Search dyami insights

Executive Summary The last few months showed a significant and concerning increase in conflicts all across the globe causing many overflight and landing and departing risks that should be well monitored. Timely analysis and accurate information regarding new threats are necessary for planning ahead and taking precautionary measures. There are several new threats which pose potential risks for business aviation around the world. A rise in fake bomb threats has caused many delays and disruptions at airports. Over several countries in the Middle East, GPS spoofing is affecting aircraft ranging from business jets to 777s, potentially leading to serious incidents. Conflict is brewing in the Southern Caucasus, with Azerbaijan potentially not being satisfied after claiming the Nagorno-Karabakh. India is developing into a new hub for the trafficking of valuable items such as wildlife and gold. 1. Global 1.1. GPS Spoofing The frequency and intensity of GPS spoofing incidents is on a rise. For now mostly found over Iraq, but it can be replicated all over the world. GPS spoofing has been shown to put aircraft upwards of 200 nm off of their flight path. 1.2. Drug trafficking Business model jets have been and continue to be used for drug/contraband smuggling across the globe. These flights are usually to and from Latin America, Ethiopia and India. The aim of using business jets instead of commercial aviation is to lower the chance of getting caught, and increase the volume per flight. 1.3. Human trafficking In order to improve the ease of human trafficking, and to stay away from prying eyes of airport security as well as cabin crew, traffickers prefer to use business jets if they can. This presents a worldwide challenge that is hard to combat. 1.4. Valuables trafficking Ethiopia and India have become hubs for trafficking of valuables, such as wildlife and gold. While the majority of the detected smuggling was on commercial flights, there has been an increase in (attempts to) smuggle with business jets via smaller regional airports. 2. Europe 2.1. Climate activism European airports are still targeted by climate activists who are mainly focusing on the business aviation sector. Besides physical damage, the protests result in disruptions and closures of airports, forcing jets to divert elsewhere. 2.2 Drugs smuggling At Amsterdam Schiphol airport seven employees have been arrested for their involvement in the smuggling of drugs at the airport and in the belly of aircraft. 2.3 Airport threats In the month October multiple bomb threats occurred in airports in multiple countries in Europe. The threats were made by sending emails to authorities. Most airports were evacuated as a result from the threat causing long delays and disruptions at the airports. 2.4 Overflight risks Due to Russian military fighter jets present, overflying the Black sea should be avoided. The Barents Sea. where Russia has been holding several nuclear missile tests and should also be avoided. 3. Middle East 3.1. GPS spoofing GPS spoofing has been increasing in multiple countries in the Middle east creating dangerous situations where aircraft near unsafe territory. 3.2. Overflight Risks Recent developments in the region have caused a need for extra security measures differing per country. These are important to adhere to, as ignoring the risks while overflying can lead to catastrophic results. 3.3 Israel- Hamas war On October 7th Hamas militants launched an assault on Israel from the Gaza strip, killing 1.200 people and taking more than 200 hostages. Since then the Israeli Defense Force (IDF) has struck back by starting a war between Hamas and Israel. The war in Israel has caused several airspace restrictions due to anti-aircraft weapons being used from multiple countries. Flying over ISRAELI airspace should be avoided. In Egypt, aircraft operators need to have caution flying over the Northern Sinai Peninsula and the Red Sea due to anti aircraft weaponry being used. Flying below FL260 should be avoided. The vast majority of Yemeni airspace should also be avoided. In the southwestern part of Saudi Arabia FIR operators should also exercise caution due to a risk of drone and missile attacks. 4. Asia 4.1. New Zealand pilot hostage in Papua On February 7, independence fighters from West-Papua took a pilot from New Zealand hostage in exchange for independence from Indonesia. In May a video message appeared in which the pilot said that if demands are not met within two months, he will be executed. Several rescue attempts have failed, resulting in casualties on both sides, and the demands of the hostage takers were lowered. As of September, a rebel spokesperson admitted there has been no contact for three months, and since then no updates have been released on the situation. 4.2 Caucasus tensions Tensions on the border between Azerbaijan and Armenia are still prevalent after the military operations performed on September 19 by the Azeri authorities. While further peace talks are underway between the two countries, significant progress has not been reported. However, both leaders have stated that a peace deal is possible before the end of the year. Overflying the Armenia Azerbaijan border area should still be avoided at the moment. Overflying Georgia using waypoints DISKA and ADEKI is preferable, as BARAD skims the border of both nations. Both nations have long range air defense systems with ranges up to and exceeding 100 km in radius, and up to 30 km in altitude. 4.3. Regional instability Political instability has led to recurring protests and (armed) attacks, particularly in northern India, Pakistan, Myanmar and the border region of Armenia and Azerbaijan. Instabilities prove themselves risky to aviation, including business aviation. The instability in northern India poses a serious risk to aircraft on the ground, while the unrest in Pakistan and Myanmar introduce threats to overflight as well. As a result of proliferation of anti-air weapons, a minimum of FL300 is advised. 4.4 Increase in drug smuggling Drug smuggling through South Korea's Incheon International airport has increased. The amount of narcotics intercepted has risen from 129,362 grams in 2020 to 538,241 grams in 2022. Highlighting the need for stronger border enforcement. 4.5 Airport bomb threats On october 4th, 42 airports across the Philippines were ordered to step up their security by authorities over an anonymous email threat saying that aircraft flying out of Manila to several tourist destinations could explode. Despite this threat operations remained normal and there were minimal flight delays. 5. Africa 5.1. Overflight risks Recent developments in the region have caused a need for extra security measures differing per country. These are important to adhere to, as ignoring the risks while overflying can lead to catastrophic results. 5.2. Political instability Political instability has resulted in unpredictable protests and revolts throughout Africa. It is important to stay up-to-date with the latest developments to minimize the risk of getting caught in armed violence while staying in a vulnerable African country or region. 6. North America 6.1. Trafficking Over the last two months, cartels and other criminal organizations have continued to use private aircraft to smuggle narcotics and for human trafficking. The lack of security for private flights, especially at smaller regional airports, makes it easier for traffickers. 7. South America 7.1. Trafficking Cartels continue to use private aircraft for drug trafficking throughout the continent. Criminal organizations use old aircraft for these flights because a large number of aircraft are destroyed after only a small number of trafficking flights. 7.2 Regional instability Tensions between Venezuela and Guyana have been rising. Venezuelans just voted yes in a questionable referendum to claim part of the Essequibo region currenty belonging to Guyana as their own. Actions that the Venezuelan government might undertake to physically claim the region are not yet known. 8. Oceania There were no significant events in Oceania in the months of October and November. Forecast The months of October 2023 and November 2023 have seen a significant rise in conflicts and tensions, with the war in Israel that started on October 7th and rising tensions between Venezuela and Guyana. The situation in Africa is also worsening. There are a lot of overflight risks and do not fly zones in the Middle East and Africa but also still in the Caucasus region due to these tensions. The threat of GPS spoofing in aviation is also still growing, affecting even more regions, which is both a security and safety risk, and will increasingly become so as more and more modern aircraft rely solely on GPS for their navigation. GPS spoofing can cause aircraft to drift into unfriendly skies , or into the path of other traffic. Mitigating spoofing means returning to rudimentary means of navigation, although multiple manufacturers have found and shared methods to defeat GPS spoofing. 1. Global 1.1. GPS Spoofing GPS spoofing is a growing trend facing the aviation sector. GPS spoofing is more dangerous than jamming, as most civilian aircraft are not equipped and/or capable of detecting GPS spoofing. This can result in extremely dangerous situations, where aircraft stray from their flightpath without realizing, causing the aircraft to deviate up to 200 nm. This can lead to a multitude of consequences; from straying into the path of other (oncoming) traffic to, in a worst-case scenario, crossing into unfriendly skies, resulting in an intercept or even shootdown. Aircraft ranging from Falcon 8x to Boeing 777s have been affected by GPS spoofing. 1.2. Drug trafficking Drug trafficking is still a present risk for business aviation. For organized crime groups and cartels, business aviation is often the preferred method of transportation. There are numerous cases of drugs, or other valuable goods such as wildlife and gold, trafficked by cabin and flight crew on commercial flights. It is possible that cabin or flight crew on private jets could also smuggle illegal goods, emphasizing the need to be vigilant. Throughout Latin America, cartels have continued to use business jets to smuggle large amounts of narcotics over long distances. These jets are often acquired in the United States and then destroyed after a single or very few flights to avoid detection. It is important to clearly identify when asked to minimize the risk of misidentification by law enforcement and/or the military. India also has become a major market for both drugs demand and supply side. The drugs in India are mainly coming from Pakistan, Myanmar, Nepal, Afghanistan, Nigeria, Ethiopia, Uganda and sometimes via Dubai or Sharjah. The central government has been urged to tighten up border security. 1.3. Human trafficking With human trafficking still being a major issue today, the involvement of business aircraft is to be expected. In commercial aviation steps have been and are still being made to improve the awareness and the prevention of human trafficking. While most of these measures have generally been effective for commercial aviation, it could push human traffickers into finding other solutions. One of these solutions for human traffickers is business/private aviation. If a trafficking organization can overcome the increased costs of using business aviation, it allows for flights to smaller airports with less experienced and limited security compared to larger commercial airports. Additionally, it is easier to bribe or blackmail security personnel to turn a blind eye to human trafficking, especially in unstable countries or regions. 2. Europe 2.1. Climate activism European airports are still targeted by climate activists who are mainly focusing on the business aviation sector and calling for the sector to become more sustainable. One of the groups active at Dutch airport Maastricht Aachen is Extinction Rebellion, having had multiple protests in the past months. Extinction Rebellion has said to continue their protests at Maastricht Aachen airport until the airport will have a policy that concerns the liveable earth in the future. Besides physical damage, the protests result in disruptions and closures of airports, forcing aircraft to divert elsewhere. 