Afghanistan: Green-on-Blue Attacks in Context

Published: 01 November 2012

October 31, 2012 — Written By: R. Hossain


The spike in green-on-blue attacks (also known as "insider attacks") in Afghanistan in 2012 is a worrying development that has the potential to endanger the International Security Assistance Force's (ISAF) mission to train and prepare Afghan security forces for the challenges of stabilizing the country. It is important to establish both the scope of the green-on-blue threat as well as the context in which the attacks occur.

General trends in green-on-blue attacks

From 2007 to 2012, there have been 69 documented green-on-blue attacks. It is difficult to draw definitive conclusions about the principal causes of these attacks given the small total number of incidents, but there are discernible trends.

First, insider attacks have increased in frequency over the past few years. Based on available information, there were two green-on-blue attacks in 2008, five in 2009 and 2010 each, 15 in 2011, and 40 in 2012 (as of October 31). Insider attacks were largely concentrated in the Southern, Southwestern, and Eastern regional commands. More than half of all attacks in 2012 occurred in Kandahar and Helmand, which were the focus of the counterinsurgency campaign during the "Surge."

Insider attacks are a complex phenomenon, and the trends in the data do not demonstrate causality. Instead, visualizing this data highlights the specific context in which each attack occurred. One notable anomaly is a complex attack on September 29, 2012, in which a group of apparent Afghan National Army soldiers ambushed a U.S. patrol from multiple directions at a checkpoint in Wardak, possibly with the aid of insurgents.

Possible explanations for the 2012 increase in green-on-blue attacks

There are two main narratives purporting to explain why green-on-blue attacks happen and why they are happening more frequently: grievances and infiltration. Grievance-based insider attacks occur because of cultural misunderstandings between foreign and Afghan troops, low morale, and revenge for perceived insults or provocations. Attacks caused by insurgent initiative are pre-planned violence organized by groups like the Quetta Shura Taliban or their Haqqani Network associates who have infiltrated the ANSF or influenced existing members to execute attacks.

The Pentagon believes that the vast majority of green-on-blue attacks are grievance-based rather than a result of infiltration, and on August 23, 2012 Gen. John Allen estimated that 25% of the attacks come from Taliban infiltration. In contrast, on October 4th, Afghan Deputy Foreign Minister Jawed Ludin described the majority of insider attacks as the result of "terrorist infiltration" rather than cultural differences. Another theory cites the rise in attacks in 2012 as a result of copycat behavior. Meanwhile, the Taliban claims credit for nearly every attack.

It is also important to consider the opportunity that green-on-blue incidents provide to insurgents in Afghanistan. Several indicators suggest that the Taliban is seizing on green-on-blue attacks as an opportunity to achieve a psychological effect in the U.S., responding to U.S. media coverage of prior incidents. Indicators include recent observations of a greater degree of coordination prior to attacks as well as a minor trend in copycat behavior emanating from attacks in Helmand. The sharp rise in attacks during Ramadan in 2012, which breaks from trends observed in former years, may also be interpreted as deliberate.

Navigating the information

This site includes density maps showing the geographic distribution of insider attacks in the provinces and districts of Afghanistan, graphs that place data about green-on-blue attacks in context, and charts examining trends in green-on-blue violence. Data will be regularly updated to reflect the latest information.

Note: this website is best viewed on a modern desktop browser such as Google Chrome or Mozilla Firefox. Refreshing the page may be necessary to see the most updated maps and graphics.

More information
Contact Maggie Rackl at (202) 293-5550 x205 or This email address is being protected from spambots. You need JavaScript enabled to view it.


Add comment

Due to the large amount of spam, all comments will be moderated before publication. Please be patient if you do not see your comment right away. Registered users who login first will have their comments posted immediately.

Security code

Reader support is crucial to this mission. Weekly or monthly recurring ‘subscription’ based support is the best, though all are greatly appreciated.  Recurring and one-time gifts are available through PayPal or




My BitCoin QR Code

This is for use with BitCoin apps:


You can now help support the next dispatch with bitcoins:

Donate Bitcoins