Theories of International Relations and the Private Security Analyst: The Scope and Limits of Theoretically Informed Analysis Thesis submitted for the degree of Doctor of Philosophy at the University of Leicester by Jean Michel Perois MA Department of Politics and International Relations University of Leicester 2017 Abstract This thesis addresses a significant yet relatively neglected problem: the inadequacy of risk assessment methods of analysis currently available to security analysts and practitioners serving customers operating in challenging and volatile environments. It also challenges the idea shared by many analysts that theories of International Relations (IR) are irrelevant to the production of security analyses. Towards this end, this thesis begins by exploring the relationship between existing forecasting techniques and theories of IR. It then evaluates the extent to which their use has the potential to expand the analytical capabilities of private security analysts serving corporate customers in such contexts. In considering the possibilities and limitations of IR approaches the thesis finds that Realism alone cannot provide a valid framework to improve private security analysts’ skills, but argues that there are definite advantages to combining this with Constructivism complemented by cultural analysis. These three theoretical components constitute the backbone of an innovative approach to security analysis herein termed Reflexive Cultural Realism; a theory of security designed to explain politically-driven security events in particular social and cultural contexts whilst allowing for forecasting based on an original way of building scenarios. This theory is applied through a specific reading grid (via a 7- step method) at all levels of political activity, from the global to the domestic. Two detailed case studies are provided to demonstrate the effectiveness of the Reflexive Cultural Realism approach. These case studies, located in two of the GCC countries, consider security situations analysts are traditionally confronted with in their daily activities, and demonstrate the utility of the approach in facilitating practical answers to corporate questions. The thesis concludes that the Reflexive Cultural Realism approach, by combining an innovative theoretical framework with a robust application method, is able to satisfy the demands of corporate customers by improving significantly the analytical and forecasting skills of the analysts serving them. 1 Acknowledgements I would like to thank the persons who supported and helped in this research, the analysts who attended the interviews, those who exchanged numerous emails after the interviews, particularly Dave Hartwell and Yves Trotignon. Much appreciation also goes to these persons who authorised and organised the interviews with the analysts placed under their authority: o Ali Siali, Middle East Business Development Manager at IHS Jane's, o Pannie Peters, then Associate Director at Control Risks, o Bruno Delamotte, Chairman and CEO of Risk&Co. 2 Table of Contents Abstract ....................................................................................................................................................................... 1 Acknowledgements ................................................................................................................................................ 2 Table of Contents .................................................................................................................................................... 3 List of Figures ........................................................................................................................................................... 4 List of Tables ............................................................................................................................................................. 4 List of Abbreviations ............................................................................................................................................. 5 Chapter 1 .................................................................................................................................................................... 6 Introduction .............................................................................................................................................................. 6 Chapter 2 ..................................................................................................................................................................31 Research Design ....................................................................................................................................................31 Chapter 3 ..................................................................................................................................................................47 From analysis to forecast: Introduction to forecasting principles and techniques .................47 Chapter 4 ..................................................................................................................................................................87 Security at the core of the theoretical perspective ................................................................................87 Chapter 5: .............................................................................................................................................................. 114 Reflexive Cultural Realism as a theoretical approach ....................................................................... 114 Chapter 6 ............................................................................................................................................................... 141 The RCR methodology: a 7-step approach.............................................................................................. 141 Chapter 7 ............................................................................................................................................................... 166 Developing the Reflexive Cultural Realism method in context: .................................................... 166 Reflexive Case Study One: Saudi Arabia and the Sawari II project (2004) ............................... 