2.2 Drugs smuggling At Amsterdam Schiphol airport seven employees have been arrested for their involvement in the smuggling of drugs at the airport. They are suspected for bringing narcotics and drugs in the airport and in some cases also in the cargo hold of the aircraft. The aircrafts were headed towards Asia where tens of kilo’s have been intercepted. 2.3 Airport threats In the month October especially in the week of the 16th there have been multiple bomb threats in airports in multiple countries in Europe. In Italy an airport was evacuated due to an alleged bomb threat suspending multiple inbound and outbound flights on Oct the 17th. On October the 18th 6 airports in France were evacuated after being emailed over ‘threats of attack’. Multiple reports of forgotten luggage were made. That same day Belgian Ostend Airport was evacuated due to a bomb threat reportedly via a threatening email. German airport Weeze also encountered a bomb threat on Oct 18th which turned out to be false. The day after on the 19th another 14 airports in France received bomb threats of which 8 were evacuated. The whole airport was evacuated. In the German airport of Hamburg a hostage situation took place on the tarmac beneath a Turkish Airlines aircraft. The man holding his daughter hostage for 18 hours was able to breach security carrying a firearm and throwing burning bottles. 2.4 Overflight risks Putin has ordered Russian planes armed with Kinzhal hypersonic missiles to patrol over the Black Sea. In October three British military aircraft were joined by two Russian Su-27 fighter jets steering them off the Russian border. There is a high risk of GPS interference overflying the Black Sea Simferopol FIR, Rostov FIR and Odessa FIR going over the black sea should be avoided with a buffer zone of 200 NM. Overflying the Barents sea is also unsafe due to Russian nuclear-powered missile tests being held in that area. 3. Middle East 3.1. GPS spoofing GPS spoofing is still increasing with more and more incidents reported in the Middle east. In October reports from spoofing in Egypt, the eastern mediterranean, Jordan and on approach to Ammam were reported. Israel is also reportedly using GPS spoofing to protect its aircraft. Flights from Ben Gurion are being led towards Lebanon with spoofed signals and false positions that showed aircraft above Ben Gurion airport when they were more than 212 nm away from the area. This brings both safety as well as security risks, as GPS spoofing can without warning deviate an aircraft (reported up to 80 nm, but theoretically endlessly) from its intended flight path. This can bring aircraft into the flight path of other (oncoming) aircraft, or even worse, bring the aircraft into unsafe airspace. This could lead to an aircraft being intercepted, or even shot down. GPS spoofing will in most civilian aircraft not produce a warning, as the computer still receives a strong and clear GPS signal, albeit an incorrect one. GPS spoofing effects have for now been stopped by pilots who were lucky enough to see the moment their GPS jumped location when the spoofing started. In case of GPS spoofing, for now only dead reckoning or radar vectors can provide a navigational alternative. This is because within minutes, GPS spoofing will make the INS faulty on modern aircraft. 3.2. Overflight Risks Developments in the region have caused a need for extra security measures. These include an advised minimum flight level of 320 over Iraq, with a focus on northern Iraq. Additionally, GPS interference is to be expected when overflying the country as well as over Egypt, Lebanon, Jordan, the Eastern Mediterranean, Israel and Turkey. The airspace above Iran, Afghanistan (except for P500/G500), Yemen and Syria is still unsafe for Western aviation. Overflying Saudi Arabia is safe, as long as flying above FL260. 3.3. Israel Hamas war On October 7th Hamas militants launched an assault on Israel from the Gaza strip, killing more than 1.200 people and taking more than 200 hostages. Since then the Israeli Defense Force (IDF) has struck back by starting a war between Hamas and Israel. In the second half of November a ceasefire agreement with Hamas was made to provide aid and free hostages. The US, Israel and Qatar have met on several occasions to discuss the continuation of the ceasefire. The IDF declared that the campaign on Hamas will be continued and that the war will not be over for the upcoming months. The war in Israel has caused several airspace restrictions due to anti-aircraft weapons being used from multiple countries. In Egypt aircraft operators need to have caution flying over the Northern Sinai Peninsula and the Red Sea due to anti aircraft weaponry being used. Flying below FL260 should be avoided. The vast majority of Yemeni airspace should also be avoided. In the southwestern part of Saudi Arabia FIR operators should also exercise caution due to a risk of drone and missile attacks. 4. Asia 4.1. Pilot held hostage in West Papua (Indonesia) The pilot taken hostage in West Papua to demand independence is still being held by his captors. Since the capture on February 7, the hostage takers have freed the passengers and lowered demands. Negotiations have stranded numerous times and several rescue attempts failed, resulting in casualties on both sides. The indepence fighters have threatened to kill the pilot if demands, which are not publicly known, are not met and have published several videos of the pilot in captivity. On July 20, a senior official of the Indonesian military said that negotiation attempts are still ongoing and that the pilot is alive and healthy. As of September a rebel spokesperson admitted there has been no contact for three months, and since then no updates have been released on the situation. 4.2. Caucasus tensions Tensions remain between Armenia and Azerbaijan. This still lingers from the military operation conducted by the latter in September, and the conflict ridden history preceding between the two countries. While both parties are communicating about a peace deal, the slightest upsets or developments cause mostly Azerbaijan to delay talks. Azerbaijan also accuses France of supporting the possibility of a war between the Caucasus neighbors, by delivering arms to (purchased by) Armenia. Due to the (anti-)air capabilities of both countries and the high tensions remaining in the region, the advice for now is to completely avoid the Armenia-Azerbaijan border area, as well as southern Armenia. Crossing east-west should be done over Georgia instead, using waypoints ADEKI or DISKA. 4.3. Regional instability Political instability has led to recurring protests and (armed) attacks, particularly in northern India, Pakistan, Myanmar and the border region of Armenia and Azerbaijan. Instabilities prove themselves risky to aviation, including business aviation. The instability in northern India poses a serious risk to aircraft on the ground, while the unrest in Pakistan and Myanmar introduce threats to overflight as well. As a result of proliferation of anti-air weapons, a minimum of FL300 is advised. 4.4 Increase in drug smuggling Drug smuggling through South Korea's Incheon International airport has increased. The amount of narcotics intercepted has risen from 129,362 grams in 2020 to 538,241 grams in 2022. Highlighting the need for stronger border enforcement. Airline crew also take part in the smuggling of drugs as there is a concerning trend in Vietnamese cabin crew being involved in the drug trafficking previously also having been caught at Incheon Airport in September. 4.5 Bomb threats On october 4th, 42 airports across the Philippines were ordered to step up their security by authorities over an anonymous email threat saying that aircraft flying out of Manila to several tourist destinations could explode. Despite the alert airlines continued to operate as normal causing no delays. The threat received by air traffic services who also received the anonymous email concerned flights from Manila to Davao, Bicol, Palawan and Cebu stating that they will be hit. 5. Africa 5.1. Overflight risks Overflying Africa has risks, which differ per country. Libya and Sudan are the only countries with a do not fly advisory while most other countries can be overflown by sticking to a security advisory. Egypt: advice to fly above flight level 300 over the Sinai region due to terrorist organizations in possession of anti-air weapons Ethiopia: the Tigray region remains unstable even though an official peace deal was signed in November. The advice is to avoid overflying the region because of the presence of anti-air systems. Somalia: advisory to not overfly the country below flight level 300 because of the instability in the country in combination with the presence of anti-air systems. Kenya: the border region has an overspill effect of the civil war in Somalia, thus posing the same threat as in Somalia itself. The advisory is to not fly below flight level 300. Mali: militants are in possession of anti-air systems and thus the advice is to not fly below flight level 300 over the country. Niger: as a result of the political instability, the advice is to avoid flying over Niger Western Sahara: due to the conflict in the region between Morocco and the independence movement in the region, there is a risk of proliferation of anti-air weapons. The advice is to stick to a flight level of 250 AGL or more. Libya: Libyan airspace should be avoided due to the threat of misidentification from Libyan air defense systems and threats by militia to shoot down aircrafts. Sudan: Sudan airspace should be avoided due to risks from anti aircraft weaponry Central African Republic: Due to the situation on the ground landing in Central African Republic should be avoided Rwanda: Due to growing conflict in Rwanda there is an increased risk for landing and departing including diversions near to the shared border with Congo. 5.2. Political instability Political instability has resulted in unpredictable protests and revolts throughout Africa. The political violence in Sudan and Niger has led to serious security risks for aircraft on the ground and overflights. Tension between Democratic Republic Congo and Rwanda is also rising with increased military presence in the region. Political violence in Democratic Republic Congo is also on the rise with several attacks on election candidates for the national elections that will be held on December 20th. It is important to stay up-to-date with the latest developments to minimize the risk of getting caught in armed violence while staying in a vulnerable African country or region. 6. North America 6.1. Trafficking Over the last two months, cartels and other criminal organizations have continued to use private aircraft to smuggle narcotics and for human trafficking. These organizations regularly use private flights to and from smaller regional airports in the south of the United States because of limited security. Airport personnel and/or the flight crew can be coerced or bribed into aiding the traffickers to further ease the smuggling. 7. South America 7.1. Trafficking Cartels continue to use private aircraft, ranging from smaller Cessna to business jets, for drug trafficking throughout the continent. The criminal organizations use old aircraft for these flights because a large number of aircraft are destroyed after only a small number of trafficking flights. These aircraft also pose a risk during flight at low FLs/during departure and descent, as these flights are done without transponders or any form of communication. When returning to your parked aircraft, make sure to check that no one has been on board/accessed cargo hatches to hide illicit goods. If illicit goods are found, take the stance of the local authorities into consideration, as some will imprison crews reporting such goods on their aircraft as the perpetrators. 7.2 Regional instability Tensions between Venezuela and Guyana have been rising. The reason for this is the resource-rich Essequibo strip which lies in Guyana. Recently the government of Venezuela held a national referendum to vote on the establishment of a new Venezuelan state incorporating the entire Essequibo region in its territory. In a very questionable referendum, more than 95% of the voters approved the move to claim the Essequibo strip controlled by Guyana. For now it is unclear what the Venezuelan government is going to do to follow through with the claim . Brazil has responded to the situation by mobilizing troops towards its border with the countries, it is unclear however whether they will actually intervene if a war does break out between its neighbors.

