The Critical need for a Paradigm Shift for the Prevention and Mitigation of Risk
This GSDM ‘Emerging Issues’ piece explores a significant, recurring issue of security and disaster risk concern whereby legal frameworks are not keeping pace with technological innovation, with the potential for catastrophic harm especially in a context of inter-connected and inter-dependent critical national infrastructure (CNI). These issues are illustrated by technological innovation in the domain of Maritime Autonomous Surface Ships (MASS) following the recent world’s first unmanned commercial shipping operation. In particular, the piece urges that a new approach be adopted when scoping and drafting the new MASS legal framework, i.e. one which better integrates security and disaster risk factors in order to reduce gaps and vulnerabilities as necessary to prevent or mitigate disaster risk and impacts. It further discusses the potential role of soft law instruments to plug the current regulatory gap which may last a decade.
The World’s First Unmanned Commercial Shipping Operation
Recently, it was reported that “the world’s first unmanned commercial shipping operation” was carried out on 7 May 2019 when a 12 metre aluminium-hulled, unmanned vessel transported a box of oysters caught in Essex, UK to customs officers in Ostend, Belgium. The vessel was controlled from its designer Hushcraft’s remote control centre based in Tollersbury, Essex.
Though the operation was carried out successfully and without incident, translating what previously was a theoretical possibility into a practical reality, it heralds in a new era of both opportunity and risk: opportunity in terms of potential cost savings, increased efficiency and environmental benefits, and possibly (though not uncontroversially) improved safety and the reduced occurrence of accidents through the reduction or removal of human errors; versus the risk of significant adverse impacts should a technical failure, security breach or other incident occur.
Of particular interest here is the fact – as with much recent, ongoing and most likely also future innovation – that this technology has leapt ahead of the necessary legal frameworks to regulate it. Despite the fact that Maritime Autonomous Surface Ships (MASS) technology has been progressing for approximately a decade, with much of the necessary automation technologies being in existence before now, the necessary legal frameworks have not been developed in parallel.
This is unfortunate since the current framework of maritime law, including national legislation and international treaties, was developed before MASS was envisaged. As one expert, Professor Brennan, has observed, “[t]he legal regime is decades, if not a century-and-a-half out of date….As unmanned ships were never contemplated until recently, legislation says manning is essential for having a ship that is seaworthy, classified, and authorised to operate in national“. Therefore, significant changes and updates, accompanied by a very different approach to standard shipping safety and security issues, will be necessary if the revised framework and related instruments are to address adequately all likely associated and often integrated risks, threats, hazards and vulnerabilities.
This emerging issue briefly considers some of the associated challenges and steps taken so far towards reviewing – and ultimately amending or where necessary further developing with new instruments – the current international maritime safety regulatory framework. In particular it argues that it will be critical for stakeholders involved in this regulatory exercise not to adopt a conventional approach which tends to separate out relevant security from disaster risk factors, as is typically the case in response to technological innovation despite a changing threat and risk landscape. Rather, it is imperative that a willingness exist to adopt a paradigm shift in their regulatory approach which fully considers and integrates all relevant factors, extending existing conceptual and regulatory parameters where needed.
Definition of Maritime Autonomous Surface Ships (MASS)
Currently a regulatory scoping exercise is being carried out under the auspices of the Maritime Safety Committee (MSC), which is the highest technical body of the International Maritime Organization (IMO), comprising IMO Member States. The MSC’s mandate includes maritime safety and security such as the prevention of collisions, security of ships and ports as well as piracy.
For the purpose of its regulatory scoping exercise, a number of working definitions have been developed which are widely drawn upon by diverse stakeholders. MASS has been defined as “as a ship which, to a varying degree, can operate independently of human interaction”. The MSC has identified also four degrees of autonomy which are not intended to be hierarchical, which were revised during the MSC 100th session (December 2018):
- Degree one: Ship with automated processes and decision support: Seafarers are on board to operate and control shipboard systems and functions. Some operations may be automated and at times be unsupervised but with seafarers on board ready to take control.
- Degree two: Remotely controlled ship with seafarers on board: The ship is controlled and operated from another location. Seafarers are available on board to take control and to operate the shipboard systems and functions.
- Degree three: Remotely controlled ship without seafarers on board: The ship is controlled and operated from another location. There are no seafarers on board.
