jump to navigation

Attacks down 65% & Hijackings down 85% from November 2010 December 13, 2011

Posted by Chris Mark in Uncategorized.
Tags: , , , ,
add a comment

According to a story published by BBC News, attacks on vessels in November 2011 were down 65% from 35 in November 2010 to 12 in November 2011.  Additionally, while 7 of the 35 attacks resulted in a hijacking in 2010, only 1 of the 12 attacks was considered ‘partially successful’.  The decline in attacks and hijackings can be attributed to several factors.  First, more ships are employing armed guards, second more ships are adhering to BMP4 and finally, the naval presence in the region is deterring attacks.  It will be interesting to see if the trend continues or if the pirates simply become more bold, or more violent in their pursuit of ransom money.

US Compliance; FFL & ITAR December 12, 2011

Posted by Chris Mark in Uncategorized.
Tags: , , , , ,
add a comment

The United States allows both individuals and companies to purchase firearms for personal as well as business use.  Much to the surprise of many (even other Americans), it is a right to own automatic weapons and silenced weapons assuming the proper checks have been passed and taxes paid.  The US also allows companies to export US firearms with the appropriate licenses.  The ability to obtain firearms at a low cost and export those firearms gives US companies some advantages in armed security.  That being said, there are some very strict laws with which companies and individuals must comply.  Understand that these are Federal US laws and state laws may vary.

If your company is thinking about doing business with a US company, it is imperative that you know the rules and ensure that your vendor is in compliance.  If they are not in compliance, both the vendor and your own company may come under scrutiny and, at worst, may have legal implications.

Federal Firearms License (FFL)– This license allows individuals and companies to ‘own’ ‘manufacture’, and ‘sell’ firearms including pistols, rifles, shotguns, and the like.  A ‘class 3’ license also allows for the ownership, manufacturing, and sale of prohibited firearms such as automatic weapons, suppressors, and short barreled weapons.  In short, if a US company is claiming to have access to firearms they must possess an FFL and (this is important) all firearms must be owned under the company’s name and company’s FFL.  Remember, in the US individuals can own firearms.  It is easy for someone to purchase firearms under their personal name and claim that they are owned under the FFL.  The Bureau of Alcohol Tobacco and Firearms (ATF) requires very strict documentation for all firearms bought, sold, manufactured, modified, or disposed of under and FFL.

International Arms Traffic in Arms Regulation (ITAR) controls the importation and exportation of ‘defense articles’.  This includes firearms, night vision equipment, and other items that are controlled by the US Government.   The ITAR is a component of the US’ Arms Export Control Act of 1976.  The US Government strictly prohibits and controls the export of certain firearms and other technology.  The act does allow, however, individuals to travel with up to 3 firearms for ‘personal use’ (Such as hunting) provided the individual returns with the firearms.  Disposing of the firearms is a felony.

When evaluating a US company with which to do business it is not enough to know that they have an FFL and ITAR.  You want to ensure that the company is in compliance with the regulations.  I have a drivers’ license but if I consistently drive while intoxicated, I am not in compliance with the license.  Here are some questions that you can ask your vendor.  Always get evidence of the answers and documented proof for your records.

1) Are all firearms used in conjunction with the contract purchased and owned under the company’s FFL?

2) Are only firearms registered under the FFL exported under the ITAR license?  (for each transit ensure that a list of firearms and serial numbers are listed for your records)

3) Are all firearms returned to the United States in accordance with the ITAR license?

The last point is particularly relevant and includes components of the first two.  Since many merchant vessels are operating close to areas that are on the US” prohibited list (Sri Lanka, for example), US companies are under particular scrutiny in these areas.  If the firearms are exported to the US and into the theater and then simply ‘disappear’ or are not returned to the US it could raise serious issues for the vendor and their clients.  Obviously, the US government is concerned about firearms being put in potentially the wrong hands.

**As another important point, the ITAR only allows for the exportation of firearms from the US, the vendors are responsible for obtaining all relevant licenses in countries in which the firearms will be transferred through or used.  Failure to do so can result in arrest and/or prosecution in the country in which the firearms are transferred.

