Global Threat Analyst – MENA
On Easter Sunday, local militant groups supported by Islamic State (IS) launched a series of attacks against hotels and churches in the Sri Lankan capital Colombo. As part of their emergency response measures, the government enacted a nine day shutdown of social media, which only concluded on 30th April. Since then, the block has been periodically re-implemented, primarily in response to low-level clashes between Christian and Muslim groups.
The impact of the block on telecommunications is difficult to overestimate. Popular messaging services, including Instagram and WhatsApp, were shutdown. The Sri Lankan government claimed that this was necessary in order to stop the spread of disinformation – for example, with respect to further attacks – and to prevent panic spreading among the general population.
Telecommunications blocks are an increasingly popular tactic for government of all ideologies; from authoritarian to democratic. Healix’s Global Security Operations Centre has noted this tactic before. Superficially, these shutdowns make tactical sense. By controlling the flow of information, governments can curtail the spread of malicious rumours (such as blaming a recent terrorist attack on a specific ethnic group) or – in more authoritarian regimes – prevent the mobilisation of demonstrations or protest groups by hampering their ability to organise.
However, these social media shutdowns often trigger unintended consequences. In the case of Sri Lanka, the communications blackouts made it difficult for foreign nationals in-country to confirm their status with family, friends or employers. Furthermore, there is little evidence to support the theory that telecommunications blocks significantly hamper protest groups: both Sudan and Algeria enacted such measures during recent periods of unrest without success.
Companies need to consider how they will ascertain the whereabouts and status of staff in the event of a situation like Sri Lanka’s, where security managers may be unable to reach employees. This risk can be mitigated by forward-planning and ensuring staff know how to respond in case of an attack. This may include the use of VPN’s, GPS tracking or the alternative methods of communications, such as satellite phones.