Security Risk Analysis Kuala Lumpur Conference on Piracy

1
Security Risk AnalysisKuala Lumpur Conference
on Piracy Crimes at Sea 18-19 May 2009
2

• Hans Tino Hansen
• Managing Director CEO

3
Content

• Introduction
• Risk Management
• Risk Analysis
• Threat Assessment
• Case Transit Gulf of Aden March 2009
• Conclusion
• Questions

4
1.About Risk Intelligence

• Risk Intelligence is a security intelligence
  company consulting private and governmental
  clients on security threats and risks
• Risk Intelligence is specialised in analysing
  threats from piracy, organised crime, terrorism
  and insurgency

5
1.About Risk Intelligence

• Risk Intelligence provides its clients with
  tailor-made decision-making analysis and
  recommendations through its Analysis and
  Consulting Departments
• Risk Intelligence is one of the leading private
  providers of high quality intelligence-based
  security threat and risk services and products

6
1. Intelligence Analysis Cells
Europe
N. Africa, M. East
Asia Pacific
Americas
Somalia
Nigeria / W. Africa
E. Africa
7
1.Clients

• Shipowners and managers, shipowners associations,
  merchant officers associations, offshore supply,
  construction and drilling companies, oil
  companies, classification, underwriters and war
  risk, maritime authorities, ministries, defence
  and intelligence services
• Clients mainly in Europe but also include in
  Asia, Africa and North America
• Risk Intelligence clients operates about 3500
  vessels and insurance clients covers more than
  15000

8
2. Risk Management

• The Analysis/Assessment of Security Risks is part
  of the overall risk management process.

Risk Analysis/ Assessment
8
9
3. Risk Analysis

• Strategic or Generic Risk Analysis
• Example What is the risk of a hijacking for a
  whole fleet of vessels e.g. one flag transitting
  the Gulf of Aden
• Operational Risk Analysis
• Example what is the risk of a hijacking for a
  specific vessel at a specific date transitting
  the Gulf of Aden

10
3. Risk assessment evaluation
1. StepRisk identification
System definition
Identify Threats and Vulnerabilities
2. StepRisk analysis
Determine likelihood
Determine consequence
3. StepRisk estimationR L x C
Risk estimation
Risk Reduction Measures
Risk evaluation
Tolerable risk not achieved
4. StepRisk evaluation - acceptable?
Risk acceptance
Adapted from AS/NZS 43602004 ISO/IEC Guide 51
11
3. Security Risk Assessment

• Risk Likelihood x Consequence
• Likelihood threat likelihood and likelihood of
  attacker success
• Attacker success dependent on vulnerability
• Consequence potential outcome for the client
• Intent ? Uncertainty

12
3. Threat Assessment

• Methodology
• Sources
• Validation/Verification
• Analysis

13
3. Intelligence Methodology

• Risk Intelligence uses the Intelligence cycle and
  collaborative analysis for intelligence analysis

14
3. Sources

• Open Source Intelligence (OSINT)
• All sources in the public domain Media, web,
  printed media, TV, youtube etc
• Human Sources Intelligence (HUMINT)
• Organisations and networks
• Individuals
• Companies providing information through e.g.
  masters reports
• Post-incident Interviews with management and
  officers
• Image Intelligence (IMINT)
• Photos
• Satellite images
• Sensor-based images from partners

15
3. Validation/Verification

• Validation against other sources
• Validation and exchange between likeminded
  private companies and organisations as well as a
  number of state agencies

16
3. Data base

• MaRisk
• Risk Intelligences web-based maritime security
  monitoring system
• Accessible on subscription-basis
• MaRisk Data Base consists of data from a number
  of maritime-related incidents

17
3. MaRisk Incidents

• Hijacking
• Armed robbery
• Kidnap/Ransom at sea
• Failed attack
• Anti-Piracy/Naval Operations
• Counter-Insurgency
• Insurgency
• Terrorsm
• Suspicious activity
• Other Maritime Crime

18
3. MaRisk data

• Incident category and time/date
• Type of vessel
• Flag
• Cargo and journey or operation
• Description of incident
• Type of perpetrator(s) incl. motivation
• Number of perpetrators and of vessels, weapons
  and other equipment

• Attackers Modus Operandi
• Weather and light
• Weapons used
• Defensive measures
• Military or law enforcement involvment
• Hijack/KR destination
• IMO number and Call Sign, owner/manager
• Photo(s)

19
(No Transcript)
20
(No Transcript)
21
(No Transcript)
22
(No Transcript)
23
(No Transcript)
24
(No Transcript)
25
Layers of intelligence
Focus
Incidents. Continual feed of current maritime
security incidents
Assessments. Overview of maritime risks in an area
Depth
Analysis. In-depth on specific risks
Fact file. Background and statistics
26
MaRisk