166 Chapter 8 ............................................................................................................................................................... 200 Developing the Reflexive Cultural Realism method in context: .................................................... 200 Reflexive Case Study Two: Pipeline security in Qatar (2005-9) ................................................... 200 Chapter 9 ............................................................................................................................................................... 230 Conclusions ........................................................................................................................................................... 230 References ............................................................................................................................................................. 246 Appendix 1 ............................................................................................................................................................ 268 Appendix 2 ............................................................................................................................................................ 269 Appendix 3 ............................................................................................................................................................ 272 3 List of Figures Figure 1: Armstrong's 6-stage forecasting process .................................................................... 64 Figure 2: The intellectual approach to security analysis ....................................................... 116 Figure 3: The Sawari II timeline: 1994-2016 ........................................................................... 172 Figure 4: Security incidents in KSA 2003-4 ............................................................................. 190 Figure 5: Dolphin Energy regional pipeline network............................................................. 201 Figure 6: The Dolphin Energy project timeline ....................................................................... 208 List of Tables Table 1: List of recorded security incidents in KSA in 2003 and 2004............................ 189 Table 2: List of participants to semi-structured interviews .................................................. 268 4 List of Abbreviations ADWEC Abu Dhabi Water and Electricity Company AIC Advanced Industrial Countries ALARP As Low as Reasonably Practicable API American Petroleum Institute AQAP al-Qaeda in the Arabian Peninsula ASIS American Society of Industrial Security BDM Bueno de Mesquita CPP Certified Protection Professional CRG Control Risks (Group) DCN Direction des Constructions Navales DGA Direction Générale de l’Armement DGSE Direction Générale de la Sécurité Extérieure DUSUP Dubai Supply Authority EEZ Exclusive Economic Zone FDI Foreign Direct Investments FP Foreign Policy FPA Foreign Policy Analysis FPDM Foreign Policy Decision Making FPE Foreign Policy Executive GCC Gulf Cooperation Council IHS IHS Jane’s 360 IIF International Institute of Forecasters IJV International Joint Venture IR International Relations IRIS Institut de Relations Internationales et Stratégiques KSA Kingdom of Saudi Arabia MNC Multi National Corporation MOD Ministry of Defence OECD Organisation for Economic Cooperation and Development OOC Oman Oil Company OPEC Organization of the Petroleum Exporting Countries PCI Professional Certified Investigator PSP Physical Security Professional QP Qatar Petroleum RCR Reflexive Cultural Realism Société Nationale pour la Recherche, la Production, le SONATRACH Transport, la Transformation, et la Commercialisation des Hydrocarbures (Algeria) UAE United Arab Emirates US United States VNSA Violent Non State Actors 5 Chapter 1 Introduction Twelve years ago, I was offered a position as a security consultant for a large French company which maintained stealth frigates sold by the French government to the Saudi navy in the military port of Jeddah, on the Red Sea. Deployed as the leader of a duo of security consultants, part of my brief was to forecast what would happen to the Saudi- French maintenance contract should King Fahd meet an earlier than expected demise. Although rapidly convinced by my observations and readings that no major changes would occur, and that prince (soon to become king) Abdullah had the situation well in hand, I realised that I did not have the necessary tools to convey my beliefs to my senior management. I had no real method to rely upon, no understanding of the motives behind political actions, no cultural familiarity with the Arab world and no serious knowledge of modern international relations1. I was not a trained analyst, simply a security practitioner, but I developed an interest, almost a fascination, for international affairs whose origins lie in this long past, but not forgotten, immense intellectual frustration. I have since fulfilled several roles in the corporate security industry, mainly in the Middle East where I still live and work. I have become a specialist in the area of security risk assessments (risk assessments developed for plant, facilities, headquarters, etc.) and have been faced time and again with the same demands; forecasting undesired security events, anticipating unexpected situations, preparing evacuation plans while recommending responsible mitigation measures to ensure the security of expatriate personnel deployed abroad. To do this, I use existing methods. Risk and threat analysis methods are numerous in the industrial world. The American Petroleum Industry (API 780 methodology, 2013) is the one I use on a daily basis, but others exist authored by Biringer, Vellani, Garcia, and many 1 Although I graduated in 1979 from the Ecole des Hautes Etudes Internationales de Paris, but this was of no help whatsoever. 