Blackbeard may not be the first name that comes to mind when considering cybercrime, but prior international efforts to stop stateless rogue actors can point us toward the proper focus for cybersecurity—governments taking responsibility to solve a classic collective action problem by direct action, supporting existing industry defense measures, and leading multilateral cooperation efforts. This strategy stands in stark contrast to the SEC’s proposed cybersecurity approach: name and shame public companies that, after suffering a data breach, would be forced to issue public statements to shareholders before they have closed the exploited vulnerability or fully assessed the situation. Our hope is that the fight against maritime piracy can point to a better way to address online pirates.

Antipiracy Coordination as a Blueprint for US Cybersecurity

The Strait of Malacca is a narrow stretch of water that serves as the primary shipping channel between the Pacific and Indian Oceans. In the late 1990s, the strait was a safe haven for pirates committing robberies, vessel hijackings and kidnappings for ransom. Lawrence E. Cline, “Suppressing Piracy in the Strait of Malacca, in Global Responses to Maritime Violence: Cooperation and Collective Action 225″ (Paul Shemella ed., 2016). A coordinated regional response to the maritime misconduct began in July 2004 with the launch of the Malacca Straits Sea Patrol, followed by a series of other cooperative security measures undertaken by Indonesia, Malaysia, Singapore, and eventually Thailand. The countries developed their own secure information-sharing system that enabled real-time data analysis and intelligence reporting. Additionally, the broader Regional Cooperation Agreement on Combating Piracy and Armed Robbery against Ships in Asia (ReCAAP), the first regional agreement to promote and enhance cooperation against maritime piracy, was implemented in 2006 and played a critical role in antipiracy efforts in the Malacca Strait. ReCAAP, About RECAPP-ISC. Specifically, ReCAAP’s Information Security Centre facilitated communication and information exchange among participating governments in order to improve incident response in the region. Cline, supra note 1, at 233. Between 2004 and 2011, piracy in the Southeast Asian region decreased by 70% (id. at 235), and the International Maritime Bureau’s Piracy Reporting Centre (IMB-PRC) did not report a single pirate attack in the Malacca Strait between 2016 and 2018. Ian Storey, Piracy and the Pandemic: Maritime Crime in Southeast Asia, 2020-2022, Fulcrom (Aug. 15, 2022). (During the COVID-19 pandemic, both the IMB-PRC and ReCAAP-ISC reported only one minor piracy incident.)