Tag Archives: Shipping

Protecting the Maritime Shipping Industry from Cybercrime

By Nicholas A. Glavin

Introduction

The American maritime shipping industry is one of the most vulnerable critical infrastructures (CI) to ransomware and other forms of cybercrime. Maritime shipping accounts for 90-94 percent of world trade; any disruption to this sector will adversely affect the American economy and international trade more broadly. The July 2017 NotPetya ransomware attack that affected Maersk, a Dutch maritime shipping company, prompts timely action to protect American maritime infrastructure as the industry is ill-prepared to prevent and respond to attacks of this sophistication and scale. The recommended course of action encourages the U.S. Government to subsidize cybersecurity and training horizontally and vertically across the maritime shipping industry through the U.S. Coast Guard (USCG).

Cyber Assaulting Maritime Commerce

Any disruptions to global shipping companies, sea lanes of communication, or maritime chokepoints will have potentially disastrous implications for the economies and the supply chains of the U.S. and the global community. The economic impacts of cyber disruptions and damage to ships, ports, refineries, terminals, and support systems is estimated to be in the hundreds of billions of dollars. Moreover, the second- and third-order effects of a cyber attack are not limited to the maritime sector of CI; if more than one port is disrupted at the same time, a greater impact is “likely to occur” for the Critical Manufacturing, Commercial Facilities, Food and Agriculture, Energy, Chemical, and Transportation Systems of the nation’s CI.

Ransomware attacks eclipsed most other cybercrime threats in 2017.  The July 2017 NotPeyta ransomware attack highlighted the vulnerabilities of the maritime shipping industry to cyber disruptions. One of the most high-profile victims of this ransomware attack included the Dutch maritime shipping company Maersk. The company estimates upwards of $300 million in losses from the attack, the majority of which relates to lost revenue. Maersk continued operating for ten days without information technology (IT) until its networks were back online, despite ships with 10,000 to 20,000 containers entering a port every fifteen minutes. NotPetya shut down several ports worldwide, reduced Maersk’s volume by 20 percent, and forced the company to handle the remaining 80 percent of its operations manually. Maersk was forced to replace 45,000 PCs, 4,000 servers and install 2,500 applications.

The maritime shipping industry is highly vulnerable to cybercrime – in particular, ransomware – because of its lack of encryption, increased use of computer services, a lack of standardized training in and awareness of cybersecurity among crew, the sheer cost of defending the maritime IT enterprise, and industry-wide complacence towards cybersecurity. Several navigation systems such as the Global Positioning System (GPS) and the Automatic Identification System (AIS) are neither encrypted nor authenticated, thus being a soft target for cyber criminals. Jamming or spoofing of these systems can ground ships or make two collide, which can close a port or shipping channel for days or weeks depending on the severity of the incident. Disruptions to Industrial Control Systems (ICS) can lead to injury or death, release harmful pollutants, and lead to extensive economic damage across the maritime shipping industry.

Course of Action A: Federal Subsidies for Mandated Cybersecurity Awareness and Training

A Federal Government-enabled focus on prevention and response would proliferate horizontally and vertically across the maritime shipping community. This approach subsidizes the buy-in for industry to approach cybersecurity as a cost-effective asset. Simultaneously, this educates lower echelons of the workforce on digital hygiene to understand the transmission of ransomware and other forms of cybercrime. A positive consequence is the mitigation of industry lacking robust cybersecurity capabilities due to complacence and overhead costs. This is highly probable due to NotPetya’s wake-up call to industry and the existing public-private cybersecurity partnerships.

As the lead agency responsible for maritime cybersecurity in the U.S., the USCG issued a cybersecurity strategy in 2015 to identify best practices and voluntary measures. However, others may argue it is not the place of the U.S. government to subsidize cybersecurity best practices, facilitate compliance, and serve as the arbiter of how industry should train and defend against ransomware and other forms of cybercrime, thus opting instead for only industry-led approaches.

Course of Action B: Leverage Manual Operations and Dated Communications Technologies

This no- and low-tech approach encourages the use of manual navigations operations and older long-range navigation (LORAN) systems to circumvent disruptions to navigational and operational systems. A positive consequence of this approach is the standardization of backup operations for seamless continuity of operations on land, while also mitigating the overreliance on technology at sea. This is a probable course of action given the existing LORAN infrastructure and Maersk operating at 80 percent capacity during the NotPetya attack. A negative consequence is a proliferation in ransomware attacks deliberately targeting this industry since the approach would be passive in nature. This is also probable in occurring given the interconnectedness of the maritime sector to other CIs. However, others may argue that manual training and a functional secondary means of communication mitigates adverse costs from future ransomware attacks.

Conclusion

Course of Action A provides the highest return on investment to address the ransomware threat to the American maritime shipping industry. This prevention-focused and proactive approach will induce a top-down, lateral, and public-private approach to address maritime cybersecurity. While Course of Action B identifies the existence and use of alternative approaches to circumvent – or, at worst, mitigate the consequences of – a ransomware attack, it fails to place a premium on industry-wide digital hygiene  which is arguably the most cost-effective, scalable, and fastest approach to ransomware prevention.