• 6 Oct 2009

www.marisk.dk
27
3. Assessing the threat likelihood

• Threat likelihood
• Historical data
• Projection, operational analysis
• Scenarios (what if?)
• Threat likelihood categories
• Threat scenarios
• Based on threat (generic)
• Based on threat vulnerability (specific)

28
3. Likelihood classification
29
3. Example Offshore Nigeria
30
3. Threat elements

• Political/military context
• Motivation/objective
• Geography/battlespace/ext. factors
• Modus operandi
• Personnel
• Transport
• Comms
• Equipment/capabilities
• Tactics

31
3. Vulnerability Assessment

• Vessel spec (speed, freeboard etc)
• Physical security
• Procedural security
• Company/ship relationship
• Crew morale, nationality and skill level
• Operational aspects (incl. cargo)
• Training awareness

32
3.Consequence assessment
33
4. Risk analysis

• Risk identification
• Risk estimation
• Risk evaluation

34
4. Risk Identification Scenarios likelihoods

• Incident likelihoods (can be modified by vessel
  vulnerability and attacker success rates)
  Example OML 126, Nigeria
• Probability of attacker success

35
4. Risk estimation
36
4. Risk analysis
37
4. Risk evaluation

• Likelihood/ consequence classification
• Acceptance criteria
• Risk (treatment) prioritisation
• Countermeasures effects

Likelihood
Avoidance/ mitigation
Consequence
38
Case Transit Gulf of Aden

• Offshore special vessel

39
5. Transit Gulf of Aden

• Task To produce a Security Risk Assessment for
  transit Gulf of Aden of vessel BS March 2009
• Threat Assessment
• Vulnerability Assessment (survey)
• Consequence Assessment

40
5. Transit Gulf of Aden

• Threat Assessment
• Date of planned transit
• Weather conditions
• Lunar lumination
• Fishing areas including one overlapping IRTC East
  and Westbound
• Transit times through potential high risk areas

41
5. Weather Forecast?
2008
2009
42
5. Transit Gulf of Aden

• Modus Operandi changes
• Number of attackers
• Number of boats
• Use of weapons including RPG7
• Change in tactics
• Adaptation/increased risk taking e.g. operating
  in higher waveheights
• Increase in nighttime attacks
• Locations of mother ships (last seen)

43
5. Pirate success rates

• January-March 2009 April 2009
• Success GoA 10-16 Success GoA 50

44
5. Vulnerability Assessment

• Vessel spec (speed, freeboard etc)
• Physical security
• Procedural security
• Company/ship relationship
• Crew morale, nationality and skill level
• Operational aspects (incl. cargo)
• Training awareness

45
Vulnerabilty example

• Exceptionally slow top speed (10 kts).
• Low entry point at the stern
• Apertures at the forward end of the work area on
  both sides abaft the accommodation block.
• Easy access to bridge from Canopy Deck and
  forecastle.
• Bridge has weak doors and is vulnerable to
  gunfire.
• Vanes/doors can be used as climbing aids to
  Canopy Deck level.
• Lack of large single safe haven that meets
  requirements regarding resistance to gun and RPG
  fire.
• Cluttered Canopy Deck impairs vision aft from the
  bridge.

46
5. Consequence

• Hijacking scenario
• Average time held in captivity 47 days for
  relevant vessels 2008 and 2009
• Average time held in captivity 61 days for
  preceeding three months

47
5. Risk Analysis

• Scenarios
• Escorted
• Group Transit
• Armed guards
• x three sub-scenarios depending on weather
  conditions and waveheights
• Total 9 scenarios

48
5. Risk Analysis
49
5. Risk Assessment Conclusion

• The risk levels for the respective transit
  scenarios are
• Naval escort for vessel BS
• LOW for direct escorting and embarked naval
  security forces
• MEDIUM to HIGH for joining a group of ships of
  which one has a naval team on board.
• BS unescorted transit
• HIGH
• BS transit with an embarked armed team
• LOW to MEDIUM

50
6. Risk Analysis

• For general/generic risk analysis e.g. for
  insurance use historic data can be used seen over
  a fleetwide perspective
• For specific operations the risk analysis has to
  be specific

51

• Questions?

52
Contact
Risk Intelligence PO Box 55 08 09 22568
Hamburg Germany Tel 45 70 26 62 30 Fax45 70
26 62 40 hamburg_at_riskintelligence.eu www.riskinte
llgience.eu

• Main Office
• Risk Intelligence ApS
• Vedbaek Stationsvej 18
• 2950 Vedbaek
• Denmark
• Tel 45 70 26 62 30
• Fax45 70 26 62 40
• info_at_riskintelligence.eu
• www.riskintellgience.eu