Written by Dyami Editorial Team Russia-Ukraine - Ukraine faces infrastructure issues from both winter weather and Russian attacks, gains continue on the Southern front while Avdiivka holds. Israel-Hamas - The ceasefire and hostages versus prisoners exchange has brought calm to the region for now, but the war between Israel and Hamas will continue. Sudan - Extensive human rights abuses in Sudan’s Darfur and the humanitarian situation worsens due to food and water and food shortages. Myanmar - Escalation of civil war as rebel groups take military-held towns and cities in the east. The Sahel Region - Mali, Niger, and Burkina Faso witnessed a worsening of the security and humanitarian situation and a consolidation of their trilateral ties. Yemen - Potential escalation in Yemen as Houthi rebels fires missiles at Israel and raid ships at international waterway. Bangladesh - Crackdown on opposition party after protests as new elections loom. Argentina - Election of far-right candidate Milei to the Presidency puts Argentina on an uncertain path due to his radical, libertarian political agenda. The Netherlands - Radical right nationalist party PVV wins Dutch elections, heightens terrorism risk to Dutch interests. Guyana-Venezuela - Tensions rise between Guyana and Venezuela over December 3 referendum on the status of resource-rich Essequibo region. Pakistan - Afghanistan - Reports of human rights abuses as Pakistani authorities attempt to expel 1.7 million Afghans. Conflicts - November 2023 1. Russia-Ukraine In November 2023, despite the winter conditions impacting both Russian and Ukrainian military operations, there was an escalation of fighting . The Ukrainian military made gains near Bakhmut and the Dnipro River, while intense fighting continued on the Eastern front, near Avdiivka. Nuclear safety concerns at the Zaporizhzhya plant were highlighted amidst ongoing power shortages. Accusations of war crimes intensified, with more reports of sexual violence perpetrated by Russian forces. Russian missile attacks targeting Ukraine’s energy infrastructure have increased over the past month , intending to disrupt Ukrainian power networks with the onset of winter conditions. Internationally, Ukraine engaged in defense cooperation talks with the US whilst Germany pledged to double its military aid. However, electoral successes by political parties broadly viewed as less supportive of Ukraine in Slovakia and the Netherlands suggest that political support for Ukraine is starting to decrease . In Russia, the trial of opposition politician, Ilya Yashin, commenced. Finland closed the border with Russia for two weeks to halt a large flow of asylum seekers, which Finland claims is expressly orchestrated by Moscow. A newly deployed fleet from several Northern European countries’ Joint Expeditionary Force has increased paranoid rhetoric from Russia. Ukraine’s military faced internal restructuring, and President Zelenskyy has begun to push for further development of the country’s domestic defense production. Despite some success for Ukraine, the war is likely to last into 2025 at least , unless major changes happen. Russia may capitalize on the onset of winter to intensify its military campaign, attempting to leverage Ukraine’s vulnerabilities related to infrastructure and humanitarian needs. 2. Israel-Hamas After the initial attacks in Israel by Hamas in October 2023, the Israeli Defense Forces (IDF) invaded the Gaza Strip in an attempt to neutralize Hamas’ infrastructure and leadership . In the first half of November, the IDF managed to cut off the northern part of Gaza from the rest of the Strip and attacked the Hamas tunnel infrastructure. The encirclement of Gaza City led to a large internal displacement of the population. International pressure on Israel to send in food, fuel, and medicines through the Rafah corridor led to Israel opening the corridor on a few occasions; but according to the United Nations, it was not sufficient. The rocket attacks from Gaza on Israel continued during the fight over Gaza City but decreased significantly. Meanwhile, the IDF continued its operations in the West Bank against Palestinian Jihadist and Hamas cells. Several terrorists attempted to infiltrate Jerusalem, with one group carrying automatic weapons and axes, but were neutralized by the IDF. In the second half of November, the international community put pressure on Israel to enter a ceasefire agreement with Hamas to provide aid and free hostages. On November 24, Israel and Hamas started their first Israeli hostages and Palestinian prisoners exchange and a ceasefire began. Meanwhile, the security agencies of the US, Israel, and Qatar met on several occasions to discuss a continuation of the ceasefire and the exchange of hostages versus prisoners. The ceasefire has held and many Palestinians have returned to Gaza City to retrieve their belongings. The IDF declared that it will continue its campaign to dismantle Hamas in the coming months and that the war is not over. The United States has urged Israel not to occupy Gaza City permanently and not to wage a similar campaign in the south of Gaza. Israel has responded stating that neutralizing Hamas has priority. 3. Yemen Yemen-based Houthi rebels have increased missile attacks fired against Israel in November, most of which were intercepted by Israeli missile defenses or landed in the Red Sea and neighboring countries. The Houthis have targeted international maritime routes and ships in the important Red Sea shipping lane. A group of Houthi soldiers boarded one ship successfully in the Red Sea, claiming that it was owned by Israel. Israeli authorities refuted this and pointed to the ship’s joint ownership of Japanese and British owners with an international crew. In the Indian Ocean, the Houthis attempted to capture another cargo ship and fired a missile at another, but both attacks were unsuccessful. In response, the US National Security Council spokesman John Kirby advocated designating the Houthis as a terrorist organization , which could lead to US missile strikes against Houthi launch pads in Yemen. Despite Saudi efforts to maintain the peace deal between Saudi Arabia and the Houthis, ongoing Houthis attacks against Israel could provoke a further response from the US and reignite conflict in Yemen. 4. Sudan The civil war between the Sudanese Rapid Support Forces and the Sudanese Armed Forces escalated dramatically in November. Fighting intensified in the north of Darfur. The RSF has almost taken the entire region from the SAF and experts have warned of further ethnic mass killings and war crimes. The RSF and Arab militias killed 1,300 non-Arab Masalit civilians in the city of El Geneina in Western Darfur in April of this year. Since the outbreak of conflict in April, 9,000 civilians have died, 4.3 million people have been displaced and at least 1.1 million have fled to neighboring countries such as Chad, South Sudan, Egypt, Ethiopia, and the Central African Republic. From 18 November to 20 November, a Sudan Humanitarian Crisis Conference was held in Cairo where international organizations and grassroots aid organizations from Sudan discussed how to act, communicate, and coordinate more effectively with local groups. Aid organizations raise the alarm that the conflict is a disastrous humanitarian crisis ; aid workers from Sudan are kidnapped, raped, and attacked regularly. With another offensive planned by the RSF and human rights abuses showing no sign of stopping, the conflict is likely to intensify in the coming months . 5. Myanmar The civil war in Myanmar changed rapidly in November. The military junta, which took power in February 2021, has lost ground to a coordinated assault from three opposition groups in the eastern Shan state on the border with China. On October 27, the armed groups captured over 100 military-held towns and severed a key trade link between the Myanmar capital and China in ‘Operation 1027’. Fighting is ongoing over the city of Laukkaing, a border city with China with extensive links to transnational criminal networks and human trafficking. The scale of success by opposition groups is a serious challenge to the Myanmar military, given their inability to mount a response. The fighting has led to the displacement of at least 30,000 according to the UN, with further refugees fleeing the violence. The military junta’s loss of control poses questions over their relations with other actors in the region. China has a strong preference for stability in the country given its significant infrastructure interest in developing a port to the Bay of Bengal and raw material investments. Yet the inability of Myanmar’s military to tackle emerging transnational crime and the human trafficking network has led to a growing Chinese military presence on the border. For India, Myanmar is a strategic link between the trilateral highway and the power grid connecting the north-eastern region of India and Thailand. While both powers maintained relations with the Myanmar military junta since the coup, the latest offensive presents strategic problems, with outside actors questioning the durability of the military. While the junta has setbacks, it still has experience in fighting multiple counter-insurgencies within Myanmar. In terms of equipment, the military also has the advantage of fighter jets and artillery capabilities purchased from Russia. Despite the progress from ethnic and pro-democracy groups, the conflict is likely to intensify in the coming months . 6. The Sahel Region Mali, Niger, and Burkina Faso, the Sahel region, witnessed a worsening of the security and humanitarian situation . In Mali, following clashes in the northern town of Kidal, the Malian army announced on November 14 that the city had been recaptured from the political-military Tuareg rebel group. Kidal, in which about 25,000 people live, has long been a stronghold for the Tuareg rebel group, and its recapture marks an important turning point for Malian forces. The BBC reports that the Malian army is backed by Wagner group mercenaries . The rebels stated they left the city for ‘strategic reasons.’ It is difficult to estimate a precise death toll because of the remoteness of the region. Despite the victory for the Malian forces , fighting continues in other parts of the country between armed forces and Tuareg rebels, while UN peacekeeping troops withdraw. In Burkina Faso, on November 26, fighters related to the terrorist organization Jama’at Nusrat al-Islam wal Muslimeen (JNIM) attacked an army base in the north of Burkina Faso . The fighters also attacked homes and a camp for internally displaced people, killing at least 40. The Burkinabe Armed Forces neutralized the JNIM gunmen after a three-hour-long attack. On November 5, around 70 people were killed in a massacre in the town of Zaongo, according to Burkinabe authorities. According to the EU, there could be up to 100 victims. In September 2023, the military governments of Mali, Burkina Faso, and Niger established the Alliance of the Sahel States (AES) . On November 25, the alliance held its first summit in Bamako, with intergovernmental discussions on counterterrorism and economic development in the region. The creation of the AES is a response to their increasing isolation from the international community . In November, the European Parliament adopted a resolution that condemned the military coup d’etat in Niger and at the end of October, agreed on a framework for targeted EU sanctions on the country. The countries are also strengthening their ties with Russia . Malian authorities have signed a deal with Russia to build a gold refinery in a bid to ‘control all gold production.’ In Burkina Faso, authorities announced the construction of a civil nuclear plant by Russian Rosatom and reportedly welcomed around 20 Russian soldiers in the country at the beginning of November. Alerts - November 2023 1. Bangladesh Mass protests in Bangladesh began at the end of October and continued in November. The leading opposition party, the Bangladesh Nationalist Party (BNP) called for protests to remove the incumbent Prime Minister Sheikh Hasina and replace him with a neutral caretaker government , claiming that the ruling Awami League will not hold free and fair elections in January 2024. The protests escalated in the capital with buses set on fire and police using rubber bullets against protestors, resulting in the death of a police officer and injuring more than 100 hundred people. The government has cracked down on the opposition party, with security forces arresting over 10,000 political opponents, according to Human Rights Watch. Given the Awami League’s hold over the security apparatus, it will likely continue its hard-handed oppression of the BNP and may lead to further violence ahead of the elections in January . 2. Argentina On November 19, Javier Milei, the anti-establishment candidate of the far-right, won Argentina's second-round elections , with 55.8 percent of the vote. The president-elect's radical, and libertarian political agenda is controversial at home and abroad. The Argentine election result has sparked mixed reactions worldwide, between enthusiastic support from other far-right leaders such as Bolsonaro, Putin, and former U.S. President Trump and dismay from others, including leftist leaders from Colombia and Venezuela. Domestically, Milei’s election provoked protests from a section of the population concerned about the possible negative outcomes of his proposed policy agenda. However, the opposition, made up of labor unions, social organizations, and human rights activists, is adopting a wait-and-see posture until his inauguration on December 10. The opposition has warned that they will resist if Milei implements pledged policies such as cutting the size of the state, privatizing companies, and suspending the peso in favor of the dollar. The Milei administration has a substantial challenge ahead, given the country’s precarious economic conditions and growing socio-political tensions . Also, the new leader’s radical stances on environmental issues and human rights will likely generate further protests in the coming weeks . 3. The Netherlands In the Netherlands, the general election took place on November 22 to elect a new House of Representatives (Tweede Kamer). The PVV, a radical right nationalist party headed by Geert Wilders, won 37 seats, ahead of green-left GL-PvdA with 25 seats. The center-right ruling party, the VVD, lost 10 seats and ended with 24 seats. PVV is expected to form a right-wing government with the VVD, NSC, and BBB, but the outcome of coalition government negotiations is unknown. Due to Wilders’ strong opposition to Islam and asylum seekers, his prominence, as well as recent public statements regarding the placement of Palestinian refugees, have received condemnation from several Arab and Muslim-majority nations . Updates - November 2023 1. Venezuela-Guyana As the December 3 Venezuelan referendum approaches to confirm Venezuelan claims to the Essequibo region , tensions are growing between the Cooperative Republic of Guyana and the Bolivarian Republic of Venezuela. The long-standing dispute was reignited by Guyana’s discovery of a significant oil and gas reserve and subsequent ExxonMobil concession. In the referendum, Venezuelans will be asked whether they reject the 1899 arbitration and the International Court of Justice’s jurisdiction and oppose Guyana’s unilateral appropriation of Essequibo territorial waters. In addition, Venezuelan voters will vote on the creation of the new State of Guayana Esequiba in the disputed area, whose residents will be granted the status of full Venezuelan citizens. The Venezuelan government is running a massive propaganda campaign ahead of the referendum. In response, Guyana asked for the International Court of Justice (ICJ) intervention to stop the referendum and preserve Guyana’s sovereignty over Essequibo. Hearings of representatives of the governments of Guyana and Venezuela were held at the ICJ on November 14 and 15, respectively. The ICJ announced that its ruling over the Essequibo dispute will be issued on December 1, 2023. In early November, the Venezuelan government denounced an alleged joint announcement between Guyana and the United States to strengthen the U.S. military presence in the Essequibo Strip . Although there is no evidence of ongoing joint military operations with the U.S., on November 28 and 29, Guyana and U.S. Defence Forces held a meeting to discuss the establishment of an enhanced military partnership. Also, on November 26, Guyana’s President Mohamed Irfaan Ali said that the country had instituted a contingency plan to deal with the eventual repercussions of border dispute escalations. Meanwhile, protests have been reported in the Essequibo Strip by the local population in support of the region's affiliation with Guyana and to reject the prospect of acquiring Venezuelan citizenship. 2. Afghanistan-Pakistan On November 1, Pakistani authorities ordered 1.7 million refugees and migrants from Afghanistan to leave the country. It is estimated that there are 4 million Afghan refugees who have traveled to Pakistan over the years, many with official documentation. However, around 1.7 million reportedly have no official documentation from either country due to the porous borders. Tens of thousands headed for the border before November 1 and around 400.000 Afghans have left the country over the course of the month. Human Rights Watch reported widespread abuses with Pakistani police compelling Afghans to return to the border through forced displacement, bribery, seizing their property, and taking action against residents protecting Afghans without proper documents. The authorities announced the decision in response to a spike in terrorist attacks from Tehreek-e-Taliban Pakistan , an Afghan Taliban-affiliated organization. While Pakistan thought the Taliban’s return to power would help its efforts to contain the TTP, terror attacks have escalated since then, killing hundreds of security forces. Following the Taliban’s return to power after their takeover of the country, Afghanistan is in the middle of a humanitarian crisis . The forced displacement of Afghans without registration in Pakistan is an additional challenge for the already struggling country. Authors: Alessia Cappeletti, Kevin Heller, Mark Bruno, Jacob Dickinson, Roos Nijmeijers, and Sara Frisan.

Date: 29/11/2023 Where: Netherlands Who’s involved: NXP, Chimera Group (threat actor) What happened? The details of a substantial cybersecurity incident were revealed to Dutch press on 24/11/2023 involving Eindhoven-based microchip designer and manufacturer, NXP. The company was infiltrated by Chinese hackers from a group known as 'Chimera', likely giving the group access to sensitive information for nearly three years. NXP only became aware of the incident when KLM Airlines subsidiary, Transavia, uncovered the group’s activities in one of their investigations. The investigation confirmed that Chimera had access to NXP’s system from at least the end of 2017 to spring 2020. Hackers targeted chip designs and company secrets, stealing email boxes and sensitive data. The attackers gained access through employee accounts using credentials leaked on the darkweb, mixed with the use of brute force tools and publicly available information. Along with NXP, at least seven Taiwanese chip companies and the airline Transavia were also affected. Despite NXP's efforts to enhance security, the company suffered another data breach in 2023, showing ongoing vulnerability to cyber attacks. Analysis: The Chimera Group, previously thought only active since 2018, is a suspected China-based threat actor primarily targeting the semiconductor industry, though this incident shows that they have also targeted airlines, with potential other campaigns yet to be revealed. The hackers worked with stolen account information from previous data breaches and scraping publicly available data from Facebook and LinkedIn. According to the AIVD, the attack is indicative of a large-scale, well-coordinated campaign. This is consistent with an advanced persistent threat (APT), and possibly a state-supported threat actor. Details are still unknown about exactly what the impact of the breach will be. Some of the information leaked could have included personal information of clients and employees, lending itself to further attacks. Further attacks did come in another incident that occurred in July of 2023, and was reported on 5/9/2023. More data was stolen that included customers' names, email addresses, phone numbers, and other personal details. The specifics of the compromised data were not fully detailed in the public reports, and no threat actor identified. Conclusion While NXP insists that these breaches were minor, the delays in detection, reporting, and inability to publish details of the impact are troubling. The effectiveness of Chimera Group represents a significant and ongoing challenge in the realm of global cyber security, as few threat actors have been so hyper-focused on an industry that is so important to both consumer and defense sectors. The ability to remain undetected for extended periods while accessing sensitive information, including chip designs and corporate secrets is potentially devastating. The incident, being so largely shaped by information shared by Transavia, demonstrates the need for additional transparency between not only individual corporate entities, but industries. One can anticipate that there will be a broader impact on the semiconductor and airline industries as more information is made public and the scope of the campaign is uncovered. This series of incidents serves as a stark reminder of the critical need for robust cybersecurity strategies and the constant vigilance required to counter such advanced and persistent threats.

