Maritime Update – Implications of MV ASPHALT PRINCESS Hijacking

The recent events surrounding an illegal boarding and temporary hijacking of the MV ASPHALT PRINCESS in international sea lanes near Oman and the killing of UK and Romanian personnel on the MV MERCER STREET by a suspected drone attack a week earlier in the same vicinity have been focusing the maritime industry.  These episodes are the latest in a series of tensions watched closely by observers over recent years.  Despite the tragic loss of life and uncertain security conditions that these events highlight, they are nowhere near the scale of the tanker wars of 1984-1988.  In that era nearly 200 merchant vessels were deliberately targeted by military combatants.  Vessels were strafed by aircraft, impacted with missiles, fired on by warships and gunboats and struck by sea mines.  Both Iraqi and Iranian military forces engaged in these attacks and their ongoing war (1980-1988) was widened as a result, drawing in regional and international forces to attempt to protect unrelated and innocent merchant traffic and contain the crisis.  Losses were significant.

Today’s threat conditions have different drivers but the tactics available to combatants remain unchanged and with added measures that did not exist 35 years ago.  Concurrently, naval power is arguably weaker today than in the mid 1980s when the cold war saw western forces at their zenith.  Should conditions continue at an elevated threat tempo with future escalations, Masters and their crews will need to be able to adapt to shifting threats to include:

• Awareness of the air threat. This could mean something as basic as having an air sentry to watch for unknown aircraft or drones.  Drilling the crew to muster into a citadel or some other action station may be required if hostile air attack is suspected to be imminent.  There will be very little to no warning.  Drones in particular are a challenge given their small size and reduced radar signature, and that they are unlikely to be detected by commercial 10cm or 3cm surface radars.  Furthermore, drones are more likely be used as a surveillance tool and not necessarily pose an attack risk – something watchkeepers will be unable to determine with accuracy or confidence, presuming they are even spotted.  As for missile attack, this is a significant issue as air-to-ship, shore-to-ship and ship-to-ship systems can be devastating and appear with no warning.
• Awareness of the surface threat.  Attack by hostile warship or gunboat is a risk factor that is obvious.  If in international waters and approached by combatant surface vessels Master’s will have to take actions in line with protecting their crews and safeguarding their vessels, including with complying to illegal interference if under threat of attack.  What is less obvious is the risk of illegal boarding and hijacking.  Attackers may be masking intentions by posing as fisherman or other benign local seafarer traffic to close distance and attempt to board.  Why would they do this?  If the vessel can be commandeered and brought into the waters of a country it would give complexion to a justified seizure.  We have seen this previously such as the MV STENA IMPERO incident in the summer of 2019.
• Sea mines can lurk just under the surface and present another sinister challenge to merchant traffic.  Submarine attack can be disguised as a sea mine strike but this is unlikely to occur.  For starters allied military forces will be making a concerted effort to track and shadow the submarine activity of potential adversaries.  Awareness of sub-surface threat hazards like these however, are another dimension for Masters to contemplate.
• Awareness of the outlying threat. It is a common perception that the marine industry has inconsistent and outdated technology lacking in universally comprehensive controls, that include penetration testing to prove resilience.  A cyber-attack will not necessarily be targeting the safe working of a vessel at sea, unless there is a deliberate attempt to manipulate platform management systems software.  Instead, it might well be targeting shipowners and ship management venues.  One aim of such action will be gleaning intelligence on fleet details, vessel plans, cargo and crew insights and intended operations.  This will aid aggressors in planning and positioning resources for future attack efforts.  Other actions may be more offensive in nature and simply corrupt information to disrupt commercial operations.  At one end of the spectrum, they may present as nuisance cyber-attacks and at the other may pose a more tangible interdiction to commerce.  Cyber-attacks may present as non-state criminal actors but in fact be a front for hostile state-related offensive action.  Cyber-attacks may also serve to create distraction to an organisation that inadvertently places vessels in a greater exposure to the more traditional threats discussed above.  A Master at sea has control over his vessel and crew but if onshore managers are not thinking with the same clarity of purpose their shortcomings in procedures and information control in the office will be impacting seafarers in a way not conceived previously.  Simply put, all players in the marine industry have a role to live up to and failure in the office can have blowback for those at sea.

Against the backdrop of modern threats, merchant shipping has a lot of positives going for it to build on and enhance preparatory controls and absorb, react and step change competently as the current crisis unfolds.  The Somali piracy crisis of 9-15 years ago compelled the shipping industry to address crew safety and readiness drills in a new fashion.  The industry came together to create Best Management Practices (BMP) and BMP5 is still in use with sound advice on vessel protection and security.  This provides a strong starting point to evolve and adapt drills for the new threats.  This can be woven in parallel with ISPS Code compliance.  The International Ship & Port Security Code was created after 9/11 as an amendment to the 1974 SOLAS Convention and came into effect in 2004.  To some, it is just tick box compliance tool setting a basic level of security universally but if embraced along with BMP5 it provides a useful and operational cultural cue.

UKMTO is a central reporting centre for merchant traffic to raise the alarm, seek and share advice and affords Master’s with naval interface when needed.  UKMTO is operated by the UK Royal Navy and it’s voluntary reporting and information sharing platforms are unreservedly recommended to create better confidence for maintaining situational awareness and vectoring assistance in any emerging crisis event.  Shipowners should be cognizant and interact with UKMTO. Good intelligence is paramount in all of the above scenarios, so that passages can be routed appropriately through threat areas.

Insurers have a host of marine product in the marketplace.  Policyholders should be flexing the products they hold – alongside their brokers – to ensure they know the limits, gaps, and exclusions to their existing coverages.  Stress testing cover with penetration tests on IT systems and short table top wargames to simulate predictable crises will give confidence and reliability to decision makers in advance of a real event.  These efforts will also expose gaps not readily recognised and permit a chance to improve preparations and mitigate future incidents. Even if an incident cannot be fully prevented the recovery process can be expedited and impact costs reduced.  Commercial operations in a high-risk area demand commensurate control measures out of duty of care to seafarers and managing operational efficiencies responsibly.

MS Risk Limited is a British crisis response consultancy serving the Lloyd’s of London speciality risk insurance marketplace and shipowners around the globe.  It has completed assignments for energy and maritime clients in high-risk areas including Libya, Gulf of Guinea, Gulf of Aden, the Sulu Sea and Arabian Gulf for 16 years.