jump to navigation

Pirate Ransom Payments going to Somali Militant Groups July 6, 2011

Posted by Chris Mark in Laws and Leglslation, Piracy & Maritime Security, Risk & Risk Management, weapons and tactics.
Tags: , , , , ,
add a comment

According to John Steed, the principal military adviser to the U.N. special envoy to Somalia and head of the envoy’s counter-piracy unit, said links between armed pirate gangs and Somalia’s al Qaeda-affiliated rebels were gradually firming.

“The payment of ransoms just like any other funding activity, illegal or otherwise, is technically in breach of the Somalia sanctions regime if it makes the security situation in Somalia worse,” said Steed.

“Especially if it is ending up in the hands of terrorists or militia leaders — and we believe it is, some directly, some more indirectly,” said Steed, a retired military officer.  For those who believe it is still all speculation, an Al Shabab representative confirmed the arrangement:

“If there was no relationship between us, there is no way the pirates would be able to operate, or carry their weapons within zones we control,” said an al Shabaab militant based in the pirate haven of Haradhere, north of Mogadishu.

Unfortunately, this means shipping companies may be in violation of international sanctions if they pay ransoms to the pirate groups.  Under the terms of the arms embargo on Somalia, financial support to armed groups in the Horn of Africa country is banned. Both the United States and Britain regard al Shabaab as a terrorist organisation.

The best course of action for shipping companies is to ensure that their ships are adequately protected from takeover.

Security Theater- Airplanes, DNA, and Anti-Piracy June 29, 2011

Posted by Chris Mark in Piracy & Maritime Security, Risk & Risk Management.
Tags: , , ,
add a comment

Bruce Schneier, in his book Beyond Fear, coined the phrase security theater.  Security theater describes describes security countermeasures intended to provide the feeling of improved security while doing little or nothing to actually improve security.  One of the clearest examples is that of US airport security.  The guards checking people (randomly, I might add) is intended to make people feel as if they are more secure while really doing little to address the the risks to which airliners are exposed.  Today I read an article in which the Contact Group on Piracy off the Coast of Somalia or the clumsily named CGPC had announced it is building a DNA database of Somali pirates.  This database is due to be completed by 2012 and is intended to help cut off funding for pirates.  According to the president of the organization proposed database will be a “base for other international actions against piracy” in waters off Somalia.  While it is nice that something is being done, the question must be asked as to whether this is the right approach.

Another example of Security Theater is the joint patrols in the Gulf of Aden. The Gulf of Aden is approximately 205,000 square miles and the Arabian Sea is approximately 1.5 million square miles.  Task Force 151 is a multinational task force which consists of between 14-15 ships (usually).  It does not take a brilliant mathematician to see that 15 ships cannot patrol 205,000 square mile effectively.  Spread equally, each ship would be responsible for about 13,666 square miles.  When the Arabian Sea or Indian Ocean are included, the Task Force is anemic to say the least.  In spite of this, the task force maintains that while it is not exactly winning the battle, it is not losing either:

“We are not fighting a losing battle. There has not been a successful piracy attack on merchant vessels since the end of April,” Commodore Tim Fraser, a regional maritime commander, told journalists aboard the amphibious assault ship Albion.

“There has been no successful piracy event in the Gulf of Aden since September last year. Although I would not wish to give an indication that this is sorted out, because it is not,” he told a news conference.

While these statistics, if true, are to be lauded the reality remains that the first quarter of 2011 has seen the most pirate attacks on record and has shown the pirates to be increasing in violence and sophistication.  The fact remains that approximately 600 crew members remain as hostages of pirates as due scores of ships.

Growing up in Texas I remember racing my motorcycle through desolate West Texas and reading signs that warned “traffic monitored by aircraft”.  As a teenager, I slowed down until one day I had an epiphany.  Aircraft are expensive to fly and maintain.  To use aircraft to catch the odd speeder simply did not make economic sense.  From that day forward I raced like a bat out of hell on my motorcycle.  In spite of frequently exceeding 120 mph, I was never once caught by one of the airplanes.

While many of the proposed controls are intended to keep traffic flowing by increasing the confidence of air travelers and ship owners (managers, masters) the reality is that many of the current practices are less effective at actually preventing piracy than they are at making people believe they are preventing piracy.  A critical look at the numbers tells a more accurate story.  Do not be taken in by security theatrics.  The only way to ensure safe transit in pirate infested waters is to take personal accountability for the ship and her crew.

IMO Issues Guidance to Stakeholders on Use of Armed Guards June 28, 2011

Posted by Chris Mark in Laws and Leglslation, Piracy & Maritime Security, Risk & Risk Management.
Tags: , , , ,
add a comment

In the circular MSC.1/Circ.1405 dated May 23, 2011 the International Maritime Organization issued guidance to shipowners, operators, and masters on the use of privately contracted armed security personnel aboard ships.  As stated in the document, the purpose is to:

“…assist shipowners, ship operators and ship masters considering the use of PCASP on board ships to provide additional protection against piracy.”