Nicholas A. Glavin is a candidate for a Master of Arts in Law and Diplomacy (MALD) from The Fletcher School at Tufts University. He previously worked as a researcher at the U.S. Naval War College’s Center on Irregular Warfare and Armed Groups (CIWAG). The views expressed are the author’s own and do not represent those of the U.S. Government. Follow him on Twitter @nickglavin.

Featured Image: Albert Mærsk in the 70s (Wikimedia Commons)

Port Automation and Cyber Risk in the Shipping Industry

CIMSEC is committed to keeping our content FREE FOREVER. Please consider donating to our annual campaign now so we can continue to provide free content.

By Philipp Martin Dingeldey 

Introduction

To stay ahead of competing ports and technological developments, automation has been heralded as inevitable. Major transshipment hubs and aspiring ports bet their future on automation, which raises the impact  cyber risks could have in the long-run.

Singapore’s Port Modernization

One example of port modernization is Singapore’s Tuas Port Project. To stay ahead of competing ports in Southeast Asia, PSA International and the city state have bet their future on the fully automated port on the western side of the island. The project is set to almost double the port’s current throughput capacity of twenty-foot equivalent units (TEUs) and consolidate all its container operations by 2040.

Singapore’s port is ranked second, behind Shanghai’s mega port, by total TEUs handled. Nevertheless, Singapore’s port is the world’s busiest transshipment hub, and therefore immensely important to global supply chains. The port’s volume growth of 6.4 percent for the first half of 2017 indicates that its investments in modernized berths and joint ventures with liners paid off.

While this is great news for the short term, container vessels on Asia-Europe trade routes will inevitably increase in size, requiring higher handling efficiency to achieve fast turn-around times. By the end of 2018, ultra large container vessels (ULCVs) are expected to gain a share of 61 percent of total capacity, pushing established hubs like Singapore to automate its terminals to stay relevant.

At the same time, next generation container vessels will not only be bigger, but also increasingly automated and even autonomous. As ports and the shipping industry are integral parts of global and regional supply chains, their automation and technological modernization raises the impact and potential of cyber risk.

How Good is Automation?

For Singapore’s port, automation is seen to not only strengthen its position as a transshipment hub well into the future, but also helps it keep up with technological developments and industry trends.

The shipping industry has generally been slow in adapting new technologies, due to its conservative nature and the large number of players involved. Currently, only a fraction of global container volume is handled by fully automated container terminals. In 2016, it was estimated that only 4-5 percent of container volume will be handled by fully automated terminals once ongoing projects were completed. Nonetheless, industry pressure and competition have heightened the need for ports to invest and automate, indicating that the number of automated terminals will increase.

Automated terminals allow ports to handle containers more efficiently by using operating systems to plan storage in accordance with collection and transshipment times. This reduces unnecessary box moves, shortens cycle times, and enables consistent and predictable throughput numbers.

Fully-automated terminals have the advantage of low operating costs and reliable operations, but require higher upfront costs, longer development, offer only low productivity increases at peak times, and have the general difficulty to fully automate a working terminal. On the other hand, semi-automated terminals offer the possibility for greater productivity increases at peak times, are generally understood to have the best overall productivity with less upfront costs, but require higher operating costs and are inconsistent when it comes to handling ULCVs.

While full automation gives large ports like Singapore’s the advantage of reliable, full-time operations at low operating costs, it requires long development times to fix bugs and offers only gradual productivity increases at peak times. On top of that, full automation also increases their vulnerability to cyber risks. This is due to the use of technologically advanced and networked systems.

The investment threshold to enter automation for ports is high, while not necessarily offering major increases in productivity. What automation does offer major port hubs is better predictability and consistency of container moves per hour. Additionally, automation reduces the room for human error, making operations safer. At the same time, automation reduces the environmental impact since terminals are mostly electrified, giving ports an additional competitive edge in an industry increasingly focused on sustainability.

Cyber Risks

The shipping industry and ports are seen by many insiders as underprepared for cyber threats. Even though major players in the shipping industry have recognized and acted on the risks posed by cyber threats, the majority have been slow to recognize potential business risks. Even though awareness has grown, the need for better information sharing persists. Automation further increases the exposure and impact of cyber threats for ports, highlighting the importance of data and system integrity.

The reality of cyber threats to automated terminals was demonstrated in the “NotPetya” cyber-attack in June 2017. The attack forced Maersk to interrupt operations at multiple terminals worldwide, causing logistical havoc for weeks after the attack. Overall, it cost Maersk roughly US$300 million, even though the attack was not specifically directed at the company. The “lucky hit” against one of the industry leaders showcases that even well-prepared firms can suffer financial losses due to cyber threats.

The difficulty with protecting automated terminals from cyber risks lies with their complexity. These terminals use industrial control systems that translate sensorial data and commands into mechanical actions. The network links between mechanical equipment and sensors are exposed to the same threats as data networks. The complexity is further increased by the months and years it can take to figure out and fix bugs and weaknesses in automated systems. In an automated system, different system components have to effectively work together as one, stretching the time needed to figure out and fix bugs. This involves mainly software issues that have to be fixed while also moving boxes of cargo at the terminal.

