__MAIN_TEXT__

Page 1

TERRORISMTRACKER The Risk Advisory Group Methodology documentation June 2019

All rights reserved. No part of this document may be reprinted or reproduced or utilised in any form or by any electronic, mechanical, or other means, not known or hereafter invented, including photocopying and recording, or in any information storage or retrieval system, without permission in writing from the publisher.

Confidential | Do not disseminate Š 2019 The Risk Advisory Group Ltd


CONTENTS 4 5

OVERVIEW THE DATABASE

Incident and Plot Entries Entry summaries Categories Geolocation information Map of the Data Structure

9

TERMINOLOGY AND SCOPE

16

TAXONOMIES OF THE DATASET

Definition of Terrorism Sabotage Activism Civil Unrest Armed Combat & Irregular Warfare Crime Kidnap Cyber-terrorism Terrorism by state actors and proxies Nomenclature & Language

Incident Entry Categories Plot Entry Categories Defining categories and sub-categories Event Type Armed Attack Arson Assassination Bombing Chemical, Biological, Radiological, or Nuclear (CBRN) Explosive Projectile Hijack Hoax Kidnapping/Hostage Taking Other/Unclear Sabotage Siege & Barricade UAV/Drone attack Vehicle Impact Attack Target Type Multiple sub-categorisations of target type

Confidential | Do not disseminate © 2019 The Risk Advisory Group Ltd

06 06 06 06 07

09 10 11 11 12 12 13 13 13 14

16 17 18 18 19 19 19 19 19 19 19 19 19 20 20 20 20 20 21 21

2 / 34


TerrorismTracker | CONTENTS

Business - Construction - Critical Infrastructure - Agriculture - Electricity - Telecoms - Utilities - Extractives - Gas - Mining - Oil - Financial - Media - Other Business - Retail - Tourism Diplomatic Educational Figures & Institutions Emergency Services Government & Political Figures & Institutions Humanitarian/NGO Legal Figures & Institutions Medical figures and institutions Military Other/Unclear Peacekeeper Police & Prisons Private Citizens & Property Private Military & Security Public Gatherings Religious Figures & Institutions Terrorists & Former Terrorists Transportation - Aviation Transportation - Land Transportation - Maritime Ethnic & Minority groups Perpetrator: Groups, Taxonomies and Attribution Attribution structure for incidents Ideology Perpetrator Taxonomies Nationalist/Separatist Far Left/Revolutionary Far Right/Reactionary Single Interest Other Religious Extremists/Cultist Radical Islamist Typologies National Islamist Global Islamist

Confidential | Do not disseminate Š 2019 The Risk Advisory Group Ltd

21 21 21 21 21 22 22 22 22 22 22 22 22 23 23 23 23 23 24 24 24 24 25 25 25 25 26 26 26 26 27 27 27 27 28 28 28 28 28 29 29 30 30 31 31 31 32 33

3 / 34


TerrorismTracker | OVERVIEW

OVERVIEW TerrorismTracker is updated daily by dedicated research analysts and subject to daily quality control by senior terrorism research specialists. Events are only included in the dataset if they are consistent with our working definition of terrorism and can be corroborated or are reported in reputable open sources. The data is highly structured. All incident and plot entries are geolocated, include a short factual summary, and are indexed by 17 different categories including country, target, tactics, weapons used, sectors affected, perpetrator, perpetrator ideology, victim nationalities, and other categories for data retrieval and analysis.

Updated daily by dedicated research analysts

TerrorismTracker is Risk Advisory’s proprietary global terrorism incident and plots database. It aims to record every terrorist incident and plot reported in open sources worldwide since 1 January 2007.

The database is accessible online at the TerrorismTracker website www.terrorismtracker.com and through an API. The website allows users to search and view the data within limited parameters on a map and in sortable lists. This Methodology Documentation provides detailed information about the database and how the data is researched, populated and structured. It explains:

The database of incidents and plots

Our definition of terrorism and scope of the database

Confidential | Do not disseminate © 2019 The Risk Advisory Group Ltd

Taxonomy of the data and categories

4 / 34


TerrorismTracker | THE DATABASE

THE DATABASE The TerrorismTracker dataset covers two taxonomies of terrorism-related activity: incidents and plots. Incidents refer to terrorist attacks or attempted terrorist attacks. Attempted attacks are those that reach the execution phase, but fail to realise their intent or be operationally successful. Plots are planned attacks that are foiled, disrupted or abandoned before the execution phase.

50,000+ entries of incidents and plots

TerrorismTracker is a database that aims to capture every single terrorist attack and plot recorded in open sources anywhere in the world since January 2007.

Every incident and plot is recorded as a single entry, which provides a written summary and geolocation data, and is categorised according to 17 different taxonomies particular to terrorism that give the dataset structure for analysis – such as the type of target, weapons used, and perpetrator. The database contains over 50,000 entries of incidents and plots as of May 2019.

As represented on the TerrorismTracker.com website

Confidential | Do not disseminate © 2019 The Risk Advisory Group Ltd

5 / 34


TerrorismTracker | THE DATABASE

INCIDENT AND PLOT ENTRIES An incident and plot ‘entry’ refers to all the information captured around a single incident or plot recorded on the dataset. Each entry includes the following information, which is presented on the TerrorismTracker website: • A written factual summary of what is known about the incident or plot • All the categorisations attached to the incident or plot • Geolocation information (presented on a mapping interface on the TerrorismTracker website).

ENTRY SUMMARIES Each incident and plot entry provides a brief descriptive summary. The summary does not provide analysis but rather aims to give a succinct and accurate account of the incident or plot, based on information available in open sources. For incident entries, the summaries broadly aim to capture as much as we can discern from open source information on who did what to whom or what, how, when, where and why. And it will highlight any other aspects that may be relevant to understand the event in later retrieval, and what was known (or not known) about it. Plot entries provide a brief descriptive summary of intended attacks that were foiled or abandoned during the planning phase of the operation. Each summary is written in plain English, and we avoid the use of unnecessary acronyms and jargon to ensure comprehension and limit any need for outside reference. The summary will also convey if there are conflicting accounts of the attack or plot or ambiguities in news reports. Where details are unclear, unknown or difficult to verify, the summary will convey that and aim to provide as clear a picture as is possible.

CATEGORIES Analysts categorise each incident and plot using as many as 17 different taxonomies, which are explained, defined and expanded upon in the section Taxonomies of the dataset.

GEOLOCATION INFORMATION Every incident and plot is geolocated with coordinates. Incidents are located where they occurred. If known, plots are located at the target of the intended attack. If this unclear or unspecified, they are located where security forces foiled the plot.

Confidential | Do not disseminate © 2019 The Risk Advisory Group Ltd

6 / 34


TerrorismTracker | THE DATABASE

Our research analysts aim to be as accurate as possible in geolocation but there may not always be detailed or precise information on a specific location. This commonly applies to attacks in remote rural areas where location details are often sparse or countries where media reporting is not detailed. In the event that the exact location of the event is not found in open sources, analysts will plot the attack in an approximate area, and indicate the probable accuracy of the location in five-point increments, from 0-10m up to 1,000m radius.

