Nine takeaways from the 15 January 2019 al Shabaab attack on the dusitD2 hotel and office complex

07 March, 2019 Hotel Attacks

These takeaways come from Muir Analytics’ full report on the dusitD2 hotel and business compound attack posted here.

First, the hotel was the focal point of the attack. The terrorists applied considerable violence against the hotel’s guests and staff. They inflicted enough damage to cause the hotel to close for four and a half months to repair and renovate, plus rebrand its food and beverage venues. The attackers had a considerable amount of weaponry cached in the hotel, and their hotel room was the site of their final stand.

Second, tactically, the attack was effective. Al Shabaab had adequate intelligence on the target, and it sent enough fighters carrying the right weaponry to facilitate the temporary takeover of portions of the hotel and office complex and inflict high casualties. This is to be expected, however, from such a highly experienced and successful insurgent group such as al Shabaab that excels in brutal terrorist tactics.

Third, strategically, the attack was only partially effective. While al Shabaab did achieve a degree of shock and horror with this operation, its strategic impact did not seem to have deeply injured Kenya’s government, business sector, or hospitality industry. While Kenya is likely to suffer a near and intermediate term dip in tourism, which is justified, the country will continue to operate effectively. In short, this was a horrific attack, but it did not reach the scale of Westgate or Mumbai.

Fourth, based on all accounts so far, the government and civilian response to the attack was highly efficient, which kept it from becoming a Westgate or Mumbai type event. Civilians, armed and unarmed – plus an SAS commando – responded immediately and heroically, and they rescued hundreds of people from the violence. The government reacted with a high degree of counterterrorism (CT) skill regarding situational awareness, crisis response, command and control, public relations, and close quarters battle. In fact, if information on the government response proves accurate, then the mission to retake the Dusit compound will go down in history as a benchmark of CT efficiency.

Fifth, business complex security and hotel security was both, a) less than effective at certain junctures, and, b) highly effective at others.

Regarding issue “a”, the fact that the Dusit compound and hotel did not have more security (manpower, surveillance, better physical security at venue entrances and the street entrance, for example) is problematic. Why? Because for years, al Shabaab has been continually conducting small operations in northern Kenya (a de facto low intensity conflict zone – LIC) and occasional attacks in urban areas, including Nairobi (a product of being next to a de facto LIC). Targeting has included a shopping mall, multiple hotels and hostels, a university (where a massacre happened), buses full of civilians, villages, and government targets. Al Shabaab has personnel and active networks in Kenya. Accordingly, as long as this type of violent activity was (and still is) ongoing, no responsible business in Kenya, especially such a posh, high profile compound like the Dusit, should have had low or medium threat security. Furthermore, the hotel and business complex reportedly increased security in the aftermath of this attack, proving that security could have been better beforehand.

Regarding issue “b”, it is apparent – based on current reporting – that robust doors in the hotel and office complex (not glass doors), and vigorous access control in certain parts of the office complex kept the attackers from accessing more rooms and offices and murdering people wholesale as happened at Westgate and at hotels in Mumbai. These types of physical barriers saved lives. (Muir Analytics has eyewitness knowledge that some door security in the Dusit complex was flimsy, however, and it will adjust this analysis if information changes.)

Additionally, it is apparent that office building staff, hotel staff and security, and even hotel guests either had at least some security training, or security mindfulness (likely based on the demonstrated al Shabaab threat to everyday Kenyans) to react in a manner that caused either successful egress or sheltering in place for al Shabaab’s intended victims. These two tactics saved lives. It must be noted that valorous office building personnel and hotel staff died applying these tactics to save others. So, for the hotel, while its security could have been employed better to blunt such an attack, there is no doubt that its staff was completely dedicated to protecting guests under the most violent circumstances.

Sixth, the ability of hotel staff and guests who sheltered in place to text friends and the police provided Kenyan authorities with valuable, lifesaving intelligence for rescues. This concept should be refined and incorporated into hotel and building security, globally.

Seventh, the possibility of the terrorists having inside help for the hotel attack is feasible. The hotel had luggage scanners, which would have picked up the sacks of grenades and ammunition police described as being in the terrorists’ hotel room. Terrorists with high clandestine tradecraft skillsets might have been able to circumvent luggage scanning, and security might not have manned it that day as well. But inside help would have made luggage scanner circumvention a sure thing.

Eighth, from a legal standpoint, while the exact time and place for this attack were not foreseeable (based on available information), the target selection, the tactics applied, the group that did it, and the circumstances under which it happened were all certainly foreseeable. Al Shabaab had done this kind of thing in Kenya before on multiple occasions, the al Shabaab threat was ongoing, and it was common knowledge.

Ninth, the financial costs of the attack on the dusitD2, which could reach $4-6 million or more (not including possible lawsuits), should cause hotel companies around the world to rethink security spending and pay more attention to their moral and legal obligations as innkeepers. Attacks like these happen every year. Hotels are indeed in the crosshairs of terrorists and violent criminals. The totality of circumstances proves it.

Overall, increased corporate/private security at hotels, tourist venues, and office complexes within striking distance of al Shabaab is merited. In fact, it was merited before the attack.

Unfortunately, al Shabaab will not be decisively deterred by the Kenyan government’s stellar CT success at the Dusit compound. Al Shabaab’s Islamist jihadist death cult mentality will cause it to see the attack as a victory because, a) its fighters inflicted high casualties on infidels, and, b) the fighters earned their way into heaven, according to their interpretation of Islam. (It should be noted that other Muslims see al Shabaab as heretics). Only an active and continual counterinsurgency program in Somalia carried out by local forces with an appropriate degree of outside assistance, will effectively degrade al Shabaab. Until that happens, civilian assets in East Africa, including hotels, tourist venues, and office buildings in Kenya, will be under threat.

Copyright © Muir Analytics 2019