Written by Mark Bruno In May 2023, Danish critical infrastructure experienced what has been described as the "largest cyber attack" against it in its history, targeting 22 companies in the energy sector. The tools utilized were extremely sophisticated and had the potential to enable external control over portions of the energy grid. This attack was linked to Russian threat actors, Sandworm – an entity also known as Unit 74455 within Russia’s GRU. Another attack against a major institution, attributed to a Russian threat actor, was the recent ransomware attack on the Industrial and Commerce Bank of China by the LockBit ransomware gang. The attack had a huge impact on the Treasury market in both the US and China, temporarily displacing $9 billion at their Financial Services Division in New York. LockBit, while not associated with the Russian government, is a criminal organization that has operated with relative immunity, as long as their attacks are primarily focused outside of Russian territory. This perceived tolerance by the Russian authorities is a common trait among several ransomware groups. Both events are emblematic of two kinds of cyberattack coming out of Russia: those explicitly carried out by the state, and those tolerated or encouraged by the state. Both threats have been exacerbated and become an essential part of Russian operations as the nation finds itself increasingly isolated from the international community. State-Backed VS. State-Tolerated While these particular events seem brazen, Russian cyber operations are certainly influenced by its increasing international pariah status. Facing global isolation, Russia actively resorts to destructive cyber activities as a tool of geopolitical influence, while doing nothing to discourage actors that contribute to these goals voluntarily. State Backed Russian state-backed threat actors have been confirmed to operate in positions within the General Staff of the Main Intelligence Directorate (GRU). This means that they answer to the highest offices within the Defense Ministry–they are uniformed military intelligence. The most infamous of these threat actors is a team known to cybersecurity professionals as Sandworm, active since at least 2009, and has been known over the years by numerous names, including ELECTRUM, Telebots, IRON VIKING, BlackEnergy Group, Quedagh, Voodoo Bear, and IRIDIUM. Sandworm’s advanced capabilities have been used to attack critical infrastructure such as power grids, hospital networks, and financial systems throughout EU and NATO member states. Russia’s Foreign Intelligence Service (SVR) has its own array of threat actors as well, who answer directly to the office of the President. Among their assets is a threat actor commonly known as Cozy Bear. Cozy Bear has been in operation since at least 2008, targeting government, thinktank, and research institution networks in EU and NATO member states, as well. The Internet Research Agency is a Russian entity that was allegedly dissolved after the coup attempt by Yevgeny Prigozhin–who founded it. Established in 2013, its focus was using the cyber realm to reinforce information and psychological operations to advance strategic and tactical objectives for the Russian Government. This was done particularly through the use of disinformation in Social Media. Despite claims of its dissolution, the tactics and strategies employed by the IRA continue to be relevant in discussions about cybersecurity, information warfare, and the integrity of political processes in the digital age. State Tolerated Russia has a history of utilizing non-state-backed cyber assets and taking advantage of pro-Russian hacktivism, especially in the context of the conflict with Ukraine. The Kremlin has been known to leverage relationships with cybercriminal groups, using them indirectly to conduct cyber operations that align with state interests. Russia's robust cybercrime ecosystem provides a pool of skilled individuals and resources that can be mobilized for state-aligned objectives, including espionage, misinformation, and disruptive cyberattacks. An advantage for encouraging such activity is a chance for deniability to delay an escalation of conflicts or sanctions, while creating confusion and instability. The gray zone tactics are beneficial for both kinetic and constructing narratives. Some of these individuals and groups are incredibly powerful for-profit enterprises that hold international organizations’ infrastructure hostage through Ransomware, or sell stolen data and malware to those who might use them for criminal purposes. The most famous of these is LockBit, who have attacked various industries globally, with the healthcare and education sectors being major victims. The United States, India, and Brazil are among the top targeted countries. Other threat actors are dedicated to the interferences and nuisance-level threats caused through Distributed Denial of Service (DDoS) attacks or defacements. A DDoS is an attack wherein a digital service is overwhelmed with fake requests until it is shut down. Pro-Russian hacktivists conduct cyberattacks supporting Russian geopolitical goals in this capacity. These groups often target Western entities or those opposing Russian interests. Among the most famous of these entities are pro-Russian cybercriminal groups, KillNet, Anonymous Sudan, and NoName057(16). At any given time, these groups are involved in conducting dozens of DDoS and defacement attacks on websites, almost always based on Russian strategic objectives. By using non-state actors, Russia can engage in cyber activities while maintaining plausible deniability. These assets have been involved in targeting critical infrastructure in countries opposing Russian interests, demonstrating the potential for significant disruption. What Are They Capable Of? A question that gets asked a lot by outsiders is “what are the real consequences of these sorts of attacks?” The effects of cyber tactics seem more obvious in traditional warfare when paired with conventional weapons, electronic warfare, or intelligence-gathering operations. Just this month, reputable cybersecurity firm Mandiant released a report about Sandworm executing a cyberattack that crippled infrastructure in an area simultaneously targeted by a missile strike, very likely increasing its lethality. However, it can technically be argued that no one has died in the history of cyber warfare in respect to attacks that remain in that domain. There is no way to “hack combatants to death”. But when hospital services are interrupted, when the power or heating infrastructure is impacted on winter nights, when supply chains are interrupted during times of war or global pandemics, can that point truly be defended? NotPetya, a novel malware deployed by Sandworm, was part of a campaign initiated on June 27, 2017. It represented one of the most aggressive and widespread cyber attacks in history. The event inflicted severe disruptions in various sectors, including banking, airports, and power companies, and is considered one of the most destructive cyber-attacks ever. Initially targeting Ukraine, it rapidly spread globally, affecting over 80 companies in Ukraine, and at least 2,000 organizations worldwide. NotPetya, an advanced version of an older ransomware called “Petya”, connected the already potent malware strain to a highly aggressive viral worm. Unlike ransomware utilized by many for-profit and criminal gangs, NotPetya was never intended to honor ransoms, and effectively destroyed the file systems on whatever network it touched. 49,000 computers belonging to Danish logistics giant, Maersk, were taken offline. The company claims that its repair costs alone totaled over 300 million USD. Another similar disruption was caused by Cozy Bear in their infamous 2020 SolarWinds hack, a sophisticated supply chain breach involving the SolarWinds Orion system. Orion is a valuable target, as it allows large enterprises to manage their information assets and software suites. The compromise of Orion led to one of the most extensive and complex cyber operations against both the US government and the private sector. It impacted a significant portion of SolarWinds' customers, a number of which were based in Europe, including key government agencies and numerous private entities. The attack's far-reaching implications affected governments around the world, highlighting the heightened vulnerability and interconnected nature of global cybersecurity. On September 6, 2022, KillNet launched a Distributed Denial-of-Service (DDoS) attack on the website belonging to the Port of Nagoya, Japan. The port, one of the country's largest, is significant for international shipments of heavy machinery, and the single largest in operation with the Toyota corporation. This assault overwhelmed the website with malicious traffic, rendering it inaccessible for approximately 40 minutes. The attack, while brief, indicated the port's vulnerability to cyber threats. On July 4, 2023, the port was targeted by a ransomware attack conducted by the LockBit group. This resulted in significant operational disruptions, halting more than half of the container shifting operations and causing a failure in the port's unified terminal system. The attack impacted major logistical operations, and led to a shutdown of the port's activities for over two days, illustrating the substantial impact of ransomware on critical infrastructure. These events demonstrate a growing threat posed by cyberattacks, where both unsophisticated DDoS and more impactful ransomware attacks can cause significant operational disruptions and economic consequences. The involvement of groups like Killnet and LockBit illustrates the escalating sophistication and impact of cyberattacks aligned with geopolitical interests. A Cornered Bear As Russia becomes increasingly sidelined on the global stage, its propensity to engage in or tacitly endorse destructive cyber activities grows. This tactic serves as a powerful tool in asserting influence and disrupting perceived adversaries, with fewer diplomatic repercussions, and much lower practical costs. Russia's sophisticated state-backed operations, coupled with its tolerance of rogue cyber gangs like LockBit or KillNet, form a two-pronged strategy in cyberspace that offers an increasingly potent-but-deniable arsenal to a regime with a gradually shrinking list of options. About the author: Mark Bruno Mark Bruno is a noncommissioned officer in the United States military, where he serves as a Combat Medic and a Public Affairs Representative. He holds a Master’s Certificate in Information Assurance from the University of Maryland, and a Bachelor of Science in Communication from the State University system of New York. All statements made in this article are his own, and do not reflect any policies or positions of the United States Department of Defense.

Date: 23/11/2023 Where: Netherlands, Dutch interests overseas. Who’s involved: Partij voor de Vrijheid (PVV), Geert Wilders, Dutch companies and citizens What happened? On 22/11/2023, the Netherlands voted in a general election to elect a new House of Representatives (Tweede Kamer). The PVV, a radical right nationalist party headed by populist Geert Wilders, won around 37 seats, ahead of GL-PvdA with 25 seats and the former largest party VVD with 24 seats. They are expected to form a right-wing government with the VVD, NSC and BBB. In his victory speech, Geert Wilders said he will seek to govern for the whole of the Netherlands within the framework of constitutional law. However, the PVV is strongly opposed to Islam and asylum seekers. He claims that Islam represents a fascist doctrine that is contrary to the pluralistic society of the Netherlands. The PVV election manifesto mentions that the party is seeking to exit the 1951 UN refugee convention, withdraw temporary asylum permits of Syrian refugees, and also ban the Koran in addition to closing Mosques and Islamic schools. Shortly after the result it became known that Moroccan, Turkish and muslim societies shared concerns about their future and rights in the Netherlands after the win of PVV. Analysis: The election of Geert Wilders is the latest in a radical right shift across Europe. His hardline stance against immigration and his comments have proved incendiary in the past. Geert Wilders has had multiple Fatwas – a formal, non-binding ruling issued by an Islamic institution – against him and has been living under police protection for almost 20 years. In 2018, Wilders announced a Muhammad cartoon contest which caused anger in the Islamic world and protests in Muslim-majority countries, especially in Pakistan where blasphemy is forbidden by law. While the formation of a governing coalition is unknown, the victory of Wilders may cause (violent) reactions in Muslim-majority countries against him or Dutch interests, and therefore present a heightened terrorism risk to the Netherlands and Dutch interests abroad. Intelligence agencies have raised their threat levels against terrorism across Europe since 2019, citing the capability and intent of radical extremist groups targeting citizens. As such, there may be an elevated threat to Dutch companies from extremist groups both in the Netherlands and Dutch interests based Muslim-majority countries. The risks of terrorism have increased elsewhere in Europe as a result of inflammatory rhetoric. Earlier this year, Quran burnings in Sweden also caused large protests in Muslim-majority countries. In Iraq, the Swedish embassy was stormed, the Swedish ambassador expelled, and a working permit of Swedish telecom company Ericsson withdrawn. In Pakistan, the Swedish embassy was closed due to security concerns likely connected to the Quran burnings. It has also led to Swedish citizens being targeted by extremist groups and lone terrorists, such as the fatal attack on two Swedish football fans in Belgium. Sweden’s prime minister Ulf Kristersson said that “Swedish interests have never been more threatened than now”. Conclusion The election victory of Geert Wilders raises concerns for Dutch interests in the Netherlands and around the world, given his openly anti-Islam rhetoric and policies against asylum-seekers. Dutch companies, citizens and broader interests could be targeted. As the outcome of the coalition negotiations is yet to be seen, definitive consequences are hard to estimate at this time. However, vigilance and a recognition of the vulnerability of Dutch interests abroad are recommended.

