Offshore Oil and Gas Installations Security: An International Perspective [1 ed.] 0415707307, 9780415707305

Citation preview

OFFSHORE OIL AND GAS INSTALLATIONS SECURITY

MARITIME AND TRANSPORT LAW LIBRARY The Modern Law of Marine Insurance Volume 4 edited by D. Rhidian Thomas 3rd edition (2016) Ship Building, Sale and Finance edited by Barıs¸ Soyer and Andrew Tettenborn (2016) International Maritime Conventions Volume 3 Protection of the Marine Environment by Francesco Berlingieri (2016) International Maritime Conventions Volume Two: Navigation, Securities, Limitation of Liability and Jurisdiction by Francesco Berlingieri (2015) Maritime Law 3rd edition edited by Yvonne Baatz (2015) Offshore Contracts and Liabilities by Baris¸ Soyer and Andrew Tettenborn (2015) Marine Insurance Fraud by Baris¸ Soyer (2015) International Maritime Conventions Volume 1 The Carriage of Goods and Passengers by Sea by Francesco Berlingieri (2014) International Carriage of Goods by Road: CMR 6th edition by Malcolm A. Clarke (2014) The Maritime Labour Convention 2006 International Labour Law Redefined edited by Jennifer Lavelle (2014) Modern Maritime Law Volume 2: Managing risks and liabilities 3rd edition by Aleka Mandaraka-Sheppard (2014)

Modern Maritime Law Volume 1: Jurisdiction and risks by Aleka Mandaraka-Sheppard (2014) Carriage of Goods by Sea, Land and Air Uni-modal and multi-modal transport in the 21st century edited by Barıs¸ Soyer and Andrew Tettenborn (2014) The Law of Yachts and Yachting by Filippo Lorenzon and Richard Coles (2013) Freight Forwarding and Multimodal Transport Contracts 2nd edition by David A. Glass (2013) Marine Insurance Clauses 5th edition by N. Geoffrey Hudson, Tim Madge and Keith Sturges (2013) Pollution at Sea Law and Liability edited by Barıs¸ Soyer and Andrew Tettenborn (2013) Contracts of Carriage by Air 2nd edition by Malcolm A. Clarke (2011) Places of Refuge International Law and the CMI Draft Convention by Eric Van Hooydonk (2011) Maritime Fraud and Piracy 2nd edition by Paul Todd (2011) The Carriage of Goods by Sea under the Rotterdam Rules edited by D. Rhidian Thomas (2011) The International Law of the Shipmaster by John A. C. Cartner, Richard P. Fiske and Tara L. Leiter (2010)

The Modern Law of Marine Insurance Volume 3 edited by D. Rhidian Thomas (2010)

Commencement of Laytime 4th edition edited by Donald Davies (2006)

The Rotterdam Rules: A Practical Annotation by Yvonne Baatz, Charles Debattista, Filippo Lorenzon, Andrew Serdy, Hilton Staniland and Michael Tsimplis (2010)

General Average: Law and Practice 2nd edition by F. D. Rose (2005)

The Evolving Law and Practice of Voyage Charters Edited by D. Rhidian Thomas (2009)

War, Terror and Carriage by Sea by Keith Michel (2005)

Risk and Liability in Air Law by George Leloudas (2010)

Port State Control 2nd edition by Oya Ozcayir (2005)

Legal Issues Relating to Time Charterparties edited by D. Rhidian Thomas (2008)

Modern Law of Marine Insurance: Volume Two edited by D. Rhidian Thomas (2003)

Contracts of Carriage by Land and Air 2nd edition by Malcolm A. Clarke and David Yates (2008)

Commercial and Maritime Statutes edited by Peter Macdonald Eggers and Simon Picken (2001)

Bills of Lading and Bankers’ Documentary Credits 4th edition by Paul Todd (2008)

Bills of Lading: Law and Contracts by Nicholas Gaskell, Regina Asariotis and Yvonne Baatz (2001)

Liability Regimes in Contemporary Maritime Law edited by D. Rhidian Thomas (2007)

Shipbrokers and the Law by Andrew Jamieson (1997)

Marine Insurance: The Law in Transition edited by D. Rhidian Thomas (2007)

This page intentionally left blank

OFFSHORE OIL AND GAS INSTALLATIONS SECURITY AN INTERNATIONAL PERSPECTIVE MIKHAIL KASHUBSKY

First edition published 2016 by Informa Law from Routledge 2 Park Square, Milton Park, Abingdon, Oxon OX14 4RN and by Informa Law from Routledge 711 Third Avenue, New York, NY 10017 Routledge is an imprint of the Taylor & Francis Group, an informa business © 2016 Mikhail Kashubsky The right of Mikhail Kashubsky to be identified as author of this work has been asserted by him in accordance with sections 77 and 78 of the Copyright, Designs and Patents Act 1988. All rights reserved. No part of this book may be reprinted or reproduced or utilised in any form or by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying and recording, or in any information storage or retrieval system, without permission in writing from the publishers. Trademark notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. British Library Cataloguing in Publication Data A catalogue record for this book is available from the British Library Library of Congress Cataloging in Publication Data Names: Kashubsky, Mikhail, author. Title: Offshore oil and gas installations security : an international perspective/Mikhail Kashubsky. Description: Abingdon, Oxon ; New York, NY: Informa Law from Routledge, 2016. | Based on author’s thesis (doctoral - Faculty of Law, University of Wollongong, 2011), issued under title: Offshore Petroleum Security: Analysis of Offshore Security Threats, Target Attractiveness, and the International Legal Framework for the Protection and Security of Offshore Petroleum Installations. | Includes bibliographical references. Identifiers: LCCN 2015040615| ISBN 9780415707305 (hbk) | ISBN 9781315794983 (ebk) Subjects: LCSH: Offshore oil industry – Law and legislation. | Offshore gas industry – Security measures | Offshore oil industry – Law and legislation. | Offshore gas industry – Security measures | Offshore structures – Law and legislation. Classification: LCC K3918 .K37 2016 | DDC 343.07/72 – dc23 LC record available at http://lccn.loc.gov/2015040615 ISBN: 978-0-415-70730-5 (hbk) ISBN: 978-1-31579-498-3 (ebk) Typeset in Plantin by Florence Production Limited, Stoodleigh, Devon, UK

CONTENTS

Detailed contents Figures and tables Table of conventions Foreword Preface Acronyms and abbreviations

ix xviii xix xxv xxvii xxix

1

Offshore petroleum security context

2

Offshore assets and operations

25

3

Offshore security threats

53

4

Offshore target selection considerations

110

5

Legal status of offshore oil and gas installations

151

6

Pre-9/11 international regulatory framework

181

7

Post-9/11 international regulatory responses

256

8

International oil and gas industry responses

304

9

Conclusion

383

Afterword Appendix Selected bibliography Index

400 403 453 471

vii

1

This page intentionally left blank

DETAILED CONTENTS

1

2

OFFSHORE PETROLEUM SECURITY CONTEXT 1 Introduction 2 Key terms and concepts 2.1 Petroleum 2.2 Offshore installations 2.3 Security 2.4 Offshore petroleum security 3 Strategic importance of petroleum 4 Violence associated with the petroleum industry 4.1 Petroleum-related targets and attacks 4.2 Issues concerning data on offshore attacks and security incidents 4.3 Attacks on and interferences with offshore installations 1975–2014 5 Past and present perspectives on offshore petroleum security 6 International responses 7 Conclusion

17 19 22 24

OFFSHORE ASSETS AND OPERATIONS 1 Introduction 2 Global offshore oil and gas industry 3 Types of offshore oil and gas installations 3.1 Fixed offshore oil and gas installations 3.1.1 Jacket structure 3.1.2 Gravity based structure (GBS) 3.1.3 Compliant tower 3.1.4 Tension-leg platform (TLP) 3.2 Mobile offshore oil and gas installations 3.2.1 Jack-up 3.2.2 Submersible 3.2.3 Drilling barge 3.2.4 Semisubmersible 3.2.5 Spar 3.2.6 Drill ship

25 25 26 30 31 32 33 33 33 34 34 35 36 36 36 37

ix

1 1 3 3 3 4 5 7 13 15 16

CONTENTS

4

5 3

3.2.7 Floating production, storage and offloading unit (FPSO) 3.2.8 Floating storage and offloading unit (FSO) 3.2.9 Floating drilling, production, storage and offloading unit (FDPSO) 3.2.10 Floating storage and regasification unit (FSRU) 3.2.11 Floating liquefied natural gas unit (FLNG) Organisational and operational aspects 4.1 Organisational structure of an oil company 4.2 Offshore installation crew 4.3 Supervisory control systems 4.4 Interaction with other maritime industry participants Conclusion

OFFSHORE SECURITY THREATS 1 Introduction 2 What is an offshore security threat? 3 Identifying and categorising offshore security threats 4 Framework for evaluating offshore security threats 4.1 Geography and enabling factors 4.2 Motivations and objectives 4.3 Capabilities and tactics 5 Evaluation of offshore security threats 5.1 Piracy 5.1.1 Geography and enabling factors 5.1.2 Motivations and objectives 5.1.3 Capabilities and tactics 5.2 Terrorism 5.2.1 Geography and enabling factors 5.2.2 Motivations and objectives 5.2.3 Capabilities and tactics 5.3 Insurgency 5.3.1 Geography and enabling factors 5.3.2 Motivations and objectives 5.3.3 Capabilities and tactics 5.4 Organised crime 5.4.1 Geography and enabling factors 5.4.2 Motivations and objectives 5.4.3 Capabilities and tactics 5.5 Vandalism 5.5.1 Geography and enabling factors 5.5.2 Motivations and objectives 5.5.3 Capabilities and tactics 5.6 Civil protest 5.6.1 Geography and enabling factors 5.6.2 Motivations and objectives 5.6.3 Capabilities and tactics x

38 38 38 39 39 40 41 42 48 50 51 53 53 54 55 56 57 59 60 61 61 62 63 63 64 67 68 70 71 73 74 76 77 78 79 80 81 82 82 83 84 85 85 86

CONTENTS

6 7

8 4

5.7 Internal sabotage 5.7.1 Geography and enabling factors 5.7.2 Motivations and objectives 5.7.3 Capabilities and tactics 5.8 Inter-state hostilities 5.8.1 Geography and enabling factors 5.8.2 Motivations and objectives 5.8.3 Capabilities and tactics 5.9 Cyber threats 5.9.1 Geography and enabling factors 5.9.2 Motivations and objectives 5.9.3 Capabilities and tactics 5.10 Unauthorised/suspicious conduct Links between offshore security threats Ranking of offshore security threats 7.1 Piracy 7.2 Terrorism 7.3 Insurgency 7.4 Organised crime 7.5 Vandalism 7.6 Civil protest 7.7 Internal sabotage 7.8 Inter-state hostilities 7.9 Cyber threats Conclusion

OFFSHORE TARGET SELECTION CONSIDERATIONS 1 Introduction 2 What is offshore target attractiveness? 3 Assessing the attractiveness of offshore targets 3.1 Vulnerabilities 3.1.1 Inherent structural/design vulnerabilities 3.1.2 Lax security and protection 3.1.3 Location 3.1.4 Stationary position and low manoeuvrability 3.1.5 Dense concentration and interconnectivity 3.1.6 Diversity of offshore industry personnel 3.1.7 Availability of target information 3.1.8 Cyber vulnerabilities 3.2 Additional incentives 3.2.1 Sensitive equipment/components on board 3.2.2 Volatile and hazardous materials on board 3.2.3 Public profile and symbolic value 3.3 Deterrents 3.3.1 Operational/tactical difficulties 3.3.2 Increased level of security and protection xi

88 89 89 89 90 92 93 94 94 95 96 97 99 100 103 104 104 105 105 105 105 106 106 107 108 110 110 112 112 114 115 116 116 117 117 118 119 120 121 121 122 122 123 124 125

CONTENTS

4 5

6 7 8 5

3.4 Consequences 3.4.1 Loss of life and personal injury 3.4.2 Damage to and destruction of offshore installations 3.4.3 Environmental harm 3.4.4 Process interruptions and shutdowns 3.4.5 Petroleum supply disruptions 3.4.6 Economic costs and financial losses 3.4.7 Petroleum price rises and market fluctuations 3.4.8 Economic externalities 3.4.9 Fear and intimidation 3.4.10 Loss of confidence and industry reputation 3.4.11 Political and foreign relations impacts 3.4.12 Inability to achieve desired effects 3.4.13 Undesired effects on external stakeholders Ranking of offshore target attractiveness Offshore attacks and interferences methods/scenarios 5.1 Threat of attack or bomb threat 5.2 Detonation of explosives or bombs 5.3 Underwater attack 5.4 Direct attack 5.5 Armed intrusion 5.6 Takeover and seizure 5.7 Abduction and hostage taking 5.8 Use of ship or aircraft as a weapon 5.9 Internal attacks and interferences 5.10 Cyber attacks 5.11 Protests and interferences 5.12 Simultaneous attacks and interferences Credibility of offshore attack methods/scenarios Likelihood of attacks on offshore installations Conclusion

LEGAL STATUS OF OFFSHORE OIL AND GAS INSTALLATIONS 1 Introduction 2 Offshore oil and gas installations as ships 2.1 Treaty law 2.1.1 Fixed offshore installations as ships 2.1.2 Mobile offshore installations as ships 2.1.3 The ‘dual status approach’ 2.1.4 Offshore installations as a separate category 2.2 State practice – judicial interpretations 3 Offshore oil and gas installations as ports 3.1 Treaty law 3.1.1 Legal status of waters around offshore ports 3.1.2 Port state control and offshore installations xii

126 127 127 128 128 129 130 131 132 132 134 134 135 135 136 137 137 138 139 140 140 141 141 142 143 144 145 146 147 148 149

151 151 152 154 154 155 159 162 165 168 169 171 173

CONTENTS

4 6

3.2 State practice – legislation Conclusion

175 179

PRE-9/11 INTERNATIONAL REGULATORY FRAMEWORK 1 Introduction 2 Pre-1958 Legal Framework 3 1958 Geneva Conventions 3.1 Convention on the Territorial Sea and the Contiguous Zone 1958 3.2 Convention on the High Seas 1958 3.3 Convention on the Continental Shelf 1958 4 The 1982 Law of the Sea Convention framework 4.1 Installations in the internal waters 4.1.1 Protection measures 4.1.2 Enforcement jurisdiction 4.2 Installations in the territorial sea 4.2.1 Protection measures and innocent passage 4.2.2 Enforcement jurisdiction 4.3 Installations in the contiguous zone 4.4 Installations in the archipelagic waters 4.4.1 Protection measures 4.4.2 Enforcement jurisdiction 4.5 Installations in the EEZ and on the continental shelf 4.5.1 Protection measures 4.5.2 Enforcement jurisdiction 4.6 Installations on the continental shelf beyond 200 nautical miles 4.6.1 Protection measures 4.6.2 Enforcement jurisdiction 4.6.3 Installations on the seabed beyond national jurisdiction 4.6.4 Protection measures 4.6.5 Enforcement jurisdiction 4.7 The law of piracy and offshore oil and gas installations 4.7.1 Illegal act of violence or detention or an act of depredation 4.7.2 The ‘private ends’ requirement 4.7.3 Property in a place outside the jurisdiction of any state 4.7.4 The legal treatment of offshore installations as ships 4.7.5 Territorial/geographic scope of piracy 4.7.6 Jurisdiction over piracy 4.7.7 Internal seizures of offshore installations 4.7.8 Pirate ships 4.7.9 The importance of domestic law 5 The 1988 SUA framework 5.1 SUA Convention 1988 5.1.1 Application to offshore installations 5.1.2 Offences 5.1.3 Jurisdiction 5.1.4 Arrest, extradition and prosecution xiii

181 181 182 182 183 184 185 187 189 190 190 190 191 197 199 200 200 201 202 202 207 214 215 215 216 219 220 220 221 222 223 224 225 226 227 228 228 229 231 231 233 234 235

CONTENTS

5.1.5 Enforcement 5.2 SUA Protocol 1988 5.2.1 Application to offshore installations 5.2.2 Offences 5.2.3 Jurisdiction 5.2.4 Arrest, extradition and prosecution 5.2.5 Enforcement 5.3 Issues applicable to both 1988 SUA Treaties Other pre-9/11 regulatory security measures and initiatives 6.1 IMO Resolution A.671(16) 6.2 IMO General Provisions on Ships’ Routeing 6.3 Convention against the Taking of Hostages 1979 6.4 Convention against Transnational Organised Crime 2000 6.5 Model national law on acts of piracy and maritime violence Conclusion

236 237 237 238 239 239 240 240 244 245 246 249 251 252 254

POST-9/11 INTERNATIONAL REGULATORY RESPONSES 1 Introduction 2 SOLAS Convention amendments 2002 3 ISPS Code 4 Seafarer identification framework 5 The SUA framework amendments 2005 5.1 SUA Convention 2005 5.2 SUA Protocol 2005 5.3 Issues applicable to both 2005 SUA Treaties 6 Long-range identification and tracking of ships 7 Other relevant post-9/11 regulatory security initiatives 7.1 CMI draft guidelines for national legislation on maritime criminal acts 7.2 Guidelines on security arrangements of non-SOLAS ships 7.3 Guidelines for the development of national maritime security legislation 7.4 Extension of safety zones around offshore installations 7.5 Security training of seafarers and offshore personnel 8 The right of self-defence and offshore installations 8.1 Conduct constituting an ‘armed attack’ 8.1.1 Attacks by non-state actors as ‘armed attacks’ 8.1.2 Kinetic attacks on offshore installations as ‘armed attacks’ 8.1.3 Cyber attacks on offshore installations as ‘armed attacks’ 8.2 The use of self-defence to protect offshore installations 8.2.1 Lawful exercise of the right of self-defence 8.2.2 Anticipatory self-defence 8.2.3 Restricting navigation in self-defence 8.2.4 Exercise of the right of self-defence by third states 9 Conclusion

256 256 256 258 265 269 270 273 275 276 279

6

7 7

xiv

279 280 282 283 285 287 289 292 293 294 295 295 297 299 302 303

CONTENTS

8

INTERNATIONAL OIL AND GAS INDUSTRY RESPONSES 1 Introduction 2 International and industry standards and practices 2.1 International standards 2.2 Regional and national standards 2.3 Industry self-regulation 2.4 Company specifications and practices 3 Security management systems 3.1 SMS concepts and principles 3.1.1 Security and operating management 3.1.2 Security and quality management 3.1.3 Security and risk management 3.1.4 Security management principles 3.1.5 Security excellence 3.2 SMS components 3.2.1 Credibility and integration 3.2.2 Policies, objectives and tasks 3.2.3 Threat, vulnerability and security risk assessment 3.2.4 Controls 3.2.5 Security risk register 3.2.6 Planning and resourcing 3.2.7 Execution and control activities 3.2.8 Monitor and security reporting 3.2.9 Review 3.2.10 Learning 3.2.11 Reporting to top management 3.3 SMS benefits 4 Offshore security controls and protection measures 4.1 Procedural security controls 4.1.1 Security risk assessments 4.1.2 Security policy and security plan 4.1.3 Operating security procedures 4.1.4 Communication and coordination 4.1.5 Sensitive information and records handling 4.1.6 Preventive maintenance 4.1.7 Change and configuration management 4.1.8 Security drills and exercises 4.2 Physical security controls 4.2.1 Structural protection and integrity 4.2.2 Access control 4.2.3 Perimeter security 4.2.4 Surveillance and detection 4.2.5 Security guard force management 4.2.6 Security alert response 4.2.7 Security incident management 4.2.8 Operational continuity management xv

304 304 305 305 308 309 310 311 312 312 315 316 318 319 321 322 322 323 323 324 324 325 325 326 326 327 328 328 331 331 333 334 335 336 337 338 339 340 341 342 344 344 346 348 349 351

CONTENTS

4.3 Personnel security controls 4.3.1 Security administration/organisation 4.3.2 Pre-employment screening 4.3.3 Identity management 4.3.4 Security culture, awareness and training 4.3.5 Employee management and supervision 4.3.6 Social engineering prevention 4.3.7 Prohibited and controlled items or activities 4.3.8 Personnel protection 4.4 Technical security controls 4.4.1 Secure network architecture and configuration 4.4.2 Hardware and software integrity and patch management 4.4.3 User accounts and privilege management 4.4.4 Transmission security 4.4.5 Cryptographic protection 4.4.6 Malware protection 4.4.7 Protective monitoring 4.4.8 Command, control and response capability 4.5 Stakeholder security controls 4.5.1 Stakeholder mapping 4.5.2 Government relations management 4.5.3 Community engagement and local integration 4.5.4 Industry partnerships and mutual aid 4.5.5 Contract management 4.5.6 Supply chain management 4.5.7 Media management 4.5.8 Compliance management Residual risk management and continuous improvement Conclusion

352 352 353 354 355 356 357 358 358 359 360 362 364 366 366 368 369 370 371 371 372 373 375 376 377 378 379 379 381

CONCLUSION 1 Introduction 2 Key questions 3 Key issues and findings 3.1 How common are attacks on offshore oil and gas installations? 3.2 Where are offshore oil and gas installations attacked? 3.3 What types of offshore installations are attacked or need to be protected? 3.4 Who attacks offshore oil and gas installations? 3.5 Why are offshore oil and gas installations attacked? 3.6 How are offshore oil and gas installations attacked? 3.7 What is the legal status of offshore oil and gas installations? 3.8 How is offshore installations security regulated at the international level? 3.8.1 The information acquisition/situational awareness framework

383 383 383 384 385 385

5 6 9

xvi

386 386 387 388 388 389 390

CONTENTS

4

5

3.8.2 The protection/prevention framework 3.8.3 The response/penal framework 3.9 How has the industry responded to offshore installations security? How can the security of offshore installations be improved? 4.1 Considerations for reform 4.2 Suggestions for further research Concluding remarks

390 393 395 395 396 397 398

Afterword

400

Appendix: Attacks, unlawful interferences and security incidents involving offshore oil and gas installations: Offshore Installations Attack Dataset (OIAD)

403

Selected bibliography

453

Index

471

xvii

FIGURES AND TABLES

Figures 1.1 1.2 1.3 2.1 2.2 2.3 2.4 3.1 3.2 4.1 6.1 6.2 8.1 8.2 8.3 8.4

Global primary energy consumption in 2014 Crude oil prices 1974–2014 Attacks on/unlawful interferences with offshore installations 1975–2014 Examples of fixed and mobile offshore oil and gas installations Examples of floating offshore oil and gas installations Basic structure of an independent oil company Basic offshore drilling rig crew structure and hierarchy Offshore security threats nexus Alternate illustration of offshore security threat nexus Offshore target attractiveness factors Legal divisions of the oceans and airspace Maritime zones of jurisdiction in the context of offshore installations IOGP security management system model Security and quality management ISO 31000 risk management principles, framework and process Security controls for offshore oil and gas installations

9 13 18 32 35 43 47 102 103 114 188 189 314 315 317 331

Tables 1.1 1.2 1.3 3.1 9.1

Top 10 oil and gas producing states in 2014 Top 10 net oil exporters and importers in 2013 Top 10 net natural gas exporters and importers in 2014 Example of offshore security threat ranking International legal framework for offshore installations security

xviii

10 11 11 107 394

TABLE OF CONVENTIONS

Draft Convention on Offshore Units, Artificial Islands and Related Structures Used in the Exploration for and Exploitation of Petroleum and Seabed Mineral Resources (Draft Offshore Units Convention) ............ 163 Art. I(1)(a) ......................................163n Art. I(1)(h) ......................................163n International Convention on Civil Liability for Bunker Oil Pollution Damage 2001 (Bunker Convention) Art. 1(1)............................................156 International Convention on Civil Liability for Oil Pollution Damage 1992 (CLC 1992) ..............................................157, 166 Art. 1.1 ...........................................157n Convention on Civil Liability for Oil Pollution Damage Resulting from Exploration and Exploitation of Seabed Mineral Resources 1977 (CLEE) Art. 1(2)(a)........................................162 United Nations Convention on Conditions for Registration of Ships 1986 (Ship Registration Convention) Art. 2 ................................................159 Convention on the Continental Shelf 1958 (Continental Shelf Convention) .................183, .............................185–87, 203, 206, 207 Art. 1 ..............................................185n Art. 2 ..............................................185n Art. 5 ..............................................203n Art. 5(1)..........................................186n Art. 5(2)..........................................203n Art. 5(2)–(3)....................................186n Art. 5(3)..........................................186n Art. 5(4)..........................................186n Art. 5(7)..........................................186n International Convention on the Control of Harmful Anti-fouling Systems on Ships 2001 (AFS Convention) Art. 2(9) ......................................154–55

Art. 3(1)(c)........................................175 Art. 4(1)............................................175 Art. 11(1) ..........................................175 Art. 11(4) ..........................................175 International Convention for the Control and Management of Ships’ Ballast Water and Sediments 2004 (Ballast Water Convention) 156–57 Art 1(12) .........................................157n Art. 9(1)............................................175 Art. 10(2) ..........................................175 Art. 10(4) ..........................................175 International Convention on the Establishment of an International Fund for Compensation for Oil Pollution Damage 1992 (1992 Fund Convention).............................157, 166 Convention on the High Seas 1958 (High Seas Convention) ......................183, 186, 187 Art. 1 ..............................................184n Art. 2, 183n.....................................184n Art. 6(1)..........................................185n Art. 14 ............................................185n Arts. 14–23......................................183n Art. 15 ............................................185n Art. 19 ............................................185n Art. 22(1)(a)....................................185n Art. 23 ............................................185n Convention on the International Maritime Satellite Organization 1976 (INMARSAT Convention) ......................................... 157 Art. 1(f)...........................................157n Convention on the International Regulations for Preventing Collisions at Sea 1972 (1972 Collisions Regulations).................... 158 Rule 3(a) .........................................158n United Nations Convention on the Law of the Sea (LOSC), 1982 .........22, 91, 187–229, ..................................277, 286, 389, 390 Art. 1(1)..........................................216n Art. 1(5)(a)(i) ....................................160

xix

TABLE OF CONVENTIONS

Art. 2 ..............................................190n Art. 2(1) ................................172n, 189n Art. 2(3)..........................................191n Art. 5 ..............................................202n Art. 8(1) ................................171n, 189n Art. 11........................159n, 169–70, 178 Art. 17 ..............................................191 Arts. 17–27......................................159n Arts. 17–28......................................188n Art. 18(1) ..........................................172 Art. 19(1) ..........................................191 Art. 19(2) ................................191n, 192 Art. 19(2)(c)....................................191n Art. 19(2)(f) ....................................170n Art. 19(2)(h) ...................................191n Art. 19(2)(k) ..................159n, 191n, 192 Art. 19(2)(l) ....................................191n Art. 19(c) ..........................................191 Art. 19(k) ..........................................191 Art. 21(1)(b) ..........159n, 191, 196, 196n Art. 21(1)(f) ....................................195n Art. 21(4) ........................................191n Art. 22(1) ........................................191n Art. 24(1) ........................................197n Art. 24(1)(a)....................................191n Art. 24(2) ..............................119n, 197n Art. 25(1) ........................................194n Art. 25(2) ..........................................172 Art. 25(3)...............194, 194n, 195, 195n Art. 27 .............................197, 198, 236n Art. 27(1) ........................................197n Art. 27(1)(a)....................................198n Art. 27(1)(b) ...................................198n Art. 27(2) ........................................198n Art. 27(4) ........................................198n Art. 27(5) ........................................198n Art. 30 ............................................196n Art. 31 ............................................196n Art. 33 ..............................................199 Art. 44 ............................................195n Art. 45 ............................................195n Art. 46 ............................................187n Art. 47 ............................................187n Art. 48 ............................................187n Art. 49(1)–(2)..................................200n Art. 52 ............................................201n Art. 52(2) ........................................201n Art. 53(1) ........................................201n Art. 53(2) ........................................201n Art. 53(3) ........................................201n Art. 53(12) ......................................201n Art. 55 ............................................187n Art. 56 ................160, 173n, 187n, 202n, ...............................................209n, 225 Art. 56(1) ........................................216n

Art. 56(1)(a) ..........................202n, 208n Art. 57 ............................................202n Art. 58(2) ..........................61n, 225, 227 Art. 59.....................................213, 214n Art. 60 ..........................159n, 160, 173n, .........................187n, 188n, 198n, 200n, ..............................202, 225, 239n, 275n Art. 60(1) ........................................214n Art. 60(2)..............159n, 202, 214n, 215, ....................216n, 234, 236n, 239, 240n Art. 60(3) ........................................119n Art. 60(4)...................203, 204, 206, 219 Art. 60(4)–(5)..................................215n Art. 60(4)–(7)..................................203n Art. 60(5)............173, 173n, 197n, 203n, ........................204n, 205, 206, 207, 283 Art. 60(6) ........................................203n Art. 60(7) ........................................203n Art. 76 .........................187n, 202n, 214n Art. 76(5) ........................................187n Art. 76(8) ........................................214n Art. 77 ............................................202n Art. 78(1) ..............................214n, 215n Art. 78(2) .............204n, 207, 211n, 215n Art. 80 ................160, 187n, 188n, 200n, ......................202, 214n, 215, 225, 275n Art. 82 ............................................215n Art. 82(4) ........................................215n Art. 86 ............................................214n Art. 87(1) ..........................................215 Art. 87(1)(d) ........159n, 188n, 214, 217n Art. 92(1).....................159n, 215n, 220n Art. 94(7) ........................................159n Art. 100 .................216n, 220, 220n, 224 Arts. 100–107..................................188n Art. 101 ..........61, 220–21, 222, 224, 227 Art. 101(a).............................221n, 224n Art. 101(a)(i) ...................225, 227n, 396 Art. 101(a)(ii)....................................224 Art. 101(c)...............................221n, 226 Art. 103.............................................228 Art. 105......61n, 216n, 226n, 227n, 228n Art. 109...........................................159n Art. 110 ......................188n, 216n, 226n, ......................................227n, 228n, 236 Art. 111 .................188n, 199, 213, 216n Art. 111(1) ............................198n, 199n Art. 111(1)–(2)................................201n Art. 111(2).......................209n, 210, 219 Art. 111(4) ................................210, 213 Art. 135.............................................217 Art. 136...........................................217n Art. 139(1) ......................................218n Art. 145(a) ......................................170n Art. 147(2) ......................................188n

xx

TABLE OF CONVENTIONS

Art. 147(2)(a) ........................119n, 217n Art. 147(2)(c)....................................219 Art. 153(1) ......................................218n Art. 153(2) ......................................218n Art. 156...........................................217n Art. 157(1) ......................................217n Art. 157(2) ......................................217n Art. 194(3) ......................................170n Art. 209(2)...................159n, 170n, 218n Art. 211...........................................159n Art. 211(3) ........................................174 Art. 211(4) ......................................195n Art. 214...........................................159n Art. 216(c) ......................................174n Art. 218(1) ......................................174n Art. 219 .........................159n, 174, 174n Art. 220...........................................174n Art. 220(1) ......................................174n Art. 246(2) ......................................209n Art. 246(5) ......................................209n Art. 246(6) ......................................209n Arts. 258–62....................................159n Art. 274(b) ......................................170n Art. 301 ...........................208, 208n, 289 Pt. VI, 214 Pt. VII, 214n Pt. XI, 187n Pt. XII, 198 International Convention on Limitation of Liability for Maritime Claims 1976 (LLMC) Art. 15(5)(b) .....................................164 International Convention on Oil Pollution Preparedness, Response and Co-operation 1990 (OPRC) ...................................... 163 Art. 2(3) ................................163n, 228n Art. 2(4) ........................163n, 170, 170n Art. 2(5)..........................................170n Art. 3(1)(b) .......................................174 Preamble .........................................170n Convention on the Physical Protection of Nuclear Material 1979 ............................271n Convention for the Prevention of Marine Pollution by Dumping from Ships and Aircraft 1972 (1972 Oslo Convention)........155 Art. 19 ............................................155n Convention on the Prevention of Marine Pollution by Dumping of Wastes and other Matter 1972 (1972 London Convention) Art. III(1)(a)......................................164 Art. III(2)..........................................164 International Convention for the Prevention of Marine Pollution from Ships 1973 (MARPOL) ............................................154 Art. 2(3)..........................................154n

Art. 2(4) ................................154n, 228n Art. 5(2)............................................174 Art. 5(3)............................................174 Art. 6(2)............................................174 International Convention for the Prevention of Pollution of the Sea by Oil 1954 (OILPOL) ..............................................173 Art. 1(1)............................................160 Art. VIbis (4)..............................172, 174 Convention on the Prevention and Punishment of Crimes against Internationally Protected Persons, including Diplomatic Agents 1973 .....................................................271n Convention on the Protection of the Marine Environment of the Baltic Sea Area 1974 (1974 Helsinki Convention) .............155 Art. 2(4)..........................................155n International Convention Relating to Intervention on the High Seas in Cases of Oil Pollution Casualties 1969 (1969 Intervention Convention) ...........................164 Art. II(2) .........................................164n International Convention on the Removal of Wrecks 2007 (Wreck Removal Convention) Art 1(2).............................................161 International Convention for the Safe and Environmentally Sound Recycling of Ships 2009 (Ship Recycling Convention) Art. 2(7)............................................156 Art. 8(1)............................................174 Art. 9(2) ......................................174–75 International Convention for the Safety of Life at Sea 1974 (SOLAS Convention), 23................256, 258, 389, 390 Annex reg. I/2(d) ..............................259n, 262n reg. I/3(a) ........................................259n reg. V/10.1 ......................................248n reg. V/10.2 ......................................246n reg. V/10.4 ......................................246n reg. V-19/1.2.1 ................................277n reg. V-19/1.5 ...................................277n reg. V-19/1.8.1.1..............................277n reg. V-19/1.8.1.2..............................277n reg. V-19/1.8.1.3..............................277n reg. V-19/1.8.1.4..............................277n reg. V-19/2 ......................................257n reg. V-19/2.4 ...................................257n reg. V-19/4 ......................................257n reg. V-19/5 ......................................257n reg. IX/1..........................................259n reg. XI-1/3.......................................257n reg. XI-1/5.......................................257n reg. XI-2/1 ...............................259, 259n

xxi

TABLE OF CONVENTIONS

reg. XI-2/1, para 9 ...........................171n reg. XI-2/1.1....................................263n reg. XI-2/2.......................................259n reg. XI-2/2.1....................................264n reg. XI-2/2.3....................................259n reg. XI-2/4.......................................257n reg. XI-2/6.......................................257n reg. XI-2/6.1.4.................................264n reg. XI-2/8.......................................257n reg. XI-2/9.......................................257n reg. XI-2/13.....................................257n Chapter V .........................................277 Chapter XI-2, 171.............257, 258, 260, .........................261, 262, 264, 280, 282, ..........................283, 285, 303, 390, 392 International Convention on Salvage 1989 (1989 Salvage Convention)..................... 161 Art 1(b)...........................................161n Art. 3 ..............................................161n International Convention on Standards of Training, Certification and Watchkeeping for Seafarers 1978 (STCW Convention) .....285 reg. VI/6 ............................................285 Convention and Statute of the International Regime of Maritime Ports 1923 (1923 Ports Convention).....................................169 Art. 1 ..............................................169n International Convention for the Suppression of Acts of Nuclear Terrorism 2005 ........... 271n International Convention for the Suppression of the Financing of Terrorism 1999 ...........271n International Convention for the Suppression of Terrorist Bombings 1997.............270n, 271n Convention for the Suppression of Unlawful Acts against the Safety of Civil Aviation 1971 .....................................................271n Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation 1988 (1988 SUA Convention), 22...230, 231–37, 243, 256, 389 Art. 1 .............................228n, 231n, 233 Art. 2 ..............................................231n Art. 3.....................................241n, 242n Art. 3(1)..........................................233n Art. 3(1)(a)........................................233 Art. 3(1)(c)......................................241n Art. 3(2)..........................................234n Art. 3(2)(b) .....................................241n Art. 4(1) ....................................160, 231 Art. 5 ...........................234n, 238n, 239n Art. 6 ..............................................234n Art. 6(1) ................................234n, 236n Art. 6(1)(a)......................................234n Art. 6(2)..........................................234n Art. 7.....................................238n, 239n

Art. 7(1)..........................................235n Art. 7(2)..........................................235n Art. 7(5)..........................................235n Art. 8.......................................235, 236n Art. 8(2)..........................................235n Art. 8(3)..........................................235n Art. 8(4)..........................................235n Art. 9 ..............................................236n Art. 10 ............................................235n Arts. 10–16 ............................238n, 239n Art. 11 ............................................235n Art. 11(5) ..........................................236 Art. 12 ............................................236n Art. 13(1) ..........................................242 Art. 14 ............................................242n Preamble .........................................236n para 7..............................................242n para 14 ............................................242n Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation 2005 (2005 SUA Convention) ...............................275–76, 389 Art. 1(1)(c)......................................270n Art. 1(1)(d) .....................................270n Art. 1(2)(a)......................................270n Art. 1(a) ..........................................270n Art. 3bis...........................................270n Art. 3bis (1)(a).................................270n Art. 3bis (1)(a)(i)–(iii) ......................271n Art. 3bis (1)(a)(iv)............................271n Art. 3bis (1)(b).................................271n Art. 3bis (2) .....................................271n Art. 3quater......................................270n Art. 3quater (b)–(e) ..........................272n Art. 3ter ...........................................272n Art. 4 ..............................................270n Art. 5bis (1) .....................................272n Art. 5bis (1)–(3) ...............................272n Art. 8bis...........................................272n Art. 8bis (5) .....................................273n Art. 8bis (5)(a)–(c) ...........................273n Art. 8bis (7) .....................................273n Art. 8bis (10) ...................................273n Art. 11bis.........................................273n Art. 11ter .........................................273n Art. 22 ............................................272n Convention for the Suppression of Unlawful Seizure of Aircraft 1970 ..........................271n International Convention against the Taking of Hostages 1979 (Hostages Convention) ......................249–51, 271n, 389 Art. 1 ................................................249 Art. 1(1)..........................................249n Art. 1(2)..........................................250n Art. 5(1)(a)–(c)................................250n

xxii

TABLE OF CONVENTIONS

Art. 5(1)(b) .....................................250n Art. 5(1)(d) .....................................250n Art. 5(2)..........................................250n Art. 6(1)..........................................250n Art. 8(1).............................250–51, 251n Art. 9 ..............................................251n Art. 13 ..............................................250 Art. 14 ............................................251n Preamble .........................................249n Convention on the Territorial Sea and the Contiguous Zone 1958 (Territorial Sea Convention) ........................182–83, 186, 187 Art. 1 ..............................................183n Art. 2 ..............................................183n Art. 5(1)..........................................171n Art. 14(1) ..........................................183 Art. 14(4) ................................183, 183n Arts. 14–22......................................183n Art. 15(1) ..........................................184 Art. 15(2) ........................................184n Art. 16(1) ........................................184n Art. 16(3) ........................................184n Art. 17 ............................................184n Art. 24(1) ........................................184n Art. 24(2) ........................................184n United Nations Convention against Transnational Organized Crime 2000 (UNTOC) .................................251–52, 389 Art. 1 ..............................................251n Art. 2(a) ..........................................251n Art. 3(1)..........................................251n Art. 3(2)..........................................251n Art. 5 ..............................................252n Art. 6(a)–(b)....................................252n Art. 15(1)(a)....................................252n Art. 15(1)(b) ...................................252n Art. 15(2)(a)–(c)..............................252n Art. 15(5) ........................................252n Art. 16 ............................................252n International Convention for the Unification of Certain Rules relating to Bills of Lading for the Carriage of Goods by Sea 1924 (Hague Rules) ....................................158–59 Art. 1(d)..........................................159n Geneva Conventions 1958 ..............................182 International Ship and Port Facility Security Code (ISPS Code)..............23, 256, ...........................257, 258–65, 261, 283, ..........................................303, 389, 390 Pt. A........................................258, 263n Pt. B.................171, 258, 260, 262n, 263 s. 1.2.1 ............................................263n s. 2.2 ...............................................259n s. 3.1 .....................................259n, 264n s. 3.3 ...............................................259n

s. 4.19 .............................................260n s. 4.20 .............................................260n s. 4.27 ...............................................171 s. 7 ..................................................259n s. 8 ........................................259n, 263n s. 9 ..................................................259n s. 9.1 ...............................................263n s. 9.51 .............................................262n s. 11 ................................................259n s. 11.1 .............................................263n s. 12 ................................................259n s. 12.1 .............................................263n s. 13 ................................................259n s. 13.1 .............................................263n s. 13.2 .............................................263n s. 15 ................................................259n s. 16 ................................................259n s. 17 ................................................259n s. 18 ................................................259n s. 19.1.1 ..........................................263n s. 19.2.1 ..........................................263n s. 19.3.1 ..........................................263n Protocol of 1978 Relating to the International Convention for the Prevention of Marine Pollution from Ships 1973.............................................154n Protocol of 1992 to Amend the International Convention on Civil Liability for Oil Pollution Damage of 29 November 1969..............................157n Protocol of 2003 to the International Convention on the Establishment of an International Fund for Compensation for Oil Pollution Damage 1992 ........................................157n Protocol for the Suppression of Unlawful Acts against the Safety of Fixed Platforms located on the Continental Shelf 1988 (1988 SUA Protocol) ...........22–23, ...................................230, 237–40, 256, ...............................................271n, 389 Art. 1(1) ......................237n, 238n, 239n Art. 1(2)............................................238 Art. 1(3) ..................................160n, 237 Art. 2 .............................238, 241n, 242n Art. 2(1)..........................................238n Art. 2(1)(b)–(d) .................................238 Art. 2(1)(c)......................................241n Art. 2(2)..........................................238n Art. 2(a)–(c) ....................................238n Art. 3 ................................................240 Art. 3(1)..........................................239n Art. 3(2)..........................................239n Art. 3(5)..........................................239n Art. 4 ................................................240

xxiii

TABLE OF CONVENTIONS

Preamble, para 5..............................242n Protocol for the Suppression of Unlawful Acts against the Safety of Fixed Platforms located on the Continental Shelf 2005 (2005 SUA Protocol).............................275–76, 303, 389 Art. 1(1) ................................273n, 274n Art. 1(2)..........................................274n Art. 1(3)..........................................273n Art. 2bis (a)–(b) ...............................274n Art. 2bis (c) .....................................274n Art. 2ter (a)......................................274n Art. 2ter (b)–(e) ...............................274n Art. 3 ..............................................274n Art. 3(1)..........................................274n Art. 3(2)..........................................274n Art. 4 ..............................................275n Art. 6, 273n

Protocol for the Suppression of Unlawful Acts of Violence at Airports Serving International Civil Aviation 1988.............271n Seafarer’s Identity Documents Convention (Revised) 2003 (SID Convention)........... 268, ..........................................303, 390, 397 Annex 1...........................................265n Art. 1(1) ................................266n, 267n Art. 1(2)............................................266 Art. 1(3).............................266–67, 267n Art. 2(1)............................................266 Art. 2(3)............................................266 Art. 3 ..............................................265n Art. 3(8)..........................................265n Art. 4(1)..........................................266n Art. 4(4)–(5)....................................266n Seafarers’ Training, Certification and Watchkeeping Code (STCW Code) ........285

xxiv

FOREWORD

I am very pleased to write this Foreword for Dr Mikhail Kashubsky’s book on offshore oil and gas security as the topic is one of great importance and his book is informative and well researched. This book is comprised of his revised and expanded PhD thesis which he has taken some years to write and the care into which he has gone with the many aspects of offshore oil and gas installation security is reflected throughout the work. I say the topic is important as the security of offshore platforms against criminal terrorists is of great concern, and rightly so. As the author points out, the risk of a ship or aircraft ramming into an oil rig is very real and if the resulting loss of life and destruction gives rise to a huge quantity of oil then the pollution of the nearby oceans is quite certain. Over the years from 1975 to 2014 there have been 76 violent and 37 non-violent attacks and armed takeovers in various parts of the world of such platforms (Chapter 1). It was pointed out by Mr Mick Palmer AO APM in his ‘Offshore Oil and Gas Resources Sector Security Inquiry’ Report in 2012 that there is considerable risk of this in Australian offshore waters and also in our ports. This book by Dr Kashubsky approaches the offshore security topic from a number of different points of view. The questions of international law, domestic laws and the rights of self-defence by owners and armed defence by governments are major issues and I tried to set out the complexity of the issues arising from the Australian laws and their practical effects in one of my books.1 The power in government hands to give orders to shoot down a passenger plane or destroy a cruise ship full of passengers and crew that appears to be about to attack a platform are quite alarming. Also alarming is, of course, the violence offered by criminals against innocent people and facilities. Australian society is still working out how to deal with such people without overly curtailing deeply ingrained personal and private rights. In Dr Kashubsky’s book the complex legal questions are explored from the point of view of the international conventions and the cases that have come before the international courts. However, this is only one aspect as the book also covers the topics from the points of view of which are most likely targets, the offshore regulatory framework and the international regulatory and industry responses to the risk from

1 Michael White, Australian Offshore Laws (Feberation Press 2009), Chapter 5 ‘Offshore Defence Laws’, 2009.

xxv

FOREWORD

violent criminals. As a result, it is a valuable source of information for oil and gas owners, operators and the vessels that service the industry. Also, Government regulators, private security firms, and many managers in the marine and petroleum industry benefit from its publication. The laws that apply to any offshore facility depend on the distance offshore from coastal states and Dr Kashubsky sets out in a clear and concise fashion the international zones under the conventions, which mainly come under the United Nations Convention for the Law of the Sea 1982 (UNCLOS). A result is that the author has set out a very useful summary of the law of the sea in relation to offshore zones and one from which any reader, legally trained or not, can gain much benefit. I congratulate and commend him on this work. Michael White Dr Michael White QC, Marine and Shipping Law Unit, TC Beirne School of Law, University of Queensland.

xxvi

PREFACE

The idea to write a book on the security of offshore oil and gas installations first came to me when I began my research on this topic in 2006, initially focusing on the Australian legal framework. At the time, there was a lot of hype about the protection of offshore installations, but I quickly realised that there was no comprehensive text that specifically addressed this topic and there were no readily available resources that answered even basic questions such as: how common are attacks on offshore installations; where do they take place; and what are the impacts of these attacks? The main reason for writing this book was to fill a specific gap in the literature and provide a useful resource for anyone interested in security issues pertaining to offshore petroleum installations. In examining various aspects of security and protection of offshore oil and gas installations, I considered it important to support the discussion with examples of the actual past offshore attacks and security incidents. In that regard, a dataset of offshore installation attacks and security incidents in the appendix forms the backbone of the book. I hope this work stimulates and generates more research and debate on this important, but somewhat neglected topic. But this book would not have been possible and it would not have been what it is without the contribution of others, whom I must acknowledge and thank. My interest in the offshore oil and gas industry grew out of my personal interest in maritime affairs, but my research activity in this field was inspired by the work and lectures of my dear colleague Dr Michael White QC of the Marine and Shipping Law Unit, University of Queensland, so I first would like to thank Dr White for his attention to and appreciation of my work, for contributing the Foreword, for which I am truly honoured, and for the opportunity to occasionally talk about issues of maritime law and offshore installations. My PhD thesis, on which this book is based, was completed at the Australian National Centre for Ocean Resources and Security, University of Wollongong, so I am grateful to my PhD supervisors Professor Martin Tsamenyi and Professor Greg Rose for their counsel, encouragement and support during those years. I also would like to thank Dr Hossein Esmaeili of Flinders University and Dr Anthony Bergin of the Australian Strategic Policy Institute for examining my thesis and providing valuable comments.

xxvii

PREFACE

I thank my colleagues at the Centre for Customs and Excise Studies, Charles Sturt University, especially Head of School, Professor David Widdowson, who is also the President of the International Network of Customs Universities (INCU), for his understanding of the challenges involved in writing a book, and also for giving me the opportunity to work closely with and learn a lot from him over the years. I also would like to acknowledge the financial support provided by the Research Office and Faculty of Arts Research Committee of Charles Sturt University in the form of a small, but helpful grant to assist me with completion of the manuscript. I am extremely honoured to have the Afterword in this book contributed by my dear colleague Dr Alan D. Bersin, and I thank him for this and for providing inspiration to me and for his appreciation and recognition of my work and his kind remarks. I think in some ways this book reflects Dr Bersin’s call to ‘work toward principles and standards, and intellectual frameworks that can handle the circumstances in which we live’.1 Importantly, I also would like to thank my dear uncle, Mr Alexander Kuvshinov who also played a part in inspiring my interest in maritime affairs and offshore oil and gas installations. I would like to express my gratitude to Professor Aydin Aliyev, Chairman of the State Customs Committee of the Republic of Azerbaijan, for his interest in my work, his assistance with the book launch, and his kind-hearted offer to arrange for this book to be translated into the Russian and Azerbaijani languages. My special appreciation goes to the editorial staff at Taylor & Francis Group for their guidance, support, patience and professionalism, and the team involved in the production of the book, particularly the copyeditor, Ms Jane Fieldsend, for patiently implementing all those numerous last-minute amendments and corrections that I requested. I also would like to take this opportunity to thank four anonymous referees who reviewed my book proposal and sample chapters and provided very valuable suggestions, most of which I have addressed, as well as all my colleagues who took their time to read and comment on extracts from the draft manuscript. I thank the editors of the Journal of Energy Security, Perspectives on Terrorism, the Australian Journal of Maritime and Ocean Affairs and the Australian and New Zealand Maritime Law Journal as well as Dr Anthony Morrison for giving permissions to reproduce parts of my individual and co-authored articles published in those journals. I also thank the International Association of Oil & Gas Producers (www.iogp.org), Maersk Drilling, MODEC Inc., Elsevier, SAI Global Ltd, and the United States Naval War College for allowing me to use their illustrations, and Jennifer Giroux for providing access to the Energy Infrastructure Attack Database (EIAD). I am greatly indebted to my family and my true friends for their encouragement and support throughout these years, for their understanding trust, loyalty and patience, but more importantly, for believing in me. I dedicate this book to them. Mikhail Kashubsky Canberra, Australia December 2015

1 Alan Bersin, Keynote Address at the Inaugural INCU Global Conference ‘Trade Facilitation PostBali: Putting Policy into Practice’, 23 May 2014; Baku, Republic of Azerbaijan.

xxviii

ACRONYMS AND ABBREVIATIONS

9/11 ABOT ABS AFP AGD AIS ALARP ALF AOT API Aramco ARM AQI AQIM ASG ASPI BCN boe bpd BPUFF CCISS CCTV CEN CEO CIA CIP CLCS CMI CNPC CNOOC COSO CRS

11 September 2001 Al Basrah Oil Terminal American Bureau of Shipping Agence France Presse Attorney-General’s Department (Australia) Automatic Identification System as low as reasonably possible Animal Liberation Front Antan Oil Terminal American Petroleum Institute Arabian-American Oil Company Animal Rights Militia Al-Qaeda in Iraq Al-Qaeda in the Islamic Maghreb Abu Sayyaf Group Australian Strategic Policy Institute biological, chemical and nuclear barrels of oil equivalent barrels per day Basic Principles on the Use of Force and Firearms by Law Enforcement Officials Canadian Centre of Intelligence and Security Studies closed circuit television European Committee for Standardization chief executive officer Central Intelligence Agency (US) critical infrastructure protection Commission for the Limits of the Continental Shelf Comité Maritime International China National Petroleum Corporation China National Offshore Oil Corporation Committee of Sponsoring Organizations of the Treadway Commission Congressional Research Service (US) xxix

ACRONYMS AND ABBREVIATIONS

CSA CSCAP CSO CSS Cth DCS DFAT DHS DOALOS DNV DOC DOS DPMC DWPA EEZ EFQM EIAD ELF EMA ENISA EU FARC FBI FDPSO FFI FLEC FLNG FPS FPSO FPU FSO FSRU FSU GAO GBS GNAD GPS GPSR GSPC GTD HPTCC IACS IADC IAPA ICJ

Canadian Standards Association Council for Security Cooperation in the Asia-Pacific company security officer Centre for Security Studies Commonwealth (Australia) Distributed Control System Department of Foreign Affairs and Trade (Australia) Department of Homeland Security (US) Division for Ocean Affairs and the Law of the Sea (UN) Det Norske Veritas Department of Commerce (US) Department of State (US) Department of Prime Minister and Cabinet (Australia) Deepwater Port Act 1974 exclusive economic zone European Foundation for Quality Management Energy Infrastructure Attack Database Earth Liberation Front Energy Maritime Associates European Union Agency for Network and Information Security European Union Revolutionary Armed Forces of Colombia Federal Bureau of Investigation (US) floating drilling production storage and offloading unit Norwegian Defence Research Establishment Front for the Liberation of the Enclave of Cabinda floating liquefied natural gas unit floating production system floating production storage and offloading unit floating production unit floating storage and offloading unit floating storage and regasification unit floating storage unit Government Accountability Office (US) gravity-based structure Global Nonviolent Action Database Global Positioning System General Provisions on Ships’ Routeing Salafist Group for Preaching and Combat Global Terrorism Database High-level Panel on Threats, Challenges and Change (UN) International Association of Classification Societies International Association of Drilling Contractors Industrial Accident Prevention Association International Court of Justice xxx

ACRONYMS AND ABBREVIATIONS

ICPVTR ICG ICMM ICS ICT IDE IDS IEA IEC IED IEEE IICT IIIP IISS ILC ILM ILO IMB IMCA IMO IMSO INCU IOC IOGP IOOC IOPCF IPIECA IPS ISA ISIL ISIS ISO ISPS Code ITLOS ITU JI JINSA JIWG JTC JTWJ JWMG KAAOT km

International Centre for Political Violence and Terrorism Research International Crisis Group International Council on Mining & Metals industrial control system information and communication technology International Data Exchange intruder detection system International Energy Agency International Electrotechnical Commission improvised explosive device Institute of Electrical and Electronics Engineers International Institute for Counter-Terrorism Institute for Information Infrastructure Protection International Institute for Strategic Studies International Law Commission International Legal Materials International Labour Organization International Maritime Bureau International Marine Contractors Association International Maritime Organization International Mobile Satellite Organization International Network of Customs Universities international oil company International Association of Oil & Gas Producers Iranian Offshore Oil Company International Oil Pollution Compensation Funds International Petroleum Industry Environmental Conservation Association intrusion prevention system International Seabed Authority Islamic State of Iraq and the Levant Islamic State of Iraq and Syria International Organization for Standardization International Ship and Port Facility Security Code International Tribunal for the Law of the Sea International Telecommunication Union Jemaah Islamiyah Jewish Institute for National Security Affairs Joint International Working Group on Uniformity of Laws Concerning Acts of Piracy and Maritime Violence (CMI) Joint Technical Committee (ISO) Jamaat al-Tawhid wa-l-Jihad Jihadi Website Monitoring Group Khawr Al Amaya Oil Terminal kilometre(s) xxxi

ACRONYMS AND ABBREVIATIONS

LAN LEG LNG LOOP LOSC LPCDI LPG LRAD LRIT LTTE MARLO MEND MIGA MITP MODU MOPU MOU MSC MSIC MTOFSA NATO NAV NCC NCTC NDLF NDPVF NDV NGA NGO NIOC NIST NOAA NOC NOGA NORSOK NPC NPRA OECD OFSO OGX OIAD OIM OISO OITS OMS ONI

local area network Legal Committee (IMO) liquefied natural gas Louisiana Offshore Oil Port United Nations Convention on the Law of the Sea Leadership, Peace and Cultural Development Initiative liquefied petroleum gas long range acoustic device Long-Range Identification and Tracking Liberation Tigers of Tamil Eelam Maritime Liaison Office (US) Movement for the Emancipation of Niger Delta Multilateral Investment Guarantee Agency Memorial Institute for the Prevention of Terrorism mobile offshore drilling unit mobile offshore production unit mobile offshore unit Maritime Safety Committee (IMO) maritime security identification card Maritime Transport and Offshore Facilities Security Act 2003 North Atlantic Treaty Organization Sub-Committee on Safety of Navigation (IMO) National Counterterrorism Center (US) National Counter Terrorism Committee (Australia) Niger Delta Liberation Force Niger Delta People’s Volunteer Force Niger Delta Vigilante National Geospatial-Intelligence Agency (US) non-government organisation National Iranian Oil Company National Institute of Standards and Technology (US) National Oceanic and Atmospheric Administration (US) national oil company Norwegian Oil and Gas Association Norwegian Offshore Petroleum Industry Standards National Petroleum Council (US) National Petrochemical & Refiners Association (US) Organisation for Economic Co-operation and Development offshore facility security officer Petróleo e Gás Participações Offshore Installations Attack Dataset offshore installation manager offshore installation security officer Office of the Inspector of Transport Security (Australia) operating management system Office of Naval Intelligence (US) xxxii

ACRONYMS AND ABBREVIATIONS

OPEC OSCE OTS PDCA PEDCO Pemex Petrobras PFI PFLP PFSP PLA PLF POT RAT RFID RHIB RPG RTU SBM SCADA Shell SID SMS SOLAS SOP SPM SRA SRR SRV SSCS SSO START STW TLP TWIC UAE UAV UK UN UNCLOS UNCTAD UNDP UNGA UNGAOR

Organization of Petroleum Exporting Countries Organization for Security and Co-operation in Europe Office of Transport Security (Australia) Plan-Do-Check-Act PetroIran Development Company Petróleos Mexicanos Petróleo Brasileiro Petroleum Federation of India Popular Front for the Liberation of Palestine port facility security plan People’s Liberation Army (China) Palestine Liberation Front Pennington Oil Terminal remote access tool radio frequency identification rigid-hull inflatable boat rocket-propelled grenade remote terminal unit single-buoy mooring Supervisory Control and Data Acquisition Royal Dutch Shell seafarers’ identity document security management system International Convention for the Safety of Life at Sea standing operating procedure single-point mooring security risk assessment security risk register shuttle and regasification vessel Sea Shepherd Conservation Society ship security officer National Consortium for the Study of Terrorism and Responses to Terrorism (US) Sub-Committee on Standards of Training and Watchkeeping (IMO) tension-leg platform Transportation Worker Identification Credential United Arab Emirates unmanned aerial vehicle United Kingdom United Nations United Nations Conference on the Law of the Sea United Nations Conference on Trade and Development United Nations Development Programme United Nations General Assembly United Nations General Assembly Official Records xxxiii

ACRONYMS AND ABBREVIATIONS

UNGC UNGP UNODC UNSC UNTC UNTOC UNTS US USCG USSR VLAN VPN VPSHR WAN WEF WGOMC WMD ZOOT

United Nations Global Compact for Security and Human Rights United Nations Guiding Principles on Business and Human Rights United Nations Office on Drugs and Crime United Nations Security Council United Nations Treaty Collection United Nations Convention against Transnational Organized Crime United Nations Treaty Series United States United States Coast Guard Union of Soviet Socialist Republics virtual local area network virtual private network Voluntary Principles on Security and Human Rights wide area network World Economic Forum Working Group on Offshore Mobile Craft (CMI) weapon(s) of mass destruction Zafiro Offshore Oil Terminal

xxxiv

CHAPTER 1

OFFSHORE PETROLEUM SECURITY CONTEXT 1 Introduction Oil and natural gas today account for over 60 per cent of the world’s energy supply. One-third of it comes from the offshore sector. This makes the offshore oil and gas industry a significant component in the functioning of the global economy. To extract oil and natural gas from the seabed the offshore industry uses a range of offshore installations of various shapes and sizes, designed to perform certain functions related to exploration and exploitation of offshore oil and gas resources. The global nature of the oil and gas industry means that offshore installations operate in diverse legal, cultural and political environments. Due to their economic importance and due to being part of the energy sector, offshore oil and gas installations are regarded as elements of ‘critical infrastructure’ in a number of countries.1 At the same time, offshore oil and gas installations are considered to be intrinsically vulnerable to deliberate attacks, and, if attacked, the impacts may be significant. This potentially makes offshore installations attractive targets for attacks. Violence at sea is a very common occurrence today including in areas where major offshore oil and gas activities take place and offshore installations have been subjected to deliberate attacks and unlawful interferences on a number of occasions by different types of adversaries.2 With the increasing number of offshore petroleum developments around the world, the offshore petroleum industry and its importance and contribution to the global economy have become more widely appreciated.3 Petroleum producing states, and their energy-hungry consumers that are highly dependent on stable oil and gas supplies, have become more concerned about the protection of offshore installations from deliberate attacks and potential impacts such attacks can have on oil and gas supplies, oil and gas prices, petroleum revenue and the environment. Concern about the threat of terrorism and cyber threats to offshore oil and gas installations is a major issue for energy companies and governments worldwide.

1 There are many different definitions of the term ‘critical infrastructure’. In this book, ‘critical infrastructure’ refers to ‘those physical facilities, supply chains, information technologies and communication networks which, if destroyed, degraded or rendered unavailable for an extended period, would significantly impact on the social or economic wellbeing of the nation’: Australian Government, Attorney-General’s Department (AGD), Critical Infrastructure Resilience Strategy (2010) 8. 2 The terms ‘adversary’, ‘perpetrator’ and ‘attacker’ are used interchangeably in this book. 3 See Rupert Herbert-Burns, ‘Tankers, Specialized Production Vessels, and Offshore Terminals: Vulnerability and Security in the International Maritime Oil Sector’ in Rupert Herbert-Burns, Sam Bateman and Peter Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2009) 133, 150.

1

OFFSHORE PETROLEUM SECURITY CONTEXT

The protection of offshore oil and gas installations from attacks and interferences is a challenging task. In recent years, the international community took steps to improve the international regulatory framework for maritime security, which by extension includes the security of offshore oil and gas installations. Governments and the offshore industry have also taken steps to enhance the security of offshore installations on the national level. However, these international regulatory aspects as well as responses of the industry and governments require further examination, as does the global and local security risk environment in which offshore installations operate. This book examines the protection and security aspects of offshore oil and gas installations from a global perspective and addresses the following key questions: • • • • • • • • • •

How common are attacks on offshore oil and gas installations? Where are offshore oil and gas installations attacked? What types of offshore installations are attacked and need to be protected? Who attacks offshore oil and gas installations? Why are offshore oil and gas installations attacked? How are offshore oil and gas installations attacked? What is the legal status of offshore oil and gas installations? How is offshore installations security regulated at the international level? How has the oil and gas industry responded to enhance offshore installations security? How can the existing offshore petroleum security arrangements be improved?

In doing so, it provides an overview of the global security environment in which offshore installations operate and attacks that have been carried out against offshore oil and gas installations worldwide (Chapter 1); an overview of the global offshore oil and gas industry and the types of offshore installations used in the offshore industry, and outlines some of the organisational and operational arrangements (Chapter 2); assesses security threats to offshore installations and evaluates the level of risk they pose (Chapter 3); analyses target selection considerations with a focus on attractiveness factors of offshore installations and considers scenarios of offshore attacks (Chapter 4); analyses the legal status of offshore installations in international law (Chapter 5); examines the international legal framework for the protection and security of offshore installations (Chapters 6 and 7); discusses the international petroleum industry responses relating to the protection and security of offshore installations (Chapter 8); summarises key issues, highlights areas of concern and makes recommendations for improvement in the security framework for offshore installations and identifies areas for further research (Chapter 9). It also contains a dataset of attacks on and unlawful interferences with offshore installations (see Appendix). This chapter (Chapter 1) also introduces key terms and concepts that are used throughout this book, provides an overview of the global concerns about the security of offshore installations, and sets the context for the analysis in the subsequent chapters. 2

OFFSHORE PETROLEUM SECURITY CONTEXT

2 Key terms and concepts Central to the topic of ‘offshore oil and gas installations security’ are four key terms: petroleum, offshore installations, security and offshore petroleum security. It is worth clarifying of these terms and concepts from the outset. 2.1 Petroleum The word petroleum comes from the Greek words petro (meaning ‘rock’) and oleum (meaning ‘oil’). ‘In its strictest sense, petroleum includes only crude oil. By usage, however, petroleum includes both crude oil and natural gas.’4 Crude oil and natural gas are basically two different forms of petroleum.5 Crude oil and natural gas are both composed mostly of hydrogen and carbon and are referred to as ‘hydrocarbons’.6 For example, in Australian legislation, the definition of ‘petroleum’ includes any naturally occurring hydrocarbon, whether in a gaseous, liquid or solid state or any naturally occurring mixture of hydrocarbons.7 Crude oil and natural gas are believed to be the remains of plants and animals that lived millions of years ago.8 Crude oil is a complex mixture consisting of many different organic compounds, mostly alkanes, and smaller fractions of aromatics such as benzene.9 Natural gas commonly exists in mixtures with other hydrocarbons, principally ethane, propane, butane, pentanes, while raw natural gas also contains water vapour, hydrogen sulphide, carbon dioxide, helium, nitrogen and other compounds.10 Condensate is a mixture of hydrocarbons recovered from the natural gas stream that are liquid under normal temperature and pressure.11 In the literature, the term ‘petroleum’ is often used interchangeably with the term ‘oil and gas’. In this book, the term petroleum is synonymous with ‘oil and gas’, and it is used as a collective term to refer to gaseous and liquid hydrocarbons including crude oil, natural gas, condensates and natural gas liquids, liquefied petroleum gas (LPG), and liquefied natural gas (LNG), but excluding refined petroleum products. 2.2 Offshore installations The terminology used in the literature to refer to offshore petroleum installations varies. Offshore oil and gas installations are often referred to as ‘offshore platforms’,

4 Norman Hyne, Nontechnical Guide to Petroleum Geology, Exploration, Drilling & Production (3rd edn, PennWell 2012) 1. 5 See Mike May, Investing in Oil and Gas: A Book for Investors in Oil and Gas Well Drilling Ventures (5th edn, Create Space 2013) 54–56. 6 Hyne (n 4) 2. 7 Offshore Petroleum and Greenhouse Gas Storage Act 2006 (Cth) s 7. 8 Dennis Jennings et al., Petroleum Accounting: Principles, Procedures & Issues (5th edn, Professional Development Institute 2000) 1. 9 Havard Devold, Oil and Gas Production Handbook: An Introduction to Oil and Gas Production, Transport, Refining and Petrochemical Industry (ABB Oil & Gas 2013) 21. 10 Ibid. 23. 11 Australian Government, Department of Resources, Energy and Tourism, Energy in Australia 2012 (February 2012) xii.

3

OFFSHORE PETROLEUM SECURITY CONTEXT

‘offshore facilities’, ‘offshore structures’, ‘offshore units’ and ‘offshore rigs’. In this book, the preferred term is ‘offshore installation’, which is a generic term that refers to any type of offshore installation permanently or temporarily attached to the subsoil offshore, erected for the purpose of exploration and exploitation of offshore oil and gas resources. It includes fixed or mobile offshore installations utilised in the offshore oil and gas industry for the purposes of drilling for, production, storage, and loading/ offloading of oil and gas, but excludes pipelines, subsea equipment and mooring systems.12 The terms ‘offshore installation’, ‘offshore oil and gas installation’, ‘offshore petroleum installation’ and ‘installation’ are used interchangeably. 2.3 Security The term ‘security’ can be understood in different ways.13 In simple terms, security means ‘the protection of people, property, and information’.14 From a broader perspective; however, it ‘may be seen as an emotive term, extending to a sense of safety and hence freedom from fear’.15 Security should not be confused with ‘safety’ as these are two distinct concepts. Safety refers to preventing and minimising accidents, whereas security usually refers to protection against deliberate acts.16 Security and safety ‘risk domains may entail quite different scenarios with different triggers, events and dynamics’, and there could be ‘both synergies and conflicts between security and safety risk preferences’.17 Safety and security incidents will, in most cases, require different response measures. Pietre-Cambacedes and Chaudet contend that security and safety can be differentiated based on two factors: the object of the risk and the intentionality.18 The former is the ‘system vs environment’ distinction, which means that ‘[s]ecurity is concerned with the risks originating from the environment and potentially impacting the system, whereas safety deals with the risks arising from the system and potentially impacting the environment’.19 The latter is the ‘malicious vs accidental’ distinction, which means that security normally addresses malicious risks while safety addresses accidental risks.20

12 API, Security for Offshore Oil and Natural Gas Operations (1st edn, March 2003) 1. 13 Natalie Klein, Maritime Security and the Law of the Sea (Oxford University Press 2011) 2. 14 Australian Government, Department of Resources and Energy, Security Handbook (Union Offset 1985). 15 See, e.g. Klein (n 13) 4–7, citing D A Baldwin, ‘The Concept of Security’ (1997) 23 Review of International Studies 5; Emma Rothschild, ‘What is Security?’ (1995) 124(3) Daedalus 53. 16 Proshanto Mukherjee and Maximo Mejia Jr, ‘The ISPS Code: Legal and Ergonomic Considerations’ in Maximo Mejia Jr (ed.), Contemporary Issues in Maritime Security (World Maritime University (WMU) 2004) 33, 34, cited in Klein (n 13) 8. 17 Morten Maerli et al., ‘Energy Supply Chain Threat Assessment and Generic Security Guidance’ (COUNTERACT Consortium, April 2009) 18–19. 18 Ludovic Pietre-Cambacedes and Claude Chaudet, ‘The SEMA Referential Framework: Avoiding Ambiguities in the Terms “Security” and “Safety”’ (2010) 3(2) International Journal of Critical Infrastructure Protection 55, 59. 19 Ibid. 20 Ibid.

4

OFFSHORE PETROLEUM SECURITY CONTEXT

The International Organization for Standardization (ISO) refers to ‘security’ as ‘resistance to intentional, unauthorized acts designed to cause harm or damage’.21 The existence of malicious intent behind an act is considered to be the key distinction between safety and security. Likewise, in this book ‘security’ refers to the protection of offshore oil and gas installations from deliberate man-made acts that may cause interferences or harm, but it does not include accidents or acts of nature. 2.4 Offshore petroleum security The term ‘offshore petroleum security’ does not have a precise definition and it is not normally used in the literature and therefore it should be used with care. The concept of ‘offshore petroleum security’ is naturally linked to ‘energy security’ and ‘maritime security’, and it can be better understood by examining how these three concepts are related. To do this, it is first necessary to define the terms ‘energy security’ and ‘maritime security’.22 There is no universal definition of the term ‘energy security’. As Luft and Korin have noted, ‘energy security means different things to different countries based on their geographical location, their geological endowment, their international relations, their political system and their economic disposition’.23 The International Energy Agency (IEA) defines ‘energy security’ as ‘the uninterrupted availability of energy sources at an affordable price’.24 The United Nations Development Programme (UNDP) has defined ‘energy security’ as ‘the availability of energy at all times in various forms, in sufficient quantities and at reasonable and/or affordable prices’,25 which is similar to the IEA’s definition. Schmid has argued that energy security ‘refers to a complex set of inter-related political and market-related issues that impact on the day-to-day global economic and political operating environments’,26 which by implication covers security of all infrastructure ‘between the point the energy is extracted and the consumer’,27 which includes pipelines, refineries, ships and offshore installations. Similarly, Barton et al. have observed, that ‘[a]n added dimension of energy security today is to prevent intentional sabotage of gas pipelines, nuclear power plants, hydroelectric dams, and other components of the interconnected and vulnerable energy infrastructure’.28

21 ISO 20858:2007, Ships and Marine Technology – Maritime Port Facility Security Assessments and Security Plan Development 2 (emphasis added). 22 Compared to the difficulties with defining ‘terrorism’, these concepts are less controversial. 23 Gal Luft and Anne Korin, ‘Energy Security: In the Eyes of the Beholder’ in Gal Luft and Anne Korin (eds), Energy Security Challenges for the 21st Century: A Reference Handbook (ABC-CLIO 2009) 1, 5. 24 IEA, Energy Supply Security: Emergency Reponses of IEA Countries 2014 (2014) 13. 25 Alexander Barnes et al., ‘Energy Security’ in UNDP, World Energy Assessment: Energy and the Challenge of Sustainability (2000) 111, 112. 26 Alex Schmid, ‘Terrorism and Energy Security: Targeting Oil and Other Energy Sources and Infrastructures’ in James Ellis (ed.), Terrorism: What’s Coming – The Mutating Threat (MIPT 2007) 28, 30. 27 Ibid. 28–29. 28 Barry Barton et al., ‘Introduction’ in Barry Barton et al. (eds), Energy Security: Managing Risk in a Dynamic Legal and Regulatory Environment (Oxford University Press 2004) 3, 5.

5

OFFSHORE PETROLEUM SECURITY CONTEXT

The term ‘maritime security’ does not have a commonly accepted definition either,29 and can have different meanings depending on who is using it or in what context it is being used.30 For example, from a military perspective, maritime security has traditionally been focused on defence and protection of the territorial integrity of a state.31 Rahman in his analysis of the concepts of maritime security has suggested five perspectives through which ‘maritime security’ may be viewed in a non-traditional (i.e. non-strategic) sense, namely: security of the sea itself, ocean governance, maritime border protection, military activities at sea, and security regulation of the maritime transportation system.32 As noted by Klein, ‘maritime security’ is a broad concept, which ‘is rarely defined in a categorical way, and instead tends to have a context-specific meaning’.33 Hawkes has defined maritime security, from what appears to be the maritime industry perspective, as ‘those measures employed by owners, operators, and administrators of vessels, port facilities, offshore installations, and other marine organizations or establishments to protect against seizure, sabotage, piracy, pilferage, annoyance or surprise’.34 Klein et al. refer to maritime security as ‘the protection of a state’s land and maritime territory, infrastructure, economy, environment and society from certain harmful acts occurring at sea’.35 Banlaoi has suggested even a broader meaning, arguing that the term maritime security encompasses such a broad concept that a panoply of notions like maritime safety, port security, freedom of navigation, . . . security from piracy attacks, and security from maritime terrorism can be included as part of the concept of maritime security.36

In this book, the concept of ‘maritime security’ is used not as a traditional military and defence notion, but as a much broader concept that includes economic, political, social and ecological dimensions. Bergin and Bateman argue that energy security is closely related to and has significant implications for maritime security, particularly in countries that are

29 For a detailed discussion on the concept of ‘maritime security’ see Chris Rahman, ‘Concepts of Maritime Security: A Strategic Perspective on Alternative Visions for Good Order and Security at Sea, with Policy Implications for New Zealand’ (Discussion Paper 07/09, Centre for Strategic Studies, July 2009); Christian Bueger, ‘What is Maritime Security?’ (2015) 53 Maritime Policy 159; Klein (n 13) 8–11; Basil Germond, ‘The Geopolitical Dimension of Maritime Security’ (2015) 54 Maritime Policy 137. 30 Klein (n 13) 8. 31 See Natalie Klein, Joanna Mossop and Donald Rothwell, ‘Australia, New Zealand and Maritime Security’ in Natalie Klein, Joanna Mossop and Donald Rothwell (eds), Maritime Security: International Law and Policy Perspectives from Australia and New Zealand (Routledge 2010) 1, 5. 32 Rahman (n 29) 31–42 (acknowledging that these five perspectives ‘are arbitrary and non-exclusive: they are interrelated and overlap and, to a certain degree, represent different aspects of the same problem – effective management of the oceans and good order upon them’): at 31. 33 Klein (n 13) 11. 34 Maximo Mejia Jr, ‘Maritime Gerrymandering: Dilemmas in Defining Piracy, Terrorism and Other Acts of Maritime Violence’ (2003) 2 Journal of International Commercial Law 153, 155, citing Kenneth Hawkes, Maritime Security (Cornell Maritime Press 1989), quoted in Klein (n 13) 8. 35 Klein, Mossop and Rothwell (n 31) 8. 36 Rommel Banlaoi, ‘Maritime Security Outlook for Southeast Asia’ in Joshua Ho and Catherine Raymond (eds), The Best of Times, the Worst of Times (World Scientific Publishing 2005) 59, 59.

6

OFFSHORE PETROLEUM SECURITY CONTEXT

heavily reliant on domestic offshore petroleum production.37 Equally, maritime security can have significant implications for energy security. Nincic has argued that [s]ince one-quarter to one-third of the world’s oil and gas reserves are believed to lie offshore, and approximately two-thirds of the world’s oil trade is transported by sea, the issue of energy security is to a large extent one of maritime security.38

Similarly, Forbes has noted that maintaining energy security involves security of offshore energy infrastructure and protection of seaborne and other global energy flows.39 The commentary of different writers suggests that energy security and maritime security are closely interrelated concepts. The security of offshore installations can be considered as being part of both maritime security and energy security. From the ‘maritime security’ perspective, it could mean the protection of offshore installations from threats and attacks, while from the ‘energy security’ perspective, it could be seen as potential interruptions of oil and gas supplies resulting from an offshore security incident or attack. Maritime security and energy security are broader concepts than offshore petroleum security, but all of these concepts overlap to some extent. Offshore oil and gas production takes place at sea and much of oil and gas is transported by sea. The maritime domain is the ‘common denominator’ that links energy security, maritime security and offshore petroleum security. Offshore oil and gas resources and their safe and secure exploitation is likely to be considered an important matter of national energy security of a number of coastal states.40 Put simply, in this book, the term ‘offshore petroleum security’ refers to the protection of offshore oil and gas installations from any deliberate unlawful acts. 3 Strategic importance of petroleum Petroleum is one of the most important energy resources of the earth. It is central to security, prosperity, and the very nature of civilisation.41 It ‘drives the economic engine of modern society’,42 and will continue to do so in the foreseeable future.

37 Anthony Bergin and Sam Bateman, ‘Future Unknown: The Terrorist Threat to Australian Maritime Security’ (Strategy Report, ASPI, April 2005) 32; Sam Bateman and Anthony Bergin, ‘Sea Change: Advancing Australia’s Ocean Interests’ (Strategy Report, ASPI, March 2009) 36. 38 Donna Nincic, ‘Troubled Waters: Energy Security and Maritime Security’ in Gal Luft and Anne Korin (eds), Energy Security Challenges for the 21st Century: A Reference Handbook (ABC-CLIO 2009) 31, 31. 39 Andrew Forbes, ‘Australian Energy Security: The Benefits of Self Sufficiency’ (2008) 23 Papers in Australian Maritime Affairs 11, 16 (commenting with a specific reference to Australia). 40 See Rahman (n 29) 9. 41 Daniel Yergin, The Prize: The Epic Quest for Oil, Money and Power (first published 1991, 2008 edn, Free Press 2008) xiv. 42 Peter Avis, ‘Oil Platform Security: Is Canada Doing All It Should?’ (Critical Energy Infrastructure Protection Policy Research Series No. 3-2006, Canadian Centre of Intelligence and Security Studies (CCISS), March 2006) 3.

7

OFFSHORE PETROLEUM SECURITY CONTEXT

The petroleum production process involves extracting the product from subsoil reserves and transforming it to stabilised marketable products in the form of crude oil, condensate or natural gas.43 The oil industry has its beginnings in the mid-nineteenth century.44 In those days, crude oil products had a number of applications, for example, as the coating of boats, waterproofing of roofs, fuelling of home lamps, and as the lubrication of weapons and tools.45 With the development of the internal combustion engine powered by gasoline, the oil industry had a new market.46 In the early twentieth century, on the eve of World War I (WWI), oil became a strategic commodity.47 WWI was the first truly mechanised war and oil played an important role in it. The oil supremacy of the Allies gave them an advantage and eventually helped to defeat Germany.48 For example, the British Navy’s decision to convert to oil for its power source (in place of coal) provided British ships with greater speed and endurance as well as more efficient use of manpower compared to the coal-powered ships of its adversaries.49 WWI demonstrated that ‘access to oil, possession of oil and the ability to use oil are critical elements in national power’.50 The significance of oil continued to influence strategic thinking after WWI and in the years leading up to World War II (WWII).51 Oil played a critical part in the course and outcome of WWII.52 The German need for oil compelled Hitler to divert some of his troops from the northern part of the Soviet front to the southern front in order to secure access to the oilfields in the Caspian Sea region, near Baku, Republic of Azerbaijan, which was the Soviet oil centre at the time.53 If successful, the seizure of the Caspian Sea region oilfields would have ensured a reliable supply of oil for the German armed forces and cut off the Soviet main oil supply.54 It is considered that Germany’s failed quest to occupy the Caspian Sea oil region in late 1942 was a significant military setback.55 Germany’s lack of access to sufficient petroleum supplies played a key turning point in WWII and ultimately contributed to its defeat.56 43 Devold (n 9) 40. 44 Gal Luft, ‘Oil’s 150th Anniversary: Whose Happy Birthday?’ (August 2009) Journal of Energy Security www.ensec.org/index.php?option=com_content&view=article&id=208:oils-150th-anniversarywhose-happy-birthday&catid=98:issuecontent0809&Itemid=349 accessed 1 December 2015. 45 Jay Schempf, Pioneering Offshore: The Early Years (PennWell 2007) 8. 46 Yergin (n 41) xvi. 47 Eckart Woertz, ‘Demography and Political Violence in the Middle East’ (2007) 6 Gulf Monitor 16, 18. 48 The Prize: The Epic Quest for Oil, Money and Power (Produced by Bernadette McDaid and Jonathan Taplin, Homevision, 1992) episode 2. 49 Michael Klare, Resource Wars: The New Landscape of Global Conflict (Owl Books 2002) 30; Yergin (n 41) xiv. 50 The Prize: The Epic Quest for Oil, Money and Power (Produced by Bernadette McDaid and Jonathan Taplin, Homevision, 1992) episode 2. 51 Klare (n 49) 31. 52 Yergin (n 41) xv. 53 Ingolf Kiesow, ‘Quest for Oil and Geostrategic Thinking’ (2005) 3(3) The China and Eurasia Forum Quarterly 11, 16. 54 Ibid. 55 Schempf (n 45) 17. 56 The Prize: The Epic Quest for Oil, Money and Power (Produced by Bernadette McDaid and Jonathan Taplin, Homevision, 1992) episode 2.

8

OFFSHORE PETROLEUM SECURITY CONTEXT

During the Cold War, the competition for control of oil between international oil companies (IOCs) and developing states was a major part of decolonisation and the emergence of nationalism.57 In the twentieth century, together oil and natural gas surpassed coal as the main power source for the industrial world.58 As commented by Yergin: Though the modern history of oil begins in the latter half of the nineteenth century, it was the twentieth century that was completely transformed by the advent of petroleum. The role of oil – and anxiety about its supply – is a primary consideration of the era of globalization and characterizes the first decade of the twenty-first century.59

Today, the world is still very much dependent on oil and gas, which are embedded into almost all aspects of modern society.60 Oil and gas represent a major component of the global energy portfolio. According to the IEA, oil and gas account for more than half of the world’s total energy supply.61 As illustrated in Figure 1.1, in 2014 oil accounted for about 32.6 per cent and natural gas accounted for about 23.7 per cent of global primary energy consumption.62

Hydro 6.8%

Renewables 2.5% Oil 32.6%

Nuclear 4.4%

Coal 30.0%

Natural Gas 23.7%

Figure 1.1 Global primary energy consumption in 2014. Source: Author, based on data from BP, BP Statistical Review of World Energy 2015 (2015) 41.

57 Yergin (n 41) xv. 58 Ibid. xvi. 59 Ibid. xiv. 60 See, e.g. Devold (n 9) 2–3; Andrew Inkpen and Michael Moffett, The Global Oil & Gas Industry: Management, Strategy & Finance (PennWell 2011). 61 IEA, Key World Energy Statistics 2015 (2015) 6. See also BP, BP Statistical Review of World Energy 2015 (2015). 62 BP (n 61) 41.

9

OFFSHORE PETROLEUM SECURITY CONTEXT

The total world oil production in 2014 was approximately 88.7 million barrels per day (bpd) and gas production was approximately 334.8 billion cubic feet (bcf) per day.63 Table 1.1 provides a summary of the world’s ten largest oil producing states and ten largest natural gas producing states respectively, based on both onshore and offshore production. In 2014, the United States (US) was the largest oil producer accounting for 13.13 per cent of total global oil production and the largest natural gas producer with 21.04 per cent share of total global natural gas production.64 The US is also among the top oil and natural gas importers (see Tables 1.2 and 1.3). Oil and gas are probably the most strategic and most valuable export commodities, worth billions of dollars a day.65 According to one estimate, approximately 10 per cent of the total value of the world’s stock markets is invested in the oil and gas industry,66 and ‘[t]he price of crude oil and natural gas are probably the two most closely watched commodity prices in the global economy’.67 When it comes to oil and gas resources, their importance extends beyond solely economic concerns. There are often also geopolitical and national security interests

Table 1.1 Top 10 oil and gas producing states in 2014 Top oil producing states

Top natural gas producing states

Country

Thousand barrels per day

Share of Country total global production (%)

Billion cubic feet per day

Share of total global production (%)

United States Saudi Arabia Russia Canada China United Arab Emirates Iran Iraq Kuwait Venezuela Rest of the world

11,644 11,505 10,838 4,292 4,246 3,712 3,614 3,285 3,123 2,719 29,694

13.13 12.97 12.22 4.84 4.79 4.19 4.08 3.70 3.52 3.07 33.49

United States Russia Qatar Iran Canada China Norway Saudi Arabia Algeria Indonesia Rest of the world

70.46 55.99 17.15 16.70 15.68 13.01 10.53 10.47 8.06 7.10 109.67

21.04 17.90 4.93 4.65 4.58 3.46 3.22 3.05 2.33 2.08 32.75

World total

88,673

100

World total

334.82

100

Source: Author: based on data from BP, BP Statistical Review of World Energy 2015 (2015) www.bp.com/ statisticalreview accessed 1 December 2015.

63 Ibid. 64 Ibid. 65 Australian Government, Office of Transport Security (OTS), Offshore Oil & Gas Risk Context Statement (April 2005) 5; Yergin (n 41) xiv. 66 See John Mitchell, Valerie Marcel and Beth Mitchell, What Next for the Oil and Gas Industry? (Chatham House 2012) 1–2. 67 Inkpen and Moffett (n 60) 3.

10

OFFSHORE PETROLEUM SECURITY CONTEXT

Table 1.2 Top 10 net oil exporters and importers in 2013 Net exporting states

Net importing states

Country

Million barrels

%

Country

Million barrels

%

Saudi Arabia Russia United Arab Emirates Iraq Nigeria Kuwait Canada Venezuela Angola Mexico Rest of the world

2,763 1,730 916 858 792 755 733 718 616 454 3,804

19.5 12.2 6.5 6.1 5.6 5.3 5.2 5.1 4.4 3.2 26.9

United States China India Japan Korea Germany Italy Spain France Netherlands Rest of the world

2,866 2,052 1,385 1,305 902 667 476 440 410 396 3,716

19.6 14.0 9.5 8.9 6.2 4.6 3.3 3.0 2.8 2.7 25.4

14,140

100

World total

14,616

100

World total

Source: Author: based on data from IEA, Key World Energy Statistics 2015 (2015) 11.

Table 1.3 Top 10 net natural gas exporters and importers in 2014 Net exporting states

Net importing states

Country

Billion cubic feet

%

Country

Russia Qatar Norway Turkmenistan Canada Algeria Indonesia Netherlands Nigeria Australia Rest of the world

6,319 4,201 3,777 2,012 1,977 1,589 1,200 1,059 883 883 5,613

21.4 14.2 12.8 6.8 6.7 5.4 4.1 3.6 3.0 3.0 19.0

Japan Germany Italy China Korea Turkey France United States United Kingdom Spain Rest of the world

4,518 2,400 1,977 1,765 1,730 1,694 1,341 1,165 1,130 988 10,096

15.7 8.3 6.9 6.1 6.0 5.9 4.6 4.0 3.9 3.4 35.0

29,511

100

World total

28,805

100

World total

Billion cubic feet

Source: Author. Based on data from IEA, Key World Energy Statistics 2015 (2015) 13.

11

%

OFFSHORE PETROLEUM SECURITY CONTEXT 68

at stake. All states are consumers of oil and gas and other products derived from the petroleum industry, but only a small number of states are major oil and gas producers.69 In addition, a number of large developed economies have become net importers of oil and gas over the last few decades, which has given ‘rise to challenging geopolitical issues involving a diverse set of petroleum consumers and producers’.70 With oil prices of more than $100 a barrel,71 ‘entire economies suffer when increasing proportions of national budgets must be used to purchase oil’.72 However, the price of oil had not stayed above $100 a barrel for very long (see Figure 1.2). It is important to note that the petroleum industry is a source of funding not only for petroleum-exporting states, but also for non-state actors, including terrorists, insurgents and organised criminal groups who exploit the industry for their financial needs by way of extortion, oil theft or by controlling petroleum installations and oil wells. For example, Mexican drug cartels are known to have been involved in illegal smuggling and theft of oil, as are insurgents and organised criminal groups in Nigeria.73 Oil is reportedly one of the key sources of funding for Daesh,74 which controls an oil and gas network in parts of Syria and Iraq and derives substantial revenues from it. 75 Looking ahead, oil and gas will continue to be key primary energy sources and the industry has the capacity to continue increasing the supply of oil and gas to meet the global demand.76 Oil is expected to remain the largest global energy source in 2030 and natural gas is expected to be the fastest-growing major fuel source through 2030.77 Petroleum remains a strategic commodity today as it was 100 years ago and is likely to continue to be so for the foreseeable future. Ever since our civilisation switched to oil as the major source of fuel, human society and ‘technology has developed in such a way that has generally led to a greater use of hydrocarbons for

68 See, e.g. Annika Nilsson and Nadezhda Filimonova, ‘Russian Interests in Oil and Gas Resources in the Barents Sea’ (Working Paper No. 2013-05, Stockholm Environmental Institute, August 2013). 69 Inkpen and Moffett (n 60) 6. 70 Ibid. 71 DNV, ‘A Balancing Act: The Outlook for the Oil and Gas Industry in 2015’ (January 2015) 6. 72 Antonia Juhasz, The Tyranny of Oil: The World’s Most Powerful Industry – And What We Must Do to Stop It (HarperCollins 2008) 1. 73 See, e.g. Cameron Langford, ‘A Dozen US Oil Giants Accused of Ripping Off Mexico’ (Courthouse News Service, 13 April 2012) www.courthousenews.com/2012/04/13/45591.htm accessed 1 December 2015; Francois Vrey, ‘Maritime Aspects of Illegal Oil-bunkering in the Niger Delta’ (2012) 4(4) Australian Journal of Maritime and Ocean Affairs 109. 74 Daesh, formerly known as the Islamic State of Iraq and the Levant (ISIL) and the Islamic State of Iraq and Syria (ISIS), is an Islamist insurgency group based in Iraq and Syria: US Government, National Counterterrorism Center (NCC), Counterterrorism 2014 Calendar (2014) 32. 75 See, e.g. John Daly, ‘The Islamic State’s Oil Network’ (2014) 12(19) Terrorism Monitor 7; Kenneth Watkin, ‘Targeting “Islamic State” Oil Facilities’ (2014) 90 International Law Studies 499; Maksut Kosker, ‘Oil Fuels the Kurdistan–ISIS Conflict’ (2014) 12(14) Terrorism Monitor 6, 7 (asserting that ‘in this political and economic context, whoever controls the oil cities . . . will have a strong position and become more legitimate in the international community’). 76 Stephen Holditch and Russell Chianelli, ‘Factors That Will Influence Oil and Gas Supply and Demand in the 21st Century’ (April 2008) 33 MRS Bulletin 317, 317; ExxonMobil, Outlook for Energy: A View to 2030 (2010); IEA, World Energy Outlook 2013 Factsheet (2013). 77 ExxonMobil, 2010 The Outlook for Energy: A View to 2030 (2011) 40.

12

OFFSHORE PETROLEUM SECURITY CONTEXT

130.00 120.00 110.00 100.00 90.00 80.00 70.00 60.00 50.00 40.00 30.00 20.00 10.00

19

74 19 76 19 78 19 80 19 82 19 84 19 86 19 88 19 90 19 92 19 94 19 96 19 98 20 00 20 02 20 04 20 06 20 08 20 10 20 12 20 14

0.00

US$ money of the day

US$ 2014 equivalent

Figure 1.2 Crude oil prices 1974–2014. Source: Based on data from BP, BP Statistical Review of World Energy 2015 (2015) www.bp.com/statistical review accessed 1 December 2015.

most human activities, potentially making the global economy vulnerable to decreases in oil supply’.78 Given that energy security is usually an important element of national security, states and oil companies are competing for access to offshore oil and gas resources more intensively than ever before. The offshore industry utilises a variety of offshore oil and gas installations, some of which house as many as 100 offshore workers at any given time. The types of offshore petroleum installations and their main characteristics are examined in Chapter 2. From an oil company’s or a coastal state’s perspective these offshore installations are considered ‘assets’, while from an adversary’s perspective they are potential ‘targets’. 4 Violence associated with the petroleum industry During its 150-year history, oil has been a source of both prosperity and volatility,79 and public attitudes towards petroleum activities have always been

78 Charles Hall et al., ‘Hydrocarbon and the Evolution of Human Culture’ (2003) 426 Nature 318. 79 Luft (n 44).

13

OFFSHORE PETROLEUM SECURITY CONTEXT 80

diverse. The oil industry has been the subject of many local protests, environmental controversies, political manipulations and violent acts.81 Adams has stated: I have spent decades working in the oil industry, with companies that would fly me in with a jet and spend two million dollars to resolve a crisis situation. I’ve had many opportunities to get to know the issues of independence, oil manipulation, and the differences in perspectives between the Western world and the rest of the globe. I knew the time would come when our oil dependence would be considered a critical target for attack.82

Along with the rapid evolution of the petroleum industry in the last century, IOCs were also acquiring a negative image, especially those operating in developing countries.83 IOCs have always had a colonialist and imperialist image, and were often perceived as having no respect for a state’s sovereignty, accumulating financial capital by looting the wealth of the host states, serving political and strategic objectives of foreign governments, promoting corruption, and disregarding the interests of the host states and the long-term well-being of their people.84 Oil companies that operate in economically and politically unstable countries often find that local community members believe that they are suffering from the consequences of petroleum activities in their territories without receiving any benefits.85 This creates tension between oil companies and local communities, which can eventually materialise in attacks on petroleum installations. Unrest and violence in Nigeria associated with the oil and gas industry is a good example of this type of situation, where the angry members of local community groups attack petroleum installations to convey their grievances as well as for criminal profiteering.86 The fact that local governments receive large proportions of their revenues from oil and gas activities further exacerbates the situation and renders oil companies and oil installations tempting targets.87

80 For a detailed discussion on attitudes towards the offshore petroleum industry see Robert Gramling and William Freudenburg, ‘Attitudes Toward Offshore Oil Development: A Summary of Current Evidence’ (2006) 49(7) Ocean & Coastal Management 442, 442. 81 See, e.g. Brynjar Lia and Ashild Kjok, ‘Energy Supply as Terrorist Targets? Patterns of “Petroleum Terrorism” 1968–99’ in Daniel Heradstveit and Helge Hveem (eds), Oil in the Gulf: Obstacles to Democracy and Development (Ashgate 2004) 100. 82 Neal Adams, Terrorism & Oil (PennWell 2003) 147. 83 Mustafa Alani, ‘Risks and Threats Facing Oil Company Operations in Developing Countries: An Overview’ (2007) 6 Security & Terrorism Research Bulletin 34, 34. 84 Ibid. For example, in the early years of Nigeria’s oil industry, some 60 years ago, a number of people living in Nigeria’s oil-producing regions felt that their government was dispossessing them of their lands in favour of IOCs’ interests: Michael Watts (ed.), Curse of the Black Gold: 50 Years of Oil in Niger Delta (Powerhouse Books 2008). 85 See generally Peter Maass, Crude World: The Violent Twilight of Oil (Vintage Books 2010). 86 See, e.g. Jennifer Giroux, ‘Turmoil in the Delta: Trends and Implications’ (2008) 2(8) Perspectives on Terrorism 11; Arild Nodland, ‘Guns, Oil, and “Cake”: Maritime Security in the Gulf of Guinea’ in Bruce Elleman, Andrew Forbes and David Rosenbert (eds), Piracy and Maritime Crime (Naval War College Press 2010) 191; Watts (n 84); International Crisis Group (ICG), ‘The Swamps of Insurgency: Nigeria’s Delta Unrest’ (Africa Report No. 115, ICG, 3 August 2006); Mark McNamee, ‘No End in Sight: Violence in the Niger Delta and Gulf of Guinea’(2013) 11(5) Terrorism Monitor 8; United Nations Office on Drugs and Crime (UNODC), Transnational Organized Crime in West Africa: A Threat Assessment (2013) 45–52. 87 Michael Economides, ‘Foreword’ in Adams (n 82) xvi.

14

OFFSHORE PETROLEUM SECURITY CONTEXT

4.1 Petroleum-related targets and attacks In many petroleum producing states, socially or politically disgruntled groups and other ‘violent non-state actors’88 have targeted petroleum installations. In some countries, petroleum installations have been victims of attacks for many years due to civil wars and violent ethnic conflicts.89 Generally, oil companies that operate in armed conflict zones, whether it is a full out war or what is known as ‘low intensity conflict’ are more prone to attacks on their installations. There are many recorded attacks on the oil and gas industry in various places around the world. According to the Energy Infrastructure Attack Database (EIAD), between 1980 and 2011, there were 4,139 attacks on oil and gas targets.90 However, the majority of attacks on oil and gas are concentrated in just a few countries such as Iraq, Nigeria, Pakistan, Colombia and a few others.91 Attacks on oil and gas pipelines are the most common among oil and gas targets.92 Attacking offshore petroleum installations is not a new phenomenon. In fact, it has a history of over one hundred years. One of the first (if not the first) documented attacks on an offshore oil installation took place in August 1899, in the US. The incident became known as the ‘Montecito Mob’ because it occurred in Montecito, an affluent suburb of Santa Barbara, California.93 On 2 August 1899, soon after an oil company began to construct an oil derrick off the shores of Montecito, a local mob attacked the rig and demolished it in order to prevent further expansion of the oil industry in Santa Barbara.94 A number of violent and non-violent incidents involving offshore installations have occurred throughout the history of the offshore petroleum industry including the occupation of offshore installations by offshore workers on strike, storming offshore installations and abduction of offshore workers by local gangs, bombings

88 ‘Violent non-state actors’ is the term that is commonly used in the literature. Mulaj defines ‘violent non-state actors’ as ‘non-state armed groups that resort to organized violence as a tool to achieve their goals’: Klejda Mulaj, ‘Introduction: Violent Non-State Actors: Exploring Their State Relations, Legitimation, and Operationality’ in Klejda Mulaj (ed.), Violent Non-State Actors in World Politics (Hurst 2010) 1, 3 (noting that the ‘state’/‘non-state’ divide is not always clear because violent non-state actors not only operate in opposition to a state or state, ‘but often also exist in a dependent relation to the state/s in terms of support, benefits, and recognition’): at 5. 89 Herbert Cooper, ‘Addressing Energy Supply Vulnerabilities’ (2006) 102(4) CEP Magazine 24, 25. 90 Center for Security Studies (CSS), ETH Zurich, Energy Infrastructure Attack Database (EIAD) (2012) [data file] www.css.ethz.ch/research/research_projects/index/EIAD accessed 1 December 2014. 91 Ibid. See also Lia and Kjok (n 81); Peter Toft, Arash Duero and Arunas Bieliauskas, ‘Terrorist Targeting and Energy Security’ (2010) 38(8) Energy Policy 4411; Jennifer Giroux, Peter Burgherr and Laura Melkunaite, ‘Research Note on the Energy Infrastructure Attack Database (EIAD)’ (2013) 7(6) Perspectives on Terrorism 113; Jeffrey Simonoff, Carlos Restrepo and Rae Zimmerman, ‘Trends for Oil and Gas Terrorist Attacks’ (Research Report No. 2, Institute for Information Infrastructure Protection (IIIP), 30 November 2005). 92 According to the EIAD, there were 1,789 attacks on oil and gas pipelines between 1980 and 2011, which is approximately 43 per cent of all attacks on oil and gas infrastructure during that period: CSS (n 90). 93 Gramling and Freudenburg (n 80) 442–43. 94 Ibid.; Harvey Molotch, William Freudenburg and Krista Paulsen, ‘History Repeats Itself, But How? City Character, Urban Tradition, and the Accomplishment of Place’ (2000) 65(6) American Sociological Review 791, 804 (noting that, at the time, Santa Barbara was positioning itself as a tourist and retirement destination which continuously generated tension between local residents and the oil industry).

15

OFFSHORE PETROLEUM SECURITY CONTEXT

of offshore installations by state armed forces, and interferences with operations of offshore installations caused by environmental protesters. The range of adversaries that pose a potential security threat to offshore installations is relatively broad. Security threats faced by offshore installations are examined in Chapter 3. 4.2 Issues concerning data on offshore attacks and security incidents Research into past attacks and security incidents associated with the offshore oil and gas industry has resulted in the compilation of a set of data documenting attacks, unlawful interferences and other security incidents involving offshore oil and gas installations (contained in the Appendix). The two main issues that arise in relation to the data are the reliability of sources and the credibility of information.95 As far as the reliability of sources is concerned, sources used to compile the dataset were all publicly available sources, including databases, official documents and reports of government agencies, reports of international organisations, court documents and law reports, books, journal articles, newspapers and online sources.96 Much of the data came from media reports, newspapers and websites. Media reports and online sources should always be treated with caution.97 Unfortunately, sometimes there are no readily available alternative reliable sources other than the media or online sources of questionable reliability. The second issue relates to the credibility of reported information on offshore attacks and security incidents, which is often questionable. As pointed out by Quiggin, even where information is reported by a reliable source, there is no guarantee that the information is credible because reliable sources may be misinformed, out of date or subject to biases.98 Vested interests could cause organisations to skew data depending on the nature of an organisation and the purpose for which data is reported.99 Individuals and organisations may be perusing certain interests or agendas and may be biased in their reporting, and even worse, deliberately spreading false information.100

95 For guidance on assessing the validity of sources and information see Tom Quiggin, ‘Sources and Information in Academic Research: Avoiding Mistakes in Assessing Sources for Research and During Peer Review’ (2013) 7(1) Perspectives on Terrorism 103. 96 The sources consulted include the International Maritime Bureau (IMB) Piracy and Armed Robbery Against Ships annual and quarterly reports; International Maritime Organization (IMO) Maritime Safety Committee (MSC) Reports on Acts of Piracy and Armed Robbery Against Ships; the EIAD developed by the CSS; Worldwide Threat to Shipping reports produced by the US Office of Naval Intelligence (ONI); reports based on the Worldwide Incidents Tracking System; reports such as Country Reports on Terrorism and Patterns of Global Terrorism produced annually by the US Department of State (DOS); RAND Database of Worldwide Terrorism Incidents and reports and papers published by RAND Corporation; reports based on the Memorial Institute for the Prevention of Terrorism (MIPT) database; Reports on Terrorism published by the NCC; the Global Terrorism Database (GTD) maintained by the National Consortium for the Study of Terrorism and Responses to Terrorism (START), as well as numerous other sources. 97 Quiggin (n 95) 103. 98 Ibid.; Tom Quiggin, ‘Words Matter: Peer Review as a Failing Safeguard’ (2013) 7(2) Perspectives on Terrorism 72, 72. 99 Frederick Chew, ‘Piracy, Maritime Terrorism and Regional Interests’ (2005) Geddes Papers 73, 74. See also Torbjorn Thedeen, ‘Setting the Stage: The Vulnerability of Critical Infrastructures’ in Konstantin Frolov and Gregory Baecher (eds), Protection of Civilian Infrastructure from Acts of Terrorism (Springer 2006) 33, 40. 100 Quiggin (n 95) 103.

16

OFFSHORE PETROLEUM SECURITY CONTEXT

One of the biggest concerns about the credibility of information is underreporting.101 For example, the media may be focusing only on higher profile events, or on certain geographical areas, so there is a chance of media underreporting in other areas. Perpetrators of attacks may try to exaggerate certain facts and details of the attacks (such as the extent of damage caused or the number of casualties) to attract more attention to their causes or create more fear. Government agencies may attempt to downplay the significance of the attacks in order to maintain public confidence in their ability to protect offshore installations. Given the reticent nature of the petroleum industry and its sensitivity to publicity, oil companies and other offshore industry participants may be inclined not to report all offshore attacks and security incidents.102 They may attempt to conceal some attacks and security incidents involving their offshore installations for reasons such as fear of losing market confidence or having to pay higher insurance premiums. Some security incidents such as extortion and internal sabotage can be easily concealed and information can be contained within the company.103 Even when oil companies report offshore security incidents and attacks to relevant government agencies, that information is not always publicly available.104 Another problem relates to misreporting of details of attacks. In some cases, the information reported is vague or incomplete. Several offshore security incidents identified in the course of the research were not included in the dataset because insufficient information was available to warrant their inclusion.105 Accordingly, the dataset does not include all attacks and unlawful interferences that have taken place throughout the history of the offshore oil and gas industry, and therefore it does not reflect the full extent of the offshore petroleum security problem. In some cases, different sources report different details, and sometimes inconsistent and conflicting information is reported. For example, some attacks have been reported as occurring at different times or with differing outcomes. In cases where contradictory information from two sources has been identified, additional sources were consulted to verify the information, and the information that was confirmed by the majority of other sources was eventually adopted. Although reasonable effort has been made to verify or confirm the information using open sources, it was not possible to verify the information in some cases. Readers should come to their own conclusions about the reliability of sources and credibility of information. 4.3 Attacks on and interferences with offshore installations 1975–2014 The dataset of attacks on and unlawful interferences with offshore installations, which has been named the Offshore Installations Attack Dataset (OIAD), comprises 113

101 See, e.g. Martin Murphy, ‘Petro-Piracy: Oil and Troubled Waters’ (2013) 57(3) Orbis 424, 432. 102 As noted by Rudner, ‘[r]arely is open-source information available on manifest insider threats available, since organizations tend to be reticent about any such matters for reputational reasons’: Martin Rudner, ‘Cyber-Threats to Critical National Infrastructure: An Intelligence Challenge’ (2013) 26(3) International Journal of Intelligence and Counterintelligence 453, 454. 103 Brian Jenkins, ‘Potential Threats to Offshore Platforms’ (RAND Corporation, January 1988) 5. 104 See Quiggin (n 95) 103. 105 For instance, in cases where there was insufficient information to warrant the inclusion (e.g. no information on whether the attacked installation is offshore or onshore).

17

OFFSHORE PETROLEUM SECURITY CONTEXT

security incidents involving offshore oil and gas installations that occurred between 1 January 1975 and 1 January 2015.106 Prior to 1975, only one security incident/ attack was found, namely the 1899 ‘Montecito Mob’ incident; however, there must have been more incidents in the intervening 75 years. No attacks or unlawful interferences involving offshore installation that occurred between 1990 and 1995 have been found. More than half of security incidents (59 of 113 incidents or 52 per cent) occurred in the 10-year period from 1 January 2005 to 1 January 2015 (see Figure 1.3). The majority of offshore incidents involved violence, but about 33 per cent of security incidents (37 of 113) were non-violent.107 Compared to attacks on onshore oil and gas installations, attacks on offshore installations are infrequent events even allowing for unreported incidents,108 but the exact number of attacks and unlawful interferences involving offshore installations is unknown. Overall, data indicates that attacks on and unlawful interferences with offshore installations were on the rise between 2006 and 2010 (42 incidents took place

1975–1979 1980–1984 1985–1989 1990–1994 1995–1999 2000–2004 2005–2009 2010–2014 31

18 16

8

7 5

4 2 0

1

9

8 3

1

0 0

Non-violent

Violent

Figure 1.3 Attacks on/unlawful interferences with offshore installations 1975–2014. Source: Author, based on the OIAD in Appendix.

106 See Appendix. 107 For the purposes of distinguishing between violent and non-violent incidents involving offshore installations, the meaning of ‘violence’ is taken to include not only physical violence towards people or property, but also physiological violence such as a threat of violence (e.g. bomb threat or threat to inflict bodily harm) and violence by deprivation such as unlawful detention (e.g. unlawful detention of offshore workers on board an installation during a labour strike). For a detailed discussion on the concept of violence see Keith Krause, ‘Beyond Definition: Violence in a Global Perspective’ (2009) 10(4) Global Crime 337, 339. 108 See Appendix; CSS (n 90).

18

OFFSHORE PETROLEUM SECURITY CONTEXT

during that period, most of them in Nigeria), but have declined considerably since 2010.109 The geographical analysis indicates that attacks and unlawful interferences involving offshore oil and gas installations have occurred in various parts of the world. In particular, attacks and security incidents involving offshore installations have occurred in Angola, Australia, Cameroon, Canary Islands, China, Colombia, Greenland, Guyana, India, Iran, Iraq, Kuwait, Malacca Strait, Malaysia, Mexico, Netherlands, New Zealand, Nicaragua, Nigeria, Norway, Russia, Suriname, Tanzania, Trinidad and Tobago, Turkey, UAE, UK, US, Vietnam, Yemen.110 However, there is clearly some geographical concentration of attacks, which suggests that geographical factors and considerations are important for the purposes of risk assessment and protection of offshore installations. This also indicates that offshore oil and gas installations in countries with high political instability, civil unrest or armed conflict are more prone to attacks. 5 Past and present perspectives on offshore petroleum security Security of the offshore oil and gas industry has been considered and debated for more than three decades,111 but prior to 11 September 2001 (9/11), security arrangements of offshore installations received little serious attention. In 1976, Denton argued that ‘[o]ffshore energy assets are essentially unprotected and are vulnerable to overt, clandestine, or covert attack’.112 He also noted that ‘[t]he question of responsibility within the government for protection of offshore energy assets, specifically oil production facilities, has not been resolved, although it has been raised periodically’.113 MacBain, a retired US Navy Commander, in 1980, wrote: Even more tempting energy targets are offered by the 2,000 oil platforms and 7,000 miles of pipelines in the Gulf of Mexico. Many platforms are in remote locations, unmanned and unvisited for days at a time, and, according to many experts, lacking adequate protection against assault.114

109 The decline in offshore attacks and unlawful interferences can be largely attributed to the amnesty introduced by the Nigerian Government in 2009. See, e.g. UNODC (n 86) 52; Thomas Strouse, ‘Will Nigeria’s Amnesty Campaign Have a Lasting Impact on the Delta Insurgency?’ (2009) 7(32) Terrorism Monitor 5. 110 See Appendix. 111 Some of the earlier writings that discussed the issue of potential attacks on offshore oil and gas installations and vulnerabilities of offshore installations include: Brian Jenkins et al., ‘A Chronology of Terrorist Attacks and Other Criminal Actions Against Maritime Targets’ (RAND Paper Series, RAND Corporation, September 1983); Jan Breemer, ‘Offshore Energy Terrorism: Perspectives on a Problem’ (1983) 6 Terrorism 455; Robert Denton, ‘Protection of Offshore Energy Assets’ (December 1976) Naval Engineers Journal 87; Robert Charm, ‘Terrorists See Offshore as Tempting Target’ (January 1983) Offshore 62; John Ebersole, ‘International Terrorism and the Defense of Offshore Facilities’ (September 1975) US Naval Institute Proceedings 54; Merle MacBain, ‘Will Terrorism Go to Sea?’ (1980) 23(1) Sea Power 15. 112 Denton (n 111) 87. 113 Ibid. 90. 114 MacBain (n 111) 20.

19

OFFSHORE PETROLEUM SECURITY CONTEXT

The movie industry had also illustrated the security threats to offshore petroleum installations. In the 1980 film, North Sea Hijack, a group of men posing as reporters hijack an offshore supply vessel, attach underwater explosives to substructures of two offshore platforms in the North Sea and make a demand for ransom threatening to blow up the platforms, in response to which the British Government sends a unique commando unit to stop them.115 Interestingly, there was even a computer video game of 1985, where submarines attack an offshore installation and the defender is supposed to bomb them from helicopters to protect the installation.116 Breemer pointed out in 1983 that those who were sceptical about the need for improved offshore petroleum security measures often argued that there is no or very little evidence that ‘an acute threat of such incidents does, in fact, exist’.117 Piracy, insurgency, terrorism and other forms of unlawful activities have been taking place at sea for several decades,118 but the earlier attacks on and unlawful interferences with maritime and offshore targets appear to have received only occasional or cursory public and political attention, perhaps with the exception of the attack on Achille Lauro in October 1985,119 which ultimately led to the adoption of two international conventions on the suppression of unlawful acts at sea. Oil companies did not perceive threats to the security of offshore installations as serious enough and resolved not to provide a high level of protection to offshore installations.120 Jenkins asserted that the reasons for that included: the lack of any serious security incidents or attacks on offshore installations; the view that offshore installations have ‘natural defences’ and are difficult to access; costs of installing security devices and maintaining security systems; available security systems were perceived to be of doubtful utility; the existing security measures were perceived to be satisfactory; the conviction that safety systems will prevent blowouts and fires that may result from an attack; and it was considered that a temporary disruption due to damage to an offshore installation would not cause any significant, long-lasting economic damage to the company or any state.121 As a result, security measures for offshore installations were generally lax across the industry, with a few exceptions where higher levels of security and protection were considered appropriate and have been imposed.122 It is clear that earlier steps, and even calls, to enhance security arrangements of offshore oil and gas installations were generally seen as unwarranted in light of the

115 North Sea Hijack (Directed by Andrew McLaglen, Cinema Seven Productions, 1980); ‘North Sea Hijack’ (The Internet Movie Database, 2015) www.imdb.com/title/tt0081809/ accessed 1 December 2015. 116 Anselmo Paschoa, ‘Accidents and Terror Attacks Against Offshore Oil Rigs’ (Presentation Slides, 4 March 2008). 117 Breemer (n 111) 456. 118 See, e.g. Jenkins et al., ‘A Chronology of Terrorist Attacks’ (n 111). 119 On 7 October 1985, terrorists hijacked the Italian cruise liner, Achille Lauro, in the Mediterranean, with 80 passengers and 320 crew members aboard and killed one American passenger. They were later captured and arrested by the Italian authorities and subsequently tried: Natalino Ronzitti (ed.), Maritime Terrorism and International Law (Martinus Nijhoff 1990) vii. 120 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 103) 19. 121 Ibid. 122 Ibid. 21.

20

OFFSHORE PETROLEUM SECURITY CONTEXT

lack of a history of offshore attacks. Lax security arrangements across the oil and gas industry generally reflected security threat assessment at the time.123 That perception has changed. The unprecedented 9/11 attacks on the World Trade Centre and the Pentagon marked a tremendous change in the international and national security environment and security regulation. Terrorism ‘has tragically succeeded in shaping the political agenda worldwide’.124 Since 9/11, the international community has been extremely concerned about security. The transport and energy sectors are among those that received the most political attention. The tightening international energy, volatile oil prices, instability and armed conflicts in some petroleum producing states, geopolitical challenges, perceived future shortages of oil and gas supplies, as well as the threats of terrorism and piracy, have contributed to a renewed focus on offshore petroleum security in recent years. The offshore oil and gas industry appears to have become of greater economic and strategic importance.125 Oil companies and governments are increasingly concerned about the security of their offshore installations.126 With the growing demand for oil and gas resources, markets, the rise of transnational extremist groups and the evolving cyber attack capabilities of adversaries, offshore petroleum installations may have become more justifiable and commonly selected targets in the post-9/11 era, especially in high-risk areas and countries in armed conflict, including low-intensity conflicts (LICs).127 Today violent non-state actors are able to ‘leverage oil market dynamics’ and use it as a global public relations tool by attacking oil and gas installations.128 As Giroux and Hilpert have stated: Capitalizing on modern energy security and crude oil market characteristics, today’s [violent non-state actors] operating in oil and gas producing and/or transit regions are quickly learning that attacks aimed at [energy infrastructure] can not only be an effective way to target state and international energy assets, cause economic damages, and garner broad media attention, but also a way to effect global turbulence in the form of oil market volatility. Hence, these micro-actors are functioning in an environment that enables them to become global players.129

123 Ibid. (noting that the situation/perception may change as offshore oil and gas activity expands and technology continues to advance). 124 Efthimios Mitropoulos, Secretary-General of the IMO, quoted in IMO, ‘Maritime Security Set for Boost with Entry into Force of 2005 Protocols on Suppression of Unlawful Acts in July 2010’ (Press Briefing, 20/2010, 30 April 2010). 125 See, e.g. Australian Government, Department of Prime Minister and Cabinet (DPMC), Securing Australia’s Energy Future (2004) 116–17. 126 These concerns have been hyped by the offshore disasters such as the Montara spill in 2009 and the Deepwater Horizon disaster in 2010. 127 See, e.g. Jeff Moore, ‘Oil and Gas in the Crosshairs – Part 1’ (PennEnergy, 2 August 2012) PennEnergy www.pennenergy.com/articles/pennenergy/2012/08/oil-and-gas-in-the.html accessed 1 December 2015; Alani (n 83). See also Gary Ackerman et al., ‘Assessing Terrorist Motivations for Attacking Critical Infrastructure’ (Center for Nonproliferation Studies, January 2007); Rudner, Martin, ‘Protecting North America’s Energy Infrastructure Against Terrorism’ (2006) 19(3) International Journal of Intelligence and Counterintelligence 424; John Robb, Brave New War: The Next Stage of Terrorism and the End of Globalization (Wiley & Sons 2007) 94. 128 Jennifer Giroux and Caroline Hilpert, ‘The Relationship Between Energy Infrastructure Attacks and Crude Oil Prices’ (October 2009) Journal of Energy Security www.ensec.org/index.php?option= com_content&view=article&id=216:the-relationship-between-energy-infrastructure-attacks-and-crudeoil-prices&catid=100:issuecontent&Itemid=352 accessed 1 December 2015. 129 Ibid.

21

OFFSHORE PETROLEUM SECURITY CONTEXT

A good example of how non-state actors can leverage oil to achieve certain political or social objectives is the October 2013 seizure and subsequent blockade of Libya’s Mellitah oil and gas export terminal (capable of handling 160,000 bpd) by armed members of the Amazigh minority, who halted oil and gas exports with the objective of pressuring Italy and the European Union (EU) to force Libya’s ruling General National Congress to recognize the Amazigh language and allow increased Amazigh representation on Libya’s constitutional committee.130 Several major terminals in Libya suffered blockades by armed gunmen including the 340,000-bpd al-Sidr and the 220,000-bpd Ras Lanuf terminals.131 Similarly, in 2014, former leaders of Niger Delta insurgent groups who had accepted the government’s amnesty in 2009,132 used oil as a political weapon and threatened to stop oil flows to the northern part of Nigeria as a move against a campaign to discredit and force out of office President Goodluck Jonathan, who is of southern origin.133 Security of the offshore oil and gas industry can have significant implications for the national security and economic well-being of many states, especially major petroleum producing and consuming states, as well as for the wider international community.134 An act of violence directed towards an offshore petroleum installation can potentially have economic, political, social and environmental consequences. The reasons why offshore installations are attacked and how they are attacked are examined in Chapter 4. 6 International responses A number of measures pertaining to offshore petroleum security have been adopted and implemented at the international level, as well as nationally and regionally. Prior to 9/11, the three principal legal instruments that addressed the protection of offshore installations were the United Nations Convention on the Law of the Sea 1982 (LOSC),135 the Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation 1988 (1988 SUA Convention)136 and the Protocol for the Suppression of Unlawful Acts against the Safety of Fixed Platforms located on the

130 Andrew McGregor, ‘Berbers Seize Libyan Oil Terminal to Press Demand for Recognition’ (2013) 11(21) Terrorism Monitor 3, 3. 131 Ibid. 132 The Federal Government’s 2009 amnesty was provided ‘as part of a national effort to bring an end to militant activities in the Niger Delta region that were preventing full exploitation of the region’s abundant energy reserves’: Andrew McGregor, ‘Ex-Militants Use Oil as a Political Weapon in the Niger Delta’ (2014) 12(14) Terrorism Monitor 3, 3; Strouse (n 109); UNODC (n 86) 52. 133 McGregor, ‘Ex-Militants Use Oil as a Political Weapon’ (n 132) 134 Martin Tsamenyi and Kwame Mfodwo, ‘Developing Capacity for Addressing Safety, Security and Marine Pollution Concerns Arising from the Oil and Gas Industry’ (Paper presented at the National Conference on Positioning the Transport Sector for the Successful Exploration of Ghana’s Oil & Gas, Accra, 15 July 2009) 3. 135 United Nations Convention on the Law of the Sea 1982, opened for signature 10 December 1982, 1833 UNTS 3, (entered into force 16 November 1994) (‘LOSC’). 136 Convention for the Suppression of Unlawful Acts Against the Safety of Maritime Navigation 1988, opened for signature 10 March 1988, 1678 UNTS 201 (entered into force 1 March 1992) (‘1988 SUA Convention’).

22

OFFSHORE PETROLEUM SECURITY CONTEXT

Continental Shelf 1988 (1988 SUA Protocol).137 The pre-9/11 international regulatory framework is examined in Chapter 6. However, the analysis of international legal aspects begins in Chapter 5, which focuses on the legal status of offshore installations. In the aftermath of the 9/11 attacks, the US encouraged the relevant United Nations (UN) bodies and agencies such as the UN Security Council (UNSC), the International Maritime Organization (IMO) and the International Labour Organization (ILO) to take action to address the threat of maritime terrorism.138 The US proposed and led a number of new regulatory initiatives to enhance security of the international maritime industry. The key post-9/11 regulatory responses include security-related amendments to the International Convention for the Safety of Life at Sea 1974 (SOLAS Convention),139 the International Ship and Port Facility Security Code (ISPS Code),140 and the amendments to the 1988 SUA Convention and the 1988 SUA Protocol. Post9/11 international regulatory responses are examined in Chapter 7. The industry and governments have also responded to the heightened post-9/11 security concerns and introduced measures to enhance the security of offshore petroleum installations. Governments responded by passing national laws that give effect to new international regulatory requirements, rolling out critical infrastructure protection (CIP)141 policies and initiatives, putting in place necessary administrative arrangements and building the capacity of agencies responsible for the protection and security of offshore installations. The international oil and gas industry has responded by developing security standards and recommended practices, increasing security-related spending, promoting the security culture within the industry, and tightening physical security of offshore installations. The industry associations such as the International Association of Oil & Gas Producers (IOGP) and the American Petroleum Institute (API) have developed methodologies and guidelines for security risk assessments (SRAs) and security management systems (SMSs)142 that are widely followed in the industry. These aspects are examined in Chapter 8.

137 Protocol for the Suppression of Unlawful Acts against the Safety of Fixed Platforms Located on the Continental Shelf 1988, opened for signature 10 March 1988, 1678 UNTS 304 (entered into force 1 March 1992) (‘1988 SUA Protocol’). 138 Robert Beckman, ‘International Responses to Combat Maritime Terrorism’ in Victor Ramraj, Michael Hor and Kent Roach (eds), Global Anti-Terrorism Law and Policy (Cambridge University Press 2005) 248, 248. 139 International Convention for the Safety of Life at Sea 1974, opened for signature 1 November 1974, 1184 UNTS 2 (entered into force 25 May 1980) (‘SOLAS Convention’). 140 Amendments to the Annex to the International Convention for the Safety of Life at Sea, opened for signature 12 December 2002, [2003] ATNIF 11 (entered into force 1 July 2004), annex (‘International Code for the Security of Ships and of Port Facilities’) (‘ISPS Code’). 141 The term CIP ‘pertains to the activities for protecting critical infrastructures. This includes people, physical assets, and communication (cyber) systems that are indispensably necessary for national, state, and urban security, economic stability, and public safety.’: Robert Radvanovsky, Critical Infrastructure: Homeland Security and Emergency Preparedness (CRC Press 2006) 6. 142 See, e.g. API, Security for Offshore Oil and Natural Gas Operations (1st edn, March 2003); API, Security Guidelines for the Petroleum Industry (3rd edn, April 2005); API and National Petrochemical & Refiners Association (NPRA), Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries (2nd edn, October 2004); API, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries (1st edn, May 2013); IOGP, Security Management System: Processes and Concept in Security Management (July 2014); IOGP, Response to Demonstrations at Offshore Facilities (March 2010); IOGP, Firearms and the Use of Force (February 2010); IOGP, Integrating Security in Major Projects – Principles & Guidelines (April 2014).

23

OFFSHORE PETROLEUM SECURITY CONTEXT

7 Conclusion This chapter set the context for analysing the protection and security aspects of offshore oil and gas installations. It explained the concept of ‘offshore petroleum security’, discussed the strategic importance of petroleum and violence associated with the petroleum industry, and provided background information on past and present perspectives on offshore petroleum security, as well as steps taken by the international community and the oil industry to address security concerns pertaining to offshore installations. It also provided an overview of past attacks and security incidents involving offshore installations worldwide. In doing so, it addressed the first two of those key questions set out at the beginning of this chapter, which are – how common are attacks on offshore oil and gas installations143 and – where are offshore oil and gas installations attacked? This chapter also very briefly touches on other key questions set out at the beginning. Given the economic and strategic importance of oil and gas resources, the overall increase in the number of attacks on and unlawful interferences with offshore installations in the last decade, and the global concerns about offshore petroleum security, there is no doubt that offshore installations need to be protected. Against this context, subsequent chapters address the remaining key questions set out at the beginning of this chapter, in order to determine whether the existing security arrangements are still appropriate in the contemporary security environment and whether they provide an adequate level of protection to offshore installations from various security threats, given the apparent attractiveness of offshore petroleum targets and perceived growing interest of adversaries in attacking them. Gaps in the security framework are highlighted in the last chapter and several recommendations for improvements in the security framework are provided.

143 Including non-violent unlawful interferences and security incidents involving offshore installations.

24

CHAPTER 2

OFFSHORE ASSETS AND OPERATIONS 1 Introduction The offshore oil and gas industry has developed a range of offshore oil and gas installations of different sizes and configurations. Some of these installations accommodate over 200 people on board, are capable of operating at water depths of more than 3,000 metres, produce over 200,000 bpd and cost in excess of US$1 billion. To analyse the security and protection aspects of these vital offshore assets, it is important to have at least a general understanding of the offshore oil and gas industry and the types of offshore installations the industry employs. Without it, an analysis of the relevant security aspects in the subsequent chapters is difficult.1 In other words, to protect something, it is first necessary to know what needs to be protected. Asset identification is typically one of the first steps in SRA models and approaches, including those used by the oil and gas industry.2 Accordingly, the principal focus of this chapter is to identify the types and physical nature of offshore oil and gas installations utilised by the offshore industry and describe their main characteristics and functions. To this end, the chapter addresses the third key question posed at the outset – what types of offshore installations are attacked and need to be protected?3 However, offshore asset identification is not limited just to offshore installations. The process can involve identifying assets of an offshore operation, documenting their functions and value including people, equipment, systems, chemicals, products and information.4 It can also involve identifying internal and external infrastructure, and dependencies and interdependencies including telecommunications, transportation, emergency services, computer systems, and supervisory control systems that support the operations of assets.5 Therefore, the chapter also looks at some of the

1 Hossein Esmaeili, The Legal Regime of Offshore Oil Rigs in International Law (Ashgate Dartmouth 2001) 11. 2 See, e.g. API, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries (1st edn, May 2013); US Government, Department of Homeland Security (DHS) and Department of Energy (DOE), Energy: Critical Infrastructure and Key Resources Sector-Specific Plan as Input to the National Infrastructure Protection Plan (Redacted) (May 2007); Shailendra Bajpai, Anish Sachdeva and J.P. Gupta, ‘Security Risk Assessment: Applying the Concepts of Fuzzy Logic’ (2010) 173(1) Journal of Hazardous Materials 258. Some SRA models refer to this step as ‘establishing internal context’, which includes ‘asset identification’. See, e.g. OTS, Offshore Security Assessment Guidance Paper (June 2005); ISO 31000: 2009 Risk Management – Principles and Guidelines. 3 A summary of the offshore installations that have been attacked is provided in Chapter 1. For details of the attacks see Appendix. 4 See, e.g. API, Security Risk Assessment Methodology (n 2) 28. 5 API, Security Risk Assessment Methodology (n 2) 28.

25

OFFSHORE ASSETS AND OPERATIONS

operational aspects of the offshore oil and gas industry including organisational structure of oil companies and on board offshore installations. The operational aspects of offshore installations are not discussed in much detail as these more technical aspects have been widely discussed elsewhere.6 Still, a brief review of the operational aspects is useful to illustrate the chain of command on board offshore installations and in oil companies, which can be crucial in the event of an attack and emergency response situations. As a background, the chapter begins with an overview of the global offshore oil and gas industry and recent technological developments in offshore petroleum exploration and production. 2 Global offshore oil and gas industry Drilling for and production of petroleum resources offshore started in the 1890s in the US off the shores of Summerland in California, just to the east of Santa Barbara.7 Offshore drilling was done from a set of oil derricks constructed along a pier that jutted into the Pacific Ocean allowing oil prospectors to tap the offshore extensions of onshore fields.8 It was not until 1938 when the first free-standing offshore platform in the ocean commenced operations in the Gulf of Mexico in the US in about 4 metres of water, one and a half miles offshore.9 However, the birth of the modern offshore petroleum industry is considered to be on 4 October 1947, when the first commercial offshore oil well was drilled out of sight of land in water depth of 6 metres about 12 nautical miles off the Louisiana coast in the Gulf of Mexico in the US.10 The increasing global demand for energy and major technological advances have resulted in a significant shift of oil and gas operations from land to offshore locations.11 Offshore oil and gas resources are of vital importance in meeting global energy needs and states and oil corporations are turning to the sea for oil and gas more than ever before.12 Today, approximately one third of the total global oil and gas production comes from the offshore sector.13 This figure is expected to

6 See, e.g. Havard Devold, Oil and Gas Production Handbook: An Introduction to Oil and Gas Production, Transport, Refining and Petrochemical Industry (ABB Oil & Gas 2013); Terry Robinson, The Offshore: An Introduction to the Technology, Terminology and Operations of Offshore Exploration (Jesperson Press 1992); William Leffler, Richard Pattarozzi and Gordon Sterling, Deepwater Petroleum Exploration & Production: A Nontechnical Guide Hardcover (PennWell 2003). 7 Jay Schempf, Pioneering Offshore: The Early Years (PennWell 2007); Robert Gramling and William Freudenburg, ‘Attitudes Toward Offshore Oil Development: A Summary of Current Evidence’ (2006) 49(7) Ocean & Coastal Management 442, 442. 8 Schempf (n 7) 9–10. 9 US National Commission on the BP Deepwater Horizon Oil Spill and Offshore Drilling, Deep Water: The Gulf Oil Disaster and the Future of Offshore Drilling (Report to President, January 2011) 21. 10 Schempf (n 7) 3. 11 Most regions around the world have experienced a shift in production to offshore locations. 12 Martin Murphy, ‘Contemporary Piracy and Maritime Terrorism’ (Adelphi Paper No. 388, International Institute for Strategic Studies, 2007) 1, 75. 13 IEA, World Energy Outlook 2008 (2008) 251; Mark Kaiser and Brian Snyder, ‘A Primer on the Offshore Contract Drilling Industry’ (2013) 44(3) Ocean Development & International Law 287, 287; ‘Factbox – Offshore Increasingly Important to Oil Industry’ (Reuters, 6 July 2010) http://uk.reuters.com/ article/idUKLDE6640YV20100706 accessed 1 December 2015; Donald Rothwell and Tim Stephens, The International Law of the Sea (Hart Publishing 2010) 287.

26

OFFSHORE ASSETS AND OPERATIONS

increase due to depleting onshore fields and rapidly expanding offshore oil and gas developments.14 Between 1991 and 2006, offshore oil production rose by more than one-third and offshore natural gas production more than doubled.15 Today offshore petroleum is produced in almost every part of the world, from the small 1,000 bpd wells in waters as shallow as 20 metres to large 200,000 bpd wells in more than 2,000 metres of water.16 Some of the main areas where offshore oil and gas activities take place include the Gulf of Mexico, the North Sea, the South China Sea, the Gulf of Guinea, the Persian Gulf and the Caspian Sea. The Arctic has a potential to become a major offshore petroleum producing region, but it is predicted that logistical and other challenges will prevent it from becoming a major producing region in the near future.17 According to Westwood, offshore oil and gas production is expected to grow in most regions of the world, but in Europe offshore production is expected to decline.18 The global oil and gas industry, including its offshore sector, has long been dominated by vertically integrated IOCs. The largest IOCs, which are also referred to as ‘super majors’ or ‘Big Oil’, are: ExxonMobil, Royal Dutch Shell (Shell), BP, Chevron, ConocoPhillips and Total.19 The activities of IOCs are often carried out in partnerships with state-owned national oil companies (NOCs) and/or smaller oil exploration and production companies that are referred to as ‘independents’.20 The largest NOCs include the Arabian-American Oil Company (Aramco), Gazprom, National Iranian Oil Company (NIOC), Rosneft, China National Petroleum Corporation (CNPC), Petróleos Mexicanos (Pemex), and Kuwait Petroleum Company.21 The largest independents include Occidental, Canadian Natural, Apache, Devon, Petróleo e Gás Participações (OGX), BHP Billiton, and Woodside.22 In addition to the IOCs, NOCs and independents, the offshore oil and gas industry includes a large number of specialised subcontractors that perform important functions such as offshore drilling, supply of offshore installations and pipelines, and provision of oilfield services. These companies do not seek ownership rights to oil

14 See, e.g. PennWell, International Petroleum Encyclopedia 2010 (PennWell 2010) 356; IEA, World Energy Outlook 2009 (2009) 432. However, at the same time, it is ‘expected that up to a third of oil fuel production may come from unconventional sources within the next decade’: Devold (n 6) 128. Unconventional sources of oil and gas include: extra heavy crude, tar sands, oil shale, shale gas and coal bed methane: at 127. 15 Douglas-Westwood Ltd, World Offshore Oil & Gas Production and Spend Forecast 2007–11 (2007), cited in PennWell, International Petroleum Encyclopedia 2008 (PennWell 2008) 360. 16 See, e.g. Devold (n 6) 7. 17 See, e.g. IEA, World Energy Outlook 2011 (2011) 295; Arctic Council, Guide to Oil Spill Response in Snow and Ice Conditions in the Arctic (2015) 165–68. 18 John Westwood, ‘Global Offshore Prospects’ (Presentation at the Offshore Production Technology Summit 2010, London, 26 January 2010) 23. 19 Andrew Inkpen and Michael Moffett, The Global Oil & Gas Industry: Management, Strategy & Finance (PennWell 2011) 18. 20 Independents are smaller non-state-owned companies, many of which are sizable players in the oil and gas market and rank in the top 50 of all non-state-owned oil companies: Inkpen and Moffett (n 19) 18. 21 ‘The World’s Biggest Oil Companies’ (Forbes, n.d.) www.forbes.com/pictures/mef45miid/theworlds-biggest-oil-companies/ accessed 1 December 2015. 22 Inkpen and Moffett (n 19) 18.

27

OFFSHORE ASSETS AND OPERATIONS

and gas reserves, but nevertheless play an integral role throughout the exploration, development, and production stages by providing products and services to offshore oil and gas producers.23 The largest offshore drilling companies include Transocean, Seadrill, Diamond Offshore, Enso and Noble, each holding a sizable fleet of offshore drilling rigs.24 The largest oilfield service companies include Schlumberger, Halliburton, Weatherford and Baker Hughes.25 Over the years, the offshore oil and gas industry has developed a diverse range of offshore installations which are now a common feature of many continental shelf areas. There are now over 1,400 offshore drilling units,26 more than 270 floating production units (FPUs),27 some 100 floating storage and offloading units (FSOs) without production capability,28 and more than 7,000 fixed offshore production platforms in the world.29 The number of offshore oil and gas installations is constantly increasing in practically all offshore producing regions. According to Infield, more than 1,600 new fixed offshore platforms were forecast to be installed over the fiveyear period from 2009 to 2014.30 The global fixed offshore platform market forecast is positive with increasing investment from 2013 to 2018.31 The number of FPUs is also increasing consistently with a 17-year average of 19 new installations per year.32 In the 11 months from January to November 2013, a total of 19 FPUs had been ordered comprising 12 floating production, storage and offloading units (FPSOs), three floating storage and regasification units (FSRUs), two tension-leg platforms (TLPs), one spar and one production barge.33 As offshore oil and gas production continues to grow, offshore installations will continue to play a critical role in the global oil and gas industry. For example, according to DouglasWestwood’s market forecast, about US $81 billion will be spent on floating production systems (FPSs) between 2015 and 2019, which represents an increase

23 Ibid. 24 Kaiser and Snyder (n 13) 306–307. 25 Inkpen and Moffett (n 19) 153. 26 ‘Rig Report: Offshore Rig Fleet by Rig Type’ Rigzone www.rigzone.com/data/rig_report.asp?rpt= type accessed 1 December 2015. 27 In November 2013, Energy Maritime Associates (EMA) reported that there were 277 FPUs in the world, 62 per cent of which (i.e. 172 units) are FPSOs and the remainder divided among semisubmersibles, TLPs, spars, barges, and FSRUs: ‘Available FPU Count at All-Time High’ (Offshore, 26 November 2013) www.offshore-mag.com/articles/2013/11/available-fpu-count-at-all-time-high.html accessed 1 December 2015. 28 EMA, ‘Idle Floating Production Units At An All Time High’ (News Release, 26 November 2013). 29 In 2010, Douglas-Westwood reported that there were more than 7,000 fixed offshore platforms: John Westwood, ‘Trends in the Marine Energy Market’ (Presentation at Basque Maritime Forum General Assembly, Bilbao, Spain, 18 June 2010). The Gulf of Mexico alone has more than 3,500 fixed offshore production platforms: US National Commission on the BP Deepwater Horizon Oil Spill and Offshore Drilling, Deep Water: The Gulf Oil Disaster and the Future of Offshore Drilling (Report to President, January 2011) 3. 30 Infield, Fixed Platforms Market Report (2011). 31 ‘Global Fixed Platform Outlook Positive, Says Infield Systems’ (Offshore, 1 August 2013) www.offshore-mag.com/articles/2013/08/global-fixed-platform-outlook-positive-says-infield-systems.html accessed 1 December 2015; ‘Strong FPS Spending Through 2018 Forecast By Douglas-Westwood’ (Offshore, 14 February 2014) www.offshore-mag.com/articles/2014/02/strong-fps-spending-through2018-forecast-by-douglas-westwood.html accessed 1 December 2015. 32 EMA (n 28). 33 Ibid.

28

OFFSHORE ASSETS AND OPERATIONS

of 73 per cent compared to 2010–2014.34 Similarly, there is growth in the offshore accommodation units market.35 The increasing global energy demand, high oil prices and new technological developments have increased the capacity of oil companies to operate offshore installations and subsea production facilities in remote locations far offshore, and even more difficult-to-access offshore oil and gas resources have become commercially viable.36 The ‘ultra-deepwater’, which usually refers to water depth of 1,500 metres or more,37 has become the new frontier in offshore oil and gas operations. According to Infield, subsea market is expected to grow in the five-year period from 2014 to 2019 with Latin America and Africa remaining the dominant areas for subsea growth.38 The stakes are high in ultra-deepwater offshore operations requiring significant capital and operational expenditure, and challenging new technologies.39 It can cost as much as US $500,000 a day to hire a deepwater drilling rig.40 Today, some floating ultra-deepwater installations are able to operate in water depths of up to 3,500 metres.41 In July 2013, Transocean reported that its ultradeepwater drill ship Dhirubhai Deepwater KG1 set a new world record for the deepest water depth by an offshore drilling rig at 3,174 metres of water while working off the east coast of India.42 One of the deepest offshore production installations in the world is Perdido floating spar platform which operates about 200 nautical miles offshore in the Gulf of Mexico at a water depth of about 2,400 metres, producing oil and natural gas.43 The industry continues to evolve with new types of offshore

34 ‘Douglas-Westwood Forecasts Rise in FPS Spending to 2019’ (Offshore, 25 February 2015) www.offshore-mag.com/articles/2015/02/douglas-westwood-forecasts-rise-in-fps-spending-to-2019.html accessed 1 December 2015. 35 ‘Offshore Accommodation Growth Set Fair, Report Claims’ (Offshore, 16 March 2015) www.offshore-mag.com/articles/2015/03/offshore-accommodation-growth-set-fair-report-claims.html accessed 1 December 2015. 36 Devold (n 6) 3; Australian Government, Office of the Inspector of Transport Security (OITS), Offshore Oil and Gas Resources Sector Security Inquiry (2012) 108. 37 See, e.g. Ben Gerwick Jr, Construction of Marine and Offshore Structures (3rd edn, Taylor & Francis 2007) 718. 38 ‘Infield Sees Subsea Market Growth Over Next Five Years’ (Offshore, 9 July 2014) www.offshoremag.com/articles/2014/07/infield-sees-subsea-market-growth-over-next-five-years.html accessed 1 December 2015. 39 Torgeir Moan, ‘Marine Structures for the Future’ (Report No 2003-01, Centre for Offshore Research & Engineering, 2003) 29. 40 ‘Offshore Rig Day Rates’ Rigzone www.rigzone.com/data/dayrates/ accessed 1 December 2015. See also Kaiser and Snyder (n 13). 41 For example, the ultra-deepwater drill ship Discoverer India, built in 2010, is equipped to drill in water depths of about 3,050 metres and can be upgraded to drill in water depths of up to 3,650 metres: ‘Discoverer India Starts to Work for Reliance’ (Offshore, 20 December 2010) www.offshoremag.com/articles/2010/12/discoverer-india-starts.html accessed 1 December 2015. Drill ships that are capable of drilling at water depths larger than 3,650 metres are already being designed: ‘Drillship Designed for Deeper Waters’ (Offshore, 16 June 2014) www.offshore-mag.com/articles/2014/06/drillship-designedfor-deeper-waters.html accessed 1 December 2015. 42 ‘Transocean Sets New Offshore Depth Drilling Record’ (Offshore, 8 July 2013) www.offshoremag.com/articles/2013/07/transocean-sets-new-offshore-water-depth-drilling-record.html accessed 1 December 2015. 43 ‘Perdido Regional Host Development, Gulf of Mexico, USA’ Offshore Technology www.offshoretechnology.com/projects/perdido/ accessed 1 December 2015.

29

OFFSHORE ASSETS AND OPERATIONS

petroleum installations being designed and built.44 Some offshore installations cost more than US$1 billion.45 The types of offshore installations that have been attacked include fixed offshore production platforms, offshore drilling units, floating production and storage installations, offshore oil export terminals and wellhead platforms. Security incidents involving offshore drilling rigs are the most common.46 Specific characteristics of different types of offshore oil and gas installations are relevant and important considerations for the purposes of both targeting and protection. 3 Types of offshore oil and gas installations Offshore oil and gas installations are very complex structures from a technological standpoint. They come in a variety of types, shapes, sizes and configurations, so the discussion mainly focuses on their physical nature. Different types of offshore installations are usually used for different functions in the offshore petroleum industry. Offshore installations can be built to perform a particular function such as drilling, production and accommodation. Sometimes separate smaller offshore installations are built adjacent to the main installations for pumping or compressor stations, flare tower, or oil storage, to allow carrying of heavier loads on principal installations.47 Larger offshore installations are usually self-contained and are able to perform a number of different functions. A typical offshore production installation is also self-sufficient in terms of water needs, accommodation, power and electrical generation and all of the equipment necessary to perform its functions.48 Many offshore production platforms are able to produce petroleum from multiple wells simultaneously. In some cases, production from as many as 40 subsea wells can be handled by a single installation.49 The configuration, layout and size of offshore installations to be used at a particular offshore field depend not only on functions required to be performed by the installation (e.g. drilling, production, storage), but also on factors such as water depth at which an installation will be used, seabed features, environmental conditions, distance from shore, production capacity, the expected production life of the offshore field, and number of wells.50

44 For example, in 2009, COSCO Shipyard Group built the world’s first deepwater circular drilling rig: PennWell (n 14) 369. 45 In May 2008, Stena Drilling announced that it has commissioned the construction of a new Arcticclass dynamically positioned drill ship Stena DrillMAX IV at the total estimated delivery price of US $1.15 billion: PennWell, International Petroleum Encyclopedia 2009 (PennWell 2009) 372. 46 See Appendix. 47 Mohamed El-Reedy, Offshore Structures: Design, Construction and Maintenance (1st edn, Gulf Professional Publishing 2012). 48 Petroleum Federation of India (PFI), ‘Offshore Oil and Gas Production Systems’ (ProFed, 2010) http://petrofed.winwinhosting.net/upload/IAI/17-20mar10/OffshoreoilandProd.pdf accessed 1 December 2015. 49 See, e.g. ‘Usan Oilfield, Nigeria’ Offshore Technology www.offshore-technology.com/projects/usan/ accessed 1 December 2015. 50 See, e.g. Gunther Clauss, Eike Lehmann and Carsten Ostergaard, Offshore Structures: Conceptual Design and Hydromechanics (M J Shields trans, Springer-Verlag 1992–94) vol 1, 126; Moan (n 39).

30

OFFSHORE ASSETS AND OPERATIONS

In general, offshore oil and gas installations are made up of two separate structures: a) the ‘platform’ (also referred to as ‘substructure’), which supports the upper deck (i.e. topside) and which may float or sit on the seabed; and b) the ‘topside’ (also referred to as ‘superstructure’) where the production and/or drilling equipment and offshore crew are accommodated, and where the operating and support functions are carried out.51 The offshore petroleum industry also utilises several types of shipshaped floating offshore installations,52 which are not ‘platforms’ strictly speaking. Offshore petroleum installations may be classified in different ways based on different criteria.53 For example, offshore installations can be classified based on their purpose, such as drilling, production, offloading, or storage of oil and gas. They can also be generally classified as ‘floating’54 or ‘bottom-supported’55 structures.56 One of the most common ways to classify offshore petroleum installations is to include them either in the category of ‘fixed’ offshore installations or ‘mobile’ offshore installations. 3.1 Fixed offshore oil and gas installations Fixed offshore platforms are the most common types of offshore installations employed in the offshore oil and gas industry. They are usually fixed steel or concrete platforms that are used for long-term operations and designed to remain attached to the seabed at a single offshore location throughout a field’s production life.57 Fixed offshore installations can be manned or unmanned. Unmanned offshore installations are usually relatively small in size and do not require personnel to be permanently stationed on board, but they can be equipped with accommodation quarters for emergency situations.58 Fixed offshore installations can be used for drilling, production, storage and offloading of oil and gas. The most common types of fixed offshore installations are jacket structures, gravity-based structures (GBSs), compliant towers, and TLPs

51 See, e.g. Edgar Gold, Aldo Chircop and Hugh Kindred, Essentials of Canadian Law Series: Maritime Law (Irwin Law 2003) 72–73. Typically, the topside carries the drilling rig, cranes, helipads, living accommodation, control room and all other essential facilities. 52 See Jeom Kee Paik and Anil Kumar Thayamballi, Ship-Shaped Offshore Installations: Design, Building, and Operation (Cambridge University Press 2007). 53 Esmaeili (n 1) 12. 54 Floating offshore installations rest on water by virtue of their own weight, without support: Esmaeili (n 1) 13. Floating offshore installations include drill ships, semisubmersible units, FPSOs, FSOs, floating drilling production storage and offloading units (FDPSOs), and spar platforms. 55 Bottom-supported offshore oil and gas installations are those offshore installations that are either sunk to the seabed or supported by a substructure usually made of steel or concrete. See Esmaeili (n 1) 14–15. 56 TLP is the exception. TLPs are ‘floating’ and at the same time ‘bottom-supported’ structures. 57 David Sharp, Offshore Oil and Gas Insurance (Witherby 1994) 25; Clauss, Lehmann and Ostergaard (n 50) 47; David Pinder, ‘Offshore Oil and Gas: Global Resource Knowledge and Technological Change’ (2001) 44(9) Ocean & Coastal Management 579, 585. 58 Martin Tsamenyi and Kwame Mfodwo, ‘Developing Capacity for Addressing Safety, Security and Marine Pollution Concerns Arising from the Oil and Gas Industry’ (Paper presented at the National Conference on Positioning the Transport Sector for the Successful Exploration of Ghana’s Oil & Gas, Accra, 15 July 2009) 7.

31

OFFSHORE ASSETS AND OPERATIONS 60

(see Figure 2.1). Other, not so common, types of fixed offshore installations include caisson well-guard platforms, wellhead platforms and platforms on piles. Platforms on piles are rarely used today because of their limitation with respect to water depth.59 Each of these types of offshore installations is briefly described below. 3.1.1 Jacket structure Jacket structures consist of a steel pyramidal pylon substructure (called ‘jacket’) that extends from the sea floor to above the water surface and has a deck on top (i.e. topside) with operational equipment.61 The jacket substructure is usually floated by a barge to the desired location where it is then lowered to the seabed in an upright position,62 and firmly attached to the seabed with steel piles driven through the legs of the substructure into the seabed.63 The piles fix the substructure in place against lateral loadings from wind, waves and currents.64

Figure 2.1 Examples of fixed and mobile offshore oil and gas installations. Source: David Pinder, ‘Offshore Oil and Gas: Global Resource Knowledge and Technological Change’ (2001) 44(9) Ocean & Coastal Management 579, 587.

59 It should be noted that each of the categories of offshore petroleum installations discussed below may have subcategories and design variations. For more technical aspects see generally Clauss, Lehmann and Ostergaard (n 50). 60 See Clauss, Lehmann and Ostergaard (n 50); Esmaeili (n 1) 16. 61 William Graff, Introduction to Offshore Structures: Design, Fabrication, Installation (Gulf Publishing Company 1981) 106; Esmaeili (n 1) 16; Pinder (n 57) 587. 62 Gold, Chircop and Kindred (n 51) 73. 63 Pinder (n 57) 587; Graff (n 61) 106. 64 W J Drawe and M D Reifel, ‘Platform Function and Types’ in Bramlette McClelland (ed.), Planning and Design of Fixed Offshore Platforms (Springer 1986) 11, 18, cited in Esmaeili (n 1) 16.

32

OFFSHORE ASSETS AND OPERATIONS

3.1.2 Gravity based structure (GBS) GBSs usually consist of a large substructure built of reinforced concrete in the form of vertical tubular columns that are fixed at the concrete or steel base to ballasted chambers,65 making the entire structure stable on the seabed and holding it in place through the force of gravity.66 The substructure is usually towed into position and then filled with ballast and lowered to a prepared foundation on the seabed. 67 GBSs rest directly on the seabed by virtue of their own weight.68 The tubular columns support the topside, which itself remains above the water surface.69 Some GBSs have tanks in the base of the structure that are used to store oil before they are offloaded or transported.70 3.1.3 Compliant tower Compliant towers are similar to jacket structures to an extent. Compliant towers consist of a narrow flexible steel substructure (i.e. tower), typically a trussed column, attached to a foundation on the seabed and extending up above the water to the topside.71 They are self-contained buoyancy towers with sufficient buoyancy that the tower floats above water during transport.72 The particular feature of compliant tower platforms is that the tower itself is relatively flexible as opposed to the more rigid legs of a jacket structure,73 which provides greater resistance to stress and allows it to operate in much deeper water.74 Compliant towers are usually used in water depths between 300 and 900 metres.75 3.1.4 Tension-leg platform (TLP) TLPs are floating production platforms that are essentially a modified configuration of a semisubmersible-type platform fixed (i.e. tethered) to the bottom by a series of vertical stiff tethers.76 These tethering lines replace the traditional steel jacket and concrete gravity base support structures and diminish the impact of waves by maintaining a controlled tension between the platform and mooring template anchored on the seabed.77 The TLP approach is to retain a structure fixed to the seabed, but to abandon the traditional concept of bottom-supported structures.78 65 Harry Whitehead, An A–Z of Offshore Oil and Gas (Gulf Publishing Company 1983) 180, cited in Esmaeili (n 1) 16. 66 Gold, Chircop and Kindred (n 51) 73; Pinder (n 57) 587. 67 Gold, Chircop and Kindred (n 51) 73. 68 Graff (n 61) 261, cited in Esmaeili (n 1) 16. 69 Pinder (n 57) 587. 70 Gold, Chircop and Kindred (n 51) 73. 71 NaturalGas.org, ‘Offshore Drilling’ www.naturalgas.org/naturalgas/extraction_offshore.asp accessed 1 December 2015; API, Offshore Access to Oil and Natural Gas Resources (October 2013) 10. See also Gerwick Jr (n 37) 726–33. 72 Drawe and Reifel (n 64) 19, cited in Esmaeili (n 1) 16. 73 Pinder (n 57) 587. 74 NaturalGas.org (n 71). 75 API, Offshore Access to Oil and Natural Gas Resources (n 71) 10. 76 Clauss, Lehmann and Ostergaard (n 50) 83. 77 Wylie Spicer, ‘Application of Maritime Law to Offshore Drilling Units – The Canadian Experience’ in Ian Townsend Gault (ed.), Offshore Petroleum Installations Law and Financing: Canada and the United States (1986) 105, 106. 78 Pinder (n 57) 587–88.

33

OFFSHORE ASSETS AND OPERATIONS

This configuration provides a greater degree of buoyancy, so that the topside stays out of reach of waves.79 A ‘floating superstructure carrying all operational facilities supports its own weight and applies stabilising upward tension to relatively lightweight tubular fixed legs’.80 TLPs can remain attached to the seabed in a single location for extended periods. TLPs are classified as fixed offshore installations despite the fact that they float on water.81 They are usually used in water depth of up to about 2,000 metres, but modern technology allows TLPs to operate at greater water depths. There are two variations in the design of TLPs: the ‘conventional’ TLP is a 4-column design that looks similar to a semisubmersible and the ‘mini-TLP’ (also known as ‘sea star TLP’) that is a smaller version of the conventional TLP. MiniTLPs are relatively low cost and are usually used in water depths of up to about 1,000 metres,82 usually for production of smaller deepwater offshore fields that would be uneconomic to produce using conventional deepwater production systems.83 3.2 Mobile offshore oil and gas installations Mobile offshore installations are also very common in the offshore petroleum industry. They may be used for drilling, production, offloading and storage of oil and gas. The types of mobile offshore installations include jack-ups (see Figure 2.1), submersibles, drilling barges, semisubmersibles, drill ships, spars, FPSOs (see examples in Figure 2.2),84 FSOs, floating drilling production storage and offloading units (FDPSOs), and floating liquefied natural gas units (FLNGs). 3.2.1 Jack-up Jack-up platforms (also known as self-elevating drilling units) comprise a barge-type rectangular or triangular floating deck (i.e. topside) that rests on several (usually three or four) vertical or slightly tilted ‘tubular piles or legs of open lattice trusstype construction’.85 The topside is equipped with drilling apparatus.86 Jack-ups can be either towed or carried on heavy-lift ships as cargo to a drilling location, or they can move under their own means of propulsion.87 The legs are raised while the unit is in transit. 88 Once on location, the legs are lowered to the seabed, and the topside is lifted to the desired height above the surface of the water by electric or hydraulic jacks,89 to ensure a safe distance from the water surface.90 When the legs are lifted,

79 Alistair Maclean, Seawitch (Fawcett Crest Books 1977). 80 Pinder (n 57) 588. 81 Ibid. 589. 82 NaturalGas.org (n 71). 83 API, Offshore Access to Oil and Natural Gas Resources (n 71) 10. 84 Not all types of mobile offshore installations are shown in Figures 2.1 and 2.2. 85 Clauss, Lehmann and Ostergaard (n 50) 47–48. 86 Pinder (n 57) 585. 87 Esmaeili (n 1) 15. 88 Martti Koskenniemi, ‘Case Concerning Passage Through the Great Belt’ (1996) 27(3) Ocean Development & International Law 255, 265. 89 Clauss, Lehmann and Ostergaard (n 50) 47–48.

34

OFFSHORE ASSETS AND OPERATIONS

Figure 2.2 Examples of floating offshore oil and gas installations. Source: Courtesy of MODEC Inc.

the jack-up retains its floating position.91 Jack-ups are used in relatively shallow water, usually up to 100–150 metres in depth.92 While jack-ups are traditionally used for drilling, they can also be used for offshore oil and gas production.93 3.2.2 Submersible Submersible drilling units consist of the topside ‘supported on a number of vertical or horizontal pontoons that are flooded when the rig is in position for drilling’.94 When a submersible is being moved from one place to another, the pontoons are filled with air which makes the entire structure buoyant.95 When the rig is submerged (i.e. in the drilling position), the substructure rests on the seabed and the topside,

90 Gold, Chircop and Kindred (n 51) 71. 91 The Memorial of the Government of the Republic of Finland, filed with the International Court of Justice (ICJ) on 20 December 1991 in the case Passage through the Great Belt (Finland v Denmark) (1991) ICJ para 178. 92 Gold, Chircop and Kindred (n 51) 71. 93 ‘MOPU-FSO to Serve Wassana Oil Project Offshore Thailand’ (Offshore, 30 June 2014) www.offshore-mag.com/articles/2014/06/mopu-fso-to-serve-wassana-oil-project-offshore-thailand.html accessed 1 December 2015. 94 Whitehead (n 65) 269, quoted in Esmaeili (n 1) 15. 95 NaturalGas.org (n 71).

35

OFFSHORE ASSETS AND OPERATIONS

which contains the living quarters for the crew and drilling equipment,96 is a few metres above the water line to provide protection from waves.97 Submersibles are designed to operate in shallow waters, usually close to shore,98 and they are rarely used today.99 3.2.3 Drilling barge Drilling barges are drilling units with flat-bottomed ship-shaped hulls that resemble a barge rather than a ship.100 They have no means of self-propulsion and are towed to an offshore drilling location and anchored by tugs.101 Drilling barges can be converted from former barges.102 A drilling barge has been described as ‘any type of offshore drilling vessel, but also referring specifically to an earlier type of unpowered, flat-bottomed rig with a ship-shaped hull’.103 Drilling barges are used mostly for shallow water drilling,104 and are not as common today.105 3.2.4 Semisubmersible Semisubmersible drilling units are large structures that consist of the topside supported by a series of vertical columns that sit on two or more steel pontoons that can be lowered below, or raised to, the surface by adjusting the amount of ballast water in the pontoons.106 Semisubmersibles are usually used in water depth between 70 and 1,000 metres using anchoring systems, or up to about 3,000 metres if using a dynamic positioning system (which uses computer-controlled propellers to constantly correct the unit’s drift to maintain its position).107 They can be towed, carried on heavy-lift vessels as cargo or able to move under their own power. 108 During drilling operations a large portion of the hull is under water, which gives a semisubmersible the ability to operate in rough seas due to its design.109 3.2.5 Spar Spar platforms consist of a large floating hollow column of cylindrical shape that sits vertically in the water and is supported by buoyancy chambers at the top.110

96 Ibid. 97 Esmaeili (n 1) 15. 98 Ibid. 99 According to Rigzone, as of 1 December 2015, there were only two submersibles in the world’s offshore drilling rig fleet: Rigzone, Rig Report: Offshore Rig Fleet by Rig Type (2015) www.rigzone.com/ data/rig_report.asp?rpt=type accessed 1 December 2015. 100 Michael Summerskill, Oil Rigs: Law and Insurance (Stevens & Sons 1979) 3. 101 Esmaeili (n 1) 14. 102 Ibid. 103 Whitehead (n 65) 88, quoted in Summerskill (n 100) 3. 104 NaturalGas.org (n 71). 105 According to Rigzone, as of 1 December 2015, there were 50 drilling barges in the world’s offshore drilling rig fleet: Rigzone, Rig Report: Offshore Rig Fleet by Rig Type (2015) www.rigzone.com/data/ rig_report.asp?rpt=type accessed 1 December 2015. 106 Gold, Chircop and Kindred (n 51) 71; Pinder (n 57), 586. 107 Gold, Chircop and Kindred (n 51) 71. 108 Ibid. 109 Spicer (n 77) 106; Pinder (n 57) 586. 110 Pinder (n 57) 588.

36

OFFSHORE ASSETS AND OPERATIONS

The floating cylindrical column supports the topside above the water and serves to stabilise the platform in the water, effectively acting as the keel.111 Stability is derived from its long cylindrical column, which is anchored to the sea floor by a series of mooring cables and lines,112 ‘and from the fact that its center of buoyancy is always above its center of gravity’.113 Functional flexibility and the potential for mobility are inherent attributes of spar design.114 The design allows for movement to absorb the forces of wind, waves and currents,115 which has a number of practical advantages for offshore operations in ultra-deepwater. Spar platforms are among the largest offshore installations. They are typically used in water depths of up about 1,000 metres, but existing technology can extend their use to water depths as great as 3,000 metres.116 Spars can have three design configurations: the ‘classic spar’ with one-piece cylindrical hull, ‘truss spar’ where the midsection is composed of truss elements connecting the upper buoyant hull,117 and ‘cell spar’ that is built from clusters of smaller vertical cylindrical cells.118 3.2.6 Drill ship Drill ships (also known as drilling ships) are ship-shaped drilling units. They are self-propelled single-hulled or double-hulled ships/ship-shaped structures fitted with a drilling system.119 Sometimes they are referred to as regular ships equipped with a drilling tower (derrick) and equipment.120 Compared to other floating drilling units, drill ships are the most mobile drilling units.121 A drill ship navigates under a master and crew and is used for the purpose of drilling exploratory oil and gas wells.122 Drill ships have a high storage capacity, especially on the deck area, do not need anchor tugs, and can move long distances in a relatively short time.123 Drill ships operate in water depths of 200 to 1,000 metres using an anchoring system, and over 1,000 metres (up to about 3,700 metres and more) dynamic positioning systems are used.124 They are suitable for drilling in deep waters and operating in remote areas independently of service and supply ships.125 Some of the advantages of the drill ships include mobility at speeds between 8 and 16 knots; ability to pass through the Suez and Panama Canals, thus minimising transit distance and time; and

111 Lew Skaug, ‘New Designs Advance Spar Technology into Deeper Water’ (1998) 96(44) Oil and Gas Journal 47; NaturalGas.org (n 71); B Clewes, ‘Mooring, Subsea Advances Making Rigs More Competitive for Deepwater: Semisubmersibles Versus Spars and TLPs’ (2007) 7(7) Offshore 117. 112 NaturalGas.org (n 71). 113 Skaug (n 111) 50. 114 Pinder (n 57) 588. 115 NaturalGas.org (n 71). 116 Pinder (n 57) 590; API, Offshore Access to Oil and Natural Gas Resources (n 71) 11. 117 See Skaug (n 111) 50. 118 Gerwick Jr (n 37) 735. 119 Clauss, Lehmann and Ostergaard (n 50) 73. 120 The Memorial of the Government of the Republic of Finland (n 91) para 168. 121 Gold, Chircop and Kindred (n 51) 71–72. 122 Sharp (n 57) 21. 123 Clauss, Lehmann and Ostergaard (n 50) 72–73. 124 Gold, Chircop and Kindred (n 51) 71–72. 125 Clauss, Lehmann and Ostergaard (n 50) 72–73.

37

OFFSHORE ASSETS AND OPERATIONS

superior seaworthiness and survival capability.126 A drill ship can be classified as a type of mobile offshore drilling unit (MODU).127 3.2.7 Floating production, storage and offloading unit (FPSO) FPSOs are double-hulled ship-shaped units that contain production, storage and transhipment facilities for oil and gas.128 FPSOs can collect and process oil and gas produced from nearby offshore installations or underwater production wells, and store it on board until offloaded to a tanker.129 FPSOs may be disconnectable or permanently moored, self-propelled or without their own means of propulsion.130 An FPSO is usually connected to the producing wells through an internal turret that is anchored in position and an FPSO structure then rotates around the turret in response to winds, currents and waves.131 FPSOs are commonly converted tankers, but can also be purpose-built.132 An FPSO can be classified as a type of a mobile offshore production unit (MOPU).133 3.2.8 Floating storage and offloading unit (FSO) FSOs, also known as floating storage units (FSUs),134 are ship-shaped single-hulled or double-hulled floating offshore installations. They ‘are simplified FPSOs’ that are used as storage and offloading devices only.135 As Herbert-Burns put it, FPSOs are ‘the more complex cousins of FSOs, wherein a production capability has been added on board’.136 FSOs are usually made from old tankers that have been converted and do not have any production or processing facilities on board. 3.2.9 Floating drilling, production, storage and offloading unit (FDPSO) One of the latest innovations in floating production installations design is the FDPSO. The world’s first FDPSO commenced operations in August 2009 at the Azurite field offshore the Republic of Congo.137 FDPSOs are ship-shaped offshore installations similar to FPSOs, but with added drilling capability,138 which makes

126 Ibid. 76. 127 Other types of MODUs include submersibles, semisubmersibles, drilling barges and jack-up rigs. 128 Gold, Chircop and Kindred (n 51) 73. 129 Tsamenyi and Mfodwo (n 58) 8. 130 IMO, Review of the Code for the Implementation of Mandatory IMO Instruments: Applicability of IMO Conventions to FPSOs and FSUs, IMO FSI, 16th Session, Agenda Item 14, IMO Doc FSI 16/14/1 (26 March 2008) 2. 131 Gold, Chircop and Kindred (n 51) 73. 132 Lucia Lombardo, ‘Overview of Floating Production, Storage and Offtake (FPSO) Services Agreements’ (2003) 22(4) Australian Resources and Energy Law Journal 468. 133 Other types of MOPUs include FDPSO and semisubmersible production platforms. 134 The terms ‘FSO’ and ‘FSU’ are often used interchangeably. 135 Tsamenyi and Mfodwo (n 58) 9. 136 Rupert Herbert-Burns, ‘Tankers, Specialized Production Vessels, and Offshore Terminals: Vulnerability and Security in the International Maritime Oil Sector’ in Rupert Herbert-Burns, Sam Bateman and Peter Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2009) 133, 149. 137 ‘First-ever FDPSO at Work on Azurite Field Development’ (Offshore, 1 November 2009) www.offshore-mag.com/articles/print/volume-69/issue-11/engineering_-construction/first-ever-fdpsoat.html accessed 1 December 2015. 138 Pinder (n 57) 589.

38

OFFSHORE ASSETS AND OPERATIONS

them even more complex structures than FPSOs. An FDPSO is one of the most multifunctional types of offshore petroleum installations in existence today,139 but it is not very common yet. 3.2.10 Floating storage and regasification unit (FSRU) FSRU is another type of ship-shaped floating offshore installation that allows offshore side-by-side discharge of traditional liquefied natural gas (LNG) carriers.140 In effect, FSRU acts as an offshore LNG import terminal system with storage capacity, used to re-gasify LNG at an offshore location and send the natural gas to shore via pipeline.141 FSRUs provide a flexible and economic alternative to fixed offshore import terminals or land-based LNG receiving terminals and are generally seen as a faster, cheaper and more flexible means of re-gasifying LNG.142 They can be located near the shore (e.g. alongside a pier, or a jetty) or offshore permanently moored to the seabed and may be purpose-built or be converted from other ships, typically LNG carriers.143 A unique feature of FSRUs is that they are normally engaged in continuous regasification operations and typically receive and regasify LNG simultaneously.144 3.2.11 Floating liquefied natural gas unit (FLNG) One of the most recent innovations in offshore installations construction is an FLNG. FLNG is a ship-shaped specialised floating facility for the production and processing of gas into LNG at offshore sites with facilities for transferring LNG to ships for transport.145 It is essentially a floating LNG plant. FLNG eliminates the need for subsea pipelines and onshore LNG as well as supporting infrastructure and, for many locations, it is a cheaper and more flexible option.146 In 2011, Shell announced that it will go ahead with the world’s first FLNG which will be used to develop the Prelude and Concerto fields in the Browse Basin, over 200 kilometres (km) offshore Australia.147 In December 2013, Shell reported that the 488-metre long hull of its FLNG Prelude has moved out of the dry dock at

139 Ibid. 140 Bruno Larsen, ‘SRV – the LNG Shuttle and Regas Vessel System’ (Paper presented at the Offshore Technology Conference, Houston, Texas, US, 3–6 May 2004). 141 Ibid. 142 ‘LNG Floating Storage Regasification Unit International Conference’ (2014) www.iirme.com/fsru accessed 1 December 2015. 143 Det Norske Veritas (DNV), Floating Liquefied Gas Terminals (Offshore Technical Guidance No. OTG-02, March 2011) 4. 144 See DNV, Floating Liquefied Gas Terminals (March 2011) 4. 145 Shell, ‘Shell Floats Hull for World’s Largest Floating Facility’ (3 December 2013) www.shell.com/global/aboutshell/media/news-and-media-releases/2013/shell-floats-hull-for-worldslargest-floating-facility.html accessed 1 December 2015. 146 Australian Government, Minister for Resources and Energy Hon Martin Ferguson, ‘Prelude Floating LNG Project’ (Press Release, Canberra, 12 November 2010); Rob Almeida, ‘MODEC’s LiBro FLNG Looks Promising, and Safe’ (GCaptain, 10 May 2013) http://gcaptain.com/modecs-libro-flngpromising/ accessed 1 December 2015. 147 Minister for Resources and Energy (n 146); Peter Ker, ‘Floating LNG Plant to Unlock Gas Reserves’, Weekend Business, Sydney Morning Herald (Sydney, 21 May 2011) 1.

39

OFFSHORE ASSETS AND OPERATIONS

Samsung Heavy Industries yard in South Korea.148 When completed, FLNG Prelude will be the largest floating offshore installation ever built and will produce about 4 million tonnes (35.8 million barrels of oil equivalent) of LNG per year.149 According to Douglas-Westwood, with the introduction of Shell’s Prelude and Petronas’ PFLNG 1 FLNGs, global FLNG capital expenditure is expected to increase significantly in the years from 2014 to 2021.150 In summary, there are generally four main types of fixed offshore installations (jacket structures, GBSs, compliant structures, TLPs) and eleven types of mobile offshore installations (jack-ups, submersibles, drilling barges, semisubmersibles, drill ships, spars, FPSOs, FSOs, FDPSOs, FSRUs and FLNGs). Offshore oil and gas installations rely on auxiliary offshore structures and supporting infrastructure such as submarine pipelines, bridges, cables and mooring systems such as singlepoint mooring (SPM)151 and subsea equipment such as subsea wellheads, risers and positioning systems.152 As mentioned in the beginning of this chapter, offshore assets are not limited to offshore installations. They also include the oil and gas resources, people who work on board offshore installations, hazardous materials used or produced on board that can cause harm to people or the environment, sensitive information such as details about security plan or vulnerabilities of an offshore installation, and company reputation. To illustrate the chain of command in oil companies and on board offshore installations and to provide a brief insight into the possible interactions between offshore installations and other maritime industry participants including relevant government agencies tasked with the protection of offshore installations, it is useful to briefly discuss the operational arrangements relating to offshore installations. 4 Organisational and operational aspects The oil and gas industry involves the management of many processes to be in place in support of the company objectives.153 Oil companies use different arrangements to carry out different offshore oil and gas activities throughout different stages of the project: exploration, development, production and decommissioning, but in most countries offshore petroleum activities are carried out in a similar structure. Offshore

148 Shell, ‘Shell Floats Hull for World’s Largest Floating Facility’ (n 145). 149 Ibid. 150 ‘Douglas-Westwood: Floating LNG Market Poised for More Investment’ (Offshore, 6 March 2014) www.offshore-mag.com/articles/2014/03/douglas-westwood-floating-lng-market-poised-for-moreinvestment.html accessed 1 December 2015. 151 SPMs were initially designed to enable tankers to moor and offload crude oil, and have subsequently been improved and extended to enable them to handle several different types of hydrocarbons and are now increasingly being used for floating offshore production installations: Gerwick Jr (n 37) 556. 152 Even though these types of offshore structures are part of the offshore oil and gas industry, the discussion in this book typically excludes these auxiliary structures. 153 IOGP, Security Management System: Processes and Concepts in Security Management (Report No. 512, July 2014) 17.

40

OFFSHORE ASSETS AND OPERATIONS

oil and gas activities are highly complex, often requiring significant technological and financial resources, as well as technical expertise.154 Therefore, oil companies usually carry out these activities in the form of joint ventures.155 Ownership structure and arrangements of joint operations are important because they can impact on business strategies, governance, financing, transparency,156 as well as safety and security arrangements and practices. Regardless of the specific structure and arrangements used in any particular case, one of the companies is usually designated as the operator of the offshore project. The operator’s primary role is to manage the development and operation of the project and property in an efficient manner,157 striving to maximise value by recovering hydrocarbons in a reliable, safe, uninterrupted, economical, and environmentally friendly manner.158 In other words, the company designated as the operator has control of the offshore project and is responsible for day-to-day management of the project’s operations and related activities. 4.1 Organisational structure of an oil company Oil companies use various organisational structures and designs depending on size and diversity of activities.159 Some IOCs have global centralised structures while others tend to use more regional processes and regional management structures.160 Organisational structure and hierarchy is important because it ‘determines how authority is delegated and responsibility is assigned’.161 Proper supervision and chain of command can be critical especially during emergencies.162 A basic example of an organisational structure of an oil company is illustrated in Figure 2.3,163 but the structures and names of the departments vary from company to company. At the top of any oil company’s hierarchy is typically the Board of Directors. The day-to-day operations of an oil company are administered by the President or chief executive officer (CEO), who reports to the Board of Directors. Oil companies usually build their organisations around four distinct activities common to all

154 Kristel De Smedt et al., ‘Civil Liability and Financial Security for Offshore Oil and Gas Activities’ (Final Report, Maastricht European Institute for Transnational Legal Research, October 2013) 28. 155 Ibid. 156 Kaiser and Snyder (n 13) 305, citing C J Jablonowski and A N Kleit ‘Transaction Costs and Organizational Choice: Modeling Governance in Offshore Drilling’ (2011) 56(1) Engineering Economist 28. 157 Dennis Jennings et al., Petroleum Accounting: Principles, Procedures & Issues (5th edn, Professional Development Institute 2000) 229. 158 Constantinos Hadjistassou and Antonis Hadjiantonis, ‘Risk Assessment of Offshore Oil and Gas Installations Under Cyber Threats’ (Energy Sequel, 25 January 2013) www.energysequel.com/riskassessment-of-offshore-oil-and-gas-installations-under-cyber-threats/ accessed 1 December 2014. 159 Jennings et al. (n 157) 39. 160 Inkpen and Moffett (n 19) 13–14. 161 Jennings et al. (n 157) 39. 162 OPITO, ‘Offshore Drilling Industry Green Hand Training Standard’ (OPITO Approved Standard No 9016, January 2013) 8. 163 Figure 2.3 shows only partial and simplified organisational structure with the emphasis on the production department, and more specifically on offshore drilling and production operations.

41

OFFSHORE ASSETS AND OPERATIONS

petroleum producers: exploration, production, marketing and administration.164 An oil company usually has a separate department responsible for each of these segments of business operations. The departments are headed by Vice-Presidents who report directly to the President or CEO (see Figure 2.3). The exploration department is responsible for locating and acquiring oil and gas reserves; the marketing department arranges the sales of the produced oil and gas; the administrative department oversees various administrative functions such as human resources, tax compliance, public relations and legal services.165 The production department ‘is responsible for exploratory drilling, development drilling, enhanced recovery operations and field production’.166 The main objective of the production department is to safely manage the company’s production operations to maximise production value while complying with applicable government regulations.167 Within the production department, production engineers are concerned with the day-to-day management of producing fields (both offshore and onshore) including drilling, well completion, production processes, and equipment selection and design.168 However, in most cases, an oil company contracts out its drilling operations to drilling contractors rather than owning and operating its own equipment and drilling rigs.169 A typical oil and gas producing company would have a production foreman or manager for each field, while a company that owns and operates rigs usually has the drilling superintendent who is responsible for all drilling activities, including oversight of offshore drilling rigs, tools and equipment.170 The production department is also responsible for the security of drilling and production operations. More specifically, a company security officer (CSO) or a head security officer is the person responsible, among other things, for the maintenance of the security plans across the entire company and company’s offshore installations, for advising of threats likely to be encountered by the offshore installation, ensuring that offshore installation security assessments are carried out, ensuring effective communication and cooperation between key security personnel within the company and other security-related activities.171 An oil company may, depending on the number or types of offshore installations it operates, designate several persons as CSOs. 4.2 Offshore installation crew Offshore personnel can, for practical reasons, be divided into several categories. These can include: visitors and special personnel not regularly assigned who are on

164 165 166 167 168 169 170 171

Jennings et al. (n 157) 39. Ibid. 40–41. Ibid. 40. Jennings et al. (n 157) 43. Ibid. Ibid. 44. Ibid. See also Kaiser and Snyder (n 13). See, e.g. ISPS Code ss 2.1.7, 11.2.

42

Offshore Installation Crew

Offshore Installation Crew

Offshore drilling and production operations are often subcontracted to specialised companies

Enhanced Recovery

Source: Author, based on Jennings et al. (n 157)

Figure 2.3 Basic structure of an independent oil company

Offshore Installation Crew

Production Operations

Vice-President Production Department

Offshore Installation Crew

Drilling Operations

Vice-President Exploration Department

Productive Property Purchases and Sales

Vice-President Marketing Department

President/CEO (General Management)

Board of Directors

Vice-President Administration Department

OFFSHORE ASSETS AND OPERATIONS

board for a limited period of time (generally not exceeding three days) and who are not engaged in tasks relating to normal operation of the offshore installation; regularly assigned special personnel with designated responsibility for the safety, security and survival of others; and offshore installation crew members without designated responsibility for the safety, security and survival of others.172 The specific job titles of offshore crew are not industry-wide and can vary from company to company.173 Similarly, the size, composition and organisational structure of offshore installation crews vary considerably from installation to installation.174 Some offshore installations can accommodate over 200 people.175 Manning of offshore installations and management of offshore crew is an important function, particularly for large offshore installations.176 Planning and precise scheduling are critical. For instance, if sufficient accommodation facilities are not available on board, other means for housing offshore personnel such as accommodation vessels might be required at a significant extra cost.177 Due to the cost intensive nature of offshore petroleum operations, companies try to maximise productivity by ensuring work on offshore installations continues 24 hours a day all year round.178 Offshore installations crews work in two 12-hour shifts,179 which means that there are essentially two complete crews on board an offshore installation at a time – one for day shift and one for night shift.180 Offshore crews change over at regular intervals.181 The period of work on board the offshore installation, known as ‘hitch’ or ‘swing’, is usually between two and four weeks,182 after which offshore workers return to shore and have a number of days off.183 Offshore workers travel to and from offshore installations by helicopters and seaplanes. Every offshore installation has a person in charge, who is the person on an offshore oil and gas installation to whom all personnel are responsible in an emergency.

