked during a gathering of prominent religious figures.

Subsequent investigations raise questions as to the motives behind targeting this wedding ceremony. Unlike previous attacks, there were no prominent religious, community or security officials in attendance. Further, reports suggest that al-Pakistani passed two security force check points on his route to the Dubai City Wedding Hall, a venue that is in close proximity to Darul Aman Palace and a regional Police Headquarters. Darul Aman Palace is a prominent cultural landmark that has been earmarked for numerous regeneration projects, including consideration as a seat for Afghanistan’s parliament.

At the wider scale, the attack occurs as months of negotiations between US officials and Taliban leaders appear to be coming to fruition. The talks are aimed at bringing the enduring conflict in Afghanistan to a close, though it is of note that the Taliban delegation refuse to enter into negotiations with the extant government, presided over by President Ashraf Ghani. Key to this aim are the withdrawal of US troops from the country, a potential power-sharing agreement between the Taliban and government representatives in Kabul, and the Taliban’s interactions with various transnational terrorist organisations operating on Afghan soil.

The talks have occurred against a backdrop of continued violence, with militant groups, including the Taliban, conducting a variety of attacks across the country. Elements of the affiliate group Al-Qaeda in the Indian Subcontinent (AQIS) are known to be operating alongside Taliban fighters, bolstering the group’s capabilities whilst also complicating the potential for divisions within the ranks of fighters whose ideology may stand at odds with the diplomatic process. Such disenfranchisement may result in defections to militant groups, such as the IKSP, that adopt a harder line where negotiations with the US or power sharing with the Afghan government are concerned. The Taliban and IKSP are considered rivals, and a divergence in ideology and doctrine has led to a number of clashes in the face of the more extreme Islamic State affiliate seeking to assert its capability in Taliban territory.

Reports suggest that the IKSP commenced operations in Afghanistan in 2015. The group’s designation refers to the Khorasan Province, a region that encompassed large parts of Central Asia, Iran and Afghanistan during the Middle Ages. Established by Hafiz Zaeed Khan, a Pakistani national, its membership consisted of mostly Pakistani militants and disenfranchised members of other militant groups; including the Taliban. Its area of operations has predominantly been confined to the eastern provinces of Nangarhar and Kunar. Despite a series of military set-backs in the first half of 2019, the group has maintained a robust capability through exploitation of local resources, extortion of the local population, and kidnapping for ransom.

In much the same way as the wider IS group, ISKP has ambitions to establish an Islamic caliphate through the acquisition of territory and the assertion of control. Primarily, this aim is pursued through adherence to the management of savagery doctrine, and the group are renowned for violent attacks against civilians; predominantly from the Shiite community. The 17 August attack sees a continuation of this trend. Conducting such an attack in Kabul is a deviation from their previous targeting and may suggest a bid to expand their area of operations.

In the wake of wide-ranging territorial losses across Iraq and Syria in recent years, the wider IS grouping has been forced to seek alternative regions in which to operate, opting to wage a transnational insurgency as opposed to governing the caliphate it once held. Attacks such as that conducted on 17 August enable the group to show case both its intent and capability for force projection through minimal outlay against a soft target, whilst also attracting extreme elements of the Taliban membership who may increasingly become disillusioned with what they see as their leadership’s diplomatic concessions.

Want to take this report with you?

Subscribe to our mailing list below to unlock access to the PDF report.

Subscribe to our mailing list to unlock this content.
OVERVIEW
SI Risk Ltd collect data about individuals, usually within a business context. SI Risk Ltd treats all data which identifies an individual, or when combined with any other information which identifies an individual, as ‘Personal Data’.

As SI Risk Ltd is registered in the United Kingdom (UK), the decision has been taken to nominate the UK Information Commissioners Office (ICO) as their Lead Data Protection Supervisory Authority. As such, all practices will comply with guidance issued by the ICO.

Unless otherwise stated, SI Risk Ltd will be known as the Controller of any personal data which is provided to them by users. This means we control what happens to the data in our possession. We will treat user information with the same care and attention as SI Risk Ltd would expect their own personal data to be treated. This will include taking appropriate organisational and technical measures to protect your information while we are holding and processing it.

SI Risk Ltd collect personal data which may include (but is not limited to) name, physical address, email address, telephone number, age, IP address, organisation name, job title, dietary requirements, allergies, qualifications, interests, and other information which helps them provide their services. In some cases, this may include (but is not limited to) travel itinerary, as well as live and historical GPS tracking data.

