The In Amena Attack – Security Risk Management Lessons

On 16 January 2013, al-Qeada linked terrorists took over 800 people hostage at the Tigantourine gas facility near In Amenas, Alegeria.

After four days, the Algerian special forces raided the site in an attempt to free the hostages.

At least 39 foreign hostages were killed along with an Algerian security guard, as were 29 militants.

The Tigantourine gas facility is located about 40 kilometres (25 mi) south-west of In Amenas, close to the Libyan border and about 1,300 kilometres (810 mi) south-east of Algeria’s capital city, Algiers. The Algerian state oil company Sonatrach operates the gas field jointly with the British firm BP and the Norwegian firm Statoil. It supplies 10% of Algeria’s natural gas production.

Upon the resolution of the crisis, Statoil announced that their Board had commissioned an indepth review of the incident to seek to answer two questions:

  1. What happened at In Amenas between 16 and 19 January 2013?
  2. What can Statoil do to further improve in the areas of security, risk assessment and emergency preparedness.

The subsequent report is a document that should be read by every organisation that operates in environments where the pre-conditions that usually give rise to terrorism or militant attacks are present.

The report solemnly notes that

The terrorists who perpetrated the attack against the In Amenas gas facility bear the sole responsibility for the loss of lives.  The individuals and companies involved at In Amenas were victims of violent crime.

An interesting key observation for companies that rely on the support of their host country’s military or police to secure assets is:

Neither Statoil nor the joint venture could have prevented the attack, but there is reason to question the extent of their reliance on Algerian military protection.

Despite this it was noted:

The investigation team has not identified areas where a different response by Statoil could have changed the outcome.

In its recommendations the review observed:

Security is not an activity outside the operations of the company; to be successful it must be an intrinsic and embedded part of the company’s core activities.

Specific recommendations included:

  • Improving the joint venture’s ability to detect, delay and stop potential attacks by reinforcing electronic and physical security measures, enhancing its security risk management capability and developing a coherent programme of security training and exercising.
  • Developing a clearly defined ambition for the company’s security capability.
  • Developing a security risk management system that is dynamic, fit-for-purpose and geared toward action.
  • Coordinate and standardise emergency response planning consistent with the principles of the incident command system.
  • Broaden and deepen cooperation with relevant government agencies and organisations.
  • Establish standards for security management and engagement in joint ventures and partnerships.

So that it is never forgotten the true cost of the incident the first page of the report is in memoriam to the fallen workers.


Download PDF


Subscribe to Receive Our Email Updates

  • This field is for validation purposes and should be left unchanged.