6 other risk assessment authorities. Yet, these methods are oriented towards a process and as such fail to convince me. In spite of delivering a methodical and well-structured progression, they base their approach on judgement calls presented, thanks to the power of arithmetic, as scientific truths, while they are simply guesstimates. How do these methods measure the threats? Essentially, they project past constituents of a threat into the future. They usually define the threat (threat-as-agent) by listing events under headings such as intention, motivation and capabilities, a triangle inspired from the crime triangle. These headings suggest that intention and motivation are obvious and that capabilities are a logical inference from the seizure of weapons, explosives and terrorist paraphernalia discovered by the police. This is what analysts I have interviewed call the context. This may be acceptable in professional circles, but I maintain that expressing concepts such as intention and motivation without at least some sort of theoretical background weakens the power of the practitioners’ conclusions. This is where the gap in understanding and in the existing literature is. As Bonnett highlights: Facts do not speak for themselves. They need to be analysed, explained and provided with a context. Otherwise, they are quite, literally meaningless. (Bonnett 2011: 4) What is said of the facts can also be said of the context. Context needs to be explained and understood and this can only be done with the help of a theoretical background. 1. Threats, vulnerability and risk and the contribution of IR theories. For the security analyst, the purpose of any analysis, in the public or private sector, is to expose and understand threats. In the industrial world, it can be threats to projects, threats to assets and threats to people. These threats, when measured against the vulnerability of the asset, point toward risks. These risks in turn can be defined as the level of uncertainty to achieve objectives. They are often expressed in terms of a ratio between the consequences of an event and the likelihood of its occurrence. In the private sector, risk is defined by the possibility of threats materialising to prevent the development of the project. Threats, in turn, are defined by the API 780 methodology2 2Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries, ANSI/API Standard 780, First Edition, May 2013. 7 as ‘any indication, circumstance or event with the potential to cause the loss of, or damage to an asset. Threat can also be defined as the intention and capability of an adversary to undertake actions that would be detrimental to critical assets’ (API 780 2013: X). Let us substitute critical assets with ‘project’ and we have a fair indication of what the expectations of the corporate customer can be as well as a sound professional objective for the private security analyst. The threats between the public and the private sector differ. Threats in the private sector include actions such as embezzlement, fraud, theft, sabotage and vandalism, to name a few, all crimes that hardly connect with politics. For these crimes, the corporate sector hardly needs the services of a security analyst. It is when these threats connect with politics and its implications, in places perceived as volatile and fraught with dangers, that the contribution of the private security analyst becomes invaluable. It is therefore only a portion of the threat that links the analyst and the corporate customer. These are what the security practitioner calls the low frequency-high consequences type of events. The corporate security customer wants to know how politically motivated actions can have an impact on their industrial setup. Threats (threats-as-action) motivated by a political purpose to projects will come from groups opposing them from a political perspective. These groups (threats-as-agents) will lead their opposition campaigns through actions, which make sense only when understood as the result of political decisions modelled by social constructs, which in turn have become normative behaviours and can be analysed and reconstructed by the analyst for the benefit of their client. Opposition groups (tribal, clannish or simply of interest) exist to defend, represent or promote the interest of their members, and as such, their behaviour is political. Principles of IR theories do apply to them, at least to some extent. To say that the Kurdish question is an IR problem is an acceptable assertion, but approaching it only from an IR perspective while ignoring domestic politics (of Iraq, Turkey, Syria and Iran which harbour their populations) would be misleading because it is incomplete. 8 Threats (as-actions) may take different forms according to the nature of the project, but how these threats could develop and could materialise and under which circumstances is certainly of the utmost importance to the customer. The ‘why’ answer cannot be explained outside of a political framework, which now becomes the background reference for the security analyst. In the world of corporate security, risk assessment is the first step of any project study. A risk assessment normally comprises five stages: (1) a characterisation of the target (2) a threat assessment (3) a vulnerability assessment (4) a risk evaluation and (5) a risk treatment plan. Of all these stages, the most delicate and the most determinant is, again, the threat assessment. Why? Because threats and vulnerability determine risk and risk is what the corporate customer wants to understand. This is a stage where the security consultant must evaluate the plausible threats according to a mix of past incidents, current trends, plausible attacks and often their own experience and background. But, because threat assessments are usually performed without the revealing background of a theory, and because a historical approach will rather discuss the events, the ‘how-it-occurred’ rather than the reasons behind the events (the ‘why-it- happened’) they often look like a military debrief and do not fulfil their explanatory role the Thucydides way3. The mission in Jeddah pushed me towards international policy studies; and I took up studies at post-graduate level to help me conceptualise what I felt intuitively would be the response to a quest. Working on my master’s thesis convinced me that Realist principles were directly applicable to regions of intense political and power rivalry. Influence and power, in such places, were perceived as zero-sum games, making political actions relatively easy to anticipate (predictable), at least in theory. Soft and hard powers, coupled with balancing strategies, were used in a complementary manner to ensure the existence and security of 3 Chapter 1 Book 1 of the History of the Peloponnesian war is a remarkable explanation of the political reasons behind this war. 9