172 IMO, Recommendations for the Training and Certification of Personnel on Mobile Offshore Units (MOUs), A Res 1079(28), 28th Session, Agenda Item 10, IMO Doc A 28/Res.1079 (27 March 2014) 7. 173 For an overview of a typical offshore drilling rig crew structure at Maersk Drilling see Maersk Drilling, ‘Career on a Drilling Rig’ (World Careers, November 2012) http://worldcareers.dk/wp-content/ uploads/2013/06/Career_On_A_Drilling_Rig.pdf accessed 1 December 2015. For detailed list of rig crew responsibilities see Robinson (n 6) 147–65. 174 PFI (n 48); David Llewelyn, ‘10 Year Operability Survey of Norwegian FPSOs’ (Report, NOGA, March 2011) 8. 175 See, e.g. ‘Transocean Signs Construction Contracts for Two Newbuild Ultra-Deepwater Drillships’ (Offshore, 27 February 2014) www.offshore-mag.com/articles/2014/02/transocean-signsconstruction-contracts-for-two-newbuild-ultra-deepwater-drillships.html accessed 1 December 2015. 176 SPE International, ‘Offshore Rig Crews’ (Petro Wiki, 25 June 2015) http://petrowiki.org/Offshore_ rig_crews accessed 1 December 2015. 177 ‘A Checklist for Pre-Commissioning of Offshore Facilities’ Mustang www.mustangeng.com/ aboutmustang/publications/publications/mm_precommission2final.pdf accessed 1 December 2015. 178 PFI (n 48); Maersk Drilling (n 173). 179 Maersk Drilling (n 173). 180 PFI (n 48). 181 These may be shifts from 12:00 to 24:00 and 24:00 to 12:00 for production crews, and 6:00 to 18:00 and 18:00 to 6:00 for marine crews. 182 Offshore crews can be working on three-weeks-on and three-weeks-off roster or on three-weekson, three-weeks-off, three-weeks-on, six -weeks-off roster. These patterns can vary. 183 Maersk Drilling (n 173).

44

OFFSHORE ASSETS AND OPERATIONS

‘This person should be designated in writing by the owner or operator’.184 The person in charge is typically the offshore installation manager (OIM), who is the most senior person on board, and to whom all personnel on board are responsible. OIM can be defined as ‘competent person, certified in accordance with applicable requirements, who has been appointed in writing by the company to manage the offshore petroleum installation’.185 The OIM, by law, has authority to make any operational decisions with respect to the installation and is responsible for the day-to-day management of all aspects of the offshore installation including drilling, production, maintenance, and marine and auxiliary services,186 and ensuring the maximum operational performance of an offshore installation in compliance with the contractual requirements, laws and regulations, company policies and best practices.187 The OIM plays a key role in ensuring the safety and security of the installation and persons on board, including ‘the maintenance of order and discipline’.188 The OIM’s authority is equivalent to that of the Master or Captain on board a ship. OIM has the ultimate authority and command and makes the essential decisions regarding operations of the offshore installation.189 In addition to usual day-to-day management responsibilities for a wide range of functions, in emergency situations the OIM acts as an on-site commander.190 In the case of offshore drilling rigs, OIM works for the drilling contractor and interfaces and coordinates with the operator’s representative to ensure the operator is kept informed about all activities and operations on board the drilling rig.191 A typical offshore oil and gas installation crew consists of an OIM, several subordinate managers or team leaders such as production supervisor, maintenance supervisor, offshore operations supervisor as well as several teams of offshore workers with specific areas of responsibility such as production specialists and technicians responsible for running the production equipment, process control room operators, marine specialists and technicians, engineers, mechanical and instrument/electrical team, and equipment maintenance team.192 Given that safety on board is critical, the safety officer is completely independent of any other supervisor’s control and normally reports directly to the OIM to ensure the safety officer’s decisions are unbiased and objective.193 Offshore installation crew can also include dynamic positioning operators responsible for navigation, station keeping and manoeuvring of mobile offshore

184 IMO, Recommendations for the Training and Certification of Personnel on Mobile Offshore Units (MOUs) (n 172) para 2.23. 185 Ibid. para 2.20. 186 SPE International (n 176). 187 Global Petroprojects Services, ‘FPSO Operations Supervision’ (2011) https://int.gpsag.ch/Jobs_ new.asp?business_area_id=58 accessed 1 December 2015. 188 Oil & Gas UK, Emergency Response and Rescue Vessel Management Guidelines (May 2008). 189 See, e.g. International Association of Drilling Contractors (IADC), Offshore Competency Training Programme (March 2009) 8. 190 Rhona Flin and Georgina Slaven, The Selection and Training of Offshore Installation Managers for Crisis Management (UK Health and Safety Executive 1994). 191 Maersk Drilling (n 173). 192 See, e.g. PFI (n 48). 193 Email from Captain Kevin O’Neill to Dmitry Shvets, 28 July 2014.

45

OFFSHORE ASSETS AND OPERATIONS

installations, ballast control operators, fire and gas systems operators, scaffolders, radio operators, crane operators, helicopter landing officers and helideck assistants with responsibilities relating to helicopter arrivals and departures, and catering personnel that perform essential functions such as cooking, laundry and cleaning.194 In some cases, a helicopter pilot is stationed on board an offshore installation to transport offshore workers to other installations or to the shore on crew changes.195 In general, for purposes of organisation and command, offshore production installation crew can be categorised as a production crew or a marine crew. Similarly, offshore drilling rig crew can be categorised as either a marine crew or a drilling crew, ‘reflecting the dual nature of an offshore rig’.196 Offshore drilling rigs may have additional personnel such as drilling superintendent, toolpushers, drilling engineers and a geologist, not typically present on production installations, and vice versa (see Figure 2.4). Consequently, large offshore petroleum installations that are able to carry out both drilling and production operations usually have the most diverse crews. For example, at Maersk Drilling, the offshore drilling rig is divided into four sections: marine section, drilling section, maintenance section and administration section.197 On some offshore installations, the departments or sections may be consolidated and on smaller offshore installations one person may be responsible for several areas.198 Offshore installation security officer (OISO), also known as offshore facility security officer (OFSO), or, on some mobile offshore installations such as FPSOs, ship security officer (SSO), is the person on board designated by the company as responsible for the security-related matters of the offshore installation. The duties and responsibilities of the OISO include, but are not limited to: receiving and disseminating information in connection with security aspects of the offshore installation, enhancing security awareness and vigilance, implementation and maintenance of the offshore installation security plan, liaising with the CSO and other personnel including representatives of contractors and operators (as required), and coordinating with the authorities including security, police and emergency services.199 The OISO should also be in charge of reporting suspicious activities to the relevant authorities and to other security personnel in accordance with the established communications protocol. 200 OISO is normally accountable directly to the OIM, or in some cases may report to/through the safety officer, but the OISO can also act on instructions received from the CSO or the relevant authorities, especially in the event of a security incident. It should be noted that the OISO is not necessarily a separate position on board an offshore installation and the officer who performs functions of the OISO may have

194 PFI (n 48). 195 Ibid. 196 Robinson (n 6) 9. 197 Maersk Drilling (n 173). 198 PFI (n 48). 199 API, Security for Offshore Oil and Natural Gas Operations (2003) 12. See also ISPS Code, s. 2.1.6. 200 API (n 199) 12.

46

Assistant Crane Operator

Dynamic Positioning Officer Assistant Subsea Engineer

Subsea Engineer

Subsea Supervisor

Senior Toolpusher (Drilling)

Roughneck/ Floor Hand

Derrickman

Assistant Driller

Driller

Toolpusher/ Load Driller

Welder

Electronic Technician

Electronic Technician Supervisor

SAP Planner

Motorman

Mechanic

Hydrolic Mechanic

Engine Room Responsible

Maintenance Supervisor (Maintenance)

Security Officer

Electrician

Helideck Assistant

Helicopter Landing Officer

Medic

Catering Staff

Camp Boss

Logistics Coordinator

Radio Operator

Rig Administrator (Administration)

Source: Author; based on Maersk Drilling, ‘Example of Rig Organigram’ www.maerskdrilling.com/Career/Pages/offshore-positions.aspx accessed 1 December 2015.

Figure 2.4 Basic offshore drilling rig crew structure and hierarchy.

Roustabout

Crane Operator

Senior Dynamic Positioning Officer

Assistant Barge Engineer

Barge Engineer

Barge Supervisor (Marine)

Safety Officer

Offshore Installation Manager (OIM)

OFFSHORE ASSETS AND OPERATIONS

other duties and responsibilities unrelated to security.201 For example, it is common on FPSOs for the Master, who reports directly to the OIM, to be the security officer (OISO or SSO).202 A person may act as an OISO for more than one offshore installation.203 In high-risk areas armed security personnel may be on board to provide protection. Armed security is one of the services oil companies use as part of their normal operations in high-risk areas.204 Where appropriate, it is important that there are clear guidelines for the transfer of responsibility and authority in cases of emergencies.205 ‘The oil and gas industry is essentially risk averse and wants to operate in a secure offshore and onshore environment.’206 Over the years, oil companies and offshore service providers have developed comprehensive management systems, policies and procedures to guide their operations. Historically, these mostly related to safety and efficiency, but more recently these systems have started to cover security aspects of companies and their infrastructure including offshore oil and gas installations. Security (and safety) standards and practices of IOCs usually reflect a company’s international arrangements, tailored to reflect the specific threat and risk environment in a given area of operation.207 These systems, policies and procedures must be followed and reinforced throughout the personnel hierarchy, from the CEO in the head office to the technician working on offshore installations, in order to ensure a well-performing organisation as well as safe and secure operations.208 4.3 Supervisory control systems Offshore installations are highly automated facilities controlled by an integrated control system with minimal routine manual operation.209 Operating and controlling offshore installations requires many pieces of equipment, operations and processes to be monitored and controlled, so these processes are heavily reliant on their underlying information networks and control systems. The monitoring and controlling operations of offshore installations are done by special systems known as industrial control systems (ICSs) that essentially are computer-based systems that are used by many industrial infrastructures to monitor and control critical processes

201 Ibid. 1. 202 Email from Captain Kevin O’Neill to Dmitry Shvets, 28 July 2014. 203 API (n 199) 12. 204 See Laura Husband, Interview with David Pickard, in ‘High Risk, High Reward: Talking Offshore Security with Drum Cussac’ (Offshore Technology, 3 January 2013) www.offshore-technology.com/ features/featureoffshore-oil-security-piracy-terrorist-attack-prevention-drum-cussac/ accessed 1 December 2015. 205 Oil & Gas UK, Emergency Response and Rescue Vessel Management Guidelines (May 2008) 3. See also Rhona Flin, ‘Crew Resource Management for Teams in the Offshore Oil Industry’ (1997) 3(2) Team Performance Management 121. 206 OITS, Offshore Oil and Gas Resources Sector Security Inquiry (2012) 1. 207 Ibid. 2. 208 SPE International (n 176). 209 See, e.g. Husky Oil Operations Limited, White Rose Oilfield Development Application: Volume 2 Development Plan (January 2001) 333.

48

OFFSHORE ASSETS AND OPERATIONS 210

and physical functions. The two main types of ICSs are Supervisory Control and Data Acquisition (SCADA)211 and Distributed Control System (DCS),212 with SCADA system being the largest subgroup of ICSs.213 As the name suggests, it is not a full control system, but rather focuses on the supervisory level.214 SCADA systems are widely used in the offshore oil and gas industry. SCADA is normally associated with telemetry (i.e. automatic transmissions) and wide area communications for data gathering and control over large production sites, pipeline networks, or corporate data from multiple installations.215 Compared to other ICSs, SCADA is typically used for large scale processes that can involve multiple geographically dispersed sites and large distances.216 SCADA systems may be utilised for monitoring and controlling a variety of processes and operations on offshore petroleum installations such as drilling processes, compressors and pump stations, wells monitoring, opening and closing of valves and chokes on subsea trees, manifolds, templates and pipelines, oil and gas production management, and unmanned platform (e.g. WHP) monitoring and control.217 They usually comprise a human operator who monitors and controls a process or multiple processes, a supervisory computer system that gathers data on the process and sends commands to the process, and remote terminal units (RTUs)218 connected to various sensors in the process, converting sensor signals to digital data and sending digital data to the supervisory system.219 Over the years, SCADA systems have evolved and improved in terms of functionality, performance and openness.220 These systems are largely automated and heavily reliant on computers and networks.221 According to the European Union Agency for Network and Information Security (ENISA), in the last few years

210 Robert Radvanovsky, Critical Infrastructure: Homeland Security and Emergency Preparedness (CRC Press 2006) 239. 211 SCADA is a system that is used to remotely monitor and control geographically dispersed assets. 212 DCSs are typically used for a single process or facility or utilised over a smaller geographic area or at a single site, while SCADA systems are typically used in larger processes that may have geographically dispersed components of infrastructure in a company-wide distribution operation: Radvanovsky (n 210) 240; Andrew Hildick-Smith, ‘Security for Critical Infrastructure SCADA Systems’ (GSEC Practical Assignment, SANS Institute, February 2005). 213 ENISA, Protecting Industrial Control Systems – Recommendations for Europe and Member States (2011) 1. 214 Axel Daneels and Wayne Salter, ‘What is SCADA?’ (18 December 2000) http://ref.web.cern. ch/ref/CERN/CNL/2000/003/scada/ accessed 1 December 2015. For discussion of other process and control systems used on offshore installations see Devold (n 6). 215 Devold (n 6) 66. 216 ENISA, Can We Learn from SCADA Security Incidents? (October 2013) 1. 217 See, e.g. Egemen Cetinkaya, ‘Reliability Analysis of SCADA Systems Used in the Offshore Oil and Gas Industry’ (Master of Science Thesis, University of Missouri-Rolla, 2001) 1, citing Kelvin Erickson et al., ‘Survey of SCADA System Technology and Reliability in the Offshore Oil and Gas Industry’ (Proposal to US Department of Interior, Mineral Management Service, Technology Assessment & Research Program, University of Missouri, Rolla, 2000). 218 Also known as remote telemetry units, RTUs are local control systems of various facilities/elements such as wells, compressor and pump stations and wellhead platforms, which are all connected to the SCADA system: Devold (n 6) 66. 219 OITS (n 206) 108. 220 Daneels and Salter (n 214). 221 World Economic Forum (WEF), Global Risks Report 2012 (7th edn, 2012) 25.

49

OFFSHORE ASSETS AND OPERATIONS

ICSs have undergone ‘significant transformation from proprietary, isolated systems to open architectures highly interconnected with other corporate networks and the Internet’.222 As SCADA systems are used to monitor and control critical processes on offshore oil and gas installations, their integrity is potentially paramount to the safe and secure operation of offshore installations including safety of people working on board. Therefore, the increasing interconnectivity of SCADA systems raises a number of cyber security concerns and considerations for operators of offshore installations. 4.4 Interaction with other maritime industry participants As mentioned earlier in this chapter, oil companies outsource a large proportion of the non-core offshore petroleum operations. The offshore oil and gas industry also relies on the offshore oil and gas marine support sector for supply of a variety of specialised services and products associated with offshore petroleum activities ranging from seismic surveying to catering.223 For example, pipeline companies distribute petroleum and companies involved in offshore drilling provide offshore drilling rigs and expertise for offshore wells.224 Services such as the provision of drilling mud, maintenance and mechanical tasks are often carried out by oilfield services companies.225 Offshore installations also often interact with a variety of ships such as pipe-laying vessels, construction barges, floating cranes, anchor-handling vessels, shuttle tankers, seismic vessels, offshore supply vessels, standby vessels, accommodation vessels and accommodation work barges.226 Offshore supply and support vessels keep offshore installations provisioned and supplied and can be used to tow an offshore installation to an offshore site and be on standby as fire and rescue vessels.227 In high-risk areas they may be positioned around an installation to provide a security cordon.228 Oil tankers come in close contact with offshore installations such as FPSOs and FSOs to load oil directly from installations. In some cases, mobile offshore installations may be temporarily attached to fixed offshore installations during certain operations such as drilling. Such interactions and interfaces between offshore petroleum installations and other maritime and offshore industry participants are important because the security and safety conditions of one may have an immediate impact on the security and safety of the other.229 Bueger has noted that maritime

222 ENISA (n 213) 1. 223 See, e.g. John Brady et al., Petroleum Accounting: Principles, Procedures & Issues (7th edn, Professional Development Institute 2011) 17. 224 Inkpen and Moffett (n 19) 20. 225 Jennings et al. (n 157) 44. 226 IMO, Recommendations for the Training and Certification of Personnel on Mobile Offshore Units (MOUs) (n 172) 6; Deloitte Access Economics, Analysis of the Offshore Oil and Gas Marine Support Sector (August 2013) 1. 227 PFI (n 48). 228 Husband (n 204). 229 See IMO, Recommendations for the Training and Certification of Personnel on Mobile Offshore Units (MOUs) (n 172) 5.

50

OFFSHORE ASSETS AND OPERATIONS

industry participants such as shipping companies and their employees are potential targets as well as potential perpetrators.230 Offshore installations are often located in areas of high maritime traffic that are frequented by commercial shipping, fishing vessels and recreational craft.231 There have been instances of cargo ships and fishing vessels accidentally and deliberately infringing safety or security zones around offshore installations. Such conduct creates a security concern for operators of offshore installations because any one of these vessels can potentially be carrying adversaries whose intention is to attack the installation. 5 Conclusion This chapter identified offshore assets that need to be protected against deliberate attacks and unlawful interferences. It provided an overview of the global offshore oil and gas industry, introduced the types of offshore installations used by the industry, and outlined some operational aspects of offshore oil and gas installations. It was shown that the offshore industry utilises a range of fixed and mobile offshore installations of various shapes and sizes depending on what they are used for and specific requirements of a particular offshore project. Importantly, the chapter also briefly highlighted the interaction of offshore installations with other maritime and offshore industry participants. It can be concluded that given the close interrelationship between offshore installations and other service providers in the offshore oil and gas sector as well as wider maritime industry, the security of offshore installations is interrelated and somewhat dependent on the integrity of the security measures in the maritime industry. Lax security arrangements of maritime industry participants that interact with offshore installations can compromise or impact on the security of offshore installations. Thus, even those security measures that aimed at improving maritime security generally and do not have direct application to offshore installations, may still have a flowon effect on offshore installations and indirectly enhance their security. There are now close to 10,000 offshore installations in the world and this number continues to increase. Given the increasing number of offshore oil and gas installations, their dispersed geographic location and the limited resources of government agencies and oil companies allocated to security, it would be extremely challenging, if not impossible, for coastal states and offshore operators to provide the same level of protection to all of their offshore installations. Besides, considering different sizes, operational capacities and functions of offshore installations, and their different strategic and economic importance, it is not necessary to protect all offshore installations to the same extent. To ensure efficient allocation of resources, oil companies (and government agencies) need to undertake SRAs. Therefore, an understanding of who attacks

230 Christian Bueger, ‘What is Maritime Security?’ (2015) 53 Maritime Policy 159, 161. 231 See DHS, Small Vessel Security Strategy (2008) 12.

51

OFFSHORE ASSETS AND OPERATIONS

offshore installations, why they are attacked and how they are attacked is required. Having identified offshore assets/targets, the following two chapters discuss security threats posed to offshore installations, the attractiveness of offshore petroleum targets and methods of offshore attacks and interferences against offshore installations.

52

CHAPTER 3

OFFSHORE SECURITY THREATS 1 Introduction Safeguarding offshore oil and gas installations from external and internal threats has become imperative for the national security of many states especially those with significant offshore oil and gas operations that are vital to their economic well-being.1 These critical facilities are at risk from a variety of security threats. In order to devise appropriate security strategies, regulatory frameworks and countermeasures for the protection of offshore oil and gas installations, key decision makers in both government and industry must have a good understanding of the types of threats faced by offshore installations. Claims about threats to the security of offshore oil and gas installations are often based on speculation, anecdotal examples or isolated events occasionally reported in the media, rather than empirical evidence and/or reliable intelligence. The media and some writers tend to generalise threats, often giving them a label of terrorism which is misleading and obscures the nature of the different threats faced by offshore installations.2 It also creates a perception that terrorism is the most significant security threat to offshore installations, which is not necessarily the case.3

1 Parts of this chapter are reproduced, with permission of the editors of the relevant journals, from the following publications: Mikhail Kashubsky, ‘A Chronology of Attacks on and Unlawful Interferences with, Offshore Oil and Gas Installations, 1975–2010’ (2011) 5(5–6) Perspectives on Terrorism 139; Mikhail Kashubsky, ‘Protecting Offshore Oil and Gas Installations: Security Threats and Countervailing Measures (Part I)’ (August 2013) Journal of Energy Security http://ensec.org/index.php?option=com_ content&view=article&id=453:protecting-offshore-oil-and-gas-installations-security-threats-andcountervailing-measures&catid=137:issue-content&Itemid=422 accessed 1 December 2015. 2 See, e.g. Martin Murphy, ‘Suppression of Piracy and Maritime Terrorism: A Suitable Role for a Navy?’ (2007) 60(3) Naval War College Review 23, 24; Anthony Richards, ‘Conceptualizing Terrorism’ (2014) 37(3) Studies in Conflict and Terrorism 213, 215. However, Moghadam et al. argue that ‘despite the technical inaccuracy of the “terrorist groups” label, governments should continue to use the term in their policy pronouncements due to the moral and legal implications to have become associated with this label’: Assaf Moghadam, Ronit Berger and Polina Beliakova, ‘Say Terrorist, Think Insurgent: Labeling and Analyzing Contemporary Terrorist Actors’ (2014) 8(5) Perspectives on Terrorism 2, 3. 3 In 2006, Baev argued that the probability of occurrence of terrorist attacks against petroleum installations has been seriously overstated and exaggerated: Pavel Baev, ‘Reevaluating the Risk of Terrorist Attack Against Energy Infrastructure in Eurasia’ (2006) 4(2) China and Eurasia Forum Quarterly 33, 38. Greenberg et al. have noted that ‘many perceptions of maritime terrorism risks do not align with the reality of threats and vulnerabilities’: Michael Greenberg, Peter Chalk, Henry Willis, Ivan Khilko and David Ortiz, Maritime Terrorism: Risk and Liability (RAND Corporation 2006) xxi. The Council for Security Cooperation in the Asia-Pacific (CSCAP) Study Group on safety and security of offshore installations noted that the ‘likelihood of terrorist attacks on the global energy sector, although low, remains’: CSCAP, ‘Safety and Security of Offshore Oil and Gas Installations’ (Memorandum 16, CSCAP, January 2011) 1.

53

OFFSHORE SECURITY THREATS

This allows politicians and policy makers to ‘engage in securitisation acts’,4 and may potentially result in threat exaggeration,5 flawed risk assessments, excessive regulatory burdens, and misallocation of security and law enforcement resources. The use of ambiguous terms such as ‘militants’ also complicates the understanding of the nature of offshore security threats.6 The key challenge in determining the likelihood and potential gravity of an attack is ‘reducing uncertainty about specific types of attacks and potential attackers’.7 The dynamic contemporary threat environment requires a structured approach to the evaluation of security threats to offshore installations, which is the focus of this chapter. The aim is to identify offshore security threats faced by offshore installations, categorise them, formulate a consistent approach for assessing offshore security threats, and evaluate these threats based on the model proposed in this chapter. In doing so, a workable set of factors is selected against which different categories of security threats can be assessed and evaluated. Offshore security threats are then ranked, whereby a threat ranking is applied to each category of threats to assess the significance of offshore security threats. 2 What is an offshore security threat? The term ‘threat’ can be defined as ‘any action with the potential to cause harm in the form of death, injury, destruction, disclosure, interruption of operations, or loss of reputation’.8 The API SRA methodology defines the term ‘threat’ as ‘a function of the known patterns of potential adversaries and the threat’s existence, intent, motivation, and capabilities’.9 The API has also referred to the term ‘threat’ as ‘the intention and capability of an adversary to undertake actions that would be detrimental to valued assets’,10 and ‘any indication, circumstance, or event with the potential to cause loss of, or damage to an asset’.11 In other words, offshore security threats are those threats that pose a risk to operations of offshore oil and gas installations. Any unlawful interference with offshore operations or an act of violence directed towards offshore installations is considered an ‘offshore security threat’.

4 Levi West, ‘Virtual Terrorism: Data as Target’ in Nicholas Evans, Brandt Ford, Adam Gastineau, Adam Henschke, Michael Keelty, Levi West, Cybersecurity: Mapping the Ethical Terrain (National Security College 2014) 28, 29. 5 For discussion on the dangers of threat exaggeration and the importance of intelligence coordination see Rory Cormac, ‘Much Ado about Nothing: Terrorism, Intelligence, and the Mechanics of Threat Exaggeration’ (2013) 25(3) Terrorism and Political Violence 476. 6 Fancy terms such as ‘petro-terrorism’, ‘petro-piracy’ and ‘petro-insurgency’ sometimes used in the literature are not helpful either. 7 Paul Parfomak and John Frittelli, ‘Maritime Security: Potential Terrorist Attack and Protection Priorities’ (Congressional Research Service (CRS) Report for Congress, US Congress, 2007) 24. 8 Morten Maerli, Ronald Barø, Børre Johan Paaske, Henning Refshauge Vahr, ‘Energy Supply Chain Threat Assessment and Generic Security Guidance’ (COUNTERACT Consortium, April 2009) 16. 9 API, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries (1st edn, May 2013) 14. 10 API and NPRA, Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries (2nd edn, October 2004) 5. 11 API, Security Risk Assessment Methodology (n 9) 14.

54

OFFSHORE SECURITY THREATS

3 Identifying and categorising offshore security threats The first challenge in assessing offshore security threats relates to identifying specific classes of adversaries that may attack or cause unlawful interferences with offshore installations and categorising them. Offshore security threats may be classified in different ways based on different criteria. One such classification is based on the geographical criterion, such as local or global, national or transnational. Offshore security threats may also be classified as external or internal, military or nonmilitary, state actors or non-state actors.12 In the US National Strategy for Maritime Security, maritime threats are grouped into four categories: nation-states, terrorists, transnational criminals and pirates.13 In the API SRA methodology, threats are categorised as: criminals, activists, terrorists, and disgruntled personnel.14 The types of threats faced by the offshore petroleum industry are similar to those the maritime industry faces, largely because of the maritime nature of the offshore industry. In conducting threat assessments, it is important to consider all types of offshore security threats actual and potential, real and perceived, internal and external. As part of the offshore security threat assessment, ‘possible perpetrators should be identified, allowing for an assessment of the capabilities needed to perform an attack’,15 their intent to attack offshore installations, and history of attacks. There have not been many attacks on offshore installations compared to onshore petroleum targets, but the spectrum of security threats to offshore installations is nevertheless diverse.16 Attacks on and unlawful interferences with offshore installations have been committed by various types of adversaries including pirates, terrorists, insurgents, small-time criminals and organised criminal groups, environmental and anti-oil activists and other protesters, disgruntled employees, hostile states (and their agents or proxies), and sometimes unknown perpetrators.17 For the purposes of security threat assessment, security threats faced by offshore installations are grouped into nine categories based on the type of activity:18 piracy, terrorism, insurgency, organised crime, vandalism, civil protest, internal sabotage, inter-state hostilities and cyber threats.19

12 See, e.g. S Bajpai and Jai Gupta, ‘Securing Oil and Gas Infrastructure’ (2007) 55 Journal of Petroleum Science and Engineering 174; API, Security Risk Assessment Methodology (n 9) 14; Fraryal Leghari, ‘Proposed Gulf-Asian Energy Pipeline Grid: Security Implications’ (2007) 6 Security & Terrorism Research Bulletin 16. 13 DHS, The National Strategy for Maritime Security (September 2005) 3 (acknowledging that a variety of threats to the maritime domain continues to grow in number and capability). 14 API, Security Risk Assessment Methodology (n 9) 14. 15 Maerli et al. (n 8) 17. 16 See, e.g. Brian Jenkins, ‘Potential Threats to Offshore Platforms’ (RAND Corporation, January 1988) 2. 17 See Appendix. 18 With the exception of ‘cyber threats’, which is not a type of activity. 19 The distinction between different categories of threats is not always clear. Offshore security threats are somewhat interrelated and there is a degree of overlap between different threat categories. In comparison, maritime security threats are often identified as falling into the following categories: piracy, armed robbery at sea, maritime terrorism, trafficking in WMD, drug trafficking, people smuggling and trafficking, IUU fishing, and intentional and unlawful marine pollution. See Natalie Klein, Maritime Security and the Law of the Sea (Oxford University Press 2011).

55

OFFSHORE SECURITY THREATS

4 Framework for evaluating offshore security threats Having categorised different threats, it is now necessary to adopt a framework and select a set of factors against which each category of offshore security threats can be evaluated. Drawing on existing literature, the assessment and evaluation of offshore security threats calls for examination of factors such as motivations and objectives of adversaries, their capabilities, organisational characteristics, modes of operation, and past actions directed against offshore installations.20 With proper understanding and knowledge of various threat groups, the dangers they represent, their goals, intentions, capabilities, opportunities and possible actions, appropriate protection and response measures, as well as risk management strategies, can be adopted. Hansen has suggested that ‘[i]n understanding maritime security threats from groups conducting unlawful acts, it is important to understand their motivation, organizational structure and tactics’.21 Threat assessment can be referred to as a ‘process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that has or indicates the potential to harm life, information, operations, and/or property’.22 The API SRA methodology provides: Threat information shall be considered by the user to understand those adversaries interested in the assets of the facility, their operating history, their methods and capabilities, their possible plans, and what motivates them. This information shall then be used to develop an assumed threat or set of threats that form the bases of the risk assessment.23

Jenkins considered three approaches to evaluating threats to offshore installations: the first approach examines past incidents; the second approach examines threats and incidents on similar and related targets such as attacks against maritime targets and onshore petroleum installations; and ‘[a] third approach would be to extrapolate from what has occurred and develop a theoretical portrait of potential adversaries and the possible actions they might take’. 24

20 See, e.g. Tanner Campbell and Rohan Gunaratna, ‘Maritime Terrorism, Piracy and Crime’ in Rohan Gunaratna (ed.), Terrorism in the Asia-Pacific: Threat and Response (Eastern Universities Press 2003) 70, 86; Torbjorn Thedeen, ‘Setting the Stage: The Vulnerability of Critical Infrastructures’ in Konstantin Frolov and Gregory Baecher (eds), Protection of Civilian Infrastructure from Acts of Terrorism (Springer 2006) 33, 35; Victor Asal and Justin Hastings, ‘When Terrorism Goes to Sea: Terrorist Organizations and the Move to Maritime Targets’ (2014) 26(5) Terrorism and Political Violence 1; Peter Lehr, ‘Maritime Terrorism: Locations, Actors, and Capabilities’ in Rupert Herbert-Burns, Sam Bateman and Peter Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2009) 55. 21 Hans Tino Hansen, ‘Distinctions in the Finer Shades of Gray: The “Four Circles Model” for Maritime Security Threat Assessment’ in Rupert Herbert-Burns, Sam Bateman and Peter Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2009) 73, 75 (further arguing that the significance of the distinction and interrelationship between different threats is important ‘from the perspective of industries, governments, and international organizations that confront these groups’): at 82. 22 API, Security Risk Assessment Methodology (n 9) 9. 23 Ibid. 14. 24 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 16) 1–2 (noting that even though it is free of speculation, relying solely on a historical approach ‘does not necessarily provide a basis for anticipating possible future actions’).

56

OFFSHORE SECURITY THREATS

An offshore security threat can be evaluated as a function of factors such as: intelligence about the threat, history of attacks and security incidents, suspected intent or motivation, credible existence of a threat to a given area, intelligence about the threat specific to a company or an asset being analysed, assessed capability and ability to carry out the act.25 Maerli et al. have argued that the level of threat against an asset can be determined by ‘evaluating the intent and capability of those who carry them out [which] involves gathering historical data about hostile events and evaluating which information is relevant in assessing the threats against the asset’.26 For the purposes of undertaking an offshore security threat assessment, each of the nine categories of threats identified above will be evaluated against the following three sets of factors: 1) geographical and other enabling factors, 2) motivations and intentions, and 3) offshore capabilities and tactics of adversaries. Consideration will also be given to past attacks and unlawful interferences involving offshore installations. 4.1 Geography and enabling factors Geographical factors are relevant to the assessment of security threats and these factors should be taken into account.27 Several previous studies on energy and petroleum infrastructure targeting have shown regional concentration of attacks.28 Giroux observed that attacks on energy infrastructure are becoming more common over time and are clustering in key oil and gas regions, arguing that this ‘calls for conducting spatial analysis [and] examining host country characteristics’.29 Geographical factors and regional aspects are important and need to be taken into consideration for the purposes of offshore security threat assessment and evaluation. The security environment of the petroleum industry is largely dependent on the overall security and stability of a state, region or geographical area. Therefore, security of oil and gas installations should not be considered in isolation from the security situation of the state or region.30 Attacks on petroleum installations occur in many countries, but oil companies and their installations can be faced with

25 API, Security Risk Assessment Methodology (n 9) 14. 26 Maerli et al. (n 8) 16–17. 27 See Martin Tsamenyi and Kwame Mfodwo, ‘Developing Capacity for Addressing Safety, Security and Marine Pollution Concerns Arising from the Oil and Gas Industry’ (Paper presented at the National Conference on Positioning the Transport Sector for the Successful Exploration of Ghana’s Oil & Gas, Accra, 15 July 2009) 12. 28 See, e.g. Jeffrey Simonoff, Carlos Restrepo and Rae Zimmerman, ‘Trends for Oil and Gas Terrorist Attacks’ (Research Report No. 2, IIIP, 30 November 2005); Peter Toft, Arash Duero, and Arunas Bieliauskas, ‘Terrorist Targeting and Energy Security’ (2010) 38(8) Energy Policy 4411; Mikhail Kashubsky, ‘A Chronology of Attacks on and Unlawful Interferences with, Offshore Oil and Gas Installations, 1975-2010’ (2011) 5(5–6) Perspectives on Terrorism 139; Brynjar Lia and Ashild Kjok, ‘Energy Supply as Terrorist Targets? Patterns of “Petroleum Terrorism” 1968–99’ in Daniel Heradstveit and Helge Hveem (eds), Oil in the Gulf: Obstacles to Democracy and Development (Ashgate 2004) 100. 29 Jennifer Giroux, ‘Update: Energy Infrastructure Attack Database Completed – Key Trends’ on Ricardo Marquez (For Your Reference, 4 January 2013) http://ricardoamarquezfyr.blogspot.com.au/ 2013/01/update-energy-infrastructure-attack.html accessed 1 December 2015. 30 Mustafa Alani and Nicole Stracke, ‘Insurgent Attacks on Iraq’s Oil Sector’ (2007) 6 Security & Terrorism Research Bulletin 38, 41.

57

OFFSHORE SECURITY THREATS

different security threats depending on geographical location or region in which they operate.31 In some places, there is a high level of activity of violent non-state actors such as organised criminal groups and insurgents. Oil companies often operate in high security risk areas that represent ‘the nexus of [adversary] intent, capability, and opportunity’,32 such as conflict zones and countries with violent civil unrest.33 As a result, in those areas oil companies and offshore installations are more prone to attacks.34 Giroux found 80 per cent correlation between energy infrastructure attacks and the presence of armed conflict.35 Some types of security threats, such as piracy, are limited only to certain geographical areas.36 Understanding geographical aspects can potentially provide advance knowledge of future operations of adversaries, as well as their strengths and weaknesses.37 Bahgat and Medina argue that ‘[i]t is therefore crucial that geographic perspectives be considered’ even with regard to threats such as terrorism.38 In evaluating the threat to an offshore installation ‘users should examine the historical record of security events and obtain available general and location-specific threat and intelligence information from government organizations and other sources’.39 This suggests that geographical aspects and other enabling factors, such as the presence of armed conflict, should be considered for the purposes of evaluating offshore security threats.40

31 Security challenges faced by oil companies in countries including countries with civil unrest and countries with armed conflict (i.e. high-risk areas) are different from those faced by oil companies in economically and politically stable countries and countries at peace (i.e. low-risk areas): Mark Lindsay, ‘The Security Threat to Oil Companies In and Out of Conflict Zones’ (2005) 2 The Oil and Gas Review 1. 32 Campbell and Gunaratna (n 20) 70, 72. 33 Countries where oil and gas installations have been attacked due to civil unrest or armed conflicts include: Colombia, Iraq, Nigeria, Sudan and South Sudan, Syria, Yemen. 34 Laura Husband, Interview with David Pickard, in ‘High Risk, High Reward: Talking Offshore Security with Drum Cussac’ (Offshore Technology, 3 January 2013) www.offshore-technology.com/features/ featureoffshore-oil-security-piracy-terrorist-attack-prevention-drum-cussac/ accessed 1 December 2015; Lindsay (n 31). 35 Giroux, ‘Update: Energy Infrastructure Attack Database Completed – Key Trends’ (n 29). 36 Martin Murphy, Small Boats, Weak States, Dirty Money: Piracy & Maritime Terrorism in the Modern World (Hurst 2009) 65 (arguing that when considering security threats the ‘most important thing to understand is what is happening locally and regionally’). 37 Karim Bahgat and Richard Medina, ‘An Overview of Geographical Perspectives and Approaches in Terrorism Research’ (2013) 7(1) Perspectives on Terrorism 38, 40. 38 Ibid. Bahgat and Medina further stated: The locations of terrorists, and the groups they identify with, have specific narratives behind their motivations, which are related to cultures, ethnicities, and historical situations of the terrorists and their constituencies. Their choices and strategies may be based on spatial considerations, or attacks may be the result of geographic context. Even the impacts of terrorist attacks may be highly dependent on the geographic context in which these occur.: at 40.

39 API, Security Risk Assessment Methodology (n 9) 33 (emphasis added). 40 However, al-Shishani argues that ‘the risk of targeting oil interests is not confined to certain geographical locations, as it is associated with a strategy of opening “new fronts”’: Murad al-Shishani, ‘Al Qaeda & Oil Facilities in the Midst of the Global Economic Crisis’ (April 2009) Journal of Energy Security www.ensec.org/index.php?option=com_content&view=article&id=190:al-qaeda-aamp-oilfacilities-in-the-midst-of-the-global-economic-crisis&catid=94:0409content&Itemid=342 accessed 1 December 2015.

58

OFFSHORE SECURITY THREATS

Geographically, attacks and unlawful interferences involving offshore petroleum installations have occurred in various parts of the world.41 However, almost half of the security incidents recorded in the OIAD took place off the coast of Nigeria. Attacks on and unlawful interferences with offshore installations have occurred in both politically and economically stable and unstable countries, but most of the offshore incidents that took place in economically and politically stable countries were non-violent environmental protests.42 4.2 Motivations and objectives Attacks on and unlawful interferences with offshore installations can be carried out for political, religious, financial, ideological, strategic and other reasons.43 Some of the most common motivations for attacking and interfering with offshore installations include achieving resource control and fairer allocation of petroleum revenues, such as in the case of attacks by insurgents in Nigeria;44 raising the awareness of pollution and protesting against offshore oil drilling, such as in the case of Greenpeace; financial gain, for example, in the case of piracy and organised crime; or causing disruptions of petroleum supplies to an enemy during an inter-state armed conflict or war.45 Perpetrators do not always state their intentions and objectives, and the ‘motivation of the perpetrators is not always obvious in each attack and in many cases not known/reported’.46 Adversaries may have several reasons for attacking offshore installations and an offshore attack may serve several objectives. For

41 Attacks, interferences and security incidents involving offshore installations have occurred in Angola, Australia, Cameroon, Colombia, Denmark (Greenland), Guyana/Suriname (disputed territory), India, Indonesia/Malaysia (Malacca Strait), Iran, Iraq, Malaysia, Mexico, Netherlands, New Zealand, Nicaragua, Nigeria, Norway, Russia, Spain (Canary Islands), Tanzania, Trinidad and Tobago, Turkey, United Arab Emirates (UAE), United Kingdom (UK), US, Vietnam/China (disputed territory), Yemen. 42 See Appendix. 43 Jennifer Giroux, Peter Burgherr and Laura Melkunaite, ‘Research Note on the Energy Infrastructure Attack Database (EIAD)’ (2013) 7(6) Perspectives on Terrorism 113. Giroux et al. have commented that: violent non-state actors target energy infrastructures to air grievances, communicate to governments, impact state economic interests, or capture revenue in the form of hijacking, kidnapping ransoms, theft. And, for politically motivated groups, such as those engaged in insurgencies, attacking industry assets garners media coverage serving as a facilitator for international attention: at 113.

44 For example, between 2006 and 2010, at least 17 attacks on offshore installations in the Niger Delta region of Nigeria were carried out by insurgents (and about nine attacks by unidentified perpetrators who are believed to be insurgents). Most of which were part of the campaign against the petroleum industry and Federal government, to achieve fair distribution of petroleum profits and compensation from oil companies, but some of those attacks may have been carried out for other political and criminal objectives. See generally Michael Watts (ed.), Curse of the Black Gold: 50 Years of Oil in Niger Delta (Powerhouse Books 2008); ICG, ‘The Gulf of Guinea: The New Danger Zone’ (Crisis Group Africa Report No. 195, ICG, December 2012); Michael Watts, ‘Petro-Insurgency or Criminal Syndicate? Conflict, Violence and Political Disorder in the Niger Delta’ (Working Paper No. 16, Institute of International Studies, 2008); Mark McNamee, ‘No End in Sight: Violence in the Niger Delta and Gulf of Guinea’ (2013) 11(5) Terrorism Monitor 8. 45 See, e.g. Lia and Kjok (n 28) 117; John Thackrah, Dictionary of Terrorism (2nd edn, Routledge 2004) 166. 46 Giroux, Burgherr and Melkunaite (n 43) 117.

59

OFFSHORE SECURITY THREATS

example, while the primary motivation of the perpetrators for attacking an offshore installation may be political, the perpetrators may have financial motivations and may decide to kidnap offshore workers for ransom as part of their attack.47 Similarly, if financial gain is the primary objective of the attackers, they may seek to carry out attacks with minimal damage to offshore installations and avoid unnecessary human casualties.48 In any case, an understanding of the motivations, intentions and objectives of different categories of threats or groups of adversaries is important for assessing offshore security threats and for the SRA. 4.3 Capabilities and tactics Capabilities and tactics (i.e. modus operandi) of perpetrators also vary significantly. Offshore capabilities of perpetrators have a bearing on the types of attacks they might attempt.49 Attacking some offshore installations can be very difficult requiring extensive offshore capabilities, planning and preparation. Some adversaries have welldeveloped offshore attack capabilities using a variety of methods and means including weapons ranging from knives to rocket-propelled grenades (RPGs) to improvised explosives devices (IEDs), sophisticated equipment including ships, motorboats and navigational tools.50 For example, a group of insurgents with experience and training in attack tactics, access to advanced equipment and weapons may mount an entirely different type of attack against an offshore installation than a group of opportunistic thieves who may not have any specialised training or sophisticated weapons or a group of environmental activists who tend to refrain from using violence. Tactics used by various perpetrators include bomb threats and threats of attacks, unauthorised boarding and armed intrusion of offshore installations, abduction of workers, hostage-taking, and the use of explosives and bombings of offshore installations. It has been suggested that the future attack tactics may include using ships as weapons to ram offshore installations and conducting underwater attacks.51 The most common tactic appears to be armed intrusion and abduction of offshore workers.52 The means of transport that assailants use to reach offshore platforms is often not reported, but in most cases the means the perpetrators used is described as ‘speedboats’.53 In some cases, small fishing vessels and vessels that look similar to offshore supply vessels have been used by the attackers.

47 The perpetrators may be seeking to ransom to finance their future attacks. Robb discusses the return on investment in the context of oil and gas infrastructure attacks: John Robb, Brave New War: The Next Stage of Terrorism and the End of Globalization (Wiley & Sons 2007). 48 See, e.g. Parfomak and Frittelli (n 7) 3. 49 Ibid. 2. 50 DHS (n 13) 4. 51 See, e.g. Philippe Bouvier, ‘Oil & Gas Industry – Towards Global Security: A Holistic Security Risk Management Approach’ (Thales White Paper, 2007) 3. 52 See Appendix. 53 Which could be broadly interpreted as including motorboats and skiffs. See also North Atlantic Treaty Organization (NATO), The Dhow Project: Identification Guide for Dhows, Skiffs and Whalers in the High Risk Area (n.d.).

60

OFFSHORE SECURITY THREATS

Different threat groups employ different attack tactics. For example, an organised criminal group will not necessarily use explosives to attack an offshore installation, but may simply make a threat of attack to extort money from the oil company that operates the installation. Accordingly, in assessing offshore security threats, it is important to have an understanding of offshore capabilities and tactics of different categories of threats and different groups of adversaries. 5 Evaluation of offshore security threats In this part of the analysis the above model will be used to examine each of the nine categories of offshore security threats and groups of adversaries that fall into those categories of threats in more detail by analysing their motivations, capabilities, tactics, relevant geographical and enabling factors, and past offshore activities.54 5.1 Piracy Piracy is one of the most visible threats to offshore installations. There are a number of different definitions of piracy. The legal definition of piracy in international law is contained in Article 101 of the LOSC.55 Several legal issues arise in relation to this definition and the application of the law of piracy to offshore installations.56 One of the key elements of the LOSC definition of piracy is that piracy is an act that occurs only on the high seas and within the exclusive economic zone (EEZ).57 An equivalent act of violence committed within the territorial sea would not be considered piracy under international law.58 Importantly, unlike other types of maritime violence and crime, piracy is subject to universal jurisdiction in international law.59 In eight years from 2007 to 2015, there were at least six reported piracy attacks worldwide that involved offshore installations. These include the 1 April 2007 attack on Bulford Dolphin offshore drilling rig; the 3 May 2007 attack on FPSO Mystras; the 5 May 2007 attack on Trident VIII offshore drilling rig; the 5 January 2010 attack on FSO Westaf; the 22 March 2007 attack on Aban VII jack-up rig, and the 3 October 2011 attack on Ocean Rig Poseidon drill ship. Prior to 2007, only one reported piracy

54 However, a historical analysis does not always provide a reliable basis for anticipating future attacks. 55 Article 101 of the LOSC defines piracy as consisting of any of the following acts: (a) any illegal acts of violence or detention, or any act of depredation, committed for private ends by the crew or the passengers of a private ship or a private aircraft, and directed: (i) on the high seas, against another ship or aircraft, or against persons or property on board such ship or aircraft; (ii) against a ship, aircraft, persons or property in a place outside the jurisdiction of any State; (b) any act of voluntary participation in the operation of a ship or of an aircraft with knowledge of facts making it a pirate ship or aircraft; (c) any act of inciting or of intentionally facilitating an act described in subparagraph (a) or (b).

56 To constitute piracy an act must satisfy several criteria that have been subject to some controversy. These issues are discussed in Chapter 6. 57 By virtue of Article 58(2) of the LOSC provisions on piracy apply to the EEZ. 58 Donald Rothwell and Tim Stephens, The International Law of the Sea (Hart Publishing 2010) 162. 59 See LOSC art 105. States do not need to have specific basis to establish jurisdiction over piracy.

61

OFFSHORE SECURITY THREATS

attack against an offshore installation was found, which is the 3 November 2004 attack on a tug boat towing the oil rig Ocean Sovereign.60 There have not been any reported piracy attacks against offshore installations since 2011. 5.1.1 Geography and enabling factors Piracy is a security threat that is usually defined by geography.61 It requires the presence of other factors such as an unstable political environment, weak government, low level of economic development, poverty, social or cultural acceptability, lack of effective law enforcement, and the opportunity for reward in order to prosper.62 As observed by Fort, ‘piracy overlays seamlessly onto this template of transnational threats with the maritime domain providing an environment ripe for exploitation’.63 Relatively few places offer such a combination of factors. These include parts of Southeast Asia, parts of Africa, and some parts of South America. The Gulf of Guinea has emerged as an important locality for piracy attacks on oil industry vessels and offshore installations, which represented an expansion of this threat to the offshore petroleum industry.64 Maritime piracy can be regarded as a growing security threat to the offshore industry and offshore installations, especially in the Gulf of Guinea, but also on the east coast of Africa.65 Apparently, the governments of Tanzania and Kenya have been concerned about the security threat posed to their offshore petroleum installations by Somali pirates operating in the area.66 In April 2011, the Tanzanian government responded to the threat of piracy by assigning its military to protect offshore installations in its EEZ.67 There have been at least four piracy attacks off the coast of Nigeria, two near Tanzania, one near India, and one in the Malacca Strait.68

60 See Appendix. 61 Tamara Shie, ‘Ports in a Storm? The Nexus Between Counterterrorism, Counterproliferation, and Maritime Security in Southeast Asia’ (2004) 4(4) Issues and Insights 1, 14. 62 See Martin Murphy, ‘Contemporary Piracy and Maritime Terrorism’ (Adelphi Paper No. 388, IISS, 2007) 15–17; Rommel Banlaoi, ‘Maritime Security Outlook for Southeast Asia’ in Joshua Ho and Catherine Raymond (eds), The Best of Times, the Worst of Times (World Scientific Publishing 2005) 59, 62–63. 63 Brian Fort, ‘Transnational Threats and the Maritime Domain’ in Graham Ong-Webb (ed.), Piracy, Maritime Terrorism and Securing the Malacca Straits (ISEAS Publishing 2006) 23, 28. 64 Donna Nincic, ‘Maritime Piracy: Implications for Maritime Energy Security’ (February 2009) Journal of Energy Security [7] www.ensec.org/index.php?option=com_content&view=article&id=180: maritime-piracy-implications-for-maritime-energy-security&catid=92:issuecontent&Itemid=341 accessed 1 December 2015. 65 Lindsay (n 31). 66 Steven Jones, ‘Exploration Issues’ (Maritime Security Review, 18 May 2011) www.marsecreview.com/ 2011/05/exploration-fears/ accessed 30 June 2014. 67 Jeff Moore, ‘Oil and Gas in the Crosshairs – Part 1’ (PennEnergy, 2 August 2012) www.pennenergy. com/articles/pennenergy/2012/08/oil-and-gas-in-the.html accessed 1 December 2015. 68 In addition, there have been about 15 attacks against offshore installations in the Gulf of Guinea by unidentified gunmen, some of which may be attributed to piracy. See Appendix.

62

OFFSHORE SECURITY THREATS

5.1.2 Motivations and objectives Piracy is considered an economic crime, committed for financial gain.69 However, piracy can also be committed by perpetrators that are politically motivated, yet carrying out the act itself at a tactical level for largely financial reasons.70 Considering that the primary motivation of piracy is financial gain, attacking an offshore installation would not necessarily be a cost-effective operation as it will likely yield little or no direct financial benefit for the attackers,71 unless they kidnap offshore workers for ransom, which has occurred on several occasions.72 Since piracy is a financially motivated crime, the destruction of the offshore installation is not the goal. Any damage to an offshore installation resulting from an act of piracy would usually be incidental to the financial objective of the pirates. Nevertheless, the dangers of piracy include a direct threat to the lives and welfare of offshore workers, as well as potential incidental environmental harm and significant damage to equipment and installations.73 5.1.3 Capabilities and tactics Piracy can generally be of two types: ‘low-level’ piracy and ‘high-level’ piracy.74 Lowlevel piracy is usually committed by poor, ill-equipped fishermen or villagers from coastal areas who may be armed with nothing more than knives and whose activities are often the result of relative desperation and their attacks are mostly opportunistic.75 In contrast, high-level piracy is usually committed by well organised, highly professional and skilled groups of people with sophisticated weapons, advanced technology and equipment including mother ships and high-speed boats that enable them to operate far offshore.76 Pirates have already shown the ability to successfully attack offshore installations. Some groups of perpetrators who commit acts of piracy have demonstrated

69 Mark Valencia, ‘The Politics of Anti-Piracy and Anti-Terrorism Responses in Southeast Asia’ in Graham Ong-Webb (ed.), Piracy, Maritime Terrorism and Securing the Malacca Straits (ISEAS Publishing 2006) 84, 87. 70 Hansen (n 21) 76. See also Martin Murphy, Small Boats, Weak States, Dirty Money: Piracy & Maritime Terrorism in the Modern World (Hurst 2009). 71 See, e.g. Stuart Kaye, ‘International Measures to Protect Oil Platforms, Pipelines, and Submarine Cables from Attack’ (2007) 31(2) Tulane Maritime Law Journal 377, 415. 72 For example, one offshore worker was kidnapped (probably for ransom) in the attack on Bulford Dolphin drilling rig on 1 April 2007, eight offshore workers were kidnapped in the attack on the FPSO Mystras on 3 May 2007, and one worker was kidnapped in the attack on Trident VIII offshore rig on 5 May 2007. At least on two occasions equipment and property was stolen from offshore installations. See Appendix. 73 Valencia (n 69) 87. 74 This is an unofficial typology adopted for the purposes of this discussion. For detailed discussion on piracy as a business model and organised enterprise see Hugh Williamson, ‘New Thinking in the Fight Against Maritime Piracy: Financing and Plunder Pre-Empting Piracy Before Prevention Becomes Necessary’ (2013) 46(1–2) Case Western Reserve Journal of International Law 335. 75 See Hansen (n 21) 80. 76 As Richardson notes, the main distinguishing feature of past and present piracy is that ‘the contemporary skull and cross bone operations can, and increasingly do, exploit modern technology and weapons’: Michael Richardson, ‘The Threats of Piracy and Maritime Terrorism in Southeast Asia’ (2004) 6 Maritime Studies 18, 18.

63

OFFSHORE SECURITY THREATS

sophisticated offshore capabilities with some attacks occurring more than 50 km offshore such as in the case of the attacks on Bulford Dolphin drilling rig on 1 April 2007 and the FPSO Mystras on 3 May 2007. These groups are usually well armed and very violent. 5.2 Terrorism Terrorism is one of the most talked about security threats to offshore installations. One of the main difficulties with the concept of ‘terrorism’ is that there is no agreed definition of this term and the concept itself is contested.77 At the international law level, even though virtually all forms of terrorism are prohibited by various international conventions and UN resolutions,78 there is no comprehensive convention on terrorism and no consensus on the legal definition of terrorism.79 There are; however, some key elements in some definitions of terrorism some of which are more common than others. For the purposes of this analysis the following elements are considered particularly relevant.80 First, terrorism is an ‘act’; second, it involves ‘the use of violence or threat of violence’; third, it is directed ‘against civilian population or government’; fourth, it uses a tactic of ‘fear, intimidation or coercion’; fifth, it services some kind of ‘political, social or ideological objective’;81 sixth, it is ‘committed by non-state actors’;82 and it can include ‘violence against property’.83 Schmid has cautioned that extending terrorism to attacks against property will allow all kinds of violence to be labelled terrorism, but noted that ‘many definitions, especially legal ones, include attacks on property and critical infrastructure under the listing of criminal terrorist offences’.84

77 See Alex Schmid, ‘The Revised Academic Consensus Definition of Terrorism’ (2012) 6(2) Perspectives on Terrorism 158; Richards (n 2); Leonard Weinberg, Ami Pedahzur and Sivan Hirsch-Hoefler, ‘The Challenge of Conceptualizing Terrorism’ (2004) 16(4) Terrorism and Political Violence 777. 78 See, e.g. International Convention for the Suppression of the Financing of Terrorism 1999, opened for signature 9 December 1999, 39 ILM 270 (entered into force 10 April 2002); UN, Declaration on Measures to Eliminate International Terrorism 1994, UNGAOR 49th sess, Agenda Item 142, UN Doc A/RES/49/60 (17 February 1995); UNSC Resolution 1373, UN Doc S/RES/1373 (28 September 2001); UNSC Resolution 1566, UN Doc S/RES/1566 (8 October 2004). 79 UN, A More Secure World: Our Shared Responsibility – Report of the Secretary-General’s High-level Panel on Threats, Challenges and Change GA 59th sess, Agenda Item 55, UN Doc A/59/565 (2 December 2004) 48. 80 See also Schmid, ‘The Revised Academic Consensus Definition of Terrorism’ (n 77); Alex Schmid, ‘The Definition of Terrorism’ in Schmid (ed.) Routledge Handbook of Terrorism Research (Routledge 2011) 39, 73–87. 81 See also discussion in Schmid, ‘The Revised Academic Consensus Definition of Terrorism’ (n 77). 82 However, many definitions do not restrict terrorism to the acts of ‘non-state actors’. Schmid has argued that ‘[b]y reserving the term “terrorism” for non-state actors only, we neglect the multiple uses of terrorism by governments . . . and create, in effect, a double standard’: Schmid, ‘The Definition of Terrorism’ (n 80) 68. 83 See, e.g. US Government, Federal Bureau of Investigation (FBI), Terrorism 2002–2005 (2006) iv. 84 Schmid, ‘The Definition of Terrorism’ (n 80) 69 (further noting that ‘attacks on critical infrastructure that is vital to civilian survival constitute a borderline case’).

64

OFFSHORE SECURITY THREATS

In the context of offshore installations security the ‘violence against property’ seems to be an important aspect of terrorism,85 but not all violence against property is terrorism.86 For the purposes of this analysis, the definition of terrorism used by the Australian National Counter Terrorism Committee (NCTC) is adopted, which includes the ‘violence against property’ element and explicitly mentions critical infrastructure. The NCTC defines a ‘terrorist act’ as: an act or threat, intended to advance a political, ideological or religious cause by coercing or intimidating an Australian or foreign government or the public, by causing serious harm to people or property, creating a serious risk to the health and safety to the public, or seriously disrupting trade, critical infrastructure or electronic systems.87

Terrorism can be categorised in a number of different ways.88 In the context of offshore petroleum security, the most relevant categories of terrorism are maritime terrorism,89 petroleum terrorism,90 and cyber-terrorism,91 but for the purposes of offshore security threat evaluation the focus is on maritime terrorism. Maritime terrorism is a relatively new phenomenon compared to piracy.92 Terrorist activity in the maritime domain began to emerge in the 1960–70s;93

85 Nagtzaam and Lentini have noted that the inclusion of ‘violence against property’ in the definitions of terrorism is relevant to consider, in light of actions of environmental activists and animal rights groups, which can include terrorism and other forms of political violence: Gerry Nagtzaam and Pete Lentini, ‘Vigilantes on the High Seas?: The Sea Shepherds and Political Violence’ (2008) 20(1) Terrorism and Political Violence 110, 113. 86 Violence directed solely against property better fits the profile of ‘vandalism’. Vanderheiden argues that ‘[t]errorist acts are . . . conventionally regarded as acts or threats of illegitimate killing . . . and therefore . . . treat differently acts of violence against mere property from that against persons’: Steve Vanderheiden, ‘Eco-Terrorism or Justified Resistance? Radical Environmentalism and the “War on Terror”’ (2005) 33(3) Politics and Society 425, 429. 87 NCTC, National Counter Terrorism Plan (2nd edn, 2005) 4 (emphasis added). Despite a reference to Australia, this definition has a global scope. 88 For example, terrorism can be classified by its origin and reach (such as international/transnational terrorism and domestic terrorism); by ideology (for example, ethno-nationalist terrorism and religious extremist terrorism); by the nature of targets (such as eco-terrorism, cyber-terrorism, maritime terrorism, and petroleum terrorism); or by tactics and types of attacks (such as suicide terrorism and bio-terrorism). 89 ‘Maritime terrorism’ can be defined as ‘the use of violence at sea or to a ship or fixed platform for political ends, including any use of violence for the purpose of putting the public or any section of the public in fear’: CSCAP, ‘Cooperation for Law and Order at Sea’ (Memorandum No. 5, CSCAP, 2001) 15. 90 The concept of ‘petroleum terrorism’ refers to ‘attacks by terrorist or rebel groups directed against, or significantly affecting, petroleum infrastructure’: Lia and Kjok (n 28) 101. 91 ‘Cyber-terrorism’ may be defined as ‘the use of computers as weapons, or as targets, by politically motivated international, or sub-national groups, or clandestine agents who threaten or cause violence and fear in order to influence an audience, or cause a government to change its policies’: Clay Wilson, ‘Computer Attack and Cyberterrorism: Vulnerabilities and Policy Issues for Congress’ (CRS Report for Congress, US Congress, April 2005) 7. See also Lee Jarvis, Stuart Macdonald and Lella Nouri, ‘The Cyberterrorism Threat: Findings from a Survey of Researchers’ (2014) 37(1) Studies in Conflict and Terrorism 68. 92 Catherine Raymond, ‘Maritime Terrorism, A Risk Assessment: The Australian Example’ in Joshua Ho and Catherine Raymond (eds), The Best of Times, the Worst of Times (World Scientific Publishing 2005) 179, 180. 93 See, e.g. Brian Jenkins et al., ‘A Chronology of Terrorist Attacks and Other Criminal Actions against Maritime Targets’ (RAND Paper Series, RAND Corporation, September 1983); Cormac (n 5) 478–79.

65

OFFSHORE SECURITY THREATS

however, from the mid 1990s maritime terrorism began to show signs of increasing frequency and levels of sophistication.94 In the 2000s, the attacks on USS Cole in October 200095 and MV Limburg in October 200296 refocused the international attention on maritime terrorism. Several terrorist organisations including the Palestine Liberation Front (PLF),97 the Popular Front for the Liberation of Palestine (PFLP),98 the Liberation Tigers of Tamil Eelam (LTTE),99 Hezbollah,100 Abu Sayyaf Group (ASG),101 Jemaah Islamiyah (JI),102 as well as Al-Qaeda and its affiliated networks have recognised the advantages of attacking targets at sea.103 There have been a number of terrorist attacks against maritime targets,104 but maritime attacks represent a very small percentage of all terrorist attacks.105 Greenberg et al. noted that ‘many perceptions of maritime terrorism risks do not align with the reality of threats and vulnerabilities’.106 To date, there have been only two attacks against offshore petroleum installations that can be attributed to terrorism. On 24 April 2004, members of the Al-Qaedaaffiliated Jamaat al-Tawhid wa-l-Jihad (JTWJ)107 group based in Iraq carried out near-simultaneous coordinated suicide boat attacks against Iraq’s Al Basrah Oil Terminal (ABOT) and Khawr Al Amaya Oil Terminal (KAAOT) in the Persian

94 See Rupert Herbert-Burns, ‘Terrorism in the Early 21st Century Maritime Domain’ in Joshua Ho and Catherine Raymond (eds), The Best of Times, the Worst of Times (World Scientific Publishing 2005) 155, 163. 95 On 12 October 2000, in Yemen, a small boat loaded with explosives rammed the US destroyer USS Cole and blew up alongside it, killing 17 and injuring 39 sailors. Affiliates of Al-Qaeda were suspected and blamed for the attack: Cindy Combs and Martin Slann, Encyclopedia of Terrorism (revised edn, Facts on File 2007) 416. 96 On 6 October 2002, in Yemen, the French tanker MV Limburg was attacked by Al-Qaeda affiliates using an explosive-laden boat, which exploded and caused substantial damage to the ship and killed one crew member: Barry Rubin and Judith Rubin, Chronologies of Modern Terrorism (M.E. Sharpe 2008) 316; Shawn Woodford, ‘Al-Qaeda and Saudi Arabia: A Chronology’ in Erich Marquardt (ed.), Saudi Arabian Oil Facilities: The Achilles Heel of the Western Economy (Jamestown Foundation 2006) 35, 38. 97 The PLF is a Palestinian militant group, which is designated as a terrorist organisation by various countries. 98 The PFLP is a Palestinian Marxist-Leninist and revolutionary leftist organisation founded in 1967. It is designated as a terrorist organisation in some countries. 99 The LTTE was a separatist group in Sri Lanka. Although LTTE is often referred to in the literature as a ‘terrorist organisation’ and has been designated as a ‘terrorist organisation’ by some states, such that it better fits the profile of a separatist insurgent group. 100 Hezbollah is a Islamic armed group and political party based in Lebanon. Several states classify Hezbollah as a terrorist organisation, in whole or in part. 101 ASG is an Islamic terrorist/criminal group operating in the Philippines. 102 JI is a jihadist group based in Indonesia with alleged links to Al-Qaeda. 103 See, e.g. Peter Chalk, ‘Maritime Terrorism in the Contemporary Era: Threat and Potential Future Contingencies’ (MIPT Terrorism Annual, MIPT, 2006) 29–30. 104 See, e.g. Jenkins et al., ‘A Chronology of Terrorist Attacks’ (n 93); Asal and Hastings (n 20). 105 Greenberg et al. noted that, based on data from the RAND Terrorism database, maritime attacks constituted only 2 per cent of all international incidents from 1975 to 2005: Greenberg et al. (n 3) 9. Asal and Hastings have found the GDT only notes 199 maritime attacks out of a total of 98,000 terrorist attacks in the GDT (i.e. about 0.2 per cent): Asal and Hastings (n 20) 1. 106 Greenberg et al. (n 3) xxi. 107 JTWJ was an Islamist terrorist/insurgency group based in Iraq that was led by Abu-Musab alZarqawi. It later had become known as the Al-Qaeda in Iraq (AQI), and subsequently transformed into ISIL (or ISIS), also known as Daesh. NCC, ‘Counterterrorism 2014 Calendar’ (2014) 32.

66

OFFSHORE SECURITY THREATS 108

Gulf. In the attack on ABOT, two explosive-laden zodiac-type speedboats approached the offshore terminal at high speed. The lead boat aimed at ABOT and was fired upon, after which it detonated before it could hit the terminal. The second boat was also fired upon, killing terrorists, but it still rammed MV Takasuza oil tanker moored at the terminal, but failed to explode.109 ABOT, capable of exporting up to 900,000 bpd of oil, was shut down for two days.110 The attack on KAAOT happened about 20 minutes earlier.111 Reportedly, adversaries used a dhow, which was intercepted by a coalition forces vessel as it approached the exclusion zone around KAAOT. When an attempt was made to board it the dhow exploded killing two US Navy sailors and one US Coastguardsman and injuring four others.112 No physical damage to the terminal was reported, but the terminal was immediately shut down by the authorities.113 5.2.1 Geography and enabling factors Although many terrorist groups seem to be geographically confined to certain areas or countries such as the PLF in Palestine, Hezbollah in Lebanon, LTTE in Sri Lanka,114 ASG in the Philippines and JI in Indonesia, transnational terrorism does not have strict geographical limitations or boundaries. It has been suggested that the most substantive threat to the safety of the world today is from terrorist organisations with international links and goals that extend from a specific local area to the international arena.115 For instance, Al-Qaeda is a terrorist network with a global reach,116 known to have cells spread around the world, and considered to be posing ‘a universal threat to the membership of the United Nations’ and the UN itself.117 In this regard, it can be argued that a terrorist attack on an offshore installation can occur in any country,118 but the likelihood of such attacks taking place varies from country to country.

108 Lehr (n 20) 60–61; John Daly, ‘Terrorism and Piracy: The Dual Threat to Maritime Shipping’ (2008) 6(16) Terrorism Monitor 4; James Russel, ‘Maritime Security in the Gulf: Addressing the Terrorist Threat’ (2006) 2 Security & Terrorism Research Bulletin 9, 11; US Government, US Navy, The Commander’s Handbook on the Law of Naval Operations (2007) 7–12, app C. 109 Lehr (n 20) 60, n 12 (noting that according to one report boats exploded before they could reach their targets), citing Jonathan Howland, Countering Maritime Terror, US Thwarts Attacks, Builds Up Foreign Navies (17 June 2004) Jewish Institute for National Security Affairs (JINSA) Online. 110 ‘Iraqi Oil Terminal is Closed after Attack’ (Red Orbit, 25 April 2004). 111 Lehr (n 20) 61. 112 Ibid. 113 Nicolas Pyke, ‘Suicide Bomber Boats Explode in Attack on Basra Oil Terminal’ (The Independent, 25 April 2004) www.independent.co.uk/news/world/middle-east/suicide-bomber-boats-explode-in-attackon-basra-oil-terminal-756454.html accessed 20 September 2008. 114 In May 2009, the Sri Lankan government declared a victory over the LTTE: Chietigj Bajpaee, ‘Uncertainty Rather than Stability Follows Defeat of Sri Lanka’s Tamil Tigers’ (2009) 7(26) Terrorism Monitor 6, 6. 115 Boaz Ganor, ‘Cooperation is Not Sufficient: A New International Regime is Needed to Counter Global Jihadi Terrorism’ in James Ellis (ed.), Terrorism: What’s Coming – The Mutating Threat (MIPT 2007) 48, 48; UN, A More Secure World (n 79) 14–15, 47. 116 UN, A More Secure World (n 79) para 146. 117 Ibid. 118 However, the level of threat is still different in different countries.

67

OFFSHORE SECURITY THREATS

Especially since 9/11, terrorism is often perceived to be completely transnational ‘potentially present anywhere, and structured in networks whose reach is unlimited’.119 However, Al-Qaeda’s ‘global tendencies should not be perceived as an indicator of the globalization of terror attacks’.120 Bahgat and Medina contend that ‘[d]espite the common preoccupation with the complexity and the fault lines of transnational terrorism, there is reason to believe that the defining geography of terrorism is rather to be located in the hotspots and regions of domestic terrorism’.121 They have further noted that ‘terrorism appears to be originating in specific areas throughout the world’ with regional hotspots in parts of South and Central Asia, the Middle East, Europe, Central Africa, South America and Southeast Asia.122 Robb has argued that the majority of terrorist groups are geographically focused.123 Factors that contribute to the effective operation of terrorist groups include legal and jurisdictional weakness, state support, proximity to terrorist safe heavens, civil unrest and the presence of armed conflict.124 According to a report of the UN Secretary-General’s High-level Panel on Threats, Challenges and Change (HPTCC), ‘[t]errorism flourishes in environments of despair, humiliation, poverty, political oppression, extremism and human rights abuse; it also flourishes in contexts of regional conflict and foreign occupation; and it profits from weak State capacity to maintain law and order’.125 These enabling factors can increase the risk of terrorist attacks against offshore installations. Given that there have been only two terrorist attacks on offshore installations so far, both in Iraq, it is not possible to make any meaningful geographical analysis based only on terrorist attacks against offshore installations. Nevertheless, geographical factors and considerations should be taken into account when assessing the terrorism threat to offshore installations. 5.2.2 Motivations and objectives The most obvious motivations of terrorist groups are political and ideological such as the desire to achieve major political change. Terrorists are usually highly motivated to create public fear and ‘gain the sympathy of the people by striking out at symbols of government and power’.126 The motivation of terrorists may be inherent in the propaganda of attacking oil installations.127 Causing maximum human casualties,

119 Bahgat and Medina (n 37) 47, citing Stuart Elden, ‘Terror and Territory’ (2007) 39(5) Antipode 821, 828–31. 120 Ogen Goldman, ‘The Globalization of Terror Attacks’ (2011) 23(1) Terrorism and Political Violence 31, 55. 121 Bahgat and Medina (n 37) 48 (emphasis in original). 122 Ibid. Toft et al. have found that there was an uneven distribution and strong geographic concentration of terrorist attacks against energy transmission infrastructure: Toft, Duero and Bieliauskas (n 28). 123 Nathan Robb, ‘Has the Role of Geography Been Diminished by Technology, Globalisation and the Threat Posed by Terrorism?’ (2009) 27 Papers in Australian Maritime Affairs 275, 280. 124 See Murphy, Small Boats, Weak States (n 70). 125 UN, A More Secure World (n 79) para 145. 126 Robert Charm, ‘Terrorists See Offshore as Tempting Target’ (January 1983) Offshore 62, 65. 127 Jan Breemer, ‘Offshore Energy Terrorism: Perspectives on a Problem’ (1983) 6 Terrorism 455, 460.

68

OFFSHORE SECURITY THREATS

public fear and wide media coverage are also often important terrorist objectives, but an attack on an offshore installation will not necessarily achieve these objectives.128 Terrorist groups also understand the economic aspects of targeting oil and gas installations.129 It appears that causing disruption of petroleum supplies with consequential economic costs is often one of the objectives of terrorists in attacking oil and gas targets. Since 9/11, most scholarly attention has focused on religious jihadist terrorism, which tends to be associated with oil and gas installations targeting. However, Toft et al. did not find a strong correlation between certain terrorist ideologies and energy infrastructure targeting.130 Al-Qaeda and its affiliates see oil dependence as the ‘Achilles heel’ of the modern global economy and they understand that attacks on oil and gas installations could have significant economic consequences for states that they consider enemies.131 On a number of occasions Al-Qaeda has threatened to cut the ‘economic lifelines’ of Western industrialised societies, specifically focusing on the oil and gas industry.132 In December 2004, in an audio recording, Osama bin Laden called upon jihadists to attack oil installations in the Persian Gulf region as part of a strategy of harming Western economies by disrupting oil supplies.133 Earlier that year, in June 2004, the ‘fatwa’ of a prominent religious scholar and Al-Qaeda affiliate, Abd al-Aziz bin Rashid al-Anzi, was published on the Internet in the form of the instruction manual entitled ‘The Religious Rule of Targeting Oil Interests’,134 where al-Anzi declared that ‘targeting oil interests is legitimate economic jihad’ as long as the benefits of the destruction outweighed the costs, and that ‘economic jihad in this area is the

128 Campbell and Gunaratna (n 20) 72. 129 Murphy, ‘Suppression of Piracy and Maritime Terrorism’ (n 2) 27–28. See also Nicole Stracke, ‘Economic Jihad: A Security Challenge for Global Energy Supply’ (2007) 6 Security & Terrorism Research Bulletin 26, 26. 130 Toft, Duero and Bieliauskas (n 28) 4411 (also observing that based on a classification of the terrorist groups according to their primary ideological goals, nationalist–separatists have the highest proportion of varying groups attacking energy infrastructure, noting that 22 out of 139 active nationalist–separatist terrorist groups, 12 out of 124 secular–utopians, and 9 out of 119 political–religious groups attacked energy infrastructure targets): at 4418. 131 See Steve Yetiv, The Petroleum Triangle: Oil, Globalization, and Terror (Cornell University Press 2011) 55–86. 132 Bruce Peck, ‘The US Strategic Petroleum Reserve: Needed Changes to Counter Today’s Threats to Energy Security’ (US Army War College Strategy Research Project, 2006) 4. Al-Qaeda’s statements pertaining to targeting oil and gas infrastructure date back to 1996. See Osama bin-Laden, Declaration of Jihad (1996) in Thomas Hegghammer (ed.), Dokumen- tasjon om al-Qaida: Intervjuer, Kommunikeer og AndrePprimaerkilder [Documentation on the Al-Qaeda – Interviews, Communiqués and Other Primary Sources, 1990–2002] (Norwegian Defence Research Establishment (FFI) 2002), cited in Toft, Duero and Bieliauskas (n 28) 4417. 133 Mordechai Abir, ‘The Al-Qaeda Threat to Saudi Arabia’s Oil Sector’ (2004) 4(13) Jerusalem Issue Brief www.jcpa.org/brief/brief004-13.htm accessed 1 December 2015. 134 The ‘fatwa’, which is a legal judgement or learned interpretation that a qualified jurist may give on issues pertaining to Islamic law, entitled ‘Targeting Petroleum-Related Interests and a Review of the Law Pertaining to the Economic Jihad’ was issued on 15 June 2004, but the English excerpts of the fatwa were not widely publicised until February 2006. See Jack Williams, ‘Al-Qaida Threats and Strategies: The Religious Justification for Targeting the International Energy Economy’ (Critical Energy Infrastructure Protection Policy Research Series No. 3, CCISS, March 2008) 38–41.

69

OFFSHORE SECURITY THREATS

best method to hurt the infidels’.135 The main four oil targets identified by al-Anzi were oil wells, pipelines, oil installations and the oil industry personnel.136 Al-Anzi’s 2004 fatwa and other statements by Al-Qaeda’s leadership threatening to attack petroleum targets seemed to suggest that attacking oil and gas installations had become a major element of Al-Qaeda’s strategy. Rudner noted that energy infrastructure, particularly oil and gas installations, emerged as a primary target of the ‘economic jihad’.137 Al-Qaeda and its affiliates have carried out several attacks on onshore petroleum installations and two attacks on offshore installations, disrupting operations and resulting in economic costs and financial losses.138 However, the proportion of attacks on oil and gas installations is insignificant, possibly suggesting that Al-Qaeda and its affiliated global jihadists have not made energy infrastructure a serious priority, despite their statements and claims.139 Toft et al. found that ‘Al-Qaeda has not been very active in this respect, concentrating the bulk of their attacks on other targets’.140 It has been argued that the probability of occurrence of terrorist attacks against petroleum installations (especially offshore installations) has been seriously overstated and exaggerated in recent years, and AlQaeda’s propaganda statements are often taken uncritically and perceived as real threats.141 5.2.3 Capabilities and tactics Some terrorist groups have proven capable of carrying out sophisticated maritime attacks.142 Asal and Hastings argue that the terrorists’ choice to attack maritime targets primarily depends on their maritime capabilities.143 One of the reasons why not many terrorist organisations have carried out attacks at sea (compared to targets

135 According to the fatwa, targeting petroleum installations is permitted unless their ownership is Muslim, but it was acceptable to destroy Muslim property if it had fallen into the hands of the enemy. See Abd al-Aziz bin Rashid al-Anzi, Targeting Petroleum-Related Interests and a Review of the Law Pertaining to the Economic Jihad (2004), quoted in Evan Kohlmann, Al-Qaida in Saudi Arabia: Excerpts from “The Laws of Targeting Petroleum-Related Interests” (2006) http://azelin.files.wordpress.com/2010/08/al-qaidain-saudi-arabia-excerpts-from-e2809cthe-laws-of-targeting-petroleum-related-interests.pdf accessed 1 December 2015. See also Alex Schmid, ‘Terrorism and Energy Security: Targeting Oil and Other Energy Sources and Infrastructures’ in James Ellis (ed.), Terrorism: What’s Coming – The Mutating Threat (MIPT 2007) 28, 28. 136 Kohlmann (n 135). 137 Martin Rudner, ‘Cyber-Threats to Critical National Infrastructure: An Intelligence Challenge’ (2013) 26(3) International Journal of Intelligence and Counterintelligence 453, 456. 138 Examples include attacks on the Abqaiq oil refinery complex in Saudi Arabia on 24 February 2006 and the Ash Shihr oil export terminal in Yemen on 15 September 2006. See, e.g. Tim Pippard, ‘“Oil-Qaeda”: Jihadist Threats to the Energy Sector’ (2010) 4(3) Perspectives on Terrorism 3, 6–9. 139 Michael Mihalka and David Anderson, ‘Is the Sky Falling? Energy Security and Transnational Terrorism’ (2008) 7(3) Strategic Insights, cited in Giroux, Burgherr and Melkunaite (n 43) 115. 140 Toft, Duero and Bieliauskas (n 28) 4418 (noting that Al-Qaeda attacks against energy infrastructure constituted only approximately 6 per cent of their total attacks between 1998 and 2008). 141 Baev (n 3) 38. 142 For example, the LTTE has demonstrated its extensive offshore capabilities through a maritime campaign against Sri Lankan forces. See Lia and Kjok (n 28) 122. 143 Asal and Hastings (n 20) 7.

70

OFFSHORE SECURITY THREATS

on land) is because only a few terrorist groups have capabilities to carry out maritime attacks, even in their own regions of operation.144 For example, Murphy argues that maritime activity is unnecessary for the majority of terrorist groups operating today and ‘there are only a few groups for whom maritime operations are driven by a strategic or operational imperative’. 145 The two terrorist groups that are responsible for most maritime attacks in recent years are Al-Qaeda (together with its affiliates) and LTTE, which have attacked warships, commercial vessels and petroleum installations.146 An attack strategy that would focus primarily on offshore installations would not be easy as it would require coordination, persistence and substantial resources that most terrorist groups lack.147 Nevertheless, capabilities of terrorist groups to attack offshore installations should not be underestimated.148 Terrorists can develop or improve their offshore skills, and obtain the necessary means to carry out attacks against offshore installations.149 One of the main tactics of terrorists in attacking maritime and offshore petroleum targets has been suicide attacks using explosive-laden boats, which was the case in the attacks on ABOT and KAAOT in 2004.150 Terrorists’ tactics and strategies are constantly evolving. Enhanced security of offshore petroleum installations may force terrorists to improve capabilities or adopt new tactics and methods of operation.151 5.3 Insurgency Insurgency is also a security threat to offshore installations. Insurgency can be defined as ‘an organised movement aimed at the overthrow of a constituted government through one of subversion and armed conflict’.152 The US Central Intelligence Agency (CIA) defines ‘insurgency’ as ‘a protracted political-military activity directed toward completely or partially controlling the resources of a country through the

144 Nincic has noted that the DOS in its Country Reports on Terrorism identified ten terrorist organisations (out of a total of 44 designated terrorist organisations) as having maritime capabilities or at least having demonstrated maritime capabilities in the past. Those terrorist groups were: Al-Qaeda, Abu Nidal Organization, ASG, Basque Fatherland and Liberty, Hammas, Hizbollah, JI, Lashkar eTayyiba, LTTE, and PLF’s Abu Abbas Faction: Donna Nincic, ‘The “Radicalization” of Maritime Piracy: Implications for Maritime Energy Security’ (December 2010) Journal of Energy Security www.ensec.org/index.php?option=com_content&view=article&id=269:the-radicalization-of-maritimepiracy-implications-for-maritime-energy-security&catid=112:energysecuritycontent&Itemid=367 accessed 1 December 2015. 145 Murphy, ‘Contemporary Piracy and Maritime Terrorism’ (n 62) 45. 146 The LTTE Sea Tigers, which were established in 1984, had sunk about 30 Sri Lankan Navy vessels since their establishment: John Daly, ‘Terrorism and Piracy: The Dual Threat to Maritime Shipping’ (2008) 6(16) Terrorism Monitor 4, 4. 147 Murphy, ‘Suppression of Piracy and Maritime Terrorism’ (n 2) 28. See also Lehr (n 20) 68–69. 148 Rommel Banlaoi, ‘Maritime Terrorism in Southeast Asia: the Abu Sayyaf Threat’ (2005) 58(4) Naval War College Review 63, 72; Herbert-Burns, ‘Terrorism in the Early 21st Century Maritime Domain’ (n 94) 175 (arguing that terrorist activity in the maritime environment ‘has the potential to develop both in terms of sophistication and amplification of consequence’). 149 Thackrah (n 45) 166. 150 This tactic resembles the attacks on USS Cole in 2000 and on Limburg oil tanker in 2002. 151 Bouvier (n 51) 3. 152 NATO, NATO Glossary of Terms and Definitions (English and French) (2008) 2-I-5.

71

OFFSHORE SECURITY THREATS

use of irregular military forces and illegal political organizations’.153 There is still considerable contention in relation to the definition of insurgency. Insurgency is often confused with terrorism. The media tends to generalise the concepts of terrorism and insurgency including in the maritime security context.154 Insurgents are often referred to as terrorists and sometimes the terms insurgents and terrorists are used synonymously,155 which only obscures their nature and purpose.156 In fact, insurgency and terrorism are distinct phenomena.157 There a number of differences between insurgency and terrorism.158 Morris argues that ‘the distinction between terrorism and insurgency is not merely theoretical’ because combating these threats requires different strategies.159 The common attribute of most insurgent groups is their desire to control a particular geographical area,160 and it is this aspect that ‘differentiates insurgent groups from purely terrorist organisations, whose objectives do not [always] include the creation of an alternative government capable of controlling a given area or country’.161 Insurgents are usually field fighting forces, organised in military fashion, and are generally larger in size than terrorist cells.162 Unlike most terrorists, insurgents are actually engaged in internal armed conflict,163 and the activities of insurgents are often aimed at weakening government control and legitimacy while increasing their control and legitimacy.164 Insurgency is also different from piracy. The key difference between insurgency and piracy is the motivation of the perpetrators. It is generally accepted that piracy is an act committed for private ends, while insurgency serves political or public ends. From the international law perspective, the phrase ‘for private ends’ in Article 101 of the LOSC, effectively excludes from the definition of piracy insurgents

153 US Government, CIA, Guide to Analysis of Insurgency (undated) 2, cited in Daniel Byman, Peter Chalk, Bruce Hoffman, William Rosenau and David Brannan, Trends in Outside Support for Insurgent Movements (RAND Corporation 2001) 4. 154 Hansen (n 21) 75 (arguing that this happens because it makes it ‘more understandable to the general public’ and also because the media reporters ‘do not have enough knowledge about the subjects they are writing on’). 155 For the purposes of this analysis, the terms ‘rebels’, ‘guerrillas’ and ‘militants’ are synonymous with ‘insurgents’. 156 Murphy, ‘Suppression of Piracy and Maritime Terrorism’ (n 2) 24. 157 William Rosenau, Subversion and Insurgency (RAND Corporation 2007) 2. See also David Tucker and Christopher Lamb, ‘Restructuring Special Operations Forces for Emerging Threats’ (2006) 219 Strategic Forum 1; Hansen (n 21) 75–77; Murphy, ‘Suppression of Piracy and Maritime Terrorism’ (n 2) 24; Michael Morris, ‘Al Qaeda as Insurgency’ (2005) 39 Joint Force Quarterly 41, 42; David Kilcullen, ‘Countering Global Insurgency’ (2005) 28(4) Journal of Strategic Studies 597, 604–606; Aldo Borgu, ‘Understanding Terrorism: 20 Basic Facts’ (Strategic Insights, ASPI, September 2004) 6–7. 158 For discussion on principal differences between terrorism and insurgency see Kilcullen (n 157) 604–606. 159 Morris (n 157) 42. See also Kilcullen (n 157) (arguing that countering insurgency would require substantially different policy choices). 160 Including the desire to obtain autonomy or independence of a certain geographical area: Hansen (n 21) 77. 161 CIA (n 153) 2, cited in Byman et al. (n 153) 2. 162 Morris (n 157) 42. 163 Merle MacBain, ‘Will Terrorism Go to Sea?’ (1980) 23(1) Sea Power 15, 21. 164 CIA (n 153) 2, cited in Byman et al. (n 153) 2.

72

OFFSHORE SECURITY THREATS

who direct their acts solely against the state whose government they seek to overthrow (and also all those acts that have no personal motive, whether monetary or otherwise).165 Insurgent groups have successfully carried out attacks on offshore petroleum installations,166 seriously disrupting production and oil exports.167 Between 1975 and 2014 at least 17 attacks on offshore installations were carried out by insurgent groups and at least 15 attacks by unidentified armed men, some of which can be attributed to insurgency.168 However, since 2010, attacks on offshore installations by insurgents have significantly decreased mainly because a large number of Niger Delta insurgents accepted the Federal Government’s amnesty in 2009 and government payoffs,169 and some insurgent groups have refocused their operations on theft and smuggling of oil.170 5.3.1 Geography and enabling factors Insurgency is a geographically specific security threat. Insurgent groups are generally limited to a certain geographical area of operation primarily because of their objectives, which can include a struggle for independence or the overthrow of an unwanted government.171 Some insurgent groups, such as the LTTE in Sri Lanka,172 are driven by a struggle to secure territorial settlement or local ethnic conflicts, which indicates that it is a geographically specific threat category. Insurgency usually requires a set of factors that encourage and sustain it. These include weak governments, political instability, corruption, poverty and ethnic conflicts. This kind of scenario serves as a ‘breeding ground’ and sanctuary for insurgencies as well as terrorist groups and pirates.173 Murphy argues that the ‘principal reason why there have been so few maritime insurgencies is that in very few places around the world has political conflict coincided with favorable maritime geography’.174

165 See, e.g. Malvina Halberstam, ‘Terrorism on the High Seas: The Achille Lauro, Piracy and the IMO Convention on Maritime Safety’ (1988) 82(2) American Journal of International Law 269, 282. 166 Peter Avis, ‘Oil Platform Security: Is Canada Doing All It Should?’ (Critical Energy Infrastructure Protection Policy Research Series No. 3-2006, CCISS, March 2006); Martin Murphy, ‘The Blue, Green, and Brown: Insurgency and Counter-insurgency on the Water’ (2007) 28(1) Contemporary Security Policy 63, 64. 167 Lia and Kjok (n 28) 118. 168 See Appendix. 169 See Andrew McGregor, ‘Ex-Militants Use Oil as a Political Weapon in the Niger Delta’ (2014) 12(14) Terrorism Monitor 3, 3. 170 ICG (n 44) 6–11; UNODC, Transnational Organized Crime in West Africa: A Threat Assessment (2013). See also Judith Asuni, ‘Understanding the Armed Groups of the Niger Delta’ (Working Paper, Council on Foreign Relations, September 2009). 171 Hansen (n 21) 79. 172 In May 2009, the Sri Lankan government declared a victory over the LTTE: Chietigj Bajpaee, ‘Uncertainty Rather than Stability Follows Defeat of Sri Lanka’s Tamil Tigers’ (2009) 7(26) Terrorism Monitor 6, 6. 173 Lew Bullion, ‘Terrorism and Oil Make Volatile Mix’ (2006) 233(5) Pipeline and Gas Journal 32, 32. 174 Murphy, ‘Suppression of Piracy and Maritime Terrorism’ (n 2) 26.

73

OFFSHORE SECURITY THREATS

Insurgents carried out maritime attacks against oil terminals and oil storage depots in Cuba in the 1960s and in Nicaragua in the 1980s,175 and in Sri Lanka in the 1990s and 2000s. Attacks by insurgents on onshore petroleum installations have occurred in Iraq, Egypt, Yemen, Libya, Russia, Sudan, Nigeria, India, Pakistan, Sri Lanka and Colombia,176 but almost all of insurgent attacks on offshore installations took place off the coast of Nigeria.177 5.3.2 Motivations and objectives Motivations of insurgents vary, but obtaining political-economic concessions from central government is a common motivation. Insurgents have often focused their attacks on petroleum installations to advance their agenda.178 It has been suggested that insurgents regard the oil and gas industry as a source of revenue to the government that they oppose, and they attack oil companies and installations in order to reduce that revenue.179 For example, Nigerian insurgent groups such as the Niger Delta People’s Volunteer Force (NDPVF) and especially the Movement for the Emancipation of Niger Delta (MEND) have waged a violent campaign against oil installations. MEND, one of the most high-profile Nigerian insurgency organisations and an umbrella entity of various Niger Delta armed groups,180 is known for its attacks directed almost entirely against the petroleum industry,181 and for that reason MEND insurgents have been referred to as ‘oil militants’. At the peak of its activity, MEND attacks halted more than one third of Nigeria’s oil production.182 Insurgents in Nigeria are often motivated by unfair distribution of oil revenue, demanding a larger share of the country’s oil wealth for the local communities, and attacking petroleum installations to disrupt Nigeria’s oil exports.183 A similar situation is in Colombia where insurgent groups such as the Revolutionary Armed Forces of

175 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 16) 4–5. 176 See, e.g. Andrew McGregor, ‘The Islamist Challenge to North Africa’s Energy Industry’ in Andrew McGregor (ed.), The Changing Face of Islamist Militancy in North Africa (Jamestown Foundation 2008) 27; Lia and Kjok (n 28); Toft, Duero and Bieliauskas (n 28); Giroux, Burgherr and Melkunaite (n 43); CSS, ETH Zurich, Energy Infrastructure Attack Database (EIAD) (2012) [data file] www.css.ethz.ch/ research/research_projects/index/EIAD accessed 1 December 2014. 177 See Appendix. 178 See Bullion (n 173). 179 Lindsay (n 31). 180 Other insurgency and armed groups operating in the Niger Delta include the Niger Delta Vigilante (NDV), the Niger Delta Liberation Force (NDLF) and a number of other criminal/political armed groups. See also Elias Courson, ‘The Burden of Oil: Social Deprivation and Political Militancy in Gbaramatu Clan, Warri South West LGA Delta State, Nigeria’ (Working Paper No. 15, Institute of International Studies, 2007); Watts, ‘Petro-Insurgency or Criminal Syndicate?’ (n 44); Asuni (n 170). 181 Today, MEND exists more as an idea rather than an organised entity that it was prior to the 2009 government amnesty, despite the fact that there are those who still claim to be MEND. However, many groups that once were part of MEND still exist today and should there be a need, those groups can mobilise again under the umbrella of one entity similar to MEND: Email from Jennifer Giroux to Mikhail Kashubsky (13 August 2014). See also Asuni (n 170); UNODC (n 170) 52. 182 This is significant given that Nigeria is among the world’s top oil producing and oil exporting states. 183 See, e.g. Peter Maass, Crude World: The Violent Twilight of Oil (Vintage Books 2010) 53–80.

74

OFFSHORE SECURITY THREATS 184

Colombia (FARC) recognise the importance of the oil exports and therefore attack onshore oil installations to further their political objectives. Generating media attention and public awareness of their struggle can also be an important objective of the insurgent groups.185 Insurgent groups also have financial motivations and may be interested in targets that have the potential to yield financial return to support their broader political objectives.186 Kidnapping of oil company workers for ransom has evolved into a common practice of insurgent groups, particularly in Nigeria and Colombia, and this practice is likely to continue.187 Almost all of the attacks by insurgents on offshore installations involved abduction of offshore workers but, in most cases, offshore workers were released unharmed after a relatively short period of time. For example, on 7 November 2010 MEND insurgents abducted 19 offshore workers from the offshore drilling rig High Island VII about 12 km off the coast of Nigeria, but released them ten days later.188 Oil companies often make ransom payments to insurgents for the release of abducted workers. Insurgents have also extorted money from the oil companies in the form of ‘protection payments’ in exchange for a guarantee not to attack their petroleum installations.189 Killing civilians is usually not the intention of insurgents, yet a number of workers have been killed in the attacks on offshore installations. McNamee has described the transformation of the underlying objectives of Niger Delta insurgents for attacking oil and gas installations: Perhaps of greater importance is the transformation of the underlying motivation for these incidents. Prior to the amnesty, while profit was undeniably an aim, MEND affiliated militants were primarily politically motivated. As a result, many of the attacks did not involve monetary gain and were direct assaults on personnel and energy installations with the goal of destroying output and forcing the government to address the needs of the local population. For the past several years, brazen theft has by-andlarge supplanted the former political ideology of the pre-amnesty militants and the bunkering and distribution of oil became deeply engrained as a strategy for economic livelihood within the delta.190

184 FARC is a Marxist-Leninist revolutionary guerrilla organisation that has carried out numerous attacks on oil installations. 185 See, e.g. Hansen (n 21) 77. 186 Murphy has noted that while this type of violence emerges out of political discontent, ‘it also has a large criminal component’: Murphy, ‘Suppression of Piracy and Maritime Terrorism’ (n 2) 26. 187 Neal Adams, Terrorism & Oil (PennWell 2003) 90. Insurgent groups operating in the Niger Delta are often referred to as simply criminal gangs that extort money from the oil companies. 188 International Centre for Political Violence and Terrorism Research (ICPVTR), ‘Counter Terrorism Security Response: Energy and Nuclear 15–21 November 2010’ (Weekly Report, ICPVTR, November 2010) 2. 189 Sean Burges, Jean Daudelin and Roy Fuller, ‘Latin America’s Energy Infrastructure and Terrorism: A Tentative Vulnerability Assessment’ (Critical Energy Infrastructure Protection Policy Research Series No. 4, CCISS, March 2008) 29. 190 Mark McNamee, ‘Militancy in the Niger Delta Becoming Increasingly Political - A Worry for 2015’ (2013) 11(21) Terrorism Monitor 4, 4.

75

OFFSHORE SECURITY THREATS

McNamee further argued that several incidents in the Niger Delta in 2013 indicate that ‘opportunistic criminal activity in the Delta (kidnapping, oil bunkering and piracy) may become a form of political protest once again’.191 5.3.3 Capabilities and tactics Some insurgent groups have demonstrated capabilities to carry out attacks against maritime and offshore petroleum targets. The LTTE, when it was operational, had developed the techniques of maritime attacks into a fine art,192 using very sophisticated tactics and technologies, such as stealth mechanisms and multiple-engine high-speed craft capable of running faster than navy vessels, and it was regarded to have had the most advanced maritime attack capabilities of any insurgent or terrorist group in the world.193 MEND insurgents have also demonstrated sophistication and operational capabilities in the offshore environment. For example, on 2 June 2006, MEND insurgents attacked the Bulford Dolphin offshore drilling rig some 65 km offshore,194 and on 19 June 2008 attacked the FPSO Bonga some 120 km offshore.195 These and other similar attacks demonstrate significant capabilities of Niger Delta insurgent groups to conduct attacks on offshore installations far offshore. It was reported that in the attack on Bonga insurgents travelled more than 120 km during the night through strong currents, carried out the attack, which lasted almost four hours, and travelled back another 120 km.196 The Bonga attack raised concerns for the security of deep sea offshore installations in the region, which had previously been considered out of the reach of insurgents.197 However, McNamee has argued that the capability of insurgent groups in Nigeria remains highly questionable based on some unfulfilled threats. The most common tactic of insurgents appears to be armed intrusion of offshore installations and abduction of offshore workers. Some incidents involve the capture of a potentially large number of people and enable the insurgents to control oil installations.198 Insurgents are often well armed and have used explosive devices, RPGs and machine guns in their attacks. On 29 June 2009, MEND insurgents

191 Ibid. 192 Chalk argues that LTTE evolved into a ‘prototype terrorist organisation with a potentially global reach’, which may be ‘serving as a critical benchmark for future developments in the wider arena of maritime terrorism’: Peter Chalk, ‘Liberation Tigers of Tamil Eelam’s (LTTE) International Organization and Operations – A Preliminary Analysis’ (Commentary No. 77, Canadian Security Intelligence Service, 2000); Chalk, ‘Maritime Terrorism in the Contemporary Era’ (103) 40. 193 OTS, Offshore Oil & Gas Risk Context Statement (April 2005) 17; Murphy, ‘Contemporary Piracy and Maritime Terrorism’ (n 62) 63; Campbell and Gunaratna (n 20) 83. 194 Martyn Wingrove, ‘Nigeria Kidnap Hikes Up Oil Price’, Lloyd’s List DCN (Sydney, 8 June 2006) 14. 195 See Appendix. 196 Mikhail Kashubsky, ‘Offshore Energy Force Majeure: Nigeria’s Local Problem with Global Consequences’ (2008) 160 Maritime Studies 20, 23. 197 ‘Nigeria Navy Sends Ships to Secure Offshore Bonga Oilfield’ (Rigzone, 23 June 2008) www.rigzone.com/news/article.asp?a_id=63304 accessed 2 July 2008. 198 Lia and Kjok (n 28) 110.

76

OFFSHORE SECURITY THREATS

attacked Nigeria’s Forcados offshore oil terminal and detonated explosives causing a massive explosion and fire, and damaging the installation.199 5.4 Organised crime Organised crime poses a security threat to offshore oil and gas installations. Criminal groups may cause interferences with operations of oil companies and their offshore installations.200 The term ‘organised crime’ can be defined as ‘a form of economic commerce by illegal means, involving the threat and use of physical force, extortion, corruption, blackmail and other methods, and the use of illicit goods and services’,201 and it usually refers to: large-scale and complex criminal activities carried out by tightly or loosely organized associations and aimed at the establishment, supply and exploitation of illegal markets at the expense of society. Such operations are generally carried out with a ruthless disregard of the law, and often involve offences against the person, including threats, intimidation and physical violence.202

The types of crimes and illegal activities that organised criminal groups can engage in that have relevance to the petroleum industry include oil theft, extortion, armed robbery, kidnapping for ransom, theft of property and other forms of criminal profiteering. The most common ways of criminal gangs for profiting from the petroleum industry are oil theft, armed robbery, kidnapping and extortion. There have been several reported attacks on offshore installations by organised criminal groups.203 Piracy is also a form of organised crime, but due to its unique classification in international law, piracy has been placed into a separate category of offshore security threats. Since attacks on offshore installations committed in the territorial sea, the archipelagic waters or the internal waters will not be considered piracy in international law,204 they will be classified as armed robbery. Therefore they are attributed to this threat category, but in many cases both of these crimes are committed by the same groups of people.

199 ‘Nigerian Rebels Announce Fresh Attacks on Shell Oil Facility’ (Sydney Morning Herald, 6 July 2009) www.smh.com.au/business/nigerian-rebels-announce-fresh-attack-on-shell-oil-facility-20090706d9fa.html accessed 1 December 2015; NCC, Worldwide Incidents Tracking System https://wits.nctc.gov accessed 1 December 2009. 200 See, e.g. Burges, Daudelin and Fuller (n 189) 30. 201 UN, Ninth United Nations Congress on the Prevention of Crime and the Treatment of Offenders, Discussion Guide, UN Doc A/CONF.169/PM.1 (27 July 1993). 202 UN, ‘Effective National and International Action Against (a) Organized Crime; (b) Terrorist Criminal Activities’, Eighth United Nations Congress on the Prevention of Crime and the Treatment of Offenders, Item 5, Provisional Agenda, UN Doc A/CONF.144/7 (26 July 1990). 203 They include the attack on the mobile offshore drilling rig Allied Centurion in Malaysia on 26 December 2008, and the attack on an offshore installation at the offshore Moudi oil terminal in on 17 November 2010. See Appendix. 204 By virtue of Articles 101 and 58(2) of the LOSC, an act of piracy can only be committed on the high seas and in the EEZ.

77

OFFSHORE SECURITY THREATS

5.4.1 Geography and enabling factors Organised crime can have wider security implications and can affect the overall stability and security in a given area.205 Organised criminal activities could easily spill over into the petroleum industry or materialise in attacks on and interferences with oil and gas installations, which has happened in Nigeria, Colombia and Mexico.206 The theft and smuggling of oil by organised criminal groups for the purposes of illicit refining and subsequent use or for sale is a relatively common practice in some countries. This type of criminal activity is widespread in Nigeria, where government officials, politicians, military and police officials are allegedly involved in it.207 Oil can be illegally extracted from pipelines and oil storage facilities by drilling holes or opening valves, from pumping stations and even from offshore production installations. Stolen oil is then refined or sold as crude on the ‘black market’ to illegal oil traders who, in turn, sell it to local refineries and on the international market.208 The estimates of the amount of stolen oil in Nigeria vary. In 2004, approximately 200,000 to 250,000 bpd was reportedly being stolen which was about 10 per cent of Nigeria’s total oil production.209 By 2008, the estimated oil theft amounted to about 250,000 bpd,210 and in 2012, it was between 100,000 and 200,000 bpd.211 In the first quarter of 2013, reportedly, on average 100,000 bpd was stolen.212 Stolen oil amounts to several millions of US dollars per day in lost revenue and generates significant profits for those involved in this criminal activity. Oil theft has been

205 Murphy, ‘Contemporary Piracy and Maritime Terrorism’ (n 62) 85–86. 206 Mexican organised criminal syndicates may have expanded their operations to the illicit oil trade, and they have tapped oil pipelines and built tunnels and independent pipelines to support growing theft of oil that is sold on the domestic as well as the US markets: Jennifer Giroux, ‘Global Platforms and Big Returns: Energy Infrastructure Targeting in the 21st Century’ (CTN Newsletter Special Bulletin Protecting Critical Energy Infrastructure from Terrorist Attacks, Organization for Security and Cooperation in Europe (OSCE), January 2010) 18, 20; Jeremy Martin and Sylvia Longmire, ‘The Perilous Intersection of Mexico’s Drug War & Pemex’ (March 2011) Journal of Energy Security www.ensec.org/ index.php?option=com_content&view=article&id=283:the-perilous-intersection-of-mexicos-drug-waraamp-pemex&catid=114:content0211&Itemid=374 accessed 1 December 2015. 207 See, e.g. Michael Watts, ‘Sweet and Sour’ in Michael Watts (ed.), Curse of the Black Gold: 50 Years of Oil in Niger Delta (Powerhouse Books 2008) 36, 44; Lysias Dodd Gilbert, ‘Youth Militancy, Amnesty and Security in the Niger Delta Region of Nigeria’ in Victor Ojakorotu and Lysias Dodd Gilbert (eds), Oil Violence in Nigeria: Checkmating its Resurgence in the Niger Delta of Nigeria (Lambert Academic Publishing 2010); Christina Katsouris and Aaron Sayne, ‘Nigeria’s Criminal Crude: International Options to Combat the Export of Stolen Oil’ (Report of the Royal Institute of International Affairs, September 2013); Royal Institute of International Affairs, ‘Maritime Security in the Gulf of Guinea’ (Report of the Conference at Chatham House, London, 6 December 2012); ICG (n 44); Francois Vrey, ‘Maritime Aspects of Illegal Oil-bunkering in the Niger Delta’ (2012) 4(4) Australian Journal of Maritime and Ocean Affairs 109; UNODC (n 170) 45–52. 208 Katsouris and Sayne (n 207). 209 Vrey (n 207) 110; Stephen Davis, Dimieari Von Kemedi and Mark Drennan, ‘Illegal Oil Bunkering in the Niger Delta’ (Niger Delta Peace and Security Strategy Working Papers, 2005) 7; Paul Lubeck, Michael Watts and Ronnie Lipschutz, ‘Convergent Interests: US Energy Security and the “Securing” of Nigerian Democracy’ (International Policy Report, Center for International Policy, February 2007) 9. 210 Vrey (n 207) 111, citing Duncan Clarke, Africa: Crude Continent. The Struggle for Africa’s Oil Prize (Profile Books 2010) 98. 211 Vrey (n 207) 111; ICG (n 44). 212 Katsouris and Sayne (n 207) x.

78

OFFSHORE SECURITY THREATS

referred to as ‘Nigeria’s most profitable private business.’213 So far, there have not been any reported oil thefts specifically involving offshore installations, but considering the scale and sophistication of this criminal activity, this may occur in the future. Political and economic instability often creates an ideal environment for organised criminal activities,214 and therefore organised crime can be a serious security threat to petroleum companies and petroleum installations particularly in economically and politically unstable countries.215 As far as offshore installations security is concerned, organised crime poses a serious threat to offshore installations only in a few regions such as the Gulf of Guinea, parts of Southeast Asia and parts of South America. 5.4.2 Motivations and objectives The main motivation of organised crime is financial gain. Organised criminal groups usually prefer to avoid media, public or government attention.216 Causing damage to property or inflicting human casualties is usually not the intention of organised criminal groups, but they can resort to such measures to achieve their objectives. Violence, intimidation and murder are usually incidental to organised crime. The oil and gas industry provides opportunities for organised crime to generate financial gains through illegal activities and unlawful interferences involving the industry.217 Oil companies have financial resources which potentially makes them attractive economic targets for organised criminal groups,218 for example, for the purposes of extortion.219 For example, in October 1981 in the US, offshore installations off the coast of Santa Barbara belonging to Sun Oil Co and Union Oil Co were victims of extortion attempts and bomb threats, but no bombs were found nor any extortion payments made.220 While organised criminal groups usually have no direct stake in attacking offshore installations, they may be involved in the protection racket for the oil and gas industry and cause small disruptions to justify the protection payments.221 Offshore installations have been a subject of ‘protection rackets’,222 as demonstrated by the attack of 17 November 2010 on an offshore installation at the Moudi oil terminal off the coast of Cameroon by a ‘hybrid criminal/separatist’

213 Human Rights Watch, The Warri Crisis: Fueling Violence (2003) 18. 214 Burges, Daudelin and Fuller (n 189) 31. 215 Ibid. See also Nnimmo Bassey, ‘Oil Fever’ in Michael Watts (ed.), Curse of the Black Gold: 50 Years of Oil in Niger Delta (Powerhouse Books 2008) 90, 90. 216 Pat O’Malley and Steven Hutchinson, ‘Actual and Potential Links between Terrorism and Criminality’ (Trends in Terrorism Series No. 5, Integrated Terrorism Assessment Centre, 2006) 9. 217 Giroux, ‘Global Platforms and Big Returns’ (n 206) 18, 19. 218 Bullion (n 173) 32. 219 It has been suggested that extortion in the oil and gas industry is ‘a notoriously underreported crime’: Jenkins et al., ‘A Chronology of Terrorist Attacks’ (n 93) 6. 220 CSS (n 176), citing Gail Bass and Bonnie Jean Cordes, Actions against Nonnuclear Energy Facilities September 1981–September 1982 (April 1983) 11. 221 Burges, Daudelin and Fuller (n 189) 30. 222 Philippe Le Billon, ‘Fuelling War: Natural Resources and Armed Conflict’ (Adelphi Paper No. 373, IISS, 2005) 7, 35.

79

OFFSHORE SECURITY THREATS

group calling itself Africa Marine Commando.223 It was reported that the group contacted oil companies several days prior to attacking offshore installations and demanded payment of protection fees, and threatened further attacks unless they received money.224 Similarly, criminal/semi-criminal groups in Nigeria have interfered with operations of offshore installations demanding concessions from oil companies.225 Armed robbery and theft of property such as equipment and stores are also among the types of criminal activities that can be and have been perpetrated against offshore installations. For example, on 26 December 2008 the mobile offshore drilling rig Allied Centurion was boarded in Malaysia’s territorial sea by six armed men who stole stores and property from the rig and injured one crew member.226 Stolen equipment may later be sold back to the original owners or to third parties. 5.4.3 Capabilities and tactics Some criminal organisations have a global reach, influence and very sophisticated capabilities. They are highly organised and well armed.227 However, their capabilities to attack offshore targets are questionable. Capabilities to attack oil installations far offshore have only been demonstrated by organised criminal groups that operate in the Gulf of Guinea.228 Oil theft, extortion, kidnapping, armed robbery, theft of property and oil market manipulation are the types of crimes that could be perpetrated by organised criminal groups against the petroleum industry and offshore installations. According to one report, perpetrators have used helicopters to reconnoitre offshore installations and returned at night to steal unattended equipment including from unmanned offshore installations.229 Organised criminals often use threats and violence as a method of obtaining financial gain. Offshore workers and oil company executives have been kidnapped by criminal gangs for ransom and a number of oil workers have been murdered in connection with organised crime.230

223 Andrew McGregor, ‘Cameroon Rebels Threaten Security in Oil-Rich Gulf of Guinea’ (2010) 8(43) Terrorism Monitor 7, 7. 224 Ibid. (noting that foreign oil companies have been criticised by Cameroonian officials for paying protection money to organised criminal groups and insurgents). 225 For example, 27 June 1999 armed intrusion of an offshore installation, the July 1999 seizure of an offshore oil rig, 10 August 1999 armed intrusion and 10 May 2000 bomb threat. See Appendix. 226 IMO, Reports on Acts of Piracy and Armed Robbery Against Ships: Issued Monthly – Acts Reported During December 2008, IMO Doc MSC.4/Circ.129 (20 March 2009) annex 1. 227 See US Government, National Institute of Justice, ‘Major Transnational Organized Crime Groups’ (15 November 2007) www.nij.gov/topics/crime/transnational-organized-crime/major-groups.htm accessed 1 December 2015. 228 See, e.g. ICG (n 44) 11; Mark McNamee, ‘No End in Sight: Violence in the Niger Delta and Gulf of Guinea’ (2013) 11(5) Terrorism Monitor 8, 8–10. 229 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 16) 4, 18. 230 For example, on 29 May 1978, in Colombia, the general manager of Texas Petroleum Company, was kidnapped in Bogota and subsequently killed by his kidnappers on 3 January 1979, when police stumbled upon their hideout: Rubin and Rubin (n 96) 115.

80

OFFSHORE SECURITY THREATS

5.5 Vandalism Vandalism is another security threat to offshore installations. Vandalism can be defined as ‘action involving deliberate destruction of or damage to public or private property’.231 Vandalism can also be referred to as ‘damaging cargo, support equipment, infrastructure, systems or facilities’.232 This category of threat includes violent acts by radical environmental activists, animal rights groups and other similar groups as well as violence by members of local populations causing damage to company property, including offshore installations. Attacks by environmental and animal rights groups such as the Earth Liberation Front (ELF),233 the Animal Liberation Front (ALF),234 Earth First!,235 Animal Rights Militia (ARM),236 and the Sea Shepherd Conservation Society (SSCS)237 can be considered ‘vandalism’. Collectively, these adversaries have attacked a broad range of targets including cars, car dealerships, petrol stations, construction equipment, housing developments, and ships.238 A number of acts of vandalism involving onshore petroleum installations have been reported,239 and there have been several attacks against ships by environmental and animal rights groups that can be

231 Oxford Dictionaries, www.oxforddictionaries.com/view/entry/m_en_gb0920250#m_en_gb0920250 accessed 1 December 2015. Vandalism can also be defined as ‘an intentional act aimed at damaging or destroying an object that is another’s property’: Arnold Goldstein, The Psychology of Vandalism (Plenum Press 1996) 19. 232 OTS, Offshore Security Assessment Guidance Paper (June 2005) 15. 233 ELF is a radical environmental movement established in 1992 in the UK with several branches in the US: ELF, http://earth-liberation-front.com/ accessed 1 December 2015. 234 ALF is a radical animal rights group which carries out violent activities directed at university research centres that use animals in experiments and other industries that they believe harm animals. 235 Earth First! is an international movement composed of small, regionally-based groups that apply ‘direct pressure’ through a combination of activities including education, litigation, and creative civil disobedience. Earth First! engages in acts of violence against property, but considers humans not to be legitimate targets: Earth First!, ‘About Earth First!’ www.earthfirst.org/about.htm accessed 1 December 2015. 236 ARM is an animal rights group, affiliated with ALF, which has used violence against property and persons in the pursuit of animal rights. 237 SSCS is an international non-profit, marine wildlife conservation organisation established in 1977 with a mission to end the destruction of habitat and slaughter of wildlife in the world’s oceans in order to protect ecosystems and species: SSCS, ‘Who We Are’ (2015) www.seashepherd.org/who-we-are/ accessed 1 December 2015. SSCS is considered an environmental extremist organisation by the FBI. 238 See, e.g. Michael Loadenthal, ‘Eco-Terrorism? Countering Dominant Narratives of Securitisation: A Critical, Quantitative History of the Earth Liberation Front (1996-2009)’ (2014) 8(3) Perspectives on Terrorism 16; SSCS, ‘The History of Sea Shepherd’ (2012) www.seashepherd.org/who-we-are/ourhistory.html accessed 1 December 2015; Jennifer Carson, Gary Lafree and Laura Dugan, ‘Terrorist and Non-Terrorist Criminal Attacks by Radical Environmental and Animal Rights Groups in the United States, 1970–2007’ (2012) 24(2) Terrorism and Political Violence 295, 316. 239 For example, on 24 April 1984, in Canada, an act of sabotage or vandalism of a storage tank caused the release of approximately 541,000 litres of gasoline in Deception Bay, Quebec; in the US, on 25 June 1991 vandalism of storage tanks in Baytown, Texas, caused the release of 318,000 litres of waste oil from a number of aboveground storage tanks: Alicia Watts-Hosmer, Colby Stanton and Julie Beane, ‘Intent to Spill: Environmental Effects of Oil Spills Caused by War, Terrorism, Vandalism, and Theft’ (Paper presented at 1997 International Oil Spill Conference, Fort Lauderdale, US, 7–10 April 1997) 157, 160, citing ‘Oil Spills Intelligence Report 1982-1985’, International Summary and Review.

81

OFFSHORE SECURITY THREATS 240

characterised as vandalism. There has been at least one reported incident involving an offshore installation that can be categorised as vandalism. On 2 August 1899 in the US, a local mob attacked an oil derrick off the shores of Montecito, in Santa Barbara and demolished it.241 5.5.1 Geography and enabling factors Vandalism does not seem to be limited by geographical factors. Acts of vandalism against onshore oil and gas installations have taken place in the US, Canada and Nigeria.242 Vandalism involving ships has occurred in the United Kingdom (UK), Portugal, and Bahamas. Vandalism against offshore installations can potentially take place in any country, but operations of groups such as ELF and ALF tend to be the most active in the US, Mexico, Canada and UK.243 Activities of SSCS do not seem to be limited to any particular geographical area. SSCS has carried out a number of attacks against fishing and whaling vessels in various parts of the world.244 5.5.2 Motivations and objectives Motivations and objectives of groups and individuals that commit acts of vandalism against petroleum installations can vary. As the definition of ‘vandalism’ suggests, its main motivation is the destruction of or damage to property to achieve a particular goal.245 For example, the main objective of the ELF is ‘to defend and protect the Earth for future generations by means of direct action’,246 which almost always involves the use of violence against property. Inflicting human casualties is not an objective of those involved in vandalism.247 Radical environmental and animal rights groups generally tend to avoid injuring or killing people, and these groups ‘have so far been overwhelmingly more of a threat to property than to persons’.248 Loadenthal found that no ELF or ALF attack is reported to have resulted in any injuries or human casualties.249 However, some animal rights groups have specifically targeted 240 For example, on 23 June 1974 in the UK, the Band of Mercy group burnt down a 32-foot British vessel Mizpah which was regularly used to hunt seals. On 4 August 1975, a group called ‘Jaws’ placed a bomb on the Bahamian vessel Goldfinger II to protest against the Bahamian Government’s attitude towards American fisherman: Jenkins et al., ‘A Chronology of Terrorist Attacks’ (n 93) 12–13. 241 Robert Gramling and William Freudenburg, ‘Attitudes Toward Offshore Oil Development: A Summary of Current Evidence’ (2006) 49(7) Ocean & Coastal Management 442, 442–43. Reportedly, the next day these activists were described approvingly on the front page of the local newspaper: Harvey Molotch, William Freudenburg and Krista Paulsen, ‘History Repeats Itself, But How? City Character, Urban Tradition, and the Accomplishment of Place’ (2000) 65(6) American Sociological Review 791, 804. 242 See, e.g. Watts-Hosmer, Stanton and Beane (n 239) 160. 243 See Loadenthal (n 238) 27. 244 Since 1979, SSCS have attacked, sunk and damaged nearly ten whalers and trawlers. In February 1980, SSCS operatives sunk the Cypriot-registered whaling ship Sierra, in Lisbon harbour using limpet mines: SSCS, ‘The History of Sea Shepherd’ (n 239); ‘Sea Shepherd’s Record of Violence’ (10 April 1994) 7 The High North News Extra. See also Nagtzaam and Lentini (n 85) 116–17. 245 Presumably, attracting public and media attention may also be a motivation of radical environmental groups; however, this proposition is not based on any empirical evidence. 246 ELF, www.earth-liberation-front.com/ accessed 1 December 2015. 247 For example, ELF claims that ‘there has never been an injury or death stemming from an ELF action’: ELF (n 246). See also Bron Taylor, ‘Threat Assessments and Radical Environmentalism’ (2003) 15(4) Terrorism and Political Violence 173. 248 Carson, Lafree and Dugan (n 238) 316. 249 Loadenthal (n 238) 26.

82

OFFSHORE SECURITY THREATS 250

people. SSCS has not attacked or interfered with any offshore installations so far, but it has shown interest in matters relating to pollution from offshore oil and gas activities.251 It is plausible that in the future SSCS may cause interferences with operations of offshore installations, for instance, if such offshore petroleum operations endanger the lives of sea animals. Although some environmental groups, particularly ELF, have been named by the FBI as eco-terrorists and domestic terrorist groups,252 this has not been without criticism.253 It has been argued that activities of these groups should be distinguished from terrorism because they aim to destroy property, but direct no violence towards persons and only a small proportion of actions of radical environmental and animal rights groups can be termed ‘eco-terrorism’.254 Therefore, it is more appropriate to classify violent acts of the radical environmental or animal rights groups as vandalism. 5.5.3 Capabilities and tactics Perpetrators of acts of vandalism have used several tactics to accomplish their tasks including the use of incendiary and explosive devices.255 For the purposes of offshore security threat assessment, the type of actions that can be categorised as vandalism include arson, sabotage and other property damage.256 Vandalism tactics against petroleum installations included tampering with valves at production, storage and transportation facilities in order to release oil.257 Loadenthal found that vandalism was the most commonly employed tactic of the ELF.258 SSCS has sophisticated and well-developed maritime capabilities and it owns several vessels.259 SSCS has disabled propellers of whaling ships, used limpet mines to sink ships and has employed ramming tactics to damage whaling ships.260 It is unlikely that groups or individuals who perpetrate acts of vandalism have necessary capabilities in order to carry out attacks on offshore installations. Despite the lack of history of vandalism against offshore petroleum installations, vandalism nevertheless represents a threat to their security. Jenkins argued in 1988

250 Rachel Monaghan, ‘Terrorism in the Name of Animal Rights’ (1999) 11(4) Terrorism and Political Violence 159. For example, ARM has used violence against persons in the pursuit of animal rights. 251 See SSCS, ‘Ocean Alliance and Sea Shepherd Join Forces in Operation Toxic Gulf’ www. seashepherd.org/toxic-gulf/overview/overview.html accessed 1 December 2015. 252 Testimony before the Subcommittee on Forests and Forest Health, US Congress, 12 February 2002, (James Jarboe, Domestic Terrorism Section Chief, FBI Counterterrorism Division). 253 See, e.g. Sivan Hirsch-Hoefler and Cas Mudde, ‘“Ecoterrorism”: Terrorist Threat or Political Ploy?’ (2014) 37(7) Studies in Conflict and Terrorism 586; Loadenthal (n 238); Vanderheiden (n 86). 254 Vanderheiden (n 86) 426 (noting that some these groups reject the label ‘eco-terrorists’): at 426–27. Monaghan has argued that activities of some animal rights groups willing to use violence against property and persons can be viewed as incorporating the core characteristics of ‘terrorism’: Monaghan (n 250) 166. 255 Michael Penders and William Thomas, ‘Ecoterror: Rethinking Environmental Security After September 11’ (2002) 16(3) National Resources & Environment 159, 160. 256 See, e.g. Hirsch-Hoefler and Mudde (n 253) 593. 257 Watts-Hosmer, Stanton and Beane (n 239) 160. 258 Loadenthal (n 238) 25. 259 Jackson Brown, ‘Eco-Warriors: An Invisible Line?’ (2012) 26(2) Australian and New Zealand Maritime Law Journal 152, 154. 260 See SSCS, ‘The History of Sea Shepherd’ (n 238); Brown (n 259).

83

OFFSHORE SECURITY THREATS

that violence by radical environmental groups against whaling and the nuclear power industry ‘suggest that the threat of violence by environmentalist extremists [against offshore installations] is not to be dismissed’.261 While Jenkins’ point remains valid, it appears there have not been any acts against offshore petroleum installations since then that can be termed ‘vandalism’. 5.6 Civil protest Civil protest is also considered to be a security threat to offshore oil and gas installations. Civil protest, which can also be referred to as civil disobedience, includes protests of environmental activists, indigenous activists, members of local communities, labour activists and strikes by offshore workers. Offshore protests and strikes have often resulted in interruptions of offshore operations, and in some cases involved unlawful detention of offshore personnel. At least 35 security incidents involving offshore installations can be attributed to civil protest.262 Environmental activists, particularly Greenpeace,263 are responsible for most of the protests directed against offshore installations. Since 1981 Greenpeace has carried out over 25 protests against offshore installations.264 The most highprofile Greenpeace protests against offshore installations are the 1995 protest on Brent Spar offshore platform in the North Sea, which ultimately resulted in the ban on dumping of offshore installations at sea in the North-East Atlantic,265 and the 2013 protest on Prirazlomnaya offshore platform in the Pechora Sea, which resulted in international arbitration between the Netherlands and Russia in the International Tribunal for the Law of the Sea (ITLOS).266 Civil protest also includes interferences with offshore installations caused by labour disputes and strikes of offshore workers, as well as similar actions by members of local communities and indigenous people.267 In August 2002, in Nigeria, a group of 50 women in 15 boats travelled to a Chevron/Texaco offshore drilling rig, boarded it and staged a protest on board the rig against the destruction of their fishing lines and contamination of local waters.268 Dissatisfaction of local populations

261 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 16) 4. 262 See Appendix. 263 Greenpeace is an environmental non-governmental organisation (NGO) with the main aim of protecting and conserving the environment which uses lobbying, quiet diplomacy and high-profile nonviolent conflict: Greenpeace, ‘About Greenpeace’ www.greenpeace.org/international/en/about/ accessed 1 December 2015. 264 See Appendix. 265 Greenpeace, ‘History and Successes: Victories Timeline’ www.greenpeace.org/international/ en/about/history/Victories-timeline/ accessed 1 December 2015. 266 See ‘Arctic Sunrise’ (Kingdom of the Netherlands v Russian Federation), Provisional Measures (Order) (ITLOS, Case No. 22, 22 November 2013); Greenpeace, Statement of Facts Concerning the Boarding and Detention of the MY Arctic Sunrise and the Judicial Proceedings Against All 30 Persons on Board (19 October 2013). 267 In December 2002 in Ecuador, oil geologists and soldiers were captured by Sarayacu Indians, but released several days later in exchange for a government promise not to let oil companies enter the territory without permission of the Sarayacu people: Maass (n 183) 99. 268 ONI, Worldwide Threat to Shipping: Mariner Warning Information (21 August 2002) National Geospatial-Intelligence Agency (NGA) http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/wwtts/ wwtts_20020821000000.txt accessed 1 December 2015.

84

OFFSHORE SECURITY THREATS

with the petroleum industry can become a significant security problem if not managed properly,269 and can result in disruptions to oil company operations. 5.6.1 Geography and enabling factors Environmental groups have been active in the US, Canada and Europe. Labour activists and indigenous protesters have had a major impact on onshore oil and gas activities in some South American countries including Bolivia, Ecuador and Peru. Oil installations in Nigeria have been subjected to a number of environmental and labour protests carried out by members of the local communities. Countries where offshore installations have been affected by civil protest include Australia, Denmark (Greenland), Mexico, the Netherlands, New Zealand, Nigeria, Norway, Russia, Spain (Canary Islands), Turkey, the UK and the US.270 Greenpeace, which is responsible for the majority of protests against offshore installations, conducts operations on the global scale. It has carried out protests against offshore installations in more than ten countries in various parts of the world, but most of Greenpeace’s offshore efforts have been focused on the North Atlantic and especially the Arctic regions as part of its ‘Save the Arctic!’ campaign.271 Labour strikes of offshore workers on board offshore installations have taken place in Nigeria and Australia. In April 2003, striking Nigerian oil workers took over four of Transocean’s offshore platforms off the coast of Nigeria, detained offshore workers who refused to join the strike, and held them captive for more than two weeks while the strike was underway.272 A peaceful takeover of the offshore installation by striking offshore workers took place in Australia in August 1986, when more than 300 offshore workers occupied North Rankin A offshore platform for three days.273 The geographical spread of civil protests on or against offshore installations suggests that this category of threat is not geographically restricted to any particular region, and potentially can occur in any part of the world. So far, the majority of civil protests directed against offshore installations have taken place in economically and politically stable states. 5.6.2 Motivations and objectives Motivations of adversaries that engage in civil protest can vary considerably. Motivations of labour activists and striking offshore workers mostly relate to better working conditions, increased pay levels, issues relating to redundancies and unfair

269 Tsamenyi and Mfodwo (n 27) 3. 270 See Appendix. 271 Ibid. 272 On 16 April 2003, a group of Nigerian workers on board the offshore rig MG Hulme, staged a strike and took over control of the rig, and on 19 April 2003, striking Nigerian workers reportedly seized control of another three offshore rigs belonging to Transocean: Terisa Turner and Leigh Brownhill, ‘Women’s Oil Wars in Nigeria’ (2002) 35(1) Labour, Capital and Society 132, 147. 273 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 16) 4; Andrew Burrell, ‘Oil Rig “Hijack” Propelled Firebrand to Militant Heights’ (The Australian, 23 November 2012) www.theaustralian.com.au/ news/investigations/oil-rig-hijack-propelled-firebrand-to-militant-heights/story-fng5kxvh-1226522345 452# accessed 1 December 2015.

85

OFFSHORE SECURITY THREATS 274

dismissal. The objective of some indigenous people is to stop petroleum activities in their area of habitat. There have been occasions when affected local residents and members of indigenous populations mobilised in order to protest against the oil industry demanding compensation and reparations from oil companies for pollution caused by them. On 25 May 1998 in Nigeria, over 100 unarmed protesters boarded and occupied Chevron’s Parabe offshore oil platform about 9 nautical miles offshore, demanding jobs and monetary compensation for environmental and economic grievances.275 The ultimate goal of many environmental groups is to minimise human impact on the environment, which, in the petroleum context, could mean the reduction or prevention of offshore oil and gas activities. The main objective of Greenpeace’s campaign against the offshore oil and gas industry is to end oil drilling in the Arctic region. Environmental activists are often interested in attracting publicity and media attention to encourage public support of their actions and, if possible, cause public embarrassment to host governments and oil companies.276 Environmental activists often make video recordings of their operations and bring a journalist with them.277 Typically, protesters are ideologically motivated, dedicated to their cause and determined to succeed.278 They are usually not violent, so causing human deaths or injuries is not the intention, but protesters may put their own lives and lives of others at risk in pursuit of their objectives.279 One of the reasons for the absence of violence on the part of environmental activists may stem from a fear of causing environmental damage, which is one of the potential consequences of attacks on offshore installations.280 However, some protests involve unlawful detention of offshore workers. 5.6.3 Capabilities and tactics The capabilities of adversaries engaged in civil protest can also vary considerably. Local residents and indigenous activists usually have limited capabilities to carry out protests against offshore installations. By contrast, large environmental NGOs such as Greenpeace are usually well funded and have much more sophisticated maritime capabilities including ships, rigid-hull inflatable boats (RHIBs), access to aircraft and helicopters, and navigation and communication equipment.281 They are capable of conducting operations far offshore, practically anywhere in the

274 Herbert Cooper, ‘Addressing Energy Supply Vulnerabilities’ (2006) 102(4) CEP Magazine 24, 25. 275 See Appendix. 276 IOGP, Response to Demonstrations at Offshore Facilities (March 2010) 6. 277 Ibid. 278 Ibid. 5; API and NPRA, Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries (2nd edn, 2004) 119. 279 IOGP (n 276) 6. 280 Lia and Kjok (n 28) 115–16. However, as noted by Chalk deliberately causing environmental harm has not yet emerged as a mainstream tactic, but it is certainly one that analysts have considered as a potential motivator for future attacks: Chalk, ‘Maritime Terrorism in the Contemporary Era’ (n 103) 37. 281 See, e.g. Greenpeace, ‘Our Ships’ (2014) www.greenpeace.org/international/en/about/ships/ accessed 1 December 2015; Greenpeace, Annual Report 2013 (2014).

86

OFFSHORE SECURITY THREATS

world. Greenpeace has already demonstrated its ability to engage in coordinated campaigns against the offshore oil and gas industry and cause interferences with offshore installations. On 27 May 2014, Greenpeace carried out its first two nearsimultaneous protests against offshore installations in two different countries.282 Environmental activists are usually well prepared and organised, and have specialised training (e.g. ship boarding, climbing).283 The organisers of protest can have detailed information about an offshore installation that has been selected as a target including its work or operations programme.284 The IOGP has noted that ‘it is almost impossible to prevent a planned and determined attempt by well trained activists to board any installation’.285 The tactics of protesters usually include unauthorised boarding and occupation of offshore installations, blocking passage of installations, and blocking access of installations to offshore drilling sites. Interestingly, Greenpeace activists have used a clever tactic of boarding offshore drilling rigs when they are in transit.286 In Shell Offshore v Greenpeace,287 the US Court of Appeals noted that Greenpeace ‘used illegal “direct action” to interfere with legal oil drilling activities on many such occasions’ and that it uses ‘so-called “direct actions” to achieve its goals’, which admittedly can include illegal activities.288 In this context, Williams, presumably referring to Greenpeace’s tactics, has noted that when RHIBs approaching the offshore installation disregard instructions of the installation’s operator or crew and undertake evasive manoeuvring to avoid being intercepted by authorities, then the threat level and response should increase accordingly.289 In some cases, actions of civil protesters and activists have resulted in unlawful detention of offshore workers.290 For example, on 19 July 2004, eight foreign oil workers were held captive by disgruntled subordinate employees on an oil rig off southern Nigeria, but released the next day.291 Civil protest is a non-violent type of security threat and perpetrators employ non-violent tactics. Nevertheless, such activities cause interferences with offshore installations, and in rare cases peaceful protests and demonstrations can escalate to violence.

282 A group of Greenpeace activists boarded the GSP Saturn offshore drilling rig in the Netherlands and another group boarded the Transocean Spitsbergen semi-submersible offshore drilling rig in Norway’s EEZ. See Appendix. 283 IOGP (n 276) 5. 284 Ibid. 285 Ibid. 286 When an offshore installation is in transit, it is considered to be a ship under international law. Therefore, permission must be obtained from the flag state or state of registration of an offshore rig before the authorities of the coast state or any other state can board the rig and remove the protesters. 287 Shell Offshore Inc v Greenpeace Inc, 43 ELR 20051 No. 12-35332 (Court of Appeals, 9th Circuit, 2013). 288 Ibid. 5. 289 Simon Williams, ‘Offshore Installations: Practical Security and Legal Considerations’ (Center for International Maritime Security, 11 October 2013) http://cimsec.org/offshore-installations-practicalsecurity-legal-considerations/ accessed 1 December 2015. 290 Burges, Daudelin and Fuller (n 189). 291 ONI, Worldwide Threat to Shipping: Mariner Warning Information (21 July 2004) NGA http://msi. nga.mil/MSISiteContent/StaticFiles/MISC/wwtts/wwtts_20040721000000.txt accessed 1 December 2015.

87

OFFSHORE SECURITY THREATS

5.7 Internal sabotage Internal sabotage is also a security threat to offshore oil and gas installations. Sabotage can be defined as ‘the deliberate destruction, disruption or damage of equipment, a public service, etc’.292 Internal sabotage refers to sabotage committed by ‘insiders’ of the oil and gas industry.293 Insiders can be defined as ‘those individuals who normally have authorized access to the asset’.294 Oil company employees and former employees, contractors and offshore service providers, offshore security guards, and other persons working in the offshore oil and gas industry can all be considered insiders. Therefore, internal sabotage can also be referred to as an insider threat. Jenkins has suggested that there are two levels of sabotage: low-level sabotage, which includes actions aimed at temporarily disrupting or disabling a facility or imposing a financial cost on a company, and high-level sabotage, which includes actions intended to destroy a facility, possibly endangering human life.295 Malicious actions of disgruntled, dishonest or terminated employees or other insiders can potentially cause serious disruption to the operations of offshore installations.296 There have been few public available reports of sabotage on offshore installations and hostile workers are believed to be responsible for at least several minor acts of sabotage at offshore installations.297 For example, it has been reported that in early 2009, an oil company contractor was charged in the US federal court in California with sabotaging the computerised controls on an offshore oil rig.298 Internal sabotage is not strictly limited to activities of company and industry insiders. It can also include situations where an insider is colluding with external adversaries, which is also considered a form of internal sabotage. This can include assistance in carrying out or planning an attack on an offshore installation or providing intelligence to external adversaries by deliberately or inadvertently revealing sensitive or confidential information.299 The possibility of insider collusion with external adversaries should not be ignored or underestimated.300 In this context, the concept of ‘social engineering’ is also part of the threat. According to the Centre for the Protection of National Infrastructure (CPNI), ‘social engineering’ refers to the process of obtaining information from someone or gaining access to somewhere

292 Collins Free Dictionary (2014) www.collinsdictionary.com/dictionary/english/sabotage?show CookiePolicy=true accessed 1 December 2015. 293 The inclusion of the term ‘internal’ was to emphasise that the focus is on actions of industry insiders. Sabotage committed by external adversaries would be covered by one of the other threat categories. 294 API, Security Risk Assessment Methodology (n 9) 33. 295 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 16) 12. 296 See OTS, Offshore Security Assessment Guidance Paper (n 232) 15; Gary Stoneburner, Alice Goguen and Alexis Feringa, ‘Risk Management Guide for Information Technology Systems’ (Recommendations of the National Institute of Standards and Technology, July 2002) 14. 297 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 16) 4, 7. 298 See Appendix. 299 Adams (n 187) 140. Amanda East and Bill Bailey, ‘Australia’s Oil Refinery Industry – Importance, Threats, and Emergency Response’ (2008) Security Management. 300 S Bajpai and Jai Gupta, ‘Securing Oil and Gas Infrastructure’ (2007) 55 Journal of Petroleum Science and Engineering 174, 176.

88

OFFSHORE SECURITY THREATS

under false pretence and ‘upon the building of an inappropriate trust relationship with individuals, and can be used against those within an organisation’.301 5.7.1 Geography and enabling factors Internal sabotage is the threat that does not have geographical boundaries. It can occur in both developed and developing countries, and in politically and economically stable and unstable countries. For example, in 1988 in the US, a disgruntled former employee of an oil company in Louisiana accessed the oilfield site at night and disabled all 12 pumping units at the field, and subsequently set an oilfield storage tank on fire resulting in eventual explosion.302 There has been at least one incident where a fake bomb was found on board an offshore installation in the North Sea off the coast of the UK, which was presumed to have been placed there by one of the offshore workers.303 Enabling factors that affect the threat of internal sabotage include the number of daily offshore crew, offshore support personnel, high turnover rate of staff, and diverse nationalities of offshore workers, which increases the potential for internal sabotage, disclosure of confidential information to external adversaries, and infiltration of the offshore industry by adversaries.304 5.7.2 Motivations and objectives Motivations for committing acts of internal sabotage against offshore installations can include revenge, monetary or other personal gain, dissatisfaction with an employer, personal commitment to a cause, and even mental instability.305 On 18 March 2003 in Yemen, a carpenter who worked at an oil rig shot and killed three oil workers and wounded a fourth before killing himself.306 It was reported that his motives appeared to be personal as his colleagues told investigators that he was suffering from depression and had no political interests.307 Causing human casualties or injuries is not usually the intention of the perpetrators of internal sabotage.308 In some cases, financial gain can be the primary motivation and an insider may be willingly selling sensitive information to external adversaries or third parties. 5.7.3 Capabilities and tactics The perpetrators of internal sabotage usually operate with limited physical resources,309 but what they have working in their favour is insider information and knowledge of an offshore installation (e.g. its characteristics, critical points,

301 UK Government, CPNI, Social Engineering: Understanding the Threat (December 2013) 2. 302 Adams (n 187) 15–16. 303 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 16) 3. 304 Adams (n 187) 122. 305 OTS, Offshore Oil & Gas Risk Context Statement (n 193) 19. 306 ‘Gunman Kills 3 Oil Workers in Yemen’ (CNN, 18 March 2003) http://edition.cnn.com/ 2003/WORLD/meast/03/18/yemen.shootings/ accessed 1 December 2015. 307 Ibid. 308 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 16) 6. 309 Ibid., citing Robert Mullen, ‘Attributes of Energy Asset Saboteurs: An Historical Perspective’ (Paper presented at the First International Congress on Physical Protection in Petroleum Installations, undated).

89

OFFSHORE SECURITY THREATS

vulnerabilities, and existing security arrangements) and in most cases sufficient technical expertise to carry out an act of sabotage. In addition, company insiders potentially have unrestricted access to the many areas of an offshore installation and can circumvent security safeguards to carry out an act of sabotage. According to the 1980 study by Mullen, which examined incidents of sabotage directed against energy facilities, ‘saboteurs have generally chosen operations that require few resources and only modest technical skills, entail minimum risk, and have good chances of success’.310 Specific tactics may include sabotage of offshore control equipment resulting in a system shutdown, tampering with and disabling critical equipment resulting in system failure, unauthorised access to restricted areas, use of equipment with malicious intentions, release of hazardous substances, and arson.311 Acts of internal sabotage can be easily disguised as accidents.312 Given that public access to offshore installations is usually limited and restricted, insiders such as offshore workers ‘may be persuaded or coerced into acting on behalf of terrorists or a hostile government’.313 Company insiders and offshore contractors may be sympathisers and accomplices of external adversaries or even members of adversary groups, who have infiltrated the industry posing as legitimate workers.314 Insiders can potentially disclose to adversaries sensitive information about an offshore installation such as photographs, layouts, schematics, crew information and details of security arrangements that can be used in planning and carrying out an attack.315 For example, in February 2006, Iraqi security forces arrested a number of oil protection security guards who were accused of helping insurgents plan attacks on oil installations in the Kirkuk area, and on 28 March 2006 in Saudi Arabia, security forces found and disarmed two explosive-laden vehicles that were located at a house occupied by an employee of an oil company and that displayed the company’s logo.316 These incidents suggest the involvement of company ‘insiders’. 5.8 Inter-state hostilities Inter-state hostilities also pose a threat to the security of offshore installations. Interstate hostilities can cause significant interference with offshore installations and operations and in some cases can result in damage to or destruction of offshore installations. Hostile activities of states that represent a security threat to the petroleum industry can be in the form of inter-state armed conflicts and wars,

310 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 16) 7. 311 OTS, Offshore Security Assessment Guidance Paper (n 232) 24. 312 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 16) 8. 313 Ibid. 12. 314 See, e.g. David Cook, ‘Oil and Terrorism’ (The Global Energy Market: Comprehensive Strategies to Meet Geopolitical and Financial Risks Working Paper Series, James Baker III Institute for Public Policy, May 2008) 25. 315 OTS, Offshore Oil & Gas Risk Context Statement (n 193) 19. 316 Mustafa Alani and Nicole Stracke, ‘Insurgent Attacks on Iraq’s Oil Sector’ (2007) 6 Security & Terrorism Research Bulletin 38; Stephen Ulph, ‘Saudi Arabia’s Islamist Insurgency’ in Erich Marquardt (ed.), Saudi Arabian Oil Facilities: The Achilles Heel of the Western Economy (Jamestown Foundation 2006) 13, 23.

90

OFFSHORE SECURITY THREATS

hostilities arising from maritime boundary disputes and commercial contractual disputes, as well as terrorist acts committed by or on behalf of states, and similar violent acts. Oil and gas installations are often strategic military targets during wars and armed conflicts. It was mentioned in Chapter 1 that oil played a crucial part in WWI and WWII. Oil and gas installations were also a factor during the Iran–Iraq war of 1980–88 and the 1991 Gulf War.317 Offshore installations may sustain significant damage as a result of direct strike or because they are located in the immediate vicinity of combat zones, and in some cases one side can gain control over the offshore installations of the enemy, and use them for its own purposes or destroy them.318 With the coming into force of the LOSC in 1994, conflicting claims to disputed offshore territories have gradually increased.319 The increasing competition for access to offshore oil and gas resources has already resulted in a number of maritime boundary disputes and contested claims to offshore areas that contain significant oil and gas reserves.320 Some of these disputes have been settled peacefully, while others remain a source of conflict and have involved military confrontations such as shows of force and threats of force,321 and in some cases threatened the security of offshore installations. There are a number of examples of offshore petroleum exploration and production being halted for years as a consequence of overlapping maritime claims.322 It has been suggested that maritime boundary disputes may become even more heated in the years ahead as demand for oil and gas resources continues to increase and onshore petroleum reserves continue to deplete,323 and, in the most extreme cases, may result in attacks on offshore installations operating in disputed areas.

317 Adams (n 187) 6–7. In the Iran-Iraq war, oil installations were prime targets from the beginning of the conflict, as both Iran and Iraq attacked each other’s oil refineries, storage facilities and offshore installations in the Persian Gulf: Michael McKinnon and Peter Vine, Tides of War: Eco Disaster in the Gulf (Immel Publishing 1991), cited in Watts-Hosmer, Stanton and Beane (n 239) 157. 318 Giacomo Luciani, ‘Geopolitical Threats to Oil and Gas and the Functioning of the International Oil Market’ (CEPS Policy Brief No. 221, Centre for European Policy Studies, November 2010) 2. 319 Coastal states are now able to claim an EEZ extending to 200 nautical miles from their territorial sea baselines, and the continental shelf areas to a maximum distance of 350 nautical miles from the baseline, in which they enjoy exclusive sovereign rights to exploit oil and gas resources of the seabed. See LOSC arts 56, 57, 60, 76, 77, 80, 81. 320 Michael Klare, Resource Wars: The New Landscape of Global Conflict (Owl Books 2002) 22. 321 Donna Nincic, ‘Troubled Waters: Energy Security and Maritime Security’ in Gal Luft and Anne Korin (eds), Energy Security Challenges for the 21st Century: A Reference Handbook (ABC-CLIO 2009) 31, 32. 322 Gavin MacLaren, ‘International Maritime Boundary Disputes: Legal and Strategic Issues’ (2003) AMPLA Yearbook 387, 388. 323 Michael Klare, ‘There Will Be Blood: Political Violence, Regional Warfare, and the Risk of GreatPower Conflict Over Contested Energy Sources’ in Gal Luft and Anne Korin (eds), Energy Security Challenges for the 21st Century: A Reference Handbook (ABC-CLIO 2009) 44, 53. MacDonald has argued that due to the increasing competition for energy resources, ‘states may begin to develop an offensive component to their energy strategies, with the intent of targeting another’s energy security’: Juli MacDonald, ‘Overview of Global and Asian Energy Trends’ (2009) 23 Papers in Australian Maritime Affairs 3, 10.

91

OFFSHORE SECURITY THREATS

5.8.1 Geography and enabling factors Inter-state hostilities threat is not necessarily limited by geographical factors. Armed conflicts and wars can erupt and escalate in any part of the world including major offshore petroleum producing regions.324 Some of the most devastating attacks on offshore installations took place in the Persian Gulf during the 1980–88 Iran–Iraq war. In March 1983, Iraqi planes attacked an Iranian offshore platform at the Nowruz oilfield, which resulted in the collapse of the damaged platform and the oil slick, which caught fire.325 On 19 October 1987, the US Navy attacked the Iranian Reshadat offshore complex in response to an alleged Iranian missile strike on the US-flagged Kuwaiti oil tanker Sea Isle City, and on 18 April 1988, the US attacked and destroyed Iranian Salman and Nasr offshore oil platforms after its frigate USS Samuel B Roberts was damaged by a mine allegedly belonging to Iran.326 Maritime boundary disputes and contested claims over offshore territories containing oil and gas resources, on the other hand, tend to be more limited to certain geographical areas including the Persian Gulf,327 the Caspian Sea,328 the Caribbean Sea region,329 the East China Sea,330 and the South China Sea.331 In the South China Sea, maritime boundary disputes have resulted in gunboat standoffs

324 See, e.g. DHS (n 13) 3. 325 US Gulf Task Force, Environmental Crisis in the Gulf: The US Response (6 November 1992), cited in Watts-Hosmer, Stanton and Beane (n 239) 158. 326 These incidents subsequently led to international litigation and formed the basis of claims in the Oil Platforms case. See Oil Platforms (Islamic Republic of Iran v United States of America)(Judgment) [2003] ICJ Rep 161. 327 Iran, Saudi Arabia and Kuwait each claim partial ownership of the large Dorra offshore natural gas field in the Persian Gulf: Cooper (n 274) 25. 328 In July 2001, Iran deployed a warship and fighter planes to the disputed area in waters claimed by both Azerbaijan and Iran in order to force out an oil exploration vessel contracted by BP under conditions authorised by Azerbaijan: Nincic (n 321) 32; Klare, ‘There Will Be Blood’ (n 323). 329 The Venezuelan Navy has boarded offshore oil platforms of Trinidad and Tobago, and fired on Trinidadian vessels operating in an area claimed by both countries in the Caribbean Sea region: Klare (n 320) 231. In June 2000, the Surinamese Navy gunboats threatened to attack and drove out the oil drilling rig CE Thornton contracted by the Canadian company CGX Energy under a licence from the Guyanese government to conduct exploratory drilling in a disputed area claimed by both Guyana and Suriname. See Nincic (n 321) 32; Klare, Resource Wars (n 320) 231; Patricia Kwast, ‘Maritime Law Enforcement and the Use of Force: Reflections on the Categorisation of Forcible Action at Sea in the Light of the Guyana/Suriname Award’ (2008) 13(1) Journal of Conflict and Security Law 49, 49–50. On 24 October 2012, a Venezuelan Navy gunboat boarded an oil drilling platform operating under a licence by Trinidad and Tobago in the Soldado field in the Gulf of Paria off southwest Trinidad and questioned offshore workers, claiming that the rig was operating in Venezuelan waters: ‘Calling Caracas’ (Trinidad and Tobago Newsday, 29 October 2012) www.newsday.co.tt/editorial/print,0,168466.html accessed 1 December 2015. 330 In early 2005, China began drilling in the Chunxiao natural gas field, part of which is located in the contested territory claimed by both China and Japan, and by September 2005, Japanese patrol planes had commenced regular flights over Chinese drilling rigs located near the disputed area. In response, China sent several missile-armed destroyers and frigates to the area, and at one point a gun turret of the Chinese ship was apparently aimed at a Japanese plane: Klare, ‘There Will Be Blood’ (n 328) 52–53. 331 See also Clive Schofield (ed.) Maritime Energy Resources in Asia: Legal Regimes and Cooperation (Special Report No. 37, National Bureau of Asian Research, February 2012); Gerald Blake et al. (eds), Boundaries and Energy: Problems and Prospects (Kluwer Law 1998).

92

OFFSHORE SECURITY THREATS

that threatened the security of offshore installations. For instance, in the 1990s, China and Vietnam began oil exploration in two overlapping and disputed areas of the South China Sea known as Wan An Bet and Tu Chinh, and on at least two occasions China deployed warships to stop a Vietnamese drilling rig from operating in the area.332 In 2003, a maritime boundary dispute between Malaysia and Brunei escalated to a gunboat standoff when companies licensed by the respective countries commenced offshore operations in the disputed area.333 More recently, in May 2014, tensions between Vietnam and China erupted again, when a Chinese offshore drilling rig arrived in an area claimed by both countries, resulting in a hostile confrontation between Chinese and Vietnamese ships at the drilling site.334 5.8.2 Motivations and objectives In most cases, the motivations of states are political, strategic and economic. During armed conflict or war, offshore installations can be viewed as strategic military targets and the objective may be to cause maximum damage to an offshore installation in order to deprive the enemy of petroleum supplies and fuel needed to conduct the war, and in the extreme cases cripple domestic industries with severe consequences for the country’s economy.335 In the last days of the Iraqi invasion of Kuwait in 1990–91, Iraqi troops deliberately set on fire or blew up hundreds of Kuwait’s oil wells, which took about a year to extinguish, and almost devastated the entire petroleum industry of Kuwait.336 Seizing offshore installations of the enemy to secure access to oil supplies may also be an objective of hostile states during an armed conflict. The motivation behind disputes over offshore territories may be economic or political, but often with the ultimate objective of securing access to petroleum resources that may be vital to the economy and energy security. Other motivations may be to demonstrate national and military power. It has been suggested that China’s objectives in the May 2014 confrontation with Vietnam involving the offshore drilling rig Haiyang Shiyou 981 was to demonstrate to regional states that the US is unable to do anything meaningful to resolve the situation in the South China Sea.337 With competition for access to oil and gas resources, sovereignty claims of states may be mixed with commercial interests. It has been suggested that offshore drilling rigs are ‘a mobile manifestation of state sovereignty and energy companies being

332 Nincic (n 321) 32. 333 MacLaren (n 322) 400. 334 Jen Maman, ‘Power Drilling: When an Oil Rig Is a Political Weapon’ (Making Waves, 26 May 2014) www.greenpeace.org/international/en/news/Blogs/makingwaves/power-drilling-when-an-oil-rig-isa-political/blog/49372/ accessed 1 December 2015. See Appendix. 335 Watts-Hosmer, Stanton and Beane (n 239) 157. 336 Ibid.; Jan Fedorowicz, ‘The Ten-Thousand Mile Target: Energy Infrastructure and Terrorism Today’ (Critical Energy Infrastructure Protection Policy Research Series No. 2-2007, CCISS, March 2007) 2; Adams (n 187) 7. 337 Carl Thayer, ‘China’s Oil Rig Gambit: South China Sea Game-Changer?’ (The Diplomat, 12 May 2014) http://thediplomat.com/2014/05/chinas-oil-rig-gambit-south-china-sea-game-changer/ accessed 1 December 2015.

93

OFFSHORE SECURITY THREATS 338

used as a political weapon’. There have been instances where control over offshore installations has been seized by naval forces due to contractual disputes, as demonstrated by the 22 August 2006 takeover by the Iranian Navy of the Romanianowned offshore oil rig Orizont in the Salman field off the coast of Iran.339 5.8.3 Capabilities and tactics Most states have sufficient naval or air force capabilities to cause significant damage to or complete destruction of an offshore installation. Direct navy attacks and air strikes, and seizure of offshore installations are the tactics that may be employed in an armed conflict or war. During the Iran–Iraq war, Iran seized all offshore installations in the Dorra oilfield of the Neutral Zone between Kuwait and Saudi Arabia and managed by the Arabian Oil Company.340 Other tactics of hostile states may include the takeover of offshore installations, blocking access to offshore fields in order to prevent offshore activities in disputed maritime areas, unauthorised boarding and threat of force. In June 2000, the Surinamese warships ordered the US-owned oil drilling rig CE Thornton, operating under a licence from Guyana, to stop drilling immediately and leave a disputed area claimed by both Guyana and Suriname within 12 hours and threatened to use force against the rig in the event of non-compliance.341 It is also possible that a hostile state could resort to terrorism-type tactics, especially during an armed conflict or war, or may engage non-state actors to carry out ‘proxy attacks’ against offshore installations of the enemy to maintain plausible deniability.342 Reportedly, in the 1980–88 Iran–Iraq war, Iran made extensive use of proxy-executed attacks carried out by extremist groups against oil tankers and offshore installations in the Persian Gulf.343 5.9 Cyber threats With the increasing reliance on computer networks and information and communication technology (ICT) in the offshore petroleum industry, malicious cyber activities have become an emerging category of offshore security threats, and therefore they warrant to be placed in a separate threat category. According to the 2012 Australian Government report on the security of the offshore oil and gas industry: ‘Despite the cost efficiency and logistic advantages of the use of remotely

338 Maman (n 334). The 1990 Iraq’s invasion of Kuwait was also partly due to disputes over oilproducing regions and competing interests for petroleum resources: Michael Wesley, ‘Power Plays: Energy and Australia’s Security’ (Strategy Report, ASPI, October 2007) 13. 339 See Appendix. 340 Adams (n 187) 6. 341 Nincic (n 321) 32; Klare (n 320) 231; Kwast (n 329) 49–50. 342 See Fariborz Haghshnass, ‘Iran’s Asymmetric Naval Warfare’ (Policy Focus No. 87, Washington Institute for Near East Policy, September 2008) 9. 343 See, e.g. Chalk, ‘Maritime Terrorism in the Contemporary Era’ (n 103) 35; Andrew Forbes, ‘Protecting Middle East Seaborne Energy Exports’ (2008) 8 Security & Terrorism Research Bulletin 4, 6; Andrew Forbes, ‘The Economic Impact of Disruptions to Seaborne Energy Flows’ (2008) 23 Papers in Australian Maritime Affairs 57, 57.

94

OFFSHORE SECURITY THREATS

controlled SCADA type systems, the reliance on external supervisory control of [offshore] facilities creates new and additional threats, which need to be understood and mitigated.’344 ‘Cyber threats’ is the term that refers to threats emanating from cyberspace. The types of cyber threats include cyber-terrorism,345 cyber-activism (known as hacktivism), cyber-crime, cyber-espionage and cyber-sabotage. The actors that engage in cyber operations include hackers, malicious cyber-activists such as a group known as Anonymous, terrorist groups, organised criminal groups, hostile states, industry insiders,346 and even players ‘in the oil and gas markets seeking a predatory competitive economic advantage by disrupting the operations of other market players’.347 Cyber threats can include any of the categories of offshore security threats discussed earlier in this chapter. It is somewhat a combination of various threats or adversaries operating in the cyber domain (i.e. cyberspace) or using cyberspace as a means for carrying out attacks. Cyber threats can also be described as cybermanifestation of other types of offshore security threats, but there are a number of actors that are unique to this threat category. Malicious cyber activities ‘can assume a variety of operational typologies’ ranging from more formal and highly skilled and resourced organisations such as the Chinese People’s Liberation Army (PLA) Unit 61398,348 to more loosely structured groups such as Al-Qaeda and its affiliated groups and even lone hackers. It has become increasingly possible for individuals or groups skilled in computer technology to attack critical infrastructures remotely and anonymously,349 and often with few chances of early detection. 5.9.1 Geography and enabling factors The Internet has provided a global platform for various kinds of adversaries to carry out cyber attacks on critical infrastructures including offshore installations.350 Cyber threats are not constrained by geography or distance. Cyber attacks can be launched remotely from anywhere in the world, even from multiple locations simultaneously,351 and there is little chance of finding the origin of the attacks and identifying the perpetrators,352 let alone apprehending them. Based on little information reported publicly, countries where cyber attacks against oil and gas industry have been

344 OITS, Offshore Oil and Gas Resources Sector Security Inquiry (June 2012) 108. 345 See Lee Jarvis, Stuart Macdonald and Lella Nouri, ‘The Cyberterrorism Threat: Findings from a Survey of Researchers’ (2014) 37(1) Studies in Conflict and Terrorism 68. 346 US Government, Department of Energy (DOE), National Petroleum Council (NPC), Securing Oil and Natural Gas Infrastructures in the New Economy (June 2001) 20; Rudner (n 137) 454. 347 OSCE, Good Practices Guide on Non-Nuclear Critical Energy Infrastructure Protection (NNCEIP) from Terrorist Attacks Focusing on Threats Emanating from Cyberspace (2013) 25. 348 See Mandiant, APT1: Exposing One of China’s Cyber Espionage Units (2013). 349 WEF, Global Risks Report 2012 (7th edn, 2012) 24. 350 NPC (n 346) 20. 351 DFAT, Transnational Terrorism: The Threat to Australia (2004) 18. 352 David Clark, Thomas Berson and Herbert Lin (eds) At the Nexus of Cyberspace and Public Policy: Some Basic Concepts and Issues (National Academies Press 2014) 32–35.

95

OFFSHORE SECURITY THREATS

reported include Saudi Arabia, Qatar, Iran, Norway and the US. There have been several reported cyber attacks on offshore installations. For example, in October 2012, Iranian Offshore Oil Company (IOOC) announced that its offshore platforms were the targets of a cyber attack,353 which was deterred and affected only the communications systems of the network.354 It has also been reported that in 2010, critical control systems of an offshore drilling rig in transit from its construction site in South Korea to South America was attacked by malware to a degree ‘that it had to shut down for 19 days in order to clear the issue’.355 Advances in ICT present a range of enabling factors for the existence and emergence of cyber threats. The increasing connectivity and portable communication devices enable potential attackers to obtain tools that may be needed to carry out attacks against offshore installations such as malware and virus codes, as well as information and literature on cyber vulnerabilities of SCADA systems that are used extensively in the offshore industry to monitor and control various processes. Hacker tools have become more readily available and easy to use which makes it possible even for adversaries without specific hacker skills to use these tools to carry out cyber attacks.356 This, in effect, lowers the threshold of skills required to carry out cyber attacks. 5.9.2 Motivations and objectives Cyber attacks against offshore installations can be carried out for various reasons and with various motivations ranging from financial gain (e.g. oil market manipulation, extortion by hackers or organised criminal groups); political, ideological, ecological motives (i.e. drawing public attention to the issue) and even personal motives (e.g. showcasing skills).357 For example, in 2012, hacktivist group Anonymous expressed its intention to target the ICSs of oil and gas companies as part of its environmental agenda.358

353 ‘Israeli Cyber Attacks Targeted Offshore Oil, Gas Platforms – Iran IT Head’ (RT, 8 October 2012) http://rt.com/news/iran-offshore-drilling-cyberattack-904/ accessed 1 December 2015. 354 Kable International, ‘Iranian Oil Platforms Face Cyber Attack’ (Offshore Technology, 9 October 2012) www.offshore-technology.com/news/newsiranian-oil-cyber-attack-uranium accessed 1 December 2015; ‘Israeli Cyber Attacks Targeted Offshore Oil, Gas Platforms’ (n 353). 355 CyberKeel, ‘Maritime Cyber-Risks’ (White Paper, 15 October 2014) 10 (also noting that ‘[a]ccording to Michael Van Gemert from Lloyds Register Drilling Integrity Services this was only one of several such incidents’). 356 Malware can be obtained relatively easy from the underground online markets: Robert Lemos, ‘Cyber-Attack Campaign Targets Energy Firms, Industrial Control Systems’ (eWeek, 2 July 2014) www.eweek.com/security/cyber-attack-campaign-targets-energy-firms-industry-control-systems.html accessed 1 December 2015. 357 See, e.g. Robert Burgers et al., ‘Middle East Needs Cyber Security From Within: Utilities Face Energy Threat’, in Tseard Zoethout (ed.) DVN KEMA Energy & Sustainability www.dnvkema.com/ Images/Middle%20East%20needs%20cyber%20security%20from%20within%20-%20Utilities% 20face%20energy%20threat.pdf accessed 1 December 2015; ‘Cyber Attacks Could Wreck World Oil Supply’ (Sydney Morning Herald, 9 December 2011) www.smh.com.au/it-pro/security-it/cyber-attackscould-wreck-world-oil-supply-says-oil-companies-20111209-1omap.html accessed 1 December 2015. 358 Rudner (n 137) 464 (noting that Anonymous ‘specifically supports the environmentalist campaign against the Alberta Oil Sands and the proposed Keystone XL oil pipeline’ in Canada).

96

OFFSHORE SECURITY THREATS

Some perpetrators may use cyber attacks to steal sensitive company information without interfering with operations of offshore installations, while other perpetrators may be aiming to cause substantial damage to offshore installations and many human casualties as well as wide societal damage or harm.359 Hackers may intrude and take over control of key industrial processes and services simply to show off their cyber skills.360 The motivations behind cyber attacks are usually not obvious and may be difficult to determine especially in the early stages of the attack, which in turn creates problems for responses to cyber attacks. This is particularly true when a perpetrator is acting as a proxy for other adversaries, such as hostile states. 5.9.3 Capabilities and tactics Perpetrators can range from individuals or small groups with limited resources to terrorist groups and hostile states with significant capabilities and resources, but the level of hacker sophistication has generally evolved.361 Individuals and groups of adversaries are constantly developing new cyber attack techniques and capabilities to keep pace with technological advances.362 Technological capabilities are constantly increasing while the costs of technology are decreasing, thus creating a situation where cyber threats continue to grow, flourish and evolve.363 It is becoming easier and cheaper to carry out cyber attacks on critical infrastructures with potential for causing serious physical impacts on infrastructure facilities, in this case offshore installations. Adversaries do not need to have technical skills in computer technology to carry out cyber attacks as they can engage individuals or groups with the necessary skills to carry out cyber attacks on their behalf for a fee. Terrorist organisations such as Al-Qaeda reportedly have members with ICT and engineering skills.364 Hacktivists such as Anonymous have already carried out cyber attacks against oil companies and their installations and it is expected that hackers will be able to develop new cyber capabilities to infiltrate ICS networks.365 It has also been reported that a cyber attack on an offshore installation off the coast of Africa caused the installation to tilt slightly to one side, forcing it to shut down operations.366 One of the concerning issues in cyber security is the apparent involvement of state actors in cyber attacks against critical infrastructures. A number of states are ‘devoting significant resources to developing cyber weapons and defences’.367 The

359 OSCE (n 347) 25. 360 Rudner (n 137) 465. 361 NPC (n 346) 23. 362 Ibid. 363 See, e.g. Aditya Sood and Richard Enbody, ‘Crimeware-as-a-Service - A Survey of Commoditized Crimeware in the Underground Market’ (2013) 6(1) International Journal of Critical Infrastructure Protection 28. 364 Rudner (n 137) 454, 459. 365 Ibid. 464. 366 IMO, Measures Toward Enhancing Maritime Cyber Security, Submitted by Canada and US, MSC, 94th sess, Agenda Item 4, IMO Doc MSC 94/4/1 (12 September 2014) 2; CyberKeel, ‘Maritime CyberRisks’ (White Paper, 15 October 2014) 11. 367 WEF (n 349) 26.

97

OFFSHORE SECURITY THREATS

cyber threats to industrial infrastructures emanating from hostile states, state actors and state-sponsored cyber attackers became particularly evident when the Stuxnet malware was discovered in an Iranian nuclear power facility in 2010.368 Stuxnet is a highly sophisticated malware capable of invading process control systems, and potentially disrupting critical processes of a target.369 It is considered the first malware specifically designed to disrupt ICSs,370 and ‘the first visible attack to have a significant impact on process control’.371 The complexity of the Stuxnet malware and the level of technical and financial resources that would be required to develop a highly sophisticated malware such as Stuxnet and Duque,372 ‘point either to direct state involvement or to state sponsorship of such proxies as criminals, terrorists, or hackers’.373 The incident ‘has demonstrated that a determined and well-financed adversary can inflict significant damage even to seemingly isolated networked infrastructures’ that are not connected to the Internet.374 However, considering the difficulties relating to identifying the perpetrators, any state actors involved can officially distance themselves from attacks, maintaining plausible deniability.375 Some of the methods and tactics used in cyber attacks include online attacks via office networks, unauthorised use of remote maintenance access points, the use of ‘denial-of-service’ attacks, introducing malware into computer networks via removable media and external hardware by industry insiders.376 Different adversaries may utilise the same tactics and modes of operation, which makes ‘the task of identifying perpetrators, their intentions, and targets an elusive exercise, at least in the early stages’.377 A more elaborate and effective tactic is when perpetrators use malware such as Oldrea (also known as Havex) and Karagany.378 The attackers exploit vulnerabilities of the websites of ICS and SCADA vendors in order to break in, and then they

368 OSCE (n 347) 35; Constantinos Hadjistassou and Antonis Hadjiantonis, ‘Risk Assessment of Offshore Oil and Gas Installations Under Cyber Threats’ (Energy Sequel, 25 January 2013) www.energysequel.com/risk-assessment-of-offshore-oil-and-gas-installations-under-cyber-threats/ accessed 1 December 2014. 369 See, e.g. Stewart Baker, Natalia Filipiak and Katrina Timlin, ‘In the Dark: Crucial Industries Confront Cyberattacks’ (2011) 7–8. 370 Rudner (n 137) 460; OITS (n 344) 108. 371 ‘Cyber Attacks Could Wreck World Oil Supply’ (n 357). 372 Duque worm, which was apparently built on the Stuxnet framework, is one of the most sophisticated threats existing today and it is very difficult to detect. Like Stuxnet, Duque is designed to target industrial facilities, but Duque is focused on collecting information rather than destructive commands: Malware News, ‘Duque Worm—The Stuxnet’s Follower’ (Spyware Terminator, 4 April 2012) www.spywareterminator.com/news/news-detail.aspx?id=96 accessed 1 December 2015. 373 Rudner (n 137) 462; Hadjistassou and Hadjiantonis (n 368). 374 Hadjistassou and Hadjiantonis (n 368). 375 Jennifer Giroux and Peter Burgherr, ‘Canvassing the Targeting of Energy Infrastructure: The Energy Infrastructure Attack Database’ (July 2012) Journal of Energy Security www.ensec.org/index. php?option=com_content&view=article&id=379:canvassing-the-targeting-of-energy-infrastructure-theenergy-infrastructure-attack-database&catid=128:issue-content&Itemid=402 accessed 1 December 2015. 376 OSCE (n 347) 25, 34; NPC (n 346) 23. 377 Rudner (n 137) 463. 378 Symantec, ‘Dragonfly: Cyberespionage Attacks Against Energy Suppliers’ (2014) 7.

98

OFFSHORE SECURITY THREATS

replace legitimate software installers available for download to SCADA users (e.g. oil companies) with infected software that, in turn, installs a remote access tool (RAT) on the computers of targeted companies in order to gather details about SCADA-type hardware connected to infected computers or devices, a tactic known as ‘SCADA sniffing’.379 The researchers from F-Secure, an anti-virus provider company, have argued that this kind of pattern suggests the attackers are interested in controlling such environments, which ‘is not commonly observed today’.380 The global use of computer viruses and malicious software aimed at disrupting company operations, particularly in the energy sector, is increasing.381 It is fair to assume that malware that is considered highly sophisticated today (e.g. Stuxnet and its variants) will be considered primitive in a decade.382 5.10 Unauthorised/suspicious conduct Any unauthorised or suspicious activities (whether unintentional or deliberate) of legitimate users of the sea (e.g. cargo ships, fishing vessels, recreational boats, yachts and other maritime craft) 383 in the vicinity of offshore installations (such as not responding to radio communication attempts or entering a safety zone without authorisation) can be interpreted as a security threat. Any vessel in the maritime environment may potentially be carrying or may be operated by adversaries with the intention of attacking an offshore installation. There have been a number of incidents of cargo ships infringing safety/security zones around offshore installations.384 Operators of offshore installations have also expressed concerns about fishing vessels operating in the areas adjacent to offshore installations occasionally making approaches to offshore installations.385 Although legitimate users of the sea do not have any intent to attack an offshore installation, from an installation operator’s or OIM’s perspective, when a vessel approaches an installation or enters the safety zone, security personnel on board the installation are likely be on heightened alert and may be prompted to activate security or emergency procedures and protocols.386 Therefore, such unauthorised and suspicious activities in close proximity to offshore installations can cause disruptions to their normal operations.

379 Daavid Hentunen and Antti Tikkanen, ‘Havex Hunts for ICS/SCADA Systems’ (F-Secure, 23 June 2014) www.f-secure.com/weblog/archives/00002718.html accessed 1 December 2015. 380 Ibid. 381 NPC (n 346) 23. 382 WEF (n 349) 26. 383 For example, some recommended yachting routes path not far from offshore installations such as in the Caribbean Sea. 384 IMO, Safety Zones and Safety of Navigation around Offshore Installations and Structures, Assembly, Resolution 671(16), Agenda Item 10, IMO Doc A Res.A.671(16) (19 October 1989). IMO Resolution A.671(16) contains recommendations on measures to prevent the infringement of safety zones around offshore installations. 385 See, e.g. Australian Government, Australian Customs Service, Annual Report 2002–03 (2003) 68. 386 Williams (n 289) para 4.

99

OFFSHORE SECURITY THREATS

6 Links between offshore security threats The contemporary security environment has become quite complex with multiple state and non-state actors pursuing their interests and agendas, and some of these actors are often involved in closely related violent or unlawful activities. The earlier discussion in this chapter hinted that there are potential overlaps, links and interrelationship between different categories of offshore security threats. This interrelationship can be referred to as the ‘threat nexus’. The overlaps and links between different threats have been widely discussed in the literature.387 In particular, scholars, policy analysts and the like have focused on the links between piracy, terrorism, organised crime and insurgency. It is not the intention to review that body of literature here, but rather to comment briefly on some of these overlaps, links and interrelationships in the context of offshore petroleum security. The dynamic risk nature of the offshore petroleum security environment tends to blur the boundaries between different offshore security threats, making it difficult to identify, characterise and evaluate them. The commentaries of various writers and the analysis of past attacks on offshore installations and other maritime and petroleum related targets suggest that links and overlaps between different threats exist in relation to three aspects. The first aspect is conceptual. It can be seen from the analysis of various offshore security threats that these terms or concepts usually have more than one definition and there is no consensus as to what the meanings of those concepts are. Some of the security threats are closely related activities and their definitions may have common elements.388 In the context of offshore installations security, one of the common elements of these concepts is that most of these threats involve violence at sea. The second aspect relates to cooperation. There may well be areas of cooperation between adversaries belonging to different threat categories, for example when they have a common enemy or similar ideological views or strategic objectives. Murphy

387 See, e.g. Hansen (n 21); Annette Idler, ‘Exploring Agreements of Convenience Made among Violent Non-State Actors’ (2012) 6(4-5) Perspectives on Terrorism 67; Giroux, ‘Global Platforms and Big Returns’ (n 206); Morris (n 157); Murphy, Small Boats, Weak States (n 70) 161; Murphy, ‘Contemporary Piracy and Maritime Terrorism’ (n 62) 78; Douglas Burgess, The World for Ransom: Piracy is Terrorism, Terrorism is Piracy (Prometheus Books 2010); Frederick Chew, ‘Piracy, Maritime Terrorism and Regional Interests’ (2005) Geddes Papers 73; Rosenau (n 157); Sam Bateman, ‘The Threat of Maritime Terrorism in South East Asia: What Are We Dealing With?’ (2008) 21 Papers in Australian Maritime Affairs 27; Hayder Mili, ‘Tangled Webs: Terrorist and Organized Crime Groups’ in Jonathan Hutzley (ed.), Unmasking Terror: A Global Review of Terrorist Activities (Jamestown Foundation 2007) vol 3, 91; Alex Schmid, ‘The Links between Transnational Organized Crime and Terrorist Crimes’ (1996) 2(2) Transnational Organized Crime 66; John Picarelli, ‘Osama bin Carleone? Vito the Jackal? Framing Threat Convergence Through an Examination of Transnational Organized Crime and International Terrorism’ (2012) 24(2) Terrorism and Political Violence 180; Thomas Holt, ‘Exploring the Intersections of Technology, Crime, and Terror’ (2012) 24(2) Terrorism and Political Violence 337; Douglas Guilfoyle, ‘Piracy and Terrorism’ in Panos Koutrakos and Achilles Skordas (eds) The Law and Practice of Piracy at Sea: European and International Perspectives (Hart Publishing 2014) 33; Martin Murphy, ‘Petro-Piracy: Oil and Troubled Waters’ (2013) 57(3) Orbis 424; Ali Kamal-Deen, ‘The Anatomy of Gulf of Guinea Piracy’ (2015) 68(1) Naval War College Review 93, 99–101. 388 Bateman, ‘The Threat of Maritime Terrorism in South East Asia’ (n 387) 32.

100

OFFSHORE SECURITY THREATS

suggests that ‘in a busier and even less regulated maritime world, such functional relationships between networks of common criminals and insurgents using terrorism could thrive and their combined skills and resources could present greater challenges to maritime security’.389 Giroux noted that the proceeds of organised crime can go to an interconnected nexus of insurgency, criminal organisations, complicit private companies, and corrupt government officials,390 which seems to be the case in Nigeria. However, any cooperation between various groups of adversaries or threats does not necessarily mean that they will start carrying out joint attacks against offshore installations. The third aspect relates to transformation or blending of some threats resulting in the ‘hybrid nature’ of some adversaries. Adversaries are motivated by a range of objectives where the distinction between political and criminal motivations is becoming increasingly blurred.391 Violent non-state actors often represent hybrid (e.g. criminal/political) groups,392 suggesting that some non-state actors may fit more than one category of threats. For example, insurgency groups may engage in criminal activities, sometimes in cooperation with organised criminal syndicates, to fund their conventional insurgency operations.393 Some insurgent groups that operate in proximity to coastal areas have been active in piracy and used piratical methods to raise money for their campaigns.394 Hansen proposes a ‘four circles model’ approach for the assessment of maritime security threats,395 arguing that understanding different categories of threats, as well as their distinctions and the interrelationship between them is important, and ‘this holistic approach will result in greatly improved and useful threat intelligence’.396 In the assessment of security threats to offshore installations, it is possible to add five more circles to Hansen’s model: ‘vandalism’, ‘civil protest’, ‘inter-state hostilities’, ‘internal sabotage’ and ‘cyber threats’. As shown in Figure 3.1, vandalism overlaps with civil protest and terrorism, while civil protest overlaps with insurgency and vandalism, but not with terrorism. Activities that represent a link between the threats of inter-state hostilities and terrorism are state terrorism and state-sponsored terrorism. Although not shown in Figure 3.1, inter-state hostilities may overlap with any other categories of threats.

389 Murphy, ‘Contemporary Piracy and Maritime Terrorism’ (n 62) 78. 390 Giroux, ‘Global Platforms and Big Returns’ (n 206) 19–20. 391 Ibid. 18. 392 Klejda Mulaj, ‘Introduction: Violent Non-State Actors: Exploring Their State Relations, Legitimation, and Operationality’ in Klejda Mulaj (ed.), Violent Non-State Actors in World Politics (Hurst 2010) 1, 4. 393 Hansen (n 21) 77. For example, in Nigeria, oil theft and kidnapping for ransom provided an important source of revenue for insurgents in the region: Erich Marquardt, ‘The Niger Delta Insurgency and Its Threat to Energy Security’ in Jonathan Hutzley (ed.), Unmasking Terror: A Global Review of Terrorist Activities, vol. 3 (Jamestown Foundation 2007) 236, 241. 394 Murphy, Small Boats, Weak States (n 70) 161. 395 For illustration of the ‘four circles model’ see Risk Intelligence, ‘Risk Intelligence Approach’ (2010) www.riskintelligence.eu/about/approach/ accessed 1 December 2015. 396 Hansen (n 21) 74.