DATA STRUCTURE INCIDENT ENTRY Date start

Date end

calendar selection

calendar selection

Country

Region

drop down list - 191

automatically applied

Attack Attack type type

Event type

Delivery method

Perpetrator

Group

Ideology

drop down list - 467

automatically applied - 7

Attribution

Suicide

tick boxes - 3

tick box

Target Target

SpeciďŹ c target

Target type

free text

multiple selection - 33

Victim nationalities

Simultaneous

Simultaneous

Connected attacks

Sources

Source names

Date & time

Location entry

drop down list - 14

tick box

free text

Confidential | Do not disseminate Š 2019 The Risk Advisory Group Ltd

(only if bombing)

drop down list - 6

Time start

Time end

free text

free text

Latitude

Longitude

free text

free text

Location accuracy drop down list- 5

Summary free text

Weapon used multiple selection - 15

multiple selection - 189

Terrorists killed free text

Deaths

Injuries

Hostages

free text

free text

free text

multiple selection

Source URL free text

7 / 34


TerrorismTracker | THE DATABASE

PLOT ENTRY

Date

Date calendar selection

Country

Region

drop down list - 191

automatically applied

Attack Plot type type

Event type

Delivery method

Perpetrator

Group

Ideology

drop down list - 467

automatically applied - 7

tick boxes - 2

Target type

Weapon used

Target nationality

multiple selection - 15

multiple selection - 189

Location entry

Target Target

drop down list - 14

multiple selection - 33

Latitude

Longitude

Summary

free text

free text

free text

(only if bombing)

drop down list - 6

Attribution

Count free text

SpeciďŹ c target free text

Planning stage multiple selection - 4

Connected attacks multiple selection

Foreign links tick box

Sources

Source names free text

Confidential | Do not disseminate Š 2019 The Risk Advisory Group Ltd

Source URL free text

8 / 34


TerrorismTracker | TERMINOLOGY AND SCOPE

TERMINOLOGY AND SCOPE DEFINITION OF TERRORISM Risk Advisory uses the following definition of terrorism to make judgments about what incidents and plots are included in the TerrorismTracker database: Terrorism is the systematic threat or use of violence, whether for or in opposition to established authority, with the intention of communicating a political, religious or ideological message to a group larger than the victim group, by generating fear and so altering (or attempting to alter) the behaviour of the larger group. Terrorism is a strategy and can exist in both peacetime and conflict environments. Either the victim or the perpetrator, or both, will be operating outside a military context; both will never be operating within a military context or in a state of military hostilities at the given instance. Our definition requires that acts of terrorism are politically, religiously or ideologically motivated, but it does not necessarily follow that all corresponding violent acts are terrorism. Similarly, not all acts by terrorist organisations are necessarily acts of terrorism (e.g. a terrorist group robbing a bank for fundraising purposes is not necessarily in itself a terrorist attack). The non-military dimension of our definition means that terrorism is a clandestine activity. The clandestine nature of attacks and plots is taken into account in evaluating them as being acts of terrorism or other forms of violence. Moreover, not all politically motivated acts or threats that are intended to induce a state of terror are necessarily acts of ‘terrorism’; for example state purges, war crimes such as ‘ethnic cleansing’, and ‘shock and awe’ warfare. In accordance with the definition, the following are excluded from the database: • acts of warfare, either irregular or conventional; • criminal violence oriented exclusively for profit (even if they emulate terrorist tactics such as car bombings and beheadings);

Confidential | Do not disseminate © 2019 The Risk Advisory Group Ltd

9 / 34


TerrorismTracker | TERMINOLOGY AND SCOPE

• violent anti-social behaviour; • civil unrest; • isolated acts of violence by unbalanced individuals such as active shooter incidents, unless there is clear evidence the motives of the attack are consistent with our definition of terrorism. The definition we use is intended to guide objective distinctions so that incident data can inform accurate, unbiased and empirically sound data analysis, and threat and risk assessments. It is also intended to give a view on whether insurers, courts or tribunals, and law enforcement are likely to view particular incidents as terrorism or something else. Having a definition also enables our analysts to make independent judgments in cases where source reporting may be biased and incidents misrepresented for political, jurisdictional or other reasons. An independent definition enables us to classify incidents based on the available evidence, regardless of whether a government or other authority label an act of violence as a ‘crime’ or ‘terrorism’ for political or legal reasons. Almost inevitably, incidents will occur where the definitional threshold that distinguishes terrorism from other forms of political violence becomes blurred. Acts of guerilla warfare and terrorism are often difficult to parse. Other examples are where there is inadequate information about motive or perpetrator, for example during an unfolding event, pending an investigation, or simply a lack of detail in reporting. We, therefore, will make case-by-case judgements taking into account contextual factors and our analysis of the attack itself, as to whether the incident is included or excluded pending further details. If the balance of information suggests it is more likely to be terrorism than not, we will include it in the dataset but indicate in the categorisation that motive and perpetrator identity is suspected rather than known. We routinely review past incidents and will make retrospective revisions to the data to ensure the dataset is as accurate as possible, particularly when more information comes to light. This may include adding or removing incidents from the dataset. Users are invited to submit feedback about the data and flag incidents or plots for inclusion or exclusion, by emailing us at terrorismtracker@riskadvisory.com.

SABOTAGE Incidents classified as sabotage in this dataset refer to the deliberate damage or destruction of property to cause fear, violence upon persons, and/or disruption in furtherance of ideological, political or religious goals as part of a terrorist campaign, or with terrorist intent. Distinguishing between acts of sabotage as terrorism or warfare, activism or other forms of malicious damage can be difficult. We make judgments on the inclusion of

Confidential | Do not disseminate © 2019 The Risk Advisory Group Ltd

10 / 34


TerrorismTracker | TERMINOLOGY AND SCOPE

sabotage incidents based on the profile of the perpetrator and their motive, the probable objective of the attack, tactics used, the level of violence employed and the extent to which it is likely to form part of the tactical repertoire of a terrorist organisation, or be part of a wider terrorist campaign. For example, an attempt to derail a train and kill passengers by damaging track or placing an obstruction would be included. A bomb attack on an oil pipeline justified as economic targeting of a state by a group that has carried out terrorist attacks would also be included in the dataset. Arson attacks that also conform to the above criteria will typically be categorised as sabotage. The vandalism of an ATM by an anti-capitalist protest or non-violent direct action group would not be included. Neither would the sabotage of machinery to prevent its use in deforesting an area by local or environmental activists. The latter may be included if the activists in question were engaged in other forms of violence in accordance with our definition of terrorism.