Aircraft Manufacturers have a proven history of converting commercial airliners into military aircraft. This started during World War II where aircraft like the Douglas DC-3 airliner was converted to a C-47 Cargo transport and later on as an AC-47 ‘Gunship’ and EC-47 Electronic Warfare. Another well known example is the Boeing 707 airliner into the E-3 Sentry AWACS and KC-135 Airborne Tanker used by the USAF. Over the past decade, there has been a growing military interest in a distinct sector of civilian aviation, namely business aviation. This leads to a rising aviation security concern in the Misidentification of Business Aircraft perceived as a Military aircraft. Traditionally the Business Aviation aircraft were mainly used by the military for VIP transport, but along the way some types have been modified for Airborne Intelligence, Surveillance, Reconnaissance, Electronic Warfare, Special Operations Support, etc.. Additionally, unlike bespoke military aircraft, modified business aircraft have two other advantages: a global pool of spare parts and an extremely high dependability in comparison to military aircraft. With the current number of conflicts growing world wide, more and more business aircraft are being used by the military. Especially in the Middle-East, Black Sea, Baltic States and around Taiwan. The risk of Misidentification is growing rapidly. There are also companies that support the military through Contractor Owned, Contractor Operated (COCO) Intelligence, Surveillance & Reconnaissance (ISR) operations in support of DoD entities and USG agencies. An example of this is the United States Special Operations Command (USOCOM) that uses subcontractors that operate a fleet of COCO ISR aircraft like the Bombardier Challenger 605 and the Challenger 650 Aerial Reconnaissance and Targeting Exploitation Multi-Mission Intelligence System (ARTEMIS). These aircraft are flying regular missions along the Poland-Belarus border to monitor Russian ground force activities. As well as in the Indo-Pacific theater in support of U.S. Special Operations Command Pacific (SOCPAC). The Bombardier Challenger 650 technology demonstrator is outfitted with the ARTEMIS multi-sensor surveillance suite. (Photo: via U.S. Army) Such are the similarities between some military and corporate jets, it is not always easy to tell them apart. Some examples; Civil type Military type Mission role Gulfstream G550 EC-37B Compass Call Electronic Warfare C-37 A/ B VIP / Special Air Mission Bombardier Global Express 6000 E-11 BACN Battlefield Airborne Communications Node Bombardier Challenger 605 Challenger 605 ARTEMIS intelligence, surveillance, and reconnaissance Learjet 35A C-21 pax and cargo airlifts. Dassault 900LX Envoy IV CC Mk1 VIP transport by the RAF (The Global 6000 /E-11 BACN ,Battlefield Airborne Communications Node USAF photo) Misidentifying a business aircraft as a military aircraft can have serious consequences, as it may lead to harassment by hostile actors in international airspace, intercepts and potential shootdown, confusion, or even security concerns. Here are some potential reasons for such misidentifications and steps to prevent them: Reasons for Misidentification: Similar Appearance: Some business jets may have a similar appearance to certain military aircraft, especially if they share design features or are painted in similar colors. More and more COCO ‘Business’ aircraft are being used and flown near airways operated by the regular business aircraft. The radar signature as well as the exterior look alike, the flight profiles differ as these often fly large holding patterns or ‘zig-zag’ patterns. Lack of Information: Limited or unclear information about the aircraft, especially in situations where radar or other identification systems may not provide detailed data. Communication Failures: Miscommunication or lack of communication between air traffic control (ATC) and military authorities. Or between ATC and the Business aircraft. Another scenario is that a Business Aircraft experiences an enroute problem for which it enters a holding to troubleshoot the situation. If this is not properly coordinated with ATC, the holding pattern of the business aircraft can look similar to the operational flight condition of a ‘military’ aircraft that often flies holding patterns when conducting their mission. Flight plan / Flight plan deviation Due to GPS Spoofing or navigational equipment failure. Use of similar flight numbers with multiple digits, which change with each landing and take-off made in the course of a day, will likely continue to cause flight number designation errors by both pilots and controllers. In selected circumstances, this could lead to misidentification of aircraft. What happens when you get intercepted by a military aircraft? Most military forces have a standard intercept protocol. Air Defense Sectors monitor air traffic and could order an intercept in the interest of national security or defense. Intercepts during peacetime operations are vastly different from those conducted under increased states of readiness. The interceptors may be fighters or rotary wing aircraft. The reasons for aircraft intercept include; Identify an aircraft; Track an aircraft; Inspect an aircraft; Divert an aircraft; Establish communications with an aircraft. Approach Phase. As a standard protocol, intercepted aircraft are usually approached from behind. While it is common for interceptor aircraft to operate in pairs, there are instances where a single aircraft may carry out the intercept operation. The intercepting aircraft bears the responsibility for ensuring a safe separation between itself and the intercepted aircraft, and this separation will be diligently maintained throughout the operation. Identification Phase. Interceptor aircraft will commence a controlled approach toward the target aircraft, maintaining a distance no closer than deemed necessary for positive identification and the collection of essential information. Additionally, the interceptor may conduct a flyby of the intercepted aircraft while obtaining data at a distance considered safe, taking into account the performance characteristics of both aircraft. Post Intercept Phase An interceptor may make efforts to establish communication using standard ICAO signals (ICAO Annex 2; Rules of the Air). In situations where time is critical and an immediate response is required from the intercepted aircraft, or if the intercepted aircraft remains non-compliant with instructions, the interceptor pilot may initiate a divert maneuver. During this maneuver, the interceptor will fly across the flight path of the intercepted aircraft, maintaining a minimum separation of 500 feet and starting slightly below the intercepted aircraft's altitude, in the anticipated direction of the intercepted aircraft's turn. While crossing the flight path, the interceptor will rock its wings (during daytime) or flash external lights/select afterburners (at night). Following this, the interceptor will roll out in the expected direction of the intercepted aircraft's turn before returning to confirm compliance. The intercepted aircraft is expected to execute an immediate turn toward the intercepting aircraft. If the aircraft of interest fails to comply, the interceptor may conduct a second climbing turn across the intercepted aircraft's flight path, again maintaining a minimum separation of 500 feet and starting slightly below the intercepted aircraft's altitude. During this maneuver, flares may be deployed as a warning signal for the intercepted aircraft to comply immediately, turn in the indicated direction, and leave the area. The interceptor is responsible for ensuring safe separation during all intercept maneuvers, with a paramount focus on flight safety. Preventive Measures: Perform a Risk Assessment concerning the planned flight route prior to the flight, related to overflight risk, conflict zone update, military exercises in the area of your planned route. Therefore monitor airport and airspace-specific notices, bulletins, circulars, advisories, prohibitions and restrictions prior to departure. Check if the departure and destination airport are also (frequently) used by COCO aircraft. Enhance communication protocols between ATC and military authorities to ensure accurate information exchange and identification of aircraft. In the event of a communication failure make sure to follow the correct ‘loss of communication’ procedures. That the correct transponder code and flight ID is set. Make sure that the flight crew and operations crew are trained on a recurrent basis Security Awareness, ‘how do I look to the outside world’ and training to maintain familiarity with the preventive procedures as well as the loss com procedures. These can consist of the company SOP’s, aircraft manufacturing procedures and ICAO Annex 2; Rules of the Air. Confirm the identity and authority of the passengers (high profile ‘target’ passengers for the countries the flight will overfly) reroute the flight plan when required.

On December 3, 2023, Venezuela’s government plans to hold a national referendum to establish a new Venezuelan state to incorporate the entire Essequibo region of Guyana into its territory. The announcement sparked a legal reaction from Guyana, which called for the International Court of Justice (ICJ) to intervene. Besides the ongoing legal proceedings in the Hague, the referendum is likely to go ahead. Given Venezuela’s ongoing domestic political difficulties and commitment to elections in 2024, the referendum could create new instabilities in the region and extend Maduro’s hold on power. The Essequibo Dispute The legal dispute between Guyana and Venezuela goes back to 1899. The Essequibo territory, which roughly contains two-thirds of current Guyana, was awarded to British Guyana by the Arbitral Award. Since then, Venezuela declared the award illegitimate because of the absence of Venezuelan negotiators. In 1966, just months before the independence of Guyana from the United Kingdom, Venezuela and the UK negotiated the Geneva Agreement, which established a regulatory framework that should be followed by both parties in order to find a solution for the Essequibo border dispute. There are growing disagreements between Venezuela and Guyana over the oil exploration operations by large oil companies in offshore areas in the disputed territory. In 2015, the situation deteriorated since ExxonMobil, one of the world's largest oil companies, announced the discovery of a new oil deposit in Essequibo, signing a beneficial agreement for the foreign company with the Guyanese government. The discovery of new oil deposits has revived Venezuelan claims over Essequibo resources and land, calling the concession to the U.S. oil giant ExxonMobil a “new form of imperialism.” In response, in 2018, Guyana asked the International Court of Justice (ICJ) in The Hague to review the border dispute and confirm the validity of the current borders drawn by the 1899 arbitration. However, Venezuela openly rejects the jurisdiction of ICJ over the dispute. In October 2023, Guyana announced the discovery of a significant oil and gas reserve in an ExxonMobil well situated in disputed waters. A few days later, Venezuela responded by scheduling the December 3 referendum on the Essequibo dispute. This triggered Guyana to, once again, seek the ICJ intervention to preserve its sovereignty and territorial integrity and prevent the referendum from being held. Although Venezuela rejects the ICJ's jurisdiction, the court called on the Maduro government to counter arguments on the dispute to support its stance. Venezuela was represented by Vice President Delcy Rodriguez. Hearings of Guyana and Venezuela delegations were held at ICJ on November 14 and 15, respectively. Political reforms in Venezuela? The reopening of the dispute over Essequibo sovereignty comes with "questionable" timing from Venezuela. Indeed, while the dispute appears to be justified by new significant oil discoveries and disagreements over concessions, it is also a strategy employed by Maduro to divert domestic and international attention from recent developments in Venezuelan politics. On October 17, 2023, after resuming long-suspended negotiations, the Venezuelan government and the opposition reached an agreement that guaranteed opposition participation and the competitiveness of the next presidential election, scheduled for mid-2024. The negotiations, facilitated by Norway, were held in Barbados, in which Venezuela also agreed to release more than 250 political prisoners and lift the bans on opposition candidates for the 2024 elections. While the United States was neither a mediator nor a party included in the deal, its influence is undeniable. On October 18, 2023, only one day after the conclusion of the negotiations, the United States announced the temporary easing of some of the sanctions imposed on the Venezuelan oil, gas, and gold sectors in exchange for competitive elections in 2024. The easing of diplomatic and economic tensions with the U.S. represents a chance for Venezuela to relieve itself of the "maximum pressure" imposed by the U.S. in 2019. Lifting U.S. sanctions, however, is tied to fulfilling the electoral commitments Venezuela pledged in the Barbados agreement. However, the leading opposition candidate in the elections, María Corina Machado, is still excluded from the electoral race. Moreover, Maduro's government has not recognized the primary election as legitimate. The US has announced that it will withdraw the suspension of sanctions if Maduro’s regime does not have fair elections. While the prospect of competitive elections sounds promising, during Barbados' negotiation Venezuelan government and opposition signed a second accord, which binds both sides to support Venezuela's current stance in the territorial dispute with Guyana. This second deal could prove particularly relevant in the current circumstances, as it prevents any form of internal political opposition to Maduro's eventual plan to annex Essequibo. Referendum Propaganda While the referendum is going ahead, the campaign for the referendum is heavily influenced by the Venezuelan government’s control of social media outlets. President Maduro, under pressure to hold an election, is attempting to divert attention away from the upcoming elections by drumming up nationalist sentiment. On December 3, Venezuelans will be asked if they reject the 1899 arbitration and the ICJ's jurisdiction and if they oppose Guyana's unilateral appropriation of Essequibo's territorial waters. Venezuelans will vote on the creation of the new state of Guayana Esequiba in the disputed area, whose residents will be granted full Venezuelan citizenship status. However, it is unlikely to be a transparent vote. In preparation for the referendum, a massive propaganda campaign for the Essequibo dispute is spinning on Venezuelan social media. To the tune of propaganda slogans such as "el Esequibo es nuestro" or “El sol de Venezuela nace en el Esequibo,” the Venezuelan government is seeking popular support for the December referendum, urging the population to "decide sovereignly and democratically their future." The Venezuelan government has also accused the US of provocation. On November 8, Venezuelan Foreign Minister Yván Gil issued a statement accusing Guyana of conducting joint military operations with the United States in the Essequibo Strip to protect foreign, largely U.S.-based energy companies wrongfully exploiting resources in disputed territorial waters. However, Guyana's Minister of Foreign Affairs, Hugh Todd, denied any allegations of military expansion in the Essequibo Strip, blaming his Venezuelan counterpart for spreading disinformation and false accusations to sway domestic and international public opinion in favor of Venezuelan claims. Outlook It is very likely that the December 3 referendum will take place. The validity of the outcome of the referendum is hard to prove due to the lack of transparency of the Maduro regime. The referendum on Guyana Essequibo comes at a very delicate time for Venezuelan domestic politics. Maduro would seem compelled to grant the opposition to the promised electoral improvements, especially to maintain the advantages of U.S. sanctions lifted. Yet, the deadline for implementing electoral and democratic concessions, set for late November, is approaching, and no electoral reforms or improvements have been put in place.

