jump to navigation

Somali Pirates using Blogs and GPS to Hunt Ships June 23, 2011

Posted by Chris Mark in InfoSec & Privacy, Piracy & Maritime Security, Risk & Risk Management.
Tags: , , , , , ,
add a comment

Consistent with industry expectations, Somali pirates are increasingly turning to high technology to hunt high-value ships.  According to Techland, pirates are using GPS, as well as social media such as shipping company blogs to identify and hunt ships for attack.  According to an article in Fast Company:

“In addition to random attacks on cargo and passenger ships, Somali pirates are increasingly relying on the use of GPS systems, satellite phones, and open-source intelligence such as shipping industry blogs in order to figure out the location of ships. Much of the technological infrastructure used by the pirates is allegedly located in the Somalian city of Eyl, which has been described as the ‘piracy capital of the world.’

It is paramount that shipping companies recognize the new threats and understand that the protection of vessels and their crews extend beyond physical security and armed guards.  Ensuring that operational security processes are employed is as important, if not more important, than simply arming ships.  A review of the maritime security industry show a distinct lack of expertise in information security.

Evaluating “Safety & Security on the Cheap” June 21, 2011

Posted by Chris Mark in Risk & Risk Management.
Tags: , , ,
add a comment

Suppose you decide to take of sky diving and are looking for a parachute.  Would you consider buying a parachute from a street vendor at a great price or would you look for a company that specializes in parachutes?  I am confident that everyone reading this would opt for the specialists over the street vendor.

Security and safety are closely related and both are frequently debated topics in which risk and risk analysis plays a critical role (or should play) in allocating spending.  So the inevitable question of all for-profit companies becomes: “What is appropriate security or safety?”  In reading the blog post titled Risk 101 the answer is simply that spending should ensure that the controls are commensurate with the identified risks.  In his article “Safety on the Cheap” Robert Reich succinctly states the issue and challenges when he says:

“Inevitably there’s a tradeoff. Reasonable precaution means spending as much on safety as the probability of a particular disaster occurring, multiplied by its likely harm to human beings and the environment if it does occur.

Here’s the problem. Profit-making corporations have every incentive to underestimate these probabilities and lowball the likely harms.”

This is consistent with accepted risk management doctrine and where the challenges arise.  Companies are often willing to roll the proverbial dice and underestimate the likelihood of an event occurring or the impact should it occur.  While still a sensitive subject, the earthquake and tsunami that devastated Japan and resulted in the meltdown of nuclear reactors is a case study in this phenomenon.  Investigations after the tsunami indicated that the managers of the plant grossly underestimated both the likelihood of the tsunami and the impact.

While it is easy to talk in the abstract about spending on security, it is a difficult question to answer.  It is impossible (or nearly impossible) to determine a Return on Investment for security spending.  In the early 2000’s a number of companies attempted to define what they were calling the ROSI or Return on Security Investment.  The problem is that you cannot quantify a return for an event that does not occur.  In short, the only time you can see the value of your investment is when an incident occurs which the controls work and when you can quantify what the loss would have been.  Having been involved in many of the largest data breaches I have seen first hand the impact of underestimating the risk and ‘rolling the dice’. Another challenge that exists is the lack of actuarial data for events such as piracy.  While insurance companies have actuarial data refined to the n’th degree for automobile theft, the data does not currently exist to accurately predict the risk to ships.

According to the Dodd report, between 2007 and 2010, the average success rate of an attack is roughly 31%.  IMB reports that in spite of the presence of various task forces, piracy is at an all time high in the first quarter of 2011 with 150 incidents of the coast of Somalia in the first quarter of 2011, alone.  The average reported ransom is between $3.5 and $4.5 million. It should also be noted that pirates have captured 338 crew members, killed 7 and wounded 38 in the first quarter of 2011.  While it is difficult to precisely quantify anecdotally it is understood that piracy is increasing in both frequency and in violence.