- Degree four: Fully autonomous ship: The operating system of the ship is able to make decisions and determine actions by itself.
Notably, the MSC is of the view that “truly autonomous ships operating without human monitoring and control, either onboard or from a shore station, is not a realistic goal at this time. It would require a level of Artificial General Intelligence that does not yet exist”. Consequently, this scenario will not be included within the MSC’s current scoping exercise.
The primary focus here is on degree three automation/remote control where there are no seafarers on board since these ships are considered to pose the greatest potential risk and, therefore, should take priority in terms of the development of an appropriate regulatory framework. Notably, the challenges and principles discussed here would apply equally to a degree four scenario if and when the technology exists.
Current Steps towards the Development of a new Regulatory Framework
Since 2018, the IMO has been examining how best to address safety, security and environmental issues relating to MASS within IMO instruments. This work is being undertaken by its MSC through an endorsed framework for a regulatory scoping exercise which is currently in progress. Essentially it has two parts – to review the adequacy of current potentially applicable instruments, and then to assess and determine the most appropriate way of addressing MASS operations. It is focussing especially on the human element, technology and operational factors.
To this end, the MSC, in conjunction with the Legal Committee, is reviewing an agreed list of IMO instruments, including those governing safety (SOLAS), collisions (COLREG) and search and rescue (SAR). Each of the instruments are being categorised according to maritime safety and security, as well as degree of autonomy.
One of the principal outcomes of the scoping exercise will be to determine next steps by identifying the need for:
- Equivalences as provided for by the instruments or developing interpretations; and/or
- Amending existing instruments; and/or
- Developing new instruments; or
- None of the above as a result of the analysis.
The initial phase of the exercise is currently underway with an intersessional MSC working group due to report on progress in September 2019. Originally, it was hoped to have completed this exercise by 2020, but more realistically this is likely to be by 2022 or even 2023.
Identification of all Relevant Factors Critical to the Prevention and Mitigation of Risk
Currently, there are various initiatives in place aimed at identifying risks relating to MASS, whether existing risks which will shift due to the changing nature of shipping operations – such as safety related ones or risks attributable to regulatory gaps – or other forms of (novel) emerging risks.
A significant concern here is whether all relevant factors will be considered under this heading of ‘risk’. I.e., not only safety and broader security risks, but also other forms of specific threats (such as those posed by state or non-state sponsored organised criminal groups and/or terrorist groups, between whom a nexus can exists in terms of cooperation or even convergence), hazards (natural, man-made and technological, including na-tech scenarios when a natural disaster event, such as an extreme weather event, triggers a technological incident) or other forms of vulnerabilities (e.g., the extent to which disaster risk reduction/management strategies and systems are in place, for instance comprehensive preparedness and response plans for different types of incidents).
The accurate and comprehensive initial identification of all relevant sources of potential vulnerability is critical since these will inform all other key stages of risk mitigation decision-making and business continuity processes which are essential for ensuring not only the safety and security, but also the resilience of systems, processes, etc supporting MASS. These include informing planning assumptions; which in turn feed into preparedness decision-making (at the strategic, operational and tactical levels, including related capacity development, equipment procurement, manpower recruitment, etc); which directly affect how effectively an organisation (or community) not only responds in the immediate aftermath of an incident, but also recovers from it longer term.
In this regard, it is interesting that in 2016 a largely industry led consortium – ‘Maritime Unmanned Navigation through Intelligence in Networks’ (MUNIN) – funded by the European Commission’s Seventh Framework Programme, published its report ‘Research in Maritime Autonomous Systems Project Results and Technology Potentials’ (2016) which summaries key findings of the three-year project.
Notably, the MUNIN report concluded that “[R]isks from cyber-attacks and pirates are issues that cause concern. However, software systems as well as ships can be designed and built providing a very high resilience against digital and physical. Furthermore, it is unclear whether unmanned and autonomous ships are attractive to such attacks at all.” (p.3) It is respectfully submitted that such findings significantly over simplify and underestimate a complex and increasingly inter-connected landscape of security and disaster risk, as is explained further below. Indeed, as Ben Simpson, managing director of Hushcraft, observed following the inaugural unmanned commercial shipping operation in May, “problems such as the risk of piracy plague both manned and unmanned vessels”.