The document includes a number of criteria for identifying, and vetting contracted armed security personnel.  I feel that one of the most important is that which states that owners, operators, and/or masters should verify:

“availability of documentary evidence that firearms are procured, transported, embarked and disembarked legally;”

There is evidence that a few companies have armed ships using weapons procured through less than ideal circumstances (for the owners, operators, and masters) and may expose the shipping stakeholders to risk.

Somali Pirates using Blogs and GPS to Hunt Ships June 23, 2011

Posted by Chris Mark in InfoSec & Privacy, Piracy & Maritime Security, Risk & Risk Management.
Tags: , , , , , ,
add a comment

Consistent with industry expectations, Somali pirates are increasingly turning to high technology to hunt high-value ships.  According to Techland, pirates are using GPS, as well as social media such as shipping company blogs to identify and hunt ships for attack.  According to an article in Fast Company:

“In addition to random attacks on cargo and passenger ships, Somali pirates are increasingly relying on the use of GPS systems, satellite phones, and open-source intelligence such as shipping industry blogs in order to figure out the location of ships. Much of the technological infrastructure used by the pirates is allegedly located in the Somalian city of Eyl, which has been described as the ‘piracy capital of the world.’

It is paramount that shipping companies recognize the new threats and understand that the protection of vessels and their crews extend beyond physical security and armed guards.  Ensuring that operational security processes are employed is as important, if not more important, than simply arming ships.  A review of the maritime security industry show a distinct lack of expertise in information security.

Evaluating “Safety & Security on the Cheap” June 21, 2011

Posted by Chris Mark in Risk & Risk Management.
Tags: , , ,
add a comment

Suppose you decide to take of sky diving and are looking for a parachute.  Would you consider buying a parachute from a street vendor at a great price or would you look for a company that specializes in parachutes?  I am confident that everyone reading this would opt for the specialists over the street vendor.

Security and safety are closely related and both are frequently debated topics in which risk and risk analysis plays a critical role (or should play) in allocating spending.  So the inevitable question of all for-profit companies becomes: “What is appropriate security or safety?”  In reading the blog post titled Risk 101 the answer is simply that spending should ensure that the controls are commensurate with the identified risks.  In his article “Safety on the Cheap” Robert Reich succinctly states the issue and challenges when he says:

“Inevitably there’s a tradeoff. Reasonable precaution means spending as much on safety as the probability of a particular disaster occurring, multiplied by its likely harm to human beings and the environment if it does occur.

Here’s the problem. Profit-making corporations have every incentive to underestimate these probabilities and lowball the likely harms.”

This is consistent with accepted risk management doctrine and where the challenges arise.  Companies are often willing to roll the proverbial dice and underestimate the likelihood of an event occurring or the impact should it occur.  While still a sensitive subject, the earthquake and tsunami that devastated Japan and resulted in the meltdown of nuclear reactors is a case study in this phenomenon.  Investigations after the tsunami indicated that the managers of the plant grossly underestimated both the likelihood of the tsunami and the impact.

While it is easy to talk in the abstract about spending on security, it is a difficult question to answer.  It is impossible (or nearly impossible) to determine a Return on Investment for security spending.  In the early 2000’s a number of companies attempted to define what they were calling the ROSI or Return on Security Investment.  The problem is that you cannot quantify a return for an event that does not occur.  In short, the only time you can see the value of your investment is when an incident occurs which the controls work and when you can quantify what the loss would have been.  Having been involved in many of the largest data breaches I have seen first hand the impact of underestimating the risk and ‘rolling the dice’. Another challenge that exists is the lack of actuarial data for events such as piracy.  While insurance companies have actuarial data refined to the n’th degree for automobile theft, the data does not currently exist to accurately predict the risk to ships.

According to the Dodd report, between 2007 and 2010, the average success rate of an attack is roughly 31%.  IMB reports that in spite of the presence of various task forces, piracy is at an all time high in the first quarter of 2011 with 150 incidents of the coast of Somalia in the first quarter of 2011, alone.  The average reported ransom is between $3.5 and $4.5 million. It should also be noted that pirates have captured 338 crew members, killed 7 and wounded 38 in the first quarter of 2011.  While it is difficult to precisely quantify anecdotally it is understood that piracy is increasing in both frequency and in violence.

Shipping companies, like all companies, are focused on revenue and the bottom line.  Spending on safety and security is always difficult as it is difficult to quantify a return on investment.  While it is not always possible to calculate with exacting precision the risk associated with an event, qualifying the risk is often enough to justify the spending.  When evaluating the level and type of security to engage for your ships, the same risk management principles apply as they would in information security, safety and any other industry where safety and security are critical.  It simply does not pay to buy parachutes from street vendors or approach the safety of your ships crews and the security of your ships by adhering to “security on the cheap”.