In addition to obtaining all ITAR and FFL information, ask for evidence of appropriate licenses in foreign countries, as well.

By following these simply rules, and asking a few questions you can have confidence that your security vendors are operating in a manner consistent with the US Government regulations.

COTS Technology & Security December 1, 2011

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , ,
add a comment

Back in the1990’s I was a qualified Marine Sniper.  In the good ‘ole days of the USMC, we fired the M40a1 (don’t laugh jerks 😉 .  It was basically a Remington 700 action chambered for 7.62 x 51mm NATO (.308) with a Win M70 (pre64) trigger, a Unertl fixed 10 power scope with a MilDot reticle and a McMillan monte-carlo stock (I sound like a computer geek…it hash 500 gigibits of RAM..;).  The A1 was introduced in the 1970’s and we had to learn the rifle inside and out for Sniper School.  The rifle was guaranteed to shoot 1 MOA (or roughly 1 inch groups per every hundred yards for the non shooters).  1″ at 100 yds, 2″ at 200 yds, and so on.  I though the 14 lb rifle was the apex of engineering and was proud to carry that heavy bastard.  Back in the 1990’s there were a number of companies that could make an M40 replica for around $3,000US or about $4,500 today, when adjusted for inflation.  Back in the day as a young Marine, I could never afford a precision rifle as they all ran upwards of $3,000 in 1993 dollars.

Last year I purchased a Remington M700 SPS Tactical .308 for $599US. I figured that for $600 even if it shot only 1.5 MOA it would be fun to shoot.  I put a $350US Nikon tactical scope on top and took it to the range to break it in.  This rifle has a Remington XMark pro adjustable trigger, a 20″ barrel and Hoag over-molded stock.  I had read good reviews about the rifle but imagine my surprise when, after breaking it in,  it was shooting 3/8 inch 3 shot groups at 100 yds from a bipod! (see the pic at top..that is 3 shots)  This is only a 7.5 lb rifle.  I could NEVER get my M40 to shoot better than about 3/4 inches off a sand bag.

The moral of the story is that while warfare is not good for much, manufacturers really begin to focus on improving technology that can be used on the battlefield.  A person today can purchase a rifle for less than $1,000 that shoots better than my M40 did “back in the day”.  We see these improvements not only in rifles but in body armor, camoflage, communications equipment, optics, and other areas. The military is increasingly looking at Commercial Off the Shelf Technology or COTS. Looking at what the modern soldier, sailor, and Marine carries today really puts into perspective how much has changed.

So what does this have to do with Maritime security?  Security often requires firearms, optics and other technology.Today, it is possible to outfit guards with very reliable, very accurate firearms at reasonable prices.  The same can be said for optics.  It is possible to purchase good Gen 2 night vision in the US for about $2,000US and Gen 4 for less than $4,000 US.  Night vision technology even in the 1990’s was prohibitively expensive.  Even thermal imaging technology can be had for less than $8,000.

On the flip side, it should be noted that the “bad guys” can also get their hands on better gear today then they could even 5 years ago.  It is important to stay ahead of the curve and ensure that if you hire guards they have appropriate kit and are adequately trained to use the equipment.

Happy B-Day Marines (Both USMC and Royal Marines)… November 10, 2011

Posted by Chris Mark in Uncategorized.
Tags: , , , , ,
add a comment

On November 10th, the US Marine Corps will celebrate its 236th birthday. Founded in Philadelphia, PA at Tun Tavern on November 10th, 1775 the Continental Marines are the forefathers of our modern USMC.  Every year US Marines recognize the birthday with remembrance of our fallen brothers and the history of our beloved corps.

Since we have a number of Royal Marines in the industry, I thought it appropriate to wish our elder brethren a Happy B-Day, as well.  Although the Corps of Royal Marines can trace its lineage back to 1755, the origins of the RM go back to 26 October, 1664 making the RM 345 years old in 2011. (hopefully, my Marine math is right)

Both sets of Marines have distinguished themselves in battle. The US Marines started life during the Barbary Wars against the pirates of the Barbary Coast in the early 1800s.  This was the first time that the US Flag was ever planted on foreign soil.  The USMC count the Battle of Belleau Wood (WWI) as a defining moment and where they earned the title of Devil Dog from the Germans.  In WWII was the “Island Hopping” Campaign with Tarawa, Midway, and of course, Iwo Jima.  The USMC has continued to distinguish itself in all major and minor conflicts to include Vietnam, Grenada, Somalia, Iraq (twice), Afghanistan and others.