101

OFFSHORE SECURITY THREATS

Internal sabotage and cyber threats are the two offshore security threats that potentially overlap with all of the other threat categories.397 With respect to internal sabotage, company or industry ‘insiders’ (e.g. disgruntled employees) may be sympathisers of and/or have ties to terrorist organisations, insurgency movements, environmental groups, and organised criminal groups, and may provide assistance to any of these external adversaries.398 Similarly to internal sabotage, the cyber threat category potentially overlaps with any or all of the other threat categories. As noted earlier in this chapter, cyber attacks could potentially be carried out by adversaries belonging to any of the above categories of threat. Insiders with knowledge of the system and relevant technical skills in ICT, whether acting on their own or in collusion with other adversaries, can relatively easily gain unauthorised access to restricted networks even in well secured environments, manipulate network components, and potentially cause disruptions to the operations or damage to offshore installations.399 There have been

Cyber Threats Interstate Hostilities

Piracy

Organised Crime

Terrorism

Insurgency

Internal Sabotage

Vandalism

Civil Protest

Figure 3.1 Offshore security threats nexus. Source: Author, based on Hansen (n 21) 78.

397 For the ease of reading, both internal sabotage and cyber threats are displayed separately from all other threats in Figure 3.1, but links and overlaps with other threats are indicated with arrows. 398 For example, a labour dispute resulting in a strike by offshore workers on board an offshore installation, which can result in protesting workers taking over the control of the installation, possibly represents a conceptual aspect of the overlap between civil protest (i.e. non-violent threat) and internal sabotage (i.e. carried out by insiders). 399 OSCE (n 347) 25.

102

OFFSHORE SECURITY THREATS

claims that state actors may be behind some of the most sophisticated cyber attacks carried out against energy infrastructure assets. However, Figure 3.1 does not necessarily represent an accurate picture of the links, overlaps and interrelationships between various types of offshore security threats. In fact, the threat environment is even more complex and threats are more inter-related with each other. A more accurate illustration of the overlaps between offshore security threats and their interrelationships is illustrated in Figure 3.2. 7 Ranking of offshore security threats Having identified categories and evaluated offshore security threats, the next step is to rank them based on threat ranking criteria. The API SRA methodology uses the five-level threat ranking system for defining threat rankings: level 1 (very low), level 2 (low), level 3 (medium), level 4 (high), and level 5 (very high). Level 1 ‘indicates little or no credible evidence of capability or intent and no history of actual or planned threats against the asset or similar assets’; level 2 indicates ‘a low threat against the asset or similar assets and that few known adversaries would pose a threat to the asset’; level 3 ‘[i]ndicates that there is a possible threat to the asset or similar assets based on the threat’s desire to compromise similar assets, but no specific threat exists for the facility or asset’; level 4 ‘[i]ndicates that a credible threat exists against

CYBER THREATS CIVIL PROTEST PIRACY INTERNAL SABOTAGE INSURGENCY CIVIL PROTEST ORGANISED CRIME INTERNAL SABOTAGE TERRORISM VANDALISM ORGANISED CRIVE INTERSTATE HOSTILITIES INSURVENCY TERRORISM TERRORISM CYBER THREATS INTERNAL SABOTAGE CIVIL PROTEST VANDALISM PIRACY ORGANISED CRIVE PIRACY INTERNAL SABOTAGE VANDALISM INTERSTATE HOSTILITIES PIRACY INSURGENCY ORGANISED CRIVE INTERNAL SABOTAGE CYBER THREATS VANDALISM INTERSTATE HOSTILITIES VANDALISM PIRACY TERRORISM ORGANISED CRIVE INTERNAL SABOTAGE CYBER THREATS INTERSTATE HOSTILITIES CIVIL PROTEST

Figure 3.2 Alternate illustration of offshore security threat nexus. Source: Author.

103

OFFSHORE SECURITY THREATS

the asset or similar assets based on knowledge of the threat’s capability and intent to attack the asset or similar assets, and some indication exists of the threat specific to the company, facility, or asset’; and level 5 ‘[i]ndicates that a credible threat exists against the asset or similar assets; that the threat demonstrates the capability and intent to launch an attack; that the subject asset(s) are targeted or attacked on a frequently recurring basis; and that the frequency of an attack over the life of the asset is very high’. In assigning threat ranking to each category of offshore security threats based on the API SRA methodology threat ranking system, it should be noted that the API SRA methodology provides that ‘user defined values should be applied’ to their threat ranking criteria.400 Accordingly, the threat ranking assigned to each offshore security threat in Table 3.1 is by no means definitive. 7.1 Piracy Piracy is a financially motivated threat confined to certain geographical areas. Adversaries who engage in piracy have already demonstrated capabilities to attack offshore oil and gas installations, in some cases far offshore. There have been about seven attacks on offshore installations that may be attributed to piracy, four of which took place off the coast of Nigeria and two off Tanzania.401 Given the capabilities of perpetrators in this category of threat and past piracy attacks on offshore petroleum installations, a threat ranking of piracy is considered to be ‘medium’. 7.2 Terrorism Terrorism is often perceived to have a global scope, but several quantitative studies on oil and gas infrastructure attacks suggest that attacks seem to be concentrated in a few countries and/or carried out mainly by domestic terrorist groups.402 Nevertheless, it is possible that a terrorist attack on an offshore oil and gas installation can eventuate in any country. However, capabilities of most terrorist groups to carry out attacks on offshore installations are questionable and only a few known terrorist groups have demonstrated sophisticated maritime capabilities. Despite speculations that terrorism is a significant emerging threat to the offshore oil and gas industry and despite previous claims by the Al-Qaeda leadership, to date, there have been only two unsuccessful near-simultaneous terrorist attacks on offshore installations, both on 24 April 2004 (i.e. the attacks on ABOT and KAAOT off the coast of Iraq), and only a few attacks on onshore installations. On that basis the threat of terrorism to offshore oil and gas installations is considered to be ‘low’.

400 API, Security Risk Assessment Methodology (n 9) 34. 401 The dataset of attacks and unlawful interferences with offshore installations in Appendix includes a number of events where the perpetrators were not identified, but at least some of these incidents committed by ‘unidentified/unknown perpetrators’ may well be attributed to piracy. 402 See, e.g. Toft, Duero and Bieliauskas (n 28); Giroux, Burgherr and Melkunaite (n 43); Lia and Kjok (n 28).

104

OFFSHORE SECURITY THREATS

7.3 Insurgency Insurgents in Nigeria have demonstrated sophisticated capabilities to carry out attacks on offshore installations and engage in a campaign against the offshore industry. However, insurgency is a security threat to offshore installations only in countries where insurgency exists and where insurgency groups operate and attack targets at sea, and Nigeria appears to be the only country where offshore petroleum installations have been significantly affected by insurgency. The history of attacks and security incidents involving offshore installations indicates that insurgent groups are responsible for at least 20 offshore attacks, most off the coast of Nigeria.403 Many insurgents in Niger Delta have accepted the Nigerian Government’s amnesty deal and put down their arms. However, considering that many of the community grievances have not been addressed, attacks on offshore installations in Nigeria by insurgents may resume at some point in the future. At this point, insurgency has been assigned a ‘medium’ threat ranking. 7.4 Organised crime Organised crime is financially motivated and criminal groups have perpetrated several attacks and security incidents involving offshore petroleum installations. It would appear that not many organised criminal groups have the maritime capabilities required to engage in attacks on offshore installations or an interest in attacking them. There have been over ten attacks on offshore installations by organised criminal groups and hybrid criminal/political groups, and there have been some attacks by ‘unidentified perpetrators’ that may be attributed to organised crime. However, direct effects of organised crime on the oil industry are geographically limited to very few countries. The ranking assigned to the threat of organised crime is considered to be ‘medium’. 7.5 Vandalism The examination of vandalism as an offshore security threat suggests that there is little credible evidence of sufficient offshore capabilities of adversaries in this threat category, and those groups that have such capabilities (e.g. SSCS) have not shown much interest in offshore petroleum activities or offshore installations. Furthermore, there have not been any attacks or security incidents involving offshore installations that can be attributed to vandalism. Therefore, the threat level of vandalism is considered to be ‘very low’. 7.6 Civil protest Environmental protesters, particularly Greenpeace, have demonstrated sophisticated capabilities required for conducting protests and demonstrations on offshore

403 See Appendix.

105

OFFSHORE SECURITY THREATS

installations in any part of the world, which makes it a non-geographically specific threat. Civil protest is also a non-violent security threat. There have been some 35 security incidents involving interferences with offshore installations caused by civil protest, and adversaries that belong to this category of threat, particularly Greenpeace, have expressed intent to continue carrying out protests on offshore installations. Therefore, the threat ranking of civil protest is considered to be ‘high’. 7.7 Internal sabotage With regard to the threat of internal sabotage, the motivations of insiders for committing acts of internal sabotage may be financial gain, personal commitment to a cause, hatred or revenge. Insiders can rely on their knowledge and exploit privileged access in order to perpetrate potentially devastating sabotage-type attacks on offshore installations. There have been several reported instances of participation of insiders in attacks against the petroleum industry. Perpetrators that belong to this threat category usually have the required technical skills, possible sensitive knowledge of the facility, and authorised access to critical equipment and facilities. While there have not been any reported acts of internal sabotage or insider attacks on offshore installations, this offshore security threat is not restricted by geography. The API considers that insiders may ‘pose a particularly difficult threat because of their training, knowledge of the facilities, the possibility for deceit or deception, and their unsupervised access to critical information and assets’.404 A similar argument has been put forward by Maerli et al., who argue that insiders will always represent a high risk to any organisation that owns or operates high value assets.405 However, considering that no reported offshore instances of internal sabotage have been identified, the threat level of internal sabotage has been determined to be ‘medium’. 7.8 Inter-state hostilities The evaluation of different offshore security threats indicates that there is a credible threat to offshore petroleum installations posed by inter-state hostilities. Offshore installations have been attacked and destroyed by enemy forces or hostile states during armed conflicts, and have been threatened and boarded by authorities, and there have been several instances of offshore installations being forced out from their area of operation by authorities or naval forces of another hostile state. Inter-state hostilities are not limited to any geographical area and can occur anywhere in the world. The capabilities of states to attack offshore installations are not questionable and most states have more than enough capabilities to engage in such hostile activities. Disputes over contested offshore territories containing offshore petroleum resources may become even more heated and more widespread in the

404 API, Security Risk Assessment Methodology (n 9) 33. 405 Maerli et al. (n 8) 15.

106

OFFSHORE SECURITY THREATS

years ahead as demand for oil and gas continues to increase and onshore petroleum reserves continue to deplete.406 With that in mind, it can be said that the threat level of inter-state hostilities is considered to be ‘high’. 7.9 Cyber threats Cyber threats represent a broad spectrum of possible motivations and capabilities. The current trend in cyber security is that the costs of mounting cyber attacks against critical infrastructure targets are constantly decreasing and the capabilities of adversaries are increasing. Cyber threats are non-geographically specific and can come from anywhere in the world. There have been only very few reported incidents of cyber attacks on offshore installations such as the attacks on Iranian offshore installations in October 2012.407 Cyber threats usually manifest themselves not as one cyber attack, but rather as a series of multiple simultaneous attacks targeting several companies and various infrastructure networks. However, given that this is an emerging category of threat, the threat ranking assigned to cyber threats is considered to be ‘high’. Table 3.1 provides a snapshot of offshore security threats and their threat ranking. The overall threat ranking of civil protest, interstate hostilities, and cyber threats has been determined as ‘high’; therefore, these three categories of threats are the most significant threats to offshore installations. ‘A threat assessment is used to evaluate the likelihood of threat activity against a given asset or group of assets.’408 According to the API SRA methodology, after ranking security threats the next step in the threat assessment process is to analyse

Table 3.1 Example of offshore security threat ranking Threat category

Geography

Intent/ Motivations

Capabilities

Past incidents

Overall ranking

Piracy Terrorism Insurgency Organised crime Vandalism Civil protest Internal sabotage Interstate hostilities Cyber threats

Limited Somewhat Limited Somewhat Unlimited Unlimited Unlimited Unlimited Unlimited

Medium High High Medium Very low High Medium High Medium

Medium Low Medium Medium Low High High Very high High

6+ events 2 events 20+ events 10+ events 1 event 35+ events unknown 8+ events 2+ events

Medium Low Medium Medium Very low High Medium High High

Source: Author.

406 Klare, ‘There Will Be Blood’ (n 323) 53. 407 See Appendix. 408 API, Security Risk Assessment Methodology (n 9) 32.

107

OFFSHORE SECURITY THREATS 409

attractiveness of targets. In addition, a threat analysis should be undertaken to pair the assets with each category of threats (known as threat–asset pairing),410 and the credibility of each threat should be determined for a specific offshore installation or a group of installations being analysed.411 At a company level, when undertaking an SRA, threat assessment should be referred to for guidance on general and specific threats facing its offshore installations. Oil companies (and relevant government agencies) should regularly review and update their threat assessments to ensure they remain current and realistic.412 8 Conclusion The assessment of offshore security threats undertaken in this chapter has shown that the offshore threat security environment is dynamic and complex and security threats faced by offshore oil and gas installations are quite diverse. Offshore security threats do not always have clear boundaries and are interrelated to some extent. Some adversaries belong to more than one threat category due to their diverse activities and therefore represent so called ‘hybrid’ adversaries. Geographical considerations and enabling factors such as distance from or existence of armed conflicts, economic and political instability, and the security environment of a given country or region play an important role in the evaluation of offshore security threats. Some threats such as piracy are confined to specific geographical areas or regions, while others do not have geographical limitations and have a global scope. Oil companies face different security threats depending on the country or region they operate in, and accordingly, they face a different degree of risk of being attacked. Oil companies operating in countries where armed conflict or some kind of civil unrest exists are potentially more prone to attacks on their offshore installations. This, however, does not mean that oil companies operating in more stable countries are immune to attacks. Despite speculations about terrorism as a major threat to offshore petroleum installations, to date, there have been only two unsuccessful terrorist attacks on offshore installations, and terrorism is not as significant as it is often claimed or perceived to be. There have been significantly more attacks on offshore installations by insurgents engaged in armed conflict with their government or armed struggle against the oil industry, rather than by transnational terrorist groups such as AlQaeda that do not have well-defined territorial objectives. However, insurgency only poses a threat to offshore installations in countries or regions where insurgency exists. Relatively few groups of adversaries have sufficient capabilities to carry out attacks on offshore installations, let alone wage a campaign of offshore attacks. Even fewer groups have demonstrated a combination of intent and capabilities that

409 410 411 412

Attractiveness of offshore oil and gas installations is discussed in Chapter 4. API, Security Risk Assessment Methodology (n 9) 32. Ibid. 34. Ibid.

108

OFFSHORE SECURITY THREATS

materialised in attacks on offshore installations or caused non-violent interferences with offshore operations.413 Cyber threats is an emerging category of threat that appears to be the one that oil companies need to be concerned about and mitigate accordingly. Offshore security threat assessment is not a one-off exercise. Offshore security threats should be continuously evaluated for change, and threat assessment should be updated accordingly to ensure its validity.414 However, threat assessment is only one part of an SRA and the next step should focus on evaluating the attractiveness of offshore targets in order to have a better understanding of the reasons why offshore petroleum installations are attacked. These aspects are examined in Chapter 4.

413 The Nigerian MEND is responsible for most of the violent attacks against the offshore industry, while Greenpeace is responsible for most of the non-violent interferences with the offshore petroleum industry. 414 API, Security Risk Assessment Methodology (n 9) 34.

109

CHAPTER 4

OFFSHORE TARGET SELECTION CONSIDERATIONS 1 Introduction Offshore oil and gas installations are attacked for a reason. In fact, there may be a number of reasons why adversaries choose to attack or cause interferences with offshore installations.1 It is fair to assume that perpetrators are usually rational human beings,2 so it can be expected that they would undertake a careful target selection. The reasons for attacking (or not attacking) offshore installations form part of the target selection process. By understanding the factors that influence targeting of offshore installations, states and oil companies might be better positioned to mitigate security risks within specific contexts.3 Target selection can be a complex process comprising several stages and involving a range of strategic, organisational and operational considerations. In the initial stages, several targets (or categories of targets) will normally be considered. Different groups make targeting decisions somewhat differently,4 but in general terms, adversaries have to consider what kind of targets and tactics could best achieve their operational objectives while limiting the expenditure or loss of their own resources.5 Target selection considerations may include factors such as security environment, external relations of the perpetrators, weaknesses and strengths of various targets, the capability to carry out an attack, operational objectives, attack modalities, the value the attack would provide in terms of anticipated consequences, and the message the attack would convey.6 Ackerman et al. have described the target selection process as follows:

1 Some of these reasons have already been mentioned in the previous chapter. 2 Cf. Lee Cordner, ‘Offshore Oil and Gas Industry Security Risk Assessment: An Australian Case Study’ in Rupert Herbert-Burns, Sam Bateman and Peter Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2009) 169, 178 (arguing that ‘analysts are faced with the challenge of assessing the intent of actors whose actions, by reasonable standards of human behavior, are irrational and random’). 3 Jennifer Giroux and Peter Burgherr, ‘Canvassing the Targeting of Energy Infrastructure: The Energy Infrastructure Attack Database’ (August 2012) Journal of Energy Security www.ensec.org/index.php? option=com_content&view=article&id=379:canvassing-the-targeting-of-energy-infrastructure-the-energyinfrastructure-attack-database&catid=128:issue-content&Itemid=402 accessed 1 December 2015. 4 Gary Ackerman, Praveen Abhayaratne, Jeffrey Bale, Anjali Bhattacharjee, Charles Blair and Lydia Hansell, Andrew Jayne, Margaret Kosal, Sean Lucas, Kevin Moran, Linda Seroki, Sundara Vadlamudi, ‘Assessing Terrorist Motivations for Attacking Critical Infrastructure’ (Center for Nonproliferation Studies, January 2007) 25. 5 Morten Mærli, Ronald Barø, Børre Paaske and Henning Vahr, ‘Energy Supply Chain Threat Assessment and Generic Security Guidance’ (COUNTERACT Consortium, April 2009) 35. 6 See, e.g. Ackerman et al. (n 4) 18–25; C.J.M. Drake, Terrorists’ Target Selection (Macmillan Press 1998).

110

OFFSHORE TARGET SELECTION CONSIDERATIONS

First, there is typically a preliminary planning phase in which more than one potential target is considered for attack. Second, those targets are all examined and evaluated, if possible via direct reconnaissance on the ground. If they still seem promising, they may be brought under more regular but discreet surveillance. Less promising targets are progressively weeded out and discarded, leaving only one (or a handful) to be decided upon. In the end, the actual targets are selected on the basis of their perceived importance, vulnerability, and suitability for accomplishing the group’s aims.7

Not all targets are of equal value or interest to all adversaries. Adversaries will assess what they can potentially gain from attacking a target and at what potential cost.8 In order to understand perpetrators’ targeting prioritisations and considerations, a cost–benefit analysis should be undertaken from the point of view of the perpetrators.9 This approach requires personnel responsible for undertaking SRAs to ‘switch side’ and try to think like potential perpetrators based on a qualified assessment of available information.10 Adversaries may see a number of advantages and disadvantages in attacking offshore installations. The attractiveness of targets is arguably one of the key factors that influence target selection. Adversaries target assets to which they are attracted,11 and attractiveness is also one of the key factors in estimating the likelihood of an attack or security event.12 The perpetrators will normally consider the attractiveness of certain types of targets, as well as the relative attractiveness of alternative targets.13 Accordingly, the focus of this chapter is on factors and characteristics that make offshore installations attractive (or not attractive) targets from the perpetrators’ point of view. In examining attractiveness of offshore petroleum targets, it considers vulnerabilities of offshore installations, potential consequences of offshore attacks, other incentives to attack offshore installations, as well as some mitigating and countervailing factors. This chapter focuses on the reasons adversaries select offshore installations as a category of targets, but it does not explore in detail how they select specific offshore installations or specific methods of attack. Therefore, the attractiveness of offshore installations (as a category of targets) is assessed at the industry level and not at individual offshore installation level. As part of the target selection process, perpetrators will also consider potential methods of carrying out an attack. Therefore, methods of attacks on and unlawful interferences with offshore installations and the credibility of those scenarios are also discussed in this chapter. To this end, the chapter addresses two key questions: • •

why are offshore oil and gas installations attacked? how are offshore oil and gas installations attacked?

7 Ackerman et al. (n 4) 25. 8 Maerli et al. (n 5) 35. 9 Ibid. 10 Ibid. 11 API, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries (1st edn, May 2013) 13. 12 Ibid. 15. 13 See Magne Torhaug, ‘Petroleum Supply Vulnerability Due to Terrorism at North Sea Oil and Gas Infrastructures’ in Konstantin Frolov and Gregory Baecher (eds), Protection of Civilian Infrastructure from Acts of Terrorism (Springer 2006) 73, 79.

111

OFFSHORE TARGET SELECTION CONSIDERATIONS

2 What is offshore target attractiveness? Target attractiveness is an estimate of the perceived value of a target to an adversary.14 The attractiveness of a target is a key factor in determining the likelihood of a security incident.15 Attractiveness can be referred to as a surrogate measure for likelihood of attack.16 Each offshore oil and gas installation has its own unique characteristics, so the attractiveness of offshore installations can vary. Depending on the scope of the assessment, it may be necessary to evaluate each category of offshore security threats against each target to determine the attractiveness of that target from each threat’s perspective.17 3 Assessing the attractiveness of offshore targets The attractiveness of offshore installations as potential targets should be evaluated based on relevant attractiveness factors.18 Toft et al. assessed the attractiveness of energy infrastructure to terrorist groups based on five factors: ideologies, intimidation effect, symbolism, attack feasibility, and considerations for outside stakeholders.19 Using this framework, they analysed terrorist incentives to attack energy infrastructure and found that few positive incentives exist to attack this type of target.20 Target attractiveness can be evaluated as a composite estimate based on factors such as ‘the perceived value of a target to an adversary, the threat’s choice of targets to avoid discovery and to maximize the probability of success’.21 Adversaries will normally evaluate their own capabilities against the likelihood of carrying out a successful attack against a target.22 Asal and Hastings have found that terrorist attacks on maritime targets are primarily driven by maritime capabilities of terrorist groups.23 Maritime capabilities may also be a key targeting factor for other groups of adversaries. According to the API SRA methodology: Depending on the type of threat and its potential targets, the threat is assumed to run through a decision analysis depending on threat factors (the threat’s intent, capabilities, and motivation), site and asset vulnerability factors, potential consequences, and impact factors that lead the threat to the decision to attempt an act and to choose a modus operandi that includes selecting pathways, timing, and the mode of the act.24

14 API, Security Risk Assessment Methodology (n 11) 3, 15; Maerli et al. (n 5) 33. 15 API, Security Risk Assessment Methodology (n 11) 35. 16 API and NPRA, Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries (2nd edn, October 2004) 3–4. 17 Referred to as the ‘threat-asset pairing’. See API, Security Risk Assessment Methodology (n 11) 14. 18 API, Security Risk Assessment Methodology (n 11) 15. 19 Peter Toft, Arash Duero and Arunas Bieliauskas, ‘Terrorist Targeting and Energy Security’ (2010) 38(8) Energy Policy 4411, 4414 (noting that they do not explore how terrorists select specific targets, but consider how they select categories of targets): at 4414, n 10. 20 Ibid. 4416. 21 API, Security Risk Assessment Methodology (n 11) 15. 22 Maerli et al. (n 5) 37. 23 Victor Asal and Justin Hastings, ‘When Terrorism Goes to Sea: Terrorist Organizations and the Move to Maritime Targets’ (2014) 26(5) Terrorism and Political Violence 1. 24 API, Security Risk Assessment Methodology (n 11) 15.

112

OFFSHORE TARGET SELECTION CONSIDERATIONS

Specific characteristics of particular targets are usually among the most important factors in the decision to attack or not to attack those targets.25 ‘No single characteristic of a facility is likely to determine its potential for being attacked. Instead, the totality of that facility’s characteristics will normally influence the terrorists’ decision about whether or not to attack it.’26 Maerli et al. suggest that from the point of view of the perpetrators targets/assets should be assessed based on their harm potential and their availability, noting that target ‘availability is determined by the prevalence and protection of targets’ and harm may include physical and psychological harm.27 They argue that a target attractiveness model that is ‘based on harm potential and system vulnerability as a point of departure, . . . assists in keeping a focus on the assets of particular interest to both the operators and the perpetrators’.28 A model that assesses attractiveness from a perpetrator perspective may produce a different assessment result than traditional risk analysis undertaken from an operator’s point of view.29 According to the API SRA methodology, factors that may be addressed include the value of the target to the adversary (e.g. theft for personal gain and non-economic factors such as damage to company reputation); the usefulness of the chemicals handled at the target as a weapon (i.e. toxic or flammable material that can be used to cause collateral damage); difficulty of the act, including ease of access and degree of existing security measures (i.e. soft target vs hard target); target recognition and ease of identification while in the process of carrying out the attack; proximity to a symbolic or iconic target; high corporate profile among possible adversaries (e.g. major company with high visibility working in a particular environment); vulnerabilities of a target that achieve the objectives of the threat; and any other variables not addressed elsewhere if it is believed that they impact on the target value or on potential consequences of an attack.30 In general, target attractiveness factors of offshore installations can be categorised as the type of target factors and the type of effect factors.31 For the purposes of assessing the attractiveness of offshore oil and gas targets, the ‘type of target’ factors can be further divided into vulnerabilities (i.e. a less vulnerable target is likely to be a less attractive target), additional incentive (e.g. public profile and symbolic value) and deterrents of attacks (e.g. degree of existing security measures). The ‘type of effect’ factors are basically potential consequences of attacks (e.g. potential to cause physical damage and economic costs) (see Figure 4.1).32

25 Ibid. 26 Ibid. 27 Maerli et al. (n 5) 36–37. 28 Ibid. 34. 29 Ibid. 46 (further arguing that such a model allows comparison of ‘perpetrator perspectives’ and ‘operator perspectives’, which can provide new insights on (perceived) vulnerabilities). 30 API, Security Risk Assessment Methodology (n 11) 35. 31 API and NPRA (n 16) 4. 32 See, e.g. API, Security Risk Assessment Methodology (n 11) 15–16.

113

OFFSHORE TARGET SELECTION CONSIDERATIONS

Offshore target attractiveness

Type of target factors

Type of effect factors

Vulnerabilities: • • • • • • • •

Consequences:

Inherent structural/design vulnerabilities Lax security and protection Location Stationary position and low manoeuvrability Dense concentration and interconnectivity Diversity of offshore industry personnel Availability of target information Cyber vulnerabilities

• Loss of life and personal injury • Damage to and destruction of offshore installations • Environmental harm • Process interruptions and shutdowns • Petroleum supply disruptions • Economic costs and financial losses • Petroleum market and price fluctuations • Economic externalities • Fear and intimidation • Loss of confidence and industry reputation • Political and foreign relations impacts • Inability to achieve desired effects • Undesired effects on external stakeholders

Additional incentives: • Sensitive equipment/components on board • Volatile and hazardous materials on board • Public profile and symbolic value

Deterrents: • Operational/tactical difficulties • Increased level of security and protection

Figure 4.1 Offshore target attractiveness factors. Source: Author.

3.1 Vulnerabilities Offshore installations have a number of vulnerabilities. Vulnerability can be defined as ‘any weakness that can be exploited by a threat in order to gain access to an asset and to succeed in a malevolent act against that asset’.33 ‘This is a variable that indicates the likelihood of a successful attack given the intent to attack an asset.’34 Vulnerability can also be referred to as a measure of the susceptibility to harm.35 Vulnerabilities can result from weaknesses in management and operational practices, physical design of a target, its location, existing security measures and other factors.36 Adversaries may exploit vulnerabilities of offshore installations to cause significant damage. Identification of vulnerabilities plays an important part in ‘determining

33 API, Security Risk Assessment Methodology (n 11) 15. 34 API and NPRA (n 16) 3. 35 OTS, Offshore Security Assessment Guidance Paper (June 2005) 42. 36 API and NPRA (n 16) 5; API, Security Risk Assessment Methodology (n 11) 15; DHS, National Infrastructure Protection Plan (2006) 35.

114

OFFSHORE TARGET SELECTION CONSIDERATIONS

future attack vectors’,37 and assessing attractiveness of offshore installations as targets. As Herbert-Burns has commented in relation to vulnerabilities of FPSOs: From the perspective of the vulnerability of the facility (its location notwithstanding), its high capital value, the quantity of oil in storage (the larger units can store 2 million barrels of oil), and the oil being lifted from the seabed, this is an attractive target for would-be terrorists or insurgents with sufficient offshore reach and operational capabilities.38

The vulnerability can be determined by ‘evaluating the inability to deter, detect, delay, respond to, and recover from a threat in a manner sufficient to limit the likelihood of success of the threat, or to reduce the impacts of the event’.39 For the purposes of the analysis, vulnerabilities of offshore installations are categorised as: inherent structural/design vulnerabilities, lax security and protection, location, stationary position and low manoeuvrability, dense concentration and interconnectivity, diversity of offshore industry personnel, availability of target information, and cyber vulnerabilities. 3.1.1 Inherent structural/design vulnerabilities From a structural and design standpoint, offshore installations have a number of inherent vulnerabilities. Offshore installations have the inherent space limitations and constraints that have resulted in the application of some new process equipment, but that make it difficult to mitigate hazards by separating equipment, personnel and hazardous materials.40 Offshore installations are highly congested, sometimes requiring living quarters and controls rooms to be placed near areas that are potentially prone to fires and explosions. The global concerns about offshore petroleum security and safety have required the introduction of an additional design consideration for offshore installations.41 Even though newer offshore installations are built from reinforced materials and have safety features such as fire and blast protection walls, which prevent the passage of smoke, flames and heat, offshore installations are not always designed to endure deliberate attacks such as detonation of explosives or ramming with a ship.42 Despite the fact that greater safety and security consideration is given to installations design and layout, offshore installations have inherent design vulnerabilities.

37 OSCE, Good Practices Guide on Non-Nuclear Critical Energy Infrastructure Protection (NNCEIP) from Terrorist Attacks Focusing on Threats Emanating from Cyberspace (2013) 35. 38 Rupert Herbert-Burns, ‘Tankers, Specialized Production Vessels, and Offshore Terminals: Vulnerability and Security in the International Maritime Oil Sector’ in Rupert Herbert-Burns, Sam Bateman and Peter Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2009) 133, 150. 39 API, Security Risk Assessment Methodology (n 11) 15. 40 American Bureau of Shipping (ABS), Guidance Notes on Risk Assessment Applications for the Marine and Offshore Oil and Gas Industries (June 2000) 91. 41 Ben Gerwick Jr, Construction of Marine and Offshore Structures (3rd edn, Taylor & Francis 2007) 45. 42 See, e.g. Simon Williams, ‘Offshore Installations: Practical Security and Legal Considerations’ (Center for International Maritime Security, 11 October 2013) [4] http://cimsec.org/offshore-installationspractical-security-legal-considerations/ accessed 1 December 2015.

115

OFFSHORE TARGET SELECTION CONSIDERATIONS

Offshore installations are highly visible targets and many of them are easily identifiable and recognisable. They are very well lit at night which helps with recognition of the target if the attack is carried out at night time.43 These factors combined make it extremely challenging when it comes to the protection of personnel and vital equipment on board against deliberate attacks. 3.1.2 Lax security and protection Lax security and protection arrangements is also an area of vulnerability of some offshore installations. This can include physical security measures as well as deficiencies in operational or management practices. In recent years, security arrangements of many iconic onshore targets, such as embassies, have been significantly hardened. Not many physical safeguards exist to protect offshore installations and access control to offshore installations is sometimes lax. The protection of offshore installations poses some unique challenges. The vast number of offshore installations makes it difficult, if not impossible, to provide endemic security coverage round the clock.44 In some areas, the capabilities of maritime security forces are insufficient to provide adequate protection to offshore installations or in some cases there may be a lack of security strategy and inter-agency cooperation in combating offshore security threats.45 Most offshore installations have no armed guards on board, except in high-risk areas where having armed security guards on board is a standard operational procedure.46 Many offshore installations are unmanned and may not be visited or even observed for days. Therefore, tight access control to offshore installations is very important. In addition, there may be gaps and limitations in the international legal framework for the protection of offshore installations, which may restrict the nature and extent of protection and response measures a state can take. 3.1.3 Location Arguably, offshore location of offshore installations (both remoteness and close proximity to land) is in itself vulnerability. Remote and isolated location of many offshore installations can be regarded as vulnerability.47 The majority of offshore installations are located in the EEZ, which is the area where ships enjoy freedom of navigation under international law and where much of commercial fishing and shipping takes place. Some offshore installations are located over 100 nautical miles offshore,48 and some offshore oil and gas projects encompass several individual

43 API, Security Risk Assessment Methodology (n 11) 35. 44 Herbert-Burns, ‘Tankers, Specialized Production Vessels, and Offshore Terminals’ (n 38) 150. 45 See Herbert-Burns, ‘Tankers, Specialized Production Vessels, and Offshore Terminals’ (n 38) 135–36. 46 See Laura Husband, Interview with David Pickard, in ‘High Risk, High Reward: Talking Offshore Security with Drum Cussac’ (Offshore Technology, 3 January 2013) www.offshore-technology.com/ features/featureoffshore-oil-security-piracy-terrorist-attack-prevention-drum-cussac/ accessed 1 December 2015. 47 Neal Adams, Terrorism & Oil (PennWell 2003) 122. 48 For example, Perdido floating spar platform operates over 150 nautical miles offshore in the Gulf of Mexico, producing oil and natural gas: ‘Perdido Regional Host Development, Gulf of Mexico, USA’ Offshore Technology www.offshore-technology.com/projects/perdido/ accessed 1 December 2015.

116

OFFSHORE TARGET SELECTION CONSIDERATIONS

offshore fields ‘stretching over large distances in remote areas’.49 Additionally, offshore installations in the remote areas are hard to defend because of large distances from the interdiction and response capabilities.50 In the event of an attack, it may take some time for maritime security forces to reach a remote offshore installation and provide protection or emergency assistance.51 While, generally, the majority of offshore installations are located at a considerable distance, it is also true that some of the older ones are located relatively close to land. Close proximity to land can also be regarded as vulnerability by adversaries because attacks close to shore do not require the perpetrators to have sophisticated maritime capabilities. For example, in July 2000, in Nigeria, armed youths from a village used a rowboat to reach an offshore installation located not far from the coast, boarded it and took 165 oil workers hostage.52 Close proximity to land also means that offshore installations are located in waters where thousands of small craft, such as recreational fishing boats move about on legitimate business,53 which makes it easier for perpetrators to blend in and remain undetected. Therefore, offshore installations located close to land may be more prone to attacks and interferences.54 3.1.4 Stationary position and low manoeuvrability Another vulnerability of offshore installations is their stationary position. It has been reported that most vessels and offshore installations that have been attacked had one common characteristic – at the time of the attacks moving slowly or not moving at all.55 Unlike ships, most offshore installations are unable to manoeuvre away from danger.56 Fixed offshore installations are by definition fixed to the seabed and remain in the same position until decommissioned. This can be regarded as a vulnerability of fixed offshore installations. While not permanently attached to the seabed, mobile offshore installations are unable to move rapidly, perhaps with the exception of shipshaped offshore installations. When MODUs are engaged in drilling, they are essentially static, and thus are also vulnerable to assault from adversaries.57 In some cases, perpetrators gained access to offshore installations via offshore supply vessels moored alongside an installation.58 3.1.5 Dense concentration and interconnectivity Some offshore installations are located in close proximity to one another and are often interconnected. Offshore oil and gas projects often encompass several individual 49 Friedrich Steinhausler, ‘Security Risks to the Oil and Gas Industry: Terrorist Capabilities’ (2008) 7(1) Strategic Insights 1, 2. 50 See, e.g. OTS, Offshore Oil & Gas Risk Context Statement (April 2005) 14. See also Cordner (n 2) 176. 51 Herbert-Burns, ‘Tankers, Specialized Production Vessels, and Offshore Terminals’ (n 38) 150. 52 See Appendix. 53 DHS, Small Vessel Security Strategy (2008) 12. 54 See, e.g. Peter Lehr, ‘Maritime Terrorism: Locations, Actors, and Capabilities’ in Rupert HerbertBurns, Sam Bateman and Peter Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2009) 55, 58. 55 Bergen Risk Solutions, ‘Niger Delta Maritime Security Quarterly Review’ (9 July 2007) 8. 56 Herbert-Burns, ‘Tankers, Specialized Production Vessels, and Offshore Terminals’ (n 38) 150. 57 Ibid. 152. 58 Bergen Risk Solutions (n 55) 8.

117

OFFSHORE TARGET SELECTION CONSIDERATIONS

offshore fields that form a technical interconnected network of offshore installations.59 Installations in adjacent offshore fields may be tied into the same oil and gas gathering schemes using an interconnected pipeline system, which potentially makes the entire system vulnerable to an attack.60 Damage to or destruction of a main production platform caused by an attack can affect adjacent offshore installations and render the entire offshore project non-operational. An example of such vulnerability, although not caused by a deliberate attack, is the 1988 Piper Alpha disaster in the North Sea where oil and gas from connected platforms continued to be pumped directly to the burning Piper Alpha fuelling the fire.61 3.1.6 Diversity of offshore industry personnel Offshore installations are vulnerable to acts of sabotage and other malicious acts of company insiders. The offshore oil and gas industry has a large and diverse international labour force, which potentially makes it vulnerable to infiltration by adversaries posing as offshore workers or as contractors. As Breemer pointed out, ‘implicit in a high turnover rate in the offshore workforce is the heightened potential for penetration by terrorist[s]’.62 As discussed in Chapter 3, attacks on offshore installations may be carried out by or with the assistance of industry insiders. It is plausible that a terrorist may infiltrate the workforce and become a legitimate offshore worker. Adversaries could use forged documents or uniforms in the attempt to gain access to an offshore installation. In Saudi Arabia, following the February 2006 attack on the Abqaiq oil refinery by Al-Qaeda’s affiliates, Saudi security forces carried out a number of raids and recovered a vehicle allegedly used in the attack along with stolen licence plates, forged documents, maps, computers and communication equipment.63 This suggests that terrorists at the very least had access to company assets and may have had an accomplice who was a company insider.64 There are also many intermediaries involved in the industry, such as offshore service providers and contractors, that come in contact with or visit offshore

59 See Steinhausler (n 49) 2. Cf. Peter Avis, ‘Oil Platform Security: Is Canada Doing All It Should?’ (Critical Energy Infrastructure Protection Policy Research Series No. 3-2006, CCISS, March 2006). 60 For example, the Amenam-Kpono offshore project in Nigeria consists of three wellhead platforms (AMD1, AMD2 and AMD3), two large production platforms (AMP1 and AMP2), a living quarters platform (AMQ) and two tripod platforms (AMT1 and AMT2) bearing one flare. The entire field is linked to the FSO Unity and another production platform (ODP1) at the nearby Odudu offshore field: ‘Amenam-Kpono Oil and Gas Field, Nigeria’ Offshore Technology www.offshore-technology.com/ projects/amenamkpono/ accessed 1 December 2015; Total Nigeria, ‘Amenam/Kpono First Oil’ (2004). 61 Adams (n 47) 127. Piper Alpha was connected by subsea pipelines to Claymore and Tartan platforms and MCP-01 gas processing platform and had four main transport risers. After the initial explosion, gas risers started to fail which resulted in additional explosions and oil and gas from Tartan and Claymore platforms continued to be pumped directly to Piper Alpha, fuelling the fire: ‘Piper Alpha’ Oil Rig Disasters http://home.versatel.nl/the_sims/rig/pipera.htm accessed 1 December 2015. 62 Jan Breemer, ‘Offshore Energy Terrorism: Perspectives on a Problem’ (1983) 6 Terrorism 455, 460. 63 John Daly, ‘The Global Implications of Large-Scale Attacks on Saudi Oil Facilities’ in Erich Marquardt (ed.), Saudi Arabian Oil Facilities: The Achilles Heel of the Western Economy (Jamestown Foundation 2006) 25, 29. 64 Ibid. 32.

118

OFFSHORE TARGET SELECTION CONSIDERATIONS

installations and may gain access to their control and operational systems. This nature of the industry potentially increases the vulnerability factor that can be exploited by perpetrators.65 For example, on 18 March 2003 in Yemen, a carpenter who worked as a contractor at the oil rig killed three and wounded one of his colleagues using a gun.66 Although this is not an offshore incident, it demonstrates that being an ‘insider’, he was able to carry a gun past security and onto the site. 3.1.7 Availability of target information It can be argued that readily available and easily accessible information about offshore installations may be seen as an area of vulnerability. General and technical information about offshore installations is often publicly available. Perpetrators can gather a lot of useful information from public sources and use it to select targets and plan their attacks. This can include information such as details of offshore oil and gas projects, operational characteristics of offshore installations, maps and diagrams sometimes giving precise locations of existing offshore installations, and information about their vulnerabilities.67 These type of materials may be used by adversaries for the purposes of target selection and to plan attacks. More sophisticated adversaries (as opposed to opportunistic perpetrators) can be expected to be well prepared. They may have analysed photographs and studied technical information and conducted some reconnaissance of potential targets in order to identify them, including the optimal attack method.68 For instance, after the attack on Bonga FPSO in June 2008, MEND claimed that it has the map and chart of all offshore installations in the Niger Delta and that it knows the topography of the area.69 It was reported that the Al-Qaeda training manual recovered in Afghanistan encourages the use of public sources and advises that much of the information required about the target can be gathered from public sources.70 Locations of offshore installations are marked on navigational charts. In fact, there is requirement under international law for coastal states to give due notice and disseminate information on location and position of offshore petroleum installations in the territorial sea, the EEZ, on the continental shelf and on the high seas.71

65 It has been argued that the fact that most employees transit to platforms by helicopter or companyoperated vessels reduces this vulnerability aspect: Cordner (n 2) 177. Cf. OITS, Offshore Oil and Gas Resources Sector Security Inquiry (June 2012) 4. 66 ‘Gunman Kills 3 Oil Workers in Yemen’ (CNN, 18 March 2003) http://edition.cnn.com/2003/ WORLD/meast/03/18/yemen.shootings/ accessed 1 December 2015. 67 For example, the aerial footage of ABOT, which is one of the biggest oil export terminals in the Persian Gulf, can be found at http://wn.com/Al_Basrah_Oil_Terminal accessed 1 December 2015. 68 Ben Gerwick Jr, Construction of Marine and Offshore Structures (3rd edn, Taylor & Francis 2007) 45. 69 See Mikhail Kashubsky, ‘Offshore Energy Force Majeure: Nigeria’s Local Problem with Global Consequences’ (2008) 160 Maritime Studies 20, 23–24. 70 See Stephen Ulph, ‘Saudi Arabia’s Islamist Insurgency’ in Erich Marquardt (ed.), Saudi Arabian Oil Facilities: The Achilles Heel of the Western Economy (Jamestown Foundation 2006) 13, 15. 71 See, e.g. LOSC arts 24(2), 60(3), 147(2)(a); IMO, Safety Zones and Safety of Navigation around Offshore Installations and Structures, A Res 671(16), Agenda Item 10, IMO Doc A Res.A.671(16) (19 October 1989).

119

OFFSHORE TARGET SELECTION CONSIDERATIONS

3.1.8 Cyber vulnerabilities Cyber vulnerabilities of critical infrastructures and SCADA systems in particular were highlighted in August 2003, at the time of a ‘Slammer’ computer worm attack on the Davis-Besse Nuclear Power Station.72 While SCADA systems have improved system interconnections and efficiencies, they have also increased system vulnerabilities to malware attacks and hacker intrusions.73 The 2010 cyber attack on an Iranian nuclear facility has demonstrated that sophisticated malware such as Stuxnet (which is the first malware that specifically targeted ICSs) is capable of exploiting vulnerabilities of SCADA systems even if they are operating in private networks isolated from the Internet.74 The interdependencies between various parts of network systems of offshore installations (e.g. those controlling the distribution and flow of oil and gas, maintaining appropriate balance of flows, temperature levels, and pressures) is also an area of cyber vulnerability.75 Although the cyber attacks on Saudi Aramco (the world’s largest oil company)76 and Qatari RasGas (a subsidiary of Qatar Petroleum, which is the world’s largest LNG company) in August 2012 did not impact on production and processing, they demonstrated the vulnerabilities of office computer networks to malware attacks and the potential impacts of such attacks on company operations.77 Interconnectivity of computer networks provides more opportunities for perpetrators to access these systems, through which they can control equipment, change critical system settings, deactivate alarms and cause other interferences with processes and operations.78 The ICSs/SCADA used on offshore oil and gas installations were originally developed purely for functional and operational purposes with little regard to cyber security. Thus, SCADA networks are susceptible to misuse and vulnerable to cyber attacks and malicious intrusions.79 SCADA systems are normally only functionally

72 For details of attack see Kevin Poulsen, ‘Slammer Worm Crashed Ohio Nuke Plant Network’ (Security Focus, 19 August 2003) www.securityfocus.com/news/6767 accessed 1 December 2015. 73 Uwe Nerlich and Franch Umbach, ‘European Energy Infrastructure Protection: Addressing the Cyber-warfare Threat’ (October 2009) Journal of Energy Security www.ensec.org/index.php?option =com_content&view=article&id=219:european-energy-infrastructure-protectionaddressing-the-cyberwarfare-threat&catid=100:issuecontent&Itemid=352 accessed 1 December 2015; Dana Shea, ‘Critical Infrastructure: Control Systems and Terrorist Threat’ (CRS Report for Congress, US Congress, 2003) 2; Robert Radvanovsky, Critical Infrastructure: Homeland Security and Emergency Preparedness (CRC Press 2006) 5. 74 Constantinos Hadjistassou and Antonis Hadjiantonis, ‘Risk Assessment of Offshore Oil and Gas Installations Under Cyber Threats’ (Energy Sequel, 25 January 2013) www.energysequel.com/riskassessment-of-offshore-oil-and-gas-installations-under-cyber-threats/ accessed 1 December 2014. 75 AGD, Cyber Storm II: National Cyber Security Exercise Final Report (2008) 16. 76 In 2010, Forbes magazine rated Saudi Aramco as the world’s largest oil company in terms of proven reserves of conventional oil: Christopher Helman, ‘Slide Show: The World’s Biggest Oil Companies’ (Forbes, 9 July 2010) www.forbes.com/2010/07/09/worlds-biggest-oil-companies-business-energy-bigoil_slide_2.html accessed 1 December 2015. 77 Eduard Kovacs, ‘Oil and Gas Companies Invest in Security to Tackle Risks Posed by Cyber Threats’ (Softpedia, 16 January 2013) http://news.softpedia.com/news/Oil-and-Gas-Companies-Invest-in-Securityto-Tackle-Risks-Posed-by-Cyber-Threats-321229.shtml accessed 1 December 2015. 78 Gary Sevounts, ‘Addressing Cyber Security in the Oil and Gas Industry’ (2006) 233(3) Pipeline and Gas Journal 79. 79 OITS (n 65) 108; Amanda East and Bill Bailey, ‘Australia’s Oil Refinery Industry – Importance, Threats, and Emergency Response’ (2008) Security Management.

120

OFFSHORE TARGET SELECTION CONSIDERATIONS

tested for what they are supposed to do, but they are not tested for what they should not be able to do.80 It is often difficult to implement new security controls within the existing control systems infrastructure in order to reduce cyber vulnerabilities.81 Security firms and consultants have claimed that inspections of oil rigs have found that computers and controls systems were ‘riddled with viruses’.82 Reportedly, in 2013, US oil company networks on several offshore installations were incapacitated due to infected files downloaded by offshore workers through their personal devices.83 3.2 Additional incentives Offshore installations also have ‘type of target’ attractiveness factors that are not vulnerabilities, but nevertheless provide incentives to attack offshore installations from the point of view of the adversaries. They are referred to as ‘additional incentives’, which can be categorised as: sensitive equipment/components on board, volatile and hazardous materials on board, and public profile and symbolic value. These factors potentially make offshore installations more attractive. There is some overlap between these ‘additional incentives’ factors and the ‘type of effect’ attractiveness factors because they are likely to generate certain effects and can make offshore installations more attractive from the adversaries’ perspective. 3.2.1 Sensitive equipment/components on board Offshore oil and gas installations have complex sensitive equipment and components on board. Sensitive components include process units, oil and gas separation modules and associated control systems, power generators, gas compression units, product storage tanks, boilers, turbines, offloading pumping systems, process heaters, computer systems and network devices. Offshore installations ‘comprise hundreds of one-off design elements, the loss of any of which could bring operations to a sudden and costly halt’.84 Therefore, if the perpetrators focus their assault on critical components or systems of an offshore installation, that may increase the chances of disabling key functions without which the offshore installation will become nonoperational, which in term will result in other indirect consequences. Replacement of damaged components of an offshore installation may involve significant financial expenditure and time delays. This aspect of offshore petroleum installations may

80 OITS (n 65) 108. 81 Testimony to the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology, Committee on Homeland Security, United States House of Representatives, Washington DC, 19 April 2007, 3 (Aaron Turner, Cybersecurity Strategist); Radvanovsky (n 73) 241. 82 Shauna Mullin, ‘Cyber Resilience in the Maritime & Energy Sectors’ (Templar Executives, 1 May 2014) www.templarexecs.com/cyberresilience/ accessed 1 December 2015; Jeremy Wagstaff, ‘All at Sea: Global Shipping Fleet Exposed to Hacking Threat’ (24 April 2014) Inside US Oil 6; Northern California Area Maritime Security Committee, Cyber Security Newsletter (October 2014) 3. 83 Jane Teh, ‘Cyber-Security in Oil and Gas is More Than Just Protecting Intellectual Property and Data’ (CSAFE, March 2014) http://cms1.gre.ac.uk/research/csafe/archive/CSAFE_ISSUE5.pdf accessed 1 December 2015. 84 Michael Crocker, ‘Platforms, Pipelines, and Pirates’ (2007) 51(6) Security Management 76, 82.

121

OFFSHORE TARGET SELECTION CONSIDERATIONS

be seen as an attractive factor from the perpetrator’s point of view and another incentive to attack offshore installations. 3.2.2 Volatile and hazardous materials on board Offshore petroleum installations are high-hazard industrial facilities. An attack or unlawful interference has the potential to result in human casualties, and cause significant damage to the installation and the release of harmful substances into the marine environment.85 Highly flammable and hazardous materials are handled on board offshore installations and at offshore sites. These include high pressure liquids and gases, hydrocarbons and other flammable materials, toxic substances.86 The abundance of fire and explosion hazards on board may be regarded as an additional incentive for perpetrators. Hazardous and flammable materials handled on offshore installations may serve as a useful component of the attack, potentially providing an opportunity to create a large explosion and fire and cause maximum damage to the installation, the environment and personnel on board.87 Despite the industry’s safety practices such as isolation and blast proof walls, there is still a high risk of fire spreading to the adjacent areas depending on the extent of damage caused to the installation. Oil and gas can burn at extremely high temperatures for extended periods of time, and if it was accidentally or intentionally ignited during an attack, it could completely melt down the offshore installation.88 A ruptured offshore oil and gas well is much more difficult to control than an onshore well of equivalent properties and capacity.89 If a high-pressure well were ignited, it would be very difficult to put out the fire and the extreme heat temperatures would delay first response efforts.90 Volatile properties of oil and gas wells can also be seen as an additional incentive to attack offshore installations. Although not caused by a deliberate attack, a fitting illustration of the volatile properties of offshore oil and gas wells is the Deepwater Horizon disaster in the Gulf of Mexico in April 2010, where a well blowout resulted in an explosion on board an offshore installation and subsequent loss of the installation, 11 human casualties, and the largest oil spill in the history of the US.91 3.2.3 Public profile and symbolic value The public profile of a target affects target attractiveness.92 Depending on the types of perpetrators and their operational objectives they are likely to take into account 85 Williams (n 42) para 5. See also Nicholas Santella and Laura Steinberg, ‘Accidental Releases of Hazardous Materials and Relevance to Terrorist Threats at Industrial Facilities’ (2011) 8(1) Journal of Homeland Security and Emergency Management Article 53. 86 ABS, Guidance Notes on Risk Assessment Applications for the Marine and Offshore Oil and Gas Industries (June 2000) 92. 87 API, Security Risk Assessment Methodology (n 11) 35; David Osler, ‘Keeping Pin in a Timebomb of Oil and Gas’, Lloyd’s List DCN (Sydney, 18 August 2005) 9. 88 Adams (n 47) 118. 89 Ibid. 128. 90 Ibid. 121. 91 Jacqueline Allen, ‘A Global Oil Stain – Cleaning Up International Conventions for Liability and Compensation for Oil Exploration/Production’ (2011) 25(1) Australian and New Zealand Maritime Law Journal 90, 90. 92 Ackerman et al. (n 4) 46.

122

OFFSHORE TARGET SELECTION CONSIDERATIONS

the public profile and symbolic value of a target as part of their target selection.93 This could entail ideological and strategic considerations of adversaries.94 Target categories to which adversaries can attribute meaning in terms of their ideology or strategy would be considered symbolic targets or at least would hold some symbolic value. Ackerman et al. have noted that terrorist ‘targets tend to be chosen for their symbolic value rather than absolute value or utility’.95 Symbolic targets usually have a direct or clear indirect relation to the primary target audiences, and ‘thereby convey a strong and meaningful ideological message’.96 Symbolic value of a target is considered as an additional incentive. Toft et al. did not find any correlation between certain terrorist ideologies and energy infrastructure targeting, and concluded that energy transmission infrastructures in most cases possess a relatively low symbolic value across terrorist ideologies.97 Some groups of adversaries may attach symbolic value to offshore installations, especially if they are owned by big oil and gas companies or in cases where a capitalist government relies heavily on petroleum revenues or petroleum supplies.98 In Nigeria, between 2006 and 2009 MEND was engaged in a violent campaign directed against the oil and gas industry and offshore installations were frequently attacked by MEND during that period.99 The 19 June 2008 attack on the FPSO Bonga, Shell’s flagship offshore project in Nigeria which accounted for 10 per cent of the country’s total oil output, by MEND insurgents, appears to have had some symbolic value as it allowed MEND to showcase its offshore capabilities and it sent the message to oil companies and the government that remote offshore installations and deepwater offshore operations are not safe from MEND. High corporate profile and visibility of some major oil companies working in a particular area could make offshore installations of those oil companies symbolic targets for certain types of adversaries.100 3.3 Deterrents Offshore installations also have several unattractive features from the perspective of the perpetrators, which are also important considerations in the target selection process. Factors such as operational difficulties, tactical uncertainties and other security deterrents make offshore installations less attractive targets and may lead to perpetrators turning their attention away from offshore installations to other types of targets.101

93 Toft, Duero and Bieliauskas (n 19) 4415. 94 For discussion on how ideologies influence terrorists’ target selection see C.J.M. Drake, ‘The Role of Ideology in Terrorists’ Target Selection’ (1998) 10(2) Terrorism and Political Violence 53, 56–62. 95 Ackerman et al. (n 4) 49. 96 Toft, Duero and Bieliauskas (n 19) 4415. 97 Ibid. 4413. 98 Ibid. 4416. 99 See Appendix. 100 API, Security Risk Assessment Methodology (n 11) 35. 101 Paul Parfomak and John Frittelli, ‘Maritime Security: Potential Terrorist Attack and Protection Priorities’ (CRS Report for Congress, US Congress, 2007) 24.

123

OFFSHORE TARGET SELECTION CONSIDERATIONS

Targets can be classified as ‘soft targets’ or ‘hard targets’ based on factors such as degree of difficulty of attacks, taking into account natural and man-made deterrents of a target.102 Soft targets (low-risk, low protection) are targets that are easy to attack and hard targets (high-risk, heavy protection) are those that are difficult to attack, ‘that is, if strong prior knowledge about the target is required for a successful attack’.103 These factors impact on the attractiveness of targets. If an offshore installation is considered to be too difficult or too costly to attack, easier targets may be chosen. The deterrents have been divided into two groups: operational/tactical difficulties and increased level of security and protection. From a financial point of view, both operational difficulties and the higher level of security and protection are likely to increase the costs of the attack, which may deter the adversaries. 3.3.1 Operational/tactical difficulties There are several inherent features of offshore oil and gas installations that pose operational and tactical difficulties for the perpetrators and therefore may be seen as deterrents. The sea offers very little cover and concealment for carrying out surveillance, testing weapons and practising attack techniques.104 Surrounded by water, the very location of offshore installations renders them difficult to approach if the perpetrators wish to remain undetected and they do not provide many escape options. Many offshore installations are located at considerable distances from the shore and are difficult to get to. Attacks on remote offshore installations would require perpetrators to have sophisticated skills in navigation and ship handling, as well as appropriate clothing, equipment and suitable vessels.105 In most cases, perpetrators are required to deal with natural defences of offshore installations such as severe weather conditions such as tides, waves, strong currents and winds, and in some cases high density of maritime traffic. Therefore, remote location of offshore installations can also be seen as a deterrent from perpetrators’ point of view. In addition, structural characteristics of many offshore installations may pose some difficulties for adversaries. Some offshore installations, such as FPSOs and drill ships, have a comparatively high freeboard, rendering them more difficult to board from the water line, especially when they are moving.106 The topsides of offshore installations are usually extensively lit also making it difficult for perpetrators to remain undetected.107 Furthermore, the complexity of offshore installation topside configuration could make it difficult for perpetrators to take over and control the installation, unless they are in sufficient numbers and are familiar with the topside layout.108 While these characteristics pose some potential difficulties, they will not 102 See API, Security Risk Assessment Methodology (n 11) 35. 103 Toft, Duero and Bieliauskas (n 19) 4415. 104 Martin Murphy, ‘Contemporary Piracy and Maritime Terrorism’ (Adelphi Paper No. 388, IISS, 2007) 70. 105 Ibid. 106 Herbert-Burns, ‘Tankers, Specialized Production Vessels, and Offshore Terminals’ (n 38) 151. 107 Ibid. 150. 108 Ibid. 152; Brian Jenkins, ‘Potential Threats to Offshore Platforms’ (RAND Corporation, January 1988) 17.

124

OFFSHORE TARGET SELECTION CONSIDERATIONS

necessarily prevent attacks by determined and well resourced adversaries. Rational adversaries are likely to seek a balance between the difficulties of attacking a target and its other attractive features and then opt for those targets that offer the most ‘return on investment’ (or the most ‘bang for the buck’).109 3.3.2 Increased level of security and protection Increased level of security of offshore installations is a deterrent that affects the attractiveness of a target. This may include factors such as increased surveillance levels, tight access controls, armed security guards on board, frequent patrols at sea by maritime security forces that make it more difficult to attack offshore installations in those areas.110 Perpetrators may not be interested in direct confrontations with security forces. Therefore, any increased maritime security patrols or the presence of armed security guards on board or in the vicinity of offshore installations may deter the perpetrators.111 Even the relative close proximity of some offshore installations to the coastline could be seen as a mitigating factor because short distance provides faster air and/or water-borne response in case of an attack.112 Offshore installations, especially newer ones, may have reinforced structures designed to withstand defined accident scenarios such as fires and explosions during oil and gas releases, which also makes it more difficult to intentionally inflict substantial damage to such offshore installations.113 For example, the FPSO Bonga, which was attacked in June 2008 and sustained substantial damage, reportedly now has armour plating to protect it against gunfire and RPGs.114 It has been noted that adversaries usually tend to concentrate their attacks on soft targets, choosing proved tactics.115 Therefore, an offshore installation that shows signs of high level of protection and security arrangements or poses significant operational challenges may be discounted in favour of other targets.116 Offshore installations are arguably ‘hard targets’ due to several factors that make offshore attacks difficult to accomplish. Ackerman et al. assert the level of protection is one of the most important factors because it is a relevant factor to consider not only in the target selection process, but also in the operational planning of adversaries.117

109 Toft, Duero and Bieliauskas (n 19) 4415; Ackerman et al. (n 4) 44. See also John Robb, Brave New War: The Next Stage of Terrorism and the End of Globalization (Wiley & Sons 2007). 110 See, e.g. Martin Tsamenyi and Kwame Mfodwo, ‘Developing Capacity for Addressing Safety, Security and Marine Pollution Concerns Arising from the Oil and Gas Industry’ (Paper presented at the National Conference on Positioning the Transport Sector for the Successful Exploration of Ghana’s Oil & Gas, Accra, 15 July 2009) 12. 111 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 108) 11. 112 OTS, Offshore Oil & Gas Risk Context Statement (n 50) 15–16. 113 Torhaug (n 13) 77. 114 Martin Murphy, ‘Petro-Piracy: Oil and Troubled Waters’ (2013) 57(3) Orbis 424, 436. 115 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 108) 6. 116 Robert Charm, ‘Terrorists See Offshore as Tempting Target’ (January 1983) Offshore 62, 65. However, determined perpetrators will not necessarily stop planning an attack on an offshore target, no matter how high the level of security and protection is: Ackerman et al. (n 4) 44. 117 Ackerman et al. (n 4) 47.

125

OFFSHORE TARGET SELECTION CONSIDERATIONS

3.4 Consequences The ‘type of effect’ attractiveness factors are essentially potential consequences of attacks.118 Consequences can be defined as ‘the potential adverse impacts to a facility, the local community and/or the nation as a result of a successful attack’.119 Consequences can also be defined as ‘the outcomes of an event expressed qualitatively and quantitatively, being loss, injury, disadvantage or gain’.120 The potential consequences of attacks on and unlawful interferences with offshore installations can be quite severe and wide-ranging.121 According to the API SRA methodology: The severity of the consequences of a security event at a facility or operation and the resulting impacts of the event should be expressed in terms of the degree of injury, damage, business interruption costs, or damage to good will toward the organization (reputational damage) that would result if there were a successful act.122

The extent of potential consequences can be local, regional and global, and can be quite substantial in some cases. However, the magnitude and scope of consequences may be different for different forms of security events.123 Attacks on and unlawful interferences with offshore installations have had various consequences ranging from minor interruptions of offshore operations to complete destruction of offshore installations and human casualties. Herbert-Burns has noted that ‘the destruction of such a facility could likely cause extensive loss of life on board, have serious consequences for the operating [company], and send shockwaves through the marine insurance market’.124 The potential consequences can be physical, psychological and financial. Consequences can be classified as direct or indirect, immediate or delayed.125 Transnational terrorist groups such as Al-Qaeda are becoming increasingly interested in impacts that are potentially global, not local.126 Depending on the type of offshore installation attacked and its specific characteristics, potential consequences of an attack can include any one or a combination of any of the following: loss of life and personal injury, damage to and destruction of the offshore installation, environmental harm, process interruptions and

118 See Parfomak and Frittelli (n 101) 3. 119 API and NPRA (n 16) 3. 120 OTS, Offshore Security Assessment Guidance Paper (n 35) 41. 121 See, e.g. Avis (n 59). 122 API, Security Risk Assessment Methodology (n 11) 13. 123 Ibid. 124 Herbert-Burns, ‘Tankers, Specialized Production Vessels, and Offshore Terminals’ (n 38) 150. However, al-Shishani has argued that ‘the impact of attacks on oil interests is limited compared to other factors such as war and civil conflicts, political instability, regime change, export restriction [and] the closure of trade routes’: Murad al-Shishani, ‘Al Qaeda & Oil Facilities in the Midst of the Global Economic Crisis’ (April 2009) Journal of Energy Security www.ensec.org/index.php?option=com_content&view= article&id=190:al-qaeda-aamp-oil-facilities-in-the-midst-of-the-global-economic-crisis&catid=94:0409 content&Itemid=342 accessed 1 December 2015. 125 Maerli et al. (n 5) 34; API, Security Risk Assessment Methodology (n 11) 14. 126 Jan Fedorowicz, ‘The Ten-Thousand Mile Target: Energy Infrastructure and Terrorism Today’ (Critical Energy Infrastructure Protection Policy Research Series No 2-2007, CCISS, March 2007) 5.

126

OFFSHORE TARGET SELECTION CONSIDERATIONS

shutdowns, petroleum supply disruptions, economic costs and financial losses, petroleum price rises and market fluctuations, economic externalities, fear and intimidation, loss of public confidence and the offshore industry reputation, geopolitical impacts and foreign relations, inability to achieve desired effects, and undesirable effects on outside stakeholders. 3.4.1 Loss of life and personal injury Attacks on offshore installations may result in loss of life or personnel injuries. The 1988 Piper Alpha disaster, although not caused by a deliberate act, remains the deadliest offshore incident, resulting in 167 deaths.127 The analysis of past attacks on offshore installations indicates that at least 13 attacks have resulted in human casualties or personnel injuries.128 It is estimated that between 1975 and 2015, at least 40 people were killed and 30 injured as a result of attacks on offshore installations.129 For example, it was reported that on 10 June 2008 nine Nigerian soldiers were killed and four civilians wounded in the attack on the oil facility near Port Harcourt; and on 26 June 2009 some 20 Nigerian soldiers were killed in the attack on Shell’s Forcados offshore terminal.130 Although some of the larger offshore installations can accommodate as many as 200 people, compared to land-based targets relatively few people live and work on offshore installations and some installations are completely unmanned. In general, offshore installations are generally not ideal targets for causing significant human casualties. If inflicting maximum human casualties is the main objective, offshore installations would not necessarily be attractive targets. The lack of potential mass casualties might actually be a deterrent depending on the objectives of the attack. 3.4.2 Damage to and destruction of offshore installations A deliberate violent act against an offshore installation could result in substantial damage, collapse or complete destruction of that offshore installation.131 From a technical standpoint, it is not that difficult to cause considerable damage to an oil well or an offshore installation even with most basic weapons and explosive devices or an RPG. In at least 13 of 113 offshore security incidents in the OIAD damage was caused to offshore installations.132 For example, on 29 June 2009 in Nigeria, MEND insurgents detonated explosives at Forcados offshore terminal causing extensive damage to the installation.133 In some cases, offshore installations were almost completely destroyed. For example, in April 1988, the US Navy attacked and almost completely destroyed the Iranian Salman and Nasr offshore complexes in response

127 ‘The Deadliest Accidents’ Oil Rig Disasters http://home.versatel.nl/the_sims/rig/i-fatal.htm accessed 1 December 2015. 128 See Appendix. 129 Based on various media reports and other sources that were used to compile the OIAD. 130 These two attacks are the deadliest reported attacks on offshore installations. See Appendix. 131 Torhaug (n 13) 79. 132 See Appendix. 133 Ibid.

127

OFFSHORE TARGET SELECTION CONSIDERATIONS

to damage sustained by the US frigate Samuel B Roberts, which was caused by a mine, allegedly belonging to Iran.134 According to Iran, the attacks caused severe damage to the offshore installations and the activities of the Salman offshore complex were halted for more than four years.135 3.4.3 Environmental harm Environmental harm is one of the potential consequences of attacks on offshore installations. A major oil spill from a damaged offshore installation could have significant and even devastating effects on the marine environment and coastal ecosystems.136 Any oil spills resulting from attacks would not be easy to contain and could be quite extensive.137 There is also a risk of hydrocarbon ignition near or on offshore installations, resulting in atmospheric pollution.138 Crude oil fires may also cause environmental harm in the form of atmospheric contamination, and incomplete combustion can result in pooled oil.139 However, offshore installations use sophisticated subsurface safety valves that should automatically shut off the flow of oil or natural gas in the event of fire or attack on an installation.140 During the 1980–88 Iran–Iraq war, a tanker collision with an Iranian offshore installation at Nowruz oilfield in the Persian Gulf caused a massive oil slick, which in March 1983 caught fire as a result of an air strike by the Iraqi forces.141 Response and containment operations were delayed for over two years due to the ongoing war; and the well had spilled over 700,000 barrels of oil into the sea before it was capped in May 1985.142 An oil spill can also generate significant clean-up costs.143 3.4.4 Process interruptions and shutdowns One of the most common and immediate impacts of attacks on or interferences with offshore installations is interruption of processes and operations, and shutdowns of offshore installations. Offshore production installations often have long and complex start-up procedures if they have been shut down due to emergency. Evacuation of the offshore crew is usually required in some instances.144 Offshore operations can be disrupted as a result of attempted attacks even when there was no physical damage caused to offshore installations. For example, after Chevron’s Oloibiri FSO was attacked on 1 May 2007 in the Gulf of Guinea and six oil workers were abducted

134 Ibid. 135 Oil Platforms (Islamic Republic of Iran v United States of America) (Merits) [6 November 2003] ICJ, Summary of the Judgment of 6 November 2003. 136 Testimony before the Committee on Transportation and Infrastructure, United States House of Representatives, Washington DC, 4 February 2009, 4 (Peter Chalk, Senior Policy Analyst). 137 See Kristel De Smedt et al., Civil Liability and Financial Security for Offshore Oil and Gas Activities (Maastricht European Institute for Transnational Legal Research 2013). 138 Adams (n 47) 126. 139 Ibid. 121. 140 API, Security Guidelines for the Petroleum Industry (2nd edn, 2003) 108. 141 See Appendix. 142 US Government, National Oceanic and Atmospheric Administration (NOAA), ‘Nowruz Oil Field’ Incident News http://incidentnews.noaa.gov/incident/6262 accessed 1 December 2015. 143 Maerli et al. (n 5) 37. 144 Adams (n 47) 121.

128

OFFSHORE TARGET SELECTION CONSIDERATIONS

from the installation, the production at fields supported by this FSO was shut down to avoid any additional security or safety incidents.145 Operations of offshore installations could even be shut down as a result of nonviolent interferences with offshore installations (i.e. peaceful protests) or threats of attacks such as bomb threats.146 Most attacks on and unlawful interferences with offshore installations have caused interruptions of offshore operations and many have resulted in shutdowns of offshore installations. On 23 August 2003, also in Nigeria, the local community group of anti-oil activists boarded Shell’s production platform and the nearby Trident VIII jack-up drilling rig, causing the company to stop operations and evacuate personnel.147 Shutdowns can also occur due to damage sustained by an offshore installation. If substantial damage is inflicted to a major offshore production installation as a result of attack, it could take an extended period of time to repair it or its on board equipment. The production could be shut down for a considerable period of time, in some cases weeks, before it could be restored to full pre-attack production rate.148 For example, as a result of the attack on Bonga FPSO in Nigeria on 19 June 2008, the installation was damaged and the company was forced to shut down the entire production at the field (which accounted for 10 per cent of Nigeria’s total petroleum production) for almost a month.149 An attack on an offshore installation or loading terminal at a major oilfield can halt production and commerce for weeks, causing other indirect impacts. There will also likely be an impact on associated operations, services and processes performed by various offshore industry participants. 3.4.5 Petroleum supply disruptions Attacks on offshore installations could also cause disruptions of oil and gas supplies. The dependencies and full impacts of supply shortages and production disruptions are often not apparent until an incident takes place and the production operations are interrupted.150 Any offshore security incident has the potential for a loss of some oil and gas supplies to consumers. Even small outages, failures and petroleum supply disruptions can have broader consequences that cannot always be anticipated. However, it is questionable whether a single attack on an offshore installation could upset the supplies in a serious way.151 That would largely depend on the type of offshore installation, its production rates and availability of alternative sources of supply.

145 See Appendix. 146 ONI, Worldwide Threat to Shipping: Mariner Warning Information (23 May 2007) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/wwtts/wwtts_20070523100000.txt accessed 1 December 2015. 147 See Appendix. 148 Adams (n 47) 125. 149 See Kashubsky (n 69). 150 Uwe Nerlich and Franch Umbach, ‘European Energy Infrastructure Protection: Addressing the Cyber-warfare Threat’ (October 2009) Journal of Energy Security www.ensec.org/index.php?option= com_content&view=article&id=219:european-energy-infrastructure-protectionaddressing-the-cyberwarfare-threat&catid=100:issuecontent&Itemid=352 accessed 1 December 2015. 151 See Torhaug (n 13) 80.

129

OFFSHORE TARGET SELECTION CONSIDERATIONS

According to the IEA, the impacts of disruption in petroleum supplies for a consuming country or region will also depend on the nature and duration of disruption, the type of fuel or petroleum products, the fuel-import intensity of the economy as well as ‘the flexibility and resilience of the economy to respond to and withstand the physical loss of supply and the higher petroleum prices which may result’.152 The attack on Bonga FPSO in June 2008 forced the company to shut down production from the entire field, which normally produces approximately 200,000 bpd and 150 million cubic feet (mcf) of gas per day.153 The closing of the production from the Bonga field alone reduced Nigeria’s oil producing capacity by 10 per cent and caused fears of supply disruptions from Nigeria, which at the time was the world’s eighth-largest oil exporter. In general, offshore installations with higher rates of production or export capacity are likely to cause more serious petroleum supply disruptions, if attacked and damaged or destroyed. The production or export capacity of offshore installations affects the attractiveness of an offshore target and therefore, is likely to be taken into account by adversaries during a target selection process. A well-executed attack on a strategically important offshore oil and gas installation such as a major offshore export terminal can potentially affect the entire economy.154 However, the attacks cause usually only local impacts and disruptions, some of considerable severity.155 It is unlikely that a single attack on oil and gas infrastructure could have a real effect on the supplies of oil and gas to the world markets because there is almost always spare capacity in the production of oil and gas.156 For example, supply disruptions in several countries in the Middle East and North Africa in 2013 had minimal impact on the global oil market.157 Nevertheless, it is possible that a country may be affected by petroleum supply disruptions if there are no adequate arrangements in place. A disruption of petroleum supplies from offshore production can be greater when an offshore field is serviced by two or more large platforms, or when several offshore production sites are combined into one large project with several interconnected production installations. 3.4.6 Economic costs and financial losses Attacks on offshore installations can result in economic costs and financial losses. Adversaries know that petroleum is of critical importance to the global economy, especially to the economies of industrialised Western nations,158 and they recognise that disruptions of petroleum supply have negative economic impacts, both domestic

152 IEA, World Energy Outlook 2007 (2007) 163. 153 See Appendix. 154 See Tanner Campbell and Rohan Gunaratna, ‘Maritime Terrorism, Piracy and Crime’ in Rohan Gunaratna (ed.), Terrorism in the Asia-Pacific: Threat and Response (Eastern Universities Press 2003) 70, 73. 155 Fedorowicz (n 126) 17. 156 Torhaug (n 13) 81. 157 Abdalla El-Badri, ‘The Current Oil Market’ (Speech delivered by OPEC Secretary General, at Oman Energy Forum 2013, Muscat, Oman, 21 October 2013). 158 Lew Bullion, ‘Terrorism and Oil Make Volatile Mix’ (2006) 233(5) Pipeline & Gas Journal 32, 32.

130

OFFSHORE TARGET SELECTION CONSIDERATIONS

and global, which is usually regarded by adversaries as an attractive factor.159 Even peaceful protests can have significant financial costs and consequences especially if offshore operations are interrupted for lengthy periods of time. Offshore installations are very complex and expensive assets, some costing over US$1 billion, so any repair or replacement costs are likely to be high. The destruction of a major offshore installation will have significant financial and economic implications for the oil company and the coastal state.160 Interruptions and delays in drilling or production, and other disruptions to offshore operations usually involve financial losses. For example, such implications could be a combination of direct costs associated with value losses and loss of revenue from oil and gas sales, as well as cost of restoration.161 Financial costs may also be in the form of ransom payments that oil companies pay for the release of abducted offshore workers. It is possible that a properly coordinated attack on a country’s offshore installations could have a major effect on the domestic economy, especially if a country’s economy depends on petroleum exports. Following the attacks on ABOT and KAAOT in Iraq on 24 April 2004, the terminals were immediately shut down by the authorities.162 The ABOT, capable of exporting up to 900,000 bpd, was shut down for two days and KAAOT, which exports about 700,000 bpd, was closed for one day, which together cost Iraq millions of dollars in lost oil export revenues.163 3.4.7 Petroleum price rises and market fluctuations The ramifications of offshore attacks can go far beyond the immediate financial costs and could cause soaring of oil prices and market fluctuations. Considering today’s tight balance between petroleum supply and demand as well as industry practices based on ‘just in time’ deliveries, taking even a small amount of petroleum off the market could cause a rise in oil and gas prices, particularly when global spare capacity is tight or when geopolitical tensions are high.164 Schmid has noted that ‘disrupting the global energy market can be a very rewarding strategy for those who wish to damage those whose power depends on their positions in the energy sector’.165 Even a small scale attack against a major offshore installation will likely have an effect on the price of oil. For example, it was estimated that the attacks on ABOT and KAAOT in April 2004 caused an oil price increase that resulted in a loss of approximately US$6 billion to the global economy.166 Sometimes anticipated attacks 159 Philippe Bouvier, ‘Oil & Gas Industry – Towards Global Security: A Holistic Security Risk Management Approach’ (Thales White Paper, 2007) 3. 160 Adams (n 47) 125. 161 See Maerli et al. (n 5) 37. 162 Nicolas Pyke, ‘Suicide Bomber Boats Explode in Attack on Basra Oil Terminal’ (The Independent, 25 April 2004) www.independent.co.uk/news/world/middle-east/suicide-bomber-boats-explode-in-attackon-basra-oil-terminal-756454.html accessed 20 September 2008. 163 Ali Koknar, ‘Maritime Terrorism: A New Challenge for NATO’ (2005) Energy Security [18] www.iags.org/n0124051.htm accessed 1 December 2015; John Daly, ‘The Threat to Iraqi Oil’ (2004) 2(12) Terrorism Monitor. 164 IEA (n 152) 163. 165 Alex Schmid, ‘Terrorism and Energy Security: Targeting Oil and Other Energy Sources and Infrastructures’ in James Ellis (ed.), Terrorism: What’s Coming – The Mutating Threat (MIPT 2007) 28, 28. 166 See Andrew Forbes, ‘The Economic Impact of Disruptions to Seaborne Energy Flows’ (2008) 23 Papers in Australian Maritime Affairs 57, 65.

131

OFFSHORE TARGET SELECTION CONSIDERATIONS

or threats of attacks can cause oil prices to increase.167 It was reported that a video statement that aired on Al-Jazeera in December 2005, in which Al-Qaeda’s deputy leader, Ayman al-Zawahiri, called for attacks aimed at oil installations in the Middle East, caused crude oil prices to rise by nearly US$1.168 The effects of isolated offshore attacks on the world oil market oil prices are not likely to be long-standing.169 3.4.8 Economic externalities The interdependencies of offshore installations should be considered in estimating potential consequences.170 Attacks on offshore installations can cause considerable economic externalities.171 Today, attacking offshore installations may be seen by adversaries as ‘an alternative means for potentially causing mass economic destabilization’.172 It potentially provides an opportunity for adversaries to negatively impact national and global economies, and therefore potentially affects a much wider audience. Security incidents involving offshore installations add to the already existing uncertainties and volatilities of the petroleum market.173 Economic externalities caused by attacks on offshore installations can include higher insurance premiums, increasing government spending on the protection and security measures, additional costs and burdens placed on the oil and gas industry relating to compliance with new security requirements,174 as well as broader effects such as foreign exchange rates and economic security generally.175 These economic externalities are difficult to estimate. 3.4.9 Fear and intimidation Besides physical and economic consequences, attacks on offshore installations can also result in psychological effects such as intimidation, public fear and a sense of insecurity.176 Like many business activities, the offshore petroleum industry is

167 See, e.g. David Litterick, ‘Petrol Soars to £1 a Litre Amid Fears of Oil Terrorism’ (Telegraph, 2 June 2004) www.telegraph.co.uk/news/worldnews/middleeast/saudiarabia/1463400/Petrol-soars-to-1a-litre-amid-fears-of-oil-terrorism.html accessed 1 December 2015; Martyn Wingrove, ‘Nigeria Kidnap Hikes Up Oil Price’, Lloyd’s List DCN (Sydney, 8 June 2006) 14. 168 Jennifer Giroux and Caroline Hilpert, ‘The Relationship Between Energy Infrastructure Attacks and Crude Oil Prices’ (October 2009) Journal of Energy Security www.ensec.org/index.php?option =com_content&view=article&id=216:the-relationship-between-energy-infrastructure-attacks-and-crudeoil-prices&catid=100:issuecontent&Itemid=352 accessed 1 December 2015. 169 Richard Farrell, ‘Maritime Terrorism: Focusing on the Probable’ (2007) 60(3) Naval War College Review 46, 53. See also Herbert-Burns, ‘Tankers, Specialized Production Vessels, and Offshore Terminals’ (n 38) 150 (arguing that ‘the large scale impact to the host country and the world oil market of an attack or hostage-taking on an FPSO would probably be very limited in scale and duration in the event production was halted’). 170 API, Security Risk Assessment Methodology (n 11) 14. 171 Michael Greenberg et al., Maritime Terrorism: Risk and Liability (RAND Corporation 2006) 16. 172 Ibid. 15. 173 Torhaug (n 13) 80. 174 Hidden costs placed on governments and the petroleum industry can sometimes outweigh the cost accrued from any physical damage: Murphy, ‘Contemporary Piracy and Maritime Terrorism’ (n 104) 107, citing Yonah Alexander and Tyler Richardson, ‘He Who Commands the Sea . . .’, Jerusalem Post (Jerusalem, 19 December 2002) 9. 175 At one point, the market ‘terrorist premium’ on crude oil had been estimated in the range from about US$5 to US$15 per barrel: Torhaug (n 13) 80. 176 See, e.g. Torhaug (n 13) 77.

132

OFFSHORE TARGET SELECTION CONSIDERATIONS

susceptible to unquantifiable psychological factors,177 but adversaries may be seeking effects beyond those targeted.178 For example, in terrorists’ target selection, the coercive potential is as important as is the potential to cause physical damage and economic costs. Terrorists usually seek to ‘convey their message with a maximum intimidation effect’.179 However, in order to achieve intimidation effect, the attacks ‘must be perceived as incurring high costs by the primary target audience’.180 The loss of life is usually considered very costly, so in order to cause significant intimidation, the attack needs to result in some human casualties.181 However, only a few people have died as a result of attacks on offshore installations;182 hence, the intimidation effect of attacking offshore installations may be limited. To achieve a significant intimidation effect, an attack on an offshore installation would also need to have media attention and publicity. Jenkins has argued that a terrorist attack on an offshore installation can attract significant public and media attention.183 He further noted that offshore installations have means of communication that can be used for broadcasting propaganda and negotiating with authorities.184 For example, according to MEND, one of the reasons for attacking the FPSO Bonga in June 2008, which is located some 120 km offshore in the Gulf of Guinea, was to demonstrate MEND’s capabilities to attack offshore installations far offshore, which were previously considered to be out of reach of Nigerian insurgent groups.185 Shortly after the attack on Bonga, the MEND commander said in a media statement: the truth is that [oil companies] are taking their production offshore, where they think that the military will protect them, that is part of the reason we went there to tell them that no place is safe for them in the Niger-Delta . . . I have told you that we will cripple the oil facilities in the region . . . And because we have made our point by coming to where they think we cannot get to, I decided to tell the other fighters that we should go. If not, we were armed with enough Rocket Propelled Grenades and other weapons to bring it down . . . We know everything about FPSO before we went there. Nobody should delude himself.186

Reportedly, the attack apparently sent shockwaves through the oil industry and raised concerns and even fears for the security of deep-sea offshore projects in the area 177 See Catherine Raymond, ‘Maritime Terrorism, A Risk Assessment: The Australian Example’ in Joshua Ho and Catherine Raymond (eds), The Best of Times, the Worst of Times (World Scientific Publishing 2005) 179, 206. 178 Maerli et al. (n 5) 34. 179 Toft, Duero and Bieliauskas (n 19) 4414, citing Robert Pape, ‘The Strategic Logic of Suicide Terrorism’ (2003) 97(3) American Political Science Review 343–61. 180 Toft, Duero and Bieliauskas (n 19) 4415. 181 Ibid. 182 See Appendix. 183 DFAT, Combating Terrorism in the Transport Sector: Economic Costs and Benefits (2004) 15. 184 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 108) 16; cf. Brian Jenkins et al., ‘A Chronology of Terrorist Attacks and Other Criminal Actions Against Maritime Targets’ (RAND Paper Series, RAND Corporation, September 1983) 3 (noting that authorities responsible for security of offshore installations can more easily cut off communications and to some extent isolate an offshore installation from television cameras and media access). 185 Emma Amaize, Kingsley Omonubi and Uduma Kalu, ‘Attack on Bonga – MEND Reveals How Its Men Carried Out Raid’ (All Africa, 28 June 2008) http://allafrica.com/stories/200806280011.html accessed 1 December 2015. 186 Ibid. (emphasis added).

133

OFFSHORE TARGET SELECTION CONSIDERATIONS

that had previously been considered out of the reach of insurgent groups.187 It is likely that the attack on Bonga had at least some intimidation effect. 3.4.10 Loss of confidence and industry reputation An attack on an offshore installation can also negatively impact the industry stockholders’ and public’s confidence in the security of the industry,188 and can have the effect of undermining the state authority by challenging its ability to protect its offshore installations.189 Public confidence in the security of the offshore petroleum industry is important. Negative public opinion and reaction to an offshore attack or to its consequences can lead to unfavourable political decisions that, in turn, can result in offshore projects and expansion programmes being halted for months and even years.190 High-profile, strategic offshore installations may be attractive to some adversaries because of their potential for undermining the stakeholder and public confidence in the security of the offshore industry in a given area.191 Damage to company or industry reputation and negative publicity is one of the potential consequences of attacks on offshore installations.192 Continuous offshore attacks can result in reluctance of some oil companies to operate in certain high-risk areas and the perceived risk may drive up the costs of offshore oil and gas projects in those areas.193 3.4.11 Political and foreign relations impacts Attacks on offshore installations may have political ramifications and impacts on foreign relations.194 Given the strategic importance of petroleum, the political impacts may be domestic, regional and international. Oil and gas are strategic resources from both the economic and political point of view.195 Petroleum exporting countries always have a strong interest in ensuring that they are considered reliable suppliers of energy so that their consumers do not shift to alternative suppliers or alternative fuels.196 Rudner has noted that attacks on energy infrastructure can impact 187 Jeff Vail, ‘The Significance of the Bonga Offshore Oil Platform Attack’ (The Oil Drum, 24 June 2008) www.theoildrum.com/node/4196 accessed 1 December 2015; ‘Nigeria Navy Sends Ships to Secure Offshore Bonga Oilfield’ (Rigzone, 23 June 2008) www.rigzone.com/news/article.asp?a_id=63304 accessed 2 July 2008; Nick Tattersall, ‘Tougher Security Needed for Nigeria’s Offshore Oil’ (Mirror News, 20 June 2008) www.mirror.co.uk/news/latest/2008/06/20/tougher-security-needed-for-nigeria-soffshore-oil-89520-20615297/ accessed 22 June 2008. 188 John Thackrah, Dictionary of Terrorism (2nd edn, Routledge 2004) 166. 189 Jennifer Giroux, ‘Global Platforms and Big Returns: Energy Infrastructure Targeting in the 21st Century’ (CTN Newsletter Special Bulletin Protecting Critical Energy Infrastructure from Terrorist Attacks, OSCE, January 2010) 18, 18. 190 See, e.g. Schmid (n 165) 32. 191 DFAT, Transnational Terrorism: The Threat to Australia (2004) 13. For example, Al-Qaeda is known for its attention to high-profile, high-sensitivity targets. See, e.g. Ulph (n 70) 23. 192 API, Security Risk Assessment Methodology (n 11) 13. 193 See, e.g. Torhaug (n 13) 77. 194 See Aaron Shull, ‘Assessment of Terrorist Threats to the Canadian Energy Sector’ (Critical Energy Infrastructure Protection Policy Research Series No. 4-2006, CCISS, March 2006) 12. 195 Umberto Saccone, ‘Oil Infrastructure Protection’ (CTN Newsletter Special Bulletin Protecting Critical Energy Infrastructure from Terrorist Attacks, OSCE, January 2010) 34, 34. 196 Patrick Clawson and Simon Henderson, ‘Reducing Vulnerability to Middle East Energy Shocks: A Key Element in Strengthening US Energy Security’ (Policy Focus No 49, Washington Institute for Near East Policy, November 2005) 16.

134

OFFSHORE TARGET SELECTION CONSIDERATIONS

on the willingness of neighbouring countries ‘to depend on partners for national security generally, and for energy sourcing in particular’.197 States that are net exporters of petroleum are interested in maintaining reliable consumers for their oil and gas exports,198 just as states that are net importers of petroleum are interested in having reliable undisrupted supplies of oil and gas. Therefore, the interests and concerns of major petroleum consuming states need to be respected and addressed. An attack or series of attacks on offshore installations could weaken international confidence, make the coastal state appear incapable of protecting its critical infrastructure,199 and may adversely impact on future foreign investment in that coastal state’s offshore petroleum exploration and production, or future contacts for the supply of oil and gas.200 3.4.12 Inability to achieve desired effects One of the potential consequences of attacks on offshore installations could be that the attack would not achieve the desired effect or anticipated consequences. In other words, this means that one of the consequences of an attack could be that an attack does not succeed or at least does not achieve all operational objectives. Even if the perpetrators successfully gain access to an offshore installation, there is no guarantee that they would be able to achieve the intended objectives or the desired effect.201 For example, an attack on an offshore installation may cause the destruction of the installation and subsequent economic and financial consequences, but such an attack will not necessarily result in large loss of life,202 nor will it necessarily receive the desired level of media and public attention. Jenkins has noted that authorities responsible for security of offshore installations can more easily cut off communications and to some extent isolate an offshore installation from television cameras and media access,203 mainly due to offshore locations which present natural difficulties. ‘The isolated nature of an offshore platform would also make it difficult for the news media to cover the incident visually.’204 If publicity is an important objective of the perpetrators, attacks on offshore installations may not necessarily be the best targets to achieve that objective. 3.4.13 Undesired effects on external stakeholders Attacks on offshore installations can also cause undesired or unintentional consequences that may have a ‘blow back’ effect on the perpetrators, so they are likely to pay attention to how their attacks might impact on ‘a range of outside

197 Martin Rudner, ‘Protecting North America’s Energy Infrastructure Against Terrorism’ (2006) 19(3) International Journal of Intelligence and Counterintelligence 424, 434. 198 Daniel Yergin, ‘Ensuring Energy Security’ (2006) 85(2) Foreign Affairs 69, 71. 199 Ali Koknar, ‘The Epidemic of Energy Terrorism’ in Gal Luft and Anne Korin (eds), Energy Security Challenges for the 21st Century: A Reference Handbook (ABC-CLIO 2009) 18. 200 OTS, Offshore Oil & Gas Risk Context Statement (n 50) 12–13. 201 See Levi West, ‘Virtual Terrorism: Data as Target’ in Nicholas Evans et al., ‘Cybersecurity: Mapping the Ethical Terrain’ (Occasional Paper No. 6, National Security College, June 2014) 28, 31. 202 See Sam Bateman, ‘The Threat of Maritime Terrorism in South East Asia: What Are We Dealing With?’ (2008) 21 Papers in Australian Maritime Affairs 27, 30. 203 Jenkins et al., ‘A Chronology of Terrorist Attacks’ (n 184) 3. 204 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 108) 17.

135

OFFSHORE TARGET SELECTION CONSIDERATIONS

constituencies whose reactions and interests they value’.205 Arguably, the most important groups of external stakeholders are the target audience, supporters and sympathisers.206 Adversaries need to be careful in selecting targets in order not to alienate their stakeholders.207 There are also strategic considerations that require perpetrators to be careful in selecting their targets. Baev has noted that there are other forces at work in limiting the threat to petroleum installations, and some of those may be related to the political agendas and strategic considerations of adversaries.208 Therefore, in light of these considerations, potential impacts of offshore attacks on external stakeholders are likely to influence target selection of adversaries and attractiveness of offshore installations as targets.209 Such considerations may lead to adversaries refraining from attacking offshore installations and opting for alternative targets. 4 Ranking of offshore target attractiveness Target attractiveness is an assessment of the target’s value from the threat’s perspective and it is a key factor in determining the likelihood of an attack.210 Having analysed the offshore target attractiveness factors, the next step would be to rank them. Target attractiveness should be ranked ‘for each critical asset to each credible threat’ and target attractiveness ranking shall be assigned to each target.211 The API SRA methodology uses a five-level target attractiveness ranking system for defining attractiveness of targets: level 1 (very low), level 2 (low), level 3 (medium), level 4 (high), and level 5 (very high). Level 1 attractiveness ranking is when a threat ‘would have little or no level of interest in the target’; level 2 ranking is when a threat ‘would have some degree of interest in the target, but it is not likely to be of interest compared to other targets’; level 3 ranking means a threat ‘would have a moderate degree of interest in the target relative to other targets’; level 4 ranking means a threat ‘would have a high degree of interest in the target relative to other targets’; and level 5 attractiveness ranking means a threat ‘would have a very high degree of interest in the target, and it is a preferred choice relative to other targets’.212 According to the API SRA methodology, the attractiveness of targets ‘varies with the threat and its motivation, intent, and capabilities’.213 For instance, the level of threat posed by a terrorist group and the types of targets in which it might be

205 Toft, Duero and Bieliauskas (n 19) 4415; cf. Ely Karmon, ‘Al Qa’ida and the War on Terror After the War in Iraq’ (2006) 10(1) Middle East Review of International Affairs 1, 7–22. 206 Toft, Duero and Bieliauskas (n 19) 4415, citing Drake (n 6) 145; Ackerman et al. (n 4) 42–44. 207 Toft, Duero and Bieliauskas (n 19) 4416. 208 Pavel Baev, ‘Reevaluating the Risk of Terrorist Attack Against Energy Infrastructure in Eurasia’ (2006) 4(2) China and Eurasia Forum Quarterly 33, 35 (asserting that Chechen insurgents could have attacked Russian oil refineries, but did not do so because they did not want to alienate Western countries, which would have viewed such an attack as a potential threat to their petroleum supplies). 209 Ackerman et al. (n 4) 42–44; Toft, Duero and Bieliauskas (n 19) 4415. 210 API, Security Risk Assessment Methodology (n 11) 35. 211 Ibid. 212 API, Security Risk Assessment Methodology (n 11) 36. 213 Ibid.

136

OFFSHORE TARGET SELECTION CONSIDERATIONS

interested may be very different from the targets of interest to environmental activists or organised criminal groups.214 Normally, at the company level, each offshore installation would need to be analysed ‘to determine the factors that might make it a more or less attractive target to the threat’ and the rationale for why the particular target is attractive (or unattractive) to each applicable threat should be documented.215 Therefore, to determine the attractiveness of a target from the threat’s perspective, each category of threat should be evaluated against each critical asset, which is referred to as the ‘threat–target pairing’ or ‘threat–asset pairing’.216 Since this book looks at the industry-level rather than a target-level, the ‘threat–target pairing’ and the attractiveness ranking of specific targets is not discussed. 5 Offshore attacks and interferences methods/scenarios As part of the target selection process, perpetrators will also consider potential methods or tactics of carrying out an attack (i.e. modus operandi). Depending on their capabilities and objectives adversaries can use a variety of attack tactics, access methods and weapons to carry out attacks on offshore installations. They will consider what types of targets and tactics are the most likely to result in a successful attack, given their capabilities.217 The perpetrators would have to decide whether to gain access to an offshore installation covertly by disguising themselves as offshore workers, offshore service providers or security forces (or by carrying out an attack at night, under the cover of darkness), or overtly, in which case they would have to openly attack the installation.218 Scenarios of attacks and security incidents involving offshore installations range from bomb threats and unauthorised boarding to abduction of offshore workers and even military strikes. In particular, potential offshore attack scenarios include: threat of attacks or bomb threats, detonation of explosives or bombs, underwater attacks, direct attacks, armed attacks using firearms or stand-off weapons, armed intrusions, seizures or takeovers of offshore installations, abduction and hostage-taking, use of ships or aircrafts as weapons, internal attacks and interferences, cyber attacks, nonviolent protests and interferences, and simultaneous attacks and interferences. The types of security incidents and attack scenarios discussed below do not provide an exclusive list but rather examples of the types of possible methods and scenarios of attacks. In fact, an attack on an offshore installation can comprise a combination of several of these scenarios. 5.1 Threat of attack or bomb threat A threat of attack or a bomb threat is one of potential incident scenarios involving offshore installations. Although not an attack as such, this type of unlawful

214 215 216 217 218

Ibid. Ibid. 35, 62. Ibid. 14. Maerli et al. (n 5) 35. Jenkins, ‘Potential Threats to Offshore Platforms’ (n 108) 16.

137

OFFSHORE TARGET SELECTION CONSIDERATIONS

interference can cause significant interruptions in petroleum production and subsequent economic costs and financial losses. Making a bomb threat is easy and does not require any skills or resources on the part of perpetrators, but such false alerts and threats cause disruption of offshore operations and force evacuation of offshore personnel,219 which can prove to be very costly to both oil companies, in the sense of lost production or delayed operations, and governments in terms of expenditure on response efforts. There have been at least ten bomb threats and threats of attack on offshore installations.220 Several bomb threats have been made against offshore installations in the US,221 and several in the UK. For example, on 25 August 1975 in the UK, Philips Petroleum Company received anonymous telephone calls that warned that underwater explosives had been attached to the substructures of offshore installations at the Hewett gas field, some 20 nautical miles offshore, but the threat turned out to be a hoax.222 In May 1977, in Angola, the Front for the Liberation of the Enclave of Cabinda (FLEC) insurgents issued a warning that it planned to attack the offshore drilling complex of the Gulf Oil Company in the Cabinda enclave of Angola and intended to use ground-to-ground missiles, unless the company evacuated its 200 British and American employees within three days.223 In 1981, British and Norwegian authorities were put on alert following a warning that Palestinian terrorists planned to blow up an offshore installation in the North Sea, but the anonymous call turned out to be a hoax as the installation searches revealed no bombs.224 5.2 Detonation of explosives or bombs An attack using explosives or bombs is another possible scenario of attacking offshore installations. IEDs can be delivered to an offshore installation on a fishing or recreational vessel, an offshore supply vessel, a helicopter servicing an offshore installation, or a submersible craft.225 Such an attack can also be carried out by a person working on the installation or other offshore industry insiders. Explosives are not very difficult to obtain and can cause significant damage to an offshore target. There have been at least six bombings of offshore oil and gas installations. For example, on 25 June 2009 in Nigeria, MEND insurgents blew up Jacket B wellhead platform at the Afremo offshore oilfield, and on 29 June 2009, they detonated explosives at Forcados offshore loading terminal causing damage to the installation.226

219 Ibid. 12. 220 See Appendix. 221 These include the October 1981 bomb threat against a vessel at Habitat offshore platform and the January 1983 bomb threat against construction barge Challenger I that was involved in emplacement of Chevron’s Edith oil platform. 222 Breemer (n 62) 455. 223 Jenkins et al., ‘A Chronology of Terrorist Attacks’ (n 184) 15. 224 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 108) 3. 225 See Parfomak and Frittelli (n 101) 10. 226 See Appendix.

138

OFFSHORE TARGET SELECTION CONSIDERATIONS

Detonating well-placed explosives on the supporting structure of an offshore installation may cause the entire rig to collapse resulting in possible damage to the production wells and flow lines, oil spills and probable fire.227 According to Greenberg et al., ‘onboard bombings present the greatest combination of threat and vulnerability’ among various types of attack scenarios.228 While this tactic may require a combination of navigation, waterborne assault and demolition skills, explosives can become a weapon of choice for attacks against offshore installations.229 5.3 Underwater attack It has been suggested that an attack that involves the use of underwater explosives, such as limpet mines, can inflict massive damage to an offshore installation and result in human casualties.230 Perpetrators with scuba diving capabilities conceivably could attach an explosive device to a substructure of an offshore installation.231 Such an attack can be carried out by one or more divers or swimmers, but the degree of difficulty of this tactic is relatively high. It has been suggested that Al-Qaeda and other terrorist groups were trying to develop underwater capabilities including skills in diving and the use of underwater explosives probably to carry out underwater attacks on ships, offshore installations and other maritime targets.232 In July 2003, it was reported that a scuba diving school in the Netherlands had been used by suspected Al-Qaeda members.233 An underwater attack against an offshore installation can also be carried out using small submarines or unmanned underwater explosive delivery crafts. The LTTE insurgents have tested and used submersible craft, but submersibles to which terrorist and insurgent groups have access are very unstable in rough seas and not suitable for travelling long distances.234 While it is expected that underwater capabilities of adversaries are going to continue to improve,235 it is also arguable

227 Avis (n 59). 228 Michael Greenberg et al., Maritime Terrorism: Risk and Liability (RAND Corporation, 2006) xviii. 229 Adams (n 47) 80–81. 230 Campbell and Gunaratna (n 154) 84. 231 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 108) 12. 232 It was reported that members of terrorist groups have undertaken scuba diving and underwater demolition training believed to be for planned seaborne attacks both inside and outside the Philippines: Eduardo Santos, ‘Abu Sayyaf and Its Capability to Threaten Sea Lanes’ (2008) 23 Papers in Australian Maritime Affairs 93, 99. The local security forces believe that the main purpose for taking these courses has been to facilitate underwater attacks against oil and gas pipelines off the coast of Mindanao, Philippines: Peter Chalk, The Maritime Dimensions of International Security: Terrorism, Piracy, and Challenges for the United States (RAND Corporation 2008) 22. 233 The Al-Qaeda operatives arrested and convicted in Morocco for planning maritime attacks targeting US ships in the Strait of Gibraltar in 2002 also mentioned the Dutch school and in May 2003 a diving licence from a scuba diving school was found in the possession of another arrested terrorist from the Salafist Group for Preaching and Combat (GSPC), which in 2006 became known as Al-Qaeda in the Islamic Maghreb (AQIM): International Institute for Counter-Terrorism (IICT) Jihadi Websites Monitoring Group (JWMG), ‘Al-Qaeda Claims Responsibility for the Attack on a Western Sea Vessel in the Region of the Strait of Hormuz’ (JWMG Insights, IICT, August 2010). 234 Campbell and Gunaratna (n 154) 85. 235 Ibid.

139

OFFSHORE TARGET SELECTION CONSIDERATIONS

that, at present, the skills and capabilities required to carry out an underwater attack successfully are of relatively high order.236 Reportedly, there has been at least one security incident involving the use of underwater explosives to attack an offshore installation.237 There have been several attacks of this type against ships and subsea pipelines. In September 1983, an underwater oil pipeline and part of the oil terminal at Puerto Sandino, Nicaragua were blown up using underwater explosives.238 The same pipeline was blown up again in October 1983.239 5.4 Direct attack An offshore attack using stand-off weapons240 such as rockets, shoulder-fired missiles, air-to-ground missiles, RPGs, or other firearms such as machine guns and assault rifles is one of the possible scenarios of attacks on offshore installations.241 These types of attacks can be referred to as direct attacks. Direct attacks have been carried out by armed forces of hostile states in areas of armed conflict and by non-state actors. There have been at least 11 direct attacks on offshore installations.242 For example, in March 1983, the Iraqi air force attacked the Iranian offshore installation at the Nowruz oilfield, which collapsed and caused an oil slick that caught fire.243 In October 1987, the US Navy attacked the Iranian Reshadat offshore complex; and in April 1988 they attacked and destroyed Iranian Salman and Nasr offshore oil complexes.244 In most cases, however, the perpetrators used firearms such as machine guns, assault rifles and RPGs to carry out direct attacks on offshore installations. 5.5 Armed intrusion Armed intrusion of offshore oil and gas installations is one of the most common offshore attack scenarios. There have been at least 27 armed intrusions of offshore installations.245 Perpetrators armed with assault rifles, machine guns and RPGs can

236 Bateman (n 202) 34. 237 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 108) 3 (stating that ‘Moluccan extremists are believed responsible for planting a limpet mine on a drilling rig in Rotterdam harbor’). 238 Military and Paramilitary Activities in and against Nicaragua (Nicaragua v United States of America)(Merits) [1986] ICJ Rep 14, 38 (‘Nicaragua’), START, Global Terrorism Database (2013) [Data file] www.start.umd.edu/gtd accessed 6 February 2015. 239 Ibid. 240 A standoff weapon can be defined as a ‘weapon which may be launched at a distance sufficient to allow attacking personnel to evade defensive fire from the target area’: Sybil Parker, McGraw-Hill Dictionary of Scientific & Technical Terms (6th edn, McGraw-Hill 2003). 241 DFAT (n 191) 15. 242 See Appendix. 243 US Gulf Task Force, Environmental Crisis in the Gulf: The US Response (6 November 1992), cited in Alicia Watts-Hosmer, Colby Stanton, and Julie Beane, ‘Intent to Spill: Environmental Effects of Oil Spills Caused by War, Terrorism, Vandalism, and Theft’ (Paper presented at 1997 International Oil Spill Conference, Fort Lauderdale, US, 7–10 April 1997) 157, 158. 244 Andrew Garwood-Gowers, ‘Case Note: Case Concerning Oil Platforms (Islamic Republic of Iran v United States of America) – Did the ICJ Miss the Boat on the Law on the Use of Force?’ (2004) 5(1) Melbourne Journal of International Law 241, 243. 245 See Appendix.

140

OFFSHORE TARGET SELECTION CONSIDERATIONS

use a high-speed craft or a hijacked offshore support vessel to reach an offshore site and board an offshore installation. Adversaries have boarded offshore installations via vessels secured alongside the installation.246 Once perpetrators board the installation there are several ways available to inflict significant damage.247 In the instances of armed intrusions, where perpetrators are able to get access to an offshore installation, they can engage in armed robbery of offshore workers and theft of property including removal of installation equipment and components. However, in most cases, adversaries do not stay on board, but instead they abduct offshore workers or steal property and leave. 5.6 Takeover and seizure A takeover or seizure of an offshore installation is another potential attack scenario. Offshore installations have their own power and contain food and other supplies, which would allow the perpetrators to remain on board for at least a couple of weeks and withstand a lengthy siege.248 However, seizures of offshore installations are quite difficult to accomplish and offer few escape opportunities.249 Such scenarios would require a significant number of attackers and considerable effort on their part. Even if an offshore installation is seized, holding a large offshore installation against an assault by authorities would pose major problems for attackers. There have been at least 12 takeovers and seizures of offshore oil and gas installations, most of which were perpetrated by insurgency groups, while some were carried out by striking workers and members of the local communities.250 On 31 July 2000, armed young men boarded the rig off Nigeria’s coast and took 165 oil workers hostage including 20 foreigners, but released them four days later, after the company made a deal with the hostage-takers.251 An attack involving many hostages could generate a great deal of media attention, but authorities may be able to more easily cut off communication and to some extent isolate the offshore installation from the media.252 In this type of scenario, the crew can be put into one confined area under guard while perpetrators announce their demands to the company and the government authorities.253 5.7 Abduction and hostage taking Abduction of offshore workers is another common attack scenario that is often used by various groups of adversaries, but it usually occurs in high-risk areas. There have

246 Bergen Risk Solutions (n 55) 19. 247 OTS, Offshore Oil & Gas Risk Context Statement (n 50) 17. 248 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 108) 16. 249 Brynjar Lia and Ashild Kjok, ‘Energy Supply as Terrorist Targets? Patterns of “Petroleum Terrorism” 1968-99’ in Daniel Heradstveit and Helge Hveem (eds), Oil in the Gulf: Obstacles to Democracy and Development (Ashgate 2004) 100, 110. 250 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 108) 17. See Appendix. 251 Lia and Kjok (n 249) 110. 252 Jenkins et al., ‘A Chronology of Terrorist Attacks’ (n 184) 3. 253 Charm (n 116) 62–65.

141

OFFSHORE TARGET SELECTION CONSIDERATIONS

been at least 30 incidents of abduction of offshore workers including at least six instances of unlawful detention.254 Hostages could be offshore workers, security guards and personnel of offshore service providers. Insurgents in Nigeria have abducted many offshore workers from offshore installations and later exchanged them for ransom. Abductions are not necessarily fatal and hostages are often released without any physical harm or injuries within a relatively short period of time, but in some cases fatalities do occur. On 22 November 2006, while anchored off Port Harcourt in Nigeria, the FPSO Mystras was reportedly boarded by ten armed men who kidnapped seven workers.255 Their boat was intercepted by the authorities and engaged in a shoot-out during which one worker was killed, one injured, while five others were safely rescued.256 Offshore installations with large offshore crews may be seen as attractive targets for taking of hostages, but they do not offer as many potential hostages as some land based targets provide.257 5.8 Use of ship or aircraft as a weapon Adversaries can exploit the transportation system to carry out an attack against offshore installations by ramming an offshore installation with a hijacked ship or aircraft or an explosive-laden boat to carry out suicide attacks. A large tanker or an LNG carrier can be hijacked and rammed into an offshore installation, which can cause significant damage to the installation and adverse environmental impacts as well as other consequences.258 While turning a ship into a weapon to ram it into an offshore installation may appear to be attractive to terrorists, this attack scenario presents a number of challenges and requires a relatively high degree of sophistication. It would not be easy to hijack a large vessel, then navigate it, remaining undetected, and ram it into an offshore installation.259 A helicopter or small airplane can also be used by perpetrators and crashed into an offshore installation, most likely resulting in serious damage to the installation. It has also been suggested that the perpetrators can use explosive-laden unmanned aerial vehicles (UAVs) to carry out an attack.260 There are practically no preventive

254 See Appendix. 255 IMB, Piracy and Armed Robbery Against Ships Annual Report 1 January – 31 December 2006 (2007). 256 Ibid. 257 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 108) 16. 258 The collision of Usumacinta jack-up rig with Kab-101 platform in the Gulf of Mexico in October 2007 caused a rupture in the installation’s production tree, resulting in an oil spill that caught fire killing 22 people and causing major damage to both offshore installations: ‘Usumacinta’, Oil Rig Disasters http://home.versatel.nl/the_sims/rig/usumacinta.htm accessed 1 December 2015. 259 Murphy has argued that ‘any use of large ships is a major challenge to terrorists, as such vessels are difficult to control, needing a trained crew to operate them effectively . . .’: Murphy, ‘Contemporary Piracy and Maritime Terrorism’ (n 104) 61. 260 Current pilot-less drones are equipped with Global Positioning System (GPS) and undetectable by radar, causing concern for the security community. According to Head of Canadian Secret Service, Michael Gauthier, ‘We’re observing an increasing threat from such thing as remote-controlled aircraft used as small flying bombs against soft targets.’: Michael Moutot, ‘Flying Robot Attack “Unstoppable”: Experts’ (Mail & Guardian, 7 May 2006) http://mg.co.za/article/2006-05-07-flying-robot-attackunstoppable-experts accessed 1 December 2015.

142

OFFSHORE TARGET SELECTION CONSIDERATIONS

measures that offshore installations can reasonably take to prevent attacks by an aircraft.261 There have been incidents of hijacked aircrafts by perpetrators.262 A suicide attack against an offshore installation using explosive-laden vessels is another feasible scenario.263 The types of vessels that can be used by perpetrators include high-speed boats, commercial and recreational fishing vessels, yachts, and hijacked offshore supply vessels.264 Perpetrators can place an explosive-laden boat alongside an offshore installation and detonate it, using either a suicide bomber, timing delay device or radio transmitter.265 The use of small high-speed craft to attack an offshore installation provides a certain tactical advantage in terms of manoeuvrability, speed, and surprise compared to larger vessels.266 In the attacks on Iraq’s ABOT and KAAOT on 24 April 2004 terrorists used explosive-laden boats, two of which exploded in the vicinity of ABOT.267 These two attacks have so far been the only attacks where perpetrators used a ship as a weapon against an offshore installation. 5.9 Internal attacks and interferences This type of scenario includes interferences with operations or damage to offshore installations caused by malicious actions of ‘insiders’ such as unauthorised access, fraudulent activities, disclosure of confidential information and sabotage.268 As discussed in Chapter 3, insiders could be either working individually or in collaboration with external adversaries.269 An insider could conceivably sabotage some critical components or tamper with essential equipment or systems of an offshore installation.270 It is also possible that disgruntled insiders could assist external adversaries by providing intelligence or assistance in carrying out an attack.271 The prospect of an internal attack at an offshore installation seems to be a viable scenario that could potentially have serious consequences. While there appear not

261 OTS, Offshore Oil & Gas Risk Context Statement (n 50) 18. See also Cordner (n 2) 177. 262 For instance, on 27 June 1999 armed local anti-oil activists stormed an offshore installation in Port Harcourt, Nigeria and abducted three oil workers, after which they hijacked a helicopter and forced the pilot to fly them and hostages to a village near Warri. See Appendix. 263 Adams (n 47) 90. 264 Tsamenyi and Mfodwo (n 110) 12. 265 OTS, Offshore Oil & Gas Risk Context Statement (n 50) 15. 266 Parfomak and Frittelli (n 101) 6. 267 A third boat was intercepted by a coalition forces vessel as it approached the exclusion zone of KAAOT and exploded soon after it was boarded by US Navy and US Coast Guard (USCG) personnel. However, Lehr has noted that according to the report of the JINSA, both boats exploded before they could reach their targets: Lehr (n 54) 60, fn 12, citing Jonathan Howland, ‘Countering Maritime Terror, US Thwarts Attacks, Builds Up Foreign Navies’ (JINSA Online, 17 June 2004). 268 See OTS, Offshore Oil & Gas Risk Context Statement (n 50) 15; Gary Stoneburner, Alice Goguen and Alexis Feringa, ‘Risk Management Guide for Information Technology Systems’ (Recommendations of the National Institute of Standards and Technology, July 2002) 14. 269 See, e.g. East and Bailey (n 79). 270 Charm (n 116) 62–65. On 6 July 1960 in Trinidad, oil company workers on strike against Texaco Trinidad Inc, opened storage tank valves in the Port of Spain, spilling 200,000 gallons of gasoline, kerosene, and oil into the sea: Jenkins et al., ‘A Chronology of Terrorist Attacks’ (n 184) 7. 271 OTS, Offshore Oil & Gas Risk Context Statement (n 50) 19.

143

OFFSHORE TARGET SELECTION CONSIDERATIONS

to have been any reported attacks on offshore installations by industry insiders, Jenkins has noted that a fake bomb was found on one of the British offshore installations in the North Sea, presumably placed by one of the workers.272 There have also been several peaceful takeovers of offshore installations by offshore workers, which can be considered as internal interferences.273 5.10 Cyber attacks The number of cyber attacks against energy infrastructures has been growing and offshore installations are among the potential targets. Studies by computer security firms have suggested that the highest rates of computer attack activity were directed against critical infrastructures including the energy sector.274 The network infrastructure or computer control system may be one avenue through which a cyber attack against an offshore installation may be carried out.275 Cyber attacks are becoming more sophisticated. The types of cyber attacks can include system intrusion, altering data, collecting sensitive data, disabling of critical system components of offshore installations, disruption to computer systems and networks through the denial of essential services, and implanting malware into network and control systems.276 According to security software company Symantec, a hacker group known as Dragonfly (also known as Energetic Bear), have successfully installed RATs inside the networks of hundreds of companies in the energy sector in Europe and the US.277 Cyber attacks on critical computer networks and SCADA systems of offshore installations may be seen as an alternative to carrying out physical attacks, yet still intending and attempting to cause physical damage to the installations using computer technology. If perpetrators considered that a physical attack against an offshore installation was too difficult, the perpetrators might consider a cyber attack. Compared to physical attacks, cyber attacks require less financial and operational resources in most cases, yet they can have a significant impact on the company operations as demonstrated by a cyber attack on Saudi Aramco in August 2012, when some 30,000 office workstations were infected by a malware known as Shamoon.278 In August 2014, it was reported that some 300 companies in the petroleum and energy industry, including Norway’s largest oil company Statoil, were

272 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 108) 3. 273 See Appendix A. 274 John Rollins and Clay Wilson, ‘Terrorist Capabilities for Cyberattack: Overview and Policy Issues’ (CRS Report for Congress, US Congress, 2007) 6. 275 DFAT (n 191) 18. 276 WEF, Global Risks Report 2012 (7th edn, 2012) 25; OITS (n 65) 107. 277 Robert Lemos, ‘Cyber-Attack Campaign Targets Energy Firms, Industrial Control Systems’ (eWeek, 2 July 2014) www.eweek.com/security/cyber-attack-campaign-targets-energy-firms-industrycontrol-systems.html accessed 1 December 2015; Symantec, ‘Dragonfly: Western Energy Companies Under Sabotage Threat’ (30 June 2014) www.symantec.com/connect/blogs/dragonfly-western-energycompanies-under-sabotage-threat accessed 1 December 2015. 278 Kovacs (n 77) .

144

OFFSHORE TARGET SELECTION CONSIDERATIONS

targeted and attacked in what was described as the ‘largest coordinated hacker attack ever registered in Norway’.279 The fact that cyber attacks can be launched remotely from anywhere in the world is an advantage of this attack scenario (from an attacker’s standpoint) because, among other things, it reduces the risk of being identified and apprehended.280 There have not been many cyber attacks on offshore installations.281 In October 2012, IOOC announced that its offshore installations were the targets of a cyber attack that was deterred and only affected the communications systems of the network.282 Other reported offshore cyber attacks included the cyber attack on an offshore installation off the coast of Africa that caused the installation to tilt to one side, forcing it to shut down operations;283 and the 2010 malware attack on critical control systems of an offshore drilling rig in transit from its construction site in South Korea to South America.284 5.11 Protests and interferences Although not an attack scenario as such, non-violent protests and interferences are regarded as security incidents and therefore this scenario is also included in the discussion. While such protests are in most cases not violent, some protests involve unlawful detention of offshore workers, which can be considered a form of violence. There have been at least 37 protests and interferences involving offshore installations, which include at least seven takeovers and unlawful detention of offshore workers.285 For example, on 25 May 1998 in Nigeria, more than 100 unarmed and peaceful protesters occupied Chevron’s Parabe oil production platform for two days, to protest environmental and revenue distribution issues, and to demand monetary compensation for environmental and economic grievances and jobs.286

279 Nina Berglund, ‘Oil Industry Under Attack by Hackers’ (News in English, 27 August 2014) www.newsinenglish.no/2014/08/27/oil-industry-under-attack-by-hackers/ accessed 1 December 2015; Lee Munson, ‘Massive Cyber Attack on Oil and Energy Industry in Norway (Naked Security, 28 August 2014) http://nakedsecurity.sophos.com/2014/08/28/massive-cyber-attack-on-oil-and-energy-industry-innorway/ accessed 1 December 2015. 280 DFAT (n 191) 18; Martin Rudner, ‘Cyber-Threats to Critical National Infrastructure: An Intelligence Challenge’ (2013) 26(3) International Journal of Intelligence and Counterintelligence 453, 458. 281 However, it is possible that not all cyber attacks on offshore installations have been reported. 282 The company’s head of information technology alleged that the attack was planned by Israel, but routed through China, possibly to make the detection of the attack’s origin more difficult: ‘Israeli Cyber Attacks Targeted Offshore Oil, Gas Platforms - Iran IT Head’ (RT, 8 October 2012) http://rt.com/news/ iran-offshore-drilling-cyberattack-904/ accessed 1 December 2015; ‘Iranian Oil Platforms Face Cyber Attack’ (Offshore Technology, 9 October 2012) www.offshore-technology.com/news/newsiranian-oil-cyberattack-uranium accessed 1 December 2015. 283 IMO, Measures Toward Enhancing Maritime Cyber Security, submitted by Canada and US, MSC, 94th sess, Agenda Item 4, IMO Doc MSC 94/4/1 (12 September 2014) 2; CyberKeel, ‘Maritime CyberRisks’ (White Paper, 15 October 2014) 11. 284 CyberKeel (n 283) 10 (also noting that ‘[a]ccording to Michael Van Gemert from Lloyds Register Drilling Integrity Services this was only one of several such incidents’). 285 See Appendix. 286 Philippe Le Billon, ‘Fuelling War: Natural Resources and Armed Conflict’ (Adelphi Paper No 373, IISS, 2005) 7, 36; Human Rights Watch, The Price of Oil: Corporate Responsibility and Human Rights Violations in Nigeria’s Oil Producing Communities (January 1999) 124.

145

OFFSHORE TARGET SELECTION CONSIDERATIONS

Greenpeace has carried out a number of offshore protests that included tactics such as blocking the passage of offshore installations, thereby preventing them from accessing the drilling site, and unauthorised boarding and occupation of offshore installations. On 21 September 2010, Greenpeace activists climbed the anchor chain of the Chevron-operated drill ship Stena Carron and hung suspended from the chain in a capsule-tent for several days, effectively delaying the company’s drilling operations.287 Protests by Greenpeace on offshore installations have also become a relatively common occurrence. Deliberate infringement of safety or exclusion zones around offshore installations, unauthorised access to secure areas, as well as unauthorised activities in the vicinity of offshore installations can also be regarded as non-violent interference. 5.12 Simultaneous attacks and interferences Also of growing concern is the ability of adversaries to launch simultaneous or nearsimultaneous attacks on or interferences with multiple offshore installations.288 Such multiple attack tactics have already been carried out by insurgents, terrorist groups and environmental activists.289 Simultaneous attacks are more complex. They require careful planning and coordination, as well as additional resources. The benefit for perpetrators is that simultaneous attacks are more difficult to deal with for authorities and security forces, and they have the potential to cause longer supply disruptions and greater economic damage. It has been asserted that simultaneous attacks generally ‘have higher probability of success’ and generate more casualties.290 A cyber attack may also be mounted in combination with a physical attack to intensify its effects, or it can be used by perpetrators to provide a decoy or cover for a physical attack.291 Simultaneous attacks against maritime targets and offshore installations have been contemplated and carried out in the past. For example, on 19 April 2003 three offshore installations were taken over by striking offshore workers in Nigeria.292 The attacks on ABOT and KAAOT in Iraq on 24 April 2004 were near-simultaneous as they were carried out only 20 minutes apart.293 On 27 May 2014 Greenpeace carried out two simultaneous protests against offshore installations in Norway and the Netherlands.294 It is worth noting again that one attack can comprise several methods/scenarios discussed above. Adversaries may carry out a direct attack using firearms followed by armed intrusion, seizure of offshore installation, taking offshore crew hostage and threatening to blow up the installation. 287 See Appendix. 288 Raphael Perl, ‘Trends in Terrorism: 2006’ (CRS Report for Congress, US Congress, 2006) 16; Herbert Cooper, ‘Addressing Energy Supply Vulnerabilities’ (2006) 102(4) CEP Magazine 24. 289 For example, MEND in Nigeria had in the past carried out near-simultaneous attacks on petroleum installations. Al-Qaeda is known for conducting simultaneous attacks: Schmid (n 165) 34. 290 Kathleen Deloughery, ‘Simultaneous Attacks by Terrorist Organisations’ (2013) 7(6) Perspectives on Terrorism 79, 88. 291 DFAT (n 191) 18. 292 See Appendix. 293 See Lehr (n 54) 60–61. 294 See Appendix.

146

OFFSHORE TARGET SELECTION CONSIDERATIONS

6 Credibility of offshore attack methods/scenarios All offshore attack scenarios discussed above are conceivable and most of them have occurred in the past. Adversaries tend to return to their known and proven tactics as new tactics are likely to require training and additional resources.295 Successful attack methods and tactics will, in many cases be employed again, with possible modifications and improvements.296 Offshore scenarios discussed above do not represent an exclusive list of scenarios. There could potentially be other methods or scenarios that adversaries may develop and adopt in the future. The key issue relevant to all of the aforementioned scenarios is the degree of credibility.297 Credibility could be referred to as something that is ‘within the realm of possibility and, at a minimum, address[es] known capabilities and intents as evidenced by past events and available intelligence’.298 Bateman, in his assessment of the maritime terrorism threat, categorised possible attack scenarios into those that can be considered ‘less credible’ and ‘more credible’, and he based these two categories on ‘judgments relating to the capabilities of known terrorist groups, the ease with which particular types of attack might be launched, and the probability of a successful outcome for the terrorists’.299 The same approach can be adopted for the assessment of credibility of attack scenarios involving offshore installations. Most of the attack methods discussed above present a considerable degree of difficulty for the attackers compared to attacks on land-based targets, and some methods are more difficult than others. Based on the OIAD, it can be summarised that scenarios of offshore attacks and interferences that are more credible (i.e. more plausible) include: a threat of attack and bomb threat, direct attacks, armed intrusion of offshore installations, abduction and hostage taking of offshore workers, nonviolent protests and interferences, internal attacks and cyber attacks. The low credibility scenarios (i.e. less plausible) include: the use of a ship or aircraft as a weapon, detonation of bombs or explosives, underwater attacks, and simultaneous attacks against or interferences with offshore installations. Policy makers, government agencies and company personnel with responsibilities for the security of offshore installations ‘must be confident that these scenarios are credible and do, indeed, pose the greatest threat’, and there has been considerable debate about the credibility of scenarios frequently identified by policy makers as having priority.300 For example, the probability that perpetrators would try to use a large ship as a weapon or carry out an underwater attack using explosives is low because of the high degree of difficulty of doing so.

295 Maerli et al. (n 5) 37. 296 Campbell and Gunaratna (n 154) 80. 297 Parfomak and Frittelli (n 101) 12. 298 USCG, Guidelines for Port Security Committees, and Port Security Plans Required for US Ports (2002) 13. 299 Bateman (n 202) 33 (arguing further that ‘there are still grounds for reservations about the credibility of the threat of maritime terrorists and the cost benefits of the new countermeasures’, and that there have been numerous ‘assertions about the risks and outcomes of a catastrophic maritime terrorist attack’, but to some extent, ‘these have distorted perspectives of the probability of a major attack in the future’) at 37. 300 Parfomak and Frittelli (n 101) 15.

147

OFFSHORE TARGET SELECTION CONSIDERATIONS

7 Likelihood of attacks on offshore installations An important part of the SRA is the assessment of likelihood of an attack or a security incident occurring. The API has defined ‘likelihood’ as ‘a function of the chance of being targeted for attack, and the conditional chance of mounting a successful attack (both planning and executing) given the threat and existing security measures’.301 Likelihood can also be used as a general description of probability of the event or frequency over a given period of time such as the life of the operation.302 It is a function of the degree of threat posed by the adversary and the attractiveness of the target to the adversary.303 Importantly, there are two types of likelihood: ‘likelihood of the act’ and ‘likelihood of success of the act’.304 ‘Likelihood of the act’ is the potential for a threat to attempt to carry out an attack against a target, which is ‘a function of the threat and the attractiveness of the asset to the threat’.305 ‘Likelihood of success of the act’ is the potential for successfully causing the consequences estimated by performing the act and defeating the countermeasures.306 The distinction between these two types of likelihood is important, but the term ‘likelihood’ or ‘overall likelihood’ can be used to refer to both a function of the threat seeking out the target and attempting the act, as well as the successful execution of the act to achieve the threat’s objectives.307 In order to properly estimate the likelihood of attacks against the offshore installations in a given country or area, it is important to consider security environment factors such as geographical aspects, security situation of an area,308 known offshore security threats including their capabilities and motivations, geographical and enabling factors, as well as attractiveness of offshore installations such as relevant regulatory and practical maritime and offshore security and protection measures, and potential attack scenarios.309 A clear understanding and clear perspectives on the likelihood of specific types of attacks are essential for prioritising national security initiatives.310 However, in the dynamic and unpredictable threat environment, projecting current trends into the future can be uncertain.311 The threat assessment based on historical security events involving offshore installations gives an idea of the types of threats faced by offshore installations, but it does not, in itself, allow an assessment of the likelihood

301 API and NPRA (n 16) 3. 302 OTS, Offshore Security Assessment Guidance Paper (n 35) 41; API, Security Risk Assessment Methodology (n 11) 12. 303 API and NPRA (n 16) 3. 304 API, Security Risk Assessment Methodology (n 11) 13. 305 Ibid. 306 Ibid. 307 Ibid. 12, 62. 308 For example, the likelihood of attacks on offshore installations in high-risk areas or conflict zones is higher than in other areas. 309 The key challenge in determining the overall likelihood of an attack on an offshore installation is reducing uncertainty about specific types or methods of attacks and potential attackers: Parfomak and Frittelli (n 101) 24. Cordner has noted that geography and logistics are major factors in determining the likelihood of various scenarios: Cordner (n 2) 176. 310 Parfomak and Frittelli (n 101) 15. 311 Toft, Duero and Bieliauskas (n 19) 4419.

148

OFFSHORE TARGET SELECTION CONSIDERATIONS 312

of future attacks. Cordner, for example, has argued that an SRA ‘must focus more on vulnerabilities than likelihood, and risk treatment options must address vulnerability reduction’, and that heightened security awareness can be a major factor in reducing the attractiveness of offshore installations and minimising the likelihood of an attack.313 8 Conclusion This chapter discussed offshore target selection considerations. It did not explore in detail how perpetrators select specific offshore oil and gas targets, but focused on factors that make offshore installations attractive as potential targets from the perpetrators’ perspective. In general, target attractiveness factors can be classified as the ‘type of target’ factors and ‘type of effect’ factors. In this chapter, the ‘type of target’ attractiveness factors were expressed as a combination of vulnerabilities of offshore installations, additional incentives and deterrents. The ‘type of effect’ attractiveness factors of offshore installations are potential consequences of attacks and unlawful interferences. Depending of the type and size of an offshore installation, its petroleum production rate, and its importance to national and global petroleum supplies, and the attack method used by the perpetrators, an offshore attack may have local, national, regional and international effects, although such effects will not usually be long-lasting. The analysis has shown that offshore installations have both attractive and unattractive factors. On one hand, given the importance of offshore installations to national and global economies, they may be seen as attractive targets at least to some groups of adversaries. On the other hand, the relative difficulty of carrying out offshore attacks makes offshore installations less attractive targets. It was noted in the chapter that adversaries would also take into consideration the methods and tactics of potential attacks. There is a range of potential scenarios and methods of attacks on offshore installations that can be employed by perpetrators, depending on their intentions and desired effect. Armed intrusion of offshore installations, seizure of installations, and abduction of offshore workers are the most common attack scenarios. The use of explosives to attack offshore installations and the threat of attacks, including bomb threats, are also common. It can be expected that cyber attacks against offshore installations will become more common in the years to come. Considering the range of potential consequences that can be generated by attacking offshore installations, security of offshore installations has implications for national security of the coastal state in whose waters offshore oil and gas operations take place. For the purposes of an SRA, the likelihood of an attack or unlawful interference needs to be assessed against a specific offshore target or a group of targets. The perpetrators are likely to attack targets that are the most attractive to

312 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 108) 18. 313 See Cordner (n 2) 177–78.

149

OFFSHORE TARGET SELECTION CONSIDERATIONS

them. Therefore, targets ranked highest, based on their attractiveness, should be given priority as far as security risk mitigating measures are concerned.314 The security and protection efforts should focus on the offshore installations that are most vulnerable and those that are more likely to cause the greatest consequences if successfully attacked. Perpetrators always look for new ways to exploit vulnerabilities and weaknesses in the existing security measures,315 and a well-coordinated attack can exploit a combination of procedural, physical, personnel and technical weaknesses.316 The implementation of security controls and mitigating measures for offshore installations that address vulnerabilities should ultimately make offshore installations less attractive to adversaries. These aspects are examined in Chapter 8.

314 Maerli et al. (n 5) 38. 315 Campbell and Gunaratna (n 154) 85. 316 Bouvier (n 159) 3.

150

CHAPTER 5

LEGAL STATUS OF OFFSHORE OIL AND GAS INSTALLATIONS 1 Introduction Importantly, the analysis of the international legal framework could not be properly undertaken without first examining the legal status of offshore oil and gas installations in international law. Therefore, before analysing the international legal framework for the protection and security of offshore oil and gas installations, it is necessary to discuss the legal status of offshore installations in international law.1 One of the main legal problems relating to offshore installations is their legal status.2 The legal status of offshore installations is important because their status may have different legal and practical consequences in a particular situation. The legal status of offshore installations may impact on the jurisdiction that states can exercise over installations. If an offshore installation were considered to be a ‘ship’, it would be under the exclusive jurisdiction of the flag state, but if it is considered to be an ‘installation’, it would be under the exclusive jurisdiction of the coastal state.3 The legal status of offshore installations also helps to determine the rights of states with respect to offshore installations and responsibility for their activities.4 The legal status of offshore installations may also affect the applicability of certain maritime law principles and rules to offshore installations.5 This chapter addresses two key issues relating to the legal status of offshore installations. The first issue is whether offshore installations can be regarded as 1 A number of writers have discussed the status of offshore installations in international and municipal law. See, e.g. Nikos Papadakis, The International Legal Regime of Artificial Islands (Leyden Sijthoff 1977) 174–78; Michael Summerskill, Oil Rigs: Law and Insurance (Stevens & Sons 1979) 12–85; David Sharp, Offshore Oil and Gas Insurance (Witherby 1994) 18–28; Hossein Esmaeili, The Legal Regime of Offshore Oil Rigs in International Law (Ashgate Dartmouth 2001) 20–53; Edgar Gold, Aldo Chircop and Hugh Kindred, Essentials of Canadian Law Series: Maritime Law (Irwin Law 2003) 73–4, 147–49; Brian Rom, ‘Navigating the Law Regulating FPSO Operations in Australia and the Pollution Liabilities of Owners and Operators’ (2012) 31(2) Australian Resources and Energy Law Journal 138; Thomas Mansah, ‘Can the SLOPS Be Considered as a Ship for the Purposes of the 1922 Civil Liability Convention and the 1992 Fund Convention?’ (2010) 1(1) Aegean Review of the Law of the Sea and Maritime Law 145; Zuzanna Peplowska, ‘What Is a Ship? The Policy of the International Fund for Compensation for Oil Pollution Damage: The Effect of the Greek Supreme Court Judgement in the Slops Case’ (2010) 1(1) Aegean Review of the Law of the Sea and Maritime Law 157; Steven Rares, ‘An International Convention on Offshore Hydrocarbon Leaks?’ (2012) 26(1) Australian and New Zealand Maritime Law Journal 10. 2 Gold, Chircop and Kindred (n 1) 212. 3 Jurisdiction of states over ships and offshore installations is discussed in more detail in Chapter 6. 4 Chester Brown, ‘International Environmental Law in the Regulation of Offshore Installations and Seabed Activities: The Case for a South Pacific Regional Protocol’ (1998) 17(2) Australian Mining and Petroleum Law Journal 109, 113. 5 For example, the legal status of an offshore installation may affect the application of the law of piracy to them.

151

LEGAL STATUS OF OFFSHORE INSTALLATIONS

‘ships’, and if so, in what circumstances. The second issue is whether offshore installations can be regarded as ‘ports’, and if so, in what circumstances. These issues will be considered by examining provisions of various international conventions, national legislation and judicial decisions. It is not the intention to analyse the conventions and their interpretation in great depth, but rather to provide a brief survey of several international conventions, national legislation and judicial interpretations pertaining to the legal status of ships and offshore installations. 2 Offshore oil and gas installations as ships To determine whether offshore oil and gas installations are ships or whether they can be treated as ships in certain circumstances from the international law perspective, it is necessary to examine the meaning of the term ‘ship’ in international law and also consider how international law defines offshore installations. There is no uniform definition of ‘ship’ or ‘vessel’6 in international law.7 ‘The term “ship” is used with different meanings in different contexts depending on the purpose and may be inclusive or exclusive of objects from one context to another.’8 The definitions of ‘ship’ and ‘vessel’ in international conventions have been made specifically for the purpose of each convention.9 As a result, there is no single definition of ‘ship’ in international law. Balkin has argued that it is not a deficiency in international law, but it depends on the political will of states when drafting a particular international convention.10 There are no uniform rules or common sets of standards that are used to determine what structures may qualify as a ship, but there are several characteristics in both municipal and international law that pertain only to ships.11 They include moveability, seagoing ability, ability to transport passengers and/or goods, navigability, and navigation.12 Other examples of characteristics pertaining to ships in international conventions include self-propulsion, being used in international seaborne trade, operation in the marine environment and carriage of goods by sea. Sometimes it is uncertain whether an offshore installation may be included in the definition of ‘ship’,13 but several types of mobile offshore installations would be able to satisfy most of these characteristics.14 Many types of offshore installations

6 The terms ‘ship’ and ‘vessel’ are often used interchangeably in international law. See, e.g. LOSC arts 17–27; cf. LOSC arts 211, 219. See also Esmaeili (n 1) 22–23. 7 Daniel O’Connell, The International Law of the Sea (Clarendon Press 1983–84) vol 2, 747–48 (noting that there is also no generally accepted definition of ‘ship’ in municipal law). 8 Ibid. 748. 9 Martti Koskenniemi, ‘Case Concerning Passage Through the Great Belt’ (1996) 27(3) Ocean Development & International Law 255, 265. 10 Rosalie Balkin, ‘Is There a Place for the Regulation of Offshore Oil Platforms within International Maritime Law? If Not, Then Where?’ (Paper presented at the Comité Maritime International (CMI) Dublin Symposium, Dublin, 30 September 2013) 5. 11 Esmaeili (n 1) 41. 12 Ibid. 13 Brown (n 4) 114. 14 The most common characteristics used in the definitions of ship in international treaties are ‘operation in the marine environment’ and ‘seagoing ability’.

152

LEGAL STATUS OF OFFSHORE INSTALLATIONS

float, they have seagoing ability, they are capable of navigation (either under their own power or under tow),15 and in some cases they look like ships, but they are designed to engage in operations that are very different from normal ships.16 Fixed offshore installations are not designed to be mobile and, in that sense, they are much less flexible than mobile offshore installations.17 Fixed offshore installations lack certain characteristics of ships such as moveability, self-propulsion, navigation and the ability to transport passengers and/or goods. Mobile offshore oil and gas installations may be treated as ships for some, but not all purposes.18 MODUs and MOPUs and other ship-shaped installations are designed to float and be navigated, either under their own propulsion or under tow, and when transported from one offshore site to another they can behave like ships.19 Some MODUs are equally designed to be partially or fully submerged as in the case of semisubmersibles or submersibles. MODUs have seagoing capability; they can float and some may rest on the seabed while engaged in exploratory or drilling operations. However, as illustrated in Figures 2.1 and 2.2, most types of MODUs (except drill ships) have little resemblance to conventional ships. It has been argued that the natural understanding of the term ‘ship’ excludes drilling rigs because neither their construction nor their use is comparable to the normal shape and purpose of ships.20 Drill ships have many similarities with conventional ships.21 Drill ships are built with hulls of conventional ship shape that are slightly modified to allow a drilling tower (derrick) to be installed on the deck.22 A drill ship navigates under a master and crew and is used for the purpose of drilling exploratory oil and gas wells.23 Sharp argues that a drill ship could be described as a ship just as much as any other vessel performing a specific function offshore, such as a pipe-laying vessel or a dredger.24 Other ship-shaped installations employed by the offshore petroleum industry include FPSOs, FSOs and FDPSOs. Some FPSOs and FSOs are refitted former tankers and from a structural and technical standpoint FPSOs are a combination of ship and petroleum production, storage and transhipment functions.25 Some

15 See The Memorial of the Government of the Republic of Finland, filed with the ICJ on 20 December 1991 in the case Passage through the Great Belt (Finland v Denmark) (1991) ICJ para 476 (arguing that ‘[t]here is no evidence establishing the existence of a general requirement that a ship, for the purposes of international law, be capable of navigation under its own power’). This suggests that a mobile offshore installation without its own means of propulsion can still be regarded as ‘capable of navigation’. 16 Gold, Chircop and Kindred (n 1) 74. 17 The Memorial of the Government of the Republic of Finland (n 15) para 163. 18 Summerskill (n 1) 16. 19 See, e.g. Papadakis (n 1) 175. 20 The Counter-Memorial of the Government of the Kingdom of Denmark, filed with the ICJ on 18 May 1992 in the case Passage through the Great Belt (Finland v Denmark) (1991) ICJ para 635. 21 Papadakis (n 1) 175. 22 The Memorial of the Government of the Republic of Finland (n 15) para 434. 23 Sharp (n 1) 21. 24 Ibid. (further noting that the main difference between a drill ship and other conventional ships is that the drill ship is temporarily in contact with the seabed). 25 Rupert Herbert-Burns, ‘Tankers, Specialized Production Vessels, and Offshore Terminals: Vulnerability and Security in the International Maritime Oil Sector’ in Rupert Herbert-Burns, Sam Bateman and Peter Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2009) 133, 149.

153

LEGAL STATUS OF OFFSHORE INSTALLATIONS

FPSOs, FSOs/FSUs can be permanently moored with no means of propulsion and some are capable of disconnecting from their moored position and moving under their own power.26 FPSOs, FSOs and FDPSOs have seagoing ability and navigability, and normally operate in the marine environment.27 2.1 Treaty law The following analysis will illustrate different approaches taken in different international conventions with respect to the legal status of offshore installations and legal treatment of offshore installations as ships. It will be demonstrated that at least two international conventions treat all types of offshore installations as ships; some international conventions treat only mobile offshore installations as ships; some do not treat offshore installations as ships at all, some international conventions treat offshore installations as distinct from ships and place them in a separate category of their own; while some only treat mobile offshore installations as ships in certain circumstances. 2.1.1 Fixed offshore installations as ships Even though fixed offshore installations lack certain essential characteristics of ships, the legal status of fixed offshore installations in international law is still not very straightforward. The International Convention for the Prevention of Marine Pollution from Ships 1973 (MARPOL),28 which deals with pollution from ships, and the International Convention on the Control of Harmful Anti-fouling Systems on Ships 2001 (AFS Convention),29 which deals with control of anti-fouling systems on ships, both treat fixed and mobile offshore installations as ships. MARPOL places emphasis on ‘operation in the marine environment’ and defines ship as ‘a vessel of any type whatsoever operating in the marine environment, including hydrofoil, air-cushion vehicles, submersibles, floating craft, and fixed or floating platforms’.30 It is clear that fixed platforms are included in the definition of ships in MARPOL.31 Similarly to MARPOL, the AFS Convention treats fixed offshore installations as ‘ships’ because the definition of a ‘ship’ in the AFS Convention includes fixed platforms. Article 2(9) of the AFS Convention defines a ‘ship’ as: ‘a vessel of any 26 IMO, Review of the Code for the Implementation of Mandatory IMO Instruments: Applicability of IMO Conventions to FPSOs and FSUs, IMO FSI, 16th session, Agenda Item 14, IMO Doc FSI 16/14/1 (26 March 2008) 2. 27 Sharp noted that, floating installations such as FPSOs and FSOs can satisfy most of the legal characteristics that pertain to ships: Sharp (n 1) 24. 28 International Convention for the Prevention of Marine Pollution from Ships 1973, adopted 2 November 1973, 1340 UNTS 184, (entered into force 2 October 1983), amended by Protocol of 1978 Relating to the International Convention for the Prevention of Marine Pollution from Ships 1973, adopted 17 February 1978, 1340 UNTS 61, (entered into force 2 October 1983) (‘MARPOL’). 29 International Convention on the Control of Harmful Anti-fouling Systems on Ships 2001, adopted on 5 October 2001, AFS/CONF/26, (17 September 2008) (‘AFS Convention’). 30 MARPOL art 2(4). 31 However, considering the nature of MARPOL, it can be argued that it applies to fixed installations only when they are in mobile configuration (i.e. when they are in transit). Discharges directly arising from normal operations of offshore installations are not covered by MARPOL. See MARPOL art 2(3).

154

LEGAL STATUS OF OFFSHORE INSTALLATIONS

type whatsoever operating in the marine environment and includes hydrofoil boats, air-cushion vehicles, submersibles, floating craft, fixed or floating platforms, floating storage units (FSUs) and floating production storage and off-loading units (FPSOs).’32 It is not clear why MARPOL and the AFS Convention are the only international conventions that treat fixed offshore installations as ships but it could be because of their special scope. For example, O’Connell has noted that ‘in order to make the pollution conventions effective a broad definition is necessary’.33 The ultimate purpose of MARPOL and the AFS Convention is to minimise marine pollution. Fixed offshore installations can cause similar harm to the marine environment as ships,34 and that is probably the reason for including fixed (and mobile) offshore installations in the definition of ship in MARPOL and the AFS Convention. According to Esmaeili, the travaux preparatoires of MARPOL reveal that there was considerable discussion as to whether fixed platforms should be included within the definition of ‘ship’.35 Some states argued that the inclusion of all kinds of offshore rigs and platforms in the definition of ‘ship’ would cause unnecessary confusion;36 however, the proposals to delete the expression ‘fixed and floating platforms’ from the definition of ‘ship’ were rejected on several occasions.37 The Convention for the Prevention of Marine Pollution by Dumping from Ships and Aircraft 1972 (1972 Oslo Convention)38 and the Convention on the Protection of the Marine Environment of the Baltic Sea Area 1974 (1974 Helsinki Convention),39 which are regional conventions on marine pollution, also include fixed (and mobile) offshore installations in the definition of ‘ship’.40 In almost all other international conventions fixed offshore installations are explicitly or by implication excluded from the definition of ‘ship’.41 2.1.2 Mobile offshore installations as ships Mobile offshore installations have most of the characteristics of a ship, such as movability, seagoing ability and navigability.42 A number of international conven-

32 AFS Convention art 2(9). 33 O’Connell (n 7) 750. 34 For example, the anti-fouling systems used on fixed offshore installations in principle have the same adverse effects on the marine environment as those used on ships. 35 Esmaeili (n 1) 33. 36 IMO Doc MP/CONF/8/7 (3 July 1973); IMO Doc MP/CONF/C.1/WP 5 (10 October 1973), cited in Esmaeili (n 1) 33. 37 The Memorial of the Government of the Republic of Finland (n 15) para 457. 38 Convention for the Prevention of Marine Pollution by Dumping from Ships and Aircraft 1972, adopted 15 February 1972, 11 ILM 262 (entered into force 7 April 1974) (‘1972 Oslo Convention’). 39 Convention on the Protection of the Marine Environment of the Baltic Sea Region 1974, adopted 22 March 1974, 13 ILM 546 (entered into force 3 May 1980) (‘1974 Helsinki Convention’). 40 Article 19 of the 1972 Oslo Convention defines the term ‘ships and aircraft’ as ‘seagoing vessels and air-borne craft, floating craft whether self-propelled or not, and fixed or floating platforms’. Article 2(4) of the 1974 Helsinki Convention defines ‘vessels and aircraft’ as ‘waterborne or airborne craft of any type whatsoever. This expression includes hydrofoil boats, air-cushion vehicles, submersibles, floating craft whether self-propelled or not, and fixed or floating platforms’. 41 Esmaeili (n 1) 36. 42 Ibid. 40.

155

LEGAL STATUS OF OFFSHORE INSTALLATIONS

tions, some of which are examined below, treat mobile offshore installations as ships, at least in certain circumstances. However, as noted by Lowe there is no reason why ‘MODUs should be treated as ships for all purposes and in all contexts’.43 MARPOL defines a ship as ‘a vessel of any type whatsoever operating in the marine environment and includes hydrofoil, air-cushion vehicles, submersibles, floating craft, and fixed or floating platforms’.44 This definition of a ‘ship’ in MARPOL practically covers all types of offshore installations. Similarly, the AFS Convention treats offshore installations as ships because both mobile and fixed installations are explicitly included in the definition of a ‘ship’ in the AFS Convention.45 The International Convention on Civil Liability for Bunker Oil Pollution Damage 2001 (Bunker Convention)46 emphasises the ‘seagoing ability’ and defines ‘ship’ as ‘any seagoing vessel and seaborne craft, of any type whatsoever’.47 Mobile offshore installations have a seagoing ability and can therefore be described as seaborne craft. The definition of ‘ship’ in Article 1(1) of the Bunker Convention is a wide enough definition to include mobile offshore installations. It has been noted that a Correspondence Group established under the IMO Legal Committee (LEG) to facilitate ratification and promote harmonised implementation of the Bunker Convention was of the view that MODUs were ‘ships’ for those purposes.48 The International Convention for the Safe and Environmentally Sound Recycling of Ships 2009 (Ship Recycling Convention)49 defines ‘ship’ in Article 2(7) as: a vessel of any type whatsoever operating or having operated in the marine environment and includes submersibles, floating craft, floating platforms, self elevating platforms, Floating Storage Units (FSUs), and Floating Production Storage and Offloading Units (FPSOs), including a vessel stripped of equipment or being towed.50

It is clear that the Ship Recycling Convention treats virtually all types of mobile offshore installations as ‘ships’. The definition of ‘ship’ in Article 2(7) does not mention fixed offshore installations, which suggests that fixed offshore installations are not treated as ships in the Ship Recycling Convention. The International Convention for the Control and Management of Ships’ Ballast Water and Sediments 2004 (Ballast Water Convention)51 defines a ‘ship’ as ‘a vessel of any

43 Vaughan Lowe, ‘Ships’ in Nerina Boschiero et al. (eds) International Courts and the Development of International Law (TMC Asser Press 2013) 291, 294. 44 MARPOL art 2(4). 45 AFS Convention art 2(9). Article 2(9) defines a ‘ship’ as: a vessel of any type whatsoever operating in the marine environment and includes hydrofoil boats, aircushion vehicles, submersibles, floating craft, fixed or floating platforms, floating storage units (FSUs) and floating production storage and off-loading units (FPSOs).

46 International Convention on Civil Liability for Bunker Oil Pollution Damage 2001, adopted 23 March 2001, 40 ILM 1493 (entered into force 21 November 2008) (‘Bunker Convention’). 47 Bunker Convention art 1(1). 48 See Balkin (n 10) 5. 49 International Convention for the Safe and Environmentally Sound Recycling of Ships 2009, adopted 15 May 2009, IMO Doc SR/CONF/45 (not yet in force) (‘Ship Recycling Convention’). 50 Ship Recycling Convention art 2(7). 51 International Convention for the Control and Management of Ships’ Ballast Water and Sediments 2004, adopted on 13 February 2004, BWM/CONF/36 (not yet in force) (‘Ballast Water Convention’).

156

LEGAL STATUS OF OFFSHORE INSTALLATIONS

type whatsoever operating in the aquatic environment and includes submersibles, floating craft, floating platforms, FSUs and FPSOs’.52 The Ballast Water Convention is clear and explicit in that ‘floating platforms, FSUs and FPSOs’, which would cover most types of mobile offshore installations, are treated as ships. The Convention on the International Maritime Satellite Organization 1976 (INMARSAT Convention)53 defines ship as ‘a vessel of any type operating in the marine environment. It includes inter alia hydrofoil boats, air-cushion vehicles, submersibles, floating craft and platforms not permanently moored’.54 Mobile offshore installations that are not permanently moored are covered by the definition of ship in the INMARSAT Convention; however, mobile offshore installations that are permanently moored (such as permanently moored FPSOs and FSOs)55 are not regarded as ships for the purposes of the INMARSAT Convention. The International Convention on Civil Liability for Oil Pollution Damage 1992 (CLC 1992)56 and the International Convention on the Establishment of an International Fund for Compensation for Oil Pollution Damage 1992 (1992 Fund Convention),57 define the term ‘ship’ even more broadly: any sea-going vessel and seaborne craft of any type whatsoever constructed or adapted for the carriage of oil in bulk as cargo, provided that a ship capable of carrying oil and other cargoes shall be regarded as a ship only when it is actually carrying oil in bulk as cargo and during any voyage following such carriage unless it is proved that it has no residues of such carriage of oil in bulk aboard.58

The definition in CLC 1992, which is adopted by the 1992 Fund Convention, places emphasis on ‘sea-going ability’, ‘constructed or adapted for the carriage of oil in bulk as cargo’ and ‘ability to carry oil in bulk as cargo’. Fixed offshore installations are unlikely to meet the criteria to be considered ships under CLC 1992 and the 1992 Fund Convention, but some mobile offshore installations such as FPSOs are capable of transporting oil as cargo and therefore may be considered ‘ships’ under CLC 1992 and the 1992 Fund Convention.59 In this regard, Mansah has noted that

52 Ballast Water Convention art 1(12). 53 Convention on the International Maritime Satellite Organization 1976, adopted 3 September 1976, 1143 UNTS 105 (entered into force 16 July 1979) (‘INMARSAT Convention’). 54 INMARSAT Convention art 1(f). 55 See IMO, Review of the Code for the Implementation of Mandatory IMO Instruments: Applicability of IMO Conventions to FPSOs and FSUs, IMO FSI, 16th session, Agenda Item 14, IMO Doc FSI 16/14/1 (26 March 2008) 2. 56 Protocol of 1992 to Amend the International Convention on Civil Liability for Oil Pollution Damage of 29 November 1969, adopted 27 November 1992, 1956 UNTS 255 (entered into force 30 May 1996) (‘CLC 1992’). 57 Protocol of 1992 to the International Convention on the Establishment of the International Fund for Compensation for Oil Pollution Damage of 1997, 1862 UNTS 509 (entered into force 22 November 1994) (‘1992 Fund Convention’) as supplemented by the Protocol of 2003 to the International Convention on the Establishment of an International Fund for Compensation for Oil Pollution Damage 1992, 2003 [2005] ATNIF 21; Amendments to the Limits of Compensation in the Protocol of 1992 to amend the International Convention on the Establishment of an International Fund for Compensation for Oil Pollution Damage 1971, 2000 [2004] ATS 28. 58 CLC 1992 art 1.1. This is also the definition adopted in Article 1(2) of the 1992 Fund Convention. 59 See Rom (n 1) 148. See also Balkin (n 10) 4.

157

LEGAL STATUS OF OFFSHORE INSTALLATIONS

it is not insignificant that the International Oil Pollution Compensation Funds (IOPCF)60 had, after careful and extensive consideration, issued a determination that FSUs and FPSOs can only be regarded as ‘ships’ for the purposes of CLC 1992 and the 1992 Fund Convention if they are ‘actually carrying oil in bulk as cargo on a voyage from one place to another’.61 The IOPCF issued Resolution No. 8 of 9 May 2003, in which it requested national courts of the contracting states to take into account the decisions of the competent governing bodies of the IOPCF regarding the interpretation of CLC 1969, the 1971 Fund Convention, CLC 1992 and the 1992 Fund Convention.62 While the decisions of intergovernmental organisations such as the IOPCF are generally not binding on states and national courts, as they are not necessarily authoritative interpretations of the treaties, ‘such decisions can, nevertheless, constitute persuasive evidence of the meaning of the provisions and are, as such, entitled to due respect and consideration’.63 In the Convention on the International Regulations for Preventing Collisions at Sea 1972 (1972 Collisions Regulations Convention),64 the term ‘ship’ is not defined, but ‘vessel’ is defined in Rule 3(a) and ‘includes every description of water craft, including non-displacement craft and seaplanes, used or capable of being used as a means of transportation on water’.65 Mobile offshore installations of any kind can be referred to as ‘water craft’. The meaning of ‘means of transportation on water’ is not clear, but mobile offshore installations can carry persons and equipment on board and are thus capable of being used as a means of transportation on water (even though it is not their main activity).66 On this basis, it can be argued that mobile offshore installations could be regarded as ships for the purposes of the 1972 Collisions Regulations Convention.67 The International Convention for the Unification of Certain Rules relating to Bills of Lading for the Carriage of Goods by Sea 1924 (Hague Rules)68 places emphasis on the ‘carriage of goods’ and defines the term ‘ship’ as ‘any vessel used for the carriage 60 The IOPCF is considered to be the competent international organisation for the purposes of the CLC 1992 and the 1992 Fund Convention. 61 IOPCF, Decision of the 4th Session of the Assembly of the 1992 Fund (Record of Decisions of the Fourth Session of the Assembly, IOPCF Doc 92FUND/A.4/32 (22 October 1999) paras 2.4.3 and 2.4.10, cited in Rom (n 1) 149. 62 IOPCF, Record of Decisions of the First Session of the Administrative Council, Administrative Council 1st Session, IOPCF Doc 92 FUND/AC.1/A/ES.7/7 (9 May 2003) annex (‘Resolution No. 8 on the Interpretation and Application of the 1992 Civil Liability Convention and the 1992 Fund Convention’). 63 Mansah (n 1) 153. 64 Convention on the International Regulations for Preventing Collisions at Sea 1972, adopted 20 October 1972, 1050 UNTS 16 (entered into force 15 July 1977) (‘1972 Collisions Regulations Convention’). 65 1972 Collisions Regulation Convention regs, rule 3(a). 66 Summerskill (n 1) 26. Summerskill argues that ‘[i]t does not appear to be essential, in order to satisfy the requirement as to transportation, that commercial cargoes should be carried’: at 26. 67 Cf. Samir Mankabady, Collisions at Sea: A Guide to the Legal Consequences (North Holland Publishing Company 1978) 97–98, cited in Esmaeili (n 1) 31. Mankabady argues that only certain kinds of drilling rigs, such as drill ships, may be considered as ‘vessels’, while others would not fall within the definition in Rule 3(a) of the 1972 Collisions Regulation Convention: at 97–98. See also O’Connell (n 7) 890 (arguing that drilling rigs cannot be regarded as ships for the purpose of collisions, at least when they are attached to the seabed). 68 International Convention for the Unification of Certain Rules relating to Bills of Lading for the Carriage of Goods by Sea 1924, adopted 25 August 1924, 120 LNTS 155 (entered into force 2 June 1931) (‘Hague Rules’).

158

LEGAL STATUS OF OFFSHORE INSTALLATIONS 69

of goods by sea’. For example, FPSOs may be used for the carriage of oil (i.e. goods) by sea, and accordingly they may be regarded as ships under the Hague Rules. The United Nations Convention on Conditions for Registration of Ships 1986 (Ship Registration Convention)70 defines ‘ship’ as ‘any self-propelled sea-going vessel used in international seaborne trade for the transport of goods, passengers, or both with the exception of vessels of less than 500 gross registered tons’.71 The definition of ‘ship’ in the Ship Registration Convention is unusual compared to other international conventions because it contains several criteria (i.e. characteristics) including ‘selfpropulsion’, ‘seagoing ability’, ‘used in international seaborne trade’, ‘transport of goods or passengers’. It is likely that offshore installations of whatever kind would not be able to satisfy all of the criteria set out in Article 2 of the Ship Registration Convention, and therefore it can be argued that offshore installations are not regarded as ships under the Ship Registration Convention. 2.1.3 The ‘dual status approach’ Another approach is to treat mobile offshore installations as ‘ships’ when they are in transit and as ‘installations’ when they are on location engaged in drilling or production operations. This approach can be referred to as the ‘dual status approach’. Under this approach, the legal status of a mobile offshore installation can change depending on the nature of activity being performed by the installation at a given point in time. Such treatment of offshore installations is significant from a legal perspective. When an offshore installation is considered to be a ship, it is subject to the exclusive jurisdiction of the flag state, and when it is considered to be an offshore installation, it is under the coastal state’s exclusive jurisdiction.72 The LOSC appears to have created a separate legal category for offshore installations, which are considered neither ships nor artificial islands.73 The LOSC uses the terms ‘ship’ and ‘vessel’ interchangeably,74 but it does not define these terms. The LOSC also uses the terms ‘installation’ and ‘structure’,75 which are not defined

69 Hague Rules art 1(d). 70 United Nations Convention on Conditions for Registration of Ships 1986, adopted 7 February 1986, 26 ILM 1229, (not yet in force) (‘Ship Registration Convention’). 71 Ship Registration Convention art 2. 72 See LOSC arts 60(2), 92(1). Article 92(1) of the LOSC provides: Ships shall sail under the flag of one State only and, save in exceptional cases expressly provided for in international treaties or in this Convention, shall be subject to its exclusive jurisdiction on the high seas. A ship may not change its flag during a voyage or while in a port of call, save in the case of a real transfer of ownership or change of registry.

Article 60(2) of the LOSC states: The coastal State shall have exclusive jurisdiction over such artificial islands, installations and structures [in the exclusive economic zone], including jurisdiction with regard to customs, fiscal, health, safety and immigration laws and regulations.

73 Esmaeili (n 1) 53. 74 See, e.g. LOSC arts 17–27, 211, 219. The Drafting Committee of UNCLOS III has reported that the words ‘ship’ and ‘vessel’ as used in the LOSC are not interpreted as meaning different things: UN Doc A/CONF.62/L.40 (22 August 1979); UNCLOS III, OR, vol XII, 97, cited in The Memorial of the Government of the Republic of Finland (n 15) para 462. 75 See, e.g. LOSC arts 11, 19(2)(k), 21(1)(b), 56, 60, 87(1)(d), 94(7), 109, 209(2), 214, 258–262.

159

LEGAL STATUS OF OFFSHORE INSTALLATIONS

in the LOSC, but are understood to include offshore oil and gas installations. Esmaeili has noted that the definition of ‘dumping’ in Article 1(5)(a)(i) of the LOSC, which states that dumping means ‘any deliberate disposal of wastes or other matter from vessels, aircraft, platforms or other man-made structures at sea’, suggests that the LOSC makes a distinction between ‘ships’ and offshore installations.76 On the other hand, the LOSC appears to have adopted the ‘dual status approach’, at least to the legal treatment of mobile offshore installations that are considered to be ships when in transit and installations when they are engaged in offshore operations on location. Lowe has commented that Once [MODUs] are ‘fixed’ to the continental shelf of a State and engaged in drilling operations, they are covered by Article 56, Article 60 and Article 80 of UNCLOS. They are treated not as ships, but as ‘installations’ or ‘structures’. So, for example, the jurisdiction of the flag State (or State of registration) that is applicable to ships [under Article 82 of the LOSC] gives way to the ‘exclusive’ jurisdiction of the coastal State over offshore installations and structures, whatever the implications of that change might be.77

The 1988 SUA Convention defines ‘ship’ as ‘a vessel of any type whatsoever not permanently attached to the sea-bed, including dynamically supported craft, submersibles, or any other floating craft’,78 which indicates that mobile offshore installations are treated as ships for the purposes of the 1988 SUA Convention.79 However, Article 4(1) provides that the 1988 SUA Convention applies ‘if the ship is navigating or is scheduled to navigate’,80 which suggests that the 1988 SUA Convention will not apply to mobile offshore installations when they are on location engaged in offshore operations, because such offshore installations would probably be considered as neither navigating nor scheduled to navigate. Based on such an interpretation, it can be argued that the 1988 SUA Convention adopts the ‘dual status approach’ to mobile offshore installations.81 The International Convention for the Prevention of Pollution of the Sea by Oil 1954 (OILPOL),82 as amended, provides, in Article 1(1), that a ship ‘means any sea-going vessel of any type whatsoever, including floating craft, whether self-propelled or towed by another vessel, making a sea-voyage’.83 On one hand, it appears that mobile offshore installations are included in the definition of ship in OILPOL; however, as

76 See Esmaeili (n 1) 20–53. 77 Lowe (n 43) 294 (footnotes omitted). 78 1988 SUA Convention art 1. 79 The 1988 SUA Protocol defines the term ‘fixed platform’ as ‘an artificial island, installation or structure permanently attached to the sea-bed for the purpose of exploration or exploitation of resources or for other economic purposes’: 1988 SUA Protocol art 1(3). 80 1988 SUA Convention art 4(1). 81 Cf. Tullio Treves, ‘The Rome Convention for the Suppression of Unlawful Acts Against the Safety of Maritime Navigation’ in Natalino Ronzitti (ed.), Maritime Terrorism and International Law (Martinus Nijhoff 1990) 69, 72, citing IMO, IMO Doc SUA/CONF/CW/WP.18 para 3. 82 International Convention for the Prevention of Pollution of the Sea by Oil 1954, adopted 12 May 1954, 327 UNTS 3, (entered into force 26 July 1958), as amended in 1962, 1969 and 1971 (‘OILPOL’). 83 OILPOL art 1(1). It should be noted that the 1954 OILPOL did not define the word ‘ship’, but the definition of ‘ship’ was adopted in the 1962 amendments to the OILPOL.

160

LEGAL STATUS OF OFFSHORE INSTALLATIONS

noted by Summerskill, the expression ‘making a sea-voyage’ suggests that mobile offshore installations may be considered as ships only when they are moving or being towed (i.e. making a sea-voyage), but not when they are operating on location.84 It could be argued that OILPOL has adopted the ‘dual status approach’ with respect to the legal treatment of mobile offshore installations. The International Convention on Salvage 1989 (1989 Salvage Convention)85 places emphasis on ‘navigability’. The 1989 Salvage Convention does not define the term ‘ship’, but defines ‘vessel’ as ‘any ship or craft, or any structure capable of navigation’.86 This definition of ‘vessel’ seems to include mobile offshore installations because they are ‘capable of navigation’, but most likely excludes fixed offshore installations because they are arguably not capable of navigation. However, Article 3 of the 1989 Salvage Convention specifically provides that the convention does not ‘apply to fixed or floating platforms or to mobile offshore drilling units when such platforms or units are on location engaged in the exploration, exploitation or production of sea-bed mineral resources’.87 This means that the 1989 Salvage Convention would apply to mobile offshore installations that are in transit or navigating from one place to another, which suggests that the 1989 Salvage Convention also adopts the ‘dual status approach’. Similarly to the 1989 Salvage Convention, the International Convention on the Removal of Wrecks 2007 (Wreck Removal Convention)88 defines ‘ship’ as: ‘a seagoing vessel of any type whatsoever and includes hydrofoil boats, air-cushion vehicles, submersibles, floating craft and floating platforms, except when such platforms are on location engaged in the exploration, exploitation or production of seabed mineral resources.’89 It is clear from the above definition of ‘ship’ in Article 1(2) that the Wreck Removal Convention does not treat offshore installations that are on location and engaged in offshore operations as ships. All mobile offshore installations in transit or moving from one location to another can be regarded as ships for the purposes of the Wreck Removal Convention, which suggests that the Wreck Removal Convention has adopted the ‘dual status approach’ with respect to mobile offshore installations. The IMO appears to have adopted this ‘dual status approach’, at least in one of its resolutions. In particular, in its Resolution A.671(16) dealing with safety zones around offshore installations, the IMO clarified that (for the purpose of that resolution) MODUs that are used for exploratory offshore drilling ‘are considered to be vessels when they are in transit and not engaged in drilling operation, but are considered to be installations or structures when engaged in drilling operation’.90

84 Summerskill (n 1) 44. 85 International Convention on Salvage 1989, adopted 28 April 1989, 1953 UNTS 165 (entered into force 14 July 1996) (‘1989 Salvage Convention’). 86 Ibid. art 1(b). 87 Ibid. art 3. 88 International Convention on the Removal of Wrecks 2007, adopted 18 May 2007, 46 ILM 694 (entered into force 14 April 2015) (‘Wreck Removal Convention’). 89 Ibid. art 1(2). 90 IMO, Safety Zones and Safety of Navigation around Offshore Installations and Structures, A Res 671(16), Agenda Item 10, IMO Doc A Res.A.671(16) (19 October 1989) 288.

161

LEGAL STATUS OF OFFSHORE INSTALLATIONS

Lowe has noted that there is no obvious reason why such an arrangement in international conventions ‘should affect questions such as the nationality of the “installation” or “structure”’.91 Some writers have disagreed with such treatment of mobile offshore installations (i.e. the dual status approach). For example, Summerskill has argued that it is undesirable that a court would adopt the position that: a particular drilling unit was a ship during such times as it was moving to or from the drilling site, but not when it had arrived at the site or perhaps when part of the structure (such as legs in the case of a jack-up rig) was in contact with the seabed.92

According to Papadakis, an offshore installation should be considered either as an installation or a ship, but it cannot be both in the legal sense of the terms used.93 Gold has argued that it would be illogical to treat mobile offshore installations as ships only when they are actually floating or moving, but not when they are anchored or on location engaged in offshore operations.94 Similarly, Spicer has stated that this approach is a ‘dangerous and illogical argument’.95 However, neither Gold nor Spicer explained why they considered this approach to be illogical.96 Nevertheless, the ‘dual status approach’ appears to have been adopted by the IMO, some international conventions and some national laws.97 2.1.4 Offshore installations as a separate category Another approach is not to treat offshore oil and gas installations as ships at all but to place them in their own separate category. Summerskill refers to this approach as ‘the residual approach’.98 Some international conventions appear to have adopted this approach to the legal status of offshore installations.99 The Convention on Civil Liability for Oil Pollution Damage Resulting from Exploration and Exploitation of Seabed Mineral Resources 1977 (CLEE),100 defines the term ‘installation’ in Article 1(2)(a) as ‘any well or other facility, whether fixed or mobile, which is used for the purpose of exploring for, producing, treating, storing or transmitting or regaining control of the flow of crude oil from the seabed or its subsoil’.101 The

91 Lowe (n 43) 294, fn 13. 92 Summerskill (n 1) 85. 93 Papadakis (n 1) 176. 94 Gold, Chircop and Kindred (n 1) 74. 95 Wylie Spicer, ‘Application of Maritime Law to Offshore Drilling Units – The Canadian Experience’ in Ian Townsend-Gault (ed.), Offshore Petroleum Installations Law and Financing: Canada and the United States (1986) 105, 107. 96 Although Spicer has noted that ‘[n]one of the statutory definitions of ships give any support to this view’: Spicer (n 95) 107. 97 See e.g. in Australia Offshore Petroleum and Greenhouse Gas Storage Act 2006 (Cth). See also Michael White, ‘Offshore Oil and Gas Resources Sector Security’ (Research and Discussion Paper, University of Queensland, October 2011) 46. 98 Summerskill (n 1) 16. 99 See discussion in Esmaeili (n 1) 44–49. 100 Convention on Civil Liability for Oil Pollution Damage resulting from Exploration for and Exploitation of Seabed Mineral Resources 1977, adopted 1 May 1977, 16 ILM 1451 (not yet in force) (‘CLEE’). 101 CLEE art 1(2)(a).

162

LEGAL STATUS OF OFFSHORE INSTALLATIONS

term ‘ship’ is not defined in the CLEE, but it is clear that offshore petroleum installations are treated as a separate category of their own. Similarly, the International Convention on Oil Pollution Preparedness, Response and Co-operation 1990 (OPRC)102 defines ships and offshore installations separately. Ship is defined in the OPRC as ‘a vessel of any type whatsoever operating in the marine environment and includes hydrofoil boats, air-cushion vehicles, submersibles, floating craft of any type’.103 The term ‘offshore unit’ is defined as ‘any fixed or floating offshore installation or structure engaged in gas and oil exploration, exploitation or production activities, or loading and unloading of oil’.104 Clearly, the OPRC treats offshore installations as distinct from ships. The Draft Convention on Offshore Units, Artificial Islands and Related Structures Used in the Exploration for and Exploitation of Petroleum and Seabed Mineral Resources (Draft Offshore Units Convention)105 does not define the terms ‘ship’ or ‘vessel’, but defines ‘offshore unit’ as: any structure of whatever nature when not permanently fixed into the sea bed which (i) is capable of moving or being moved while floating in or on water, whether or not attached to the sea bed during operations, and (ii) is used or intended for use in Economic Activities; and (iii) includes units used or intended for use in the accommodation of personnel and equipment related to the activities described in this paragraph.106

The above definition of ‘offshore unit’ in the Draft Offshore Units Convention only includes mobile offshore installations, but not fixed offshore installations.107 In other words, the Draft Offshore Units Convention places only mobile offshore installations into their own separate category of ‘offshore units’. By contrast, the Draft Offshore Units Convention treats fixed offshore installations as ‘artificial islands’.108

102 International Convention on Oil Pollution Preparedness, Response and Co-operation 1990, adopted 30 November 1990, 30 ILM 1991 (entered into force 13 May 1995) (‘OPRC’). 103 OPRC art 2(3). 104 Ibid. art 2(4). 105 Draft Convention on Offshore Units, Artificial Islands and Related Structures Used in the Exploration for and Exploitation of Petroleum and Seabed Mineral Resources 2001, May 2001 draft (not yet adopted and not in force) (‘Draft Offshore Units Convention’). 106 Ibid. art I(1)(h). 107 However, the definition of ‘offshore unit’ in Article I(1)(h) of the Draft Offshore Units Convention can be interpreted to include TLPs (which are considered fixed offshore installations) because TLPs are ‘capable of moving or being moved while floating in or on water’. 108 Article I(1)(a) of the Draft Offshore Units Convention defines ‘artificial island’ as: a permanent installation or structure rigidly affixed to the sea bed and used or intended for use for Economic Activities, including wellheads and associated equipment, but shall not include pipelines or installations formed from natural dredged materials or fill of natural origin.

The drafters of the Draft Offshore Units Convention considered that the existing international legal framework covering ships would also apply to mobile offshore installations while in transit, but that a fixed platform or a component (such as the caisson foundation of a GBS) is unlikely to be regarded as a ship; therefore they specifically extended the Draft Offshore Units Convention to apply to fixed offshore installations or components thereof while in transit from a place of construction to an offshore site: CMI, Working Group on Offshore Mobile Craft (WGOMC), ‘Commentary on May 2001 Draft UOC Convention’ (2004) 1 CMI Newsletter 13, 14.

163

LEGAL STATUS OF OFFSHORE INSTALLATIONS

The Convention on the Prevention of Marine Pollution by Dumping of Wastes and other Matter 1972 (1972 London Convention)109 defines ‘vessels and aircraft’, in Article III(2), as ‘waterborne or airborne craft of any type whatsoever. This expression includes air cushioned craft and floating craft, whether self-propelled or not’.110 The definition of ‘vessel’ in Article III(2) is very broad. Practically all types of MODUs as well as FPSOs and FSOs satisfy the criterion of being a ‘floating craft, whether self-propelled or not’ and are regarded as vessels for the purposes of the 1972 London Convention. However, the definition of ‘dumping’ in Article III(1)(a) of the 1972 London Convention includes ‘any deliberate disposal at sea of wastes or other matter from vessels, aircraft, platforms, or other man-made structures at sea’ and ‘any deliberate disposal at sea of vessels, aircraft, platform or other man-made structures at sea’.111 The above definition of ‘dumping’ suggests that vessels and platforms are treated differently in the 1972 London Convention.112 In other words, it appears that the 1972 London Convention treats all floating offshore installations as ‘vessels’ (or ships) and all other offshore installations as ‘platforms’ (i.e. places them in their own separate category). The International Convention Relating to Intervention on the High Seas in Cases of Oil Pollution Casualties 1969 (1969 Intervention Convention)113 defines ‘ship’ as: (a) any sea-going vessel of any type whatsoever, and (b) any floating craft, with the exception of an installation or device engaged in the exploration and exploitation of the resources of the sea-bed and the ocean floor and the subsoil thereof.114

It would appear that both fixed and mobile offshore installations are excluded from the definition of ‘ship’ in the 1969 Intervention Convention and are treated as distinct from ships.115 The International Convention on Limitation of Liability for Maritime Claims 1976 (LLMC)116 does not define the word ‘ship’, but provides in Article 15(5)(b) that the LLMC ‘shall not apply to . . . floating platforms constructed for the purpose of exploring or exploiting the natural resources of the sea-bed or the subsoil thereof’.117 This suggests that the LLMC treats offshore installations as distinct from ships and offshore installations are not regarded as ships for the purposes of the LLMC.

109 Convention on the Prevention of Marine Pollution by Dumping of Wastes and other Matter 1972, adopted 29 December 1972, 1046 UNTS 120 (entered into force 30 August 1975) (‘1972 London Convention’). 110 1972 London Convention art III(2). 111 Ibid. art III(1)(a). 112 See Summerskill (n 1) 48. 113 International Convention Relating to Intervention on the High Seas in Cases of Oil Pollution Casualties 1969, adopted 29 November 1969, 970 UNTS 211 (entered into force 6 May 1975) (‘1969 Intervention Convention’). 114 Ibid. art II(2). 115 See also Summerskill (n 1) 47. 116 International Convention on Limitation of Liability for Maritime Claims 1976, adopted 19 November 1976, 1456 UNTS 221 (entered into force 1 December 1986) (‘LLMC’). 117 LLMC art 15(5)(b).

164

LEGAL STATUS OF OFFSHORE INSTALLATIONS

2.2 State practice – judicial interpretations State practice in relation to treating offshore installations as ships appears to be mixed. Esmaeili has asserted that various types of national legislation have taken significantly different approaches with respect to the legal status of offshore installations in different contexts, depending on the required intention, but generally, fixed offshore installations are not considered as ships in domestic law,118 and not all types of mobile offshore installations may be defined as ships,119 although they have been treated as ships for several national law purposes.120 Like international treaty practice, the approach in national legislation varies from context to context and is determined by the purpose to be obtained by the individual type of legislation.121 It is not necessary to survey various statutory definitions of ‘ship’ for the purposes of the present analysis, but it might be useful to briefly look at how different courts have considered various types of maritime craft (including offshore oil and gas installations). There have been several cases that dealt with the legal status of various types of maritime craft and structures (including mobile offshore installations) as ships or vessels. In Passage through the Great Belt (Finland v Denmark),122 the issue was whether the right of innocent passage of ships and the right of transit passage through the Great Belt (a strait used for international navigation) extended to offshore installations, particularly to drill ships and drilling rigs.123 Finland argued that the construction of a fixed bridge over the Great Belt would hamper the passage and is therefore incompatible with the right of innocent passage and the right of transit passage.124 In 1992, Finland and Denmark reached settlement and withdrew the case from the court. Gray has argued that if the ‘issue of the right of passage of drill ships and oil rigs had come up before the court it seems probable that the court would not have based its decision on general rules’, but rather on the basis of the relationship between the parties as it did in the Anglo-Norwegian Fisheries125 and the Fisheries Jurisdiction126 cases.127 It is also possible that, had the issue come before the court, one of the determinative factors in the court’s decision on the merits could have been whether drill ships and oil rigs are or can be treated as ships for the purpose of innocent passage or transit passage.