While ports have to secure themselves from a broad range of risks, cybercriminals can choose from a number of entry points. For example, external vendors, terminal operating systems, and unaware employees may be vulnerable to phishing attacks. Operational systems and data networks are not always up-to-date or properly secured, allowing criminals to gain comparatively easy access to information. To prevent the ports and shipping industry from most attacks, regular operating system updates, stronger passwords, secure satellite connections, resilience exercises, information sharing, and employee awareness campaigns should be practiced.

On top of that, modern ships bear the risk of spreading viruses onto port systems simply via Wi-Fi or other data networks. Industrial control systems are not designed with cyber risks or active network monitoring in mind. This is especially true for ships’ control systems, but can also affect the system components of ports.

Nevertheless, this is only addressing the technical side. The human factor still plays a major role in mitigating cyber risks. Personal details of ship crews can still be easily accessed, making them more vulnerable to social engineering via phishing or other techniques, unknowingly granting access to systems.

Human factors can take the form of criminals, terrorists, competitors, disgruntled employees, and more. Workers at mostly manual terminals, for example, generally do not like automation because it makes their jobs largely redundant. To reduce the chance for cyber threats stemming from or aided by disgruntled employees, ports can offer training and job guarantees to their workforce to make the transition to automation more incremental.

Port authorities, registries, and all major organizations in the shipping industry are increasingly aware of cyber threats and are responding through raising awareness or offering training courses. These are simple steps to better protect information and navigation systems on board ships. For example, BIMCO, the world’s largest international shipping association, made cyber security an important issue for the shipping industry three years ago via an awareness initiative. The association has further advocated the need for guidelines to evolve with the threats, launching the “Guidelines for Cyber Security Onboard Ships” in July 2017, which was endorsed and supported across the industry.

In addition, the Liberian ship registry started a computer-based two-hour cybersecurity training program in October 2017, offering a comprehensive overview of cybersecurity issues aboard ships. Nevertheless, it is unlikely that these courses and campaigns are enough to protect the industry. While it is a step in the right direction, more needs to be done through regulations.

Conclusion and Policy Recommendations

Since 2016, the International Maritime Organization (IMO) has put forward voluntary guidelines regarding cyber risks. Only after 2021 does the IMO plan to enforce a set of binding regulations on cybersecurity. This might be too late for many companies in the industry. Shipping companies should not wait until 2021, but should begin now to implement simple measures, like using firewalls and stronger passwords, to deter criminals from trying to exploit current weaknesses.

Further, even though the IMO adopted guidelines on maritime cyber risk management into the International Safety Management Code this year, ports and the shipping industry still need to establish a stronger culture on cybersecurity.

Major shipping hubs are part of large and less resilient supply chains, which are essential for regional and international trade. These supply chains depend on a small number of key ports, which are vulnerable to shocks from other ports. To make supply chains and port hubs more resilient to cyber risks, the shipping industry as a whole will have to adjust and prepare.

Companies will have to work together and share information on previous or ongoing attacks, so that experiences and best practices can be shared directly. Unfortunately, this has been difficult to achieve due to worries about how competitors may use the shared information. Singapore has set up the Port Authorities Focal Point Correspondence Network to further the exchange of information on past and current incidents. It remains to be seen if this network has worked to encourage the sharing of information.

Ports are logistical hubs where many companies compete for business, making information sharing naturally difficult. Currently, port security is based on the International Ship and Port Facility Security (ISPS) Code, which is heavily focused on the physical aspects of security. In order to make cyber risks a much more important issue for port security, the whole sector needs to step up and make it a priority.

Cyber risks are not just a technological matter, but require adequate awareness and planning to strengthen a port’s resilience. Training employees actively in security protocols and procedures with information systems is one way of achieving this. At the same time, ports need to engage in contingency and scenario planning to be better prepared should an attack occur. On top of all this, national bodies (e.g. institutes of standards) need to give better guidance on security testing and planning for ports, which should be supplemented by binding guidelines on reporting and information sharing mandated by global bodies like the IMO.

Philipp Martin Dingeldey is a Research Analyst with the Maritime Security Programme at the Institute of Defence and Strategic Studies (IDSS), S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University (NTU), Singapore. For questions and follow-ups he can be reached at research.pmdingeldey@gmail.com.

Featured Image: Port of Singapore (XPacifica/Gettyimages)

Dangerous Waters: The Situation in the Bab el-Mandeb Strait

By James Pothecary

Introduction

On 25 October 2016, the Spanish-flagged merchant tanker Galicia Spirit came under fire when a rocket-propelled grenade (RPG) was fired at it from a small speedboat that had interdicted the vessel. The tanker was then attacked with small arms fire. The merchant vessel escaped catastrophic damage, and was able to continue its journey onward. However, only two days later, the liquefied natural gas (LNG) tanker Melati Satu was attacked in the same area, also with RPGs. The Tuvalu-flagged Melati Satu’s crew sent out a distress call, were rescued by a Saudi Arabian naval vessel, and were subsequently escorted to safety. Both ships had been traversing the Bab el-Mandeb strait between south-western Yemen and north-eastern Djibouti. This small waterway must be negotiated to access or egress the Egyptian-controlled Suez Canal, which sits at the northern end of the Red Sea.