SI Risk Ltd need to collect this personal data to provide users with Safety and Security Risk Management Services and uphold contracts agreed with entities which may include (but is not limited to) individuals, organisations, or other third parties. SI Risk Ltd will only collect personal data from users when required for the delivery of Safety and Security Risk Management Services and when there is a legal basis for doing so.

Data is processed by SI Risk Ltd and the client which is subscribing to the Safety and Security Risk Management Services provided by SI Risk Ltd. Data processing will take place in the UK, but also in the jurisdiction of the entity (which includes, but is not limited to, a partner, client, or user) which SI Risk Ltd is providing services to resides in. SI Risk Ltd will endeavour to provide details of the processing locations (where possible) at the point at which data is collected. This will not always be possible when delivering some services, such as live tracking, due to the nature of mobile data connections. Data may be processed via Asana, Dropbox, Microsoft Office 365, Lead Forensics, Google Analytics, and other similar platforms which may include the transmission of data into the United States of America (USA). Data may be shared with other entities if it is prerequisite for the delivery of Safety and Security Risk Management Services by SI Risk Ltd or for contractual agreements between which includes, but is not limited to, a partner, client, or user and the entity (which includes, but is not limited to, a partner, client, or user) to be upheld. This may include which include providing information to travel providers (e.g. airlines and hotels) and other service providers. It may not be possible to confirm these providers in advance of collecting data from the user, but SI Risk Ltd will endeavour to inform you of all data sharing that takes place.
Data processed directly by SI Risk Ltd is located on services in the UK and USA. Newsletter (and other mailing list data) is managed via third-party software (Zoho). In conjunction with this third-party software, SI Risk Ltd use analytics packages to track engagement with the information sent via email to entities which have voluntarily opted into receiving communications from SI Risk Ltd. This information may include (but is not limited to) the email address of the user and whether the user opened the communication sent from SI Risk Ltd.

Users are required to provide explicit consent that they would like to receive communications via email from SI Risk Ltd. If consent is provided by a user, we will continue to contact you for up to 10 years from the date you initially consented to receive communications from SI Risk Ltd (unless the user withdraws their consent at any time, at which point the user will cease to receive emails from SI Risk Ltd.

No other 3rd parties have access to a user’s personal data unless specifically agreed in advance of the data being collected by SI Risk Ltd, or in circumstances detailed in this Privacy Statement.

SI Risk Ltd have a Data Protection Regime in place which oversees the effective and secure processing of your personal data, which can be provided on request by contacting the Data Protection Officer.

DATA RETENTION
All details provided to SI Risk Ltd will be held according to the legal and contractual requirements which SI Risk Ltd is subject to – which is detailed below.

- SI Risk’s public liability insurance requires that all the details of all events are maintained for a period of 3 years following an event or service provision provided by SI Risk Ltd.
- UK Revenue and Customs require that all payment information which is subject to VAT be kept for a period of at least 6 years following receipt of payment for services provided by SI Risk Ltd.

In accordance with this, all personal details of attendees for events and services provided by SI Risk Ltd will be retained by SI Risk Ltd for a period of 5 years following the end of our contract (unless otherwise indicated). This information may include (but is not limited to) the user’s name, physical address, email address, telephone number, age, IP address, organisation name, job title, dietary requirements, allergies, qualifications, interests, and other information which helps them provide their services. In some cases, this may include (but is not limited to) travel itinerary, as well as live and historical GPS tracking data.

In addition, billing information, which includes any personal data contained within invoices and accounting records, will be retained for a period of 6 years following the receipt of payment for services provided by SI Risk Ltd.

SI Risk Ltd endeavor to respond to all contact, including enquiries, in a timely and professional manner. Any contact which contains personal data will be retained for a period no more than 18 months from the date of receipt and response by SI Risk Ltd. This data is held by SI Risk Ltd under the legal basis of legitimate interest as it may be required to respond to future queries, both internally and externally, within this period.

No data retained by SI Risk Ltd will be used for any purpose other than that which is agreed at the time of contact between the user and SI Risk Ltd. This information will never be shared with third-parties without the user’s knowledge and will not be used to contact the user in future without the user’s express consent unless we believe it is relevant to your original enquiry.

YOUR RIGHTS
If at any point a user believes that the information SI Risk Ltd possess is incorrect, or should the user wish to withdraw their consent, or exercise their statutory rights (which includes, but is not limited to, your right to erasure, right to access, right to rectification, and right to be informed) they can request to see this information, have it corrected, or have it deleted.