ACTIVISM Although terrorism - as ideologically, politically or religiously motivated activity – is a form of activism, the definition of terrorism we use does not necessarily include unlawful incidents by protest groups, pressure groups, subversives, or other types of activists using non-violent direct action (NVDA) techniques, no matter how disruptive. If violence is threatened or intended but not used, an action falls outside the classification of an NVDA protest, regardless of the general motives of the group. We may include such incidents on the database if there is sufficient evidence that the action was intended to influence a wider audience through the use of violence and or other methods to instil fear. Activists who use violence to intimidate and influence a wider audience, or threaten violence, in furtherance of their ideological, political or religious goals or beliefs are, by our definition, terrorists.

CIVIL UNREST The above definition of terrorism does not include incidents of civil unrest and strife, street protests, rioting, public disorder by protest groups, or inter-communal violence, no matter how disruptive or violent, unless the actions are in themselves consistent with our definition of terrorism. If acts of terrorism – in accordance with our definition – occur at or around protests, such incidents will be included. This is particularly so in times of civil disorder if there is evidence that terrorist groups are active, or activist groups are moving towards pursuing terrorism as a strategy.

Confidential | Do not disseminate © 2019 The Risk Advisory Group Ltd

11 / 34


TerrorismTracker | TERMINOLOGY AND SCOPE

ARMED COMBAT & IRREGULAR WARFARE The use of terrorism by insurgent groups or paramilitary organisations presents particular challenges regarding inclusion in the dataset. Contemporary and recent insurgencies, such as those seen in Iraq, Afghanistan and Syria, have increasingly been characterised as complex conflicts where terrorism constitutes a major element. In such conflicts, it can often be unclear whether attackers are combatants or operating outside of a military context, and whether they are simply trying to achieve tactical objectives in warfare such as killing the enemy or taking territory, or using deliberately terrorising forms of violence to demoralise an enemy, or using violence with the objective of influencing a larger target audience. We may, therefore, exclude attacks that form part of an established pattern of guerrilla warfare such as roadside bombings or complex attacks of military patrols in active conflict zones if both parties are regarded as combatants and in a high state of combat readiness. Such acts constitute acts of warfare, be it guerrilla, irregular or otherwise. The use of suicide bombers to initiate guerilla attacks on military targets is an example. On the same basis, we will usually include attacks against military targets that are not on a combat-ready footing, such as static bases. We will do the same if front lines move and violence in an area reverts from combat to more indirect terrorising types of attacks, for example, targeted attacks on soldiers outside barracks or assassinations of off-duty personnel. Like civil unrest, we judge each incident on a case-by-case basis taking into account the particular context.

CRIME Any violent or intimidating act motivated solely for material gain is a crime and therefore not terrorism, regardless of method or tactics. Examples of such exclusions would include criminal gangs carrying out car bombings and murders intended to intimidate rivals or the authorities. If criminal groups evolve towards the pursuit of genuine political, ideological or religious goals, then attacks that conform to the above definition would be included. Some governments may describe acts of terrorism as ‘crimes’ perpetrated by ‘criminals’ for political or legal reasons, such as to play down a terrorist threat, deny terrorists any claims to political legitimacy or validity, or to make a prosecution. Our definition of terrorism provides a framework to make independent judgments on such claims. Acts of criminal enterprise by terrorist groups to raise funds – such as extortion, smuggling or bank robberies – are judged on a case-by-case basis. But as noted above, not all acts by terrorist organisations are necessarily acts of terrorism (e.g. a terrorist group robbing a bank for funds is not in itself an act of terrorism). The main exception to this is kidnapping, which we include.

Confidential | Do not disseminate © 2019 The Risk Advisory Group Ltd

12 / 34


TerrorismTracker | TERMINOLOGY AND SCOPE

KIDNAP Kidnappings by terrorist groups will always be included in the TerrorismTracker dataset, even if securing a ransom payment is known, suspected or found to be the primary motive. In cases where a criminal group has undertaken the kidnapping but sold or passed the victim to a terrorist group, these will also be included.

CYBER-TERRORISM TerrorismTracker does not presently record acts of ‘cyber-terrorism’ – at least not in currently known and reasonably attributable forms of cyber attack. As we have noted in our definitions above, it does not necessarily follow that all activities by groups that engage in terrorism – including cyber attacks – are necessarily terrorist incidents. We regard cyber attacks as hostile actions that compromise the confidentiality, availability and/or integrity of data. This falls outside our definition of terrorism and the scope of this dataset. This may change if evidence emerges of a cyber attack by a terrorist group that conforms to our definition. For the same reasons, acts of cyber or electronic warfare by state actors that may result in violence, death or casualties are excluded. Hostile cyber activities by terrorist groups or their followers – or others purporting to be terrorist groups (including state actors) have become more common since the inception of this dataset in 2007. This has included defacing websites, distributed denial of service attacks, and other forms of hacking. None of which comply with our definition of acts of terrorism. In some cases ‘doxxing’ or leaking data with the intent to intimidate has occurred. Attribution makes it difficult to reliably judge whether terrorists have been responsible but cases so far suggest these cannot be reliably described as terrorist attacks.

TERRORISM BY STATE ACTORS AND PROXIES The database includes acts of terrorism by state actors if such acts comply with our definition. It is very rare that we are able to reliably attribute attacks to a particular state, either as a sponsor or direct perpetrator. In cases of attacks by groups that are known or officially accused of having a particular state’s backing or function as its proxy – for example Hezbollah – we will attribute the attack to that group, not the state sponsor. In cases where the investigating authorities present compelling cases that a state was directly responsible for an attack, we will assign that state and the relevant agency or organisation as the ‘Perpetrator’ and mark it as ‘Officially Attributed’. Such cases are rare, and since the inception of the database have been exclusively assassinations overseas.

Confidential | Do not disseminate © 2019 The Risk Advisory Group Ltd

13 / 34


TerrorismTracker | TERMINOLOGY AND SCOPE

Not all cases of assassination will qualify as terrorism. That is not to say all assassinations by states will concord with our definition of terrorism and are included. As a general heuristic, they must be clandestine (which therefore excludes targeted killings using military means such as missile strikes) and outside of the perpetrators’ sovereign territory. And they must be intended to communicate a terrorising message to a wider group and so attempt to alter the behaviour of that group, in accordance with our definition of terrorism. The primary purpose of an assassination by a state cannot, therefore, be to remove a threat or achieve tactical or strategic objectives such as degrading a group or other organisation. So the targeted killings of terrorists as part of a counterterrorism strategy, or of military officers or government officials by a state as an act of war (ostensibly or literal), does not qualify. Targeted killings of people that do not pose a national security threat, such as dissidents, journalists, defectors and exiles will qualify subject to the other criteria described above. Further, if the relevant investigating authority is generally regarded as competent and non-arbitrary, and declares such an act of terrorism and presents a compelling case, we will attribute it as described above. Examples of such cases include the murder of Russian defectors by Russian intelligence agencies, particularly when the defectors can longer be credibly viewed as a national security threat by virtue of time since they defected; so the objective can be reasonably assumed as punishment and to send a terrorising message to would-be defectors and dissidents.