In a related development, throughout October this year there were several attacks on U.S. warships in or near the Bab el-Mandeb from sites along the Yemeni coastline. The USS Mason and USS Ponce both came under attack by assailants of unconfirmed origin, forcing the warships to deploy anti-missile countermeasures and prompting U.S. forces to launch cruise missile strikes against targets in Yemen.

The Question of Responsibility

The most prominent non-state armed group (NSAG) operating in Yemeni territory contiguous to the Bab el-Mandeb is the Houthi rebel movement, which is opposed to the internationally recognized government of President Abd Rabbuh Mansur. It is not definitively known whether the speedboats that attacked merchant shipping were rebel forces or pirates. Furthermore, although the attacks on U.S. warships came from rebel-held territory and the U.S. responded by attacking rebel installations, Houthi officials denied involvement. However, Houthi forces had previously claimed responsibility for a 1 October 2016 missile attack on HSV-2 Swift, a United Arab Emirates (UAE)-flagged vessel, which was extensively damaged in the incident, and rendered inoperable. Due to the similarity of the tactics involved, as well as the fact these attacks occurred off the Yemeni coast, Allan & Associates (A2) assesses that Houthi forces were likely responsible for the attacks on vessels in the Bab el-Mandeb strait.

Footage of attack on HSV-2 Swift

Security Risks: The Threat to Shipping

The attackers’ identities are of secondary importance, however, compared to the risk that the attacks themselves represent. The implications of a declining security environment in the Bab el-Mandeb are substantial. The strait is one of a few strategic maritime choke points worldwide, a narrow but vital waterway that sea traffic must be able to navigate for maritime trade to function effectively. The Bab el-Mandeb is, at its narrowest point, only 29km across, and therefore even small craft launched from the Yemeni coast will be able to interdict all traffic passing through it. Almost all maritime trade between Europe and Asia, approximately USD700 billion annually, passes through this narrow waterway. Any security threats in this location would disproportionally affect global maritime trade routes and the security of sea lines of communication. As maritime shipping is approximately 90 percent of how the world’s goods are transported, interference at these choke points is a serious threat to international business.

thediplomat_2015-05-12_18-48-38
The Bab el-Mandeb Strait (Google Earth)

In April 2015, the United States Energy Information Administration estimated that 4.7 million barrels of crude oil and petroleum passed through the strait daily in the previous year. All traffic through the Suez Canal, the quickest route for European shipping to reach Asia, must pass through Bab el-Mandeb to reach the Gulf of Aden, and subsequently the Indian Ocean. In March of this year alone, 1,454,000 metric tons of shipping, carried on 80,495 vessels, transited the Suez Canal. A security threat in the Bab el-Mandeb, therefore, will have serious economic consequences for global trade, and could pose significant problems both for merchant fleets and for the companies that rely on their goods and commodities. Shipping lines must either re-route away from the Red Sea for Europe-Asia routes, or continue to use the strait at increased cost and risk. 

Business Risks: The Dilemma of Re-Routing

The quickest alternative route for European-Asian traffic, circumnavigating Africa via the Cape of Good Hope, would add at least 3,000 nautical miles to shipping. The additional time it will take to cover this route means vessels can fit in fewer trips, and therefore earn less revenue than they could otherwise in the one-year outlook. Although this cost is somewhat offset by the currently low price of crude oil, this still represents a substantial business risk to shipping companies, which could see their revenues and profits decline. Even with low oil prices, additional costs will have to be borne by maritime companies due to wage payments for at-sea staff, and increased distances will increase the amount of shipboard and dockyard maintenance required to keep vessels seaworthy.

However, even if merchant vessels brave the strait, they will still face substantial additional costs. These range from higher insurance premiums, to the cost of close-protection deployments on-board, and possibly additional payments to employees to compensate for the heightened levels of risk. Furthermore, if future attacks manage to cause substantial damage or loss of life on a civilian vessel, maritime logistics operators will be at risk of legal consequences on the grounds of failure to ensure adequate duty-of-care for their crews. Until the situation in the strait normalizes, merchant shipping must cover increased costs regardless of whether they choose to traverse the Bab el-Mandeb.

Ancillary Risks: The Limits of a Naval Response

The economic and security risks to shipping companies are compounded by the difficulty naval forces will have in neutralizing the threat in the Bab el-Mandeb. That said, major naval powers have seriously responded to the escalating threat in the strait. The U.S. Navy has already reinforced its presence in the surrounding area, and it is likely that the U.K. Maritime Component Command, which controls operations in Middle Eastern waters, will deploy additional assets to the region imminently.

The use of speedboats, which are quick, difficult to detect, and hard to interdict, presents challenges to even major naval powers operating in the region. Furthermore, the use of coastal sites to launch attacks on U.S. warships complicates military responses as the extremely poor security environment in southwest Yemen means that small teams could easily strike shipping and disappear before naval units can respond. 