Recent high profile cyber events – such as the global Wannacry cyber attack in 2017 which, amongst its estimated 200,000 casualties in over 150 countries, crippled the UK’s National Health Service with an estimated cost of £92 million, or the cyber attacks against South Korea’s Defense Ministry in 2017 and 2018 which resulted in the theft of highly sensitive arms procurement and military strategic operational documents – suggest that information and communications technology vulnerabilities should never be underestimated, especially against prime critical infrastructure targets.
Similarly, the report seemed to not fully comprehend the likely scale of, and challenges associated with, the development as well as implementation of new MASS related legal instruments. For example, it observed that “there is no reason to think that the legal framework cannot be adapted to allow autonomous vessels in maritime transport”, when much of the current framework will not be readily adaptable to new risks and vulnerabilities posed by MASS. Though the report acknowledges that “there will be a high number of issues to be resolved” legally, it does not seem to fully recognise the breadth and depth of complexity to be grappled with including in terms of non-standard risk related considerations.
Whilst some of the “principal areas of concern are navigation and manning” (perhaps, at least in part explicable by the project being framed round the IMO’s Formal Safety Assessment guidelines), with a primary identified legal issue relating to attribution of potential liability (p. 3), in a MASS context a diverse range of broadly defined disaster risk issues need to be integrated with existing international and national legal frameworks. The drafting, negotiation, adoption, implementation, etc challenges associated with the development and implementation of new legal instruments is likely to be a politically sensitive, complex and drawn out process. E.g., reflecting broader national sensitivities as to whether or not cyber security and disaster risk issues should be approached in a separate or integrated manner, both more generally as well as within a MASS specific context. Nor is there any guarantee that developed frameworks will be utilised in practice by all stakeholders since, e.g., new international instruments are normally voluntary in nature and/or may not be fully implemented in practice even if formally signed up to.
If the MUNIN findings are representative of the views of the broader shipping/technology sectors involved in the development and implementation of MASS then they are not reassuring. Instead, they suggest that all relevant issues pertaining to threat, risk, etc may not be approached in a comprehensive, integrated manner despite the likelihood of (arguably unnecessary and significant) resultant critical gaps and vulnerabilities, including in relation to core shipping safety and security matters.
Need for a Paradigm Shift: The Convergence of Security and Disaster Risk Factors
The fact that security and disaster risk factors are indivisibly linked in relation to MASS technological innovation is captured succinctly in a further observation of Professor Brennan during the recent BBC feature in the following terms:
‘…..[T]he first Achilles heel of unmanned shipping might be the very technology that created it.
A failure in communications between vessel and base will render it a ghost ship, hopelessly drifting without a soul on board, a hazard to its owners, the owners of its cargo, and the environment, he argues.
“Unmanned ships may be stopped by pirates by disabling shots or damaging the ship’s propeller and rudder”.’
A recurring and common weakness with technological innovation, which is not confined to the MASS context, is that accompanying systems (including their legal frameworks) for its safe and secure use do not generally give sufficient consideration to the intersection between security (e.g., terrorism, organised crime, piracy, cyber/radio frequency/satellite attacks, drone strikes, holding to ransom, diversion of sensitive cargo to hostile actors) and disaster risk management (e.g., resultant collisions, pollution, loss of business continuity, search and rescue of crew, disaster impacts, etc) factors (Figure 1). This is despite the reasonable foreseeability of potentially catastrophic harm when the two traditionally separate paradigms meet. (Figure 2). For instance, at the time of writing a widespread national power grid blackout which affected half of Venezuela was blamed on an electromagnetic attack. A similar loss of power, whether due to non-malicious factors such as an electro-magnetic pulse or a malicious attack, could result in the loss of connectivity between a MASS remote control centre and a ship with potentially significant consequences, especially in a degree 3 (or future degree 4) scenario with no manpower on board to manually take control of ship operating systems.
Typically, prevention and mitigation measures governing technological threats, risks and hazards are not (fully) multi-hazard in nature or truly cross-sectoral in terms of fully engaging all relevant stakeholders, despite the potential of such approaches to prevent or at least reduce the possibility and/or impacts of significant concurrent and/or cascading disaster incidents. E.g., a loss of shipping control could result in a secondary incident, such as the ship causing damage to other shipping/port infrastructure; leading to tertiary incidents including contamination, pollution, loss of business continuity, damage and loss, etc. Such key themes were considered in a recently published report in support of the 2019 United Nations Global Assessment Report on Disaster Risk Reduction. It concluded that “infrastructure systems depend upon extensive interconnections with one another; thus, the consequences resulting from one infrastructure dysfunction can propagate across infrastructure systems, generating cascading and escalating failures that could scale up a crisis”. (p. 2).