NOMENCLATURE & LANGUAGE The goal of the TerrorismTracker incident database is to provide an empirical and objective dataset upon which to assess terrorist activity and threat. Risk Advisory makes no value judgments on the particular ideologies or sympathies of perpetrators of terrorist attacks. We endeavour to use plain, impartial and precise language. We refer to ‘terrorists’ as those that have perpetrated an act of terrorism according to the above definition, without discrimination in respect of their political, religious or ideological motives or sympathies, their organisation, their alliances, sponsors or their affiliations. As terrorism is a strategy at the disposal of any type of actor, we may refer to those that have carried out a given attack in wider terms as ‘terrorists’. We try to avoid pejorative, value-laden or politically biased terms such as ‘freedom fighters’, ‘resistance forces’ or ‘rebels’ to describe perpetrators of terrorist acts, preferring plainer terms such as attackers, perpetrators or assailants. However, to put attacks into context and for readable incident reports, we may use varying terms of classification such as a militia, insurgents or guerrillas, when referring to specific instances of the use of terrorism by, respectively: • members of an army or paramilitary force composed of civilians rather than professional soldiers (militia);

Confidential | Do not disseminate © 2019 The Risk Advisory Group Ltd

14 / 34


TerrorismTracker | TERMINOLOGY AND SCOPE

• those engaged in sustained and organised armed rebellion against a constituted authority (insurgents); • an independent militarised group that engages in irregular warfare against superior regular military forces using tactics that often avoid direct engagements (guerrillas). We may use the term ‘militant’ for unidentified perpetrators of a given act of terrorism, acknowledging that ‘militant’ may also be used as an adjective to describe activists that are violent but are not necessarily terrorists. In most cases, where the identity and motives of the attackers are unclear but we suspect terrorism, we may simply defer to assailants and attackers, or use descriptions that illustrate the nature of the attack, such as bomber or gunman.

Confidential | Do not disseminate © 2019 The Risk Advisory Group Ltd

15 / 34


TerrorismTracker | TAXONOMIES OF THE DATASET

TAXONOMIES OF THE DATASET Every incident and plot entry is categorised to give structure to the dataset. The categories aim to capture all information pertinent to analysing terrorist activity and form analysis of trends and patterns, particularly as it pertains to the analysis and assessment of the threat (intent and capability to mount) or risk (likelihood and impact) of terrorist attacks. Some of these categories have subcategories, such as countries, names of perpetrator groups, weapons used, and so forth. The categories and subcategories we use, where not self-explanatory or already explained above, are listed and defined below. Incident entries can have multiple categorisations assigned to them when the target or means of attack requires it. For example, an attack on a nightclub popular with tourists may be categorised as impacting both the retail and tourism sectors. Similarly, an attack involving both explosives and firearms can have both subcategories of weapon type assigned to the incident entry.

INCIDENT ENTRY CATEGORIES Date/time

Including start and end date/time of attacks

Region/Country

191 countries

Coordinates

Latitude and longitude fields

Location accuracy

In five-point increments, from 0-10m up to 1,000m radius

Event type

The type of attack, defined by tactics and weapons used, e.g. bombing, shooting

Delivery method

Of weapons or attackers, sub-categorised where applicable, e.g. person-borne, vehicle-borne, maritime, air-borne.

Weapons used

Categorised by different types of weapons, e.g. knives, explosives

Perpetrator

With subcategories of group, ideology and attribution (with attribution sub-categorised further by ‘claimed’, ‘suspected’ and ‘officially attributed’)

Confidential | Do not disseminate © 2019 The Risk Advisory Group Ltd

16 / 34


TerrorismTracker | TAXONOMIES OF THE DATASET

Suicide attack

Or not

Terrorists killed

Number of perpetrator fatalities in the attack

Specific target

Free text, describing specifically the target of the attack where known or reasonably suspected

Target type

With 32 subcategories listed below, by economic, commercial and other sectors, e.g. security forces, judiciary, oil and gas

Victims

Sub-categorised by numbers of injuries, fatalities and hostages, which are further sub-categorised by victim nationalities

Coordinated with other attacks

Yes/no

Connected plots or incidents

This links the incident entry to other related incident or plot entries e.g. when marked as ‘coordinated’ with other attacks)

Source names

Name of source (e.g. BBC News)

Source URLs

Web address of source material

PLOT ENTRY CATEGORIES Date

Including start and end date/time of attacks

Location

Either the target of the intended attack or where security forces foiled the plot.

Region/Country

191 countries

Coordinates

Latitude and longitude fields

Event type

The type of planned attack

Delivery method

Of weapons or would-be attackers, sub-categorised where applicable, e.g. person-borne, vehicle-borne, maritime, air-borne.

Confidential | Do not disseminate © 2019 The Risk Advisory Group Ltd

17 / 34


TerrorismTracker | TAXONOMIES OF THE DATASET

Perpetrator

With attribution sub-categorised further by ‘suspected’ and ‘officially attributed’

Source names

Name of source (e.g. BBC News)

Source urls

Web address of source material

Target type

With 32 subcategories listed below, by economic, commercial and other sectors, e.g. security forces, judiciary, oil and gas

Weapons type

Categorised by different types of weapons the suspects planned to use, e.g. knives, explosives

Target nationality

The nationality of intended victims where known

Specific target

Free text, describing specifically the target of the planned attack where known or reasonably suspected

Planning stage

Whether the stage of the planned attacks was ‘Advanced’, ‘Intermediate’, ‘Initial’ or ‘Unknown’

Connected plots or incidents

This links the plot entry to other connected incidents or plots

Foreign links

Whether the plot has links to foreign individuals or organisations

with subcategories of group, ideology and attribution

DEFINING CATEGORIES AND SUB-CATEGORIES EVENT TYPE All incidents on the database are classified by ‘event type’. Event type describes the kind of attack or incident. In rare cases where there is insufficient information about how an attack was mounted, the event is classified as ‘other/unclear’. If perpetrators use (in incidents) or plan to use (in plots) a variety of weapons and methods of attack, research analysts will judge which of the following categories give the most appropriate classification, based on the available information. An explanation will be provided in the report summary.

Confidential | Do not disseminate © 2019 The Risk Advisory Group Ltd

18 / 34


TerrorismTracker | TAXONOMIES OF THE DATASET

Armed Attack

An armed attack is where arms (firearms, handheld weapons) are the primary weapon used, normally in an indiscriminate fashion, particularly in respect of the individual identities of victims.

Arson

Arson attacks include the use of incendiary devices as well as manually starting fires.

Assassination

Assassination means the targeted killing of a high profile person for political or ideological motives, on the basis of their individual identity and/or status or occupational function.

Bombing

Bombing means the use of an explosive device, but excluding thrown hand grenades and explosive projectiles such as mortars or rockets.

Chemical, Biological, Radiological, or Nuclear (CBRN)

CBRN means any attack where Chemical, Biological, Radiological, or Nuclear materials are used. This can include the use of explosive devices to disperse CBRN materials, and poisonings or assassinations using CBRN materials. We would consider the murder of former Russian intelligence officer Alexander Litvinenko by polonium poisoning in London in 2006 a CBRN event, for example.

