As companies and people look back over 2010 and take stock of the year, those involved in the piracy issue in the Indian Ocean realize that we are approaching a halfway point in what is turning out to be a pivotal year. This pivot point involves the arming of merchant vessels and how it is perceived. Up to this season (about September 2010), the concept of arming ships was considered to be, at the very least, controversial. As we begin to close out December, however, we see that this approach has gained significant popularity on one hand and, on the other hand, the detractors of it have grown increasingly silent.
On the pirate side of the equation, we have not seen an evolution-- we have seen a shift. The tactics being used by the pirates are essentially the same tactics that have been used for a while now. The weapons that the pirates have been using recently are the same weapons that have been used against the shipping industry for a while now. This is based on a check of the attacks reported to the IMB, EUNAVFOR, ReCAAP, NATO Counter Piracy Operation Ocean Shield, and other reporting centers. The only thing that has changed is that the pirates have decided that they can use captured vessels as mother ships when they are trying to extend their range. In fact, one might even argue that the only significant change is that the pirates are putting more effort into spreading themselves across the whole area so that the military forces are spread thinner. Again, this does not constitute an evolution in tactics or strategy...it is simply an adjustment of their already existing approaches.
On the other side of the equation, we have seen significant change in the industry. Not all these changes have been positive in nature.
The first major change involves the arming of vessels. At this time last year, the debate was in full swing as to whether or not ships should be armed. Amongst the most common arguments were that (1) it would escalate the situation if ships were armed, (2) sailors are not trained for this kind of thing and (3) it’s the navy’s job to handle protecting shipping. Most of those arguments have been resolved to a situation where private security companies are being asked to be able to provide armed security on board the vessel.
What was notable about this was that it appears, at least on the surface, to be a reversal of who is driving the show. Normally, the IMO provides guidance with flag state administrations coming closely behind. Then the shipping companies and others work in a compliance-focused mindset to ensure that they do not come into conflict with any major requirements. This time, the IMO was reasonably silent, shuffling the issue to the various flag states. While some flag states provided very clear and concise guidance, others have been remarkably silent on the issue. The end result, requests for security have evolved from just having security personnel on board to having armed security personnel on board—to meet corporate or insurer requirements.
At the same time, a crucial vulnerability has been appearing in the way that many organizations are thinking about security. Many require adherence to the Best Management Practices (BMP) as a minimum condition of contract...requiring ships to put in place the measures as part of the overall protective posture. There have been more than a few instances where these measures were not put in place, and the reasons given were the source of the concern.
The problem lies in the fact that there has been a trend to report a single measure as being why a ship defeated a pirate attack. In some cases, it was the speed of the vessel combined with its evasive actions. It has also included the presence of the safe room (misnamed as the citadel approach) and other measures. In and of themselves, these statements may well be supportable. They do not, however, answer why the ship could be reasonably secure. Nor do they address how a ship can be declared secure in the future.
What has failed is a basic understanding of one of the core principles of security—that it functions as a system. Consider this, there is no guarantee that an attack will only follow a certain course of action, there is only a reasonable expectation that it will. Similarly, there is no guarantee that one pirate will behave the same as the next pirate. This is one of the main reasons why different measures have been seen as the core or critical reason why certain ships were not taken.
This is one of the basic reasons why risk assessments are performed. They are intended to identify the scope of threats and vulnerabilities and then prioritize those, taking into account the impacts against our assets and operations. In most cases, the risk assessment will identify a number of different risks. It may even identify a number of different threats beyond those of the apparent topic at hand or the obvious. When security professionals assist in the design of security controls, they are doing so with an eye to using the most effective and efficient set of measures that address all risks that management finds intolerable.
By reducing the overall security system to a single security measure, the Company is essentially rolling the dice. Let`s move away from the fact that there may be multiple threats (and hence risks) and move back to the single issue of piracy. The gamble that it is making is that the measure that it selects will be the measure that a particular attacking pirate will be defeated by. One might argue that there is a history of success, but trusting past history to cover all potential future outcomes can be dicey at best. This is one of the main reasons why security professionals tend to rely upon a range of measures organized in an approach referred to as a layer of defence approach—where one fails, a backup or following measure takes over to stop the attacker.
This problem is compounded when you look at the use of firearms on board the vessel. Not only do you need to have the various layers of defence present in order to meet sound security practices. You also need them in place in order to prevent circumstances that could lead to significant legal issues.
The main issue in this case involves the escalation of force when applying the use of force continuum. Even as some ships have relied solely upon the safe rooms or the evasive actions of the ship, some companies have relied simply on the presence of armed (lethally) security on board the vessel with few (if any) other measures in place.
This leaves the ship vulnerable on two fronts. First, if the pirate can somehow overwhelm or bypass the security force, then there is little else to stop the attack from being successful. At the same time, the ship is vulnerable on another front. Instead of being able to escalate force, it can only give warnings that lethal force will be applied. This means that the warnings must be credible and, if not heeded, acted upon. In brief, a bolder (or even driven) attacker would only really be stopped when lethal force was applied...something that the ship is supposed to be avoided.
So the vital point will revolve around three factors. We are at a point where the pirates will have to evolve in their tactics or face failure at a regional level as we gradually strip away their capacity. We are vulnerable, however, to some unsound practices that leave single points or minimal points of failure in the overall system. Finally, by relying on a system that escalates quickly to the use of lethal force, we run the risks of unnecessary legal and ethical risks. To respond to this, we need to ensure that the various protective works are aligned correctly so that attacks are too complex to succeed, applied in a cost effective manner so as to provide some return on the investment and then applied appropriately so that we do not simply exchange one risk for another...only when that happens can we argue that there is a reasonable degree of security for the vessel and company.