Shipping companies, like all companies, are focused on revenue and the bottom line.  Spending on safety and security is always difficult as it is difficult to quantify a return on investment.  While it is not always possible to calculate with exacting precision the risk associated with an event, qualifying the risk is often enough to justify the spending.  When evaluating the level and type of security to engage for your ships, the same risk management principles apply as they would in information security, safety and any other industry where safety and security are critical.  It simply does not pay to buy parachutes from street vendors or approach the safety of your ships crews and the security of your ships by adhering to “security on the cheap”.

Economics of Piracy June 20, 2011

Posted by Chris Mark in Piracy & Maritime Security.
Tags: , , , ,
add a comment

Geopolicity published a very good study in May 2011 which surveys the earnings of pirates and analyzes the economics of the maritime piracy industry.  While it is no surprise that piracy is increasing significantly off the coast of Somalia but the report articulates why it is growing at such a pace. With an estimated 1500-3000 pirates operating in the Somalian waters alone, attacks are increasing at a breakneck pace.  In the first quarter of 2011, there were 117 identified attacks which resulted in 338 people being taken captive and 7 crew members killed.  Average ransom paid was between $3.5 and $4.5 million US.   According to the survey Somali pirates earn between $33,000 – $79,000 US per year with a potential lifetime earning of between $168,000 and $394,000.  When compared to the US median income of roughly $34,000 per year, it seems like piracy pays well.  When compared to the average per capita income of $500 per year in Somalia, it is easy to see why piracy is so attractive.  The income earned by pirates is between 679% and 1,570% higher than the average Somalian.  The report estimates that the current cost of piracy is between $4.3 and $8.5 billion per year increasing in 2014 to $13 and $15 billion per year.  In short, it is a growth industry.

 

Cyprus to Legislate Allowing Armed Guards on Ships June 20, 2011

Posted by Chris Mark in Laws and Leglslation, Piracy & Maritime Security.
Tags: , , , ,
add a comment

Cyprus is poised to become the first European country to legislate allowing guards on ships to fire on pirates to defend the ship.  Recognizing the seriousness of the increasingly frequent and violent attacks on ships, Cyprus is preparing draft legislation which would allow ships sailing under the flag of Cyprus to use armed guards as part of the ships defense.  The conditions under which the guards will be allowed to engage the pirat es will be strictly controlled under the law.   “Guards will not be allowed to fire first,” said George Mouskas, president of the Cyprus Union of Shipowners. According to Mr Mouskas, the move to allow armed guards on board is primarily meant to be a deterrent as pirates largely avoid well-defended vessels.  Tellingly, Mr. Mouskas states: “no ship that has armed guards on board has ever been taken by pirates, so it has been very effective,”

This marks a watershed moment in maritime security and makes a definitive statement that armed security is needed to protect ships and their crews from the increasingly violent attacks.  The Cyprus government is to be applauded for their efforts and vision on this front.

Somalia Jails Brits & Americans Over Ransom Cash June 20, 2011

Posted by Chris Mark in Piracy & Maritime Security, Risk & Risk Management.
Tags: , , , ,
add a comment

If the issue of piracy was not problematic enough, Somalia has just jailed six foreigners including three Britons and an American for bringing millions of dollars into Somalia to pay ransoms.  The Somali courts sentenced the Brit and American to 15 years in prison and a $15,000 fine for carrying $3.6 million into Somalia on charges of illegally carrying money into the country to pay the ransoms and landing in Mogadishu without the correct papers.  “We sentenced the two pilots, who are American and British nationals, to fifteen years imprisonment and a $15,000 fine each,” the Mogadishu court’s judge Hashi Elmi told Reuters late on Saturday.  As one can imagine the aircraft and cash are now the property of Somalia’s government.  This situation further highlights the challenges that shipping companies face with Somali piracy.  It is clear from this situation that the “government” of Somalia is implicitly supporting the piracy if not explicitly supporting.

According to figures from the International Maritime Bureau, pirates took a record 1,181 hostages in 2010, seizing 53 ships, all but four taken by Somali pirates. “More people were taken hostage at sea in 2010 than in any year since records began,” the organisation’s annual report said.