Explosive Projectile

Explosive projectile attacks are essentially stand-off attacks using thrown grenades, rockets, missiles, mortar fire, and rocket-propelled grenades (RPGs).

Hijack

Hijacking refers to the forceful takeover of a vessel/vehicle/ aircraft by terrorists.

Hoax

A hoax incident is only included if the hoax has a clear terrorising aspect and motive, and has the characteristics of a terrorist act, and in accordance with our definition of  terrorism.

Kidnapping/ Hostage Taking

Kidnapping/Hostage Taking refers to the abduction of victims against their will, where they are held by terrorists. Kidnap for ransom incidents are also included here if the kidnappers also make political demands or are known to be a group with political objectives (as opposed to simply criminals who solely act for material gain). As a hostage event, Kidnapping/Hostage Taking is distinct from Hijacking (which is on a vessel/vehicle/aircraft) and ‘Siege and Barricade’ (which is in a location where

Confidential | Do not disseminate © 2019 The Risk Advisory Group Ltd

19 / 34


TerrorismTracker | TAXONOMIES OF THE DATASET

the terrorists are contained) in that the terrorists operate from a location where they are more able to dictate terms and the location of the hostages is not typically known or accessible. Other/Unclear

Other/Unclear means any event type that is not included in the list of Event Types. The event type will be described in the incident summary. This category also includes incidents where the event type is not known. Such events are rare and we aim to update and reclassify the entry when more information becomes available. If a new form of attack emerges that is not in our event type subcategories we will usually create a new subcategory to capture it.

Sabotage

Sabotage is wilful property damage carried out for ideological or political reasons. Typical examples would be an attempt to derail a train or a bomb attack on a pipeline. Acts of vandalism or malicious damage are excluded. See our definition of Sabotage in Definitions and Scope.

Siege & Barricade

Siege and Barricade refer to incidents where terrorists take over a static location and take hostages as collateral for their demands or to draw out a crisis, typically resulting in a stand-off with security forces.

UAV/Drone attack

UAV/Drone attack refers to incidents involving the use of unmanned aerial vehicles (UAV) or drones by terrorists. These incidents might involve dropping a dangerous payload, detonating the UAV/Drone, or deliberately crashing it into a target.

Vehicle Impact Attack

Vehicle Impact Attack refers to incidents where terrorists use vehicles as an improvised weapon, such as deliberately ramming vehicles into people, objects or buildings with the intention of causing human or material damage.

Confidential | Do not disseminate Š 2019 The Risk Advisory Group Ltd

20 / 34


TerrorismTracker | TAXONOMIES OF THE DATASET

TARGET TYPE All incidents and plots that are logged on TerrorismTracker are also categorised according to the nature of the intended target (where known or reasonably judged), which we call its target type. This categorisation enables users to sift data and assess terrorist target selection patterns, and infer strategy and general intent, with a particular emphasis on how this impacts different sectors of the economy, state and society. We have subdivided business or economic sectors into common verticals so that users can search for attacks relevant to a particular industry or business interest with greater precision. Different organs of state and sectors within civil society are also subcategorised.

MULTIPLE SUB-CATEGORISATIONS OF TARGET TYPE Much like other aspects of the database (such as with Perpetrator Ideology), there will occasionally be a crossover between one form of classification and another. And in some cases, it may be unclear what the intended target of the attack was, or that several sectors are directly affected. Or it may be that attacks are effectively targeting multiple target types. In such instances, our analysts make judgments on a case-by-case basis on how an incident should be categorised. For example, an attack on an oil tanker would likely be coded by the analyst as: Business – Extractives Oil + Transportation – Maritime. Similarly, a sectarian attack targeting a crowd outside a place of worship would be subcategorised as: Private Citizens & Property + Religious Figures & Institutions + Public Gatherings In the following classifications, we are referring to both attacks and plots targeting the following target types. Note that such classifications include attacks or plots affecting personnel working for these sectors as well as physical assets:

Business Construction

This includes construction sites, companies, personnel, vehicles and equipment.

Business

This includes farms, farming machinery, vehicles, livestock and crops, slaughterhouses, dairies, and personnel.

Business

This covers the electricity generation and transmission infrastructure: power stations, substations, electricity

Critical Infrastructure – Agriculture Critical Infrastructure – Electricity

Confidential | Do not disseminate © 2019 The Risk Advisory Group Ltd

21 / 34


TerrorismTracker | TAXONOMIES OF THE DATASET

distribution assets, fuel supply to power stations, personnel or other aspects of the electricity production and distribution sector. Business

This includes telecommunications facilities, telephone lines, mobile telephone masts, satellite telecommunications facilities, switching facilities, exchanges, data centres and internet hubs, personnel or other aspects of the telecoms sector.

Business

This includes all utility sectors except electricity and telecommunication – so all aspects of domestic gas supply and gas import facilities, including LNG offloading facilities in import countries, gasometers and gas pipes, water and sewage treatment plants, water distribution networks, sewage and drainage infrastructure, personnel or other aspects of the utility sector.

Business

This includes any aspect of the upstream, midstream or downstream components of the natural gas sector. This includes exploration and drilling, rigs, distribution pipelines and vehicles, refineries, storage, shipping, personnel or other aspects of the gas exploration, production and distribution sector.

Critical Infrastructure – Telecoms

Critical Infrastructure – Utilities

Extractives – Gas

Business

This includes any aspect of the mining sector: including mines, mining interests, vehicles distributing raw material from the mine, personnel or other aspects of the broader mining sectors.

Business

This includes any aspect of the upstream, midstream and downstream components of the petroleum aspect of the sector. So this would include exploration and drilling, rigs, distribution pipelines and vehicles, refineries, storage, shipping, personnel or other aspects of the oil exploration, production and distribution sector.

Business

Any aspect of financial services sectors, including retail banks, cash machines, insurance firms, corporate offices, credit card companies, personnel or other aspects of the financial services sectors would be classified under the target type of as ‘Business – Financial’.

Extractives – Mining

Extractives – Oil

Financial

Business Media

Confidential | Do not disseminate © 2019 The Risk Advisory Group Ltd

This includes any aspect of the media, including newspaper offices, journalists, news and film crews, editors, TV and radio stations, studios, internet media companies, media celebrities such as actors, and all other aspects of the media.

22 / 34


TerrorismTracker | TAXONOMIES OF THE DATASET

Business

Other Business

Business Retail

This includes any other commercial sector that is not otherwise classified on the database. This includes some aspects of manufacturing that are not captured by other ‘Business’ categories. The target type classification ‘Business – Retail’ includes any aspect of retail (except banks, which would be classified as ‘Business – Financial’), including shops, barber shops, warehouses and delivery vehicles. We also include restaurants, nightclubs and bars under the retail category. If such venues are overtly associated with tourism or it seems clear that an attack on a retail target was intended to target tourists, we also categorise the entry target type as ‘Business – Tourism’. Attacks that target markets, shopping malls or other retail areas where people may congregate that are intended to be mass-casualty attacks (and where the public rather than the sector are the primary target), will be also classified under ‘Public gatherings’ as well or as an alternative depending on what is understood about the attack.

