Close this search box.
Close this search box.
May 8, 2021


Colombia (Security threat level – 4): Nationwide demonstrations over a now-annulled tax proposal are expected to continue for a 13th consecutive day on 10 May 2021. Demonstrations have primarily affected the cities of Bogotá and Cali in recent days. In Bogotá, the capital, authorities have closed the 21 Ángeles, Campiña and Suba portal metro stations due to ongoing demonstrations, while 52 stations remain closed due to damage sustained since demonstrations began. President Ivan Duque is scheduled to meet representatives of the National Strike Committee at approximately 1200 local time (1700 UTC) at the Casa de Nariño presidential residence in Bogotá. Although the government’s now-annulled tax proposal spurred the demonstrations, organizers are now demanding government action on poverty, unemployment and police brutality.

On 9 May 2021, demonstrations and clashes occurred in the cities of Bogota and Cali. In Bogotá, demonstrators gathering at the Parque de los Hippies caused transportation disruptions in the area, particularly on Carrera Septima. In Cali, 10 indigenous demonstrators were injured amid clashes with residents and police officers in the Ciudad Jardin neighborhood. Local media reports state that local residents attacked the indigenous demonstrators with firearms as they attempted to enter the neighborhood and clashes continued for approximately four hours. Additionally, President Duque ordered the deployment of additional security forces to Cali and lifted blockades erected after recent violent clashes. At least 10,000 police officers and 2,100 soldiers will be deployed to patrol the city.

Meanwhile, the governor of Valle del Cauca department — where Cali is located – ordered restrictions on entry into the department during 10-15 May in response to an increase in COVID-19 cases in the area as well as the ongoing unrest. Exceptions to the entry ban include trucks delivering food, fuel and other essential items. Other exceptions include health services, funeral services and essential work purposes. Meanwhile, authorities in Cali imposed gasoline rationing guidelines, which will be in effect from 9 May until further notice. The sale of gasoline to residents will now be limited in accordance with the last digit of residents’ license plate numbers, and will occur daily from 0800 to 1700 local time. People whose license plate numbers end in even numbers (0, 2, 4, 6 and 8) can buy gasoline on even days, while those whose plate numbers end in odd numbers (1, 3, 5, 7 and 9) can buy gasoline on odd days. Gas stations that have quantities of fuel can operate from 0600 to 1900 local time.

United States (Security threat level – 2): On 7 May 2021, a ransomware attack forced the Colonial Pipeline company to shut down its operations, significantly disrupting fuel supply to the eastern region of the United States. The pipeline system extends more than 5,500 mi (8,850 km) from Houston, Texas, to Linden, New Jersey, and transports more than 100 million gallons a day, which reportedly accounts for approximately 45% of refined petroleum products, including jet fuel, consumed on the East Coast. Four main pipelines operated by the company remain shut down, although lateral pipelines between terminals and delivery sites resumed operations on 9 May. It is currently unknown when the four main pipelines will resume operations, which has raised concerns regarding fuel shortages and subsequent price hikes, especially if the shutdown extends beyond 11 May. In an effort to avoid fuel shortages, the U.S. government has declared a state of emergency in the national capital Washington, D.C., and the following 17 states: Alabama, Arkansas, Delaware, Florida, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey, New York, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas and Virginia.

An investigation into the cyberattack, which reportedly occurred on 6 May, is currently underway. The perpetrators demanded a ransom on 7 May, after which the company preemptively halted its operations to minimize damage. The cybercriminal group DarkSide allegedly infiltrated the company’s IT networks and locked the data on select computers and servers. The cloud computing system that the intruders leveraged to collect pilfered data was taken offline on 8 May. The company has stated that normal operations will resume only after it determines that it is safe to do so.


India (Security threat level – 3): On 9 May 2021, the chief minister of the Delhi Capital Territory — where the capital New Delhi is located — extended the territory’s existing coronavirus-related lockdown until 0500 local time (2330 UTC) on 17 May in an effort to reduce strain on the health care system in the territory; the order was scheduled to expire on 10 May. Under the order, essential businesses such as grocery stores and pharmacies may remain open, but limits are placed on the number of attendees at wedding and funerals and all entertainment and religious gatherings are banned. Additionally, the Delhi Metro has suspended services for the territory during the extended lockdown.