Our Royal Marine brothers have also distinguished themselves in battle on numerous fronts. In 1704 the British Royal Marines fought in the battle of Gibraltar. For their bravery and achievments they are commemorated by “Gibraltar” and it is the only battle honor worn on the Royal Marines badge and colors.  The 1800’s were busy for the RMs as they fought from Ashanti, to Navarino and the Crimean War in 1854.  WWI saw the RM fight in Gallipoli, win honors in Zeebrugge and fight in the trenches on the Western Front.  In 1942 the Royal Marine Commandos were formed and took part in the D Day landings.  In 1982 the RM fought in the Falklands, and of course have been active  and served with distinction in Iraq and Afghanistan, as well as other conflicts.

To to all the Marines- Happy Birthday.  Lets not forget our brothers who have been wounded and killed in the line of duty.  Lets drink a beer, have a toast but not forget the sacrifices of our fellow Marines.

With that being said, one of the more troubling aspects of countries in wartime is that of people claiming valor that they have not achieved.  I recently learned of a former friend who has stated for years that he was a Silver Star recipient from Afghanistan.  He has posted on his bio and in various other forums.  A quick call to the USMC Awards Division  in DC confirmed my suspicions.  The person had fabricated his bravery. and his award  If you come across someone who has ‘stolen valor’ by claiming awards they did not earn or being a POW or otherwise..I encourage you to visit the following website:  www.stolenvalor.com.  I have already reported this person and they are taking action.  If any of our UK or other readers have resources for other nations, please comment and I will include.  On that note, all US service members’ military records are available to the general public (in redacted format) under the Freedom of Information Act.  If you have a question about a service member’s service, please visit the following website.  It takes some time but the Archives will send you the record minus personal data.  www.foia.va.gov

Don’t be “pwned”- InfoSec 101 November 7, 2011

Posted by Chris Mark in Uncategorized.
Tags: , ,
add a comment

pwned is a term that originated in online gaming and has been adopted by hackers.  It is pronounced ‘owned’ and the origin of the misspelling is not important but you can read about it here.  At a high level to be pwned means to be controlled.  If your 15 inch MacBook Pro laptop is infected with a backdoor program it is fair to say you have been pwned. Back Orifice (a play on MS’s Back Office) is one of the original backdoor programs. Whey is this important?

Companies and people are often under the mistaken belief that cyber criminals are only interested in servers that contain sensitive data.  In truth, user systems often contain information which is valuable.  Users often store usernames and passwords on their desktops and laptops.  Additionally, users often use their email to freely discuss information that can provide significant value to an adversary.  Consider a situation where an executive is discussing new product plans for an upcoming iteration.  Competitors (unethical competitors) would value this information.  It is estimated that intellectual property theft costs the UK 27 billion Pounds annually.

On another note, law enforcement may also have an interest in what is on a personal computer.  While laws vary, under the right circumstances, law enforcement can also track activity on personal computers.  While EU laws are much more strict in this regard, some US companies also track user behavior.  Installing tracking software that can record screenshots, key strokes, and email is a relatively simple process.  While being lawfully monitored and pwned are not the same, the technologies used are similar.

How do you know if you have been pwned?  Well…most of the time you won’t unless the other side wants you to know to send a message.  Often, anomalous activity on your system can be an indication that your system is infected with some form of malware. BlueCoat estimated in 2010 that 48% of systems were infected with malware.  Recent estimates have put the estimates as high as 80%.

So what to do?  Ensure that you use your work system for work and are careful about emailing sensitive info on an ‘untrusted’ system.  Ensure that you keep your system updated with malicious software protection.  Ensure you use a firewall with appropriate rules.  Use complex password.  It is important to remember that once your system is ‘owned’ it is very difficult to repair and have confidence in the system’s security.