Business Tourism

Diplomatic

This includes any aspect of the tourism sector excluding transport: hotels, guest houses, and resorts would all be included. Nightclubs, bars and restaurants that are notably touristic would also be included, as would attacks on personnel working in the sector. Note that some incidents may also be classified as ‘Business Retail’. This includes any aspect of a foreign government’s representation in a given country. It also includes any aspect of recognised multilateral international institutions (also known as inter-governmental organisations) such as the United Nations and its agencies (excluding agencies that fall under the target types: ‘Humanitarian’ or ‘Peacekeeper’) such as the World Bank, the International Monetary Fund, the Arab League, the Organisation for Economic Co-operative Development. This target type would, therefore, include diplomats, foreign politicians and foreign officials acting in a diplomatic capacity, embassy workers (even if local staff), and all diplomatic missions and official residences.

Educational Figures & Institutions

Confidential | Do not disseminate © 2019 The Risk Advisory Group Ltd

‘Educational Figures & Institutions’ includes any aspect of educational institutions or personnel associated with those institutions, such as teachers, lecturers, researchers

23 / 34


TerrorismTracker | TAXONOMIES OF THE DATASET

and students. Nurseries, schools, universities and research institutes would all fall under this category. Emergency Services

The target type classification ‘Emergency Services’ includes any aspect of the emergency services, including property and personnel. This includes paramedics, ambulances, fire services, mountain rescue and sea rescue. It would also include attacks on the property associated with medical services but only in an emergency context, such as Emergency Room/Accident & Emergency/Casualty entrances to hospitals. This target type classification does not include police unless they were explicitly operating as emergency responders in the given instance (such as secondary attacks against emergency responders to a terrorist attack). In which case the target would also be categorised ‘Police and prisons’. Any other attack on law enforcement personnel or assets would be classified under ‘Police and prisons’. This would also not include attacks on doctors unless they were explicitly operating in the given instance as emergency responders. Any other attack on medical figures personnel or assets would be classified under ‘Medical figures and institutions’.

Government & Political Figures & Institutions

This includes any aspect of a government’s administrative, legislative and executive representation in its own country, at both central and local government level. This sector, therefore, includes heads of state, politicians, ministers, mayors, civil servants, governors, councillors and other state officials, as well as attacks on property such as ministries, parliament buildings, and city or town halls.

Humanitarian/ NGO

This includes humanitarian organisations, including governmental humanitarian organisations such as USAID, and non-governmental organisations (NGOs) operating in a humanitarian or another context. This sector, therefore, includes humanitarian and relief workers or other personnel, aid convoys or vessels, warehouses or depots, humanitarian projects, NGO offices and other relevant assets or locations.

Legal Figures & Institutions

This includes any aspect of a country’s judiciary or the legal system. This sector would, therefore, include judges, magistrates, lawyers, juries and other personnel working in the service of the judiciary, as well as courts and chambers.

Confidential | Do not disseminate © 2019 The Risk Advisory Group Ltd

24 / 34


TerrorismTracker | TAXONOMIES OF THE DATASET

It would also include NGOs working on legal reform and rule of law projects, such as Bar Associations. Medical figures and institutions

This includes people or property associated with the provision of healthcare and medical services, excluding those operating in an emergency services context. This means doctors, nurses, surgeons, consultants, dentists, radiographers and all other medical health professionals are included. Any location associated with the provision of medical aid or healthcare, such as hospitals, clinics, surgeries, and hospices would all be included under this target typology. The pharmaceutical sector, including pharmacists, would not be included under this target type. Attacks on emergency medical services, such as paramedics and ambulances, would also be categorised ‘Emergency Services’.

Military

Military includes all official military or paramilitary forces. This means all officials serving personnel in armies, navies or air forces, as well as all military facilities and property. It also includes state paramilitary forces, specifically the auxiliaries of regular militaries, but excluding law enforcement agencies organised along military or paramilitary lines (e.g. gendarmerie). Civilian contractors or officials working with the military in a given instance but not on combat duty would not be classified as ‘Military’. Contractors would be profiled either according to the service they offer or as ‘Private military and security’. Civilian officials such as civil servants working for defence ministries or departments would be classified under the target type ‘Government and political figures and institutions’

Other/Unclear

These events fall outside the sphere of all other classifications listed and their type will be described in the incident summary. This category also includes incidents where the target type is not known or unclear.

Peacekeeper

The target type classification ‘Peacekeeper’ includes bases, vehicles or military locations, assets and military personnel that are operating in a country with a legitimate peacekeeping mandate. Legitimate in this case means officially sanctioned by a recognised multilateral

Confidential | Do not disseminate © 2019 The Risk Advisory Group Ltd

25 / 34


TerrorismTracker | TAXONOMIES OF THE DATASET

international institution, such as the United Nations or the African Union. Police & Prisons

Incidents given the target type classification ‘Police & Prisons’ would be any attacks against the police or internal security forces or other law enforcement personnel. It would also include attacks on prison officers, wardens and other people employed in the prison system. Police officers and civilians working for the police such as intelligence analysts, forensic scientists, photographers and crime scene examiners would also be included in this target type. Property such as police stations, prisons, penitentiaries, police vehicles, and prisoner transport vehicles would all come under this target type.

Private Citizens & Property

This essentially means civilians targeted outside of any business, state or other organisational context. This would include attacks where people are targeted because of what they represent as civilians or members of society in a given country or situation. The targeting of people in their homes or private property which is not owned by a commercial, state or other organisation (such as residences) would be included in this target type.

Private Military & Security

The target type classification ‘Private military and security’ includes private security personnel (armed and unarmed) and property, as well as privately-run militias that serve the purpose of local security provision. It also includes civilian contractors (and their property) who provide services to militaries or other organs of state that would traditionally be undertaken by militaries themselves – such as military logistics, engineering, vehicle maintenance, and mineclearance. Private military companies and private security companies, as commercial civilian organisations, are not to be confused with state-run paramilitaries organisations engaged in combat (such as auxiliaries), law enforcement (gendarmes), which we categorise as ‘Military’ or ‘Police & Prisons’ respectively.

Public Gatherings

Confidential | Do not disseminate © 2019 The Risk Advisory Group Ltd

Public gatherings refer to the deliberate targeting of crowds of people in public spaces. Owing to the fact that most crowds gather in public in areas where retail services or

26 / 34


TerrorismTracker | TAXONOMIES OF THE DATASET

tourism are the reason they are there (such as markets and nightclubs), events classified as targeting public gatherings may have a business sector target type added to it as well. If such attacks target civilians (rather than military, police or other profiles), the incident will also be sub-categorised as ‘Private Citizens & Property’. Religious Figures & Institutions

The target type classification ‘Religious figures and institutions’ includes religious figures, institutions or property. A religious figure means a person who holds an official position in a religious order, sect, or institution (e.g. a priest, monk, Imam, or Rabbi...etc). Outside of organised religion, it can be a person whose occupation and profile is primarily and outwardly spiritual, or one of religious leadership within a community, or that of a uniquely religious role (e.g. a healer or rainmaker in animist religions), and who has been targeted on the basis of their beliefs. Sectarian attacks on civilians (an attack on a place of worship may be categorised as both Ethnic/Sectarian/ Minority groups are included in this category and double categorised as Public Gatherings if they are large crowds.

