Security, surveillance, protection from maritime crime and piracy in Southeast Asia | Melbourne Asia Review

Melbourne Asia Review is an initiative of the Asia Institute. Any inquiries about Melbourne Asia Review should be directed to the Managing Editor, Cathy Harper.

Email Address

Over the course of the last two decades, Indo-Pacific sea lanes have become much more secure against the threats posed by pirates and other criminals. In fact, whereas Southeast Asian waters were not so long ago regarded as being among the world’s most dangerous, the ASEAN member states, their international partners, and the shipping industry have come together to marshal the resources necessary to mend the seams that criminals had been exploiting.  However, despite this progress, the criminal threats have not been completely eliminated.  Furthermore, problematic trends point to the possibility that the criminal threat could become revitalised.

Southeast Asian sea lanes are essential to global supply chains

McKinsey & Company explain that: ‘The supply chain is the interconnected journey that raw materials, components, and goods take before their assembly and sale to customers.’ For 80 per cent of goods moving internationally, that journey is by sea. Those voyages are not spread evenly across the world’s oceans but follow the sea lanes that constitute the most efficient path (typically the most direct) between supply chain nodes. The sea lanes connecting East Asia, Australia, South Asia, the Middle East, Africa and Europe all converge in Southeast Asia, the crossroads of the Indo-Pacific. Furthermore, Southeast Asia’s status as a heavyweight exporter of raw materials, manufacturing powerhouse, trans-shipment hub, and large-scale consumer means that its ports are exceptionally busy.  

The peninsulas and islands that comprise the region’s land areas drive maritime traffic into tightly confined water spaces. The most congested of these chokepoints is the Singapore Strait, a 19 kilometre-wide channel between Singapore and Indonesia transited by approximately 1,000 ships each day that convey up to 70 percent of the world’s global maritime trade. Similarly important passages—for example, the Malacca Strait, Bashi Channel, Sunda Strait, and Lombok Strait—cut through or run adjacent to the Indonesian and Philippine archipelagos. Thus, safe, free and fair access to the sea lanes of Southeast Asia is essential to the health of global supply chains.

International law establishes the governance system that underpins the good order at sea needed to ensure sea lanes can be freely and safely used by commercial actors. The enforcement functions of that system fall mostly on the states, particularly the flag, port and coastal states. Unfortunately, most international commercial operators choose to register their ships in states that offer so-called ‘flags of convenience’ and take minimal action to enforce the rules or maintain standards. This leaves the coastal and port states shouldering the governance burden with minimal assistance. Unfortunately, in Southeast Asia, almost all of those states lack the capacity necessary to effectively govern their large waterspace and consistently enforce the rules. Only, Singapore, a wealthy nation with limited waterspace can meet its obligations. This situation where criminals have relative freedom to plan operations from land, the opportunity to attack at sea, can access markets, and avoid prosecution, leaves the door open for non-state actors to disrupt sea lanes for illicit ends. Highly porous and sometimes disputed borders expand those opportunities.  Of particular concern for supply-chain security have been pirates, armed robbers, and, to a lesser extent, terrorists which have historically exploited maritime governance gaps to attack the marine traffic concentrated in congested waters.

Piracy, robbery and terrorism ran amok in Southeast Asian waters not so long ago

During the years around the transition from the twentieth to the twenty-first centuries, Southeast Asia’s piracy and armed robbery rates were the world’s highest. Attacks were becoming more frequent, more violent and more egregious, regularly involving the hijacking of entire vessels and the kidnapping of crew members. During this period, the International Maritime Bureau-Piracy Reporting Center provided the best public data on piracy and armed robbery at sea. It tallied 99 incidents of attempted and successful attacks in Southeast Asia voluntarily self-reported by shippers in 1998. That number almost doubled to reach 167 in 1999 before climbing further to 257 in 2000. Things improved slightly in the period from 2001 to 2004, but still averaged 174 attacks per year.

