Maritime terrorism remains a nascent field, and some have even argued that it is not actually a field at all. Regardless of any academic squabbles, however, terrorists have used and are using the maritime domain in a variety of ways, and it is critical for all security and counter-terrorism professionals to be not only aware of how terrorists exploit the maritime domain but prepared to counter them in doing so.
Given the time-sensitive nature of preventing terrorists from being successful, it is critical to understand their maritime efforts, so as to be able to identify them as early as possible, and then intervene. Examining terrorist behavior in the maritime domain reveals at least ten different modalities, all of which could be considered “maritime terrorism.”
A simple taxonomy of these ten variants allows law enforcement, security, and counterterrorism to start the critical process of first developing approaches for spotting maritime terrorist activities, then developing protocols and standard operating procedures (SOPs) for intervening in that activity, then exercising those protocols and SOPs, and finally implementing them to thwart terrorist activity.
While it is the national prerogative of states to determine how they are going to tackle the problem of terrorism, this analysis seeks to support policy makers, security planners and maritime operators by articulating what modalities of maritime terrorism need to be addressed.
Given the disparity in how states, organizations and instruments define terrorism, it is perhaps useful to highlight what is meant by maritime terrorism. Maritime terrorists are criminals who use violence, intimidation, or serious disruption to create terror, fear, uncertainty, or chaos in pursuit of political, philosophical, ideological, racial, ethnic, or religious aims with some nexus to the maritime domain. As the following ten modalities highlight, this nexus varies. The first three are the “spectacular” attacks on the water or on land. The subsequent six are more subtle and, as a result, often harder to detect. And the last is a blurring that we are seeing more and more between “state sponsored” terrorism and states directly engaging in terrorist attacks themselves. All ten, however, should be pursued and interdicted as maritime terrorism.
1. An Attack on the Water from the Water
This is one of the three “spectacular” forms of terrorist attack, and likely the first that comes to mind when discussing maritime terrorism. The two archetypes of this attack are the 12 October 2000 bombing of the USS COLE and the 7 October 1985 hijacking of the ACHILLE LAURO.
In the COLE case, suicide bombers rammed a small skiff, laden with explosives, into the hull of the U.S. Warship at anchor in Aden, Yemen, killing 17 sailors. In the ACHILLE LAURO, Palestinian terrorists, posing as passengers, hijacked the cruise ship, killing one of the actual passengers in the process, and leading to a three-day standoff. While one is a bombing and the other a hijacking, both are attacks on the water from the water.
2. An Attack on the Water from the Land
The second of the “spectacular” attacks, this may, at the outset, appear indistinguishable from first, but is initiated and controlled by terrorists on land. In the years since the USS COLE bombing, technology has developed such that suicide bombers are no longer needed to drive the vessel into the intended target.
Operators, safely operating from land, can now use aerial or maritime drones to perpetrate the attack. In addition to the remote controlled “bomb boats” used during the ongoing civil war in Yemen, attacks like 29-30 July 2021 drone strikes on the MERCER STREET in the Gulf of Oman that killed two crewmembers, attacks on the water from the land are becoming more common.
While attacks from the air could be considered a separate category, it makes more sense to split them based on the location of their control. Attacks from manned aircraft over the water can be considered “on the water from the water” while attacks using unmanned aerial systems would be categorized based on the location of the operator – on land or at sea.
3. An Attack on the Land from the Water
The third of the “spectacular” attacks plays out on land but originates from the water. Amphibious attacks have had a place in warfare for millennia, but terrorist attacks from the maritime domain have caused several states to suffer acute national traumas in recent decades. The 26 November 2008 Mumbai terrorist attacks perpetrated by Lashkar-e-Taiba (LeT) led to the deaths of 175 people and a significant change in Indian security policies.
The ten terrorists used an Indian fishing vessel (killing its entire crew in the process) to get close to the coast, then came ashore in a dingy, and attacked India’s financial and entertainment capital for three horrific days. Similarly the 11 February 2013 amphibious invasion of Lahad Datu in Malaysia’s Sabah Island by the self-proclaimed “Royal Security Forces of the Sultanate of Sulu and North Borneo” led to a month and a half standoff. The potential potency of an attack on land from the water should not be underestimated.
4. A Precursor Attack in the Maritime Domain
Looking beyond the spectacular modalities, there are a variety of ways in which terrorists can engage in a less dramatic attack on the water as a means of setting up or preparing for a larger attack. In November 2008, for example, the LeT terrorists killed the five crew members of the Indian fishing vessel MV KUBER in advance of perpetrating the main attack on the city of Mumbai.
Interestingly, those five crew members are not counted in the death toll of the Mumbai attack. In perhaps a more out-of-the-box example of what could have been an even more brazen precursor attack, Egyptian authorities in 2013 were able to interdict a group of divers who were attempting to cut the submarine communication cables along the Egyptian coast. This particular grouping of cables accounts for one third of the world’s internet and cutting them would have resulted in major setbacks to potential security responses.
5. A Maritime Activity Related to Terrorist Financing
As much as 90% of world trade happens by sea, legitimately. The maritime domain is an attractive setting to make money legally. But it is equally, if not even more attractive in many cases, to those who wish to pursue profit outside the law. Terrorist organizations have increasingly turned to both illicit trade – like drug, weapon and human trafficking – as well as seemingly benign trade – in goods such as charcoal, fuel or sugar – to finance their operations.
