jump to navigation

The Geopolitical Context of Piracy by Dr. Heather Mark January 3, 2012

Posted by Chris Mark in Failed States, Laws and Leglslation, Piracy & Maritime Security, Risk & Risk Management.
Tags: , , , ,
add a comment

This is a guest post by Dr. Heather Mark.  This is a short article of a larger whitepaper titled “Understanding Modern Piracy: Geopolitical and Regulatory Considerations” which is found here.

“Executive Summary

The scourge of modern piracy is often unrecognized by the general public.  However, those involved in the Maritime industries are all too familiar with the danger, both physical and economic, posed by pirates.  Modern pirates hearken less to the romantic imagery of the swashbuckling adventurer than they do to the violent, mercenary gangsters that they more closely resemble.  Such imagery, however, does little to explain the pirates’ motivations, their impact on shipping and the reaction of the governments whose economies are threatened by their actions.

The following paper will provide a brief analysis of the current impact of piracy on shipping, and the geopolitical context that allows these criminals to thrive.  Further, the paper will provide an overview and analysis of some of the international efforts to curtail piratical activity and their effectiveness.

“Absolute freedom of navigation upon the seas, outside territorial waters, alike in peace and in war…”

-Woodrow Wilson, The 14 Points

Introduction

Modern piracy can best be described as a hidden plague on the economies of the world.  While most are unaware of, or perhaps simply do not understand, the pervasiveness and impact of piracy on international shipping lanes, the phenomenon is very real and has a tangible impact, not only on the maritime industry, but also on the global economy.  As the global economy struggles with worldwide recession, failing and failed states are acting as a breeding ground for organized piratical activity – from “muggings” at anchor to armed hijackings while underway.

The lack of awareness of the piracy issue, however, does not mean that this is a victimless crime or even one that has little to no impact on the public.  There are very tangible costs to the crime wave for which everyone pays. For example, should a ship be the victim of a pirate attack, the owner can choose to report the incident to the appropriate authorities.  If the owner does so, it must absorb not only the cost directly associated with the attack (delays and interruptions to name just a few) but must also bear the legal costs that are associated with the attack investigation.[1]  This also invariably leads to higher insurance premiums, as well.

Given the costs associated with choosing to report acts of piracy, it should come as no surprise that as many as 50% of incidents are unreported.  Over the last five years, incidents of piracy have grown increasingly common.  In 2009 alone there were over 400 incidents of reported piracy.  According to statistics from the International Maritime Bureau, acts of piracy are growing more and more violent as pirates learn from their experience, re-invest their ill-gotten gains to strengthen their criminal enterprise and widen their area of operations.

It is important that these criminals and their intentions not be underestimated.  There is an apparent tendency to discount the sophistication of modern pirates.  The fact that they often attack in traditional fishing vessels, dhows and skiffs often belies the shrewd organization and violent intentions of those orchestrating the attacks.  In order to better understand the phenomenon of modern piracy, one must understand the origins of the crimes.  What may have begun as a desperate turn by individuals seeking to supplement their dwindling incomes has become a serious plague on the international Sea Lines of Communications (SLOC).

Despite the growing impact of piracy on the shipping industry, the general public has yet to demonstrate a sustained interest in combating piracy on an ongoing basis.  American public opinion has been singularly focused on issues of terrorism since the attacks of September 11, 2001.  Though many scholars have theorized about a connection between piracy and terrorism there has yet to arise a substantive, tangible relationship between the two criminal acts.  At their core, the two acts have very different aims – piracy is undertaken for purely economic reasons and requires secrecy and anonymity so that the criminals can continue their activities, while terrorism is undertaking for ideological reasons requires an audience to be effective[2].

Looking at the activities of piracy only tells part of the story, however.  In order to understand the phenomenon of modern piracy, one must understand the underlying causes. These individuals and, in many cases, organizations, do not exist in a vacuum and are a product of the environment in which they exist.  There are certainly variables that give rise to conditions favorable to crime.  This paper will examine some of those conditions, including the geopolitical and economic contexts that may give rise to piracy.