If a user wishes to raise a complaint on how SI Risk Ltd have handled their personal data, they can contact SI Risk Ltd’s Data Protection Officer, Nathan Monshin (Nathan.mosnhin@sirisk.uk), who will investigate the matter and take all necessary actions to address the complaint.

If the user is not fully satisfied with the response provided by SI Risk Ltd (or believe SI Risk Ltd are not processing data in accordance with the law) you can complain to the Information Commissioner’s Office (ICO) – which is the Lead Data Protection Supervisory Authority of SI Risk Ltd.

CHILDREN
SI Risk Ltd will never request consent from, or market to, anybody under the age of 16.

COOKIES
SI Risk Ltd employ cookie technology to help log visitors to their website and facilitate the full and proper functionality of web services (such as but not limited to, logging in to secure areas and processing registrations). Cookies are pieces of data that are often created when someone visits a website, and which are stored in the cookie directory of a computer. Numerous cookies may be created when you visit a website controlled by SI Risk Ltd.

Up-to-date browsers give users the option to accept or decline cookies. This is a global setting that applies to every website a user visits. If a user does switch off cookies at a browser level, their device won't be able to accept cookies from any website. This means the user will struggle to access the secure area of any website they use and won't enjoy the best browsing experience when you are online. AboutCookies (http://www.aboutcookies.org) contains comprehensive information on how to disable cookies on a wide variety of browsers, details how to delete cookies from your computer as well, and more general information about them.

Cookies may be persistent, or session based. Persistent cookies are stored by a web browser and remain valid until the defined expiry date (unless deleted by the user before the expiry date). A session cookie will expire when a user ends their session (which occurs when the web browser is closed).

The type of cookies used on most websites, including those controlled by SI Risk Ltd, can be categorised in four ways (Strictly Necessary, Performance, Functionality and Targeting) according to the International Chamber of Commerce guide to cookie categories.

STRICTLY NECESSARY COOKIES
These cookies are essential, as they enable users to move around the website and use its features (such as accessing secure areas). Without these cookies, services you've asked for can't be provided. These cookies don’t gather information about you that is used for marketing or remembering where you've been on the internet.

PERFORMANCE COOKIES
These cookies collect information about how users use a website, including which pages you go to most often and if you get error messages from certain pages. These cookies don’t gather any information that identifies the user. All information these cookies collect is anonymous and is only used to improve how a website works. These cookies are not used to target users with online marketing. Without these cookies, SI Risk Ltd can’t learn how their website is performing and make relevant improvements that could better the user’s browsing experience.

FUNCTIONALITY COOKIES
These cookies allow a website to remember choices a user makes (such as user name, language, or the region you're in) and tailor the website to provide enhanced features and content for the user. For instance, a website may be able to provide a user with local weather reports or traffic news. These cookies can also be used to remember changes a user has made to text size, font, and other parts of pages that you can customise. They may also be used to provide services a user has asked for, such as watching a video or commenting on a blog. The information these cookies collect may be anonymous and they cannot track a user’s browsing activity on other websites. Without these cookies, a website cannot remember choices previously made by the user or personalise the user’s browsing experience.

TARGETING COOKIES
These cookies are used to tailor marketing to a user and their interests. They are also used to limit the number of times a user sees an advertisement and help measure the effectiveness of advertising campaigns. They remember that a user has visited a website and this information may be shared with other organisations (such as advertisers). Although these cookies can track a user’s visits to other websites, they don’t usually know who a user is. Without these cookies, online advertisements encountered by a user will be less relevant to them and their interests.

LOG FILES
When a user visits an SI Risk Ltd website, SI Risk Ltd collect web statistics concerning their visit which are stored in a log file. Log files allow SI Risk Ltd to record visitors’ use of the website, monitor site performance, and address any errors. The web teams use analytics to record visitors’ use of the site and use this information to make changes to the layout of the website and to the information provided on the website. Log files do not contain any personal information and they are not used to identify any individual patterns of use on the website.

This statement only covers websites and data maintained by SI Risk Ltd and does not cover other data or websites linked to, or associated with, SI Risk Ltd websites.

CHANGES TO OUR PRIVACY STATEMENT
SI Risk Ltd may change its Privacy Statement to align with legislation and industry standards. They will not explicitly notify website users about these changes. SI Risk Ltd recommend that you check this statement on their website occasionally for any policy changes.

This version was last updated on 16 April 2019.
I agree with the Terms & Conditions