118 Thomas Schoenbaum, Admiralty and Maritime Law (4th edn, Thomson West 2004) 41, citing Olsen v Shell Oil Co, 708 F.2d 976, 1984 AMC 580 (5th Cir.1983); Longmire v Sea Drilling Corp, 610 F.2d 1342, 1980 AMC 2625 (5th Cir.1980); Myrick v Teledyne Movible Offshore Inc, 516 F.Supp 602 (SD Tex 1981); Hemba v Freeport McMoran Energy Partners Ltd, 811 F.2d 276, 1988 AMC 304 (5th Cir.1987). 119 Esmaeili (n 1) 27. 120 For example, for the purposes of registration, collision regulations: Spicer, (n 95) 106. 121 The Counter-Memorial of the Government of the Kingdom of Denmark (n 20) para 625. 122 Passage through the Great Belt (Finland v Denmark) [1991] ICJ Rep 12. 123 ICJ, Passage through the Great Belt (Finland v Denmark) (Provisional Measures), Summary of the Order of 29 July 1991. 124 Christine Gray, ‘Passage Through the Great Belt (Finland v Denmark), Provisional Measures, Order of 29 July 1991’ (1993) 42(3) International and Comparative Law Quarterly 705, 706. 125 Anglo-Norwegian Fisheries [1951] ICJ Rep 116. 126 Fisheries Jurisdiction [1974] ICJ Rep 3. 127 Gray (n 124) 708–9.

165

LEGAL STATUS OF OFFSHORE INSTALLATIONS 128

In Slops case, the Greek Supreme Court held that a floating waste oil reception facility, which was a converted tanker that had no propeller and other modifications and which had been permanently anchored for more than five years, was nevertheless a ‘ship’ within the meaning of CLC 1992 and the 1992 Fund Convention because it was still a seaborne craft that had been constructed as a tanker and continued to possess all the characteristics of a tanker and had the ability to carry oil in bulk as cargo under tow.129 The Supreme Court’s decision was not without criticism.130 In R v Saint John Shipbuilding & Dry Dock Co,131 which is the leading Canadian case defining ‘ship’ in a non-exclusive manner,132 the issue was whether a floating crane barge was a ship. The court decided a floating crane used in a port, without self-propulsion and not capable of navigation by itself, was nevertheless a ‘ship’ because it was ‘built to do something on water requiring movement from place to place’ and it could carry a crew and cargo (e.g. some equipment).133 In deciding that the crane barge was a ship, the Federal Court of Appeal seems to have decided differently from a similar English case, Merchant’s Marine Insurance Ltd v North of England Protection and Indemnity Association.134 There has been at least one court decision supporting a proposition that an offshore installation is a ship when it is moving and not a ship when it is engaged in offshore operations on location (i.e. the dual status approach). In Dome Petroleum v Hunt International Petroleum Co,135 the issue before the court was whether a drill ship constituted a ship.136 The court was of a view that the towing of the drill ship to the drilling site was incidental to the principal activity and purpose of the ship, that is, to drill.137 However, the proposition that ‘a vessel should be considered a ship solely on the basis of its principal function has been criticized as unhelpful’.138

128 Marine Environmental Services MC v International Oil Pollution Compensation Fund 1992 (Supreme Court, Full Session) Case No. 23/2006. 129 Rom (n 1) 148–49; Lowe (n 43) 295–96. 130 See, e.g. Mansah (n 1) 150; Peplowska (n 1). 131 R v Saint John Shipbuilding and Dry Dock Co (1981), 43 NR 15 (FCA), cited in Gold, Chircop and Kindred (n 1) 145. 132 Gold, Chircop and Kindred (n 1) 145. 133 R v Saint John Shipbuilding and Drydock Co (1981) 126 DLR (3d) 353 (FCA), quoted in Gold, Chircop and Kindred (n 1) 74. 134 Merchant’s Marine Insurance Ltd v North of England Protection and Indemnity Association (1926) 25 Ll LR 446. The English court held that the pontoon was designed and adapted to float and to lift, and not to navigate, and despite the fact that it could be moved from place to place, the movement was the exception rather than the rule. This decision was upheld on appeal, with the Court of Appeal further emphasising function. However, in the earlier English case a floating crane was regarded as a ship: The Titan (1923) 14 Ll LR 484. See also Marine Craft Constructors Ltd v Erland Blomqvist (Engineers) Ltd [1953] 1 Lloyd’s Rep 514; Summerskill (n 1) 78–80. 135 Dome Petroleum v Hunt International Petroleum Co [1978] 1 FC 11, cited in Gold, Chircop and Kindred (n 1) 74. 136 This case is distinguished from Shibamoto & Co v Western Fish Producers (1989) 63 DLR (4th) 549 (FCA) and explained in the trial division hearing of the same case at (1989) 29 FTR 311. It was also mentioned in Bow Valley Husky (Bermuda) Ltd v Saint John Shipbuilding Ltd (1995) 126 DLR (4th) 1 and Cyber Sea Technologies Inc v Underwater Harvester Remotely Operated Vehicle (TD) (2002) FCT 794, [2003] 1 FC 569. 137 Dome Petroleum v Hunt International Petroleum Co. [1978] 1 FC 11. 138 Gold, Chircop and Kindred (n 1) 74.

166

LEGAL STATUS OF OFFSHORE INSTALLATIONS

In Seafarers’ International Union of Canada v Crosbie Offshore Services Ltd,139 the court had no difficulty in concluding that dynamically positioned offshore oil rigs that had their own means of propulsion, but were towed to their drilling location where they were anchored with the assistance of offshore support vessels are also ships.140 Similarly, in Bow Valley Husky (Bermuda) Ltd v Saint John Shipbuilding Ltd,141 the court decided that Bow Drill III offshore drilling rig was not only a drilling platform, but also a navigable vessel because it ‘is capable of self-propulsion; even when drilling, is vulnerable to the perils of the sea; is not attached permanently to the ocean floor and, can travel worldwide to drill for oil’.142 Townsend-Gault has argued that uncertainties in Canadian law as for the judicial classification of MODUs should be clarified by legislation, which ‘should be drafted in accordance with the dual nature of such facilities – as vessels, having a marine persona, and drilling units, used for the purposes of oil and gas operations’.143 The judicial approach in the US is to treat MODUs as vessels or ships.144 In Fair Work Ombudsman v Pocomwell Limited,145 the Federal Court of Australia held that there is no requirement in the ordinary or extended statutory definition for a ship to be self-propelled or self-navigated and that MODUs were ships. Fixed offshore installations are generally not regarded as ships.146 Classification societies, such as the American Bureau of Shipping (ABS) and Det Norske Veritas (DNV) have undertaken classification of MODUs and other types of mobile offshore installations as well as fixed production platforms. They develop and maintain a range of classification rules, technical standards and recommendations relating to the construction and classification of offshore installations.147 The International Association of Classification Societies (IACS) has developed guidelines on requirements concerning MODUs.148 In most of the documentation issued by

139 Seafarers’ International Union of Canada v Crosbie Offshore Services Ltd [1982] 2 FC 855, (1982) DLR (3rd) 485 (CA). 140 See Gold, Chircop and Kindred (n 1) 149. 141 Bow Valley Husky (Bermuda) Ltd v Saint John Shipbuilding Ltd (1995) 126 DLR (4th) 1. 142 Ibid. 133–34 per Cameron JA. On appeal, the Supreme Court of Canada, cited this view approvingly. See Bow Valley Husky (Bermuda) Ltd v Saint John Shipbuilding Ltd [1997] 3 SCR 1210. 143 Ian Townsend-Gault, ‘Legal Consequences of Accidents to Offshore Installations in Canadian Law’ in Ian Townsend-Gault (ed.), Offshore Petroleum Installations Law and Financing: Canada and the United States (1986) 555, 571–72. 144 See, e.g. Claborne McCarty v Service Contracting Inc [1971] AMC 90; In re Complaint of Sedco Inc. [1982] AMC 1461; Marine Drilling Co v Autin [1966] AMC 2013; Offshore Co. v Robinson [1959] AMC 2049; Producers Drilling Co. v Gray [1966] AMC 1260. In Producers Drilling Co v Gray the court concluded that a submersible drilling barge was a vessel. See discussion in Esmaeili (n 1) 25. 145 Fair Work Ombudsman v Pocomwell Ltd (No. 2) [2013] FCA 1139. 146 Koskenniemi (n 9) 266. Cf. Spicer (n 95) 106 (arguing that ‘if a jack-up rig can be considered to be a ship, a TLP production system can certainly fit within the definition of ship’). In Laffland Brothers Co. v Roberts, 386 Feb 2nd 540 (5th Circuit, 1967) a fixed offshore platform was considered not to be a vessel. 147 See, e.g. ABS, Rules for Building and Classing Offshore Installations (1997); ABS, Rules for Building and Classing Mobile Offshore Drilling Units (2014); ABS, Rules for Conditions of Classification – Offshore Units and Structures (2014); DNV, Floating Liquefied Gas Terminals (Offshore Technical Guidance, March 2011); DNV, Concrete LNG Terminal Structures and Containment Systems (Offshore Standard, October 2010). 148 IACS, Requirements Concerning Mobile Offshore Drilling Units (2012).

167

LEGAL STATUS OF OFFSHORE INSTALLATIONS

classification societies, offshore installations are not treated as ships, but are classified separately.149 3 Offshore oil and gas installations as ports The second key issue in relation to the legal status of offshore oil and gas installations is whether offshore installations can be treated as ports in certain circumstances. This is an important issue because ports and ships calling at ports may be required to comply with security requirements under international law, and coastal states can exercise jurisdiction over foreign ships visiting their ports. A ‘port’ can be described simply as ‘a place on a waterway with facilities for loading and unloading ships’.150 Not all ports can receive ultra-large tankers due to size and deep draft of such vessels, so it is common practice for large ships to load or unload their cargo at offshore terminals. Offshore oil and gas terminals can be in the form of buoy mooring terminals,151 which are often connected to FSUs or onshore storage facilities, and in the form of fixed platform-type structures securely anchored to the seabed.152 There may be other types and variations in the design of offshore terminals,153 and some offshore terminals ‘to the untrained eye appear to be oil rigs sticking out of the water’.154 It is common practice today for oil to be exported directly from offshore installations. Oil and gas can be loaded onto tankers directly from FPSOs and FSOs at offshore locations and then transported ashore to a refinery in the coastal state or to desired market destinations around the world.155 In terms of operational procedures, petroleum is accumulated in sufficient quantities in the FPSO’s storage tanks until it can be transferred to a tanker moored at an FPSO. In the case of FSOs/FSUs, oil is transferred from a production platform by a pipeline and stored until it is offloaded directly to a tanker that comes alongside the FSO.156 The use of offshore oil and gas installations for or in connection with the export of oil and gas raises some legal issues. The key issue is whether offshore installations from which petroleum is loaded on tankers and exported are treated as offshore ports in the legal sense. If so, offshore installations that have a status of an offshore port should be, in theory, subject to the mandatory security ISPS Code requirements applicable to port facilities. Ships that interact with such offshore installations (e.g. for the purpose of loading oil) may be subjected to conditions of entry and required to comply with a number of security requirements such as compliance with the

149 For example, the ABS classifies drill ships as ship-type drilling units: ABS, Rules for Conditions of Classification – Offshore Units and Structures (2014) 10. 150 The Free Dictionary www.thefreedictionary.com/port accessed 1 December 2015. 151 Buoy mooring terminals usually consist of a large floating buoy terminal well anchored to the seabed. 152 Papadakis (n 1) 25. 153 See Michelle Foss, ‘Offshore LNG Receiving Terminals’ (Briefing Paper, Centre for Energy Economics, 7 November 2006). 154 Michael McNicholas, Maritime Security: An Introduction (Butterworth-Heinemann 2008) 38. 155 Oil and gas can also be exported directly from fixed production platforms. 156 Herbert-Burns (n 25) 149.

168

LEGAL STATUS OF OFFSHORE INSTALLATIONS

security level of the coastal state (or the flag state, whichever is higher), or the provision of security-related information, such as the crew list, before entering the safety zones around such offshore installations or mooring alongside an offshore installation for loading.157 Furthermore, the legal status of waters around such offshore ports or offshore terminals becomes an important issue, which is analysed below. In particular, the issue is whether waters around an offshore terminal (regardless of a terminal’s location) are considered as the ‘internal waters’. This is important because internal waters are under full sovereignty of a coastal state,158 they are assimilated to a coastal state’s territory, and there is no general right of innocent passage of foreign ships through internal waters.159 The international regulatory framework for matters such as access ports and jurisdiction over ships in ports or internal waters can be derived from national laws of coastal states in conjunction with common law and various international conventions including the LOSC and the IMO conventions on ship safety and marine pollution.160 In order to determine whether offshore installations may be treated as offshore ports or offshore terminals in international law, it is necessary to analyse the approach taken in various international conventions and state practice. 3.1 Treaty law The analysis of international law has shown that the concept of offshore ports and offshore terminals is only addressed in a few international conventions. In regard to the international conventions discussed earlier in this chapter, only a few of them contain provisions pertaining to the treatment of offshore installations as offshore ports or offshore terminals. These conventions are examined below in order to determine whether offshore installations can be considered to be offshore ports in international law, and if so, the legal effect of such a status. The main international convention that deals with maritime ports is the Convention and Statute of the International Regime of Maritime Ports 1923 (1923 Ports Convention),161 which defines a ‘maritime port’ as one ‘normally frequented by sea-going vessels and used for foreign trade’.162 The 1923 Ports Convention does not have any provisions pertaining specifically to offshore terminals, but the definition of a ‘maritime port’ is arguably wide enough to include offshore installations from which oil is offloaded directly to tankers. In the LOSC, the only provision specifically dealing with ports is Article 11, entitled ‘Ports’, which provides that ‘the outermost permanent harbour works which

157 See, e.g. ISPS Code pt B, ss 4.37–4.39; SOLAS Convention annex, reg XI-2/9.2.1. 158 LOSC art 2(1). 159 Robin Churchill and Alan Lowe, The Law of the Sea (3rd edn, Manchester University Press 1999) 60. 160 Arnd Bernaerts, Bernaerts’ Guide to the 1982 United Nations Convention on the Law of the Sea: Including the text of the UN Convention and Final Act (Fairplay 1988) 111. 161 Convention and Statute of the International Regime of Maritime Ports 1923, adopted 9 December 1923, 58 LNTS 285, (entered into force 26 July 1926) (‘1923 Ports Convention’). 162 1923 Ports Convention art 1.

169

LEGAL STATUS OF OFFSHORE INSTALLATIONS

form an integral part of the harbour system are regarded as forming part of the coast. Off-shore installations and artificial islands shall not be considered as permanent harbour works.’163 According to Bernaerts, Article 11 of the LOSC suggests that wherever there is a port, the baseline is always drawn in such a manner as to include it in the internal waters.164 However, this approach would probably not apply to offshore terminals. Article 11 does not clarify whether offshore installations can be considered to be ports, but, to an extent, it recognises that offshore installations can be used as offshore terminals. The second sentence of Article 11 makes it clear that offshore installations are not considered as permanent harbour works under the LOSC. As noted by Esmaeili, the reasoning behind this provision ‘was to make a clear distinction between offshore loading and unloading points, and permanent harbour works’.165 O’Connell argues that ‘the deepwater port cannot be considered as “permanent harbour works” when the connection between the shore and the installation is submerged, as in the case of a pipeline laid on the seabed’.166 Therefore, offshore installations located within the territorial sea that are used for the purposes of loading and/or unloading of petroleum would not be considered as permanent harbour works under the LOSC.167 As noted above, the LOSC uses the terms ‘artificial islands’, ‘installations’ and ‘structures’ in many of its provisions, but these terms are not defined and any of them can be interpreted broadly to include offshore ports or offshore terminals.168 The OPRC contains several provisions that refer to ‘offshore terminals’. The OPRC provides that state parties recognise ‘the serious threat posed to the marine environment by oil pollution incidents involving ships, offshore units, sea ports and oil handling facilities’.169 The OPRC defines ‘offshore unit’ and ‘sea ports and oil handling facilities’ separately. ‘Offshore unit’ is defined in Article 2(4) of the OPRC as ‘any fixed or floating offshore installation or structure engaged in gas or oil exploration, exploitation or production activities, or loading or unloading of oil’.170 Clearly, the definition of offshore unit in the OPRC includes offshore installations used for loading and unloading of oil (i.e. offshore oil terminals); and the term ‘sea ports and oil handling facilities’ in the OPRC is defined as ‘those facilities which present a risk of an oil pollution incident and includes, inter alia, sea ports, oil terminals, pipelines and other oil handling facilities’.171 Both of the above definitions are relatively broad. On one hand, the definition of ‘offshore unit’ appears to include offshore terminals.172 On the other hand, the definition of ‘sea ports and oil handling

163 LOSC art 11. 164 Bernaerts (n 160) 111. 165 Esmaeili (n 1) 51, citing Satya Nandan and Shabtai Rosenne (eds), United Nations Convention on the Law of the Sea 1982: A Commentary, vol. 2 (Martinus Nijhoff 1993) 121–22. 166 O’Connell (n 7) 843. 167 Esmaeili (n 1) 51, citing Nandan and Rosenne (n 165) 122. 168 The LOSC also uses the term ‘devices’, which is also wide enough to include offshore terminals. See LOSC arts 19(2)(f), 145(a), 194(3), 209(2), 274(b). 169 OPRC Preamble. 170 OPRC art 2(4) (emphasis added). 171 OPRC art 2(5) (emphasis added). 172 Article 2(4) of the OPRC uses the expression ‘loading or unloading of oil’.

170

LEGAL STATUS OF OFFSHORE INSTALLATIONS

facilities’ specifically includes oil terminals, which presumably includes offshore oil terminals. At the IMO Diplomatic Conference on the adoption of the ISPS Code in December 2002 it was considered important ‘to safeguard the worldwide supply chain against any breach resulting from terrorist attacks against ships, ports, offshore terminals or other facilities’.173 The term ‘port facility’ is not defined in the ISPS Code. However, in situations where oil or gas is directly exported or offloaded from an FPSO, these types of offshore installations could fall under the category of ‘port facility’ as envisaged in the ISPS Code.174 The Code of Practice on Security in Ports, which was jointly developed by the ILO and the IMO, although not legally binding, defines a ‘port’, in paragraph 2.3 as ‘[t]he geographic area defined by the member State or the designated authority, including port facilities as defined in the International Ship and Port Facility Security (ISPS) Code, in which maritime and other activities occur.’175 This definition suggests that a state may declare a certain geographic area as a ‘port’. Chapter XI-2 of the SOLAS Convention defines ‘port facility’ as ‘a location, as determined by the Contracting Government or by the Designated Authority, where the ship/port interface takes place, [which] includes areas such as anchorages, waiting berths and approaches from seaward, as appropriate’.176 This suggests that the SOLAS Convention allows the coastal states to exercise discretion and designate certain offshore installations as ‘port facilities’. From the above analysis of international conventions it is evident that the legal status of offshore installations as ports is not addressed specifically in international conventions. There is nothing in international conventions that sets the criteria for maritime ports, and it is arguable that coastal states can designate any place under their jurisdiction as a port or an offshore terminal. 3.1.1 Legal status of waters around offshore ports Having determined that coastal states can designate any place under their jurisdiction as an offshore port or offshore terminal, another issue that needs to be analysed is whether waters around offshore terminals are considered as ‘internal waters’. The LOSC provides that the internal waters of the state are waters on the landward side of the baseline of the territorial sea.177 Internal waters include ports, harbours, bays, fringing reefs, lakes, canals and rivers and their mouths and, to some extent, other

173 IMO, Consideration and Adoption of Amendments to the International Convention for the Safety of Life at Sea, 1974, Conference of Contracting Governments to the International Convention for the Safety of Life at Sea 1974, Agenda Item 6, IMO Doc SOLAS/CONF.5/32 (12 December 2002) res 1 (emphasis added). 174 Section 4.27 of Part B of the ISPS Code provides that: For certain specific port facilities with limited or special operations but with more than occasional traffic, it may be appropriate to ensure compliance by security measures equivalent to those prescribed in Chapter XI-2 and in part A of this Code.

175 IMO and ILO, Code of Practice on Security in Ports (2004) 3 para 2.3. 176 SOLAS Convention reg XI-2/1 para 9. 177 LOSC art 8(1). See also Convention on the Territorial Sea and the Contiguous Zone 1958, opened for signature 29 April 1958, 516 UNTS 205 (entered into force 10 September 1964) art 5(1).

171

LEGAL STATUS OF OFFSHORE INSTALLATIONS

closely related water areas.178 The coastal state has full territorial sovereignty over its internal waters.179 There are no specific provisions in the LOSC that indicate that waters around offshore terminals or offshore ports have the status of internal waters, unless of course an offshore terminal is located within the internal waters in the first place.180 However, there are a couple of provisions in the LOSC that seem to suggest that offshore ports can be located outside internal waters (e.g. in the territorial sea or the EEZ). For example, Article 18(1) of the LOSC provides: Passage means navigation through the territorial sea for the purpose of: (a) traversing that sea without entering internal waters or calling at a roadstead or port facility outside internal waters; or (b) proceeding to or from internal waters or a call at such roadstead or port facility.181

Similarly, Article 25(2) of the LOSC states: In the case of ships proceeding to internal waters or a call at a port facility outside internal waters, the coastal State also has the right to take the necessary steps to prevent any breach of the conditions to which admission of those ships to internal waters or such a call is subject.182

The above provisions of the LOSC use the expression ‘port facility outside internal waters’, which indicates that a port facility (i.e. offshore terminal) can be located outside internal waters. This could be interpreted that waters around offshore terminals or offshore ports do not necessarily have the status of internal waters. In the absence of any specific provisions in the LOSC or in other international conventions, it is difficult to accept the argument that waters around offshore terminals are internal waters. OILPOL also contains a provision that seems to suggest that offshore ports can be located outside internal waters. Article VIbis(4) of OILPOL provides that: If a Contracting Government has clear grounds for believing that a tanker required under paragraph (1) of this Article to be constructed in accordance with Annex C entering ports in its territory or using off-shore terminals under its control does not in fact comply with Annex C, such Contracting Government may request consultation with the Government with which the tanker is registered.183

The above provision indicates that OILPOL distinguishes the terms ‘ports in its territory’ (which appears to refer to ports in internal waters) and ‘offshore terminals under its control’, which implies that waters around offshore terminals located on

178 Esmaeili (n 1) 70, citing Churchill and Lowe (n 159) 60. 179 LOSC art 2(1). 180 O’Connell argues that since a coastal state has full sovereignty, not limited by the rights of passage or navigation of foreign ships in its internal waters, offshore ports located in internal waters enjoy the status of landward ports: O’Connell (n 7) 843. 181 LOSC art 18(1) (emphasis added). 182 LOSC art 25(2) (emphasis added). 183 OILPOL art VIbis(4) (emphasis added).

172

LEGAL STATUS OF OFFSHORE INSTALLATIONS

the seaward side of the baselines are not considered nor treated as internal waters for the purposes of OILPOL. It can be concluded that if an offshore installation were designated by the coastal state to be an offshore port or an offshore terminal, this would not affect the legal status of waters around the offshore installation. In other words, if an offshore installation is located within the EEZ, the waters around that offshore installation would be the EEZ, regardless of whether the offshore installation is treated as an offshore terminal or an offshore port. Furthermore, it can be argued that a coastal state does not have sovereignty over offshore ports located in the EEZ, but only sovereign rights and exclusive jurisdiction.184 Alternatively, even if waters around offshore terminals are considered to be the internal waters (although this is highly unlikely), it can be argued that for offshore terminals located in the EEZ or erected on the continental shelf, such ‘internal waters’ can only extend to a maximum distance of 500 metres around such offshore terminals, which is the maximum breadth of safety zones in the EEZ allowed under Article 60(5) of the LOSC.185 The reason is that offshore ports or offshore terminals located in the EEZ or erected on the continental shelf should be governed by the law of the EEZ and the continental shelf.186 As noted above, the LOSC uses the expression ‘artificial islands, installations and structures’, which are understood to include offshore terminals. Regardless of the legal status of waters around offshore terminals, international law and state practice indicates that foreign ships that call at such offshore ports may still be subject to port state control measures including requirements relating to compliance with certain security requirements. It seems that offshore ports and terminals located outside of the internal waters (i.e. in other maritime zones such as the EEZ or the territorial sea) have the same legal status as land-based and harbour-type ports (i.e. that are located in internal waters) due to the internationally recognised legal principle of port state control. 3.1.2 Port state control and offshore installations The principle of the coastal state having jurisdiction to apply its laws to foreign ships in its ports is well established in international law,187 and is often referred to as ‘port state control’. In general, a foreign merchant ship that is voluntarily in a port is fully subject to the administrative civil and criminal jurisdiction of the coastal state (i.e. port state), unless specifically provided otherwise in applicable international conventions, bilateral agreements or common law.188 A number of international conventions, particularly those on marine pollution, have provisions specifically dealing with port state control measures over foreign ships calling at offshore terminals.

184 LOSC arts 56, 60. 185 See LOSC art 60(5). 186 O’Connell (n 7) 843. 187 Michael White, ‘Australia’s Offshore Legal Jurisdiction: Part 1 – History & Development’ (2011) 25(1) Australian and New Zealand Maritime Law Journal 3, 17. 188 Bernaerts (n 160) 111.

173

LEGAL STATUS OF OFFSHORE INSTALLATIONS

There are a number of provisions in the LOSC that provide that a coastal state can exercise port state control measures over ships calling at offshore terminals.189 For example, Article 211(3) of the LOSC provides: States which establish particular requirements for the prevention, reduction and control of pollution of the marine environment as a condition for the entry of foreign vessels into their ports or internal waters or for a call at their off-shore terminals shall give due publicity to such requirements and shall communicate them to the competent international organization.190

Furthermore, under the LOSC, a coastal/port state may undertake investigations and take enforcement action against a vessel when a vessel is voluntarily within its port or at its offshore terminal for violation of its anti-pollution laws and regulations or in respect of any discharge from that vessel.191 Article 219 of the LOSC provides that the coastal/port state that has ascertained that a vessel at one of its offshore terminals is in violation of applicable international standards relating to seaworthiness of vessels and thereby threatens damage to the marine environment, shall take measures to prevent the vessel from sailing.192 MARPOL contains several provisions pertaining to offshore terminals and port state control. Article 5(2) of MARPOL provides that ships may be subject, while in the ports or offshore terminals under the jurisdiction of a state party, to inspection by officers duly authorised by that state party. Similarly, Article 6(2) of MARPOL provides that ships to which MARPOL applies may be subject to inspection for the purpose of verifying whether the ship has discharged any harmful substances in violation of MARPOL when the ship is in any port or offshore terminal of a state party. Article 5(3) of MARPOL indicates that a state party can deny a foreign ship entry to the ports or offshore terminals under its jurisdiction. The OPRC, in Article 3(1)(b), provides that a ship that is required to have on board an oil pollution emergency plan is subject, while in a port or at an offshore terminal under the jurisdiction of a state party, to inspection by officers duly authorised by that state party. OILPOL provides, in Article VIII(1)(b), that state parties shall take all appropriate steps to ensure that oil loading terminals are provided with facilities adequate for the reception of oil residues and oily mixture. Article VIbis(4) of OILPOL provides that a contracting state can deny a tanker access to ports in its territorial waters or to offshore terminals under its control if the contracting state is satisfied that such a tanker is not compliant with OILPOL requirements. The Ship Recycling Convention provides, in Article 8(1), that a ship to which this convention applies may, in any port or offshore terminal of another state party, be subject to inspection for the purpose of determining whether the ship is in compliance with the Ship Recycling Convention. Article 9(2) of the Ship Recycling Convention

189 190 191 192

See LOSC arts 211(3), 216(c), 218(1), 219, 220. LOSC art 211(3). Ibid. art 220(1). See also LOSC arts 216(c), 218(1). LOSC art 219.

174

LEGAL STATUS OF OFFSHORE INSTALLATIONS

provides that when there is sufficient evidence that a ship is or has been in violation of any provision in the Ship Recycling Convention, a state party holding the evidence may request an investigation of this ship when it enters the ports or offshore terminals under the jurisdiction of another state party. Under Articles 9(1) and 10(4) of the Ballast Water Convention, a ship to which the convention applies may be subject to inspection, in any port or offshore terminal of another state party, for the purpose of determining whether the ship is in compliance with the Ballast Water Convention. Article 10(2) of the Ballast Water Convention provides that if a ship is detected to have violated the convention, the state party in whose port or offshore terminal the ship is operating, may take steps to warn, detain or exclude the ship. The AFS Convention also has several provisions dealing with port state control at offshore terminals. For example, Article 3(1)(c) of the AFS Convention provides, inter alia, that this convention applies to ships that enter a port, shipyard or offshore terminal of a state party. Article 4(1) of the AFS Convention provides that each state party should prohibit and/or restrict the application, re-application, installation or use of anti-fouling systems on ships, while ships are in a state party’s port or offshore terminal, and should take effective measures to ensure that such ships comply with the AFS Convention requirements. Articles 11(1) and 11(4) of the AFS Convention provide that a ship to which the AFS Convention applies may be inspected, in any port or offshore terminal of a state party, by officers authorised by that state party for the purpose of determining whether the ship is in compliance with the AFS Convention. 3.2 State practice – legislation To determine whether offshore oil and gas installations can be treated as offshore ports under national laws, the definition of the term ‘port’ in national legislation of several coastal states will be examined. State practice in relation to treating offshore oil and gas installations as offshore ports is not uniform. Different approaches have been taken by states in their national laws and practice. For example, in Australia, the Maritime Transport and Offshore Facilities Security Act 2003 (MTOFSA)193 defines ‘port’ as ‘an area of water, or land and water (including any buildings, installations or equipment situated in or on that land or water) intended for use either wholly or partly in connection with the movement, loading, unloading, maintenance or provisioning of ships’.194 Section 3 of the Port Statistics Act 1977 provides that a ‘port’ ‘includes any place (including a place at sea) at or near which facilities are provided for or in connexion with the loading or unloading of cargo into or from ships’.195 The above two definitions of ‘port’ are

193 Maritime Transport and Offshore Facilities Security Act 2003 (Cth) (‘MTOFSA’). 194 MTOFSA s 12(1). Section 4 of the MTOFSA defines the term ‘port facility’ as ‘an area of land or water, or land and water, within a security regulated port (including any buildings, installations or equipment in or on the area) used either wholly or partly in connection with the loading or unloading of security regulated ships’. This definition of ‘port facility’ is wide enough to cover offshore installations. 195 Port Statistics Act 1977 (Cth) s 3.

175

LEGAL STATUS OF OFFSHORE INSTALLATIONS

wide enough to include offshore installations such as FPSOs or FSOs, but it is worth noting that the MTOFSA defines offshore installations separately. The MTOFSA uses the term ‘offshore facility’, which is defined as: a facility, located in an offshore area, that is used in the extraction of petroleum from the seabed or its subsoil with equipment on, or forming part of, the facility, and includes: (a) any structure, located in the offshore area, used in operations or activities associated with, or incidental to, activities of that kind; and (b) any vessel, located in the offshore area, used in operations or activities associated with, or incidental to, activities of that kind.196

In the US, the Maritime Transportation Security Act 2002 defines the term ‘facility’ as ‘any structure or facility of any kind located in, on, under, or adjacent to any waters subject to the jurisdiction of the United States’, which suggests that both port facilities and offshore petroleum installations could be included in the definition of ‘facility’.197 The US has also enacted legislation that specifically deals with offshore terminals. The Deepwater Port Act 1974 (DWPA)198 authorises and regulates the location, ownership, construction and operation of deepwater ports in waters beyond the territorial limits of the US for importing oil and natural gas into the US and transporting oil or natural gas from the outer continental shelf.199 The term ‘deepwater port’ is defined in section 3(9) of the DWPA as: any fixed or floating manmade structure other than a vessel, or any group of such structures, that are located beyond State seaward boundaries and that are used or intended for use as a port or terminal for the transportation, storage, or further handling of oil or natural gas for transportation to any State.200

The definition of ‘deepwater port’ in the DWPA also includes ‘all components and equipment, including pipelines, pumping stations, service platforms, buoys, mooring lines, and similar facilities to the extent they are located seaward of the high water mark’.201 It is clear from the above definition that floating structures such as FSOs could be designated as deepwater ports or offshore terminals under the DWPA.202 The DWPA extends the Constitution, laws and treaties of the US to such ports and activities connected, associated or potentially interfering with the use or operation of such ports.203 The DWPA establishes the nexus for jurisdictional purposes between US law and foreign ships calling at or using a deepwater port, and the persons on board such ships.204 The legal status of waters around deepwater ports is not clarified, but section 19(c)(1) of the DWPA provides:

196 MTOFSA s 17A(1). The MTOFSA also provides that the term ‘offshore facility’ includes FPSOs and FSUs, but excludes MODUs. See MTOFSA ss 17A(2)–(3), (6). 197 Maritime Transportation Security Act, 46 USC §§70101(2), (2002). 198 Deepwater Port Act, 33 USC (1974). 199 Ibid. §§2(a)(1), 2(a)(5). 200 Ibid. §3(9)(A). 201 Ibid. §3(9)(B). 202 The deepwater ports in the US are used for importing oil and gas into the US. 203 DWPA §19(a). 204 Ibid. §19(c); O’Connell (n 7) 846.

176

LEGAL STATUS OF OFFSHORE INSTALLATIONS

The jurisdiction of the United States shall apply to vessels of the United States and persons on board such vessels. The jurisdiction of the United States shall also apply to vessels, and persons on board such vessels, registered in or flying the flags of foreign states, whenever such vessels are (A) calling at or otherwise utilizing a deepwater port; and (B) are within the safety zone of such a deepwater port, and are engaged in activities connected, associated, or potentially interfering with the use and operation of the deepwater port.205

In regard to the earlier discussion of the legal status of waters around offshore terminals, section 19(c)(1) of the DWPA (quoted above) provides that the US can exercise jurisdiction not only over foreign ships calling at or utilising deepwater ports, but also foreign ships that are present within the safety zones around deepwater ports. However, there is no clarification in the DWPA as to whether the waters within the safety zones around deepwater ports are considered to be the internal waters. Section 10(d)(1) of the DWPA provides, inter alia, that the US Government can designate, subject to recognised principles of international law, a zone of appropriate size around any deepwater port for the purpose of navigational safety.206 In Canada, the Canada Marine Act 1998 defines ‘port facility’ as: a wharf, pier, breakwater, terminal, warehouse or other building or work that is located in, on or adjacent to navigable waters that is used in connection with navigation or shipping, land incidental to its use and any land adjacent to navigable waters that is used in connection with navigation or shipping.207

Section 2 of the Canada Marine Act 1998 defines ‘public port’ as ‘a port designated as a public port under section 65’, and defines ‘public port facility’ as ‘a port facility designated as a public port facility under section 65’.208 Section 65 of the Canada Marine Act 1998 provides that: The Governor in Council may, by regulation, (a) designate as a public port any navigable waters within the jurisdiction of Parliament and any land covered by the navigable waters, if the land is under the administration of the Minister, including any related foreshore; (b) define the limits of a public port; and (c) designate any port facility under the administration of the Minister as a public port facility.209

The above definitions indicate that any navigable waters within Canada’s jurisdiction may be designated as a public port, which to an extent indicates that an offshore installation and waters around it may be designated as a public port. The term ‘port facility’ in section 2 of the Canada Marine Act 1998 includes ‘terminal’ and it is wide enough to include offshore installations.

205 Ibid. §19(c)(1) (emphasis added). 206 This suggests that the maximum breadth of the safety zones around deepwater ports located in the EEZ of the US should not exceed 500 metres, which is the maximum breadth of the safety zones permitted under the LOSC. 207 Canada Marine Act, SC 1998, c 10, s 2. 208 Clearly, the Canada Marine Act 1998 distinguishes the terms ‘public port’ and ‘public port facility’. 209 Canada Marine Act, SC 1998, c 10, s 65(1).

177

LEGAL STATUS OF OFFSHORE INSTALLATIONS

In Malaysia, the Merchant Shipping Ordinance 1952 defines ‘port’ as ‘a port or place declared to be a port under any written law in force in the State of Sabah or Sarawak as the case may be . . . and includes all such navigable rivers and channels leading thereto as are declared to be part thereof’.210 Section 5 of the Merchant Shipping Ordinance 1952 provides that the Minister may declare any port or place in the Federation and any navigable river or channel leading into such port or place to be a port within the meaning of this Ordinance.211 Presumably, in Malaysia, an offshore installation used for the export of oil can be declared to be a port. In Russia, Article 9(1) of the Merchant Shipping Code 1999 provides that a ‘maritime port’ is understood to be: a combination of objects of infrastructure of a maritime port, situated on specially assigned territories and waters and intended for servicing of ships, used for merchant shipping, servicing of fishing fleet ships, servicing of passengers, carrying out cargo operations, including transhipment, and other services usually provided in a maritime port, as well as interaction with other modes of transport.212

The above definition of ‘maritime port’ in Article 9(1) of the Russian Merchant Shipping Code 1999 can include offshore oil and gas installations. With regard to the legal status of waters around ports, Article 1(2) of the Federal Law on Internal Marine Waters, Territorial Sea and Contiguous Zone 1998213 provides that the internal waters include waters of ports of the Russian Federation, limited by a baseline passing through the farthest seaward points of hydro-technical structures and other permanent harbour works.214 This provision seems to reaffirm the requirement in Article 11 of the LOSC that baselines be drawn in such a manner as to include ports in the internal waters.215 In New Zealand, the Maritime Transport Act 1994 states that the term ‘port’ ‘includes place and harbour’.216 The term ‘offshore terminal’ is defined in section 222 of the Maritime Transport Act 1994 as ‘any place in the sea where cargo is loaded or unloaded’.217 This definition of ‘offshore terminal’ is very broad and it would include offshore installations. The Maritime Transport Act 1994 also defines the term ‘offshore installation or installation’ as: any artificial structure (including a floating structure other than a ship) used or intended to be used in or on, or anchored or attached to, the seabed for the purpose of the exploration for, or the exploitation or associated processing of, any mineral; but does not include a pipeline.218

210 211 212 213 214 215 216 217 218

Merchant Shipping Ordinance No. 70 of 1952 s 2. Ibid. s 5. Merchant Shipping Code 1999 No. 81-FZ art 9(1). Federal Law on Internal Marine Waters, Territorial Sea and Contiguous Zone 1998 (Russia). Ibid. art 1(2). Bernaerts (n 160) 111. Maritime Transport Act 1994 (New Zealand) s 2. Ibid. s 222. Ibid.

178

LEGAL STATUS OF OFFSHORE INSTALLATIONS

Section 225 of the Maritime Transport Act 1994 defines ‘transfer facility’ as ‘any facility, structure, or building for transferring liquids to or from a ship or an offshore installation; and includes any storage tanks or pipelines connected to the facility’. The term ‘oil transfer site’ is defined in the Maritime Transport Act 1994 as ‘any land, site, building, structure, or facility (whether on land or above the seabed) that is used to transfer oil, or at or from which oil is transferred, to, or from, a ship, or offshore installation’. In Nigeria, the Nigerian Ports Authority Decree 1999219 provides that: The Minister may, by order (a) declare any place in Nigeria and any navigable channel leading into that place to be a port within the meaning this Decree; (b) specify the limits of any place declared as a port in accordance with paragraph (a) of this subsection; (c) declare any navigable channel leading into a port to be an approach to that port within the meaning of this Decree.220

The meaning of the expression ‘any place in Nigeria’ is not clear, but if it could be interpreted as including Nigeria’s territorial sea and the EEZ, then an offshore installation may be declared to be an offshore port under the Nigerian Ports Authority Decree 1999. A survey of national legislation of seven states has shown that in Canada, Malaysia and Nigeria the legislation allows governments authorities to designate practically any place as a port. In Australia, Russia, New Zealand and the US, the definitions of ‘port’ are sufficiently broad to encompass offshore oil and gas installations. In cases where oil is exported directly from an FPSO or FSO, it is not uncommon for coastal states to designate such FPSOs and FSOs as offshore terminals or offshore ports. For example, in Nigeria, Pennington Oil Terminal (POT), which is located about 15 nautical miles offshore consists of two SPMs and an FSO Oloibiri, and Antan Oil Terminal (AOT), which is located about 20 nautical miles off Nigeria’s coast, consists of a tanker manifold platform and the FPSO Knock Taggart.221 In Equatorial Guinea, Zafiro Offshore Oil Terminal (ZOOT), which is located about 30 nautical miles offshore, consists of an FPSO Zafiro Producer, a production platform Jade, a storage tanker Magnolia, and an SPM.222 4 Conclusion In conclusion, it can be said that not only does the type of offshore installation affect its legal status, but also the type of activity being carried out by an offshore installation (i.e. its operational status) at a particular point in time. Both fixed and

219 Nigerian Ports Authority Decree No. 38 of 1999. 220 Ibid. s 30(1). 221 Marine World Database, ‘Pennington Terminal’ (Anchorage World, 1 February 2009) www. anchorageworld.com/content/pennington-terminal accessed 1 December 2014; Marine World Database, ‘Antan Oil Terminal’ (Anchorage World, 1 February 2009) www.anchorageworld.com/content/antanoil-terminal accessed 1 December 2014; IMO, Global Integrated Shipping Information System https://gisis.imo.org accessed 1 December 2015. 222 Marine World Database, ‘Zafiro Offshore Oil Terminal’ (Anchorage World, 1 March 2009) www.anchorageworld.com/content/zafiro-offshore-oil-terminal accessed 1 December 2014.

179

LEGAL STATUS OF OFFSHORE INSTALLATIONS

mobile offshore oil and gas installations may be treated as ships in international law in certain contexts. The term ‘ship’ can have different meanings in the international conventions depending on the aims and purpose of the convention. Fixed offshore installations are generally not treated as ships in international law, but at least two international and two regional conventions treat fixed offshore installations as ships. The legal status of mobile offshore installations is less clear. Some international conventions treat mobile offshore installations as ships and some do not, some conventions treat offshore installations as distinct from ships, and some conventions treat mobile offshore installations as ships only in certain circumstances. A common approach in international law to the legal status of mobile offshore installations (especially MODUs, but also FPSOs and FSOs) is to treat them as ships when they are in transit from one offshore location to another and to treat them as installations when they are on location engaged in offshore operations, which is referred to as the ‘dual status approach’. The ‘dual status approach’ appears to have been adopted by the IMO, some international conventions and some national laws. However, to determine the legal status of an offshore installation in any specific situation, it is necessary to look at relevant definitions and approaches of applicable international conventions as well as national legislation and judicial decisions. With respect to the legal treatment of offshore oil and gas installations as ports, the analysis of international law and state practice has shown that some offshore installations, including FSOs and FPSOs, can be and have been designated and treated as offshore ports. The legal status of some offshore installations as offshore ports is a relevant consideration and may affect the applicability of international regulatory requirements on maritime security. Ships calling such offshore ports and/or interacting with such offshore installations may be subjected to certain conditions of entry and required to comply with security-related measures applicable to ships entering port facilities that are compliant with the ISPS Code.

180

CHAPTER 6

PRE-9/11 INTERNATIONAL REGULATORY FRAMEWORK 1 Introduction In the mid-twentieth century exploitation of offshore oil and gas resources intensified significantly, which led to the development of international legal rules that regulate various aspects of the offshore petroleum industry including the protection of offshore installations. The development of the international regulatory framework for the protection of offshore oil and gas installations can be divided into two phases: the international legal framework that existed before the 9/11 attacks, and the international regulatory measures adopted in the aftermath of 9/11. This chapter focuses on the pre-9/11 international regulatory framework and examines the rights and responsibilities of states under relevant international conventions, jurisdictional issues relating to the protection of offshore installations, and the scope of protective measures coastal states can take to safeguard their offshore installations. Options available to states under international law for responding to attacks on offshore installations and challenges pertaining to enforcement of violations of security regulations are also examined.1 Since the security of offshore installations is part of maritime security, it is not sufficient to examine only the international regulatory aspects that directly apply to offshore installations, in isolation, without analysing at least some aspects of the broader maritime security regulatory framework. Given that offshore installations interact with ships such as tankers and offshore supply vessels during their normal operations, consideration of the regulatory requirements applicable to ships is equally important. As previously mentioned, lax ship security arrangements can potentially compromise the security of offshore installations with which they interact. Accordingly, certain regulatory aspects and maritime security initiatives pertaining to ships, although not specifically intended for or directly relevant to offshore installations, are also examined in the context of offshore installations. The regulatory aspects of offshore pipelines are not examined because pipelines are generally treated 1 Parts of this chapter have been previously published and are reproduced with the permission of the Editors of the relevant journals and co-author. See Mikhail Kashubsky, ‘Protecting Offshore Oil and Gas Installations: Security Threats and Countervailing Measures (Part II)’ (December 2013) Journal of Energy Security www.ensec.org/index.php?option=com_content&view=article&id=476:protectingoffshore-oil-and-gas-installations-security-threats-and-countervailing-measures&catid=140:energysecurity content&Itemid=429 accessed 1 December 2015; Mikhail Kashubsky and Anthony Morrison, ‘Security of Offshore Oil and Gas Facilities: Exclusion Zones and Ships’ Routeing’ (2013) 5(1) Australian Journal of Maritime and Ocean Affairs 1; Mikhail Kashubsky, ‘Can an Act of Piracy Be Committed Against an Offshore Petroleum Installation?’ (2012) 26(2) Australian and New Zealand Maritime Law Journal 163.

181

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

in international law in the same manner as submarine cables, rather than being associated with offshore installations.2 2 Pre-1958 legal framework In the early days of the offshore oil and gas industry, the equipment used in offshore drilling was fairly primitive by today’s standards.3 Offshore operations were conducted in very close proximity to the land, mostly within the territorial sea of coastal states and subject only to domestic laws.4 At the time, there was little need to regulate this activity at the international level because very few offshore oil and gas installations existed in waters beyond the territorial sea.5 Therefore, prior to the 1940s, there were no international legal rules concerning offshore installations. At the end of WWII, technological advances made it feasible to conduct offshore operations at greater depths. Beginning with the Truman Proclamation in 1945,6 a number of states started asserting rights over their adjacent continental shelves with a view to exploiting valuable seabed resources, particularly oil and gas. Such state practice ultimately resulted in the development of the legal rules for the continental shelf, which to some extent determined the legal status of offshore installations. 3 1958 Geneva Conventions The first major development in the regulation of the continental shelf and offshore installations occurred at the first United Nations Conference on the Law of the Sea (UNCLOS I) held in Geneva in 1958. UNCLOS I adopted several international conventions on the law of the sea known as the ‘1958 Geneva Conventions’, many provisions of which corresponded to customary international law at the time.7 Three of those conventions have provisions pertaining to the protection of offshore installations. These are: the Convention on the Territorial Sea and the Contiguous Zone 1958 (Territorial Sea Convention),8 which codified the concept of the coastal state sovereignty over its territorial sea and codified rules relating to innocent passage

2 See Stuart Kaye, ‘International Measures to Protect Oil Platforms, Pipelines, and Submarine Cables from Attack’ (2007) 31(2) Tulane Maritime Law Journal 377, 379. 3 See generally Jay Schempf, Pioneering Offshore: The Early Years (PennWell 2007). 4 Until the mid-20th century the three-nautical-mile breadth of the territorial seas was well established among maritime states and was a generally recognised principle of customary international law. See William Schachte, ‘The History of the Territorial Sea from a National Security Perspective’ (1990–91) 1 Territorial Sea Journal 143. 5 Kaye, ‘International Measures to Protect Oil Platforms’ (n 2) 379. 6 Presidential Proclamation No. 2667, Policy of the United States with Respect to the Natural Resources of the Subsoil and Sea Bed of the Continental Shelf, 3 CFR 67, 10 Fed Reg 12 303, codified as Executive Order 9633 (28 September 1945). 7 Tullio Treves, ‘1958 Geneva Conventions on the Law of the Sea: Introduction’, Audiovisual Library of International Law http://legal.un.org/avl/ha/gclos/gclos.html accessed 1 December 2015. 8 Convention on the Territorial Sea and the Contiguous Zone 1958, opened for signature 29 April 1958, 516 UNTS 205 (entered into force 10 September 1964) (‘Territorial Sea Convention’). As at 1 December 2015, there were 52 contracting states to the Territorial Sea Convention: UN, United Nations Treaty Collection (UNTC) (1 December 2015) https://treaties.un.org/Pages/ViewDetails.aspx?src=TREATY&mtdsg_no= XXI-1&chapter=21&lang=en accessed 1 December 2015.

182

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

through the territorial sea;9 the Convention on the High Seas 1958 (High Seas Convention),10 which among other things, codified rules relating to freedom of navigation, piracy and hot pursuit;11 and the Convention on the Continental Shelf 1958 (Continental Shelf Convention),12 which recognised the continental shelf as an international legal concept. It is useful to examine the relevant provisions of these conventions. 3.1 Convention on the Territorial Sea and the Contiguous Zone 1958 The Territorial Sea Convention provides that coastal states have sovereignty over the territorial sea, air space above, the seabed and subsoil.13 The breadth of the territorial sea is not specified in the Territorial Sea Convention due to the lack of agreement14 that reflected the uncertainty in customary international law at the time.15 By virtue of sovereignty over the territorial sea, coastal states can authorise the construction of offshore installations in the territorial sea and take measures for their protection. The Territorial Sea Convention also codified international rules relating to innocent passage,16 which is the most relevant aspect of the Territorial Sea Convention as far as the protection and security of offshore oil and gas installations is concerned. Article 14(1) of the Territorial Sea Convention provides that ships of all states, whether coastal or not, have the right of innocent passage through the territorial sea. The right of innocent passage is the main limitation on the sovereignty of coastal states over the territorial sea. In essence, it allows ships to pass freely through the territorial sea. Innocent passage is defined in Article 14(4) of the Territorial Sea Convention as passage that ‘is not prejudicial to the peace, good order or security of the coastal State.’17 The right of innocent passage has implications for the security of offshore installations. The right of innocent passage somewhat limits the extent of security measures that coastal states can take in order to protect offshore petroleum installations in

9 Territorial Sea Convention arts 1, 14–22. 10 Convention on the High Seas 1958, opened for signature 29 April 1958, 450 UNTS 82 (entered into force 30 September 1962) (‘High Seas Convention’). As at 1 December 2015, there were 63 contracting states to the High Seas Convention: UN, UNTC (1 December 2015) https://treaties.un. org/Pages/ViewDetails.aspx?src=TREATY&mtdsg_no=XXI-2&chapter=21&lang=en accessed 1 December 2015. 11 High Seas Convention arts 2, 14–23. 12 Convention on the Continental Shelf 1958, opened for signature 29 April 1958, 499 UNTS 311 (entered into force 10 June 1964) (‘Continental Shelf Convention’). As at 1 December 2015, there were 58 contracting states to the Continental Shelf Convention: UN, UNTC (1 December 2015) https:// treaties.un.org/Pages/ViewDetails.aspx?src=TREATY&mtdsg_no=XXI-4&chapter=21&lang=en accessed 1 December 2015. 13 Territorial Sea Convention arts 1, 2. 14 David Harris, Cases and Materials on International Law (6th edn, Sweet & Maxwell 2004) 386. 15 The international practice in regard to the limit of the territorial sea was not uniform at the time. The ILC’s view was that international law does not permit an extension of the territorial sea beyond twelve nautical miles: ILC, ‘Report of the International Law Commission on the Work of its Eighth Session (23 April – 4 July 1956)’ [1956] II Yearbook of the International Law Commission 253, 265–66. See also Harris (n 14) 386–87. 16 Territorial Sea Convention arts 14–22. 17 Ibid. art 14(4).

183

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

the territorial sea. For example, Article 15(1) of the Territorial Sea Convention provides that a coastal state has a duty not to hamper innocent passage, which implies that any measures that a coastal state takes for the protection of offshore installations (e.g. establishing navigation exclusion zones around offshore installations) must not hamper innocent passage.18 According to the International Law Commission (ILC), if offshore installations located in the territorial sea hamper innocent passage, they ‘must not be sited in narrow channels or in sea lanes forming part of the territorial sea and essential for international navigation’.19 A coastal state must give appropriate publicity to any known dangers to navigation within its territorial sea,20 which would include an obligation to publicise the location of all offshore installations in the territorial sea because they present a potential hazard to navigation. While the rules on innocent passage appear to limit the powers of coastal states with respect to the protection of offshore installations, the rules also allow coastal states to regulate passage of ships through the territorial sea,21 temporarily suspend the innocent passage of foreign ships in specified areas of the territorial sea if such suspension is essential for the protection of a coastal state’s security,22 and take the necessary steps in the territorial sea to prevent passage that is not innocent.23 The Territorial Sea Convention also established a contiguous zone, which is a zone of the high seas contiguous to the territorial sea of a coastal state, where coastal states may exercise the control necessary to prevent and punish infringements of customs, fiscal, immigration or sanitary regulations within their territory or territorial sea.24 Despite the views of some coastal states, the ILC did not support the contiguous zone as a zone that granted special security rights to coastal states.25 3.2 Convention on the High Seas 1958 The High Seas Convention lays down rules under which freedom of the high seas may be exercised. It sets out freedoms of the high seas such as freedom of navigation and freedom to lay submarine cables and pipelines, and provides that no part of the high seas can be subjected to the sovereignty of any state.26 The High Seas Convention defines the term ‘high seas’ as ‘all parts of the seas that are not included in the territorial sea or in the internal waters of a State’.27 In the context of security of offshore oil and gas installations, the High Seas Convention, to some extent, regulates the interaction of the rights of coastal states

18 Ibid. art 15(1). 19 ILC (n 15) 273. 20 Territorial Sea Convention art 15(2). 21 Ibid. art 17. 22 Ibid. art 16(3). 23 Ibid. art 16(1). 24 Ibid. art 24(1). Article 24(2) of the Territorial Sea Convention limits the contiguous zone to 12 nautical miles from the baseline. 25 Donald Rothwell and Tim Stephens, The International Law of the Sea (Hart Publishing 2010) 78. The ILC’s view was that the enforcement of customs and sanitary regulations is, in most cases, sufficient to safeguard the security of the coastal state: ILC (n 15) 295. 26 High Seas Convention art 2. 27 Ibid. art 1.

184

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

relating to the protection of offshore installations with the rights of other states such as the freedom of navigation on the high seas. The High Seas Convention provides that ships are subject to the exclusive flag state jurisdiction on the high seas.28 This means that a coastal state cannot take any enforcement action on the high seas against foreign ships involved in the attacks on offshore petroleum installations, unless an attack is considered an act of piracy or when a coastal state is exercising the right of hot pursuit, or when there is a flag state’s consent.29 The High Seas Convention codified international rules on piracy. The application of piracy law to security of offshore oil and gas installations is discussed in more detail later in this chapter, but for the purposes of this discussion it is sufficient to say that the High Seas Convention defines piracy comprehensively and obliges all states to cooperate to the fullest possible extent in the repression of piracy.30 The High Seas Convention provides for universal jurisdiction with respect to piracy, which is consistent with customary international law, and gives a right to every state to seize, on the high seas or in any other place outside the jurisdiction of any state, a pirate ship or a ship taken by piracy and under the control of pirates, arrest the persons and seize the property on board, and prosecute the perpetrators under the national laws.31 The High Seas Convention also allows boarding of foreign merchant ships on the high seas if there is reasonable ground for suspecting that the ship is engaged in piracy.32 The High Seas Convention is only indirectly relevant to the security of offshore installations. 3.3 Convention on the Continental Shelf 1958 The Continental Shelf Convention granted exclusive sovereign rights to coastal states for the purpose of exploring it and exploiting the natural resources of the continental shelf.33 The Continental Shelf Convention gave coastal states jurisdiction over offshore installations located on the continental shelf. The continental shelf is defined in the Continental Shelf Convention as: the seabed and subsoil of the submarine areas adjacent to the coast but outside the area of the territorial sea, to a depth of 200 metres or, beyond that limit to where the depth of the superjacent waters admits of the exploitation of the natural resources of the said areas.34

While there is a fixed limit to a depth of 200 metres in the definition of the continental shelf, which at the time of drafting was considered sufficient for all practical needs, the right to exceed that limit was also recognised if it was

28 Ibid. art 6(1). 29 The requirements for exercising the right of hot pursuit are set out in Article 23 of the High Seas Convention. 30 High Seas Convention arts 14, 15. 31 Ibid. art 19. 32 Ibid. art 22(1)(a). 33 Continental Shelf Convention art 2. 34 Ibid. art 1.

185

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

technologically possible to exploit the seabed or subsoil at a depth greater than 200 metres.35 This definition left some uncertainty as to the exact limit of the continental shelf.36 The most relevant provision of the Continental Shelf Convention dealing with the protection of offshore petroleum installations is Article 5, under which coastal states have the right to construct and operate offshore installations, establish safety zones around such installations that may extend to a maximum of 500 metres, and take in those zones measures necessary for the protection of offshore installations.37 The nature of the protective measures that a coastal state can take within safety zones is not specified, but the Continental Shelf Convention requires ships of all nationalities to respect these safety zones.38 In other words, ships are prohibited from entering the safety zones without authorisation. It appears that the concept of the safety zones was introduced for the purpose of protecting offshore installations from accidental collisions with ships, and not from intentional attacks.39 At the time, the ILC, which prepared the draft of the Continental Shelf Convention, considered a distance of 500 metres to be appropriate and sufficient.40 According to the ILC’s commentary, although the ILC ‘did not consider it essential to specify the size of the safety zones, [the ILC] believes that generally speaking a maximum radius of 500 metres is sufficient for the purpose’.41 The Continental Shelf Convention provides that offshore installations do not have the status of an island and have no territorial sea,42 and it explicitly states that installations on the continental shelf should not cause unjustifiable interference with navigation, fishing and scientific research.43 The Continental Shelf Convention also requires coastal states to undertake, in the safety zones, appropriate measures for the protection of the marine environment,44 which suggests that a coastal state has some kind of environmental jurisdiction in the safety zones.45 The Territorial Sea Convention, the High Seas Convention and the Continental Shelf Convention were important achievements in the development of the law of the sea, but they did not address many aspects of the law of the sea and they are only indirectly relevant to the security of offshore oil and gas installations. The development of new techniques and technologies for offshore exploitation of oil and gas, as well as

35 ILC (n 15) 296–7. 36 See UN, ‘Official Records of the United Nations Conference on the Law of the Sea, vol VI: Fourth Committee (Continental Shelf)’ UN Doc A/CONF.13/42 (September 1958) 5. 37 Continental Shelf Convention arts 5(2)–(3). 38 Ibid. art 5(3). 39 The ILC has commented that interested parties ‘should be duly notified of the construction of installations, so that these may be marked on charts’ and offshore installations should be equipped with warning devices such as lights, audible signals, radar and buoys: ILC (n 15) 299. 40 ILC (n 15) 299. 41 Ibid. 42 Continental Shelf Convention art 5(4). 43 Ibid. art 5(1). However, the ILC noted that what the article prohibits is not any kind of interference, but only unjustifiable interference and that even substantial interference with navigation and fishing might be justified in some cases: ILC (n 15) 299. 44 Continental Shelf Convention art 5(7). 45 Kaye, ‘International Measures to Protect Oil Platforms’ (n 2) 383.

186

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

other mineral resources has made it necessary to reconsider the continental shelf rules and establish rules for the deep seabed.46 The Territorial Sea Convention, the Continental Shelf Convention and the High Seas Convention were later subsumed into the LOSC. 4 The 1982 Law of the Sea Convention framework The LOSC was adopted at UNCLOS III on 10 December 1982.47 The LOSC is the main international treaty that lays down the legal framework for the uses of the sea including exploration and exploitation of offshore oil and gas.48 The LOSC resulted in extended coastal state jurisdiction over the sea and established new legal divisions of the sea (see Figure 6.1), also referred to as maritime zones of jurisdiction (see Figure 6.2).49 The LOSC created the width of the territorial sea,50 extended the width of the contiguous zone,51 created archipelagic waters,52 redefined the continental shelf, 53 created the EEZ,54 and established rules governing the deep seabed.55 The respective rights, responsibilities, jurisdiction and enforcement powers relating to the security and protection of offshore installations are different in each maritime zone of jurisdiction. Under the LOSC, a coastal state has exclusive rights to regulate and control offshore installations on the seabed within its sovereignty and sovereign rights.56 The coastal state can assert its jurisdiction over activities taking place aboard offshore installations and in their vicinity.57 The LOSC uses the terms ‘installations’ and ‘structures’, which are understood to include offshore oil and gas installations. The LOSC contains a number of provisions pertaining to the protection of offshore installations constructed on the seabed over which a coastal state has

46 Harris (n 14) 382. 47 See UN Office of Legal Affairs (UNOLA), ‘Third United Nations Conference on the Law of the Sea, 1973–1982’ (2009) http://legal.un.org/diplomaticconferences/lawofthesea-1982/lawofthesea1982.html accessed 1 December 2015. 48 The provisions of the LOSC generally constitute international law and practice with respect to traditional uses of the oceans. As at 2 January 2015, there were 167 parties to the LOSC. See UN, Division for Ocean Affairs and the Law of the Sea (DOALOS), ‘Chronological Lists of Ratifications of, Accessions and Successions to the Convention and the related Agreements as at 2 January 2015’ (7 January 2015) www.un.org/depts/los/reference_files/chronological_lists_of_ratifications.htm accessed 1 December 2015. 49 The internal waters and the archipelagic waters are not shown in Figures 6.1 and 6.2. 50 The breadth of the territorial sea is explicitly fixed at a limit of 12 nautical miles from the baseline: LOSC art 3. 51 Under the LOSC, the contiguous zone is extended to 24 nautical miles from the baseline: LOSC art 33(2). 52 LOSC arts 46, 47, 48. 53 LOSC art 76. The new legal definition of the continental shelf in the LOSC differs significantly from the definition in the Continental Shelf Convention. See LOSC art 76(5); Harris (n 14) 482. 54 The LOSC established a specific legal regime for the EEZ with a distinct set of rules of its own. See Harris (n 14) 472; LOSC art 55. 55 The LOSC contains a special set of rules governing exploitation of natural resources of the seabed beyond national jurisdiction. See LOSC Pt XI. 56 LOSC arts 56, 60, 80. 57 Ibid.

187

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

Outer space

National airspace

Interational airspace 24 nm

12 nm Land

Territorial sea B A S E L I N E

Contiguous zone

High seas

High seas

Exclusive economic zone 200 nm

Continental shelf

The deep sea bed

Figure 6.1 Legal divisions of the oceans and airspace. Source: US Navy, The Commander’s Handbook on the Law of Naval Operations (July 2007).

authority.58 For example, the LOSC contains provisions explicitly allowing coastal states to establish safety zones around offshore installations in the EEZ and on the continental shelf to ensure the protection of offshore installations and safety of navigation.59 The LOSC also deals with other security-related aspects that are relevant in the context of offshore oil and gas installations security such as the right of innocent passage, piracy, right of visit, and rules relating to hot pursuit.60 The analysis of the LOSC framework is undertaken by examining provisions pertaining to the security of offshore petroleum installations in seven maritime zones of jurisdiction, namely the internal waters, the territorial sea, the contiguous zone, the archipelagic waters, the EEZ and the continental shelf, the continental shelf beyond 200 nautical miles, and the seabed beyond national jurisdiction.

58 Stuart Kaye, ‘The Protection of Platforms, Pipelines and Submarine Cables under Australian and New Zealand Law’ in Natalie Klein, Joanna Mossop and Donald Rothwell (eds), Maritime Security: International Law and Policy Perspectives from Australia and New Zealand (Routledge 2010) 186, 187. 59 LOSC arts 60, 80, 87(1)(d), 147(2). 60 Ibid. arts 17–28; 100–107; 110; 111.

188

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

High seas/Seabed beyond national jurisdiction beyond 350 nautical miles

High seas/Continental shelf beyond 200 nautical miles up to 350 nautical miles

EEZ/Continental shelf up to 200 nautical miles

Contiguous zone EEZ/Continental shelf up to 24 nautical miles

Territorial sea up to 12 nautical miles

Figure 6.2 Maritime zones of jurisdiction in the context of offshore installations. Source: Author.

4.1 Installations in the internal waters The internal waters of the state are waters on the landward side of the baseline of the territorial sea.61 The internal waters include ports, harbours, bays, fringing reefs, lakes, canals and rivers and their mouths and, to some extent, other closely related water areas.62 It is not uncommon for offshore petroleum installations to be located in the internal waters. The coastal state has full territorial sovereignty over its internal waters.63 The internal waters are assimilated to a coastal state’s territory, so the

61 Ibid. art 8(1). 62 Robin Churchill and Alan Lowe, The Law of the Sea (3rd edn, Manchester University Press 1999) 60. 63 LOSC art 2(1).

189

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

coastal state is free to deal with its internal waters as it chooses, just as it is free to deal with its land territory.64 There is no right of navigation or general right of innocent passage of foreign ships through the internal waters.65 4.1.1 Protection measures By virtue of its full territorial sovereignty over the internal waters, the coastal state can build offshore installations in the internal waters and take measures necessary for their protection. The construction of offshore installations in the internal waters and their protection is a matter of internal concern of the coastal state and is governed by its domestic law and regulations, but ‘in exceptional cases, there might be a right of innocent passage in internal waters’.66 In parts of the sea where the right of innocent passage exists under international law, the construction, operation and protection of offshore installations should not hamper international navigation and the right of innocent passage. 4.1.2 Enforcement jurisdiction The coastal state can exercise jurisdiction over and apply its laws to foreign ships in its internal waters and ports. This principle is well established in international law.67 By entering internal waters, foreign ships put themselves within the territorial jurisdiction of the coastal state,68 including criminal jurisdiction. In the context of offshore petroleum security, there is no doubt that a coastal state can take enforcement action in its internal waters against a foreign ship involved in an unlawful interference with or an attack on an offshore installation located in its internal waters.69 4.2 Installations in the territorial sea Coastal states have sovereignty over the territorial sea, the air space above it, and its seabed and subsoil.70 This includes authority to construct offshore installations and engage in exploitation of oil and gas resources on the seabed.71 One of the key aspects of the territorial sea as far as the protection of offshore installations is concerned is the right of innocent passage.

64 Churchill and Lowe (n 62) 60. 65 Ibid. 66 Hossein Esmaeili, The Legal Regime of Offshore Oil Rigs in International Law (Ashgate Dartmouth 2001) 70. See also LOSC art 8(2). 67 Michael White, ‘Australia’s Offshore Legal Jurisdiction: Part 1 – History & Development’ (2011) 25(1) Australian and New Zealand Maritime Law Journal 3, 17. 68 Churchill and Lowe (n 62) 65. 69 As well as for attacks on or interferences with offshore installations located in other areas of the sea that are under coastal state’s jurisdiction when the suspected ship is in the coastal state’s internal waters. 70 LOSC art 2. 71 Salah Honein, The International Law Relating to Offshore Installations and Artificial Islands: An Industry Report (Lloyd’s of London Press 1991) 4.

190

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

4.2.1 Protection measures and innocent passage The requirement of innocent passage is one of the few accepted limitations on the coastal state’s sovereignty in the territorial sea.72 The LOSC, by virtue of Article 17, grants a right of innocent passage through the territorial sea to ships of all states.73 Thus, the construction and operation of offshore installations in the territorial sea should be done with due regard to the right of innocent passage.74 After adopting a general definition of ‘innocent’ in Article 19(1), which states that ‘[p]assage is innocent so long as it is not prejudicial to the peace, good order or security of the coastal State’,75 the LOSC adds a list of activities that are considered to be prejudicial to the peace, good order or security of the coastal state.76 For instance, any act of wilful and serious pollution, any act aimed at interfering with offshore installations or any act aimed at collecting information to the prejudice of the defence of the coastal state is considered to be prejudicial to the peace, good order and security of the coastal state and by definition is not innocent.77 Hathaway et al. have argued that Articles 19(c) and 19(k) of the LOSC regulations could be read as to prohibit cyber attacks against the coastal state or launched from a ship at sea,78 which would include cyber attacks on the coastal state’s offshore installations. Coastal states have a number of powers regarding innocent passage. A coastal state can adopt any laws and regulations relating to innocent passage through the territorial sea.79 Ships exercising the right of innocent passage are required to comply with all such laws and regulations.80 To protect offshore installations in the territorial sea, a coastal state may designate and prescribe sea lanes and traffic separation schemes for the regulation of passage (e.g. in areas of high concentration of offshore installations) and require foreign ships exercising the right of innocent passage to use such sea lanes and traffic separation schemes.81 The laws and regulations that a coastal state adopts must be in conformity with the provisions of the LOSC and other rules of international law.82 In particular, such laws and regulations of the coastal state may not have the practical effect of denying or impairing the right of innocent passage.83 The coastal state, by virtue of its sovereignty over the territorial sea and provisions of Article 21(1)(b) of the LOSC, ‘may reasonably force foreign ships to divert their course or to follow certain

72 Article 2(3) of the LOSC provides that ‘the sovereignty over the territorial sea is exercised subject to this Convention and to other rules of international law’. See LOSC 2(3). 73 LOSC art 17. The right of innocent passage also exists in customary international law. 74 Esmaeili (n 66). 75 LOSC art 19(1). 76 Ibid. art 19(2). 77 Ibid. arts 19(2)(c), (h), (k). In addition, Article 19(2)(l) is a generic clause stating ‘any other activity not having a direct bearing on passage’, which presumably gives the coastal state the discretion to render the passage not innocent. 78 Oona Hathaway, Rebecca Crootof, Philip Levitz, Haley Nix, Aileen Nowlan, William Perdue and Julia Spiegel, ‘The Law of Cyber-Attacks’ (2012) 100(4) California Law Review 817, 873. 79 LOSC art 21(1)(b). 80 Ibid. art 21(4). 81 Ibid. art 22(1). 82 Ibid. art 21(1). 83 Ibid. art 24(1)(a).

191

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

instructions which may prolong their passage’,84 in order to protect its offshore installations. However, the implementation of such measures solely for security purposes might draw criticism.85 According to Article 19(2) of the LOSC, ‘any act aimed at interfering with any systems of communication or any other facilities or installations of the coastal State’ is considered to be not innocent passage.86 The meaning of ‘interfering with installations’ is not specified in the LOSC, but an act of ‘interference’ with offshore installations could be understood as the behaviour of a ship in the vicinity of an offshore installation that could lead persons on board an offshore installation to believe that the ship poses an actual security risk. Examples of such ship behaviour include infringing established safety, security or exclusion zones around offshore installations, not complying with sea lanes and traffic separation schemes, performing unusual manoeuvring, not maintaining proper communication or failing to respond to directions, and other suspicious behaviour. Esmaeili has argued that a minor interference with offshore installations in the territorial sea should not be considered as prejudicial to the peace, good order and security of the coastal state because interference with offshore installations is economic in nature.87 Harel disagreed with this position arguing that the emphasis is on the intent behind the activity expressed in the words ‘aimed at interfering’, as opposed to the activity itself, which means that any act aimed at causing interference with the operations of an offshore installation, whether minor or not, would be considered prejudicial to the peace, good order or security of the coastal state.88 Without any express reference to the gravity of an act in Article 19(2)(k) of the LOSC, even a minor interference with an offshore installation or a perceived security risk posed by ship can cause the installation operator to initiate emergency shut-down procedures potentially resulting in considerable financial losses and interruptions in petroleum supplies. The phrase ‘aimed at’ in Article 19(2)(k) of the LOSC suggests that the interference with offshore installations must be deliberate in order to be prejudicial to the peace, good order or security of the coastal state. Therefore, unintentional interferences with offshore installations would not be considered prejudicial to the rights of the coastal state.89 In practice, it may be very difficult, if not impossible, to verify the nature of the passage and the intent of a foreign ship. The LOSC does not provide any guidance on it. To encourage all states to harmonise their national laws and practices relating to innocent passage, in 1989, governments of the US and the Union of Soviet Socialist Republics (USSR) issued the Joint Statement on the Uniform Interpretation of Rules

84 Esmaeili (n 66) 124–25. 85 Assaf Harel, ‘Preventing Terrorist Attacks on Offshore Platforms: Do States Have Sufficient Legal Tools?’(2013) 4(1) Harvard National Security Journal 131, 143. 86 LOSC art 19(2)(k). 87 Esmaeili (n 66) 124–25. 88 Harel (n 85) 140–41, fn 57 (arguing that since the drafters did not require the act to be aimed at causing serious interference with an offshore installation ‘implies that they did not intend to limit the application of the said provision to such acts’). 89 Esmaeili (n 66) 125.

192

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

of International Law Governing Innocent Passage (US–USSR Joint Statement), which represented the agreed interpretation and agreed practices of the US and USSR of innocent passage provisions of the LOSC.90 With respect to verifying the intent of ships navigating in the territorial sea, the US–USSR Joint Statement recommends: A coastal State which questions whether the particular passage of a ship through its territorial sea is innocent shall inform the ship of the reason why it questions the innocence of the passage, and provide the ship an opportunity to clarify its intentions or correct its conduct in a reasonably short period of time.91

The coastal state would need to inform the ship that it is suspected of intending to cause interference with the coastal state’s offshore installations in the territorial sea. If the ship does not respond to the coastal state’s request or does not correct its conduct within a ‘reasonably short period of time’, the passage could be deemed non-innocent. It is not clear what is meant by ‘reasonably short period of time’. It appears that a coastal state would have the discretion to determine what a ‘reasonably short period of time’ is, in the given circumstances and taking into account the general security environment of the area and strategic significance of the offshore installation. In some circumstances an immediate response may be required, for instance, when a ship enters the exclusion zone without permission. In May 2004, a few days after ABOT and KAAOT were attacked by terrorists,92 the US Maritime Liaison Office (MARLO) in Bahrain announced 3,000-metre warning zones and 2,000-metre exclusion zones and the suspension of the right of innocent passage around ABOT and KAAOT in Iraq’s territorial sea.93 The notice stated, inter alia, that: effective immediately, exclusion zones are established and the right of innocent passage is temporarily suspended in accordance with international law around the KAAOT and ABOT oil terminals within Iraqi territorial waters. The exclusion zones extend 2000 meters from the outer edges of the terminal structures in all directions.94

The exclusion zones around ABOT and KAAOT were established during the US occupation of Iraq, pursuant to the law of armed conflict.95 However, it is arguable that a coastal state can establish such security/exclusion zones around offshore installations in the territorial sea even during peace time on the basic of national security and sovereignty over the territorial sea. Offshore installations of significant

90 Joint Statement by the United States of America and the Union of Soviet Socialistic Republics on the Uniform Interpretation of Rules of International Law Governing Innocent Passage, 28 ILM 1444 (adopted on 23 September 1989) (‘US-USSR Joint Statement’). 91 US–USSR Joint Statement para 4. 92 See Appendix. 93 US Government, US Navy, The Commander’s Handbook on the Law of Naval Operations (July 2007) para 7.9, app C; Marshall Islands Government, Office of the Maritime Administrator, ‘Warning and Exclusion Zones around the Khawr Al’Amaya Oil Terminal (KAAOT) and the Al Basra Oil Terminal (ABOT)’ (Marine Safety Advisory No. 15-08, Office of the Maritime Administrator, 20 May 2008) 2–3. 94 US Navy, The Commander’s Handbook (n 93) app C. 95 Ibid. para 7.9.

193

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

strategic importance such as ABOT and KAAOT warrant to have security arrangements of high order including exclusion zones and protection of naval forces. If the passage was found to be not innocent, the coastal state is authorised under the LOSC to take the necessary steps to prevent it.96 The LOSC does not specify what ‘necessary steps’ can be taken by a coastal state, but Rothwell and Stephens contend that a number of response options are available to the coastal state to prevent or deny non-innocent passage, which could include requesting a delinquent ship to refrain from certain acts, requesting the ship to leave the territorial sea, the positioning of vessels to prevent the ship from continuing its passage, or the intervention and boarding of the ship by the coastal state’s authorities.97 Considering that a non-innocent passage is prejudicial to the peace, good order or security of the coastal state, and depending on the nature and severity of threat posed by the delinquent ship, the coastal state can resort to the use of reasonable force, including deadly force, as a last resort.98 The permissible response would depend upon the specific circumstances and should be subject to general principles of international law, such as necessity and proportionality.99 However, most offshore installations are not protected by warships or other government vessels, so it may not be practical to verify the intention of a foreign ship if that ship does not respond to attempts by an offshore installation to establish radio or other communication. The coastal state’s authorities responsible for the protection of offshore installations may not have enough time to prevent an attack on an offshore installation, so offshore installations in most cases have to rely on their own security and protection measures to prevent attacks and unlawful interferences. As a protection measure, the coastal state also has a right to suspend temporarily the innocent passage of foreign ships in specified areas of its territorial sea if such suspension is ‘essential for the protection of its security’.100 As discussed earlier, some offshore oil and gas installations are of strategic importance, which means that ensuring their protection and uninterrupted operation may be essential to the national security of the coastal state. This right may allow the coastal state to suspend innocent passage in the vicinity of strategically important offshore installations. Article 25(3) of the LOSC sets out conditions imposed on this right which are: the suspension must be temporary, the suspension must be essential for the protection of its security, it can be implemented only in specified areas of the territorial sea, and it must be without discrimination among foreign ships.101 While this right ‘could prove useful in protecting offshore platforms in case of high security alert for a terrorist attack, its temporary nature does not provide a

96 LOSC art 25(1). 97 See Rothwell and Stephens (n 25) 218. 98 See Harris (n 14) 424; Rothwell and Stephens (n 25) 218. On the use of reasonable force rule see M/V Saiga (St Vincent and the Grenadines v Guinea)(Judgement) (ITLOS, Case No. 2, 1 July 1999) (‘Saiga’). 99 Rothwell and Stephens (n 25) 218, citing Saiga (ITLOS, Case No. 2, 1 July 1999). 100 LOSC art 25(3). 101 Ibid.

194

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

permanent solution for securing these assets’.102 The exact meaning of the expression ‘suspend temporarily’ in Article 25(3) of the LOSC is not clear. One possible interpretation is that a temporary suspension could be for any period of time, as long as it is not permanent. Rothwell and Stephens have noted that it may be possible to justify suspension of innocent passage for a considerable period of time in the case where internal civil disturbance is taking place, in order to ensure the safety of foreign ships within those waters.103 The suspension of innocent passage in the vicinity of key offshore installations, such as major oil export terminals or large production platforms located in the territorial sea, seems to be reasonable and in high-risk areas may be necessary.104 A justification for such suspension is the strategic importance of such offshore installations to the coastal state’s security, including economic security and environmental security. On the other hand, offshore installations of little strategic significance, such as small drilling rigs, may not necessarily warrant the suspension of innocent passage. The determination of whether the suspension of innocent passage around an offshore installation is essential for the security of the coastal state is ultimately left to that state.105 Marine pollution, which is arguably of lesser security concern, could and has been used to justify the suspension of the right of innocent passage in portions of the territorial sea.106 In the context of offshore installations, collisions between ships and offshore installations can result in marine pollution and cause serious harm to a coastal state’s interests, which could be viewed as part of the broader concept of security. Therefore, the prevention of marine pollution could arguably be used as justification for the suspension of the innocent passage around offshore installations.107 Ngantcha argues the legality of each suspension should be based on ‘reasonableness’ viewed in the light of all the circumstances rather than on the ambiguous concept of ‘security considerations’.108 In any case, the suspension of the innocent passage will only take effect after being duly published.109 The LOSC emphasises that coastal states cannot suspend innocent passage in straits used for international navigation,110 even though such straits are normally considered to be part of the territorial sea. In Corfu Channel (United Kingdom v Albania),111 the International Court of Justice (ICJ) recognised that at customary international law the coastal state cannot suspend the right of innocent passage on grounds of security in a part of the territorial sea that is an international strait used

102 Harel (n 85) 141. 103 Rothwell and Stephens (n 25) 219. 104 Francis Ngantcha, The Right of Innocent Passage and Evolution of the International Law of the Sea (Printer Publishers 1990) 166 (arguing that the suspension must be essential and not just one among several options available to the coastal state). 105 See Ngantcha (n 104) 165. 106 Ibid. 166. 107 Consider this in light of Articles 21(1)(f) and 211(4) of the LOSC. 108 Ngantcha (n 104) 166. 109 LOSC art 25(3). 110 Ibid. art 45. See also LOSC art 44. 111 Corfu Channel (United Kingdom v Albania)(Merits) [1949] ICJ Rep 4 (‘Corfu Channel’).

195

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

for navigation from one part of the high seas to another.112 There are some offshore installations located in straits used for international navigation,113 and in light of the growing offshore oil and gas production, it is reasonable to predict that there will be more offshore installations in straits used for international navigation in the future. As discussed in Chapter 3, hostile actions of nation-states can pose a security threat to offshore installations. Accordingly, it seems to be appropriate to mention that warships and other government ships are also required to comply with the laws and regulations of the coastal state concerning passage through the territorial sea.114 If any warship does not comply and disregards any request for compliance, the coastal state may require it to leave the territorial sea immediately.115 The LOSC expressly recognises the international responsibility of the flag state for any loss or damage to the coastal state resulting from non-compliance by a warship or any other government ship operated for non-commercial purposes with the laws and regulations of the coastal state concerning passage through the territorial sea or other international rules.116 It has been argued that when a foreign flagged ship is traversing the territorial sea in the lateral passage and exercising the right of innocent passage, the ship cannot be considered to be in breach of the rules on innocent passage on the basis that it has on board persons who seek to commit terrorist acts in a country other than a coastal state because such a ship is not immediately threatening the security of the coastal state, especially if it is compliant with any established rules and directions of the coastal state relating to innocent passage.117 Nevertheless, the coastal state may be able to exercise criminal jurisdiction on board foreign ships in certain circumstances.118 The LOSC is silent about safety zones around offshore installations in the territorial sea.119 Although not explicitly stated in the LOSC, it is arguable that the coastal state, by virtue of its sovereignty and Article 21(1)(b),120 may adopt measures for the protection of offshore installations in the territorial sea such as the establishment of ‘safety zones’, ‘security zones’ or ‘exclusion zones’ (regardless of the specific terminology used) around offshore installations, and take in those zones whatever measures are necessary for the protection of offshore installations. The breadth of such zones does not have to be limited to 500 metres, which is the limit for the safety zones in the EEZ and on the continental shelf. A coastal state can

112 Harris (n 14) 424. 113 For instance, there are more than 20 offshore installations in Bass Strait. 114 LOSC art 30. 115 Ibid. 116 Ibid. art 31. 117 Natalino Ronzitti, ‘The Law of the Sea and the Use of Force Against Terrorist Activities’ in Natalino Ronzitti (ed.), Maritime Terrorism and International Law (Martinus Nijhoff 1990) 1, 5. 118 Ibid. 119 Honein has suggested that the establishment of safety zones around installations in the territorial sea does not seem necessary because a coastal state may require foreign ships exercising the right of innocent passage through its territorial sea to use such sea lanes and traffic separation schemes as it may designate or prescribe: Honein (n 71) 46–47. 120 Article 21(1)(b) of the LOSC provides that the coastal state may adopt laws and regulations relating to innocent passage through the territorial sea, in respect of the protection of offshore installations.

196

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

establish safety zones or security zones of any breadth it deems necessary.121 The only requirement is that such zones do not hamper the innocent passage of foreign ships through the territorial sea and safety of navigation is preserved.122 There is an obligation on the coastal state not to cause unreasonable interference with navigation and to prevent obstruction of international navigation. The LOSC does not expressly mention the need for the coastal state to seek endorsement of the IMO to establish safety zones larger than 500 metres around offshore installations in the territorial sea,123 which could be understood that such an endorsement is not required. Even if a coastal state establishes safety zones, security zones or exclusion zones around offshore installations, it will still be responsible for the preservation of the right of innocent passage, as well as the requirement of safe navigation.124 A coastal state has a duty to give appropriate publicity to any danger to navigation within its territorial sea of which it has knowledge.125 The size of a security zone and nature of the protection measures in such a zone would probably depend on the type and nature of the offshore installation in question. For example, strategically important offshore installations, such as major offshore oil and gas export terminals, may warrant larger safety, security or exclusion zones around them. 4.2.2 Enforcement jurisdiction In addition to the above protection measures, coastal states also have the authority to exercise civil and criminal jurisdiction on board foreign ships in certain cases.126 Article 27 of the LOSC explicitly deals with criminal jurisdiction and its enforcement on board foreign ships passing through the territorial sea, but there are limitations placed on the coastal state.127 The coastal state can rely on Article 27 of the LOSC to exercise criminal jurisdiction on board a foreign ship passing through the territorial sea to arrest any person or to conduct any investigation in connection with any crime committed on board the ship during its passage if the consequences of the crime extend to the coastal state or if the crime is of a kind to disturb the peace of the

121 For discussion on domestic legislation on safety zones see Esmaeili (n 66) 135–36. 122 LOSC art 24(1); Honein (n 71) 5. 123 Cf. LOSC art 60(5). The IMO is considered to be the competent international organisation in matters concerning safety zones around offshore installations. 124 See Honein (n 71) 5. Cf. Ngantcha (n 104) 116 (arguing that the exercise of the right of innocent passage by foreign merchant ships is, to some extent, subordinate to the coastal state’s full territorial sovereignty over the territorial sea). 125 LOSC art 24(2). 126 See Natalie Klein, Maritime Security and the Law of the Sea (Oxford University Press 2011) 75–76. 127 Article 27(1) of the LOSC provides that ‘[t]he criminal jurisdiction of the coastal State should not be exercised on board a foreign ship passing through the territorial sea’ except in certain cases. The article lists four categories of circumstances in which the criminal jurisdiction can be exercised. Shearer has noted that the expression ‘should not be exercised’ in Article 27(1) means that the restriction is not mandatory and there may be a degree of discretion available to the coastal states and that Article 27(5) imposes a mandatory prohibition on the exercise of coastal state criminal jurisdiction in the territorial sea with regard to crimes committed beyond the territorial sea, when the foreign ship enters territorial waters for the purpose of lateral transit only: Ivan Shearer, ‘Problems of Jurisdiction and Law Enforcement against Delinquent Vessels’ (1986) 35(2) International and Comparative Law Quarterly 320, 327–28.

197

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

country or the good order of the territorial sea.128 For example, if a foreign ship deliberately collided with an offshore installation or was involved in the attack on or deliberate interference with an offshore installation in the territorial sea (with potential loss of life and/or environmental harm), it could be argued that the consequences of the crime extend to the coastal state or that the crime is of a kind that disturbs the peace of the country or the good order of the territorial sea. In which case, the coastal state would be able to exercise criminal jurisdiction on board the foreign ship and arrest persons responsible. The coastal state cannot exercise criminal jurisdiction or take enforcement action against a foreign ship passing through its territorial sea for offences committed before entry into the territorial sea except for violations of laws and regulations in the EEZ, marine pollution offences of Part XII of the LOSC,129 or for offences committed in internal waters.130 It is not clear which laws the expression ‘violations of laws and regulations adopted in accordance with Part V’ refers to. It might be referring to violations of laws and regulations relating to offshore installations in the EEZ, including the laws dealing with security-related aspects such as safety zones.131 In considering whether or in what manner an arrest should be made, authorities of the coastal state should have due regard to the interests of navigation.132 Mobile offshore installations may be considered to be ships and are therefore subject to the same principles of international law as ships when they are passing through the territorial sea of a coastal state.133 However, the situation is different if a drill ship is in the territorial sea of a coastal state for the purposes of drilling,134 in which case Article 27 is not applicable because that provision explicitly deals with criminal jurisdiction on board foreign ships passing through the territorial sea. The LOSC does not directly address the issue of criminal jurisdiction on board offshore installations in the territorial sea, but it could be argued that the coastal state, by virtue of its sovereignty, is entitled to regulate activities taking place on board offshore installations located in its territorial sea,135 and can enforce its criminal laws on board offshore installations owned or flagged by other states.136 A coastal state by virtue of its sovereignty over the territorial sea has the right of hot pursuit.137 The right of hot pursuit allows the coastal state to administer justice

128 LOSC arts 27(1)(a), (b). The coastal state is required to notify a diplomatic agent of the flag state before exercising criminal jurisdiction: LOSC art 27(3). 129 LOSC art 27(5). 130 Ibid. 27(2). 131 Under Article 60 of the LOSC, which applies mutatis mutandis to the continental shelf, the coastal state has exclusive jurisdiction over offshore installations in the EEZ including criminal jurisdiction. 132 LOSC art 27(4). 133 Esmaeili (n 66) 90. 134 Ibid. 135 See, e.g. Honein (n 71) 33. 136 Esmaeili (n 66) 91. 137 LOSC art 111(1). O’Connell has referred to ‘hot pursuit’ as ‘the legitimate chase of a foreign vessel on the high seas following a violation of the law of the pursuing State committed by the vessel within the pursuing State’s jurisdiction . . .’: Daniel O’Connell, The International Law of the Sea, vol 2 (Clarendon Press 1983–84) 1075–76 (further noting that that the word ‘hot’ ‘signifies the requirement of immediate pursuit’, but questions ‘whether immediate means that pursuit must begin the moment the offending vessel resists arrest’).

198

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

by arresting a ship and punishing it according to its laws.138 Article 111 of the LOSC provides that the hot pursuit can be commenced when the foreign ship is within the territorial sea (or in internal waters, the archipelagic waters, the contiguous zone or the EEZ) of the coastal state.139 In determining whether to undertake hot pursuit, the coastal state has the discretion to decide whether or not it ‘has good reason to believe’ that a ship has violated its laws, which basically absolves the coastal state from any error of judgement that might interfere with or prevent the foreign ship from exercising the right of innocent passage.140 There seems to be no doubt that the coastal state may, subject to certain limits, take enforcement action against foreign ships or mobile installations involved in terrorist activities and navigating in its territorial sea, although in some cases challenges with enforcement may arise.141 Notwithstanding the right of innocent passage granted to foreign ships within a coastal state’s territorial sea,142 the coastal state nevertheless retains significant rights to maintain its national security in general and, in particular, to protect offshore installations in its territorial sea.143 4.3 Installations in the contiguous zone The contiguous zone is a zone contiguous to the territorial sea of the coastal state that extends up to 24 nautical miles from the baselines from which the breadth of the territorial sea is measured and in which coastal states may exercise the control necessary to prevent and punish infringement of their customs, fiscal, immigration or sanitary laws and regulations within their territory or territorial sea.144 Laws and regulations relating to security or unlawful violent acts at sea are not mentioned in Article 33 of the LOSC. In the context of offshore installations this could mean that a coastal state cannot rely on the contiguous zone to prevent or punish attacks or unlawful interferences with offshore installations in its territorial sea or the internal waters. Ronzitti has argued that the contiguous zone does not confer any special security rights on the coastal state to take enforcement measures against ships involved in violent activities such as terrorism.145 Although the contiguous zone is not recognised as a security zone, some states have claimed security jurisdiction in an area extending up to 24 nautical miles offshore.146 Assertion of a security jurisdiction

138 Ngantcha (n 104) 168–69. 139 LOSC art 111(1). As will be discussed later in this chapter, under Article 111(2) of the LOSC, the right of hot pursuit applies mutatis mutandis to violations of the laws and regulations of the coastal state applicable to the EEZ or the continental shelf including safety zones around offshore installations. 140 Ngantcha (n 104) 169. 141 Ronzitti, ‘The Law of the Sea and the Use of Force’ (n 117) 5. 142 Rothwell and Stephens (n 25) 74. 143 Ibid. 76. 144 LOSC art 33. 145 Ronzitti, ‘The Law of the Sea and the Use of Force’ (n 117) 5–6. 146 Several states including India, Egypt, Yemen, Vietnam and Burma claim to have security jurisdiction extending to 24 nautical miles from the coast: Harel, ‘Preventing Terrorist Attacks on Offshore Platforms’ (n 85) 154.

199

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

by coastal states over their contiguous zone is a controversial practice.147 According to Klein, the ‘control’ that coastal states have in the contiguous zone is not the same as sovereignty, sovereign rights or jurisdiction.148 However, the coastal state has jurisdiction over offshore installations located in the contiguous zone because the contiguous zone is part of the EEZ and overlaps with the continental shelf, so offshore installations located in the contiguous zone (i.e. between 12 and 24 nautical miles from the baseline) are governed by the rules of the EEZ and the continental shelf.149 The rights and obligations of coastal states with regard to protecting offshore installations in the contiguous zone are the same as their rights and obligations in the EEZ and on the continental shelf. Therefore, it is not necessary to consider the protection of offshore installations in the contiguous zone any further here, as these aspects are addressed in the context of the EEZ and the continental shelf. 4.4 Installations in the archipelagic waters Similarly to the territorial sea, archipelagic states exercise sovereignty over archipelagic waters regardless of their depth or distance from the coast, as well as over the air space above the archipelagic waters, their seabed and subsoil, and the resources contained therein.150 Some offshore drilling and production takes place in the archipelagic waters.151 The LOSC does not expressly address issues relating to offshore oil and gas installations in the archipelagic waters; however, by virtue of the archipelagic state’s sovereignty over the archipelagic waters, it can be argued that the archipelagic state can engage in offshore exploration and exploitation, construct offshore installations in the archipelagic waters and take measures for their protection. 4.4.1 Protection measures The LOSC rules on the archipelagic waters are almost the same as the LOSC rules relating to the territorial sea. Shearer has noted that there seems to be no difference between the status of archipelagic waters and the territorial sea except with respect to archipelagic sea-lanes passage.152 Accordingly, the same legal issues and arguments as those relating to the protection of offshore installations in the territorial sea would apply to the protection of offshore installations in the archipelagic waters. For example, the archipelagic state can establish safety, security, or exclusion zones around offshore installations in the archipelagic waters of whatever breadth it deems necessary,153 and take, within those zones, measures necessary for the

147 Klein (n 126) 87. 148 Ibid. 149 See LOSC arts 60, 80. 150 LOSC arts 49(1)–(2). 151 See, e.g. ‘Southeast Asia Offshore Oil & Gas Activity & Concession Map’ (Offshore, November 2002) http://downloads.pennnet.com/os/posters/2002_map12.pdf accessed 1 December 2015. 152 Shearer (n 127) 333. 153 Coastal states are not required to obtain IMO approval to establish safety zones larger than 500 metres around offshore installations in the archipelagic waters.

200

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

protection of offshore installations. The LOSC innocent passage rules also apply in the archipelagic waters.154 An archipelagic state has the same rights and responsibilities with respect to innocent passage of foreign ships in the archipelagic waters as does the coastal state within the territorial sea. This includes ‘the stopping, detention, arrest and prosecution of vessels engaging in actions which are contrary to the legitimate laws and regulations of the archipelagic state, and also taking necessary steps to prevent passage which is not innocent’.155 For example, the archipelagic state can temporarily suspend the innocent passage of foreign ships in specified areas of its archipelagic waters if such suspension is essential for the protection of its security.156 An archipelagic state may designate sea lanes suitable for the continuous and expeditious passage of foreign ships through its archipelagic waters and the adjacent territorial sea.157 In addition to the right of innocent passage, ships of all states enjoy the right of archipelagic sea-lanes passage in the designated archipelagic sea lanes.158 If an archipelagic state does not designate sea lanes, the right of archipelagic sealanes passage may be exercised through the routes normally used for international navigation.159 Ships exercising the right of archipelagic sea-lanes passage potentially pose a security risk to offshore installations located in the archipelagic waters in the vicinity of designated archipelagic sea lanes or routes normally used for international navigation. The archipelagic sea-lanes passage appears to be more restrictive than innocent passage in the geographical sense, but less restrictive than innocent passage in the manner in which it may be exercised, as long as it is exercised ‘in the normal mode solely for the purpose of continuous, expeditious and unobstructed transit between one part of the high seas or an [EEZ] and another part of the high seas or an [EEZ]’.160 4.4.2 Enforcement jurisdiction The enforcement jurisdiction of archipelagic states in the archipelagic waters is not expressly addressed in the LOSC. However, it can be assumed that the archipelagic state’s enforcement jurisdiction over foreign ships is similar to the coastal state’s enforcement jurisdiction in the territorial sea. An archipelagic state also has the right of hot pursuit, which can be commenced when the foreign ship is within the archipelagic waters, the internal waters, the territorial sea or the contiguous zone of the archipelagic state.161

154 155 156 157 158 159 160 161

LOSC art 52. Rothwell and Stephens (n 25) 426. LOSC art 52(2). Ibid. art 53(1). Ibid. art 53(2). Ibid. art 53(12). Ibid. art 53(3). Ibid. arts 111(1)–(2).

201

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

4.5 Installations in the EEZ and on the continental shelf Under the LOSC, coastal states can claim an EEZ extending to 200 nautical miles from their territorial sea baseline,162 in which they enjoy the exclusive sovereign right to exploit all natural resources, including oil and gas.163 Coastal states can also claim the continental shelf areas up to a maximum distance of 350 nautical miles from the baseline or 100 nautical miles from the 2,500 metres water depth,164 in which they exercise exclusive sovereign rights for the purposes of exploiting natural resources of the seabed.165 The coastal state has exclusive right to authorise and regulate the construction, operation and use of offshore installations in its EEZ and on the continental shelf.166 4.5.1 Protection measures The protection of offshore installations in the EEZ is addressed in Article 60 of the LOSC, which applies mutatis mutandis to the continental shelf by virtue of Article 80.167 The coastal state has exclusive jurisdiction over offshore installations in the EEZ and on the continental shelf and activities that take place on board such installations.168 In particular, the LOSC expressly states in Article 60(2) that the coastal state has exclusive jurisdiction over offshore installations ‘including jurisdiction with regard to customs, fiscal, health, safety and immigration laws and regulations’.169 Criminal jurisdiction of the coastal state over offshore installations located in the EEZ and on the continental shelf is not mentioned, but the wording of Article 60(2) of the LOSC indicates that the coastal state jurisdiction is not limited only to customs, fiscal, health, safety and immigration laws and regulations. It can be argued that the coastal state is empowered to extend and apply its laws and regulations, including criminal law, in order to regulate activities and punish crimes committed on board or in the vicinity of offshore installations within the limits of the EEZ and the continental shelf.170 Furthermore, it can be argued that the word ‘including’ in Article 60(2) could be interpreted as permitting coastal states to extend their security-related rights and jurisdiction to offshore installations in the EEZ and on the continental shelf. Based on such interpretation, a coastal state would be allowed to take enforcement action (including the use of force) on board offshore installations or against a foreign flagged

162 Article 5 of the LOSC defines the ‘normal baseline’ as ‘the low-water line along the coast as marked on large-scale charts officially recognised by the coastal State’. 163 LOSC arts 56(1)(a), 57. 164 Ibid. art 76. 165 Ibid. art 77. 166 Ibid. art 56. In Saiga, ITLOS held that coastal states may only legislate with respect to the specific matters set out in Article 56 of the LOSC: Saiga (ITLOS, Case No 2, 1 July 1999), cited in Tim Stephens and Donald Rothwell, ‘The LOSC Framework for Maritime Jurisdiction and Enforcement 30 Years On’ (2012) 27 International Journal of Marine and Coastal Law 701, 704. 167 Kaye, ‘The Protection of Platforms, Pipelines and Submarine Cables’ (n 58) 187. 168 LOSC arts 60, 80. 169 Ibid. art 60(2) (emphasis added). 170 See Esmaeili (n 66) 93; Honein (n 71) 35.

202

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

ship in the EEZ and on the continental shelf in order to prevent and repress attacks on or interferences with offshore installations.171 Several states have claimed security jurisdiction in areas beyond the territorial sea, while other states have protested such claims and argued that they are unlawful.172 The LOSC does not expressly provide for the establishment of traffic separation and ship routeing schemes in the EEZ and on the continental shelf. The main protection measure for offshore installations available to coastal states under the LOSC is the right to establish safety zones around offshore installations in the EEZ and on the continental shelf.173 Article 60(4) of the LOSC provides that the coastal state may, where necessary, establish reasonable safety zones around offshore installations, in which it may take appropriate measures to ensure the safety of both navigation and offshore installations.174 The LOSC provisions dealing with safety zones around offshore installations are similar to the provisions of the Continental Shelf Convention, but there are a few notable differences.175 For example, the LOSC provisions provide that safety zones around offshore installations must be ‘reasonable’, they should be ‘reasonably related to the nature and function’ of the offshore installations, and measures in those safety zones should be ‘appropriate’.176 In contrast, the Continental Shelf Convention provisions do not have these requirements of ‘reasonable’, ‘reasonably related’ and ‘appropriate’. Another notable difference is that the Continental Shelf Convention provides that coastal states can take measures in the safety zones necessary for the protection of offshore installations, while the LOSC provides that measures should be appropriate to ensure the safety both of navigation and of offshore installations.177 Furthermore, under the Continental Shelf Convention, the breadth of safety zones is limited to 500 metres, but the LOSC provides that, in certain circumstances, the breadth of safety zones may be extended beyond 500 metres.178 All ships must respect safety zones around offshore installations.179 The LOSC also provides that offshore installations and safety zones around them may not be established where interference may be caused to the use of recognised sea lanes essential to international navigation.180 In addition, offshore installations in the EEZ and on the continental shelf and any safety zones around such installations must

171 Ronzitti, ‘The Law of the Sea and the Use of Force’ (n 117) 6 (further arguing that any ‘measures employed by the coastal State [in this context] have to be defined as police actions, since they are aimed at ensuring the safety of objects located on the continental shelf and in the EEZ where both the [LOSC] and customary international law give sovereign rights to the coastal State’). 172 Harel (n 85) 154, citing James Kraska, Maritime Power and the Law of the Sea: Expeditionary Operations in World Politics (Oxford University Press 2011) 213. 173 For discussion on safety zones see Harel (n 85) 143–49; Esmaeili (n 66) 125–32. 174 LOSC art 60(4). 175 See LOSC art 60(4)–(7); cf. Continental Shelf Convention art 5. 176 LOSC art 60(4); cf. Continental Shelf Convention art 5(2). 177 Ibid. 178 LOSC art 60(5). 179 Ibid. art 60(6). 180 Ibid. art 60(7).

203

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

not result in any infringement or unjustifiable interference with navigation or other rights and freedoms of the high seas.181 The LOSC does not distinguish between fixed and mobile offshore installations nor does it specify what kind of offshore installations could be protected by safety zones. This issue was analysed by Esmaeili, who concluded that safety zones may be established around fixed offshore installations and also around mobile drilling rigs but only ‘when [mobile drilling rigs] are attached to the seabed or while they are involved in drilling activities’.182 As discussed in Chapter 5, the IMO considers MODUs to be vessels when they are in transit and not engaged in drilling, but considers them to be installations when they are engaged in drilling operations.183 Safety zones can also be established around floating production installations, such as FPSOs, when they are operating on site. The coastal state is allowed to determine the breadth of the safety zones, but in doing so it must take into account applicable international standards and ensure that such zones ‘are reasonably related to the nature and function’ of an offshore installation.184 In any case, the LOSC explicitly limits the breadth of the safety zone around an installation to a maximum of 500 metres.185 Any unauthorised activities in close proximity to offshore installations, such as fishing within safety zones, present security risks.186 Infringements of safety zones around offshore installations by ships, particularly fishing vessels, are not unusual.187 There have been a number of incidents involving vessels ignoring the safety zones around offshore installations and attempting to moor alongside or board offshore installations.188 Sometimes ships do not respond to radiotelephone calls initiated by offshore installations and near misses and collisions could be avoided if vessels maintained a continuous listening watch.189 The problem with the safety zones is that the 500-metre breadth of safety zones may not be sufficient to protect offshore petroleum installations from deliberate attacks. References to ‘navigation’ and ‘safety’ in Article 60(4) of the LOSC indicate that the concept of safety zones was designed to deal with safety of navigation and safety of installations with the main purpose of preventing accidental collisions between ships and offshore installations rather than protecting installations from deliberate attacks.190 The 500-metre safety zone around offshore installations is not

181 Ibid. art 78(2). 182 Esmaeili (n 66) 128. 183 IMO, Safety Zones and Safety of Navigation around Offshore Installations and Structures, A Res 671(16), Agenda Item 10, IMO Doc A Res.A.671(16) (19 October 1989) 288. 184 LOSC art 60(5). 185 Ibid. 186 CSCAP, ‘Safety and Security of Offshore Oil and Gas Installations’ (Memorandum 16, CSCAP, January 2011) 1–2. 187 See CSCAP (n 186) 1–2; OTS, Offshore Oil & Gas Risk Context Statement (April 2005) 14–15. 188 Anthony Bergin and Sam Bateman, ‘Things Could Turn Ugly in Troubled Waters to Our North: Doubts Surface about the Safeguarding of Australia’s Offshore Gas and Oil Installations’ The Australian (28 July 2012) 9. 189 IMO, Safety Zones and Safety of Navigation (n 183) 287–88. 190 See generally Kaye, ‘International Measures to Protect Oil Platforms’ (n 2) 405–6; Harel (n 85) 143–49; Esmaeili (n 66) 126–29.

204

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

sufficient to protect offshore installations from acts of violence such as a terrorist attack, let alone attacks by hostile states in a time of armed conflict.191 The only exception to the 500-metre limit of safety zone breadth is when a longer distance is ‘authorized by generally accepted international standards or as recommended by the competent international organization’.192 The expression ‘authorized by generally accepted international standards’ in Article 60(5) of the LOSC seems to be a reference to customary international law. In the absence of an international regulatory body directly concerned with offshore petroleum installations, the expression ‘competent international organization’ in Article 60(5) of the LOSC is understood to mean the IMO.193 Shaw has noted that ‘[t]he fact that the IMO was set up to deal primarily with merchant shipping issues has not prevented it from tackling important matters in the field of offshore activity.’194 Between 2008 and 2010, the IMO was considering the issue of extending safety zones to more than 500 metres around offshore installations in the EEZ,195 but it was ultimately concluded that there was no demonstrated need to establish safety zones larger than 500 metres.196 To date, no other distance has been agreed by the international community and the IMO has not made any official recommendations on the extension of safety zones beyond 500 metres.197 State practice with respect to establishing safety zones around offshore facilities on the continental shelf varies to a degree, but the 500 metre limit of safety zones seems to be a generally accepted standard.198 Some states have established ‘exclusion zones’, ‘warning zones’, ‘security zones’ and ‘restricted areas’ larger than 500 metres around offshore installations in the EEZ and on the continental shelf, particularly around key installations from which oil and gas is being exported directly such as FPSOs and FSOs, some of which have been designated as offshore terminals. For example, Prirazlomnaya offshore installation in Russia’s EEZ has a 3-nautical mile safety zone around it which ships are not allowed to enter without the permission of the installation’s operator.199 POT,

191 Honein (n 71) 47. 192 LOSC art 60(5). 193 See IMO, Report to the Maritime Safety Committee, NAV, 56th Session, Agenda Item 20, IMO Doc NAV 56/20 (31 August 2010) 15. 194 Richard Shaw, ‘News from IMO: Meetings of the IMO Legal Committee 15th to 19th November 2010’ (2010) 3 CMI Newsletter 6, 6. 195 IMO, Development of Guidelines for Consideration of Requests for Safety Zones Larger than 500 metres Around Artificial Islands, Installations and Structures in the Exclusive Economic Zone, MSC, 84th Session, Agenda Item 22, IMO Doc MSC 84/22/4 (4 February 2008). 196 IMO, Report to the Maritime Safety Committee (n 193) 14–17. 197 For the discussion on the IMO consideration of the issues relating to the extension of safety zones around offshore installations beyond 500 metres see Chapter 7. 198 A number of states including Australia, New Zealand and Russia have specified, in their domestic legislation, the 500 metre limit of safety zones around offshore installations in the EEZ and on the continental shelf, while in other countries, such as Nigeria and Ireland, the legislation does not specify the exact limit of safety zones: Kashubsky and Morrison (n 1) 4; Esmaeili (n 66) 135–36. 199 Russian Government, Ministry of Transport, Notice to Mariners No. 51 (2011); Russian Government, Ministry of Transport, Order No. 285 ‘On the Determination of Measures to Ensure the Safety of Navigation in Safety Zones Established around Artificial Islands, Installations and Structures Located on the Continental Shelf of the Russian Federation’ (10 September 2013).

205

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

which is located in Nigeria’s EEZ, has a 3-mile ‘restricted area’ around it which all vessels are prohibited from entering without permission.200 Similarly, ZOOT, which is located in Equatorial Guinea’s EEZ, has a 4.3-mile ‘restricted area’ around it, which all ships must receive permission to enter.201 The LOSC does not use the term ‘restricted area’, nevertheless, such practice is not consistent with the LOSC. As discussed in Chapter 5, the legal status of waters is not affected by the fact that an offshore installation has been designated as an offshore port, which means that it would be subject to the laws of the EEZ and the continental shelf. The establishment of safety zones or ‘restricted areas’ larger than 500 metres around offshore installations in the EEZ and on the continental shelf would be in contravention of Article 60(5) of the LOSC. O’Connell has noted that foreign ships are not required to respect more than the 500-metre safety zone around offshore installations in the EEZ and on the continental shelf, unless a larger distance is authorised by generally accepted international standards or recommended by the competent international organisation.202 The LOSC does not specify the nature of the protective measures that coastal states can take in safety zones, neither does the Continental Shelf Convention. When the safety zone concept was first introduced in the 1950s, the ILC did not specify the nature of protective measures a coastal state can implement in the safety zones around offshore installations.203 The coastal state is entitled to take appropriate measures of protection in order to ensure safety of offshore installations and safety of navigation.204 Arguably, the coastal state can prevent any offence being committed within safety zones around offshore installations in the EEZ and on the continental shelf.205 It would seem that coastal states have a ‘protective jurisdiction’ within safety zones.206 The question is whether the term ‘may take appropriate measures’ in Article 60(4) could be interpreted broadly as giving coastal states permission to implement security measures such as erection of security devices within safety zones around offshore installations. It can be argued that in the contemporary maritime security environment such a broad interpretation is warranted. Golitsyn J in Arctic Sunrise (Kingdom of the Netherlands v Russian Federation),207 argued that the reference in Article 60(4) of the LOSC to the right of the coastal state to take appropriate measures means ‘to take the necessary enforcement measures’.208

200 POT is located about 15 nautical miles offshore and consists of two SPMs and an FSO Oloibiri: Marine World Database, ‘Pennington Terminal’ (Anchorage World, 1 February 2009) www.anchorage world.com/content/pennington-terminal accessed 1 December 2014. 201 ZOOT is located about 30 nautical miles offshore and consists of consists of an FPSO Zafiro Producer, a production platform Jade, a storage tanker Magnolia, and an SPM: Marine World Database, ‘Zafiro Offshore Oil Terminal’ (Anchorage World, 1 March 2009) www.anchorageworld.com/content/ zafiro-offshore-oil-terminal accessed 1 December 2014. 202 O’Connell (n 137) 847. 203 ILC (n 15) 299–300. 204 LOSC art 60(4). 205 Honein (n 71) 47–48. 206 W Riphagen, ‘International Legal Aspects of Artificial Islands’ (1973) 4(4) International Relations 327, 345, quoted in Honein (n 71) 48. 207 Arctic Sunrise (Kingdom of the Netherlands v Russian Federation)(Provisional Measures) (ITLOS, Case No. 22, 22 November 2013) (Golitsyn J) (‘Arctic Sunrise’). 208 Arctic Sunrise (ITLOS, Case No 22, 22 November 2013) para 25 (Golitsyn J).

206

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

There is a general requirement in Article 78(2) of the LOSC that the exercise of the rights of the coastal state over the continental shelf (including the right to establish safety zones around offshore installations and take measures for their protection) must not infringe or result in any unjustifiable interference with navigation or other rights and freedoms of the high seas.209 As noted by the ILC with respect to analogous provision in the Continental Shelf Convention, even substantial interference with navigation may be justified in some cases.210 In addition, Article 60(5) of the LOSC provides that safety zones ‘shall be designed to ensure that they are reasonably related to the nature and function’ of the installations, which indicates that the nature and the extent of protective measures in safety zones could be different for different installations depending on the type and function of an offshore installation. In any case, the LOSC requires that the breadth of safety zones around offshore installations in the EEZ and on the continental shelf should not exceed 500 metres. However, there appears to be a growing willingness of coastal states to interfere with navigational freedoms in the EEZ.211 It has been suggested that larger safety or warning zones are appropriate in today’s maritime security environment.212 4.5.2 Enforcement jurisdiction The important question is to determine what kind of enforcement jurisdiction a coastal state has in the EEZ and on the continental shelf with regard to the security of offshore oil and gas installations, particularly enforcement powers over foreign ships. As noted by Klein, ‘the prescriptive powers of the coastal state in the EEZ and on the continental shelf are quite clear, [but] the enforcement powers of the coastal state are less so’.213 In the EEZ and on the continental shelf, the coastal state’s enforcement jurisdiction is limited to specific activities for which these jurisdictional zones are established,214 particularly violation of laws relating to living and non-living marine resources including fisheries, environmental protection and seabed activities (which arguably covers offshore oil and gas installations).215 Accordingly, ‘boarding of vessels for enforcement purposes would be limited to those purposes’.216

209 LOSC art 78(2). 210 ILC (n 15) 299. 211 Harel (n 85) 155–56, citing Rothwell and Stephens (n 25) 97. 212 Kaye has suggested establishing 3 nautical mile warning zones around offshore installations, rather than a navigation exclusion zone, that vessels would be advised to avoid and obliged to report information concerning their intentions, cargo, and destination upon entry into such a zone, and ‘failure to report such information would render the vessel liable to be boarded’: Kaye, ‘International Measures to Protect Oil Platforms’ (n 2) 421–22. 213 Klein (n 126) 102, citing Rene-Jean Dupuy and Daniel Vignes (eds), A Handbook on the New Law of the Sea (Martinus Nijhoff 1991) 860. 214 Stuart Kaye, ‘Interdiction and Boarding of Vessels at Sea: New Developments and Old Problems’ in Rupert Herbert-Burns, Sam Bateman and Peter Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2009) 201, 202. 215 See, e.g. LOSC arts 60, 73, 80, 208, 210, 211, 216, 220; Rothwell and Stephens (n 25) 428–31; O’Connell (n 137) 1071. 216 Kaye, ‘Interdiction and Boarding of Vessels at Sea’ (n 214) 202.

207

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

In the context of offshore petroleum security, the issue is what enforcement actions, if any, a coastal state can take against a foreign ship for contraventions of laws and regulations relating to the security of offshore installations in the EEZ and on the continental shelf, including any applicable criminal laws. The LOSC is silent in this regard. It has been suggested that law enforcement powers of the coastal state may be drawn from the rights of the coastal state under the legal regime of the EEZ including sovereign rights over the seabed and its subsoil.217 Enforcement jurisdiction with regard to the continental shelf is of further importance for a state’s maritime security because of potential economic damage that may be caused by an interference with or an attack on an offshore oil and gas installation.218 According to the ILC, the sovereign rights of coastal states over the continental shelf ‘cover all rights necessary for and connected with the exploration and exploitation of the natural resources of the continental shelf [including] jurisdiction in connexion with the prevention and punishment of violations of the law’.219 The exact nature and extent of enforcement actions a coastal state can take against foreign ships for violations of laws relating to the continental shelf generally and offshore installations specifically, is not clear. Ronzitti has argued that the sovereign rights of coastal states would include measures that could be ‘defined as police actions’.220 There have been instances when states have resorted to shows of force in contested maritime areas. In Guyana v Suriname,221 the ad hoc Arbitral Tribunal distinguished between the ‘use of force’ and ‘law enforcement activity’. It ‘implicitly accepted that a coastal state may be able to take law enforcement action in response to unauthorized drilling’, 222 but held that the actions of the Surinamese Navy seeking to prevent offshore drilling in a disputed maritime area amounted to ‘a threat of military action rather than a mere law enforcement activity’ and ‘therefore constituted a threat of the use of force’, which is in contravention of the LOSC, the Charter of the United Nations (UN Charter)223 and general international law.224 Klein argues that it is necessary to draw ‘this line between law enforcement and military action’ because Article 301 of the LOSC provides that the use of force at sea as military action is governed by the UN Charter.225

217 Klein (n 126) 98, citing LOSC art 56(1)(a). 218 Klein (n 126) 98. 219 ILC (n 15) 297 (emphasis added). 220 Klein (n 126) 99, citing Ronzitti, ‘The Law of the Sea and the Use of Force’ (n 117) 6. 221 Guyana v Suriname (2008) 47 ILM 164 (‘Guyana v Suriname’). 222 Klein (n 126) 99. 223 Charter of the United Nations, adopted 26 June 1945, 1 UNTS XVI (entered into force 24 October 1945) (‘UN Charter’). 224 Yoshifumi Tanaka, ‘The Guyana/Suriname Arbitration: A Commentary’ (2007) 2(3) Hague Justice Journal 28, 31; Guyana v Suriname (2008) 47 ILM 164, para 445. See also Patricia Kwast, ‘Maritime Law Enforcement and the Use of Force: Reflections on the Categorisation of Forcible Action at Sea in the Light of the Guyana/Suriname Award’ (2008) 13(1) Journal of Conflict and Security Law 49. 225 Klein (n 126) 261. Article 301 of the LOSC provides: In exercising their rights and performing their duties under this Convention, States Parties shall refrain from any threat or use of force against the territorial integrity or political independence of any State, or in any other manner inconsistent with the principles of international law embodied in the Charter of the United Nations.

208

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

It can be argued that a foreign flagged ship used to carry out an attack on or cause unlawful interference with an offshore installation in the EEZ and on the continental shelf would be considered to have violated the laws of the coastal state applicable to the continental shelf and seabed activities. Similarly, a foreign ship or a mobile offshore installation involved in unlawful offshore exploration activities in the EEZ and on the continental shelf may be viewed as unauthorized marine scientific research.226 The LOSC provides that marine scientific research on the continental shelf must be conducted with the consent of the coastal state,227 which the coastal state has the right to withhold if the research is ‘of direct significance for the exploration and exploitation of natural resources’, if it involves ‘construction, operation or use of artificial islands, installations and structures’.228 In that case, consistent with sovereign rights of coastal states over the continental shelf,229 the coastal state should be able to enforce those laws and take the necessary policing action to protect its offshore oil and gas resources and offshore installations in the EEZ and on the continental shelf.230 There is little doubt that a coastal state can take enforcement action against a foreign ship involved in the attack against an offshore installation in the EEZ and the continental shelf when such ship is within a safety zone because the coastal state has protective jurisdiction within safety zones around offshore installations. Klein has argued that ‘[t]he existence of enforcement powers within these safety zones is underlined by the provision that hot pursuit can be commenced in relation to offences that occur in safety zones around offshore installations’.231 However, outside of safety zones, the extent of the coastal state’s enforcement powers and jurisdiction over foreign ships is less clear.232 The right of hot pursuit is included among the sovereign rights of the coastal state. The right of hot pursuit is permitted in cases of violations in the EEZ or on the continental shelf of the coastal state’s laws and regulations applicable to the EEZ or the continental shelf including safety zones around offshore installations.233 Kaye has argued that the ability of the coastal state to respond to an attack against an offshore installation is hampered in that the hot pursuit can only be initiated against a foreign ship when the ship is still physically present in the safety zone.234 226 Klein (n 126) 100. 227 LOSC art 246(2). 228 Ibid. art 246(5). However, under Article 246(6) of LOSC, this discretion to withhold consent does not apply to the continental shelf beyond 200 nautical miles ‘unless the coastal state has designated specific areas in which such activities may be undertaken’: Klein (n 126) 100, fn 254. 229 See LOSC art 56. 230 Klein (n 126) 102–3. 231 Ibid. 102, citing Dupuy and Vignes (n 213) 860. 232 O’Connell has noted that the term ‘national jurisdiction’ ‘may cover whatever zones of local authority international law allows a coastal State to establish’: O’Connell (n 137) 1081. 233 LOSC art 111(2). In particular, Article 111(2) of the LOSC states: The right of hot pursuit shall apply mutatis mutandis to violations in the exclusive economic zone or on the continental shelf, including safety zones around continental shelf installations, of the laws and regulations of the coastal State applicable in accordance with this Convention to the exclusive economic zone or the continental shelf, including such safety zones.

234 Kaye, ‘International Measures to Protect Oil Platforms’ (n 2) 405–8.

209

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

However, the phrase ‘including safety zones around continental shelf installations’ in Article 111(2) of the LOSC does not appear to limit the operation of the right of hot pursuit in such a way that pursuit can only commence when a foreign ship is within the safety zone. Furthermore, Article 111(4) of the LOSC provides that hot pursuit is not deemed to have begun unless the ship pursued is within the territorial sea, the contiguous zone or the EEZ or above the continental shelf.235 Safety zones are not mentioned in Article 111(4). The omission of the term ‘safety zones’ further indicates that there is no requirement that a foreign ship should be within a safety zone. Accordingly, a coastal state can lawfully initiate hot pursuit even if a delinquent foreign ship is already outside the safety zone, as long as it is still within the coastal state’s EEZ or even above the continental shelf.236 A safety zone is simply a protection measure that a coastal state may establish to minimise the chances of ship collisions with offshore installations, but it is not a separate maritime zone of jurisdiction established under the LOSC. The existence of a safety zone does not change the legal status of waters within that safety zone, but it places a limitation on the freedom of navigation. If a coastal state were to choose not to establish a safety zone around an offshore installation in the EEZ and on the continental shelf, it would still have enforcement powers against foreign ships to respond to unlawful interferences with offshore oil and gas installations. Enforcement powers of coastal states relating to the protection of offshore installations are derived from the exclusive sovereign rights to explore and exploit natural resources of the continental shelf, not from the existence of safety zones around offshore installations.237 Arguably, an attack on an offshore installation can be considered an interference with and/or infringement of the coastal state’s exclusive sovereign rights to explore and exploit natural resources of the continental shelf. A ship involved in the attack would therefore be in violation of not only the regulations in a safety zone, but also of the continental shelf laws. The LOSC authorises coastal states to take necessary steps in the safety zones to protect offshore installations, so special protection measures can apply within the safety zones, but when it comes to enforcement against foreign ships for violation of those safety zones security measures, it is in fact the violation of the laws of the continental shelf that a coastal state would be enforcing. If an attack on an offshore installation causes pollution, the coastal state may be able to rely on its environmental jurisdiction to exercise the right of hot pursuit in the EEZ and arrest the ship and perpetrators on board.238 It would be far more difficult for the coastal state to employ environmental jurisdiction to take action

235 Article 111(4) of the LOSC specifically states: Hot pursuit is not deemed to have begun unless the pursuing ship has satisfied itself by such practicable means as may be available that the ship pursued or one of its boats or other craft working as a team and using the ship pursued as a mother ship is within the limits of the territorial sea, or, as the case may be, within the contiguous zone or the exclusive economic zone or above the continental shelf.

236 However, this view is not necessarily supported in the literature. 237 See, e.g. Klein (n 126) 98. 238 See Kaye, ‘International Measures to Protect Oil Platforms’ (n 2) 410; Ronzitti, ‘The Law of the Sea and the Use of Force’ (n 117) 6; LOSC art 208.

210

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

against approaching ships, before the actual attack occurs, where perpetrators on board intend to cause damage to an offshore installation.239 The difficulty with undertaking enforcement in the EEZ is that the LOSC does not contain any express provisions dealing with boarding and arrest of foreign ships for violations of coastal state laws and regulations on the continental shelf, particularly those relating to the protection of offshore installations. Golitsyn J has pointed out: Laws and regulations enacted by the coastal State in furtherance of its exclusive jurisdiction under article 60, paragraph 2, of the Convention would be meaningless if the coastal State did not have the authority to ensure their enforcement. Consequently, it follows from article 60, paragraph 2, of the Convention that the coastal State has the right to enforce such laws and regulations, including by detaining and arresting persons violating laws and regulations governing activities on artificial islands, installations and structures.240

It appears the key restriction in the LOSC on enforcement activities in the EEZ and on the continental shelf is that the exercise of the coastal state’s rights over the continental shelf ‘must not infringe or result in any unjustifiable interference with navigation and other rights and freedoms of other states’.241 ‘This restriction may influence the enforcement steps taken by a coastal state, but the requirement that the interference be “justified” tends to underline the need for ensuring force is only used as a last resort .’242 In addition, as highlighted by the M/V Saiga (St Vincent and the Grenadines v Guinea),243 enforcement within the EEZ is also subject to general principles on the use of force relating to reasonableness and necessity, as well as other relevant provisions found in the LOSC.244 In Guyana v Suriname the tribunal accepted the argument that force may be used in law enforcement activities provided that such force is unavoidable, reasonable and necessary.245 In effect, the tribunal reaffirmed the customary international law that the use of force in maritime law enforcement against foreign ships must be of last resort and may not go beyond what is reasonable and necessary in the circumstances.246 The practice of states in the arrest of delinquent foreign ships in the EEZ varies.247 Rothwell and Stephens have noted that since the adoption of the LOSC and particularly since 9/11, there has been a growing body of state practice indicating the willingness of coastal states to interfere with navigational rights and freedoms in the EEZ on the grounds of maritime security, which has the effect of ‘transforming the EEZ regime beyond a resource oriented and pollution protection zone’ into one where security considerations are also accorded some degree of recognition.248

239 See Kaye, ‘International Measures to Protect Oil Platforms’ (n 2) 410–13. 240 Arctic Sunrise (ITLOS, Case No. 22, 22 November 2013) para 25 (Golitsyn J). 241 LOSC art 78(2), cited in Klein (n 126) 99. 242 Klein (n 126) 99; Saiga (ITLOS, Case No. 2, 1 July 1999) paras 155–56. 243 Saiga (ITLOS, Case No. 2, 1 July 1999). 244 Rothwell and Stephens (n 25) 428–29. 245 Guyana v Suriname (2008) 47 ILM 164, para 445. 246 Kwast (n 224) 57. See also SS ‘I’m Alone’ (Canada v United States) 3 RIAA 1615; Saiga (ITLOS, Case No. 2, 1 July 1999) paras 155–56. 247 O’Connell (n 137) 1071. 248 Rothwell and Stephens (n 25) 95–97.

211

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

Although state practice concerning the assertion and enforcement of security jurisdiction in the EEZ and on the continental shelf is not widespread enough to create a new international customary norm, such state practice combined with the increasing threats to coastal state interests in the EEZ and on the continental shelf, as well as growing concerns about offshore petroleum security, ‘might gradually promote recognition of a right to limit navigational freedoms for enhancing the security of offshore platforms in the EEZ’.249 The boarding and detention of the Dutch-flagged Greenpeace ship MY Arctic Sunrise by the Russian authorities in Russia’s EEZ on 19 September 2013 brought into question the legality of enforcement actions that coastal states can take against foreign flagged ships involved in unlawful interferences with offshore oil and gas installations on the continental shelf.250 In Arctic Sunrise, the Netherlands argued that the boarding, investigation, inspection, arrest and detention of the MY Arctic Sunrise in Russia’s EEZ without prior consent of the flag state was a breach of Russia’s obligations under the LOSC impairing the exercise of the freedom of navigation by the MY Arctic Sunrise.251 The Netherlands also contended that the sovereign rights of a coastal state in maritime areas beyond its territorial sea are resource-oriented and limited in scope, and that the law of the sea restricts the right of a coastal state to exercise jurisdiction in these areas.252 While Russia did not participate in the ITLOS proceedings, it nevertheless argued that the boarding, investigation and detention of the MY Arctic Sunrise and its crew were justified on the basis of general provisions of the LOSC related to the EEZ and the continental shelf. 253 It claimed that the actions of the Russian authorities in respect of the ship MY Arctic Sunrise and its crew were carried out ‘as the exercise of its jurisdiction, including criminal jurisdiction, in order to enforce laws and regulations of the Russian Federation as a coastal state in accordance with the relevant provisions of the [LOSC]’.254 In the

249 Harel, ‘Preventing Terrorist Attacks on Offshore Platforms’ (n 85) 155–56, citing Rothwell and Stephens (n 25) 97. 250 The incident arose out of Greenpeace’s protest on 18 September 2013 against Prirazlomnaya offshore ice-resistant fixed platform in the Pechora Sea approximately 60 km off the Russian coast. On 18 September 2013, Greenpeace launched five inflatable boats from the Arctic Sunrise and, when the first boat arrived at Prirazlomnaya, two activists attempted to climb the outside structure of the offshore installation with the aim of unfurling a banner some distance below the main deck. The Russian authorities detained the two activists and the following day boarded the Arctic Sunrise and arrested all persons on board: Arctic Sunrise (ITLOS, Case No. 22, 22 November 2013); Greenpeace, ‘Statement of Facts Concerning the Boarding and Detention of the MY Arctic Sunrise and the Judicial Proceedings Against All 30 Persons on Board’ (19 October 2013) paras 11–39; ‘Prirazlomnoye Oilfield – Russia’ Offshore Technology www.offshore-technology.com/projects/prirazlomnoye/ accessed 1 December 2015; ‘Prirazlomnoye Oil Field’ (Gazprom, 2014) www.gazprom.com/about/production/projects/deposits/pnm/ accessed 1 December 2015. 251 ‘Request for the Prescription of Provisional Measures, under Article 290, paragraph 5, of the United Nations Convention on the Law of the Sea’, Arctic Sunrise (Kingdom of the Netherlands v Russian Federation)(Provisional Measures) (ITLOS, Case No. 22, 22 November 2013) annex 2, para 30; Arctic Sunrise (ITLOS, Case No. 22, 22 November 2013). 252 Arctic Sunrise (ITLOS, Case No. 22, 22 November 2013) para 61. The Netherlands further argued that jurisdiction over the establishment and use of offshore installations is limited to the rules contained in Article 56(1) and is subject to the obligations in Articles 56(2), 58 and 60 of the LOSC: at para 62. 253 Arctic Sunrise (ITLOS, Case No. 22, 22 November 2013) para 10 (Golitsyn J). 254 Arctic Sunrise (ITLOS, Case No. 22, 22 November 2013) para 65.

212

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

end, the Netherlands was successful in obtaining the ITLOS order for provisional measures requiring Russia to release the MY Arctic Sunrise and its crew and permit them to leave the country upon posting of a bond by the Netherlands.255 Based on the doctrine of ‘constructive presence’, which is recognised by Article 111(4) of the LOSC, it can be argued that the Greenpeace ship was a mother ship and should be held responsible for the offences committed by its boats.256 It is worth noting the dissenting opinion of Golitsyn J who argued that a ship involved in violations of the laws and regulations of the coastal state on the continental shelf cannot claim that it exercised freedom of navigation in the EEZ.257 As Golitsyn J stated: the ship from which the activities violating the laws and regulations of the coastal State have been launched cannot claim to be free of responsibility for these activities because it exercised freedom of navigation by staying outside the safety zone. The [LOSC] is quite clear in article 111 on the right of hot pursuit that a mother ship is responsible for the activities of its boats or other craft as they work as a team. In the present case the Arctic Sunrise and the inflatable boats launched from it acted as a team and the Arctic Sunrise is equally responsible for the violations committed and therefore cannot claim that it simply exercised freedom of navigation. Consequently, the Russian authorities have the authority to take enforcement measures against the Arctic Sunrise as the mother ship. The factual account of events . . . provide sufficient grounds to conclude that the Russian coastguard vessel Ladoga, which detained the Arctic Sunrise on 19 September 2013 was exercising the right of hot pursuit of the ship for violations committed within the safety zone and on the continental shelf platform. The Russian Federation therefore acted in full conformity with [Article 111 of the LOSC].258

The above comments indicate the line of argument that a coastal state may pursue to justify enforcement actions taken against foreign flagged ships and persons on board involved in unlawful interferences with offshore installations in the EEZ and on the continental shelf. While a coastal state can take enforcement action to protect offshore installations on its continental shelf, the question is whether third states are allowed to take enforcement action on board an offshore installation without having previously obtained the consent of the coastal state.259 Ronzitti has argued that it may be considered admissible and lawful for a third state to conduct a rescue operation to free its nationals that are held as hostages on board an offshore installation whenever the coastal state on whose continental shelf the installation is located is unable or unwilling to intervene.260 In any case, where there is a dispute between states relating to enforcement action taken in the EEZ, states may rely on Article 59 of the LOSC to argue that enforcement action against perpetrators of attacks on or unlawful interferences with

255 Ibid. paras 40–45, 67–71. 256 For discussion on the doctrine of constructive presence see O’Connell (n 137) 1092–93. 257 Arctic Sunrise (ITLOS, Case No. 22, 22 November 2013) paras 35–36 (Golitsyn J). 258 Ibid. paras 35–36. 259 Ronzitti, ‘The Law of the Sea and the Use of Force’ (n 117) 6. 260 Ibid. 7 (arguing that such action by a third state could be based on the doctrine of use of force for protecting nationals abroad): at 6–7.

213

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

offshore oil and gas installations was necessary in the circumstances and that it was in the interests of the international community as a whole.261 4.6 Installations on the continental shelf beyond 200 nautical miles The continental shelf normally extends to a distance of 200 nautical miles from the baseline; however, it can extend beyond that limit, up to a maximum distance of either 350 nautical miles or 100 nautical miles from the 2,500-metre water depth.262 The continental shelf beyond the 200 nautical miles limit is sometimes referred to as the ‘extended’ or ‘outer’ continental shelf.263 The coastal state has exclusive right to construct, authorise and regulate the construction and operation of offshore installations on the continental shelf beyond 200 nautical miles.264 Such offshore installations are under exclusive jurisdiction of the coastal state, including penal jurisdiction,265 and the coastal state can penalise criminal activities taking place on board offshore installations located on the continental shelf beyond 200 nautical miles or in their vicinity (i.e. within the safety zones). Importantly, the LOSC provides that status of the continental shelf and the rights of the coastal state over the continental shelf do not affect the legal status of the superjacent waters.266 The superjacent waters of the continental shelf beyond 200 nautical miles are in the fullest sense the high seas.267 Thus, an offshore installation located on the continental shelf beyond 200 nautical miles, is also located on that part of the high seas above the continental shelf beyond 200 nautical miles. Therefore, the high seas provisions of the LOSC will also be applicable. One of the freedoms of the high seas provided to all states is the ‘freedom to construct artificial islands and other installations permitted under international law, subject to Part VI’.268 Part VI of the convention deals with the continental shelf. Therefore, the phrase ‘subject to Part VI’ in Article 87(1)(d) means that the freedom of all states to construct offshore installations on the part of the high seas above the continental shelf beyond 200 nautical miles excludes offshore oil and gas installations.

261 Article 59 of the LOSC states: In cases where this Convention does not attribute rights or jurisdiction to the coastal State or to other States within the exclusive economic zone, and a conflict arises between the interests of the coastal State and any other State or States, the conflict should be resolved on the basis of equity and in the light of all the relevant circumstances, taking into account the respective importance of the interests involved to the parties as well as to the international community as a whole.

262 See LOSC art 76. 263 Article 76(8) of the LOSC provides that the limits of the extended continental shelf must be established in accordance with recommendations made by the Commission for the Limits of the Continental Shelf (CLCS), which employs a quasi-judicial process to ‘settle’ final and binding outer continental shelf limits beyond 200 nautical miles. See Maria Gavouneli, Functional Jurisdiction in the Law of the Sea (Martinus Nijhoff 2007) 141. 264 LOSC arts 60(1), 80. 265 Ibid. arts 60(2), 80. 266 Ibid. art 78(1). 267 Under Article 86 of the LOSC, the high seas provisions (of Part VII) apply to all parts of the sea that are not included in the EEZ, the territorial sea, the internal waters or the archipelagic waters. 268 LOSC art 87(1)(d).

214

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

Rothwell and Stephens have observed that some of the high seas freedoms listed in Article 87(1), including the freedom to construct offshore installations, cannot be considered as ‘freedoms’ because they are subject to limitations such as the continental shelf rules.269 4.6.1 Protection measures Offshore oil and gas installations located on the continental shelf beyond 200 nautical miles are still under the exclusive jurisdiction of the coastal state by virtue of Articles 60(2) and 80 of the LOSC.270 In Delimitation of the Maritime Boundary between Bangladesh and Myanmar in the Bay of Bengal (Bangladesh v Myanmar),271 the ITLOS took the view that the LOSC ‘embodies the concept of a single continental shelf . . . without any distinction being made between the shelf within 200 nm and the shelf beyond that limit’. 272 In effect, the same LOSC rules apply to offshore installations on the continental shelf beyond 200 nautical miles as to those located on the continental shelf within 200 nautical miles, including rules relating to the protection and security of offshore oil and gas installations. In particular, these include the ability of the coastal state to exercise criminal jurisdiction on board offshore installations, the right to establish safety zones not exceeding 500 metres around offshore installations,273 and the requirement not to cause any unjustifiable interference with navigation or other rights and freedoms of the high seas.274 The only notable difference, not related to the security of offshore installations, is that the LOSC contains a special provision that requires coastal states to make payments or contributions in kind in respect of the exploitation of the continental shelf beyond 200 nautical miles.275 4.6.2 Enforcement jurisdiction With respect to the coastal state’s enforcement jurisdiction in waters above the continental shelf beyond 200 nautical miles, the situation is different because these waters are part of the high seas.276 On the high seas, a flag state has exclusive jurisdiction over ships entitled to fly its flag.277 Coastal states do not have any specific

269 Rothwell and Stephens (n 25) 168. Honein has questioned whether such freedom extends to installations on the continental shelf beyond 200 nautical miles and emerging from the high seas superjacent to that part of the continental shelf, which is ‘subject to an international legal regime completely different from the “free” regime of the high seas’: Honein (n 71) 34. 270 See Rothwell and Stephens (n 25) 157. 271 Delimitation of the Maritime Boundary between Bangladesh and Myanmar in the Bay of Bengal (Bangladesh v Myanmar)(Judgment) (ITLOS, Case No. 16, 14 March 2012) (‘Bay of Bengal’). 272 Ibid. para 361, cited in Ted McDorman, ‘The Continental Shelf Regime in the Law of the Sea Convention: A Reflection on the First Thirty Years’ (2012) 27 International Journal of Marine and Coastal Law 743, 745–46. 273 LOSC arts 60(4)–(5). 274 Ibid. art 78(2). 275 See LOSC art 82. Article 82(4) of the LOSC provides that such payments or contributions should be made to the International Seabed Authority (ISA). Under Article 82(3) of the LOSC, developing states which are net importers of a mineral resource produced from the continental shelf beyond 200 nautical miles are exempt from making such payments or contributions. 276 LOSC art 78(1). 277 Ibid. art 92(1).

215

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

regulation and enforcement powers on the high seas. The exception is when a foreign ship has engaged in behaviour giving rise to universal jurisdiction such as in the case of piracy, whereby all states have a power to stop and inspect ships suspected of having engaged in piracy.278 In general, hot pursuit cannot be initiated by a coastal state on the high seas, but it can be continued if it was initiated in other maritime zones of jurisdiction (i.e. the territorial sea, the continuous zone, the EEZ and the continental shelf) and has not been interrupted.279 The coastal state can make laws for the regulation of matters connected with exploration and exploitation of natural resources on the continental shelf beyond 200 nautical miles.280 In this regard, O’Connell has stated: the right to make these effective could be regarded as inherent in the power itself. But, while it is relevant to point out the extent to which the coastal State’s criminal law has actually been applied to oil rigs, that does not of itself warrant the inference that there is a right of hot pursuit in the event of their violation.281

According to O’Connell, it is only within 500-metre safety zones around offshore installations on the continental shelf beyond 200 nautical miles that the coastal state has any authority over these waters, and if an incident occurs outside a safety zone, the question of hot pursuit might be different from what it would be if it occurred within a safety zone.282 If a foreign ship involved in the attack is located within 500 metres of an offshore installation, and especially if the offenders are still on board an offshore installation, the nexus would be stronger because of the specific provisions in the LOSC about measures that may be taken in safety zones for the protection of offshore installations.283 If a foreign ship is outside a safety zone, enforcement action by the coastal state against a delinquent foreign ship would require permission of the flag state, unless the hot pursuit was initiated when the foreign ship was within the safety zone.284 However, enforcement on the high seas without permission of the flag state may be legitimate where such action is taken in order to protect the nationals of the coastal state (or a third state),285 for example, where nationals of the coastal state or a third state are kidnapped from an offshore installation and are on board a foreign ship used in the attack. 4.6.3 Installations on the seabed beyond national jurisdiction The seabed beyond national jurisdiction is referred to in the LOSC as ‘the Area’, which is defined as ‘the seabed and ocean floor and subsoil thereof, beyond the limits of national jurisdiction’.286 This area is also often referred to as the ‘deep

278 279 280 281 282 283 284 285 286

See LOSC arts 100, 105, 110; Kaye, ‘Interdiction and Boarding of Vessels at Sea’ (n 214) 201. LOSC art 111. Ibid. arts 56(1), 60(2). O’Connell (n 137) 1086–87. Ibid. 1086. Ibid. 1087. Ronzitti, ‘The Law of the Sea and the Use of Force’ (n 117) 8. Ibid. 8–9. LOSC art 1(1).

216

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK 287

seabed’. The deep seabed has been withheld from the jurisdictional claims of states and declared the ‘common heritage of mankind’.288 The International Seabed Authority (ISA) is the international organisation established under the LOSC for the purpose of exercising overall responsibility for the exploration and exploitation of the resources on the seabed beyond national jurisdiction.289 However, at present, offshore oil and gas production on the seabed beyond national jurisdiction is not economically feasible. As noted by Kaye: In practical terms, such waters are relatively remote in ocean, being a minimum of 200 nautical miles from the nearest land, and the seabed in such areas is typically oceanic crust, thousands of metres below the surface of the ocean. This means that there are no platforms anywhere in the world beyond national jurisdiction at the present point in time.290

While this is the case now, it is possible that in the foreseeable future, with technological advances, there will be offshore installations operating on the deep seabed. As discussed in Chapter 2, some offshore installations are able to operate in water depths of over 3,000 metres. Accordingly, it is appropriate to consider the LOSC rules applicable to the security of offshore installations on the deep seabed, including issues relating to jurisdiction and enforcement powers. Article 135 of the LOSC provides that the legal status of the waters superjacent to the deep seabed (i.e. the high seas) is not affected by any rights granted or exercised pursuant to the legal framework of the deep seabed. All states have a freedom to construct offshore installations on the high seas, which is one of the freedoms of the high seas.291 However, installations for the purposes of the exploitation of resources of the deep seabed, which includes offshore petroleum installations, are subject to authorisation by the ISA.292 This means that the freedom of all states to construct offshore installations on the high seas superjacent to the deep seabed is restricted in that it excludes offshore petroleum installations,293 which is a similar situation to the high seas above the continental shelf beyond 200 nautical miles. Offshore operations beyond national jurisdiction to exploit resources of the deep seabed must be carried out in accordance with rules, regulations and procedures of the ISA.294 The ISA exercises overall responsibility in regard to the authorisation to construct or erect offshore installations for the purposes of exploitation of the deep seabed as well as the exercise of the functions of control and regulation assigned

287 The terms ‘deep seabed’ and ‘seabed beyond national jurisdiction’ are used interchangeably. 288 LOSC art 136. See also Gavouneli (n 262) 136; Rothwell and Stephens (n 25) 15. 289 LOSC arts 156, 157(1). Under Article 157(2) of the LOSC, the ISA also has incidental powers necessary for the exercise of the functions relating to exploration and exploitation of the seabed beyond national jurisdiction. 290 Kaye, ‘The Protection of Platforms, Pipelines and Submarine Cables’ (n 58) 188. See also Kaye, ‘International Measures to Protect Oil Platforms’ (n 2) 386–87. 291 LOSC art 87(1)(d). 292 Ibid. art 147(2)(a). 293 Other installations, such as installations for harvesting energy from waves and currents, continue to be subject to the freedoms of the high seas and may be used freely by states: Rothwell and Stephens (n 25) 290. 294 LOSC art 147(2)(a).

217

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

to it under the LOSC.295 In practice, the jurisdiction over an offshore installation on the deep seabed would need to be entrusted to and exercised by a particular state because the ISA itself cannot exercise jurisdiction as it lacks ‘the civil and criminal codes and the system of courts necessary to give jurisdiction any effective meaning’.296 The question is which state (the flag state or the nearest coastal state or third state) should exercise jurisdiction over offshore installations on the deep seabed, and whether such jurisdiction should be exclusive. The LOSC does not provide answers to these questions. Although the LOSC does not deal directly with jurisdiction over offshore installations on the deep seabed, it appears to grant states jurisdiction with respect to environmental aspects in order to prevent, reduce and control pollution from activities undertaken by offshore installations ‘flying their flag or of their registry or operating under their authority’.297 The LOSC does not have a requirement for states to maintain the registry of offshore installations, but it implies that states may maintain such a registry.298 On one hand, it seems to be logical for the state of registry or the flag state to have exclusive jurisdiction over offshore installations on the deep seabed.299 On the other hand, an argument can be made that it is more appropriate for the state that was authorised to construct the offshore installation to exercise exclusive jurisdiction over it.300 In the event where a licence or authorisation to construct an offshore installation is granted by the ISA to a private entity rather than a state, the ISA might delegate or assign jurisdiction over such installation to a state with which the entity is associated, which may be different to the state of registry or the flag state of the offshore installation,301 and that state would, in effect, be permitted to exercise exclusive jurisdiction and control over the installation in question,302 and the entity would construct and operate the installation under the jurisdiction of that state. The issue of jurisdiction over offshore installations on the seabed beyond national

295 See LOSC art 153(1). Article 153(1) provides that activities on the seabed beyond national jurisdiction should be organised, carried out and controlled by the ISA on behalf of mankind as a whole. 296 Derek Bowett, The Legal Regime of Islands in International Law (Oceana Publications 1979) 134, quoted in Honein (n 71) 37. 297 LOSC art 209(2). 298 Kaye, ‘International Measures to Protect Oil Platforms’ (n 2) 388 (noting that Article 109(3)(b) of the LOSC refers to the registration system of installations in the context of unauthorised broadcasting from installations). 299 Bernaerts has argued that the terms ‘flag state’ and ‘state of registry’ have the same meaning in the LOSC: Arnd Bernaerts, Bernaerts’ Guide to the 1982 United Nations Convention on the Law of the Sea: Including the text of the UN Convention and Final Act (Fairplay 1988) 103. 300 Bowett suggests that ‘it must be assumed that the Authority will, under the terms of its licence, make specific provision for the assertion of jurisdiction by a State which applies for a licence’: Bowett (n 296) 134, quoted in Honein (n 71) 37. 301 The ‘association’ of the entity with a particular state would probably be determined by the nationality of the entity or nationality of natural persons who control the entity. See LOSC arts 139(1); 153(2). 302 Honein (n 71) 37. Honein has noted that ‘[i]f the national character does not exist, it would then be necessary to apply some form of international jurisdiction under the auspices of the Authority, that is theoretically, for in practical terms, the Authority might not be able to assume such jurisdiction’: at 37.

218

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

jurisdiction is not specified in the LOSC.303 As far as the protection of offshore installations operating on the seabed beyond national jurisdiction is concerned, the important question is what security requirements and regulations apply to such installations.304 4.6.4 Protection measures The LOSC requires the establishment of safety zones around such installations to ensure safety of navigation and offshore installations.305 In addition, the location and configuration of such safety zones cannot form a ‘belt’ across the high seas that would cause interference with navigation.306 The nature of the measures that a state can take in a safety zone around an offshore installation on the seabed beyond national jurisdiction is not clear, but the LOSC requires that safety zones should have ‘appropriate marking’.307 Similarly, the LOSC does not specify the breadth of safety zones around offshore installations on the seabed beyond national jurisdiction,308 but it is arguable that a 500-metre safety zone may be established.309 Furthermore, it appears that offshore installations on the seabed beyond national jurisdiction are required to have safety zones around them because Article 147(2)(c) of the LOSC uses the words ‘shall be established’. In contrast, the establishment of safety zones around offshore installations on the continental shelf is optional because Article 60(4) uses the phrase ‘may, where necessary, establish’. The nature of jurisdiction within safety zones around offshore installations on the deep seabed is also not clear. It would seem to be reasonable for a state that exercises jurisdiction over offshore installations on the deep seabed to extend its criminal laws that would apply on board such offshore installations and possibly within the safety zones established around such installations in order to punish criminal activities taking place on board offshore installations and within safety zones. However, there is no specific provision in the LOSC that authorises states to exercise criminal or security jurisdiction on board offshore installations on the deep seabed or within safety zones around such installations. There is no nexus to the continental shelf and therefore it is much more difficult to establish and exercise criminal or security jurisdiction. It is clear that hot pursuit cannot be commenced within a safety zone around an installation on the deep seabed because Article 111(2) of the LOSC specifically refers to safety zones around ‘continental shelf installations’.

303 Another issue is whether a state that exercises jurisdiction over an offshore installation on the deep seabed has the capability to protect it. 304 Lee Cordner, ‘Offshore Oil and Gas Industry Security Risk Assessment: An Australian Case Study’ in Rupert Herbert-Burns, Sam Bateman and Peter Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2009) 169, 172. 305 LOSC art 147(2)(c). 306 Ibid. 307 Ibid.; cf. LOSC art 60(4). 308 LOSC art 147. 309 Kaye, ‘The Protection of Platforms, Pipelines and Submarine Cables’ (n 58) 188.

219

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

4.6.5 Enforcement jurisdiction With regard to enforcement action against foreign ships for attacks on and interferences with offshore installations located on the seabed beyond national jurisdiction, it will be recalled that ships on the high seas are under the exclusive jurisdiction of the flag state.310 Ronzitti has argued that enforcement action against foreign ships on the high seas may be lawful when it is aimed at protecting the nationals of the intervening state, especially when the flag state is unable or unwilling to take the necessary steps to protect the human life.311 However, the fact that the flag state is not immediately taking enforcement action, but exploring other ways to free the hostages, does not mean that it is unable or unwilling to intervene because the flag state has the right to choose the best tactics to deal with the situation including negotiation with the perpetrators in order to free the hostages.312 It is not clear whether a state other than a state of registry or a state authorised to construct or operate the offshore installation can respond to an attack and take enforcement action on board the installation operating on the seabed beyond national jurisdiction or within a safety zone around such an offshore installation. This would depend on whether a state of registry (i.e. a flag state) or an operatorstate has exclusive jurisdiction over such offshore installations. However, a response action may be permissible particularly when the operation is aimed at rescuing the nationals of the intervening state.313 4.7 The law of piracy and offshore oil and gas installations As far as offshore security threats are concerned, the LOSC deals explicitly only with piracy. Article 100 of the LOSC obliges all contracting states to cooperate to the fullest possible extent in the repression of piracy.314 Piracy has a long history, but it remains a difficult legal concept.315 Despite the examples of so called ‘piracy attacks’ against offshore oil and gas installations and claims that piracy is a security threat to offshore installations, the important question is whether an act of piracy can be committed against an offshore installation in the legal sense. In other words, it is necessary to determine whether the law of piracy applies to offshore installations. The ‘contemporary’ definition of piracy in international law is provided in Article 101 of the LOSC, which defines piracy as consisting of any of the following acts: (a) any illegal acts of violence or detention, or any act of depredation, committed for private ends by the crew or the passengers of a private ship or a private aircraft, and directed: (i) on the high seas, against another ship or aircraft, or against persons or property on board such ship or aircraft; (ii) against a ship, aircraft, persons or property in a place outside the

310 LOSC art 92(1). 311 Ronzitti, ‘The Law of the Sea and the Use of Force’ (n 117) 8–9 (arguing that the intervention can be justified under the doctrine of state of necessity or doctrine of intervention to protect its own nationals). 312 Ronzitti, ‘The Law of the Sea and the Use of Force’ (n 117) 9. 313 Ibid. 314 See LOSC art 100. 315 O’Connell (n 137) 966.

220

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

jurisdiction of any State; (b) any act of voluntary participation in the operation of a ship or of an aircraft with knowledge of facts making it a pirate ship or aircraft; (c) any act of inciting or of intentionally facilitating an act described in subparagraph (a) or (b).316

The legal definition of ‘piracy’ in Article 101 of the LOSC contains several criteria that must be satisfied in order for an act to be regarded as piracy. An act must be an ‘illegal act of violence or detention’, or an ‘act of depredation’ committed for ‘private ends’ by the crew or the passengers of a ‘private ship’ ‘on the high seas’ and ‘against another ship’ or ‘against property’ in a ‘place outside the jurisdiction of any State’. Many of these elements and related legal issues have been extensively discussed in the literature,317 and therefore they are not discussed in great detail here. It should also be noted that inciting or intentionally facilitating any of the acts described in Article 101(a) also constitutes an act of piracy.318 4.7.1 Illegal act of violence or detention or an act of depredation The first criterion that applies to piracy is that there must be an illegal act of violence or detention or an act of depredation.319 Churchill argues that there are two alternatives: ‘either there must be an illegal act of violence or detention or there must be an act of depredation’,320 but since ‘both involve some force, there is a substantial overlap’ between the alternatives.321 In considering the meaning of ‘depredation’ Churchill turned to the dictionary definitions of the term and concluded that ‘depredation in the context of piracy appears to mean stealing goods from a ship by force, and possibly also merely attacking a ship’.322

316 LOSC art 101 (emphasis added). It is commonly accepted that the LOSC positions on piracy are declaratory of customary international law. See Ronzitti, ‘The Law of the Sea and the Use of Force’ (n 117) 1; Douglas Guilfoyle, Shipping Interdiction and the Law of the Sea (Cambridge University Press 2009) 26. Cf. Malvina Halberstam, ‘Terrorism on the High Seas: The Achille Lauro, Piracy and the IMO Convention on Maritime Safety’ (1988) 82(2) American Journal of International Law 269, 276–91. 317 See, e.g. O’Connell (n 137) 966; Halberstam (n 316); Guilfoyle, Shipping Interdiction (n 316); Samuel Menefee, ‘Piracy, Terrorism, and the Insurgent Passenger: A Historical Perspective’ in Natalino Ronzitti (ed.), Maritime Terrorism and International Law (Martinus Nijhoff 1990) 43, Maritime Terrorism and International Law (Martinus Nijhoff 1990) 43, 47–58; Rosemary Collins and Daud Hassan, ‘Applications and Shortcomings of the Law of the Sea in Combating Piracy: A South East Asian Perspective’ (2009) 40(1) Journal of Maritime Law and Commerce 89; Omer Elagab, ‘Somali Piracy and International Law: Some Aspects’ (2010) 24(2) Australian and New Zealand Maritime Law Journal; Chuck Mason, ‘Piracy: A Legal Definition’ (CRS Report for Congress, US Congress, 2010); Douglas Burgess, The World for Ransom: Piracy is Terrorism, Terrorism is Piracy (Prometheus Books 2010); Maggie Gardner, ‘Piracy Prosecutions in National Courts’ (2012) 10(4) Journal of International Criminal Justice 797; Francesca Pellegrino, ‘Historical and Legal Aspects of Piracy and Armed Robbery Against Shipping’ (2012) 43(3) Journal of Maritime Law and Commerce 429; Alexander Larian, ‘An Old Problem Reborn: So What Is Piracy After All?’ (2013–2014) 26(1) University of San Francisco Maritime Law Journal 117; Robin Churchill, ‘The Piracy Provisions of the UN Convention on the Law of the Sea – Fit for Purpose?’ in Panos Koutrakos and Achilles Skordas (eds) The Law and Practice of Piracy at Sea: European and International Perspectives (Hart Publishing 2014) 9; Douglas Guilfoyle, ‘Piracy and Terrorism’ in Panos Koutrakos and Achilles Skordas (eds) The Law and Practice of Piracy at Sea: European and International Perspectives (Hart Publishing 2014). 318 LOSC art 101(c). 319 Ibid. art 101(a). 320 Churchill (n 317) 13. 321 Ibid. 16. 322 Ibid. 15–16.

221

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

It is not clear what type of violence constitutes piracy and the LOSC offers no guidance in that respect. It has been argued that the definition of piracy ‘comprehends a category of acts beyond mere theft or the intention to commit theft on the high seas’ and that a single murder at sea is not necessarily piracy, nor is a single act of theft.323 Similarly, Churchill has asserted that in order for ‘conduct to constitute piracy there must be a minimum threshold of violence, probably of a fairly serious nature’.324 Some courts have accepted a relatively low threshold of violence as sufficient for piracy, such as firing of shots at the victim ship without causing injury to those on board or damage to the ship.325 For example, in United States v Hasan,326 the Court found five Somalis guilty of piracy for firing assault rifles and RPGs at USS Nicholas on the high seas between Somalia and the Seychelles.327 In Institute of Cetacean Research v Sea Shepherd Conservation Society,328 the US Court of Appeals held that acts of violence by Sea Shepherd such as ‘ramming ships, fouling their propellers and hurling fiery and acid filled projectiles’, qualified as acts of violence within the meaning of Article 101 of the LOSC.329 It has been argued that even threatened violence could be characterised as an ‘act of violence’ under Article 101 of the LOSC.330 Even if there is an implied minimum threshold of violence required for piracy, it appears that the threshold is not high and even a relatively minor act of violence may constitute piracy. 4.7.2 The ‘private ends’ requirement One of the key requirements of piracy is that the act must be committed for ‘private ends’. The meaning of the term ‘private ends’ remains a subject of much controversy and debate. It is commonly argued that politically motivated acts, such as environmental protests and acts of terrorism, do not fall within the LOSC definition of piracy because they are not committed for ‘private ends’. However, this argument is not universally accepted.331. 323 O’Connell (n 137) 969, citing United States v Furlong, (5 Wheat.) 184 (1820); United States v Smith, 18 US (5 Wheat.) 153 (1820). 324 Churchill (n 317) 15. 325 Ibid., citing Hassan M Ahmed v Republic [2009] eKLR (High Court of Kenya); Republic v Dahir et al. [2010] SCSC 86 (Supreme Court of Seychelles); United States v Dire et al., F.3d WL 1860992 (Court of Appeals, 4th Circuit, 2012). 326 United States v Hasan, 747 F.Supp.2d 599 WL 4281892 (E.D. Va., 2010). 327 Mason (n 317) 8, citing United States v Hasan, 747 F.Supp.2d 599 WL 4281892 (E.D. Va., 2010). 328 Institute of Cetacean Research v Sea Shepherd Conservation Society, 43 ELR 20114 No. 12-35266 (Court of Appeals, 9th Circuit, 2013) (‘Cetacean Research’). 329 Ibid. 33. 330 Collins and Hassan (n 317) 96. 331 See, e.g. Douglas Guilfoyle, ‘Political Motivation and Piracy: What History Doesn’t Teach Us About Law’ (Blog of the European Journal of International Law, 17 June 2013) www.ejiltalk.org/politicalmotivation-and-piracy-what-history-doesnt-teach-us-about-law/ accessed 1 December 2015; Douglas Guilfoyle, ‘Can Russia Prosecute Greenpeace Protestors Over the Arctic Sunrise?’ (The Conversation, 28 September 2013) http://theconversation.com/can-russia-prosecute-greenpeace-protestors-over-the-arcticsunrise-18683 accessed 1 December 2015; Churchill (n 317); Guilfoyle, ‘Piracy and Terrorism’ (n 317). Cf. Chris Rahman, ‘Book Review: Panos Koutrakos and Achilles Skordas (eds). The Law and Practice of Piracy at Sea: European and International Perspectives. Hart Publishing, Oxford (2014)’ (2014) 28(2) Australian and New Zealand Maritime Law Journal 137, 138.

222

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

According to ILC commentary, ‘[t]he intention to rob (animus furandi) is not required. Acts of piracy may be prompted by feelings of hatred or revenge and not merely by the desire for gain’.332 In the 1986 Belgian case, Castle John v NV Mabeco,333 it was held that a Greenpeace protest that included violent acts against vessels involved in dumping of toxic wastes was considered piracy because it was carried out to express a personal point of view and therefore was not political.334 The ‘private ends’ criterion was considered by the US Court of Appeals in Cetacean Research,335 which held that the ‘private ends’ is not limited to acts pursued for financial gain, but the understanding of the word ‘private’ is much broader and can refer to matters of a personal nature not connected to finance.336 The Court concluded that ‘private ends’ include activities ‘pursued on personal, moral or philosophical grounds’ and the fact that ‘the perpetrators believe themselves to be serving the public good does not render their ends public’.337 Guilfoyle has supported the Court’s view in Cetacean Research that ‘sufficiently violent acts of political protest may constitute piracy’.338 It has been argued that the antonym of the word ‘private’ is ‘public’, not ‘political’,339 which could suggest that ‘the intention of the drafters in using the word “private” may have been to separate those actions from those that could be termed “public”’.340 The term ‘public’ can be interpreted as an act supported by a state, and on that basis it can be argued that politically motivated violent acts ‘lacking state sanction may be considered violence “for private ends”’.341 In Shell Offshore v Greenpeace,342 the Court held that it was in the public interest to grant an injunction to prevent Greenpeace from interfering with Shell’s offshore operations.343 This could imply that the protest was not in the public interest, and therefore, it was for private ends rather than for public ends. 4.7.3 Property in a place outside the jurisdiction of any state In the context of offshore oil and gas installations, the significance of the definition of piracy in international law is that, in piracy, an act of violence must be committed against a ship.344 However, it is important to note that the LOSC does extend the 332 ILC (n 15) 282. See also Ashley Bane, ‘Pirates Without Treasure: The Fourth Circuit Declares that Robbery Is Not an Essential Element of General Piracy’ (2013) 37(2) Tulane Maritime Law Journal 615. 333 Castle John v NV Mabeco (1986) 77 ILR 537 (Belgian Court of Cassation) (‘Castle John’). 334 Ibid. 540, cited in United Nations Conference on Trade and Development (UNCTAD), Maritime Piracy Part II: An Overview of the International Legal Framework and of Multilateral Cooperation to Combat Piracy (2014) 8. 335 Cetacean Research 43 ELR 20114 No. 12-35266 (Court of Appeals, 9th Circuit, 2013). 336 Ibid. 4. 337 Ibid. 5. 338 Guilfoyle, ‘Can Russia Prosecute Greenpeace Protestors’ (n 331). 339 See Guilfoyle, ‘Piracy and Terrorism’ (n 317) 52. 340 Ashton Zylstra, ‘Piracy or Hooliganism: Detention of the Arctic Sunrise’ (2013) Publishing House “Analitika Rodis” 9, 17. 341 Guilfoyle, ‘Piracy and Terrorism’ (n 317) 52. 342 Shell Offshore Inc v Greenpeace Inc, 43 ELR 20051 No. 12-35332 (Court of Appeals, 9th Circuit, 2013) (‘Shell Offshore v Greenpeace’). 343 Arctic Sunrise (ITLOS, Case No. 22, 22 November 2013) para 33 (Golitsyn J), citing Shell Offshore Inc v Greenpeace Inc, 43 ELR 20051 No. 12-35332 (Court of Appeals, 9th Circuit, 2013). 344 Esmaeili (n 66) 37.

223

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

definition of piracy to acts committed against ‘persons or property in a place outside the jurisdiction of any State’.345 The issue is whether the word ‘property’ in subparagraph (a)(ii) of Article 101 includes offshore installations. To answer this question it is necessary to consider the meaning of the expression ‘a place outside the jurisdiction of any State’. Article 100 of the LOSC provides that states shall cooperate to the fullest possible extent in the repression of piracy ‘on the high seas or in any other place outside the jurisdiction of any State’. Clearly, the LOSC distinguishes the term ‘high seas’ from the term ‘a place outside the jurisdiction of any State’. According to the ILC: In considering as ‘piracy’ acts committed in a place outside the jurisdiction of any State, the Commission had chiefly in mind acts committed by a ship or aircraft on an island constituting terra nullius or on the shores of an unoccupied territory. But the Commission did not wish to exclude acts committed by aircraft within a larger unoccupied territory, since it wished to prevent such acts committed on ownerless territories from escaping all penal jurisdiction.346

The ILC’s above comment clarifies that the expression ‘in a place outside the jurisdiction of any State’ refers to unoccupied ownerless territories, including certain islands, that had not been claimed by any state.347 It follows that the expression ‘a place outside the jurisdiction of any State’ does not refer to any area of the sea at all.348 This view is consistent with the ILC’s explanation set out above. It appears that in using the expression ‘against a ship, aircraft, persons or property in a place outside the jurisdiction of any State’, the drafters of this provision did not intend the word ‘property’ to refer to or include offshore oil and gas installations. Therefore, it can be argued that Article 101(a)(ii) does not apply to offshore installations. 4.7.4 The legal treatment of offshore installations as ships One of the key criteria in the LOSC definition of piracy is that the act must be directed against a ship.349 It is doubtful that when the provisions on piracy were drafted in the 1950s and adopted at UNCLOS I in 1958, the drafters contemplated that an act of piracy could be committed against an offshore installation. On that basis, it can be argued that an act of piracy, as defined in Article 101 of the LOSC, does not apply in the context of offshore installations (whether fixed or mobile). Such a restrictive interpretation, if adopted, would be a substantial limitation in the applicability of the international legal rules on piracy to offshore installations. In determining whether an act of piracy can be committed against an offshore oil and gas installation, it ultimately comes down to whether an offshore installation 345 LOSC art 101(a)(ii) (emphasis added). 346 ILC (n 15) 282. 347 Jesus has argued that subparagraph (a)(ii) of Article 101 serves no useful purpose because it is impossible today to find a piece of land on earth that is not claimed by any state, perhaps with the exception of Antarctica: Jose Luis Jesus, ‘Protection of Foreign Ships against Piracy and Terrorism at Sea: Legal Aspects’ (2003) 18(3) International Journal of Marine and Coastal Law 363, 377. 348 Apart from the high seas, no other part of the ocean is ‘outside the jurisdiction of any State’. 349 LOSC art 101(a). See also Kaye, ‘International Measures to Protect Oil Platforms’ (n 2) 415 (arguing that ‘[t]raditional approaches to the definition of piracy have under committed it exclusively against ships’).

224

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

can be treated as a ‘ship’ in this context because of the requirement in subparagraph (a)(i) of Article 101 that an act must be directed against ‘another ship’.350 If so, the definition of piracy will apply to offshore installations, which would mean that an act of piracy can be committed against offshore oil and gas installations; if not, then an act of piracy cannot be committed against offshore installations. Even though it is generally accepted that offshore installations are not ‘ships’, in some contexts they may be treated as ships depending on the aims and purpose of a particular international convention. Since the legal rules on piracy are contained in the LOSC, the LOSC is therefore the relevant international convention that should be referred to, to determine whether offshore installations are considered to be ships in the context of piracy. The LOSC does not define the terms ‘ship’ or ‘vessel’ and makes a distinction between ‘ships’ and ‘installations’, which suggests that offshore installations are not treated as ‘ships’ under the LOSC. However, as discussed in Chapter 5, an alternative approach to the legal status of mobile offshore installations is referred to as the ‘dual status approach’. Under the ‘dual status approach’, the legal status of a mobile offshore installation can change depending on the activity being performed by the installation at a given point in time. The LOSC appears to have adopted the ‘dual status approach’.351 In applying the ‘dual status approach’ in the context of piracy, it can be argued that an act of piracy cannot be committed against an offshore installation operating on location because it would be considered to be an ‘installation’, rather than a ‘ship’. By contrast, an attack on an offshore installation while it is moving from one place to another may be regarded as an act of piracy, provided that all other criteria of piracy are satisfied. 4.7.5 Territorial/geographic scope of piracy Assuming that an act of piracy can be committed against a mobile offshore installation when it is in transit or moving from one place to another, the territorial/ geographic scope of piracy becomes a relevant issue. One of the key elements of the LOSC definition of piracy is that piracy is an act that occurs on the high seas. By virtue of Article 58(2) of the LOSC, the provisions on piracy also apply to the EEZ.352 This means that an act of piracy can only be committed on the high seas and within the EEZ, but it cannot be committed in the territorial sea or within the territory of a state.353 Therefore, ‘an equivalent act of violence which took place within the territorial sea would not be piracy for the purposes of international law’.354 Likewise, an equivalent act of violence committed in the internal waters of a coastal state or

350 LOSC art 101(a)(i). 351 Once MODUs ‘are “fixed” to the continental shelf of a State and engaged in drilling operations, they are covered by Article 56, Article 60 and Article 80 . . . and are treated not as ships, but as “installations” or “structures”’: Vaughan Lowe, ‘Ships’ in Nerina Boschiero et al. (eds) International Courts and the Development of International Law (TMC Asser Press 2013) 291, 294 (footnotes omitted). 352 Article 58(2) of the LOSC provides that ‘Articles 88 to 115 and other pertinent rules of international law’ apply to the EEZ in so far as they are not incompatible with the EEZ regime. 353 ILC (n 15) 282. 354 Rothwell and Stephens (n 25) 162.

225

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

the archipelagic waters of an archipelagic state would not be regarded as piracy under international law. It follows that, from an international law perspective and in the context of offshore petroleum installations, an act of piracy cannot be committed against a mobile offshore installation when the installation is located in the territorial sea or the internal waters of a coastal state or the archipelagic waters of an archipelagic state, regardless of whether the installation is moving or operating on location. If committed in the territorial sea, the internal waters or the archipelagic waters, such an act will not be considered piracy under the LOSC, but will probably be classified as a different type of offence, most likely armed robbery.355 An attack on an offshore installation in the territorial sea, the internal waters or the archipelagic waters should be a matter for a coastal state or an archipelagic state to deal with, and it would be subject to their domestic laws.356 However, domestic laws are often not in full conformity with the international law.357 The territorial/geographic limitation on the act of piracy does not apply to Article 101(c), which deals with incitement and intentional facilitation of an act of piracy.358 This means that the definition of piracy would cover not only the perpetrators on board the pirate ship, but also their accomplices or even masterminds of the attacks who are located onshore and who do not directly take part in the attacks. 4.7.6 Jurisdiction over piracy The LOSC provides for universal jurisdiction with respect to piracy.359 All states can exercise jurisdiction to prevent and repress piracy on the high seas.360 This means

355 The term ‘armed robbery against ships’ is defined by the IMO as ‘any illegal act of violence or detention or any act of depredation, or threat thereof, other than an act of piracy, committed for private ends and directed against a ship or against persons or property on board such a ship, within a State’s internal waters, archipelagic waters and territorial sea’: IMO, Code of Practice for the Investigation of Crimes of Piracy and Armed Robbery at Sea, Assembly, 26th Session, A Res 1025(26), Assembly, Agenda Item 10, IMO Doc A26/Res.1025 (18 January 2010) annex, para 2.2. 356 A survey of national laws on piracy conducted by the IMO Secretariat in 2009 revealed that many states do not fully incorporate the definition of piracy contained in Article 101 of the LOSC into their domestic legislation and in many cases piracy is not addressed as an independent, separate offence with its own jurisdictional framework, but is subsumed within more general categories of crime: IMO, Report of the Legal Committee on the Work of Its Ninety-Sixth Session, LE.G. 96th Session, Agenda Item 13, IMO Doc LEG 96/13 (14 October 2009) 17; IMO, Piracy: Uniform and Consistent Application of the Provisions of International Conventions Relating to Piracy, Note by the Secretariat, LE.G. 98th Session, Agenda Item 8, IMO Doc LEG 98/8 (18 February 2011). 357 See Patrick Griggs, ‘CMI Draft Guidelines for National Legislation’ (Speech delivered at the meeting of the Political Affairs Committee of the European Parliamentary Assembly, Brussels, 17 November 2009) 3; United Nations, Compilation of Information Received from Member States on Measures They Have Taken to Criminalize Piracy Under Their Domestic Law and to Support the Prosecution of Individuals Suspected of Piracy Off the Coast of Somalia and Imprisonment of Convicted Pirates UNSC, UN Doc S/2012/177 (26 March 2012). 358 IMO, Piracy: Elements of National Legislation Pursuant to the United Nations Convention on the Law of the Sea, 1982, Submission by the DOALOS, LE.G. 98th Session, Agenda Item 8, IMO Doc LEG 98/8/1 (18 February 2011) 4, n 15. 359 For a more detailed discussion on jurisdiction over piracy see Debra Doby, ‘Piracy Jure Gentium: The Jurisdictional Conflict of the High Seas and Territorial Waters’ (2010) 41(4) Journal of Maritime Law and Commerce 561; Matteo Del Chicca, ‘Universal Jurisdiction as Obligation to Prosecute or Extradite’ (2012) 11(1) World Maritime University Journal of Maritime Affairs 83. 360 LOSC arts 105, 110.

226

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

that any state, not merely the flag state or the coastal state, can respond to a pirate attack on a mobile offshore installation and apprehend and punish the perpetrators.361 Ships suspected of being involved in piratical acts against offshore installations may be boarded and arrested by any state.362 No jurisdictional link need exist between the state exercising jurisdiction and the suspected offenders.363 The question is whether all states have universal jurisdiction in matters of piracy in the EEZ.364 As noted by Kaye, ‘the rationale for universal jurisdiction for piracy against shipping cannot be easily applied to installations’.365 However, considering that an act of piracy can only be committed against mobile offshore installations when they are moving from one place to another, such offshore installations will be under the exclusive jurisdiction of the flag state (i.e. the state of registration) and not under the coastal state’s exclusive jurisdiction. Therefore, it is difficult to accept the proposition that there is no universal jurisdiction over piracy committed against an offshore installation in the EEZ and on the continental shelf. Although the LOSC ‘does not preclude new customary coastal state rights arising in the EEZ, there is little practice supporting any rule of exclusive and general coastal state criminal enforcement jurisdiction in the EEZ’.366 Article 58(2) clearly provides that piracy provisions apply in the EEZ; therefore, it is arguable that there will be universal jurisdiction over acts of piracy committed against offshore installations in the EEZ or on the continental shelf. 4.7.7 Internal seizures of offshore installations Another issue that needs to be considered in the context of piracy is whether an internal seizure of an offshore installation by offshore crew while the offshore installation is in transit (i.e. when it is a ‘ship’ under the ‘dual status approach’) may be regarded as piracy. Under Article 101 of the LOSC, to qualify as piracy, an act must be committed by the crew or passengers of one ship against another ship.367 This is commonly referred to as the ‘two-ship requirement’.368 The commentary to the Harvard Draft Convention on Piracy argued that piracy should not be extended to acts committed entirely on board a ship because, under international law, the ship is under the exclusive jurisdiction of the flag state on the high sea.369 This view was generally supported by the ILC which commented that acts ‘committed on board a ship by the crew or passengers and directed against the ship itself, or against persons or property on the ship, cannot be regarded as acts of piracy’.370 Clearly the intention of the drafters was to exclude internal seizures from

361 Ibid. art 105. 362 Ibid. arts 105, 110. 363 IMO, Piracy: Elements of National Legislation (n 358) 3. 364 Guilfoyle has argued that the ‘pressing issue is the geographic extent of state jurisdiction over piracy’: Guilfoyle, Shipping Interdiction (n 316) 43. 365 Kaye, ‘International Measures to Protect Oil Platforms’ (n 2) 415. 366 Guilfoyle, Shipping Interdiction (n 316) 45. 367 LOSC art 101(a)(i). 368 For discussion on the ‘two-ship requirement’ see Halberstam (n 316) 284–91. 369 Joseph Bingham (reporter), ‘Harvard Research in International Law: Draft Convention on Piracy’ (1932) 26 American Journal of International Law Supplement 739, cited in O’Connell (n 137) 972. 370 ILC (n 15) 282.

227

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

the definition of piracy. Thus there is a ‘two-ship requirement’ in the definition of piracy. Applying this to offshore installations, an internal seizure or hijacking of an offshore installation by the crew while the installation is in transit or moving from one place to another can therefore never be regarded as piracy in international law, particularly under the LOSC. 4.7.8 Pirate ships The definition of ‘pirate ship’ in Article 103 of the LOSC provides: A ship or aircraft is considered a pirate ship or aircraft if it is intended by the persons in dominant control to be used for the purpose of committing one of the acts referred to in article 101. The same applies if the ship or aircraft has been used to commit any such act, so long as it remains under the control of the persons guilty of that act.

The wording of Article 103 suggests that a state can take measures against a pirate ship to prevent the intended acts of piracy before they occur and to punish acts of piracy that have already been committed, as long as the persons who committed those acts are still in control of the ship in question.371 However, to prevent piracy attacks that have not been committed will first require establishing the intent of the perpetrators. Most of the attacks on and unlawful interferences with offshore installations, including most acts of piracy, are carried out using speedboats, motorboats and other small vessels. Motorboats or speedboats are likely to fall within the meaning of ‘ship’ as defined in some international conventions including MARPOL, OPRC, and the 1988 SUA Convention.372 The term ‘ship’ is usually defined broadly in national legislation and is likely to include speedboats and motorboats.373 4.7.9 The importance of domestic law Even though the universal jurisdiction over piracy and rights to board, search and seize foreign ships suspected of piracy and persons on board exist under international law,374 piracy prosecutions are carried out under domestic laws and procedures, and domestic courts will have to decide whether a crime of piracy had been committed.375 Therefore, it is important for states to have national legislation that makes piracy a criminal offence and prescribes applicable penalties. Preferably, the definition of piracy in Article 101 of the LOSC should be reflected in the national legislation to achieve consistency and uniformity. ‘The offence that is to be prosecuted must be clearly defined, established as a criminal offence and subjected to an appropriate penalty.’376 371 See also ILC (n 15) 283. 372 See MARPOL art 2(4); OPRC art 2(3); 1998 SUA Convention art 1. 373 See, e.g. Merchant Shipping Act 1995 (UK) s 313; Canada Shipping Act, SC 2001, c26, s 2. 374 LOSC arts 105, 110. 375 Griggs argues that it is therefore ‘essential that the rights given under international law are implemented by national legislation so that national courts are able to deal efficiently with those arrested and accused of crimes at sea’: Patrick Griggs, ‘Piracy Today’ (CMI, October 2010) www.comitemaritime. org/Uploads/Piracy/Piracy%20BA%2010%20-%20P.Griggs.doc accessed 1 December 2015. 376 IMO, Piracy: Establishment of a Legislative Framework to Allow for Effective and Efficient Piracy Prosecutions, Submission by the UNODC, LE.G. 98th Session, Agenda Item 8, IMO Doc LEG 98/8/2 (18 February 2011) 2.