6. Money Laundering of Terrorist Funds Through Maritime Activity
With the involvement of terrorist organizations in maritime economic activity, it is not surprising that some use otherwise legitimate maritime activities to launder their funds. Trade based money laundering is possible anywhere there is legitimate trade, and no venue on earth sees more trade than the maritime domain. The maritime domain is also a great place for informal value transfer networks like hawala or flying money to use seemingly innocuous goods as the means of balancing accounts held by terrorist organizations.
7. Maritime Activity Related to Terrorist Logistics, Intelligence and Sustainment
The appeal for terrorist organizations to be involved in maritime trade is not limited to funding. It is also a means of developing logistics networks to transport people, weapons or other material needed for an attack. That very process of developing a trade network also provides intelligence on potential points of failure – like coast guard or customs officials – who need to be avoided, influenced, or taken out to ensure that they do not spoil a plot.
And perhaps the most overlooked advantage for terrorists to be involved in the maritime domain is to ensure sustainment of an operation, providing a means of delivering food, ammunition, and supplies. This was evident in the 2017 Siege of Marawi in which Abu Sayyaf and other ISIS affiliated terrorists battled the Filipino armed forces for five months. Without having developed sustainment chains through drug and fuel smuggling, that siege could not have lasted so long.
8. Cyberattacks by Terrorists Targeted at Maritime Activity
An increased reliance on the cyber domain has increased the opportunities for cyberattacks. Increasingly, those attacks have occurred on the water. Given the impact of recent maritime incidents – like the EVER GIVEN that blocked the Suez Canal for six days, costing the shipping industry $416 million per hour – the maritime space may hold tremendous appeal for terrorist groups to perpetrate low cost cyberattacks with high impact.
For example, roughly $1,000 is all it took for a 2017 incident in which 20 ships on the Black Sea experienced navigational spoofing such that their positions all suggested they were not on the water, but at an airport on land.
9. Indirect Attacks on the Maritime Domain
While the previous eight modalities of maritime terrorism have all involved in the intentional use of the maritime domain, it is equally possible for a terrorist attack to have maritime consequences – even major ones – albeit unintentionally. In 2016, for example, the Niger Delta Avengers focused on attacking oil infrastructure in order to diminish Nigerian national income from oil production as a means of pursuing their political ends.
The indirect consequences of those attacks, however, were to destroy fish populations, diminish drinking water supply, and pollute the maritime domain for a generation. Similarly, the 27 June 2017 “Notpetya” ransomware cyberattack on a server in Ukraine was not intended to target the maritime sector. Unfortunately for Maersk – the largest shipping line in the world at that time – their network was hosted on the attacked server, forcing a reversion to analog management of the world’s largest fleet. That indirect attack cost roughly $300 million to remedy.
10. Hybrid Aggression
Distinct from the other nine modalities of maritime terrorism, hybrid aggression is a form of state action. Hybrid aggression is where a state that has a conventional force chooses to engage in unconventional activity in a manner that, at least initially, casts doubt on who the real perpetrator is. As with terrorism, there is always an illegal act and the activity is scalable, meaning it can be dialed up or down, depending on the response.
It is worth noting, however, as states have increasingly been engaging either directly or indirectly in activity that otherwise mimics terrorism. The MERCER STREET attack, for example, had all the markings of maritime terrorism, except that the perpetrator was Iran, not a terrorist group. Similarly, Iran, not a terrorist group, spoofed the position of the STENA IMPERO in order to be able to arrest it inside Iranian territory in July 2019 and use it as a bargaining chip to gain the release of the GRACE 1 held by the British in Gibraltar.
Beyond Iran, Russian and Chinese hybrid aggression in the maritime domain has often mimicked terrorist attacks, and in some cases has been perpetrated by entities that could be considered non-state actors. This blurring of the line between state-sponsored terrorism and the use of terrorist tactics by state actors makes hybrid aggression a difficult but critical tenth category, as security officials must be cautious in identifying it.
These ten modalities of maritime terrorism are not necessarily exhaustive, but they do provide a somewhat parsimonious taxonomy to assist security professionals in identifying and countering terrorist activity in the maritime domain. As a practical reality, most states have limited maritime law enforcement capacity, and the same agency is often tasked with countering everything from fishing without a license to oil spills to drug trafficking to piracy.
Understanding how terrorists may be engaging in the maritime space can help sensitize analysts and operators to terrorist activity that may otherwise be obscured. At the same time, that understanding can help inform policy makers how to create a national-level approach that limits opportunities for terrorists to engage in any of the ten modalities. A state’s national security may be significantly impaired by any one of these terrorist activities, so every state should proactively strive to make itself as inhospitable as possible to all ten modalities of maritime terrorism.
Dr. Ian Ralby is a recognized expert in maritime law and security and serves as CEO of I.R. Consilium. He has worked on maritime security issues in more than 80 countries around the world, including in Ecuador and the wider Pacific Coast of South America. He spent four years as Adjunct Professor of Maritime Law and Security at the United States Department of Defense’s Africa Center for Strategic Studies, and three years as a Maritime Crime Expert for the UN Office on Drugs and Crime. I.R. Consilium is a family firm that specializes in maritime and resource security and focuses on problem-solving around the globe.
Source: Real Clear Defense