Piracy Predictive Model Passes Key Benchmark

PIRACY PREDICTIVE MODEL PASSES KEY BENCHMARK

By Allan McDougall, Evolutionary Security Management, Inc.

We are pleased to announce that the predator-prey model has passed its second benchmark and is now being more fully integrated into our risk assessment processes. This benchmark follows nearly two years of efforts that included the collection of pirate attack data from a wide range of sources, including teams deployed by ISSG Holdings Ltd (a key partner in the effort) and examining that data using two different approaches -- hypothesis testing and exploratory data analysis.

The primary categories and some of the elements involved in the study included the following:

-Environmental conditions (wind, wave, surface pressure and major events)

-The nature of the Pirate Action Group (mothership, skiff, weapons, and boarding tactics)

-The nature of shipping (vessel type, flag, company, past history, and preparedness).

This model combines elements of engineering, navigation and criminology with respect to the above.

While the first benchmark was tied to the collection and analysis of data, the second benchmark was tied to the validation process. This validation process took two forms:

The first involved one group collecting data over three months and testing it for fit.

The second involved taking an independent sample of data to identify correlations and then comparing them to the first set of correlations.

Given the results of this testing, we are moving forward with rolling out the predator-prey model as part of our risk assessment process for our clients and key partners. This is part of our commitment to ensuring that we continue to provide leading edge services.

Those that receive our monthly updates, often through our key partner ISSG Holdings in this exercise, will have received our initial information describing the framework of this model.

www.evolutionarysecurity.com 

Piracy and Ship Security

As companies and people look back over 2010 and take stock of the year, those involved in the piracy issue in the Indian Ocean realize that we are approaching a halfway point in what is turning out to be a pivotal year. This pivot point involves the arming of merchant vessels and how it is perceived. Up to this season (about September 2010), the concept of arming ships was considered to be, at the very least, controversial. As we begin to close out December, however, we see that this approach has gained significant popularity on one hand and, on the other hand, the detractors of it have grown increasingly silent.

On the pirate side of the equation, we have not seen an evolution-- we have seen a shift. The tactics being used by the pirates are essentially the same tactics that have been used for a while now. The weapons that the pirates have been using recently are the same weapons that have been used against the shipping industry for a while now. This is based on a check of the attacks reported to the IMB, EUNAVFOR, ReCAAP, NATO Counter Piracy Operation Ocean Shield, and other reporting centers. The only thing that has changed is that the pirates have decided that they can use captured vessels as mother ships when they are trying to extend their range. In fact, one might even argue that the only significant change is that the pirates are putting more effort into spreading themselves across the whole area so that the military forces are spread thinner. Again, this does not constitute an evolution in tactics or strategy...it is simply an adjustment of their already existing approaches.

On the other side of the equation, we have seen significant change in the industry. Not all these changes have been positive in nature.

The first major change involves the arming of vessels. At this time last year, the debate was in full swing as to whether or not ships should be armed. Amongst the most common arguments were that (1) it would escalate the situation if ships were armed, (2) sailors are not trained for this kind of thing and (3) it’s the navy’s job to handle protecting shipping.  Most of those arguments have been resolved to a situation where private security companies are being asked to be able to provide armed security on board the vessel.

What was notable about this was that it appears, at least on the surface, to be a reversal of who is driving the show. Normally, the IMO provides guidance with flag state administrations coming closely behind. Then the shipping companies and others work in a compliance-focused mindset to ensure that they do not come into conflict with any major requirements. This time, the IMO was reasonably silent, shuffling the issue to the various flag states. While some flag states provided very clear and concise guidance, others have been remarkably silent on the issue. The end result, requests for security have evolved from just having security personnel on board to having armed security personnel on board—to meet corporate or insurer requirements.

At the same time, a crucial vulnerability has been appearing in the way that many organizations are thinking about security. Many require adherence to the Best Management Practices (BMP) as a minimum condition of contract...requiring ships to put in place the measures as part of the overall protective posture. There have been more than a few instances where these measures were not put in place, and the reasons given were the source of the concern.

The problem lies in the fact that there has been a trend to report a single measure as being why a ship defeated a pirate attack. In some cases, it was the speed of the vessel combined with its evasive actions. It has also included the presence of the safe room (misnamed as the citadel approach) and other measures. In and of themselves, these statements may well be supportable. They do not, however, answer why the ship could be reasonably secure. Nor do they address how a ship can be declared secure in the future.

What has failed is a basic understanding of one of the core principles of security—that it functions as a system. Consider this, there is no guarantee that an attack will only follow a certain course of action, there is only a reasonable expectation that it will. Similarly, there is no guarantee that one pirate will behave the same as the next pirate. This is one of the main reasons why different measures have been seen as the core or critical reason why certain ships were not taken.