Terrorists & Former Terrorists

This includes the targeting of other terrorists or former terrorists. An example might be violence between rival factions, or terrorists targeting those that seek to leave the group or have already left.

Transportation

This refers to the targeting of the civilian commercial aviation sector. Military aviation is not included in this target type and would be classified under ‘Military’. Typical targets include all fixed and rotary wing aircraft, airports and airfields.

Aviation

Transportation Land

This includes all aspects of land-based public transportation and transport infrastructures, such as buses, trains, and trams, and road and rail infrastructure (railway tracks and road bridges). This target type does not include vehicles if they are the vectors for an attack – e.g. a car or truck bomb targeting a hotel would be classified as ‘Business – Tourism’. Roadside bombs, or bombs planted underneath roads, are also not

Confidential | Do not disseminate © 2019 The Risk Advisory Group Ltd

27 / 34


TerrorismTracker | TAXONOMIES OF THE DATASET

included unless the intent was to destroy the road rather than a target moving along it. Transportation

This refers to all aspects of maritime transportation (all boats, ships, and submarines) except military vessels. This classification does not include piracy, which is a criminal activity.

Ethnic & Minority groups

This refers to attacks that are deliberately targeting a group or individual on the basis of their ethnicity, social group, sexual orientation or gender identity. Examples include attacks against refugees, LGBT+ people and other violent incidents that are evidently racially motivated.

Maritime

PERPETRATOR: GROUPS, IDEOLOGIES AND ATTRIBUTION When an incident or plot entry is inputted we assign a perpetrator, categorised as Group (which includes named groups, networks, movements, or unknown) from a current list of 467 groups. Each Group is automatically assigned one of seven perpetrator ideologies (see Ideologies below). We then indicate whether a group has been officially attributed (by the authorities) as the perpetrator, whether we suspect a particular group, and in the case of incidents (not plots) whether a group has claimed the attack. If more than one group has claimed an attack, we may assign multiple groups as having claimed it.

ATTRIBUTION STRUCTURE FOR INCIDENTS • Group – 467 groups listed (to date) • Ideology – seven sub-categories • Attribution: • Officially Attributed • Suspected • Claimed

IDEOLOGY Terrorism is a political activity; therefore, the role of ideology is fundamental to assess the threat. For this reason, each act of terrorist activity is tagged according to the perpetrators’ ideological motivation, where it is known or reasonably suspected.

Confidential | Do not disseminate © 2019 The Risk Advisory Group Ltd

28 / 34


TerrorismTracker | TAXONOMIES OF THE DATASET

Terrorist groups’ ideologies vary enormously but often directly influence operational and strategic choices such as target selection, tactics and levels of violence; justifications used and commitment to actions such as suicide attacks. Given the huge range of ideologies of international and domestic terrorist organisations and the huge volume of incidents, for ease of reference and sorting data, it is useful to break down the different types of terrorist groups, as defined by their ideological character, into more manageable categories. TerrorismTracker uses the following taxonomies of ideological profile as categories in the database: 1. 2. 3. 4. 5. 6. 7.

Far Left/Revolutionary Far Right/Reactionary Nationalist/Separatist Other Religious Extremist/Cultist Single Interest Global Islamist National Islamist

These taxonomies are intended to be a guide. It should be noted that due to the inherent complexities of political, religious or ideological terrorism, they are not mutually exclusive and are intended to be general. In some cases, terrorist groups may be best described as a crossover of more than one category. Where ambiguities exist we will ascribe the ideology profile to a particular group that we judge most accurately reflects its predominant ideology or motives, or we may add more than one typology to a group.

PERPETRATOR TAXONOMIES NATIONALIST/SEPARATIST Nationalist/Separatist refers to all groups that carry out terrorist acts motivated along ethnic or nationalist lines in furtherance of the creation of an independent state. This is either by the secession of territory from a parent state, irredentism, or as an act of nationalist defence such as by resisting an occupying power. Many nationalist/separatist groups tend to be secular in nature, but there are cases in which there can be a crossover between nationalism or separatism and religious identity, such as Sikh separatists in Punjab in India. In such cases, we will make a judgment as to what the dominant narrative and objectives of the group are in ascribing a typology. Due to their empirical prevalence in contemporary terrorist activity worldwide, groups that place Islam or Islamism as central to their nationalist or separatist narrative have their own classification of National Islamist (see below). There are also examples of

Confidential | Do not disseminate Š 2019 The Risk Advisory Group Ltd

29 / 34


TerrorismTracker | TAXONOMIES OF THE DATASET

groups that fuse far left/revolutionary ideologies with nationalism or separatism, such as the Kurdistan Worker’s Party (PKK) of Turkey. Historically, many nationalist or separatist groups have enjoyed covert or overt support from states that have hostile relations with the government they are fighting, enabling them to procure arms and maintain their struggle.

FAR LEFT/REVOLUTIONARY Far Left/Revolutionary terrorist groups are typically revolutionary groups that seek to overthrow an incumbent regime and replace it with a Marxist, Maoist, Leninist, anarchist or other left-wing variant government or social order. In some cases, they can also be separatist groups that seek an independent state in a Marxist/leftist model. The Far Left/Revolutionary category includes direct action anarchist groups or anticapitalist activists when they carry out intimidation campaigns threatening violence, protests, sabotage or violent direct actions against corporations. Marxist/leftist groups are often inherently anti-American and/or anti-Western, targeting what they believe to be symbols of Western capitalism and imperialism. Following the end of the Cold War, there was a relative decline in Far Left/Revolutionary inspired groups. The impact of the global financial crisis in 2008 saw a revival or new emergence of leftist movements, most notably in Europe and South America. There can be ideological crossovers of typologies with Far Left/Revolutionary and Nationalist/Separatist groups, one such example is the PKK in Turkey. Or crossovers with single interest groups such as radical environmentalist groups that hold anticapitalist or far left ideologies. In such cases, we will usually ascribe the typology that describes the dominant ideology or goals of the group, or double tag incidents with the relevant typology.

FAR RIGHT/REACTIONARY Far Right/Reactionary terrorist groups are those that expound ideologies of violent intolerance along racial, ethnic, religious or political grounds, commonly to protect a real or imagined identity or status quo. Typically Far Right/Reactionary will perceive themselves as representing the majority in a given society. Far Right/Reactionary groups vary in terms of the specific details of their ideologies, typically according to region, country, ethnicity and religion. But in general, they are reactionary and violently intolerant of other creeds, races, religions, tribes or other aspects of identity, that typically represent a minority. Far Right/Reactionary groups can have a religious dimension to their identity and target minorities, examples include White Christian Supremacists in the US, or Hindu Nationalists in India.