228

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

Domestic laws relating to prosecution of piracy are not harmonised and appear to be very diverse.377 It has been noted that domestic law of a number of states ‘lacks provisions criminalizing piracy and/or procedural provisions for effective criminal prosecution of suspected pirates’.378 Such deficiencies in the national laws on piracy might have adverse effects on the prosecution of the offenders,379 and therefore should be rectified. In considering whether an act of violence against an offshore installation constitutes piracy, a domestic court would need to make a determination whether or not an offshore installation is a ship. If a national court determines that an attacked offshore installation was a ship at the time of the attack, then an act of violence committed against an offshore installation would be considered ‘piracy’, assuming all other criteria of piracy are satisfied. In doing so, the court would probably turn to the national laws, as well as international law. Offshore installations have been treated as ships or vessels under the national laws and there has been at least one court decision where it was held that an offshore installation is a ship when it is moving and not a ship when it is engaged in offshore operations.380 5 The 1998 SUA framework The above discussion has shown that the scope of the LOSC for regulating security of offshore oil and gas installations is relatively narrow. Prior to the 1980s, the general view was that outside of war-time, there was no threat to the safety of offshore installations apart from navigational accidents and collisions with ships, and offshore installations themselves were considered a potential threat to freedom and safety of navigation, particularly in enclosed sea areas and straits.381 Although security threats such as maritime terrorism and other violence at sea were known throughout the second half of the twentieth century, with the exception of piracy, these issues were not given serious consideration during the development and adoption of the LOSC.382 It was not until the seizure of the Italian cruise ship Achille Lauro by members of the PLF on 8 October 1985, while it was in the territorial sea of Egypt,383 that the international community seriously sought to address the issue of unlawful violent acts committed against ships and offshore installations.384 377 Rytis Satkauskas, ‘Piracy at Sea and the Limits of International Law’ (2011) 1(2) Aegean Review of the Law of the Sea and Maritime Law 217, 225. 378 UNSC Resolution 1918 (2010) preamble. 379 IMO, Piracy: Uniform and Consistent Application of the Provisions of International Conventions Relating to Piracy, Note by the Secretariat, LEG 98th Session, Agenda Item 8, IMO Doc LEG 98/8 (18 February 2011) 1. 380 Dome Petroleum v Hunt International Petroleum Co. [1978] 1 FC 11. See also discussion in Chapter 5. 381 Kaye, ‘International Measures to Protect Oil Platforms’ (n 2) 406. 382 Rothwell and Stephens (n 25) 434. 383 The Italian cruise liner, Achille Lauro, with 80 passengers and 320 crew members aboard was hijacked by four PLF terrorists in the Mediterranean. The hijackers had killed one American passenger and subsequently surrendered to Egyptian authorities. The airplane chartered by the Palestinians to flee Egypt was intercepted by US warplanes and forced to land in Italy, where the hijackers were arrested by the Italian authorities and subsequently tried. See Natalino Ronzitti (ed.), Maritime Terrorism and International Law (Martinus Nijhoff 1990). 384 Halberstam (n 316).

229

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

The Achille Lauro incident raised a number of legal questions and generated a great deal of public and political attention, especially in the Italian legal community.385 One of the key issues was whether the hijacking of Achille Lauro constituted an act of ‘piracy’. There were significant differences of opinion in that respect and, ultimately, no international consensus was reached,386 which demonstrated the need for an international legal framework that would enable states to respond to acts of violence (such as terrorism) against ships and punish the perpetrators of such acts. At the time, there were no consistent international legal principles relating to the conferral of jurisdiction on any state other than the flag state to punish those committing acts of violence outside their territory and the territorial sea.387 In November 1985, the IMO Assembly at its fourteenth session adopted resolution A.584(14) on measures to prevent unlawful acts that threaten the safety of ships and the security of their passengers and crew.388 The international community’s attention was drawn to the need for an international convention on maritime terrorism.389 The result was the rapid adoption of the 1988 SUA Convention and the 1988 SUA Protocol (1988 SUA Treaties) at the international conference in Rome on 10 March 1988.390 The 1988 SUA Treaties were the first international anti-terrorism instruments specifically dealing with the suppression of unlawful acts against shipping and offshore installations.391 The main purpose of the 1988 SUA Treaties is to provide an international legal basis for action to be taken against persons committing unlawful acts against the safety of ships and offshore oil and gas installations outside the limits of the territorial sea of coastal states, and to ensure prosecution and punishment of perpetrators of such unlawful acts.392 When discussing the 1988 SUA framework in the context of offshore installations security, most writers focus on the 1988 SUA Protocol and tend to ignore the application of the 1988 SUA Convention to offshore installations.

385 Ronzitti, Maritime Terrorism and International Law (n 383) vii. 386 Some states argued that the attack could not be considered ‘piracy’ because the perpetrators were politically motivated and therefore did not satisfy the ‘private ends’ criterion for piracy. In addition, the attack was the internal seizure and therefore did not satisfy the ‘two-ship requirement’. See LOSC art 101. 387 Richard Shaw, ‘News from IMO: Diplomatic Conference on the Revision of the SUA Convention and Protocol’ (2005) 3 CMI Newsletter 8, 8. 388 IMO, Measures to Prevent Unlawful Acts Which Threaten the Safety of Ships and the Security of Their Passengers and Crew, A Res 584(14), Agenda Item 10(b), IMO Doc A Res.A.584(14) (20 November 1985). 389 See Tullio Treves, ‘The Rome Convention for the Suppression of Unlawful Acts Against the Safety of Maritime Navigation’ in Natalino Ronzitti (ed.), Maritime Terrorism and International Law (Martinus Nijhoff 1990) 69, 69. 390 IMO, Final Act of the International Conference on the Suppression of Unlawful Acts against the Safety of Maritime Navigation, reproduced in IMO, SUA Convention (first published 1988, 2006 edn, IMO 2006) 1. 391 The ‘two-vessel requirement and the private end criterion made rules on piracy inapplicable to maritime terrorism’: Ronzitti, ‘The Law of the Sea and the Use of Force’ (n 117) 2, citing International Conference on the Suppression of Unlawful Acts against the Safety of Maritime Navigation, IMO Doc SUA/CONF/RD (1–10 March 1988). 392 IMO, Final Act of the International Conference on the Suppression of Unlawful Acts (n 390) iii.

230

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

5.1 SUA Convention 1988 The 1988 SUA Convention deals with unlawful violent acts against ships. The 1988 SUA Convention was specifically drafted and adopted by observing factors relating to the security of ships and navigation from unlawful violent acts.393 5.1.1 Application to offshore installations The term ‘ship’ in the 1988 SUA Convention is defined as ‘a vessel of any type whatsoever not permanently attached to the seabed, including dynamically supported craft, submersibles, or any other floating craft’.394 This definition of ‘ship’ in the 1988 SUA Convention is wide enough to include any type of mobile offshore installation and effectively covers FPSOs, FSOs, drill ships and MODUs.395 Article 4(1) provides that the 1988 SUA Convention applies ‘if the ship is navigating or is scheduled to navigate into, through or from waters beyond the outer limits of the territorial sea of a single State, or the lateral limits of its territorial sea with adjacent States’.396 From the geographical perspective, this means that the 1988 SUA Convention applies not only on the high seas and in the EEZ but also in the territorial sea, the archipelagic waters and the internal waters, as long as the ship is scheduled to navigate beyond the limits of the territorial sea of a single state.397 Navigation entirely within the territorial sea without leaving its outer or littoral limits is not covered by the 1988 SUA Convention as it would be an internal matter exclusive to the coastal state. Although the situation with respect to the archipelagic waters is not clear, it can be assumed that navigation within the archipelagic waters is not covered by the 1988 SUA Convention and is exclusive to the archipelagic state (by virtue of its sovereignty over the archipelagic waters) unless the ship is exercising the right of archipelagic sea lanes passage and is scheduled to navigate beyond the limits of the territorial sea of the archipelagic state. The 1988 SUA Convention applies to all offshore installations that are moving (i.e. navigating) from a port to an offshore site or from an offshore site to a port or between offshore sites, as long as the offshore site is located beyond the limits of the territorial sea; or if an offshore unit is moving between offshore sites both of which are located in the territorial sea of the same state, but the voyage includes navigation beyond the limits of the territorial sea of that state. The 1988 SUA Convention will also apply to offshore installations that are not moving (i.e. not

393 Esmaeili (n 66) 134. 394 1988 SUA Convention art 1. Article 2 of the 1988 SUA Convention provides that warships and government ships used as a naval auxiliary or for customs or police purposes are excluded from the application of the 1988 SUA Convention. 395 The definition of ‘ship’ in Article 1 of the 1988 SUA Convention should be read in conjunction with Article 4(1), which deals with application of the 1988 SUA Convention. 396 1988 SUA Convention art 4(1). 397 Robert Beckman, ‘The 1988 SUA Convention and 2005 SUA Protocol: Tools to Combat Piracy, Armed Robbery, and Maritime Terrorism’ in Rupert Herbert-Burns, Sam Bateman and Peter Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2009) 187, 189 (noting that the 1988 SUA Convention will apply when a ship is exercising the right of transit passage or innocent passage or when a ship is at anchor off the coast of a state).

231

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

navigating), but are scheduled to navigate, for instance, in situations where a jackup drilling rig is about to disconnect its legs from the seabed in order to move from one offshore site to another, as long as at least one of those offshore sites is located outside the territorial sea or the voyage of an offshore unit includes navigation beyond the limits of the territorial sea. It is unclear whether the 1988 SUA Convention will apply to offshore installations that are not moving under their own means of propulsion but are under tow, because the word ‘navigating’ usually implies the control of the movement of a craft and does not necessarily include ‘being towed’. However, it has been suggested that ‘navigation’ does not necessarily mean independent navigation,398 and an offshore craft may be used in navigation by external forces, such as by towing.399 In Great Belt,400 Finland argued that ‘[t]here is no evidence establishing the existence of a general requirement that a ship, for the purposes of international law, be capable of navigation under its own power’.401 Under such an interpretation, offshore installations that do not have their own means of propulsion may still be considered as ‘navigating’ when they are under tow.402 It appears that the 1988 SUA Convention will not apply to mobile offshore installations when they are engaged in offshore operations on location, because such installations are neither navigating nor scheduled to navigate. The 1988 SUA Convention tends to exclude all offshore installations operating on location (i.e. not navigating nor scheduled to navigate) that are not permanently attached to the seabed, which appears to be a significant limitation of the 1988 SUA Convention as far as the security of offshore installations is concerned. However, Treves has noted that the informal consultation group at the Rome Conference on the adoption of the 1988 SUA Treaties agreed that the term ‘navigation’ should be interpreted as encompassing the operation of MODUs or similar craft when attached to the seabed, and that those units would be subject to the 1988 SUA Convention.403 This seems to be an odd interpretation of the term ‘navigation’.404 Treves has pointed out that ‘this interpretation is not binding as “authentic” interpretation’, but has noted that ‘[i]ts weight in the travaux preparatoires seems, nonetheless, quite important’ because the conference agreed on the definition of ‘ship’ in light of this interpretation and it was published in the official records of the conference.405 The intention of the conference was to make the definition of ‘ship’

398 Martin Davies and Anthony Dickey, Shipping Law (2nd edn, LBC Information Services 1995) 8, cited in Esmaeili (n 66) 23. 399 See St John Pilot Commissioners and the Attorney-General for the Dominion of Canada v Cumberland Railway & Coal Co [1910] AC 208, 218, cited in Esmaeili (n 66) 23. 400 Great Belt [1991] ICJ Rep 12. 401 ‘The Memorial of the Government of the Republic of Finland’, Passage through the Great Belt (Finland v Denmark)(Provisional Measures) [1991] ICJ, December 1991, para 476. 402 See Esmaeili (n 66) 23. 403 Treves (n 389) 72, citing IMO, IMO Doc SUA/CONF/CW/WP.18 para 3. 404 The term ‘navigation’ has been judicially defined as the ‘nautical art or science of conducting a ship from one place to another’: Steedman v Scofield [1992] 2 Lloyd’s Rep 163, 166, quoted in Esmaeili (n 66) 23. In Dome Petroleum Ltd v N Bunker Hunt [1978] 1 FC 11 (TD), Dube J held that a ‘drilling system’ was not navigating as it performed its main function of drilling. 405 Treves (n 389) 72.

232

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

and the scope of application of the convention as wide as possible.406 However, the definition of ‘ship’ in the 1988 SUA Convention, and particularly the wide interpretation of the word ‘navigation’ to include mobile offshore installations that are operating on location, may create legal difficulties such as the conflicts of jurisdictions. Another issue that needs to be considered is whether the 1988 SUA Convention applies to fixed offshore installations that are in transit (e.g. under tow) from a place of construction to the intended place of emplacement. It can be argued that a fixed offshore installation under tow (i.e. not permanently attached to the seabed) could be considered to be ‘navigating’ and therefore would be within the scope of the 1988 SUA Convention. However, it is unlikely that a fixed offshore installation would be regarded as a ship even under the broad definition of ‘ship’ in Article 1 of the 1988 SUA Convention.407 The only case in which the 1988 SUA Convention would not apply is where the offence is committed within a coastal state’s territorial sea and the offenders were subsequently found within that state’s territory.408 5.1.2 Offences The 1988 SUA Convention lists a number of specific acts that constitute offences. The offences under the 1988 SUA Convention involve unlawful and intentional acts that endanger or are likely to endanger the safe navigation of the ship or mobile offshore installation. Specifically, offences are: seizure of or exercise of control over a ship by force or threat of force or any form of intimidation; violence against a person on board a ship; destruction of a ship or the causing of damage to a ship; placement on a ship of a device or substance that is likely to destroy or cause damage to that ship; destruction of, serious damaging of, or interference with maritime navigational facilities; and injuring or killing a person in connection with commission of any of the above acts.409 To constitute an offence under the 1998 SUA Convention, these acts of violence need to be ‘unlawful and intentional’ and, with the exception of the office in Article 3(1)(a), they have to be acts that ‘endanger or are likely to endanger the safe navigation’ of a ship.410 It is also an offence to attempt to commit any of the offences under the 1988 SUA Convention; abet the commission of any of those acts; or even threaten to commit an act of violence against a person on board, or threaten to damage or destroy a ship, or to destroy or seriously damage or interfere with

406 Ibid., citing IMO, International Conference on the Suppression of Unlawful Acts against the Safety of Maritime Navigation, IMO Doc SUA/CONF/CW/WP.18 (1–10 March 1988). 407 The WGOMC has noted that while it considered that the existing international legal framework covering ships would also apply to mobile offshore installations in transit, a fixed platform or a component, such as the caisson foundation of a GBS is unlikely to be regarded as a ship: WGOMC, ‘Commentary on May 2001 Draft UOC Convention’ (2004) 1 CMI Newsletter 13, 14. 408 UNCTAD (n 334) 17. 409 1988 SUA Convention art 3(1). Unlike the LOSC definition of piracy, there is no ‘two-ship requirement’ for offences under the 1988 SUA Convention, so an internal seizure of a mobile offshore installation is an offence under the 1988 SUA Convention. 410 1988 SUA Convention art 3(1).

233

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

navigational facilities.411 It is important to emphasise that these offences are equally applicable to ships and mobile offshore installations. Contracting states are required to make these acts criminal offences under their national law, punishable by appropriate penalties taking into account the grave nature of the offences.412 The 1988 SUA Convention, however, does not prescribe any specific penalties for any of these offences, which may result in lack of uniformity among the national laws with respect to penalties.413 5.1.3 Jurisdiction Contracting states to the 1988 SUA Convention have wide jurisdiction to deal with such offences, which can be based on flag, territoriality, nationality, habitual residence of the offender who is a stateless person, passive personality (i.e. state of nationality of the victim), and targeted state (i.e. state whose conduct the offenders seek to affect – protective principle).414 The 1988 SUA Convention provides for two types of jurisdiction: obligatory and discretionary. In some circumstances, states that have a connection with the offences listed in the 1988 SUA Convention have the obligation to assert their jurisdiction, while in other circumstances they have the option to assert jurisdiction.415 In particular, the flag state (i.e. state of registry), the state of nationality of the offender, and the state in whose territory or the territorial sea in which the offence is committed are required to establish jurisdiction over the offence.416 In contrast, the state of habitual residence of the offender who is a stateless person, the state of nationality of the victim, or the state whose conduct the offenders seek to affect are not required to establish jurisdiction over the offence, but have the option to do so.417 The 1988 SUA Convention does not specify whether a coastal state can assert jurisdiction over offences committed on board a mobile installation that is engaged in offshore operations on location. As noted by Treves, the travaux preparatoires of the 1988 SUA Convention indicate that a mobile installation operating on location could be considered to be a ship that is navigating (which seems to be an unusual definition of ‘navigation’).418 In this case, the flag state or the state of registry is required to establish jurisdiction over offences committed against or on board such an installation.419 At the same time, Article 60(2) of the LOSC provides that offshore installations operating on the continental shelf are subject to the exclusive jurisdiction

411 Ibid. art 3(2). It should be noted that it is not necessary for acts listed in paragraphs 2(a)–(c) of Article 3 to be ‘unlawful and intentional’ in order to constitute an offence under the 1988 SUA Convention. 412 1988 SUA Convention art 5. 413 UNCTAD (n 334) 17. 414 1988 SUA Convention art 6. See also Halberstam (n 316) 295–96. 415 See 1988 SUA Convention art 6. Article 6(1) uses the term ‘shall take such measures as may be necessary to establish jurisdiction’, while Article 6(2) uses the term ‘may also establish jurisdiction’ (emphasis added). See also Treves (n 389) 71. 416 1988 SUA Convention art 6(1). 417 Ibid. art 6(2). 418 Ibid. arts 1, 4(1); Treves (n 389) 72. 419 1988 SUA Convention art 6(1)(a).

234

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

of the coastal state, including criminal jurisdiction. This could result in the conflict of jurisdictions and it is not clear whether the rights of the coastal state or the flag state would prevail. 5.1.4 Arrest, extradition and prosecution Having established jurisdiction and upon being satisfied that the circumstances so warrant, a state party in the territory of which the alleged offender is present shall take him or her into custody.420 The state that has taken the alleged offenders into custody is required to immediately notify the states that have established jurisdiction under the 1988 SUA Convention. That state is required to make a preliminary inquiry into the facts, in accordance with its own legislation, and report its findings to the other states that have established jurisdiction and indicate whether it intends to exercise jurisdiction.421 Article 8 of the 1988 SUA Convention provides a mechanism for the master of a ship of a state party to hand the alleged offenders over to another state party.422 In such circumstances, the master of the ship should notify to the authorities of the receiving state the master’s intention to deliver the alleged offenders and reasons and furnish to the authorities any evidence in the master’s possession pertaining to the alleged offence.423 The receiving state is obliged to accept delivery unless it has grounds to consider that the 1988 SUA Convention is not applicable to the acts giving rise to the delivery.424 The 1988 SUA Convention also provides that if the alleged offenders are present in the territory of a state party, that state must take the alleged offenders into custody, and must either extradite them to another state party that has established jurisdiction over the offence, or prosecute them in its courts.425 This is commonly referred to as the ‘extradite or prosecute’ requirement, which will also apply in situations where the alleged offender has taken refuge in a state party. The ‘extradite or prosecute’ requirement is at the heart of the 1988 SUA Convention.426 Prior to the entry into force of the 1988 SUA Convention, jurisdiction to prosecute unlawful acts, such as those specified in the 1988 SUA Convention, rested solely with the flag state, whose national laws in many cases did not contain appropriate provisions to pursue prosecutions of such offences.427 Another important feature of the 1988 SUA Convention is that it itself provides the legal basis for extradition of alleged offenders to another state party,428 ‘so that extradition is possible even if there is no extradition treaty between the two states

420 421 422 8(1). 423 424 425 426 427 428

Ibid. art 7(1). Ibid. arts 7(2), (5). Kaye, ‘International Measures to Protect Oil Platforms’ (n 2) 391; 1988 SUA Convention arts 1988 SUA Convention arts 8(2), (4). Ibid. art 8(3). Ibid. arts 6(4), 7(1), 10. Halberstam (n 316) 292. Shaw (n 387) 8. 1988 SUA Convention art 11.

235

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK 429

parties’. State parties to the 1988 SUA Convention are also obliged to afford one another the greatest measure of cooperation in connection with criminal proceedings to prosecute the offenders, including assistance in obtaining evidence at their disposal.430 If the offender is found in another state party that is unable or unwilling to prosecute, and both the coastal state and the flag state request extradition, then the question is which state the offender should be extradited to, the flag state of a mobile offshore installation or the coastal state on whose continental shelf an offshore installation was operating when the offence was committed. Article 11(5) of the 1988 SUA Convention provides that in considering more than one request for extradition a state party should pay due regard to the interests and responsibilities of the flag state. However, a coastal state may have equal interests and responsibilities if the attack involves a mobile offshore installation.431 5.1.5 Enforcement Importantly, the 1988 SUA Convention does not directly deal with boarding of ships or mobile offshore installations. Instead, the issue of boarding is left ‘to be governed by the rules and principles of general international law’.432 The 1988 SUA Convention specifically provides that the rules of international law pertaining to the competence of states to exercise investigative or enforcement jurisdiction on board ships not flying their flag are not affected in any way.433 In the EEZ and on the high seas, this ‘would limit non-flag state intervention to acts covered under Article 110 of the [LOSC]’ (i.e. acts of piracy).434 Apart from piracy, if an offence were committed on board a mobile offshore installation while it is navigating, the coastal state would only have the right to take enforcement action when the installation is in its territorial sea (as well as the archipelagic waters or internal waters).435 In relation to mobile offshore installations operating at an offshore site in the EEZ and on the continental shelf, it appears that under the 1988 SUA Convention both the flag state and the coastal state may have a right to take enforcement action or conduct a rescue operation.436 The issue can be complicated even further when there is a duly established safety zone around a MODU or an FPSO. A coastal state could argue that it has exclusive jurisdiction to deal with the situation. If a coastal

429 Beckman (n 397) 189. 430 1988 SUA Convention art 12. Beckman (n 397) 189. 431 To resolve this conflict of jurisdiction, the flag state (i.e. state of registry) and the coastal state may need to negotiate and cooperate. 432 1988 SUA Convention preamble para 14. 433 Ibid. art 9. In this regard, Rothwell and Stephens have noted that enforcement under the 1988 SUA Convention ‘relies upon the traditional jurisdictional bases of nationality and territoriality’: Rothwell and Stephens (n 25) 163. 434 Kaye, ‘International Measures to Protect Oil Platforms’ (n 2) 391 (noting that this ‘deficiency was to some extent addressed by Article 8’ of the 1988 SUA Convention, which provides a mechanism for the master of a ship to deliver the alleged offenders to a state party other than the flag state). 435 However, the enforcement or boarding would still have to be done in accordance with Article 27 of the LOSC. See Ronzitti, ‘The Law of the Sea and the Use of Force’ (n 117) 5. 436 The flag state would have jurisdiction pursuant to Article 6(1) of the 1988 SUA Convention and the coastal state would have jurisdiction pursuant to Article 60(2) of the LOSC.

236

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

state is not a party to the 1988 SUA Convention, then there will be no obligation to extradite the offender to the flag state even if the coastal state is unable or unwilling to prosecute the offender. Although the 1988 SUA Convention was adopted to address unlawful acts against ships, as demonstrated in the above analysis, it applies to mobile offshore installations. However, what is not clear is whether the 1988 SUA Convention applies to mobile offshore installations operating on location or only to mobile offshore installations that are ‘navigating or scheduled to navigate’. 5.2 SUA Protocol 1988 Concerns about acts of terrorism also extended to fixed offshore installations,437 but the 1988 SUA Convention did not address fixed offshore installations. Therefore, it was felt necessary to develop the 1988 SUA Protocol, which is complementary to the 1988 SUA Convention, but deals specifically with unlawful acts against fixed offshore installations. The 1988 SUA Protocol essentially extended the requirements of the 1988 SUA Convention to fixed offshore installations.438 5.2.1 Application to offshore installations The 1988 SUA Protocol applies to fixed offshore installations only, which are defined as ‘an artificial island, installation or structure permanently attached to the seabed for the purpose of exploration or exploitation of resources or for other economic purposes’.439 This definition effectively covers all types of fixed offshore installations including fixed offshore oil terminals. The term ‘permanently attached to the seabed’ in Article 1(3) indicates that even those mobile oil rigs that may be fixed to the seabed temporarily to conduct drilling operations (such as jack-up rigs) are excluded from the application of the 1988 SUA Protocol.440 Furthermore, fixed offshore installations that are in transit from a place of construction to the intended place of destination would also be excluded from the application of the 1988 SUA Protocol. The scope of application of the 1988 SUA Protocol is limited to fixed offshore installations located on the continental shelf.441 The 1988 SUA Protocol does not apply to offshore installations located in the internal waters, the territorial sea, the archipelagic waters, and on the seabed beyond national jurisdiction of the coastal state. The reason for excluding offshore installations located in the internal waters,

437 Natalino Ronzitti, ‘The Prevention and Suppression of Terrorism Against Fixed Platforms on the Continental Shelf’ in Natalino Ronzitti (ed.), Maritime Terrorism and International Law (Martinus Nijhoff 1990) 91, 91. 438 Rupert Herbert-Burns, ‘Tankers, Specialized Production Vessels, and Offshore Terminals: Vulnerability and Security in the International Maritime Oil Sector’ in Rupert Herbert-Burns, Sam Bateman and Peter Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2009) 133, 140. 439 1988 SUA Protocol art 1(3). Mobile offshore installations that are not engaged in offshore operations on location are covered by the 1988 SUA Convention. 440 Mobile drilling rigs that are temporarily attached to the seabed would be considered to be ships for the purposes of the 1988 SUA Convention. 441 1988 SUA Protocol art 1(1).

237

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

the territorial sea and the archipelagic waters might be because those waters are subject to sovereignty of the coastal state and the offences committed against such offshore installations would be dealt with under the domestic law of the coastal state. The reason for excluding offshore installations located on the seabed beyond national jurisdiction might be because no such installations exist, and also due to the difficulty of determining which state is ‘competent to exercise criminal jurisdiction over such platforms’.442 However, by virtue of Article 1(2), the 1988 SUA Protocol can apply to fixed offshore installations located in the internal waters or the territorial sea of a coastal state, in situations where the offender escapes to the territory of another state party.443 The archipelagic waters are not mentioned, which means that the 1988 SUA Protocol will not apply where a person commits an offence against an installation in the archipelagic waters of an archipelagic state and then escapes to a territory of another state party.444 5.2.2 Offences Article 2 of the 1988 SUA Protocol lists acts against fixed offshore installations that constitute offences.445 The offences are: seizure of or exercise of control over a fixed platform by force or threat of force or any form of intimidation; violence against a person on board a fixed platform; destruction of a platform or the causing of damage to a platform; placement on a platform of a device or substance that is likely to destroy or cause damage to that platform; and injuring or killing a person in connection with commission of any of the acts aimed at destroying or endangering the safety of a platform.446 There is also a requirement for offences in Article 2(1) of the 1988 SUA Protocol that the person acts ‘unlawfully and intentionally’ and, for the acts listed in Articles 2(1)(b)–(d) there is a requirement that such acts against a platform are ‘likely to endanger its safety’.447 It is also an offence to attempt to commit any of the acts that constitute offences under the protocol; abet the commission of any of those acts; or even threaten to commit an act of violence against a person on board an offshore installation, or threaten to damage or destroy a platform.448 The requirement of the 1988 SUA Convention to make the offences punishable by appropriate penalties under national law applies, mutatis mutandis, to the offences of the 1988 SUA Protocol.449

442 Ronzitti, ‘The Prevention and Suppression of Terrorism Against Fixed Platforms’ (n 437) 93. 443 1988 SUA Protocol art 1(2); Kaye, ‘International Measures to Protect Oil Platforms’ (n 2) 391. 444 This omission of the archipelagic waters is a potential loophole and a limitation of the 1988 SUA Protocol. 445 1988 SUA Protocol art 2(1). The offences are very similar to those in the 1988 SUA Convention. 446 Ibid. 447 Ibid. 448 Ibid. art 2(2). It is not necessary for acts listed in paragraphs 2(a)–(c) of Article 2 to be ‘unlawful and intentional’ in order to constitute an offence under the 1988 SUA Protocol. 449 1988 SUA Protocol art 1(1). Article 1(1) provides that the provisions of Articles 5 and 7 and Articles 10 to 16 of the 1988 SUA Convention apply, mutatis mutandis, to the offences listed in the 1988 SUA Protocol.

238

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

5.2.3 Jurisdiction The jurisdictional grounds under the 1988 SUA Protocol are also relatively wide, and can be based on principles of territoriality (i.e. coastal state), nationality, habitual residence of the offender who is a stateless person, passive personality and targeted state (i.e. state whose conduct the offenders seek to affect).450 Similarly to the 1988 SUA Convention, the 1988 SUA Protocol provides for two types of jurisdiction: obligatory and discretionary.451 The coastal state on whose continental shelf an offshore installation is located has the obligation to establish jurisdiction over offences, and the state of nationality of the offender has the obligation to establish jurisdiction over offences committed even if the offence had been committed against an offshore installation located on the continental shelf of another state party.452 The issue is that Article 60(2) of the LOSC provides that the coastal state has exclusive jurisdiction over offshore installations on its continental shelf, which suggests that there may be a conflict of jurisdictions between the coastal state and the state of nationality of the offender. The state of habitual residence of the offender who is a stateless person, the state of nationality of the victim, or the state whose conduct the offenders seek to affect are not required to establish jurisdiction over the offence, but have the option to do so.453 It has been noted that when a state operates a fixed offshore installation on the continental shelf of a coastal state, the state that operates the installation may be able to rely on the right of self-defence if it sought to rescue its nationals on board the offshore installation if they were being held hostage.454 In any case, regardless of who operates an offshore installation, the LOSC provides that the coastal state has exclusive jurisdiction over fixed offshore installations in the EEZ and on the continental shelf, and the third state would not have the right to intervene.455 5.2.4 Arrest, extradition and prosecution The provisions on taking the alleged offenders into custody, the ‘extradite or prosecute’ requirement and provisions on cooperation in criminal proceedings of the 1988 SUA Convention apply, mutatis mutandis, to the 1988 SUA Protocol.456 It is not clear whether offences against offshore installations located on the continental shelf of a state which is not a state party to the 1988 SUA Protocol are to be punished.457 The 1988 SUA Protocol does not exclude the application of national criminal laws of the contracting states,458 which means that grounds for the

450 1988 SUA Protocol arts 3(1), (2). 451 Article 3(1) of the 1988 SUA Protocol provides that each state party ‘shall take such measures as may be necessary to establish jurisdiction’, while Article 3(2) of the 1988 SUA Protocol provides that each state party ‘may also establish jurisdiction’ (emphasis added). See also Halberstam (n 316) 295. 452 1988 SUA Protocol art 3(1). 453 Ibid. art 3(2). 454 Klein (n 126) 103, citing Ronzitti, ‘The Law of the Sea and the Use of Force’ (n 117) 6–7. 455 See LOSC art 60. 456 1988 SUA Protocol art 1(1). Article 1(1) provides that the provisions of Articles 5 and 7 and Articles 10 to 16 of the 1988 SUA Convention apply, mutatis mutandis, to the offences listed in the 1988 SUA Protocol. 457 Ronzitti, ‘The Prevention and Suppression of Terrorism Against Fixed Platforms’ (n 437) 94. 458 1988 SUA Protocol art 3(5).

239

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

establishment of jurisdiction listed in Article 3 of the 1988 SUA Protocol do not exclude any criminal jurisdiction exercised in accordance with national law. 5.2.5 Enforcement Similarly to the 1988 SUA Convention, the 1988 SUA Protocol does not address the issue of boarding fixed offshore installations when the jurisdiction might be asserted by a state other than a coastal state on whose continental shelf an installation is located.459 The Preamble affirms that ‘matters not regulated by this Protocol continue to be governed by the rules and principles of general international law’.460 It is also explicitly stated in Article 4 that the 1988 SUA Protocol does not ‘affect in any way the rules of international law pertaining to fixed platforms located on the continental shelf’.461 This suggests that the LOSC rules continue to apply which means that fixed offshore installations on the continental shelf are subject to exclusive jurisdiction of the coastal state.462 Therefore, another state cannot claim to have a right to board an installation based on the jurisdiction it established over the offence. This includes a scenario where a state other than the coastal state intends to carry out an assault and rescue operation to free its nationals held hostage by terrorists. Under the 1988 SUA Protocol and the LOSC, this would not be regarded as a lawful action. 5.3 Issues applicable to both 1988 SUA Treaties The 1988 SUA Treaties were the first international legal instruments that specifically addressed the issue of violent unlawful acts committed against offshore installations. They deal with jurisdictional and enforcement aspects relating to unlawful violent acts against ships or offshore installations. The 1988 SUA Treaties operate on the basis that state parties are required to legislate against the unlawful acts described in these treaties and establish jurisdiction to prosecute in certain situations, despite the fact that the alleged offences were committed outside their territory. Klein has noted that this regime demonstrates that ‘there has been a certain degree of consensus in addressing one of the key maritime security threats in relation to the exploration and exploitation of the continental shelf’,463 presumably referring to maritime terrorism. However, one of the key advantages and the important utility of the 1988 SUA Treaties is that the range of offences in these legal instruments covers various offshore security threats, not just terrorism. The motivation of the offenders or the purpose for which the acts are undertaken is irrelevant for the purposes of both the 1988 SUA Convention and the 1988 SUA Protocol,464 which makes it possible to invoke the provisions of these legal instruments to punish violent acts committed by various types of perpetrators regardless of their motivations,

459 460 461 462 463 464

See Kaye, ‘International Measures to Protect Oil Platforms’ (n 2) 393. 1988 SUA Protocol preamble para 5. Ibid. art 4. LOSC art 60(2). Klein (n 126) 104. Kaye, ‘International Measures to Protect Oil Platforms’ (n 2) 390.

240

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

intentions or affiliations. In other words, the 1988 SUA Treaties can apply to different types of offshore security threats discussed in Chapter 3, including piracy, terrorism, insurgency, organised crime, vandalism, civil protest (if civil protest involves violence), as well as internal sabotage including supplying sensitive or confidential information to external adversaries.465 In terms of attack scenarios, most of the scenarios of attacks on and interferences with fixed and mobile offshore oil and gas installations discussed in Chapter 4 would be regarded as offences under the 1988 SUA Treaties. More specifically, these would include a bomb threat, detonation of explosives or bombs, underwater attack, use of stand-off weapons, armed intrusion and seizure of an offshore installation, hostage taking and kidnapping of offshore workers, use of transport infrastructure as a weapon against an offshore installation, disclosure of confidential information that may assist perpetrators in carrying out or planning an attack, and even attempted and unsuccessful attacks.466 It is not clear whether an act of sabotage on board offshore installations, cyber attacks against offshore installations, or protests and demonstrations involving offshore installations would constitute offences under the 1988 SUA Treaties. It is possible that an act of sabotage, cyber attack or a protest involving an offshore installation would be regarded as offences under the 1988 SUA Treaties if an act of sabotage or a cyber attack causes damage to an offshore installation, or if protests and demonstrations involve violence and are likely to endanger the safety of an offshore installation or navigation.467 The 1988 SUA Treaties do have several unresolved issues and limitations that could potentially be exploited by perpetrators of unlawful acts. In particular, these limitations relate to the enforcement action in terms of the international rules on interdiction and boarding of foreign flagged ships and offshore installations. The 1988 SUA Treaties do not give any additional powers to states to interdict and board ships and offshore installations and arrest offenders. The principles of flag state control and coastal state exclusive jurisdiction are preserved in the 1988 SUA Treaties. The fundamental purpose of the 1988 SUA Treaties is ‘to ensure that sufficient and appropriate action is taken against those who have committed unlawful acts against vessels and offshore oil and gas infrastructure’;468 so the ‘extradite or prosecute’ requirement is at the heart of the 1988 SUA Treaties.469 Importantly, the 1988 SUA Treaties do not address the protection of offshore installations in the sense of prevention of unlawful acts before they occur. Although the titles of the 1988 SUA Treaties suggest that these conventions are for the suppression of violent acts, they mainly deal with enforcement of offences and punishment of unlawful

465 Under Article 3(2)(b) of the 1988 SUA Convention, a person supplying confidential or sensitive information about a mobile offshore installation may be regarded as abetting the commission of an offence or considered an accomplice of an offender, which is in itself an offence under the 1988 SUA Convention. 466 See 1988 SUA Convention art 3; 1988 SUA Protocol art 2. 467 Sabotage and cyber attacks are probably within the scope of the offences listed in Article 3(1)(c) of the 1988 SUA Convention and Article 2(1)(c) of the 1988 SUA Protocol. 468 Herbert-Burns (n 438) 141. 469 Halberstam (n 316) 292.

241

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

activities that have already been committed or are in the process of being committed. The 1988 SUA Convention encourages cooperation between states in adopting effective and practical measures to combat and prevent unlawful acts against the safety of navigation,470 but their ‘operative provisions deal not so much with the suppression of such acts, as with the apprehension, conviction and punishment of those who commit them’.471 Apart from a short remark in Preamble, there is only one provision that directly addresses the prevention or suppression. Article 13(1) of the 1988 SUA Convention, which applies mutatis mutandis to the 1988 SUA Protocol, provides that all contracting states should cooperate in the prevention of such offences particularly by: taking all practicable measures to prevent preparations in their respective territories for the commission of those offences within or outside their territories and exchanging information in accordance with their national law, and co-ordinating administrative and other measures taken as appropriate to prevent the commission of offences [under the 1988 SUA Convention].472

The 1988 SUA Convention also provides that any state party that has reason to believe that an offence will be committed shall promptly furnish ‘any relevant information in its possession to those States which it believes would be the States having established jurisdiction’.473 The 1988 SUA Treaties do not directly deal with violent acts attributable to states and committed during peace time (such as state or state-sponsored terrorism), and it is not clear whether such state actions fall within the scope of these treaties.474 However, the use of the words ‘any person’ with respect to offences listed in the 1988 SUA Treaties,475 suggests that an individual who commits an offence acting under the orders of a state (covert or overt) would be subject to the 1988 SUA Treaties and therefore should be punished.476 In such circumstances, it is a person that would be the offender and there will not be any state responsibility for such actions. This also means that the threat to offshore installations posed by inter-state hostilities is not addressed by the 1988 SUA Treaties, but will probably be governed by other principles of international law such as the law of self-defence and use of force.477 Overall, it can be said that the 1988 SUA Convention and the 1988 SUA Protocol together represent an improvement in the international regulatory framework for the security of offshore installations. The rationale behind these legal instruments is that if a large number of states in a particular region or globally are parties to the 1988 SUA Treaties, persons who commit an offence will have little or no place of refuge; and if they enter the territory of any state party they will be taken into custody

470 1988 SUA Convention preamble para 7. 471 Halberstam (n 316) 292. 472 1988 SUA Convention art 13(1) (emphasis added). 473 Ibid. art 14. This provision also applies mutatis mutandis to the 1988 SUA Protocol. 474 Ronzitti, ‘The Prevention and Suppression of Terrorism Against Fixed Platforms’ (n 437) 96. 475 1988 SUA Convention art 3; 1988 SUA Protocol art 2. 476 Halberstam (n 316) 305–306. There were proposals by Kuwait and Saudi Arabia to insert provisions relating to state-sponsored terrorism, but these proposes were not accepted: at 306. 477 See 1988 SUA Convention preamble, para 14; 1988 SUA Protocol preamble, para 5.

242

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

and, subsequently, will either be prosecuted in that state party or extradited to another state party.478 States that are not parties to the 1988 SUA Treaties may still rely on their general exercise jurisdiction over offshore installations, but the 1988 SUA Treaties ensure that state parties have the ‘prosecute or extradite’ obligation in respect of enforcement.479 Despite the obvious benefits of the 1988 SUA Treaties in combating maritime security threats, prior to 9/11 states were slow in becoming parties to these conventions.480 After the events of 9/11 the IMO urged states to ratify the 1988 SUA Treaties, and since then the number of contracting states has increased significantly. As of 5 November 2015, there were 166 contracting states to the 1988 SUA Convention representing approximately 94.4 per cent of the gross tonnage of the world’s merchant fleet, and 155 contracting states to the 1988 SUA Protocol representing approximately 94.1 per cent of the gross tonnage of the world’s merchant fleet.481 The analysis of ratifications of the 1988 SUA Treaties reveals that both the 1988 SUA Convention and the 1988 SUA Protocol have been ratified or acceded to by most of the world’s largest flag states (by gross tonnage),482 most of the major seafarer-supplying states,483 and most of the major petroleum producing states.484 The analysis of ratifications ‘by region’ shows that the 1988 SUA Treaties are popular in most of the major offshore oil and gas producing areas/regions including the Persian Gulf,485 the Gulf of Guinea,486 the Gulf of Mexico,487 the

478 Beckman (n 397) 189. 479 Catherine Redgwell, ‘International Energy Security’ in Barry Barton et al. (eds), Energy Security: Managing Risk in a Dynamic Legal and Regulatory Environment (Oxford University Press 2004) 3, 26. 480 As at 9/11, there were only 57 contracting states to the 1988 SUA Convention and 51 contracting states to the 1988 SUA Protocol. 481 IMO, Status of Multilateral Conventions and Instruments in Respect of Which the International Maritime Organization or Its Secretary-General Performs Depository or Other Functions as at 5 November 2015 (2015) 420, 437. 482 Seventeen of the 19 world’s largest flag states are the contracting parties to both the 1988 SUA Convention and the 1988 SUA Protocol including Antigua and Barbuda, Bahamas, China, Cyprus, Germany, Greece, Italy, Japan, Liberia, Malta, Marshall Islands, Norway, Panama, Saint Vincent and the Grenadines, Singapore, South Korea, and the UK. 483 Eighteen of the 19 world’s largest suppliers of seafarers are contracting states to both the 1988 SUA Convention and the 1988 SUA Protocol including Brazil, Canada, China, Croatia, Egypt, Greece, Honduras, India, Italy, Japan, Latvia, Myanmar, Philippines, Russia, Turkey, UK, Ukraine and US. 484 The major petroleum producing states that are parties to both the 1988 SUA Convention and the 1988 SUA Protocol are: Algeria, Argentina, Australia, Azerbaijan, Brazil, Canada, China, Egypt, India, Iran, Kazakhstan, Kuwait, Libya, Mexico, the Netherlands, Nigeria, Norway, Oman, Pakistan, Qatar, Russia, Saudi Arabia, Trinidad and Tobago, Turkmenistan, UK, UAE, US and Uzbekistan. Iraq is a contracting state to the 1988 SUA Convention, but not to the 1988 SUA Protocol. The major oil producers that are not parties to the 1988 SUA Treaties are: Angola, Indonesia, Malaysia and Venezuela. 485 In the Persian Gulf region, state parties to both the 1988 SUA Convention and the 1988 SUA Protocol are Bahrain, Iran, Kuwait, Oman, Qatar, Saudi Arabia and UAE. Iraq is a party to the 1988 SUA Convention, but not to the 1988 SUA Protocol. 486 In the Gulf of Guinea region, the contracting states to both the 1988 SUA Convention and the 1988 SUA Protocol are: Benin, Côte D’Ivoire, Equatorial Guinea, Ghana, Nigeria and Togo. Cameroon and Gabon are not parties to either the 1988 SUA Convention or the 1988 SUA Protocol. 487 In the Gulf of Mexico region, Bahamas, Costa Rica, Cuba, El Salvador, Guatemala, Jamaica, Mexico, Nicaragua, Panama and US are contracting states to both the 1988 SUA Convention and the 1988 SUA Protocol, while Belize, Cayman Islands, Colombia, Haiti and Venezuela are not contracting states to either the 1988 SUA Convention or the 1988 SUA Protocol.

243

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK 488

Mediterranean Sea, the North Sea,489 the South and East China Seas490 and the Caspian Sea.491 In general, ratifications clearly show that the 1988 SUA Treaties have become widely accepted globally, which (in theory) suggests that the international legal framework for bringing to justice and punishing those who commit unlawful violent acts against vessels and offshore installations is already in place. However, effectiveness of the SUA framework depends upon individual states complying with their obligations and making the offences punishable under their national laws.492 6 Other pre-9/11 regulatory security measures and initiatives In addition to the international conventions discussed above, several other regulatory initiatives with some relevance to the protection and security of offshore installations had been taken by international organisations including the UN, IMO and the Comité Maritime International (CMI). In the 1970s and 1980s, the IMO adopted several resolutions relating to the safety of offshore installations and safety of navigation493 that attempted to address the risks and dangerous consequences of collisions of ships with offshore installations.494 These IMO resolutions primarily focus on safety zones around offshore installations and ships’ routeing measures. In the late 1990s, the CMI started working on the development of measures for the criminal prosecution of cases of piracy and armed robbery, which ultimately resulted in the production of the model national law on piracy and other maritime violence in 2001. In addition, while not specific to maritime affairs, the UN conventions against hostage-taking and transnational organised crime adopted in 1979 and in

488 In the Mediterranean Sea region, Albania, Algeria, Bosnia and Herzegovina, Croatia, Cyprus, Egypt, France, Greece, Israel, Italy, Lebanon, Libya, Malta, Monaco, Montenegro, Morocco, Portugal, Slovenia, Spain, Syria, Tunisia, Turkey are contracting states to both the 1988 SUA Convention and the 1988 SUA Protocol. 489 In the North Sea region, Belgium, Denmark, France, Germany, the Netherlands, Norway, Sweden and UK are contracting states to both the 1988 SUA Convention and the 1988 SUA Protocol. 490 In the South and East China Seas region, the contracting states to both the 1988 SUA Convention and the 1988 SUA Protocol are: Brunei, Cambodia, China, Japan, Laos, the Philippines, Singapore, South Korea and Vietnam. Indonesia, Malaysia, North Korea, Taiwan, and Thailand, are not parties to either the 1988 SUA Convention or the 1988 SUA Protocol. 491 In the Caspian Sea region, all coastal states: Azerbaijan, Iran, Kazakhstan, Russia, and Turkmenistan are contracting parties to both the 1988 SUA Convention and the 1988 SUA Protocol. 492 A survey of national legislation on piracy conducted by the IMO Secretariat in 2009 has shown that most contracting states have legislation in place implementing the compulsory establishment of jurisdiction required by Article 6(1) of the 1988 SUA Convention, but there appears to be a lack of establishment of facultative (or optional) jurisdiction authorised in Article 6(2) of the 1988 SUA Convention: IMO, Report of the Legal Committee on the Work of Its Ninety-Sixth Session, LE.G. 96th Session, Agenda Item 13, IMO Doc LEG 96/13 (14 October 2009) 17. 493 These include: IMO Resolution A.341(IX) of 1975 on Recommendation on Dissemination of Information, Charting and Manning of Drilling Rigs, Production Platforms and Other Similar Structures; IMO Resolution A.379(X) of 1977 on Establishment of Safety Zones and Fairways or Routeing Systems in Offshore Exploration Areas; IMO Resolution A.572(14) of 1985 on General Provisions on Ships’ Routeing; IMO Resolution A.621(15) of 1987 on Measures to Prevent Infringement of Safety Zones around Offshore Installations or Structures; and IMO, Resolution A.671(16) of 1989 on Safety Zones and Safety of Navigation around Offshore Installations and Structures.

244

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

2000 respectively, are also relevant to the protection of offshore installations. All of these initiatives will be now be briefly discussed in the context of offshore installations. 6.1 IMO Resolution A.671(16) The principal IMO resolution dealing with safety zones around offshore oil and gas installations is Resolution A.671(16) adopted on 19 October 1989, which contains recommendations on various measures to prevent the infringement of safety zones around offshore installations and structures.495 Although not legally binding, Resolution A.671(16) illustrates the IMO’s standpoint and concern relating to infringements of safety zones around offshore installations. Resolution A.671(16) provides that governments should take all necessary steps to ensure that ships flying their flags do not enter or pass through duly established safety zones unless specifically authorised to do so.496 Resolution A.671(16) further provides that flag states should, if necessary, take appropriate measures to ensure that suitable procedures exist to take action against owners, masters or other persons responsible for the conduct of any ship that commits an infringement of duly established safety zones.497 The annex to Resolution A.671(16) provides recommendations for coastal states in relation to dissemination of information essential for the safety of navigation by appropriate means, including information with respect to the locations or intended locations of offshore structures including the breadth of safety zones established around them and rules that apply therein as well as any available fairways and routeing systems.498 It is also recommended that coastal states should require offshore installations, including MODUs, to provide advance notice of any change of their locations and take certain measures to prevent infringement of safety zones such as effective lighting, sound signals, radar watch and permanent visual lookout.499 Furthermore, any features of a sufficiently permanent nature, such as permanent installations or structures, bottom obstructions, pipelines, navigational marks and prohibited areas, should be shown on all appropriate navigational charts.500 Vessels navigating in the vicinity of offshore installations are required, among other things, to use established routeing systems, navigate with caution and due consideration to safe speed and safe passing distances, take into account weather conditions and the presence of other vessels, and maintain continuous listening watch on the navigating bridge.501 The annex to Resolution A.671(16) also specifies evidentiary material that can be provided by a coastal state to a flag state in order to substantiate the

494 See Honein (n 71) 48. 495 IMO, Safety Zones and Safety of Navigation (n 183). Resolution A.671(16) revokes and replaces IMO Assembly resolutions A.341(IX), A.379(X) and A.621(15). 496 IMO, Safety Zones and Safety of Navigation (n 183) para 1(d). 497 Ibid. para 2. 498 Ibid. annex paras 1.1, 4.1, 4.2. 499 Ibid. paras 1.2, 1.3. 500 Ibid. para 5.1. 501 Ibid. paras 2.1–2.4.

245

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

allegations of infringement and assist in the investigation and prosecution of an infringement.502 Clearly, Resolution A.671(16) pertains to the protection of offshore installations, but its emphasis is placed on safety rather than security. Resolution A.671(16) does provide that coastal states can take enforcement action against foreign ships for infringement of regulations relating to safety zones around offshore installations under its jurisdiction, but any such action must be in accordance with international law,503 particularly the LOSC. The difficulty with this and other IMO resolutions is that they are not legally binding on states and serve only as recommendations.504 Resolution A.671(16) does not give any additional powers to coastal states to take enforcement action against foreign ships for infringements of safety zones around offshore installations. Nor does it allow coastal states to respond immediately to foreign ships that pose potential or imminent threats to an offshore installation.505 6.2 IMO General Provisions on Ships’ Routeing In the context of offshore oil and gas installations security, it is important to discuss how ships’ routeing measures can be used by coastal states for the purposes of protecting offshore installations. The principal IMO resolution dealing with ships’ routeing is Resolution A.572(14) adopted on 20 November 1985. The primary purpose of ships’ routeing is the improvement of navigation and protection of the environment and must be approved by the IMO prior to implementation.506 The processes adopted by the IMO in assessing applications for ships’ routeing are set out in General Provisions on Ships’ Routeing (GPSR).507 There are a number of routeing systems that can be put in place to address specific navigation or environmental risks. These include traffic separation schemes, recommended routes and precautionary areas. Any application would need to identify and justify the use of particular routeing systems appropriate to the situation.508 Therefore

502 Ibid. paras 3.1, 3.2. 503 Ibid. para 3.1. 504 Esmaeili (n 66) 132. 505 Simon Williams, ‘Offshore Installations: Practical Security and Legal Considerations (Center for International Maritime Security, 11 October 2013) [26] http://cimsec.org/offshore-installations-practicalsecurity-legal-considerations/ accessed 1 December 2015. 506 SOLAS Convention, regs V/10.2 and V/10.4; IMO, General Provisions on Ships’ Routeing, annexed to IMO Resolution A.572(14), Assembly, IMO Doc A Res.A.572(14) (20 November 1985) para 1.1. The objectives of ships’ routeing are set out in paragraph 1.1 of General Provisions on Ships’ Routeing: The purpose of ships’ routeing is to improve the safety of navigation in converging areas and in areas where the density of traffic is great or where freedom of movement of shipping is inhibited . . . Ships’ routeing may also be used for the purpose of preventing or reducing the risk of pollution or other damage to the marine environment caused by ships colliding or grounding in or near environmentally sensitive areas.

507 IMO, General Provisions on Ships’ Routeing (n 506). 508 IMO, Guidance Note on the Preparation of Proposals on Ships’ Routeing Systems and Ship Reporting Systems for Submission to the Sub-Committee on Safety of Navigation, MSC Circular 1060, IMO Doc MSC/ Circ 1060 (6 January 2003) para 3.1. In selecting a particular routeing system, paragraph 5.1 gives guidance:

246

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

the establishment of any routeing systems would need to be addressed in light of the provisions of GPSR.509 One of the identified routeing systems in GPSR is a ‘precautionary area’, which may be established in areas of high concentration of offshore installations. The ‘precautionary area’ is defined as ‘a routeing measure comprising an area within defined limits where ships must navigate with particular caution and within which the direction of traffic flow may be recommended’.510 Precautionary areas have been used where there are not only navigation risks, but also environmental risks. If a precautionary area was sought solely on the grounds of security, the result would be questionable since GPSR requirements clearly indicate that precautionary areas should deal with matters of safety of navigation and environmental risk.511 In considering the approval of such schemes the IMO would have to be convinced of the need for such a scheme on navigational grounds and that it does not impose unnecessary constraints on shipping.512 The establishment of recommended routes is a widely used measure for reducing navigation and environmental risks. As with precautionary areas, a proposal for vessel traffic management schemes around offshore installations simply for the purpose of increasing the security of the offshore installations would be unlikely to be approved in the absence of navigational or environmental risks. Another ships’ routeing measure provided for in the identified routeing systems in GPSR is an ‘area to be avoided’, which is defined in paragraph 2.1.13 of GPSR as a ‘routeing measure comprising an area within defined limits in which either navigation is particularly hazardous or it is exceptionally important to avoid casualties and which should be avoided by all ships, or certain classes of ship’.513 In determining whether or not to agree to a request by a coastal state to establish an area to be avoided, GPSR gives clear guidance, and states in paragraph 5.5: When establishing areas to be avoided by all ships or by certain classes of ship, the necessity for creating such areas should be well demonstrated and the reasons stated. In general, these areas should be established only in places where inadequate survey or insufficient provision of aids to navigation may lead to danger of stranding, or where local knowledge is considered essential for safe passage, or where there is the possibility that unacceptable damage to the environment could result from a casualty, or where there might be hazard to a vital aid to navigation. These areas shall not be regarded as prohibited areas unless specifically so stated; the classes of ship which should avoid the areas should be considered in each particular case.514

The routeing system selected for a particular area should aim at providing safe passage for ships through the area without unduly restricting legitimate rights and practices, and taking account of anticipated or existing navigational hazards.

509 Kashubsky and Morrison (n 1) 5. 510 IMO, General Provisions on Ships’ Routeing (n 506) para 2.1.12. 511 Other suggested vessel traffic management schemes are again primarily designed for navigational safety in areas of heavy traffic and narrow straits to avoid collisions and other maritime casualties: IMO, General Provisions on Ships’ Routeing (n 506) paras 1.1, 2.1.1. 512 Ibid. para 3.7. 513 IMO, General Provisions on Ships’ Routeing (n 506) para 2.1.13. 514 Ibid. para 5.5.

247

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

Deliberations by the then IMO Sub-Committee on Safety of Navigation (NAV) clearly show the reluctance to recommend approval of an ‘area to be avoided’ except where the applicant has clearly shown that it is needed to assist navigation or to protect the environment.515 This is particularly true in proposals for mandatory ‘area to be avoided’. The NAV warned that any future requests for mandatory ‘area to be avoided’ should be treated ‘with caution’.516 In the majority of approved ‘areas to be avoided’ the reason given for their establishment is to avoid damage to the environment. Other reasons include navigational safety in narrow straits, as an associated protection measure included in declarations of Particularly Sensitive Sea Areas.517 In relation to offshore installations, ‘areas to be avoided’ have been used for both navigational and environmental reasons in Bass Strait, the approaches to four deepwater ports off the US, and around offshore installations in the Campos Basin off Brazil.518 Any proposal for an ‘area to be avoided’ would need to show why it was necessary on navigation and environmental grounds.519 Paragraph 5.5 of GPSR makes no reference to the creation of an ‘area to be avoided’ simply as a security measure against offshore security threats and unlawful acts. Even in proposals covering offshore installations, the main concern is the possibility of a collision by a ship and not for ensuring the security of the installation against attack. It has been argued that an ‘area to be avoided’ designed to protect the offshore installation could be justified as being necessary to protect the environment from pollution that could flow from an attack.520 However, in light of the history of approvals and the clear reluctance of the IMO to approve ‘areas to be avoided’ that might unduly affect freedom of navigation, the chances of success of such an application without any other navigational or environmental basis would probably be slim. The coastal state would have to demonstrate that the proposed size of an ‘area to be avoided’ is necessary to achieve the purpose of the ‘area to be avoided’. Each proposal for an ‘area to be avoided’ would require a specific consideration of its size.521 It should be noted that paragraph 6.3 of GPSR states: The configuration and length of routeing systems which are established to provide for an unobstructed passage through offshore exploration and exploitation areas may be different from the dimensions of normally established systems if the purpose of safeguarding a clear passage warrants such special features.522

515 IMO, Routeing of Ships, Ship Reporting and Related Matters – Area Proposed to be Avoided, NAV, 49th Session, Agenda Item 3, IMO Doc NAV 49/3 (16 January 2003). 516 IMO, Report to the Maritime Safety Committee, NAV 49th Session, Agenda Item 19, IMO Doc NAV 49/19 (28 July 2003) para 3.28. 517 Julian Roberts, Marine Environment Protection and Biodiversity Conservation – The Application and Future Development of the IMO’s Particularly Sensitive Sea Area Concept (Springer 2007) 120–22. 518 Kashubsky and Morrison (n 1) 6. 519 SOLAS Convention reg V/10.1; IMO, General Provisions on Ships’ Routeing (n 506) para 2.1.13. 520 Harel (n 85) 180–82. 521 IMO, Guidance Note on the Preparation of Proposals on Ships’ Routeing Systems and Ship Reporting Systems for Submission to the Sub-Committee on Safety of Navigation, IMO Doc MSC/Circ 1060 (6 January 2003) para 3.1. 522 IMO, General Provisions on Ships’ Routeing (n 506) para 6.3.

248

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

Since the view taken by the NAV in the Poor Knights Islands application was that any mandatory ‘area to be avoided’ must be treated with caution, the chances of success of any application for a mandatory ‘area to be avoided’ solely on the grounds of security of offshore installations will be highly questionable. Unless the IMO can be convinced of the validity of the argument that an ‘area to be avoided’ purely for security of the offshore installation could be necessary to prevent pollution of the marine environment or improve safety of navigation, any proposal to introduce such measures solely for the protection of offshore installations from attacks and unlawful interferences would be unlikely to receive the approval of the IMO. Any attempt to create and enforce such an ‘area to be avoided’ without the IMO’s approval would be an interference with freedom of navigation and thereby contrary to international law of the sea.523 The above analysis shows that the various ships’ routeing measures would be unlikely to gain the approval of the IMO if proposed solely for security purposes, in the absence of concurrent navigational or environmental factors. 6.3 Convention against the Taking of Hostages 1979 Foreign nationals working on board offshore installations in high-risk areas are at risk of being abducted.524 As discussed in Chapter 4, abduction of offshore workers for ransom is a common offshore attack scenario. The International Convention against the Taking of Hostages 1979 (Hostages Convention)525 was adopted with the aim to ‘develop international co-operation between States in devising and adopting effective measures for the prevention, prosecution and punishment of all acts of taking of hostages as manifestations of international terrorism’.526 The Hostages Convention requires states to criminalise hostage-taking. The offence of hostage-taking is defined in Article 1 of the Hostages Convention as follows: Any person who seizes or detains and threatens to kill, to injure or to continue to detain another person (hereinafter referred to as the ‘hostage’) in order to compel a third party, namely, a State, an international intergovernmental organization, a natural or juridical person, or a group of persons, to do or abstain from doing any act as an explicit or implicit condition for the release of the hostage commits the offence of taking of hostages (‘hostagetaking’) within the meaning of this Convention.527

An attempt to commit an act of hostage-taking or participation in hostage-taking as an accomplice is also considered an offence for the purposes of the Hostages

523 Kashubsky and Morrison (n 1) 7. 524 Catherine Redgwell, ‘International Energy Security’ in Barry Barton et al. (eds), Energy Security: Managing Risk in a Dynamic Legal and Regulatory Environment (Oxford University Press 2004) 3, 28. 525 International Convention against the Taking of Hostages 1979, opened for signature 18 December 1979, 1316 UNTS 205 (entered into force 3 June 1983) (‘Hostages Convention’). 526 Ibid. preamble. 527 Hostages Convention art 1(1) (emphasis added).

249

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK 528

Convention. The definition of ‘hostage-taking’ in the Hostages Convention has four key elements: seizure or detention; a threat to kill, injure or continue to detain; the compulsion of a third party; as a condition for release of the hostage.529 For the Hostages Convention to apply, the offence must be of transnational character.530 Article 13 provides that the Hostages Convention does not apply if the offence is committed within a single state, the hostage and the alleged offender are nationals of that state and the alleged offender is found in the territory of that state.531 In the context of offshore installations, considering that foreign nationals are often among the abducted offshore workers, the Hostages Convention may be applied in cases of hostage-taking and abduction of offshore workers, possibly except abductions from offshore installations in the territorial sea.532 State parties are required to criminalise hostage-taking (as well as attempts to commit or participate in hostage-taking) under their national law and make these offences ‘punishable by appropriate penalties’, taking into account the grave nature of the offences.533 Under the Hostages Convention, each state party is required to establish jurisdiction over the offence if the offence is committed: in the territory of a state party or on board a ship registered in that state; if the offender is a national of the state party; in order to compel that state to do or abstain from doing any act.534 A state party may, if it considers it appropriate, establish jurisdiction over the offence if the offender is a stateless person whose habitual residence is in that state’s territory or if a hostage is a national of that state.535 It should be noted that establishing jurisdiction based on the nationality of the victim or on the habitual residence of an offender who is stateless is optional, depending on whether or not a state ‘considers it appropriate’.536 In addition, each state party is required to establish jurisdiction ‘where the alleged offender is present in its territory and it does not extradite him to any of the states entitled to establish jurisdiction’.537 The Hostages Convention provisions on taking the offenders into custody and mutual legal assistance are similar to those in the 1988 SUA Convention. If the alleged offenders are present in the territory or territorial sea of a state party, the state party has an obligation to take the offenders into custody, and to prosecute them or extradite them.538 The ‘extradite or prosecute requirement’ is contained in Article 8(1) of the Hostages Convention, which requires state parties to extradite or prosecute

528 Ibid. art 1(2). 529 Ashley Roach, ‘Global Conventions on Maritime Crimes Involving Piratical Acts’ (2013) 46(1-2) Case Western Reserve Journal of International Law 91, 98. 530 Ibid. 104. 531 Hostages Convention art 13. 532 See UNCTAD (n 334) 22 (noting that the term ‘territory’ in Article 13 of the Hostages Convention presumably includes the territorial sea). 533 Ibid. art 2; Roach (n 529) 96. 534 Hostages Convention art 5(1)(a)-(c). 535 Ibid. art 5(1)(b), (d). 536 UNCTAD (n 334) 23. 537 Hostages Convention art 5(2). 538 Ibid. art 6(1).

250

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

the alleged offenders.539 The Hostages Convention standard extradition provisions in Article 10 are a little different to those in the 1988 SUA Convention.540 Unlike the 1988 SUA Convention, the Hostages Convention entitles a state party to refuse an extradition request in certain circumstances.541 The Hostages Convention does not grant states any additional authority to board ships on high seas and arrest offenders without flag state consent.542 The Hostages Convention has gained wide international acceptance. As at 1 December 2015, there were 174 state parties to the Hostages Convention.543 6.4 Convention against Transnational Organised Crime 2000 In the 1990s, states became increasingly concerned with transnational organised crime and sought to develop international legal instruments to counter the threat of organised crime,544 including organised crime in the maritime domain. The United Nations Convention against Transnational Organized Crime 2000 (UNTOC)545 is the principal international treaty dealing with transnational organised crime. The UNTOC provides the legal framework for international cooperation in preventing and combating criminal activities,546 and the growing links between transnational organised crime and terrorist crimes.547 The UNTOC applies to the prevention, investigation and prosecution of ‘serious crimes’ where the offences are ‘transnational in nature’ and involve an ‘organised criminal group’.548 As discussed in Chapter 3, the types of organised criminal activities that are relevant to the offshore petroleum industry and that can potentially be covered by the UNTOC include oil theft and illicit oil trafficking, extortion, abduction, assault, piracy and armed robbery, and theft of equipment and property. The UNTOC requires state parties to criminalise participation in an organised criminal group including agreeing with one or more other persons to commit a serious

539 Ibid. art 8(1). 540 Roach (n 529) 116–17. 541 Hostages Convention art 9. 542 Ibid. art 14. 543 UN, UNTC (1 December 2015) https://treaties.un.org/pages/ViewDetails.aspx?src=TREATY& mtdsg_no=XVIII-5&chapter=18&lang=en accessed 1 December 2015. 544 Rothwell and Stephens (n 25) 436–37. 545 United Nations Convention against Transnational Organized Crime 2000, opened for signature 15 November 2000, 40 ILM 353 (entered into force 29 September 2003) (‘UNTOC’). 546 UNTOC art 1. 547 United Nations General Assembly (UNGA) Resolution 55/25 (15 November 2000). 548 UNTOC art 3(1) (emphasis added). The term ‘serious crime’ is defined in Article 2(b) as ‘conduct constituting an offence punishable by a maximum deprivation of liberty of at least four years or a more serious penalty’. The term ‘organised criminal group’ is defined in Article 2(a) of the UNTOC as ‘a structured group of three or more persons, existing for a period of time and acting in concert with the aim of committing one or more serious crimes or offences established in accordance with this Convention, in order to obtain, directly or indirectly, a financial or other material benefit’. Under Article 3(2) of the UNTOC, an offence is transnational in nature if it is committed in more than one state; it is committed in one state but a substantial part of its preparation, planning, direction or control takes place in another state; it is committed in one state but involves an organised criminal group that engages in criminal activities in more than one state; or it is committed in one state but has substantial effects in another state.

251

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

crime, taking active part in criminal activities of the organised criminal group, and organising, directing, aiding, abetting, facilitating or counselling the commission of serious crime involving an organised criminal group.549 The UNTOC requires state parties to criminalise activities relating to proceeds of crime including the concealment of the nature or source of proceeds of crime; the acquisition, possession or use of proceeds of crime; and the participation or attempt to commit any of these offences.550 The UNTOC has an application in the maritime context and its provisions on establishing jurisdiction are similar to the provisions of the 1988 SUA Convention. State parties to the UNTOC are required to adopt such measures that may be necessary to establish their jurisdiction over the offences established in accordance with the convention when the offence is committed in the territory of that state,551 or on board a vessel that is flying the flag of that state at the time that the offence is committed.552 State parties also have an option to establish their jurisdiction over offences in certain circumstances.553 The UNTOC also deals with cooperation between state parties in conducting investigations, prosecution or judicial proceedings including mutual consultation and coordination of their actions.554 The UNTOC also has some detailed provisions dealing with extradition of the offenders.555 Importantly, the UNTOC is widely accepted.556 Although the UNTOC is not directly relevant to the security of offshore oil and gas installations and does not specifically cover the acts of maritime violence, it applies to serious crimes, including crimes involving offshore installations, committed by organised criminal groups.557 Therefore, it may be possible to rely on the UNTOC in certain circumstances for the purposes of protection of offshore installations. 6.5 Model national law on acts of piracy and maritime violence For several years, the CMI and the LEG worked together in the areas of ‘criminal offences committed on board foreign-flagged ships’ and ‘acts of piracy and maritime violence’.558 In 1998, the CMI formed a Joint International Working Group on

549 UNTOC art 5. 550 Ibid. arts 6(a)–(b). 551 Ibid. art 15(1)(a). 552 Ibid. art 15(1)(b). 553 For example, a state party may adopt necessary measures to establish jurisdiction over the offence when it is committed against a national of that state; or committed by a national of that state or a stateless person who has a habitual residence in its territory; or the offence is committed outside its territory with a view to the commission of a serious crime within its territory: UNTOC arts 15(2)(a)–(c). 554 UNTOC art 15(5). 555 See UNTOC art 16. 556 As at 1 December 2015, there were 186 state parties to the UNTOC: UN, UNTC (10 January 2015) http://treaties.un.org/Pages/ViewDetails.aspx?src=TREATY&mtdsg_no=XVIII-12&chapter=18& lang=en accessed 1 December 2015. 557 The offences under the 1988 SUA Treaties would fall within the meaning of ‘serious crime’ and it may also be possible to adopt a wide interpretation of the term ‘organised criminal group’. 558 CMI, ‘Report of the Fifth Session of the Joint International Working Group on Uniformity of Laws Concerning Acts of Piracy and Maritime Violence’ (2005) 2 CMI Newsletter 8, 8.

252

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

Uniformity of Laws Concerning Acts of Piracy and Maritime Violence (JIWG)559 with the aim of developing more effective measures for the criminal prosecution of cases of piracy and armed robbery.560 Over a period of three years (1998–2001), the JIWG developed the Model National Law on Acts of Piracy and Maritime Violence (CMI Model Law).561 The CMI adopted the CMI Model Law in February 2001.562 The CMI Model Law attempts to achieve a greater degree of uniformity among national laws that deal with piracy and maritime violence ‘by proposing a more systematic treatment of these serious problems through national law’ in the body of various national legal traditions.563 The CMI Model Law was designed to complement the 1988 SUA Treaties and assist national legislators by bringing their attention ‘to international considerations that have a direct impact on national jurisdiction and prosecution’.564 The CMI Model Law contains a number of provisions specifically dealing with unlawful acts involving offshore installations,565 some of which are similar to the provisions of the 1988 SUA Protocol. For example, the crime of ‘maritime violence’ is committed when a person seizes or exercises control over an offshore installation,566 destroys or causes damage to an offshore installation,567 employs any device or substance that is likely to destroy or cause damage to an offshore installation,568 engages in any act constituting an offence under the 1988 SUA Convention or the 1988 SUA Protocol.569 The CMI Model Law also covers issues such as jurisdiction, extradition, prosecution, punishment, and reporting of incidents, as well as restitution provisions and forfeiture of property involved in the commission of offences.570 In regard to jurisdiction, the CMI Model Law provides that offences defined therein should be prosecuted if committed within the territory, internal waters, and to the degree that the exercise of national jurisdiction is permitted under the LOSC, in the EEZ, the contiguous zone, the archipelagic waters, on the continental shelf and the high seas.571

559 The JIWG comprised representatives of the CMI, the IMO, the Baltic and International Maritime Council, the International Chamber of Shipping, the International Criminal Police Organization, the International Group of P&I Clubs, IMB, the International Transport Workers’ Federation, and the International Union of Marine Insurance. 560 Frank Wiswall, ‘Draft Guidelines for National Legislation: Background Paper’ (2007) 1 CMI Newsletter 3, 3. 561 The CMI Model Law is reproduced in CMI Yearbook (2000) 418–23. 562 Frank Wiswall, ‘Report of the International Working Group on Uniformity of Law Re Maritime Criminal Acts’ (2007) 1 CMI Newsletter 2, 2. 563 CMI Model Law preamble. 564 Ibid. The CMI Model Law in the notes to preamble provides that the JIWG urges accession to and adoption of the 1988 SUA Treaties and the LOSC into national law: n 2. 565 CMI Model Law ss I(3)(d), I(3)(j)–(k), I(6), I(7), II(3)(b). 566 Ibid. ss I(3)(c), I(3)(k). 567 Ibid. s I(3)(d). 568 Ibid. ss I(3)(e), I(3)(k). 569 Ibid. ss I(3)(i)–(j). 570 Ibid. ss II, III. 571 Ibid. s II(2).

253

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

The CMI Model Law was designed as guidance to assist states in drafting national legislation on piracy and other acts of maritime violence. While the CMI Model Law was meant to cover all violent maritime criminal acts including terrorist acts, the emphasis was on piracy. This perceived applicability of the CMI Model Law to acts of piracy tended to overshadow its broader applicability to other crimes of maritime violence.572 However, before the CMI Model Law was able to gain sufficient momentum, the events of 9/11 brought terrorism into the centre of public and political attention.573 7 Conclusion This chapter examined the international regulatory framework for the protection and security of offshore oil and gas installations that existed prior to 9/11. The pre9/11 regulatory framework essentially consists of three key international conventions, namely the LOSC, the 1988 SUA Convention and the 1988 SUA Protocol. The analysis of the LOSC framework revealed that the scope of the LOSC for regulating security of offshore installations is relatively narrow. The principal protection measure for offshore installations available under the LOSC is the right of the coastal state to establish safety zones around offshore installations. The maximum allowed breadth of safety zones around offshore installations on the continental shelf and in the EEZ is 500 metres, which is too narrow to protect offshore installations from deliberate attacks. The navigational rights of other states and the principle of the exclusive flag state jurisdiction appear to be well protected and respected in the LOSC, which makes it more difficult for coastal states to protect offshore installations and take enforcement actions against foreign ships involved in attacks on and unlawful interferences with offshore installations. The analysis has also shown that there may be considerable difficulties in applying piracy rules to offshore installations. Violent unlawful acts committed against offshore installations are specifically addressed in the 1988 SUA Convention and the 1988 SUA Protocol. The 1988 SUA Treaties can be applied to deal basically with all types of offshore security threats examined in Chapter 3 and most methods of attacks examined in Chapter 4. The important aspect of the 1988 SUA Treaties is that they represent the ‘response/penal framework’ rather than the ‘prevention framework’ because they are aimed at ensuring criminal prosecution of the perpetrators of unlawful violent acts against ships and offshore installations. The 1988 SUA Treaties have a number of limitations. They do not cover all offshore installations and they do not grant any additional powers to coastal states and other states to interdict and board foreign ships and arrest perpetrators of violent acts against offshore installations. Although not specific to maritime security, the Hostages Convention and the UNTOC also provide a legal basis to respond to attacks on offshore installations if

572 See CMI, Report of the Sixth Session of the Joint International Working Group on Uniformity of Laws Concerning Acts of Piracy and Maritime Violence (2005) 3. 573 Wiswall (n 562) 2.

254

PRE-9/11 INTERNATIONAL LEGAL FRAMEWORK

the attack involves taking of hostages or when it is carried out by an organised criminal group. In addition, coastal states may be able to some extent to utilise routeing measures to regulate maritime traffic in the vicinity of some of their offshore installations, but ship routeing is primarily concerned with safety and it might be difficult to obtain IMO approval of routeing measures unless legitimate safety reasons are demonstrated. It can be concluded that there are a number of unclear and potentially problematic aspects of the pre-9/11 regulatory framework, particularly those relating to the enforcement powers under the LOSC and the 1988 SUA Treaties. However, analysis of the pre-9/11 regulatory framework alone is not enough to assess the overall adequacy of the international regulatory framework. Therefore, it is also necessary to analyse the post-9/11 regulatory framework for maritime security and its application to offshore oil and gas installations, which is the focus of the next chapter.

255

CHAPTER 7

POST-9/11 INTERNATIONAL REGULATORY RESPONSES 1 Introduction In the aftermath of 9/11, the focus of the international maritime community was on devising effective measures to address that threat and enhance maritime security. As a result, the IMO undertook a review of measures and procedures to prevent acts of terrorism that threaten the security of passengers and crews and the safety of ships.1 At its 22nd Assembly meeting in November 2001, the IMO resolved that it was necessary to develop new measures relating to maritime security of ships and of port facilities for adoption by a Diplomatic Conference on Maritime Security the following year.2 On 15 January 2002, the US submitted a proposal to the seventyfifth session of the IMO Maritime Safety Committee (MSC) on measures to improve maritime security, which provided the basis for the new maritime security regulatory framework.3 The offshore petroleum industry had also been affected by these new regulatory security measures; however, the extent of the application of post-9/11 regulatory measures to offshore installations is not clear and this issue has been given little attention in the literature on maritime security. This chapter examines post-9/11 maritime security regulatory initiatives, namely the 2002 amendments to the SOLAS Convention, the ISPS Code, the 2005 SUA Convention, the 2005 SUA Protocol, the seafarer identity measures and other maritime security initiatives, and assesses the extent to which these post-9/11 regulatory initiatives apply to offshore petroleum installations. The chapter also discusses whether and how the right of self-defence can be used for the purposes of the protection of offshore oil and gas installations. 2 SOLAS Convention amendments 2002 The first important result of post-9/11 efforts to enhance maritime security was the adoption of amendments to the SOLAS Convention4 and the ISPS Code in December 1 IMO, Review of Measures and Procedures to Prevent Acts of Terrorism which Threaten the Security of Passengers and Crews and the Safety of Ships, A Res 924(22), 22nd Session, Agenda Item 8, IMO Doc A 22/Res.924 (22 January 2002). 2 IMO, ‘22nd Assembly: 19–30 November 2001 – Resolutions Adopted’ www.imo.org/newsroom/ mainframe.asp?topic_id=144&doc_id=1973 accessed 2 April 2014. 3 IMO, Report of the Maritime Safety Committee on Its Seventy-Fifth Session, MSC, 75th Session, Agenda Item 24, IMO Doc MSC 75/24 (29 May 2002) 78–106. 4 As at November 2015, there were 162 contracting states to the SOLAS Convention, representing approximately 98.5 per cent of the gross tonnage of the world’s merchant shipping: IMO, Status of Multilateral Conventions and Instruments in Respect of Which the International Maritime Organization or Its Secretary-General Performs Depository or Other Functions as at 5 November 2015 (2015) 16.

256

POST-9/11 INTERNATIONAL LEGAL RESPONSES 5

2002. The ISPS Code was adopted supplementary to the SOLAS Convention amendments. The SOLAS Convention was amended and new Chapter XI-2 was created, aimed at deterring terrorist acts directed against or involving ships, and obliging states to comply with the ISPS Code.6 The 2002 amendments to the SOLAS Convention and the ISPS Code were made under the ‘tacit acceptance’ procedure,7 and entered into force on 1 July 2004. The 2002 SOLAS Convention amendments included requirements for companies and ships, ship security alert systems, master’s discretion for ship safety and security, ship identification, control and compliance measures, communication of information, and other requirements.8 These new security requirements have been prepared with a view that they should apply to MODUs in transit and in port, but not to fixed and floating installations or MODUs on site.9 One of the amendments to the SOLAS Convention related to accelerating the implementation of the requirement to fit the Automatic Identification System (AIS) aboard ships.10 Although originally adopted as a safety measure, the AIS became a tool that can be used by coastal states to monitor the movement of ships in their waters for security purposes.11 The AIS is capable of automatically providing information about the ship’s identity, type, position, course, speed, and navigational status to other ships and to coastal authorities; it is also capable of receiving automatically such information from similarly fitted ships.12 The SOLAS Convention requires AIS to be fitted aboard all ships of 300 gross tons and above engaged on international voyages, cargo ships of 500 gross tons and above not engaged on international voyages, and all passenger ships irrespective of size.13 There is no requirement to fit AIS transponders on board offshore installations; however, the AIS could be a useful security tool for offshore installations to monitor and track ships

5 IMO, ‘Diplomatic Conference on Maritime Security: 9–13 December 2002’ (2002) www.imo.org/ Newsroom/mainframe.asp?topic_id=110&doc_id=2515 accessed 2 April 2014. 6 Ibid. 7 IMO, ‘Conventions’ www.imo.org/About/Conventions/Pages/Home.aspx accessed 1 December 2015. 8 SOLAS Convention annex, regs XI-1/3, XI-1/5, XI-2/4, XI-2/6, XI-2/8, XI-2/9, XI-2/13. See also IMO, Consideration and Adoption of Amendments to the International Convention for the Safety of Life at Sea, 1974, Conference of Contracting Governments to the International Convention for the Safety of Life at Sea 1974, Agenda Item 6, IMO Doc SOLAS/CONF.5/32 (12 December 2002) annex res 1, 7–18; ISPS Code preamble, para 4. 9 IMO, Report of the Maritime Safety Committee on Its Seventy-Fifth Session, MSC, 75th Session, Agenda Item 24, IMO Doc MSC 75/24 (29 May 2002) 85. 10 IMO, Consideration and Adoption of Amendments to the International Convention for the Safety of Life at Sea, 1974, Conference of Contracting Governments to the International Convention for the Safety of Life at Sea 1974, Agenda Item 6, IMO Doc SOLAS/CONF.5/32 (12 December 2002) annex, res 1, 4. 11 Martin Murphy, ‘Lifeline or Pipedream? Origins, Purposes and Benefits of Automatic Identification System, Long-Range Identification and Tracking, and Maritime Domain Awareness’ in Rupert HerbertBurns, Sam Bateman and Peter Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2009) 13, 14; Steven Jones, Maritime Security: A Practical Guide (The Nautical Institute 2006) 209. 12 SOLAS Convention annex, reg V-19/2.4.5. See also IMO, Guidelines for the Onboard Operational Use of Shipborne Automatic Identification Systems (AIS), A Res 917(22), 22nd session, Agenda Item 9, IMO Doc A 22/Res.917 (25 January 2002). 13 SOLAS Convention annex, reg V-19/2.4.

257

POST-9/11 INTERNATIONAL LEGAL RESPONSES

navigating in their vicinity thereby increasing the situational awareness for offshore installation operators. The effective operational range for the AIS is 20 miles for ship to ship transmissions and 40 miles for ship to shore transmissions.14 Such distances seem to be sufficient for an installation to receive an early ‘warning’ of vessels approaching the installation.15 One of the main shortcomings of the AIS is that AIS transponders can be switched off at any time and a vessel can move unnoticed by the AIS. It is interesting to note that the 2002 amendments to the SOLAS Convention were not the first time such security measures were proposed by the IMO. In September 1986, in the aftermath of the Achille Lauro incident, the MSC issued a circular on measures to prevent unlawful acts against passengers and crews on board ships,16 which covered similar security aspects as the 2002 amendments to the SOLAS Convention and the ISPS Code.17 The implementation of that circular was voluntary and its recommendations were largely ignored.18 3 ISPS Code The ISPS Code was adopted supplementary to Chapter XI-2 of the SOLAS Convention. One of the main objectives of the ISPS Code is to detect and assess security threats, take preventive measures against security incidents affecting ships and port facilities used in international trade, and to ensure the early and efficient collation and exchange of security-related information.19 The ISPS Code establishes an international security framework for maritime shipping and is intended to serve as a risk management tool whereby security levels and appropriate security measures are determined by the severity of assessed risks to which a port facility or a ship is exposed.20 The ISPS Code provides for a number of minimum functional security requirements for ships and port facilities. The ISPS Code has two parts. Part A contains mandatory security requirements for contracting states, port authorities and shipping companies. Part B comprises a series of non-mandatory guidelines on how to comply with the mandatory requirements.21 The main aspects of the ISPS Code include the requirement to carry out security assessments and establish security plans

14 Murphy, ‘Lifeline or Pipedream?’ (n 11) 15. 15 See Michael Crocker, ‘Platforms, Pipelines, and Pirates’ (2007) 51(6) Security Management 76, 80. 16 IMO, Measures to Prevent Unlawful Acts against Passengers and Crew on Board Ships, IMO Doc MSC/Circ.443 (26 September 1986) annex. 17 Hartmut Hesse, ‘Maritime Security in a Multilateral Context: IMO Activities to Enhance Maritime Security’ (2003) 18(3) International Journal of Marine and Coastal Law 327, 328. 18 Dennis Bryant, ‘Historical and Legal Aspects of Maritime Security’ (2004–2005) 17(1) University of San Francisco Maritime Law Journal 1, 5 (noting that the IMO was, at the time, focused on a more immediate security problem of piracy and armed robbery at sea). 19 ISPS Code Foreword, iii. 20 IMO, ‘Diplomatic Conference on Maritime Security’ (n 5). 21 Ibid.

258

POST-9/11 INTERNATIONAL LEGAL RESPONSES

for ships and port facilities,22 responsibilities of governments and companies with respect to security levels and security personnel,23 and the requirement to conduct security training, drills and exercises on ship and port facility security.24 Additionally, the requirements for ships and for port facilities include having certain security equipment, monitoring and controlling access, monitoring the activities of people and cargo, and ensuring security communications are readily available.25 The ISPS Code applies to passenger ships of any size including high speed passenger craft, cargo ships of 500 gross tons and above including high speed craft, MODUs of any size,26 when these types of ships are engaged on international voyages, as well as to port facilities serving such ships.27 The important requirement of the ISPS Code is that ships and MODUs must be ‘engaged on international voyages’.28 The term ‘international voyage’ is defined in the SOLAS Convention as ‘a voyage from a country to which the present Convention applies to a port outside such country, or conversely’.29 This definition suggests that in order for a MODU to be considered ‘engaged on international voyage’ it must be navigating to or from a port. This means that the ISPS Code will not apply to a MODU travelling from an offshore location in one coastal state to an offshore location in another coastal state (without visiting a port in that coastal state) or a MODU navigating between offshore locations within the jurisdiction of the same coastal state because it would be deemed to be engaged on a domestic voyage.30 The definition of ‘ship’ in the ISPS Code states that it ‘includes mobile offshore drilling units and high-speed craft as defined in regulation XI-2/1’.31 Regulation XI-2/1 of SOLAS Convention defines ‘mobile offshore drilling unit’ as ‘a mechanically propelled mobile offshore drilling unit, as defined in regulation IX/1, not on location’.32 The key requirements in this definition are that MODUs must be ‘mechanically propelled’ and ‘not on location’.33 Accordingly, MODUs that are on location, MODUs without their own means of propulsion, and any other types

22 ISPS Code ss 8, 9, 15, 16. 23 Ibid. ss 7, 11, 12, 17. 24 Ibid. ss 13, 18. 25 IMO, ‘Diplomatic Conference on Maritime Security’ (n 5). 26 ISPS Code s 3.1; SOLAS Convention annex, reg XI-2/2.1. The definition of ‘ship’ in regulation XI-2/1.2 includes MODUs. The size or tonnage of MODUs is not specified in the ISPS Code which makes it applicable to all types and sizes of MODUs engaged on international voyages. 27 SOLAS Convention annex, reg XI-2/2.1; ISPS Code s 3.1. The ISPS Code does not apply to warships, naval auxiliaries or other government ships used for non-commercial service: ISPS Code s 3.3; SOLAS Convention annex, regs XI-2/2.3, I/3(a). 28 ISPS Code s 3.1. 29 SOLAS Convention annex, reg I/2(d). 30 MODUs are not usually engaged in international navigation especially when long distances are involved. With the exception of drill ships, self-propelled MODUs usually have a slow speed and they are often transported to offshore sites as cargo on specialised heavy-lift vessels or under tow. 31 ISPS Code s 2.2. 32 SOLAS Convention annex, reg XI-2/1. In turn, regulation IX/1 of the SOLAS Convention defines ‘mobile offshore drilling unit’ as ‘a vessel capable of engaging in drilling operations for the exploration for or exploitation of resources beneath the sea-bed such as liquid or gaseous hydrocarbons, sulphur or salt’. 33 SOLAS Convention annex, reg XI-2/1.

259

POST-9/11 INTERNATIONAL LEGAL RESPONSES

of mobile or floating offshore installations including FPSOs are not covered by the ISPS Code.34 Furthermore, MODUs and ships that are not engaged on international voyages are not covered by the ISPS Code. This includes ships such as offshore supply vessels and shuttle tankers that typically travel only between offshore installations and the coastal state. Furthermore, the ISPS Code does not apply to floating installations such as FPSOs, nor does it apply to any fishing vessels of any size or smaller vessels not engaged in trade such as recreational boats and pleasure yachts.35 The ISPS Code has a narrow scope of application to offshore oil and gas installations. HerbertBurns has noted that the ambiguous status of FPSOs and FSOs ‘as part vessel and part platform leaves them in somewhat of a “blind spot”’ in terms of the applicability of the ISPS Code and the SOLAS Convention.36 With respect to offshore installations, the ISPS Code provides that contracting states ‘should consider establishing appropriate security measures’ for fixed and floating installations and MODUs on location to allow interaction with ships and port facilities that are required to comply with mandatory security requirements of the ISPS Code and the SOLAS Convention.37 There is also an equivalent recommendation relating to ships which are not required to comply with mandatory provisions of the ISPS Code.38 Section 4.19 of the ISPS Code provides that states should consider establishing appropriate security measures for fixed and floating installations and MODUs on location, but it does not specify what the ‘appropriate measures’ are and there are no guidelines to assist states in implementing appropriate security measures for fixed and floating offshore installations as well as ships interacting with such installations.39 There are many FPSOs and FSOs that operate with security plans compliant with the ISPS Code, but as noted by Robinson, these security plans often do not account for the security of mooring systems, subsea equipment, adjacent facilities or interaction of offshore installations with various vessels such as tankers and offshore supply vessels, nor do they account for normal operations of offshore installations on location, and ‘there is currently no requirement in the ISPS Code for compliance at this level’.40 Recognising the need to address and establish security measures for offshore oil and gas installations and ships to which the ISPS Code and Chapter XI-2 of the SOLAS Convention do not apply, at the time of adoption of the ISPS Code in

34 See IMO, Guidance Relating to the Implementation of SOLAS Chapter XI-2 and the ISPS Code, IMO Doc MSC/Circ.1097 (6 June 2003) annex, 1. 35 These types of offshore installations and vessels do not fall within the categories of ships to which the ISPS Code applies. See SOLAS Convention annex, reg XI-2/2.1; ISPS Code s 3.1. 36 Rupert Herbert-Burns, ‘Tankers, Specialized Production Vessels, and Offshore Terminals: Vulnerability and Security in the International Maritime Oil Sector’ in Rupert Herbert-Burns, Sam Bateman and Peter Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2009) 133, 150. 37 ISPS Code pt B s 4.19 (emphasis added). 38 Ibid. pt B s 4.20. See also Mark Gauthier, ‘The International Ship and Port Facility Security Code (ISPS Code): An Overview’ (2005) CMI Yearbook 395, 396. 39 Herbert-Burns (n 36) 139. 40 Brad Robinson, quoted in Crocker (n 15) 78–79.

260

POST-9/11 INTERNATIONAL LEGAL RESPONSES

December 2002, the Diplomatic Conference also adopted a resolution encouraging contracting states to address these matters at the national level.41 The resolution specifically stated, among other things, that the Conference: [Further encourages] Contracting Governments, when exercising their responsibilities for mobile offshore drilling units and for fixed and floating platforms operating on their Continental Shelf or within their Exclusive Economic Zone, to ensure that any security provisions applying to such units and platforms allow interaction with those applying to ships covered by Chapter XI-2 of the [SOLAS] Convention, that serve, or operate in conjunction with, such units or platforms.42

The IMO had attempted to provide additional guidance to assist contracting states and the industry with the implementation of the ISPS Code security arrangements for offshore installations.43 In June 2003, the MSC confirmed that neither FPSOs nor FSOs were ships subject to the provisions of the ISPS Code, but decided that these offshore installations should have some security procedures in place ‘to prevent “contamination” of ships and ports that are subject to the ISPS Code’.44 This essentially indicates that states and operators of offshore installations are encouraged, but not obliged, to establish security measures for their offshore installations because these installations are not subject to the mandatory requirements of the ISPS Code or provisions of Chapter XI-2 of the SOLAS Convention.45 The use of the word ‘contamination’ by the MSC suggests that the primary aim of security requirements of the ISPS Code and Chapter XI-2 of the SOLAS Convention is to provide security to ISPS-compliant ships, and it also indicates that there may be a perceived threat to ISPS-compliant ships from offshore installations. However, despite potential environmental harm resulting from an attack on an offshore installation involving the use of a ship as a weapon, risks posed by ships to offshore installations seem to have been largely ignored by the ISPS Code and the IMO. The MSC’s circular 1097 states: [FPSO and FSU] units, when attached to a fixed platform, should be covered by the security regime in force for the platform. Such units, when engaged in periodic short voyages between the platform and the coastal State, should not be considered to be ships engaged on international voyages. The Committee also agreed that single buoy moorings (SBMs), attached to an offshore facility would be covered by that facility’s security regime and if it was connected to a port facility it would be covered by the port facility security plan (PFSP).46

41 IMO, Consideration and Adoption of the International Ship and Port Facility Security (ISPS) Code, Conference of Contracting Governments to the International Convention for the Safety of Life at Sea 1974, Agenda Items 7 and 8, IMO Doc SOLAS/CONF.5/34 (17 December 2002) annex 2 res 7 (‘Establishment of Appropriate Measures to Enhance the Security of Ships, Port Facilities, Mobile Offshore Drilling Units on Location and Fixed and Floating Platforms not Covered by Chapter XI-2 of the 1974 SOLAS Convention’) 8. 42 Ibid. 9, para 4. 43 IMO, Guidance Relating to the Implementation of SOLAS (n 34) 1. 44 Ibid. 45 Herbert-Burns (n 36) 139. 46 IMO, Guidance Relating to the Implementation of SOLAS (n 34) 1 (emphasis added).

261

POST-9/11 INTERNATIONAL LEGAL RESPONSES

The MSC Circular No. 1097 provides that FPSOs and FSOs should not be treated as if they were engaged on international voyages when they travel between the coastal state and an offshore location, which is consistent with the definition of ‘international voyage’ in the SOLAS Convention.47 It is also apparent that MODUs and offshore supply vessels travelling between ports and offshore locations of the same coastal state will not be treated as being ‘engaged on international voyages’.48 However, the IMO’s circular does not provide any advice as to the specific security measures or procedures that should be taken by offshore installations as well as by ISPScompliant ships when such ships are interacting with offshore installations. Ships and offshore installations are considered to be the most vulnerable during ‘ship-toinstallation’ activities,49 particularly during berthing when all personnel are engaged in getting the tanker alongside an FPSO or FSO and little or no manpower is available to function in a lookout.50 Furthermore, it is known that perpetrators have used vessels in the attack that look similar to offshore support vessels that routinely provide services to offshore oil and gas installations.51 According to the IMO, if an ISPS-compliant ship interfaces with an FPSO or an FSU it is deemed to be equivalent to interfacing with a non-ISPS-compliant ship.52 In this regard, the ISPS Code recommends that the ship security plan of the ISPScompliant ship should establish details of the procedures and security measures to be applied when it is interfacing with a ship to which the ISPS Code does not apply, or with a fixed or floating installation or a mobile drilling rig on location.53 As far as the security of offshore installations is concerned, the IMO’s position is that the coastal state on whose continental shelf or within whose EEZ offshore oil and gas operations take place should develop ‘appropriate security measures and procedures under its national law to protect its offshore activities’.54 In 2010, the MSC, at its eighty-seventh session, agreed that it is desirable for FPSOs and FSUs to comply with Chapter XI-2 of the SOLAS Convention and the ISPS Code, as applicable.55 The IMO issued guidance for the application of safety, security and environmental protection provisions to FPSOs and FSUs.56 As far as

47 See SOLAS Convention annex, reg I/2(d). 48 Similarly, it can be assumed that MODUs and FPSOs travelling from one offshore location to another offshore location under the jurisdiction of the same coastal state will not be considered as ‘engaged on international voyages’. 49 Perpetrators have boarded offshore installations via offshore support vessels moored alongside, which was the case in the 1 April 2007 attack on Bulford Dolphin offshore drilling rig. See Appendix. 50 Herbert-Burns (n 36) 152. On 22 June 2007 in Nigeria, three gunmen boarded the 159,000deadweight tonne tanker Cape Brindisi moored at the FSO Oloibiri and proceeded to take control of the FSO: Bergen Risk Solutions, ‘Niger Delta Maritime Security Quarterly Review’ (9 July 2007) 22. 51 On 22 September 2010, an offshore installation was attacked off the coast of Nigeria by perpetrators who reached the installation by using a vessel which looked like the vessels that routinely supply to offshore installations. See Appendix. 52 IMO, Guidance Relating to the Implementation of SOLAS Chapter XI-2 and the ISPS Code, IMO Doc MSC/Circ.1111 (7 June 2004) annex 1, 4. 53 ISPS Code pt B s 9.51. 54 IMO, Guidance Relating to the Implementation of SOLAS (n 52) 4. 55 IMO, Report of the Maritime Safety Committee on Its Eighty-Seventh Session, MSC, 87th session, Agenda Item 26, IMO Doc MSC 87/26 (25 May 2010) 21. 56 Ibid.

262

POST-9/11 INTERNATIONAL LEGAL RESPONSES

security is concerned, the circular only provides that in order to facilitate interaction of FPSOs and FSOs with other ships, FPSOs and FSOs should comply with Chapter XI-2 of the SOLAS Convention and the ISPS Code.57 However, it has been argued that offshore installations such as FPSOs do not fit well into the ISPS Code framework and that there is a need for a specific security guidance for offshore installations.58 The IMO has not provided any clear guidelines for MODUs, fixed production and drilling platforms, and FPSO and FSO units operating on location, and for situations when these installations interact/interface with other vessels, including offshore supply vessels and shuttle tankers. Whatever little guidance has been provided by the IMO, it is not mandatory. Clearly, the onus is placed on individual coastal states to address security aspects of offshore installations operating under their jurisdiction by developing and establishing ‘appropriate’ security measures at the national level, which could prove to be a difficult task for developing countries with limited financial and technical resources.59 The ISPS Code provides a methodology for security assessments so as to have in place plans and procedures to react to changing security levels; detect and assess security threats; ensure that adequate and proportionate maritime security measures are in place;60 and take preventive measures against security incidents affecting MODUs and ships.61 In order to reduce vulnerabilities and be prepared to respond to security incidents, the ISPS Code requires MODUs engaged on international voyages to be ‘subject to a system of survey, verification, certification, and control to ensure that their security measures are implemented’.62 In particular, MODUs must undergo a security assessment and are required to carry on board a ship security plan approved by the state of registration (i.e. the flag state) of the MODU.63 A company operating MODUs must designate a CSO for every MODU, and every MODU is required to have a designated SSO that is an equivalent position to an OISO.64 The CSO and the SSO are required to undergo training in maritime security in accordance with the guidance in Part B of the ISPS Code.65 Upon verification of compliance with Chapter XI-2 of the SOLAS Convention and the ISPS Code, the MODU will be issued an International Ship Security Certificate, valid for a period not exceeding five years.66 MODUs that are

57 IMO, Guidance for the Application of Safety, Security and Environmental Protection Provisions to FPSOs and FSUs, IMO Doc MSC-MEPC.2/Circ 9 (25 May 2010) annex, 2. 58 Crocker (n 15) 79 (suggesting that one approach would be to implement ship security procedures when an FPSO is in transit and offshore installation security procedures when it is operating on location and a security plan for each FPSO ‘could be developed based on its operational modes and the supporting infrastructure’). 59 Herbert-Burns (n 36) 140. 60 ISPS Code Foreword. 61 Ibid. s 1.2.1. Regulation XI-2/1.1 of the SOLAS Convention defines ‘security incident’ as ‘any suspicious act or circumstance threatening the security of the ship including a mobile offshore drilling unit and a high-speed craft, or of a port facility or of any ship/port interface or any ship-to-ship activity’. 62 IMO, ‘Diplomatic Conference on Maritime Security’ (n 5). 63 ISPS Code pt A ss 8, 9.1. 64 Ibid. pt A ss 11.1, 12.1. The exact titles of the positions can vary from company to company. 65 ISPS Code pt A ss 13.1 and 13.2. 66 Ibid. pt A ss 19.1.1, 19.2.1, 19.3.1.

263

POST-9/11 INTERNATIONAL LEGAL RESPONSES

subject to the ISPS Code are also required to have a ship security alert system fitted on board.67 The security systems and security equipment of MODUs are subject to verification at least once every five years. There are also a number of procedural security requirements that a MODU will be required to comply with under the ISPS Code. As far as offshore petroleum security is concerned, the key weakness of the ISPS Code framework is its limited scope of application. The ISPS Code only applies to MODUs engaged on international voyages and not on location,68 which effectively means that a vast majority of offshore installations fall outside the scope of the ISPS Code. Furthermore, the ISPS Code does not apply to smaller ships and vessels that are not engaged on international voyages. Offshore oil and gas operations often take place in areas frequented by small vessels.69 Considering that most of the attacks on offshore installations are carried out using small vessels, motorboats and speedboats, the non-applicability of the ISPS Code and Chapter XI-2 of the SOLAS Convention to small vessels leaves a large gap in the international regulatory framework for the protection of offshore installations. The IMO has attempted to address this gap, which is discussed later in this chapter. Crocker has noted that despite the non-applicability of the ISPS Code to most offshore installations, operators of a number of FPSOs have put in place security arrangements that comply with the ISPS Code.70 This suggests that the mere existence of the ISPS Code framework encourages voluntary compliance by operators of offshore installations.71 However, considering that the international law does not oblige coastal states to establish a security framework, similar to that of the ISPS Code, for their domestic offshore petroleum industries, some states may not be very willing to implement such a security framework at the national level.72 This may result in offshore installations operating under the authority of those coastal states not having adequate security arrangements in place and the coastal state’s authorities may not be adequately prepared to respond to potential security threats and prevent attacks or respond to attacks that happened in order to apprehend and punish the perpetrators. It should also be noted that in cases where oil is exported directly from an offshore installation such as an FPSO, some coastal states have designated such offshore installations as offshore export terminals, which means that they should be covered by the mandatory ISPS Code requirements applicable to port facilities. If so, all

67 SOLAS Convention annex, reg XI-2/6.1.4. See also IMO, Guidance on Provision of Ship Security Alert System IMO Doc MSC/Circ.1072 (26 June 2003). 68 SOLAS Convention annex, reg XI-2/2.1; ISPS Code s 3.1. 69 See DHS, Small Vessel Security Strategy (2008) 12. 70 Crocker (n 15) 78–79. 71 Without international regulatory requirements and security standards for offshore installations, Australia and the US were among the first states that introduced national regulatory frameworks, similar to those of the ISPS Code, for offshore installations operating under their jurisdiction. Additionally, the industry associations such as the IOGP and API have developed security standards and best practices for conducting SRAs and implementing SRMs for offshore installations. 72 There may be not enough political will or resources available to implement such a regulatory framework, particularly in developing states.

264

POST-9/11 INTERNATIONAL LEGAL RESPONSES

ships calling at such offshore terminals may be subjected to certain conditions of entry by the coastal state and required to comply with security measures that are in place, including those applicable to ships entering ISPS Code compliant port facilities.73 In summary, even though the ISPS Code is primarily aimed at enhancing security of ships and ports, it does indirectly contribute to enhancing the security of offshore installations as such installations regularly interact with ships that are covered by the ISPS Code. 4 Seafarer identification framework It was generally recognised that many seafarers carried false documents and that the systems for identification used for seafarers in many developing countries were not secure.74 In that regard, one of the post-9/11 maritime security initiatives was to improve security of identity documents issued to seafarers, which led to the adoption of the Seafarers’ Identity Documents Convention (Revised) 2003 (SID Convention)75 on 19 June 2003. The SID Convention revised the Seafarers’ Identity Documents Convention 1958 (1958 SID Convention).76 The main purpose of the SID Convention is to create an internationally uniform standard for identity documents of the world’s seafarers and cover security aspects relating to the issuance and verification process for identity documents.77 Seafarers’ identity is considered an area of vulnerability in the shipping industry and the SID Convention aims to address it by introducing measures that make it more difficult for adversaries to infiltrate the maritime workforce by posing as legitimate seafarers.78 The SID Convention established new international standards for seafarers’ identity documents (SIDs). Contracting states are required to comply with requirements for issuing SIDs to their nationals. The first important aspect of the SID Convention is that it requires a lot more information to be included in SIDs compared to its predecessor, the 1958 SID Convention.79 The second important aspect of the SID Convention is the requirement to use biometric features in SIDs.80 The SID

73 As discussed in Chapter 5, foreign ships calling at offshore terminals are subject to port state control under several international conventions. 74 Robert Beckman, ‘International Responses to Combat Maritime Terrorism’ in Victor Ramraj, Michael Hor and Kent Roach (eds), Global Anti-Terrorism Law and Policy (Cambridge University Press 2005) 248, 252. 75 Seafarers’ Identity Documents Convention (Revised) 2003, opened for signature 19 June 2003, 2304 UNTS 121 (entered into force 9 February 2005) (‘SID Convention’). 76 Seafarers’ Identity Documents Convention 1958, opened for signature 13 May 1958, ILO Convention No C108 (entered into force 19 February 1961) (‘1958 SID Convention’). 77 Beckman, ‘International Responses to Combat Maritime Terrorism’ (n 74) 253; Cleopatra Doumbia-Henry, ‘Current Maritime Labour Law Issues: An Internationally Uniform Identity Document for Seafarers’ (2003) 2(2) World Maritime University Journal of Maritime Affairs 129, 134. 78 Martin Tsamenyi, Mary Ann Palma and Clive Schofield, ‘International Legal Regulatory Framework for Seafarers and Maritime Security Post-9/11’ in Rupert Herbert-Burns, Sam Bateman and Peter Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2009) 233, 234–35. 79 SID Convention art 3, annex I. 80 Ibid. art 3(8), annex I.

265

POST-9/11 INTERNATIONAL LEGAL RESPONSES

Convention also requires states to develop national electronic databases on seafarers and store in the database a record of each SID issued, suspended or withdrawn,81 and it also provides for exchange of information between states where there is a need for additional verification of the details of a seafarer.82 The SID Convention requires contracting states to issue a SID to each of its nationals who is a seafarer and makes an application to that effect.83 ‘Seafarer’ is defined as ‘any person who is employed or is engaged or works in any capacity on board a vessel, other than a ship of war, ordinarily engaged in maritime navigation’.84 This definition covers persons working on board who may not be ship’s crew.85 The term ‘vessel’ is not defined in the SID Convention. As discussed in Chapter 5, fixed offshore installations are generally not regarded as ships in international law and national laws, while mobile offshore installations can be regarded as ships or vessels in certain circumstances. In any case, considering that mobile offshore installations spend most of their operational time at offshore sites engaged in offshore oil and gas drilling, production, storage or offloading activities, it cannot be said that (either fixed or mobile) offshore installations are ‘ordinarily engaged in maritime navigation’.86 If a mobile offshore installation is considered to be a vessel ordinarily engaged in maritime navigation, offshore installation crew of that offshore installation would be regarded as ‘seafarers’ for the purposes of the SID Convention and vice versa. Article 1(2) of the SID Convention clarifies that: In the event of any doubt whether any categories of persons are to be regarded as seafarers for the purpose of this Convention, the question shall be determined in accordance with the provisions of this Convention by the competent authority of the State of nationality or permanent residence of such persons after consulting with the shipowners’ and seafarers’ organizations concerned.87

One interpretation of this provision is that the question of whether some offshore workers (e.g. crew of a MODU) could be considered to be ‘seafarers’ for the purposes of the SID Convention may be determined by contracting states at the national level. The definition of ‘seafarers’ in the SID Convention suggests that the framework for seafarers’ identity security measures was not intended to apply to crews of offshore installations. Even if a state decided to treat crews of mobile offshore installations as ‘seafarers’, it would only be able to issue a SID to its own nationals or permanent residents as provided for in Articles 2(1) and 2(3) of the SID Convention. The SID Convention contains a provision that addresses identity documents of crews of fishing vessels. Article 1(3) provides that the competent authority may apply

81 Ibid. art 4(1). 82 Ibid. arts 4(4)–(5). 83 Ibid. art 2(1). 84 Ibid. art 1(1). 85 Doumbia-Henry (n 77) 135. 86 See SID Convention art 1(1). However, drill ships move from one place to another performing exploratory drilling operations, so the question is whether they should or can be regarded as being ordinarily engaged in maritime navigation. 87 SID Convention art 1(2).

266

POST-9/11 INTERNATIONAL LEGAL RESPONSES

the provisions of the SID Convention to commercial maritime fishing and after consulting the representative organisations of fishing-vessel owners and persons working on board fishing vessels.88 There is, however, no equivalent provision allowing states to apply the SID Convention to people working on board offshore installations, which further suggests that the SID Convention was not intended to be applied to offshore installation crews. From the offshore petroleum security perspective, the main limitation of the SID Convention is its scope of application. As discussed above, the SID Convention does not apply to offshore workers on board most types of offshore installations (except installations that are regarded as ships ‘ordinarily engaged in maritime navigation’) and there is no equivalent international legal instrument dealing with identification documents for offshore installation workers. The offshore industry employs an international workforce with workers of diverse nationalities working on offshore installations. Diversity of offshore industry personnel has been identified in Chapter 4 as an area of vulnerability of offshore installations, but the international law does not seem to adequately address this vulnerability, at least not directly. In that regard, there is currently a gap in the international regulatory framework for the protection of offshore installations whereby security aspects relating to identity documents of offshore workers are not regulated at the international level, which potentially makes the offshore industry workforce vulnerable to infiltration by adversaries. However, there is nothing prohibiting coastal states from establishing national security measures for the offshore oil and gas industry workers. Some states have addressed this issue by implementing document identification systems for the maritime and aviation industries as well as for offshore oil and gas industry personnel.89 Implementation of the national frameworks for the issue and verification of identity appears to be consistent with the LOSC because coastal states exercise exclusive jurisdiction over offshore installations on the continental shelf and can implement certain security requirements relating to access to offshore installations including requirements to hold national security identity documents. As discussed earlier, during their normal operations offshore installations interact with ships such as offshore supply vessels that service them and tankers loading oil or gas directly from installations. The SID Convention is not limited to seafarers working on board any specific categories of ships,90 and therefore it would be applicable to crews of ships that interact and come in direct contact with offshore installations such as shuttle tankers and offshore supply vessels. The SID Convention framework is designed to prevent and deter the infiltration of the maritime workforce by terrorists and other adversaries, thereby enhancing security of the maritime industry. In general, enhanced security of the maritime industry contributes to the protection and security of offshore installations, for instance, by reducing the likelihood of a ship being hijacked in an attack on an

88 Ibid. art 1(3). 89 For example, Australia administers the Maritime Security Identification Card (MSIC) scheme. See MTOFSA reg 6.07A. 90 Persons working on board ‘warships’ are explicitly excluded from the definition of ‘seafarer’ in Article 1(1) of the SID Convention.

267

POST-9/11 INTERNATIONAL LEGAL RESPONSES

offshore installation. For example, as a security measure, before a tanker comes alongside an offshore installation to load its cargo, it may be required to be boarded by security personnel to check identity documents of each crew member aboard the ship. According to the ILO, the SID Convention is potentially a very effective international convention aimed at improving maritime security because it provides for SIDs with essential modern security features and is unique in its establishment of minimum standards for national SIDs issuance procedures as well as international oversight of compliance with those procedures, and also in its establishment of international cooperation in the sharing of data on issued SIDs through national databases and national focal points that can be contacted on a round-the-clock basis.91

The success of the SID Convention framework depends on whether it is ratified by a much larger number of states (including most of the major maritime and seafaring nations),92 because its objectives cannot be achieved otherwise. Ratification of the SID Convention has progressed slowly.93 As of 1 December 2015, there were only 30 contracting states to the SID Convention (including only three of the top ten seafaring nations of the world: Indonesia, Russia and the Philippines),94 which is low especially compared with 64 contracting states to the 1958 SID Convention.95 Many states that supported the adoption of the SID Convention have so far not ratified it.96 The main reason for the slow uptake of the SID Convention is believed to be related to financial expenditure required to ensure the proper implementation of the SID Convention, including the cost of providing the robust security infrastructure required for issuing SIDs and for their verification, ‘given that the new SID contains a biometric template embodied in a bar code, which cannot be read by the devices normally used for machine-readable travel documents’.97 There are also some technical challenges relating to certain measures prescribed under the SID Convention.98 These aspects are being resolved by the ILO, but so far it has not been able to ‘devise satisfactory proposals or options for cost-effective solutions’.99 Due to a small number of ratifications of the SID Convention, it has been suggested that the matter should be submitted to the International Labour Conference for discussion ‘with a view to a possible recommendation or resolution

91 ILO, International Cooperation Relating to the Seafarers’ Identity Documents Convention (Revised), 2003 (No. 185), Governing Body, A Res 942(23), 320th Session, Agenda Item 5, ILO Doc GB.320/LILS/5 (17 January 2014) para 12. 92 Tsamenyi, Palma and Schofield (n 78) 247. 93 ILO, International Cooperation Relating to the Seafarers’ (n 91) para 13. 94 See ILO, Ratifications of C185 - Seafarers’ Identity Documents Convention (Revised), 2003 (No. 185) www.ilo.org/dyn/normlex/en/f?p=1000:11300:0::NO:11300:P11300_INSTRUMENT_ID:312330 accessed 1 December 2015. 95 ILO, Ratifications of C108 – Seafarers’ Identity Documents Convention, 1968 (No. 108) www.ilo.org/ dyn/normlex/en/f?p=1000:11300:0::NO:11300:P11300_INSTRUMENT_ID:31225 accessed 1 December 2015. According to the ILO, the 1958 SID Convention ‘is largely ineffective as far as security is concerned’: ILO, International Cooperation Relating to the Seafarers’ (n 91) para 13. 96 ILO, International Cooperation Relating to the Seafarers’ (n 91) para 14. 97 Ibid. para 13. 98 Ibid. para 10. 99 Ibid.

268

POST-9/11 INTERNATIONAL LEGAL RESPONSES

regarding the importance of voluntary cooperation’ between all ILO member-states in order to achieve the objectives of the SID Convention, regardless of whether or not they have ratified it.100 The ILO has noted that all member-states with advanced technology in areas related to SIDs should give due consideration, irrespective of ratification, to assisting states that are less advanced in those areas.101 In summary, although the SID Convention does not directly apply to identity documents for offshore workers, it nevertheless helps to improve maritime security generally, and by extension, indirectly contributes to the protection of offshore installations. 5 The SUA framework amendments 2005 In parallel with the drafting of the ISPS Code and the SOLAS Convention amendments of 2002, and pursuant to the IMO Assembly resolution A.924(22) adopted on 22 January 2002,102 the LEG commenced a review of the 1988 SUA Treaties to consider possible amendments to these legal instruments.103 A correspondence group led by the delegation of the US was tasked to start work on the revision of the 1988 SUA Treaties.104 The Diplomatic Conference on the Revisions of the SUA Treaties was held from 10 to 14 October 2005, and the texts of the Protocol of 2005 to the Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation105 and the Protocol of 2005 to the 1988 Protocol for the Suppression of Unlawful Acts against the Safety of Fixed Platforms located on the Continental Shelf106 (2005 SUA amendments)107 were officially adopted. The 2005 SUA amendments revised the 1988 SUA Treaties and, according to the IMO, provided a much strengthened ‘framework for legal action capable of ensuring that suspected terrorists are apprehended and brought to trial wherever in the world they may seek to hide’.108 Importantly, all provisions of the 1988 SUA Treaties have been retained unchanged and the 2005 SUA amendments simply added new provisions. The analysis in this chapter focuses only on the 2005 SUA amendments.109

100 Ibid. para 18. 101 Ibid. para 17. 102 IMO, Review of Measures and Procedures to Prevent Acts of Terrorism which Threaten the Security of Passengers and Crews and the Safety of Ships, A Res 924(22), 22nd Session, Agenda Item 8, IMO Doc A 22/Res.924 (22 January 2002). 103 IMO, SUA Convention (first published 1988, 2006 edn, IMO 2006) 25. 104 See Richard Shaw, ‘News from IMO: Diplomatic Conference on the Revision of the SUA Convention and Protocol’ (2005) 3 CMI Newsletter 8, 8. 105 Protocol of 2005 to the Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation, opened for signature 14 February 2006, IMO Doc LEG/CONF.15/21 (entered into force 28 July 2010) (‘2005 Protocol to the 1988 SUA Convention’). 106 Protocol of 2005 to the Protocol for the Suppression of Unlawful Acts against the Safety of Fixed Platforms located on the Continental Shelf, opened for signature 14 February 2006, IMO Doc LEG/CONF.15/22 (entered into force 28 July 2010) (‘2005 Protocol to the 1988 SUA Protocol’). 107 The term ‘2005 SUA amendments’ is used to refer collectively to the 2005 amendments to both the 1988 SUA Convention and the 1988 SUA Protocol. 108 IMO, ‘Maritime Security Set for Boost with Entry into Force of 2005 Protocols on Suppression of Unlawful Acts in July 2010’ (Press Briefing, 20/2010, 30 April 2010). 109 For discussion on the 1988 SUA Convention and the 1988 SUA Protocol see Chapter 6.

269

POST-9/11 INTERNATIONAL LEGAL RESPONSES

5.1 SUA Convention 2005 The consolidated text of the 1988 SUA Convention and the 2005 Protocol to the 1988 SUA Convention became known as the Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation 2005 (2005 SUA Convention).110 The provisions of Article 4, which deals with the scope of application, and the definition of the term ‘ship’ in the 2005 SUA Convention and the 1988 SUA Convention are identical, which means that the 2005 SUA Convention applies to mobile offshore installations that are navigating or scheduled to navigate, but not necessarily to mobile offshore installations that are operating on location.111 One of the main aspects of the new provisions of the 2005 SUA Convention is the non-proliferation of weapons of mass destruction (WMD).112 A number of new offences specifically relating to WMD and their non-proliferation were introduced by the 2005 amendments. Instead of ‘WMD’, the 2005 SUA Convention uses the term ‘BCN weapon’ which consists of biological, chemical and nuclear (BCN) weapons and other nuclear explosive devices.113 Another new concept used in the 2005 SUA Convention is ‘serious injury or damage’, which is defined as: (i) serious bodily injury; or (ii) extensive destruction of a place of public use, State or government facility, infrastructure facility, or public transportation system, resulting in major economic loss; or (iii) substantial damage to the environment, including air, soil, water, fauna, or flora.114

The term ‘infrastructure facility’ would include offshore oil and gas installations.115 However, only ‘extensive destruction’ of an offshore installation which results in ‘major economic loss’ or ‘substantial damage to the environment’ would be considered as ‘serious injury or damage’ for the purposes of the 2005 SUA Convention. The 2005 SUA Convention contains three categories of new offences.116 The first category of new offences relates to using a ship or a mobile offshore installation as a weapon or as a means for committing terrorist acts.117 The offences in this category include: using against, on, or discharging from a ship or a mobile offshore installation any explosive, radioactive material or BCN weapon; discharging oil, LNG, or other hazardous substances from a ship or a mobile offshore installation in quantities that causes or is likely to cause death or serious injury or damage; and 110 Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation 2005, opened for signature 14 February 2006, IMO Doc LEG/CONF.15/21 (entered into force 28 July 2010) (‘2005 SUA Convention’). 111 See arts 1(a), 4. Article 1(a) defines ‘ship’ as ‘a vessel of any type whatsoever not permanently attached to the seabed, including dynamically supported craft, submersibles, or any other floating craft’. 112 Stuart Kaye, ‘International Measures to Protect Oil Platforms, Pipelines, and Submarine Cables from Attack’ (2007) 31(2) Tulane Maritime Law Journal 377, 393. 113 2005 SUA Convention art 1(1)(d). 114 Ibid. art 1(1)(c). 115 Article 1(2)(a) of the 2005 SUA Convention provides that the term ‘infrastructure facility’ has the same meaning as that given in the International Convention for the Suppression of Terrorist Bombings 1997, opened for signature 12 January 1998, 2149 UNTS 284 (entered into force 23 May 2001), which in turn, defines ‘infrastructure facility’ in Article 1(2) as ‘any publicly or privately owned facility providing or distributing services for the benefit of the public, such as water, sewage, energy, fuel or communications.’ 116 2005 SUA Convention arts 3bis, 3ter, 3quater. 117 Ibid. art 3bis(1)(a).

270

POST-9/11 INTERNATIONAL LEGAL RESPONSES

using a ship or a mobile offshore installation in a manner that causes death or serious injury or damage.118 The threat to do any of these acts also constitutes an offence under the 2005 SUA Convention.119 These offences require a specific knowledge and intent, and they also require a ‘terrorist motive’ because the acts must be committed for the purpose of intimidating a population or coercing a state or an international organisation.120 The second category of new offences deals with non-proliferation of WMD on the high seas and addresses transport on board a ship or a mobile offshore installation of any explosives, radioactive substances, BCN weapons, and other materials or equipment used in the design or manufacture of WMD or BCN weapons.121 The offences in this category also require that a transporter must have knowledge that explosives or radiological materials are intended to be used to cause, or in a threat to cause, death or serious injury or damage for the purpose of intimidating a population or coercing a state; and in the case of BCN weapons, the requirement is only that a transporter knows the items to be such prohibited weapons.122 This category of offences appears to have little relevance to offshore installations.123 The third category of new offences relates to the prohibition on transporting a person alleged to have committed an offence under other UN anti-terrorism conventions. In particular, it is an offence to transport a person on board a ship or a mobile offshore installation knowing that the person has committed any of the offences under the 2005 SUA Convention (which also includes offences under the 1988 SUA Convention), or an offence under any of another nine anti-terrorism treaties listed in the annex,124 and intending to assist that person to evade criminal

118 Ibid. arts 3bis(1)(a)(i)–(iii). 119 Ibid. art 3bis(1)(a)(iv). 120 Ibid. art 3bis(1)(a); Robert Beckman, ‘The 1988 SUA Convention and 2005 SUA Protocol: Tools to Combat Piracy, Armed Robbery, and Maritime Terrorism’ in Rupert Herbert-Burns, Sam Bateman and Peter Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2009) 187, 192. 121 2005 SUA Convention art 3bis(1)(b). 122 Ibid. arts 3bis(1)(b), (2). 123 Unless a mobile offshore installation is used as a means of transporting WMD. 124 2005 SUA Convention annex. The annex lists the following nine anti-terrorism conventions: Convention for the Suppression of Unlawful Seizure of Aircraft 1970, adopted 16 December 1970, 860 UNTS 12325 (entered into force 14 October 1971); Convention for the Suppression of Unlawful Acts against the Safety of Civil Aviation 1971, adopted 23 September 1971, 974 UNTS 14118 (entered into force 26 January 1973); Convention on the Prevention and Punishment of Crimes against Internationally Protected Persons, including Diplomatic Agents 1973, adopted 14 December 1973, 1035 UNTS 15410 (entered into force 20 February 1977); International Convention against the Taking of Hostages 1979, entered into force 18 December 1979, 1316 UNTS 205 (entered into force 3 June 1983); Convention on the Physical Protection of Nuclear Material 1979, adopted 17 December 1979, 1456 UNTS 24631 (entered into force 8 February 1987); Protocol for the Suppression of Unlawful Acts of Violence at Airports Serving International Civil Aviation 1988 (supplementary to the Convention for the Suppression of Unlawful Acts against the Safety of Civil Aviation 1971), adopted 24 February 1988, 1589 UNTS 473 (entered into force 6 August 1989); Protocol for the Suppression of Unlawful Acts against the Safety of Fixed Platforms located on the Continental Shelf 1988, opened for signature 10 March 1988, 1678 UNTS 304 (entered into force 1 March 1992); International Convention for the Suppression of Terrorist Bombings 1997, opened for signature 12 January 1998, 2149 UNTS 284 (entered into force 23 May 2001); International Convention for the Suppression of the Financing of Terrorism, opened for signature 9 December 1999, 39 ILM 270 (entered into force 10 April 2002).The conventions that are not included are the International Convention for the Suppression of Acts of Nuclear Terrorism 2005, adopted 13 April 2005, 2445 UNTS 89 (entered into force 7 July 2007) and the Protocol for the Suppression of Unlawful Acts against the Safety of Fixed Platforms located on the Continental Shelf 2005, opened for signature 14 February 2006, IMO Doc LEG/CONF.15/22 (entered into force 28 July 2010).

271

POST-9/11 INTERNATIONAL LEGAL RESPONSES 125

prosecution. This offence requires ‘knowledge and intent’, which acts as a safeguard mechanism to protect innocent transporters (including seafarers, masters, owners, charterers and operators as well as operators of mobile offshore installations), whereby a transporter must know that the person has committed an offence under any of the specified conventions and also must intend to assist that person to escape prosecution. Importantly, the 2005 SUA Protocol is not listed in the annex, which means that it is not an offence to knowingly transport a person who commits an offence under the 2005 SUA Protocol, and intending to assist that person to evade criminal prosecution.126 This means that it will not be an offence under the 2005 SUA Convention to transport a person who unlawfully and intentionally discharges a hazardous or noxious substance from a fixed platform.127 The 2005 SUA Convention also makes it an offence to attempt to commit an offence under the 2005 SUA Convention, participate as an accomplice, organise, direct others to commit an offence, or contribute to the commission of one or more offences by a group of persons acting with a common purpose, intentionally and either with the aim of furthering the criminal activity or criminal purpose of the group, or in the knowledge of the intention of the group to commit an offence under the 2005 SUA Convention.128 The new offences in the 2005 SUA Convention have broader scope than offences under the 1988 SUA Convention.129 The 2005 SUA Convention provides that contracting states can take necessary measures to impose civil, criminal or administrative sanctions on legal entities whose senior managers or individuals in control commit, in that capacity, an offence under the 2005 SUA Convention.130 Such sanctions are to be imposed in accordance with domestic legal principles of the state where the legal entity in question is located or requested, and can be in the form of monetary sanctions, but will not prejudice criminal liability of individuals who have actually committed an offence.131 In the context of the offshore installations, this means that oil companies, offshore service providers or any other organisations whose senior management may be involved in or linked to unlawful activities to which the 2005 SUA Convention applies, may be subject to penalties under domestic law. Another important aspect of the 2005 SUA Convention is that it establishes a shipboarding framework,132 whereby the boarding provisions afford a limited right to state parties to board on the high seas, and in the EEZ, ships (or mobile offshore installations) flying the flag of another state party, where there are reasonable grounds to suspect that a ship or a person on board has been or is about to be

125 2005 SUA Convention art 3ter. 126 Article 3ter of the 2005 SUA Convention does not apply mutatis mutandis to the 2005 SUA Platforms Protocol. This is a shortcoming of the 2005 SUA Convention. 127 However, Article 22 of the 2005 SUA Convention allows new UN anti-terrorism conventions to be added to the list in the annex, and sets out the procedures for that. 128 Ibid. arts 3quater(b)–(e). 129 See also Beckman, ‘The 1988 SUA Convention and 2005 SUA Protocol’ (n 120) 192. 130 2005 SUA Convention art 5bis(1). 131 Ibid. arts 5bis(1)–(3). 132 Ibid. art 8bis.

272

POST-9/11 INTERNATIONAL LEGAL RESPONSES

involved in the commission of an offence under the 2005 SUA Convention.133 The purpose of the ship-boarding provisions is to create boarding arrangements that would enable contracting states to take action in order to prevent or suppress the commission of offences.134 These ship-boarding provisions are consistent with existing principles of international law, including the LOSC. The sovereignty of coastal states and jurisdictional rights of flag states are preserved as boarding can only take place seaward of any state’s territorial sea and only with the express consent of the flag state.135 There is no obligation on the part of the flag state to permit the requested action, but even if the flag state decides to give its authorisation, it may impose conditions on the state that conducts the boarding.136 The boarding provisions contain a comprehensive set of safeguards designed to prevent undue interferences with shipping.137 The 2005 SUA amendments expanded the provisions on extradition and cooperation. The 2005 SUA Convention explicitly provides that the offences are not considered to be political offences for the purposes of extradition, and may not be refused solely because the offence may have some political connotation.138 The 2005 SUA Convention also includes an anti-discrimination provision whereby the extradition and legal assistance obligations do not apply if the request for extradition is believed to have been made for the purpose of prosecuting a person on the basis of race, religion, nationality, ethnicity, political opinion or gender.139 The provisions in the 2005 SUA Convention dealing with jurisdiction of states are identical to those of the 1988 SUA Convention.140 5.2 SUA Protocol 2005 The consolidated text of the 1988 SUA Protocol and the 2005 Protocol to the 1988 SUA Protocol became known as the Protocol for the Suppression of Unlawful Acts against the Safety of Fixed Platforms located on the Continental Shelf 2005 (2005 SUA Protocol).141 The 2005 SUA Protocol applies to fixed offshore installations located on the continental shelf.142 The new provisions in the 2005 SUA Protocol reflect those in the 2005 SUA Convention and follow a similar pattern, but are less wide-ranging.143 Many of the 2005 SUA Convention provisions including those relating to extradition

133 Ibid. art 8bis(5). 134 Calvin Lederer, ‘Combating Maritime Terrorism: Developments in the Convention on the Suppression of Unlawful Acts Affecting Maritime Navigation’ (2004) CMI Yearbook 401, 408. 135 2005 SUA Convention arts 8bis(5)(a)–(c); Beckman, ‘The 1988 SUA Convention and 2005 SUA Protocol’ (n 120) 194. 136 Ibid. arts 8bis(5), (7). 137 Ibid. art 8bis(10). 138 Ibid. art 11bis. 139 Ibid. art 11ter. 140 2005 SUA Protocol art 6. 141 Protocol for the Suppression of Unlawful Acts against the Safety of Fixed Platforms located on the Continental Shelf 2005, opened for signature 14 February 2006, IMO Doc LEG/CONF.15/22 (entered into force 28 July 2010) (‘2005 SUA Protocol’). 142 2005 SUA Protocol arts 1(1), 1(3). 143 Kaye, ‘International Measures to Protect Oil Platforms’ (n 112) 394.

273

POST-9/11 INTERNATIONAL LEGAL RESPONSES

and prosecution apply mutatis mutandis to the offences of the 2005 SUA Protocol,144 that is, to the offences committed on board or against fixed platforms located on the continental shelf.145 The list of offences in the 2005 SUA Protocol has been broadened compared to the 1988 SUA Protocol. In particular, new offences include using against or on a fixed offshore installation or discharging from an installation any explosive, radioactive material or BNC weapon in a manner that causes or is likely to cause death, damage or serious injury; or releasing oil, gas or other hazardous substances from a fixed offshore installation in such quantities or concentration that causes or is likely to cause death or serious injury or damage.146 The threat to undertake such acts is also an offence.147 Unlawfully and intentionally injuring or killing any person in connection with any of the offences,148 attempting to commit an offence, participating as an accomplice, organising, directing others to commit an offence, or preparing for the commission of such offences individually or as part of a group is also considered to be an offence under the 2005 SUA Protocol.149 State parties are required to take necessary measures to enable a legal entity located in their territories or organised under their laws to be held liable and face civil, criminal or administrative sanctions when an individual in control of management of such an entity has, in that capacity, committed an offence under the 2005 SUA Protocol.150 The 2005 SUA Protocol provisions dealing with jurisdiction of states remained identical to the 1988 SUA Protocol.151 There are two categories of jurisdiction: obligatory and discretionary. A state party must assert its jurisdiction over the offences when its nationals are the offenders or the offence is committed on board or against a fixed offshore oil and gas installation located on its continental shelf.152 The discretionary jurisdiction may be asserted by a state party when the offence is committed by a stateless person who resides in that state, or against nationals of that state, or when the offence was committed to intimidate or coerce that state.153 Although there is greater scope for cooperation in dealing with the offences under the 2005 SUA Protocol,154 there are no equivalent provisions on boarding of offshore installations to those ship-boarding provisions established under the 2005 SUA

144 2005 SUA Protocol art 1(1). 145 Ibid. art 1(1). However, by virtue of Article 1(2), the 2005 SUA Protocol can apply to fixed offshore installations located in the internal waters or the territorial sea of a coastal state, in situations where the offender escapes to the territory of another state party. The archipelagic waters are not mentioned, which means that the 2005 SUA Protocol will not apply where a person commits an offence against an offshore installation in the archipelagic waters of an archipelagic state, which is a party to the 2005 SUA Protocol, and then escapes to a territory of another state party. 146 2005 SUA Protocol arts 2bis(a)–(b). 147 Ibid. art 2bis(c). 148 Ibid. art 2ter(a). 149 Ibid. art 2ter(b)–(e). 150 See 2005 SUA Convention art 5bis. Article 5bis of the 2005 SUA Convention applies mutatis mutandis to the offences set forth in the 2005 SUA Protocol. 151 Ibid. art 3. 152 Ibid. art 3(1). 153 2005 SUA Protocol art 3(2). 154 Kaye, ‘International Measures to Protect Oil Platforms’ (n 112) 394.

274

POST-9/11 INTERNATIONAL LEGAL RESPONSES

Convention. The 2005 SUA Protocol provides that the rules of international law pertaining to fixed offshore installations located on the continental shelf are not affected in any way,155 which implies that the power to board a fixed offshore installation located on the continental shelf in response to an offence is vested in the coastal state pursuant to the LOSC.156 The logic ‘seems to be based on the assumption that a coastal state would always have the capacity to take action with respect to platforms under its jurisdiction’.157 In practice, this is not always the case. Kaye has noted that the ‘absence of such [a boarding] provision would not prevent a coastal State from giving a third State an ad hoc authorization to board its installation’.158 5.3 Issues applicable to both 2005 SUA Treaties The above analysis of the 2005 SUA amendments has shown that although the scope of the 2005 SUA Convention and the 2005 SUA Protocol has generally expanded (as far as the range of offences is covered), the focus of the amendments was not so much on offshore oil and gas installations. In that regard, the 2005 SUA amendments do not provide any significant enhancements to the security of offshore installations. Inclusion of new offences relating to discharging of WMD, explosives and other hazardous or noxious substances such as oil and LNG from ships and offshore installations (both fixed and mobile) that cause death or serious injury or damage to the environment broadens the range of offences involving offshore installations and represents an improvement. With the introduction of the ship-boarding provisions, there is now a wider scope for prevention and enforcement of the offences under the 2005 SUA Convention, 1988 SUA Convention and the 1988 SUA Protocol. However, the limitations of the 1988 SUA Treaties have not been addressed by the 2005 amendments and were carried over to the 2005 SUA Convention and the 2005 SUA Protocol. In particular, these limitations relate to enforcement and arrest powers, especially when nonnationals or foreign flagged ships are involved.159 It should also be noted that just like the 1988 SUA Treaties, the 2005 SUA Treaties are concerned with punishment of unlawful activities and not their prevention. As mentioned in regard to the 1988 SUA Treaties, the effectiveness of the SUA framework, including the 2005 SUA amendments, depends upon individual states complying with their obligations and making the offences punishable under national laws. The 2005 SUA Convention and the 2005 SUA Protocol both entered into force

155 2005 SUA Protocol art 4. 156 LOSC arts 60, 80. Under the LOSC, a coastal state has exclusive jurisdiction over offshore installations located on its continental shelf. 157 Stuart Kaye, ‘The Protection of Platforms, Pipelines and Submarine Cables under Australian and New Zealand Law’ in Natalie Klein, Joanna Mossop and Donald Rothwell (eds), Maritime Security: International Law and Policy Perspectives from Australia and New Zealand (Routledge 2010) 186, 189. 158 Kaye, ‘International Measures to Protect Oil Platforms’ (n 112) 394. 159 Donald Rothwell and Tim Stephens, The International Law of the Sea (Hart Publishing 2010) 163.

275

POST-9/11 INTERNATIONAL LEGAL RESPONSES 160

on 28 July 2010; however, so far these new SUA instruments have not achieved wide international acceptance.161 As at 5 November 2015, there were 38 contracting states to the 2005 SUA Convention and 33 contracting states to the 2005 SUA Protocol representing approximately 37.3 per cent and 36.5 per cent of the gross tonnage of the world’s merchant shipping respectively.162 It remains to be seen how long it takes for the 2005 SUA Convention and the 2005 SUA Protocol to receive worldwide acceptance and implementation. 6 Long-range identification and tracking of ships After the adoption of the ISPS Code in December 2002, the IMO began working on the development of the system for global surveillance of maritime traffic to address the perceived security threat posed by ships.163 In May 2006, at its eighty-first session, the MSC adopted Resolution 202(81), which established regulation V/19-1 on LRIT.164 Also adopted at the same session were Resolution 210(81) on performance standards and functional requirements for the LRIT,165 and Resolution 211(81) on arrangements for the timely establishment of the LRIT system.166 LRIT is a multilateral information sharing system for state parties to the SOLAS Convention, which serves as an additional measure to enhance maritime security, complementary to the ISPS Code.167 The system is designed for the purpose of tracking, identifying and classifying vessels.168 It aims to provide an additional tool for detecting security threats and taking preventive measures against security incidents affecting ships, port facilities and offshore installations.169 Ships covered

160 IMO, ‘Maritime Security Set for Boost with Entry into Force of 2005 Protocols on Suppression of Unlawful Acts in July 2010’ (Press Briefing, 20/2010, 30 April 2010). 161 As at 5 November 2015, only two of the major seafarer-supplying states and five of the major flag states were parties to both the 2005 SUA Convention and the 2005 SUA Protocol, which are Greece and Latvia (seafarer-supplying states), and Greece, Marshall Islands, Norway, Panama and Saint Vincent and the Grenadines (flag states) respectively. 162 IMO, Status of Multilateral Conventions and Instruments (n 4) 431, 445. 163 See IMO, Consideration and Adoption of the International Ship and Port Facility Security (ISPS) Code, Conference of Contracting Governments to the International Convention for the Safety of Life at Sea 1974, Agenda Items 7 and 8, IMO Doc SOLAS/CONF.5/34 (17 December 2002) annex 2 res 3 (‘Further Work by the International Maritime Organization Pertaining to the Enhancement of Maritime Security’) 2. 164 IMO, Report of the Maritime Safety Committee on Its Eighty-First Session, MSC, 81st Session, Agenda Item 25, IMO Doc MSC 81/25/Add.1 (1 June 2006) annex 2 (‘Adoption of Amendments to the International Convention for the Safety of Life at Sea 1974’). 165 IMO, Report of the Maritime Safety Committee on Its Eighty-First Session, MSC, 81st Session, Agenda Item 25, IMO Doc MSC 81/25/Add.1 (1 June 2006) annex 13 (‘Performance Standards and Functional Requirements for the Long-Range Identification and Tracking of Ships’). 166 IMO, Report of the Maritime Safety Committee on Its Eighty-First Session, MSC, 81st Session, Agenda Item 25, IMO Doc MSC 81/25/Add.1 (1 June 2006) annex 14 (‘Arrangements for the Timely Establishment of the Long-Range Identification and Tracking System’). 167 IMO, ‘International Convention for the Safety of Life at Sea (SOLAS), 1974: May 2006 Amendments LRIT’ www.imo.org/blast/contents.asp?topic_id=257&doc_id=647#lrit accessed 1 December 2015. 168 Murphy, ‘Lifeline or Pipedream?’ (n 11) 17. 169 Martin Tsamenyi and Mary Ann Palma, ‘Long-Range Identification and Tracking System for Vessels: Legal and Technical Issues’ in Rupert Herbert-Burns, Sam Bateman and Peter Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2009) 215, 215.

276

POST-9/11 INTERNATIONAL LEGAL RESPONSES

by the LRIT are required to automatically transmit LRIT information consisting of the ship’s identity, position (latitude and longitude), and date and time of the position.170 LRIT information will be made available only to flag states,171 port states172 and coastal states. Coastal states are entitled to receive LRIT information about ships of other contracting states navigating within 1,000 nautical miles of their coast even when such ships are not intending to enter a port or place under the jurisdiction of that coastal state, provided that such ships are not within the internal waters or archipelagic waters of another contracting state.173 Furthermore, a coastal state is not entitled to receive LRIT information about ships located within the territorial sea of the contracting state whose flag the ship is entitled to fly.174 The legal basis for allowing coastal states to receive LRIT information from a distance beyond 200 nautical miles from the coast is provided by ‘the prescriptive powers of coastal states in various maritime zones of jurisdiction under international law’, particularly the LOSC.175 Tsamenyi and Palma have argued that providing LRIT information to states from a distance of up to 1,000 nautical miles from their coasts ‘does not impinge on freedom of navigation under international law’.176 The LRIT regulation is included in chapter V of the SOLAS Convention as a mandatory requirement for passenger ships of any size including high-speed passenger craft, cargo ships including high-speed craft of 300 gross tons and above, and MODUs, but only when these ships and MODUs are ‘engaged on international voyages’.177 The LRIT system has a limited scope in terms of the types of ships and offshore installations that are covered by the LRIT regulation. MODUs that are engaged in drilling operations on location and other types of mobile offshore installations such as FPSOs (whether they are on location or in transit) are not covered by the LRIT system. Any ships or MODUs that are not engaged on international voyages, regardless of their size, are not required to transmit LRIT data. This includes offshore supply and support vessels and shuttle tankers that only navigate between offshore installations and ports of the same coastal state. The LRIT system does not apply to fishing vessels and vessels of smaller sizes such as recreational motor boats and small yachts. This can be seen as a significant limitation of the LRIT system 170 SOLAS Convention annex, reg V/19-1 para 5. 171 Flag states are entitled to receive LRIT information about ships and MODUs flying their flag irrespective of the location: SOLAS Convention annex, reg V/19-1 sub-para 8.1.1. 172 Port states are entitled to receive LRIT information only from ships and MODUs that have declared their intention to visit the port in that state or a place under the jurisdiction of that state, irrespective of the location of such ships. However, port states are not entitled to receive LRIT information about ships located within the internal waters or archipelagic waters of another contracting state: SOLAS Convention annex, reg V/19-1 sub-para 8.1.2. 173 SOLAS Convention annex, reg V/19-1 sub-para 8.1.3. 174 Ibid. reg V/19-1 sub-para 8.1.4. 175 Tsamenyi and Palma (n 169) 222. 176 Ibid. See also Martin Tsamenyi and Mary Ann Palma, ‘Legal Considerations in the Implementation of Long-range Identification and Tracking Systems for Vessels’ (2007) 13(1) The Journal of International Maritime Law 49. 177 SOLAS Convention annex, reg V/19-1 para 2.1. The limit of 300 gross tonnes is different from the requirements under the ISPS Code, which applies to ships of 500 gross tonnes and above: Tsamenyi and Palma (n 169) 217.

277

POST-9/11 INTERNATIONAL LEGAL RESPONSES

considering that fishing vessels and other small vessels often operate in the vicinity of offshore installations and sometimes come very close to installations.178 A review of past attacks against offshore installations indicates that most of the attacks were carried out using small vessels.179 Hence, these vessels present a considerable security concern for operators of offshore installations. Nevertheless, in the context of offshore petroleum security, the LRIT system is still useful because it allows coastal states to detect and assess potential security threats posed by ships to offshore installations and, if necessary, take certain preemptive measures to deter a possible hostile activity.180 However, there are some doubts as to whether LRIT information is sufficient to enable states to make a meaningful assessment of a potential security risk posed by a particular ship.181 Importantly, the LRIT regulation ‘does not create or affirm any new rights of States over ships beyond those existing in international law, particularly [the LOSC], nor does it alter or affect the rights, jurisdiction, duties and obligations of States’ set out in the LOSC.182 In other words, the ‘right of coastal states to receive LRIT information does not automatically translate into the right to take enforcement action’. 183 In the event that a coastal state has, on the basis of LRIT information, identified a vessel as a security threat to an offshore installation under its jurisdiction, the right to take enforcement action is regulated by general rules of international law, particularly the LOSC.184 The LRIT regulation entered into force on 1 January 2008 and the LRIT system implementation compliance date was 31 December 2008, which gave the contracting states one year to set up and test the system, and ship operators and MODU operators one year to fit new equipment or upgrade existing equipment so that their ships and/or MODUs can transmit LRIT information. However, due to a number of unresolved practical, financial and legal issues, the implementation of the LRIT system was delayed.185 In May 2012, the MSC decided that there was a need for an urgent review of the LRIT system with a view to reducing the financial burden of operating LRIT Data Centres,186 but later, at its ninety-second session in June 2013, the MSC agreed that it was no longer necessary to pursue alternative options for the audit and review

178 Tsamenyi and Palma (n 169) 217 (further noting that although some fishing vessels are under national or regional vessel monitoring systems and some are subjected to the AIS, there is still a considerable number of fishing vessels that ‘cannot be tracked or are not under any surveillance systems’). 179 See Appendix. 180 The system can be particularly relevant to situations when offshore installations interface with ships such as tankers and offshore supply vessels. 181 See, e.g. Tsamenyi and Palma (n 169) 218; Murphy, ‘Lifeline or Pipedream?’ (n 11) 21–24. 182 IMO, Implications of the United Nations Convention on the Law of the Sea for the International Maritime Organization: Study by the Secretariat of the International Maritime Organization (IMO), IMO Doc LEG/MISC.6 (10 September 2008) 23. 183 Tsamenyi and Palma (n 169) 224. 184 Ibid. 185 IMO, Report of the Maritime Safety Committee on Its Eighty-Seventh Session, MSC, 87th Session, Agenda Item 26, IMO Doc MSC 87/26 (25 May 2010) 35–52. 186 IMO, Report of the Maritime Safety Committee on Its Ninetieth Session, MSC, 90th Session, Agenda Item 28, IMO Doc MSC 90/28 (31 May 2012).

278

POST-9/11 INTERNATIONAL LEGAL RESPONSES

of the LRIT system, and invited the International Mobile Satellite Organization (IMSO) to continue to pursue cost savings.187 It was decided to continue with the current arrangements for the conduct of the audits of LRT Data Centres and of the LRIT International Data Exchange (IDE), ‘with the understanding that the audit unit fee would be reduced during the forthcoming years, as advised by the IMSO’.188 Having considered, at its ninety-second session, the need to put in place all the necessary arrangements so as to ensure the continuous operation of the IDE after 2013, the MSC adopted Resolution MSC.361(92) of 21 June 2013 on the operation of the IDE after 2013.189 Among other matters, the MSC agreed that the EU should continue hosting, maintaining and operating the IDE and the US should continue hosting, maintaining and operating the disaster recovery site of the IDE beyond 2013, until advised otherwise, both at no cost to the SOLAS Convention contracting states or the IMO.190 At its ninety-fourth session, in November 2014, the MSC decided that ‘there was a need for a holistic review of the financial viability of the LRIT system’ and that ‘priority should be given to the consideration of how to reduce the cost of the audit’.191 The MSC decided that these issues should be further considered at the ninety-fifth session of the MSC ‘with the view to adopting a final policy decision’.192 7 Other relevant post-9/11 regulatory security initiatives There have been several other post-9/11 maritime security regulatory initiatives that directly or indirectly pertain to the security of offshore installations. These include the work of the CMI in developing the guidelines for national legislation on crimes at sea, the adoption of the IMO guidelines on security arrangements of non-SOLAS ships, the development of the guidelines for national maritime security legislation, consideration of the extension of safety zones around offshore installations in the EEZ and the IMO recommendations on security training of offshore personnel. These initiatives are not often discussed in the literature on maritime security, but they are just as important as mandatory international regulations on maritime security, so it is useful to consider them. 7.1 CMI draft guidelines for national legislation on maritime criminal acts In 2005, the CMI reconstituted the JIWG on piracy and maritime violence to examine issues of serious maritime crime beyond piracy and armed robbery as well

187 IMO, Report of the Maritime Safety Committee on Its Ninety-Second Session, MSC, 92nd Session, Agenda Item 26, IMO Doc MSC 92/26 (30 June 2013) para 6.6. 188 Ibid. para 6.4. 189 IMO, Report of the Maritime Safety Committee on Its Ninety-Second Session, MSC, 92nd Session, Agenda Item 26, IMO Doc MSC 92/26/Add.1 (28 June 2013) annex 15 (‘Operation of the International LRIT Data Exchange After 2013’). 190 Ibid. 191 IMO, Report of the Maritime Safety Committee on Its Ninety-Fourth Session, MSC, 94th Session, Agenda Item 21, IMO Doc MSC 94/21 (26 November 2014) 35. 192 Ibid. 36.

279

POST-9/11 INTERNATIONAL LEGAL RESPONSES

as various jurisdictional aspects not previously considered.193 After several meetings the JIWG resolved that the CMI Model Law should be revised to bring it up to date with the post-9/11 security environment to cover terrorism, kidnapping for ransom, piracy and other violent maritime acts, and to take into account the ISPS Code.194 The JIWG has concluded that the CMI Model Law needs to ensure compatibility with the 2005 SUA Treaties and address jurisdiction over and prosecution of criminal acts that fall outside the scope of the 2005 SUA Treaties.195 From 2005 to 2007 the JIWG was working on the amendments to the CMI Model Law and produced the Draft Guidelines for National Legislation on Maritime Criminal Acts (CMI Draft Guidelines),196 which can be used by states to develop and enact national legislation that deals with a wide range of maritime criminal acts.197 The CMI Draft Guidelines are largely based on the CMI Model Law, but have a considerably broader scope.198 They were intended to be a benchmark against which the content and effect of national law may be measured. In 2007, the CMI Draft Guidelines were submitted to the LEG for consideration; however, the LEG expressed some concerns about the CMI Draft Guidelines and decided not pursue the question of crimes at sea as a separate agenda item.199 It appears that no further action has been taken by the IMO specifically in relation to the CMI Draft Guidelines.200 7.2 Guidelines on security arrangements of non-SOLAS ships In 2006, at its eighty-second session, the MSC began consideration of issues relating to security aspects of ships that do not fall within the scope of the ISPS Code and Chapter XI-2 of the SOLAS Convention (i.e. non-SOLAS ships).201 To address threats posed by non-SOLAS ships, over the course of two years the IMO developed and adopted non-mandatory Guidelines on Security Aspects of the Operation of Vessels Which Do Not Fall Within the Scope of SOLAS Chapter XI-2 and the ISPS Code (Non-SOLAS Security Guidelines),202 which contracting states may apply to non-SOLAS ships operating under their jurisdiction. 193 IMO, Maritime Criminal Acts – Draft Guidelines for National Legislation, LEG 93rd Session, Agenda Item 12, IMO Doc LEG 93/12/1 (15 August 2007). 194 CMI, ‘Minutes of the Assembly’ (Held at the Automobile Club De France, in Paris on 16 April 2005) (2005) 2 CMI Newsletter 1, 4. 195 CMI, ‘Report of the Fifth Session of the Joint International Working Group on Uniformity of Laws Concerning Acts of Piracy and Maritime Violence’ (2005) 2 CMI Newsletter 8, 8. 196 The CMI Draft Guidelines are reproduced in IMO, Maritime Criminal Acts (n 193). 197 IMO, Maritime Criminal Acts (n 193) 1. 198 Frank Wiswall, ‘Draft Guidelines for National Legislation: Background Paper’ (2007) 1 CMI Newsletter 3, 3. 199 IMO, Report of the Legal Committee on Its Ninety-Third Session, LEG 93rd Session, Agenda Item 13, IMO Doc LEG 93/13 (2 November 2007) 20. 200 CMI, ‘Minutes of the Executive Council Meeting Held by E-mail During the Week of November 19, 2007’ (2007) 3 CMI Newsletter 1, 4. 201 IMO, ‘Security of Ships Which Do Not Fall Within the Scope of SOLAS Chapter XI-2 and the ISPS Code’ www.imo.org/Safety/mainframe.asp?topic_id=1470 accessed 1 February 2014. 202 IMO, Non-Mandatory Guidelines on Security Aspects of the Operation of Vessels Which Do Not Fall Within the Scope of SOLAS Chapter XI-2 and the ISPS Code, IMO Doc MSC.1/Circ.1283 (22 December 2008) annex (‘Guidelines on Security Aspects of the Operation of Vessels Which Do Not Fall Within the Scope of SOLAS Chapter XI-2 and the ISPS Code’).

280

POST-9/11 INTERNATIONAL LEGAL RESPONSES

The Non-SOLAS Security Guidelines are organised into two parts. Part 1 contains general guidelines for IMO member-states and other authorities that have responsibility for administering non-SOLAS ships, and Part 2 contains general guidelines for owners, operators and users of non-SOLAS ships and related facilities.203 In addition, the Non-SOLAS Security Guidelines contain five sets of specific guidelines for: 1) commercial non-passenger vessels and special purpose ships, 2) non-SOLAS passenger vessels, 3) fishing vessels, 4) pleasure craft and 5) marine, port and harbour authorities respectively.204 Offshore installations are not explicitly mentioned in the Non-SOLAS Security Guidelines, but ‘special purpose ship’ would include certain types of mobile offshore installations (500 gross tonnes and above) such as FPSOs,205 but it would not include offshore supply vessels that are used to transport offshore workers, accommodation vessels and MODUs.206 Accordingly, the Non-SOLAS Security Guidelines can be applied to certain types of offshore installations. The Non-SOLAS Security Guidelines provide general guidance for risk assessment, possible security measures, ship identification, security training, security awareness and reporting of suspicious activities.207 The Non-SOLAS Security Guidelines also contain provisions that specifically address awareness of basic requirements for interaction of non-SOLAS ships with ISPS-compliant ships and port facilities.208 Appendix A of the Non-SOLAS Security Guidelines, which is specifically intended for special purpose ships, provides guidance with regard to searching and securing non-SOLAS special purpose ships, controlling access and preventing unauthorised access to ships, contingency measures for security alerts and reporting of security incidents.209 It would have been useful if the Non-SOLAS Security Guidelines covered security relating to offshore installations including aspects relating to interaction between non-SOLAS ships and offshore oil and gas installations. The Non-SOLAS Security Guidelines represent a positive step toward further enhancing maritime security. They attempt to foster the security awareness and culture within the maritime industry community which, among other things, promotes security awareness and encourages reporting of suspicious activity.210

203 Ibid. 204 Ibid. 28–39. 205 The term ‘special purpose ship’ is defined in paragraph 1.3 of the Code of Safety for Special Purpose Ships 2008 as ‘a mechanically self-propelled ship which by reason of its function carries on board more than 12 special personnel’: IMO, Report of the Maritime Safety Committee on Its Eighty-Fourth Session, MSC 84th Session, Agenda Item 24, IMO Doc MSC 84/24/Add.2 (23 May 2008) annex 17 (‘Code of Safety for Special Purpose Ships, 2008’) para 1.3.12. 206 Code of Safety for Special Purpose Ships 2008 paras 1.2.2, 1.2.3. Paragraph 1.2.3 provides that the ‘Code is not intended for ships used to transport and accommodate industrial personnel that are not working on board’. Paragraph 1.2.2 provides that the ‘Code does not apply to ships meeting the Code for the Construction and Equipment of Mobile Offshore Drilling Units (MODU Code)’. 207 IMO, Non-Mandatory Guidelines on Security Aspects (n 202). 208 Ibid. 6, 20. 209 Ibid. 28–29. 210 IMO, Security Arrangements for Ships Which Do Not Fall Within the Scope of SOLAS Chapter XI-2 and the ISPS Code, MSC 83rd Session, Agenda Item 4, IMO Doc MSC 83/4/4 (14 August 2007) para 15.

281

POST-9/11 INTERNATIONAL LEGAL RESPONSES

Considering regular interaction between offshore installations and ships, enhanced security arrangements of non-SOLAS ships will, by extension, contribute to the security of offshore installations, but the implementation of the Non-SOLAS Security Guidelines at the national level remains at the discretion of each state.211 7.3 Guidelines for the development of national maritime security legislation In 2006, the MSC, at its eighty-second session, agreed to recommend the inclusion, as a high-level action, of the development of model legislation for maritime security,212 but it pointed out that such model legislation for maritime security would have to be flexible enough to take into account the diversity of legal systems and the legal status of the operators of port facilities (i.e. state-owned or private port facilities).213 The MSC noted that the on-site visits conducted by the UNSC Counter-Terrorism Committee in relation to the implementation of the provisions of UNSC Resolution 1373 of 2001214 had revealed in a significant number of cases that the required national legislation implementing the provisions of the ISPS Code and Chapter XI-2 of the SOLAS Convention ‘was either absent or inadequate or was based or dependant [sic] on national laws which, in some cases, were enacted at the beginning of the 1900s’.215 It was agreed that with a view of assisting contracting states to the SOLAS Convention in order to improve the situation, model legislation would be very useful.216 It was recommended that such work should be undertaken by the IMO Secretariat.217 Accordingly, subsequent to the eighty-fifth session of the MSC, the IMO Secretariat drafted model legislation for maritime security, but it was not promoted by the IMO because it was considered that a single piece of model legislation could not accommodate the diversity and complexity of legal regimes of the SOLAS Convention contracting states.218 Instead, it was considered more appropriate to prepare the Guidelines for the Development of National Maritime Security Legislation (the Guidelines), which would assist states to develop national legislation according to their specific needs.219

211 IMO, Non-Mandatory Guidelines on Security Aspects (n 202) 1. 212 IMO, Report of the Maritime Safety Committee on Its Eighty-Fourth Session, MSC, 84th Session, Agenda Item 24, IMO Doc MSC 84/24 (23 May 2008) 25. 213 Ibid. See also IMO, Measures to Enhance Maritime Security: Development of Model Legislation on Maritime Security, MSC, 84th Session, Agenda Item 4, IMO Doc MSC 84/4/4 (5 March 2008) 3. 214 UNSC Resolution 1373, UN Doc S/RES/1373 (28 September 2001). 215 IMO, Report of the Maritime Safety Committee on Its Eighty-Fifth Session, MSC, 85th Session, Agenda Item 26, IMO Doc MSC 85/26 (19 December 2008) 27. 216 Ibid. 217 IMO, Measures to Enhance Maritime Security: Guidelines for the Development of National Maritime Security Legislation, Submitted by Canada, Guyana, Japan, the Marshall Islands, Peru, the Philippines, Saint Kitts and Nevis, Senegal, the United Republic of Tanzania, and the United States, MSC, 93rd Session, Agenda Item 4, IMO Doc MSC 93/4 (11 February 2014). 218 Ibid. annex (‘Guidelines for the Development of National Maritime Security Legislation’). 219 Ibid.

282

POST-9/11 INTERNATIONAL LEGAL RESPONSES

The draft Guidelines were submitted to the MSC for consideration at its ninetythird session in May 2014.220 These Guidelines are intended to address the requirements of the ISPS Code and the SOLAS Convention. To an extent, these Guidelines indirectly address the security of offshore oil and gas installations. Offshore installations are mentioned in paragraph 1.3 dealing with application of the legislation and paragraph 5.1.4 which sets out a long range of powers of law enforcement officers relating to safeguarding offshore installations against unlawful interferences. The MSC recalled its discussions on the need for SOLAS Convention contracting states to enact national legislation that gave effect to the provisions of the ISPS Code and Chapter XI-2 of the SOLAS Convention.221 It was generally agreed by the MSC that the draft Guidelines would serve as a tool for states in drafting national legislation to give effect to the ISPS Code and Chapter XI-2 of the SOLAS Convention.222 However, the MSC concluded ‘that further work on the guidelines was necessary to reflect the rationale behind their provisions and that further benefits might be expected by adding advice on how the provisions could be incorporated into domestic legislation’, and that the voluntary nature of the draft Guidelines should be emphasised by adding text to that effect.223 The correspondence group on maritime security, coordinated by the US, was established to review and finalise the draft Guidelines, taking into account the MSC’s comments.224 At the ninetyfourth session of the MSC, in November 2014, some concerns and queries were expressed by the delegates and the MSC concluded that further work was needed to finalise the Guidelines and the correspondence group was reconstituted to review and finalise the draft guidelines.225 7.4 Extension of safety zones around offshore installations As discussed in Chapter 6, Article 60(5) of the LOSC provides that safety zones around offshore installations must be limited to 500 metres in breadth unless a larger distance is authorised by generally accepted international standards or recommended by the ‘competent international organization’, which is the IMO. The LOSC authorises the IMO to make recommendations relating to the establishment of safety zones larger than 500 metres around offshore installations in the EEZ.226 Between 2008 and 2010, the IMO was considering the issue of extension of the safety zones to more than 500 metres around offshore installations.227 In 2008, Brazil 220 IMO, Report of the Maritime Safety Committee on Its Ninety-Third Session, MSC, 93rd Session, Agenda Item 22, IMO Doc MSC 93/22 (30 May 2014) 21. 221 Ibid. 222 Ibid. 223 Ibid. 22. 224 Ibid. 225 IMO, Report of the Maritime Safety Committee on Its Ninety-Fourth Session, MSC, 94th Session, Agenda Item 21, IMO Doc MSC 94/21 (26 November 2014) 19. 226 LOSC art 60(5). 227 IMO, ‘Sub-Committee on Safety of Navigation (NAV), 55th Session: 27–31 July 2009’ (31 July 2009) www.imo.org/en/MediaCentre/MeetingSummaries/NCSR/Pages/NAV-55th-session.aspx accessed 1 December 2015.

283

POST-9/11 INTERNATIONAL LEGAL RESPONSES

and the US proposed to the IMO that comprehensive guidelines be developed for the assessment of requests for safety zones larger than 500 metres around offshore installations in the EEZ, and provided an example of such guidelines.228 This issue was included as a high priority item in the work programme of the NAV.229 A correspondence group was established to develop relevant IMO guidelines for recommending safety zones larger than 500 metres around offshore installations in the EEZ (including multiple structure installations) because there are currently no international standards to assess the requests by states to the IMO to recommend safety zones larger than 500 metres.230 It is important to note that the development of guidelines for consideration of requests for extension of the breadth of safety zones around installations was contemplated in the context of safety rather than security.231 However, the guidelines were ultimately not adopted nor developed, partly because there had been views that increasing the breadths of safety zones might in fact degrade navigation safety around multiple installations instead of improving it,232 but mainly because it was felt that there was no demonstrated need to establish safety zones larger than 500 metres.233 Instead of developing the guidelines for considering requests of safety zones larger than 500 metres, in 2010 the NAV prepared a draft circular containing Guidelines for Safety Zones and Safety of Navigation around Offshore Installations and Structures, which was submitted to the MSC for adoption and circulation to the IMO member-states.234 The guidelines are aimed at increasing awareness of the availability and best use of existing routeing measures to prevent serious damage to installations or to the marine environment in the event of a collision.235 To date, no other maximum distance (i.e. other than 500 metres) has been agreed by the international community, and the IMO has not made any official recommendations in that regard, but it was recognised that the need for extension of safety zones beyond 500 metres might be necessary in the future.236 It is apparent from the IMO’s discussions that any future recommendations on the extension of safety zones would be done on a case-by-case basis for each individual installation upon request of the coastal state, and not as a

228 IMO, Development of Guidelines for Consideration of Requests for Safety Zones Larger than 500 metres Around Artificial Islands, Installations and Structures in the Exclusive Economic Zone, Submitted by the United States and Brazil, MSC, 84th Session, Agenda Item 22, IMO Doc MSC 84/22/4 (4 February 2008). 229 IMO, Report of the Maritime Safety Committee on Its Eighty-Fourth Session, MSC, 84th Session, Agenda Item 24, IMO Doc MSC 84/24 (23 May 2008) 106. 230 IMO, ‘NAV Progresses E-navigation Strategy’ (2009) 4 IMO News 8, 10. 231 IMO, Report to the Maritime Safety Committee, NAV, 56th Session, Agenda Item 20, IMO Doc NAV 56/20 (31 August 2010) 14. 232 IMO, Guidelines for Consideration of Requests for Safety Zones Larger Than 500 Metres Around Artificial Islands, Installations and Structures in the EEZ, NAV, 56th Session, Agenda Item 4, IMO Doc NAV 56/4/1 (4 June 2010) 2. 233 IMO, Report to the Maritime Safety Committee (n 231) 14–17. 234 Ibid. annex 6. 235 IMO, ‘Sub-Committee on Safety of Navigation (NAV), 56th Session: 26–30 July 2010’ (30 November 2010) www.imo.org/en/MediaCentre/MeetingSummaries/NCSR/Pages/NAV-56.aspx accessed 1 December 2015. 236 IMO, Report to the Maritime Safety Committee (n 231) 16.

284

POST-9/11 INTERNATIONAL LEGAL RESPONSES

general recommendation for all offshore installations in the EEZ. 237 When the international community determines that it is necessary to allow the extension of the breadth of safety zones around all offshore installations in general, it would need to be done as an amendment to the LOSC or through state practice as part of the development of customary international law. 7.5 Security training of seafarers and offshore personnel In May 2006, the IMO amended the International Convention on Standards of Training, Certification and Watchkeeping for Seafarers 1978 (STCW Convention)238 and the Seafarers’ Training, Certification and Watchkeeping Code (STCW Code)239 to cover new minimum mandatory training and certifications requirements for SSOs, including requirements for the issue of certificates of proficiency for SSOs, specifications of minimum standards of proficiency for SSOs, and training for SSOs.240 While the then IMO Sub-Committee on Standards of Training and Watchkeeping (STW) was preparing to make further major amendments to the STCW Convention and the STCW Code, as an interim measure, the MSC, in its eighty-third session in October 2007, approved Guidelines on Security-Related Training and Familiarization for Shipboard Personnel for seafarers employed or engaged on ships that are required to comply with Chapter XI-2 of the SOLAS Convention and the ISPS Code, and disseminated them in an MSC circular.241 In June 2010, the STCW Convention and STCW Code were again amended to bring them up to date with the latest developments. The 2010 amendments included new requirements for security training and provisions for training of seafarers for coping with piracy attacks.242 Regulation VI/6 of the STCW Convention, which took effect on 1 January 2014, requires all seafarers on ships that are subject to the ISPS Code to have received security related training relevant to their assigned duties on board.243 These requirements also apply to personnel on board offshore installations

237 See ibid. 14–17. 238 International Convention on Standards of Training, Certification and Watchkeeping for Seafarers 1978, opened for signature 1 December 1978, 1361 UNTS 2, (entered into force 28 April 1984) (‘STCW Convention’). 239 Seafarers’ Training, Certification and Watchkeeping Code, adopted 7 July 1995, (entered into force 1 February 1997) (‘STCW Code’) reproduced in IMO, Seafarers’ Training, Certification and Watchkeeping (STCW) Code, STCW, IMO Doc STCW.6/Circ.1 (24 July 1995). 240 IMO, The Manila Amendments to the Seafarers’ Training, Certification and Watchkeeping (STCW) Code, Conference of Parties to the International Convention on Standards of Training, Certification and Watchkeeping for Seafarers, 1978, Resolution 2, Attachment 2 to the Final Act of the Conference, Agenda Item 10, IMO Doc STCW/CONF.2/34 (1 August 2010). 241 IMO, Guidelines on Security-Related Training and Familiarization for Shipboard Personnel, IMO Doc MSC.1/Circ.1235 (21 October 2007). 242 IMO, ‘STCW Manila Seafarer Training Amendments Enter Into Force on 1 January 2012’ (23 December 2011) www.imo.org/MediaCentre/PressBriefings/Pages/67-STCW-EIF.aspx#.VM2cli5a0SJ accessed 1 December 2015. 243 IMO, The Manila Amendments to the Annex of the International Convention on Standards of Training, Certification and Watchkeeping for Seafarers (STCW), 1978, Conference of Parties to the International Convention on Standards of Training, Certification and Watchkeeping for Seafarers, 1978, Resolution 1, Attachment 1 to the Final Act of the Conference, Agenda Item 10, IMO Doc STCW/CONF.2/33 (1 July 2010).

285

POST-9/11 INTERNATIONAL LEGAL RESPONSES

that are covered by the ISPS Code such as MODUs when they are engaged on international voyages. They cover security-related familiarisation training, security awareness training for seafarers without designated security duties and security training for seafarers with designated security duties.244 The IMO also developed new recommendations relating to security training of offshore personnel working on mobile offshore units (MOUs). In December 2013, the IMO adopted Resolution A.1079(28) on Recommendations for the Training and Certification of Personnel of Mobile Offshore Units (Recommendations).245 IMO Resolution A.1079(28) revoked Resolution A.891(21) of 2000, which did not have any specific provisions relating to security training.246 The Recommendations ‘provide an international standard for training for all personnel on mobile offshore units aimed at ensuring adequate levels of safety of life and property at sea, security awareness, and protection of the marine environment’.247 These Recommendations are non-mandatory and are without prejudice to the right of coastal states, under international law, to impose their own requirements relating to training, qualifications and certifications of personnel on board MOUs, which includes all types of mobile offshore installations.248 The Recommendations prescribe different kinds and levels of training for offshore personnel depending on the nature of their assigned duties and functions. For practical reasons, offshore personnel are divided into four categories: a) visitors and special personnel not regularly assigned who are on board for a limited period of time, in general not exceeding three days, and who have no tasks in relation to the normal operations of the MOU; b) other special personnel without designated responsibility for the safety, security and survival of others; c) regularly assigned special personnel with designated responsibility for the safety, security and survival of others; and d) maritime crew members.249 The Recommendations address requirements for specialised training, knowledge and qualifications of offshore personnel.250 The Recommendations also contain guidance on drills and exercises.251 Although these Recommendations are non-mandatory, they promote security awareness and security culture within the offshore petroleum industry and contribute to the protection of offshore installations. The analysis of the international legal framework has thus far focused on the LOSC framework and other pre-9/11 and post-9/11 legal instruments and regulatory

244 Ibid.; St Vincent and the Grenadines Government, St Vincent and the Grenadines Maritime Administration, Security Related Training and Instruction for Seafarers (STCW Regulation VI/6), Circular No STCW 005 (29 October 2013). 245 IMO, Recommendations for the Training and Certification of Personnel on Mobile Offshore Units (MOUs), A Res 1079(28), 28th Session, Agenda Item 10, IMO Doc A 28/Res.1079 (27 March 2014). 246 See IMO, Recommendations on Training of Personnel on Mobile Offshore Units (MOUs), A Res 891(21), 21st Session, Agenda Item 9, IMO Doc A 21/Res.891 (4 February 2000) annex. 247 IMO, Recommendations for the Training and Certification (n 245) 3. 248 Ibid. 249 Ibid. 7. 250 Ibid. 19–39. Key personnel on mobile offshore installations include OIM, barge supervisor, ballast control operator, maintenance supervisor. 251 IMO, Recommendations for the Training and Certification (n 245) 41–44.

286

POST-9/11 INTERNATIONAL LEGAL RESPONSES

initiatives for maritime security. As noted by Williams, in the post-9/11 maritime security environment, creeping maritime security jurisdiction has provided coastal states with ‘substantial latitude to take security measures in their EEZ in the name of national security, based on national laws or customary international law’.252 The analysis has not yet considered the application of the universally recognised right of self-defence for the protection of offshore oil and gas installations.253 The next section will discuss the parameters of the right of self-defence and analyse how coastal states may rely on the right of self-defence to protect their offshore installations from an attack by other states or non-state actors. 8 The right of self-defence and offshore installations The international legal rules relating to the lawful use of force are based on the principles set out in the UN Charter and customary international law.254 The UN Charter prohibits the threat or use of force against the territorial integrity or political independence of any state.255 However, recognising the inherent right of any state to protect itself from an attack, the use of force in self-defence is permitted under international law. The right of self-defence is codified in Article 51 of the UN Charter, which states: Nothing in the present Charter shall impair the inherent right of individual or collective self-defense if an armed attack occurs against a Member of the United Nations, until the Security Council has taken the measures necessary to maintain international peace and security. Measures taken by Members in the exercise of this right of self-defense shall be immediately reported to the Security Council and shall not in any way affect the authority and responsibility of the Security Council under the present Charter to take at any time such action as it deems necessary in order to maintain or restore international peace and security.256

In examining Article 51 of the UN Charter, several points can be noted. First, the UN Charter recognises that right of self-defence is the ‘inherent right’.257 Second,

252 Simon Williams, ‘Offshore Installations: Practical Security and Legal Considerations’ (Center for International Maritime Security, 11 October 2013) [24] http://cimsec.org/offshore-installations-practicalsecurity-legal-considerations/ accessed 1 December 2015. 253 However, the right of self-defence existed in international law prior to 9/11. 254 Natalie Klein, Maritime Security and the Law of the Sea (Oxford University Press 2011) 262. 255 Article 2(4) of the UN Charter provides: All Members shall refrain in their international relations from the threat or use of force against the territorial integrity or political independence of any state, or in any other manner inconsistent with the Purposes of the United Nations.

256 UN Charter art 51 (emphasis added). 257 The term ‘inherent right’ is most commonly understood as the right derived from the customary international law that existed prior to the adoption of the UN Charter, and it reflects the ‘intention to preserve the existing customary international law at the time of drafting [the UN Charter]’: David Sadoff, ‘A Question of Determinancy: The Legal Status of Anticipatory Self-Defense’ (2009) 40(2) Georgetown Journal of International Law 523, 535, 549, citing Leo Van den Hole, ‘Anticipatory Self-Defence under International Law’ (2003) 19(1) American University International Law Review 69, 78–79; Hilaire McCoubrey and Nigel White, International Law and Armed Conflict (Dartmouth 1992) 89.

287

POST-9/11 INTERNATIONAL LEGAL RESPONSES

the right of self-defence may be exercised on either an ‘individual or collective’ basis.258 Third, there must have been an ‘armed attack’ against the state claiming to have acted in self-defence. In essence, under the right of self-defence, a state may lawfully use force in response to an armed attack against it.259 However, the exact nature, scope and limits of this right are still the subject of much debate.260 The issue of self-defence was dealt with by the ICJ in the Oil Platforms (Islamic Republic of Iran v United States of America).261 The Oil Platforms case was brought before the Court by Iran on the basis of a dispute arising from the attacks on and destruction of Iranian offshore petroleum installations in the Persian Gulf on 19 October 1987 and 18 April 1988.262 Iran claimed that the attacks by the US were in violation of international law. The US argued that these attacks were legitimate acts of self-defence, claiming that the attack on Reshadat offshore complex was in response to Iran’s missile strike on the US-flagged Kuwaiti oil tanker Sea Isle City and the attacks on Salman and Nasr offshore oil complexes were in response to damage caused to US frigate Samuel B Roberts when it struck a mine, allegedly belonging to Iran, in international waters, as well as several other attacks and provocative actions allegedly carried out by Iran.263 In the Oil Platforms case, the ICJ had to address the lawfulness of the action taken by the US against Iran’s offshore installations ‘in order to assess if these attacks were justified as acts of legitimate self-defence in response to what the United States had regarded as armed attacks by Iran’.264 The Court considered whether the US ‘had met the conditions under which it is permissible for a state to resort to force

258 Collective self-defence involves a situation where a state that is a victim of an armed attack requests assistance from a third state in responding to that armed attack. The third state need not be under threat itself: Nicaragua [1986] ICJ Rep 14, para 232, cited in Klein (n 254) 271. 259 The right of self-defence is an exception to the general prohibition on the threat or use of force in Article 2(4) of the UN Charter: Assaf Harel, ‘Preventing Terrorist Attacks on Offshore Platforms: Do States Have Sufficient Legal Tools?’ (2013) 4(1) Harvard National Security Journal 131, 159. 260 Natalia Ochoa-Ruiz and Esther Salamanca-Aguado, ‘Exploring the Limits of International Law Relating to the Use of Force in Self-Defence’ (2005) 16(3) European Journal of International Law 499, 499. For further discussion on the right of self-defence see, e.g. Natalino Ronzitti, ‘The Expanding Law of Self-Defense’ (2006) 11(3) Journal of Conflict and Security Law 343; Terry Gill, ‘The Temporal Dimension of Self-Defence: Anticipation, Pre-emption, Prevention and Immediacy’ (2006) 11(3) Journal of Conflict and Security Law 361; Amos Guiora, ‘Anticipatory Self-Defence and International Law – A Re-Evaluation’ (2008) 13(1) Journal of Conflict and Security Law 3; Donald Rothwell, ‘Anticipatory SelfDefence in the Age of Terrorism’ (2005) 24(2) University of Queensland Law Journal 337; Michael Glennon, ‘The Fog of Law: Self-Defense, Inherence, and Incoherence in Article 51 of the United Nations Charter’ (2001–2002) 25(2) Harvard Journal of Law & Public Policy 539; Sadoff (n 257); Mary Ellen O’Connell, ‘Lawful Self-Defense to Terrorism’ (2002) 63(4) University of Pittsburgh Law Review 889; Tarcisio Gazzini, ‘The Rules on the Use of Force at the Beginning of the XXI Century’ (2006) 11(3) Journal of Conflict and Security Law 319; Harel (n 259); Klein (n 254) 258–76; Noam Lubell, Extraterritorial Use of Force Against Non-State Actors (Oxford University Press 2011) 25–68. 261 Oil Platforms (Islamic Republic of Iran v United States of America)(Judgment) [2003] ICJ Rep 161 (Oil Platforms). 262 For further details on the attacks on Iranian offshore installations see Appendix. 263 See Andrew Garwood-Gowers, ‘Case Note: Case Concerning Oil Platforms (Islamic Republic of Iran v United States of America) – Did the ICJ Miss the Boat on the Law on the Use of Force?’ (2004) 5(1) Melbourne Journal of International Law 241, 243. See also Oil Platforms [2003] ICJ Rep 161; Klein (n 254) 264–65. 264 Ochoa-Ruiz and Salamanca-Aguado (n 260) 510.

