Port Security: A Work In Progress?
Henk van Unnik, a member of the Executive Committee of the European Commission’s FP7 project ‘SUPPORT’ discusses the framework further.
With 90 per cent of EU’s external trade and 40 per cent of internal trade transported by ship, the contemporary sea port is a vital cog in the massive machine that is 21st Century commerce. Unsurprisingly, port infrastructure and the 3.5 billion tonnes of freight that flows through EU facilities are vital to maintaining both global and individual countries’ economic wellbeing.
From a security perspective, ports, harbours and their associated infrastructure can be considered high risk terrorist targets for a wide range of reasons. Not only would an incident fulfil the terrorist’s desire for chaos by causing severe localised disruption, but the repercussions would be felt through the logistics chain across Europe and around the world. Threat levels would be heightened with security checks increased. The throughput of cargo would be reduced and logistics chaos could be expected due to the likelihood of false alarms precipitated by increased vigilance, concern and uncertainty. An attack on a port installation would also fit with the contemporary terrorist modus operandi where the desire to create fear, chaos and casualties is often married to a need for exposure to the world’s media. The world’s 24 hour rolling news channels would not hesitate to cover a terrorist attack on a port facility in every grim detail.
THE THREAT IS COMING CLOSER
Attacks on USS Cole in Yemen and French oil tanker Limburg in the Arabian Sea have already demonstrated how vulnerable large vessels are to terrorist attack. Perhaps more worrying is the incident at the Israeli Port of Ashdod where an attempted attack on the port’s infrastructure was foiled. Intelligence indicates that terrorist groups are training for more sophisticated, maritime operations and the current instability in Syria is certainly bringing the threat closer to Europe.
Post September 11 2001, the United Nation’s International Maritime Organisation (IMO) realised that a step change in ship and port security was required to address the frightening new terrorist threat where existing understanding of modus operandi or potential targets no longer applied. Within the Safety of Life at Sea (SOLAS) regulations, the IMO developed the International Ship and Port Security code (ISPS) which regulates security onboard ships, as well as inside ports and terminals which receive seagoing vessels on international voyages. The ethos of the ISPS code is very preventive with a focus on stopping weapons or explosives being brought into a terminal or onto a ship. This is addressed by means of a vulnerability assessment and threat assessment based on the type of terminal. Risks and vulnerabilities are very different when considering a container, bulk or passenger terminal and so all assessments must be specific and bespoke. The ISPS code also specifies a basic security framework including monitoring and controlling access, monitoring the activities of people and cargo, the preparation of specific ship and Port Facility Security Plans and the appointment of Ship Security Officers and a Port Facility Security Officers (PFSO).
148 flag or coastal states around the world have committed to the ISPS Code following its initial deployment in 2004 and now have a legal obligation to comply with its requirements and to submit information to the IMO.
SAFEGUARDING EU PORTS
Soon after the IMO’s deployment of the ISPS code, The European Commission issued Directive 725 – its own contribution to reinforcing port and shipping security across the European Union (EU). Directive 725 is identical to the ISPS code in content, but all European national authorities are obliged to comply with it in accordance with the 1958 Treaty of Rome and the 1992 Treaty of Maastricht. Unfortunately, through a twist of European law, EU Directives requires member states to achieve a particular result without dictating the means of achieving that result. Consequently, the ISPS code was implemented by 21 EU countries, each in a different way without any homogenisation of approach or standardisation. Without a Pan-European Federal Agency like the US’s Department of Homeland Security, the European Union has no power to compel member states to work together or to follow prescriptive guidelines.
Although responsibility rests with a variety of ministries or other government agencies across Europe, the burden of compliance and implementation of the ISPS code has been passed down to the individual terminal operators. This produces an interesting paradox as commercial companies whose aim is to make a profit to serve their board or shareholders are being made responsible for an activity that does not necessarily deliver any business benefit. Not surprisingly, enhanced security beyond that required to protect day to day business operations are often not high on Terminal Operator’s agendas, especially when national authorities do not have the power to force them to invest in such security measures. Despite the best efforts of regularity authorities, too often port security is a paper tiger.
PORT FACILITY SECURITY OFFICER
Because of the very nature of a port facility with huge volumes of vehicle and cargo movements in and out each day, the level of security that can be physically implemented will always be a balance between risk and commercial reality. In this context the role of the Port Facility Security Officer (PFSO) is key to ensuring this fine balance is maintained.
Providing a framework to assist the PFSO is a major element of the EU’s Security UPgrade for PORTs (SUPPORT) project (www.supportproject.info) which is part-funded by the EC’s FP7 Research & Technological Development Programme. It is a collaboration of twenty European organisations whose focus is to raise the current level of port security. The SUPPORT project’s main objectives are to deliver ‘validated’ generic port security management models (capturing reusable state-of-the-art and best practices) that can be customised for specific ports; and training and open standards based tools to aid security upgrade in EU ports.
SUPPORT integrates legacy port systems with new surveillance and information management systems. It efficiently supports the complexity of a real port environment though an integrated, holistic approach. This ensures an improved level of security, while reducing the associated administrative burden on the port.
Amongst the partners are a number of ports that have been selected to represent typical, but different operations. Starting from the perspective of the partner port operations, the project has identified key security gaps and has produced generic models describing measures to maintain or augment the efficient and secure operation of these ports. Communication and decision support tools incorporating semantic technologies have been developed, accessible to all the port security stakeholders.
Full scale demonstrators have been organised in representative EU ports (Gothenburg, Lisbon and Piraeus). The full scale demonstrators will be augmented with a broader evaluation programme by members of a European Ports Security Forum. SUPPORT solutions include policy and standardisations proposals and training that can be used by any EU port to efficiently enhance its security level.
SECURITY MANAGEMENT SYSTEMS
One of SUPPORT’s key outputs is the Port Security Management System (PSMS) (http://www.mypsms.com/). The PSMS is designed to help PFSOs to upgrade their security systems by empowering them with knowledge. It provides information, skills and methodologies that enable them to maintain evaluate and upgrade their security measures and create security awareness without major investment. The PSMS also delivers outputs in the form of graphics that can be used to reinforce security threats and potential mitigation measures in presentations to managers or boards of directors. The whole PSMS package comprises five elements including a maturity module designed to enable security professionals to review and upgrade security plans to address terrorist threats; a corporate security module which addresses crime risks such as loss events, related to corporate processes and procedures; an e-learning education and examination module based on best practices of ISPS related maritime security educations including drills and exercises; a sharing and decision support module which enables security professionals to supervise facilities via the internet and to collaborate on a local, national or global scale; and an Authorised Economic Operator (AEO) security self-assessment module which provides a system to reach compliancy and submit AEO application.
The dashboard has been tested in various European cities including Brussels, Dublin Gothenburg, Lisbon and Rotterdam, with more than 25 security, port security and IT experts from seven countries providing feedback and counsel. Their responses were overwhelmingly positive and enthusiastic with particular interest and value being placed on the multi-faceted nature of the system. Most of the testers especially liked the fact that a PFSO can access the system remotely from any location thanks to the web-based platform.
While current geo-political, socio-economic and religious tensions mean that the threat of terrorism is never far away, improved security across all European ports will help reduce the risk of a terrorist incident taking place. The pressure of balancing commercial realities and security threats will certainly persist as long as current legislation remains in place placing the burden of investment and compliance on terminal operators. There is a school of thought that suggests the status quo will remain until a major terrorist incident takes place in a European port facility.
With access to SUPPORT’s Port Security Management System (PSMS), PFSOs now have the tools to assess the situation, advise their management team and make the right decision, whatever the security threat might be.