International Law Studies


Michael Petta


In 1988 the International Maritime Organization modernized international law in response to a vexing problem of the time—maritime terrorism. Before then, not all violent crimes against vessels amounted to piracy and therefore many maritime criminals escaped justice. To close this gap and facilitate the prosecution of those who endanger navigation, IMO member States enacted the 1988 Convention for the Suppression of Unlawful Acts Against the Safety of Maritime Navigation. More than three decades later, the 1988 SUA Convention may be useful to address a more modern problem—cyberattacks against commercial vessels. The 1988 treaty prohibits various acts against shipping, including the placement of a device on a ship when likely to cause damage that could endanger the ship’s navigation. This article explores whether this specific prohibition extends into the digital domain. It looks at the existing international regulatory framework meant to mitigate cyber threats and examines whether State parties of SUA may prosecute maritime malware cases that happen to breach the international regulatory framework. The article concludes that malware qualifies as a device under the treaty and advocates for the 166 State parties to incorporate SUA prosecutions into their maritime cyberattack response plans.