In related developments, on 8 May authorities in the southern state of Tamil Nadu – where Chennai is located – announced a total lockdown from 0400 local time (2230 UTC) on 10 May to 0400 on 24 May. As part of the lockdown, nonessential businesses such as entertainment venues must close, while essential businesses such as grocery stores and pharmacies may operate during 0600-1200 local time daily. Restaurants may open during 0600-1000, 1200-1500 and 1800-2100 local time daily for delivery services.

Malaysia (Security threat level – 3): On 10 May 2021, Prime Minister Mauhyiddin Yassin announced that a nationwide coronavirus-related Movement Control Order (MCO) will be in effect from 12 May until 7 June. According to the order, all social gatherings are banned; inter-state and inter-district travel is only permitted for emergencies, essential work and medical purposes; private vehicles and taxis will only be permitted to carry up to three occupants; schools will remain closed; and restaurants are only permitted to provide takeout and delivery services. In related developments, beginning on 13 May travelers entering Malaysia from Singapore as part of the Periodic Commuting Arrangement (PCA) will be required to quarantine for 14 days at a government-designated facility until further notice.

Philippines (Security threat level – 4): On 8 May 2021, officials with the Inter-Agency Task Force for the Management of Emerging Infectious Diseases imposed new coronavirus-related quarantine requirements for arriving passengers. All travelers entering the Philippines must undergo a 14-day quarantine. The first 10 days are in a government-designated facility and the final four days may be completed at a traveler’s residence if they test negative with a PCR test on the seventh day. Travelers with proof of complete vaccination are not exempt from the new quarantine measure.


Egypt (Security threat level – 4): On 9 May 2021, Health Ministry officials imposed new coronavirus-related entry requirements for all incoming travelers. All visitors from countries with reported COVID-19 variants will be required to take a nucleic acid test upon entry. Travelers who are completely vaccinated or have proof of complete recovery from COVID-19 are not exempt from the new test requirement.

Israel / Palestinian Territories (Security threat levels – 3 / 4): On 10 May 2021, Israeli police officials in Jerusalem announced that they will allow the annual Jerusalem Day Flag March to occur in Jerusalem as scheduled despite heightened tensions between Palestinians and Israelis in the city. Local officials in Jerusalem decided to allow the march despite an intelligence assessment that indicated allowing the procession would exacerbate the situation and cause an increased risk of violence in the West Bank and Gaza Strip, although they did alter the route to avoid Sheikh Jarrah and the Muslim Quarter in an effort to decrease tensions.

In anticipation of possible terrorist attacks, Israeli military officials announced that travel between the cities of Ashkelon and Beer Sheva is banned until further notice. Authorities have blocked the main highway between the two cities and train service is suspended until further notice. Authorities have also blocked all highways west of Highway 232, including all areas adjacent to the Gaza Strip. Further details regarding the road closures are available here  (in Hebrew). Additionally, security officials have warned hospitals across Israel to prepare for possible mass casualty incidents. Aviation officials have also rerouted traffic into and out of Ben Gurion International Airport (LLBG/TLV) in anticipation of possible rocket attacks. Officials with the Palestinian militant group Hamas have given Israel until 1800 local time (1600 UTC) to withdraw police forces from the al-Aqsa Mosque compound and the nearby Sheikh Jarrah neighborhood.

Earlier on 10 May, clashes occurred between Israeli security forces and Palestinian protesters at Al-Aqsa Mosque located in the Old City area of Jerusalem for a fourth consecutive day. The unrest occurred after protesters attacked the Mugharbi Gate located in the western section of the compound. Demonstrators then began to throw stones and other projectiles at security forces as they attempted to disperse the protesters. Security forces used tear gas and stun grenades against the demonstrators. Clashes also occurred between security forces and protesters in the vicinity of Lion’s Gate after an Israeli motorist crashed into Lion’s Gate due to protesters throwing stones at his vehicle. Various media reports indicate that groups of Palestinian protesters marched through the Old City area. Security forces closed several gates to the Al-Aqsa Mosque in reaction to the clashes. At least 278 Palestinian protesters and nine members of the Israeli security forces were injured during the unrest. There are no reports of arrests.