Who’s involved: Houthi rebels in Yemen, Israel, United States, shipping companies, international community. What happened? On 31/10/2023 the Shia rebel group called the Houthi declared war on Israel from Yemen in support of the Palestinian terrorist organization Hamas. On 08/11/2023 the Houthi fired their first missiles towards Israel but they were intercepted by the US Navy. From 09/11/2023 to 20/11/2023 the Houthi have launched several missiles and drones at Israel. All have been intercepted or have landed in the Sinai desert. The Houthi declared on 19/11/2023 that they would seize any Israeli vessel passing by Yemen on the Red Sea. On the same day the Houthi rebels used a helicopter to land on the shipping vessel the “Galaxy Leader” and took control of the ship taking 25 crew members hostage. The Houthi leadership claimed that the vessel is Israeli owned. The Israeli government quickly came with the reply that the ship is not under Israeli flag but is British owned and operated by Japan. Japanese authorities acknowledged that the ship is operated under the Japanese company NYK and that the crew is from several different nationalities of which none are Israeli. It is however believed that an Israeli billionaire might be part owner of the vessel, but this has not been confirmed. The Houthi rebel group receives logistical and weapon’s support from Iran. Israel has blamed Iran for staging the seizure of the vessel, but Iran has denied any involvement. The Red Sea shipping lane that continues on into the Gulf of Aden is an important shipping lane, with over 21.000 vessels per year going through it from China and the Gulf to Europe and vice versa. Consumer goods and oil are shipped through the Red Sea on large cargo vessels. Analysis: It is likely that the Houthi will try and seize multiple vessels that are supposedly under Israeli control. This will have a huge impact on the world economy as the shipping lane through the Red Sea is vital for the flow of goods. If shipping companies no longer dare to risk their vessels, crew and shipment to go through the Red Sea or the Gulf of Aden it will severely damage the world economy. When previously the cargo vessel “Ever Given” was stranded in the Suez Canal on 21/03/2021, for six days only, it already had an enormous amount of impact on the economy that extended into billions of dollars of additional costs and losses. Goods were perishing on board, shipments came in too late at their port of call, deliveries were delayed and some ships traveled all the way around the southernmost point of Africa taking two extra weeks to travel. From the early 2000’s to 2017 Somali pirates would frequently seize ships around the Horn of Africa between the Red Sea and the Gulf of Aden. This severely impacted the world economy and forced shipping companies and national governments to take measures against piracy in the region. Ships would take alternate routes, hire mercenaries to protect their vessels, insurance companies upped their policy payments and several European and United States Navy vessels patrolled the area. A recurrence of such a situation is likely to have more of an impact now that the Houthi are involved. In contrast to the Somali pirates the Houthi rebels are well armed and equipped and receive logistical support from Iran. If there is any form of combat involved the stakes are much higher than with the Somali pirates who used simple fishing boats and had outdated weaponry. Conclusion This new phase in the war between the Yemeni Houthi rebels and Israel has taken the conflict into a whole new realm. By seizing cargo vessels, allegedly connected to Israel, there is a chance of direct disruption of the world economy since the shipping lanes in the Red Sea are vital for transporting consumer goods, food and oil across the world. It is unclear how far the Houthi will go to emphasize their point, but at the same time it is also unclear how far Israel and the United States will go to prevent any further seizures. Open combat with the Houthi in Yemen and on the Red Sea will undoubtedly lead to even more disruption in the shipping lanes, but the international community will be hard pressed to just stand by and watch as the Houthi continue their campaign.

Date: 20/11/2023 Where: Myanmar, Laukkaing, Shan State Who’s involved: Myanmar Junta, Three Brotherhood Alliance, People’s Republic of China What happened? On 27/09/2023, the Three Brotherhood Alliance, an alliance between the Arakan Army, Myanmar National Democratic Alliance Army and the Ta’ang National Army, launched coordinated attacks on military outposts and installations in the northern Shan state in Myanmar. The name of the mission, “Operation 1027” is intended to expel the military from the area and regain control of the state for opposition forces. According to reports from a newspaper based in Thailand, the Irrawaddy, the Three Brotherhood Alliance has taken 90 military outposts, 4 towns, as well as two key trade routes to China. There is currently a standoff over the city of Laukkaing, a hive for unregulated gambling, human trafficking and illicit goods. The military junta has been unable to push back against the armed groups. The military has instead launched airstrikes and artillery bombardments of towns and villages thought to hold insurgent groups, with many hundreds of civilians fleeing. Former General Myint Swe spoke at an emergency meeting with the military junta suggesting that this is the most serious contest of the military’s power after the coup in February 2021. On 10/11/2023, the Chinese foreign ministry said that it will ensure stability on the border. China has traditionally acted as a power-broker in the Shan state, a region in eastern Myanmar on the border with China, with its ability to exert influence over different groups because of ethnic and trade ties. However, the city of Laukkaing has become a center for criminal gangs, scam centers, and money laundering. It has been reported that thousands of Chinese nationals and other foreigners from around the region have been forced to work there. China is seeking to clampdown on transnational criminal groups with the military unable to control cross-border criminal activity. The escalation of violence under Operation 1027 has led to civilian casualties and the displacement of 200,000 people nationwide. This has led to over 2 million civilians fleeing the fighting since February 2021, according to the United Nations. There are increasing calls for humanitarian aid to enter the country and both sides to respect international humanitarian law. Analysis: The Myanmar civil war since February 2021 has killed over 4,000 civilians and displaced 1.8 million refugees, and there are no signs of stopping. Research published by the Security Force Monitor has documented several human rights abuses committed by the Myanmar military junta. The new offensive represents the biggest battlefield challenge to the military junta’s rule since the coup in February 2021. Capturing Laukkaing will bring some gains for the opposition parties for the Three Brotherhoods Alliance to expel the military from the Shan state and bring it into their control. While this is not a lethal blow, this would cut off a significant source of income for the military junta and create challenges for leadership of the military. Sensing Myanmar's military weakness, other armed groups in the country have also stepped up attacks. This could overstretch the junta’s military capacity as a result. The armed groups have also seized a large amount of weaponry from retreating military units, including tanks, a howitzer and ammunition. The junta may have to accept ceding control of the country to the groups in order to launch counter attacks. In any case, the military’s failures are obvious for armed groups resisting the regime and may lead to groups launching attacks to seize on the weakness. China’s seeming unwillingness to intervene in the Shan state to support the military could indicate a decline in support for the regime. China’s economic interests in Myanmar include investments in rare earths, and the construction of multiple oil and gas pipelines flowing into the Bay of Bengal. China cultivated a close relationship with the military junta for protection of its economic assets. However, the growing transnational crime from Myanmar and the inability of the military junta to contain it could push China to see other players to maintain stability on its border. How lethal this attack proves to be for the Myanmar military, depends on the response of the Myanmar military, and whether it is able to fight a multifront counter insurgency. It is still well-armed, with Russian places and artillery and has fought counter-insurgencies in Myanmar since the 1960s. The military junta leadership is internally quite resilient to outside challenges however. Given its ordinance and expertise, it will likely step up bombing campaigns and mount heavy counter offensives against all rebel groups in the north and in the east. The fighting is therefore likely to intensify in the coming months as both sides try to seize the initiative. Conclusion The escalation of the conflict in Myanmar is leading to more violence in the country, with more refugees fleeing the country. The appearance of success of the armed groups offensive has given the Three Brotherhood Alliance more ammunition and achievements against the regime, which could lead to other groups seizing on the junta’s vulnerabilities. China’s influence in the country remains important, but its capacity to limit further escalation remains limited given the military junta’s capacity for military self-reliance. The escalating violence is likely to lead to more civilian deaths and refugees fleeing violence, in a conflict that has killed over 4,000 civilians and displaced 1.8 million.