Geopolitical Context

There are a number of factors that must be addressed when examining modern piracy from a geopolitical perspective.  Not only must one examine the constraints facing states in fighting piracy, but one must also examine the features that allow piracy to thrive.  There is a discussion of law enforcement that cites three critical elements in the prevention of crime.  Of the three elements deterrence is perhaps the most important.  In other words, the criminals must perceive greater danger to themselves in perpetrating the crime (ie. getting caught, wounded or killed in the act)than they see reward in committing the crime and escaping.   In geopolitical terms, the deterrence of crimes becomes increasingly complex, particularly when dealing with issues of sovereignty and failed, or failing, states.  For the sake of brevity, this paper will not attempt to examine every possible cause of international piracy, but will simply highlight those issues that best demonstrate the roots of the issue and the complexity associated with combating piracy.

State Sovereignty

Efforts to address international issues often give rise to conflicts of state sovereignty.  The very existence of the United Nations still leads to heated debate in a variety of circles.  While it is certain that international cooperation is beneficial for a number of reasons, there are those that feel that belonging to the cooperative necessarily results in the dilution of sovereignty.  If countries cannot, or are at least discouraged from, taking unilateral action, one must question the degree to which they are maintaining their sovereignty in light of the communal pressures.

Contrast the need to maintain state sovereignty with the need for collective security agreements, however.  Collective security agreements remain a fact of international life, the driving notion being that there is safety in numbers, for states as well as individuals.  Alliances are necessary to mitigate the threat of hostility.  Security and sovereignty are two fundamental requirements for the longevity of the state. These two competing needs require states to master the delicate balance of maintaining their independence and sovereignty while cooperating with neighboring states to the extent necessary to achieve stability and security.

Inis Claude describes the challenge of collective security: “Collective security requires the relinquishment of the sovereign free hand in the most vital issues of foreign policy, the abandonment of national biases for and against other states, and a consequent willingness to follow the lead of organs of the community in taking action in opposition to any aggressor, on behalf of any victim[3].”  With this description in mind, one can begin to see the struggles that face the collective efforts to combat piracy, particularly in littoral regions bordered by states that are taking pains to project themselves as a strong, sovereign power.  One of the most piracy prone areas in the world, the Malacca Straits, provides ample illustration.

The Trilateral Coordinated Patrol, introduced in 2004, was a joint effort among Indonesia, Malaysia and Singapore to patrol the littoral waters along the coast in an effort to deter piracy.  However, in its initial implementation, the Patrol failed to produce a significant reduction in piratical acts in the area.  This was at least partially attributed to the fact that the Patrol failed to allow for cross-border pursuit[4].  Issues of state sovereignty discouraged the presence of foreign navies in state waters, even in the pursuit of dangerous criminals and for the purposes of collective security.

Recent reports, from the Indonesian embassy, estimate that the Trilateral Coordinated Patrol has succeeded in reducing piracy in the area by 70%[5].   That being said, the International Maritime Bureau still cites the Malacca Straits as one of the most piracy prone areas in the world and advises ships to use extreme caution when moving through the region.  Indonesia and Malaysia in particular are wary of international assistance for the Trilateral Coordinated Patrol, while Singapore has been is more welcoming.

Issues of state sovereignty are further involved due to the fact that most acts of piracy occur within the “12 nm territorial seas or the 200nm exclusive economic zones (EEZ) claimed by most states, according to Richard O’Meara.  O’Meara ascribes the complications in deterrence and prosecution of pirates to the fact that they must be dealt with according to the “vagaries of local criminal codes, administration processes, resource allocation, and corruption[6].”

Consider that piracy takes place in stages, many of which begin on land.  Planning, supplying and orchestrating the attack are often carried out on land.  In addition, the pirates may attack domestic ports or steal ships at port with which they can then use to carry out their operations at sea.  These domestic issues fall under the jurisdiction of the local governments and law enforcement agencies.  For many states, allowing international law to determine the extent of deterrence and enforcement that takes place domestically is akin to sacrificing sovereignty.  For that reason, anti-piracy conventions and collaborative efforts are necessarily constrained to the activities at sea.  While international cooperation and regulations may be prescribed, and will be discussed later, there is no enforcement mechanism by which states can coerce others into abiding by those regulations.

Failing and Failed States

Failing states, those defined by the Failed States Index as “vulnerable to collapse” are understandably more sensitive to issues of state sovereignty than others may be.  These states may act in a manner such that the international community continues to perceive them as being capable of projecting their power both domestically and abroad.  In fact, the Failed States Index the definition of a failed state is one in which the state has lost physical control of its territory[7].