If it is confirmed that Houthi rebel forces are behind the incidents, any concerted naval action in the area will face determined resistance. Unlike the Somali pirates of the late 2000s, Houthi fighters are ideologically motivated, trained, battle-hardened, and well-armed. Moreover, they have freedom of movement in areas of south-western Yemen under their control. While international naval power, supported by air power and special forces, will likely be able to contain the threat, full elimination of Houthi capability is an unrealistic objective without substantially more committed resourcing

Therefore, the difficulties of a naval response preclude an easy solution to the crisis and therefore increase the risk facing civilian merchant shipping operators. This is because it is unlikely a military solution will be sufficient in itself to quickly neutralize the attackers and restore security.

Security Recommendations for Merchant Shipping

A2 recommends that maritime logistics and security managers consider the southern Red Sea and Gulf of Aden a high-threat area until the situation stabilizes, and this should be immediately communicated to relevant bridge officers. Shipping that continues to ply this route in the interim should undertake mitigatory strategies.

This includes increasing ship speed, when possible traversing only during daylight hours, enhancing all watchkeeping procedures, and ensuring damage-control crews are kept on stand-by. Contact with international naval forces in the area should be maintained at all times. Maritime security officers should be considered while close to Yemeni waters. Security officers could be taken on-board at Egypt, Madagascar, the Maldives, or Oman depending on shipping route, to keep costs minimal. Maritime operators should also ensure ship crews are trained on actions to take in the event of coming under RPG or small-arms fire.

Mohamed Dahir/AFP/Getty Images
A militant stands by on a beach as a commercial vessel transits nearby. (Mohamed Dahir/AFP/Getty Images)

Slow vessels with low freeboards which lack the ability to evade potential attack should consider re-routing. This will include small pleasure craft as private individuals are very unlikely to have the training or resources to mitigate the potential threat. Due to the additional transportation time involved with this approach,render re-routing a last-resort measure, however.

A2 reminds managers considering deploying armed security personnel to obey all relevant national legislation pertaining to the ownership and use of weapons by civilians in order to avoid potential legal reprisals from national coastguard and law enforcement agencies.

Conclusion

The situation in the strait is likely to escalate, leaving both naval and civilian vessels at risk. The seriousness of this is compounded by the trouble naval forces will have in effectively responding to the asymmetric threat. Shipping companies therefore must make a cost-benefit analysis between continuing to use the strait or re-routing around the African coastline and consider the risks of each approach. A2 recommends maritime logistics entities consider the above security advice, and prepare for  further deterioration in the security environment of the Bab el-Mandeb. 

James Pothecary is a Political Risk Analyst specializing in the Middle East with Allan & Associates, an international security consultancy which provides a range of protective services including political and security risk assessments, security policy design and crisis management response.

Feature Image: HSV-2 Swift exhibiting damage after being struck by an anti-ship missile launched from the Yemeni coast. (PLG WAM)

Unsafe Mixed Migration by Sea: The Case of the Mediterranean Region

By Evmorfia-Chrysovalantou Seiti

The Journey for a Better Life

“Migration has been a part of history since the beginning of mankind.”[1] Wars, famine, poverty, political or religious persecution, natural disasters, armed conflicts and many other threats to human security urge people to move, often forcing them to share the same routes and means.[2] Why is this journey unsafe? These people are travelling in unseaworthy boats to find safer and improved living conditions, although many of these people, due to the sometimes long journeys, poor weather conditions, and the bad infrastructure of the boats, are losing their lives at sea. Considering that most migrants had chosen to cross the borders by land, international and regional actors intensified their land operations, leading to a reciprocal increase in the percentage of migration by sea.

Unsafe mixed migration differs from migration in general because in the case of mixed migration there is variety of reasons why people are moving away although they share the same routes, modes of travel and vessels. It is considered unsafe due to the fact that people travel through extremely dangerous passages and in extremely precarious situations. Considering these factors, unsafe mixed migration is a multidimensional problem that requires multidimensional solutions. It should not be ignored that this issue has a social, economic, political and geopolitical nature. In order to bring about viable solutions, a collaborative effort that incorporates all of the stakeholders contributing effectively in the management of this challenge is necessary.

1280
Migrants crowd the deck of their wooden boat off the coast of Libya. Photograph: Reuters.

It should be pointed out that all ships carrying migrants are subject to the rescue at sea obligations by the Safety of Life at Sea (SOLAS) and Search and Rescue (SAR) Conventions, and ship masters and governments are committed to transfer endangered migrants to a safe place. Governments, regional and international organizations, including the European Union, African Union, International Maritime Organization, and International Organization for Migration, as well as the shipping community, should collaborate on measures to prevent the future loss of lives of migrants at sea. This article will analyze the phenomenon of unsafe mixed migration in the Mediterranean and the efforts made by international and regional actors.