The protests are in response to the Israeli government’s efforts to evict Palestinians living in the Sheikh Jarrah neighborhood of East Jerusalem. Similar clashes took place on 8 and 9 May. In related developments, during the early morning hours of 10 May, at least three rockets were fired from the Gaza Strip toward the town of Sderot and the surrounding area. Israel Defense Forces intercepted two of the rockets, with one landing outside the town. A balloon armed with explosives landed in a field near the town of Dorot located in the Sha’ar Hanegev region. Explosive ordnance disposal technicians rendered the explosive safe and removed it from the area. Israel Defense Force personnel closed the Erez border crossing to all traffic except for humanitarian cases in response to the rocket and balloon attacks originating from the Gaza Strip. Currently, no group has claimed responsibility for the rocket and balloon attacks.

Analyst Comment: Organizations with assets and personnel in Israel — and particularly in Jerusalem — should monitor the situation closely. Individuals currently on the ground in Israel should avoid the Flag March and other Jerusalem Day celebrations due to the heightened risk of violence.


Chad (Security threat level – 5): On 9 May 2021, the military claimed that it defeated the Front for Change and Concord in Chad (FACT) rebel group following recent clashes in the northern province of Kanem, although a FACT spokesperson refuted these claims. Lending validity to the military claims, Chadian soldiers returned to the capital city N’Djamena on 9 May with tanks and armored vehicles, as well as captured militants whom they delivered to an army base in the city.

Also taking place over the weekend, on 8 May security forces clashed with protesters in N’Djamena, firing tear gas to disperse the crowd. Demonstrators had gathered to protest the Transitional Military Council (CMT), claiming that the military unfairly seized power following the death of President Idriss Déby in April amid the conflict with FACT. While the protest organizers called for additional rallies on 9 May, they were ultimately postponed due to the clashes that occurred the previous day.


Cameroon (Security threat level – 4): On 8 May 2021, the U.S. Embassy in Yaoundé issued a Security Health Alert, which reads in part as follows: “The U.S. Embassy in Yaoundé reminds U.S. citizens that threats posed by criminals and armed actors, as well as the COVID-19 pandemic remain real and significant concerns in Cameroon. In light of the upcoming Ascension Day-Eid al Fitr (May 13) and National Day (May 20) holidays, individuals should practice good personal security and public health habits. COVID-19 is still a significant public health concern in Cameroon. Avoiding large crowds and crowded areas is recommended to keep you from contracting the virus. Wear a mask when around other people, practice good social distancing measures, and wash your hands with soap and water frequently.”

“The full text of the alert is available here.

Kuwait (Security threat level – 2): On 7 May 2021, the U.S. Embassy in Kuwait City issued a Health Alert, which reads in part as follows: “Starting May 22, Kuwaiti citizens, first-degree relatives of Kuwaiti citizens, and domestic employees traveling with them are not permitted to travel from Kuwait unless they are fully vaccinated. It is the Embassy’s understanding that these exit restrictions only apply to non-Kuwaiti citizens if they fall into these categories.

“Fully vaccinated is defined as follows: For those who received one dose of the vaccine, that more than five weeks have passed after receiving it. For those who have received two doses of the vaccine, that more than two weeks have passed after receiving the second dose. For those who have contracted COVID-19 and recovered, that more than two weeks have passed after receiving a single dose of the vaccine.”

United Kingdom / United States / Russia (Security threat levels – 3 / 2 / 3): On 7 May 2021, the U.S. Cybersecurity and Infrastructure Agency (CISA) issued a Joint Advisory with the FBI, NSA and the U.K. National Cyber Security Centre (NCSC) regarding Russian cyberthreat activity, which reads in part as follows: “CISA has joined with the United Kingdom’s National Cyber Security Centre (NCSC), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA), in releasing a Joint Cybersecurity Advisory on Russian Foreign Intelligence Service (SVR) tactics, techniques, and procedures. Further TTPs associated with SVR cyber actors provides additional details on SVR activity including exploitation activity following their initial compromise of SolarWinds Orion software supply chain.

“CISA has also released Fact Sheet: Russian SVR Activities Related to SolarWinds Compromise that provides summaries of three key joint publications that focus on SVR activities related to the SolarWinds Orion supply chain compromise.

“CISA strongly encourages users and administrators to review the joint advisory as well as the other two advisories summarized on the fact sheet for mitigation strategies to aid organizations in securing their networks against Russian SVR activity.”