At the turn of the century, terrorism and violent extremism were also major regional problems that too frequently bled into the maritime domain. In February 2000, the Moro Islamic Liberation Front bombed the Philippine ferry Our Lady Mediatrix, killing 40 people and wounding another 15. The next month, the Abu Sayyaf Group conducted a cross-border amphibious operation to kidnap international tourists from Sipadan Island in Malaysia. They used the same tactic the following year to take foreigners hostage from Palawan island in the Philippines. In December 2001 the bombing of the ferry Kalifornia, near Indonesia’s Ambon city killed 10 and injured 46. The 2004 bombing of SuperFerry 14 was the most deadly terror attack in maritime history. On fire, the ship sank in Manila Bay killing 116. While these attacks did not target the vessels vital to global supply chains, the vulnerability was clear and analysts pointed out that a small shift in the terrorists’ motivations could spell a seachange for commercial shipping.  In 2005, the insecurity of Southeast Asia sea lanes reached a public crescendo when the Lloyd’s insurance market, the Joint War Committee, declared the Malacca Strait to be at risk from ‘war, strikes, terrorism and related perils.’ Shippers’ insurance rates skyrocketed, yet, by that point, the region was already beginning to turn a corner toward improved maritime security.

Southeast Asian states shore up the maritime governance capacity

An essential factor enabling short-term gains against criminals was an improvement in the regional states’ maritime governance. Southeast Asia’s coastal states collectively recognised the need for greater action and assigned maritime security greater policy priority while increasing the resources allocated for maritime law enforcement and criminal prosecution. Regional economic recovery further enabled the expansion of resources for maritime governance and the coastal states also benefited from expanded capacity-building support from partners beyond Southeast Asia, particularly Japan, the United States and Australia. A clear manifestation of these resources was the development of regional coast guards as strengthened agencies or new, maritime security-focused forces spun off from the navies.

As safeguarding regional traffic gained policy priority in the coastal state capitals, so too did the urgency of efforts to establish the regional inter-state cooperation necessary to close the transnational gaps that pirates and other maritime criminals had been exploiting. Much of this coordination took the form of informal agreements to prioritise information exchange and other technical cooperation to enable transnational law enforcement. Other efforts were more high-profile. For example, in July 2004 Singapore, Indonesia, and Malaysia initiated a standing program of trilateral coordinated patrols in Malacca Strait. This arrangement, named the Malacca Strait Patrol, was soon augmented with international airborne surveillance activities, intelligence exchanges and information-sharing and the incorporation of Thailand as an additional partner. Providing another example, in November 2004, 16 Asian countries finalised the Regional Cooperation Agreement on Combating Piracy and Armed Robbery against Ships, an international organisation that sponsors an Information Sharing Center (ReCAAP ISC) to maintain databases, conduct analysis, and provide service as an information clearinghouse. In 2009, Singapore established the Information Fusion Centre (IFC),  where its Navy now hosts 25 international liaison officers from 20 nations focused on multinational capacity and confidence building. The nations represented include both ASEAN members and extra-regional states with interests in the safety of regional sea lanes and desire to improve collaboration. This means that there are now three established datasets for regional maritime crime data. These vary by sourcing, timeframes and focus, so, even when these are not fully consistent with one another, the data can be used in a complementary manner to understand wider trends.

Global maritime developments boost Southeast Asia’s maritime security

In the wake of the Sept 11, 2001 attacks on the US, global concerns grew that the terrorists and criminals who had previously been regarded as local threats could conduct large-scale attacks. The use of relatively anonymous shipping containers to deliver weapons such as ‘dirty nukes’ or the hijacking of a liquified natural gas tanker to serve as a ‘floating bomb’ were two of the more frequently discussed scenarios. Therefore the international maritime community moved to close off such opportunities with the creation of the International Port and Security Code (ISPS), which mandated a comprehensive set of security measures be implemented by port and ship operators.