Efforts Taken by International and Regional Actors

International Maritime Organization

The International Maritime Organization (IMO) has actively participated in the hotly debated topic of unsafe mixed migration and the maritime issues that have arisen from it, such as safety of life at sea and search and rescue. IMO highlighted the importance of close cooperation among the regional and international stakeholders in the regional migrant problem. IMO is actively addressing these mixed migrant issues within its own committees as well as in joint meetings with UN partners and other relevant international organizations by updating and developing guidance for shipmasters and governments in order to efficiently manage unsafe mixed migration.

As a UN agency with responsibility for safety at sea and the legal framework surrounding search and rescue, IMO amended SOLAS and SAR Conventions and their associated guidelines after the Tampa affair in August 2001. These changes can play a crucial role in promoting effective cooperation between United Nations agencies, international organizations, nongovernmental organizations, governments, and the shipping industry.

Another of IMO’s significant contributions to resolving the issue of unsafe mixed migration is its guidance regarding rescue at sea situations. The guidance includes legal provisions on practical procedures as well as measures to ensure the prompt disembarkation of rescued people and the respect of their specific needs. This guidance, created in cooperation with the International Chamber of Shipping (ICS) and the Office of the High Commissioner for Refugees (UNHCR), has appealed to ship owners, governments, insurance companies and other interested parties involved in rescue at sea situations. Recently, in November 2015, the International Chamber of Shipping submitted “Measures to protect the safety of persons rescued at sea,” which provides guidance for large-scale rescue operations at sea, ensuring the safety and security of seafarers and rescued persons. Also, the document provides information on the second edition of the Guidance and supersedes the first edition of the Industry Guidance.

The second edition of the Industry Guidance is supported by the European Community Shipowners’ Associations, Asia Shipowners’ Forum, International Transport Workers’ Federation, Cruise Lines International Association, International Association of Dry Cargo Owners, International Association of Independent Tanker Owners, International Parcel Tankers Association and the International Ship Managers’ Association. Because the “shipping community is not designed for rescuing hundred of thousands of people drifting on hundreds of small, unseaworthy boats left in shipping lanes,” this guidance is “intended to help shipping companies identify and address particular issues that their ships may face when required to conduct a large scale rescue.” What should be emphasized is that this guidance is purely advisory and not mandatory.

All in all, the IMO recognizes the importance of “a close cooperation among several other bodies and UN agencies such as the United Nations Office on Drugs and Crime, the United Nations Refugee Agency, the International Organization of Migration, Interpol, the African Union and the European Commission, and the Economic Commission of Africa and for Europe.”

European Union

Regarding the EU perspective, in the meeting of Foreign Affairs Ministers in Luxembourg in 2015, the High Representative of the Union for Foreign Affairs and Security Policy, Mrs. Federica Mogherini, highlighted that the EU’s external action should be coherent, substantial, and consistent. The EU has legal and moral duties in this crisis, and this situation is not going to affect one or another state but all of the EU member states. Also, she mentioned that this is not a regional crisis but a global crisis and stated that the EU should strengthen the cooperation of member states without any kind of “blame game” among them.

Mrs. Mogherini stated that the EU should enhance cooperation in five different elements: firstly providing protection to those people who need international protection; ensuring the management of borders; fighting against smugglers’ and traffickers’ networks; strengthening partnerships with third countries; and last but not least, taking efforts to work on root causes. This final objective maybe a long-term effort, but it is crucial to establish the rule of law and stability in the countries of origin.

EU
German Chancellor Angela Merkel, center right, listens to European Commission President Jean-Claude Juncker , center left, as they arrive for an emergency EU heads of state summit on the migrant crisis at the EU Commission headquarters in Brussels on Wednesday, Sept. 23, 2015. (AP Photo/Martin Meissner)

On 18 May 2015 the EU decided to create a naval force to prevent human smuggling in the Mediterranean. This naval power is a part of the broader approach to avoid losing human lives in the Mediterranean Sea. The joint meeting of foreign and defense ministers discussed the Common Defence and Security Policy and tried to make the CSDP stronger and more effective in view of the security challenges in Europe, specifically crises such as Syria and Ukraine.

The EU Naval Force-Mediterranean (EUNAVFOR MED) aims to put an end to the business model of smugglers and traffickers. The operation is based in Rome, led by Italian Rear Admiral Enrico Credendino, and operates in the South and Central Mediterranean and in cooperation with Libyan authorities. The operation will surveil and evaluate the networks of smugglers in the first phase, followed by the search and seizure of traffickers’ profit, and always within the context of international law. Mrs.  Mogherini said the decision to establish a naval force was part of a comprehensive approach to solve the migration crisis in the Mediterranean. She also stressed that the EU will work with African and Arab countries and partners to help address the causal factors of the migration crisis in the Mediterranean region.