288

POST-9/11 INTERNATIONAL LEGAL RESPONSES 265

in self-defence’ and, in doing so, the ICJ largely relied on its own jurisprudence on this matter ‘established in the Nicaragua case and confirmed in its Advisory Opinion on the Legality of the Threat of Use of Nuclear Weapons’.266 The ICJ reaffirmed the requirement that in order for an action to be justified as one taken in self-defence, the state taking the action must have been a victim of ‘armed attack’ as provided for in Article 51 of the UN Charter.267 To establish that these actions were legally justified, the Court required the US to show that attacks had been made upon it for which Iran was responsible; and that those attacks were of such a nature as to be qualified as ‘armed attacks’ within the meaning of that expression in Article 51 of the United Nations Charter, and as understood in customary law on the use of force.268

The question of what conduct constitutes an ‘armed attack’ becomes of critical importance. In addition, the ICJ in the Oil Platforms case required the US to demonstrate ‘that its actions were necessary and proportional to the armed attack made on it’.269 8.1 Conduct constituting an ‘armed attack’ The requirement that there must be an ‘armed attack’ is one of the key aspects of the right of self-defence. Therefore, it is crucial to determine what type of conduct constitutes an ‘armed attack’ within the meaning of Article 51 of the UN Charter. Dinstein has stated that ‘[t]he expression “armed attack” denotes the illegal use of armed force (i.e., recourse to violence) against a State’.270 However, the difficulty with determining what conduct constitutes an armed attack is that there is no generally accepted definition of ‘armed attack’ .271 Despite the prohibition on the threat and use of force in Article 2(4) of the UN Charter and Article 301 of the LOSC, not all uses of force (and even less so threats of force) can be equated to an ‘armed attack’ giving rise to the right of selfdefence.272 This means that not every unlawful use of force will trigger the right of self-defence. Klein has argued that ‘[t]he dividing line between threats or uses of force and armed attacks is unclear, as is the line between “shows of force” and “gun boat diplomacy” and threats or uses of force.’273 However, the categorisation

265 Ibid. 266 Ibid., citing Nicaragua [1986] ICJ Rep 14 and Legality of the Threat or Use of Nuclear Weapons (Advisory Opinion) [1996] ICJ Rep 226 (‘Nuclear Weapons’), paras 40–44. 267 Oil Platforms [2003] ICJ Rep 161, 6. See also James Green, ‘The Oil Platforms Case: An Error in Judgment?’ (2004) 9(3) Journal of Conflict and Security Law 357, 361. 268 Oil Platforms [2003] ICJ Rep 161, para 51. 269 Ibid. 270 Yoram Dinstein, ‘Computer Network Attacks and Self-Defence’ (2002) 76 International Law Studies 99, 100. 271 Ochoa-Ruiz and Salamanca-Aguado (n 260) 512. 272 As noted by Klein, ‘[i]n Nicaragua, the ICJ drew a distinction between the threat or use of force on one hand, and armed attacks on the other’ because only the latter justifies the exercise of the right of self-defence: Klein (n 254) 263, citing Nicaragua [1986] ICJ Rep 14. 273 Klein (n 254) 260.

289

POST-9/11 INTERNATIONAL LEGAL RESPONSES

of particular acts as a threat or use of force or as an armed attack is important ‘because it determines the lawful response of the victim state’.274 In Nicaragua, the Court referred to ‘measures which do not constitute an armed attack but may nevertheless involve a use of force’,275 and distinguished ‘the most grave forms of the use of force (those constituting an armed attack) from other less grave forms’.276 To draw the line between ‘armed attacks’ and less grave forms of the use of force, ‘the Court followed the criteria of the scale and effects of the attacks’.277 In that regard, the Court stated: in customary law, the prohibition of armed attacks may apply to the sending by a State of armed bands to the territory of another State, if such an operation, because of its scale and effects, would have been classified as an armed attack rather than as a mere frontier incident had it been carried out by regular armed forces. But the Court does not believe that the concept of ‘armed attack’ includes not only acts by armed bands where such acts occur on a significant scale but also assistance to rebels in the form of the provision of weapons or logistical or other support. Such assistance may be regarded as a threat or use of force, or amount to intervention in the internal or external affairs of other States.278

Dinstein rejected this distinction between actions of particular ‘scale and effect’ and ‘mere frontier incident[s]’ arguing: unless the scale and effects are trifling, below the de minimis threshold, they do not contribute to a determination whether an armed attack has unfolded. There is certainly no cause to remove small-scale armed attacks from the spectrum of armed attacks.279

Schmitt agreed that in the context of inter-state hostilities, Dinstein’s ‘rejection of the Court’s position that violence must rise above a certain level’ appears to be appropriate.280 This distinction between armed attacks justifying resort to force in self-defence and less grave forms of uses of force and acts of violence was expressly recalled by the ICJ in the Oil Platforms case.281 According to Dinstein, an ‘armed attack’ ‘presupposes a use of force producing (or liable to produce) serious consequences, epitomized by territorial intrusions, human casualties or considerable destruction of property’,282 but the exact scale or effect required for a conduct to be regarded as an ‘armed attack’ is difficult to judge.283 In Oil Platforms, the Court did ‘not exclude

274 Ibid. 270. 275 Nicaragua [1986] ICJ Rep 14, 110. See Klein (n 254) 263, n 33. 276 Ibid. 277 Ochoa-Ruiz and Salamanca-Aguado (n 260) 511, citing Nicaragua [1986] ICJ Rep 14, para 195. 278 Nicaragua [1986] ICJ Rep 14, para 195 (emphasis added). 279 Yoram Dinstein, War, Aggression and Self-Defence (4th edn, Cambridge University Press 2005), quoted in Michael Schmitt, ‘Responding to Transnational Terrorism Under the Jus ad Bellum: A Normative Framework’ (2008) 56(1) Naval Law Review 1, 14. 280 Schmitt describes an armed attack as ‘an intentional military attack or other intentional act resulting in, or designed to result in, immediate violent consequences (such as a computer network attack causing physical damage)’: Schmitt, ‘Responding to Transnational Terrorism’ (n 279) 14, n 60. 281 Oil Platforms [2003] ICJ Rep 161, paras 51, 71. 282 Dinstein, War, Aggression and Self-Defence (n 279) 193, quoted in Klein (n 254) 264. 283 Klein (n 254) 264.

290

POST-9/11 INTERNATIONAL LEGAL RESPONSES

the possibility that the mining of a single military vessel might be sufficient to bring into play the “inherent right of self-defence”’.284 The Oil Platforms case examined what conduct would constitute an armed attack in the maritime context.285 The Court concluded that the missile attack on the Sea Isle City together with the purported series of other attacks allegedly carried out by Iranian armed forces,286 did not amount to an ‘armed attack’ justifying resort to force in self-defence.287 The Court further concluded that ‘[e]ven taken cumulatively . . . these incidents do not seem to the Court to constitute an armed attack on the United States, of the kind that the Court, in the [Nicaragua case], qualified as a “most grave” form of the use of force’.288 Klein had noted that the two key points that may be drawn from this conclusion are that ‘there is an emphasis that the armed attack must clearly be targeted against the state that acts in individual self-defence [and that] the particular acts in question’,289 namely mining of commercial and naval ships and firing on naval helicopters, ‘were not grave enough’ to be considered as ‘armed attacks’ giving rise to the right of self-defence.290 The Oil Platforms case has shown that the threshold to establish the existence of an armed attack is quite high,291 making it more difficult for states to justify the use of force in self-defence. The ICJ in Oil Platforms has indicated that a single attack on a merchant ship is unlikely to constitute an armed attack, whereas a single attack on a warship may amount to an armed attack.292 However, in referring to the series of acts alleged by the US, the Court appears to have accepted the notion that a number of small attacks and/or incidents may cumulatively amount to an armed attack, if they are sufficiently grave.293 The ICJ’s decisions in Oil Platforms, Nicaragua and Land and Maritime Boundary between Cameroon and Nigeria (Cameroon v Nigeria)294 tend to support the view that an accumulation of different events could constitute an ‘armed attack’.295 The Oil Platforms decision has been criticised for several reasons, particularly because it limited the means by which states may respond to attacks including terrorist attacks, and because it ‘arguably removed any exercise of discretion for decision-makers in determining when to resort to force’,296

284 Oil Platforms [2003] ICJ Rep 161, paras 71–72. 285 Klein (n 254) 264. 286 For details of these additional attacks see Oil Platforms [2003] ICJ Rep 161, para 64. 287 Ochoa-Ruiz and Salamanca-Aguado (n 260) 512. 288 Oil Platforms [2003] ICJ Rep 161, para 64. 289 Klein (n 254) 265. 290 Ibid. This determination by the Court that the mining of ships and fining on naval helicopters were not ‘grave’ enough to be considered as armed attacks within the meaning of Article 51 of the UN Charter has been criticised for applying the standard considered in Nicaragua case in a different context: at 266, citing Dominic Raab, ‘“Armed Attack” After the Oil Platforms Case’ (2004) 17(4) Leiden Journal of International Laew 719, 728. 291 Klein (n 254) 270. 292 Ibid. 293 Raab (n 290) 732. 294 Land and Maritime Boundary between Cameroon and Nigeria (Cameroon v Nigeria)(Merits) [2002] ICJ Rep 303 (‘Cameroon v Nigeria’). 295 Klein (n 254) 266–67, citing Christine Cray, International Law and the Use of Force (2nd edn, Oxford University Press 2004) 125–26. 296 Klein (n 254) 267.

291

POST-9/11 INTERNATIONAL LEGAL RESPONSES

applied the standard considered in the Nicaragua case in a different context and because it extended the Court’s reasoning in Nicaragua without justification.297 The ability of coastal states to resort to force in self-defence in response to ‘armed attacks’ of other states is not questioned, but the issue is whether coastal states can justify the use of force against non-state actors in self-defence to respond to (or prevent) attacks on offshore petroleum installations by non-state actors.298 The answer to this question depends on whether an attack by non-state actors can be considered an ‘armed attack’ within the meaning of Article 51 of the UN Charter. 8.1.1 Attacks by non-state actors as ‘armed attacks’ Traditionally, the right of self-defence was concerned with responses to attacks carried out by states and that was the generally accepted interpretation for many years.299 Applying the law of self-defence to attacks by non-state actors might seem problematic. In Legal Consequences of the Construction of a Wall in the Occupied Palestinian Territories, the ICJ stated that to fall under the law of self-defence an armed attack should be attributable to a state.300 However, this position of the ICJ has not been without criticism.301 A number of commentators have argued that Article 51 of the UN Charter makes no mention that the attack must be carried out by a state to trigger the right of self-defence.302 Ronzitti argues that Article 51 of the UN Charter should not be interpreted in a narrow way.303 State practice in recent decades, especially after 9/11, indicates that the right of self-defence may also be invoked in response to armed attacks by non-state actors.304 The 9/11 terrorist attacks qualified as an ‘armed attack’ that triggered the right of self-defence and allowed the US to respond with force. 305 UNSC Resolutions 1368 and 1373 of 2001 both recognised and reaffirmed the ‘inherent right of individual

297 Ibid. 266–67, citing Gregory Maggs, ‘The Campaign to Restrict the Right to Respond to Terrorist Attacks in Self-Defence Under Article 51 of the UN Charter and What the United States Can Do About It’ (2006) 4 Regent Journal International Law 149; David Kaye, ‘Adjudicating Self-Defense: Discretion, Perception, and the Resort to Force in International Law’ (2005) 44(1) Columbia Journal of Transnational Law 134, 138–40; Raab (n 290) 725; William Taft, ‘Self-Defense and the Oil Platforms Decision’ (2004) 29(2) Yale Journal of International Law 295, 301–302. See also Djamchid Momtaz, ‘Did the Court Miss as Opportunity to Denounce the Erosion of the Principle Prohibiting the Use of Force’ (2004) 29(2) Yale Journal of International Law 307; Harvey Rishikof, ‘When Naked Came the Doctrine of Self-Defense: What Is the Proper Role of the International Court of Justice in Use of Force Cases’ (2004) 29(2) Yale Journal of International Law 331; Jorg Kammerhofer, ‘Oil’s Well that Ends Well? Critical Comments on the Merits Judgement in the Oil Platforms Case’ (2004) 17(4) Leiden Journal of International Law 695. 298 As discussed in Chapter 3, ‘non-state actors’ are individuals or groups who are not acting on behalf or under control of a state. See generally Lubell (n 260) 14–20. 299 Ronzitti, ‘The Expanding Law of Self-Defense’ (n 260) 349. 300 Legal Consequences of the Construction of a Wall in the Occupied Palestinian Territories (Advisory Opinion) [2004] ICJ Rep 136, para 139 (‘Wall ’). 301 See, e.g. Wall [2004] ICJ Rep 136, para 33 (Higgins J). 302 See, e.g. Schmitt, ‘Responding to Transnational Terrorism’ (n 279) 11; Ronzitti, ‘The Expanding Law of Self-Defense’ (n 260) 348; Lubell (n 260) 31; Wall [2004] ICJ Rep 136, para 33 (Higgins J). 303 Ronzitti, ‘The Expanding Law of Self-Defense’ (n 260) 348 (further arguing that ‘[a] subject of international law is entitled to react in self-defence even though the armed attack is coming from a nonState entity’). 304 Schmitt, ‘Responding to Transnational Terrorism’ (n 279) 8–9, 11–12. 305 Ronzitti, ‘The Expanding Law of Self-Defense’ (n 260) 348.

292

POST-9/11 INTERNATIONAL LEGAL RESPONSES

and collective self-defence’.306 The US military intervention in Afghanistan in the aftermath of 9/11 was an assertion of the right of self-defence.307 Following the 9/11 attacks the ‘controversy on whether an armed attack by non-state actors was envisaged under Article 51 had been settled by international practice’.308 The international law has developed in such a way as to recognise the threats posed by non-state actors.309 It is now accepted that ‘an armed attack may include attacks against a state by non-state actors’.310 However, Schmitt has noted that the ‘scale and effect’ criterion adopted by the ICJ in Nicaragua makes sense in the case of attacks by non-state actors because a robust law enforcement framework already exists for dealing with minor attacks by non-state actors.311 8.1.2 Kinetic attacks on offshore installations as ‘armed attacks’ In the context of offshore installations security, the question arises whether an attack on an offshore oil and gas installation would constitute an ‘armed attack’ within the meaning of Article 51 of the UN Charter. The decision in Oil Platforms suggests that a single attack on a merchant vessel will not necessarily be considered an armed attack.312 In that vein, it can be argued that a single attack on an offshore installation would not constitute an armed attack. The Oil Platforms decision has been criticised for setting the threshold of armed attack too high. It may also be argued that in some cases an attack on an offshore oil and gas installation may be regarded as an ‘armed attack’ if the effects of the attack are sufficiently grave including human casualties and significant damage to property.313 Kaye argues that a coastal state can respond to an attack against an offshore installation on its continental shelf by way of the right of self-defence, which could include the use of force against individuals who participated in an attack on the offshore installation.314 The determination of whether an attack on an offshore

306 UNSC Resolution 1368, UN Doc S/RES/1368 (12 September 2001) preamble; UNSC Resolution 1373, UN Doc S/RES/1373 (28 September 2001) preamble. Cf. Wall [2004] ICJ Rep 136, 194 (where the ICJ, held that Article 51 of the UN Charter may not be invoked in response to an armed attack that cannot be attributed to a state). 307 Kaye, ‘International Measures to Protect Oil Platforms’ (n 112) 414, citing UN, ‘Secretary-General Repeats Call for Global Response to Terrorism, Urging Moral Struggle Against “an Evil That Is Anathema to All Faiths”’, Press Release, UN Doc SG/SM/8013 (6 November 2001). 308 Klein (n 254) 268, citing Dinstein, War, Aggression and Self-Defence (n 279) 206–207; Harel (n 259) 159. 309 Lubell (n 260) 63. 310 Klein (n 254) 268, citing Wolff Heintschel von Heinegg, ‘Current Legal Issues in Maritime Operations: Maritime Interception Operations in the Global War on Terrorism, Exclusion Zones, Hospital Ships and Maritime Neutrality’ (2006) 80 International Law Studies 207, 209. See also Harel (n 259) 159; Thomas Franck, ‘Editorial Comments: Terrorism and the Right of Self-Defense’ (2001) 95(4) American Journal of International Law 839, 840; Christopher Greenwood, ‘International Law and the Pre-emptive Use of Force: Afghanistan, Al-Qaida, and Iraq’ (2003) 4 San Diego International Law Journal 7, 17; Jordan Paust, ‘Use of Armed Force Against Terrorists in Afghanistan, Iraq, and Beyond’ (2002) 35(3) Cornell Internatyional Law Journal 533, 533–34; Lubell (n 260) 29–30. 311 Schmitt, ‘Responding to Transnational Terrorism’ (n 279) 14. 312 Christine Cray, International Law and the Use of Force (2nd edn, Oxford University Press 2004) 118. However, as noted above, the ICJ decision in Oil Platforms has been widely criticised. 313 Dinstein, War, Aggression and Self-Defence (n 279) 193. 314 Kaye, ‘International Measures to Protect Oil Platforms’ (n 112) 413–14, citing Oil Platforms [2003] ICJ Rep 161, paras 75–77.

293

POST-9/11 INTERNATIONAL LEGAL RESPONSES

installation is an ‘armed attack’ would probably depend on specific circumstances and a number of factors such as the attack methods, the perpetrators, and the gravity of consequences. 8.1.3 Cyber attacks on offshore installations as ‘armed attacks’ In this context, a related question pertaining to the security of offshore installations that needs to be addressed is whether a cyber attack by a state or non-state actors can constitute an ‘armed attack’ for the purposes of Article 51 of the UN Charter, and therefore would justify the use of force in self-defence. Clearly, not every cyber attack will constitute an ‘armed attack’, just like not every kinetic attack will constitute an ‘armed attack’.315 Furthermore, it has been argued that ‘[a] strict reading of “armed attack” would confine its meaning to kinetic violence, as opposed to non-physical violence or harm with no physical damage’.316 A more commonly accepted approach for determining when a cyber attack constitutes an armed attack is the effects-based approach, which involves consideration or assessment of gravity of the effects.317 However, even among the proponents of the effects-based approach, there appears to be no consensus about the kinds of effects that can be considered to be of sufficient gravity to qualify as an ‘armed attack’ or about factors that should be considered in measuring gravity of the effects of a cyber attack. Hathaway et al. argue that severity of the harm caused should be the key criterion and that the gravity of effects must be ‘equivalent to those of a conventional armed attack’.318 Dinstein argues: From a legal perspective, there is no reason to differentiate between kinetic and electronic means of attack. A premeditated destructive [cyber attack] can qualify as an armed attack just as much as a kinetic attack bringing about the same or similar results.319

Schmitt argues that the cyber attack ‘must be intended to directly cause physical damage to tangible objects or injury to human beings’.320 These assertions seem to suggest that to qualify as an ‘armed attack’ a cyber attack must (or must be intended to) generate violent physical effects of sufficient gravity.321 Other experts appear to have taken a broader view, arguing that focusing on physical damage and injury is not enough, and that significant disruptions to the 315 It is worth noting that from a legal standpoint, one of the first difficulties arises in relation to the legal meaning or definition of the term ‘cyber attack’. For detailed discussion see of this term see Oona Hathaway, Rebecca Crootof, Philip Levitz, Haley Nix, Aileen Nowlan, William Perdue and Julia Spiegel , ‘The Law of Cyber-Attacks’ (2012) 100(4) California Law Review 817, 823–38. 316 Matthew Waxman, ‘Self-defensive Force Against Cyber Attacks: Legal, Strategic and Political Dimensions’ (2013) 89 International Law Studies 109, 111. 317 Hathaway et al. (n 315) 849. Noting that ‘gravity can be measured by reference to a variety of factors’ and that the problem with the effects-based approach is in articulating in advance what types of effects will justify self-defence: at 849–50. 318 Hathaway et al. (n 315) 843, 850–51. 319 Dinstein, ‘Computer Network Attacks and Self-Defence’ (n 270) 103. 320 Michael Schmitt, ‘Computer Network Attack and the Use of Force in International Law: Thoughts on a Normative Framework’ (1999) 37(3) Columbia Journal of Transnational Law 885, 935. Schmitt proposed six factors by reference to which effects should be measured: severity, immediacy, directness, invasiveness, measurability, and presumptive legitimacy: at 914–15 . 321 Waxman (n 316) 112, citing Dinstein, ‘Computer Network Attacks and Self-Defence’ (n 270).

294

POST-9/11 INTERNATIONAL LEGAL RESPONSES

functioning of critical national infrastructures may be considered to be of sufficient gravity for a cyber attack to qualify as an ‘armed attack’.322 For example, Owens et al. argue that ‘cyberattacks on the controlling information technology for a nation’s infrastructure that had a significant impact on the functioning of that infrastructure (whether or not it caused immediate large-scale death or destruction of property) would be an armed attack’, but they still acknowledged the importance of the ‘scale and effect’ requirement in distinguishing between armed attacks and less grave uses of force.323 Similarly, Roscini argues that a cyber attack should be of the kind that causes material damage to property, loss of life, injury to persons, or severely disrupts the functioning of critical infrastructures, and only if it meets the ICJ’s ‘scale and effect’ threshold.324 However, there are still a number of legal uncertainties when applying international law on the use of force and self-defence to cyber attacks, for example, relating to the attribution of the attacks.325 It can be concluded that some attacks on offshore petroleum installations (kinetic and cyber) by states or non-state actors may be considered armed attacks for the purposes of Article 51 of the UN Charter, if they satisfy the ‘scale and effects’ requirement. In reviewing the data on past attacks on and interferences with offshore installations in light of the judicial decisions and scholarly commentary discussed above, it appears that many of those attacks (e.g. attacks by organised criminal groups) are unlikely to meet the gravity threshold required for an ‘armed attack’,326 and therefore will not justify invoking the right of self-defence by the coastal state. 8.2 The use of self-defence to protect offshore installations For the purposes of protection of offshore installations, the important issue that requires further examination is how a coastal state can lawfully use armed force in self-defence against adversaries who carried out an attack on one of its offshore installations. Equally important, is the question whether and how the right of selfdefence can be used to prevent attacks on offshore installations before they happen. 8.2.1 Lawful exercise of the right of self-defence In addition to the criterion of ‘armed attack’, ‘two fundamental requirements for the lawful exercise of the right of self-defence are necessity and proportionality’.327

322 Waxman (n 316) 112, citing William Owens, Kenneth Dam and Herbert Lin, Technology, Policy, Law, and Ethics Regarding US Acquisition and Use of Cyberattack Capabilities (National Research Council 2009) 253–54. 323 Owens, Dam and Lin (n 322) 254. 324 Marco Roscini, Cyber Operations and the Use of Force in International Law (1st edn, Oxford University Press 2014) 115–16. 325 For example, Blank has noted that ‘[i]n the absence of evidence linking an individual or individuals to a State or a larger, more organized entity, it is unclear whether such an attack falls within the right of self-defense or would remain, in essence, in the criminal arena’: Laurie Blank, ‘International Law and Cyber Threats from Non-State Actors’ (2013) 89 International Law Studies 406, 416. 326 For example, attacks and interferences by organised criminal groups or environmental protesters are unlikely to be of sufficient gravity to qualify as armed attacks. 327 Klein (n 254) 272 (emphasis added). See also US Navy, The Commander’s Handbook on the Law of Naval Operations (July 2007) para 4.4.3.

295

POST-9/11 INTERNATIONAL LEGAL RESPONSES

Under customary international law, the use of force in self-defence, including that directed against non-state actors, must be necessary and proportional to the armed attack suffered.328 The third requirement applicable to the right of self-defence is immediacy, which requires the response in self-defence should not be too tardy.329 Dinstein has noted that these ‘[t]hree cumulative conditions to the exercise of selfdefense are well entrenched in customary international law’.330 The principles of necessity and proportionality were confirmed by the ICJ in Nicaragua as customary international law; they were extended to Article 51 self-defence in Nuclear Weapons,331 and confirmed in Oil Platforms.332 The requirement of immediacy, although given only cursory attention by the ICJ, ‘is of equal specific weight’.333 The principle of necessity ‘requires there to be no viable option other than force to deter or defeat the armed attack’.334 Schmitt argues that this is a critical factor in the context of terrorism because the key issue is ‘whether, with a reasonable degree of certainty, law enforcement actions alone will protect the target(s) of the terrorism’.335 If the perpetrators can confidently be apprehended and arrested, that action must be chosen instead of a military attack intended to kill them.336 For example, in Oil Platforms, the Court did not accept that the attacks on Iran’s offshore installations were necessary as responses to the attacks on the Sea Isle City and the USS Samuel B Roberts.337 The proportionality principle requires the response with a use of force in selfdefence to be proportionate and basically ‘addresses the issue of how much force is permissible in self-defence’.338 In Nicaragua, the Court made a reference to a specific rule ‘whereby self-defence would warrant only measures which are proportional to the armed attack’.339 According to Schmitt, ‘[p]roportionality does not require any equivalency between the attacker’s actions and defender’s response, [but it] limits defensive force to that required to repel the attack’.340 To satisfy the requirement of proportionality, the force should not ‘exceed the amount of force that is required, under the circumstances, to defeat an attack that is

328 Harel (n 259) 160–61, citing Nicaragua [1986] ICJ Rep 14; Oil Platforms [2003] ICJ Rep 161, 183. 329 Dinstein, ‘Computer Network Attacks and Self-Defence’ (n 270) 109. 330 Ibid. 331 Nuclear Weapons [1996] ICJ Rep 226, para 41. 332 In Oil Platforms, the ICJ affirmed that the lawful exercise of the right of self-defence requires compliance with the criteria of necessity and proportionality in relation to the action taken in response: Oil Platforms [2003] ICJ Rep 161, para 74. 333 Dinstein, ‘Computer Network Attacks and Self-Defence’ (n 270) 109. 334 Schmitt, ‘Responding to Transnational Terrorism’ (n 279) 15. 335 Ibid. 336 Ibid. (noting that ‘[f]actors such as risk of the terrorists eluding capture and the degree of danger involved in the capture are certainly relevant’). 337 Oil Platforms [2003] ICJ Rep 161, para 76. 338 Schmitt, ‘Responding to Transnational Terrorism’ (n 279) 16. See also Judith Gardam, ‘Proportionality and Force in International Law’ (1993) 87(3) American Journal of International Law 391. 339 Nicaragua [1986] ICJ Rep 14, para 176; Oil Platforms [2003] ICJ Rep 161, para 76. 340 Schmitt, ‘Responding to Transnational Terrorism’ (n 279) 16.

296

POST-9/11 INTERNATIONAL LEGAL RESPONSES

underway or to deter an anticipated attack’.341 In Oil Platforms, in assessing whether the action taken by the US was proportional, the ICJ decided that the attacks on offshore installations at Reshadat offshore complex in response to a missile strike on the Sea Isle City may have been proportionate, but the attacks on Salman and Nasr offshore complexes were part of a much wider operation and therefore could not be considered as proportionate to the mining of the US warship USS Samuel B Roberts.342 The third requirement for the lawful use of force in self-defence is immediacy. This immediacy requirement is not relevant in respect of responses to attacks that are still in-progress, but it is relevant when a state responds with the use of force in advance of an attack or after an attack takes place.343 In the latter case, the immediacy basically requires that the commencement of response action in self-defence must not be overly delayed as it will no longer be of a defensive nature, but retaliatory, which is unlawful.344 Dinstein has argued that ‘immediacy’ can be construed broadly suggesting that ‘a time-lag of days, weeks and even months’ between the attack and response may be permissible.345 The initial reading of Article 51 of the UN Charter suggests that right of selfdefence deals with responses to armed attacks that have already occurred.346 However, it is now generally accepted that international law allows the right of selfdefence to be exercised by a state to protect itself from an imminent armed attack.347 This principle is commonly referred to as anticipatory self-defence. 8.2.2 Anticipatory self-defence The concept of anticipatory self-defence involves the use of armed force when attack is imminent and no reasonable peaceful means is available to prevent it.348 Noting the restrictive nature of Article 51, the HPTCC nevertheless generally agreed that a threatened state ‘can take military action as long as the threatened armed attack is imminent, no other means would deflect it and the action is proportionate’.349

341 Harel (n 259) 161. See also Schmitt, ‘Responding to Transnational Terrorism’ (n 279) 16 (noting that ‘[t]he availability of other options, especially law enforcement, would in part determine the permissible quantum and nature of the force employed’). 342 Oil Platforms [2003] ICJ Rep 161, para 77. 343 Blank (n 325) 419. 344 Ibid. 345 Dinstein, ‘Computer Network Attacks and Self-Defence’ (n 270) 109. 346 Klein (n 254) 271. 347 Harel (n 259) 159. See also Ochoa-Ruiz and Salamanca-Aguado (n 260) 499–500; Thomas Franck, ‘What Happens Now? The United Nations After Iraq’ (2003) 97(3) American Journal of International Law 607, 619; Michael Glennon, ‘The Fog of Law: Self-Defense, Inherence, and Incoherence in Article 51 of the United Nations Charter’ (2002) 25(2) Harvard Journal of Law and Public Policy 539, 547. 348 US Navy, The Commander’s Handbook (n 327) para 4.4.3.1 (noting that that ‘[i]mminent does not necessarily mean immediate or instantaneous. The determination of whether or not an attack is imminent will be based on an assessment of all facts and circumstances known at the time’). 349 UN, A More Secure World: Our Shared Responsibility, Report of the Secretary-General’s High-level Panel on Threats, Challenges and Change, UNGA, 59th Session, Agenda Item 55, UN Doc A/59/565 (2 December 2004) para 188.

297

POST-9/11 INTERNATIONAL LEGAL RESPONSES

According to this notion, a state does not need to wait until the armed attack takes place in order to use force, acting in self-defence, in order to prevent an imminent armed attack directed against it.350 As noted by the UN Secretary-General: ‘Imminent threats are fully covered by Article 51, which safeguards the inherent right of sovereign States to defend themselves against armed attack. Lawyers have long recognized that this covers imminent attack as well as one that has already happened.’351 The concept of ‘anticipatory self-defence’ has been relevant in the maritime security context,352 and it is just as relevant to the protection of offshore installations. Where a coastal state has determined that a ship approaching one of its offshore installations has hostile intent to carry out an imminent armed attack against that installation, the coastal state ‘may use necessary and proportional force in order to thwart that attack’.353 However, in practice, it may be very difficult to take any meaningful pre-emptive action in self-defence to prevent an attack on an offshore installation. The freedom of navigation on the high seas and in the EEZ makes it very difficult to determine whether a ship navigating in the vicinity of offshore installations poses a security risk, particularly in areas with busy maritime traffic,354 unless the ship infringes a 500-metre safety zone around the offshore installation, violates a ships’ routeing measure or behaves suspiciously. Unless reliable intelligence about a specific threat or a hostile ship exists, in most cases the timeframe to launch pre-emptive action against a delinquent ship will be a matter of minutes or seconds.355 If there are no government security vessels present in the vicinity of the attacked installation it is unlikely that there will be sufficient time for authorities to launch a meaningful pre-emptive action to prevent the attack. It will be even more difficult to rely on the principle of anticipatory selfdefence if the attack is not imminent, but is possible or probable.356 The issue is whether a state can, without seeking authorisation from the UNSC, claim in such circumstances the right to act in anticipatory self-defence not only against an imminent threat (i.e. pre-emptively),357 but also against a non-imminent threat

350 Harel (n 259) 159–60, citing Yoram Dinstein, War, Aggression and Self-Defence (5th edn, Cambridge University Press 2011) 204–05. Dinstein refers to ‘interceptive self-defence’, which he describes as a response to an armed attack that is in progress: at 204–5. 351 UN, In Larger Freedom: Toward Development, Security, and Human Rights for All, Report of the Secretary-General, UNGA, 59th Session, Agenda Items 45 and 55, UN Doc A/59/2005 (21 March 2005) para 124, quoted in Rothwell, ‘Anticipatory Self-Defence’ (n 260) 350. 352 Klein (n 254) 271. 353 Michael Schmitt, ‘“Change Direction” 2006: Israeli Operations in Lebanon and the International Law of Self-Defense’ (2008) 84 International Law Studies 265, 282, cited in Harel (n 259) 161. 354 Harel (n 259) 161; US Navy, The Commander’s Handbook (n 327) 4–9. 355 See, e.g. Kaye, ‘International Measures to Protect Oil Platforms’ (n 112) 405. 356 UN, A More Secure World (n 349) para 188. 357 The term ‘anticipatory self-defence’ is sometimes been used interchangeably with the term ‘preemptive self-defence’, but there is a difference between these terms. Lubell has noted: [s]o long as it was clear that the type of attack under discussion was of the imminent kind, it would not have seemed necessary to differentiate between ‘anticipating’ and ‘pre-empting’ it. However, in recent times the debate has included the discussion of a possible right of states to take action in order to prevent hypothetical future eventualities which cannot easily be described as specific imminent attacks. Lubell (n 260) 55

298

POST-9/11 INTERNATIONAL LEGAL RESPONSES 358

(i.e. preventively). According to the HPTCC, ‘[w]here threats are not imminent but latent, the Charter gives full authority to the Security Council to use military force, including preventively, to preserve international peace and security’.359 Similarly, Lubell has concluded that there is no substantial support for the claim that international law has evolved in such way ‘as to allow for pre-emptive action against anything other than an imminent attack which cannot be prevented without recourse to force’.360 To this end, it has been suggested that in order for coastal states to be effective in preventing attacks on offshore installations, security measures that ‘facilitate identification of threats as early as possible’ are essential.361 One such measure is restriction of navigational rights around offshore installations in selfdefence. As far as cyber attacks are concerned, it will be problematic, if not impossible, to invoke the principle of anticipatory self-defence, from a practical standpoint, in order to prevent a cyber attack against an offshore installation.362 8.2.3 Restricting navigation in self-defence It has been argued that a coastal state can rely on the right of self-defence as a justification for limiting navigation near its offshore installations in order to protect them from attacks.363 In other words, a coastal state on the basis of self-defence may, presumably, declare an exclusion/security zone around an offshore installation or a group of offshore installations (wider than 500-metre safety zones permitted under the LOSC), and limit or restrict navigation in that zone to all ships. The purpose of such a measure would be to provide offshore personnel on board the installation and coastal state authorities with more lead time for determining whether a ship entering the security/exclusion zone has hostile intent, and for initiating preemptive actions if deemed necessary. Such pre-emptive responses may include interdiction of non-compliant ships, arrest and may involve the use of force as part of maritime law enforcement activities. One of the first questions that arises is whether such navigational restriction is governed by the law of self-defence or some other law. In other words, the question is whether navigational restriction will be considered lawful exercise of the right of

358 UN, A More Secure World (n 349) para 189. 359 UN, In Larger Freedom (n 351) para 125. 360 Lubell (n 260) 63 (noting that the same argument applies to ‘non-state actors as it is in the context of attacks by states’). 361 Harel (n 259) 161. 362 In this regard, Roscini has stated: In the absence of an associated kinetic attack, however, anticipatory self-defence by cyber or kinetic means against an imminent standalone cyber armed attack will be extremely difficult to invoke in practice: in the absence of visible indicators, convincingly establishing the origin, nature, and imminence of the cyber attack and the necessity and proportionality of the reaction may prove to be an impossible task. Indeed, as will be seen, states claiming a right of anticipatory self-defence will have to provide, as a minimum, ‘clear and convincing evidence’ of the imminent attack.

Roscini (n 324) 79–80 (footnotes omitted, emphasis in original), citing Terry Gill and Paul Ducheine, ‘Anticipatory Self-Defense in the Cyber Context’ (2013) 89 International Law Studies 438, 466; Matthew Waxman, ‘Regulating Resort to Force: Form and Substance of the UN Charter Regime’ (2013) 24(1) European Journal of International Law 151, 160. 363 Harel (n 259) 161.

299

POST-9/11 INTERNATIONAL LEGAL RESPONSES

self-defence from the international law perspective. Even if navigational restriction is regarded as a lawful exercise of the right of self-defence, the security/exclusion zones around offshore installations can only be established on the grounds of selfdefence ‘in response to an imminent threat of an armed attack’ on the coastal state’s offshore installation(s).364 Harel has pointed out that the US ‘asserts a right to use such tactics “under a self-defense or defense-of nationals justification”’ for protecting offshore installations on its EEZ and continental shelf from acts of terrorism.365 ‘According to the US position, security zones established outside the territorial sea must be “temporary in nature or otherwise incident driven” in order to be consistent with international law.’366 The period for which an exclusion zone can be established is not specified, which may lead to coastal states abusing this right. Arguably, as long as the security/exclusion zone is not permanent, it is temporary and it can potentially remain in place for a considerable period of time. In addition, such exclusion zones and any enforcement action taken within those zones would need to satisfy the criteria of necessity and proportionality. The requirement of necessity may entail a duty to use force only as a last resort after all non-forcible means such as warnings against a non-compliant or suspicious ship have been exhausted.367 The proportionality criterion requires measures to be proportionate to the threat. Harel has suggested that the requirement of proportionality ‘may not only restrain the amount of force used, but also limit the size of the zones in which limitations are imposed’.368 ‘However, to the extent that the proportionality requirement is met, a mere inconvenience to sea traffic would not be considered a violation of the freedom of navigation.’369 However, several writers ‘have asserted that the establishment of maritime security zones in peacetime is unlawful’.370 If a coastal state restricts navigation near its offshore installations on the basis of the right of self-defence, then presumably it should be able to take pre-emptive enforcement action against ships that violate navigational restrictions or exclusion zones. The question is whether interdiction of ships by coastal state authorities for non-compliance with restrictions on navigation will be carried out as an act of selfdefence or as a law enforcement activity. Klein has argued that ‘[t]he preventive nature of the actions concerned, coupled with the lack of any immediate need that should be inherent to an anticipatory right of self-defence, weigh against the lawful interdiction of foreign flagged ships on the grounds of self-defence’.371 Klein has also argued that ‘[t]he distinction between threats or uses of force and armed attacks

364 Harel has suggested that ‘[w]here a state has reasonable intelligence-based grounds to believe that an attack is underway, imminent could arguably be interpreted to mean hours or even days’: Harel (n 259) 162, n 166. 365 Harel (n 259) 161, n 164, quoting US Government, Naval War College, Maritime Operational Zones (2006) 1–5–6, 1–7. 366 Ibid. 367 Harel (n 259) 162. 368 Ibid. 369 Ibid., citing von Heinegg (n 310) 214. 370 Frederick Leiner, ‘Maritime Security Zones: Prohibited Yet Perpetuated’ (1984) 24(4) Virginia Journal of International Law 967, 980, 984, cited in Harel (n 259) 162. 371 Klein (n 254) 275.

300

POST-9/11 INTERNATIONAL LEGAL RESPONSES

generally means that states may not rely on the right of self-defence to justify responses for current maritime security threats’.372 According to this view, in most cases responses to offshore security threats would have to be undertaken as maritime law enforcement activities rather than the exercise of the right of self-defence. However, recent state practice indicates that there is far more acceptance of reliance on the right of self-defence ‘to justify intrusions against the freedom of navigation on the high seas’.373 States have justified interdictions of foreign flagged ships on the high seas on the basis of the right of self-defence in pursuit of terrorists, ‘as a necessary and proportionate response to an imminent attack’,374 but the threat must be ‘sufficiently grave to justify encroachment upon the traditional and dearlyheld freedom of the high seas’ and a mere hypothetical threat is insufficient.375 In any case, in order for enforcement actions within the exclusion zones established on the basis of the right of self-defence to be permissible under international law, they must conform with customary requirements of the right of self-defence.376 It might be difficult for a coastal state to justify the use of force against a ship that infringed an exclusion zone and did not comply with orders and directions, but was not engaged in any violence or attack.377 To justify the use of armed force in self-defence there should be ‘clear and convincing evidence that the circumstances warrant the use’.378 The ship’s flag state may claim that the use of force was an unlawful act of aggression and the coastal state will have the burden of proving that it faced an imminent threat of armed attack and that the measures taken were a necessary and proportionate response to that threat.379 In the Oil Platforms case, the ICJ held that the burden of proof that an armed attack had occurred rests on the state claiming to act in self-defence.380 In March 2003, the US asserted belligerent rights and took control over ABOT and KAAOT offshore terminals under the law of armed conflict during the invasion of Iraq.381 In May 2004, several days after suicide terrorist attacks on ABOT and KAAOT, the US established 3,000-metre warning zones and 2,000-metre exclusion zones and the suspension of the right of innocent passage around ABOT and KAAOT within Iraq’s territorial sea.382 MARLO advised ships operating in the

372 Ibid. 269. Cf. Ian Barry, ‘The Right of Visit, Search and Seizure of Foreign Flagged Vessels on the High Seas Pursuant to Customary International Law: A Defense of the Proliferation Security Initiative’ (2004) 33(1) Hofstra Law Review 299, 317. 373 Klein (n 254) 275, citing Robin Churchill and Alan Lowe, The Law of the Sea (3rd edn, Manchester University Press 1999) 216–17. 374 Klein (n 254) 273–74. 375 Ibid., citing Robert Reuland, ‘Interference with Non-National Ships on the High Seas: Peacetime Exceptions to the Exclusivity Rule of Flag-State Jurisdiction’ (1989) 22 Vanderbilt Journal of Transnational Law 1161, 1223. 376 Harel (n 259) 161–62. 377 Ibid. 162. 378 Mary Ellen O’Connell, ‘Evidence of Terror’ (2002) 7(1) Journal of Conflict and Security Law 19, 21–22, cited in Harel (n 259). 379 Harel (n 259) 162–63. 380 See Oil Platforms [2003] ICJ Rep 161, 189; Mary Ellen O’Connell, ‘Evidence of Terror’ (2002) 7(1) Journal of Conflict and Security Law 19, 21–22. 381 US Navy, The Commander’s Handbook (n 327) para 7.9. 382 Ibid., app C.

301

POST-9/11 INTERNATIONAL LEGAL RESPONSES

Persian Gulf of the warning and exclusion zones around ABOT and KAAOT,383 stating, among other things, that ‘[a]ll reasonable efforts including established preplanned responses will be taken to warn vessels away before employing deadly force’.384 Even if a coastal state might be able to limit navigation near its offshore oil and gas installations in self-defence in order to protect them from terrorist attacks, it will not necessarily be able to rely on the right of anticipatory self-defence to take action against all categories of offshore security threats identified in Chapter 3. Rothwell has argued that the consequence of ‘launching anticipatory action and making an error of judgment’ that a presumed ‘threat is not as great as anticipated’, is one that all states must bear the highest levels of accountability and state responsibility for.385 Furthermore, a denial of navigational rights or violations of sovereignty and the freedom of navigation may give rise to a right of a state whose ship was denied navigational rights ‘to undertake proportionate counter-measures, which may involve a show of force . . . and may allow for force that is proportionate to the degree and nature of the threat’.386 In any case, if even a coastal state restricts or limits navigation near its offshore installations based on the right of self-defence in order to protect those installations from a threat of attack, such restriction ‘would have to be a necessary and proportionate response to an imminent threat of attack.’387 Besides, there will always be questions and concerns as to ‘whether, in a particular case, the use of force will be lawful, and whether a continuing pursuit and interdiction of a foreign flagged’ ship can take place.388 8.2.4 Exercise of the right of self-defence by third states Article 51 of the UN Charter provides that states have the right of individual or collective self-defence. Collective self-defence involves a situation where a state that is a victim of an armed attack requests assistance from a third state in responding to that armed attack. The third state need not be under threat itself.389 But the victim state must form and declare the view that it has been the victim of an armed attack.390 In the Nicaragua case, the ICJ found that ‘[t]here is no rule in customary international law permitting another State to exercise the right of collective self-

383 Marshall Islands Government, Office of the Maritime Administrator, ‘Warning and Exclusion Zones around the Khawr Al’Amaya Oil Terminal (KAAOT) and the Al Basra Oil Terminal (ABOT)’ (Marine Safety Advisory No 15-08, Office of the Maritime Administrator, 20 May 2008) 1. 384 Ibid. 3; US Navy, The Commander’s Handbook (n 327) app C. 385 Rothwell, ‘Anticipatory Self-Defence’ (n 260) 353. 386 Klein (n 254) 267, citing Dale Stephens, ‘The Impact of the 1982 Law of the Sea Convention on the Conduct of Peacetime Naval/Military Operations’ (1998–1999) 29(2) California Western International Law Journal 283, 295–98. 387 Harel (n 259) 163 (further noting that ‘the more limited those measures are in space and time and the more imminent the threat they are aimed to address, the better the coastal state’s chances of justifying those measures under the self-defense doctrine’). 388 Kaye, ‘International Measures to Protect Oil Platforms’ (n 112) 414. 389 Nicaragua [1986] ICJ Rep 14, para 232. 390 Ibid. para 195.

302

POST-9/11 INTERNATIONAL LEGAL RESPONSES

defence on the basis of its own assessment of the situation’,391 without the state for whose benefit this right is used having declared itself the victim of an armed attack, and ‘there is no rule permitting the exercise of collective self-defence in the absence of a request by the State which regards itself as the victim of an armed attack’.392 The Court concluded that the requirement of a request by the victim state of the alleged attack is separate from the requirement that the victim state should declare that it has been attacked.393 9 Conclusions The post-9/11 international legal framework for offshore installations security mainly consists of Chapter XI-2 of the SOLAS Convention, the ISPS Code, the SID Convention, the 2005 SUA Convention, the 2005 SUA Protocol and the LRIT regulation. Other regulatory maritime security initiatives that are relevant to the security of offshore installations include the CMI Draft Guidelines, Non-SOLAS Security Guidelines produced by the IMO and the IMO National Maritime Security Legislation Guidelines. The new (i.e. post-9/11) maritime security measures, including the ISPS Code and the SOLAS Convention amendments, gave new rights and responsibilities to coastal and port states and placed new obligations on flag states, shipping companies, and in some cases oil companies; and these new regulatory measures appear to be consistent and compliant with the existing rules of international law, particularly the LOSC. However, in regard to offshore installations security, it can be concluded that most offshore oil and gas installations fall outside the scope of the ISPS Code requirements, which is the major limitation of the post-9/11 regulatory framework. The post-9/11 international legal framework for maritime security is primarily aimed at enhancing the security of international shipping. It has only very limited application to and effect on offshore oil and gas installations. Accordingly, the post9/11 international regulatory framework does not adequately address the protection and security of offshore installations and the onus of implementing regulatory security measures for offshore installations appears to have been placed on individual states. The chapter also analysed the application of the right of self-defence in the context of offshore petroleum installations protection. It can be concluded that it may be possible for a coastal state to exercise the right of self-defence in order to protect or respond to imminent attacks by non-state actors against offshore installations under the coastal state’s jurisdiction, provided the requirements for exercising the right of self-defence in Article 51 of the UN Charter and in customary international law are satisfied.

391 Ibid. 392 Ibid. para 199. 393 Ibid.

303

CHAPTER 8

INTERNATIONAL OIL AND GAS INDUSTRY RESPONSES 1 Introduction The nature of the petroleum industry and the history of violence associated with it have naturally made oil companies security risk-averse. Oil companies prefer to run safe and secure operations without unnecessary disruptions or interferences. In cases when the coastal state does not have sufficient capabilities to provide adequate protection to offshore installations operating on its continental shelf, oil companies and offshore installation operators may be prompted to take the initiative. The petroleum industry, through national and international industry associations has been actively involved in the development of international, national and industry standards and guidelines including those relating to security. Over the years, the oil and gas industry and individual oil companies have developed comprehensive management systems, standards and policies that address the security and protection aspects of their assets. Recognising that assets do not require the same level or type of protection measures, oil companies regularly conduct SRAs for their installations and integrate SRM into their overall management system to ensure that security risks are evaluated, security spending and resources are allocated efficiently, and appropriate risk mitigation measures are implemented. Oil companies have also realised that they need to collaborate with various stakeholders on security-related matters in order to effectively manage the security of their operations. This chapter examines how the international oil and gas industry has responded to address security challenges facing companies and their installations. First, the chapter discusses international and industry standards that apply to the security of offshore installations and the role of standardisation bodies and industry associations in the security of offshore installations through the development of international, regional and national standards, guidelines and recommended practices aimed at protecting oil companies and their assets from deliberate interferences and attacks. In the second part, the chapter discusses the IOGP SMS model, and provides a high level overview of its main concepts, principles and components. The third part of the chapter discusses a range of specific offshore security controls and risk mitigation measures that can be adopted for offshore installations, and in discussing security controls references are made to relevant standards, guidelines and recommended practices.

304

INTERNATIONAL OIL INDUSTRY RESPONSES

2 International and industry standards and practices The offshore petroleum industry utilises a large number of international, national and industry standards developed by various standardisation organisations, and oil and gas industry associations.1 The use of common standards provides a number of benefits to oil companies and other industry participants such as enhanced technical integrity, improved safety and security, reduced environmental and health risks, as well as operational efficiencies resulting in reduced costs.2 Risk assessment and management tools and methods are continuously evolving and the use of standards promotes tools available to oil and gas companies to implement best industry practices,3 including those relating to security. Industry standardisation bodies are making significant changes to their standards development processes to meet the needs of the users by incorporating the best and latest value added practices.4 Oil and gas companies participate in industry standardisation processes and contribute to the development of standards by sharing their expertise and best practices. Companies are being encouraged to use international, national and industry standards where they exist and reduce reliance on internal company standards and practices.5 2.1 International standards International standards are of particular importance to the oil and gas industry.6 They promote uniformity and help to reduce many national regulations that oil companies face around the world.7 International standardisation efforts in the oil and gas industry have intensified in recent years, which ‘reflects the global nature of the industry’.8 International standards are developed by the ISO and other specialised international standardisation organisations such as the International Electrotechnical Commission (IEC) and the International Telecommunication Union (ITU). International standardisation work in the ISO relating to the offshore petroleum industry is mainly undertaken by ISO Technical Committee (TC) 67 that specialises in standards development relating to materials, equipment and offshore structures for the oil and gas industry. TC 67 has actively pursued international standardisation since 1989 and has already developed close to 200 international standards.9 TC 67 maintains close relationships with oil and gas industry associations such as the IOGP

1 IOGP, Position Paper on the Development and Use of International Standards (Report No. 381, March 2010) 1. 2 Ibid. 3 IOGP, Value of Standards (Report No. 440, May 2014) 2. 4 Ibid. 3. 5 Ibid. 2. 6 Ibid. 1. 7 IOGP, ‘Working Together for Improved Standards’ (2015) www.iogp.org/international-standards accessed 1 December 2015. 8 IOGP, Position Paper (n 1) 1. 9 IOGP, Value of Standards (n 3) 2.

305

INTERNATIONAL OIL INDUSTRY RESPONSES

in order to keep the focus on the needs of the industry.10 In turn, industry associations encourage and give support to the work of TC 67.11 Standards developed by TC 67 with most relevance to offshore installations security, although not specifically developed for security purposes, include ISO 13702:1999, ISO 15544:2000, and ISO 17776:2000.12 The offshore oil and gas industry also uses many standards developed by other ISO committees, as well as certain international standards jointly published by ISO and other standardisation organisations such as the IEC.13 Some of these standards specifically relate to security while others address areas such as quality management, risk management, business continuity, emergency management, but which can be (and have been) adapted for security purposes. For example, TC 292 works on standardisation in the field of security and develops standards relating to security management, business continuity management, resilience and emergency management.14 TC 262 works on standardisation in the field of risk management,15 and TC 176 works in the field of quality management.16 The ISO also publishes a number of other standards that may indirectly apply to security such as guidelines on social responsibility.17 The ISO–IEC Joint Technical Committee (JTC) 1, through one of its subcommittees, develops standards relating to security techniques 10 Ibid. 3. 11 Ibid. 12 ISO 13702:1999 Petroleum and Natural Gas Industries – Control and Mitigation of Fires and Explosions on Offshore Production Installations – Requirements and Guidelines; ISO 15544:2000 Petroleum and Natural Gas Industries – Offshore Production Installations – Requirements and Guidelines for Emergency Response; ISO 17776:2000 Petroleum and Natural Gas Industries – Offshore Production Installations – Guidelines on Tools and Techniques for Hazard Identification and Risk Assessment. 13 DNV, ‘Barents 2020: Assessment of International Standards for Safe Exploration, Production and Transportation of Oil and Gas in the Barents Sea’ (Report 2009-1626, 2009) 88. 14 The relevant TC 292 standards include: ISO 22320:2011 Societal security – Emergency management – Requirements for incident response; ISO/AWI 20151 Societal security – Emergency management – Guidance for monitoring of facilities with identified hazards; ISO/PAS 22399:2007 Societal security – Guideline for incident preparedness and operational continuity management; ISO 22315:2014 Societal security – Mass evacuation – Guidelines for planning; ISO 28000:2007 Specification for security management systems for the supply chain; ISO 28001:2007 Security management systems for the supply chain – Best practices for implementing supply chain security, assessments and plans – Requirements and guidance; ISO 28002:2011 Security management systems for the supply chain – Development of resilience in the supply chain – Requirements with guidance for use; ISO 22313:2012 Societal security – Business continuity management systems – Guidance; ISO 280051:2013 Security management systems for the supply chain – Electronic port clearance (EPC) – Part 1: Message structures; ISO 22397:2014 Societal security – Guidelines for establishing partnering arrangements; ISO/DIS 18788 Management system for private security operations – Requirements with guidance; ISO 20858:2007 Ships and marine technology – Maritime port facility security assessments and security plan development; ISO/PAS 16917:2002 Ships and marine technology – Data transfer standard for maritime, intermodal transportation and security. 15 The relevant TC 262 standards include: ISO 73:2009 Risk management – Vocabulary; ISO 31000:2009 Risk Management – Principles and Guidelines; ISO/TR 31004:2013 Risk Management – Guidance for the implementation of ISO 31000; ISO/IEC 31010:2009 Risk Management – Risk Assessment Techniques; ISO/NP 31020 Risk Management – Managing Disruption Related Risk. 16 The relevant TC 176 standards include: ISO 9000:2005 Quality Management Systems – Fundamentals and Vocabulary; ISO 9001:2008 Quality Management Systems – Requirements; ISO 10006:2003 Quality Management Systems – Guidelines for Quality Management in Projects. 17 See, e.g. ISO/CD 11000 Collaborative business relationship management – Framework; ISO/CD 37101 Sustainable development and resilience of communities – Management systems – General principles and requirements; ISO 55001:2014 Asset management – Management systems – Requirements; ISO 26000:2010 Guidance on social responsibility.

306

INTERNATIONAL OIL INDUSTRY RESPONSES

in the field of information technology.18 The IEC publishes international standards relating to network security and control systems security, which can have application in the context of offshore installations security.19 A number of other standards developing organisations also produce standards widely used by the oil and gas industry globally.20 Although based in the US and primarily represents the US petroleum industry, API has played a leading role in the development of standards for the oil and gas industry since the 1920s and its standards have traditionally been used by oil companies worldwide.21 Due to its historical involvement in standards development, API has significant expertise in this area and access to intellectual resources. Many of the standards developed by TC 67 are based on the API standards. In fact, the ‘original objective of ISO/TC67 was to convert a significant proportion of the globally applicable API industry standards to equivalent ISO standards’.22 The API has established a procedure to follow when adopting back ISO standards as API standards.23 One of the key API standards relating to security of offshore installations is API Standard 780 on SRA methodology for petroleum and petrochemical industries.24 Another international organisation that has made a significant contribution to the development of international standards for the petroleum industry is IOGP. IOGP does not develop standards itself, but it ‘strongly supports the internationalisation of key standards’ used by the oil and gas industry.25 Nevertheless, IOGP’s contribution to the work of TC 67 should not be underestimated. The IOGP, through its Standards Committee, influences, co-ordinates and monitors the development of international standards.26 It maintains close communication with TC 67, regional standardisation bodies such as the European Committee for Standardization (CEN),27 and national industry associations, particularly the API.28

18 The relevant JTC 1 standards include: ISO/IEC 15408-1:2009 Information technology – Security techniques – Evaluation criteria for IT security – Part 1: Introduction and general model; ISO/IEC TR 154431:2012 Information technology – Security techniques – Security assurance framework – Part 1: Introduction and concepts; ISO/IEC TR 19791:2010 Information technology – Security techniques – Security assessment of operational systems; ISO/IEC 19792:2009 Information technology – Security techniques – Security evaluation of biometrics; ISO/IEC 24760-1:2011 Information technology – Security techniques – A framework for identity management – Part 1: Terminology and concepts; ISO/IEC 27001:2013 Information technology – Security techniques – Information security management systems – Requirements; ISO/IEC 27003:2010 Information technology – Security techniques – Information security management system implementation guidance; ISO/IEC 27032:2012 Information Technology – Security Techniques – Guidelines for Cybersecurity. 19 See, e.g. IEC 62442-3-3, Industrial Communication Networks – Network System Security – Part 33: System Security Requirements and Security Levels; IEC 62443, Network and System Security for IndustrialProcess Measurement and Control; IEC 62443-2-4, Security for Industrial Automation and Control Systems – Network and System – Part 2-4 Requirements for IACS solution suppliers. 20 IOGP, Value of Standards (n 3) 1. 21 Ibid. 2; IOGP, Position Paper (n 1) 1. 22 IOGP, Position Paper (n 1) 2. 23 IOGP, Value of Standards (n 3) 2. 24 API, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries (1st edn, May 2013). 25 IOGP, Position Paper (n 1) 4. 26 IOGP, Value of Standards (n 3) 3. 27 In French: Comité Européen de Normalisation (CEN). 28 IOGP, Value of Standards (n 3) 3.

307

INTERNATIONAL OIL INDUSTRY RESPONSES

IOGP also encourages its members to support and provide resources to the work of ISO, particularly TC 67, and other international bodies, through individual representation or by participation in standardisation activities of the national standardisation bodies and industry associations.29 2.2 Regional and national standards Regional and national standards will continue to play an important role ‘when equivalent ISO or IEC are not yet available’.30 In Europe, harmonisation of national standards is being undertaken through CEN.31 CEN is a regional standardisation body responsible for developing and defining voluntary standards at European level covering a wide range of fields including energy, defence, security and ICT.32 Many countries have their own national standardisation bodies that publish standards for the petroleum industry. Some of these bodies have published standards specifically addressing security aspects of the oil and gas industry, some examples of which are briefly provided below. Standards Norway has recently published national standards NS 5831:2014 and NS 5832:2014.33 Standard NS 5831:2014 describes a control system for managing security risks and provides a framework for other standards that deal with societal security and risk analysis;34 and Standard NS 5832:2014 examines the roles of security risk analysis as part of SRM described in NS 5831:2014 and outlines the principles for mitigating risks associated with intentional unwanted and unlawful (mainly criminal) actions.35 These two standards, together with Standard NS 5830:2012,36 which specifies the terminology used in the field of security and protection from international adverse actions,37 constitute a suite of standards on the theme of prevention of intentional undesirable actions and are applicable to both public and private sector enterprises. National regulatory agencies also play a significant role in the standards development process and they have used standards to develop national regulatory frameworks.38 Developing standards in conjunction with the regulatory agencies serves as ‘an alternative to prescriptive national legislation’.39 According to IOGP,

29 DNV, ‘Emergency Response for Offshore Operations in the Barents Sea’ (Position Paper No. 012015, January 2015) 15; IOGP, Position Paper (n 1) 3. 30 IOGP, ‘Working Together for Improved Standards’ (n 7). 31 DNV, ‘Barents 2020’ (n 13) 89. 32 CEN, ‘Who We Are’ (2015) www.cen.eu/about/Pages/default.aspx accessed 1 December 2015. 33 NS 5831:2014 Societal Security – Protection Against Intentional Undesirable Actions – Requirements for Security Risk Management; NS 5832:2014 Societal Security – Protection Against Intentional Undesirable Actions – Requirements for Security Risk Analysis. 34 Standards Norway, ‘NS 5831:2014’ www.standard.no/en/webshop/ProductCatalog/Product Presentation/?ProductID=718201 accessed 1 December 2015. 35 Standards Norway, ‘NS 5832:2014’ www.standard.no/en/webshop/ProductCatalog/Product Presentation/?ProductID=718202 accessed 1 December 2015. 36 NS 5830:2012 Societal Security – Prevention of Intentional Undesirable Actions – Terminology. 37 Standards Norway, ‘NS 5830:2012’ www.standard.no/en/webshop/ProductCatalog/Product Presentation/?ProductID=532802 accessed 1 December 2015. 38 IOGP, ‘Working Together for Improved Standards’ (n 7). 39 IOGP, Position Paper (n 1) 3.

308

INTERNATIONAL OIL INDUSTRY RESPONSES

eleven regulators of the offshore petroleum industry around the globe make reference to some 1,350 standards in their regulatory documentation and seven companies with global operations make references to more than 5,000 standards from some 130 standards-developing organisations.40 Although originally non-binding, international and national standards, as well as self-regulation can be and have been made binding by national laws and regulations.41 2.3 Industry self-regulation International and national standards are supplemented by industry standards, guidelines and recommended practices, which are considered to be a form of industry self-regulation. At an international level, organisations such as the IOGP, International Petroleum Industry Environmental Conservation Association (IPIECA), International Marine Contractors Association (IMCA) and International Association of Drilling Contractors (IADC) produce guidelines and recommended practices covering various aspects of the petroleum industry including security.42 For instance, the IOGP has published a number of guidelines and practice documents addressing security issues such as the use of firearms, security management, response to demonstrations, psychological risk management, guard force management, mutual aid in serious offshore incidents and country evacuation procedures.43 A number of technical and operational industry standards, guidelines and recommended practices are maintained by national industry associations such as the API and the Norwegian Oil and Gas Association (NOGA).44 Many of the industry standards and guidelines have not been developed specifically to address security aspects, but they do have relevance and application in the security context and can be adapted for security purposes.45 Guidelines and recommended practices on emergency preparedness and response can be equally useful and relevant in emergency situations arising from accidents and those caused by deliberate attacks and interferences. Similarly, process safety and risk management guidelines can be useful in considering and analysing both safety and security risks. There are many

40 IOGP, Value of Standards (n 3) 1. 41 DNV, ‘Emergency Response for Offshore Operations’ (n 29) 15. 42 See, e.g. IMCA, Security Measures and Emergency Response Guidance (February 2015); IMCA, Introduction to the International Ship & Port Facility Security Code (The ISPS Code) (January 2007); IMCA, Threat Risk Assessment Procedure (January 2007); IPIECA, Community Grievance Mechanisms in the Oil and Gas Industry: A Manual for Implementing Operational-level Grievance Mechanisms and Designing Corporate Frameworks (2015). 43 See, e.g. IOGP, Firearms and the Use of Force (Report No. 320, February 2010); IOGP, Country Evacuation Planning Guidelines (Report No. 472, September 2012); IOGP, Response to Demonstrations at Offshore Facilities (Document No. 309, March 2010); IOGP, Integrating Security in Major Projects – Principles & Guidelines (Report No. 494, April 2014); IOGP, Mutual Aid in Large-Scale Offshore Incidents – A Framework for the Offshore Oil and Gas Industry (Report No. 487, June 2013); IOGP and IPIECA, Managing Psychosocial Risks on Expatriation in the Oil and Gas Industry (Report No. 495, December 2013); IOGP, Effective Guard Force Management – Principles and Guidelines (Report No. 537, July 2015). 44 NOGA, 003 Recommended Guidelines for Check-in and Security Checks at Helicopter Terminals (March 2011); API, Security for Offshore Oil and Natural Gas Operations (Recommended Practice No. 70, 1st edn, March 2003). 45 OITS, Offshore Oil and Gas Resources Sector Security Inquiry (June 2012) 65.

309

INTERNATIONAL OIL INDUSTRY RESPONSES

other standards, recommended practices and guidance documents developed by industry associations and similar organisations that directly or indirectly apply to security of offshore installations. Regulators and government agencies have produced policies and guidelines on CIP and SRM and in some cases specifically relating to the oil and gas industry.46 In 2000, a small group of governments, companies from the extractive and energy sectors and NGOs adopted a set of non-binding principles known as the Voluntary Principles on Security and Human Rights (VPSHR), which provide guidance to companies on how to maintain the safety and security of their operations within an operating framework that encourages respect for human rights, and, where applicable, humanitarian law.47 Since then, VPSHR has gained substantial recognition among private sector participants, governments and NGOs, and a number of other organisations have adopted the VPSHR and committed to improving security and human rights performance, and in 2007, the organisations involved established formal criteria and obligations for participation in the VPSHR process.48 Some of the largest oil companies participate in the VPSHR process including BHP Billiton, BP, Chevron, ConocoPhillips, ExxonMobil, Shell, Statoil and Total. The VPSHR have also considerably influenced standards, policies and conduct of other organisations that are not formally part of the VPSHR process, but have decided to implement the VPSHR into their management of security.49 Many companies consider that ‘the VPSHR confer tangible security benefits’ to their operations and installations, as well as the communities where they operate.50 The main reason companies choose to implement the VPSHR is to better manage security risks and improve their performance and compliance.51 VPSHR cover three areas: risk assessment, interaction between companies and public security and interaction between companies and private security. A number of guidance documents on implementation of the VPSHR have been produced by various organisations to assist interested parties seeking to apply the VPSHR at an operational level.52 2.4 Company specifications and practices At a company level, in order to help in the achievement of company objectives, a management system needs to be supported by approved company specifications such as policies, standards, guidelines, recommended practices and operating

46 UK Government, Centre for the Protection of National Infrastructure (CPNI), Guide to Producing Operational Requirements for Security Measures (August 2013); DOE, Energy Sector Cybersecurity Framework Implementation Guidance (January 2015); DOE, Oil and Natural Gas Subsector Cybersecurity Capability Maturity Model (ONG-C2M2) (February 2014). 47 VPSHR, (2015) www.voluntaryprinciples.org/ accessed 1 December 2015. 48 Multilateral Investment Guarantee Agency (MIGA), The Voluntary Principles on Security and Human Rights: An Implementation Toolkit for Major Project Sites (Working Paper, July 2008) ii. 49 Ibid. 50 Ibid. 51 Ibid. 52 See, e.g. International Council on Mining & Metals (ICMM) et al., Voluntary Principles on Security and Human Rights: Implementation Guidance Tools (IGT) (2011); MIGA (n 48) ii.

310

INTERNATIONAL OIL INDUSTRY RESPONSES 53

procedures. There are four main categories of company specifications: 1) technical specifications and technical standards; 2) procedures and work instructions; 3) guidelines, recommended practices and manuals; and 4) policies, company rules and directives.54 The policy usually sits at the top of the hierarchy and sets out the security culture, security roles and responsibilities, and security objectives.55 The security standards can be mandatory and voluntary, and security guidelines are not mandatory and only provide the methodology of how compliance to the standards may be achieved. Industry guidelines usually have a degree of flexibility that allows companies to modify them for their specific needs and operational requirements. Standards and practices of oil companies, particularly IOCs, relating to safety and security tend to reflect their international arrangements, which are tailored to the perceived threats and risks in the area of operation.56 Some companies have integrated or closely aligned their security arrangements with safety arrangements.57 The Australian Government inquiry into security arrangements of offshore oil and gas installations has found that ‘the larger companies are likely to have well developed security regimes in place’, while smaller companies or companies with less international experience or operational experience or with smaller operational budgets and less security resources, may have less rigorous and comprehensive security systems and arrangements.58 As a result, the level of protection and security awareness and preparedness can vary across the offshore industry even in the same region or country of operation.59 There is a need for a systematic approach to security management supported by the top management of the company. 3 Security management systems Organisations such as ISO, IOGP and API have published management system standards and guidance since the early 1990s.60 The basic concepts of these management systems are usually similar, but their scope is often different covering areas such as environmental protection, occupational health and safety, quality, process safety and more recently security.61 In 2014, the IOGP published an SMS model, described in a guidance document titled ‘Security Management System –

53 IOGP, Security Management System: Processes and Concepts in Security Management (Report No. 512, July 2014) 18. 54 IOGP, Benchmarking on Standards and Technical Specifications (Report No. 500, June 2015) 5 (noting the last category sometimes refers to the documents intended only or primarily for internal company use). 55 IOGP, Security Management System (n 53) 18. 56 OITS (n 45) 64. 57 Ibid. 65. 58 Ibid. 59 Ibid. 60 See, e.g. ISO 9001:2008 Quality Management Systems – Requirements; IOGP, Guidelines for the Development and Application of Health, Safety & Environmental Management Systems (Report No. 210, 1994). 61 IOGP and IPIECA, Operating Management System Framework: For Controlling Risk and Delivering High Performance in the Oil and Gas Industry (Report No. 510, June 2014) 2.

311

INTERNATIONAL OIL INDUSTRY RESPONSES

Processes and Concepts in Security Management’, that managers can use to implement an effective SMS in line with their company’s objectives. Given the IOGP’s high standing in the oil and gas industry, the IOGP’s SMS model can be regarded as industry best practice. This section analyses the concepts and principles on which the IOGP’s SMS model is based and provides a high-level overview of the main SMS components.62 3.1 SMS concepts and principles The term ‘system’ is defined in the ISO 9000:2005 as a ‘set of interrelated or interacting elements’ and the term ‘management system’ is defined as a ‘system to establish policy and objectives and to achieve those objectives’.63 The term ‘management system’ is defined in ISO 20858:2007 as an ‘organization’s structure for managing its processes or activities that transform inputs of resources into a product or service, which meets the organization’s objectives’.64 The IOGP has not provided a definition of an SMS, but it has defined ‘system’ as ‘[a] set of interacting or interdependent elements forming an integrated process to manage an activity’,65 and ‘management system’ as ‘a structured and documented set of interdependent practices, process and procedures used by the managers and the workforce at every level in a company to plan, direct and execute activities’.66 The ISO definition of ‘quality management system’ may be adapted for security purposes and, in that context, an SMS can be defined as ‘a management system to direct and control an organisation with regard to security’.67 The IOGP’s SMS model was developed using the fundamental concepts defined in a number of international standards, as well as the excellence model of the European Foundation for Quality Management (EFQM), that have been adapted specifically for security purposes.68 An SMS should complement and where possible be integrated into existing company systems and programs. 3.1.1 Security and operating management The IOGP suggests that an SMS may be considered as part of the company’s operating management system (OMS) that ‘provides the structure to enable identification of potential threats to an organisation and which establishes, implements, operates, monitors, reviews and maintains all appropriate measures’ to ensure the effective management of security-related risks.69 An OMS brings together the management of key aspects of running a successful oil company and can address

62 IOGP, Security Management System (n 53) 2. 63 ISO 9000:2005 Quality Management Systems – Fundamentals and Vocabulary. 64 ISO 20858:2007 Ships and Marine Technology – Maritime Port Facility Security Assessments and Security Plan Development 2. 65 IOGP and IPIECA, Operating Management System Framework (n 61) 35. 66 Ibid. 2. 67 See the definition of ‘quality management system’ in ISO 9000:2005 Quality Management Systems – Fundamentals and Vocabulary. 68 IOGP, Security Management System (n 53) 2. 69 Ibid.

312

INTERNATIONAL OIL INDUSTRY RESPONSES

a broad range of threats, risks, potential impacts and inherent vulnerabilities in the oil and gas industry, including those relating to security.70 The IOGP’s new OMS framework is designed to help oil companies manage a broad range of risks and achieve performance goals and stakeholder benefits, and it covers all upstream and downstream company activities throughout the entire value chain and business lifecycle.71 In general, an OMS will apply to all activities over which the company has direct management control.72 The integration of security controls into an OMS ‘allows different areas of risk to be addressed’, so the scope of the system can potentially address all aspects of security including personnel security, installation security and information security.73 The OMS framework is flexible enough to allow companies to tailor the OMS development and implementation in order to account for differences in complexity of their activities and to address different types of risks and different aspects of operations (e.g. integration of security aspects into traditional safety and environmental considerations).74 The IOGP’s OMS framework addresses operating management through the application of four fundamental and equally important principles that define how a company establishes and maintains its OMS and that serve as a foundation of the OMS.75 These fundamental principles can be succinctly described as: leadership, which implies that it is necessary to focus constantly on system effectiveness; risk management, which eliminates the negatives and enhances the positives; continuous improvement, which encourages the use of the ‘Plan-Do-Check-Act’ (PDCA) model;76 and implementation, which simply means ‘making it happen’.77 These principles are arguably the most influential success factors of an OMS.78 According to IOGP, ‘[t]his is consistent with the fundamentals of security management, and so these principles also form the hub of the [SMS] wheel’.79 The structure for establishing an OMS is organised into ten elements that are represented by the middle ring in Figure 8.1. Each of the ten OMS elements has its own set of expected outcomes.80 The sequence and description of these elements is both

70 Ibid. 71 Ibid. 1. 72 Ibid. 5 (noting that this ‘is particularly important when working in partnerships, including with contractors, subcontractors and other suppliers; partner operated joint ventures; or when companies are supplying products to customers or collaborating with local communities’). 73 IOGP and IPIECA, OMS in Practice: A Supplement to Report No.510, Operating Management System Framework (Report No. 511, June 2014) 10. 74 IOGP and IPIECA, Operating Management System Framework (n 61) 5. 75 Ibid. 6. 76 RiskWatch International has described the elements of the PDCA model as follows: plan refers to establishing or updating the security plan to improve security; do means ‘implement and operate the actions defined in the security plan’; check refers to monitoring, reviewing the actions and reporting the results and recommendations to the relevant decision-makers; act refers to maintaining and improving the actions: RiskWatch International, ‘Oil and Gas Industry: A Comprehensive Security Risk Management Approach’ (White Paper, 2013) 6. 77 Ibid. 4. 78 Ibid. 1. 79 IOGP, Security Management System (n 53) 2. 80 IOGP and IPIECA, Operating Management System Framework (n 61) 4.

313

INTERNATIONAL OIL INDUSTRY RESPONSES

On-going cycle of continuous improvement

Report to top management

Credibility and integration

Learning Review Monitor and security reporting

Assurance, review and improvement

Policies objectives and tasks

Commitment and accountability

Monitoring, reporting and learning

Policies, standards and objectives Implementation

Execution and control activities

Leadership Organization, resources and capability

Execution of activities Continuous Improvement Risk Management Plan and procedures

Threat vulnerability and security risk assessment

Stakeholders and customers

Asset design and integrity

Risk assessment and control

Controls

Planning and resourcing Security risk register

Relationship between SMS and OMS

Security Management System OMS – Elements OMS – Fundamentals

Figure 8.1 IOGP security management system model. Source: IOGP, Security Management System (n 53) 3. Reproduced with permission from the IOGP.

comprehensive and logical, and ‘represents all the main components of a high level management system’.81 Whereas each element in the IOGP’s OMS framework is overlapping with its neighbouring elements, the SMS components are ‘based upon the prerequisite that one element builds on the previous element and forms the basis 81 Ibid.

314

INTERNATIONAL OIL INDUSTRY RESPONSES

of the subsequent one’.82 The outer ring in Figure 8.1 shows the sequence of the SMS components and how they relate to the structure and fundamental characteristics of the OMS.83 In effect, an SMS becomes a part of the overall management system and contributes to it. The degree of integration of an SMS and the scope of an OMS will depend on individual company’s operations, organisational structure and management system maturity.84

Maintain

Management responsibility

Resource management

Monitor and maintain

Security planning

Mitigation measures

Threat/security risk assessment

3.1.2 Security and quality management The IOGP’s SMS model is based on ISO 9001:2008 ‘Quality Management Systems – Requirements’,85 which has been adapted for security management as shown in Figure 8.2.86 In that regard, the SMS model is about producing a security solution referred to as a ‘product’, which is defined in ISO 9000:2005 as a ‘result of a set of interrelated or interacting activities which transforms inputs into outputs’. Accordingly, an SMS involves ‘converting an input (security risk assessment) to an output (protection/response measures)’.87 The first step toward achieving security objectives in a risk-based, process-driven approach to security should be an SRA.88 Having assessed the security risks and identified risk mitigation measures, a company may establish a security risk register

Product

Figure 8.2 Security and quality management. Source: IOGP, Security Management System (n 53) 17; based on ISO 9001:2008 Quality Management. Reproduced with permission from the IOGP.

82 83 84 85 86 87 88

Ibid. Ibid. IOGP and IPIECA, Operating Management System Framework (n 61) 1. ISO 9001:2008 Quality Management Systems – Requirements. IOGP, Security Management System (n 53) 17. Ibid. Ibid.

315

INTERNATIONAL OIL INDUSTRY RESPONSES

(SRR) detailing security risks and mitigation measures.89 These mitigation measures are realised through resource management and security planning, resulting in a security solution/product, whether that be physical security safeguards, procedural safeguards, personnel safeguards or ‘a higher level security solution that supports strategic objectives, such as a crisis management strategy, or establishment of an intelligence gathering network’.90 In order for mitigation measures to remain at an appropriate level the SRR must remain a ‘living document’ and so there is a need for continuous/ongoing dynamic SRA.91 Hence, management is responsible for maintaining the effectiveness of the protection and/or response measures through testing and evaluation to ensure it remains at an appropriate level, as well as maintaining the SRR through ongoing SRA.92 3.1.3 Security and risk management As noted earlier, risk management is one of the four fundamental principles on which an SMS is based, and it is the principle that links an SMS with an OMS (as shown in Figure 8.1). In other words, risk management is at the core of an SMS. To understand how risk management fits into an overall SMS, it is important to have at least some basic understanding of fundamental risk management principles and concepts, and to clarify the meaning of SRM. The ISO defines risk management as ‘coordinated activities to direct and control an organization with regard to security risk’.93 Most risk management policies and principles are oriented towards concentrating available resources on a relatively limited number of threats or attack scenarios, or allocating limited resources among a large number of potential targets. The IOGP has described the purpose of SRM as ‘[t]o identify the threats and security risks to an organization and to manage those security risks within the risk appetite of the organization in order to provide reasonable assurance of the achievement of the organization’s objectives’.94 In that regard, the IOGP SMS model follows the core procedures described in the international standard ISO 31000:2009,95 which describes a logical step by step guidance for the ongoing management of risk.96 Figure 8.3 illustrates the relationship between risk management principles, framework and process described in ISO 31000:2009. ISO 31000:2009 is not specific to any industry or sector and can be used by any public or private sector enterprises.97 It can be applied to ‘a wide range of activities,

89 Ibid. 90 Ibid. 91 Ibid. 92 Ibid. 93 ISO 73:2009 Risk Management – Vocabulary, quoted in IOGP, Security Management System (n 53) 21. 94 This definition is based on the definition of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Enterprise Risk Management framework, which IOGP adapted for security: IOGP, Security Management System (n 53) 21, citing COSO, Enterprise Risk Management – Integrated Framework (September 2004). 95 ISO 31000:2009 Risk Management – Principles and Guidelines. 96 IOGP, Security Management System (n 53) 22. 97 ISO 31000:2009 Risk Management – Principles and Guidelines 1.

316

Continual improvement of the framework (4.6)

Framework (Clause 4)

Monitoring and reivew of the framework (4.5)

Design of framework for managing risk (4.3)

Mandate and commitment (4.2)

Implementing risk management (4.4)

Communication and consultation (5.2)

Process (Clause 5)

Risk analysis (5.4.3)

Risk evaluation (5.4.4)

Risk analysis (5.4.3)

Risk identification (5.4.2)

Risk assessment (5.4)

Establishing the context (5.3)

Source: ISO 31000:2009 Risk Management – Principles and Guidelines vii. Reproduced with permission from SAI Global Ltd under Licence 1505–c057.

Figure 8.3 ISO 31000 Risk management principles, framework and process.

Principles (Clause 3)

k) Facilitates continual improvement and enhancement of the organization

j) Dynamic, interative and responsive to change

i) Transparent and inclusive

h) Takes human and cultural factors into account

g) Tailored

f) Based on the best available information

e) Systematic, structured and timely

d) Explicitly addresses uncertainty

c) Part of decision making

b) Integral part of organizational processes

a) Creates value

Monitoring and review (5.6)

INTERNATIONAL OIL INDUSTRY RESPONSES

including strategies and decisions, operations, processes, functions, projects, products, services and assets’ and ‘to any type of risk, whatever its nature’.98 The outcome of the SRM process should be a document that records identified security risks, the mitigation plans to address those risks, the prioritisation of the risks and resources, as well as an assigned responsibility to manage the risk, and that will form the basis for the company’s SRR.99 3.1.4 Security management principles The IGOP security management principles are based on the eight principles of quality management defined in Standard ISO 9000:2005,100 ‘which are necessary for top management to lead the company towards improved performance and which have been adapted for security’.101 The first security management principle is ‘customer focus’ which means that installations, personnel and other assets for which the security is being provided should be viewed as customers whose needs and expectations oil companies must understand, in order to design or select optimal risk mitigation measures.102 The second principle is ‘leadership’, which encourages the security management team to be role models in their leadership in order to attain a level of confidence and trust, so that company’s top management comes to perceive security as a means to achieve the company’s objectives, ‘so that there is unity in purpose and direction’.103 The third principle is ‘involvement of people’, which means that ‘[h]umbleness and a willingness to learn from others is a key characteristic of an effective leader’, so security managers should be open to ideas and listen to an opinion of people at all levels in security because the more radical and unconventional solutions are often the best, and such ideas are more likely to come from someone who is not part of the company security department or security team.104 The fourth security management principle is ‘process approach’, which provides that ‘[a]ll security management tasks begin with an event, or series of events that trigger a response’.105 A process is a set of activities that transforms inputs into outputs.106 In reactive security, ‘a trigger event could be an attempted break which could lead to a physical security risk assessment’, while in proactive security, although it still follows a process, ‘the inputs need to be identified, often through other processes’.107 In both cases, having identified the input, defining the expected

98 Ibid. 99 IOGP, Security Management System (n 53) 22. 100 ISO 9000:2005 Quality Management Systems – Fundamentals and Vocabulary. 101 IOGP, Security Management System (n 53) 19. These principles are: customer focus, leadership, involvement of people, process approach, systems approach to management, continual improvement, factual approach to decision making, and mutually beneficial supplier relationships: ISO, Quality Management Principles (May 2012). 102 IOGP, Security Management System (n 53) 19. 103 Ibid. 104 Ibid. 105 Ibid. 106 Ibid. 107 Ibid. 19–20.

318

INTERNATIONAL OIL INDUSTRY RESPONSES

output will help to ensure that the security-related ‘activities undertaken to link the two are appropriate and effective’.108 The fifth principle, entitled ‘systems approach to management’, is about recognising that ‘the transformation of a single input into a single output’ is unlikely to take place independently of all other processes because the processes are linked, and the network of interlinked processes is a system.109 Managing and understanding the links between these processes is likely to contribute to the efficiency in which security objectives can be achieved.110 The sixth principle, ‘continual improvement’, provides that applying the ‘testing, debrief and lessons learned’ approach, which is a key component of a management system, to all security functions and activities/ processes will ensure that performance, efficiency and capability are constantly improving, thereby minimising the chances of complacency in matters relating to security.111 The seventh principle, entitled ‘factual approach to decision making’, provides that a function of security is to provide intelligence, rather than information, to top management of the company to enable effective decision making which is based upon security facts, not information.112 The IOGP has referred to intelligence as ‘relevant, qualified information which has been verified as much as is realistic and which has attached the analysis and recommendations of the security manager’.113 The eighth security management principle, ‘mutually beneficial supplier relationships’, emphasises the importance of nurturing relationships with suppliers and other third parties (e.g. intelligence, travel security, medical, other security companies) ‘and perceiving them to be interdependent and providing mutual benefit can enhance capability, efficiency and effectiveness of security’.114 3.1.5 Security excellence The IOGP’s SMS framework is also based on the concepts of security excellence that have been adapted from the latest version of the EFQM Excellence Model.115 The EFQM Excellence Model is a non-prescriptive framework for management systems that has been widely used by both public and private sector participants.116 At the core of the EFQM Excellence Model are eight ‘fundamental concepts of excellence’117 that are used to provide a holistic overview and are the threads that run through a so-called ‘nine box model’, which is at the core of the EFQM Excellence Model, whereby each box represents a criterion of excellence. The ‘nine box model’ is essentially a cause and effect diagram that comprises five ‘enablers’ on

108 Ibid. 20. 109 Ibid. 110 Ibid. 111 Ibid. 112 Ibid. 113 Ibid. 114 Ibid. 115 EFQM, Business Excellence Matrix: User Guide – EFQM Model 2013 Version (2013). 116 IOGP, Security Management System (n 53) 26. 117 These are: adding value for customers; creating a sustainable future; developing organisational capability; harnessing creativity and innovation; leading with vision, inspiration and integrity; managing with agility; succeeding through the talent of people; sustaining outstanding results.

319

INTERNATIONAL OIL INDUSTRY RESPONSES

the left-hand side, which are things that are done within an organisation such as ‘strategies, policies and processes, and the people who are involved in doing them, both within and outside the organisation’,118 and four ‘results’ on the right-hand side, which are ‘the measures that show how an organisation is performing in relation to the strategies, targets and objectives they have set’.119 The cause and effect diagram represents the principle that if results are to be improved, a change to one of the enablers needs to be made.120 The fundamental concepts and the criteria of the EFQM Excellence Model have been adapted by the IOGP for security,121 and can be referred to as the IOGP ‘security excellence concepts’ and ‘security excellence criteria’. The IOGP has described eight concepts of security excellence as follows. The first concept called ‘adding value for customers’ means that one way to ensure that security is not perceived as a barrier to progress and to embed it into every-day business activities is ‘by understanding, anticipating and fulfilling [customer’s] needs, expectations and opportunities’.122 The second concept ‘creating a sustainable future’ provides that security input to the company’s social responsibility programme is considered ‘invaluable in advancing the social conditions within affected communities’.123 The third concept ‘developing organisational capability’ relates to ‘the ability to change the capability of the security organization will enable it to respond/adapt to the different demands made upon it’ (e.g. deployment of a guard force with limited notice, carrying out security exercises).124 The fourth concept called ‘harnessing creativity and innovation’ is about recognising that creative thinking can provide effective security solutions, so it is important for security managers to be open to all ideas at all levels, ‘no matter how radical they may seem’.125 The fifth concept of security excellence is ‘leading with vision, inspiration and integrity’, which basically means that security will benefit from inspiration through uploading of moral values.126 The IOGP has noted that adoption and implementation of VPSHR is an example of how inspired leadership can be shown in the context of security.127 The sixth concept of security excellence called ‘managing with agility’ essentially means ‘having the ability to effectively and efficiently recognise and respond to threats and opportunities’.128 The seventh concept of security excellence ‘succeeding through the talent of people’ is about the importance of teamwork and talent development in security and, according to the IOGP, ‘achieving coordination

118 EFQM (n 115) 4. The five ‘enablers’ are: leadership; people; strategy; partnerships and resources; processes, products and services: at 4. 119 EFQM (n 115) 4. The four ‘results’ are: people results; customer results; society results; business results: at 4. 120 EFQM (n 115) 4. 121 These can be referred to as the ‘IOGP concepts of security excellence’ and the ‘IOGP criteria of security excellence’. 122 IOGP, Security Management System (n 53) 26. 123 Ibid. 124 Ibid. 125 Ibid. 126 Ibid. 127 Ibid. 128 Ibid.

320

INTERNATIONAL OIL INDUSTRY RESPONSES

in operations through an understanding of each others’ roles ensures and develops talent and progression’.129 The eighth concept of security excellence ‘sustaining outstanding results’ refers to providing best possible support in all areas and planning to continue doing so in the future. For example, advance resource and strategy planning for new country entry is an area ‘where security could sustain an outstanding performance’.130 In the IOGP’s criteria of security excellence, which has been adapted from the EFQM criteria of excellence, the enablers are: leadership and security management; intelligence and resources; security strategy; supporting business objectives; and protection systems, while the results are: team results; security results; organisational results; and business results.131 The criteria of security excellence have been explained by IOGP as: The enablers describe what security does and how it does it, whereas the results criteria show what security can achieve. The results are caused by the enablers, which are in turn improved using feedback from the results. Through sound leadership & security management, a security strategy will be developed which, using the security team, networks and resources will result in security solutions and/or operations. The output from the security solutions and/or operations should produce good results for the company, which would reflect the success of the security team which has helped to achieve the business objectives, and in doing so have demonstrated that security is an enabler for business. If the results are poor, or do not meet expectations, then something probably needs adjusting on one or more of the enablers.132

3.2 SMS components An effective management system should be such that it does not necessarily require a subject matter expert to implement and manage it.133 According to Maerli et al., the SMS ‘should describe organizational structures, planning activities, responsibilities, practices, procedures, processes and resources, as well as an overarching policy and objectives and ways to achieve those objectives’.134 The IOGP SMS model comprises 11 components which are described in terms of their rationale, explaining why the component is an essential part of the SMS, and expectations, specifying advantages a company may expect to gain if it implements those security measures effectively.135 As illustrated in Figure 8.1, the 11 components of the IOGP SMS model are: credibility and integration; policies, objectives and tasks; threat, vulnerability and security risk assessment; controls; security risk register; planning and resourcing; execution and control activities; monitor and security reporting;

129 Ibid. 27. 130 Ibid. 131 Ibid. 132 Ibid. 133 Ibid. 18. 134 Adapted from British Standard OHSAS 18001:2007 Occupational Health and Safety Management Systems, cited in Morten Maerli et al., ‘Energy Supply Chain Threat Assessment and Generic Security Guidance’ (COUNTERACT Consortium, April 2009) 15. 135 IOGP, Security Management System (n 53) 1.

321

INTERNATIONAL OIL INDUSTRY RESPONSES

review; learning; and reporting to top management.136 These individual components of the SMS and the relationship between them are discussed below. The IOGP SMS model is not intended to be prescriptive and companies are encouraged to develop their own SMSs based on the framework provided in the IOGP guidance.137 3.2.1 Credibility and integration The IOGP has noted that security considerations often become detached from other business considerations and operations resulting in decisions being made without taking into account SRAs.138 This SMS component is aimed at ensuring that company personnel with security responsibilities not only have competence in security aspects, ‘but also have an awareness of the contribution security can make to other aspects of the business’, such as corporate governance, strategy, assurance and regulatory compliance, new ventures and operations.139 In that regard, the person with an overall responsibility for company security must ensure that training needs are recognised and addressed, and appropriate records are maintained.140 This way, security may become an integrated and appreciated part of the company used in business planning, decision making and execution.141 The attributes the security department is expected to have include professionalism (i.e. ‘living the corporate values’), expertise (i.e. ‘demonstrating a thorough knowledge of the subject’), vision (i.e. ‘demonstrating an understanding of the wider business objectives’), teamwork (i.e. ‘working closely with other disciplines to understand their contributions and aspirations’), collaboration (i.e. conducting SRAs in support of specific operations or installations, but not in isolation), and communication of ‘security considerations to top management in a clear, concise manner, demonstrating due consideration to all factors’.142 3.2.2 Policies, objectives and tasks The key rationale for this component is that an organisation should have a single security policy that sets out the company security architecture, strategy and protocols.143 A security policy should explicitly and clearly define the company’s security management goals, roles and responsibilities of the security department/ team, and commitments and principles to enhance security of its operations, installations, personnel and other company assets.144 Companies also have other internal documents that may be used in following the guidelines or as standalone products such as security programmes, security plans, the security environment context statements, statements of attitude to security, security-related standing operating procedures (SOPs) and security priorities timetable.145 136 137 138 139 140 141 142 143 144 145

Ibid. 3. Ibid. 2. Ibid. 5. Ibid. Ibid. Ibid. Ibid. Ibid. 6. API, Security for Offshore Oil and Natural Gas Operations (n 44) 2. IOGP, Security Management System (n 53) 6, 18.

322

INTERNATIONAL OIL INDUSTRY RESPONSES

3.2.3 Threat, vulnerability and security risk assessment This SMS component recognises that different parts of the company address risks in different ways, so it is important to adopt a common language and ensure that core risk management processes are agreed and established.146 ‘Based on the agreed model, the security function can subsequently address security risk through its own lens.’147 The particular characteristic of security is that it is concerned with managing both security risk (i.e. the effect of uncertainty on objectives) and threats (i.e. past actions or statements of intent to inflict harm) that are generally external and over which a company has little direct control or influence.148 The use of SRAs is an important aspect of the modern offshore petroleum industry. An SRA is a highly refined process that can involve specialised technical knowledge and expertise in the areas such as knowledge of or intelligence on local security threats, behaviour patterns of adversaries and specific attack characteristics and methods including techniques used to circumvent security safeguards.149 An SRA should take into account a wide range of factors beyond physical security threats, including but not limited to the operating context, the profile of the company, the social and environmental impact, the company’s strategic long-term objectives, legislation and local expectations, VPSHR, capability and intent of local regional adversaries (i.e. state and non-state actors), vulnerability and attractiveness of assets/targets to adversaries, availability of resources, and past attacks and security incidents.150 3.2.4 Controls Controls can be defined as ‘measures implemented to modify risk’.151 The rationale for this component is that a cost–benefit analysis should be used to assess security controls because there may come a point where security reaches such a level that any further investment in controls will not change the security profile, but a more common situation may be that security reaches such a level that unless more investment is made in controls, the level of protection is unlikely to improve.152 Security arrangements of offshore installations have to be appropriately ‘balanced and aligned with the threat . . . to prioritize limited security resources wisely’.153 An SRA will help to ensure that the security mitigation measures are reviewed and maintained and that security-related costs are justifiable.154

146 Ibid. 7. 147 Ibid. 148 Ibid. 149 Neal Adams, Terrorism & Oil (PennWell 2003) 118; Audun Brandsater, ‘Risk Assessment in the Offshore Industry’ (2002) 40 Safety Science 231; Lee Cordner, ‘Offshore Oil and Gas Industry Security Risk Assessment: An Australian Case Study’ in Rupert Herbert-Burns, Sam Bateman and Peter Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2009) 169, 177–79. 150 IOGP, Security Management System (n 53) 7. 151 Ibid. 22–23. 152 Ibid. 8. 153 Maerli (n 134) 14. 154 Ibid.

323

INTERNATIONAL OIL INDUSTRY RESPONSES

3.2.5 Security risk register Having gone through the SRA process, the findings of SRA should be recorded in the SRR, which should be maintained as a ‘living’ document that can be used to track the effects of security control and provide reassurance to top company management that security risks are being managed appropriately and effectively.155 As the threat environment changes, the SMS ensures that the security risk priorities and mitigation measures remain appropriate, and that the security plan is adapted and reviewed; and in this way, the SRA forms the basis of the SMS.156 All identified security risks should be recorded in the SRR, regardless of the type or method of risk treatment ultimately determined and/or selected.157 There are a variety of SRR formats. Some are more detailed than others, but each individual company can define its own policies on the SRR format and management,158 having regard to any regulatory reporting requirements. The format of an SRR will vary depending on the organisational culture, security risk classification, the nature of the project, reporting requirements and other factors, but the key components of an SRR include: inherent risk, which refers to the level of risk before any security controls have been implemented; baseline risk, which is the level of risk that takes into account existing security controls;159 residual risk, which is the level of risk after security controls have been implemented; target risk, which is the level of risk that is desired by the company; and controls implemented to mitigate risks.160 An SRR should facilitate management of security risks, provide a record (in the agreed format) of all identified security risks facing a company or any of its onshore and offshore installations, record the results of SRAs including security risk rating, record additional proposed actions to enhance security, and facilitate the prioritisation of security risks.161 3.2.6 Planning and resourcing Planning and resourcing is the key component of the SMS, critical to the success of the SMS.162 The rationale for this component is that security should be a management priority.163 As long as the SRA is sound and the security planning is logical, then the security plan should determine the resources, rather than the resources dictating the plan.164 As noted by IOGP, the problem with this strategy is ‘that it is contrary to a strategy of investment in security, and that it under-values the security risk analysis’.165 It is suggested that effective planning will answer questions such as: ‘what are we going to do? how are we going to do it? when are

155 156 157 158 159 160 161 162 163 164 165

IOGP, Security Management System (n 53) 9. Ibid. 22. Ibid. 23. Ibid. 24. API, Security Risk Assessment Methodology (n 24) 3. IOGP, Security Management System (n 53) 22. Ibid. 9. Ibid. 10. Ibid. Ibid. Ibid.

324

INTERNATIONAL OIL INDUSTRY RESPONSES

we going to do it? . . . how are we going to coordinate and communicate? what do we do if something goes wrong?’; and effective resourcing will answer questions such as: ‘what do we need to do it? how do we get it? how much does it cost?’.166 3.2.7 Execution and control activities While some routine security tasks may lend themselves to prior security awareness, training and exercises, and may be carried out almost as an independent security operation,167 other security tasks and activities, such as provision of security covering all aspects of an offshore petroleum project, especially in high-risk areas or countries, will involve security management of a higher order and due regard to broader project objectives.168 The execution of security tasks and activities may impact significantly on project costs and deadlines.169 For example, delivery of certain critical components or equipment may depend on the availability of security convoy support or private security guards; and if the delivery is delayed due to poor security planning, this can have a significant impact on other aspects of the project.170 The SMS should help to ensure that execution of security tasks and activities is embedded into overall project planning and decision making, and coordinated among relevant company departments/teams.171 It is expected that execution of planned security control activities is predicated in the previous components of the SMS, which means that all security risks to the operation have been identified; all necessary control measures have been established; appropriate resources have been allocated to security; any specific procedures have been documented, approved and validated; the plan has been effectively communicated to those responsible for its execution; assurance has been provided that those with responsibility for executing the plan have the appropriate competencies and training; and appropriate back-up procedures and strategies have been established and tested.172 3.2.8 Monitor and security reporting The rationale for this component is that in order to ensure that security tasks and activities remain within the scope of the security plan, it is essential for management to be able to monitor progress and execution.173 Traditional methods such as inspections, review meetings, interviews and auditing are often effective and should be considered where appropriate.174 Importantly, the SMS should address both low-risk and high-risk security environments. In cases where remote monitoring is required, there is currently a broad spectrum of communication options.175 While

166 167 168 169 170 171 172 173 174 175

Ibid. Ibid. 11. Ibid. Ibid. 11. Ibid. Ibid. Ibid. Ibid. 12. Ibid. Ibid.

325

INTERNATIONAL OIL INDUSTRY RESPONSES

information is the key, it is important to remember that not all information needs to be disseminated because much of the operation-specific information will only be relevant to those involved in the execution of the operation or for security managers, but it may be largely irrelevant for top company or project management who need to be protected from needless information overload.176 In general, security reporting should be kept within the security organisation/team.177 It is expected that effective monitoring will include management oversight of operations; compliance checking against the planned tactical and operational objectives; checking of performance and competence levels of security personnel; checking management effectiveness of those supervising the execution of the security plan; flexibility and ability to adapt to unforeseen and changing external and internal developments; opportunities to learn from new situations/circumstances where security strategy needed review; opportunity for tactical and operational feedback and recommendations; keeping top company/project management teams appraised of developments/progress.178 3.2.9 Review Reviews of management effectiveness and performance may be formal or informal and can be carried out at any time during an operation, but in particular, formal reviews should be undertaken at the end of a task/activity, at the end of a security project/operation, when there is a significant change in circumstances that impacts on security, and at regular intervals.179 The review can be carried out for a number of reasons. They include any one or more of the following: to critically analyse the existing security plan and security safeguards in order to determine strengths, weaknesses and areas for improvement; obtain feedback from personnel involved in the execution of the security plan regarding its manageability; highlight any competency issues arising from new security challenges; examine how much contribution the operation/task/project brings to the achievement of the company’s objectives; provide assurance to top management that security is being managed effectively; and highlight examples of goods practice.180 The review also enables the security team to assess whether existing security protocols are being effective, and to take appropriate action as necessary.181 3.2.10 Learning ‘Learning is the key to continual improvement and is a natural extension of the review process.’182 This SMS component provides an opportunity to analyse the strengths, weaknesses, opportunities for improvement, feedback from installation operators and all the issues mentioned in the previous SMS component, which

176 177 178 179 180 181 182

Ibid. Ibid. Ibid. 13. Ibid. 14. Ibid. Ibid. Ibid. 15.

326

INTERNATIONAL OIL INDUSTRY RESPONSES

should all be considered in the context of ‘lessons learned’.183 The lessons learned then need to be communicated to the appropriate persons and appropriate action taken, which will ensure that the value of security is continually evolving and staying parallel with or one step ahead of the organisation that it is meant to protect.184 Learning also contributes to the wider security community, so that SOPs should be considered ‘living’ documents and open to criticism.185 It is expected that effective processes for learning lessons will enable a company to make improvements to procedures, update relevant documentation, implement new training courses, increase security awareness, introduce new security equipment or technology, achieve better integration of security into the organisation, better understand the company’s objectives and the contribution of security, improve relationship with and understanding of other business functions and, where appropriate, make improvements to the management system.186 3.2.11 Reporting to top management The final SMS component is ‘reporting to top management’. After review has been carried out and any lessons learned established, it is essential to submit a formal report to top management.187 The report should be brief and focused not on security as such, but on how security added value to the operation/project and how it contributed to the achievement of the company’s objectives. Any issues and recommendations arising from the review that may affect future operations; any intelligence/threat reports or any updates in the security infrastructure of which top management needs to be aware; and any recommended changes to the security policies or procedures should be included in the report.188 The report should also include any updates in the security organisation/infrastructure that top management needs to approve.189 To ensure that security issues are able to influence decisions, security issues should be addressed with equal consideration as production, process safety and other operational aspects that ‘should be embedded in business planning at all levels’.190 Providing such feedback to top management offers a number of benefits. It gives reassurance that security is being effectively managed and that the role of security in the achievement of the business objectives is understood; gives confidence in decision making that all security issues have been properly considered; reinforces the importance of security considerations and emphasises how security supports business operations rather than hinders them.191 It is expected that all of these will give security credibility in the organisation, which will allow security to be embedded

183 184 185 186 187 188 189 190 191

Ibid. Ibid. Ibid. Ibid. Ibid. 16. Ibid. Ibid. Ibid. Ibid.

327

INTERNATIONAL OIL INDUSTRY RESPONSES

into the organisational culture, integrated into other business processes and systems, and become a core component of a company’s OMS.192 3.3 SMS benefits An effective implementation of the SMS should provide benefits for the company. In particular, according to the IOGP, the SMS will ensure confidence ‘that security has the ability to prepare for and react to events that may otherwise present a threat to the organization’s people, information and/or assets’ and optimisation, ensuring ‘that the most efficient use of resources is made at optimum cost’.193 The IOGP contends that in contributing to the company’s overall confidence levels and resources optimisation, an SMS will improve the company’s resilience, enhance the company’s credibility, introduce core concepts and processes for SRM, enable a company to be agile and flexible in its response to existing and emerging security challenges and continually improve the capacity of an organisation to manage immediate and anticipated security challenges.194 The IOGP SMS model is not intended to be prescriptive and oil companies can adapt it to their own needs and circumstances.195 Using the IOGP SMS guidance, any company manager should be able to implement an effective SMS in line with the company’s vision, strategy and culture, by following the step by step structure and allocating appropriate resources.196 The benefit of integrating the SMS into the overall management system is that it helps to achieve company-wide consistency in addressing security risks.197 4 Offshore security controls and protection measures A variety of approaches and security controls can be taken to either prevent deliberate attacks on offshore installations or to mitigate their consequences.198 Varied combinations of security measures may be required or appropriate for different types of offshore installations depending on a range of factors and results of an SRA. Security controls are measures to mitigate the security risks. A security team or top management with responsibilities for security may be required to make tough decisions about which company assets and offshore installations need increased protection and what are the appropriate security measures for each offshore installation.199 In general, security controls can address prevention of security incidents and attacks, response to attacks and recovery after successful attacks. Security risk mitigation may involve a range of activities such as developing a risk mitigation strategy, carrying out SRAs, developing a security plan, conducting a

192 Ibid. 193 Ibid. 4. 194 Ibid. 195 Ibid. 2; IOGP and IPIECA, Operating Management System Framework (n 61). 196 IOGP, Security Management System (n 53) 1. 197 IOGP and IPIECA, Operating Management System Framework (n 61) 2. 198 Alexander Farrell, Hisham Zerriffi and Hadi Dowlatabadi, ‘Energy Infrastructure and Security’ (2004) 29 Annual Review of Environment and Resources 421, 456. 199 Adams (n 149) 136.

328

INTERNATIONAL OIL INDUSTRY RESPONSES

cost–benefit analysis for security purposes, identifying the host government proper communication channels and reporting procedures. In choosing which security controls to establish for a particular offshore installation, factors that may be considered include: operational readiness and reliability, costs and impact on company/project/installation operations, whether design is fit for purpose in the given circumstances, expected effectiveness to accomplish the purpose, existing security controls and layers of protection.200 The answers to questions such as ‘What are the best security measures for a given offshore installation in a given situation?’ and ‘How much is enough?’ are important and necessary to develop an effective security programme and implement appropriate security controls at optimum cost.201 The level of required security will depend on the nature of the offshore project, its location, security conditions in the area of operation and the maritime security level imposed by the coastal state authorities.202 Some security measures may not be warranted or cost-effective at the lower or normal security levels, but are appropriate at elevated security levels.203 The ISPS Code, for instance, defines three levels of security: security level one is ‘the level for which minimum appropriate protective security measures shall be maintained at all times’; security level two is ‘the level for which appropriate additional protective security measures shall be maintained for a period of time as a result of heightened risk of a security incident’; security level three is ‘the level for which further specific protective security measures shall be maintained for a limited period of time when a security incident is probable or imminent, although it may not be possible to identify the specific target’.204 Security controls are primarily aimed at the normal security level, but should also include planning for heightened security levels.205 Every offshore installation needs some basic security measures in place regardless of the risk assessment or the security level, as a foundation for protecting the installation from adversary acts (e.g. access control procedures) and additional security measures may be implemented as a result of an SRA or an elevated security level (particularly where vulnerabilities or new threats have been identified) to mitigate security risks.206 In this context, security controls may be categorised as: ‘permanent’ (i.e. measures that exist at all times) or ‘graduated’ (i.e. measures that can be activated according to changing risk and threat levels).207 ‘Permanent’ security controls may also be referred to as ‘proactive’ and ‘graduated’ security controls may be referred to as ‘reactive’. The IOGP has described ‘reactive’ security as security where outputs/measures (e.g. increased perimeter security) are triggered by certain events (e.g. an attempted break in) while ‘proactive’ security is where the inputs need to be identified through other processes.208 200 API, Security Risk Assessment Methodology (n 24) 38. 201 Adams (n 149) 142. 202 IOGP, Integrating Security in Major Projects (n 43) 2. 203 API, Security for Offshore Oil and Natural Gas Operations (n 44) 16. 204 ISPS Code s 2.1. 205 NOGA, 091 Recommended Guidelines for Securing Supplies and Materials in the Oil and Gas Industry (December 2013) 4. 206 Maerli (n 134) 14. 207 See Maerli (n 134) 12. 208 IOGP, Security Management System (n 53) 19.

329

INTERNATIONAL OIL INDUSTRY RESPONSES

Security controls and protection measures can also be categorised as ‘passive’ and ‘active’.209 The definitions can vary, but passive security controls are measures taken to reduce the probability of and to minimise the effects of the overall impact of the security event (whatever form it may take) caused by an adversary without the intention of taking the initiative;210 while active security controls refers to ‘the employment of limited offensive action to defeat the success of an attack by a hostile perpetrator’.211 Passive security measures are usually employed before a security incident or attack occurs and active security measures are usually employed during a security incident or attack.212 The most practical security measures are those that have little impact on business operations or expenditure relative to the anticipated reduction in vulnerability.213 The risk-based security approach has become a standard when it comes to the protection of offshore oil and gas installations. It allows companies and other stakeholders to prioritise resources and actions, and decide which risks may be tolerated and which need to be mitigated or controlled.214 At the core of the riskbased approach is a premise that in order to ensure that security controls are adequate and cost-effective against security risks, the number of assets to be protected should be optimised.215 The risk-based approach gives guidance in identifying assets (i.e. offshore installations) that require dedicated security measures to increase the level of their protection.216 The protection of oil and gas infrastructure in general and offshore installations in particular usually entails a ‘layered’ approach whereby several independent and overlapping security solutions or actions (i.e. layers of protection) are implemented to reduce the likelihood and severity of an offshore security incident or attack and whereby the security layers are reinforced by and support one another.217 The layered security approach is based on the principle that one layer of security controls alone is not sufficient to provide adequate protection because it can fail or be circumvented.218 A security layer around an offshore installation ‘aims to use all available resources to maintain the integrity of the installation’s security status’ and to keep the threats as far as possible from the target.219 Layers of protection can include physical security, personnel security and cyber security.220 In this chapter, security controls and protection measures have been categorised as: procedural security controls, physical security controls, personnel security controls, technical security controls and stakeholder security controls (see Figure 8.4). Some

209 IMCA, Security Measures and Emergency Response Guidance (n 42) 10. 210 Ibid. 211 Ibid. 212 Ibid. 11. 213 API, Security for Offshore Oil and Natural Gas Operations (n 44) 16. 214 Maerli (n 134) 44. 215 Ibid. 216 Ibid. 217 API, Security Risk Assessment Methodology (n 24) 5; CPNI, Protecting Against Terrorism (3rd edn, 2010) 5, 13. 218 IMCA, Security Measures and Emergency Response Guidance (n 42) 10. 219 Ibid. 220 API, Security Risk Assessment Methodology (n 24) 8.

330

INTERNATIONAL OIL INDUSTRY RESPONSES

Procedural security controls

Personnel security controls

Physical security controls

Offshore petroleum installation

Stakeholder security controls

Technical security controls

Figure 8.4 Security controls for offshore oil and gas installations. Source: Author.

of the security controls may overlap and some security controls fall into more than one category. 4.1 Procedural security controls Procedural security controls and measures are documented sequential and/or repetitive activities that are required to successfully accomplish a designated security task or achieve a particular security outcome.221 Procedural security controls and protection measures include conducting of SRAs; security planning; operational security procedures; communication and coordination; sensitive information and records handling; preventive maintenance; change and configuration management; and security drills and exercises. 4.1.1 Security risk assessments An SRA is one of the initial procedural steps that may be taken by a company to enhance its security and the security of its facilities. It should be carried out as early

221 IOGP and IPIECA, Operating Management System Framework (n 61) 33.

331

INTERNATIONAL OIL INDUSTRY RESPONSES

as possible. An SRA is one of the key components of the SMS. Oil and gas companies and operators of offshore installations regularly undertake SRAs to determine which offshore installations should receive the greatest attention and to ensure security risks are adequately evaluated, appropriate resources are allocated and planned, and that there is no over-spending or under-spending on security.222 An SRA is carried out according to a particular methodology or a step-by-step process. The process typically involves identifying assets, reviewing historical data on security incidents and attacks, identifying and evaluating threats and man-made hazards to company installations and operations, analysing potential perpetrators and their anticipated behaviour, assessing existing security controls, identifying vulnerabilities of assets/installations, establishing risk boundaries, evaluating potential consequences of security incidents, assessing security risks, conducting a quantitative risk analysis, prioritising security risks and considering risk mitigation options.223 An SRA may also include threat monitoring and classification and incident scenario assessment. There are a number of recognised SRA methods and models available for use by the oil and gas industry. In general, these methods typically share common risk assessment elements or steps. The IOGP, however, has pointed out that some of the established methods are being challenged by the proponents of more quantitative SRAs who argue ‘that the process of picking a number on an ordinal scale (typically 1–5) does not offer the same rigour as the more scientific probabilistic modelling techniques’.224 One of the most comprehensive and widely used SRA models across the oil and gas industry is the API SRA methodology, some of the concepts and elements of which were adapted for the analysis in the earlier chapters. The API SRA methodology is widely used and, for example, in Saudi Arabia, the API SRA methodology is mandatory for companies in the petroleum and petrochemical industries.225 The API SRA methodology is a five-step process comprising: asset characterisation, threat assessment, vulnerability assessment, risk evaluation and risk treatment.226 SRA should be continuous activity throughout the life of an offshore project.227 Having carried out an SRA and evaluated each security risk in the context of the company objectives and time frames, a prioritised list of security risks will be developed that will assist with security and resource planning.228 Consultations with security personnel and key stakeholders prior to making final decisions are

222 Eduard Kovacs, ‘Oil and Gas Companies Invest in Security to Tackle Risks Posed by Cyber Threats’ (Softpedia, 16 January 2013) http://news.softpedia.com/news/Oil-and-Gas-Companies-Investin-Security-to-Tackle-Risks-Posed-by-Cyber-Threats-321229.shtml accessed 1 December 2015; Maerli (n 134) 44. 223 Adams (n 149) 118. 224 IOGP, Security Management System (n 53) 23–24. 225 David Moore, ‘Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries’ (2013) 26(6) Journal of Loss Prevention in the Process Industries 1685, 1686. 226 API, Security Risk Assessment Methodology (n 24). 227 IOGP, Integrating Security in Major Projects (n 43) 4. See also API, Security Risk Assessment Methodology (n 24) 16. 228 IOGP, Security Management System (n 53) 25.

332

INTERNATIONAL OIL INDUSTRY RESPONSES 229

recommended. The output of the SRA should be included in the formulation of the security plan.230 4.1.2 Security policy and security plan Security planning is one of the key procedural security measures that should commence as early as possible in the offshore oil and gas project cycle.231 Security planning starts with a sound company security policy that clearly defines security goals and commitments of the company.232 Security planning also involves the development and implementation of security programmes, security plans, as well as operating security procedures. A security plan is a document that describes an offshore installation operator’s plan to address security related issues including security assessment, mitigation options and response actions.233 The purpose of a security plan is ‘to provide security guidance and recommended practices for the offshore installation’.234 The security plan should cover the security measures being taken to detect or deter an offshore attack or unlawful interference; security arrangements applicable at various security alert conditions; actions to be taken in response to security incidents or emergency situations; means of mitigating the consequences of an attack; post-incident recovery and business continuity aspects; any additional protection measures identified in the SRA;235 as well as any other aspects that may be required by international or national regulations.236 It has been noted that developing the security plan ‘serves as a cohesive security solution and addresses all aspects of security planning simultaneously’.237 Importantly, a security plan should also address technical and cyber security aspects of offshore installations. A security plan must be formally owned by a staff or crew member (e.g. CSO or OISO) who has the responsibility for overseeing security arrangements and who possesses the authority to coordinate security-related actions.238 The person responsible for maintaining and implementing the security plan should have an understanding and take full interest in almost every aspect of the offshore installation operations because ‘there are security implications to almost every major decision’.239 Adherence to the security plan and all related requirements and recommendations

229 Adams (n 149) 136. 230 API, Security for Offshore Oil and Natural Gas Operations (n 44) 3. 231 IOGP, Integrating Security in Major Projects (n 43) 2. 232 API, Security for Offshore Oil and Natural Gas Operations (n 44) 2–3; API and NPRA, Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries (2nd edn, October 2004) 48. 233 API, Security Risk Assessment Methodology (n 24) 8. 234 API, Security for Offshore Oil and Natural Gas Operations (n 44) 11. 235 Ibid. 3; API and NPRA, Security Vulnerability Assessment Methodology (n 232) 64. 236 See, e.g. Australian Government, Department of Transport and Regional Services (DOTARS), Guide to Preparing an Offshore Security Plan for Offshore Facility Operators (July 2005); DOTARS, Guide to Preparing an Offshore Security Plan for Offshore Service Providers (December 2005); DOTARS, ‘Preparing Offshore Security Plans’ (Better Practice Guide No. 1, July 2005). 237 RiskWatch International (n 76) 8. 238 CPNI, Protecting Against Terrorism (n 217) 6. 239 Ibid.

333

INTERNATIONAL OIL INDUSTRY RESPONSES 240

is critical. Hence, it is crucial that the security plan has the full support of senior management.241 The security plan needs to be a working document whereby it is constantly reviewed and updated in response to organisational change, project deviations or changes in the operating environment.242 Revised security plans should be distributed to all appropriate company personnel (on a ‘need to know’ basis) and the coastal state authorities where regulations so require or where cooperative arrangements with government agencies exist.243 The security plan should be treated as confidential and security sensitive. Access to the security plan should only be provided to those who need to know its contents (i.e. personnel with security-related responsibilities).244 To be effective, the security plan must be developed based on the information about almost every aspect of the company or offshore installation operations.245 The security plan should be flexible enough and highly integrated into other management systems and everyday operations and practices.246 Typically, a separate security plan will be developed for each individual offshore installation in addition to an overarching company security program or an SMS that sets out common actions and interdependencies at the company level.247 4.1.3 Operating security procedures The overall company management system typically necessitates the use of written operating procedures and requirements designed to enhance efficiency, safety, and quality of operations. These include internal company guidelines, policies, protocols, checklists and SOPs. It is important to ensure that operating procedures take security aspects into consideration. Alternatively, specific security-related SOPs need to be developed and implemented across the company to aid full integration with the operations in order to achieve desired security outcomes, keeping in mind company objectives.248 Good security outcomes can be reflected by well-developed operating security procedures, whereby everyone is following written procedures that describe the optimum method for certain security-related processes to enhance the protection of the offshore installation and people on board.249 In that regard, security SOPs may prove crucial to successful implementation of the security plan and the protection of the installation. SOPs are sets of standardised company or project-specific instructions or directives covering certain features of operations designed to execute operations in a defined manner whereby organisational objectives are achieved and all rules and regulations

240 API, Security for Offshore Oil and Natural Gas Operations (n 44) 9. 241 CPNI, Protecting Against Terrorism (n 217) 6. 242 Ibid.; API, Security for Offshore Oil and Natural Gas Operations (n 44) 11; IOGP, Integrating Security in Major Projects (n 43) 7. 243 API, Security for Offshore Oil and Natural Gas Operations (n 44) 11. 244 Ibid. 245 CPNI, Protecting Against Terrorism (n 217) 5. 246 Ibid. 247 Ibid. 248 IOGP, Integrating Security in Major Projects (n 43) 7. 249 Steve Holloway, ‘Writing Effective Standard Operating Procedures (SOP) for Oil & Gas Professionals & Engineers’ (Training Course, Kuala Lumpur, 19–20 January 2012).

334

INTERNATIONAL OIL INDUSTRY RESPONSES 250

are complied with. In the offshore installations security context, there can be SOPs that address the chain of command in security and emergency situations; SOPs for dealing with bomb threats; SOPs for handling security sensitive information; visitor management procedures; procedures for the vetting of incoming shipments of stores and supplies brought by offshore supply vessels; employee induction checklists; check-in and search procedures at points of embarkation; emergency shutdown and evacuation procedures; protocols for reporting security incidents and communicating with relevant emergency coordination centres of the coastal state in the event of a security incident; procedures for documenting and investigating incidents; and procedures for preservation of evidence and keeping of records.251 SOPs may also set out applicable regulatory requirements which a person performing the role should be aware of and/or required to comply with. Security SOPs also need to account for elevated security alert levels and security warnings.252 Security SOPs are distributed to wider groups of people than the security plans, but they should also be treated as confidential and therefore should generally be distributed on a ‘need to know’ basis. Operating procedures and SOPs need to be reviewed as part of the management of change, for instance, when changes are made to installations, and they need to be reviewed periodically and updated, as required,253 to ensure that they reflect current and actual operating practices and achieve the desired security outcomes. Review of and change to SOPs should be documented and communicated to appropriate personnel. 4.1.4 Communication and coordination The procedures for receiving, processing and disseminating security-related information and coordinating activities of relevant stakeholders aimed at protecting offshore installations is one of the key procedural security controls. Communication and coordination can be internal (i.e. within an offshore installation/project/ company) and external (i.e. with third parties such as contractors, suppliers, security forces and emergency responders). This procedural security control can include activities such as receiving intelligence support, reporting of security incidents and suspicious activity, notifying other offshore installation operators in the area of security threats, alerts or incidents, responding to requests for specific information, communication of data, including which computer systems and networks are critical to security (e.g. process control systems, electronic access control systems), coordinating activities on board the installation to deter a security threat, coordinating response actions with relevant authorities, providing or receiving status/situation reports, reporting extra-ordinary developments and making requests for security assistance.254

250 Ibid. 251 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 56, 64–65; FortisBC, ‘Prevention of Violence in the Workplace’ (Specification No. OHS 01-12, 11 December 2014) 4. 252 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 64. 253 Ibid. 254 IOGP, Security Management System (n 53) 12; API, Security Guidelines for the Petroleum Industry (3rd edn, April 2005) 15.

335

INTERNATIONAL OIL INDUSTRY RESPONSES

Personnel with direct security responsibilities (e.g. CSOs) should keep abreast of the latest government intelligence updates, security alerts and threat warnings, evaluate this information and have procedures for disseminating it, as appropriate, throughout the company to appropriate personnel and installations in real time, provide communication capabilities between offshore workers and augment security arrangements to safeguard the installations and personnel on board.255 The main purpose of external communications is to enable exchange of security information to support operational decisions.256 Offshore installation operators should establish adequate channels or lines of communication with adjacent and nearby offshore installations, communications with vessels, and relevant coastal state authorities and emergency responders to facilitate timely communication and dissemination of threat alerts and security information between the concerned parties.257 There should be agreed procedures and protocols for reporting suspicious activities and security incidents as soon as practical, including communications systems and methods that can be used to contact the authorities; when notifications and reports are to be made; and particulars to be reported.258 Offshore installations need to have established procedures for communicating requests for aid and coordinating evacuation and emergency response with offsite emergency responders.259 Operators of offshore installations should also coordinate activities with their contractors and offshore service providers, as required, ‘in order to provide a clear understanding of responsibilities for operational decision-making and emergency response’.260 Similarly, internal procedures should be established for communicating security information within the company and coordinating security responses on board offshore installations.261 A record of specific actions taken for each security level should be maintained by the offshore installation operator.262 International standard ISO/IEC 27010:2012 provides guidelines for information management and inter-organisational communications.263 4.1.5 Sensitive information and records handling Another procedural security control relates to handling of security sensitive information. Security sensitive information can include documents and records such

255 API, Security for Offshore Oil and Natural Gas Operations (n 44) 2; API and NPRA, Security Vulnerability Assessment Methodology (n 232) 51. 256 IOGP, Security Management System (n 53) 12. 257 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 63; API, Security for Offshore Oil and Natural Gas Operations (n 44) 2. 258 API, Security for Offshore Oil and Natural Gas Operations (n 44) 5; Bill Isaacs, ‘Coming Together: An Emergency Preparedness Standard for the Petroleum and Natural Gas Industry’ (nd) www.disasterforum.ca/DF2013_protected_material/Isaacs,%20Bill.pdf accessed 10 March 2015. 259 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 64; IOGP, Mutual Aid in Large-Scale Offshore Incidents (n 43) 18. 260 API, Security for Offshore Oil and Natural Gas Operations (n 44) 13. 261 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 49; API, Security for Offshore Oil and Natural Gas Operations (n 44) 2. 262 API, Security Guidelines for the Petroleum Industry (n 254) 27. 263 ISO/IEC 27010:2012 Information technology – Security techniques – Information security management for inter-sector and inter-organizational communications.

336

INTERNATIONAL OIL INDUSTRY RESPONSES

as security plans, incident and investigation reports and security alert notifications, in both digital and hard-copy formats, as well as verbal communications. Only company employees and third parties with legitimate ‘need to know’ shall have access to sensitive information. Steps should be taken to protect from unauthorised disclosure sensitive technical and operational information on critical process or vulnerabilities of the operation that could be used by potential adversaries.264 Each offshore installation operator should develop a policy for maintaining confidentiality and control of relevant security sensitive information.265 This may include implementation of policies and procedures for identifying and classifying internal information, controlling and restricting access to sensitive information, keeping security-related records, storing, transmitting and destroying security sensitive information.266 For example, procedures can be implemented that require desks to be left clear of sensitive documents ‘and computer screens to be locked when unattended’.267 Sensitive information in maintenance areas should be safeguarded against inadvertent disclosure.268 To improve the procedures for secure handling of sensitive information companies should consider implementing information and records management systems and processes in accordance with relevant international standards such as ISO/DIS 30302.269 Many offshore installations have record or document management systems already in place for aspects such as offshore safety.270 To avoid duplication, the existing document management systems should be modified and adapted to include security-related matters and specify record retention policies as well as personnel responsible for maintaining the security records.271 Information security measures also aim to protect companies data in electronic form including its storage and distribution and measures to protect information stored on mobile devices.272 4.1.6 Preventive maintenance ‘Preventive maintenance’ is a concept that is usually used in the context of safety, but it can be adapted for security purposes as a procedural security measure. It refers

264 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 58. 265 API, Security for Offshore Oil and Natural Gas Operations (n 44) 2, 9. 266 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 49; CSA, Security Management for Petroleum and Natural Gas Industry Systems (Standard CSA Z246.1-09, 1st edn, August 2009) iii; API, Security Guidelines for the Petroleum Industry (n 254) 14. 267 API, Security Guidelines for the Petroleum Industry (n 254) 33. 268 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 58. 269 See, e.g. ISO/DIS 30302 Information and Documentation – Management Systems for Records – Guidelines for Implementation; ISO/IEC 27001:2013 Information technology – Security techniques – Information security management systems – Requirements; ISO/IEC 27002:2013 Information technology – Security techniques – Code of practice for information security controls; ISO/IEC 27003:2010 Information technology – Security techniques – Information security management system implementation guidance; ISO/IEC 27005:2011 Information technology – Security techniques – Information security risk management; ISO/IEC TR 27019:2013 Information technology – Security techniques – Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry; ISO/IEC 27040:2015 Information technology – Security techniques – Storage security. 270 API, Security Guidelines for the Petroleum Industry (n 254) 14. 271 Ibid. 272 CPNI, Protecting Against Terrorism (n 217) 13; API and NPRA, Security Vulnerability Assessment Methodology (n 232) 58.

337

INTERNATIONAL OIL INDUSTRY RESPONSES

to predetermined maintenance that is regularly performed on a piece of equipment with the aim of preventing the ‘wear and tear’ or unexpected failure of equipment components.273 Failure of security equipment or components can compromise security of the entire offshore installation. Therefore, security equipment and devices should be inspected and maintained in order to achieve and sustain high levels of integrity and performance throughout their lifecycle.274 Offshore installations operators should develop procedures and routines for maintenance, inspection and testing of security equipment and related components to ensure facilities and equipment ‘are operated within defined design and operating limits at all times’.275 Preventive maintenance can include activities such as developing a maintenance schedule for various security-related equipment and components (e.g. lighting, motion sensors), inspections and testing of security equipment, performing diagnostic analyses, regular maintenance and calibration, and replacement of equipment and components.276 The key about preventive maintenance is that it is performed while the equipment is still working to anticipate and prevent sudden breakdowns.277 In that regard, preventive maintenance helps contribute to the security of offshore installations by prolonging the useful life of security equipment and minimising equipment failures and breakdowns. Preventive maintenance provides additional assurance of the integrity and reliability of certain physical and technical security controls.278 4.1.7 Change and configuration management From time to time changes and modifications are made to offshore installations and/or their operating procedures out of necessity, which may affect the security safeguards built into the original design or processes. Even minor changes may have the potential for disruption, injury or loss.279 In that sense, managing and controlling changes has a security dimension and it can be considered a procedural security measure for offshore installations. Offshore installation operators should have a systematic process in place for evaluating changes to the installation or its operations for their potential security impacts prior to implementation, as well as changes in the operating environment that may have security implications for the installation.280 Changes with security implications are not limited to the installation and may also include changes of key personnel. There should also be a process for communicating these changes, once they have been made, to relevant personnel and incorporating them into relevant procedures and documentation (e.g. SRAs,

273 Industrial Accident Prevention Association (IAPA), ‘A Health and Safety Guideline for Your Workplace’ (May 2007). 274 IOGP and IPIECA, Operating Management System Framework (n 61) 21; API and NPRA, Security Vulnerability Assessment Methodology (n 232) 63. 275 IOGP and IPIECA, Operating Management System Framework (n 61) 21. 276 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 55, 63; IAPA (n 273). 277 IAPA (n 273). 278 Ibid. 279 See Stone Energy, ‘Section 4 – Management of Change: OCS Rig Operations’ (16 March 2015) www.stoneenergy.com/pdf/sems/wo/Management%20of%20Change.pdf accessed 1 December 2015. 280 API, Security Guidelines for the Petroleum Industry (n 254) 12.

338

INTERNATIONAL OIL INDUSTRY RESPONSES

SOPs) to ensure that they address the latest configurations and arrangements of the offshore installation.281 The change management process may involve activities such as submission of change requests, evaluation of change requests and their security implications, documenting any changes approved, and familiarising personnel with new arrangements through security training, drills and exercises.282 ‘Configuration management’ refers to technical aspects of change management. It is a set of policies and processes for evaluating, coordinating and implementing changes ‘to hardware, firmware, software, and documentation to ensure the information system is protected against improper modifications’, and tracking of these changes throughout the equipment’s, component’s or the project’s lifecycle.283 The ISO has defined configuration management as ‘coordinated activities to direct and control configuration’.284 In the offshore security context, configuration management is about controlling changes to technical configurations of offshore installations security controls or other systems and processes that may have security implications. Configuration management helps to ensure that different staff members (possibly at different sites) do not use different versions of components or artefacts unintentionally or create versions without the proper authorisation.285 Configuration management should be supported by well-defined company policies and standards that clearly ‘identify and describe responsibilities and authorities related to the implementation and verification of the configuration management process’,286 define the set of artefacts and interfaces under configuration management and specify how an artefact under configuration management is allowed to change and under what conditions.287 For guidance on configuration management, companies can refer to international standards such as ISO 10007:2003 and ISO/IEC 90003:2004 and relevant industry guidelines.288 4.1.8 Security drills and exercises Apart from the ongoing SRA process and security plan implementation, offshore crews may be required to respond to security incidents and emergency situations.289 Security and emergency preparedness is an important aspect of the overall security of offshore petroleum installations. These procedural security measures involve

281 FortisBC, ‘Security Management System’ (Policy No. SEC 01-17, 19 September 2013) 17; API, Security Guidelines for the Petroleum Industry (n 254) 12. 282 API, Security Guidelines for the Petroleum Industry (n 254) 35; FortisBC, ‘Security Management System’ (n 281) 17. 283 Software Engineering Institute, A Framework for Software Product Line Practice Version 5.0 (nd) www.sei.cmu.edu/productlines/frame_report/config.man.htm accessed 1 December 2015; Keith Stouffer, Joe Falco and Karen Scarfone, ‘Guide to Industrial Control Systems (ICS) Security’ (Special Publication No. 800-82, National Institute of Standards and Technology (NIST), June 2011) 6–6; IMCA, Guidelines for the Quality Assurance and Quality Control of Software (September 2001) 12. 284 ISO 10007:2003 Quality Management Systems – Guidelines for Configuration Management. 285 Software Engineering Institute (n 283). 286 ISO 10007:2003 Quality Management Systems – Guidelines for Configuration Management 2. 287 Software Engineering Institute (n 283). 288 ISO 10007:2003 Quality Management Systems – Guidelines for Configuration Management; ISO/IEC 90003:2004 Software engineering – Guidelines for the application of ISO 9001:2000 to computer software. 289 IOGP, Integrating Security in Major Projects (n 43) 6.

339

INTERNATIONAL OIL INDUSTRY RESPONSES

planned activities such as active onsite security drills and exercises that address various aspects of the security plan and any operating procedures that support the security plan such as emergency preparedness and incident response.290 Conducting regular security drills and exercises will help familiarise staff with relevant procedures and provide an opportunity to make any changes to the offshore security plan.291 Security drills and exercises should address various scenarios including violent attacks, non-violent unlawful interferences and other security-related emergencies.292 For example, this may include exercises for dealing with bomb threats and practising bomb search procedures in which all offshore crew members participate.293 The frequency at which security drills and exercises are conducted and their nature will depend on each specific offshore installation and/or regulatory requirements.294 In some cases, based on an SRA and other factors such as the location of the offshore installation, it may be determined that no security drills or exercises are warranted, in others it may be found that targeted internal company exercises covering certain aspects of the SMS or the security plan and involving a small group of employees will be sufficient.295 In high-risk areas, there may be a need for comprehensive largescale onsite security drills and exercises involving multiple groups, and/or conducted jointly with government security forces, offshore emergency responders and other industry participants, bearing in mind laws and regulations of the coastal state, company policies and provisions of the VPSHR and the United Nations Guiding Principles on Business and Human Rights (UNGP), as applicable.296 Companies should also carry out security tests of technical components and security systems including new software applications. There should also be a process in place that allows feedback and experiences from drills and exercises (as well as actual emergencies) to be collected, recorded and subsequently reviewed by personnel with security management responsibilities.297 To minimise duplication and costs, existing safety drills, exercises and related activities should be leveraged and security aspects should be integrated into them.298 4.2 Physical security controls One of the most common approaches for mitigating security risks is to assess, and if warranted, enhance physical security aspects of offshore installations. Physical

290 API, Security Guidelines for the Petroleum Industry (n 254) 14. 291 CPNI, Protecting Against Terrorism (n 217) 28. 292 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 65. 293 Brian Jenkins, ‘Potential Threats to Offshore Platforms’ (RAND Corporation, January 1988) 21. 294 API, Security Guidelines for the Petroleum Industry (n 254) 14. 295 Ibid. 296 IOGP, Integrating Security in Major Projects (n 43) 6; API, Security Guidelines for the Petroleum Industry (n 254) 14. 297 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 65; API, Security Guidelines for the Petroleum Industry (n 254) 14. 298 API, Security Guidelines for the Petroleum Industry (n 254) 14.

340

INTERNATIONAL OIL INDUSTRY RESPONSES

security controls are essentially physical security features and barriers implemented to deter, prevent, delay or respond to security incidents and threat alerts affecting an offshore installation until security forces and/or authorities arrive.299 They can be summarised as: structural protection and integrity; access control; perimeter security; surveillance and detection; security guard force management; security alert response; security incident management; and operational continuity management. 4.2.1 Structural protection and integrity One of the first steps a company can take to address physical security of its offshore installations is to improve their structural protection and integrity. Structural protection and integrity refers to structural features, materials and techniques that help to mitigate security risks, including those associated with inherent structural vulnerabilities of offshore installations, and reduce the impacts of an attack. It is good practice to address structural security, and integrity issues should be addressed in the initial design phase that provides the best opportunity to enhance physical security of offshore installations in the most cost-effective way. Structural security measures can be built into critical components of offshore installations during the design and construction, rather than added at a later stage.300 Subsequent structural security upgrades to offshore installations tend to be more demanding and costly, particularly if operations need to be interrupted.301 For instance, if it is anticipated that security personnel might be stationed on board, additional accommodation capacity should be considered at the design phase.302 Structural protection and integrity can include security measures such as explosion, fire and blast containment design; specification of materials to be used in fabrication of components; blast and fire resistant walls and doors; the internal layout, design of features of offshore installations such as doors, gates and locks; the design of structural redundancy using techniques such as isolation, segmenting and shielding of critical processes and components.303 Structural security controls also include establishing heavily protected areas on board offshore installations with reinforced walls and doors fabricated from heavy-duty and/or tamper-resistant materials, communication equipment and power supply,304 known as ‘incident rooms’ or ‘citadels’, that can provide shelter for offshore crew in the event of an attack.305 The oil industry associations and standardisation organisations have developed a number of standards, guidelines and recommended practices on various aspects of structural protection and integrity such as safety, environmental protection,

299 See, e.g. NOGA, 091 Recommended Guidelines for Securing Supplies (n 205) 6. 300 IOGP, Integrating Security in Major Projects (n 43) 4. 301 RiskWatch International (n 76) 9. 302 IOGP, Integrating Security in Major Projects (n 43) 5. 303 See Ben Gerwick Jr, Construction of Marine and Offshore Structures (3rd edn, Taylor & Francis 2007) 45; API and NPRA, Security Vulnerability Assessment Methodology (n 232) 61–62; IOGP, Integrating Security in Major Projects (n 43) 4. 304 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 61. 305 IOGP, Integrating Security in Major Projects (n 43) 4.

341

INTERNATIONAL OIL INDUSTRY RESPONSES

hazard management that can be adapted for security purposes.306 The IOGP recommends engaging the services of architects, designers and engineers with specialised security knowledge who can accurately define ‘the specifications of materials for the design of a facility with specific risks in mind’.307 4.2.2 Access control One of the most effective ways to protect offshore installations is to prevent the potential perpetrators from gaining access to them,308 by implementing good access controls. Offshore operators use a number of security measures to control access to offshore installations and to certain areas on board. Most access control measures are physical security controls. Physical access controls can be implemented at several different points: points of embarkation (i.e. security checks at heliports and sea ports); access controls to the offshore installation to prevent unauthorised access from the sea or air (e.g. surface fences and barriers to prevent small vessels and craft from entering exclusion zones, locked gates between the mooring area or helipad and the deck of the offshore installation);309 and access controls to restricted areas or security zones established on board offshore installations (e.g. locked doors and gates, alarms). Access points may be manned or unmanned, security guards may be armed or unarmed, monitored or unmonitored.310 For manned offshore installations, controlling access at the points of embarkation is one of the key security measures.311 Only authorised personnel should be allowed access to the offshore installation.312 Offshore installation operators should coordinate authorisations for the transportation of personnel, supplies and equipment with the point of embarkation.313 To prevent prohibited items from being brought on board the installation, all personnel including contractors and other visitors should be subjected to the operator’s policy and procedures on searches and inspections. This can include physical searches and non-intrusive inspections (e.g. x-ray screening, random physical inspections, the use of detector dogs, explosives and BNC detection testing of personnel, luggage and stores) prior to departures to offshore installations.314 For example, NOGA has developed guidelines for the

306 See e.g., API, Management of Hazards Associated with Location of Process Plant Buildings (Recommended Practice 752, 3rd edn, December 2009); IOGP, Asset Integrity – The Key to Managing Major Incident Risks (Report No. 415, December 2008); API, Design and Hazardous Analysis for Offshore Production Platforms (Recommended Practice No 14J, 2nd edn, May 2001); IOGP, High Integrity Protection Systems – Recommended Practice (Report No. 443, February 2015). ISO/DIS 17776:2015 Petroleum and natural gas industries – Offshore production installations – Major Accident hazard management during the design of new installations. 307 IOGP, Integrating Security in Major Projects (n 43) 4. 308 Adams (n 149) 137. 309 Jenkins (n 293) 20 (also noting that ‘[c]ranes may be swung across helipads to prevent unauthorized landings’ of helicopters). 310 Ibid. 311 Michael Crocker, ‘Platforms, Pipelines, and Pirates’ (2007) 51(6) Security Management 76, 80. 312 API, Security for Offshore Oil and Natural Gas Operations (n 44) 12. 313 NOGA, 003 Recommended Guidelines for Checks at Helicopter Terminals (n 44) 7. 314 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 56; API, Security for Offshore Oil and Natural Gas Operations (n 44) 12; Adams (n 149) 142.

342

INTERNATIONAL OIL INDUSTRY RESPONSES

offshore industry to establish industry-wide practices relating to check-in and security checks at heliports before departures to offshore installations.315 Areas on board offshore installations where critical components such as utilities and controls are located can be designated as restricted areas subjected to additional access controls to which only personnel with legitimate operational need and proper authorisation will have access; doors to control rooms and areas with access to critical equipment should be locked or otherwise secured to prevent unauthorised entry; appropriate signage (e.g. ‘restricted area’, ‘authorised personnel only’) should be prominently displayed to inform personnel that access is restricted and to deter the potential intruders;316 access to keys or key cards for doors and gates that protect controls rooms and critical process areas should be secured and accessible only by authorised personnel; and alarms may be triggered if a breach occurs.317 To mitigate the risk posed by hostile vessels and control the movement of ships and people in the vicinity of offshore installations, coastal states can establish exclusion zones around offshore installations for security purposes that unauthorised ships are prohibited from entering. Security zones can serve as effective deterrents of unauthorised vessels. The boundaries of offshore security zones should be marked with signage to inform ships and other craft of the existence of a security zone.318 Offshore installation operators are encouraged to consider the relevant international standards on signage such as ISO 3864-1:2011 that provide a useful reference for security-related signage at offshore installation sites and on board.319 Other access controls within security zones can include holding vessels that arrive at an offshore site in a specific area outside the security or exclusion zone around the installation; erection of buoys and picket boats to limit access to the installation; and attempts by the offshore installation crew to establish communication with ships approaching the installation.320 Coastal states’ authorities may declare a security zone on board ships that come in contact with offshore installations, in which case, a ship security zone and an offshore installation security zone overlap while the ship is berthed near an offshore installation.321 Unmanned installations present special challenges because of the difficulty in controlling access. Without staff being present on the installation, the arrival of helicopters and ships could easily go unnoticed.322 However, security regulations of the coastal state may require that offshore installations be secured with physical barriers to prevent unauthorised boarding, and be continuously monitored.323 315 See NOGA, 003 Recommended Guidelines for Checks at Helicopter Terminals (n 44). 316 Australian Government, Department of Infrastructure and Transport (DIT), Guidance Paper on Signage & Notices (undated) 4. 317 API, Security for Offshore Oil and Natural Gas Operations (n 44) 12; API and NPRA, Security Vulnerability Assessment Methodology (n 232) 54, 60–61; DIT (n 316) 3–4. 318 DIT (n 316) 1, 4. 319 See ISO 3864-1:2011 Graphical Symbols – Safety Colours and Safety Signs; DIT (n 316) 4. 320 IMO, Non-Mandatory Guidelines on Security Aspects of the Operation of Vessels Which Do Not Fall Within the Scope of SOLAS Chapter XI-2 and the ISPS Code, IMO Doc MSC.1/Circ.1283 (22 December 2008) annex (‘Guidelines on Security Aspects of the Operation of Vessels Which Do Not Fall Within the Scope of SOLAS Chapter XI-2 and the ISPS Code’) 38; DIT (n 316) 1, 4. 321 DIT (n 316) 3. 322 Crocker (n 311) 80. 323 Ibid.

343

INTERNATIONAL OIL INDUSTRY RESPONSES

4.2.3 Perimeter security Physical access controls are closely related to perimeter security measures of offshore installations. Perimeter security is twofold: physical perimeter of an offshore installation and the perimeter of the offshore security zone established around it. Offshore operators have several options when it comes to perimeter security including fences, cosmetic security measures, physical barriers and obstacles, and video surveillance and intruder detection systems (IDSs).324 Perimeter of security zones may be protected with lines of propeller entanglers that can stop the propellers of smaller-size intruding craft; or with surface barriers (e.g. steel wire nets and fences) to deter unauthorised vessels from entering security zones.325 These surface barriers usually require large moorings.326 In some cases, the use of underwater fences may be appropriate to restrict direct contact with the installation substructure or counter-boarding fences or nets to prevent boarding from the sea.327 Similarly, targeted use of fences above the water surface and on board may be appropriate to maintain perimeter security of an offshore installation. Fences may be fitted with additional obstacles (e.g. barbed or concertina wire at the top to deter the perpetrators from climbing over it, or an electrified fence),328 fitted with sensors (e.g. vibration, strain, electric field, or multiple sensors) and interlinked with surveillance and detection systems, so that warnings and alarms may be triggered automatically.329 Adequate lighting and illumination of the perimeter and at access points is a costeffective security measure. Illumination and lighting may be provided on a continuous basis or it may be triggered by motion sensors or other detector devices.330 In some cases cosmetic security measures (e.g. dummy cameras, warning signs such as ‘surveillance camera in use’, ‘armed security personnel on site’ or ‘no trespassing’), can prove to be good cost-effective attack deterrents.331 Positioning offshore support ships around an offshore installation to provide cordon protection is another security measure, sometimes employed in high-risk areas. 4.2.4 Surveillance and detection Surveillance and intruder detection is widely used in the offshore industry for security purposes. The main purpose of surveillance and detection measures is to provide the offshore installation crew with a capability to detect security threats and breaches as early as possible, evaluate them in a timely manner and initiate appropriate response actions.332 The ability to detect potential threats early and

324 IMCA, Security Measures and Emergency Response Guidance (n 42) 10–11; Adams (n 149) 136. 325 Adams (n 149) 137. 326 Massimo Annati, ‘Non-Lethal Weapons to Protect Critical Infrastructures’ (Paper presented at NATO Maritime Interdiction Operational Training Centre 6th Annual Conference ‘Current and Future Challenges to Energy Security in the Maritime Environment’ Souda Bay, Greece, 4 June 2015) 3. 327 See, e.g. IMCA, Security Measures and Emergency Response Guidance (n 42) 11. 328 Adams (n 149) 137. 329 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 52. 330 Ibid. 52, 56. 331 Adams (n 149) 140. 332 Farrell, Zerriffi and Dowlatabadi (n 198) 457 (noting that a secondary purpose is to collect evidence to be used in the investigation of security incidents).

344

INTERNATIONAL OIL INDUSTRY RESPONSES

respond to alerts quickly can prevent an attack from succeeding or occurring. This is achieved with the help of surveillance and intrusion detection technology, which plays an increasingly valuable role in securing offshore installations. A number of surveillance and detection tools and devices are available to offshore installations operators ranging from manned surveillance to automated tracking and IDSs, but they generally cover three main aspects: wide-area external surveillance and detection; perimeter surveillance and intruder detection; and internal on board surveillance and detection. Offshore installation operators need to ensure that surveillance and detection devices are continuously monitored and positioned to eliminate gaps in coverage; kept clear of visual obstructions; protected from tampering; substitute measures employed when alarms are not operating and backup power provided.333 Short-range radar surveillance equipment and satellite tracking of ships (e.g. AIS) may be used to provide real-time situational awareness capability and can be an effective early warning tool.334 Radar surveillance and detection devices can identify and track ships and other maritime craft passing or approaching as far as 20 nautical miles from an offshore installation and can provide real-time accurate position of all support vessels.335 The system may be programmed (and interfaced with situational awareness software) such that any vessel entering the area of radar coverage and particularly those heading towards the installation will activate an alarm.336 Surface radars may be complemented by strategically placed weatherresistant, high-resolution vectored pan-tilt-zoom cameras to provide a useful view of any approaching craft detected by radar.337 Closed circuit television (CCTV) cameras are used for internal video surveillance of certain areas on board the offshore installation and external monitoring of the perimeter. The video surveillance and detection systems should be able to capture video or photographs, either constantly or when an alarm is activated. CCTV cameras can be used for assessing detected alarms and validating their root causes, as well as to continually monitor vessels approaching the installation or areas on board.338 CCTV cameras should be positioned to cover all key critical areas on board the installation and the perimeter, particularly areas that are considered most vulnerable to intrusion.339 CCTV may be used as a standalone device ‘or in conjunction with other protective security measures such as intrusion detection systems’.340 Radio frequency identification (RFID) technology can be used to track the movements of items and personnel in a given area (e.g. on board installation

333 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 55. 334 Honeywell International, ‘Maritime Security: Meeting Threats to the Offshore Oil and Gas Industry’ (White Paper, May 2008) 6. 335 Ultra Electronics SML Technologies, ‘Integrated Security and Safety System for Offshore Oil and Gas Installations’ (2007); Honeywell International (n 334) 6. 336 Honeywell International (n 334) 6. 337 Ibid. 6. 338 Honeywell International (n 334) 10. 339 Adams (n 149) 140. 340 CPNI, Ongoing Personnel Security: A Good Practice Guide (3rd edn, April 2014) 30.

345

INTERNATIONAL OIL INDUSTRY RESPONSES

or within a security zone).341 CCTV could be a vital tool in any post-incident investigation.342 IDSs are used for real-time detection of any external breaches of the installation perimeter from the surface and air, as well as any breaches of restricted areas on board (e.g. motion sensors, pressure sensors, gates or doors fitted with alarms) with data being transmitted to the control room.343 Underwater monitoring and intruder detection systems/devices such as acoustic detection equipment, underwater cameras and hull/substructure sensors can be used to address underwater intrusion scenarios involving divers or underwater craft.344 It has been suggested that passive acoustic detection methods are ‘simpler and cheaper than conventional sonar techniques’.345 In general, surveillance and intrusion detection technology has become more sophisticated and can now include integrated radar-CCTV systems, electro-optics surveillance, multiple sensor integration and data distribution capabilities, layered maritime domain awareness, video content analysis and direction finders.346 The dual-headed laser-illuminated day/night and thermal CCTV cameras optimise visual capability in a wide range of operating conditions.347 4.2.5 Security guard force management The use of security guards is another physical security measure that may be employed by offshore installation operators. Security guards may be stationed on board offshore installations and at departure points onshore, and they may be either unarmed or armed with lethal and/or non-lethal weapons.348 Although offshore operators should try to avoid the need for personnel or security guards to be armed, in some operating environments the use of firearms is appropriate and may be required by the coastal state.349 In low-risk areas offshore installations security measures do not usually include armed security guards, whereas in high-risk areas the presence of armed security guards on board offshore installations may be considered necessary and is common industry practice.350

341 See NOGA, Norwegian Oil and Gas Association Guideline: Deployment of Radio Frequency Identification (RFID) in the Oil and Gas Industry: Part 1 – General Principles for Deployment (Guideline No. 112, August 2007); NOGA, Recommended Guidelines for Deployment of RFID on the Norwegian Continental Shelf (n.d.). 342 CPNI, Ongoing Personnel Security (n 340) 30. 343 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 53, 55. 344 Jenkins (n 293) 20; Ed Badolato, ‘Maritime Security Planning: Security Beyond Container’ (Institute for Defense & Government Advancement, Long Beach, USA, 26 May 2004). 345 Charles V. Schaefer, Jr. School of Engineering & Science, Stevens Institute of Technology, ‘Centre Projects’ (2015) www.stevens.edu/ses/msc/research/center-projects accessed 1 December 2015. 346 Ultra Electronics (n 335); Charles V. Schaefer, Jr. School of Engineering & Science (n 345). 347 Honeywell International (n 334) 8. 348 IMCA, Security Measures and Emergency Response Guidance (n 42) 11. 349 IOGP, Firearms and the Use of Force (n 43) 2. 350 Laura Husband, Interview with David Pickard, in ‘High Risk, High Reward: Talking Offshore Security with Drum Cussac’ (Offshore Technology, 3 January 2013) www.offshore-technology.com/ features/featureoffshore-oil-security-piracy-terrorist-attack-prevention-drum-cussac/ accessed 1 December 2015.

346

INTERNATIONAL OIL INDUSTRY RESPONSES

Oil companies should first opt for in-house security guards, if there is such an option.351 Although most oil companies have a security department and security personnel, their staff size is usually insufficient or does not have specialised training or equipment to provide physical protection at offshore sites.352 In many cases, security guarding is provided by public security providers such as military, law enforcement or special security forces of the coastal state and offshore operators usually have ‘little choice in determining whether or not public security providers will be involved in security arrangements’.353 Oil companies often use the services of private security companies to handle the security requirements at their offshore installations. Private security providers will, in most cases, supply their personnel to guard the installation, equipment and weapons, as needed.354 The use of private security guards ‘should be a very carefully considered measure’, to be implemented with full regard to the laws and regulations of the coastal state and the VPSHR.355 In particular, due diligence is necessary when selecting a private armed security guard provider to ensure the provider is certified under ISO 28007-1:2015,356 and their staff has appropriate training and is qualified to do the job.357 Where firearms and/or the use of force are employed by armed security guards, it is important to ensure that it is done in accordance with applicable law,358 as well as other principles and codes of conduct such as the VPSHR and the UN Basic Principles on the Use of Force and Firearms by Law Enforcement Officials (BPUFF).359 In responding to security alerts and incidents, as a general principle, but depending on the circumstances, the use of non-lethal or minimum force should always be the preferred option and lethal force should be used as a last resort.360 The IOGP recommends that security guards should be given clear instructions on how firearms and force should be used and a formal documented risk assessment should be followed.361 It is also important to specify the number of security guards and the equipment required such as uniforms, weapons and communications devices; resolve their command structure; and advise them of the established security

351 MIGA (n 48). 352 Adams (n 149) 141. 353 ICMM et al. (n 52). 354 Adams (n 149) 142. 355 IMCA, Security Measures and Emergency Response Guidance (n 42) 11. 356 ISO 28007-1:2015 Ships and marine technology – Guidelines for Private Maritime Security Companies (PMSC) providing privately contracted armed security personnel (PCASP) on board ships (and pro forma contract) – Part 1: General. 357 Adams (n 149) 142. 358 See IOGP, Firearms and the Use of Force (n 43). 359 UN, Basic Principles on the Use of Force and Firearms by Law Enforcement Officials (adopted by the 8th UN Congress on the Prevention of Crime and the Treatment of Offenders, Havana, Cuba, 27 August to 7 September 1990). 360 IOGP, Firearms and the Use of Force (n 43) 5. See also Institute for Non-Lethal Defense Technologies, ‘Guiding Principles for Use of Non-Lethal Force’ (2013) www.arl.psu.edu/INLDT/ principles.php accessed 1 December 2015. 361 IOGP, Firearms and the Use of Force (n 43) 2.

347

INTERNATIONAL OIL INDUSTRY RESPONSES

and emergency policies and procedures.362 Companies and international organisations have developed guidelines and recommended practices for interaction with public and private security providers.363 4.2.6 Security alert response In the event of a security alert an OISO has several response options. These responses will typically be a sequence of actions intended to prepare for and/or deter a potential attack, which can be described as immediate response actions and escalated response actions. Security alert response is somewhat analogous to the ‘escalation of force’ concept.364 Depending on the security level in effect at the time of an alert, the immediate response actions of an offshore installation operator may involve: determining the credibility of the source of information, determining the intent of potential threat (e.g. approaching vessel), raising the security level on board an offshore installation and, if necessary, notifying relevant authorities, emergency responders, contractors and relevant company staff.365 Initially, a suspect vessel approaching an offshore installation may be hailed by radio from the offshore installation in an attempt to attract the ship’s attention and establish communication and determine its intentions.366 These response actions should clearly indicate to the approaching vessel that it has been detected, thus no longer has the element of surprise.367 If the vessel does not respond, escalated response actions and additional security measures may include: raising the security level on board the installation and alerting the crew; notifying the company and relevant authorities and emergency responders; alerting other offshore installations and industry participants in the area; increasing manning for watch-keeping (visually and by radar) and upper deck patrols; deploying unmanned vehicles for recognisance purposes and to establish the approaching vessel’s intentions; increasing seaborne patrols by security vessels with armed security guards; positioning support vessels around the installation to provide cordon protection (especially in high-risk areas); implementing additional controls at access points (e.g. more rigorous check-in security arrangements at onshore departure points); requesting personnel to check-in regularly; using audible warning devices such as loud sirens or acoustic hailing; visual/optical warnings (e.g. rotating lights, flash-bang warnings, flares),368 adjusting upper deck lighting and using spotlights to watch areas close to the installation; and making sure security

362 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 57. 363 See, e.g. BP, ‘Voluntary Principles on Security and Human Rights: Implementation Guideline – An Extended Summary’ (2008); IOGP, Firearms and the Use of Force (n 43); ICMM et al. (n 52). 364 Annati (n 326) 9. 365 FortisBC, ‘Security Threat Alert Guideline’ (Policy No. SEC 01-10, 11 December 2008). 366 Honeywell International (n 334) 6. 367 Ibid. 8. 368 IMCA, Security Measures and Emergency Response Guidance (n 42) 10–11.

348

INTERNATIONAL OIL INDUSTRY RESPONSES

resources are adequate to deal with increased security activities.369 In most cases, these types of actions will be enough to deter the potential threats before they reach the installation.370 In considering what action should be taken, the OISO should have regard to approximate response times and capabilities of relevant security or emergency services.371 Security alert response is mainly about preventing a security incident, but at some point, a security alert may be reclassified as a security incident, which would require even more escalated responses.372 4.2.7 Security incident management The operator shall establish a security incident management system. An incident may be defined as an ‘[e]vent that has the capacity to lead to human, intangible or physical loss, or a disruption of an organization’s operations, services, or functions – which, if not managed, can escalate into an emergency, crisis, or disaster’.373 Security incident management may involve escalated incident response actions, emergency preparedness and response (evacuation, rescue and medical treatment), incident investigation (e.g. evidence collection) as well as communications and coordination of activities on board and with external emergency responders and security forces.374 The effective security incident management will not only contribute to preventing a security incident, but also help to mitigate the consequences of the incident and ensure a base level of continuity of essential functions.375 To be effective, incident response needs structured command and control and coordination among involved parties.376 Several incident response actions are available to offshore operators. Depending on the security level in effect at the time, other incident response actions may include erecting additional physical barriers (e.g. placing objects on a helipad to prevent unauthorised helicopter landings); reviewing emergency response, business continuity plans and shutdown procedures for critical processes and equipment; ensuring that appropriate back-up power supplies are available and ready; limiting or suspending travel between the offshore installation and shore facilities; postponing or cancelling all non-essential services and supplies; ensuring all equipment associated with emergency is in ready positions; establishing and/or maintaining communications with key security and emergency agencies; checking on availability of security personnel reinforcements and medical services; putting all key operations

369 Husband (n 350); API and NPRA, Security Vulnerability Assessment Methodology (n 232) 61; IMCA, Security Measures and Emergency Response Guidance (n 42) 10–11. 370 Honeywell International (n 334) 8. 371 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 57. 372 See, e.g. Honeywell International (n 334) 8; Adams (n 149) 139; Annati (n 326) 9. 373 ASIS International, Organizational Resilience: Security, Preparedness, and Continuity Management System – Requirements with Guidance for Use (American National Standard No. ASIS SPC.1-2009, March 2009) 47. 374 FortisBC, ‘Security Management System’ (n 281) 15–16; FortisBC, ‘FBC Incident Reporting and Investigation’ (Specification No. OHS 01-02, 21 April 2014); ISPS Code s 8.4; Isaacs (n 258). 375 ISO 22320:2011 Societal security – Emergency management – Requirements for incident response. 376 Ibid.

349

INTERNATIONAL OIL INDUSTRY RESPONSES

personnel and supporting resources on standby; strategically positioning crew members on board to repel the attack; and shutting down non-essential operations on board in accordance with contingency or security plans.377 To deter unauthorised craft from approaching offshore installations or infringing security zones and perpetrators from getting access to the installation, offshore installation operators may utilise non-lethal weapons such as long-range acoustic devices (LRADs), laser dazzling devices, water cannons or, where armed guards are stationed on board, fire warning shots at the perpetrators, hopefully causing them to abandon their actions. Technology such as radio frequency engine stoppers or electro-magnetic engine stoppers may also be used to disable the approaching vessels and prevent them from reaching the installation.378 Deadly force should always be the last resort. As there is no guarantee that an attack can be prevented or will be unsuccessful, the offshore operator may have to initiate full-scale emergency response operations eventually leading to personnel evacuation and rescue.379 Depending on the circumstances, it might be appropriate to conduct either a full or partial evacuation or evacuation to an internal protected area such as a secure control/incident room (i.e. citadel), which should be able to provide adequate protection and shelter for the crew in the event of an attack.380 The circumstances in which evacuation to an on board incident room can be instigated or the circumstances requiring full or partial evacuation of the installation should be specified.381 An incident room should have sufficient food, water, medical supplies and sanitary facilities to last for extended periods of time.382 An incident room should also have appropriate equipment and stores, which may include a laptop computer, compatible with the local network, USB memory drives, spare keys/security codes, torches, spare batteries, stationary,383 as well as communication devices such as mobile phones, landline, satellite phones and VHF radio.384 Security incident management also involves incident reporting and investigation including documenting all security breaches and actions taken in response, conducting internal company investigations, assisting law enforcement agencies with conducting investigations and evidence collection.385 Security incident management should also include considerations relating to cyber attacks.

377 FortisBC, ‘Security Threat Alert Guideline’ (n 365) 10–11; API and NPRA, Security Vulnerability Assessment Methodology (n 232) 51, 62–63. 378 Annati (n 326). 379 Farrell, Zerriffi and Dowlatabadi (n 198) 457; Ultra Electronics (n 335). 380 CPNI, Protecting Against Terrorism (n 217) 34; IOGP, Integrating Security in Major Projects (n 43) 4. 381 CPNI, Protecting Against Terrorism (n 217) 28. 382 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 61; IMCA, Security Measures and Emergency Response Guidance (n 42) 11. 383 Ibid. 30. 384 IOGP, Security Management System (n 53) 12. 385 API, Security Guidelines for the Petroleum Industry (n 254) 16. See also ISO/IEC 27035:2011 Information technology – Security techniques – Information security incident management; ISO/IEC 27037:2012 Information technology – Security techniques – Guidelines for identification, collection, acquisition and preservation of digital evidence; ISO/IEC 27043:2015 Information technology – Security techniques – Incident investigation principles and processes.

350

INTERNATIONAL OIL INDUSTRY RESPONSES

The offshore oil and gas industry generally has well-developed emergency preparedness and response arrangements, which should be to the maximum extent integrated into security incident management.386 A number of international and industry standards and guidelines relating to emergency management and business continuity have been developed such as ISO 15544, which addresses the requirements for emergency response for offshore installations,387 and other ISO standards and various IOGP guidelines,388 that should be considered when developing relevant offshore security-related arrangements. 4.2.8 Operational continuity management Another physical security dimension of offshore installations relates to post-incident recovery and continuity of business operations following a security incident. Operational continuity is about enhancing an organisation’s ability to counteract interruptions to normal operations.389 Operational continuity management defines the steps that personnel are expected to follow and resources they are expected to rely on in the aftermath of a security incident in order to maintain essential operations and return to normal operations as soon as possible.390 The main objectives of operational continuity are to protect company assets that ‘it cannot afford to lose’,391 minimise the timeframes within which it can resume operations, and ensure availability of resources required for maintaining critical business functions.392 Operational continuity management may address both the immediate process of damage containment (which is often carried out as part of the emergency response) and the process of restoration of operations.393 The initial damage containment actions may include control of oil spills and fires, evacuation of the crew, business continuity plans specifying response and communications procedures for handling the initial recovery operations, and contingency arrangements for critical operations.394 In the security context, physical security aspects of operational continuity relate to resources required for maintaining critical business functions including the agreed arrangements for bringing events under control; repairs to the affected components and equipment of offshore installations; availability of critical components on board the installation or in a nearby location onshore in case replacements may be required; availability of alternative sources of equipment and components; availability of

386 Ibid. 14. 387 ISO 15544:2010 Petroleum and Natural Gas Industries – Offshore Production Installations – Requirements and Guidelines for Emergency Response. 388 See, e.g. ISO 22322:2015 Societal Security – Emergency management – Guidelines for public warning; ISO/AWI 20151 Societal security – Emergency management – Guidance for monitoring of facilities with identified hazards; ISO 22315:2014 Societal security – Mass evacuation – Guidelines for planning; IOGP, Response to Demonstrations at Offshore Facilities (n 43); IOGP, Country Evacuation Planning Guidelines (n 43). 389 API, Security Guidelines for the Petroleum Industry (n 254) 35; API and NPRA, Security Vulnerability Assessment Methodology (n 232) 51. 390 CPNI, Protecting Against Terrorism (n 217) 28. 391 Ibid. 27. 392 See, e.g. CPNI, Protecting Against Terrorism (n 217) 27. 393 Farrell, Zerriffi and Dowlatabadi (n 198) 457–58. 394 Ibid. 457; CPNI, Protecting Against Terrorism (n 217) 28.

351

INTERNATIONAL OIL INDUSTRY RESPONSES

staff required for coordinating various recovery or restoration actions; secure offsite storage of data back-ups and valuable documentation; and agreed procedures for recommencing routine operations.395 In implementing operational continuity arrangements companies are encouraged to consider the relevant ISO standards on business continuity, as well as other industry standards and guidelines on operational continuity and organisational resilience.396 4.3 Personnel security controls Personnel security controls address three aspects: the protection of offshore installations from personnel, the protection of offshore installations by personnel and the protection of personnel. The first aspect is about mitigating the security risk posed by industry insiders exploiting their legitimate access to an offshore installation for unauthorised purposes.397 The second aspect is about raising personnel security awareness and preparedness to respond to security threats and risks. The third aspect deals with the protection of personnel, which is usually the top priority. The term ‘personnel’ should be interpreted broadly to include company employees, contractors and visitors. Personnel security controls can be summarised as: security administration; pre-employment screening; identity management; security culture, awareness and training; employee management and supervision; social engineering prevention; prohibited and controlled items/activities; and personnel protection. 4.3.1 Security administration/organisation One of the first steps toward improving security of companies and their installations is establishing an effective internal security administration, which is often referred to as ‘security organisation’. Security administration is largely about personnel. It may be in the form of a security department in larger companies or a security team in smaller companies. In terms of the company hierarchy and depending on the size of the company, at the top level the security administration may be represented by a senior level committee, followed by a security manager (or a CSO) and corporate security team, then an OISO and the offshore crew members with specific security responsibilities.398 There should be sufficient support from the senior management in order to attract an appropriate level of resources for security.399 One of the main objectives of the security administration ‘is to make sure that the quality of the security management process is maintained’, for instance, using

395 Farrell, Zerriffi and Dowlatabadi (n 198) 457–58; API, Security Guidelines for the Petroleum Industry (n 254) 35; CPNI, Protecting Against Terrorism (n 217) 27–28. 396 See, e.g. ISO/PAS 22399:2007 Societal security – Guideline for incident preparedness and operational continuity management; ISO 28002:2011 Security management systems for the supply chain – Development of resilience in the supply chain – Requirements with guidance for use; ISO/IEC 27031:2011 Information technology – Security techniques – Guidelines for Information and Communication Technology Readiness for Business Continuity. 397 CPNI, Protecting Against Terrorism (n 217) 13. 398 RiskWatch International (n 76) 8. 399 IMCA, Security Measures and Emergency Response Guidance (n 42) 5.

352

INTERNATIONAL OIL INDUSTRY RESPONSES 400

the PDCA model. The security administration is responsible for establishing company security policies and procedures, integrating them across all aspects of the company, and ensuring the quality of security management is maintained.401 Company security personnel at all levels need to have well-defined roles and responsibilities and there should be a clear understanding among all company staff about security personnel roles,402 as well as the roles of other key personnel that may be indirectly related to security or that may have occasional security duties (e.g. in cases of emergency).403 The authority of those responsible for coordinating response actions in the event of a security alert or security incident must also be clearly understood by all staff.404 At the installation level, the OISO is ‘primarily responsible for administering the security plan’ of the offshore installation, and may implement security measures including evacuation of the installation.405 Security administration also concerns staffing issues such as the need for additional staff to be employed in security roles and the number of additional staff required, management of access controls and visitors, managing the security training.406 While it is not a prerequisite for security personnel or security managers to come from a military, intelligence or law enforcement background, such personnel tend to have more experience and training in handling adverse situations and in the event of a security incident may be able to mobilise the security and emergency responders more quickly.407 However, security administration is more than just about security personnel. The concept of security administration should concern company personnel at all levels including those who do not have direct security responsibilities. Importantly, offshore crew and company employees at all levels should be given an opportunity to provide input on the security aspects and measures that are in place.408 Companies should establish a process for obtaining feedback from offshore workers at all levels on security issues and concerns.409 4.3.2 Pre-employment screening Pre-employment screening is one of the most common personnel security controls used by oil companies to mitigate security risks posed by personnel with legitimate access to offshore installations (i.e. the threat of internal sabotage) with the aim of

400 RiskWatch International (n 76) 6. 401 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 48–49. 402 OTS, ‘Application Form for Approval of an Offshore Security Plan for an Offshore Facility Operator’ (July 2005) 6. 403 NOGA, 091 Recommended Guidelines for Securing Supplies (n 205) 6; OTS (n 402) 6; API, Security Guidelines for the Petroleum Industry (n 254) 13; FortisBC, ‘Security Management System’ (n 281) 4. 404 CPNI, Protecting Against Terrorism (n 217) 6. 405 API, Security Guidelines for the Petroleum Industry (n 254) 13; API, Security for Offshore Oil and Natural Gas Operations (n 44) 2. 406 OTS (n 402) 5; API, Security for Offshore Oil and Natural Gas Operations (n 44) 2. 407 IOGP, Security Management System (n 53) 5; Adams (n 149) 142. 408 API, Security for Offshore Oil and Natural Gas Operations (n 44) 9. 409 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 49.

353

INTERNATIONAL OIL INDUSTRY RESPONSES

reducing the likelihood of an insider causing harm to an installation.410 Preemployment screening seeks to obtain information about prospective employees or existing staff (e.g. when staff are changing positions), confirm the identity and credentials of personnel who will be granted access to an offshore installation, and use that information to identify individuals who may present a security risk.411 Offshore installation operators (and other offshore industry participants) should aim to establish robust and efficient pre-employment screening arrangements that should form an integral part of company recruitment practices.412 Specific company pre-employment screening practices vary. Some companies have uniform preemployment screening arrangements for all employees that can add delays to the recruitment process, while other companies may prefer to vary the screening process according to the security risks that the position potentially poses.413 Pre-employment screening may include a range of activities such as background checks, personal references checks, police checks, credit checks and even health checks, which are all relevant in the context of security and should be undertaken.414 Fingerprinting is an ‘effective method to screen prospective employees’, which could serve as a deterrent for perpetrators who are trying to infiltrate the industry by posing as legitimate workers.415 Pre-employment screening may also involve training of relevant clerical or security staff performing reference checks or document verification to identify security related concerns.416 The procedures relating to preemployment screening must be done pursuant to applicable rules and to the extent that it is permitted by law.417 Offshore operators should have similar pre-engagement screening arrangements for contractors.418 4.3.3 Identity management This security control is about managing identity information and identification documents of offshore personnel and visitors. The international standard ISO/IEC 24760 addresses identity management frameworks and for many companies ‘the proper management of identity information is crucial to maintain security’ of company processes.419 These technical aspects relating to identity management are

410 CPNI, Pre-Employment Screening: A Good Practice Guide (5th edn, January 2015) 3; OTS, Offshore Oil & Gas Risk Context Statement (April 2005) 19. 411 CPNI, Pre-Employment Screening (n 410) 3. 412 Ibid. 6. 413 Ibid. 414 See, e.g. Adams (n 149) 136, 141; CPNI, How to Obtain an Overseas Criminal Record Check: Quick Reference Guide (April 2014); CPNI, Pre-Employment Screening: Document Verification (2nd edn, February 2015). 415 Adams (n 149) 141. 416 Ibid.; CPNI, Pre-Employment Screening (n 410). 417 Jenkins (n 293) 21; API, Security for Offshore Oil and Natural Gas Operations (n 44) 9. 418 See CPNI, The Secure Procurement of Contracting Staff: A Good Practice Guide for the Oil and Gas Industry (April 2011). 419 ISO/IEC 24760-1:2011 Information technology – Security techniques – A framework for identity management – Part 1: Terminology and concepts v. See also ISO/IEC 24760-2:2015 Information technology – Security techniques – A framework for identity management – Part 1: Reference architecture and requirements.

354

INTERNATIONAL OIL INDUSTRY RESPONSES

discussed in more detail in the context of user account management. This discussion will focus on identification documents of offshore personnel. In some countries offshore workers may be required to hold special security credentials in accordance with national regulations or national security identification document schemes required for all maritime industry and offshore personnel.420 Companies may establish a mandatory requirement for employees, contractors and visitors to wear badges, passes or security identification at all times while present in an offshore security zone or on board an offshore installation.421 Offshore personnel should also feel encouraged to question anyone who is not wearing a badge or pass and report any security concerns.422 Role-based access arrangement may be used to limit and control employees’ access rights within an offshore installation according to their job activities.423 Security pass issuance and control arrangements may be tailored to distinguish between different levels of employee security clearance or access.424 Companies may consider using biometric technologies as an additional identity and access control measure.425 Personnel security controls relating to identity documents management will help to prevent unauthorised personnel from gaining access to offshore installations or their critical areas.426 4.3.4 Security culture, awareness and training Many oil companies are promoting security culture within their organisational and operational frameworks. A company’s security culture is essential to an effective personnel security regime.427 An effective company security culture can provide benefits such as improved employee vigilance and involvement in security issues; improved levels of compliance with security measures; encouraging employees to think and act in more security conscious ways; and reduced risk of security breaches and incidents.428 Companies should develop good security practices and encourage staff to adopt good security habits.429 An effective company security culture requires the commitment of every staff member whether they are permanent, temporary or a contractor.430 Support from senior management is crucial in order to demonstrate

420 As noted in Chapter 7, in Australia, persons working on offshore installations and on board vessels that supply offshore installations are required to hold the MSIC and are subjected to background checks before they are issued with an MSIC, and in the US, persons that require unescorted access to offshore installations must hold the TWIC. See, e.g. Maritime Transport and Offshore Facilities Security Regulations 2003 (Cth) reg 6.07A; Maritime Transportation Security Act 46 USC §70105 (2002). 421 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 56; Adams (n 149) 136. 422 CPNI, Protecting Against Terrorism (n 217) 25. 423 CPNI, Ongoing Personnel Security (n 340) 13. 424 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 56; CPNI, Ongoing Personnel Security (n 340) 13. 425 CPNI, Ongoing Personnel Security (n 340) 14. 426 NOGA, 003 Recommended Guidelines for Checks at Helicopter Terminals (n 44) 5. 427 CPNI, Ongoing Personnel Security (n 340) 5. 428 Ibid. 429 CPNI, Protecting Against Terrorism (n 217) 25. 430 CPNI, Ongoing Personnel Security (n 340) 5.

355

INTERNATIONAL OIL INDUSTRY RESPONSES

the value placed on security and ensure the necessary resources are available to improve security arrangements of company installations.431 Empowering employees at all levels to openly participate in the security programme can assist the offshore installation operator in achieving a desired level of security culture.432 One of the key steps in improving security is staff awareness of security risks that could affect their working environment.433 The offshore petroleum industry can improve its security culture through security awareness and training of employees at all levels including those employees that do not have any security-related duties.434 Security awareness may be in the form of security briefings, review meetings, workshops, security appraisals and security awareness campaigns, and other forms of security training.435 Offshore personnel need to be trained in various aspects of security depending on their specific role and responsibilities.436 Security personnel with security-related responsibilities must have adequate specialised training to accomplish their functions.437 Other personnel who do not have specific security duties should have at least some general security awareness training.438 Companies may put in place a security training programme including provisions for competency validation.439 Security exercises and drills need to be built into the security training programme.440 International regulations such as the ISPS Code and national legislation of some coastal states may prescribe specific qualifications required for OISOs and other crew members with security duties.441 4.3.5 Employee management and supervision Security considerations should be integrated into employee management and supervision, and in that regard, it can be seen as a personnel security control. This security control relates to measures and good management practices that need to be in place to identify in advance and resolve personnel behaviour that may have security implications.442 Such issues include unusual or suspicious behaviour; feelings of disgruntlement or dissatisfaction; and employee welfare including physical health and psychological well-being. Employee management and supervision in the security context is also about dealing with anti-social behaviour of workers such as conflicts with colleagues, alcohol or substance abuse, and workplace violence.

431 Ibid. 6. 432 API, Security for Offshore Oil and Natural Gas Operations (n 44) 9. 433 Ibid. 2. 434 OITS (n 45) 64. 435 IOGP, Security Management System (n 53) 12; API, Security Guidelines for the Petroleum Industry (n 254) 32. 436 FortisBC, ‘Prevention of Violence’ (n 251) 4; API, Security Guidelines for the Petroleum Industry (n 254) 32. 437 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 49; IMCA, Security Measures and Emergency Response Guidance (n 42) 10–11; FortisBC, ‘Security Management System’ (n 281) 13. 438 CPNI, Ongoing Personnel Security (n 340) 22. 439 API, Security for Offshore Oil and Natural Gas Operations (n 44) 9. 440 FortisBC, ‘Security Management System’ (n 281) 17. 441 See, e.g. ISPS Code s 13. 442 IOGP, Integrating Security in Major Projects (n 43) 6.

356

INTERNATIONAL OIL INDUSTRY RESPONSES

Good employee management and supervision practices will help to identify and resolve personnel security issues and problems that might affect security and ensure they are dealt with before they escalate to insider activity or a security incident.443 Line managers are best positioned to influence their staff and detect behaviours of concern.444 To be able to identify and address unusual or suspicious behaviour of their staff, line managers should have appropriate skills and support, and should have personnel security responsibilities included in their job descriptions.445 Some of the specific employee management and supervision measures relating to security include preventing intoxicated employees from travelling offshore, maintaining information on incidents of violence and other conflicts, carrying out internal investigations, preparing investigation reports, and implementing employee violence prevention programmes.446 In addition, companies may need to establish measures to mitigate security risks resulting from voluntary and involuntary termination of employees or contractors,447 as well as exit procedures including provisions for conducting exit interviews, revoking physical access such as return of passes and keys, equipment, documents (physical or electronic), and removal of electronic and remote access (e.g. revocation of passwords, access codes, and other privileges).448 It may be useful to maintain an exit checklist to ensure nothing is overlooked.449 In implementing these personnel security measures companies should have regard to relevant industry guidelines and recommended practices.450 4.3.6 Social engineering prevention It was mentioned in Chapter 3 that the concept of ‘social engineering’ is about obtaining information or gaining access under false pretence, ‘based upon the building of an inappropriate trust relationship with individuals’.451 Oil companies and offshore operators should consider implementing appropriate measures to counter social engineering. Such measures can include establishing a mechanism for employees to report suspected social engineering, ‘and a review process to identify trends or repeated attempts to acquire certain information, so that other employees can be made aware’;452 ensuring that information on the company’s website does not provide superfluous details that may be used in the preparation of social

443 CPNI, Ongoing Personnel Security (n 340) 3, 9–10; IOGP, Integrating Security in Major Projects (n 43) 6. 444 CPNI, Ongoing Personnel Security (n 340) 9. 445 Ibid. 446 Ibid. 3, 9. 447 FortisBC, ‘Security Management System’ (n 281) 13. 448 CPNI, The Secure Procurement of Contracting Staff (n 418) 23. 449 Ibid. 450 IOGP and IPIECA, Managing Psychosocial Risks (n 43); FortisBC, ‘Substance Abuse Policy’ (Policy No. HMR 03-03, 20 October 2011); FortisBC, ‘Prevention of Violence’ (n 251) 4. See also NOGA, Norwegian Oil and Gas Guidelines for Reaction Forms at Helicopter Terminals When Suspecting Influence or Possession of Intoxicating Substances (August 2007); NOGA, Guidelines for Alcohol and Drug Testing (August 2007); NOGA, Norwegian Oil and Gas Recommended Guidelines for Handling Alcohol and Substance Abuse (August 2007). 451 CPNI, Social Engineering: Understanding the Threat (December 2013) 2. 452 CPNI, Ongoing Personnel Security (n 340) 22.