Using that definition in the context of piracy, one can easily see why states like Indonesia might be reluctant to accept assistance from foreign powers in dealing with the domestic components of piracy.  Using the Malacca Straits and the Trilateral Coordinated Patrol as an example, one could likely have predicted the reluctance to accept foreign assistance by simply looking at the failed states index.  Indonesia has a “failure” index score of 83.1 while Malaysia scored a 69.2.  Both of these states fail solidly into the “warning” category and both are resistant to taking on a great deal of direct foreign assistance in fighting piracy in their littoral waters.  Contrast that with Singapore, a state that has been more willing to accept such assistance.  Singapore scores a 160 on the Index, which places it almost in the “sustainable” category[8].

Adam Young also concludes that weak states often exacerbate conditions that may lead to piracy.  According to Young, “ these problems are in part created, and exacerbated, by weak state control of political hegemony, i.e. the means of a state’s legitimacy: the monopolistic control over violence within defined territorial borders.  Numerous gaps in this control have allowed piracy the operational space to re-emerge…[9]

The Gulf of Aden provides ample illustration of how failing and failed states have allowed piracy to take root and flourish.  Somalia is a failed state.  In fact, it ranks at number one on the Failed States Index.  Its governmental organs are non-existent.  There is no recognized law, nor is there any means to enforce that law if it did exist.  Somali pirates often claim to be members of the Somali Navy or Coast Guard enforcing fishing rights in the region.  Since  no actual Somali Navy or Coast Guard exists, there is no one to prevent such acts from occurring.  One might suggest then that regional collective security arrangements might be beneficial in taking on the problem of piracy.  An examination of the surrounding states, however, once demonstrates why collective security arrangements would fail.

Dijbouti, Somalia’s neighbor to the north, is considered a “failing” state.  Yemen, the state directly across the Gulf of Aden is a “failed state.”  Eritrea, the Sudan, Ethiopia – all of these states bordering either Somalia or the Gulf of Aden itself top the list of Failed States.  They have little or no means of enforcing laws within their own borders, let alone attempting to work together to stem the tide of Somali pirates.

The Fall of the Soviet Union

The fall of the Soviet Union provides another illustration of the ways in which the failure of a state can have impacts on a global scale. Despite the ever-present tension between the United States and the Soviet Union, the Cold War served to establish and maintain a balance of power throughout the world.  As the two countries divided the world and fought wars by proxy, the support of the two powers served to contain large-scale aggression.

Several authors cite the end of the Cold War as a factor in the rise of piracy.  “The proliferation of small arms among transnational criminal syndicates since the end of the Cold War who are now able to take advantage of a huge array of sophisticated weaponry left over from past wars in Afghanistan and Cambodia as well as from the former Red Army…[10]” is just one example of the widespread impact of Russia’s fall from power.

When the Cold War ended, it created a power vacuum – a uni-polar world that is too large for one power police, but in which no other power has been able fill the void.  The United States, understandably, projects its power into those places that hold the most strategic importance.  To date, piracy has not been a strategic concern of the United States, but has most affected those countries that were on the fringes of the power struggle between the two superpowers.”

 

[1] Chalk, Peter. (2008)The Maritime Dimension of International Security: Terrorism, Piracy and Challenges for the United States. Rand Corporation.  P. 15
[2] Sakhuja, Vijay. (2007) “Sea Piracy in South Asia,” Violence at Sea: Piracy in the Age of Global Terrorism.  ed. Peter Lehr.  Routledge, Taylor & Francis Group; New York, NY. Pp.33-34.
[3] Claude, Inis L. Jr.  (1962) Power and International Relations.  Random House;  New York, NY. Pp. 196-204
[4] Raymond, Catherine Zara and Morrien, Arthur.  (2009) “Security in the Maritime Domain and Its Evolution Since 9/11,” Lloyd’s MIU Handbook of Maritime Security.  CRC Press; London. Pp. 3-11
[5] ANTARA News.  (July 14, 2010) “Seven Countries to Discuss Malacca Strait Security.”  http://www.embassyofindonesia.org/news/2010/07/news040.htm
[6] O’Meara, Richard M.  (2007) Maritime Piracy in the 21st Century:
[7] The Fund for Peace. (2010) “Failed States Index 2010.”  http://www.fundforpeace.org/web/index.php?option=com_content&task=view&id=102&Itemid=891#4
[8] It should be noted that Singapore falls between France and the United Kingdom in the Failed States Index’ rankings within the “moderate” category.  The United States and Japan are also in the same category.
[9] Young, Adam. (2007) Contemporary Maritime Piracy in Southeast Asia: History, Causes and Remedies.  Institute of Southeast Asian Studies; Singapore.  P.99
[10] Ong-Webb, Graham Gerard.  (2007) “Piracy in Maritime Asia,”  Violence at Sea: Piracy in the Age of Global Terrorism.  ed. Peter Lehr.  Routledge, Taylor & Francis Group; New York, NY. P.79