International Organization for Migration

In a joint statement from IMO Secretary-General Koji Sekimizu and IOM Director-General William L. Swing on enhanced cooperation and collaboration between the two organizations, the leaders confirmed their close cooperation in order to manage unsafe mixed migration and reemphasized the cooperation between the two organizations originally agreed to in 1974. The IMO Secretary General and IOM Director General recognized that this situation consists of a humanitarian crisis and requires global action. The two organizations agreed upon seven points including an interagency platform for information sharing, collaboration with other interested agencies, promotion of the provisions of SOLAS, SAR and Facilitation of International Maritime Traffic (FAL) Conventions and international migration law, support of the relevant technical cooperation programs of each organization, the setup of technical or advisory bodies, facilitation of discussions to find solutions to unsafe migration by sea. Additionally, they urged the international community to take robust measures against human smugglers who operate without fear or remorse and who deliberately and knowingly endanger the lives of thousands of migrants at sea.[3]

Regarding the EU efforts, IOM expressed its satisfaction regarding the organization’s recommendations which became part of the proposals made by the European Commission to address the crisis of migration in the Mediterranean. These recommendations concern the equal responsibility of all EU member states in the issue of asylum seekers. In addition, the reforms of the European asylum system as described in the plan of the Commission were welcomed by the Special Representative of the UN Secretary-General on International Migration and Development, Mr. Peter Sutherland. Mr. Sutherland also stated in regard to the plan that he believes the resettlement goal of 20,000 immigrants will be increased over time and that the EU will continue to expand safe routes providing assistance to asylum seekers and migrants.

According to Director-General of IOM William Lacy Swing, the proposed changes as expressed by the newly established “European Agenda for Migration” reflect the serious and constructive approach to a challenge that IOM expects to continue. These initiatives are promising for maintaining safe, legal migration routes and improving access to international protection.

In addition, the proposed tripling of the Triton budget will expand the area of operations beyond the current limit of 30 miles and will expand its activities into more dangerous migrant and smuggling routes to help save lives of migrants in high seas. FRONTEX Joint Operation Triton concerns the management of migration in the Central Mediterranean.

LÉ Eithne rescuing migrants as part of Operation Triton in June 2015.
LÉ Eithne rescuing migrants as part of Operation Triton in June 2015.

The IOM has expressed its concerns regarding the military operations conducted in the region, arguing that they can further risk the lives of migrants. This does not mean that the IOM does not recognize the necessity of strong proof of the EU’s determination and its willingness to proceed to substantive actions to eliminate this serious challenge.

The IOM states it is ready to contribute to the development of viable migration policies that will improve the legal “channels” for people seeking work and asylum. IOM believes that sound labor migration policy is the key to a more competitive Europe. Another aspect highlighted by the IOM is cooperation with migrants before they reach the Mediterranean and the support of countries of transit which bear the brunt of those people displaced by conflict and human rights violations. Niger, for example, is a key transit point for migrants heading to Europe. The Commission plan aims for IOM and UNHCR to create “a pilot multi-purpose centre” in the country, which will provide information on the dangers ahead, protection from exploitation and identification of those in need of resettlement, temporary protection, and other options.

African Union

In October 2014 the African Union launched the AU-HOA Initiative known as the Khartoum Process. The AU Regional Ministerial Conference in collaboration with the Government of the Sudan, the United Nations High Commissioner for Refugees (UNHCR), the IOM, as well as ministers from more than 15 source, transit, and destination countries of migration took part in the initiative’s launch in Khartoum, Sudan. The AU-HOA Regional Ministerial Conference calls for a stronger collaborative approach to tackle human trafficking and smuggling in the Horn of Africa. In his opening remarks, the African Union Commission (AUC) Director of Social Affairs, Dr. Olawale Maiyegun, affirmed on the AU’s continued commitment towards facing the challenges of trafficking and helping its member states address this issue. Dr. Maiyegun highlighted the framework that the African Union adopted and initiated in this regard, including the Ouagadougou Action Plan, the Migration Policy Framework for Africa in 2006, and the African Union Commission Initiative against trafficking (AU.COMMIT) in 2009.

The Second African Union Regional Conference on Human Trafficking and Smuggling in the Horn of Africa was held in Sharm El-Sheikh on 13 and 14 September 2015, and it aimed to prepare the ground for the global summit of migration which took place in Valetta on 11 and 12 November 2015. The discussion focused on migration issues, providing assistance to partner countries, strengthening international cooperation, and better targeting of available resources.

As illustrated by the Khartoum Declaration on AU-HOA Initiative on Human Trafficking and Smuggling of Migrants, ministers and other representatives of the participating African countries agreed to a range of measures including the implementation of provisions of other relevant regional and international schemes of cooperation. They agreed that refugees should be treated in accordance with these provisions and conventions and they should examine the root causes that make people vulnerable to human trafficking and smuggling as well as ways to manage the issue from its roots. This may entail raising public awareness to broadening policies and programs towards economic and social development, human rights, and improving the rule of law and education. In order to combat traffickers and smugglers there is a provision for training and technical support in the origin, transit and destination countries in order to develop and strengthen the capacity of law enforcement. Regarding the humanitarian assistance, states would provide specialized assistance and services for the physical, psychological and social recovery and rehabilitation of trafficked persons and abused smuggled migrants.

ILO-presenting
ILO’s Cynthia Samuel-Olonjuwon presenting on Labour Migration Governance for Development and Integration in Africa. © IOM/Craig Murphy 2014.