357

INTERNATIONAL OIL INDUSTRY RESPONSES

engineering attacks; implementing protocols for governing how and when a person’s credentials should be checked, before providing any requested information; and training of employees to be alert to potential social engineering attacks.453 Companies should investigate all suspected and reported cases of social engineering.454 4.3.7 Prohibited and controlled items or activities Certain items should be prohibited from being taken on board offshore installations by crew members or other personnel. Explosives, firearms, ammunition and certain kinds of knives should generally be prohibited to be taken on board offshore installations.455 However, in high-risk areas weapons may be brought on board by professional security guards or state security forces stationed on board. It is usually prohibited to bring liquids containing alcohol, narcotics and certain types of medication to an offshore installation.456 Other prohibited or controlled items may include matches and lighters, photo equipment and mobile communication devices such as remote control equipment, wireless devices, mobile phones.457 In some cases, these items may be allowed to be brought along, but there must be written permission from the security manager or security department of the operating company.458 Any prohibited or controlled items found and any activities of concern observed should be reported and handled in accordance with company policies.459 Employees may also be required to declare unusual or inappropriate gifts and hospitality, as well as offers of such gifts.460 Companies may impose restrictions on the use of internet or access to certain websites from work computers, use of work email for private communication, requiring to observe the company code of conduct on the use of the internet and prescribing appropriate penalties for non-compliance.461 4.3.8 Personnel protection Offshore installation operators are required to provide a safe and secure workplace to their employees, so they need to implement measures for the protection of offshore personnel.462 Personnel protection measures can include providing security escort for workers when travelling to and from offshore installations on a vessel; transporting offshore personnel by aircraft instead of vessels; providing first aid or medical assistance to personnel injured; personal protection of workers and family members; evacuation of personnel where a security situation deteriorates; and rescue of offshore personnel including negotiations with the kidnappers and payment of ransom in cases of offshore personnel abductions.463 453 Ibid. 454 Ibid. See also CPNI, Investigating Employees of Concern: A Good Practice (March 2011); CPNI, Social Engineering (n 451). 455 NOGA, 003 Recommended Guidelines for Checks at Helicopter Terminals (n 44) 10. 456 Ibid. 11. 457 Ibid. 12. 458 Ibid. 459 Ibid. 10. 460 CPNI, Ongoing Personnel Security (n 340) 22. 461 Ibid. 23–24; API, Security Guidelines for the Petroleum Industry (n 254) 32. 462 FortisBC, ‘Security Management System’ (n 281) 13. 463 See, e.g. Philippe Bouvier, ‘Critical Infrastructure Security: A Holistic Security Risk Management Approach’ (Thales, January 2008) 13; FortisBC, ‘Security Management System’ (n 281) 13.

358

INTERNATIONAL OIL INDUSTRY RESPONSES

4.4 Technical security controls Technical security controls can be defined as security controls ‘for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system’.464 Technical security controls mostly relate to ICT and ICS security including computer and network security, all of which can be termed as ‘cyber security’. As discussed in the earlier chapters, cyber security is an increasingly serious issue for offshore installation operations.465 Companies are facing the challenge of achieving the maximum level of cyber security to protect sensitive information, systems and processes, while allowing the very same information, systems and processes to remain accessible for the continuous operations.466 Many international standards on ICT security and technical security controls have been developed and a number are being developed.467 However, technical security is not only about cyber security. Technical security controls also provide technical support to and are often integrated with other security controls. For example, physical access controls are often enhanced through technical security measures such as keypads, access codes, key cards, remote control openers, alarms and sensors.468 They may also provide valuable input to the overall

464 Marianne Swanson, Joan Hash and Pauline Bowen, ‘Guide for Developing Security Plans for Federal Information Systems’ (Special Publication No. 800-18, NIST, February 2006) 40. 465 OITS (n 45) 107. 466 Ibid. 108. 467 See, e.g. ISO/IEC 17799:2005 Information technology – Code of practice for information security management; ISO/IEC 27001:2013 Information technology – Security techniques – Information security management systems – Requirements; ISO/IEC 18045:2008 Information technology – Security techniques – Methodology for IT security evaluation; ISO/IEC 27032:2012 Information technology – Security techniques – Guidelines for cybersecurity; ISO/IEC 15816:2002 Information technology – Security techniques – Security information objects for access control; ISO/IEC 27033-2:2012 Information technology – Security techniques – Network security – Part 2: Guidelines for the design and implementation of network security; ISO/IEC 270334:2014 Information technology – Security techniques – Network security – Part 4: Securing communications between networks using security gateways; ISO/IEC 27033-5:2013 Information technology – Security techniques – Network security – Part 5: Securing communications across networks using Virtual Private Networks (VPNs); ISO/IEC 27039:2015 Information technology – Security techniques – Selection, deployment and operations of intrusion detection systems (IDPS); ISO/IEC 9798-1:2010 Information technology – Security techniques – Entity authentication – Part 1: General; ISO/IEC 20009-1:2013 Information technology – Security techniques – Anonymous entity authentication – Part 1: General; ISO/IEC 24760-1:2011 Information technology – Security techniques – A framework for identity management – Part 1: Terminology and concepts; ISO/IEC 24761:2009 Information technology – Security techniques – Authentication context for biometrics; ISO/IEC 29115:2013 Information technology – Security techniques – Entity authentication assurance framework; ISO/IEC 19772:2009 Information technology – Security techniques – Authenticated encryption; ISO/IEC 19790:2012 Information technology – Security techniques – Security requirements for cryptographic modules; ISO/IEC 11770-1:2010 Information technology – Security techniques – Key management – Part 1: Framework; ISO/IEC 27031:2011 Information technology – Security techniques – Guidelines for Information and Communication Technology Readiness for Business Continuity; ISO/IEC 27035:2011 Information technology – Security techniques – Information security incident management; ISO/IEC 27037:2012 Information technology – Security techniques – Guidelines for identification, collection, acquisition and preservation of digital evidence. 468 Friedrich Steinhausler, P. Furthner, W. Heidegger, S. Rydell and L. Zaitseva, ‘Security Risks to the Oil and Gas Industry: Terrorist Capabilities’ (February 2008) 7(1) Strategic Insights [p.9] www.hsdl.org/?view&did=483063 accessed 1 December 2015.

359

INTERNATIONAL OIL INDUSTRY RESPONSES 469

SMS of a company. Technical security controls can be summarised as: secure network architecture and configuration; hardware and software integrity and patch management; user accounts and privilege management; transmission security; cryptographic protection; malware protection; protective monitoring; and command, control and response capability. Despite many developments in technical security solutions in recent years, there are still a number of unresolved issues due to constraints with application of existing technologies and security solutions to ICS and SCADA security.470 ICT and ICSs utilise slightly different security approaches or techniques. While the ICT and ICS processes are compatible, many of the definitions are different or incompatible.471 According to ENISA, ‘[s]ome approaches regularly used in the ICT context can have catastrophic consequences if applied to ICS environments’.472 To counter the emerging cyber security threats to offshore installations and their SCADA systems there is a need for an integrated approach combining methodologies from ICT security and ICS engineering.473 Therefore, company security policies, standards and procedures should be implemented with both ICT and SCADA security in mind.474 4.4.1 Secure network architecture and configuration Technical security controls, as other security controls, should be integrated into the overall design of an offshore installation and its information, communication and control systems early in a development process rather than installed after the system is operational.475 Secure network architecture and secure network configuration comprises a number of measures, tools and techniques. Secure network architecture should address both ICT systems networks and ICSs networks. Designing a secure architecture for an ICS can be a challenging task due to a large variety of systems and possible solutions available, some of which might not be appropriate.476 There are several possible security solutions available for the implementation of secure network architecture. As a starting point, it is important to have an up to date mapping or layout of the network infrastructure, specifying local area network (LAN) and wide area network (WAN) perimeters, and an understanding of its capabilities and security level.477

469 Constantinos Hadjistassou and Antonis Hadjiantonis, ‘Risk Assessment of Offshore Oil and Gas Installations Under Cyber Threats’ (Energy Sequel, 25 January 2013) www.energysequel.com/riskassessment-of-offshore-oil-and-gas-installations-under-cyber-threats/ accessed 1 December 2014. 470 CPNI, ‘Cyber Security’ (2015) www.cpni.gov.uk/advice/cyber/ accessed 1 December 2015. 471 OSCE, Good Practices Guide on Non-Nuclear Critical Energy Infrastructure Protection (NNCEIP) from Terrorist Attacks Focusing on Threats Emanating from Cyberspace (2013) 56. 472 ENISA, Protecting Industrial Control Systems – Recommendations for Europe and Member States (December 2011). 473 Hadjistassou and Hadjiantonis (n 469). 474 Robert Radvanovsky, Critical Infrastructure: Homeland Security and Emergency Preparedness (CRC Press 2006) 250. 475 API, Security Guidelines for the Petroleum Industry (n 254) 34. 476 PA Consulting Group and CPNI, Good Practice Guide: Process Control and SCADA Security: Guide 2. Implement Secure Architecture (n.d.) 5. 477 RiskWatch International (n 77) 8; CPNI, Good Practice Guide: Patch Management (October 2006) 8.

360

INTERNATIONAL OIL INDUSTRY RESPONSES

One of the most common techniques for secure network architecture is network segregation or segmentation. Companies may develop and implement multilevel network infrastructure whereby SCADA architecture is segmented or segregated from the remainder of the company network and access to SCADA systems via the internet is restricted.478 The architectures used to separate SCADA network from the corporate network ‘range from hosts with dual network interface cards to multitiered combinations using firewalls, switches and routers’.479 Firewalls are commonly used to segregate networks, but many commercially available firewalls are focused on corporate networks and are not necessarily well-equipped to handle SCADA protocols.480 Efforts are currently under way to develop robust industrial firewalls.481 In addition to the segmentation of networks, secure network architecture involves the implementation of network-based IDSs and intrusion prevention systems (IPSs),482 and electronic access control.483 Electronic attack and intrusion detection and prevention involve deployment of IDSs and IPSs that have ‘sensor data management and distribution capabilities’ over a WAN.484 Secure network configuration involves actively managing network infrastructure devices using a rigorous configuration and change management process to ensure that only authorised devices are granted access while unauthorised and unmanaged devices are detected and denied access.485 Secure network configuration may also include ongoing management and ‘operational use of ports, protocols and services on networked devices’;486 securing communications between and across networks using security gateways and virtual private networks (VPNs); controlling access to network connections and services; closing unused network ports; server hardening; and security of remote access.487 Network security controls should be based on a policy that clearly defines the network services that are allowed to be accessed.488

478 Radvanovsky (n 474) 254. 479 PA Consulting Group and CPNI, Firewall Deployment for SCADA and Process Control Networks (n.d.) 5. 480 Stouffer, Falco and Scarfone (n 283) D-2. 481 Ibid. 482 Frost and Sullivan, ‘Global Oil and Gas Infrastructure Security Market Assessment: Growing Threats to Drive Oil and Gas Security Expenditure’ (November 2012). 483 Radvanovsky (n 474) 249. 484 Ultra Electronics (n 335); CPNI, Protecting Against Terrorism (n 217) 13. See also ISO/IEC 27039:2015 Information technology – Security techniques – Selection, deployment and operations of intrusion detection systems (IDPS). 485 Council on Cyber Security, The Critical Security Controls for Effective Cyber Defense Version 5.0 (2014) 8, 54. 486 Ibid. 58. 487 See, e.g. ISO/IEC 27033-1:2009 Information technology – Security techniques – Network security – Part 1: Overview and concepts; ISO/IEC 27033-2:2012 Information technology – Security techniques – Network security – Part 2: Guidelines for the design and implementation of network security; ISO/IEC 27033-3:2010 Information technology – Security techniques – Network security – Part 3: Reference networking scenarios – Threats, design techniques and control issues; ISO/IEC 27033-4:2014 Information technology – Security techniques – Network security – Part 4: Securing communications between networks using security gateways; ISO/IEC 27033-5:2013 Information technology – Security techniques – Network security – Part 5: Securing communications across networks using Virtual Private Networks (VPNs); ISO/IEC 18028-4:2005 Information technology – Security techniques – IT network security – Part 4: Securing remote access; Council on Cyber Security (n 485) 80. 488 API, Security Guidelines for the Petroleum Industry (n 254) 34.

361

INTERNATIONAL OIL INDUSTRY RESPONSES

Companies should actively manage systems connected to the company network to ensure that only authorised devices are granted access while unauthorised and unmanaged devices are detected, denied access and isolated to prevent malicious activity.489 A firewall or an IDS may be installed on a ‘locked-down’ (i.e. nonmodifiable) operating system thereby removing the possibility of loading additional code altogether.490 4.4.2 Hardware and software integrity and patch management Systems integrity and patch management is about implementing and actively managing the security and configuration of hardware, servers, software, workstations, laptop computers and other mobile devices using rigorous configuration and change management process.491 In this context, ‘system’ refers to both hardware devices and components and software applications. This technical security control involves several security techniques and practices. These include secure software and hardware configuration, deployment and use of authorised software and hardware, maintaining the inventory of authorised and prohibited hardware devices and software applications, and keeping systems up to date through security patching. Companies should deploy appropriate hardware and software and implement hardened versions of security configurations of the operating system, software applications installed on the system and any connected devices.492 This requires security administrators to be aware of all types and versions of operating systems, software applications and hardware deployed in the operational environment on any of the company’s offshore installations.493 Knowing this information can reduce delays in updating systems throughout the company and control the manner in which the software update will be deployed.494 Companies should maintain an inventory of authorised hardware and software, and all systems and devices connected to the network, specifying at least the network addresses, name and purpose of each system, the person or department responsible for each device or application; identifying all software updates and security patches that have or have not been installed; and identifying all portable and/or personal devices that store or process data (e.g. mobile phones, tablets, laptops and other portable electronic devices), regardless of whether they are attached to the company’s

489 Council on Cyber Security (n 485) 8. 490 Elaine Barker, Miles Smid, Dennis Branstad and Santosh Chokhani, ‘A Framework for Designing Cryptographic Key Management Systems’ (Special Publication No. 800-130, NIST, August 2013) 71. 491 Council on Cyber Security (n 485) 58. 492 Ibid. 19. See also API and NPRA, Security Vulnerability Assessment Methodology (n 232) 58. 493 See also ISO/IEC TR 19791:2010 Information technology – Security techniques – Security assessment of operational systems; ISO/IEC 27034-1:2011 Information technology – Security techniques – Application security – Part 1: Overview and concepts; ISO/IEC 15408-1 Information technology – Security techniques – Evaluation criteria for IT security – Part 1: Introduction and general model; ISO/IEC 15408-2 Information technology – Security techniques – Evaluation criteria for IT security – Part 2: Security functional components; ISO/IEC 15408-3 Information technology – Security techniques – Evaluation criteria for IT security – Part 3: Security assurance components; ISO/IEC 18045 Information technology – Security techniques – Methodology for IT security evaluation. 494 CPNI, Good Practice Guide: Patch Management (n 477) 8.

362

INTERNATIONAL OIL INDUSTRY RESPONSES 495

network. The inventory should be updated as new, approved devices and applications are acquired, installed or connected to the network;496 and monitored to ensure that files have not been altered and no new files have been introduced into key system areas.497 Automated integrity checking tools may be utilised to verify standard device configurations, detect changes and automatically report all alterations to appropriate security personnel.498 Properly configuring ICSs and ICT systems and installing recommended software updates will help to mitigate the risks of both internal and external malicious exploitation.499 The dynamic host configuration protocol server logging may be utilised to improve the inventory of hardware and software and to help detect unknown or unauthorised systems.500 Internet access should be disabled or restricted in all application software and operating systems that are pre-packaged.501 Systems hardening in this context may also include removal of unnecessary user accounts and services, disconnecting unused devices, installing software updates and applying security patches.502 ICSs and ICT systems as well as all supporting hardware and software should be kept up to date. Assessing and maintaining systems integrity in a networked environment may be achieved through a well-defined patch management programme.503 ‘Patch management’ may be defined as ‘the process of controlling the deployment and maintenance of interim software releases into operational environments’.504 Automated patching tools and processes may be implemented for both applications and operating system software.505 In ICT security, patches are used frequently to stay up-to-date with latest developments and mitigate new vulnerabilities; however, installing patches in the ICS environment has the potential of creating lasting interference or damage if the system does not respond as expected.506 Accordingly, it is good practice to introduce SCADA/ICS patch management separate from ICT patch management.507 Security updates and patches shall always be implemented when available and approved, unless it interferes with other software or hardware.508 Outdated systems that can no longer be patched should be updated with the latest version of application software and any unused or not updated software should be removed from the system or isolated or protected by other security measures.509

495 Council on Cyber Security (n 485) 9; CPNI, Good Practice Guide: Patch Management (n 477) 8. 496 Ibid. 8–9. 497 Ibid. 8. 498 Ibid. 20–21; 55. 499 CPNI, Good Practice Guide: Patch Management (n 477) 4. 500 Council on Cyber Security (n 485) 8. 501 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 59. 502 Ibid. 19. 503 CPNI, Good Practice Guide: Patch Management (n 477) 6. 504 Ibid. 4. 505 Council on Cyber Security (n 485) 19. 506 OSCE (n 471) 56. 507 Ibid. 57. 508 NOGA, 104 Recommended Guidelines for Information Security Baseline Requirements for Process Control Safety and Support ICT Systems (January 2009) 24. 509 Council on Cyber Security (n 485) 20; NOGA, 104 Recommended Guidelines for Information Security (n 508) 8, 24; CPNI, Good Practice Guide: Patch Management (n 477) 8.

363

INTERNATIONAL OIL INDUSTRY RESPONSES

4.4.3 User accounts and privilege management Data processing systems gather a range of information on their users (personnel, equipment or software), and make decisions based on the gathered information.510 Such identity-based decisions often concern access to company systems and resources, and have security implications.511 Companies manage these processes and associated security risks with the aid of user accounts/identity management and privilege management.512 User account management refers to the processes and technical tools that are used to create, modify and delete user accounts/identities for systems and applications allowing the administrator to track, control or prevent electronic access of users to critical information, resources, facilities and systems of a company or an offshore installation based on an approved classification.513 Each employee (and contractors) should be assigned unique identities such as a swipe card, access code, and username and password for systems access.514 Verification of the identity of a user (e.g. person, process or device) is done by ‘authentication’. Authentication can be defined as ‘the process of positively identifying potential network users, hosts, applications, services, and resources using a combination of identification factors or credentials’ such as passwords, tokens and biometrics.515 The result of the authentication then becomes the basis for permitting or denying further access or actions.516 The authenticity of a user can be determined on the basis of several factors, including something known (e.g. password), something possessed (e.g. security token), a specific characteristic of a user (e.g. fingerprint), a location (e.g. coordinates), the time a request is made, or a combination of any of these factors.517 The use of passwords is one of the most common authentication techniques. Proper management of privileged account credentials and their access reduces the chances for data theft and unauthorised or malicious cyber activity.518 ‘Privilege management’ is the process of managing user authorisations, which is based on the

510 ISO/IEC 24760-1:2011 Information technology – Security techniques – A framework for identity management – Part 1: Terminology and concepts v. See also ISO/IEC CD 24760-2 Information Technology – Security Techniques – A Framework for Identity Management – Part 2: Reference architecture and requirements; ISO/IEC CD 24760-3 Information Technology – Security Techniques – A Framework for Identity Management – Part 3: Practice. 511 ISO/IEC 24760-1:2011 Information technology – Security techniques – A framework for identity management – Part 1: Terminology and concepts v. 512 Council on Cyber Security (n 485) 62. 513 Ibid. 80, 84. 514 CPNI, Ongoing Personnel Security (n 340) 37. 515 Stouffer, Falco and Scarfone (n 283) 6–22. 516 Ibid. 6–22. 517 Ibid. See also ISO/IEC 15816:2002 Information technology – Security techniques – Security information objects for access control; ISO/IEC 15945:2002 Information technology – Security techniques – Specification of TTP services to support the application of digital signatures; ISO/IEC 9798-1:2010 Information technology – Security techniques – Entity authentication – Part 1: General; ISO/IEC 20009-1:2013 Information technology – Security techniques – Anonymous entity authentication – Part 1: General; ISO/IEC 24761:2009 Information technology – Security techniques – Authentication context for biometrics. 518 Thecotic, ‘Why PAM – Oil and Gas: Even Control Networks Have Privileged Identities’ (2015) http://thycotic.com/solutions/why-pam-oil-and-gas/ accessed 1 December 2015.

364

INTERNATIONAL OIL INDUSTRY RESPONSES

ITU Recommendation ITU-T X.509. ITU Recommendation ITU-T X.509 and the international standard ISO/IEC 9594-8:2014 define the framework for publickey certificates and the different components going into a public-key infrastructure, and the framework for attribute certificates and the different components going into the privilege management infrastructure.519 The principle of ‘least privilege’ is central to privilege management, which essentially means that each user has access only to the information and resources necessary for legitimate use (i.e. to perform his or her duties).520 Systems should be configured to give users minimum privileges required to perform their work duties.521 In some circumstances, personnel may have a legitimate need to override a restriction and will therefore request an elevated privilege to perform the operation.522 The level of privilege granted reflects the degree of trust placed in the privilege holder, by the certificate issuer, which implies that the privilege holder will adhere to those aspects of policy that are not enforced by technical controls.523 The individual seeking the privilege must be required to provide reasons when submitting a request for an elevated privilege, and if the request is approved, a qualified technician will activate the privilege.524 A privilege policy should have clear criteria or conditions for granting and revoking privileges and should take into account any existing support and ICT or ICS-related policies such as computer configuration policies or software policies (e.g. a requirement that only software approved by the company may be installed on desktop and laptop computers and servers).525 A number of tools and software applications for managing privileges is available on the market, but managing user privileges can still be a difficult task, especially for companies with large staff numbers.526 Chappell, for example, argues that in order to reduce the administrative burden of managing privileges, attention should be focused on software and applications rather than users because in many cases it is an application or installer program, that requires elevated privilege in order to be installed rather than the person performing the installation.527

519 ITU, ‘ITU-T Recommendations’ (2015) www.itu.int/ITU-T/recommendations/rec.aspx?rec=X. 509 accessed 1 December 2015; ISO/IEC 9594-8: 2014 Information Technology – Open Systems Interconnection – The Directory – Part 8: Public-Key and Attribute Certificate Frameworks. Recommendation ITU-T X.509 defines PMI as the ‘infrastructure able to support the management of privileges in support of a comprehensive authorization service and in relationship with a Public-Key Infrastructure’: Recommendation ITU-TX.509 Information Technology – Open Systems Interconnection – The Directory: Public-Key and Attribute Certificate Frameworks 16. 520 NOGA, 104 Recommended Guidelines for Information Security (n 508) 8; Barker et al. (n 490) 107. 521 Brian Chappell, ‘Privilege Management – The Industry’s Best Kept Secret’ (October 2013) Network Security 12, 13; API and NPRA, Security Vulnerability Assessment Methodology (n 232) 58. 522 FortisBC, ‘FortisBC (Natural Gas) Computer Local Admin Privileges’ (Policy No. ITS 01-03, 18 December 2008) 2. 523 Recommendation ITU-TX.509 Information Technology – Open Systems Interconnection – The Directory: Public-Key and Attribute Certificate Frameworks 83. 524 FortisBC, ‘FortisBC (Natural Gas) Computer Local Admin Privileges’ (n 522) 2. 525 Ibid. 526 Chappell (n 521) 13. 527 Ibid.

365

INTERNATIONAL OIL INDUSTRY RESPONSES

4.4.4 Transmission security Transmission security is a technical security control aimed at mitigating security risks that emanate from insecure (or otherwise compromised) connections within the corporate networks and connectivity of SCADA systems to these unsecured networks and/or the Internet. To ensure that information is transmitted securely, offshore installation operators must implement and maintain appropriate security controls throughout the entire network and telecommunications infrastructure.528 All communication paths and information flow should be controlled, especially when transmitting via networks of different trust levels.529 Technology allows outgoing emails and attachments to be automatically scanned for words and terms that might indicate a leak of sensitive information.530 Network boundaries should be designed in the way that all outbound traffic to the Internet passes through ‘an authenticated proxy server on the corporate network’.531 All data flow between the office domain and offshore installations should be controlled ‘by use of information security gateways’, and all ICT services that may enable unauthorised access or communications should be removed.532 Shared networks require routing controls and traffic filtering of the relevant systems.533 To test transmission security, packets may be sent into the network from bogon Internet protocol addresses to determine whether or not they are transmitted through the network.534 In any case, it appears that without cryptographic protection, these security solutions provide a rather ‘limited protection for the integrity of the information being transmitted’.535 4.4.5 Cryptographic protection Cryptography is a science of using mathematical techniques for information security purposes in three key areas, namely: confidentiality, which practically renders the information unusable by unauthorised parties who will not be able to read or understand the content of the information; integrity, which ensures that any alterations to the contents of the message during or after transmission can be detected; and authentication (of both entity and data origin) which seeks to verify that ‘the information was sent by the party that claims to have sent it’; and to confirm the origin of data, which provides an additional level of authentication.536

528 API, Security Risk Assessment Methodology (n 24) 8; Bouvier (n 463) 13. See also ISO/IEC 27002:2013 Information technology – Security techniques – Code of practice for information security controls; ISO/IEC 27010:2012 Information technology – Security techniques – Information security management for inter-sector and inter-organizational communications; ISO/IEC TR 27019:2013 Information technology – Security techniques – Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry. 529 Council on Cyber Security (n 485) 68–69; NOGA, 104 Recommended Guidelines for Information Security (n 508) 5. 530 CPNI, Ongoing Personnel Security (n 340) 30. 531 Council on Cyber Security (n 485) 70. 532 NOGA, 104 Recommended Guidelines for Information Security (n 508) 17, 32. 533 API, Security Guidelines for the Petroleum Industry (n 254) 34. 534 Council on Cyber Security (n 485) 69. 535 Radvanovsky (n 474) 243. 536 American Gas Association (AGA), Cryptographic Protection of SCADA Communications Part 1: Background, Policies and Test Plan (Report No. 12, March 2006) B-4, D-1.

366

INTERNATIONAL OIL INDUSTRY RESPONSES

Cryptographic protection involves three key elements, namely a cryptographic algorithm, a cryptographic key and the plaintext.537 The cryptographic transformation of data (called ‘plaintext’ or ‘cleartext’) into a form (called ‘ciphertext’) that conceals the data’s original meaning is known as encryption.538 The corresponding reversal process that restores encrypted data to its original form is called decryption.539 Encryption provides another layer of protection to information and systems. The process of encryption and decryption are conducted by using a ‘cryptographic algorithm’ and ‘cryptographic key’.540 Cryptographic key is a combination of bits or characters that constitute a parameter that is used in conjunction with a cryptographic algorithm that specifies how plaintext is transformed into ciphertext.541 Key management is a set of processes and activities relating to the handling of cryptographic keys and their metadata that support generation, establishment, distribution, storage, backup and use of keys and the maintenance of keying relationships (e.g. replacing old keys with new ones) during the lifecycle of the keys.542 A key management system for cryptographic protection should be simple to operate by users in order not to complicate operational tasks and activities of offshore installation operators.543 A number of challenges arise in designing cryptographic protocols to protect SCADA communications including difficulties relating to encryption of repetitive messages, reducing delays caused by cryptographic protection, ensuring cryptographic system integrity with minimal latency, avoiding communication channel collisions and incorporating key management.544 In addition, many operational environments in which SCADA systems are used have many independent SCADA communication lines and cryptographic modules on separate communication lines will require additional communication channels to exchange key management information.545 In constrained operational environments lightweight cryptography can be used to protect data.546 Cryptographic protection is not limited to electronic information or data. For example, to reduce the likelihood of verbal communications (e.g. telephone calls

537 AGA, Cryptographic Protection of SCADA Communications (n 536) D-1. 538 Stouffer, Falco and Scarfone (n 283) 6–33 citing R. Shirey, ‘Internet Security Glossary, Version 2’ (Network Working Group, IETF Trust August 2007) RFC Editor www.rfc-editor.org/rfc/rfc4949.txt accessed 1 December 2015. See also AGA, Cryptographic Protection of SCADA Communications (n 536) B-5. 539 Ibid. 540 AGA, Cryptographic Protection of SCADA Communications (n 536) B-4. 541 Barker et al. (n 490) 104; AGA, Cryptographic Protection of SCADA Communications (n 536) B4. See also Institute of Electrical and Electronics Engineers (IEEE), IEEE 1588-2000 Standard for Precision Clock Synchronization Protocol for Networked Measurement and Control Systems. 542 AGA, Cryptographic Protection of SCADA Communications (n 536) E-5; Barker et al. (n 490) 104. See also IEEE 1588-2000 Standard for Precision Clock Synchronization Protocol for Networked Measurement and Control Systems. 543 AGA, Cryptographic Protection of SCADA Communications (n 536) E-5. 544 Ibid. E-1. See also Vinay Igure, Sean Laugher and Ronald Williams, ‘Security Issues in SCADA Networks’ (2006) 25(7) Computers & Security 498, 503–4. 545 AGA, Cryptographic Protection of SCADA Communications (n 536) E-5. 546 See, e.g. ISO/IEC 29192-1:2012 Information technology – Security techniques – Lightweight cryptography – Part 1: General.

367

INTERNATIONAL OIL INDUSTRY RESPONSES

and VHF radio transmissions) being intercepted by adversaries,547 offshore operators may consider using voice encryption as the means of protecting the information.548 A number of international and industry standards dealing with cryptographic protection and key management have been developed that may be used by companies to protect information.549 4.4.6 Malware protection Another important technical security control is malware protection. Malware protection involves detecting and controlling the spread and execution of malicious software at multiple points of the company network, often utilising multiple security solutions.550 Companies should install standard malware protection software (commonly known as anti-virus software) throughout the enterprise operations on computers, data file servers and centralised application servers to protect against the risk of sophisticated malware that combines different infection techniques.551 Malware protection should, as much as possible, be centrally administered to ensure that computers and systems are updated quickly and uniformly.552 To be able to operate in the dynamic cyber space malware protection should allow for rapid updating, large-scale automation and integration with other securityrelated processes such as security incident management.553 Anti-malware software should be configured to update itself automatically, except those systems that run critical real time operations, which should be updated manually.554 Systems should be configured ‘so that they automatically conduct an anti-malware scan of removable media when inserted’, as well as email attachments before they are placed in the user’s inbox.555 Workstations, servers and mobile devices should be continuously monitored with anti-malware and anti-spyware as well as firewalls, IDSs and IPSs, and should be configured not to run content automatically from removable media and similar devices.556 ‘All malware detection events should be sent to enterprise anti-malware administration tools and event log servers.’557 ICT and ICS systems need to have adequate, updated and active anti-malware software installed to scan all protocols that could contain malware such as viruses, worms and ‘trojan horses’.558 Some ICS vendors and end users are hesitant to use

547 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 58. 548 Ibid. 549 ISO/IEC 18033-1:2015 Information technology – Security techniques – Encryption algorithms – Part 1: General; ISO/IEC 18033-2:2006 Information technology – Security techniques – Encryption algorithms – Part 2: Asymmetric ciphers; ISO/IEC 11770-1:2010 Information technology – Security techniques – Key management – Part 1: Framework; ISO/IEC 29150:2011 Information technology – Security techniques – Signcryption. 550 Council on Cyber Security (n 485) 33; API, Security Guidelines for the Petroleum Industry (n 254) 35. 551 API, Security Guidelines for the Petroleum Industry (n 254) 35. 552 Ibid. 553 Council on Cyber Security (n 485) 33. 554 NOGA, 104 Recommended Guidelines for Information Security (n 508) 25. 555 Council on Cyber Security (n 485) 33. 556 Ibid. 557 Ibid. 558 NOGA, 104 Recommended Guidelines for Information Security (n 508) 8, 25.

368

INTERNATIONAL OIL INDUSTRY RESPONSES

antivirus software due to concerns that it would cause ICS performance problems and possibly failure.559 Performance impacts may be reduced through configuration settings and scanning scheduling.560 Therefore, ICS considerations should be taken into account during the selection, installation, configuration, operational, and maintenance procedures relating to malware protection.561 Systems where specific anti-virus software cannot be installed need to be protected by firewalls containing scanning software, IDSs and IPSs.562 4.4.7 Protective monitoring Protective monitoring is an important technical security control. Protective monitoring is mostly about using technical tools and technology for monitoring physical assets and equipment, process systems and ICT systems to detect irregularities that might indicate security breaches and potential security risks, and to ensure compliance with company policies, rules and procedures is maintained at high levels. It can include monitoring of email communications and internet usage ‘to reduce the risk of introducing malicious software’ into the company’s networks and ‘detect attempts by employees to access inappropriate websites’;563 monitoring of telecommunications including numbers dialled, the duration of calls, and recordings of telephone conversations; monitoring the use of access cards and access codes by personnel; monitoring of networks, control systems and critical processes; and triggering an alarm or alert when abnormalities or systematic efforts to penetrate the system are detected.564 Protective monitoring can be carried out in real time or offline. IDSs may be used to monitor the operating status of the utilities and critical processes and components to ensure adequate security levels are maintained.565 Automated monitoring tools that use behaviour-based anomaly detection may complement traditional signature-based detection solutions.566 Log management is an important aspect of protective monitoring. Most ITC systems and networks, as well as physical assets and equipment can be configured so that every event that takes place generates an entry into a log containing key data such as the user name, date and time of the event.567 Goldsmith asserts that logs are a source of potentially vital information that can be analysed and used proactively by companies to detect, assess, track and mitigate potentially malicious activity before any damage is caused.568 For that reason, in order to leverage the benefits of log

559 Stouffer, Falco and Scarfone (n 283) D-2. 560 Ibid. 561 Ibid. 562 NOGA, 104 Recommended Guidelines for Information Security (n 508) 25. 563 API, Security Guidelines for the Petroleum Industry (n 254) 36; CPNI, Ongoing Personnel Security (n 340) 29–30. 564 CPNI, Ongoing Personnel Security (n 340) 29–30; Tom Goldsmith, ‘Effective Log Management’ (CPNI, April 2014) 5. 565 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 62; API, Security Guidelines for the Petroleum Industry (n 254) 34. 566 Council on Cyber Security (n 485) 34. 567 CPNI, Ongoing Personnel Security (n 340) 29. 568 Goldsmith (n 564) 5; CPNI, ‘Critical Security Controls Guidance’ (2015) www.cpni.gov.uk/ advice/cyber/Critical-controls/ accessed 1 December 2015.

369

INTERNATIONAL OIL INDUSTRY RESPONSES

management, it is essential for a company to have a clear log management system that will ‘ensure the data is of sufficient quality and is organised appropriately’.569 Log data may be useful in supporting an efficient response to a network intrusion and may prove very helpful during the investigation of security breaches and incidents.570 This may include playback and analysis of full recordings of track data, fault diagnostics, alarms and operator actions.571 4.4.8 Command, control and response capability Offshore installations should have a sophisticated ‘command and control system that displays images and data from radar, cameras and sonar’.572 Technology allows for integrated command and control capabilities enabling radar screens and control capabilities to be interlinked, which practically allows offshore personnel in the control room to ‘treat the radar screen as if it were another camera, with the ability to scan in and out and perform other kinds of radar operations typically done on a separate operator interface’.573 New and emerging technologies include ‘vulnerability assessment using advanced geographical information systems and combining satellite monitoring data with ground-based data sets’.574 This provides the security operator with full situational awareness and control capability. The control room should be equipped with adequate command and control capabilities including controls and communications equipment.575 There should be ‘a single point of control to oversee’ all network traffic.576 The ability to communicate with the outside world, or to control or shut down critical operators and components of an offshore installation from inside a control room or citadel can significantly reduce the impact of an offshore security incident.577 Command and control rooms should have radio, interphone, multi-service communication, fibre optic or satellite communication.578 However, in times of emergency, communications might be cut off in the early stages, and so ‘back up options should be considered’.579 It is also important to note that existing security technologies require much higher bandwidth, processing power and memory. 580 Companies need to establish appropriate technical capabilities to respond to both physical and cyber security incidents. Effective response capabilities extend beyond technical aspects and involve issues ranging from policies and procedures to training and exercises.581 Continuity preparations may include remote access to ICT systems 569 Goldsmith (n 564) 5. 570 Ibid.; Council on Cyber Security (n 485) 20. 571 Ultra Electronics (n 335). 572 Badolato (n 344). 573 Honeywell International (n 334) 8. 574 Steinhausler et al. (n 468). 575 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 58. 576 Radvanovsky (n 474) 255. 577 IOGP, Integrating Security in Major Projects (n 43) 4. 578 Frost and Sullivan (n 482). See also Standards Norway, Telecommunication and IT Systems for Drilling Units (NORSOK Standard T-003, 2nd rev., November 2004). 579 IOGP, Security Management System (n 53) 12. 580 Radvanovsky (n 474) 242. 581 PA Consulting Group and CPNI, Good Practice Guide: Process Control and SCADA Security: Guide 3. Establish Response Capabilities (n.d.) 6.

370

INTERNATIONAL OIL INDUSTRY RESPONSES

in designated back-up locations.582 Several international standards relating to investigations of cyber incidents have been developed.583 4.5 Stakeholder security controls There are many different stakeholders that are affected by offshore oil and gas operations and who may need to be engaged with or involved in company activities in order to minimise security risks associated with company operations.584 In general, security controls discussed earlier are managed by the company itself. Stakeholder security controls are largely ‘external’ security controls in that they are managed by third parties such as suppliers, governments or customers, and the company may have little or no influence on their effectiveness.585 The IOGP has suggested that depending on the nature of the risk, companies may need to ‘have controls to monitor, respect and respond to the external controls, rather than seek to control the risk directly’.586 Stakeholder security controls are about managing relationships and facilitating coordination with key stakeholders (i.e. governments, local communities, international organisations, suppliers, service providers, the media and customers) and addressing stakeholder expectations, concerns and grievances.587 Stakeholder security controls can be summarised as: stakeholder mapping; government relations management; community engagement and local integration; industry partnerships and mutual aid; contract management; supply chain management; media management; and regulatory compliance. 4.5.1 Stakeholder mapping Oil companies need to establish measures to manage and engage with stakeholders to identify, address and manage security risks associated with their assets, products or activities.588 Relationships with various stakeholders should be established ‘as an integral part of sustaining a responsible business presence throughout’ a project’s lifecycle.589 To do that, stakeholder mapping should be carried out as a starting point before communication, planning and active engagement with stakeholders takes place.590 Companies should identify significant stakeholder groups, consider the current status of their relationship and plan their engagement activities to develop open and sustainable relationships with stakeholders to deal with issues and

582 CPNI, Protecting Against Terrorism (n 217) 28. 583 ISO/IEC 27035:2011 Information technology – Security techniques – Information security incident management; ISO/IEC 27037:2012 Information technology – Security techniques – Guidelines for identification, collection, acquisition and preservation of digital evidence; ISO/IEC 27043:2015 Information technology – Security techniques – Incident investigation principles and processes. 584 IOGP and IPIECA, Operating Management System Framework (n 61) 19. 585 IOGP and IPIECA, OMS in Practice (n 73) 9. 586 Ibid. 587 IOGP and IPIECA, Operating Management System Framework (n 61) 19. 588 Ibid. 589 Ibid. 590 IOGP and IPIECA, OMS in Practice (n 73) 24.

371

INTERNATIONAL OIL INDUSTRY RESPONSES

concerns that may have an impact on security.591 The relevant stakeholder groups may include business partners, investors, contractors, suppliers, local communities, regulatory and law enforcement agencies, and non-government organisations (NGOs).592 4.5.2 Government relations management The protection of offshore installations is a shared responsibility of governments and the private sector. Cooperation between the petroleum industry and governments on matters relating to the protection of offshore oil and gas installations is one of the key stakeholder security controls.593 Management of relationships and interactions with governments and their regulatory law enforcement and emergency agencies play an important role in the security of offshore installations. The interactions with host government agencies may include continuous security training and awareness, intelligence networking, site visits, on-site security and emergency exercises that involve participation of government security forces and emergency response personnel, as well as increased security surveillance and security patrols of offshore installations.594 Offshore installation operators should establish and maintain effective liaison with host government agencies including local law enforcement and emergency responders.595 When developing security and emergency preparedness, the authorities that should be contacted may include emergency service agencies, the local police and the local port authority.596 The interaction between the protective force and local law enforcement agencies may be based on the terms of agreements in place with well-defined protection responsibilities, well-developed communication procedures, and participation in drills and exercises.597 In the event of security alerts, incidents and emergencies that an offshore installation operator or crew cannot handle alone, assistance should be requested from coastal state authorities such as the police or security forces.598 The armed forces of the host state, local fire services and health services could also be involved.599 Proper relationship and interaction with host government agencies and regulators may help to prevent attacks and security incidents involving offshore installations, or minimise their impacts. Such interaction can be in the form of consultative forums, information exchange and familiarisation tours to offshore installations by personnel

591 Ibid.; IOGP and IPIECA, Operating Management System Framework (n 61) 19. 592 IOGP and IPIECA, OMS in Practice (n 73) 24. 593 See OITS (n 45) 94. 594 See, e.g. OITS (n 45); DHS, Risk-Based Performance Standards Guidance: Chemical Facility AntiTerrorism Standards (May 2009); OSCE (n 471); USCG, Recommended Security Guidelines for Facilities, Navigation and Vessel Inspection Circular No.11-02, Doc NVIC 11-02 (13 January 2003); OTS, Offshore Security Assessment Guidance Paper (June 2005); DHS, The National Strategy for Maritime Security (September 2005). 595 API, Security for Offshore Oil and Natural Gas Operations (n 44) 2; NOGA, 091 Recommended Guidelines for Securing Supplies (n 205) 15. 596 NOGA, 091 Recommended Guidelines for Securing Supplies (n 205) 19. 597 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 57. 598 NOGA, 091 Recommended Guidelines for Securing Supplies (n 205) 19. 599 Ibid.

372

INTERNATIONAL OIL INDUSTRY RESPONSES

of government agencies. In some high-risk areas, military personnel or private armed security guards are stationed on board offshore installations, especially on strategically important offshore installations. Considering that most offshore oil and gas installations and related offshore infrastructure are owned by the industry, governments have realised that they need to work more closely with the industry to ensure that offshore installations are adequately protected. This has generally improved engagement between relevant government agencies and offshore industry participants in areas such as information sharing and joint emergency preparedness exercises.600 Security of offshore installations can benefit from ongoing engagement with host government authorities.601 However, relationships with host governments and their agencies should be managed carefully to ensure that they contribute to sustainable development and respect human rights. In dealing with host governments oil companies should have regard to VPSHR and the UNGP, as well as implementation tools and guidelines developed by relevant organisations.602 Building relationships and partnerships with host governments as well as consultations and negotiations prior to the commencement of the project ‘may help to establish agreement in principle about how such matters would be addressed’.603 4.5.3 Community engagement and local integration Security risks often occur as a result of human interactions, so consideration of general and specific interactions with local communities in the countries and areas where offshore petroleum projects take place is one of the key stakeholder security controls.604 Community engagement and local integration is about issues such as community consultation processes, social impact assessment, social responsibility programme, community grievance mechanisms and local content strategy.605 Community engagement measures should be introduced into the project cycle as early as possible to generate most security and benefits.606 Establishing open dialogue and consultation with local communities provides them with a voice in identifying and managing security risks and potential impacts on local communities; enables early identification of potential sources of concern;607 and provides ‘opportunities for oil and gas companies to promote good neighbour practices through community compensation and investment’.608 Particularly in the early stages of an offshore project ‘winning over hearts and minds’ of a local community

600 OITS (n 45). 601 Ibid. 65. 602 See, e.g. MIGA (n 48); ICMM et al. (n 52). 603 IOGP, Mutual Aid in Large-Scale Offshore Incidents (n 43) 8. There may be an arrangements whereby a ‘foreign oil company contributes to the operational expenses of nearby military units’ assigned to protect its offshore installations: Jenkins (n 293) 21. 604 IPIECA and IOGP, Key Questions in Managing Social Issues in Oil & Gas Projects (October 2002) 17. 605 IOGP, Security Management System (n 53) 8. 606 IPIECA, Community Grievance Mechanisms (n 42) 7. 607 Ibid. 6. See also IPIECA and IOGP, Key Questions (n 604) 19. 608 IPIECA and IOGP, Key Questions (n 604) 37.

373

INTERNATIONAL OIL INDUSTRY RESPONSES

is often the key to security because an unhappy community can create considerable security risks.609 In the early stages, companies should undertake social impact assessments to identify and appraise risks and potential impacts that their activities can have on local communities and the societies of host states in general.610 This can be useful for effective engagement with local community stakeholders. Companies should consider developing a local community engagement plan in order to have a consistent and context-tailored strategy for engaging key community stakeholders, which is critical for establishing mutually beneficial and long-lasting relationships with local communities.611 Such a community engagement plan should recognise local and regional factors including language, culture, socio-economic factors and the security situation.612 It should include early establishment of twoway communication and other mechanisms that support: mitigation of potential risks, impacts or threats; documentation of agreed actions and commitments, including partnerships, local content and sustainable development initiatives; and accessible grievance mechanisms for providing feedback and monitoring company performance throughout the project’s lifecycle.613 A community engagement plan or strategy should be fit for purpose and for the specific situation or regulatory framework in which the offshore operations take place.614 For example, a community engagement plan in a politically stable or low-risk country will be very different to one in a politically unstable, high-risk country.615 Oil companies should establish community grievance mechanisms, which should be an integral part of the overall company approach to community engagement.616 According to IPIECA, community grievance mechanisms should be ‘designed to deal with complaints as they arise [and] show willingness to address concerns promptly and effectively, and can help to build local trust and goodwill’.617 The IPIECA has also stated that local content has ‘become a strategic issue for the oil and gas industry’.618 Companies should put in place local content programmes that include both local community content and national content,619 to increase opportunities for local sourcing of labour, materials, components and services.620 Local content may include actions such as the assessment of the capacity of the local suppliers, contractors and labour force; transparent employee hiring and termination policies; sourcing of local equipment and materials; and other local integration measures, as part of the company’s broader community engagement strategy.621 Some companies have community relations departments that work at

609 610 611 612 613 614 615 616 617 618 619 620 621

IOGP, Security Management System (n 53) 26. IPIECA, A Guide to Social Impact Assessment in the Oil and Gas Industry (2004) 5–7. IOGP and IPIECA, OMS in Practice (n 73) 24. Ibid. IOGP and IPIECA, Operating Management System Framework (n 61) 19. IOGP and IPIECA, OMS in Practice (n 73) 33. Ibid. IPIECA, Community Grievance Mechanisms (n 42) 6. Ibid. 7. IPIECA, Local Content Strategy: A Guidance Documents for the Oil and Gas Industry (2011) 1. Ibid. IOGP and IPIECA, OMS in Practice (n 73) 22. Ibid.; IPIECA and IOGP, Key Questions (n 604) 34.

374

INTERNATIONAL OIL INDUSTRY RESPONSES

the local community level to promote and communicate information about opportunities in specific company projects.622 The UN Global Compact for Security and Human Rights (UNGC) provides guidance on how oil companies and security companies should interact and deal with the local communities in their area of operation.623 Offshore installation operators and oil companies should have a process to inform the directly impacted communities of procedures to be followed in the event of an offshore security incident.624 This process can include ‘identifying members of the local communities who may be directly impacted during an incident’ and providing them with steps or procedures that should be taken during an incident, including sheltering and evacuation procedures.625 4.5.4 Industry partnerships and mutual aid Mutual security benefits can be realised by engaging and coordinating with other offshore operators and industry participants, particularly in situations where offshore installation operators have shared responsibilities, limited control or little influence.626 Offshore oil and gas industry participants can have a number of different partnership arrangements in place aimed at improving collaboration and coordination among the offshore industry participants including on matters relating to security. International standard ISO 22397:2014 provides guidelines and a process for establishing partnering arrangements among organisations to improve their capacity ‘to enhance prevention, preparedness, response, and recovery programmes’.627 Offshore installation operators should actively collaborate with other offshore industry participants such as offshore suppliers, transport companies, shipping companies and security companies that deliver products and services to offshore installations and seek to mutually develop comprehensive, cost-effective and practical security solutions and measures for offshore installations and other offshore industry participants, as well as incident and emergency response.628 When a security incident is confined to their own enterprise, offshore industry participants should deal with the incident on their own account and would be responsible for direct contact with relevant authorities.629 Operators of adjacent and nearby offshore installations may see security and/or cost-related benefits in coordinating their security and emergency response measures and may decide to collaborate by implementing compatible or common security controls and entering into mutual aid arrangements. The IOGP has developed a framework to assist offshore installation operators in mutual aid arrangement

622 See, e.g. FortisBC, ‘Media Relations Guidelines’ (Guideline No. ADM 05-01, 17 February 2009) 4. 623 Husband (n 350). See also ISO 26000:2010 Guidance on social responsibility. 624 Isaacs (n 258). 625 Ibid. 626 IOGP and IPIECA, OMS in Practice (n 73) 25. 627 ISO 22397:2014 Societal Security – Guidelines for establishing partnering arrangements. 628 NOGA, 091 Recommended Guidelines for Securing Supplies (n 205) 4. 629 Ibid. 11.

375

INTERNATIONAL OIL INDUSTRY RESPONSES

discussions, which sets out a process for developing mutual aid arrangements tailored to specific local circumstances.630 According to IOGP, ‘a framework to guide the consideration of mutual aid and response assistance could further enable industry to improve its ability to respond’ to serious offshore incidents.631 In some collaborative arrangements for the protection of the offshore oil and gas supply chain participating companies may choose to appoint a joint security administration with appropriate responsibilities and authority to effectively manage and/or oversee the security of the entire offshore project. The administrator role could be performed by an operator on a permanent basis, in some cases ‘a rotating role amongst members of the arrangement would be more appropriate’, or participants may appoint an independent administrator.632 For offshore operations ‘involving multiple parties using different management systems’, the processes, as well as the interfaces and other bridging mechanisms that will operate should be agreed on,633 even if there is no contractual relationship between the parties. This process would typically involve ‘identifying alignment and relevant gaps (including roles, responsibilities and actions)’ in the management systems of different offshore industry participants.634 Oil companies should also participate in industry association security committees and standardisation bodies in connection with the development of international and industry security standards and recommended practices.635 4.5.5 Contract management When contracting with suppliers and service providers, offshore installation operators and oil companies should require specific social responsibility criteria (e.g. processes to ensure regulatory compliance and mechanisms to deal with non-conformances, complaints and grievances) and security standards and practices to be incorporated into binding agreements with suppliers, fabricators and service providers.636 Incorporating security provisions into ‘contracts at the design phase reduces confusion and conflict at later stages’, which consequently reduces unexpected costs and delays.637 To ensure the security of supplies and materials an operating company can enter into security agreements with key suppliers, and key suppliers can enter into security agreements with their own sub-suppliers, subject to the operating company’s agreement.638 Where such agreements exist, operating companies must check compliance with these agreements.639 Security managers should integrate SRM into

630 IOGP, Mutual Aid in Large-Scale Offshore Incidents (n 43) 4. 631 Ibid. 632 IOGP, Mutual Aid in Large-Scale Offshore Incidents (n 43) 18. 633 IOGP and IPIECA, OMS in Practice (n 73) 23. 634 Ibid. 635 API, Security for Offshore Oil and Natural Gas Operations (n 44) 9. 636 IOGP and IPIECA, OMS in Practice (n 73) 25; NOGA, 091 Recommended Guidelines for Securing Supplies (n 205) 4. 637 IOGP, Integrating Security in Major Projects (n 43) 4. 638 NOGA, 091 Recommended Guidelines for Securing Supplies (n 205) 20. 639 Ibid.

376

INTERNATIONAL OIL INDUSTRY RESPONSES

contracting decisions and contractor oversight.640 As noted by the IOGP, ‘[t]he utility of these contractual agreements cannot be overstated’ especially for offshore operations in the higher risk environments.641 The contracting process may incorporate specific social responsibility and security criteria for risk assessment, model of contracting, capability assessment of suppliers and contractors, approval of contractors and suppliers, performance indicators and provision of performance evaluation and feedback.642 Contractual provisions may also include a requirement to share security information and to collaborate in the form of a security oversight committee made up of the companies participating in a project.643 4.5.6 Supply chain management Security of offshore oil and gas installations can be provided by a combination of installation security and supply chain security management.644 This security control relates to supplies to oil companies and offshore installation operators. In the context of offshore installations, supply chain management is about applying due diligence in selecting suppliers when assets and services are acquired,645 and it is also about measures to ensure that suppliers and offshore service providers have adequate security controls in place to secure their operations and materials. This includes suppliers of technical components used on offshore installations, hardware and software.646 Even if an oil company does not have direct control over security arrangements of third parties (contractors and service providers) with which it engages, it may still be able to use its bargaining power to influence its suppliers, contractors and service providers involved in an offshore project. The time to make appropriate due diligence enquiries on prospective suppliers is during the planning and design stage of an offshore project.647 The OECD has produced guidelines for responsible supply chains of minerals from conflict-affected and high-risk areas648 that can be adapted for the oil and gas industry. The purpose of the OECD guidelines ‘is to help companies respect human rights and avoid contributing to conflict through their sourcing decisions, including the choice of their suppliers’.649 NOGA has developed guidelines for securing supplies and materials in the oil and gas industry with the aim of facilitating ‘robust and satisfactory baseline security in normal conditions, and to provide guidance when changes occur to the security level’.650

640 IOGP and IPIECA, OMS in Practice (n 73) 23. 641 IOGP, Integrating Security in Major Projects (n 43) 4. 642 IOGP and IPIECA, OMS in Practice (n 73) 23. 643 IOGP, Integrating Security in Major Projects (n 43) 4. 644 NOGA, 091 Recommended Guidelines for Securing Supplies (n 205) 15. 645 IOGP and IPIECA, Operating Management System Framework (n 61) 21. 646 Several international standards such as ISO/IEC 27036-1:2014 Information technology – Security techniques – Information security for supplier relationships – Part 1: Overview and concepts. 647 IOGP, Integrating Security in Major Projects (n 43) 4. 648 OECD, OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas (2nd edn, 2013). See also OECD, OECD Guidelines for Multinational Enterprises (2011). 649 OECD, OECD Due Diligence Guidance (n 648) 12. 650 NOGA, 091 Recommended Guidelines for Securing Supplies (n 205) 4.

377

INTERNATIONAL OIL INDUSTRY RESPONSES

Oil companies should consider implementing supplier and contractor security programmes including providing training to improve security awareness and preparedness of suppliers and service providers to offshore installations,651 as well as securing the facilities that service offshore installations including landside heliports and support and maintenance facilities.652 Suppliers and service providers should be supervised and audited by operating companies, which includes compliance with contractual requirements based on any applicable security guidelines and recommended practices.653 Offshore supply and support ships of 500 gross tonnes or above will normally be certified under ‘the ISPS code and ideally call only at port facilities secured to the ISPS standard’.654 NOGA suggests that to service ISPScompliant ships, oil companies must establish their own port facilities that are subject to and comply with the ISPS Code that may be adjacent to its installations.655 4.5.7 Media management Media coverage may have a significant impact on the company’s brand and image,656 which in turn may have security implications for the company’s offshore installations in the area of operation. Offshore installation operators and oil companies generally should have policies and procedures for dealing with the media to ensure that communications with news reports are handled in a professional manner, that all media enquiries are promptly and openly addressed and that the company messages to the public are consistent.657 The way oil and gas companies are perceived by the public through the media may have broader indirect security implications. Particularly in situations of emergency and serious security incidents ‘it may be necessary to engage with the local or even national media who may be pressing for urgent information’ and response.658 Media enquiries should be handled by and directed to staff who are familiar with media handling.659 There should be a designated company spokesperson and first contact in most circumstances for enquiries from the media, who is usually the communications manager.660 The company communications manager should work with other departments to ensure that the information provided to the media about specific projects is clear and consistent.661 In general, each service provider company should be ‘responsible for all information to the media as regards their operations’.662 Security companies hired by offshore installation operators should refer all media enquiries to the operating companies, but enquiries about ‘internal conditions in the security company can be

651 IOGP and IPIECA, OMS in Practice (n 73) 22. 652 Crocker (n 311) 79. 653 NOGA, 091 Recommended Guidelines for Securing Supplies (n 205) 21. 654 Ibid. 13. 655 Ibid. 656 FortisBC, ‘Media Relations Guidelines’ (n 622) 1. 657 See, e.g. FortisBC, ‘Public Affairs Emergency Plan’ (Procedure No. EMR 10–16, September 2012) 120; FortisBC, ‘Media Relations Guidelines’ (n 622) 1. 658 CPNI, Protecting Against Terrorism (n 217) 32. 659 Ibid. 660 FortisBC, ‘Media Relations Guidelines’ (n 622) 1. 661 Ibid. 4. 662 NOGA, 003 Recommended Guidelines for Checks at Helicopter Terminals (n 44) 16.

378

INTERNATIONAL OIL INDUSTRY RESPONSES

handled by the security company’.663 As far as the company’s own response is concerned, the message needs to have accurate and appropriate information depending on the circumstances.664 4.5.8 Compliance management Compliance management is one of the stakeholder security controls that relates to the company’s regulatory compliance, compliance with industry standards, as well as compliance with voluntary principles and recommended practices such as the VPSHR. Company management should ensure that security measures and controls of its offshore installations comply with all relevant international and national security laws and regulations, international and industry standards, national CIP policies and local operating practices.665 To help achieve this, all relevant regulatory requirements, standards, policies and practices should be identified and documented.666 A regulatory baseline may be established by companies ‘to measure and provide corporate wide visibility to legal compliance requirements’.667 Relevant laws, regulations and standards may be quite wide-ranging, from maritime security regulations to laws relating to rules of evidence and to technical standards on information security. Apart from security laws and regulations, oil companies are typically required to comply with environmental laws, labour laws and human rights laws when conducting their operations. Where possible oil companies should engage with regulators and participate in consultative processes relating to the development of security regulations to ensure the regulations are economically feasible, practical and fair, which may include addressing issues relating to sharing of responsibility for the protection of offshore installations, financial burden associated with compliance with these regulations and cost sharing.668 5 Residual risk management and continuous improvement Even the most robust security controls will not necessarily completely eliminate security risks. The aim is ‘to reduce security risks to acceptable levels’,669 taking into account the cost–benefit analysis. To support consistent implementation of an SMS throughout the company the effectiveness of existing security controls should be assessed to determine the level of residual risk and decide whether the level of the residual risk is acceptable or tolerable.670 ‘Residual risk’ may be defined as ‘[t]he amount of assessed risk that remains after risk controls/barriers have been

663 Ibid. 664 CPNI, Protecting Against Terrorism (n 217) 32. 665 API, Security for Offshore Oil and Natural Gas Operations (n 44) 2; CSA (n 266) viii. 666 API, Security Guidelines for the Petroleum Industry (n 254) 36. 667 Ibid. 668 API, Security for Offshore Oil and Natural Gas Operations (n 44) 9. 669 IOGP, Integrating Security in Major Projects (n 43) 6. 670 IOGP and IPIECA, OMS in Practice (n 73) 27; ISO 31000:2009 Risk Management – Principles and Guidelines 19.

379

INTERNATIONAL OIL INDUSTRY RESPONSES

fully implemented to reduce and mitigate a risk’.671 The IOGP has defined residual risk as ‘risk that currently exists, taking into account controls that have been established’.672 Company decision makers ‘should be aware of the nature and extent of the residual risk’.673 After security controls have been implemented, the security assessment team should determine potential risk reduction and residual risk.674 The residual risk needs to be ‘documented and subjected to monitoring, review and, where appropriate, further treatment’.675 The principle that the residual risk shall be as low as reasonably practicable (ALARP) is referred to as the ALARP principle,676 which is one of the commonly applied ‘risk management approaches to assess whether risk controls are adequate for acceptability of the residual risks’.677 For the security risk to be ALARP it must be demonstrated ‘that the cost involved in reducing the risk further would be grossly disproportionate to the benefit gained’.678 Additional assurance that security controls remain effective and fit for purpose can be provided through audits and onsite inspections. Offshore security controls and residual risk should be monitored and reviewed to ensure their ongoing suitability for addressing security risks, to provide for continuous improvement and to ensure that residual risk stays ALARP.679 Audits and inspections can be carried out by inhouse company auditors or by independent third parties or the relevant government agencies. Audits and inspections can be planned or random.680 They should extend to cover the operations of offshore contractors, so it is important to make auditing part of the contract. The results of the audits should be consolidated and summarised, and any identified vulnerabilities should be clearly identified.681 When residual risk is found to be unacceptable or intolerable it will be necessary to take some remedial action to ensure the continued protection of the installation and offshore workers, especially in high-risk areas.682 The remedial action may include conducting a joint review of security procedures of the offshore project or operation to ensure that there are no unresolved security-related issues and conflicts.683 For example, security controls need to be reviewed when an offshore project is transitioning from one phase to another (e.g. exploration to production phase) and any necessary changes should be made such as new personnel induction

671 IOGP and IPIECA, Operating Management System Framework (n 61) 33. See also API, Security Risk Assessment Methodology (n 24) 6; COSO, Enterprise Risk Management – Integrated Framework (September 2004) 34. 672 IOGP, Security Management System (n 53) 22. ISO 31000:2009 defines ‘residual risk’ as ‘risk remaining after risk treatment’: ISO 73:2009 Risk management – Vocabulary 11. 673 ISO 31000:2009 Risk Management – Principles and Guidelines 20. 674 API, Security Risk Assessment Methodology (n 24) 40. 675 ISO 31000:2009 Risk Management – Principles and Guidelines 20. 676 Maerli (n 134) 39. 677 IOGP and IPIECA, OMS in Practice (n 73) 27. 678 Maerli (n 134) 39. 679 API, Security Guidelines for the Petroleum Industry (n 254) 12. 680 API and NPRA, Security Vulnerability Assessment Methodology (n 232) 48. 681 Ibid. 49. 682 IOGP, Integrating Security in Major Projects (n 43) 7. 683 Ibid.

380

INTERNATIONAL OIL INDUSTRY RESPONSES

or training of security providers on aspects of the project.684 The goal should be to establish the elements of a continuous improvement process to maintain and evaluate the SMS. Given that all offshore oil and gas operations have unique characteristics, the SMS ‘should provide for flexibility and continuous improvement due to changing conditions’.685 Offshore installation operators should continuously evaluate their security controls, manage residual risks, and ‘take action where gaps exist and to continuously improve’.686 Oil companies with international operations have generally tailored their international security policies and practices to meet the national requirements of a given state under whose jurisdiction an offshore installation is operating and taking into account specific perceived threats and risks in the location of operation.687 Offshore installations in high-risk areas/countries have security arrangements of higher order, where stationing of armed security personnel (private security guards or state security forces) on board an offshore installation is a standard practice. For operators of offshore installations in low-risk countries/areas, security planning is a comparatively new practice, but ‘companies are continually improving their security arrangements and practices’.688 According to the 2012 study of the oil and gas security market by Frost & Sullivan, security of oil and gas installations is one of the top priorities for the global petroleum industry, and increasing oil and gas activities coupled with evolving security threats to critical infrastructures will drive the global oil and gas industry infrastructure security market, which is expected to increase considerably in the coming years.689 However, due to the large number of offshore installations, limited company resources allocated to security, the inherent vulnerabilities of offshore installations, as well as the variety of potential threats and sources of attacks, protecting offshore installations could be an extremely challenging task for both governments and oil companies. From the industry perspective, therefore, there appears to be a need for a systematic approach to security management supported by the top management of the company. 6 Conclusion While this chapter has focused on the industry responses to security challenges and company security measures, it is understood that the security of offshore petroleum installations is a challenge addressed by both governments and the industry. The oil and gas industry through its representative bodies and standardisation organisations has developed standards, guidelines and recommended practices aimed at enhancing the security arrangements of the petroleum infrastructure including offshore oil and gas installations. By using international and industry

684 685 686 687 688 689

Ibid. API, Security Guidelines for the Petroleum Industry (n 254) 9. BP (n 363) 16. OITS (n 45) 65. Ibid. 64. Frost and Sullivan (n 482).

381

INTERNATIONAL OIL INDUSTRY RESPONSES

security standards and best practices and working towards uniformity in security approaches, the industry will benefit from a common approach to security arrangements and will be in a better position to find more cost-effective offshore security measures. Offshore operators have a range of offshore security controls available that have been categorised as procedural, physical, personnel, technical and stakeholder security controls. Specific security arrangements around installations should be determined on a case by case basis taking into account an SRA, including consideration of vulnerabilities of installations and the potential consequences that can result from an attack on the installation in question. As it is practically impossible to eliminate all vulnerabilities and to protect all offshore installations to the same degree, the emphasis should be on protecting offshore installations that are more likely to cause the most severe impacts on the company, local communities, the host state, other states and the global economy. Security needs of the offshore oil and gas industry have influenced other related industries such as offshore installation design and fabrication (i.e. designing offshore installations with security aspects taken into account) and security equipment and technology manufacturers. The oil and gas industry appears to be becoming more security-averse and oil companies are spending more on security of their operations and installations; however security is still ‘often perceived as an unnecessary barrier to progress’.690

690 IOGP, Security Management System (n 53) 26.

382

CHAPTER 9

CONCLUSION 1 Introduction Offshore oil and gas resources are being exploited with greater intensity and security challenges affecting offshore oil and gas installations are likely to continue to grow in the years ahead.1 Attacks on and unlawful interferences with offshore installations are likely to continue and in the future they may have greater implications for the world’s economy and security generally. Concerns about security threats such as terrorism and piracy and potential serious consequences of attacks on offshore installations are likely to continue to be major issues for governments and oil companies worldwide. Oil and gas together represent the largest proportion of total energy resources currently being used. In the current economic climate, tight international energy markets and volatile oil price, an attack on a major offshore production platform or an offshore export terminal could potentially have serious economic and environmental consequences, as well as human casualties. Therefore, offshore installations may be seen as attractive targets at least by some groups of adversaries. Looking at attacks and unlawful interferences against offshore installations that occurred throughout the history of the offshore petroleum industry, this book examined the protection and security aspects of offshore oil and gas installations from a global, industry-wide, company-level and perpetrator’s perspectives. 2 Key questions In the beginning, this book set out to answer several key questions pertaining to the security of offshore oil and gas installations. These questions formed the basis for the structure of the book and served as a guide for the analysis throughout the book. Specifically, those questions were: • • • • • • •

How common are attacks on offshore oil and gas installations? Where are offshore oil and gas installations attacked? What types of offshore installations are attacked and need to be protected? Who attacks offshore oil and gas installations? Why are offshore oil and gas installations attacked? How are offshore oil and gas installations attacked? What is the legal status of offshore oil and gas installations?

1 See Daniel Yergin, ‘Ensuring Energy Security’ (2006) 85(2) Foreign Affairs 69, 79.

383

CONCLUSION

• • •

How is offshore installations security regulated at the international level? How has the oil industry responded to improve offshore installations security? How can the security of offshore installations be improved?

The first nine of these questions were addressed in the preceding chapters. In particular, the first four chapters examined past attacks on and unlawful interferences with offshore petroleum installations (Chapter 1 and Appendix), the types of offshore installations that are utilised by the offshore petroleum industry (Chapter 2), different types of security threats facing offshore installations (Chapter 3) and offshore target selection considerations including target attractiveness factors and potential scenarios of offshore attacks (Chapter 4). The next four chapters examined the legal status of offshore installations in international law (Chapter 5), the international regulatory framework for the security and protection of offshore installations (Chapters 6 and 7) and responses of the international oil industry pertaining to the security of offshore installations (Chapter 8). This final chapter (Chapter 9) summarises key issues discussed in the preceding chapters, highlights limitations and weaknesses of the security framework for offshore installations and provides some suggestions for reform and further research. In doing so, it addresses the last question, which is – how can the security of offshore installations be improved? 3 Key issues and findings The analysis began with a brief discussion of key terms and the concept of ‘offshore petroleum security’ was introduced, which was found to be closely related to maritime security and energy security. It was noted in Chapter 1 that petroleum has been regarded as a strategic commodity for some 100 years and will continue be regarded as such in the foreseeable future. In some countries, petroleum has been a source of prosperity and economic growth, while in others, it has been a source of environmental degradation, corruption and poverty. Throughout its history, the oil and gas industry has been associated with many controversies. Oil and gas installations have been targeted by various non-state actors who have committed violent unlawful acts ranging from vandalism to hostage-taking. The earlier calls to enhance the security of offshore petroleum installations were generally seen as unwarranted, but that perception has changed, especially since 9/11. Concerns about the threats of terrorism and piracy to offshore oil and gas installations have become a major issue for energy companies and governments worldwide. Government agencies and offshore industry participants have become more security risk-averse and have recognised the need to improve security arrangements of offshore oil and gas installations. Energy security challenges, the growing demand for petroleum resources and awareness of potential consequences of offshore attacks are among the factors that make states concerned about the security of offshore oil and gas installations. A number of steps have already been taken in that regard by international organisations, individual governments and oil companies. 384

CONCLUSION

3.1 How common are attacks on offshore oil and gas installations? This is probably the most difficult question of all key questions this book has set out to answer. It was noted in Chapter 1 that one of the problems relating to data on attacks and unlawful interferences involving offshore installations relates to underreporting. Consequently, the exact number of attacks on offshore installations is unknown and impossible to ascertain. A brief overview of past attacks on and unlawful interferences with offshore installations was provided in Chapter 1 and the detailed chronology is set out in the Appendix, which is referred to as the OIAD and which contains 113 events that occurred between 1 January 1975 and 1 January 2015. Surely, not all offshore attacks and security incidents are included, but the OIAD provides a good sample for some general analysis. Attacks against offshore oil and gas installations are relatively rare, compared to attacks on onshore oil and gas installations. However, attacks and security incidents involving offshore installations have generally increased over the years, especially since 2004. More than half of all attacks and security incidents recorded in OIAD took place between 2005 and 2015. The peak of attacks was between 2006 and 2009, which can be largely attributed to the violent campaign of Nigerian insurgents against the oil industry that involved many attacks on offshore petroleum installations in the Gulf of Guinea. The attacks have declined significantly since the beginning of 2010, which is mainly due to the Nigerian Government’s amnesty deal that many Nigerian insurgents accepted in 2009. 3.2 Where are offshore oil and gas installations attacked? Attacks and security incidents involving offshore installations have occurred in Angola, Australia, Cameroon, Canary Islands, China, Colombia, Greenland, Guyana, India, Iran, Iraq, Kuwait, Malacca Strait, Malaysia, Mexico, Netherlands, New Zealand, Nicaragua, Nigeria, Norway, Russia, Suriname, Tanzania, Trinidad and Tobago, Turkey, UAE, UK, US, Vietnam and Yemen. The geographical analysis indicates that attacks and unlawful interferences involving offshore oil and gas installations have occurred in various parts of the world, but there is some geographical concentration of attacks. Countries with high political instability, civil unrest and/or armed conflict appear to be more prone to attacks on their offshore installations. Notably, about half of all attacks recorded in the OIAD took place in Nigeria. However, offshore installations in politically stable countries are not immune to attacks and interferences. Politically and economically stable countries without civil unrest or armed conflict appear to be more prone to non-violent unlawful interferences with their offshore installations usually caused by environmental protesters. The geographical spread of the attacks and unlawful interferences with offshore installations suggest that geographical factors play an important role in the context of offshore installations security.

385

CONCLUSION

3.3 What types of offshore installations are attacked or need to be protected? This question was addressed in Chapter 2, which among other things provided an overview of the offshore oil and gas industry and discussed the types of offshore oil and gas installations that need to be protected against deliberate attacks and interferences. Given the economic and strategic importance of oil and gas resources and global concerns about offshore petroleum security, there is no doubt that offshore installations need to be adequately protected. The offshore industry utilises a range of fixed and mobile offshore installations of various shapes and sizes. Practically all types of offshore installations have been attacked, but attacks on offshore drilling units appear to be the most common.2 As part of their normal operations, offshore installations interact with ships such as tankers and offshore supply vessels, as well as helicopters and airplanes. The security arrangements of ships and aircraft that interact with offshore installations is as important as the security of offshore installations themselves. Due to interaction between operators of offshore installations and other offshore industry participants, lax security arrangements of offshore industry participants can compromise the security of offshore installations. Not all offshore petroleum installations require the same level of protection. Specific characteristics of each individual offshore installation will determine the level and nature of security arrangements required. Offshore installations that are likely to cause more significant consequences if attacked and installations located in high-risk areas warrant a higher level of protection. To ensure efficient allocation of security resources and the development of appropriate security measures, company and government decision makers need to have an understanding of adversaries that attack offshore installations, reasons why they attack or cause interferences with offshore installations and how they carry out their actions. To do that, oil companies and offshore installation operators need to undertake SRAs for their offshore installations. 3.4 Who attacks offshore oil and gas installations? This question was addressed in Chapter 3 which focused on security threats to offshore oil and gas installations. It was demonstrated in that chapter that the contemporary threat environment is quite complex and offshore installations face a number of security threats from non-state actors as well as nation-states. Security threats are difficult to categorise, but in that chapter they were categorised as piracy, terrorism, insurgency, organised crime, vandalism, civil protest, internal sabotage, inter-state hostilities and cyber threats. Some offshore security threats such as piracy and insurgency seem to be confined to specific geographical areas or regions while other security threats do not have any geographical limitations and have a global scope. In addition, different types of security threats can be faced by offshore installations depending on the area or region

2 See Appendix.

386

CONCLUSION

where they are operating. Geographical considerations are important; therefore geography is among the factors against which offshore security threats were assessed in Chapter 3. There are links and overlaps between different categories of offshore security threats and some threats are closely interrelated. Some adversaries represent more than one threat category due to their diverse activities. Importantly, however, not many groups of adversaries have capabilities to carry out attacks on offshore installations. One of the concerning issues is that claims regarding security threats and particularly the threat of terrorism to offshore oil and gas installations are often based on anecdotal evidence and speculations, and can be exaggerated. This can potentially lead to excessive security policies, misallocation of resources and unnecessary burdens on government agencies and industry participants. The analysis of past attacks on offshore installations and capabilities of terrorist groups to carry out attacks on offshore installations suggests that terrorism is not the most significant security threat to offshore installations, despite being perceived or claimed to be so. Insurgency appears to pose a more serious threat to offshore installations than terrorism. Insurgents generally have more sophisticated capabilities including training, weapons and equipment to carry out offshore attacks and they have caused significant damage to offshore installations. However, insurgency is a geographically specific threat, which means that it only poses a threat in countries where insurgency exists. Although non-violent, civil protest represents a considerable security threat to offshore installations. Environmental protesters have caused interferences with operations of offshore petroleum installations on many occasions. Cyber attacks are becoming an emerging security concern for offshore installations, which is likely to cause problems for oil companies in the future. 3.5 Why are offshore oil and gas installations attacked? This question was addressed in Chapter 4, which examined perpetrators’ target selection considerations with a particular focus on offshore target attractiveness and offshore attack methods. Target attractiveness factors pertaining to offshore installations were categorised as the ‘type of target’ factors that are considered to be a combination of vulnerabilities, additional incentives and deterrents, and the ‘type of effect’ factors that are essentially potential consequences of attacks. Offshore installations have characteristics that may be regarded as both attractive and unattractive from the perpetrators’ targeting perspective. On one hand, the economic (and in some cases strategic) importance of offshore oil and gas installations to states and oil companies, their vulnerabilities and potential consequences of attacks make offshore installations attractive and potentially more justifiable and commonly selected targets. On the other hand, a relatively high degree of difficulty of offshore attacks, the need to have specialised skills, as well as other mitigating factors such as increased security measures make offshore installations less attractive targets. Target selection is a complex process from an analytical perspective and can include a range of factors, considerations and variables. In general, the perpetrators are likely to attack targets that are the most attractive to them. Therefore, targets 387

CONCLUSION

ranked highest, based on their attractiveness, should be given a priority as far as risk mitigating measures are concerned from both company and government perspective. For the purposes of an SRA, the likelihood of an attack or unlawful interference needs to be assessed against a specific offshore target or a group of targets, and the protection efforts should focus on offshore installations that are most vulnerable and those that are more likely to cause the greatest consequences if successfully attacked. 3.6 How are offshore oil and gas installations attacked? As for the question of how offshore oil and gas installations are attacked, this question was also addressed in Chapter 4. There are several potential attack scenarios or methods that can be employed by perpetrators, depending on their intentions, capabilities as well as other factors. Unlawful interferences with offshore installations can be both violent and non-violent. The majority of offshore incidents involved violence, but about 33 per cent of security incidents were non-violent unlawful interferences such as environmental protests and labour strikes. Armed intrusion, seizure of offshore installations, abduction of offshore workers, unauthorised boarding and unlawful detention of offshore workers are among the most common scenarios of offshore attacks and interferences. Most of these attacks were carried out by the perpetrators using small vessels such as high-speed boats and RHIBs, as well as vessels that look similar to fishing vessels and offshore supply vessels to reach offshore installations. The use of explosives to attack offshore installations and threats of attacks, including bomb threats, are also relatively common methods of offshore attacks. Less common attack scenarios include underwater attacks, suicide attacks using explosive-laden boats and sabotage by industry insiders. There have been several simultaneous or near-simultaneous attacks and unlawful interferences involving offshore installations including the 8 December 1981 bomb threats in Norway and the UK, the 19 April 2003 takeover of three offshore installations in Nigeria, the 24 April 2004 attacks on ABOT and KAAOT in Iraq and the 27 May 2014 environmental protests in Norway and the Netherlands. Only a few cyber attacks against offshore installations have been reported so far, but it can be expected that they will increase in the coming years. 3.7 What is the legal status of offshore oil and gas installations? From a legal perspective, the legal status of offshore installations is a crucial factor because it affects the jurisdiction that states exercise over offshore installations, their rights and responsibilities pertaining to offshore installations, as well as rights and responsibilities of other users of the sea (e.g. foreign-flagged commercial ships). For example, under the LOSC, if an offshore installation is considered to be a ‘ship’, it would be under the exclusive jurisdiction of the flag state, but if it is considered to be an ‘installation’, it would be under the exclusive jurisdiction of the coastal state. The legal status of an offshore installation at any given time determines which international rules and legal principles apply to and/or govern that offshore 388

CONCLUSION

installation at that particular time or generally (e.g. the requirement to comply with the ISPS Code, the right to establish a safety zone or the application of the law of piracy). The analysis in that chapter was framed around two key issues: whether offshore installations can be regarded as ‘ships’ or as ‘ports’ from a legal point of view and in what circumstances. In relation to the first issue, it was found that there is no uniform approach to the legal treatment of offshore installations as ships. Offshore installations may be regarded as ships in certain circumstances depending on the nature and purpose of the convention or domestic law. Fixed offshore installations are generally not regarded as ships, but mobile offshore installations are regarded as ships in several international conventions. Some international conventions appear to place offshore installations into a separate category of their own. It was also noted that another common approach to the legal status of offshore oil and gas installations is to treat mobile offshore installations as ships for legal purposes when they are in transit from one location to another and to treat them as offshore installations when they are on location engaged in offshore operations. This approach is referred to as the ‘dual status approach’, which seems to be the most practical approach. The ‘dual status approach’ has been adopted by the IMO and in some international conventions. Concerning the legal status and treatment of offshore installations as ports, the analysis of international conventions and national legislation suggests that a coastal state can designate any place under its jurisdiction (including an offshore installation) as an offshore port. It is not uncommon for coastal states to designate offshore installations from which petroleum is directly exported as offshore ports. From a legal perspective, this should have the effect of bringing these offshore installations within the scope of and making them subject to the mandatory security requirements of the ISPS Code, which would mean that tankers calling at such offshore ports and other vessels interacting with such offshore installations will be required to comply with the relevant security measures and procedures applicable to ships entering ISPS Code-regulated port facilities. Importantly, the legal status of offshore installations as ports does not change the legal status of waters in which such offshore installations are located. 3.8 How is offshore installations security regulated at the international level? The question of how the security of offshore petroleum installations is regulated at the international level was addressed in Chapters 6 and 7. The chapters examined key international legal instruments pertaining to the security and protection of offshore installations including the LOSC, the 1988 SUA Convention, the 1988 SUA Protocol, the Hostages Convention, the UNTOC, the SOLAS Convention, the ISPS Code, the SID Convention, the 2005 SUA Convention, the 2005 SUA Protocol, the UN Charter. All of these international legal instruments have already entered into force. The principles of customary international law relating to offshore installations security and other regulatory initiatives of the IMO, ILO, UN and CMI were also examined. The international regulatory framework for the protection and security of offshore installations consists of three main components/parts: 389

CONCLUSION

a) b) c)

the ‘information acquisition/situational awareness’ framework; the ‘protection/prevention’ framework; and the ‘response/penal’ framework.

3.8.1 The information acquisition/situational awareness framework The ‘information acquisition/situational awareness’ framework is based on parts of the SOLAS Convention and the ISPS Code, as well as parts of the LOSC. The information acquisition framework places certain reporting requirements on ships and provides coastal states and oil companies with the ability to receive certain security-related information and, based on that information, make decisions pertaining to the security of offshore installations. This includes the AIS and LRIT ship identification and tracking systems, the requirement for ships to provide information about crew, cargo, passengers, location, movement, ports of call, the requirement to have a security alert system and other requirements for communication between ships, companies, port facilities and coastal state authorities. It also provides coastal states and offshore installation operators with general situational awareness of maritime traffic and other activities in the vicinity of offshore installations and an opportunity to take certain pre-emptive measures to deter an attack, if necessary. For example, under the LOSC, the coastal state may adopt laws and regulations relating to innocent passage through the territorial sea which can include situational awareness measures such as a requirement for ships, when passing in the vicinity of an offshore installation, to respond to any attempts by offshore installation personnel to establish radio communication with the ship. Foreign ships are required to comply with such regulations of the coastal state in the territorial sea. In that regard, those provisions of the LOSC can be considered to be part of the information acquisition/situational awareness framework. The information acquisition/situational awareness measures in the SOLAS Convention and the ISPS Code are primarily concerned with the security of international shipping and they do not apply to the vast majority of offshore installations, except self-propelled MODUs engaged on international voyages. The IMO Resolution A.671(16), which deals with safety zones, encourages ships to allow for radio communication to be established with offshore installations when they pass in their vicinity. IMO Non-SOLAS Security Guidelines have provisions on maintaining security awareness and reporting suspicious activity. IMO National Maritime Security Legislation Guidelines also address security-related communication and reporting requirements. Even though these IMO security initiatives are non-binding, they nevertheless contribute indirectly to the protection of offshore installations. 3.8.2 The protection/prevention framework The ‘protection/prevention’ framework deals with the security measures available to coastal states and oil companies for the purposes of protecting offshore installations and deterring attacks and interferences with offshore installations. This framework consists of the LOSC, Chapter XI-2 of the SOLAS Convention, the ISPS Code, the SID Convention, the UN Charter and the rules of customary international law. 390

CONCLUSION

The LOSC is the principal international convention that addresses the protection of offshore oil and gas installations. It regulates rights, responsibilities and jurisdiction of states over offshore installations and contains a number of provisions pertaining to the security of offshore installations. The LOSC confers different rights and powers on states and users of the sea in different maritime zones of jurisdiction established under the LOSC. Therefore, the rights and powers of coastal states with regard to the security and protection of offshore installations vary depending on the maritime zone in which the installation in question is located. In the territorial sea the coastal state can establish safety zones or exclusion zones around offshore installations of any breadth it deems necessary as long as these safety zones do not hamper the innocent passage of ships through the territorial sea. The coastal state can prevent passage that is not innocent and require the delinquent ship to leave the territorial sea including resorting to use of force as a form of maritime enforcement activity. As a measure to protect offshore installations, the coastal state can designate or prescribe sea lanes and traffic separation schemes and require foreign ships exercising the right of innocent passage through its territorial sea to use them. Furthermore, the LOSC allows coastal states to suspend innocent passage of ships in the vicinity of offshore installations in their territorial sea. Similar coastal state rights and obligations apply in the archipelagic waters. Outside of the territorial sea and the archipelagic waters the rights and powers of coastal states relating to the protection of offshore installations is much more limited. In the EEZ and on the continental shelf, the principal protection measure for offshore installations available to coastal states under the LOSC is the right to establish 500-metre safety zones around offshore installations and in those safety zones take measures necessary for their protection. The LOSC does not specify the nature or scope of the protection measures that a coastal state can implement within safety zones, but in any case, the 500-metre limit of safety zones around offshore installations is considered too small to provide adequate protection or sufficient lead time for security forces to respond and deter an attack or even for offshore installation operators to initiate emergency response procedures. The IMO Resolution A.671(16) also deals with safety zones and establishes certain protocols and requirements aimed at protecting offshore installations. A proposal by some states to extend the limit of safety zones around offshore installations in the EEZ and on the continental shelf has been considered by the IMO, but it was decided that such extension is not warranted. No other maximum distance has been agreed by the international community nor has the IMO made any official recommendations in this regard. In addition, coastal states may be able to utilise IMO ships’ routeing measures to regulate maritime traffic in the vicinity of some of their offshore installations in the context of safety and security. Under the LOSC, states can interdict ships suspected of committing acts of piracy against offshore installations and arrest persons on board, but the application of the law of piracy to offshore installations is very limited. An act of piracy can only be committed against a mobile offshore installation that is in transit. Besides piracy, the coastal state’s enforcement powers against foreign ships involved in attacks on and unlawful interferences with offshore installations are limited. These legal 391

CONCLUSION

limitations create many practical challenges for coastal states relating to the protection of these important offshore structures. Chapter XI-2 of the SOLAS Convention sets out security requirements for companies, ships, port facilities and government agencies, and the ISPS Code established a risk management/assessment framework for ships, ports and certain offshore installations that requires operators of ships and port facilities to carry out SRAs and implement security arrangements and procedures. The ISPS Code framework practically covers all types of offshore security threats and encourages operators to consider different types of attack scenarios and vulnerabilities of potential targets and potential consequences of attacks. It also allows coastal state authorities and oil companies to assess security threats and risks posed to offshore installations and determine appropriate action to mitigate the risks. In effect, the ISPS Code and Chapter XI-2 of the SOLAS Convention promote security awareness and preparedness among the relevant participants. However, the scope of application of the ISPS Code and the SOLAS Convention security requirements to offshore installations is very limited. They apply only to self-propelled MODUs engaged on international voyages while all other offshore installations are not covered. The onus is on coastal states to develop national security arrangements and frameworks for offshore installations. However, this approach does not promote uniformity in regulation of the security of offshore installations and some coastal states may be unable (or unwilling), for various reasons, to develop national security frameworks for offshore installations. The IMO has developed the National Maritime Security Legislation Guidelines, which to some extent address this issue and aim to help states develop maritime security legislation. To make offshore installations from which oil is offloaded directly to tankers and exported subject to mandatory security requirements of the ISPS Code or equivalent national legislation applicable to port facilities, coastal states can designate such offshore installations as offshore ports. Another major limitation of the SOLAS Convention and the ISPS Code security framework is that it only applies to large ships and smaller vessels are not covered by this framework. The IMO addressed this gap by developing the Non-SOLAS Security Guidelines, but these guidelines are voluntary and just like the ISPS Code and the SOLAS Convention they do not specifically address the security of offshore installations. These guidelines are nevertheless useful for reducing the risk posed to offshore installations by small vessels because lax security arrangements of ships can compromise the security of offshore installations. The SID Convention addresses security aspects of seafarer identity documents. The SID Convention has created a uniform international standard for SIDs and regulates, from a security perspective, the issuance and verification process for SIDs. The aim of the SID Convention is to make it more difficult for potential adversaries to infiltrate the maritime workforce by posing as legitimate seafarers. The SID Convention does not directly apply to offshore installation crew and other offshore industry personnel, but it contributes to the protection of offshore installations by reducing the chances of a ship being hijacked and used as a weapon or means of transport to carry out an attack on an offshore installation. 392

CONCLUSION

The right of self-defence in Article 51 of the UN Charter can also be used by coastal states to protect offshore installations from imminent armed attacks on the coastal state’s jurisdiction, provided the requirements for exercising anticipatory selfdefence are satisfied. The IMO security initiatives such as the IMO Non-SOLAS Security Guidelines, IMO National Maritime Security Legislation Guidelines and the IMO Recommendations for Security Training, as well as the rules of customary international law relating to maritime enforcement, use of force, and self-defence also apply to the protection of offshore installations and are part of the protection/ prevention framework. 3.8.3 The response/penal framework The ‘response/penal framework’ consists of the LOSC, the SUA framework, the Hostages Convention, the UNTOC, the UN Charter and customary international law. Under the LOSC, in the territorial sea, the coastal state can prevent the passage of ships that is non-innocent and can exercise criminal jurisdiction on board foreign ships involved in unlawful interferences with offshore installations and have power to arrest persons on board and prosecute them. In the EEZ and on the continental shelf the extent of the coastal state’s jurisdiction and enforcement powers for interdicting foreign ships involved in attacks on offshore installations and arresting persons on board is not very clear. The LOSC does not expressly address enforcement powers of coastal states with regard to offshore installations in the EEZ and on the continental shelf. Enforcement powers of coastal states seem to be restricted by the long-standing principle of freedom of navigation and exclusive flag state jurisdiction of its ships, which are well protected in the LOSC. The coastal state also has the right of hot pursuit, which can be commenced when the foreign ship is located in any of the maritime zones of jurisdiction except the high seas where it has good reason to believe that the ship has violated its laws and regulations. Concerning security threats faced by offshore installations, the LOSC deals only with piracy and allows all states to take action against pirate ships, arrest persons suspected of piracy and punish the perpetrators. However, international piracy rules have little application to offshore installations. The integral part of the penal framework is the SUA framework, which specifically deals with punishment of unlawful violent acts committed against offshore installations and is aimed at ensuring that perpetrators of such acts are brought to justice. The SUA framework applies to fixed offshore installations on location and mobile offshore installations that are ‘navigating or scheduled to navigate’, but not necessarily to mobile offshore installations operating on location. The SUA framework can be used to deal with all types of offshore security threats examined in Chapter 3 because motivation of the perpetrators is irrelevant for the purposes of the SUA Treaties, and this framework can be used to respond to practically all offshore attack scenarios identified in Chapter 4 because they would be considered offences under the SUA Treaties. The 2005 SUA amendments have created a number of new offences and expanded the scope of the SUA framework, but the focus of the amendments was not on offshore installations. In any case, to be effective the SUA framework requires collective implementation by states. Wide international acceptance and enforcement 393

CONCLUSION

of the SUA Treaties should mean that persons who commit violent acts that constitute an offence under these conventions will have little chance of escaping prosecution. The SUA security framework has some limitations, particularly those relating to the enforcement action the coastal state can take. The SUA framework does not grant any additional powers, other than those that exist under the LOSC and customary international law, to states to interdict delinquent foreign ships involved in attacks on or interferences with offshore installations, board them and arrest the perpetrators. The Hostages Convention and the UNTOC, although not maritime-specific, can also be considered to be part of the penal framework for offshore installations (which is to some extent similar to the SUA framework) where attacks and/or unlawful interferences involve hostage-taking or organised criminal groups. The coastal state can also rely on the right of self-defence in Article 51 of the UN Charter to respond to and punish attacks committed against its offshore installations. Other non-binding international maritime security initiatives that are considered to be part of the response/penal framework include the CMI Draft Guidelines on maritime violent acts and the IMO National Maritime Security Legislation Guidelines, which are aimed at assisting states in developing national maritime security legislation including making the breaches punishable under national law. The rules of customary international law relating to maritime enforcement, use of force and self-defence are also relevant and can be considered to be part of the response/penal framework. Although some positive steps have been taken to enhance maritime and offshore petroleum security, there are still a number of gaps and limitations in the current international regulatory framework. The responsibility for developing and implementing national regulatory frameworks for the security and protection of offshore installations is not explicitly addressed in the LOSC or other international conventions, except the SUA Treaties which require criminalisation of violent unlawful acts against offshore installations. The international law does not oblige

Table 9.1 International legal framework for offshore installations security International legal instrument

Information acquisition/ Protection/ Situational awareness Prevention

Response/ Punishment

LOSC SOLAS Convention ISPS Code SID Convention 1988 SUA Convention 1988 SUA Protocol 2005 SUA Convention 2005 SUA Protocol Hostages Convention UNTOC UN Charter

3 3 3 – – – – – – – –

3 – – – 3 3 3 3 3 3 3

3 3 3 3 – – – – – – 3

Source: Author

394

CONCLUSION

coastal states to establish security frameworks for their domestic offshore petroleum industries. Implementation of national security frameworks for offshore installations appears to have been left to the discretion of coastal states and no guidance has been provided to coastal states at the international level for developing national regulatory frameworks for the security of offshore installations. 3.9 How has the industry responded to offshore installations security? Responses of the international oil industry to enhance the security of offshore installations were discussed in Chapter 8. The petroleum industry has always been risk-averse and security is always among the top priorities for oil companies and installations in high-risk areas, but now security is becoming a standard component of the management systems and processes of oil companies and their offshore installations worldwide. Spending on security has generally increased across the industry and oil companies seem to be willing to devote more resources to protect their assets and operations. Industry representative bodies and standardisation organisations have developed international and industry standards, guidelines and recommended practices aimed at enhancing the security arrangements of the petroleum infrastructure including offshore oil and gas installations. The level of protection and security awareness and preparedness can vary across the offshore industry even in the same region or country of operation, but security arrangements of offshore installations have generally improved in recent years. The protection of offshore oil and gas installations entails a combination of procedural, physical, personnel, technical and stakeholder security controls, which oil companies and offshore installation operators can implement. A risk-based security approach allows oil companies to prioritise their security needs and allocate security resources accordingly. Offshore installation operators need to regularly assess the existing security controls of their offshore installations to determine whether the level of the residual risk is acceptable. Oil companies with international operations have generally tailored their international security controls and practices to meet the national requirements of a host state, taking into account specific local and regional security factors. However, some important issues remain unclear or unresolved such as the division of responsibilities between government and industry for the security of offshore installations and sharing of costs and financial burden relating to their protection. 4 How can the security of offshore installations be improved? The analysis has shown that there is scope for improvement in the international regulatory framework for the protection and security of offshore installations. To address limitations and gaps in the regulatory framework, several general and specific proposals for reform aimed at improving the security of offshore installations are outlined in this section. The security of the offshore industry can also be enhanced through better understanding of complex offshore petroleum security issues and further research and analysis. 395

CONCLUSION

4.1 Considerations for reform It is unlikely that any major changes will be made to the international regulatory framework for the protection of offshore installations in the near future, unless a significant incident involving an offshore installation takes place. However, at some point in the future, the international community may decide to reform the international regulatory framework. In that regard, several proposals for reform are suggested. Several amendments could be considered to the LOSC specifically pertaining to the protection of offshore installations. For example, any future amendments to the LOSC could extend the maximum permitted breadth of safety zones around offshore installations in the EEZ, on the continental shelf and on the high seas to more than 500 metres. It would also be helpful if the jurisdiction of coastal states as well as the nature of protective measures that they can take within the safety zones around offshore installations were clarified in future amendments to the LOSC. Furthermore, the enforcement jurisdiction and the nature of enforcement powers of coastal states against foreign ships involved in interferences or attacks against offshore installations in the EEZ and on the continental shelf, as well as jurisdiction of states over offshore installations, on board offshore installations and within safety zones around offshore installations located on the high seas and on the seabed beyond national jurisdiction, should also be clarified in future amendments to the LOSC. The LOSC should also explicitly require coastal states to develop national regulatory frameworks and security arrangements for offshore installations operating under their jurisdiction; and an international requirement be introduced for offshore petroleum installations to be fitted with AIS transponders and radar equipment, which would allow operators of offshore installations to monitor and track ships navigating in their vicinity thereby increasing their situational awareness. The definition of piracy in the LOSC may need to be amended to make it clear that an act of piracy may be committed against an offshore oil and gas installation. In particular, paragraph (a)(i) of Article 101 should read: ‘on the high seas, against another ship or aircraft or artificial island, installation and structure, or against persons or property on board such ship or aircraft or artificial island, installation and structure’. This would eliminate any ambiguity relating to the application of the law of piracy to offshore installations. It should be clarified in future amendments to the 2005 SUA Convention whether the provisions of the 2005 SUA Convention apply to mobile offshore installations that are engaged in offshore operations on location and are not navigating or scheduled to navigate and to fixed offshore installations under tow from a place of construction to an offshore installation. The scope of the 2005 SUA Protocol may be expanded to cover offences committed against offshore installations in the archipelagic waters of an archipelagic state. There is also a need to include the 2005 SUA Protocol in the annex to the 2005 SUA Convention, which would make it an offence under the 2005 SUA Convention to knowingly transport a person who commits an offence under the 2005 SUA Protocol and intends to assist that person to evade criminal prosecution. To address the threat of internal sabotage posed to offshore installations and reduce the chances of infiltration of the offshore oil and gas industry workforce by 396

CONCLUSION

adversaries, the adoption of the international standard for the security of identity documents for offshore installation workers and offshore industry participants should be considered. This could be in the form of an international legal instrument similar to the SID Convention. Alternatively, states should implement identity document frameworks for maritime and offshore oil and gas industry participants at the national level. Considering the importance of the offshore petroleum industry to the global economy, it might be appropriate to develop and adopt, at the international level, security requirements similar to the ISPS Code, but specifically tailored to offshore installations security and applicable to all types of offshore installations including those operating on location. This will ensure a more consistent international industrywide approach to security including the use of consistent methodologies for conducting SRAs and SRM. Greater uniformity in the approaches to the security and protection measures through the adoption and use of international and industrywide standards would, in the long run, promote compatibility, lead to greater efficiency and reduction of security-related costs. The industry, where possible in collaboration with relevant competent international organisations, should continue developing and promoting security best practices, guidelines and standards for offshore oil and gas installations and ensure that they are regularly reviewed and updated. 4.2 Suggestions for further research The existing body of knowledge would benefit from further research into certain aspects of offshore oil and gas installations security. The history of attacks on offshore installations is one of the key areas that require further research, particularly the periods from 1900 to 1975 and from 1990 to 1995. The dataset of attacks and unlawful interferences with offshore installations in the Appendix provides a sufficient basis for the analysis of patterns of attacks to predict possible future actions, but it does not include all offshore attacks and security incidents. Further research and additional data on past offshore attacks and interferences will provide an opportunity for better analysis and understanding of threats, their motivations, capabilities, tactics and methods of attacks, and it may provide new insights into the perpetrators’ target selection considerations to assist security analysts, policy makers, company personnel responsible for security in developing and implementing measures for the protection of offshore installations. A more in-depth regional analysis of the offshore security environment and offshore security threats is another area that will benefit from further research. The issue of misreporting and underreporting of attacks on offshore oil and gas targets may be addressed to some extent by establishing an international system or facility for reporting and record-keeping of data on offshore attacks and unlawful interferences. This information can be used in the development and application of security safeguards and emergency response measures for offshore oil and gas installations. The legal status of offshore oil and gas installations in international law and state practice remains somewhat uncertain. There appears to be no uniform approach. Further research into the legal treatment of offshore installations such as ships, ports 397

CONCLUSION

and installations in national legislation of states and judicial approaches to this issue would be helpful to have a better understanding of the prevailing state practice and common characteristics attributable to ships, ports and offshore installations. State practice of establishing safety zones larger than 500 metres around offshore installations located out of the territorial sea and restricting navigational rights in such safety, security, exclusion or restricted zones requires further research and analysis. Clearly, such state practice in the EEZ is in contravention with the LOSC, but it seems to be reasonable in today’s maritime security environment, particularly in the high-risk countries or areas. The key point of this analysis would be to determine whether state practice of establishing safety zones larger than 500 metres is common enough to amount to customary international law. Another suggested area for further research is a comparative analysis of national regulatory frameworks for offshore installations security of different states including administrative arrangements as well as the government–industry interaction and cooperation to identify best practices from the current and previous experiences of different states. Security cost sharing between government and industry participants is an area of interest and will be benefit from further research and a more detailed analysis. 5 Concluding remarks Security challenges relating to offshore oil and gas exploration and production will remain in the years to come and the security of offshore installations is likely to remain an area of significant concern for states and oil companies in the foreseeable future. Given the changing global security environment, offshore security threats can evolve and new security threats can emerge. Adversaries with an interest in attacking offshore petroleum installations will continue to seek new ways to exploit vulnerabilities of offshore oil and gas targets and will try to develop new methods and tactics of attacks with a view to maximising the chances of their attacks succeeding. These issues should be appreciated and taken into account by policy makers, regulators, law enforcement and security agencies with responsibilities relating to offshore installations, as well as company personnel with security-related responsibilities. Significant steps have already been taken to enhance the security of offshore oil and gas installations. However, further efforts may be required at all levels. At the international level, the work of relevant competent international organisations that directly or indirectly contributes to the security of offshore installations should be welcomed. It is also important to have a robust international regulatory framework because it provides the basis for states for implementing appropriate regulatory security measures at the national level. The current international regulatory framework will benefit from reforms. There is also a need to continue raising the awareness and understanding of various security issues that arise in the offshore petroleum industry and promote the security culture across the industry. At the regional level states are engaged in regional capacity-building and cooperative initiatives such as information and intelligence sharing, joint security exercises and maritime enforcement activities, as well as mutual assistance in cases 398

CONCLUSION

of emergency and post-impact recovery situations. At the national level, states should ratify and implement international legal instruments on maritime security, develop national regulatory frameworks for offshore oil and gas installations security and ensure that relevant government agencies have sufficient capabilities to prevent and respond to serious security incidents involving offshore installations, and if necessary, apprehend and punish the perpetrators, and promote better inter-agency coordination. At the company/agency level, appropriate communication and reporting channels should be established between offshore industry participants and relevant government agencies, relevant oil company and government personnel should have appropriate knowledge, skills and training to perform duties relating to security of offshore installations. Oil companies should undertake regular risk assessments, adopt industry standards and best practices relating to the security of offshore installations and integrate them into their operations. There is also a need for government agencies and oil companies to prioritise and focus security resources on offshore installations that are considered to be more likely attacked and installations that are likely to cause the most significant consequences if attacked. To avoid complacency, perhaps the benchmark should be a presumption that any offshore installation can be attacked anywhere and any time. In any case, the industry and governments will have to adapt their security policies and practices to the ever-changing global security environment, and they will need to continue to work together with the aim of continuous improvement of the security arrangements of offshore oil and gas installations at all levels while maintaining appropriate and justifiable levels of protection, regulatory burdens and security spending. In this ‘cat and mouse game’ of offshore petroleum security, the ‘continuous improvement’ approach seems to be the only way to stay ahead of the adversaries. Oil and gas companies will continue to be faced with increasing security challenges in all parts of the world and will have to adapt to the changing global security, geopolitical and social environment by continuously improving their security in all respects in a costeffective, but socially responsible manner. In the context of the increasing global security challenges facing oil and gas companies, governments and people who live near areas where offshore petroleum activities take place as well as the need for security excellence across the global offshore oil and gas industry, it is fitting to conclude this book with a quote: The world is moving so fast these days that the man who says it can’t be done is generally interrupted by someone doing it. (Elbert Hubbard)3

3 American writer, publisher, lecturer, artist and philosopher (19 June 1856–7 May 1915).

399

AFTERWORD

At the outset of his monumental work, Dr Mikhail Kashubsky advises that ‘[t]he main reason for writing this book was to fill a specific gap in the literature and provide a useful resource for anyone interested in security issues, pertaining to offshore petroleum installations’. At the conclusion of his decade-long journey of research, analysis and writing on the subject, now embodied in this book, any jury of his peers must conclude, beyond any doubt, that the mission has been accomplished. Offshore Oil and Gas Installations Security: An International Perspective is a lesson reminding us of the intellectual value of going broad and deep on a single subject. Dr Kashubsky’s achievement consists in synthesising an instructive primer on offshore operations with a sophisticated assessment of existing threats, coupled with an examination of the legal and regulatory frameworks available – pre and post 9/11 – to confront them. It is an encyclopaedic work, including a fulsome compendium of notes and sources, that combines historical facts – including gems such as the Montecito Mob in Santa Barbara – with a projection of future industry needs that sets a robust research agenda going forward. The book is an impressive admixture of thoroughly practical, operational facts, and a disciplined academic framework, that is both analytic and prescriptive, to make sense of them. Globalisation connotes the massive 7/24/365, mostly continuous, often instantaneous, flow of people, goods, capital, labour, ideas, images and digital messages that characterises the modern era. This intense activity is predicated on energy and, for the foreseeable future, therefore dependent on hydrocarbons, including the offshore installations on which Kashubsky focuses his considerable effort. It follows that the underworld of globalisation driven by transnational criminal organisations, including terrorists – from Daesh in Iraq and Syria to the Zetas in Tamaulipas and Nigerian insurgents based in Guoza – will continue to prey on oil and gas as reliable revenue streams. For this reason, the answers Mikhail Kashubsky proffers to the ten questions he posed as the guiding blueprint for his book will retain critical relevance to the industry in the years ahead.

400

AFTERWORD

Mikhail concludes his book with an apt quotation from American writer and publisher Elbert Hubbard, best known for his Message to Garcia, an 1899 paean to dependability, hard work and integrity. This book is Kashubsky’s message and it shall stand the test of time in understanding and protecting offshore energy installations. I add my congratulations, professional and personal, to Dr Kashubsky for his distinguished contribution. Dr Alan D. Bersin Washington, DC December 2015

401

This page intentionally left blank

APPENDIX

Attacks, unlawful interferences and security incidents involving offshore oil and gas installations: offshore installations attack dataset (OIAD)1

1 The OIAD is based on the chronology published by the author in Perspectives on Terrorism in 2011. See also discussion in Chapter 1 on data used to compile this dataset.

403

404

UK

25 Aug 1975

Unknown (anonymous caller)

Bomb threat (underwater explosives)

3 platforms evacuated Production shutdown for 2 days Search operation conducted No bombs were found Financial expenditure

Physical attack Destruction of (vandalism) installation Interference with operations

Tactics/Scenario Impacts/Effects

Philips Petroleum Company in Yarmouth received three anonymous telephone calls advising that underwater charges with delayedaction fuses had been attached to the legs of offshore production platforms in the Hewett field, some 20 miles to the east off the Norfolk coast. Three platforms were evacuated immediately.5 A British Navy vessel, helicopters, and an expert diving team were dispatched. Two days later, it was concluded that the threat was a hoax, and normal production operations were resumed. The incident reportedly cost the British taxpayers about US$500,000.6

When an oil company began to construct an oil derrick off the shores of Montecito, a suburb of Santa Barbara, California, a local mob took direct action. They attacked the rig and demolished it.2 The next day these activists were described approvingly on the front page of the local newspaper as ‘a party of the best known society men of Santa Barbara armed to meet any resistance’.3 The local ‘society men’ responsible for the attack did not suffer any noteworthy legal repercussions for their actions, despite having been so well known.4 The incident became known as the ‘Montecito Mob’.

Details of attack/incident

2 Robert Gramling and William Freudenburg, ‘Attitudes Toward Offshore Oil Development: A Summary of Current Evidence’ (2006) 49(7) Ocean & Coastal Management 442, 442–43; Harvey Molotch, William Freudenburg and Krista Paulsen, ‘History Repeats Itself, But How? City Character, Urban Tradition, and the Accomplishment of Place’ (2000) 65(6) American Sociological Review 791, 804. 3 Santa Barbara Morning Press (Santa Barbara, 3 August 1899), 1, quoted in Molotch, Freudenburg and Paulsen (n 2) 804. 4 Gramling and Freudenburg (n 2) 442–43. 5 Jan Breemer, ‘Offshore Energy Terrorism: Perspectives on a Problem’ (1983) 6 Terrorism 455, 455. 6 Ibid.

Offshore production platforms

Offshore oil derrick

US

2 Aug 1899

Local residents

Type of facility Perpetrators

Location

Date

405

US

25 Jul 1981

Offshore drilling platform

Offshore drilling complex

Threat of attack (standoff weapons)

Environment Unauthorised al activists boarding (Greenpeace) (attempted)

Insurgents

Attracted media attention Minor interference with operations

Unknown

Greenpeace vessel Rainbow Warrior carried out a protest at the Zapata Saratoga offshore oil rig operated by Shell about 170 nautical miles off the coast of Massachusetts, to protest against oil drilling on Georges Bank off Cape Cod. At the time, Shell was holding a media tour on the platform, to demonstrate their awareness of local environmental concerns.9 Greenpeace activists attempted to board the platform during a Shell news conference on the rig, but Shell denied the group access to the drilling rig.10 Greenpeace officials sought to explain their fear that the drilling (which had been delayed for six years) would result in oil spills, endangering the nearby Georges Bank, home for much of the world’s supply of cod, haddock and food fish.11

A guerrilla movement/insurgency group, the FLEC, said that it planned to blow up the offshore drilling complex of the Gulf Oil Company in the Cabinda enclave of Angola, and warned the company to evacuate its 200 British and American workers within three days. A FLEC spokesperson said the warning must be taken seriously because they had acquired ground-to-ground missiles.7 FLEC said they were opposed to the company because its operations were providing the ruling pro-Marxist Angolan Popular Liberation Movement (APLM) US$2 million a day in oil revenue.8

7 Brian Jenkins et al., ‘A Chronology of Terrorist Attacks and Other Criminal Actions Against Maritime Targets’ (RAND Paper Series, RAND Corporation, September 1983) 15. 8 Ibid. 16; Brian Jenkins, ‘Potential Threats to Offshore Platforms’ (RAND Corporation, January 1988) 3. 9 Michael Jacobs and Thomas Watts-Fitzgerald, ‘Protection of Offshore Assets of the United States from Terrorist Activity’ (1984) 16(4) Natural Resources Lawyer 569, 575, fn 25. 10 Jenkins et al., ‘A Chronology of Terrorist Attacks’ (n 7) 20. 11 Ibid.

Angola

16 May 1977

406

US

US

Norway

1 Oct 1981

Oct 1981

8 Dec 1981

Offshore platform

Offshore platform and attending vessel

Offshore platforms

Unknown

Unknown

Unknown

Type of facility Perpetrators

Bomb threat

Bomb threat

Bomb threat Extortion

Search operation conducted No bombs were found

Search operation conducted

Search operation conducted

Tactics/Scenario Impacts/Effects

Norwegian (and British) authorities were put on alert following a warning that Palestinian terrorists planned to blow up an offshore platform in the North Sea. Reportedly, the anonymous caller specifically warned that an offshore installation would be blown up.14 Operators of all offshore oil and gas platforms on the Norwegian continental shelf were instructed to search their installations for bombs, but there were no evacuations, and no bombs were found.15 (See next entry/incident below.)

An anonymous caller said that a bomb had been placed on one of several attending vessels at Habitat Texaco platform located 9 nautical miles offshore, southeast of Santa Barbara, California, but no bomb was found after platform and vessel searches.13

Sun Oil Company and Union Oil Company were subject of bomb threats and extortion attempts relating to offshore platforms off the coast of Santa Barbara, California, but no bombs were found in any of the cases, nor any extortion payments made.12

Details of attack/incident

12 CSS, ETH Zurich, Energy Infrastructure Attack Database (EIAD) (2012) [data file] www.css.ethz.ch/research/research_projects/index/EIAD accessed 1 December 2014; Gail Bass and Brian Jenkins, ‘Actions Against Nonnuclear Energy Facilities September 1981–September 1982’ (A RAND Note, RAND Corporation, April 1983) 11. 13 Jenkins et al., ‘A Chronology of Terrorist Attacks’ (n 7) 21. 14 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 8) 3; Bass and Jenkins (n 12) 16. 15 Ibid.

Location

Date

407

Iran

Mar 1983

Offshore production platform

Offshore oil terminal

Offshore platform

Unidentified adversaries (believed to be insurgents)

Hostile state (Iraqi military)

Hostile state (Iranian military)

Unknown

Search operation conducted No bombs were found

British (and Norwegian) authorities were put on alert following a warning that Palestinian terrorists planned to blow up an offshore platform in the North Sea. Reportedly, the anonymous caller specifically warned that an offshore installation would be blown up.16 Operators of all offshore oil and gas platforms on the British continental shelf were instructed to search their installations for bombs, but there were no evacuations, and no bombs were found.17 (See previous entry/incident above.)

Detonation of explosives

Damage to the installation Disruption of oil supplies/ exports

Military attack Destruction of (air strike) installation and fire Significant environmental harm

Reportedly, explosives were detonated at offshore oil loading installation/terminal at Puerto Sandino causing damage to the terminal and disruption of oil exports from this installation.21

Iraqi planes attacked the Iranian offshore platform at the Nowruz oil field; the damaged platform collapsed, and the oil slick caught fire.19 The platform burned and spilled oil at an initial rate of about 5,000 bpd, which later slowed to about 1,500 bpd until the well was capped in May 1985 resulting in over 700,000 barrels of oil spilled into the sea.20

Military attack Significant According to Iranian news officials, Iranian planes (air strike) damage caused carried out a rocket attack on the Iraq’s Khor AlUmayyah offshore oil terminal, inflicting heavy damage.18

Bomb threat

16 Ibid. 17 Ibid. 18 Bass and Jenkins (n 12) 28. 19 US Gulf Task Force, Environmental Crisis in the Gulf: The US Response (6 November 1992), cited in Alicia Watts-Hosmer, Colby Stanton, and Julie Beane, ‘Intent to Spill: Environmental Effects of Oil Spills Caused by War, Terrorism, Vandalism, and Theft’ (Paper presented at 1997 International Oil Spill Conference, Fort Lauderdale, US, 7–10 April 1997) 157, 158; Larry West, ‘The 10 Worst Oil Spills in History: The World’s Worst Oil Spills by Amount of Oil Released Into the Environment’ About News http://environment.about.com/od/environmentalevents/tp/worst-oil-spills.htm accessed 1 December 2015. 20 NOAA, ‘Nowruz Oil Field’ Incident News http://incidentnews.noaa.gov/incident/6262 accessed 1 December 2015. 21 START, Global Terrorism Database (2013) [Data file] www.start.umd.edu/gtd accessed 6 February 2015.

Nicaragua Offshore oil offloading installation

Iraq

4 Sep 1982

Oct 1983

UK

8 Dec 1981

408

Australia

Iran

16 Aug 1986

19 Oct 1987

Offshore production platforms

Offshore production platform

Hostile state (US Navy)

Labour dispute (offshore workers)

Type of facility Perpetrators

Navy attack (using warships and detonation of explosives)

Takeover and occupation of platform

Almost complete destruction of facility Another facility severely damaged

Production shut down

Tactics/Scenario Impacts/Effects

The US Navy attacked the Iranian R-7 and R-4 oil platforms in Reshadat offshore complex blaming Iran for a missile strike on the USflagged Kuwaiti oil tanker Sea Isle City three days earlier.26 The US Navy destroyers opened fire on R-4 and R-7 platforms and detonated explosives on R-7.27 As a result, R-7 platform was almost entirely destroyed and R-4 was severely damaged. Reportedly, the attacks also caused damage to the nearby Resalat offshore complex, connected to Reshadat via subsea pipelines.28 Production from the Reshadat and Resalat complexes was halted for several years.29

A group of more than 300 offshore workers took over control of North Rankin A offshore production platform in Western Australia in a labour dispute.22 The striking workers shut down production and occupied the platform for three days. They prevented company helicopters and police from landing on the platform.23 The incident began making news overseas and led to a complaint by Japanese investors.24 The protest ended when the workers were threatened with heavy fines (of up to $10,000 per day each).25

Details of attack/incident

22 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 8) 4. 23 Andrew Burrell, ‘Oil Rig “Hijack” Propelled Firebrand to Militant Heights’ (The Australian, 23 November 2012) www.theaustralian.com.au /news/investigations/oil-rig-hijack-propelled-firebrand-to-militant-heights/story-fng5kxvh-1226522345452# accessed 1 June 2014. 24 Ibid. 25 Jenkins, ‘Potential Threats to Offshore Platforms’ (n 8). See also Michael Smith, ‘August 1986 - Bruce Wilson Made Headlines Occupying Woodside’s North Rankin Offshore Gas Platform’ (Michael Smith News, 6 January 2014) www.michaelsmithnews.com/2014/01/august-1986-bruce-wilson-made-headlinesoccupying-woodsides-north-rankin-offshore-gas-platform.html accessed 1 December 2015. 26 Andrew Garwood-Gowers, ‘Case Note: Case Concerning Oil Platforms (Islamic Republic of Iran v United States of America) – Did the ICJ Miss the Boat on the Law on the Use of Force?’ (2004) 5(1) Melbourne Journal of International Law 241, 243. 27 James Green, ‘The Oil Platforms Case: An Error in Judgement’ (2004) 9(3) Journal of Conflict and Security Law 357, 358. 28 Ibid. 29 Oil Platforms (Islamic Republic of Iran v United States of America)(Judgment) [2003] ICJ Rep 161.

Location

Date

409

Offshore production platforms

Iran

18 Apr 1988

Hostile state (US Navy)

Hostile state (Iranian Navy)

Hostile state (allegedly Iranian military)

Navy attack (using warships)

Navy attack (using patrol boats)

Standoff weapon

Severe damage to platforms Production halted for 4 years

Unknown No casualties

Serious damage

The US Navy attacked and destroyed Iranian offshore oil complexes, Salman and Nasr, shortly after the US frigate, Samuel B Roberts was damaged by a mine, allegedly belonging to Iran, in international waters near Bahrain.32 According to Iran, the attacks caused severe damage the platforms and the production at the Salman and Nasr offshore complexes was halted for four years and only resumed in 1992.33

In response to the US attack on the Iranian Joshan missile boat, Iranian patrol boats attacked the neighbouring Mubarak offshore oil field belonging to UAE. The Iranian patrol boats sprayed several ships and the offshore drilling rig with machine-gun fire and used grenades, but no casualties were caused.31

A missile attack on Kuwait’s primary offshore oil terminal caused serious damage. Iran was blamed for the attack.30

30 RAND Corporation, RAND Database of Worldwide Terrorism Incidents (2012) [data file] www.rand.org/nsrd/projects/terrorism-incidents/download.html accessed 12 March 2015. 31 David Crist, ‘Gulf of Conflict: A History of US-Iranian Confrontation at Sea’ (Policy Focus No 95, Washington Institute for Near East Policy, June 2009) 7–8. 32 Garwood-Gowers (n 26) 243. See also Oil Platforms [2003] ICJ Rep 161. 33 Oil Platforms [2003] ICJ Rep 161.

Mobile offshore drilling rig

UAE

Apr 1988

Offshore oil terminals

Kuwait

22 Oct 1987

410

Floating offshore oil storage platform

Floating offshore oil storage platform

Environment Unauthorised al activists boarding and (Greenpeace) occupation

Operations disrupted

Operations disrupted

Tactics/Scenario Impacts/Effects

Environment Unauthorised al activists boarding and (Greenpeace) occupation

Type of facility Perpetrators

The second occupation of Brent Spar began when two Greenpeace activists landed on the platform by helicopter.39 At that time, Greenpeace made claims that there were large quantities of toxic organic material in the tanks of Brent Spar that had not been declared by Shell.40 Four days later Shell reversed its decision to dump Brent Spar.41

Greenpeace activists boarded Shell’s Brent Spar floating offshore oil storage facility in the North Sea and occupied it for more than three weeks to protest against ocean dumping, which prevented Shell from commencing decommissioning procedures.34 Initially, the occupation elicited little reaction from Shell, but later Shell obtained a court order allowing the eviction of protesters from the platform.35 The first attempt to board Brent Spar was interrupted due to stormy weather, but on 23 May a cage full of security officials was lifted by crane onto the platform’s helipad.36 Activists barricaded themselves in and held out for another 18 hours,37 but were gradually removed from the platform.38

Details of attack/incident

34 Greenpeace, ‘1995 – Shell Reverses Decision to Dump the Brent Spar’ (13 September 2011) www.greenpeace.org/international/en/about/history/thebrent-spar/ accessed 1 December 2015; Anjali Cadambi, ‘Greenpeace Campaigns Against Dumping the Brent Spar Oil Rig, 1995’ (Global Nonviolent Action Database (GNAD), 8 November 2010) http://nvdatabase.swarthmore.edu/content/greenpeace-campaigns-against-dumping-brent-spar-oil-rig-1995 accessed 1 December 2015. 35 Greenpeace, ‘1995 – Shell Reverses Decision to Dump the Brent Spar’ (n 34). 36 Steve Erwood, The Greenpeace Chronicles: 40 Years of Protecting the Planet (2011) 100. 37 Ibid. 38 Greenpeace, ‘1995 – Shell Reverses Decision to Dump the Brent Spar’ (n 34). 39 Ibid. 40 Ragnar Lofstedt and Ortwin Renn, ‘The Brent Spar Controversy: An Example of Risk Communication Gone Wrong’ (1997) 17(2) Risk Analysis 131, 132; Cadambi (n 34). 41 Greenpeace, ‘1995 – Shell Reverses Decision to Dump the Brent Spar’ (n 34).

UK

UK

30 Apr 1995

16 Jun 1995

Location

Date

411

Netherlands

24 Aug 1997 or 25 Aug 1997

Offshore drilling rig

Semisubmersible drilling rig

Environment Blocking al activists passage and (Greenpeace) occupying drilling site Interference with operations

Environment Unauthorised al activists boarding and (Greenpeace) occupation

Operations disrupted

Operations disrupted

Greenpeace had occupied an offshore site in the Dutch part of the North Sea (in the Wadden Sea region) where a drilling rig of the Dutch Petroleum Company, also known as Nederlandse Aardolie Maatschappij, was due to start test drilling for gas.45 The rig was prevented from commencing drilling operations. On 29 August 1997, the company obtained a court injunction against Greenpeace’s occupation of its proposed drilling site in the North Sea.46 Another source reported that the protest took place on 25 August 1997.47

Greenpeace activists boarded and occupied the Swedish semi-submersible drilling rig Stena Dee, about 16 miles from the Foinaven oil field in the north eastern Atlantic as part of its campaign to protest against offshore oil drilling.42 Apparently, while activists occupied the platform, swimmers placed themselves in its path. The occupation lasted nine days during which time activists lived in a solar survival capsule, suspended at the side of platform.43 In response, BP commenced £1.4m damages claim for losses suffered by the company and obtained an injunction preventing Greenpeace from any further disruption of BP’s activities at the Foinaven field, but after significant pressure from the public and other NGOs, BP decided to drop its court action.44

42 Erwood (n 36) 108; ‘“No New Oil” Campaign Continues World-Wide’ (The Skeptic Tank, October/November 1997) www.skeptictank.org/treasure/ GP2/GPB1097.TXT accessed 1 December 2015. 43 ‘“No New Oil” Campaign Continues World-Wide’ (n 42). 44 Ibid. 45 ‘Greenpeace Occupies Dutch Site. (Dutch Wadden Sea Site, To Prevent Gas Exploration by Netherlands Aardolie Maatschappij)’, The Oil Daily (High Beam, 26 August 1997) www.highbeam.com/doc/1G1-19718966.html accessed 1 December 2015; ‘“No New Oil” Campaign Continues World-Wide’ (n 42). 46 ‘Court Restrains Greenpeace’, The Oil Daily (High Beam, 2 September 1997) www.highbeam.com/doc/1G1-19721680.html accessed 1 December 2015. 47 Ibid.

UK

13 Aug 1997

412

Offshore oil terminal

Offshore oil production platform

Nigerian youths (antioil activists)

Nigerian youths (antioil activists)

Nigerian youths (antioil activists)

Unauthorised boarding and occupation

Unauthorised boarding and occupation Unlawful detention of workers

Unauthorised boarding and occupation

Unauthorised boarding and occupation

Interference with company operations

Operations disrupted 2 protesters killed and several wounded

Operations disrupted Production shutdown

Operations disrupted Production shutdown

Tactics/Scenario Impacts/Effects

On 9 October 1998, approximately 400 youths occupied Shell’s Forcados offshore oil terminal for several hours, protesting non-payment of compensation for Mobil’s oil spill earlier that year.53

Over 100 unarmed Ilaje protesters travelled to Chevron’s Parabe oil production platform about nine nautical miles offshore,50 seized the platform and took offshore workers hostage.51 They demanded jobs and compensation for ecological and economic grievances. After several days of negotiations, Chevron used its contracted helicopters to fly Nigerian security forces to the platform, who opened fire and killed two protesters and wounded several others.52

Texaco’s Funiwa offshore platform was again boarded by youths from Koluama who occupied it for about 10 days, causing an eleven day slippage in the export loading schedule from POT.49

Texaco’s Funiwa offshore platform was boarded and occupied for several days by local youths from the Koluama community, halting the 55,000 bpd production.48

Details of attack/incident

48 Human Rights Watch, The Price of Oil: Corporate Responsibility and Human Rights Violations in Nigeria’s Oil Producing Communities (January 1999) 124. 49 Ibid. 50 Ibid. 135. 51 Philippe Le Billon, ‘Fuelling War: Natural Resources and Armed Conflict’ (Adelphi Paper No. 373, International Institute for Strategic Studies, 2005) 7, 36. 52 Human Rights Watch (n 48) 137. 53 Ibid. 126.

Nigeria

Nigeria

25 May 1998

9 Oct 1998

Nigeria

10 Mar 1998

Offshore platform

Offshore platform

Nigeria

20 Jan 1998

Nigerian youths (antioil activists)

Type of facility Perpetrators

Location

Date

413

Nigeria

Nigeria

18 Jun 1999

27 Jun 1999

Offshore oil platform

Offshore oil platforms

Offshore oil terminal

Insurgents/O rganised criminal group

Nigerian youths (antioil activists)

Nigerian youths (antioil activists)

Armed intrusion Kidnapping

Unauthorised boarding and occupation

Unauthorised boarding and occupation

Damage to facility 3 workers kidnapped Hijacked helicopter

Interference with company operations Production shutdown

Interference with company operations

Armed youths from a criminal/insurgent group called Enough is Enough in the Niger River stormed Shell’s oil platform in Port Harcourt.57 The attackers kidnapped three oil workers (one American, one Nigerian and one Australian),58 and bombed the platform causing some damage. The attackers also hijacked a helicopter and two pilots forcing the pilots to fly them to a village near Warri.59 The hostages were released unharmed 19 days later for an undisclosed ransom.60

Youths from the Koluama community had boarded and occupied two Texaco oil platforms, which resulted in Texaco declaring force majeure on 21 June and shutting down production on six platforms (Pennington, Middleton, Funiwa and North Apoi, as well as Bonny and Forcados oil terminals).55 Texaco lifted its force majeure declaration on 29 June and resumed oil production, but in July and August reimposed force majeure declaration on these facilities and evacuated personnel.56

Nigerian youths again occupied Shell’s Forcados offshore terminal protesting the Mobil spill, but were removed one day later.54

54 Ibid. 55 ONI, Worldwide Threat to Shipping: Mariner Warning Information (30 June 1999) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/ wwtts/wwtts_19990630000000.txt accessed 1 December 2015. 56 Ibid. 57 Ibid. 58 OTS, Offshore Oil & Gas Risk Context Statement (April 2005) 25; ONI, Worldwide Threat to Shipping: Mariner Warning Information (25 August 1999) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/wwtts/wwtts_19990825000000.txt accessed 1 December 2015. 59 Neal Adams, Terrorism & Oil (PennWell 2003) 11; Brynjar Lia and Ashild Kjok, ‘Energy Supply as Terrorist Targets? Patterns of “Petroleum Terrorism” 1968–99’ in Daniel Heradstveit and Helge Hveem (eds), Oil in the Gulf: Obstacles to Democracy and Development (Ashgate 2004) 100, 110. 60 Ashild Kjok and Brynjar Lia, ‘Terrorism and Oil – An Explosive Mixture?: A Survey of Terrorist and Rebel Attacks on Petroleum Infrastructure 1968–1999’ (Norwegian Defence Research Establishment (FFI) Report No. 2001/04031, FFI, 2001) 20; DOS, Patterns of Global Terrorism 1999 (2000).

Nigeria

9 Dec 1998

414

Nigeria

Nigeria

UK

20 Jul 1999 or 24 Jul 1999

10 Aug 1999

26 Mar 2000

Offshore oil rig

Oil platform

Offshore oil rig

Armed intrusion Kidnapping

Operations disrupted

3 workers kidnapped

Armed 64 workers intrusion held hostage/ Seizure of captive installation Hostage taking

Tactics/Scenario Impacts/Effects

Environment Unauthorised al activists boarding and (Greenpeace) occupation

Unidentified gunmen

Armed Nigerian youths/ Organised criminal group

Type of facility Perpetrators

Two Greenpeace activists boarded and tied themselves to the Jack Bates offshore rig in the Cromarty Firth, delaying its departure for the area west of the Hebrides.65 The activists climbed down the following day after the company obtained a court injunction, but the activists were not arrested.66 The protesters eluded the police by being ferried out to the Greenpeace ship Beluga.67

Three British nationals were kidnapped by armed youths from a US-operated oil platform in the Niger Delta region.63 No one was injured, and no one claimed responsibility. On 11 August 1999, the youths released the hostages unharmed.64

Armed men, apparently Nigerian youths of the Isoko ethnic group, stormed and seized a Shelloperated oil rig and took hostage 64 oil workers (57 Nigerians and seven British nationals). The hostages were released two days later unharmed.61 One source has reported that the attack took place on 24 July.62

Details of attack/incident

61 DOS (n 60). 62 ONI, Worldwide Threat to Shipping: Mariner Warning Information (25 August 1999) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/ wwtts/wwtts_19990825000000.txt accessed 1 December 2015. 63 Adams (n 59) 11. 64 DOS (n 60). 65 ‘Greenpeace Protesters Occupy Oil Rig’ (BBC, 1 April 2001) http://news.bbc.co.uk/2/hi/uk_news/scotland/1254274.stm accessed 1 December 2015; Hugh Dougherty, ‘30 Arrests Amid Greenpeace Rig Protest’ (Independent, 31 March 2000) www.independent.co.uk/environment/30-arrests-amid-greenpeacerig-protest-282252.html accessed 1 December 2015. 66 Dougherty (n 65). 67 ONI, Worldwide Threat to Shipping: Mariner Warning Information (30 March 2000) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/ wwtts/wwtts_20000330000000.txt accessed 1 December 2015.

Location

Date

415

Nigeria

Guyana/ Suriname

10 May 2000

3 Jun 2000

Offshore drilling rig

Offshore drilling rig

Offshore oil rig

Hostile state (Suriname Navy)

Organised criminal group/Insurg ents

Threat of attack

Intrusion Threat of attack (Bomb threat)

Environment Unauthorised boarding and al activists (Greenpeace) occupation

Operations disrupted Facility forced out from the area

Operations disrupted Workers evacuated

Operations disrupted

Gunboats of the Suriname Navy approached an American-owned and operated offshore oil drilling rig, CE Thornton, retained by the Canadian corporation CGX Energy.71 The Canadian company had received a licence from the Guyanese government to conduct exploratory drilling in a disputed area of the continental shelf claimed by both Guyana and Suriname.72 The Surinamese Navy advised that the rig was in Surinamese waters and ordered it to stop unauthorised drilling immediately and clear the area within 12 hours. Fearing that the Surinamese Navy would use force against it, the oil rig decided to follow the orders to withdraw.73

About 30 Ijaw youths stormed the Chevronoperated offshore drill rig Millard Bay 74 in the Dibi area of the Delta state. They assaulted company personnel, seized four workboats and threatened to blow up the offshore rig if drilling operations were not stopped. The platform operations were shut down by the company and personnel evacuated.70

Greenpeace activists boarded and occupied the Sovereign Explorer offshore rig to protest against drilling operations in the Atlantic. Several activists climbed the legs of the rig when it was at anchor in order to prevent it from being towed to an offshore site to drill for oil.68 The activists ended the protest after a judge ordered them to leave.69

68 Dougherty (n 65). 69 ‘Greenpeace Protesters Occupy Oil Rig’ (n 65). 70 ONI, Worldwide Threat to Shipping: Mariner Warning Information (24 May 2000) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/wwtts/ wwtts_20000524000000.txt accessed 1 December 2015. 71 Patricia Kwast, ‘Maritime Law Enforcement and the Use of Force: Reflections on the Categorisation of Forcible Action at Sea in the Light of the Guyana/Suriname Award’ (2008) 13(1) Journal of Conflict and Security Law 49, 49. 72 Donna Nincic, ‘Troubled Waters: Energy Security and Maritime Security’ in Gal Luft and Anne Korin (eds), Energy Security Challenges for the 21st Century: A Reference Handbook (ABC-CLIO 2009) 31, 32; Michael Klare, Resource Wars: The New Landscape of Global Conflict (Owl Books 2002) 231. 73 Kwast (n 71) 50.

UK

31 Mar 2000

416

Offshore oil platforms

Tactics/Scenario Impacts/Effects

Armed assault (detonation of explosives)

Operations disrupted Oil loading shut down

Rebels attacked Covenas oil terminal located about 12 km offshore. The terminal was damaged as a result of bombing which prevented tanker loading and the terminal was forced to shut down.76 This was believed to be the first time the terminal itself was attacked.77

Between 35 to 60 armed youths, believed to be Ijaw militants, used a rowboat to reach two oil platforms in the Bayelsa state,74 seized control of the platforms and took 165 oil workers hostage, including 20 foreigners. They demanded that Shell employ more Nigerians and that it pay a fee to the local community for exploiting its oil resources. Shell made a deal with the perpetrators and the oil workers were released a few days later.75

Details of attack/incident

74 Kjok and Lia (n 60) 20; ONI, Worldwide Threat to Shipping: Mariner Warning Information (16 August 2000) NGA http://msi.nga.mil/MSISite Content/StaticFiles/MISC/wwtts/wwtts_20000816000000.txt accessed 1 December 2015. 75 Kjok and Lia (n 60) 20; Lia and Kjok (n 59) 110. 76 ONI, Worldwide Threat to Shipping: Mariner Warning Information (16 August 2000) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/ wwtts/wwtts_20000816000000.txt accessed 1 December 2015. 77 Ibid.

Insurgents

Armed Armed 165 workers youths/Organ intrusion taken ised criminal Hostage taking hostage/held group captive

Type of facility Perpetrators

Colombia Offshore oil export terminal

Nigeria

31 Jul 2000

9 Aug 2000

Location

Date

417

UK

6 Apr 2001

Offshore drilling rig

Offshore drilling rig

Environment Unauthorised al activists boarding and (Greenpeace) occupation

Environment Unauthorised al activists boarding and (Greenpeace) occupation

Operations disrupted

Operations disrupted

Six Greenpeace activists boarded a US-owned offshore oil rig Sante Fe 135, located in the North Sea about 30 nautical miles from the UK coast, to protest against offshore oil drilling.81 Three activists attached a ‘survival capsule’ to one of the rig’s legs and two other activists have abseiled down one of the rig’s legs to paint ‘Oil Kills’ in giant letters and returned to the Greenpeace ship, MV Greenpeace, which was on standby.82 The protest interrupted the drilling rig’s operations for over 24 hours.83 On 10 April, the police boarded MV Greenpeace and arrested several activists.84

Twenty-one Greenpeace activists prevented semisubmersible oil rig Drill Star, operated by a US-based oil company Jet, from leaving Scotland’s Cromarty Firth to drill for oil in the North Sea.78 It was reported that five dinghies criss-crossed the rig’s path as it weighed anchor and nine activists chained themselves to the drill stack some 55 metres above the water in the Cromarty Firth.79 Two activists have abseiled down one of the platform’s legs and painted ‘Oil Kills’ in giant letters.80

78 Greenpeace, ‘Greenpeace Volunteers Occupy Second Oil Rig Out at Sea to Stop Drilling’ (6 April 2001) www.greenpeace.org.uk/media/pressreleases/greenpeace-volunteers-occupy-second-oil-rig-out-at-sea-to-stop-drilling accessed 1 December 2015; Erwood (n 36) 70. 79 ‘Oil Rig Protest Ends Peacefully’ (BBC, 7 April 2001) http://news.bbc.co.uk/2/hi/uk_news/scotland/1265137.stm accessed 1 December 2015; Greenpeace, ‘Greenpeace Occupy JET Oil-Rig in the Cromarty Firth’ (1 April 2001) www.greenpeace.org.uk/media/press-releases/greenpeace-occupy-jet-oil-rig-in-thecromarty-firth accessed 1 December 2015. However, other sources have reported that Greenpeace activists chained themselves insider a protected gantry space: ONI, Worldwide Threat to Shipping: Mariner Warning Information (27 April 2001) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/wwtts/ wwtts_20010427000000.txt accessed 1 December 2015. 80 Greenpeace, ‘Greenpeace Volunteers Invade Oil Rig to Stop Drilling by US Oil Giant’ (1 April 2001) www.greenpeace.org.uk/media/pressreleases/greenpeace-volunteers-invade-oil-rig-to-stop-drilling-by-us-oil-giant accessed 1 December 2015. 81 Greenpeace, ‘Greenpeace Volunteers Occupy Second Oil Rig Out at Sea’ (n 78). 82 Ibid.; Greenpeace, ‘Greenpeace Occupy JET Oil-Rig in the Cromarty Firth’ (1 April 2001) www.greenpeace.org.uk/media/press-releases/greenpeaceoccupy-jet-oil-rig-in-the-cromarty-firth accessed 1 December 2015. 83 ‘Oil Rig Protest Ends Peacefully’ (n 79). 84 ONI, Worldwide Threat to Shipping: Mariner Warning Information (27 April 2001) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/ wwtts/wwtts_20010427000000.txt accessed 1 December 2015.

UK

1 Apr 2001

418

Netherlands

Malaysia

Netherlands

15 Jun 2001

4 Jul 2001

25 Jul 2001

Unknown

Offshore oil rig

Offshore drilling rig

False alarm

Environment Blocking/occu al activists pying drilling (Greenpeace) site Interference with operations

Not applicable

Operations disrupted

100 offshore personnel evacuated Security forces responded

Unknown

Tactics/Scenario Impacts/Effects

Environment Unauthorised al activists boarding and (Greenpeace) occupation

Type of facility Perpetrators

Greenpeace activists installed a power-generating windmill in the North Sea directly over a spot where oil drilling was to commence, thereby blocking the oil rig from accessing the drilling site.88 Operations were carried out using the MV Greenpeace. On 30 July, Greenpeace was forced to remove the windmill under court threat of a fine of 350,000 Dutch guilders per day for every day that it remained.89

A routine piracy warning caused evacuation of 100 offshore personnel from the Shell oil rig St Joseph off Sabah. The rig was then surrounded by security forces, responding to inaccurate reports that it had been attacked.87

Five Greenpeace activists boarded and occupied the offshore drilling rig K-18 Kotter some 50 km west of Den Helder protesting the US rejection of the Kyoto Treaty.85 Activists abandoned the protest on 17 June due to deteriorating weather.86

Details of attack/incident

85 Ibid. 86 Ibid. 87 ONI, Worldwide Threat to Shipping: Mariner Warning Information (18 July 2001) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/wwtts/ wwtts_20010718000000.txt accessed 1 December 2015. 88 ONI, Worldwide Threat to Shipping: Mariner Warning Information (22 August 2001) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/wwtts/ wwtts_20010822000000.txt accessed 1 December 2015. 89 Ibid.

Location

Date

419

Nigeria

Nigeria

21 Jan 2002

21 Apr 2002

Offshore oil rig

Offshore oil rig

Nigerian youths

Insurgents

Offshore jack- Armed up drilling rig youths/Local anti-oil activists

Unauthorised boarding Takeover/occu pation Unlawful detention of offshore workers

Attempted armed intrusion

Unauthorised boarding and occupation Unlawful detention of offshore workers

Operations disrupted 88 workers held hostage/captive

Unsuccessful attack

Operations disrupted 50 workers held captive

About 40 youths, believed to be of the Ilaje community, boarded and seized an offshore oil rig about five miles off Escravos apparently expressing their grievances and demanding jobs.93 They took 88 offshore workers hostage and blocked the rig’s helipad to prevent any rescue attempts. The hostages were released unharmed several days later and on 25 April the perpetrators left the offshore rig.94

It has been reported that militants attempting to board an offshore rig were confronted by the Nigerian navy and at least seven die in the subsequent fighting.92

The local community group of anti-oil activists boarded Shell’s production platform and the nearby Trident VIII jack-up drilling rig. The rig’s crew was safely evacuated to Port Harcourt and the activists withdrew.90 However, another source reported that militant youths seized the Trident VIII drilling rig, which was working offshore from Port Harcourt in the mouth of the Bonny river, and held 50 offshore workers captive until 27 August, but no ransom is known to have been paid to the attackers.91

90 Transocean Sedco Forex, ‘Crew of Trident 8 Jackup Safely Evacuated’ (Rig Zone, 27 August 2001) www.rigzone.com/news/article.asp?a_id=1422 1 December 2015. 91 ONI, Worldwide Threat to Shipping: Mariner Warning Information (12 September 2001) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/wwtts/ wwtts_20010912000000.txt accessed 1 December 2015. 92 Richard Synge, ‘Reverse Order Chronology from Jan 2009 – Conflict in the Niger Delta Region’ (David Last, 9 May 2009) www.davidmlast.org/ Research/Niger_Delta_files/Timeline.pdf accessed 1 December 2015. 93 ONI, Worldwide Threat to Shipping: Mariner Warning Information (1 May 2002) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/wwtts/ wwtts_20020501000000.txt accessed 1 December 2015. 94 Ibid.

Nigeria

23 Aug 2001

420

Nigeria

15 Nov 2002

Offshore rig

Offshore drilling rig

Offshore drilling rig

Insiders (striking Nigerian workers)

Unidentified perpetrators

Local residents

Type of facility Perpetrators

Takeover/occu pation (strike/protest) Unlawful detention of offshore workers

Unauthorised boarding and occupation Unlawful detention of offshore workers Operations disrupted Workers detained/held captive

Operations disrupted 75 workers detained/held captive

Oil workers on board the offshore rig MG Hulme staged a union-supported strike and took over the rig after Transocean took disciplinary action against five colleagues and a decision by the company to transport Nigerian workers to offshore platforms by boats (making them vulnerable to attacks) while transporting expatriates by helicopters.99 The strike ended on 2 May and all workers were released.100

Transocean’s offshore drilling rig Nghulmej was boarded by about 20 men off the coast of Nigeria who detained 75 offshore workers held them captive.97 Apparently, the rig had earlier been threatened as part of ongoing communal disputes with the central government over sharing of oil revenues with local communities.98

A group of 50 women in 15 boats travelled to the Chevron/Texaco offshore drilling rig protesting against the destruction of their fishing lines and contamination of local waters.95 They boarded the rig and disrupted its operations. Reportedly, the same women had earlier occupied another offshore rig demanding jobs for the youths in their villages.96

Unauthorised boarding and occupation Operations disrupted

Details of attack/incident

Tactics/Scenario Impacts/Effects

95 ONI, Worldwide Threat to Shipping: Mariner Warning Information (21 August 2002) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/wwtts/ wwtts_20020821000000.txt accessed 1 December 2015. 96 Ibid. 97 ONI, Worldwide Threat to Shipping: Mariner Warning Information (5 December 2001) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/wwtts/ wwtts_20011205000000.txt accessed 1 December 2015. Reported coordinates: 03°18.50’N; 006°33.30’E. 98 Ibid. 99 Terisa Turner and Leigh Brownhill, ‘Women’s Oil Wars in Nigeria’ (2002) 35(1) Labour, Capital and Society 132, 147. 100 Ibid.

Nigeria

Nigeria

Aug 2002

16 Apr 2003

Location

Date

421

Nigeria

Apr 2003

FPSO

Offshore platforms

Unidentified perpetrators

Insiders (striking Nigerian workers)

Threat of attack (bomb threat)

Takeover/occu pation (strike/protest) Unlawful detention of offshore workers

Unknown

Operations disrupted About 200 workers detained/held captive

Shell reported, on 27 April, that it received threats from what they termed ‘criminal elements’ to blow up its FPSO Sea Eagle, located about 12 nautical miles offshore.105 To counter the threat, Shell had placed notices in local newspapers announcing that the perpetrators’ plans were well know, a tactic that apparently had worked in the past as a deterrent.106

Disgruntled striking offshore workers took over Transocean’s other three offshore platforms and held hostage about 200 offshore workers who refused to join the strike, including some 50 foreign nationals.101 The striking workers were protesting a disciplinary action against five colleagues and the company’s policy to transport Nigerian workers to offshore platforms by boats while transporting expatriates by helicopters.102 The striking workers claimed to have explosives. They had prevented boats from docking at the platforms and helicopters from landing on the platform by placing oil barrels in the landing area to block helicopters.103 The strike ended on 2 May and all workers were released.104

101 Ibid.; Luke Oyawiri, ‘Rivers Hostages: Britons May Take Legal Action’ This Day (Lagos, 2003). However, it was also reported that only about 100 oil workers were held hostage: John Thackrah, Dictionary of Terrorism (2nd edn, Routledge 2004) 185. 102 Turner and Brownhill (n 99) 147. 103 John Vidal, ‘Oil Rig Hostages Are Freed By Strikers as Mercenaries Fly Out’ (Guardian, 3 May 2003) www.theguardian.com/world/ 2003/may/03/oil.business accessed 1 December 2015. 104 Turner and Brownhill (n 99). 105 ONI, Worldwide Threat to Shipping: Mariner Warning Information (30 April 2003) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/wwtts/ wwtts_20030430000000.txt accessed 1 December 2015. 106 Ibid.

Nigeria

19 Apr 2003

422

Nigeria

Nigeria

May 2003

19 Nov 2003 or 23 Dec 2003

Offshore oil platform

Unidentified perpetrators

Unauthorised boarding and occupation Hostage taking

Operations disrupted Workers held hostage/captive

Operations disrupted Workers held hostage/captive

Unauthorised boarding and occupation Hostage taking

Offshore platform

Nigerian youths

Tactics/Scenario Impacts/Effects

Type of facility Perpetrators

Offshore oil workers were taken hostage on board a Chevron Texaco oil platform. The Nigerian Navy stormed the platform on 20 November and rescued 18 hostages.108 One of the attackers was reportedly killed and 20 taken into custody, and the remaining hostages were released on 1 December.109 Another source reported that this incident took place on 26 December 2003.110

Chevron’s ‘home guards’ (i.e. local Nigerian youths paid by a company to protect its facilities) turned on Chevron, occupied an offshore platform near the coast of Bayelsa state and held offshore workers hostage until the Nigerian Navy intervened.107

Details of attack/incident

107 Ben Amunwa, ‘Fuelling Violence: Oil Companies and Armed Militancy in Nigeria’ (2012) 11. 108 ONI, Worldwide Threat to Shipping: Mariner Warning Information (7 January 2004) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/ wwtts/wwtts_20040107000000.txt accessed 1 December 2015. 109 Ibid. 110 Synge (n 92).

Location

Date

423

Iraq

Offshore oil export terminal

Terrorists (JTWJ)

Explosiveladen boats attack

Minor damage to equipment Terminal shutdown Lost revenues Disruption to oil supplies Spike in global oil prices

Terrorists carried out a suicide boat attack on the offshore ABOT in the Persian Gulf.111 Two zodiac-type speedboats piloted by suicide bombers approached the terminal at high speed. The lead boat aimed at the platform and was fired upon and detonated before it could hit the platform. The second boat was also fired upon, killing the perpetrators. The boat still rammed MV Takasuza oil tanker, but failed to explode.112 ABOT, capable of exporting up to 900,000 bpd, was shut down for two days, which (together with the closure of KAAOT) cost about US$28 million in lost revenues.113 Reportedly, the attack also caused a spike in oil prices which, in turn, resulted in a further loss of approximately US$6 billion to the global economy.114 The attack was carried out by JTWJ terrorist group based in Iraq. The initial security zone of 2 nautical miles around ABOT was supplemented with a 3,000metre warning zone and a 2,000-metre exclusion zone.115

111 Nicolas Pyke, ‘Suicide Bomber Boats Explode in Attack on Basra Oil Terminal’ (The Independent, 25 April 2004) www.independent.co.uk/news/ world/middle-east/suicide-bomber-boats-explode-in-attack-on-basra-oil-terminal-756454.html accessed 20 September 2008. 112 Peter Lehr, ‘Maritime Terrorism: Locations, Actors, and Capabilities’ in Rupert Herbert-Burns, Sam Bateman and Peter Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2009) 55, 60 (noting that according to one report both boats exploded before they could reach their targets): at 60, fn 12, citing Jonathan Howland, ‘Countering Maritime Terror, US Thwarts Attacks, Builds Up Foreign Navies’ (JINSA Online, 17 June 2004). 113 Ali Koknar, ‘Maritime Terrorism: A New Challenge for NATO’ (2005) Energy Security [18] www.iags.org/n0124051.htm accessed 1 December 2015. See also John Daly, ‘The Threat to Iraqi Oil’ (2004) 2(12) Terrorism Monitor; Lehr (n 112) 61. 114 Andrew Forbes, ‘The Economic Impact of Disruptions to Seaborne Energy Flows’ (2008) 23 Papers in Australian Maritime Affairs 57, 65. 115 US Government, US Navy, ‘Coalition Maritime Forces Revise Iraqi Oil Terminal Protection Procedures’ (6 May 2004) www.navy.mil/search/ display.asp?story_id=13177 accessed 1 December 2015; US Navy, The Commander’s Handbook on the Law of Naval Operations (July 2007) app C.

24 Apr 2004

424

Offshore oil rig

Offshore oil export terminal

Insiders (disgruntled employees)

Terrorists (JTWJ)

Type of facility Perpetrators

Takeover/ seizure Unlawful detention of offshore workers

Explosiveladen boat attack

Workers held captive

3 servicemen killed 4 Navy personnel injured Terminal shutdown Disruption to oil suppliesSpike in global oil price

Tactics/Scenario Impacts/Effects

Eight foreign oil workers were held captive by disgruntled subordinate employees on an oil rig off southern Nigeria, near the town of Brass in the Niger Delta.121 The hostages were freed on 20 July after spending a night on the rig.122

Terrorists carried out a suicide boat attack against offshore KAAOT in the Persian Gulf using an explosive-laden dhow.116 The dhow was intercepted by a coalition forces ship as it approached KAAOT’ exclusion zone and exploded as soon as it was boarded killing two US Navy sailors and one US Coastguardsman, and injuring four or five others.117 No damage was reported, but the terminal was immediately shut down by the authorities.118 KAAOT, which exports about 700,000 bpd, reopened the next day.119 The attack was carried out by JTWJ terrorist group based in Iraq, which had become known as AQI and later transformed into ISIL and IS. The initial two-nautical mile security zone around KAAOT was supplemented with a 3,000metre warning zone and a 2,000-metre exclusion zone.120

Details of attack/incident

116 See, e.g. John Daly, ‘Terrorism and Piracy: The Dual Threat to Maritime Shipping’ (2008) 6(16) Terrorism Monitor 4. 117 Lehr (n 112) 61; ONI, Worldwide Threat to Shipping: Mariner Warning Information (28 April 2004) NGA http://msi.nga.mil/MSISiteContent/ StaticFiles/MISC/wwtts/wwtts_20040428000000.txt accessed 1 December 2015. 118 Pyke (n 111). 119 Koknar (n 113); Lehr (n 112) 61; Pyke (n 111). 120 US Navy, ‘Coalition Maritime Forces Revise Iraqi Oil Terminal Protection Procedures’ (n 115); US Navy, The Commander’s Handbook (n 115) app C. 121 ONI, Worldwide Threat to Shipping: Mariner Warning Information (21 July 2004) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/wwtts/ wwtts_20040721000000.txt accessed 1 December 2015. 122 Ibid.

Nigeria

Iraq

24 Apr 2004

19 Jul 2004

Location

Date

425

Offshore oil rig (under tow) & Tug boat

Indonesia /Malaysia (Malacca Strait)

3 Nov 2004

Armed men (believed to be pirates)

Insurgents

Attempted boarding Armed assault (shooting)

Abduction of offshore workers

Damage to navigation equipment

Workers abducted

In the Malacca Strait, outside Malaysia’s and Indonesia’s territorial seas, several lookalike fishing boats followed a tug towing the oil rig Ocean Sovereign.125 The crew noticed a boat heading for the tug. As the boat came within 250 metres of the tug, the perpetrators started shooting, causing extensive damage to the navigational equipment and ship’s superstructure. The crew switched on the lights, activated fire hoses and fired rocket flares, but the pirates continued to shoot with automatic weapons. When they were within 50 metres, the crew took evasive manoeuvres and the pirate boat moved away. There were no physical injuries to crew.126

Insurgents abducted several western nationals on offshore oil installations off the coast of the Red Sea, but released them several hours later. Yemeni authorities have increased security at all sea ports and oil terminals in response to the attacks and intelligence about the intention of a terrorist group to attack vital oil facilities on Yemeni shores.123 Security authorities deployed helicopters around two oil terminals in the Arabian Sea and the Red Sea to protect the installations.124

123 ‘Yemen on Alert for Al Qaida Attack on Oil Facilities’, (World Tribune, 3 September 2004) www.worldtribune.com/worldtribune/WTARC/ 2004/me_terror_09_03.html accessed 1 December 2015. 124 Ibid.; Shawn Woodford, ‘Al-Qaeda and Saudi Arabia: A Chronology’ in Erich Marquardt (ed.), Saudi Arabian Oil Facilities: The Achilles Heel of the Western Economy (Jamestown Foundation 2006) 35, 44. 125 IMO, Reports on Acts of Piracy and Armed Robbery Against Ships: Issued Monthly – Acts Reported During November 2004, IMO Doc MSC.4/Circ.61 (16 December 2004) annex 2 (‘Acts of Piracy and Armed Robbery Allegedly Attempted Against Ships Reported by Member States or International Organizations in Consultative Status’) 1. 126 Ibid.

Offshore oil platforms

Yemen

Sep 2004

426

Nigeria

Nigeria

Nigeria

12 Jun 2005

15 Jun 2005

22 Sep 2005

Offshore platform

Offshore platform

FPSO

Insurgents (NDPVF)

Insurgents

Unidentified gunmen

Type of facility Perpetrators

Armed intrusion Seizure and occupation

Production (8,000 bpd) shut down Weapons seized from security personnel

Armed 6 workers intrusion taken hostage Hostage taking

Armed 45 offshore intrusion workers taken Takeover / hostage seizure Hostage taking

Tactics/Scenario Impacts/Effects

More than 100 armed militants, believed to be members of the NDPVF, travelling in speedboats, each carrying over ten gunmen, attacked Chevron’s Idama oil platform in the southern Niger Delta, in response to the arrest of an ethnic leader.130 Armed with assault rifles, they stormed the platform and disarmed government security forces personnel who were protecting the installation. Production of 8,000 bpd was shut down.131

Two Germans and four Nigerian offshore workers working on an offshore platforms for Bilfinger Berger Gas and Oil Services, a subcontractor to Shell and other oil companies, were taken hostage reportedly by ethnic Ijaw militants.129

A group of men armed with knives and machine guns boarded the FPSO Jamestown about 10 miles off the coast of Warri and took hostage all 45 crew members.127 The attackers barricaded the helipad, shutdown production, and demanded payment from the company, but after negotiations, they released all hostages unharmed on 15 June and departed.128

Details of attack/incident

127 IMB, Piracy and Armed Robbery Against Ships Annual Report 1 January – 31 December 2005 (2006) 55; ONI, Worldwide Threat to Shipping: Mariner Warning Information (22 June 2005) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/wwtts/wwtts_20050622000000.txt accessed 1 December 2015. 128 Ibid. 129 Synge (n 92). 130 ‘Delta Rebels Storm Idama Platform’ (Upstream Online, 22 September 2005) www.upstreamonline.com/live/article98970.ece accessed 1 December 2015; Estelle Shirbon, ‘Armed Militants Seize Oil Platform After Leader is Held’ (The Scotsman, 23 September 2005) www.scotsman.com/news/world/armedmilitants-seize-oil-platform-after-leader-is-held-1-1097307 accessed 1 December 2015. 131 Shirbon (n 130).

Location

Date

427

Nigeria

Nigeria

18 Feb 2006

2 Jun 2006

Offshore semisubmersible drilling rig

Offshore oil loading terminal & offshore barge

Offshore production platform

Insurgents

Insurgents (MEND)

Insurgents (MEND)

Armed intrusion Abduction of offshore workers

Bombing Abduction of offshore workers

8 crew members abducted 20 personnel evacuated Operations halted Oil price increased

9 workers abducted Platform equipment damaged

Armed Platform shut intrusion down Hostage taking 4 workers abducted Production (115,000 bpd) shut down

About 30 armed militants boarded a semisubmersible rig, Bulford Dolphin, about 65 km offshore, and abducted eight offshore workers, but released them a couple of days later.138 About 20 non-essential personnel were evacuated to shore and the rest of the crew was safe, but operations were temporarily halted. The attack reportedly contributed to the rise of oil prices by about US$1 to US$71.50 per barrel.139

MEND insurgents in speedboats bombed Forcados offshore oil loading terminal and abducted nine workers from the nearby offshore barge at the Escravos coast.135 They also damaged oil platform equipment.136 Six workers were released on 1 March 2006 and the remaining three on 27 March 2006.137

MEND insurgents attacked Shell’s EA offshore platform about 15 km offshore and kidnapped four foreign oil workers from an offshore support vessel anchored at the platform.132 The company shut down the 115,000 bpd EA platform. MEND demanded the immediate release of the founder and leader of NDPVF, Alhaji Mujahid DokuboAsari.133 Insurgents reportedly also blew up crude oil pipelines, cutting supplies to Forcados offshore export terminal by 100,000 bpd.134

132 ‘Gunmen in Kidnap Raid on Oil Platform’ (Red Orbit, 2008); Erich Marquardt, ‘The Niger Delta Insurgency and Its Threat to Energy Security’ in Jonathan Hutzley (ed.), Unmasking Terror: A Global Review of Terrorist Activities, vol. 3 (Jamestown Foundation 2007) 236, 238. 133 Ibid. 134 ‘Chronology of Nigerian Militants’ Attacks’ (Africa Master Web, 21 February 2007) www.africamasterweb.com/AdSense/NigerianMilitants 06Chronology.html accessed 1 December 2015. See also Arild Nodland, ‘Guns, Oil, and “Cake”: Maritime Security in the Gulf of Guinea’ in Bruce Elleman, Andrew Forbes and David Rosenbert (eds), Piracy and Maritime Crime (Naval War College Press 2010) 191, 198. 135 IMB, Piracy and Armed Robbery Against Ships Report for the Period 1 January–31 March 2006 (2006) 25. See also Michael Watts, ‘Sweet and Sour’ in Michael Watts (ed.), Curse of the Black Gold: 50 Years of Oil in Niger Delta (Powerhouse Books 2008) 36, 37; Michael Watts, ‘Petro-Insurgency or Criminal Syndicate? Conflict, Violence and Political Disorder in the Niger Delta’ (Working Paper No. 16, Institute of International Studies, 2008) 17. 136 IMO, Reports on Acts of Piracy and Armed Robbery Against Ships: Issued Monthly – Acts Reported During March 2006, IMO Doc MSC.4/Circ.84 (18 April 2006) annex 1 (‘Acts of Piracy and Armed Robbery Allegedly Committed Against Ships Reported by Member States or International Organizations in Consultative Status’) 1. 137 Bergen Risk Solutions, ‘Niger Delta Maritime Security Quarterly Review’ (9 July 2007) 15. 138 Martyn Wingrove, ‘Nigeria Kidnap Hikes Up Oil Price’, Lloyd’s List DCN (Sydney, 8 June 2006) 14; Bergen Risk Solutions (n 137) 15. See also Marquardt (n 132) 240; ONI, Worldwide Threat to Shipping: Mariner Warning Information (18 April 2007) NGA http://msi.nga.mil/MSISiteContent/ StaticFiles/MISC/wwtts/wwtts_20070418100000.txt 1 December 2015. 139 Wingrove (n 138) 14.

Nigeria

10 Jan 2006 or 11 Jan 2006

428

Nigeria

Iran

5 Jul 2006

22 Aug 2006

Offshore drilling rig

Offshore oil rig

Hostile state (Iranian Navy)

Unidentified gunmen

Type of facility Perpetrators

Takeover / seizure of installation Detention/arre st of the rig and crew

Armed assault Abduction of offshore personnel

26 crew members detained Control of offshore rig seized

Unsuccessful attack 1 security guard abducted

Tactics/Scenario Impacts/Effects

The Iranian Navy forcefully detained and seized control of Orizont offshore drilling rig, owned by a Romanian drilling and oilfield services company Grup Servicii Petroliere, located in the Salman field off the coast of Iran.142 The seizure apparently happened as the rig was being taken outside Iranian waters for a mandatory overhaul. Iranian troops fired on the rig with machine guns from a ship, seized control of the rig, and placed it and the entire offshore crew of 26 Romanian nations under arrest.143 Allegedly, Iranian armed forces kept the crew on the rig’s helipad for several hours without food and water, but allowed them to return to their quarters after cutting off all communications between the workers and the company. 144 The incident arose from an ongoing contractual dispute between Grup Servicii Petroliere and an Iranian owned oil company Petro Iran Development Company (PEDCO), a subsidiary of the state-owned NIOC.145

Unidentified gunmen attacked an offshore oil rig, but withdraw after a brief clash with security forces. During the clash the gunmen abducted one former naval staff working as a security officer.140 MEND claimed it was not responsible for the attack and had no prior information about it.141

Details of attack/incident

140 Synge (n 92). 141 Ibid. 142 Andy Critchlow and Marc Wolfensberger, ‘Iran’s Navy Attacks and Boards Romanian Rig in Gulf: Update 3’ (Bloomberg, 22 August 2006) www.bloomberg.com/apps/news?pid=newsarchive&sid=adVreywC1G_k accessed 1 August 2014; ONI, Worldwide Threat to Shipping: Mariner Warning Information (20 September 2006) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/wwtts/wwtts_20060920100000.txt accessed 1 December 2015. 143 Ibid. 144 Ibid. 145 Ibid. See also ‘Iran “Attacks Romanian Oil Rig”’ (BBC, 22 August 2006) http://news.bbc.co.uk/2/hi/europe/5274374.stm accessed 1 December 2015.

Location

Date

429

India

Nigeria

22 Mar 2007

31 Mar 2007 or 1 Apr 2007

Offshore drilling rig

Unidentified gunmen (believed to be pirates)

Armed intrusion Abduction of offshore workers

Pirates/Organ Unauthorised ised criminal boarding group Attempted theft

Offshore drilling rig (under tow)

Armed intrusion Abduction of offshore workers

Unidentified gunmen

FPSO

1 worker kidnapped Operations disrupted

Unknown

7 workers abducted 1 worker killed 1 worker injured

Bulford Dolphin offshore drilling rig was attacked again by gunmen about 65 km off the coast of Nigeria.150 The attackers, believed to be pirates, boarded the rig via an offshore support vessel that was alongside the platform at the time.151 One British expatriate worker was abducted. The company reported that the oil rig was not going to resume operations until the completion of a full security review.152 The hostage was released on 4 April.153 It was also reported that the incident took place on 1 April 2007, rather than 31 March 2007.154

The offshore jack-up drilling rig Aban VII was attacked by pirates in speedboats off the southwest coast of India, outside India’s territorial sea.147 The drilling rig was boarded while under tow, by three pirates, who were later noticed preparing to transfer equipment from the rig to their speedboats.148 When the master raised the alarm, the attackers jumped overboard and escaped in their speedboats.149

The FPSO Mystras was attacked by armed men while anchored off Port Harcourt. Ten gunmen boarded the installation and kidnapped seven offshore workers. Their boat was intercepted by the authorities and engaged in a shoot-out during which one worker was killed, one injured, and five others were rescued.146

146 IMB, Piracy and Armed Robbery Against Ships Annual Report 1 January–31 December 2006 (2007). 147 IMB, Piracy and Armed Robbery Against Ships Annual Report 1 January–31 December 2007 (2008) 53. Reported coordinates – 08°43.0’N, 076°14.0’E: at 53. 148 ONI, Worldwide Threat to Shipping: Mariner Warning Information (28 March 2007) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/ MISC/wwtts/wwtts_20070328100000.txt accessed 1 December 2015. 149 IMB, Piracy and Armed Robbery Against Ships Annual Report 1 January–31 December 2007 (2008) 53. 150 IMB, Piracy and Armed Robbery Against Ships Report for the Period 1 April–30 June 2007 (2007) 42. The exact coordinates were not reported. 151 Ibid. 152 ONI, Worldwide Threat to Shipping: Mariner Warning Information (18 April 2007) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/ wwtts/wwtts_20070418100000.txt accessed 1 December 2015. 153 Bergen Risk Solutions (n 137) 19. 154 ONI, Worldwide Threat to Shipping: Mariner Warning Information (18 April 2007) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/ MISC/wwtts/wwtts_20070418100000.txt accessed 1 December 2015.

Nigeria

22 Nov 2006

430

Nigeria

Nigeria

Nigeria

4 Apr 2007

19 Apr 2007

1 May 2007

FSO

Security vessel and offshore drilling rig

Offshore oil rig

Insurgents (MEND)

Unidentified gunmen

Unidentified gunmen

Type of facility Perpetrators

Armed intrusion Abduction of offshore workers

Armed intrusion Abduction of offshore workers

Abduction of offshore workers

1 Nigerian sailor killed 6 workers abducted Production at fields shut down

3 Nigerian workers abducted 6 Nigerian workers injured Weapons and equipment seized Operations disrupted

2 foreign workers kidnapped

Tactics/Scenario Impacts/Effects

Chevron’s Oloibiri floating storage and offloading (FSO) unit was reportedly attacked by MEND insurgents armed with explosives (among other things) at the offshore Pennington field off southern Bayelsa state.159 One Nigerian soldier was killed in the attack and six foreign oil workers (four Italians, one Croatian, and one American) were abducted, but later released on 2 June 2007.160 The FSO was moored near Funiwa platform. The production at the 15,000 bpd Funiwa field and other fields supported by the FSO was shut down to avoid any additional security or safety incidents.161

An offshore security vessel Mike One that was supporting Trident VIII drilling rig was attacked by gunmen. Three Nigerian workers were abducted and another six were injured, and the attackers also seized weapons and equipment.156 Trident VIII rig was later shut down as a result of this incident and the Don Walker oil rig, which was within a 10-minute boat ride of the incident, requested security reinforcements from the nearest naval base.157 It was reported that the attack appeared to be of criminal nature rather than politically motivated.158

It was reported that unknown gunmen raided an offshore oil rig in Nigeria’s Bayelsa state and kidnapped two foreign workers. The fate of the two abducted workers was unknown and no one claimed responsibility.155

Details of attack/incident

155 START (n 21). 156 ONI, Worldwide Threat to Shipping: Mariner Warning Information (25 April 2007) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/wwtts/ wwtts_20070425100000.txt accessed 1 December 2015. 157 Ibid. 158 Ibid. 159 Bergen Risk Solutions (n 137) 20; ONI, Worldwide Threat to Shipping: Mariner Warning Information (23 May 2007) NGA http://msi.nga.mil/MSISite Content/StaticFiles/MISC/wwtts/wwtts_20070523100000.txt accessed 1 December 2015. 160 ONI, Worldwide Threat to Shipping: Mariner Warning Information (23 May 2007) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/ MISC/wwtts/wwtts_20070523100000.txt accessed 1 December 2015. 161 Ibid.; Rupert Herbert-Burns, ‘Tankers, Specialized Production Vessels, and Offshore Terminals: Vulnerability and Security in the International Maritime Oil Sector’ in Rupert Herbert-Burns, Sam Bateman and Peter Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2009) 133, 155.

Location

Date

431

Nigeria

5 May 2007

Offshore drilling rig

FPSO

Unidentified gunmen (believed to be pirates)

Unidentified gunmen (believed to be pirates)

Armed intrusion Abduction of offshore workers

Armed intrusion Abduction of offshore workers

1 crew member kidnapped Offshore facility locked down for security reasons

5-8 workers kidnapped Production at field shut down for several days

Trident VIII offshore drilling rig was attacked and boarded by gunmen, believed to be pirates, near Brass oil export terminal.166 One British offshore worker was kidnapped.167 The attack triggered a security lockdown of the Brass crude oil export terminal.168

The FPSO Mystras was attacked by gunmen, believed to be pirates, who boarded via the anchor chain. It was reported that the attackers kidnapped eight foreign workers from the FPSO and an offshore support vessel, but the workers were released later that day or the following day.162 The FPSO was moored at Okono oil field, which is located about 55 km offshore.163 Force majeure was declared at a field capable of producing 50,000 bpd, and the production was shut down for several days.164 Some sources report that this attack was carried out by MEND, not pirates; and that five or six foreign workers were kidnapped, rather than eight.165

162 IMB, Piracy and Armed Robbery Against Ships Report for the Period 1 April–30 June 2007 (2007) 43; ONI, Worldwide Threat to Shipping: Mariner Warning Information (23 May 2007) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/wwtts/wwtts_20070523100000.txt accessed 1 December 2015. 163 Reported coordinates – 03°59.0’N, 007°17.0’E. See also ‘West Africa Offshore Oil and Gas Concession Map 2013’ (Offshore, 2013) www.offshoremag.com/content/dam/offshore/print-articles/Volume%2073/12/1312OFFWestAfricaMap.pdf accessed 1 December 2015. However, according to another report, the attack took place about 55 miles offshore, not 55 km. See ONI, Worldwide Threat to Shipping: Mariner Warning Information (23 May 2007) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/wwtts/wwtts_20070523100000.txt accessed 1 December 2015. 164 ‘Force Majeure at Okono-Okpoho’ (Upstream Online, 6 May 2007) www.upstreamonline.com/incoming/article132853.ece accessed 1 December 2015. 165 Bergen Risk Solutions (n 137) 20; ONI, Worldwide Threat to Shipping: Mariner Warning Information (23 May 2007) NGA http://msi.nga.mil/ MSISiteContent/StaticFiles/MISC/wwtts/wwtts_20070523100000.txt accessed 1 December 2015. 166 IMB, Piracy and Armed Robbery Against Ships Report for the Period 1 April–30 June 2007 (2007) 43. Exact coordinates of this attack were not reported. 167 Ibid. 168 Bergen Risk Solutions (n 137) 20.

Nigeria

3 May 2007

432

Nigeria

Nigeria

Nigeria

22 Jun 2007

4 Jul 2007

20 Oct 2007

FPSO

Oil rig

FSO

Insurgents (MEND)

Insurgents (MEND)

Unidentified gunmen

Type of facility Perpetrators

Armed intrusion Abduction of offshore workers

Abduction of offshore workers

Armed intrusion Seizure of the installation

7 workers abducted

5 crew members kidnapped

Operations disrupted No injuries reported Offshore facility locked down for security reasons

Tactics/Scenario Impacts/Effects

Heavily armed gunmen with assault rifles, submachine guns, explosives and other weapons, travelling in up to 30 speedboats (about 10 persons per boat) attacked Shell’s FPSO at the EA field about 15 km off the coast of Bayelsa State.172 After a three hour gunfight with Nigerian troops, the attackers kidnapped seven offshore workers including a Russian, a British and a Croatian, and escaped with a support vessel, but all seven workers were released two days later.173 MEND claimed responsibility for the attack.174

Five foreign expatriates (two New Zealanders, one Australian, one Venezuelan and one Lebanese) working on a Shell oil rig were kidnapped allegedly by MEND insurgents, but apparently there was no claim of responsibility.171

In the early hours, three gunmen armed with assault rifles boarded the 159,000-deadweight tonne Cape Brindisi moored at POT, also known as FSO Oloibiri, and proceeded to shoot up the vessel.169 No injuries to the crew were reported as they succeeded in going into lock-down mode, after which the gunmen left the ship. The militants reportedly took control of the FSO Oloibiri, where the Cape Brindisi had been loading.170

Details of attack/incident

169 Ibid. 22. 170 Ibid. 171 START (n 21). 172 ONI, Worldwide Threat to Shipping: Mariner Warning Information (31 October 2007) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/ wwtts/wwtts_20071031100000.txt accessed 1 December 2015; David Cutler, ‘Chronology – Attacks in Nigeria’s Oil Delta’ (Reuters, 4 June 2008) www.reuters.com/article/idUSL04786711 accessed 1 December 2015. 173 Cutler (n 172) ONI, Worldwide Threat to Shipping: Mariner Warning Information (31 October 2007) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/ MISC/wwtts/wwtts_20071031100000.txt accessed 1 December 2015. 174 ONI, Worldwide Threat to Shipping: Mariner Warning Information (31 October 2007) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/ MISC/wwtts/wwtts_20071031100000.txt accessed 1 December 2015.

Location

Date

433

Nigeria

UK

15 Nov 2007

10 Feb 2008

Offshore drilling rig

Offshore oil terminal

FPSO

Insider (offshore contractor)

Insurgents

Insurgents (MEND)

False alert

Bombing

Armed intrusion Abduction of offshore workers

Offshore personnel evacuated Operations disrupted

Unknown

6 workers kidnapped

Safe Scandinavia oil rig in the North Sea issued a security alert which reportedly resulted in a massive offshore evacuation operation. Reportedly, a catering worker on the rig screamed ‘Bomb!’ in her sleep and was convinced that her dream was a reality. The authorities sent helicopters to evacuate more than 500 workers, but it turned out to be just a dream.179 The company reported that 161 workers had already been to the neighbouring Alba and Armada platforms when the operation was called off.180

Unknown Nigerian militants blew up the Forcados oil terminal operated by Shell in the Niger Delta. MEND was not reported to be directly linked to the attack.178

Gunmen in speedboats attacked the FPSO Mystras about 85 km (about 55 km offshore) offshore at an oil production facility operated by Saipem and abducted six offshore workers including Polish, Filipino and Nigerian nationals.175 Reportedly, the gunmen overpowered an offshore support vessel and used it to board the nearby FPSO Mystras. The Nigerian Navy dispatched a vessel to the area. 176 MEND claimed responsibility for the attack.177

175 Elizabeth Kennedy, ‘6 Oil Workers Kidnapped in Nigeria’ (News OK, 26 October 2007) http://newsok.com/6-oil-workers-kidnapped-innigeria/article/3157244 1 December 2015; ‘FPSO Mystras Attacked’ (Rigzone, 26 October 2007) www.rigzone.com/news/article.asp?a_id=52081 accessed 1 December 2015. 176 ONI, Worldwide Threat to Shipping: Mariner Warning Information (7 November 2007) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/wwtts/ wwtts_20071107100000.txt accessed 1 December 2015. 177 Kennedy (n 175). 178 RAND Corporation, RAND Database of Worldwide Terrorism Incidents (2012) [data file] www.rand.org/nsrd/projects/terrorism-incidents/download.html accessed 12 March 2015. 179 Mike Nizza, ‘Another Security Threat: It Was All a Dream’, The New York Times (New York, 11 February 2008) http://thelede.blogs. nytimes.com/2008/02/11/another-security-threat-it-was-all-a-dream/ accessed 1 December 2015. 180 Agence France Presse (AFP), ‘North Sea Oil Rig Evacuated After Hoax’, Sydney Morning Herald (Sydney, 11 February 2008) www.smh.com. au/news/world/north-sea-oil-rig-evacuated-after-hoax/2008/02/11/1202578630294.html accessed 1 December 2015.