Confidential | Do not disseminate Š 2019 The Risk Advisory Group Ltd

30 / 34


TerrorismTracker | TAXONOMIES OF THE DATASET

In some countries, Far Right/Reactionary terrorist groups act in support of, or as proxies of incumbent right-wing governments to intimidate opposition groups. Democratic, left-wing, minority, or activist groups are common targets, although foreigners and foreign interests can also be targeted.

SINGLE INTEREST Single interest groups are essentially violent activist groups that use terrorism to affect change over a singular ideological issue or cause, as opposed to furthering a complex political ideology or belief system. The label of single interest terrorism can also be applied to singular acts of violent militancy. Anti-abortion, environmental and animal rights groups are the single interest groups that have most commonly resorted to terrorism, rather than merely disruptive directaction. However, some extremist environmentalist groups have also resorted to intimidating and destructive activity that can be classified as terrorism according to our definition. Where a group has a wider political ideology – for example, environmental extremists that advocate far-left politics as the solution to environmental issues - we will judge which motive is dominant and assign the ideology type to reflect the most dominant and overt goals. Single interest terrorism commonly takes the form of low-impact activity such as intimidation campaigns, sabotage, arson and fire-bombings.

OTHER RELIGIOUS EXTREMISTS/CULTIST Other Religious Extremist/Cultist refers to terrorist groups whose beliefs or goals are framed entirely in religious terms – usually but not always with an apocalyptic or Manichean slant. These would most typically be millenarian and apocalyptic cults or sects, whose violence is terroristic and often highly ritualised. While Other Religious Extremist/Cultist groups may not be political as such, the centrality of their beliefs in their motivation to carry out acts of violence and terrorism is fundamental. Examples of Other Religious Extremist/Cultist groups would include Aum Shinrikyo, which carried out the Sarin gas attacks in Tokyo in 1995 and the Osho cult that carried out a biological attack in North America using Salmonella in 1984.

Confidential | Do not disseminate © 2019 The Risk Advisory Group Ltd

31 / 34


TerrorismTracker | TAXONOMIES OF THE DATASET

RADICAL ISLAMIST TYPOLOGIES The TerrorismTracker database uses two distinct group typologies for Islamist motivated terrorism: Global Islamist and National Islamist. Islamism refers in general terms to any ideology which advocates for the centrality of Islam in public life, including the application of at least elements of Sharia or its principles in politics, governance and society. Here Islamist terrorism can also be defined as violent Islamism or Islamist extremism. Unlike terrorism motivated by other religiously-inspired political ideologies, Islamist terrorism represents two distinct typologies on TerrorismTracker due to its contemporary empirical prevalence, measured purely in terms of the number of incidents, and the subsequent requirement for a manageable and accurate classification. We make the distinction between Global Islamist and National Islamist as a means to classify the aims, goals, areas of operations and organisational makeup of the perpetrators of attacks. The distinction also enables us to distinguish terrorism that is inherently local in terms of perpetrators, grievances, focus and operations, and that which is transnational and represents a different kind of threat.

NATIONAL ISLAMIST National Islamist refers to those whose agenda prescribes Islamism in a local context of objectives within a given state or society. They seek to establish or enforce an Islamic social order where their interpretation of the principles of Sharia are observed in law, governance and religious and cultural adherence. Hence, their acts of terrorism are carried out in furtherance of parochial political goals that explicitly place Islam or Islamism as a defining characteristic of their ideology. This classification includes groups for whom Islamism is central to nationalist, separatist or revolutionary objectives. But also those who seek to force the imposition of Sharia on societies through acts of social or moral vigilantism, sectarianism and terrorisation of the population. There may be cases where groups that are primarily National Islamist engage in acts of international terrorism or adopt a more transnational or global agenda, support base or sphere of operations. Examples include international attacks by Al-Shabaab, which has primarily engaged in a domestic National Islamist struggle in Somalia but also advocates global jihad. Another example could be Lebanese Hezbollah, which has mounted attacks around the world but is largely focussed on a domestic agenda. In such cases, based on the circumstances and suspected motives of each incident, we may ascribe the incident a Global Islamist typology, or double tag the incidents as both National Islamist and Global Islamist reflecting the duality of the group’s motives.

Confidential | Do not disseminate Š 2019 The Risk Advisory Group Ltd

32 / 34


TerrorismTracker | TAXONOMIES OF THE DATASET

Nationalist/Separatist groups comprised of Muslims and which may adopt religious language in their rhetoric but do not frame their struggle explicitly in the context of Islamism or ostensibly Islamic goals, such as the Balochistan Liberation Army, are not included in this group typology.

GLOBAL ISLAMIST Global Islamist refers to terrorist groups that advocate a pan-Islamic world view of Islamist extremism that is internationalised in terms of aims, operational reach, membership and support base, and narratives. It can also refer to acts of international terrorism by ostensibly National Islamist groups if the objectives of the attack fall outside the parochial goals typified in the National Islamist typology. The Al-Qaeda movement, which defines itself as fighting an international holy war with Western powers a particular enemy, is perhaps the most prolific embodiment of this classification in the dataset from 2007-2013. But there are variants that we also include in this typology that do not fall under the ‘Al-Qaeda’ rubric, for example, the group Islamic State (IS) and its forerunners in Iraq, and its affiliates around the world. Groups we classify as Global Islamist may include parochial aims in their narrative or even engage in localised campaigns, such as sectarianism, the overthrow of a regime, or the ostensible defence of Muslims affected by particular conflicts or actions of nonMuslim powers. But at the core, they portray their cause as transcending the secular boundaries of nation states, most commonly in the defence of Islam and Muslims and/ or the establishment of an Islamic state. Global Islamist terrorism is often characterised by ritualised and extreme violence, including indiscriminate mass-casualty attacks, suicide bombings, and beheadings. Their appeal and their target audience are intended to be international if not global. Target selection is also frequently directed at foreign governments and citizens, as well as international institutions and symbols of perceived un-Islamic or anti-Islamic influence.

For further information on the dataset, please contact terrorismtracker@riskadvisory.net

Confidential | Do not disseminate © 2019 The Risk Advisory Group Ltd

33 / 34


TerrorismTracker | ADDITIONAL RESOURCES

ADDITIONAL RESOURCES API TECHINCAL DOCUMENTATION Technical documentation for API integration is available at the following address api.terrorismtracker.com/docs/#terrorism-tracker-api

REQUESTING AN API KEY AND WEBSITE ACCESS To request an API key and/or access to the terrorismtracker.com website or for any further enquiries regarding the TerrorismTracker database, please contact us at terrorismtracker@riskadvisory.net

COMPANY INFORMATION To learn more about The Risk Advisory Group and our other services and products, please visit riskadvisory.com

Confidential | Do not disseminate © 2019 The Risk Advisory Group Ltd

34 / 34

Profile for Risk Advisory

TerrorismTracker: Methodology documentation  

TerrorismTracker: Methodology documentation