In Southeast Asia, the commercial sector initially grumbled about the costs of taking more responsibility as they had previously relied heavily on government action and insurance to manage risk, but operators generally complied. From that point, attitudes within the shipping community began to shift. To some extent, the operators began to act proactively to ‘get ahead’ of government and IMO mandates. However, they also recognised that the dangers were real and self-help was prudent. Those views became more widely accepted as the voices of ship security officers, newly mandated by International Ship and Port Facility Security, began to influence the business cultures involved.

In 2009 shipping community actors, led by BIMCO (a shipping association that represents approximately 60 percent of global commercial shipping tonnage) established the industry-standard Best Management Practices to deter piracy and armed robbery. This document is now on its fifth iteration and is largely used by ships transiting through Southeast Asia. Furthermore, the shipping companies have become more eager to engage in partnerships with governments. Contact group meetings and exchanges of views, once shunned, have become commonplace, especially in Singapore where they are hosted by both the ReCAAP ISC and the Information Fusion Centre.

State capacity has also been boosted by vast improvements in maritime domain awareness capabilities. The cost of surveillance technology has fallen dramatically and states have also been ready to invest in the personnel and systems needed to effectively process, evaluate and disseminate that information to decision-makers. Similar communications and surveillance technologies have been incorporated into commercial shipping to make voyages cost effective and provide shippers with more information to share and the easiest paths to transmit the data to governance agencies. While the capabilities remain less than ideal, they are far better than what states could hope for just a decade ago.

Advancements in the use of the transponder-based automatic identification systems (AIS)—by which ships transmit information about their status including name, location, course, speed and destination—illustrate how technological innovation has strengthened governance. In 2000, when the International Convention for the Safety of Life at Sea (SOLAS) was revised to include the first mandate for the use of AIS, the requirement only applied to vessels over 300 gross tons. As simpler, lower-cost AIS equipment entered the market and additional requirements were put in place by various authorities, systems were widely installed on vessels of all classes, including almost all commercial traffic transiting Southeast Asian sea lanes. Furthermore, whereas AIS transponder signals were originally designed to be received by ground stations, the development of better sensors and relatively inexpensive small satellites means that AIS data can now be tracked and shared globally. Today, much is even freely available on public websites. Thus, AIS data became more prolific, available and used for those conducting governance operations. Similar advances in drones, satellite-based radar and electromagnetic surveillance, and information management technology have delivered states much greater access to gather and process surveillance information.

Southeast Asia’s maritime governance gathers steam through inter-agency cooperation

As Southeast Asian states expanded their maritime governance operations and began dealing with increasing volumes of data, they developed their interagency coordination mechanisms to expand capacity and reduce inefficiency. In many cases, these mechanics took the form of interagency maritime security centers or information hubs. Some of these were completely new while others were built by modernising existing organisations. For example, the Thai Maritime Enforcement Command Center was originally established as a coordination centre with its functionality limited to information sharing, but in 2019 it was upgraded to become the overarching national maritime governance authority that draws resources from many state agencies. Similar establishments popped up across the region such as in Singapore, the Philippines and Indonesia. All remain beleaguered by domestic political competition and resource limitations, but they also represent clear progress in terms of the governance functions they support.

Improvements in the coastal states’ governance capacity have enabled further suppression of piracy, armed robbery, terrorism and other maritime crimes targeting commercial shipping in Indo-Pacific sea lanes. According to ReCAAP reports, during the period from 2007 to 2022, the number of reported attacks (attempted and successful) in Asia fluctuated between an annual low of 76 in 2016 and a high of 203 in 2015 with an average of 119 attacks per year. It is also true that incident reporting and documentation were improving and there capturing a greater percentage of the events in the reports. Therefore, in terms of the basic incident count, the only real 15-year trend that can be ascertained is the persistence of attacks. However, during this period the most egregious types of attacks were eliminated. Whereas 20 years ago ship hijacking and kidnappings were relatively common, the vast majority of incidents now reported amount to petty theft.