All things considered, these measures and provisions cannot be implemented if there is a lack of cooperation, coordination, and support among all relevant stakeholders, including regional and international organizations, especially UNHCR, United Nations Office on Drugs and Crime (UNODC), International Labour Organization (ILO) and IOM as well as civil society organizations and the private sector.

The Khartoum Process is crucial because it “provides a political forum for facilitating the more practical measures that must be accomplished at international, regional, and national levels.” The African Union aims to develop the African Union Border Programme (AUBP) in order to achieve these measures and goals. The AU is formulating policies that could build on the AU Convention on Cross-Border Cooperation, also known as the Niamey Convention. This Convention serves as the legal instrument of the AUBP. This programme addresses issues as border security, trade migration, infrastructure and communication on border matters, aiming at conflict prevention. The Declaration on the African Union Border Programme and its Implementation Modalities was adopted by the African Ministers in June 2007.[4]

Quo Vadis?

The key factor in this challenge is to eradicate the problem from its roots. More specifically, international actors should continue supporting the transition and the establishment of rule of law in the countries where the migrants originated, supporting investment in development and poverty eradication, supporting resilience, and enhancing sustainable livelihoods and self-reliance opportunities. The Valletta Summit Action Plan serves as a significant example of these efforts. The implementation of the content of this Action Plan is monitored by the Rabat Process, the Khartoum Process, and of the Joint EU-Africa Strategy.

Regarding the detection and combat of smuggling of migrants at sea, the missions responsible for disrupting the business model of smuggling and trafficking currently undertake concerted efforts to identify, capture, and dispose vessels as well as assets used or suspected of being used by migrant smugglers or traffickers. Operation Sophia, launched in June 2015 under the auspices of the EU, provides a notable example of these types of operations.

Another important proposal aimed at the root causes of mixed migration is Article 13 of the Cotonou Agreement, in which many countries of origin of migrants are signatories, and its amendments to be applicable to the recent developments. Article 13 includes aspects of illegal migration and examining its impact with a view to establishing, where appropriate, the means for a preventative policy. Considering the close cooperation between the IMO and European Union, members of the IMO council should urge the EU to proceed with this application of the Article which concerns the promotion of dialogue regarding migration in the framework of the African, Caribbean, and Pacific Group of States (ACP) and EU partnership and provide useful guidelines on how it can be done in an effective way.

Moreover, based on the Berlin Plus Agreement and considering the success of Operation Atalanta, whose aim is to tackle piracy, it is undoubtedly crucial to secure increased cooperation between EU and NATO and the establishment of joint operations. As part of Operation Atalanta, both the EU and NATO performed similar duties in the same operational theater but without an agreed framework, unlike operations Althea and Concordia which were under the auspices of Berlin Plus Agreement.

What motivation do states have to comply with these regulations and to provide efficient proposals and solutions in order to tackle this threat? In a globalized world we cannot be distant viewers. Activity at sea has a global impact. Even within the United Nations Convention on the Law of the Sea (UNCLOS) (article 125) landlocked countries are specifically called out:

Land-locked States shall have the right of access to and from the sea for the purpose of exercising the rights provided for in this Convention including those relating to the freedom of the high seas and the common heritage of mankind. To this end, land-locked States shall enjoy freedom of transit through the territory of transit States by all means of transport.[5]

Considering this, no actor should stay uninvolved in this challenge. Close cooperation at the international and regional level in the medium term can prove that efficient management of the migration crisis in the Mediterranean is not a modern day illusion but a realistic possibility.

Evmorfia-Chrysovalantou Seiti is a graduate of the Master’s Program “Political, Economic and International Relations in the Mediterranean,” Department of Mediterranean Studies, University of the Aegean, Rhodes, Greece.

[1] Sekimizu, Koji. “European Coast Guard Functions Forum.” Presentation September 25, 2014, Speech available at: http://www.imo.org/en/MediaCentre/SecretaryGeneral/SpeechesByTheSecretaryGeneral/Pages/Coastguardforum.aspx

[2] “UN Agencies meet to address unsafe mixed migration by sea.” Briefing: 4; March 4, 2015, Briefing available at: http://www.imo.org/en/MediaCentre/PressBriefings/Pages/04-unsafemigrationbyseaopening.aspx

[3] “Joint statement from IMO Secretary-General Koji Sekimizu and IOM Director-General William L. Swing on enhanced cooperation and collaboration between the two Organizations.” June 29, 2015, Statement available at: https://www.iom.int/sites/default/files/press_release/file/IMO-IOM-Joint-Statement-June-2015.pdf.

[4] “Human Trafficking and Smuggling on the Horn of Africa-Central Mediterranean Route.” SAHAN and IGAD Security Sector Program (ISSP); February 2016, available at: http://igad.int/attachments/1284_ISSP%20Sahan%20HST%20Report%20%2018ii2016%20FINAL%20FINAL.pdf

[5] United Nations Convention on the Law of the Sea of 10 December 1982, available at: http://www.un.org/depts/los/convention_agreements/texts/unclos/part10.htm.