This is one of the basic reasons why risk assessments are performed. They are intended to identify the scope of threats and vulnerabilities and then prioritize those, taking into account the impacts against our assets and operations. In most cases, the risk assessment will identify a number of different risks. It may even identify a number of different threats beyond those of the apparent topic at hand or the obvious.  When security professionals assist in the design of security controls, they are doing so with an eye to using the most effective and efficient set of measures that address all risks that management finds intolerable.

By reducing the overall security system to a single security measure, the Company is essentially rolling the dice. Let`s move away from the fact that there may be multiple threats (and hence risks) and move back to the single issue of piracy. The gamble that it is making is that the measure that it selects will be the measure that a particular attacking pirate will be defeated by. One might argue that there is a history of success, but trusting past history to cover all potential future outcomes can be dicey at best. This is one of the main reasons why security professionals tend to rely upon a range of measures organized in an approach referred to as a layer of defence approach—where one fails, a backup or following measure takes over to stop the attacker.

This problem is compounded when you look at the use of firearms on board the vessel. Not only do you need to have the various layers of defence present in order to meet sound security practices. You also need them in place in order to prevent circumstances that could lead to significant legal issues.

The main issue in this case involves the escalation of force when applying the use of force continuum. Even as some ships have relied solely upon the safe rooms or the evasive actions of the ship, some companies have relied simply on the presence of armed (lethally) security on board the vessel with few (if any) other measures in place.

This leaves the ship vulnerable on two fronts. First, if the pirate can somehow overwhelm or bypass the security force, then there is little else to stop the attack from being successful. At the same time, the ship is vulnerable on another front. Instead of being able to escalate force, it can only give warnings that lethal force will be applied. This means that the warnings must be credible and, if not heeded, acted upon. In brief, a bolder (or even driven) attacker would only really be stopped when lethal force was applied...something that the ship is supposed to be avoided.

So the vital point will revolve around three factors. We are at a point where the pirates will have to evolve in their tactics or face failure at a regional level as we gradually strip away their capacity. We are vulnerable, however, to some unsound practices that leave single points or minimal points of failure in the overall system. Finally, by relying on a system that escalates quickly to the use of lethal force, we run the risks of unnecessary legal and ethical risks. To respond to this, we need to ensure that the various protective works are aligned correctly so that attacks are too complex to succeed, applied in a cost effective manner so as to provide some return on the investment and then applied appropriately so that we do not simply exchange one risk for another...only when that happens can we argue that there is a reasonable degree of security for the vessel and company.

www.evolutionarysecurity.com 

www.issg-seamarshals.com 

Piracy Clusters Identified

I thought I would give a bit better perspective for the piracy activity in the Gulf of Aden and the Indian Ocean. Most of the piracy maps we see are very cluttered, and really make no sense of the activity. Below, I have a picture of the Indian Ocean and Gulf of Aden region, that shows a pattern of "clusters" that we have identified.

I must state here, that attacks do in deed take place outside of the marked clusters, however, there is a distinctive cluster pattern that has developed. That being said, any transits North and West of the green line should be considered at risk for attack.

This information thanks to:
Allan McDougall
Evolutionary Security Management, Inc
www.evolutionarysecurity.ca

Sept. 2009 Anti Piracy Assessment

Evolutionary Security Management, Inc. of Canada issues a bi-monthly Anti-Piracy Assessment for the maritime community. The September report specifically focuses on piracy around the Horn of Africa, and addresses the three elements of the problem -- the pirates, the international response and the impact of this response, and issues surrounding the presence in the region of a large military force.
You can find the September 2009 issue on the website of the company's risk management partner ISSG Holdings, Ltd. The assessment is available as a free PDF download at;

http://www.issg-seamarshals.com/files/sep2009.pdf

ISSG Holdings, Ltd., is an international business company engaged in merchant vessel protection.

Anti-Piracy Vessel Risk assessments

ISSG Holdings, Ltd. and Evolutionary Security Management, Inc. have developed an unparalleled anti-piracy vessel survey program for the maritime industry. This survey is conducted in two parts. First we send a trained security surveyor to your vessel, anywhere in the world to conduct the survey without interrupting the ships schedule. The report of the security survey is then transmitted to Evolutionary Security Management, Inc. in Canada, where an exhaustive assessment is conducted, and report issued back to the company.

Being appropriately prepared for an attack by pirates requires an approach that is based on sound judgment and analysis. The approach put forward in this program is intended to meet that goal while clearly demonstrating the company's alignment with Section 29 of MSC 1333 put forward by the IMO in June 2009 and other elements of the International Ship and Port Facility Security (ISPS) Code. While the IMO's guidance is indicated as being a preferred practice, it can be construed, given the maritime culture, as a best practice for companies seeking to demonstrate that they are exercising their due diligence. This approach is further supported by security doctrine that has undergone a peer review to ensure its soundness and consistency with security doctrine and practices.