Chris Mark in The Maritime Executive August 30, 2011

Posted by Chris Mark in InfoSec & Privacy, Piracy & Maritime Security, Risk & Risk Management.
Tags: , , , ,
add a comment

Yours Truly (Chris Mark) was interviewed in the current issue (July – August, 2011) of The Maritime Executive on the topic of Cyber Piracy.  You can read a summary of the issue here. If you are not a current reader, Maritime Executive is a great periodical with volumes of information on the Maritime industry. You can subscribe to the print edition here.

“Jack O’Connell has explored the Internet underworld with his piece, “Cyber Piracy: Clear and Present Danger?” It’s a dangerous cyber world in which we unknowingly tread, so users beware. Both of these article’s are timely and essential reminders of an Internet moving faster than a speeding bullet.”

Security 101; Defense in Depth August 26, 2011

Posted by Chris Mark in Risk & Risk Management, Uncategorized.
Tags: , , , ,
1 comment so far

This post is a complement to the post Risk101.  In reading a number of articles and positions on maritime security strategies it appears that some of the authors, while well intended, misunderstand or misstate the basics of security.   While this particular post is not a dissertation on security, it will discuss one of the more important concepts- Defense in Depth.

While defense in depth has been widely promoted as an information assurance concept developed by the NSA, it originates from military strategy. To understand how DID works, it is important to understand that security is not, and cannot be absolute.  It is not a binary concept- “secure” or “not secure”.  The appropriateness of a security strategy is relative to the identified risk.  One cannot say: “my house is secure”.  You can say: “My house has been secured in a manner that is commensurate with the identified risks”.  Security should be viewed as a function of time & effort.  Given the skills/tools, a person with sufficient time and effort can theoretically circumvent any control.  As skills/tools improve security controls must also adapt.  Safes are good examples of this concept.  The Safe Source provides US safe ratings.  Safes are rated from B1- simple theft resistant to B6 which is an underwriters certification which includes TRTL-30.  This rating means that a particular safe has been shown to 30 minutes of net working time with a torch and a range of tools including high-speed drills with carbide bits, saws and prybars.  While safe ratings are not the focus of this post, it is a good example of the security continuum.  Notice that none of the safes provide a ‘guarantee’ that it can never be breached.  With tools, and effort it is simply a matter of time.  The goal of any security strategy is to increase the risk/reward calculation to the point where the attackers give up on the effort.

The basic concept behind defense in depth is to give up space to buy time.  By implementing multiple layers of controls with each layer designed to delay the attacker it is possible to move modify the risk/reward calculation to the point where it is simply not a wise investment of time to continue the effort. Remember that security must be implemented commensurate with the identified risk.  As the risk increases the controls must increase proportionally.  Until this past year, many shipping companies were content with using less than lethal technologies to deter pirates.  As ransoms have exceeded $3million US the pirates have greater incentive to assume risk and spend the time/effort on an attack and therefore shipping companies need to increase their security controls.

Defense in Depth strategies require that companies evaluate and implement a number of controls.  In general, security controls can be categorized into detection, prevention,  and responsive controls. There is often a temptation to spend money and effort on preventive controls alone.  This is a dangerous strategy.  A complete defense in depth strategy will employ a number of overlapping controls to include best practices in ship speed, maneuvering, and routes, as well as more dynamic controls such as the use of armed guards, and citadels.  The controls should be included in a force continuum.  In short, the use of force should be the last control employed…not the first.

By ensuring that you evaluate your security needs and controls in the context of the identified risks to which your vessels are exposed you are better able to make decisions regarding the types of controls required.  By implementing the controls using a defense in depth strategy ensuring that you address detective, preventative, and responsive controls you will ensure that you have a comprehensive security strategy designed to provide the maximum defensive value at the lowest possible cost.