Nigeria

26 Oct 2007

434

Offshore production platform

FPSO

Unknown

Insurgents (MEND)

Type of facility Perpetrators

Unknown

Armed assault (shooting at installation) Abduction of offshore workers

Workers evacuated Operations disrupted

Facility damaged Production shut down for almost a month Offshore workers injured, but no lives were lost Support vessel hijacked Oil price fluctuations

Tactics/Scenario Impacts/Effects

Shooting was reported near the Chevron-operated Idama offshore production platform, which forced the company to evacuate offshore personnel as a precaution.184

Shell’s Bonga FPSO was attacked by armed militants approximately 120 km offshore. It was reported that at about 1:00 am some two dozen armed men in speedboats started shooting at the FPSO and those on board, they stormed the facility and attempted to break into the computer control room to destroy it, but failed to do so.181 Some personnel were wounded, but no lives were lost. The attack lasted for almost four hours, during which the militants also encountered and hijacked an offshore support vessel and kidnapped its US captain, but released him later that day.182 The responsibility for the attack was claimed by MEND. The facility was damaged in the attack, which forced Shell to shut down production at the field, which produces approximately 200,000 bpd and 150 million standard cubic feet of gas.183

Details of attack/incident

181 ONI, Worldwide Threat to Shipping: Mariner Warning Information (16 July 2008) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/wwtts/ wwtts_20080716100000.txt accessed 1 December 2015. 182 Jeff Vail, ‘The Significance of the Bonga Offshore Oil Platform Attack’ (The Oil Drum, 24 June 2008) www.theoildrum.com/node/4196 accessed 1 December 2015. 183 ‘Shell Says Main Nigerian Still Not at Capacity After Militant Attack’ (Asia One News, 30 June 2008) http://news.asiaone.com/News/Latest %2BNews/Business/Story/A1Story20080630-73832.html accessed 1 December 2015. 184 Austin Ekeinde, ‘Nigerian Militants Sabotage Oil Facilities’ (Reuters, 16 September 2008) http://uk.reuters.com/article/2008/09/16/businessproind-nigeriadelta-dc-idUKLE51403420080916 accessed 1 December 2015; Austin Ekeinde, ‘Nigerian Militants Attacked Two Oil Installations in the Heaviest Fighting in the Niger Delta in Two Years, Security Sources Said on Tuesday’ (Reuters, 16 September 2008) http://uk.reuters.com/article/2008/09/16/uk-nigeria-deltaidUKLG63750820080916 accessed 1 December 2015.

Nigeria

Nigeria

19 Jun 2008

16 Sep 2008

Location

Date

435

Offshore oil platform

Offshore oil rig

Offshore drilling rig

Unidentified gunmen (believed to be insurgents)

Insider

Unidentified gunmen (believed to be pirates)

Armed intrusion

Cyber attack

Armed intrusion

Theft of property

Damage to rig’s communicatio n network Significant costs of repairs

Theft of stores and property 1 crew member injured

A group of armed men in a flat-bottomed vessel raided an offshore oil platform off the coast of Akwa Ibom, and also attacked a nearby oil services vessel.188 It was reported that the attackers fired a shot into the air and ordered everyone into one room, threatening to kill them. The raid lasted for approximately two hours. The gunmen had stolen phones, valuables and money.189

It was reported that a 28-year-old contractor was charged in federal court in California with sabotaging the computerised controls on an offshore oil rig.186 Prosecutors claimed that the contractor hacked into the installation-to-shore communications network that, among other functions, detected oil leaks causing damage to the network worth thousands of dollars, allegedly because he was not given a full-time job.187

Six armed robbers boarded the mobile offshore drilling rig Allied Centurion in Malaysia’s territorial sea and stole stores and property from the facility. One crew member suffered head injuries, but remained in a stable condition. Authorities were informed and later boarded the rig to investigate.185

185 IMO, Reports on Acts of Piracy and Armed Robbery Against Ships: Issued Monthly – Acts Reported During December 2008, IMO Doc MSC.4/Circ.129 (20 March 2009) annex 1 (‘Acts of Piracy and Armed Robbery Allegedly Committed Against Ships Reported by Member States or International Organizations in Consultative Status’). 186 Greg Grant, ‘The New Threat to Oil Supplies: Hackers’ (Foreign Policy, 25 August 2009) http://foreignpolicy.com/2009/08/25/the-new-threat-to-oilsupplies-hackers/ accessed 1 December 2015; Greg Guma, ‘“Conspiracy of Secrecy”: System Failure, Cyber Threats and Corporate Denial’ (Global Research, 21 June 2013) www.globalresearch.ca/conspiracy-of-secrecy-system-failure-cyber-threats-and-corporate-denial/5339898?print=1 accessed 1 December 2015. 187 Ibid. 188 ONI, Worldwide Threat to Shipping: Mariner Warning Information (6 February 2009) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/ MISC/wwtts/wwtts_20090206100000.txt accessed 1 December 2015. 189 Ibid.

Nigeria

US

Early 2009

7 Jan 2009

Malaysia

26 Dec 2008

436

Offshore oil terminal

Wellhead platform

Insurgents (MEND)

Insurgents (MEND)

Insurgents (MEND)

Armed assault (shooting at installation)

Detonation of explosives

Detonation of explosives

Armed assault (shooting at installation)

20 soldiers killed Offshore workers evacuated

Damage to installation

Damage to installation

Unknown Attack repelled by security forces

Tactics/Scenario Impacts/Effects

MEND claimed that at least 20 soldiers were reportedly killed in one of the attacks on Forcados offshore terminal operated by Shell in the Delta state. Chevron evacuated hundreds of workers from the Niger Delta after the attacks.194 At least six high-profile attacks by MEND on oil wellheads, offshore platforms, major pipelines and oil pumping stations were reported.195

MEND militants rejected the government’s amnesty offer arguing it did not address the fundamental issues of the crisis and claimed to have blown up the second remaining wellhead platform Jacket B of the Shell Afremo offshore oil fields in the Delta state.193

In Rivers state, militants detonated explosives damaging an offshore installation at the Afremo oil field operated by Shell. No fatalities or injuries were reported. MEND claimed responsibility.192

Unidentified gunmen attacked an offshore drilling platform belonging to Total at the 125,000-bpd Amenam field about around 30 km off the coast of Nigeria.190 It was reported that approximately five men in a speedboat approached the oil platform and exchanged gunfire with Nigerian security forces onboard a naval vessel guarding the platform, but the attack was repelled.191

Details of attack/incident

190 ONI, Worldwide Threat to Shipping: Mariner Warning Information (19 June 2009) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/ wwtts/wwtts_20090619100000.txt accessed 1 December 2015. 191 Ibid. 192 Crosdel Emuedo, ‘Insecurity in the Niger Delta and the Future of Nigeria’s Federalism’ (2014) 8(3) African Research Review 18, 29; NCC, Worldwide Incidents Tracking System https://wits.nctc.gov accessed 21 November 2009. 193 Niger Delta Rising, ‘Timeline of Events’ (2010); ‘MEND Strike Shell Again’ (Chief’s Brief’s, 26 June 2010) www.chiefsbriefs.com/?p=1736 accessed 1 December 2014. 194 Integrated Regional Information Networks, ‘Nigeria: Timeline of Recent Unrest in Niger Delta Region’ (United Nations High Commissioner for Refugees, 4 February 2010) www.unhcr.org/refworld/docid/4b71214bc.html accessed 1 December 2015. 195 Ibid.

Nigeria

Nigeria

25 Jun 2009

26 Jun 2009

Nigeria

21 Jun 2009

Offshore platform

Nigeria

26 May 2009

Unidentified gunmen (believed to be insurgents)

Type of facility Perpetrators

Offshore drilling rig and security vessel

Location

Date

437

Offshore oil rig

Offshore wellhead platform

Offshore oil terminal

Unidentified gunmen

Insurgents (MEND)

Insurgents (MEND)

Armed intrusion Abduction

Detonation of explosives

Detonation of explosives

1 security guard kidnapped

Offshore facility sustained damage Operations shut down

Offshore facility damaged Operations disrupted Military gunboat sunk with 20–25 soldiers on board

A security guard was kidnapped during a raid on an offshore oil rig operated by Consolidated Oil. The company spokesman said the attackers accused the company of violating an agreement with the local community.200

MEND attacked Shell’s Well Head 20 platform located at Cawthorn Channel 1, the facility connects to the Bonny loading terminal in the Rivers state.198 On the same day, MEND attacked and blew up the strategic Okan manifold which controls about 80 per cent of Chevron’s offshore crude oil flow to its BOP Crude Loading Platform in the Delta state.199

In the Delta state, MEND insurgents bombed Forcados offshore oil terminal causing damage to the installation.196 Clusters 11 and 30 of the terminal caught fire after a massive explosion. MEND claimed that a confrontation with a military gunboat that stumbled upon heavily armed fighters resulted in the sinking of the gunboat with some 20 to 25 soldiers on board.197

196 ‘Nigerian Rebels Announce Fresh Attacks on Shell Oil Facility’ (Sydney Morning Herald, 6 July 2009) www.smh.com.au/business/nigerian-rebels-announcefresh-attack-on-shell-oil-facility-20090706-d9fa.html accessed 1 December 2015. 197 Ibid. 198 ‘MEND “Get Lost Zone” Shell Facility Again’ (PanaPress, 5 July 2009) www.panapress.com/MEND–attacks–Shell-facility-again–12-526882-30-lang2index.html accessed 1 December 2015; ‘MEND Attacks Continue in Nigeria’ (World Oil, 10 July 2009) www.worldoil.com/news/2009/7/10/mendattacks-continue-in-nigeria accessed 1 December 2015. 199 Ibid. 200 ‘Two Kidnapped in Attacks on Nigerian Oil Targets’ (Voice of America, 31 October 2009) www.voanews.com/content/a-13-2006-07-06voa53/322950.html accessed 1 December 2015.

Nigeria

Nigeria

5 Jul 2009

28 Oct 2009

Nigeria

29 Jun 2009

438

Greenland

31 Aug 2010

Drill ship

Offshore drilling rig

FSO

Armed intrusion Theft and robbery

Environment Unauthorised al activists boarding and (Greenpeace) occupation

Operations disrupted

Operations disrupted

7 crew members injured Theft of cash, belongings, and equipment

Tactics/Scenario Impacts/Effects

Environment Unauthorised al activists boarding and (Greenpeace) occupation

Unidentified gunmen (believed to be pirates)

Type of facility Perpetrators

In the waters off the Shetland Islands in the UK, Greenpeace activists climbed the anchor chain of Chevron-operated drill ship Stena Carron and were hanging suspended from the chain in a capsule-tent for several days effectively delaying the company’s drilling operations in the Atlantic Frontier.204

Greenpeace activists climbed the drilling rig Stena Don operating in Arctic waters offshore Greenland and were suspended 15 metres above the water in tents to protest against drilling. The activists had to outrun Danish Navy commandos before climbing up the inside of the rig and hanging from it in tents suspended from ropes. They remained on their position for two days, forcing the company to suspend drilling.202 The drill ship Stena Forth, which is located about 20 nautical miles away, also had to be shut down during the Stena Don occupation.203

A group of pirates attacked the FSO Westaf, off Lagos. Seven crew members were taken to hospital due to the attack, including the master who was wounded in the stomach. The attackers stole cash, crew belongings and expensive ship equipment.201

Details of attack/incident

201 ‘Gulf of Guinea 20th – 26th March 2010 Weekly Intelligence Summary’ (Chief’s Brief’s, 20 March 2010) www.chiefsbriefs.com/?p=3431 accessed 1 December 2014. 202 Greenpeace, ‘Greenpeace Activists Occupy Arctic Oil Rig’ (31 August 2010) www.greenpeace.org/international/en/news/features/Greenpeace-activistsoccupy-Arctic-oil-rig-100831/ accessed 1 December 2015; Greenpeace, ‘Greenpeace Activists End Arctic Oil Rig Occupation’ (2 September 2010) www.greenpeace.org/international/en/news/features/Greenpeace-Activists-End-Arctic-Oil-Rig-Occupation020910/ accessed 1 December 2015. 203 Ibid. 204 Greenpeace, ‘Activists Stop Chevron Deepwater Drilling Ship Off the Shetland Islands’ (21 September 2010) www.greenpeace.org/international/en/news/ features/chevron-shetland-stopped210910/ accessed 1 December 2014; ONI, Worldwide Threat to Shipping Report (7 October 2010) NGA http://msi. nga.mil/MSISiteContent/StaticFiles/MISC/wwtts/wwtts_20101007100000.txt accessed 1 December 2015.

UK

Nigeria

5 Jan 2010

21 Sep 2010

Location

Date

439

Tanzania

26 Sep 2010

Unidentified gunmen

Drill ship Unidentified or armed men Seismic vessel (believed to be pirates)

Offshore rig

Armed assault (shooting at installation)

Armed assault (shooting at installation)/ Attempted takeover/ seizure Abduction of offshore workers

Unknown

4 workers abducted

A group of armed men attempted to attack an ‘exploration vessel’ (most likely a seismic vessel or a drill ship) belonging to British oil company Ophir Energy when it was carrying out offshore exploration activities off the coast of Tanzania.208 It is not clear exactly what kind of exploration vessel was attacked, but according to some sources it was a drill ship.209 Apparently pirates fired at the ship not knowing that there were Tanzania’s defence forces soldiers on board, after which the troops returned heavy the fire, overpowering the attackers.210 One pirate was captured after a gun battle.211

Armed men attacked and attempted to take control of an offshore oil rig at an oil field operated by Addax Petroleum.205 The attackers engaged in gunfire with a Nigerian Navy patrol boat and then kidnapped three or four workers from an offshore supply vessel while retreating.206 The attackers used a vessel that looked very similar to offshore supply vessels that routinely visit offshore platforms, which allowed the perpetrators to remain undetected until they nearly reached the platform.207

205 Jon Gambrell, ‘Nigeria: 5 Kidnapped in Offshore Oil Rig Attack’ (Desert News, 8 November 2010) www.deseretnews.com/article/700079609/Nigeria5-kidnapped-in-offshore-oil-rig-attack.html?pg=2 accessed 1 December 2015. 206 Greg Keller, ‘Pirates Attack Offshore Oil Platform Near Nigeria, Then Kidnap 3 French Employees from Ship’ (Fox News, 22 September 2010) www.foxnews.com/world/2010/09/22/pirates-attack-french-marine-services-ship-nigeria-employees-taken-hostage/ accessed 1 December 2015. 207 Ibid. 208 Rosina John, ‘Somali Faces Conspiracy and Piracy Charges in Dar’ (Hiiraan Online, 6 October 2010) www.hiiraan.com/news2_rss/2010/Oct/ somali_faces_conspiracy_and_piracy_charges_in_dar.aspx accessed 1 December 2015; Mercy Matsiko, ‘Tanzania Army to Escort Oil, Gas Exploration Ships as Piracy Threat Rises’ (Platts, 18 April 2011) www.platts.com/latest-news/shipping/kampala/tanzania-army-to-escort-oil-gas-exploration-ships-8805642 accessed 1 December 2015. 209 See, e.g. ‘Tanzania: Petrobras Vessel Attacked By Pirates’ (GCaptain, 5 October 2011) http://gcaptain.com/petrobras-drillship-attacked/?32088 accessed 1 December 2015, cited in Jeff Moore, ‘Oil and Gas in the Crosshairs – Part 1’ (PennEnergy, 2 August 2012) www.pennenergy.com/articles/ pennenergy/2012/08/oil-and-gas-in-the.html accessed 1 December 2015. 210 John (n 208). 211 Matsiko (n 208).

Nigeria

22 Sep 2010

440

Nigeria

Nigeria

8 Nov 2010

15 Nov 2010

Offshore production platform

Offshore drilling rig

Insurgents (NDLF)

Unidentified gunmen (believed to be MEND)

Type of facility Perpetrators

Armed intrusion Abduction of offshore workers

Armed intrusion Abduction of offshore workers

7 or 8 workers abducted Some workers injured Equipment damaged Production shut down

5 workers abducted 2 workers injured Drilling operations suspended

Tactics/Scenario Impacts/Effects

Armed men boarded ExxonMobil’s Oso offshore platform on Nigeria’s southeast coast and abducted seven or eight offshore workers. At the time of the attack there were 74 people on board the platform. The company suspended production from the facility which produces approximately 75,000 bpd.214 The gunmen allegedly came in five speedboats; they beat up some crew members and cut electricity to the offshore facility.215 A previously unknown group, which identified itself as the NDLF, claimed responsibility for the attack and threatened more attacks on oil installations.216

Armed men (believed to be MEND insurgents) in speedboats attacked Vanuatu-flagged offshore drilling jack-up rig High Island VII at the Okoro offshore field about 12 km off the coast of Nigeria.212 Five foreign offshore workers were kidnapped and two others wounded, who were flown out by helicopter to receive medical treatment and drilling operations were temporarily suspended.213

Details of attack/incident

212 IMO, Report of the Legal Committee on Its Ninety-Seventh Session, LEG 97th Session, Agenda Item 15, IMO Doc LEG 97/15 (1 December 2010) annex 5 (‘Statement by Vanuatu Concerning Piracy’); ONI, Worldwide Threat to Shipping (WTS) Report (10 November 2010) NGA http://msi.nga.mil/ MSISiteContent/StaticFiles/MISC/wwtts/wwtts_20101110100000.txt accessed 1 December 2015. 213 IMO, Report of the Legal Committee on Its Ninety-Seventh Session (n 212). 214 Dulue Mbachu, ‘Exxon Mobil Says Offshore Platform in Nigeria Attacked’ (Bloomberg, 15 November 2010) www.bloomberg.com/news/articles/201011-15/exxon-says-offshore-platform-in-nigeria-attacked-yesterday 1 December 2015. 215 Will Connors, ‘ExxonMobil Shuts Some Output After Nigeria Attack’ (Fox Business, 15 November 2010) www.foxbusiness.com/markets/ 2010/11/15/exxonmobil-shuts-output-nigeria-attack/ accessed 1 December 2015. 216 See also ICPVTR, ‘Counter Terrorism Security Response: Energy and Nuclear 15–21 November 2010’ (Weekly Report, ICPVTR, November 2010) 1–2.

Location

Date

441

Mexico

Turkey

22 Nov 2010

21 Apr 2011

Threat of attack Armed assault

Environment Unauthorised al activists boarding and (Greenpeace) occupation

Environment Unauthorised al activists boarding (Greenpeace)

Insurgents/O rganised criminal group

Operations disrupted

Operations disrupted

3 soldiers killed 2 civilians killed 1 attacker killed

Greenpeace activists intercepted the 53,000 tonne oil drilling rig Leiv Eiriksson, operated by Cairn Energy, as it departed Besiktas port near Istanbul and headed to the Arctic waters off Greenland to begin exploratory deep sea drilling.221 Eleven activists climbed the rig to prevent it from departing Turkish waters and impede its progress and unfurled a banner staying ‘Stop Arctic destruction’.222 Having briefly halted the rig’s progress, they were only able to remain on board for one day and were forced by bad weather to end their protest on board the oil rig while it was navigating the Dardanelles strait.223

Four Greenpeace activists took protesting action by climbing 39 metres over the water at the offshore oil rig Centenario, off the coast of the Veracruz state. The activists boarded the rig and put up a large banner stating ‘Go Beyond Oil’ to call for an end to deepwater drilling.220

A hybrid insurgency-criminal group calling itself Africa Marine Commando carried out a deadly assault on an offshore oil platform at the offshore Moudi oil terminal (consisting of a production platform, the FSO Moudi and a single buoy mooring) located in the Gulf of Guinea about 50 km off Bakassi peninsula.217 Six people were killed in the attack, including three soldiers of Cameroon’s national defence force, two civilians and one of the attackers.218 The authorities said that the group had threatened further attacks unless they are paid.219

217 Andrew McGregor, ‘Cameroon Rebels Threaten Security in Oil-Rich Gulf of Guinea’ (2010) 8(43) Terrorism Monitor 7, 7. 218 Ibid. 219 See ICPVTR (n 216) 2. 220 Greenpeace, ‘Activist Occupy Oil Rig in the Gulf of Mexico’ (22 November 2010) www.greenpeace.org/international/en/news/features/Activist-occupycentenario221110/ accessed 1 December 2015. 221 Greenpeace, ‘Activists Occupy Oil Rig Bound for Arctic Drilling’ (21 April 2011) www.greenpeace.org/international/en/news/features/Activists-/ accessed 1 December 2015. 222 Ibid. 223 Jess Miller, ‘Deteriorating Weather Conditions Force Activists to End Arctic Oil Rig Protest’ (Making Waves, 22 April 2011) www.greenpeace.org/ international/en/news/Blogs/makingwaves/deteriorating-weather-conditions-force-activi/blog/34403 accessed 1 December 2015.

Offshore drilling rig

Offshore drilling rig

Cameroon Offshore platform

17 Nov 2010

442

Greenland

Tanzania

29 May 2011

3 Oct 2011

Drill ship

Offshore drilling rig

Pirates Armed intrusion Armed assault (shooting at installation)

Operations disrupted

Operations disrupted

Tactics/Scenario Impacts/Effects

Environment Unauthorised al activists boarding and (Greenpeace) occupation

Type of facility Perpetrators

The drill ship Ocean Rig Poseidon was attacked by pirates about 80 nautical miles off the coast of Tanzania.227 It was reported that seven pirates in a skiff armed with assault rifles approached the drill ship, it sent out a distress signal which was responded to by a vessel that had Tanzanian Navy personnel onboard. Following the exchange of fire with the Navy, pirates were apprehended and handed over to the police.228 Exact details of the attack are not clear as some sources reported that the pirates attacked a tender assisting the Ocean Rig Poseidon while other reports assert that the pirates climbed the drill ship, forcing the crew of 170 into a safe room.229 Petrobras denied that its security guards fired on the pirates.230

A group of Greenpeace activists boarded the Cairn Energy’s offshore oil rig Leiv Eiriksson in the Davis Strait, off the coast of Greenland, about 40 nm north of Nuuk.224 The activists boarded the rig from semi-rigid boats, launched from Greenpeace ship Esperanza and then two activists attached a small capsule/tent near the drill-head to prevent drilling.225 Greenland police, assisted by Danish Navy, arrested the two activists on 1 June, and another 18 activists were arrested on 4 June for climbing the rig.226

Details of attack/incident

224 ONI, Worldwide Threat to Shipping (WTS) Report (2 June 2011) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/wwtts/wwtts_20110602 100000.txt accessed 1 December 2015. 225 Ibid. 226 ONI, Worldwide Threat to Shipping (WTS) Report (22 June 2011) NGA http://msi.nga.mil/MSISiteContent/StaticFiles/MISC/wwtts/wwtts_ 20110622100000.txt accessed 1 December 2015. 227 ‘Tanzania: Petrobras Vessel Attacked By Pirates’ (n 209), cited in Moore (n 209). 228 Reported coordinates – 07°49.0’S; 040°14.0’E: IMB, Piracy and Armed Robbery Against Ships Annual Report 2011 (2012) 94. 229 Moore (n 209), citing Helmsman, ‘Norwegian Ocean Ship Rig Poseidon’ Hijacking Averted’ (Seafarer Times, 6 October 2011) http://seafarertimes. com/2011-12/node/894 accessed 1 December 2015; Kathrine Schmidt, ‘Pirate Attack Reported in Tanzania’ (Upstream Online, 4 October 2011) www.upstreamonline.com/live/article281986.ece accessed 1 December 2015; ‘Tanzania: Petrobras Vessel Attacked By Pirates’ (n 209). 230 Moore (n 209).

Location

Date

443

Russia

24 Aug 2012

Fixed offshore production platform

Drill ship

Environment Unauthorised al activists boarding and (Greenpeace) occupation

Environment Unauthorised boarding and al activists (Greenpeace) occupation

Operations disrupted

Operations disrupted

Greenpeace activists conducted a protest against Gazprom’s Prirazlomnaya fixed offshore platform about 600 miles east of Murmansk in Russia’s EEZ. Six activists, led by Greenpeace’s executive director, in inflatable boats launched from the Greenpeace ship Arctic Sunrise approached the Prirazlomnaya platform, used mooring lines to climb the platform, during which activists suspended themselves from its side.234 Activists unfurled the banner in Russian reading ‘Save the Arctic!’, in response to which the platform crew used hoses to attack activists with water and deter them.235 After 15 hours, the activists voluntarily climbed down the platform.236 The company later admitted safety issues and postponed oil production at the platform for several months.237

Greenpeace protesters boarded Shell’s drill ship Noble Discoverer in New Plymouth.231 Activists climbed up the 53-metre drilling tower, secured themselves to rig and unfurled ‘Stop Shell’ banners.232 They remained there for more than 70 hours, and were later charged with burglary by the authorities and convicted.233

231 Lydia Bailey, ‘Greenpeace Stops Shell Oil drilling in the Arctic Ocean, 2012’ (GNAD, 9 February 2013) http://nvdatabase.swarthmore.edu/ content/greenpeace-stops-shell-oil-drilling-arctic-ocean-2012 accessed 1 December 2015; Shell Offshore, Inc. v Greenpeace, Inc., 43 ELR 20051 No. 12-35332 (Court of Appeals, 9th Circuit, 2013) 6. 232 Shell Offshore, Inc. v Greenpeace, Inc., 43 ELR 20051 No. 12-35332 (Court of Appeals, 9th Circuit, 2013) 6. 233 Bailey (n 231). 234 Terry Macalister, ‘Greenpeace Storms Arctic Oil Platform’ (Guardian, 25 August 2012) www.theguardian.com/environment/2012/aug/24/greenpeaceactivists-arctic-oil-russia accessed 1 December 2015. 235 Ibid. 236 Greenpeace, ‘Куми Найду Поднялся на “Приразломную”, Требуя Остановить Бурение в Арктике’ [English: ‘Kumi Naidoo Claimed “Prirazlomnaya” Demanding to Stop Arctic Drilling’] (24 August 2012) www.greenpeace.org/russia/ru/news/2012/August/12-08-24-Kumi-Naidoo-at-Prirazlomnaya/ accessed 1 December 2015. 237 Greenpeace, ‘Statement of Facts Concerning the Boarding and Detention of the MY Arctic Sunrise and the Judicial Proceedings Against All 30 Persons on Board’ (19 October 2013) 9.

New Zealand

24 Feb 2012

444

Offshore drilling rig

Trinidad and Tobago

24 Oct 2012

Hostile state (Venezuelan navy)

Unauthorised boarding Interrogation of offshore crew

Environment Interferences al activists with (Greenpeace) operations

Operations disrupted

Operations disrupted

Tactics/Scenario Impacts/Effects

A Venezuelan gunboat approached an offshore oil rig licensed by Trinidad and Tobago to drill in the Soldado field in the Gulf of Paria off southwest coast of Trinidad. The Venezuelan naval personnel boarded the rig claiming it was operating in Venezuelan waters and questioned members of offshore crew.241 The boundary in the Gulf of Paria was agreed by the two states by a treaty several decades ago.242

All night Greenpeace activists were manoeuvring their boats between Prirazlomnaya platform and the accommodation ship Anna Akhmatova, which houses the platform crew,238 thereby blocking the passage of Anna Akhmatova preventing it from mooring the platform.239 At dawn, activists tied one of the boats to the platform’s mooring line not allowing the ship to come close to the platform which prevented the new shift of offshore crew from boarding the platform.240

Details of attack/incident

238 Greenpeace, ‘Пятидневная Акция Гринпис Завершена, Но Борьба за Арктику Продолжается’ [English: ‘A Five-Day Action by Greenpeace is Complete, But the Struggle for the Arctic Continues’] (28 August 2012) www.greenpeace.org/russia/ru/news/2012/August/12-08-28-Protest-v-Arctic-prodolzhaetsa/ accessed 1 December 2015. 239 Ibid. 240 Ibid. 241 ‘Calling Caracas’ (Trinidad and Tobago Newsday, 29 October 2012) www.newsday.co.tt/editorial/print,0,168466.html accessed 1 December 2015. 242 Ibid.

Fixed offshore production platform

Russia

27 Aug 2012

Type of facility Perpetrators

Location

Date

445

Russia

18 Sep 2013

Fixed offshore production platform

Offshore platforms

Cyber attacks

Environment Unauthorised al activists boarding (Greenpeace)

Unknown perpetrators

Operations disrupted

Greenpeace activists took action at Gazprom’s Prirazlomnaya offshore platform in the Pechora Sea about 60 km offshore. Greenpeace launched five inflatable boats from the Arctic Sunrise and two activists attempted to climb the outside structure of the platform in order to unfurl a banner some distance below the main deck.247 Reportedly, the Russian security officials started firing warning shots and started shooting at the activists with a water canon before detaining them under armed guard.248 The next day, on 19 September, security forces boarded the Arctic Sunrise and arrested all persons on board.249 The Arctic Sunrise was towed to the port of Murmansk in Russia. The activists were charged with piracy and hooliganism and spent almost three months in Russian jail until they were released in December 2013. The Russian authorities released the Arctic Sunrise in August 2014.250

Communicatio IOOC announced that its offshore platforms were the targets of the cyber attacks.243 The attackers n systems specifically targeted communication systems of affected offshore platforms’.244 IOOC advised that the attack was deterred and affected only the communications systems of the network.245 IOOC blamed Israel for the attack, but noted that it was routed through China.246

243 ‘Israeli Cyber Attacks Targeted Offshore Oil, Gas Platforms - Iran IT Head’ (RT, 8 October 2012) http://rt.com/news/iran-offshore-drilling-cyberattack904/ accessed 1 December 2015. 244 ‘Iran’s Offshore Platforms Become Target of Recent Cyber Attacks’ (Maritime Executive, 9 October 2012) www.maritime-executive.com/article/iran-soffshore-platforms-become-target-of-recent-cyber-attacks accessed 1 December 2015. 245 ‘Iranian Oil Platforms Face Cyber Attack’ (Offshore Technology, 9 October 2012) www.offshore-technology.com/news/newsiranian-oil-cyber-attack-uranium accessed 1 December 2015; ‘Israeli Cyber Attacks Tageted Offshore Oil’ (n 243). 246 Ibid. 247 Greenpeace, ‘Statement of Facts Concerning the Boarding and Detention of the MY Arctic Sunrise’ (n 237) paras 13–14; Arctic Sunrise (Kingdom of the Netherlands v Russian Federation)(Provisional Measures) (ITLOS, Case No. 22, 22 November 2013) para 30 (Golitsyn J); David Ritter, ‘A Passion for Conservation Is Not Piracy’ (The Drum, 1 October 2013) www.abc.net.au/news/2013-10-01/ritter-greenpeace-russia/4990418 accessed 1 December 2015. 248 Greenpeace, ‘Statement of Facts Concerning the Boarding and Detention of the MY Arctic Sunrise’ (n 237) paras 16–18. 249 Ibid. paras 11–39. Arctic Sunrise (Kingdom of the Netherlands v Russian Federation)(Provisional Measures) (ITLOS, Case No. 22, 22 November 2013); ‘Prirazlomnoye Oilfield - Russia’ (Offshore Technology, 2014) www.offshore-technology.com/projects/prirazlomnoye/ accessed 1 December 2015. 250 Greenpeace, ‘Greenpeace Ship Arctic Sunrise to Be Released by Russian Authorities in Surprise Move’ (6 June 2014) www.greenpeace.org/ international/en/press/releases/Greenpeace-ship-Arctic-Sunrise-to-be-released-by-Russian-authorities-in-surprise-move/ accessed 1 December 2015; Ben Ayliffe, ‘Our Arctic Sunrise is Coming Home’ (Making Waves, 6 June 2014) www.greenpeace.org/international/en/news/Blogs/makingwaves/our-arctic-sunrise-is-cominghome/blog/49546/ accessed 1 December 2015.

Iran

Oct 2012

446

Nigeria

Norway

4 Mar 2014

24 Mar 2014

Offshore drilling rig

Oil export terminal (subsea pipeline)

Sabotage of facility equipment Sabotage of/damage to repair works

Operations disrupted

Environmental harm Production shutdown Financial losses

Tactics/Scenario Impacts/Effects

Environment Unauthorised al activists boarding (Greenpeace)

Insurgents

Type of facility Perpetrators

Five Greenpeace activists climbed the West Alpha offshore drilling rig that ExxonMobil was planning to use to drill in the Russian Arctic.256 Activists unfurled a banner stating ‘No Exxon Valdez in Russian Arctic’ to mark the 25th anniversary of the Exxon Valdez oil spill.257

It was reported that Shell closed its Forcados oil export terminal on 4 March 2014 to stop a leakage in a subsea pipeline caused by an act of vandalism, sabotage, or even as a result of oil theft operation.251 Niger Delta militants claimed responsibility for the attack, and on 27 March they stated that their ‘scuba divers had further damaged repair work’.252 The terminal, with export capacity of 400,000 bpd,253 remained closed until 15 May as continued attacks by the militants hampered the repairs.254 The closure of the terminal for repairs resulted in an estimated US$1 billion in lost revenues.255

Details of attack/incident

251 ‘Nigeria: Shell - Forcados Oil Terminal Still Closed’ (All Africa, 25 April 2014) http://allafrica.com/stories/201404250468.html accessed 1 December 2015. 252 Ibid. 253 Ibid. 254 Ehidiamhen Okpamen, ‘Shell Reopens Forcados Export Terminal’ (Ventures Africa, 16 May 2014) www.ventures-africa.com/2014/05/shell-reopensforcados-export-terminal/ accessed 1 December 2015. 255 Ibid. 256 Priyanka Shrestha, ‘Greenpeace Activists Scale ExxonMobil Oil Rig’ (Energy Live News, 25 March 2014) www.energylivenews.com/2014/03/25/ greenpeace-activists-scale-exxonmobil-oil-rig/ accessed 1 December 2015; Elaine Maslin, ‘Greenpeace Scales West Alpha’ (OEdigital, 24 March 2014) www.oedigital.com/component/k2/item/5280-greenpeace-scales-west-alpha accessed 1 December 2015. 257 Maslin (n 256).

Location

Date

447

Vietnam/ China

Offshore drilling rig Hostile states Gunboat standoff Ramming of vessels Use of water cannons

Operations disrupted Damage to vessels Personal injuries

China National Offshore Oil Corporation (CNOOC), deployed Haiyang Shiyou 981 offshore drilling rig to drill in disputed waters in the South China Sea about 200 km off Vietnam’s coast (but within Vietnam’s claimed EEZ).258 Reportedly, the rig was accompanied by as many as 80 Chinese ships, including seven warships.259 Chinese authorities declared a three-mile exclusion zone around the installation and navy warships have been deployed to patrol the area.260 Vietnam deployed its navy and coastguard ships to the area demanding that CNOOC immediately stops drilling and removes the rig from the disputed waters.261 On location, the rig was surrounded by Chinese ships, presumably to protect it from interferences by Vietnamese ships.262 Vietnam claims that on 4 May a Chinese ship intentionally rammed two Vietnamese ships, causing considerable damage and injuries to six people.263 On 27 May, the offshore rig’s operator reported that it has finished its first round of drilling and moved to another location.264

258 Armin Rosen, ‘China’s Escalation in the South China Sea Is Unprecedented’ (Business Insider Australia, 16 May 2014) www.businessinsider.com.au/chinasunprecedented-escalation-in-the-south-china-sea-2014-5 accessed 1 December 2015. 259 Carl Thayer, ‘China’s Oil Rig Gambit: South China Sea Game-Changer?’ (The Diplomat, 12 May 2014) http://thediplomat.com/2014/05/chinas-oilrig-gambit-south-china-sea-game-changer/ accessed 1 December 2015. 260 Zoe Li, ‘China, Vietnam, Philippines Collide Amid Escalating South China Sea Tensions’ (CNN, 9 May 2014) http://edition.cnn.com/ 2014/05/08/world/asia/south-china-sea-drilling/ accessed 1 December 2015. 261 ‘Vietnam Protests China’s Oil Rig Movement in South China Sea’ (France 24, 5 May 2014) www.france24.com/en/20140505-vietnam-china-oil-rigdisputed-area-south-china-sea/ accessed 1 December 2015. 262 Rosen (n 258). 263 Nguyen Phuong Linh and Michael Martina, ‘Vietnam Says China Rammed Its Ships as Tensions Surge in South China Sea’ (The Star Online, 7 May 2014) www.thestar.com.my/News/World/2014/05/07/Contact-lost-with-fishermen-in-South-China-Sea-after-interception-by-armed-men–Xinhua/ accessed 1 December 2015. 264 Richard Griffith, ‘China Seas Developments – May’ (1 June 2014) Australian Maritime Digest 7, 8.

2 May 2014

448

Netherlands

27 May 2014

Offshore drilling rig

Environmental activists (Greenpeace)

Type of facility Perpetrators Unauthorised boarding Interference with operations

Operations disrupted

Tactics/Scenario Impacts/Effects

In the Dutch port of Ijmuiden Greenpeace activists boarded GSP Saturn offshore drilling rig contracted by Gazprom which was about to depart to drill at the Dolginskoye offshore oil field in the Pechora Sea.265 The activists chained the platform to the quay to prevent it from leaving the harbour.266 They refused an order to abandon the rig and were removed and arrested by the police five hours later, but released soon thereafter.267

Details of attack/incident

265 Greenpeace, ‘Greenpeace Activists Climb Statoil Rig to Protest the Northernmost Oil Drilling in the Norwegian Arctic’ (27 May 2014) www.greenpeace.org/international/en/press/releases/Greenpeace-activists-climb-Statoil-rig-to-protest-the-northernmost-oil-drilling-in-the-Norwegian-Arctic/ accessed 1 December 2015; ‘Greenpeace Activists Board Oil Rigs’ (SBS, 28 May 2014) www.sbs.com.au/news/article/2014/05/28/greenpeace-activists-boardoil-rigs accessed 1 December 2015. 266 ‘Greenpeace Activists Board Oil Rigs’ (n 265). 267 Greenpeace, ‘Activists Block Two Major Drilling Rigs in 24 Hours as “Save the Arctic” Campaign Escalates’ (27 May 2014) www.greenpeace. org/international/en/press/releases/Activists-block-two-major-drilling-rigs-in-24-hours-as-Save-the-Arctic-campaign-escalates/ accessed 1 December 2015; Mark Lewis, ‘Greenpeace Boards 2 Drill Rigs in Arctic Protest’ (Charlotte Observer, 27 May 2014) www.charlotteobserver.com/2014/05/27/4935283/greenpeaceboards-2-drill-rigs.html#.U4uKhyiJoWk accessed 1 December 2015.

Location

Date

449

Norway

Offshore drilling rig

Environment Unauthorised al activists boarding and (Greenpeace) occupation Interference with operations

Operations disrupted

Fifteen Greenpeace activists climbed the Transocean Spitsbergen semi-submersible offshore drilling rig in Norway’s EEZ, while it was in transit to its offshore drilling site, to protest the Statoil’s plans to drill the northernmost well in the Norwegian Arctic, close to the Bear Island nature reserve.268 The activists were removed by the police some 48 hours later and later released without charge.269 Greenpeace’s ship Esperanza with 28 activists on board headed directly for the drill site in the Barents Sea.270 As Transocean Spitsbergen offshore drilling rig is under the exclusive jurisdiction of the flag-state (in this case Marshall Islands) while it is in transit, the Norwegian Coastguard needed to seek permission from the flag state to board the rig and remove peaceful protestors and apparently it took some time before the Coastguard obtained permission to board the rig and remove the activists.271

268 Rob Almeida, ‘Greenpeace Boards Transocean Spitsbergen Rig’ (GCaptain, 27 May 2014) http://gcaptain.com/greenpeace-boards-transocean-spitsbergenrig/ accessed 1 December 2015; Daniel Simons, ‘The “Get Lost Zone” – A Novel Concept in International Law’ (Making Waves, 30 May 2014) www.greenpeace.org/international/en/news/Blogs/makingwaves/Save-Bear-Island/blog/49444/ accessed 1 December 2015; ‘Greenpeace Stalls Arctic Drilling Operations’ (Offshore, 27 May 2014) www.offshore-mag.com/articles/2014/05/greenpeace-stalls-arctic-drilling-operations.html accessed 1 December 2015. 269 Greenpeace, ‘Norway Creates Impromptu Safety Zone Around Drilling Site as Greenpeace Cries Foul’ (30 May 2014) www.greenpeace. org/international/en/press/releases/Norway-creates-impromptu-safety-zone-around-drilling-site-as-Greenpeace-cries-foul/ accessed 1 December 2015. 270 Ibid. 271 Ana Mules, ‘A Small Flag Stopped the Norwegian Coastguard From Ending Our Protest. Now a Different One Could Frustrate Them Even More’ (Making Waves, 30 May 2014) www.greenpeace.org/international/en/news/Blogs/makingwaves/flag-it/blog/49452/ accessed 1 December 2015.

27 May 2014

450

Norway

29 May 2014

Semisubmersible drilling rig

Environmental activists (Greenpeace)

Type of facility Perpetrators Blocking passage and occupying drilling site Interference with operations

Operations disrupted

Tactics/Scenario Impacts/Effects

Greenpeace ship Esperanza sailed to ‘the world’s northernmost’ drilling location in an attempt to stall operations of Statoil-contracted rig Transocean Spitsbergen in the Barents Sea (where the rig arrived on 29 May) and it remained at the drilling site, preventing the offshore rig from moving into position to start drilling.272 Norway’s Ministry of Petroleum notified Esperanza of the creation of safety zone around a drilling site, but Greenpeace challenged the legality of it.273 Norwegian police removed seven protesters from the rig, but the activists were later released without charge.274 It was reported that the Norwegian Coast Guard took control of the ship and transported/towed it away from the area.275 The rig’s operations were delayed for over 80 hours.276 According to Statoil, delays in drilling cost the company about $1.26 million per day.277

Details of attack/incident

272 Greenpeace, ‘Norway Creates Impromptu Safety Zone’ (n 269). 273 Ibid. 274 Nerijus Adomaitis, ‘Norway Tows Greenpeace Ship Out of Arctic Oil Rig Zone’ (Reuters, 30 May 2014) www.reuters.com/article/2014/05/30/us-statoilarctic-greenpeace-idUSKBN0EA1IS20140530 accessed 1 December 2015. 275 ‘Greenpeace Removed from Barents Sea Well Location’ (Offshore, 2 June 2014) www.offshore-mag.com/articles/2014/06/greenpeace-removed-frombarents-sea-well-location.html accessed 1 December 2015. 276 Mules (n 271). 277 Nerijus Adomaitis, ‘Norway Tows Greenpeace Ship Out of Arctic Oil Rig Zone’ (n 274).

Location

Date

451

Canary Islands (Spain)

Drill ship

Environment Drilling site al activists occupation (Greenpeace) Unauthorised boarding attempt

Interference with operations

Greenpeace activists carried out an offshore protest using its ship Arctic Sunrise, occupied the drilling site before the Rowan Renaissance drill ship arrived and maintained the occupation of the site, despite pressure from the authorities.278 When activists from the Arctic Sunrise approached the drill ship on inflatable boats, the Spanish navy reacted aggressively by deliberately ramming Greenpeace boats with navy’s RHIBs to prevent activists from boarding the drill ship.279 One of the protesters had her leg broken and was taken to a hospital on shore by a navy helicopter, and another activist was treated on board the Arctic Sunrise for minor injuries. The Arctic Sunrise was detained by the Spanish authorities when it arrived in port, but the captain and crew were not detained.280

278 Greenpeace, ‘Video: Activist Hospitalised After Boats Rammed During Peaceful Protest Against Oil Drilling’ (Making Waves, 15 November 2014) www.greenpeace.org/international/en/news/Blogs/makingwaves/video-boats-rammed-during-oil-protest/blog/51362/ accessed 1 December 2015. 279 Martin Lloyd, Faiza Oulahsen, Leon Varitimos and Joris Thijssen, ‘For Oil Companies, Our Rights Are Just Another Obstacle’ (Making Waves, 21 November 2014) www.greenpeace.org/international/en/news/Blogs/makingwaves/for-oil-companies-our-rights-are-just-another/blog/51410/ accessed 1 December 2015; Adrin de Hoog, ‘The Arctic Sunrise, Her Journey Continues’ (Making Waves, 19 November 2014) www.greenpeace.org/international/en/news/ Blogs/makingwaves/the-arctic-sunrise-her-journey-continues/blog/51394/ accessed 1 December 2015. 280 Greenpeace, ‘Video: Activist Hospitalised After Boats Rammed’ (n 278); Greenpeace, ‘Greenpeace Ship Arctic Sunrise Detained in Spain Following Oil Protest’ (18 November 2014) www.greenpeace.org/international/en/press/Greenpeace-ship-Arctic-Sunrise-detained-in-Spain-following-oil-protest/ accessed 1 December 2015.

15 Nov 2014

This page intentionally left blank

SELECTED BIBLIOGRAPHY

Ackerman G, Abhayaratne P, Bale J, Bhattacharjee A, Blair C, Hansell L, Jayne A, Kosal M, Lucas S, Moran K, Seroki L and Vadlamudi S, ‘Assessing Terrorist Motivations for Attacking Critical Infrastructure’ (Center for Nonproliferation Studies, January 2007) Adams N, Terrorism & Oil (PennWell 2003) AGA, Cryptographic Protection of SCADA Communications Part 1: Background, Policies and Test Plan (Report No. 12, March 2006) Alani M, ‘Risks and Threats Facing Oil Company Operations in Developing Countries: An Overview’ (2007) 6 Security & Terrorism Research Bulletin 34 –––– and Stracke N, ‘Insurgent Attacks on Iraq’s Oil Sector’ (2007) 6 Security & Terrorism Research Bulletin 38 al-Shishani M, ‘Al Qaeda & Oil Facilities in the Midst of the Global Economic Crisis’ (April 2009) Journal of Energy Security, www.ensec.org/index.php?option=com_content&view=article&id=190:alqaeda-aamp-oil-facilities-in-the-midst-of-the-global-economic-crisis&catid=94:0409content&Itemid=3 42 accessed 1 December 2015 Annati M, ‘Non-Lethal Weapons to Protect Critical Infrastructures’ (Paper presented at NATO Maritime Interdiction Operational Training Centre 6th Annual Conference ‘Current and Future Challenges to Energy Security in the Maritime Environment’ Souda Bay, Greece, 4 June 2015) API, Security for Offshore Oil and Natural Gas Operations (1st edn, March 2003) ––––, Security Guidelines for the Petroleum Industry (3rd edn, April 2005) ––––, Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries (1st edn, May 2013) ––––, and NPRA, Security Vulnerability Assessment Methodology for the Petroleum and Petrochemical Industries (2nd edn, October 2004) Asal V and Hastings J, ‘When Terrorism Goes to Sea: Terrorist Organizations and the Move to Maritime Targets’ (2014) 26(5) Terrorism and Political Violence 1 Avis P, ‘Oil Platform Security: Is Canada Doing All It Should?’ (Critical Energy Infrastructure Protection Policy Research Series No. 3-2006, CCISS, March 2006) Baev P, ‘Reevaluating the Risk of Terrorist Attack Against Energy Infrastructure in Eurasia’ (2006) 4(2) China and Eurasia Forum Quarterly 33. Bahgat K and Medina R, ‘An Overview of Geographical Perspectives and Approaches in Terrorism Research’ (2013) 7(1) Perspectives on Terrorism 38. Bajpai S and Gupta J, ‘Securing Oil and Gas Infrastructure’ (2007) 55 Journal of Petroleum Science and Engineering 174. Balkin R, ‘Is There a Place for the Regulation of Offshore Oil Platforms within International Maritime Law? If Not, Then Where?’ (Paper presented at the Comité Maritime International (CMI) Dublin Symposium, Dublin, 30 September 2013) Bane A, ‘Pirates Without Treasure: The Fourth Circuit Declares that Robbery Is Not an Essential Element of General Piracy’ (2013) 37(2) Tulane Maritime Law Journal 615 Barker E, Smid M, Branstad D and Chokhani S, ‘A Framework for Designing Cryptographic Key Management Systems’ (Special Publication No. 800-130, NIST, August 2013)

453

BIBLIOGRAPHY

Barton B, Redgwell C, Rønne A and Zillman D N (eds), Energy Security: Managing Risk in a Dynamic Legal and Regulatory Environment (Oxford University Press 2004) Bass G and Cordes B J, Actions against Nonnuclear Energy Facilities September 1981–September 1982 (RAND Corporation April 1983) Bassey N, ‘Oil Fever’ in Michael Watts (ed.), Curse of the Black Gold: 50 Years of Oil in Niger Delta (Powerhouse Books 2008) 90 Bateman S, ‘The Threat of Maritime Terrorism in South East Asia: What Are We Dealing With?’ (2008) 21 Papers in Australian Maritime Affairs 27 –––– and Bergin A, ‘Sea Change: Advancing Australia’s Ocean Interests’ (Strategy Report, ASPI, March 2009) Beckman R, ‘International Responses to Combat Maritime Terrorism’ in V Ramraj, M Hor and K Roach (eds), Global Anti-Terrorism Law and Policy (Cambridge University Press 2005) 248 ––––, ‘The 1988 SUA Convention and 2005 SUA Protocol: Tools to Combat Piracy, Armed Robbery, and Maritime Terrorism’ in R Herbert-Burns, S Bateman and P Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (CRC Press 2008) 187 Bergin A and Bateman S, ‘Future Unknown: The Terrorist Threat to Australian Maritime Security’ (Strategy Report, ASPI, April 2005) Bingham J (reporter), ‘Harvard Research in International Law: Draft Convention on Piracy’ (1932) 26 American Journal of International Law Supplement 739 Blank L, ‘International Law and Cyber Threats from Non-State Actors’ (2013) 89 International Law Studies 406 Boucek C, ‘Saudi Security and the Islamist Insurgency’ in J Hutzley (ed.), Unmasking Terror: A Global Review of Terrorist Activities, vol. 3 (Jamestown Foundation 2007) Bowett D, The Legal Regime of Islands in International Law (Oceana Publications 1979) Brady J, Chang C, Jennings D R, Shappard R and McDonald-Ogden M, Petroleum Accounting: Principles, Procedures & Issues (7th edn, Professional Development Institute 2011) Breemer J, ‘Offshore Energy Terrorism: Perspectives on a Problem’ (1983) 6 Terrorism 455 Brown C, ‘International Environmental Law in the Regulation of Offshore Installations and Seabed Activities: The Case for a South Pacific Regional Protocol’ (1998) 17(2) Australian Mining and Petroleum Law Journal 109 Brown J, ‘Eco-Warriors: An Invisible Line?’ (2012) 26(2) Australian and New Zealand Maritime Law Journal 152 Bryant D, ‘Historical and Legal Aspects of Maritime Security’ (2004–2005) 17(1) University of San Francisco Maritime Law Journal 1 Bueger C, ‘What is Maritime Security?’ (2015) 53 Maritime Policy 159 Bullion L, ‘Terrorism and Oil Make Volatile Mix’ (2006) 233(5) Pipeline and Gas Journal 32 Burges S, Daudelin J and Fuller R, ‘Latin America’s Energy Infrastructure and Terrorism: A Tentative Vulnerability Assessment’ (Critical Energy Infrastructure Protection Policy Research Series No. 4, CCISS, March 2008) Burgess D, The World for Ransom: Piracy is Terrorism, Terrorism is Piracy (Prometheus Books 2010) Campbell T and Gunaratna R, ‘Maritime Terrorism, Piracy and Crime’ in Rohan Gunaratna (ed.) Terrorism in the Asia-Pacific: Threat and Response (Eastern Universities Press 2003) 70 Carson J, Lafree G and Dugan L, ‘Terrorist and Non-Terrorist Criminal Attacks by Radical Environmental and Animal Rights Groups in the United States, 1970–2007’ (2012) 24(2) Terrorism and Political Violence 295 Chalk P, ‘Maritime Terrorism in the Contemporary Era: Threat and Potential Future Contingencies’ (MIPT Terrorism Annual, MIPT, 2006) ––––The Maritime Dimensions of International Security: Terrorism, Piracy, and Challenges for the United States (RAND Corporation 2008) Chappell B, ‘Privilege Management – The Industry’s Best Kept Secret’ (2013) 2013(10) Network Security 12 Charm R, ‘Terrorists See Offshore as Tempting Target’ (January 1983) Offshore 62 Chaze X, Bouejla A, Napoli A, Guarnieri F, Eude T and Alhadef B, ‘The Contribution of Bayesian Networks to Manage Risks of Maritime Piracy Against Oil Offshore Fields’ (Paper presented at the

454

BIBLIOGRAPHY

Information Technologies for the Maritime Sector International Conference 2012, Busan, 15 April 2012) Chew F, ‘Piracy, Maritime Terrorism and Regional Interests’ (2005) Geddes Papers 73 Churchill R, ‘The Piracy Provisions of the UN Convention on the Law of the Sea – Fit for Purpose?’ in P Koutrakos and A Skordas (eds) The Law and Practice of Piracy at Sea: European and International Perspectives (Hart 2014) 9 –––– and Lowe A, The Law of the Sea (3rd edn, Manchester University Press 1999) Clare M, Resource Wars: The New Landscape of Global Conflict (Owl Books 2002) Clauss G, Lehmann E and Ostergaard C, Offshore Structures: Conceptual Design and Hydromechanics, vol. 1 (M J Shields trans, Springer-Verlag 1992–94) Clawson P and Henderson S, ‘Reducing Vulnerability to Middle East Energy Shocks: A Key Element in Strengthening US Energy Security’ (Policy Focus No. 49, Washington Institute for Near East Policy, November 2005) Cohen F, ‘What Makes Critical Infrastructures Critical?’ (2010) 3(2) International Journal of Critical Infrastructure Protection 53 Combs C and Slann M, Encyclopedia of Terrorism (revised edn, Facts on File 2007) Cook D, ‘Oil and Terrorism’ (The Global Energy Market: Comprehensive Strategies to Meet Geopolitical and Financial Risks Working Paper Series, James Baker III Institute for Public Policy, May 2008) Cordner L, ‘Offshore Oil and Gas Industry Security Risk Assessment: An Australian Case Study’ in R Herbert-Burns, S Bateman and P Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2009) 169 ––––, ‘Managing Regional Risk: Offshore Oil and Gas Safety and Security in the Asia-Pacific Region’ (2011) 3(1) Australian Journal of Maritime and Ocean Affairs 15 ––––, ‘Indo-Pacific Offshore Oil and Gas Safety and Security: Managing Regional Risks’ (Policy Brief No. 3, Indo-Pacific Governance Research Centre, September 2013) Cormac R, ‘Much Ado about Nothing: Terrorism, Intelligence, and the Mechanics of Threat Exaggeration’ (2013) 25(3) Terrorism and Political Violence 476 COSO, Enterprise Risk Management – Integrated Framework (September 2004) Council on Cyber Security, The Critical Security Controls for Effective Cyber Defense Version 5.0 (2014) CPNI, Good Practice Guide: Patch Management (October 2006) ––––, Protecting Against Terrorism (3rd edn, 2010) ––––, Investigating Employees of Concern: A Good Practice (March 2011) ––––, The Secure Procurement of Contracting Staff: A Good Practice Guide for the Oil and Gas Industry (April 2011) ––––, Guide to Producing Operational Requirements for Security Measures (August 2013) ––––, Social Engineering: Understanding the Threat (December 2013) ––––, Ongoing Personnel Security: A Good Practice Guide (3rd edn, April 2014) ––––, Pre-Employment Screening: A Good Practice Guide (5th edn, January 2015) Cray C, International Law and the Use of Force (2nd edn, Oxford University Press 2004) Crist D, ‘Gulf of Conflict: A History of US–Iranian Confrontation at Sea’ (Policy Focus No. 95, Washington Institute for Near East Policy, June 2009) Crocker M, ‘Platforms, Pipelines, and Pirates’ (2007) 51(6) Security Management 76 CSCAP, ‘Cooperation for Law and Order at Sea’ (Memorandum 5, CSCAP, 2001) ––––, ‘Enhancing Efforts to Address the Factors Driving International Terrorism’ (Memorandum 10, CSCAP, December 2005) ––––, ‘Safety and Security of Offshore Oil and Gas Installations’ (Memorandum 16, CSCAP, January 2011) CSS, ETH Zurich, Energy Infrastructure Attack Database (EIAD) (2012) [data file] www.css.ethz.ch/ research/research_projects/index/EIAD accessed 1 December 2014 Daly J, ‘The Threat to Iraqi Oil’ (2004) 2(12) Terrorism Monitor ––––, ‘Saudi Oil Facilities: Al-Qaeda’s Next Target?’ (2006) 4(4) Terrorism Monitor ––––,’The Global Implications of Large-Scale Attacks on Saudi Oil Facilities’ in E Marquardt (ed.), Saudi Arabian Oil Facilities: The Achilles Heel of the Western Economy (Jamestown Foundation, Washington DC 2006) 25

455

BIBLIOGRAPHY

––––, ‘Terrorism and Piracy: The Dual Threat to Maritime Shipping’ (2008) 6(16) Terrorism Monitor 4 ––––, ‘The Islamic State’s Oil Network’ (2014) 12(19) Terrorism Monitor 7 Davis S, Von Kemedi D and Drennan M, ‘Illegal Oil Bunkering in the Niger Delta’ (Niger Delta Peace and Security Strategy Working Papers, 2005) Deloughery K, ‘Simultaneous Attacks by Terrorist Organisations’ (2013) 7(6) Perspectives on Terrorism 79. Denning D, ‘Activism, Hactivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy’ in J Arquilla and D Ronfeldt (eds), Networks and Netwars: The Future of Terror, Crime, and Militancy (RAND Corporation 2001) 241 Denton R, ‘Protection of Offshore Energy Assets’ (December 1976) Naval Engineers Journal 87 Devold H, Oil and Gas Production Handbook: An Introduction to Oil and Gas Production, Transport, Refining and Petrochemical Industry (ABB Oil & Gas 2013) Dinstein Y, ‘Computer Network Attacks and Self-Defence’ (2002) 76 International Law Studies 99 ––––, War, Aggression and Self-Defence (4th edn, Cambridge University Press 2005) Doby D, ‘Piracy Jure Gentium: The Jurisdictional Conflict of the High Seas and Territorial Waters’ (2010) 41(4) Journal of Maritime Law and Commerce 56 DOTARS, Guide to Preparing an Offshore Security Plan for Offshore Facility Operators (July 2005) ––––, Guide to Preparing an Offshore Security Plan for Offshore Service Providers (December 2005) Drake CJM, Terrorists’ Target Selection (Macmillan Press 1998) Ebersole J, ‘International Terrorism and the Defense of Offshore Facilities’ (1975) September US Naval Institute Proceedings 54 EFQM, Fundamental Concepts of Excellence (EFQM Publications 2012) Elliott R, ‘Piracy on the High Seas’ (2007) 51(6) Security Management 40 El-Reedy M, Offshore Structures: Design, Construction and Maintenance (1st edn, Gulf Professional Publishing 2012) Emuedo C, ‘Insecurity in the Niger Delta and the Future of Nigeria’s Federalism’ (2014) 8(3) African Research Review 18 Enders W and Sandler T, The Political Economy of Terrorism (Cambridge University Press 2006) Esmaeili H, ‘The Protection of Offshore Oil Rigs in International Law (Part I)’ (1999) 18(3) Australian Mining and Petroleum Law Journal 241 –––– ‘The Protection of Offshore Oil Rigs in International Law (Part II)’ (2000) 19(1) Australian Mining and Petroleum Law Journal 35 –––– The Legal Regime of Offshore Oil Rigs in International Law (Ashgate Dartmouth 2001) Farrell A, Zerriffi H and Dowlatabadi H, ‘Energy Infrastructure and Security’ (2004) 29 Annual Review of Environment and Resources 421 Farrell R, ‘Maritime Terrorism: Focusing on the Probable’ (2007) 60(3) Naval War College Review 46 Fedorowicz J, ‘The Ten-Thousand Mile Target: Energy Infrastructure and Terrorism Today’ (Critical Energy Infrastructure Protection Policy Research Series No 2-2007, CCISS, March 2007) Forbes A, ‘Protecting Middle East Seaborne Energy Exports’ (2008) 8 Security & Terrorism Research Bulletin 4 –––– ‘The Economic Impact of Disruptions to Seaborne Energy Flows’ (2008) 23 Papers in Australian Maritime Affairs 57 Fort B, ‘Transnational Threats and the Maritime Domain’ in G Ong-Webb (ed.), Piracy, Maritime Terrorism and Securing the Malacca Straits (ISEAS Publishing 2006) 23 GAO, ‘Maritime Security: Coast Guard Should Conduct Required Inspections of Offshore Energy Infrastructure’ (Report to Congressional Requesters, GAO, October 2011) Gardner M, ‘Piracy Prosecutions in National Courts’ (2012) 10(4) Journal of International Criminal Justice 797 Garwood-Gowers A, ‘Case Note: Case Concerning Oil Platforms (Islamic Republic of Iran v United States of America) – Did the ICJ Miss the Boat on the Law on the Use of Force?’ (2004) 5(1) Melbourne Journal of International Law 241 Gazzini T, ‘The Rules on the Use of Force at the Beginning of the XXI Century’ (2006) 11(3) Journal of Conflict and Security Law 319 Gerwick Jr B, Construction of Marine and Offshore Structures (3rd edn, Taylor & Francis 2007)

456

BIBLIOGRAPHY

Gilbert L D, ‘Youth Militancy, Amnesty and Security in the Niger Delta Region of Nigeria’ in Victor Ojakorotu and Lysias Dodd Gilbert (eds), Checkmating the Resurgence of Oil Violence in the Niger Delta of Nigeria (2010) www.iags.org/Niger_Delta_book.pdf accessed 1 December 2015 Gill T, ‘The Temporal Dimension of Self-Defence: Anticipation, Pre-emption, Prevention and Immediacy’ (2006) 11(3) Journal of Conflict and Security Law 361 –––– and Ducheine P, ‘Anticipatory Self-Defense in the Cyber Context’ (2013) 89 International Law Studies 438 Giroux J, ‘Turmoil in the Delta: Trends and Implications’ (2008) 2(8) Perspectives on Terrorism 11 ––––, ‘Global Platforms and Big Returns: Energy Infrastructure Targeting in the 21st Century’ (CTN Newsletter Special Bulletin Protecting Critical Energy Infrastructure from Terrorist Attacks, OSCE, January 2010) 18 –––– and Burgherr P, ‘Canvassing the Targeting of Energy Infrastructure: The Energy Infrastructure Attack Database’ (July 2012) Journal of Energy Security, www.ensec.org/index.php?option=com_ content&view=article&id=379:canvassing-the-targeting-of-energy-infrastructure-the-energyinfrastructure-attack-database&catid=128:issue-content&Itemid=402 accessed 1 December 2015 –––– and Hilpert C, ‘The Relationship Between Energy Infrastructure Attacks and Crude Oil Prices’ (October 2009) Journal of Energy Security, www.ensec.org/index.php?option=com_content&view=article &id=216:the-relationship-between-energy-infrastructure-attacks-and-crude-oil-prices&catid= 100:issuecontent&Itemid=352 accessed 1 December 2015 ––––, Peter Burgherr and Laura Melkunaite, ‘Research Note on the Energy Infrastructure Attack Database (EIAD)’ (2013) 7(6) Perspectives on Terrorism 113 Glennon M, ‘The Fog of Law: Self-Defense, Inherence, and Incoherence in Article 51 of the United Nations Charter’ (2001-2002) 25(2) Harvard Journal of Law & Public Policy 539 Gold E, Chircop A and Kindred H, Essentials of Canadian Law Series: Maritime Law (Irwin Law 2003) Goldman O, ‘The Globalization of Terror Attacks’ (2011) 23(1) Terrorism and Political Violence 31 Graff W, Introduction to Offshore Structures: Design, Fabrication, Installation (Gulf Publishing 1981) Gramling R and Freudenburg W, ‘Attitudes Toward Offshore Oil Development: A Summary of Current Evidence’ (2006) 49 Ocean & Coastal Management 442 Gray C, ‘Passage Through the Great Belt (Finland v Denmark), Provisional Measures, Order of 29 July 1991’ (1993) 42(3) International and Comparative Law Quarterly 705 Green J, ‘The Oil Platforms Case: An Error in Judgement’ (2004) 9(3) Journal of Conflict and Security Law 357 Greenberg M, Chalk P, Willis H, Khilko I and Ortiz D, Maritime Terrorism: Risk and Liability (RAND Corporation 2006) Greenpeace, ‘Statement of Facts Concerning the Boarding and Detention of the MY Arctic Sunrise and the Judicial Proceedings Against All 30 Persons on Board’ (19 October 2013) Guilfoyle D, Shipping Interdiction and the Law of the Sea (Cambridge University Press 2009) –––– ‘Piracy and Terrorism’ in P Koutrakos and A Skordas (eds) The Law and Practice of Piracy at Sea: European and International Perspectives (Hart Publishing 2014) 33 Hadjistassou C and Hadjiantonis A, ‘Risk Assessment of Offshore Oil and Gas Installations Under Cyber Threats’ (Energy Sequel, 25 January 2013) www.energysequel.com/risk-assessment-of-offshore-oiland-gas-installations-under-cyber-threats/ accessed 1 December 2014 Haghshnass F, ‘Iran’s Asymmetric Naval Warfare’ (Policy Focus No. 87, Washington Institute for Near East Policy, September 2008) Halberstam M, ‘Terrorism on the High Seas: The Achille Lauro, Piracy and the IMO Convention on Maritime Safety’ (1988) 82 American Journal of International Law 269 Hale G, ‘Does the ISPS Code Address Post 9/11 Maritime Security Threats?’ (2005) 116 Journal of the Australian Naval Institute 1 Hansen H T, ‘Distinctions in the Finer Shades of Gray: The “Four Circles Model” for Maritime Security Threat Assessment’ in R Herbert-Burns, S Bateman and P Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2009) 73 Harel A, ‘Preventing Terrorist Attacks on Offshore Platforms: Do States Have Sufficient Legal Tools?’(2013) 4(1) Harvard National Security Journal 131 Harris D, Cases and Materials on International Law (6th edn, Sweet & Maxwell 2004)

457

BIBLIOGRAPHY

Hathaway O, Crootof R, Levitz P, Nix H, Nowlan A, Perdue W and Spiegel J, ‘The Law of CyberAttacks’ (2012) 100(4) California Law Review 817. Herbert-Burns R, ‘Tankers, Specialized Production Vessels, and Offshore Terminals: Vulnerability and Security in the International Maritime Oil Sector’ in R Herbert-Burns, S Bateman and P Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2009) 133 ––––, ‘Terrorism in the Early 21st Century Maritime Domain’ in J Ho and C Raymond (eds), The Best of Times, the Worst of Times (World Scientific Publishing 2005) 155 Hesse H, ‘Maritime Security in a Multilateral Context: IMO Activities to Enhance Maritime Security’ (2003) 18(3) International Journal of Marine and Coastal Law 327 –––– and Charalambous N, ‘New Security Measures for the International Shipping Community’ (2004) 3(2) World Maritime University Journal of Maritime Affairs 123 Hirsch-Hoefler S and Mudde C, ‘“Ecoterrorism”: Terrorist Threat or Political Ploy?’ (2014) 37(7) Studies in Conflict and Terrorism 586 Ho J and Raymond C (eds), The Best of Times, the Worst of Times (World Scientific Publishing 2005) Hoffman B and Claridge D, ‘The RAND-St Andrews Chronology of International Terrorism and Noteworthy Domestic Incidents, 1996’ (1998) 10(2) Terrorism and Political Violence 135 Holditch S and Chianelli R, ‘Factors That Will Influence Oil and Gas Supply and Demand in the 21st Century’ (April 2008) 33(4) Materials Research Society Bulletin 317 Holt T, ‘Exploring the Intersections of Technology, Crime, and Terror’ (2012) 24(2) Terrorism and Political Violence 337 Honein S, The International Law Relating to Offshore Installations and Artificial Islands: An Industry Report (Lloyd’s of London Press 1991) Howland J, ‘Countering Maritime Terror, US Thwarts Attacks, Builds Up Foreign Navies’ (17 June 2004) Jewish Institute for National Security Affairs Online Hübschle A, ‘From Theory to Practice: Exploring the Organised Crime-Terror Nexus in Sub-Saharan Africa’ (2011) 5(3–4) Perspectives on Terrorism 81 Human Rights Watch, The Price of Oil: Corporate Responsibility and Human Rights Violations in Nigeria’s Oil Producing Communities (January 1999) Husband L, Interview with David Pickard, in ‘High Risk, High Reward: Talking Offshore Security with Drum Cussac’ (Offshore Technology, 3 January 2013) www.offshore-technology.com/features/ featureoffshore-oil-security-piracy-terrorist-attack-prevention-drum-cussac/ accessed 1 December 2015 Hyne N, Nontechnical Guide to Petroleum Geology, Exploration, Drilling & Production (3rd edn, PennWell 2012) Ibaba I, ‘Terrorism in Liberation Struggles: Interrogating the Engagement Tactics of the Movement for the Emancipation of the Niger Delta’ (2011) 5(3-4) Perspectives on Terrorism 18 ICG, ‘The Swamps of Insurgency: Nigeria’s Delta Unrest’ (Africa Report No. 115, ICG, 3 August 2006) ––––, ‘The Gulf of Guinea: The New Danger Zone’ (Crisis Group Africa Report No. 195, ICG, December 2012) ICMM et al., Voluntary Principles on Security and Human Rights: Implementation Guidance Tools (IGT) (2011) ICS, Guidance for Shipowners, Ship Operators and Masters on Protection of Ships from Terrorism and Sabotage (2001). Idler A, ‘Exploring Agreements of Convenience Made among Violent Non-State Actors’ (2012) 6(4–5) Perspectives on Terrorism 67 ILC, ‘Report of the International Law Commission on the Work of its Eighth Session (23 April – 4 July 1956)’ [1956] II Yearbook of the International Law Commission 253 IMCA, Threat Risk Assessment Procedure (January 2007) ––––, Security Measures and Emergency Response Guidance (February 2015) IMO, Consideration and Adoption of Amendments to the International Convention for the Safety of Life at Sea, 1974, Conference of Contracting Governments to the International Convention for the Safety of Life at Sea 1974, Agenda Item 6, IMO Doc SOLAS/CONF.5/32 (12 December 2002) ––––, Adoption of the Final Act and Any Instruments, Recommendations and Resolutions Resulting From the Work of the Conference, Agenda Item 8, IMO Doc LEG/CONF.15/22 (1 November 2005)

458

BIBLIOGRAPHY

––––, Final Act of the International Conference on the Suppression of Unlawful Acts against the Safety of Maritime Navigation, reproduced in IMO, SUA Convention (IMO, first published 1988, 2006 edn) ––––, Development of Guidelines for Consideration of Requests for Safety Zones Larger than 500 metres Around Artificial Islands, Installations and Structures in the Exclusive Economic Zone, MSC, 84th Session, Agenda Item 22, IMO Doc MSC 84/22/4 (4 February 2008) ––––, Implications of the United Nations Convention on the Law of the Sea for the International Maritime Organization: Study by the Secretariat of the International Maritime Organization (IMO), IMO Doc LEG/MISC.6 (10 September 2008) ––––, Guidelines for Consideration of Requests for Safety Zones Larger Than 500 Metres Around Artificial Islands, Installations and Structures in the EEZ, NAV, 56th Session, Agenda Item 4, IMO Doc NAV 56/4/1 (4 June 2010) –––– and ILO, Code of Practice on Security in Ports (2004) Inkpen A and Moffett M, The Global Oil & Gas Industry: Management, Strategy & Finance (PennWell 2011). IOGP, Asset Integrity – The Key to Managing Major Incident Risks (Report No. 415, December 2008) ––––, Firearms and the Use of Force (Report No. 320, February 2010) ––––, Position Paper on the Development and Use of International Standards (Report No. 381, March 2010) ––––, Response to Demonstrations at Offshore Facilities (Document No. 309, March 2010) ––––, Country Evacuation Planning Guidelines (Report No. 472, September 2012) ––––, Mutual Aid in Large-Scale Offshore Incidents – A Framework for the Offshore Oil and Gas Industry (Report No. 487, June 2013) ––––, Integrating Security in Major Projects – Principles & Guidelines (Report No. 494, April 2014) ––––, OMS in Practice: A Supplement to Report No. 510, Operating Management System Framework (Report No. 511, June 2014) ––––, Operating Management System Framework: For Controlling Risk and Delivering High Performance in the Oil and Gas Industry (Report No. 510, June 2014) ––––, Security Management System: Processes and Concept in Security Management (Report No. 512, July 2014). ––––, Effective Guard Force Management – Principles and Guidelines (Report No. 537, July 2015). ––––, High Integrity Protection Systems – Recommended Practice (Report No. 443, February 2015) IOGP and IPIECA, Managing Psychosocial Risks on Expatriation in the Oil and Gas Industry (Report No. 495, December 2013) IPIECA, A Guide to Social Impact Assessment in the Oil and Gas Industry (2004) ––––, Local Content Strategy: A Guidance Documents for the Oil and Gas Industry (2011) ––––, Community Grievance Mechanisms in the Oil and Gas Industry: A Manual for Implementing Operationallevel Grievance Mechanisms and Designing Corporate Frameworks (2015). –––– and IOGP, Key Questions in Managing Social Issues in Oil & Gas Projects (October 2002). Jacobs M and Watts-Fitzgerald T, ‘Protection of Offshore Assets of the United States from Terrorist Activity’ (1984) 16(4) Natural Resources Lawyer 569 Jarvis L, Macdonald S and Nouri L, ‘The Cyberterrorism Threat: Findings from a Survey of Researchers’ (2014) 37(1) Studies in Conflict and Terrorism 68 Jenkins B M, Cordes B, Gardela K and Petty G, ‘A Chronology of Terrorist Attacks and Other Criminal Actions Against Maritime Targets’ (RAND Paper Series, RAND Corporation, September 1983) ––––, ‘Potential Threats to Offshore Platforms’ (RAND Corporation, January 1988) Jennings D R, Feiten J B, Brock H R, Klingstedt J P and Jones D M, Petroleum Accounting: Principles, Procedures & Issues (5th edn, Professional Development Institute 2000) Jesus J, ‘Protection of Foreign Ships against Piracy and Terrorism at Sea: Legal Aspects’ (2003) 18(3) International Journal of Marine and Coastal Law 363 Juhasz A, The Tyranny of Oil: The World’s Most Powerful Industry – And What We Must Do to Stop It (HarperCollins 2008) Kamal-Deen A, ‘The Anatomy of Gulf of Guinea Piracy’ (2015) 68(1) Naval War College Review 93 Kammerhofer J, ‘Oil’s Well that Ends Well? Critical Comments on the Merits Judgement in the Oil Platforms Case’ (2004) 17(4) Leiden Journal of International Law 695. Karmon E, ‘Al Qa’ida and the War on Terror After the War in Iraq’ (2006) 10(1) Middle East Review of International Affairs 1.

459

BIBLIOGRAPHY

Kashubsky M, ‘Offshore Energy Force Majeure: Nigeria’s Local Problem with Global Consequences’ (2008) 160 Maritime Studies 20 ––––, ‘Can an Act of Piracy Be Committed Against an Offshore Petroleum Installation?’ (2012) 26(2) Australian and New Zealand Maritime Law Journal 163 –––– and Morrison A, ‘Security of Offshore Oil and Gas Facilities: Exclusion Zones and Ships’ Routeing’ (2013) 5(1) Australian Journal of Maritime and Ocean Affairs 1 Katsouris C and Sayne A, ‘Nigeria’s Criminal Crude: International Options to Combat the Export of Stolen Oil’ (Report of the Royal Institute of International Affairs, September 2013) Kaye D, ‘Adjudicating Self-Defense: Discretion, Perception, and the Resort to Force in International Law’ (2005) 44(1) Columbia Journal of Transnational Law 134 Kaye S, ‘International Measures to Protect Oil Platforms, Pipelines, and Submarine Cables from Attack’ (2007) 31(2) Tulane Maritime Law Journal 377 ––––, ‘Threats from the Global Commons: Problems of Jurisdiction and Enforcement’ (2007) 8(1) Melbourne Journal of International Law 185 ––––, ‘Interdiction and Boarding of Vessels at Sea: New Developments and Old Problems’ in R HerbertBurns, S Bateman and P Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2009) 201 ––––, ‘The Protection of Platforms, Pipelines and Submarine Cables under Australian and New Zealand Law’ in N Klein, J Mossop and D Rothwell (eds), Maritime Security: International Law and Policy Perspectives from Australia and New Zealand (Routledge 2010) 186 Kiesow I, ‘Quest for Oil and Geostrategic Thinking’ (2005) 3(3) The China and Eurasia Forum Quarterly 11 Kilcullen D, ‘Countering Global Insurgency’ (2005) 28(4) Journal of Strategic Studies 597 Kjok A and Lia B, ‘Terrorism and Oil – An Explosive Mixture?: A Survey of Terrorist and Rebel Attacks on Petroleum Infrastructure 1968–1999’ (FFI Report No 2001/04031, FFI, 2001) Klare M, ‘There Will Be Blood: Political Violence, Regional Warfare, and the Risk of Great-Power Conflict Over Contested Energy Sources’ in G Luft and A Korin (eds), Energy Security Challenges for the 21st Century: A Reference Handbook (ABC-CLIO 2009) 44 Klein N, ‘Legal Limitations on Ensuring Australia’s Maritime Security’ (2006) 7 Melbourne Journal of International Law 306 ––––, Mossop J and Rothwell D, ‘Australia, New Zealand and Maritime Security’ in N Klein, J Mossop and D Rothwell (eds), Maritime Security: International Law and Policy Perspectives from Australia and New Zealand (Routledge 2010) ––––, Mossop J and Rothwell D (eds), Maritime Security: International Law and Policy Perspectives from Australia and New Zealand (Routledge 2010) ––––, Maritime Security and the Law of the Sea (Oxford University Press 2011) Kohlmann E, Al-Qaida in Saudi Arabia: Excerpts from ‘The Laws of Targeting Petroleum-Related Interests’ (2006) http://azelin.files.wordpress.com/2010/08/al-qaida-in-saudi-arabia-excerpts-from-e2809cthelaws-of-targeting-petroleum-related-interests.pdf accessed 1 December 2015 Koknar A, ‘The Epidemic of Energy Terrorism’ in G Luft and A Korin (eds), Energy Security Challenges for the 21st Century: A Reference Handbook (ABC-CLIO 2009) 18 Koskenniemi M, ‘Case Concerning Passage Through the Great Belt’ (1996) 27(3) Ocean Development & International Law 255 Kosker M, ‘Oil Fuels the Kurdistan–ISIS Conflict’ (2014) 12(14) Terrorism Monitor 6 Kovacs E, ‘Oil and Gas Companies Invest in Security to Tackle Risks Posed by Cyber Threats’ (Softpedia, 16 January 2013) http://news.softpedia.com/news/Oil-and-Gas-Companies-Invest-in-Security-toTackle-Risks-Posed-by-Cyber-Threats-321229.shtml accessed 1 December 2015 Kraska J, Maritime Power and the Law of the Sea: Expeditionary Operations in World Politics (Oxford University Press 2011) Kwast P, ‘Maritime Law Enforcement and the Use of Force: Reflections on the Categorisation of Forcible Action at Sea in the Light of the Guyana/Suriname Award’ (2008) 13(1) Journal of Conflict and Security Law 49 Larian A, ‘An Old Problem Reborn: So What Is Piracy After All?’ (2013–14) 26(1) University of San Francisco Maritime Law Journal 117

460

BIBLIOGRAPHY

Le Billon, Philippe, ‘Fuelling War: Natural Resources and Armed Conflict’ (2005) 45(373) Adelphi Papers Leffler W, Pattarozzi R and Sterling G, Deepwater Petroleum Exploration & Production: A Nontechnical Guide Hardcover (PennWell 2003) Lehr P, ‘Maritime Terrorism: Locations, Actors, and Capabilities’ in R Herbert-Burns, S Bateman and P Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2008) 55 Leiner F, ‘Maritime Security Zones: Prohibited Yet Perpetuated’ (1984) 24(4) Virginia Journal of International Law 967 Lia B and Kjok A, ‘Energy Supply as Terrorist Targets? Patterns of “Petroleum Terrorism” 1968–99’ in D Heradstveit and H Hveem (eds), Oil in the Gulf: Obstacles to Democracy and Development (Ashgate 2004) Lindsay M, ‘The Security Threat to Oil Companies In and Out of Conflict Zones’ (2005) 2 The Oil and Gas Review 1 Liu C, Tan C-K, Fang Y-S and Lok T-S, ‘The Security Risk Assessment Methodology’ (2012) 43 Procedia Engineering 600 Loadenthal M, ‘Eco-Terrorism? Countering Dominant Narratives of Securitisation: A Critical, Quantitative History of the Earth Liberation Front (1996–2009)’ (2014) 8(3) Perspectives on Terrorism 16 Lubell N, Extraterritorial Use of Force Against Non-State Actors (Oxford University Press 2011) Luciani G, ‘Geopolitical Threats to Oil and Gas and the Functioning of the International Oil Market’ (CEPS Policy Brief No. 221, Centre for European Policy Studies, November 2010) Luft G, ‘Oil’s 150th Anniversary: Whose Happy Birthday?’ (August 2009) Journal of Energy Security www.ensec.org/index.php?option=com_content&view=article&id=208:oils-150th-anniversary-whosehappy-birthday&catid=98:issuecontent0809&Itemid=349 accessed 1 December 2015 Maass P, Crude World: The Violent Twilight of Oil (Vintage Books 2010) MacBain M, ‘Will Terrorism Go to Sea?’ (1980) 23(1) Sea Power 15 MacDonald J, ‘Overview of Global and Asian Energy Trends’ (2009) 23 Papers in Australian Maritime Affairs 3 McDorman T, ‘The Continental Shelf Regime in the Law of the Sea Convention: A Reflection on the First Thirty Years’ (2012) 27 International Journal of Marine and Coastal Law 743 McGregor A, ‘The Islamist Challenge to North Africa’s Energy Industry’ in A McGregor (ed.), The Changing Face of Islamist Militancy in North Africa (Jamestown Foundation 2008) ––––, ‘Cameroon Rebels Threaten Security in Oil-Rich Gulf of Guinea’ (2010) 8(43) Terrorism Monitor 7 ––––, ‘Berbers Seize Libyan Oil Terminal to Press Demand for Recognition’ (2013) 11(21) Terrorism Monitor 3 ––––, ‘Ex-Militants Use Oil as a Political Weapon in the Niger Delta’ (2014) 12(14) Terrorism Monitor 3 McNamee M, ‘No End in Sight: Violence in the Niger Delta and Gulf of Guinea’ (2013) 11(5) Terrorism Monitor 8 ––––, ‘Militancy in the Niger Delta Becoming Increasingly Political – A Worry for 2015’ (2013) 11(21) Terrorism Monitor 4 Maerli M B, Barø R, Paaske B J and Vahr H R, ‘Energy Supply Chain Threat Assessment and Generic Security Guidance’ (COUNTERACT Consortium, April 2009) Maggs G, ‘The Campaign to Restrict the Right to Respond to Terrorist Attacks in Self-Defence Under Article 51 of the UN Charter and What the United States Can Do About It’ (2006) 4 Regent Journal International Law 149 Makarenko T, ‘The Crime-Terror Continuum: Tracing the Interplay between Transnational Organised Crime and Terrorism’ (2004) 6(1) Global Crime 129 Mansah T, ‘Can the SLOPS Be Considered as a Ship for the Purposes of the 1922 Civil Liability Convention and the 1992 Fund Convention?’ (2010) 1(1) Aegean Review of the Law of the Sea and Maritime Law 145 Marquardt E, ‘The Niger Delta Insurgency and Its Threat to Energy Security’ in J Hutzley (ed.), Unmasking Terror: A Global Review of Terrorist Activities, vol. 3 (Jamestown Foundation 2007) 236 Marr P, ‘The Iran–Iraq War: The View from Iraq’ in C Joyner (ed.), The Persian Gulf War: Lessons for Strategy, Law, and Diplomacy (1st edn, Greenwood Press 1990) 59

461

BIBLIOGRAPHY

Martin J and Longmire S, ‘The Perilous Intersection of Mexico’s Drug War & Pemex’ (March 2011) Journal of Energy Security, www.ensec.org/index.php?option=com_content&view=article&id=283:theperilous-intersection-of-mexicos-drug-war-aamp-pemex&catid=114:content0211&Itemid=374 accessed 1 December 2015 Masters D, ‘The Origin of Terrorist Threats: Religious, Separatist, or Something Else?’ (2008) 20(3) Terrorism and Political Violence 396 Mejia Jr M, ‘Maritime Gerrymandering: Dilemmas in Defining Piracy, Terrorism and Other Acts of Maritime Violence’ (2003) 2 Journal of International Commercial Law 153 Menefee S, ‘Piracy, Terrorism, and the Insurgent Passenger: A Historical Perspective’ in N Ronzitti (ed.), Maritime Terrorism and International Law (Martinus Nijhoff 1990) 43 MIGA, The Voluntary Principles on Security and Human Rights: An Implementation Toolkit for Major Project Sites (Working Paper, July 2008) Mihalka M and Anderson D, ‘Is the Sky Falling? Energy Security and Transnational Terrorism’ (2008) 7(3) Strategic Insights, www.isn.ethz.ch/Digital-Library/Publications/Detail/?ots591=0c54e3b3-1e9cbe1e-2c24-a6a8c7060233&lng=en&id=87537 accessed 1 December 2015 Mili H, ‘Tangled Webs: Terrorist and Organized Crime Groups’ in J Hutzley (ed.), Unmasking Terror: A Global Review of Terrorist Activities, vol. 3 (Jamestown Foundation 2007) 91 Moghadam A, Berger R and Beliakova P, ‘Say Terrorist, Think Insurgent: Labeling and Analyzing Contemporary Terrorist Actors’ (2014) 8(5) Perspectives on Terrorism 2 Molotch H, Freudenburg W and Paulsen K, ‘History Repeats Itself, But How? City Character, Urban Tradition, and the Accomplishment of Place’ (2000) 65(6) American Sociological Review 791 Moore D, ‘Security Risk Assessment Methodology for the Petroleum and Petrochemical Industries’ (2013) 26(6) Journal of Loss Prevention in the Process Industries 1685 Morris M, ‘Al Qaeda as Insurgency’ (2005) 39 Joint Force Quarterly 41 Mulaj K, ‘Introduction: Violent Non-State Actors: Exploring Their State Relations, Legitimation, and Operationality’ in K Mulaj (ed.), Violent Non-State Actors in World Politics (Hurst 2010) 1 Murphy M, ‘Slow Alarm: The Response of the Maritime Insurance Industry to the Threat of Piracy and Maritime Terrorism’ (May-June 2006) Maritime Studies 1 ––––, ‘Suppression of Piracy and Maritime Terrorism: A Suitable Role for a Navy?’ (2007) 60(3) Naval War College Review 23 ––––, ‘The Blue, Green, and Brown: Insurgency and Counter-insurgency on the Water’ (2007) 28(1) Contemporary Security Policy 63 ––––, ‘Lifeline or Pipedream? Origins, Purposes and Benefits of Automatic Identification System, LongRange Identification and Tracking, and Maritime Domain Awareness’ in R Herbert-Burns, S Bateman and P Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2009) 13 ––––, Small Boats, Weak States, Dirty Money: Piracy & Maritime Terrorism in the Modern World (Hurst 2009) ––––, ‘Petro-Piracy: Oil and Troubled Waters’ (2013) 57(3) Orbis 424 Nagtzaam G and Lentini P, ‘Vigilantes on the High Seas?: The Sea Shepherds and Political Violence’ (2008) 20(1) Terrorism and Political Violence 110 NCTC, National Counter Terrorism Plan (2nd edn, 2005) Nerlich U and Umbach F, ‘European Energy Infrastructure Protection: Addressing the Cyber-warfare Threat’ (October 2009) Journal of Energy Security www.ensec.org/index.php?option=com_content &view=article&id=219:european-energy-infrastructure-protectionaddressing-the-cyber-warfarethreat&catid=100:issuecontent&Itemid=352 accessed 1 December 2015 Ngantcha F, The Right of Innocent Passage and Evolution of the International Law of the Sea (Printer Publishers 1990) Nincic D, ‘Maritime Piracy: Implications for Maritime Energy Security’ (February 2009) Journal of Energy Security www.ensec.org/index.php?option=com_content&view=article&id=180:maritime-piracyimplications-for-maritime-energy-security&catid=92:issuecontent&Itemid=341 accessed 1 December 2015 ––––, ‘Troubled Waters: Energy Security and Maritime Security’ in G Luft and A Korin (eds), Energy Security Challenges for the 21st Century: A Reference Handbook (ABC-CLIO 2009) 31 ––––, ‘The “Radicalization” of Maritime Piracy: Implications for Maritime Energy Security’ (December 2010) Journal of Energy Security www.ensec.org/index.php?option=com_content&view=article&id=269:

462

BIBLIOGRAPHY

the-radicalization-of-maritime-piracy-implications-for-maritime-energy-security&catid=112: energysecuritycontent&Itemid=367 accessed 1 December 2015 Nodland A, ‘Guns, Oil, and “Cake”: Maritime Security in the Gulf of Guinea’ in B Elleman, A Forbes and D Rosenbert (eds), Piracy and Maritime Crime (Naval War College Press 2010) 191 NOGA, Recommended Guidelines for Information Security Baseline Requirements for Process Control Safety and Support ICT Systems (Guideline No. 104, January 2009) ––––, Recommended Guidelines for Check-in and Security Checks at Helicopter Terminals (Guideline No. 003, March 2011) ––––, Recommended Guidelines for Securing Supplies and Materials in the Oil and Gas Industry (Guideline No. 091, December 2013) O’Connell D, The International Law of the Sea, vol. 2 (Clarendon Press 1983–84) O’Connell ME, ‘Evidence of Terror’ (2002) 7(1) Journal of Conflict and Security Law 19 ––––, ‘Lawful Self-Defense to Terrorism’ (2002) 63(4) University of Pittsburgh Law Review 889 Ochoa-Ruiz N and Salamanca-Aguado E, ‘Exploring the Limits of International Law Relating to the Use of Force in Self-Defence’ (2005) 16(3) European Journal of International Law 499 OECD, Security in Maritime Transport: Risk Factors and Economic Impact (2003) ––––, OECD Guidelines for Multinational Enterprises (2011) ––––, OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas (2nd edn, 2013) OITS, Offshore Oil and Gas Resources Sector Security Inquiry (June 2012) Ojakorotu V, ‘The Paradox of Terrorism, Armed Conflict and Natural Resources: An Analysis of Cabinda in Angola’ (2011) 5(3–4) Perspectives on Terrorism 96 –––– and Gilbert L (eds), Checkmating the Resurgence of Oil Violence in the Niger Delta of Nigeria (Lambert Academic Publishing 2010) OSCE, Good Practices Guide on Non-Nuclear Critical Energy Infrastructure Protection (NNCEIP) from Terrorist Attacks Focusing on Threats Emanating from Cyberspace (2013) OTS, Offshore Oil & Gas Risk Context Statement (April 2005) ––––, Offshore Security Assessment Guidance Paper (June 2005) Papadakis N, The International Legal Regime of Artificial Islands (Sijthoff 1977) Pape R, ‘The Strategic Logic of Suicide Terrorism’ (2003) 97(3) American Political Science Review 343 Parfomak P and Frittelli J, ‘Maritime Security: Potential Terrorist Attack and Protection Priorities’ (CRS Report for Congress, US Congress, 2007) Pellegrino F, ‘Historical and Legal Aspects of Piracy and Armed Robbery Against Shipping’ (2012) 43(3) Journal of Maritime Law and Commerce 429 Penders M and Thomas W, ‘Ecoterror: Rethinking Environmental Security After September 11’ (2002) 16(?) National Resources & Environment 159 Piercey M, ‘Piracy and the Risks of Maritime Terrorism: How Significant Are These Threats?’ [2004] Geddes Papers 64 Pietre-Cambacedes L and Chaudet C, ‘The SEMA Referential Framework: Avoiding Ambiguities in the Terms “Security” and “Safety”’ (2010) 3(2) International Journal of Critical Infrastructure Protection 55 Pinder D, ‘Offshore Oil and Gas: Global Resource Knowledge and Technological Change’ (2001) 44 Ocean & Coastal Management 579 Pippard T, ‘“Oil-Qaeda”: Jihadist Threats to the Energy Sector’ (2010) 4(3) Perspectives on Terrorism 3 Primmerman C, Thoughts on the Meaning of “Asymmetric Threats” (Lincoln Laboratory, March 2006) Rabasa A, Chalk P, Cragin K, Daly S A, Gregg H S, Karasik T W, O’Brien K A and Rosenau W, Beyond Al-Qaeda Part I: The Global Jihadist Movement (RAND Corporation 2006) Radvanovsky R, Critical Infrastructure: Homeland Security and Emergency Preparedness (CRC Press 2006) Rahman C, ‘Concepts of Maritime Security: A Strategic Perspective on Alternative Visions for Good Order and Security at Sea, with Policy Implications for New Zealand’ (Discussion Paper 07/09, Centre for Strategic Studies, July 2009) RAND Corporation, RAND Database of Worldwide Terrorism Incidents (2012) [data file] www.rand.org/ nsrd/projects/terrorism-incidents/download.html accessed 12 March 2015

463

BIBLIOGRAPHY

Rares S, ‘An International Convention on Offshore Hydrocarbon Leaks?’ (2012) 26(1) Australian and New Zealand Maritime Law Journal 10 Raymond C, ‘Maritime Terrorism, A Risk Assessment: The Australian Example’ in Joshua Ho and Catherine Raymond (eds), The Best of Times, the Worst of Times (World Scientific Publishing 2005) 179 Reuland R, ‘Interference with Non-National Ships on the High Seas: Peacetime Exceptions to the Exclusivity Rule of Flag-State Jurisdiction’ (1989) 22 Vanderbilt Journal of Transnational Law 1161 Richards A, ‘Conceptualizing Terrorism’ (2014) 37(3) Studies in Conflict and Terrorism 213 Riphagen W, ‘International Legal Aspects of Artificial Islands’ (1973) 4(4) International Relations 327 Rishikof H, ‘When Naked Came the Doctrine of Self-Defense: What Is the Proper Role of the International Court of Justice in Use of Force Cases’ (2004) 29(2) Yale Journal of International Law 331 RiskWatch International, ‘Oil and Gas Industry: A Comprehensive Security Risk Management Approach’ (White Paper, 2013) Roach A, ‘Global Conventions on Maritime Crimes Involving Piratical Acts’ (2013) 46(1–2) Case Western Reserve Journal of International Law 91 Robb N, ‘Has the Role of Geography been Diminished by Technology, Globalisation and the Threat Posed by Terrorism?’ (2009) 27 Papers in Australian Maritime Affairs 275 Robinson T, The Offshore: An Introduction to the Technology, Terminology and Operations of Offshore Exploration (Jesperson Press 1992) Rollins J and Wilson C, ‘Terrorist Capabilities for Cyberattack: Overview and Policy Issues’ (CRS Report for Congress, US Congress, 2007) Rom B, ‘Navigating the Law Regulating FPSO Operations in Australia and the Pollution Liabilities of Owners and Operators’ (2012) 31(2) Australian Resources and Energy Law Journal 138 Ronzitti N, (ed.), Maritime Terrorism and International Law (Martinus Nijhoff 1990) ––––, ‘The Law of the Sea and the Use of Force Against Terrorist Activities’ in N Ronzitti (ed.), Maritime Terrorism and International Law (Martinus Nijhoff 1990) 1 ––––, ‘The Prevention and Suppression of Terrorism Against Fixed Platforms on the Continental Shelf’ in N Ronzitti (ed.), Maritime Terrorism and International Law (Martinus Nijhoff 1990) 91 ––––, ‘The Expanding Law of Self-Defense’ (2006) 11(3) Journal of Conflict and Security Law 343 Roscini M, Cyber Operations and the Use of Force in International Law (1st edn, Oxford University Press 2014) Rosenau W, Subversion and Insurgency (RAND Corporation 2007) Rosendorff P and Sandler T, ‘The Political Economy of Transnational Terrorism’ (2005) 49(2) Journal of Conflict Resolution 171 Rothwell D and Stephens T, The International Law of the Sea (Hart Publishing 2010) Rubin B and Rubin J, Chronologies of Modern Terrorism (ME Sharpe 2008) Rudner M, ‘Protecting North America’s Energy Infrastructure Against Terrorism’ (2006) 19 International Journal of Intelligence and Counterintelligence 424 ––––, ‘Cyber-Threats to Critical National Infrastructure: An Intelligence Challenge’ (2013) 26(3) International Journal of Intelligence and Counterintelligence 453 Russel J, ‘Maritime Security in the Gulf: Addressing the Terrorist Threat’ (2006) 2 Security & Terrorism Research Bulletin 9 Sadoff D, ‘A Question of Determinacy: The Legal Status of Anticipatory Self-Defense’ (2009) 40(2) Georgetown Journal of International Law 523 Santella N and Steinberg L, ‘Accidental Releases of Hazardous Materials and Relevance to Terrorist Threats at Industrial Facilities’ (2011) 8(1) Journal of Homeland Security and Emergency Management Article 53 Schachte W, ‘The History of the Territorial Sea from a National Security Perspective’ (1990-1991) 1 Territorial Sea Journal 143 Schempf J, Pioneering Offshore: The Early Years (PennWell 2007) Schmid A, ‘The Links between Transnational Organized Crime and Terrorist Crimes’ (1996) 2(2) Transnational Organized Crime 66 ––––, ‘Terrorism and Energy Security: Targeting Oil and Other Energy Sources and Infrastructures’ in J Ellis (ed.), Terrorism: What’s Coming – The Mutating Threat (2007) 28

464

BIBLIOGRAPHY

––––, ‘The Definition of Terrorism’ in Schmid (ed.) Routledge Handbook of Terrorism Research (Routledge 2011) 39 ––––, ‘The Revised Academic Consensus Definition of Terrorism’ (2012) 6(2) Perspectives on Terrorism 158 Schmitt M, ‘Computer Network Attack and the Use of Force in International Law: Thoughts on a Normative Framework’ (1999) 37(3) Columbia Journal of Transnational Law 885 ––––, ‘Responding to Transnational Terrorism Under the Jus ad Bellum: A Normative Framework’ (2008) 56(1) Naval Law Review 1 Schofield C (ed.) Maritime Energy Resources in Asia: Legal Regimes and Cooperation (Special Report No. 37, National Bureau of Asian Research, February 2012) Sevounts G, ‘Addressing Cyber Security in the Oil and Gas Industry’ (2006) 233(3) Pipeline and Gas Journal 79 Sharp D, Offshore Oil and Gas Insurance (Witherby 1994) Shea D, ‘Critical Infrastructure: Control Systems and Terrorist Threat’ (CRS Report for Congress, US Congress, 2003) Shearer I, ‘Problems of Jurisdiction and Law Enforcement against Delinquent Vessels’ (1986) 35(2) International and Comparative Law Quarterly 320 Shie T, ‘Ports in a Storm? The Nexus Between Counterterrorism, Counterproliferation, and Maritime Security in Southeast Asia’ (2004) 4(4) Issues & Insights 1 Shull A, ‘Assessment of Terrorist Threats to the Canadian Energy Sector’ (Critical Energy Infrastructure Protection Policy Research Series No. 4-2006, CCISS, March 2006) Simonoff J, Restrepo C and Zimmerman R, ‘Trends for Oil and Gas Terrorist Attacks’ (Research Report No. 2, IIIP, 30 November 2005) Sinai J, ‘Future Trends in Worldwide Maritime Terrorism’ (2004) 3(1) The Quarterly Journal 49 Skaug L, ‘New Designs Advance Spar Technology into Deeper Water’ (1998) 96(44) Oil and Gas Journal 47 Spicer W, ‘Application of Maritime Law to Offshore Drilling Units – The Canadian Experience’ in I Townsend Gault (ed.), Offshore Petroleum Installations Law and Financing: Canada and the United States (International Bar Association 1986) 105 Srivastava A and Gupta JP, ‘New Methodologies for Security Risk Assessment of Oil and Gas Industry’ (2010) 88(6) Process Safety and Environmental Protection 407 Steinhausler F, Furthner P, Heidegger W, Rydell S and Zaitseva L, ‘Security Risks to the Oil and Gas Industry: Terrorist Capabilities’ (2008) 7(1) Strategic Insights 1 Stephens D, ‘The Impact of the 1982 Law of the Sea Convention on the Conduct of Peacetime Naval/Military Operations’ (1998–1999) 29(2) California Western International Law Journal 283 Stephens M, ‘The Oil and Natural Gas Industries: A Potential Target of Terrorists’ in R Kupperman and D Trent (eds), Terrorism: Threat, Reality, Response (Hoover Institution Press 1979) 200 Stephens T and Rothwell D, ‘The LOSC Framework for Maritime Jurisdiction and Enforcement 30 Years On’ (2012) 27 International Journal of Marine and Coastal Law 701 Stouffer K, Falco J and Scarfone K, ‘Guide to Industrial Control Systems (ICS) Security’ (Special Publication No. 800-82, National Institute of Standards and Technology, June 2011) Stracke N, ‘Economic Jihad: A Security Challenge for Global Energy Supply’ (2007) 6 Security & Terrorism Research Bulletin 26 Strouse T, ‘Will Nigeria’s Amnesty Campaign Have a Lasting Impact on the Delta Insurgency?’ (2009) 7(32) Terrorism Monitor 5 Summerskill M, Oil Rigs: Law and Insurance (Stevens & Sons 1979) Taft W, ‘Self-Defense and the Oil Platforms Case’ (2004) 29(2) Yale Journal of International Law 295 Tanaka Y, ‘The Guyana/Suriname Arbitration: A Commentary’ (2007) 2(3) Hague Justice Journal 28 Thedeen T, ‘Setting the Stage: The Vulnerability of Critical Infrastructures’ in K Frolov and G Baecher (eds), Protection of Civilian Infrastructure from Acts of Terrorism (Springer 2006) 33 Toft P, Duero A and Bieliauskas A, ‘Terrorist Targeting and Energy Security’ (2010) 38(8) Energy Policy 4411 Torhaug M, ‘Petroleum Supply Vulnerability Due to Terrorism at North Sea Oil and Gas Infrastructures’ in K Frolov and G Baecher (eds), Protection of Civilian Infrastructure from Acts of Terrorism (Springer 2006) 73

465

BIBLIOGRAPHY

Treves T, ‘The Rome Convention for the Suppression of Unlawful Acts Against the Safety of Maritime Navigation’ in Natalino Ronzitti (ed.), Maritime Terrorism and International Law (Martinus Nijhoff 1990) 69 Tsamenyi M, ‘Long-Range Identification and Tracking System for Vessels: Legal and Technical Issues’ in R Herbert-Burns, S Bateman and P Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis) 215 –––– and Mfodwo K, ‘Developing Capacity for Addressing Safety, Security and Marine Pollution Concerns Arising from the Oil and Gas Industry’ (Paper presented at the National Conference on Positioning the Transport Sector for the Successful Exploration of Ghana’s Oil & Gas, Accra, 15 July 2009) –––– and Palma MA, ‘Legal Considerations in the Implementation of Long-range Identification and Tracking Systems for Vessels’ (2007) 13(1) The Journal of International Maritime Law 49 ––––, Palma MA and Schofield C, ‘International Legal Regulatory Framework for Seafarers and Maritime Security Post-9/11’ in R Herbert-Burns, S Bateman and P Lehr (eds), Lloyd’s MIU Handbook of Maritime Security (Taylor & Francis 2009) 233 ‘The Memorial of the Government of the Republic of Finland’, Passage through the Great Belt (Finland v Denmark)(Provisional Measures) [1991] ICJ Rep 12. Turner T and Brownhill L, ‘Women’s Oil Wars in Nigeria’ (2002) 35(1) Labour, Capital and Society 132 Ulph S, ‘Saudi Arabia’s Islamist Insurgency’ in E Marquardt (ed.), Saudi Arabian Oil Facilities: The Achilles Heel of the Western Economy (Jamestown Foundation 2006) 13 Umbach F, ‘Global Energy Supply and Geopolitical Challenges’ in F Godement, F Nicolas and T Yakushiji (eds), Asia and Europe: Cooperating for Energy Security (Institut Français de Relations Internationales 2004) 141 UN, A More Secure World: Our Shared Responsibility – Report of the Secretary-General’s High-level Panel on Threats, Challenges and Change GA 59th session, Agenda Item 55, UN Doc A/59/565 (2 December 2004) UN, In Larger Freedom: Toward Development, Security, and Human Rights for All, Report of the SecretaryGeneral, UNGA, 59th session, Agenda Items 45 and 55, UN Doc A/59/2005 (21 March 2005) UN, Compilation of Information Received from Member States on Measures They Have Taken to Criminalize Piracy Under Their Domestic Law and to Support the Prosecution of Individuals Suspected of Piracy Off the Coast of Somalia and Imprisonment of Convicted Pirates, UNSC, UN Doc S/2012/177 (26 March 2012) UNCTAD, Maritime Piracy Part II: An Overview of the International Legal Framework and of Multilateral Cooperation to Combat Piracy (2014) Ungerer C, ‘Trends in International and Domestic Terrorism’ (Paper presented at the Safeguarding Australia Summit, Canberra, 3 October 2007) UNODC, Transnational Organized Crime in West Africa: A Threat Assessment (2013) US Navy, The Commander’s Handbook on the Law of Naval Operations (July 2007) Valencia M, ‘The Politics of Anti-Piracy and Anti-Terrorism Responses in Southeast Asia’ in G OngWebb (ed.), Piracy, Maritime Terrorism and Securing the Malacca Straits (ISEAS Publishing 2006) 84 Van den Hole L, ‘Anticipatory Self-Defence under International Law’ (2003) 19(1) American University International Law Review 69 Vanderheiden S, ‘Eco-Terrorism or Justified Resistance? Radical Environmentalism and the “War on Terror”’ (2005) 33(3) Politics and Society 425 Very F, ‘Maritime Aspects of Illegal Oil-bunkering in the Niger Delta’ (2012) 4(4) Australian Journal of Maritime and Ocean Affairs 109 von Heinegg WH, ‘Current Legal Issues in Maritime Operations: Maritime Interception Operations in the Global War on Terrorism, Exclusion Zones, Hospital Ships and Maritime Neutrality’ (2006) 80 International Law Studies 207 Wang P, ‘The Crime-Terror Nexus: Transformation, Alliance, Convergence’ (2010) 6(6) Asian Social Science 12 Watkin K, ‘Targeting “Islamic State” Oil Facilities’ (2014) 90 International Law Studies 499 Watts M (ed.), Curse of the Black Gold: 50 Years of Oil in Niger Delta (Powerhouse Books 2008)

466

BIBLIOGRAPHY

––––, ‘Petro-Insurgency or Criminal Syndicate? Conflict, Violence and Political Disorder in the Niger Delta’ (Working Paper No. 16, Institute of International Studies, 2008) Watts-Hosmer A, Stanton C and Beane J, ‘Intent to Spill: Environmental Effects of Oil Spills Caused by War, Terrorism, Vandalism, and Theft’ (Paper presented at 1997 International Oil Spill Conference, Fort Lauderdale, US, 7–10 April 1997) Waxman M, ‘Regulating Resort to Force: Form and Substance of the UN Charter Regime’ (2013) 24(1) European Journal of International Law 151 ––––, ‘Self-defensive Force Against Cyber Attacks: Legal, Strategic and Political Dimensions’ (2013) 89 International Law Studies 109 Weinberg L, Pedahzur A and Hirsch-Hoefler S, ‘The Challenge of Conceptualizing Terrorism’ (2004) 16(4) Terrorism and Political Violence 777 White M, ‘Offshore Oil and Gas Resources Sector Security’ (Research and Discussion Paper, University of Queensland, October 2011) Whitehead H, An A–Z of Offshore Oil and Gas (Gulf Publishing Company 1983) Williams J, ‘Al-Qaida Threats and Strategies: The Religious Justification for Targeting the International Energy Economy’ (Critical Energy Infrastructure Protection Policy Research Series No. 3, CCISS, March 2008) Williams S, ‘Offshore Installations: Practical Security and Legal Considerations’ (Center for International Maritime Security, 11 October 2013) http://cimsec.org/offshore-installations-practical-security-legalconsiderations/ accessed 1 December 2015 Woertz E, ‘Demography and Political Violence in the Middle East’ (2007) 6 Gulf Monitor 16 Woodford S, ‘Al-Qaeda and Saudi Arabia: A Chronology’ in E Marquardt (ed.), Saudi Arabian Oil Facilities: The Achilles Heel of the Western Economy (Jamestown Foundation 2006) 35 Yergin D, ‘Ensuring Energy Security’ (2006) 85(2) Foreign Affairs 69 ––––, The Prize: The Epic Quest for Oil, Money and Power (Free Press, first published 1991, 2008 edn) ––––, The Quest: Energy, Security, and the Remaking of the Modern World (Penguin Press 2011) Yetiv S, The Petroleum Triangle: Oil, Globalization, and Terror (Cornell University Press 2011) Zylstra A, ‘Piracy or Hooliganism: Detention of the Arctic Sunrise’ (2013) Publishing House “Analitika Rodis” 9

Cases Anglo-Norwegian Fisheries [1951] ICJ Rep 116 Arctic Sunrise (Kingdom of the Netherlands v Russian Federation)(Provisional Measures) (ITLOS, Case No. 22, 22 November 2013) Bow Valley Husky (Bermuda) Ltd v Saint John Shipbuilding Ltd (1995) 126 DLR (4th) 1 Bow Valley Husky (Bermuda) Ltd v Saint John Shipbuilding Ltd [1997] 3 SCR 1210 Castle John v NV Mabeco (1986) 77 ILR 537 (Belgian Court of Cassation) Claborne McCarty v Service Contracting Inc. [1971] AMC 90 Corfu Channel (United Kingdom v Albania)(Merits) [1949] ICJ Rep 4 Cyber Sea Technologies Inc. v Underwater Harvester Remotely Operated Vehicle (TD) (2002) FCT 794 Delimitation of the Maritime Boundary between Bangladesh and Myanmar in the Bay of Bengal (Bangladesh v Myanmar)(Judgment) (ITLOS, Case No. 16, 14 March 2012) Dome Petroleum Ltd v N Bunker Hunt [1978] 1 FC 11 (TD) Dome Petroleum v Hunt International Petroleum Co. [1978] 1 FC 11 Fair Work Ombudsman v Pocomwell Ltd (No. 2) [2013] FCA 1139 Fisheries Jurisdiction (Federal Republic of Germany v Iceland)(Merits) [1974] ICJ Rep 175 Global Marine Drilling v Triton Holdings Ltd [1999] ScotCS 277 Hassan M Ahmed v Republic [2009] eKLR (High Court of Kenya) Hemba v Freeport McMoran Energy Partners Ltd, 811 F.2d 276, 1988 AMC 304 (5th Cir.1987) In re Complaint of Sedco Inc. [1982] AMC 1461 Institute of Cetacean Research v Sea Shepherd Conservation Society, 43 ELR 20114 No. 12-35266 (Court of Appeals, 9th Circuit, 2013)

467

BIBLIOGRAPHY

Laffland Brothers Co. v Roberts, 386 Feb 2nd 540 (5th Circuit, 1967) Land and Maritime Boundary between Cameroon and Nigeria (Cameroon v Nigeria)(Merits) [2002] ICJ Rep 303 Legal Consequences of the Construction of a Wall in the Occupied Palestinian Territories (Advisory Opinion) [2004] ICJ Rep 136 Legality of the Threat or Use of Nuclear Weapons (Advisory Opinion) [1996] ICJ Rep 226 Longmire v Sea Drilling Corp, 610 F.2d 1342, 1980 AMC 2625 (5th Cir.1980) M/V Saiga (St Vincent and the Grenadines v Guinea)(Judgement) (ITLOS, Case No. 2, 1 July 1999) Marine Craft Constructors Ltd v Erland Blomqvist (Engineers) Ltd [1953] 1 Ll Rep 514 Marine Drilling Co. v Autin [1966] AMC 2013 Marine Environmental Services MC v International Oil Pollution Compensation Fund 1992 (Supreme Court, Full Session) Case No. 23/2006 Merchant’s Marine Insurance Ltd v North of England Protection and Indemnity Association (1926) 25 Ll LR 446 Military and Paramilitary Activities in and against Nicaragua (Nicaragua v United States of America)(Merits) [1986] ICJ Rep 14 Myrick v Teledyne Movible Offshore Inc., 516 F.Supp 602 (SD Tex 1981) Offshore Co. v Robinson [1959] AMC 2049 Oil Platforms (Islamic Republic of Iran v United States of America)(Judgement) [2003] ICJ Rep 161 Olsen v Shell Oil Co., 708 F.2d 976, 1984 AMC 580 (5th Cir.1983) Passage through the Great Belt (Finland v Denmark)(Provisional Measures) [1991] ICJ Rep 12 Producers Drilling Co. v Gray [1966] AMC 1260 R v Saint John Shipbuilding and Drydock Co (1981) 126 DLR (3d) 353 (FCA) Republic v Dahir et al. [2010] SCSC 86 (Supreme Court of Seychelles) Seafarers’ International Union of Canada v Crosbie Offshore Services Ltd [1982] 2 FC 855, (1982) DLR (3rd) 485 (CA) Seafarers’ Training, Certification and Watchkeeping Code, adopted 7 July 1995, (entered into force 1 February 1997) Shell Offshore Inc. v Greenpeace Inc., 43 ELR 20051 No. 12-35332 (Court of Appeals, 9th Circuit, 2013) Shibamoto & Co. v Western Fish Producers (1989) 63 DLR (4th) 549 (FCA) SS ‘I’m Alone’ (Canada v United States) 3 RIAA 1615 St John Pilot Commissioners and the Attorney-General for the Dominion of Canada v Cumberland Railway & Coal Co. [1910] AC 208 Steedman v Scofield [1992] 2 Lloyd’s Rep 163 The Titan (1923) 14 Ll LR 484 United States v Dire et al., F.3d WL 1860992 (Court of Appeals, 4th Circuit, 2012) United States v Hasan, 747 F.Supp.2d 599 WL 4281892 (E.D. Va., 2010) Weeks v Ross [1913] 2 KB 229

Treaties Amendments to the Annex to the International Convention for the Safety of Life at Sea, opened for signature 12 December 2002, [2003] ATNIF 11 (entered into force 1 July 2004) Amendments to the International Convention for the Prevention of Pollution of the Sea by Oil, 1954, adopted 11 April 1962, 600 UNTS 332 (entered into force 18 May and 28 June 1967) Amendments to the International Convention for the Prevention of Pollution of the Sea by Oil, 1954, adopted 21 October 1969, 1140 UNTS 340 (entered into force 20 January 1978) Amendments to the International Convention for the Prevention of Pollution of the Sea by Oil, 1954, Concerning Tank Arrangements and Size, adopted 15 October 1971, 11 ILM 267 (not yet in force) Amendments to the Limits of Compensation in the Protocol of 1992 to amend the International Convention on the Establishment of an International Fund for Compensation for Oil Pollution Damage 1971 [2004] ATS 28. Charter of the United Nations, adopted 26 June 1945, 59 Stat 1031 (entered into force 24 October 1945) Code for the Construction and Equipment of Mobile Offshore Drilling Units (MODU Code)

468

BIBLIOGRAPHY

Convention and Statute of the International Regime of Maritime Ports 1923, adopted 9 December 1923, 58 LNTS 285 (entered into force 26 July 1926) Convention for the Prevention of Marine Pollution by Dumping from Ships and Aircraft 1972, adopted 15 February 1972, 11 ILM 262 (entered into force 7 April 1974) Convention for the Suppression of Unlawful Acts against the Safety of Civil Aviation 1971, adopted 23 September 1971, 974 UNTS 14118 (entered into force 26 January 1973) Convention for the Suppression of Unlawful Acts Against the Safety of Maritime Navigation 1988, opened for signature 10 March 1988, 1678 UNTS 201 (entered into force 1 March 1992) Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation 2005, opened for signature 14 February 2006, IMO Doc LEG/CONF.15/21 (entered into force 28 July 2010) Convention for the Suppression of Unlawful Seizure of Aircraft 1970, adopted 16 December 1970, 860 UNTS 12325 (entered into force 14 October 1971) Convention on Civil Liability for Oil Pollution Damage resulting from Exploration for and Exploitation of Seabed Mineral Resources 1977, adopted 1 May 1977, 16 ILM 1451 (not yet in force) Convention on the Continental Shelf 1958, opened for signature 29 April 1958, 499 UNTS 311 (entered into force 10 June 1964) Convention on the High Seas 1958, opened for signature 29 April 1958, 450 UNTS 82 (entered into force 30 September 1962) Convention on the International Maritime Satellite Organization 1976, adopted 3 September 1976, 1143 UNTS 105 (entered into force 16 July 1979) Convention on the International Regulations for Preventing Collisions at Sea 1972, adopted 20 October 1972, 1050 UNTS 16 (entered into force 15 July 1977) Convention on the Physical Protection of Nuclear Material 1979, adopted 17 December 1979, 1456 UNTS 24631 (entered into force 8 February 1987) Convention on the Prevention and Punishment of Crimes against Internationally Protected Persons, including Diplomatic Agents 1973, adopted 14 December 1973, 1035 UNTS 15410 (entered into force 20 February 1977) Convention on the Prevention of Marine Pollution by Dumping of Wastes and other Matter 1972, adopted 29 December 1972, 1046 UNTS 120 (entered into force 30 August 1975) Convention on the Protection of the Marine Environment of the Baltic Sea Region 1974, adopted 22 March 1974, 13 ILM 546 (entered into force 3 May 1980) Convention on the Territorial Sea and the Contiguous Zone 1958, opened for signature 29 April 1958, 516 UNTS 205 (entered into force 10 September 1964) Draft Convention on Offshore Units, Artificial Islands and Related Structures Used in the Exploration for and Exploitation of Petroleum and Seabed Mineral Resources 2001, May 2001 draft (not yet adopted and not in force). International Convention against the Taking of Hostages 1979, opened for signature 18 December 1979, 1316 UNTS 205 (entered into force 3 June 1983) International Convention for the Control and Management of Ships’ Ballast Water and Sediments 2004, adopted on 13 February 2004, BWM/CONF/36 (not yet in force) International Convention for the Prevention of Marine Pollution from Ships 1973, adopted 2 November 1973, 1340 UNTS 184 (entered into force 2 October 1983) International Convention for the Prevention of Pollution of the Sea by Oil 1954, adopted 12 May 1954, 327 UNTS 3 (entered into force 26 July 1958), as amended in 1962, 1969 and 1971 International Convention for the Safe and Environmentally Sound Recycling of Ships 2009, adopted 15 May 2009, IMO Doc SR/CONF/45 (not yet in force) International Convention for the Safety of Life at Sea 1974, opened for signature 1 November 1974, 1184 UNTS 2 (entered into force 25 May 1980) International Convention for the Suppression of Acts of Nuclear Terrorism 2005, adopted 13 April 2005, 2445 UNTS 89 (entered into force 7 July 2007) International Convention for the Suppression of Terrorist Bombings 1997, opened for signature 12 January 1998, 2149 UNTS 284 (entered into force 23 May 2001) International Convention for the Suppression of the Financing of Terrorism 1999, opened for signature 9 December 1999, 39 ILM 270 (entered into force 10 April 2002)

469

BIBLIOGRAPHY

International Convention for the Unification of Certain Rules relating to Bills of Lading for the Carriage of Goods by Sea 1924, adopted 25 August 1924, 120 LNTS 155 (entered into force 2 June 1931) International Convention on Civil Liability for Bunker Oil Pollution Damage 2001, adopted 23 March 2001, 40 ILM 1493 (entered into force 21 November 2008) International Convention on Civil Liability for Oil Pollution Damage 1969, adopted 29 November 1969, 973 UNTS 3 (entered into force 19 June 1975) International Convention on Limitation of Liability for Maritime Claims 1976, adopted 19 November 1976, 1456 UNTS 221 (entered into force 1 December 1986) International Convention on Oil Pollution Preparedness, Response and Co-operation 1990, adopted 30 November 1990, 30 ILM 1991 (entered into force 13 May 1995) International Convention on Salvage 1989, adopted 28 April 1989, 1953 UNTS 165 (entered into force 14 July 1996) International Convention on Standards of Training, Certification and Watchkeeping for Seafarers 1978, opened for signature 1 December 1978, 1361 UNTS 2 (entered into force 28 April 1984) International Convention on the Control of Harmful Anti-fouling Systems on Ships 2001, adopted on 5 October 2001, AFS/CONF/26 (17 September 2008) International Convention on the Establishment of an International Fund for Compensation for Oil Pollution Damage 1971, adopted 18 December 1971, 1110 UNTS 57 (entered into force 16 October 1978) International Convention on the Removal of Wrecks 2007, adopted 18 May 2007, 46 ILM 694 (entered into force 14 April 2015) International Convention Relating to Intervention on the High Seas in Cases of Oil Pollution Casualties 1969, adopted 29 November 1969, 970 UNTS 211 (entered into force 6 May 1975) Protocol for the Suppression of Unlawful Acts against the Safety of Fixed Platforms located on the Continental Shelf 1988, opened for signature 10 March 1988, 1678 UNTS 304 (entered into force 1 March 1992) Protocol for the Suppression of Unlawful Acts against the Safety of Fixed Platforms located on the Continental Shelf 2005, opened for signature 14 February 2006, IMO Doc LEG/CONF.15/22 (entered into force 28 July 2010) Protocol for the Suppression of Unlawful Acts of Violence at Airports Serving International Civil Aviation 1988 (supplementary to the Convention for the Suppression of Unlawful Acts against the Safety of Civil Aviation 1971), adopted 24 February 1988, 1589 UNTS 473 (entered into force 6 August 1989) Protocol of 1978 Relating to the International Convention for the Prevention of Marine Pollution from Ships 1973, adopted 17 February 1978, 1340 UNTS 61 (entered into force 2 October 1983) Protocol of 1992 to Amend the International Convention on Civil Liability for Oil Pollution Damage of 29 November 1969, adopted 27 November 1992, 1956 UNTS 255 (entered into force 30 May 1996) Protocol of 1992 to the International Convention on the Establishment of the International Fund for Compensation for Oil Pollution Damage of 1997, 1862 UNTS 509 (entered into force 22 November 1994) Protocol of 2003 to the International Convention on the Establishment of an International Fund for Compensation for Oil Pollution Damage 1992 [2005] ATNIF 21 Protocol of 2005 to the Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation, opened for signature 14 February 2006, IMO Doc LEG/CONF.15/21 (entered into force 28 July 2010) Protocol of 2005 to the Protocol for the Suppression of Unlawful Acts against the Safety of Fixed Platforms Located on the Continental Shelf, opened for signature 14 February 2006, IMO Doc LEG/CONF.15/22 (entered into force 28 July 2010) Seafarers’ Identity Documents Convention (Revised) 2003, opened for signature 19 June 2003, 2304 UNTS 121 (entered into force 9 February 2005) Seafarers’ Identity Documents Convention 1958, opened for signature 13 May 1958, ILO Convention No. C108 (entered into force 19 February 1961) United Nations Convention against Transnational Organized Crime 2000, opened for signature 15 November 2000, 40 ILM 353 (entered into force 29 September 2003) United Nations Convention on Conditions for Registration of Ships 1986, adopted 7 February 1986, 26 ILM 1229 (not yet in force) United Nations Convention on the Law of the Sea 1982, opened for signature 10 December 1982, 1833 UNTS 3 (entered into force 16 November 1994)

470

INDEX

Please note that non-textual matter such as Figures or Tables will be in italics.

9/11 terrorist attacks 21, 68, 69, 181, 254; see also international regulatory framework, prior to 9/11; international regulatory framework, post 9/11 Aban VII jack-up rig attack (2007) 61 abduction 60, 128–29, 141–42 ABOT see Al Basrah Oil Terminal (ABOT) attack, Iraq (2004) Abqaiq oil refinery, attack on (2006) 118 ABS see American Bureau of Shipping Abu Sayyaf Group (ASG) 66 access control 342–43 Achille Lauro attack (1985) 20, 229, 230, 258 Ackerman, Gary 110, 125 Afghanistan, US military intervention in 293 Africa 62 Africa Marine Commando 80 aircraft, use of as weapons 142–43 AIS see Automatic Identification System ALARP see as low as reasonably practicable principle Al Basrah Oil Terminal (ABOT) attack, Iraq (2004) 66, 68, 71, 131, 143, 146, 193, 194, 301, 388 ALF see Animal Liberation Front Al-Jazeera 132 Al-Qaeda 66, 67, 68, 69, 70, 71, 97; target selection considerations 126, 132; training manual 119; and vulnerabilities of installations 118, 119 al-Zawahiri, Ayman 132 American Bureau of Shipping (ABS) 167 American Petroleum Institute (API) 23, 148; SRA methodology 54, 55, 56, 103, 104, 108, 112, 113, 126, 136, 332; standards 307, 309, 311

Anglo-Norwegian Fisheries (1951) 165 Animal Liberation Front (ALF) 81, 82 Animal Rights Militia (ARM) 81 anticipatory self-defence 297–99 anti-malware software 368 Apache 27 API see American Petroleum Institute Arabian-American Oil Company (Aramco) 27 archipelagic waters, offshore oil and gas installations in 200–1 Arctic region 27 Arctic Sunrise (Kingdom of the Netherlands v Russian Federation) (2013) 206, 212 ARM see Animal Rights Militia ‘armed attacks’: conduct constituting 289–95; cyber attacks on offshore installations as 294–95; effects-based approach 294; evaluation 140–41; justifying resort to force in self-defence 290; kinetic attacks on offshore installations as 293–94; by nonstate actors 292–93; shows of force and gun boat diplomacy 289; threats or uses of force 289 armed intrusion 60 arrest, 1988 SUA Convention 235–36 ‘artificial islands,’ fixed offshore installations as 163 Asal, Victor 70, 112 ASG see Abu Sayyaf Group as low as reasonably practicable (ALARP) principle 380 assets and operations, offshore 25–52; global offshore oil and gas industry 26–30; identification 25–26; installation types 30–40; interaction with other maritime industry participants 50–51; offshore installation crew 42, 44–48, 47;

471

INDEX

organisational and operational aspects 40–51; organisational structure of an oil company 41–42, 43; property in a place outside the jurisdiction of any state 223–24; supervisory control systems 48–50 attacks on offshore installations: from 1975 to 2014 17–19; abduction 128–29, 141–42; credibility considerations 16, 147; cyber attacks 144–45; detonation of explosives or bombs 138–39; direct 140; hostage taking 117, 141–42; identity of perpetrators 386–87; and interferences methods/scenarios 137–46; internal attacks/interferences 143–44; issues concerning data on 16–17; likelihood of 148–49; location of 385; method of attack 388; misreporting of details 17; numbers 385; offshore installations attack dataset 17–18, 59, 127, 147, 400–33; petroleumrelated targets and attacks 15–16; protests and interferences 145–46; reasons for 387–88; reliability of sources 16; ship or aircraft, use of as weapon 142–43; simultaneous attacks and interferences 146; takeover and seizure 141; threat of attack or bomb threat 137–38; types of installations attacked or in need of protection 386; underwater attacks 139–40; see also ‘armed attacks’; consequences of offshore attacks/threats; offshore target selection considerations; violence; specific incidents Australia: Maritime Security Identification Card scheme 267n; Maritime Transport and Offshore Facilities Security Act 2003 (MTOFSA) 175, 176, 267; Port Statistics Act 1977 175 Australian National Counter Terrorism Committee (NCTC) 65 authentication 364, 366 automated monitoring tools 369 Automatic Identification System (AIS) 257, 390 availability of target information, as vulnerability 119 Baev, Pavel 136 Bahgat, Karim 58, 68 Baker Hughes 28 Balkin, Rosalie 152 Banlaoi, Rommel 6 Barton, Barry 5 Basic Principles on the Use of Force and Firearms by Law Enforcement Officials (BPUFF) 347 Bateman, Sam 6–7

BCN weapons see biological, chemical and nuclear (BCN) weapons Bergin, Anthony 6–7 BHP Billiton 27, 310 Bin Laden, Osama 69 biological, chemical and nuclear (BCN) weapons 270, 271, 274 bombings of oil and gas installations 79, 138–39 Bonga FPSO attack (2008), Nigeria 76, 123, 125, 129, 130, 133 bottom-supported structures, tension-leg platform 33 Bow Valley Husky (Bermuda) Ltd v Saint John Shipbuilding Ltd (1995) 166, 167 BP 27, 310 BPUFF see Basic Principles on the Use of Force and Firearms by Law Enforcement Officials Brazil 283–84 Breemer, Jan 20 Brent Spar offshore platform protest (1995) 84 Bulford Dolphin offshore drilling rig attack (2007) 61, 76 Canada Marine Act 1998 177 Canadian Natural 27 capabilities and tactics (offshore security threats): civil protest 86–87; cyber threats 97–99; evaluation framework 60–61; insurgency 76–77; internal sabotage 89–90; inter-state hostilities 94; organised crime 80; piracy 63–64; terrorism 70–71; vandalism 83–84 Caribbean Sea region 92 Caspian Sea region 8, 27, 92 Castle John v NV Mabeco (1986) 223 CCTV see closed circuit television cell spar 37 CEN see European Committee for Standardization Central Intelligence Agency (CIA), US 71 Centre for the Protection of National Infrastructure (CPNI) 88–89 CE Thornton (US-owned oil drilling rig) 94 Chappell, Brian 365 Charter of the United Nations 208, 389; Article 2(4) 289; Article 51 287, 289, 292, 293, 294, 295, 296, 297, 298, 302, 303, 393, 394 Chaudet, Claude 4 Chevron 27, 310; Oloibiri FSO, attack on (2007) 128–29; Parabe offshore oil platform, occupation (1998) 86, 145 China, tension with Vietnam 93 China National Petroleum Corporation (CNPC) 27

472

INDEX

Chinese People’s Liberation Army (PLA) 95 Churchill, Robin 221, 222 CIA see Central Intelligence Agency CIP see critical infrastructure protection civil protest, evaluation of as threat 84–87; capabilities and tactics 86–87; geography/enabling factors 85; motivations and objectives 85–86; ranking 106; see also Greenpeace classic spar 37 closed circuit television (CCTV) 345, 346 CMI see Comité Maritime International (CMI) CNPC see China National Petroleum Corporation Code of Practice on Security in Ports 171 Cold War 9 Colombia, insurgent groups in 74–75 Comité Maritime International (CMI) 244; Draft Guidelines 279–80, 303, 394; Model National Law on Acts of Piracy and Maritime Violence (CMI Model Law) 253, 254 command, control and response capability 370–71 communication and coordination 335–36 community engagement and local integration 373–75 company security officer (CSO) 42 company specifications and practices 310–11 compliance management 379 compliant platform structure, fixed installations 31, 33, 40 condensate 3 confidentiality 366 ConocoPhillips 27, 310 consequences of offshore attacks/threats 126–36; damage to/destruction of offshore installations 127–28; economic costs and financial losses 130–31; economic externalities 132; environmental harm 128; fear and intimidation 132–34; inability to achieve desired effects 135; loss of confidence and industry reputation 134; loss of life/personal injury 127; petroleum price rises and market fluctuations 131–32; petroleum supply disruptions 129–30; political and foreign relations impacts 134–35; process interruptions and shutdowns 128–29; ‘type of effect’ attractiveness factors 126; undesired effects on external stakeholders 135–36; see also attacks on offshore installations; target selection considerations; violence constructive presence doctrine 213

contiguous zone: Convention on the Territorial Sea and the Contiguous Zone 1958 183–84; offshore oil and gas installations in 199–200 continental shelf, offshore installations in: beyond 200 nautical miles 214–16; enforcement jurisdiction 207–14, 215–16; protection measures 202–7, 215 Continental Shelf Convention 1958 185–87 contract management 376–77 controls, offshore security 323, 328–79; personnel 352–58; physical 340–52; procedural 331–40; residual risk management, and continuous improvement 379–81; SMS components 323, 325; stakeholder security 371–79; technical 359–71 Convention against Transnational Organized Crime (UNTOC) 251–52, 254–55 Convention on the Territorial Sea and the Contiguous Zone 1958 183–84 Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation 1988 SUA Convention 231–27, 240, 242, 243, 253, 254; application to offshore installations 231–33; arrest, extradition and prosecution 235–36; enforcement 236–37; ‘extradite or prosecute’ requirement 235; jurisdiction 234–35; offences 233–34; 2005 SUA Convention 256, 270–276, 303, 389, 396; travaux preparatoires 234 Corfu Channel (United Kingdom v Albania) (1949) 195–96 CPNI see Centre for the Protection of National Infrastructure credibility considerations 16, 147, 322 critical infrastructure 1n; cyber vulnerabilities 120 critical infrastructure protection (CIP) 23 crude oil 3, 128 cryptographic algorithm 367 cryptographic key 367 cryptographic protection 366–68 CSO see company security officer Cuba, attacks against terminals and oil storage depots in (1960s) 74 cyber attacks 144–45; as ‘armed attacks’ 294–95 Cyber Sea Technologies Inc v Underwater Harvester Remotely Operated Vehicle (TD) (2002) 166 cyber-terrorism 65n cyber threats, evaluation 94–99; capabilities and tactics 97–99; definitions 95; geography/enabling factors 95–96; motivations and objectives 96–97; ranking 107–8 cyber vulnerabilities 120–21

473

INDEX

Davis-Besse Nuclear Power Station, computer worm attack (2003) 120 DCS see Distributed Control System decryption 367 Deepwater Horizon disaster, Gulf of Mexico (2010) 122 Deepwater Port Act 1974 (DWPA), United States 176, 177 Delimitation of the Maritime Boundary between Bangladesh and Myanmar in the Bay of Bengal (Bangladesh v Myanmar) (2012) 215 dense concentration/interconnectivity of offshore target, as vulnerability 117–18 Denton, Robert 19 depredation, act of 221–22 desired effects, inability to achieve resulting from offshore attacks 135 detention, piracy law 221–22 Det Norske Veritas (DNV) 167 Devon 27 Dhirubhai Deepwater KG1 (ultra-deepwater drill ship) 29 Diamond Offshore 28 Dinstein, Yoram 290, 294, 297 Diplomatic Conference on Maritime Security (2002) 171, 256, 261 Diplomatic Conference on the Revisions of the SUA Treaties (2005) 269 direct attacks 140 Distributed Control System (DCS) 49 DNV see Det Norske Veritas Dome Petroleum v Hunt International Petroleum Co. (1978) 166 domestic law, and piracy law 228–29 Dragonfly (hacker group) 144 drilling barges, mobile installations 34, 36, 40 drilling companies 28 drilling ships, mobile installations 37–38 drills and exercises, security 339–40 drill ships 34, 40, 153, 231 ‘dual status approach’ 159–62, 227 DWPA see Deepwater Port Act 1974, United States Earth First! 81 Earth Liberation Front (ELF) 81, 82, 83 East China Sea 92 economic costs, offshore attacks 130–31 economic externalities, offshore attacks 132 eco-terrorism 83 EEZ see exclusive economic zone EFQM see European Foundation for Quality Management

EIAD see Energy Infrastructure Attack Database electro-magnetic engine stoppers 350 ELF see Earth Liberation Front employees, offshore see personnel, offshore encryption 367 Energy Infrastructure Attack Database (EIAD) 15 energy security, lack of universal definition of term 5 enforcement: jurisdiction see enforcement jurisdiction; 1988 SUA Convention 236–37; 1988 SUA Protocol 240 enforcement jurisdiction: archipelagic waters 201; continental shelf beyond 200 nautical miles 215–16; exclusive economic zone/continental shelf 202–14; internal waters 190; seabed beyond national jurisdiction, installations in 219–20; territorial sea 197–99 engine stoppers 350 ENISA see European Union Agency for Network and Information Security Enso 28 environmental harm 128 Equatorial Guinea, Zafiro Offshore Oil Terminal (ZOOT) 179, 206 equipment/components on board, sensitivity 121–22 escalated response actions 348 Esmaeili, Hossein 155, 162n, 165, 192 Estaf FSO attack (2010) 61 European Committee for Standardization (CEN) 307, 308 European Foundation for Quality Management (EFQM) 312, 321; Excellence Model 319, 320 European Union Agency for Network and Information Security (ENISA) 49–50 evaluation framework, offshore security threats: capabilities and tactics 60–61; geography/enabling factors 57–59, 62; motivations and objectives 59–60; see also cyber threats; insurgency; internal sabotage; inter-state hostilities; organised crime; piracy; terrorism; vandalism exclusion zones 205 exclusive economic zone (EEZ), installations in 61, 116, 202–14, 393; enforcement jurisdiction 207–14; Equatorial Guinea 206; Law of the Sea Convention framework 188, 196, 201, 206, 209; Nigeria 206; protection measures 202–27; safety zones around offshore installations, extension 283, 284 execution and control activities 325

474

INDEX

‘extradite or prosecute’ requirement, SUA framework 235 extradition, 1988 SUA Convention 235–36 ExxonMobil 27, 310 facilities, offshore see installations, offshore Fair Work Ombudsman v Pocomwell Limited (2013) 167 FARC see Revolutionary Armed Forces of Colombia ‘fatwa’ 69, 70 FDPSOs see floating drilling, production, storage and offloading units fear and intimidation 132–34 Federal Law on Internal Marine Waters, Territorial Sea and Contiguous Zone, Russian Federation 178 financial losses, offshore attacks 130–31 Fisheries Jurisdiction (1974) 165 fixed offshore installations 31–34, 153; as ‘artificial islands’ 163; compliant platform structure 31, 33, 40; gravity based structure (GBS) 31, 33, 40; jacket structure 31, 32, 40; as ships 154–55; tension-leg platform 33–34 FLEC see Front for the Liberation of the Enclave of Cabinda FLNGs see floating liquefied natural gas units floating drilling, production, storage and offloading units (FDPSOs): as mobile offshore installations 34, 38–39, 40; as ships 153 floating liquefied natural gas units (FLNGs), as mobile offshore installations 39–40 floating production, storage and offloading units (FPSOs) 28; export of oil 168; ISPS Code 262, 263; as mobile offshore installations 34, 38, 40; as ships 153–54, 155, 158; SUA framework 231; vulnerabilities 115 floating production units (FPUs) 28 floating storage and offloading units (FSOs): export of oil 168; ISPS Code 263; as mobile offshore installations 38, 40; as ships 153, 154, 155; SUA framework 231 floating storage and regasification units (FSRUs) 28; as mobile offshore installations 39, 40 floating storage units (FSUs): ISPS Code 262; as mobile offshore installations 38; as ships 154, 158 Forbes, Andrew 7 Forcados offshore oil terminal, attack on (2009) 76–77, 127, 138 FPSOs see floating production, storage and offloading units

FPUs see floating production units Front for the Liberation of the Enclave of Cabinda (FLEC) 138 F-Secure (anti-virus provider) 99 FSOs see floating storage and offloading units FSRUs see floating storage and regasification units FSUs see floating storage units gas industry: resources, value 10, 11; see also installations, offshore Gazprom 27 GBS see gravity based structure General National Congress, Libya 22 Geneva Conventions 1958 182–87; Convention on the Continental Shelf 185–87; Convention on the High Seas 184–5; Convention on the Territorial Sea and the Contiguous Zone 183–84 geography/enabling factors (offshore security threats): civil protest 85; cyber threats 95–96; evaluation framework 57–59, 62; insurgency 73–74; internal sabotage 89; inter-state hostilities 92–93; organised crime 78–79; piracy 62; terrorism 67–68; vandalism 82 Giroux, Jennifer 21 Gold, Edgar 162 Goldsmith, Tom 369 government relations management 372–73 gravity based structure (GBS), fixed installations 31, 33, 40 Greenburg, Michael 66 Greenpeace 84, 87, 106, 146, 212, 223 GSPC see Salafist Group for Preaching and Combat Guidelines for Safety Zones and Safety of Navigation around Offshore Installations and Structures 284 Guidelines for the Development of National Maritime Security Legislation 282–83, 303, 390, 392, 393 Guidelines on Security-Related Training and Familiarization for Shipboard Personnel 285 Guilfoyle, Douglas 223 Gulf of Guinea 27, 62, 80, 128 Gulf of Mexico 27; Deepwater Horizon disaster (2010) 122 Gulf War (1991) 91 Guyana v Suriname (2008) 208, 211 hacktivism 95, 97 Halliburton 28 Hansen, Hans Tino 101

475

INDEX

hardware and software integrity and patch management 362–63 Harel, Assaf 300 Hastings, Justin 70, 112 Hawkes, Kenneth 6 head security officer 42 Herbert-Burns, Rupert 38, 115, 126 Hezbollah 66, 67 1958 High Seas Convention 184–85 Hilpert, Caroline 21 1979 Hostages Convention 249–51, 254–55 hostage taking 117, 141–42, 249–50 hot pursuit, right of 198–99 hydrocarbons 3, 12–13 IACS see International Association of Classification Societies IADC see International Association of Drilling Contractors ICJ see International Court of Justice ICSs see industrial control systems ICT see information and communication technology IDE see International Data Exchange identity management, personnel 354–55 IDSs see intruder detection systems IEA see International Energy Agency IEC see International Electrotechnical Commission IEDs see improvised explosive devices ILC see International Law Commission immediate response actions 348 IMO see International Maritime Organization improvised explosive devices (IEDs) 138 IMSO see International Mobile Satellite Organization incident management, security 349–51 industrial control systems (ICSs) 48, 49, 96, 98; technical security controls 360, 363 industry partnerships and mutual aid 375–76 industry self-regulation 309–10 information and communication technology (ICT) 94 innocent passage and protection measures 183–84, 191–97 installations, offshore 30–40; application of 1988 SUA Convention 231–33; application of 1988 SUA Protocol 237–38; in the archipelagic waters 200–1; attacks on see attacks on offshore installations; consequences of attacks or threats see consequences of offshore attacks/threats; in the contiguous zone 199–200; on the continental shelf beyond 200 nautical miles

214–16; damage to/destruction of 127–28; in the EEZ and on the continental shelf 202–14; extension of safety zones around 283–5; fixed 31–34; installation vs. structure 159–60; interference with see interference with offshore installations; internal seizures 227–28; in the internal waters 189–90; legal status see legal status of offshore installations; legal treatment as ships 224–25; location of 51, 116–17; maritime zones of jurisdiction in 189; mobile 34–40; numbers of attacks on 385; and piracy law 220–29; as ports 168–79; on the seabed beyond national jurisdiction 216–20; selfdefence rights 287–303; as separate category 162–64; terminology 3–4; in the territorial sea 190–99; threats to see threats, offshore security; types in need of protection 386; unmanned 31, 343; use of self-defence to protect 295–303 Institute of Cetacean Research v Sea Shepherd Conversation Society (2013) 222, 223 insurgency, evaluation of as threat 71–77, 387; capabilities and threats 76–77; geography/enabling factors 73–74; motivations and objectives 74–76; ranking 105 integrity 366; hardware and software 362–63; physical security controls 341–42 interferences with offshore installations: and internal attacks 143–44; methods/scenarios 137–46; and protests 145–46; simultaneous attacks and interferences 146; see also attacks on offshore installations; consequences of offshore attacks/threats; threats, offshore security internal sabotage see sabotage (internal), evaluation of as threat internal waters, offshore oil and gas installations in 189–90 International Association of Classification Societies (IACS) 167 International Association of Drilling Contractors (IADC) 309 International Association of Oil & Gas Producers (IOGP) 23, 304, 320, 371, 377; industry partnerships and mutual aid 375–76; OMS framework 313, 314; security management systems 304, 311–12, 315, 324; standards 305–6, 307, 308–9; see also operating management system (OMS); security management systems (SMS) International Convention for the Safety of Life at Sea (SOLAS): amendments of 2002

476

INDEX

256–58; mobile offshore drilling units 259; Non-SOLAS Security Guidelines 280–82, 303, 390, 393; requirements of 392 International Court of Justice (ICJ), Advisory Opinion on Legality of the Threat of Use of Nuclear Weapons (1996) 289, 296 International Data Exchange (IDE), LRIT 279 International Electrotechnical Commission (IEC) 305, 307 International Energy Agency (IEA) 5, 9 International Law Commission (ILC) 184 International Maritime Organization (IMO) 16n; Diplomatic Conference on the adoption of the ISPS Code (2002) 171, 256, 261; General Provisions on routing of ships 246–49; IMO Resolution A.671 (16) on safety zones 245–46; Legal Committee (LEG) 156; Maritime Safety Committee 256; Resolution A.572(14) 246; Resolution A.584(14) 230; Resolution A.671(16) 161, 246, 390, 391; Resolution A.924(22) 269; Resolution A.1079(28) 286; SubCommittee on Safety of Navigation (NAV) 248, 249, 284; Sub-Committee on Standards of Training and Watchkeeping (STW) 285 International Mobile Satellite Organization (IMSO) 279 international oil companies (IOCs) 14, 27, 310, 311; see also national oil companies (NOCs) International Oil Pollution Compensation Funds (IOPCF) 158 International Organization for Standardization (ISO) 305, 306, 308, 311, 312, 316–17; ISO 13702:1999 306; ISO 15544:2000 306; ISO 17776:2000 306; ISO 10007:2003 339; ISO/IEC 90003:2004 339; ISO 9001:2008 315; ISO 31000:2009 316, 317; ISO 3864-1:2011 343; ISO/IEC 270010:2012 336; ISO 22397:2014 375 International Petroleum Industry Environmental Conservation Association (IPIECA) 309, 374 international regulatory framework, prior to 9/11 181–255; Convention against Transnational Organized Crime 2000 (UNTOC) 251–52, 254–55; enforcement jurisdiction 190, 197–99, 201, 207–14; Geneva Conventions 1958 182–87; 1979 Hostages Convention 249–51, 254–55; IMO General Provisions on routing of ships 246–49; IMO Resolution A.671 (16) on safety zones 245–46; installations in the EEZ/continental shelf 202–14; issues applicable to both 1988

SUA treaties 240–44; Law of the Sea Convention framework 187–229; model national law on acts of piracy and maritime violence 252–54; offshore oil and gas installations in archipelagic waters 200–01; offshore oil and gas installations in contiguous zone 199–200; offshore oil and gas installations in continental shelf beyond 200 nautical miles 214–16; offshore oil and gas installations in EEZ/continental shelf 202–14; offshore oil and gas installations in internal waters 189–90; offshore oil and gas installations in seabed beyond national jurisdiction 216–20; offshore oil and gas installations in territorial sea 190–99; pre-1958 legal framework 182; protection measures 190, 200–1, 202–7; protection measures and innocent passage 191–97; SUA framework 1998 229–44 international regulatory framework, post 9/11 256–303; CMI Draft Guidelines 279–80, 303, 394; Guidelines for the Development of National Maritime Security Legislation 282–83, 303, 390, 392, 393; ISPS Code 258–65; long-range identification and tracking of ships 276–9; Non-SOLAS Security Guidelines 280–82, 303, 390, 393; safety zones around offshore installations, extension 283–85; seafarer identification framework 265–69; security training of seafarers and offshore personnel 285–87; self-defence rights and offshore installations 287–303; SOLAS Convention amendments 2002 256–58; SUA framework amendments 2005 269–76 International Seabed Authority (ISA) 217 International Ship and Port Facility Security Code (ISPS Code) 258–65, 378, 389; on contamination 261; definition of ship 259–60; international voyage 259; mobile offshore drilling units 259, 260, 262, 263–64; personnel security controls 356 International Ship Security Certificate 263 International Telecommunication Union (ITU) 305; ITU Recommendations 365 International Tribunal for the Law of the Sea (ITLOS) 84, 212–13, 215 inter-state hostilities, evaluation of as threat 90–94; capabilities and tactics 94; geography/enabling factors 92–93; motivation and objectives 93–94; ranking 106–7 intruder detection systems (IDSs) 344

477

INDEX

KAAOT see Khawr Al Amaya Oil Terminal (KAAOT) attack, Iraq (2004) Kaye, Stuart 207n, 209, 217, 227, 293 Khawr Al Amaya Oil Terminal (KAAOT) attack, Iraq (2004) 66–67, 71, 131, 143, 146, 193, 194, 301, 388 kinetic attacks on offshore installations 293–94 Klein, Natalie 6, 207, 289, 300–1 Korin, Anne 5 Kuwait, Iraqi invasion (1990–91) 93 Kuwait Petroleum Company 27

intrusion prevention systems (IPSs) 361 IOCs see international oil companies (IOCs) IOGP see International Association of Oil & Gas Producers IOOC see Iranian Offshore Oil Company IOPCF see International Oil Pollution Compensation Funds IPIECA see International Petroleum Industry Environmental Conservation Association IPSs see intrusion prevention systems Iranian Offshore Oil Company (IOOC) 96 Iran–Iraq war (1980–88) 91, 94, 128 ISA see International Seabed Authority ISO see International Organization for Standardization ISPS (International Ship and Port Facility Security) Code 258–65 ITLOS see International Tribunal for the Law of the Sea ITU see International Telecommunication Union Jacket B wellhead platform, Afremo offshore oilfield 138 jacket structure, fixed offshore oil and gas installations 31, 32, 40 jack-up platforms 34–35, 40 Jamat al-Tawhid wa-l-Jihad (JTWJ) 66 Jemaah Islamiyah (JI) 66 Jenkins, Brian 20, 56, 83–84, 88, 135 JI see Jemaah Islamiyah jihadism 69 job titles, offshore crew 44 Joint International Working Group on Uniformity of Laws Concerning Acts of Piracy and Maritime Violence (JIWG) 252–53, 279–80 Joint Statement on the Uniform Interpretation of Rules of International Law Governing Innocent Passage (US–USSR Joint Statement) 192–93 Joint Technical Committee (JTC), ISO–IEC 306–7 Jonathan, Goodluck 22 JTC see Joint Technical Committee JTWJ see Jamat al-Tawhid wa-l-Jihad jurisdiction: high seas vs. place outside the jurisdiction of any state 224; national, offshore oil and gas installations on seabed beyond 216–20; property in a place outside the jurisdiction of any state 223–24; 1988 SUA Convention 234–35; 1988 SUA Protocol 239; see also enforcement jurisdiction, offshore installations

LAN see local area network Land and Boundary between Cameroon and Nigeria (Cameroon v Nigeria) (2002) 291 Law of the Sea Convention framework 187–229, 391–92; enforcement jurisdiction 190, 197–99, 201; innocent passage and protection measures 191–97; installations in the contiguous zone 199–200; installations on the archipelagic waters 200–1; installations on the internal waters 189–90; installations on the territorial sea 190–9; protection measures 190, 191–97, 200–1 learning, and security management 326–27 Legal Committee (LEG), IMO 156 Legal Consequences of the Construction of a Wall in the Occupied Palestinian Territories (2004) 292 legal status of offshore installations 151–80; case law 165–67; installations as ports 168–79; installations as ships 152–68; judicial interpretations 165–68; key findings/issues 388–89; state practice 165–68; treaty law 154–64, 169–75; waters around offshore ports, legal status 171–73 Liberation Tigers of Tamil Eelam (LTTE) 66, 67, 71, 73, 76, 139 LICs see low-intensity conflicts life, loss of 127 liquefied natural gas (LNG) 3; see also floating liquefied natural gas units (FLNGs) liquefied petroleum gas (LPG) 3 LNG see liquefied natural gas Loadenthal, Michael 83 local area network (LAN) 360 location vulnerability of offshore target 116–17 long-range acoustic devices (LRADs) 350 long-range identification and tracking of ships (LRIT) 276–79, 390; Data Centres 278, 279; International Data Exchange 279; LRIT Regulation (2006) 256, 276–78 loss of confidence and industry reputation 134

478

INDEX

Lowe, Vaughan 156, 160 low-intensity conflicts (LICs) 21 LPG see liquefied petroleum gas LRADs see long-range acoustic devices LRIT see long-range identification and tracking of ships LTTE see Liberation Tigers of Tamil Eelam Luft, Gal 5 MacBain, Merle 19 Maerli, Morten 57, 113, 321 Malaysia, Merchant Shipping Ordinance 1952 178 malware 98 malware protection 368–9 management: change and configuration 338–39; compliance 379; contract 376–77; employee management and supervision 356–57; government relations 372–73; hardware and software integrity and patch management 362–63; identity 354–55; media 378–79; operating management and security 312–15; operational continuity 351–52; patch management 362–63; quality management and security 315–16; residual risk and continuous improvement 379–81; review of security management systems 326; risk management and security 317; security guard force 346–48; security incident 349–51; supply chain 377–78; systems approach to 319; top management, reporting to 327–28; user accounts and privilege management 364–65; see also security management systems (SMS) Mansah, Thomas 157–58 Maritime Liaison Office (MARLO), US 193, 301–2 Maritime Safety Committee (MSC), IMO 256, 261, 262, 278–79, 283, 284; Resolution MSC. 202(81) 276; Resolution MSC. 210(81) 276; Resolution MSC.361(92) 279 maritime security, lack of commonly accepted definition 6 Maritime Security Identification Card scheme (MSIC), Australia 267n maritime terrorism 65n Maritime Transport Act 1994, New Zealand 178, 179 Maritime Transport and Offshore Facilities Security Act 2003 (MTOFSA), Australia 175, 176, 267 Maritime Transportation Security Act 2002, United States 176 MARLO see Maritime Liaison Office materials on board, volatile and hazardous 122

McNamee, Mark 75, 76 media management 378–79 Medina, Richard 58, 68 MEND see Movement for the Emancipation of Niger Delta Merchant Shipping Code 1999, Russian Federation 178 Merchant Shipping Ordinance 1952, Malaysia 178 Merchant’s Marine Insurance Ltd v North of England Protection (1926) 166 mobile offshore drilling units (MODUs) 38, 117, 153, 167, 390; ISPS Code 259, 260, 262, 263–64; Solas Convention amendments (2002) 257; SUA framework 231, 232 mobile offshore installations 34–40; drilling barges 34, 36, 40; drilling ships 37–38; floating drilling, production, storage and offloading units 38–39; floating liquefied natural gas units 39–40; floating production, storage and offloading units 38; floating storage and offloading units 38; floating storage and regasification units 39; floating storage units 38; jack-up platforms 34–35, 40; semisubmersible drilling units 34, 36, 40; as ships 155–59; spar platforms 34, 36–37, 40; submersible drilling units 34, 35–36, 40 mobile offshore production units (MOPUs) 38, 153 Model National Law on Acts of Piracy and Maritime Violence (CMI Model Law) 253, 254 MODUs see mobile offshore drilling units monitoring: automated 369; monitor and security reporting 325–26; protective 369–70 Montecito Mob attack, US (1899) 15, 18 MOPUs see mobile offshore production units motivations and objectives (offshore security threats): civil protest 85–86; cyber threats 96–97; evaluation framework 59–60; insurgency 74–76; internal sabotage 89; inter-state hostilities 93–94; organised crime 79–80; piracy 63; terrorism 68–70; vandalism 82–83 Movement for the Emancipation of Niger Delta (MEND) 74, 75, 76–77; and target selection considerations 119, 123, 127, 133, 138 MSC see Maritime Safety Committee (MSC), IMO MSIC see Maritime Security Identification Card scheme

479

INDEX

MTOFSA see Maritime Transport and Offshore Facilities Security Act 2003 Murphy, Martin 71 MV Limburg attack (2002) 66 M/V Saiga (St Vincent and the Grenadines v Guinea) (1999) 211 Mystras FPSO Nigeria, abduction of workers (2006) 61, 142 Nasr offshore complex attack, Iran (1988) 127–28, 140, 288 National Iranian Oil Company (NIOC) 27 national oil companies (NOCs) 27; see also international oil companies (IOCs) National Strategy for Maritime Security, US 55 natural gas 3 NAV see Sub-committee on the Safety of Navigation (IMO) navigation, restricting in self-defence 299–302 NCTC see Australian National Counter Terrorism Committee NDPVF see Niger Delta People’s Volunteer Force necessity principle, self-defence 295, 296, 300 network architecture and configuration, secure 360–62 network segregation/segmentation 361 New Zealand, Maritime Transport Act 1994 178, 179 Nicaragua attacks (1980s) 74 Nicaragua decision (1986) 289, 290, 291 Niger Delta, insurgent attacks in 75–76, 105; see also Movement for the Emancipation of Niger Delta (MEND) Niger Delta People’s Volunteer Force (NDPVF) 74 Nigeria: attacks on offshore installations in 59, 74; civil protest (2002) 84 Nigerian Ports Authority Decree 1999 179 nine box model 319 NIOC see National Iranian Oil Company Noble 28 NOCs see national oil companies NOGA see Norwegian Oil and Gas Association Non-SOLAS Security Guidelines 280–82, 303, 390, 393 non-state actors, attacks by 292–93 North Rankin A offshore platform, occupation of (1986) 85 North Sea 27 North Sea Hijack (film) 20 Norwegian Oil and Gas Association (NOGA) 309, 342–43, 377, 378

Nowruz oilfield tanker collision (1983), Persian Gulf 128 Occidental 27 Ocean Rig Poseidon drill ship attack (2011) 61 O’Connell, Daniel 155, 216 OECD see Organization for Economic Cooperation and Development offences: CMI Draft Guidelines 279–80, 303, 394; hostage taking 249–50; under 1988 SUA Convention 233–34; under SUA framework amendments 2005 270–72; under 1988 SUA Protocol 238 offshore facility security officer (OFSO) 46 offshore installation crew 42, 44–48, 47 offshore installation manager (OIM) 45 Offshore Installations Attack Dataset (OIAD) 17–18, 59, 127, 147, 385, 400–33 offshore installation security officer (OISO) 46, 48, 263, 348 offshore oil and gas industry: global 26–30; installation types 30–40 offshore target selection considerations 110–50; additional incentives 121–23; assessing attractiveness of offshore targets 112–36; attacks and interferences methods/scenarios 137–46; consequences of attacks or threats see consequences of offshore attacks/threats; definition of offshore target attractiveness 111–12; deterrents 123–25; increased level of security/protection 125; operational/tactical difficulties 124–25; ranking of target attractiveness 136–37; soft or hard targets 124; threat–target pairing/threat–asset pairing 137; vulnerabilities see vulnerabilities, offshore target selection; see also threats, offshore security offshore unit, defined 163 OFSO see offshore facility security officer OGX see Petróleo e Gás Participações OIAD see Offshore Installations Attack Dataset oil and gas installations, offshore see installations, offshore oil companies: international see international oil companies (IOCs); national see national oil companies (NOCs); organisational structure 41–42, 43 oilfield service companies 28 oil industry: and Cold War 9; and Daesh (ISIS) 12; resources, value 10, 11; world production 10; and World Wars 8; see also installations, offshore; petroleum

480

INDEX

Oil Platforms (Islamic Republic of Iran v United States of America) (2003) 288–89, 290–91, 293, 296, 297 OIM see offshore installation manager OISO see offshore installation security officer Oldrea (malware) 98 Oloibiri FSO, attack on (2007) 128–29 OMS see operating management system operating management and security 312–15 operating management system (OMS) 312, 313–14, 316 operating security procedures 334–35 operational continuity management 351–52 organised crime, evaluation of as threat 77–80; capabilities and tactics 80; definitions 77; geography/enabling factors 78–79; motivations and objectives 79–80; ranking 105 organised criminal groups 251, 252 Organization for Economic Cooperation and Development (OECD) 377 Orizont offshore oil rig 94 Owens, William 295 Palestine Liberation Front (PLF) 66, 67, 229 Palma, Mary Ann 277 Panama Canal 37 Parabe offshore oil platform (Chevron), occupation (1998) 86, 145 Passage through the Great Belt (Finland v Denmark) (1991) 165 patch management 362–63 PDCA see ‘Plan-Do-Check-Act’ (PDCA) model Pennington Oil Terminal (POT), Nigeria 179, 205–6 Persian Gulf 27, 92, 128 personal injury, threat of 127 person in charge 44 personnel, offshore: diversity of, as vulnerability 118–19; employee management and supervision 356–57; protection of 358; security controls see personnel security controls; training of 285–87, 355–56; see also seafarers personnel security controls 352–58; administration/organisation 352–53; employee management and supervision 356–57; identity management 354–55; personnel protection 358; pre-employment screening 353–54; prohibited and controlled items or activities 358; security, culture, awareness and training 355–56; security administration/organisation 352–53; social engineering prevention 357–58

Petróleo e Gás Participações (OGX) 27 Petróleos Mexicanos (Pemex) 27 petroleum: origins of modern industry 26; price rises/market fluctuations 131–32; strategic importance 7–13, 11; supply disruptions 129–30; target selection considerations 131–32, 133, 135; terminology 3; violence associated with industry 13–19; see also oil industry petroleum terrorism 65n PFSP see port facility security plan physical security controls 340–52; access control 342–43; operational continuity management 351–52; security alert response 348–49; security guard force management 346–48; security incident management 349–51; structural protection and integrity 341–42; surveillance and detection 344–46 Pietre-Cambacedes, Ludovic 4 Piper Alpha disaster (1988) 118, 127 piracy, defined 61, 185, 220–21 piracy, evaluation of as threat 61–64; capabilities and tactics 63–64; geography/enabling factors 62; low- and high-level piracy 63; motivations and objectives 63; ranking 104; see also piracy law piracy law and offshore installations 220–29; domestic law, importance 228–29; Harvard Draft Convention on Piracy 227; high seas vs. place outside the jurisdiction of any state 224; illegal act of violence, detention or act of depredation 221–22; internal seizures of offshore installations 227–28; jurisdiction over piracy 226–27; legal treatment of offshore installations as ships 224–25; model national law on acts of piracy and maritime violence 252–54; pirate ships 228; ‘private ends’ requirement 222–23; property in a place outside the jurisdiction of any state 223–24; territorial/geographic scope of piracy 225–26; see also Joint International Working Group on Uniformity of Laws Concerning Acts of Piracy and Maritime Violence (JIWG); piracy, evaluation of as threat ‘Plan-Do-Check-Act’ (PDCA) model 313, 353 planning and resourcing 324–25 platforms, offshore see installations, offshore PLF see Palestine Liberation Front policies, security: objectives and tasks 322–23; and security plan 333–34 political and foreign relations impacts of offshore attacks 134–35

481

INDEX

Popular Front for the Liberation of Palestine (PFLP) 66 port facility security plan (PFSP) 261 Port Harcourt attack (2008) 127 ports, offshore installations as 168–79; deepwater ports 176; legal status of waters around offshore ports 171–73; maritime port 178; port facility 177; port state control 173–75; public port 177; state practice 175–79; treaty law 169–75 Port Statistics Act 1977, Australia 175 POT see Pennington Oil Terminal (POT), Nigeria pre-employment screening 353–54 preventive maintenance 337–38 Prirazlomnaya offshore platform (Pechora Sea) 205; protest of 2013 84 ‘private ends’ requirement, piracy law 222–23 privilege management 364–65 proactive security 318 procedural security controls 331–40; change and configuration management 338–39; communication and coordination 335–36; drills and exercises 339–40; operating security procedures 334–35; policy and security plan 333–34; preventive maintenance 337–38; risk assessments 331–33; sensitive information and records handling 336–37; see also controls, offshore security process interruptions and shutdowns 128–29 production departments, oil companies 42 prohibited and controlled items or activities 358 property: in place outside jurisdiction of any state 223–24; violence against 65 proportionality principle, self-defence 295, 296–97, 300 prosecution, 1988 SUA Convention 235–36 protection measures, offshore installations: archipelagic waters 200–1; continental shelf beyond 200 nautical miles 215; exclusive economic zone/continental shelf 202–7; internal waters 190; payments 75; protection/prevention framework 390–93; seabed beyond national jurisdiction, installations in 219; territorial sea 191–97 protection rackets 79 protective monitoring 369–70 public profile/symbolic value of target 122–23 Puerto Sandino oil terminal (Nicaragua), underwater attack (1983) 140 Qatari RasGas, cyber attack on (2012) 120 quality management and security 312, 315–16 Quiggin, Tom 16n

radar surveillance, short-range 345 radio frequency engine stoppers 350 radio frequency identification (RFIED) 345 Rahman, Chris 6 RATs see remote access tools reactive security 318 Recommendations for the Training and Certification of Personnel of Mobile Offshore Units 286, 393 records handling, and sensitive information 336–37 reliability of sources 16 remote access tools (RATs) 99, 144 remote terminal units (RTUs) 49 reporting, security 325–26; to top management 327–28 Reshadat offshore complex (Iran), direct attack on (1987) 92, 140, 297 residual risk management, and continuous improvement 379–81 responses of international oil and gas industry 304–82; command, control and response capability 370–71; company specifications and practices 310–11; controls and protection measures 323, 325, 328–79; industry self-regulation 309–10; international standards 305–8; regional and national standards 308–9; security management systems see security management systems (SMS) restricted areas 205 review of security management systems 326 Revolutionary Armed Forces of Colombia (FARC) 74–75 RFIED see radio frequency identification rigs, offshore see installations, offshore risks, security: assessment 323, 331–33; management 316, 317, 318 rocket-propelled grenades (RPGs) 60, 76, 125, 140–41, 222 Ronzitti, Natalino 199–200, 213, 220 Roscini, Marco 295 Royal Dutch Shell (Shell) 27, 39–40, 310; Forcados offshore oil terminal, attack on (2009) 76–77, 127 RPGs see rocket-propelled grenades RTUs see remote terminal units Rudner, Martin 134–35 Russian Federation: Federal Law on Internal Marine Waters, Territorial Sea and Contiguous Zone 178; Merchant Shipping Code 1999 178 R v. Saint Joint Shipbuilding & Dry Dock Co (1981) 166

482

INDEX

sabotage (internal), evaluation of as threat 88–90; capabilities and tactics 89–90; definitions 88; geography/enabling factors 89; motivations and objectives 89; ranking 106 safety, security distinguished 4 safety zones: extension of, around offshore installations 283–85; IMO Resolution A.671 (16) on 245–46 Salafist Group for Preaching and Combat (GSPC) 139n; see also Al-Qaeda Salman offshore complex attack, Iran (1988) 127–28, 140 Samuel B Roberts (US frigate) attack on (1988) 128, 288 Saudi Aramco, cyber attack on (2012) 120, 144 SBMs see single buoy moorings SCADA see Supervisory Control and Data Acquisition Schlumberer 28 Schmid, Alex 5, 64 Schmitt, Michael 294, 296 seabed beyond national jurisdiction, installations in 216–20; enforcement jurisdiction 219–20; protection measures 219 Seadrill 28 seafarers: identification framework 265–69, 392; security training 285–87 seafarers’ identity documents (SIDs) 265 Seafarers’ International Union of Canada v Crosbie Offshore Services Ltd (1982) 167 Sea Isle City (Kuwaiti oil tanker), alleged Iranian missile strike on (1987) 92, 288, 297 Sea Shepherd Conservation Society (SSCS) 81, 82, 83 security alert response 348–49 security and protection of offshore installations: alert response 348–49; controls see controls, offshore security; personal security controls; physical security controls; procedural security controls; stakeholder security controls; technical security controls; definition of security 4–5; improvement suggestions 395–98; incident management 349–51; increased level 125; industry response 395; information acquisition/situational awareness framework 390; key findings/issues 384–95; key questions 383–84; key terms/concepts 3–7; lax security 116; malicious vs accidental distinction 4; management see management; security management systems (SMS); offshore petroleum security context 5–7; offshore threats see threats, offshore security; past and present perspectives 19–22;

policies see policies, security; preventive maintenance 337–38; protection/prevention framework 390–93; reform considerations 396–97; regulation at international level 389–95; response/penal framework 393–95; safety distinguished 4; security guard force management 346–48; strategic importance of petroleum 7–13, 11; suggestions for further research 397–98; system vs environment distinction 4; training of seafarers and offshore personnel 285–87; violence associated with petroleum industry 13–19; see also attacks on offshore installations; consequences of offshore attacks/threats; installations, offshore Security Council see United Nations Security Council (UNSC) security excellence 319–21; concepts 320–21; criteria 321 security gateways 361 security guard force management 346–48 security incident management 349–51 security management systems (SMS) 23, 304, 311–28; active and passive measures 330; benefits 328; components 321–28; concepts 312–21; controls and protection measures 323; credibility and integration 322; execution and control activities 325; learning 326–27; monitor and security reporting 325–26; operating management and security 312–15; planning and resourcing 324–25; policies, objectives and tasks 322–23; principles 318–19; proactive and reactive security 318, 329; quality management and security 315–16; reporting to top management 327–28; review 326; risk management and security 316–18; security excellence 319–21; security risk register 324; threat, vulnerability and security risk assessment 323; see also International Association of Oil & Gas Producers (IOGP); security and protection of offshore installations security risk assessment (SRA) 60, 109, 264n, 386, 388, 392, 397; API SRA methodology 54, 55, 56, 103, 104, 108, 112, 113, 126, 136, 332; offshore assets and operations 23, 25, 51; responses of international oil and gas industry 304, 307, 315, 322, 323, 324, 328, 331, 332, 333, 340, 382; target selection considerations 111, 112, 148, 149; threat and vulnerability 323 security risk register 324 security zones 205

483

INDEX

self-defence: anticipatory 297–99; attacks by non-state actors as ‘armed attacks’ 292–93; conduct constituting an ‘armed attack’ 289–95; cyber attacks on offshore installations as ‘armed attacks’ 294–95; exercise of right by third states 302–3; inherent right of 287; kinetic attacks on offshore installations as ‘armed attacks’ 293–94; lawful exercise of right of 295–97; necessity principle 295, 296, 300; proportionality principle 295, 296–97, 300; restricting navigation in 299–302; right of and offshore installations 287–303; using to protect installations 295–303 semisubmersible drilling units, mobile installations 34, 36, 40 sensitive information, and records handling 336–37 Shell see Royal Dutch Shell (Shell) Shell Offshore v Greenpeace 87, 223 Shibamoto & Co v Western Fish Producers (1989) 166n ships: definition in ISPS Code 259; drilling 37–38; IMO General Provisions on routing of 246–49; Non-SOLAS Security Guidelines 280–82, 303, 390, 393; offshore installations as see ships, offshore installations as; pirate 228; special purpose 281n; use of as weapons 142–43 ships, offshore installations as 152–68; ‘dual status approach’ 159–62, 227; fixed offshore installations 154–55; installation vs. structure 159–60; lack of uniform definition of ‘ship’ or ‘vessel’ in international law 152; mobile offshore installations 155–59; offshore installations as separate category 162–64; and piracy law 224–25; treaty law 154–64 ship security officer (SSO) 46 SIDs see seafarers’ identity documents single buoy moorings (SBMs) 261 single-point mooring (SPM) 40 Slops case (1992) 166 SMS see security management systems social engineering 88–9; prevention 357–58 SOLAS see International Convention for the Safety of Life at Sea SOPs see standad operating procedures South America 62 South China Sea 27, 92, 93 Southeast Asia 62 spar platforms, mobile installations 34, 36–37, 40 speedboats 60 Spicer, Wylie 162

SPM see single-point mooring SRA see security risk assessment Sri Lanka attacks (1990s and 2000s) 74; see also Liberation Tigers of Tamil Eelam (LTTE) SSCS see Sea Shepherd Conservation Society SSO see ship security officer stakeholders: external, undesired effects of offshore attacks on 135–36; mapping 371–72; see also stakeholder security controls stakeholder security controls: community engagement and local integration 373–75; compliance management 379; contract management 376–77; government relations management 372–73; industry partnerships and mutual aid 375–76; media management 378–79; stakeholder mapping 371–72; supply chain management 377–78 standad operating procedures (SOPs) 322, 334, 335 standards: international 305–8; regional and national 308–9 Standards Norway 308 stationary position/low manoeuvrability of offshore target, as vulnerability 117 Statoil 310 Stena Carron drill ship protest (2010) 146 structural/design vulnerabilities of offshore target, inherent 115–16 structural protection and integrity 341–42 structures, offshore see installations, offshore STW see Sub-Committee on Standards of Training and Watchkeeping SUA Convention see Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation SUA framework amendments 2005 269–76; infrastructure facility 270; issues applicable to both 2005 SUA treaties 275–76; new offences 270–72; serious injury or damage 270; ship-boarding framework 272; 2005 SUA Convention 270–73; 2005 SUA Protocol 273–75 1988 SUA Protocol 237–40, 253, 254; application to offshore installations 237–38; arrest, extradition and prosecution 239–40; jurisdiction 239; offences 238 Sub-Committee on Safety of Navigation (NAV) 248, 249, 284 Sub-Committee on Standards of Training and Watchkeeping (STW) 285 submersible drilling units, mobile installations 34, 35–36, 40 Suez Canal 37

484

INDEX

suicide boat attacks 66 Summerskill, Michael 161, 162 ‘super majors’ (largest IOCs) 27 Supervisory Control and Data Acquisition (SCADA) 49, 95, 96, 98; cyber vulnerabilities 120–21; ‘SCADA sniffing’ 99; technical security controls 360, 361, 366, 367 supervisory control systems 48–50 supply chain management 377–78 surveillance and detection 344–46 takeover and seizure 141 target selection considerations see offshore target selection considerations Technical Committee (TC), ISO 305, 306, 308 technical security controls 359–71; command, control and response capability 370–71; cryptographic protection 366–68; hardware and software integrity and patch management 362–63; malware protection 368–69; network segregation/segmentation 361; protective monitoring 369–70; secure network architecture and configuration 360–62; transmission security 366; user accounts and privilege management 364–65 tension-leg platform (TLP), fixed installations 28, 32, 33–34, 40 territorial sea: High Seas Convention (1958) 184–85; offshore oil and gas installations in 190–99; Territorial Sea Convention (1958) 183–84 terrorism, evaluation of as threat 64–71; capabilities and tactics 70–71; geography/enabling factors 67–68; insurgency vs. terrorism 72; motivations and objectives 68–70; 9/11 terrorist attacks 21, 68, 69, 254; ranking 104–5 terrorist act, defined 65 third states, exercise of right of self-defence 302–3 threats, offshore security 53–109; civil protest 84–87, 106; cyber threats 94–99, 107–8; definitions 54; evaluation framework 56–61; evaluation of specific threats 61–99; identifying/categorising 55; insurgency 71–77, 105; internal sabotage 88–90, 106; inter-state hostilities 90–94, 106–7; links between 100–3; misperceptions 53–54; organised crime 77–80, 105; piracy 61–64, 104; ranking of 103–8; risk assessment 323; target selection considerations see offshore target selection considerations; terrorism 64–71, 104–5;

unauthorised/suspicious conduct 99; vandalism 81–84, 105–60; see also capabilities and tactics; geography and enabling factors; motivations and objectives threat–target pairing/threat–asset pairing 137 TLP see tension-leg platform Toft, Peter 112, 123 Total 27, 310 transmission security 366 Transocean 28, 29 treaty law: ports, offshore oil and gas installations as 169–75; ships, offshore oil and gas installations as 154–64 Treves, Tullio 232, 234 Trident VIII offshore drilling rig attack (2007) 61 ‘trojan horses’ 368 Truman Proclamation (1945) 182 truss spar 37 Tsamenyi, Martin 277 UAVs see unmanned aerial vehicles ‘ultra-deepwater’ 29 unauthorised/suspicious conduct 99 underwater attacks 139–40 UNDP see United Nations Development Programme UNGC see United Nations Global Compact for Security and Human Rights UNGP see United Nations Guiding Principles on Business and Human Rights United Nations Development Programme (UNDP) 5 United Nations Global Compact for Security and Human Rights (UNGC) 375 United Nations Guiding Principles on Business and Human Rights (UNGP) 340 United Nations Security Council (UNSC) 298; Counter-Terrorism Committee 282; Resolution 1368 292; Resolution 1373 292 United States: Afghanistan, military intervention in 293; Deepwater Port Act 1974 (DWPA) 176, 177; on extension of safety zones around offshore installations 283–5; Maritime Transportation Security Act 2002 176 United States v Hasan (2010) 222 units, offshore see installations, offshore unmanned aerial vehicles (UAVs) 142 unmanned offshore installations 31, 343 UNSC see United Nations Security Council UNTOC see Convention against Transnational Organized Crime (UNTOC) user accounts and privilege management 364–65

485

INDEX

117–18; diversity of offshore industry personnel 118–19; floating production, storage and offloading units (FPSOs) 115; guns, availability of 119; identification of vulnerabilities 114–15; inherent structural/design 115–16; lax security and protection 116; location of installation 116–17; remote locations 117; security risk assessment 323; stationary position/low manoeuvrability 117

USS Cole attack (2000) 66 USS Samuel B Roberts, mining of 297 vandalism, evaluation of as threat 81–84; capabilities and tactics 83–84; definitions 81; geography/enabling factors 82; motivations and objectives 82–83; ranking 105–6 Vietnam, tension with China 93 violence: associated with petroleum industry 13–19; attacks on and interferences with offshore installations (1975–2014) 17–19; data on offshore attacks and security incidents 16–17; illegal act of and piracy 221–22; model national law on acts of piracy and maritime violence 252–54; petroleum-related targets and attacks 15–16; terminology 18n; see also attacks on offshore installations virtual private networks (VPNs) 361 viruses, ICT 368 Voluntary Principles on Security and Human Rights (VPSHR) 310, 320, 340, 347, 373 VPNs see virtual private networks VPSHR see Voluntary Principles on Security and Human Rights vulnerabilities, offshore target selection 114–21; availability of target information 119; cyber vulnerabilities 120–21; definitions 114; dense concentration and interconnectivity

WAN see wide area network warning zones 205 weapons: biological, chemical and nuclear 270, 271; ships used as 142–43; weapons of mass destruction (WMD), non-proliferation 270, 271 Weatherford 28 wide area network (WAN) 360 Williams, Simon 87 Woodside 27 workers, offshore see personnel, offshore World War I (WWI) 8, 91 World War II (WWII) 8 worms (software) 368 WWI see World War I WWII see World War II Zafiro Offshore Oil Terminal (ZOOT), Equatorial Guinea 179, 206

486