Theory:
The three following cycles play pivotal roles in the defence of the vessel:

1. Protection, detection, response and recovery;

2. Deter, detect, delay, deny and detain or destroy; and

3. Mitigation, preparation, response and recovery.

In the first cycle, the goal is for the vessel to be able to be adequately hardened against reasonably foreseeable threats. Having been hardened, the next goal is for the vessel to be able to detect and respond to threats effectively. Finally, infrastructure should be included that allows for the vessel to recover from a range of known impacts.

In the second cycle, the focus is on the security operations of the vessel. In this case, the hardening of the vessel and other activities ideally deter the attacker. If this is not possible, however, the goal is for the vessel to be able to detect and delay the attacker from boarding the vessel (and progressively more sensitive areas) until help arrives. Finally, the goal is to be able to deny access to personnel , potential hostages, or critical aspects of the ship. Finally, the ship may want to maintain the means of being able to detain or destroy a potential attacker, although this option will rarely be acceptable.

In the third cycle, the goal is to take steps to minimize the potential impacts of an attack as part of the long-term corporate activities. The first cycle plays a significant role in the preparation of the vessel while the second cycle plays a significant role in the response phase. The final recovery phase ensures that the ship, its crew and the assets on board are protected so that normal operations can resume expeditiously.

The Approach:
There are four basic elements required in order to perform a valid survey of a vessel. These four elements are the following:

An understanding of the threat, including its knowledge, skills, abilities and traditional resources; ·

An understanding of the vessel from an engineering perspective; ·

An understanding of the operations of the vessel, particularly its navigation and how it deals with security events;

and · An understanding of the crew and its ability to respond.

Before setting out on the survey, the surveyor must review the threat profile of the potential threat in the area. Particular attention should be paid to the intent, number of craft, number of persons per craft, knowledge, skills, abilities, and resources (particularly weapons and tools) available to the attacker. This can often be provided through the Evolutionary Security website (marineweb). To get access to this web, you will need to contact
amcdougall@evolutionarysecurity.ca

The second element deals with how robust the vessel is or, in other terms, how well it is likely to withstand an attack. This is broken down into two sub-elements. The first element deals with the materials, engineering and design used in the construction of the vessel. This is a question of robustness. The second sub-element, however, looks at whether or not the design offers the attacker the means or opportunity to gradually penetrate onto the vessel, into the superstructure, and then to progressively more protected compartments.

While the second element deals with how well the ship can defend itself (a question of preparation), the third element looks at the elements of response and recovery. Having detected a suspicious vessel or potentially hostile situation, can the vessel outrun, outmaneuver, or otherwise navigate in such a way that it enhances the ship's natural design features? This is the first sub-element. The second sub-element involves whether or not the ship has the necessary preparations, plans, procedures and testing completed to validate whether or not the infrastructure on board the vessel is working.

The final element of four involves the training and understanding of the crew. This is not part of the ship survey and fits more closely into an inspection under regulatory regimes, etc. We want, however, to remind the ship owner and operator that technology is only one piece of the challenge, the other is a capable and confident crew. Incident reports have borne out the conclusion that those that have solid plans and look like they know how to execute them have a reduced chance of being attacked over those that appear unprepared.

We believe that the Vessel Survey for Anti-Piracy Risk Assessment is vital in the maritime industry today. This program not only enhances the capability of the ship and crew to be prepared, but is one of the most cost effective ways for shipping companies to exercise due diligence and a sound security practice.

Risk Assessment for Maritime Security

Any security safeguard should be based on a properly conducted risk assessment involving trained security personnel with experience in the domain. Each situation should be weighed on its own with the safeguards ensuring appropriate protection for life, property and operations. Ships are produced in many different configurations and though the transit area may be the same, there are different types of transits. When looking at the different vessels, some have a very high free board, such as the auto carrier type, and some have no free board such as some dredger type vessels. This drastic difference in configuration requires a maximum flexibility in the capabilities of the security provider to construct the proper defensive posture for each type of vessel. In addition to different vessel types are the different kinds of transits. Many vessels travel at a speed between 12 and 18 knots. Some of these vessels have good maneuverability and some very limited. However, one special type of transit that is probably the highest risk type, is the tug and barge towing transit. This transit is especially at risk not only due to a speed capability of about 5 knots, but the fact that the distance between the tug and barge can be from 500 to 700 meters. this configuration gives the total transit length of about 850 meters. Ocean tugs typically have an extreme low freeboard, as well as the barge. The risk assessment is very important as it guides the defensive posture of the transit, but more importantly, the risk assessment gives the vessel owner and operator the knowledge necessary to make informed decisions. There is no "one size fits all" when it comes to vessel protection against piracy.