Security 101: The Human Element – “Trust but Verify” August 24, 2011

Posted by Chris Mark in InfoSec & Privacy, Risk & Risk Management.
Tags: , , , , ,
1 comment so far

As maritime security becomes more lucrative and companies to steps to stop attacks, it is the natural evolution of crime that the pirates will begin looking for new vulnerabilities to support their efforts.  Often the most vulnerable element of any security strategy is the human element.  People often provide the proverbial ‘weak link’ in the strategy.  Often it is not an intentional act by a person that creates and issue.  It could be a simple mistake or the person could be deceived into taking action.  While these are common aspects of security today I want to talk about people that take direct action with intentions that are contrary to the organization.  It not something that any company likes to consider but it is an unfortunate fact of life.  People are rational actors and as such a percentage of any population will be inclined to perform actions that are outside the bounds of what are considered by most to be ethical or moral behavior.   This is where the idea of “trust but verify” comes in.  We all like each other and we all want to believe that we are all honest people.  It is irresponsible however, to simply take people at their word.  It is responsible and appropriate given my access to information.  It is obvious that with increased responsibility comes increased authority.  Often this leads companies to believe that these senior “trusted” individuals do not require the same level of monitoring to which more junior level employees may be subject. This is a serious mistake.  Increased responsibility and authority comes with increased access to information.  It is often these very employees that can do the greatest damage.  I will give an example from my own experience.

Recently through some legal proceedings it was discovered that a former Chief Technology Officer of a company I previously owned had taken steps to download every single employee and contractor’s email to his personal system.  When confronted at the proceeding, he admitted he had indeed downloaded very email.  He then took a number of steps to hide his actions.  His actions were only discovered 2 years later through legal proceedings.  He has not divulged why he took such action.  It should be noted that in many states in the US this is not only a crime but is a felony.  This was not a junior level employee who could plead ignorance.  This was a person with a graduate degree in information security who, by his own admission, “defines security and risk”.  To say I was apoplectic when I discovered his actions would be an understatement.  He not only violated the trust of the company and me personally, but potentially committed a serious crime.  The point of this example is to demonstrate the need to “trust but verify” what ALL employees are doing.

Operational security, or OpSec, is increasingly important in a hyper-competitive world.  Add to that the new threat of information theft by pirates and those supporting piratical acts and the need to protect your information and assets becomes critical.  It is not only the junior level staff that should be monitored and ‘verified’, it is all employees.  Anyone with a security clearance is used to the fact that every few years the Gov’t decides to crawl through your life and put you through a polygraph to ensure that you are still ‘trusted’.  This is a good example of ‘trust but verify’.   When developing a strategy to address information security, and operational security, it is important that all areas of the business are considered and addressed.  Often it is a single trusted person that cause irreparable  harm to the organization.

2011 Pirate Attacks at Record Pace July 14, 2011

Posted by Chris Mark in Piracy & Maritime Security, Risk & Risk Management.
Tags: , , , ,
add a comment

If the first six months of 2011 are any indication, the year is going to break records for the number of pirate attacks.  In the first six months of the year attacks are up 36% from 2010.  According to IMB, from January through June of 2011 there were 266 attacks compared with 196 a year earlier. While the number of attacks increased, the number of ships hijacked fell from 27 to 21 due to increased security measures.  Pirates only hijacked 1 in 8 vessels this year compared with 1 in 4 last year.  Unfortunately, there is a downside to the increased security.

According to IMB the pirates are taking more risks and becoming more violent in their attacks.  This year pirates fired upon ships during monsoon season for the first time.

Monsoon weather in the Indian Ocean region that began in early June displaced pirates to the Gulf of Aden and the southern Red Sea, the IMB said. It called the 18 attacks reported in the Red Sea area since May 20 “a cause for concern.” Three attacks in the Indian Ocean in adverse weather showed threats remained during monsoons for the first time, the IMB said, citing winds of 34 miles an hour and swells of 4.5 meters (15 feet).

“It may be that these recent Indian Ocean incidents are a sign of desperation on behalf of pirates, or that there are many more pirate action groups operating now than there were in 2010, particularly outside the Gulf of Aden,” the IMB said.

In short, while increased security measures may be hampering the success of pirates, this trend is not expected to last.  The potential ‘return on investment’ of a hijacking is simply too great for pirates to ignore.  The result with be an inevitable cycle of increased security followed by increased risk taking by the pirates.  This pattern can be seen developing now.  It is important for shipping companies to evaluate arming their ships with professional security personnel to prevent hijackings.