The effects of such failures can be aggravated by the fact that, typically, organisational disaster risk management planning (e.g., crisis/emergency management or contingency/business continuity planning) tend to be short rather than longer term in nature. A significant consequence of this is that planning and investment tends to focus on shorter term preparedness and the immediate response to incidents rather than on longer term prevention and mitigation of risk, post-incident recovery/reconstruction plans and/or strengthening existing governance mechanisms. A failure to develop a longer-term integrated risk management approach increases the likelihood of disaster events and impacts.
Unless a truly integrated, multi-dimensional approach is developed and implemented regarding MASS related frameworks, systems, policies, training and so forth – which fully considers all potentially relevant security threat and disaster risk factors – it simply will not be possible to prepare or respond as effectively as is possible or necessary to vulnerabilities associated with existing or emerging risks, including due to unnecessary regulatory gaps and partitions between applicable legal regimes.
Furthermore, although a common argument in favour of MASS technology is that it has the potential to reduce human-based errors, one could argue that in the case of remote controlled vessels, including those falling within the category of degree 3, the risk is shifted rather than reduced or eliminated from human-based errors at sea to human-based errors on land by remote control operators, compounded by the potential for different systems-based failures to occur, some of which have been alluded to above. Indeed, some might argue that an over reliance on technological solutions without adequate (manned and experienced) back-ups in place may increase, or certainly not improve, current levels of vulnerability.
Next Steps: The More Dynamic Utilization of Existing Legal Tools
It is evident that a comprehensive international legal framework governing MASS related issues, including safety and risk, is unlikely to be agreed or implemented any time soon. Even once the scoping exercise has been completed, probably around 2022/2023, the subsequent drafting, negotiation and adoption phase may take several years to complete due to its reach and complexity. By the time any resultant regulations or treaties have been implemented within national legal systems it could easily be a decade after the first unmanned, remote controlled shipping operation took place.
Such delays pose significant challenges, including from security as well as disaster prevention and risk mitigation perspectives. One area where positive steps could be taken during the interim period is the development of non-legally binding ‘soft’ law instruments to help inform and develop industry-wide good practices. Typically, the legal sector is engaged by other sectors – including science, technology and insurance – in a very restrictive way, often limiting sought expertise to traditional legal roles such as advice on commercial contracts, liability and litigation.
Whilst such traditional legal functions remain important, non-legal sectors rarely draw upon legal instruments in a more dynamic way, including as a potential interim solution to the recurring dilemma of technological innovation leaping ahead of parallel legal frameworks, policies, systems and so forth. Legal principles and rules do not necessarily need to be used in formally binding ways. For instance, there are many legal regimes with related instruments in existence of direct and indirect relevance to security and disaster risk issues (e.g., governing maritime, aviation, counter-terrorism, organised crime, cyber, disaster response/risk reduction, environmental, pollution, search and rescue, communications, hazardous materials issues) which could be drawn upon to develop soft law instruments, such as Codes of Conduct, standards and guidelines.
Such soft law instruments could be informative and influential in terms of guiding industry and other stakeholders, whilst reducing current identified gaps and vulnerabilities with their associated security and disaster risks, not least in terms of ensuring increased consistency of approach as well as strengthened governance across stakeholders. Contrary to what some might expect, well drafted soft law instruments, which benefit from stakeholder support and buy-in, can be more influential in practice than, for instance, weak legal texts or poorly ratified/implemented international treaties. Additionally, they can perform an important law-making role – which may benefit the current regulatory efforts of the IMO and other organisations – in that they can assist in the development of new legal norms in response to existing or emerging technological innovation which, in turn, may be incorporated within binding legal texts.
In response to these and similar emerging issues (e.g., drone management and other forms of automated transportation), GSDM can provide public and private sector clients with legal and other disciplinary expertise. Dr Katja Samuel, the Director of GSDM, specialises in both security threats and disaster risk. She is especially concerned to prevent or at least mitigate the impacts of potentially catastrophic disasters, including across critical national infrastructure (CNI).