Date: 17/11/2023 Where: New York (USA), China Who’s involved: Industrial and Commerce Bank of China (ICBC) Financial Services Division, Lockbit Ransomware gang What happened? On 8/11/2023, ICBC's Financial Services (FS) division in New York City was hit by a ransomware attack, leading to disruptions in specific systems within the division. ICBC FS immediately isolated the impacted systems to contain the incident. The attack was so extensive that it disrupted not only financial services systems, but also the corporate email, forcing employees to switch to Google Mail. On 9/11/2023, the ransomware attack caused disruptions in US Treasury markets. Some traders were unable to place or clear trades through ICBC and received emergency notices about connectivity issues. The blackout caused by the ransomware attack led to a temporary $9 billion debt to BNY Mellon, significantly larger than ICBC Financial Services' net capital. ICBC's parent company in China provided a cash injection to help repay BNY Mellon and manually processed trades with the custody bank's assistance. On 10/11/2023, ICBC confirmed details of the attack and made them public. The company stated it was investigating and progressing with recovery. The bank successfully cleared Treasury trades executed on November 8 and repo financing trades done on November 9. However, some market participants reported unsettled trades, affecting market liquidity. On 13/11/2023, A LockBit ransomware gang representative claimed that ICBC paid a ransom. This claim is not independently verified, and ICBC has, as of 17/11/2023, not immediately responded to requests for comment. On 14/11/2023, ICBC's management team flew to the US to address the fallout. Analysis: LockBit is a sophisticated threat actor, operating primarily as a Ransomware-as-a-Service (RaaS) model, enabling affiliates to carry out attacks using its malware in exchange for a share of the profits. Since its emergence in 2019, LockBit has rapidly evolved into one of the world's most prominent ransomware threats, known for its aggressive tactics. The group's activities often target critical infrastructure and major corporate entities, resulting in significant operational and financial impacts. It's widely speculated in the cybersecurity community that the group operates with a degree of impunity within Russia, as long as their attacks are primarily focused outside of Russian territory. This perceived tolerance by the Russian authorities is a common trait among several ransomware groups. LockBit has targeted businesses in several sectors throughout the European Union, including real estate, manufacturing, and logistics. In 2021, LockBit targeted Irish corporation Accenture, one of Europe’s largest IT consultancy firms. The ransom demanded by LockBit was 50 million dollars. Upon failing to pay the ransom, massive amounts of the exfiltrated data was leaked, which included proprietary information from an unspecified number of firms. This particular incident is unique in that a major Chinese institution was attacked by an entity that has some degree of cooperation with the Russian government. US and Chinese authorities are both likely to respond with some degree of force. The costs of cyberattacks globally continue to rise. Paired with the recent DP World Australia attack, this is likely the second event in only two weeks to have over one billion dollars in potential impact. The attackers exploited a vulnerability known as Citrix Bleed, which allows attackers to hijack authenticated connections and bypass authentication measures. These hijacked sessions can persist even after patching, enabling further network penetration and escalation of privileges. The attackers could potentially have access to ICBC’s systems in the future. Conclusion: While the specific financial implications for ICBC's parent company in China are not expected to be crippling due to the swift response, the attack underscores the growing cybersecurity threats to global payment networks and financial institutions. As global payment systems increase interconnectivity, even between entities in Chinese, North American, and EU markets, the potency of cyberthreats such as ransomware will increase. The incident raises concerns about the resilience of the Treasury market and is likely to attract regulatory scrutiny. The event also has the potential to open doors for international cooperation in the field of cybersecurity enforcement. While the US and China have a history of being competitors in the cyber domain, the need for cooperation in this incident may establish some of the legal precedence for a combined response.

Dyami Insights Analysis The Chinese Communist Party under Xi Jinping seeks regime security above all else, with China’s security services accusing its own citizens and foreign businesses of espionage. On November 12, BusinessEurope, a representative of commercial lobby groups from around Europe, warned that Beijing’s anti-espionage laws threaten to push decoupling with China. The CCP counter-espionage law effective from July 1, broadened the definition of espionage, which could mean any organization perceived as unfriendly by the PRC. The definition of what constitutes a ‘threat’ is intentionally vague as well, and gives Chinese authorities a wide breadth to detain any foreign interests on suspicion of espionage. This drive for securitization poses risks to European businesses and governments need to recognize the significance of this shift in managing security threats. Regime Security above Development The Chinese leadership under Xi Jinping is moving away from economic development to a focus on national security. To this end, Chinese security officials investigated US management consultancy firms, Bain and Company and Mintz Group on charges of being “accomplices in overseas bribery, espionage, and extraction of national secrets and intelligence”. Chinese security officials confiscated mobile phones, laptops, and detained employees. These consultancy firms work in the field of business intelligence, providing information on Chinese companies for foreign business organizations, which grew along with China’s emerging, but notoriously opaque, economy. The primary reason is that Chinese authorities are wary of information gathering for perceived intelligence purposes. Chinese authorities investigated US-owned Capvision for allegedly paying Chinese military and high technology experts to obtain state secrets and intelligence. Capvision works with Chinese financial institutions for foreign companies to provide insights into commercial sectors. The state secrets were allegedly stolen by the company, by violating the national security law for the pursuit of economic interests. China’s priority of state security makes this harder and riskier for European companies attempting to make financial decisions in the country. China’s perceived threats to national security also extend to the financial sector. On November 3, China’s Ministry of State Security, the intelligence and secret police agency of the CCP, pledged to actively protect the country’s financial stability as a matter of national security. In a WeChat post, the Ministry of State Security suggested that some countries had been actively spreading bearish sentiment about China’s financial assets and undermining investor confidence in the country. This came as investments began leaving China due to stalling economic growth, low interest rates, and rising geopolitical tensions with the US. In light of China’s current government neglecting to improve job prospects for new graduates, or addressing the yawning inequality between coastal and inland regions, Xi’s political coalition has doubled down on regime security above all else. Trade Deficits in EU-China relations As Chinese authorities’ anti-espionage investigations into US companies come as US-China relations worsen, there are also concerns that European businesses could be targeted. EU policy on China is shaped by national priorities and does not speak with a single voice, yet there is a transition taking place. China’s close relations with Russia over its war in Ukraine, tensions over Taiwan, and Xinjiang human rights abuses are pushing EU member states and EU institutions to take a harder stance on China’s economic dependencies. Another weakening point in the relationship is the ballooning trade deficit with China (see fig. 1 and 2). The EU trade deficit with China has widened from €200 billion in 2020 to €400 billion in 2022. This has led to the EU Commissioner for Trade, Valdis Dombrovskis, arguing that the trade deficit with China was too large and needed to be brought down. This has triggered complaints of unfair trade practices, and a lack of access to China’s market for European companies. EU policy has reacted by creating a number of protectionist measures on China’s imports into the EU. The EU Commission’s launch of an investigation into state-subsidies into Chinese-made electric vehicles in Europe in September 2023, marked an aggressive turn in trade relations between the EU and China. There are also more EU commission plans down the road to investigate more anti-subsidy probes on wind turbine technologies made in China. Dider Reynders, the acting EU competition commissioner, said that cheap Chinese imports could threaten European businesses, and suggested a similar probe into state-aid funding for wind turbines. Beijing quickly shot back that these were “protectionist” measures from Brussels, accusing the EU of weakening domestic productivity rather than China’s state-subsidies. President Xi Jinping has appealed to Germany’s president Olaf Scholtz directly to put brakes on the looming trade war with Beijing. However, the trade deficit and EU calls for protectionism is likely to become louder in the future. More confrontational protectionist voices in member states could find a good audience in the growing urgency over China’s dominance of supply chains, critical minerals, and a potential clash over Taiwan. In this case, European businesses could be seen as security risks to the Chinese state. Dangers of Decoupling The intelligence alliance, Five Eyes, warned that a total decoupling of western economic links to China is unrealistic. However, China's Communist Party's turn to regime security above economic ties under Xi Jinping poses acute security threats for European organizations in China. EU-China relations are still at a crossroads, but growing hawkishness of EU-China trade relations indicates that Chinese authorities may pose a threat to European interests in China in the future.

Do you want to join our team and start your career in the security and intelligence world? Dyami is searching for one or two intelligence/research analysts for the first 2024 internship period (February to June/July)! Who are we? In a world with ever-growing and ever-evolving risks, organizations need bespoke and agile solutions to fulfill their duty of care and protect their operations, both at home and abroad. Dyami, a full-service strategic security provider, lives by its mission statement of enabling you to thrive; safely and successfully. To do this, our team provides strategic outlooks and analyses, security risk and threat reports, travel security advice, aviation services, and diverse types of training. At dyami, you will be working alongside a team of analysts and security experts with backgrounds in the private, public, and non-profit sectors. Job Description: The intern will work within the intelligence unit at dyami and report to the Lead Analyst. Your responsibilities and taskings will include: Following and analyzing current and emerging local, regional, and international security trends. Contributing to research, identifying security-related issues in volatile environments and conflict regions. Helping with research and risk assessments for stakeholders. Contribute to Dyami’s intelligence cycle. Assists in the day-to-day operations of a start-up company. Who are we looking for? Someone with a great ability to critically analyze qualitative information and to be a team player. Good organizational and communication skills, including writing clearly and concisely. Someone who is preferably enrolled in or have recently graduated from a master in security studies, conflict studies, international relations, intelligence/crisis management, journalism, or any related field. Excellent command of English, both spoken and written. Fluency in any additional languages is a strong plus. A flexible attitude is essential, as Dyami B.V. is a young and rapidly growing company. You also must possess an international mindset; intercultural sensitivity is important. Please note: you have to be located in the Netherlands and able to reach our office in Utrecht. What we offer: Practical learning opportunities to apply your analytical capabilities to real-world situations. An opportunity to develop professional analytical writing skills. Substantial feedback on your work by a variety of experts. Exposure to intelligence and security and risk management research methodologies. Exposure as an analyst on our website, social media, and through the extensive network of our team. The opportunity to work in a young and growing company. Internship allowance: This internship offers €350.00 gross a month for a 40-hour work week. Interested? If you are interested in applying for this position at dyami, please send the following documents: A CV; A brief cover letter that mentions your main topic(s) of interest (max one page and can be attached as email text); One writing sample of around 2 pages, preferably about a specific country, conflict, or current geopolitical situation. This can be an extract of previous (academic) work. Please send your application to: alessia@dyami.services, with the topic “Application Intelligence/Research Analyst internship. (YOUR NAME)” before December 10, 2024. This internship follows conventional 09:00-17:00 work hours, Monday through Friday. The start date is in February 2024 and it is expected to end in July 2024.