According to ReCAAP, the most recent Category 1 incident (a ReCAAP classification reflecting ‘very significant’ where crew likely to suffer some form of injury or physical violence or abandoned or kidnapped and, the ship is either hijacked or the cargo on board is stolen) in Southeast Asia was reported in 2020 when crew members were abducted in the Sulu Sea. Prior to that,  ReCAAP reported Category 1 incidents in 2017 when three hijackings took place in the southwestern reaches of the South China Sea. The IFC’s reports show similar improvement though they additionally document a 2023 hijacking case in Indonesia, likely referring to media reports of an incident involving fishing boats to the west of Kalimantan. In sum, serious criminal violence is down in Southeast sea lanes and the incidents of recent years do not represent meaningful threats to supply chain security.

Problematic trends and the possibility of backsliding

The persistence of criminal incidents, even though they are less violent and smaller in scale, shows that the region’s waters are not risk free. Furthermore, there are real reasons to worry that progress may be stalled and regional maritime governance may even be at risk of backsliding.

While imperfections in the data prevent definitive conclusions, indications point toward a recent uptick in the volume of pirate attacks and armed robberies. Singapore’s IFC calculated a 23 percent increase in incidents across Southeast Asia from 2022 or 2023. A noteworthy concentration of these events has been in the eastbound lane (southern side) of the Singapore Strait where the IFC reports counted only 37 incidents in 2020, but 59 incidents in 2021, 55 in 2022 and 58 in 2023. These incidents remain at the scale of petty theft crimes, but the trend may be an early sign of an unfortunate direction for regional maritime security.

Several problematic trends would suggest that Southeast Asia could be at risk of turning another corner such that maritime security threats reemerge or otherwise become more problematic. Three are particularly noteworthy.

  • First, as technology costs continue to drop, criminals are increasingly able to access the sort of high-quality maritime awareness data that was previously only available to states and the largest international cooperations. This is already enabling them to improve their targeting, identify opportunities and streamline operations. Illustrating this case, low-end criminals operating in the Strait of Singapore describe how they use Automatic Identification Systems and smartphone applications to enable their attacks. This seems like routine technology now but would have been beyond their reach 10-15 years ago.
  • Second, cyber threats are emerging as a new angle for criminals to attack sea lanes. So far, criminals have not struck high-profile regional targets, but Southeast Asia suffered collateral damage as the 2017 NotPetya cyber-attack on Maersk which shut down shipping operations and ports globally. The backlog created by the port closures in the wake of the 2023 attack on ports run by DP World Australia is another example. These could be the tip of the iceberg. Should a major Southeast Asia port be shut down or an attack disrupt traffic in the Malacca Strait, the global impact could be exceptional.
  • Third, as regional geopolitics becomes increasingly defined by competition between great powers, especially in the maritime space, cooperation within the region is becoming more difficult. This contrasts with two decades ago when prospects for cooperation were constrained, but growing. Today, even cooperation is harder than ever and even small decisions are measured against the possibility that they might be perceived as a high-consequence lean toward one side or the other. This trend is illustrated by ASEAN’s inability to hold a joint military exercise in the South China Sea, despite a history of naval exercises in that body of water, out of concern that the event would be an affront to China. In the end, the 2023 exercise went ahead in a less sensitive location, but the need to factor in considerations when engaging in other forms of maritime cooperation has become an unfortunate reality.

These problematic trends may very well give the pirates, terrorists and other criminals the cracks of opportunity they need to re-emerge as a meaningful threat. Given the importance of Southeast Asian sea lanes for global supply chains, such a development would have problematic repercussions well beyond the immediate area of the attacks.

Image: HMS Westminster Conducting Boarding Operations in the Indian Ocean. Credit: Defence Imagery/Flickr.

This article is part of the ‘Blue Security’ project led by La Trobe Asia, University of Western Australia Defence and Security Institute, Griffith Asia Institute, UNSW Canberra and the Asia-Pacific Development, Diplomacy and Defence Dialogue (AP4D). Views expressed are solely of its author/s and not representative of the Maritime Exchange, the Australian Government, or any collaboration partner country government. 


cyberthreats geopolitics piracy security shipping supply chains Southeast Asia surveillance