Since the worst-case scenario became a reality with September's terrorist attacks in the U.S., organizations of all kinds have been forced to re-evaluate how security applies to their operations. While the nation's focus has been primarily on the aviation industry, those of us in the maritime community have immediately seen many ramifications for water borne transportation. Because of the monstrous scale of death and damage, the industry can expect governments and regulatory authorities to apply varying degrees of increased security measures throughout the free world's infrastructure.
Substantial security measures have already been taken in the maritime sector. The U.S. Coast Guard
is instituting several new port security measures. Security zones have been established in U.S. ports, reporting requirements for vessel arrivals have been greatly expanded and the Coast Guard is escorting vessels perceived to be high-risk targets for potential terrorist activity. Government organizations are also scrutinizing a vessel's previous ports of call and are requiring crew lists supply the country of origin of each crew member.
While this reaction is understandable, activity of this nature is difficult to maintain and often does not address the root causes of the problem. For the long-term, the industry must ensure that remedies and corrective actions taken are well thought out, help sustain vigilance and supply the resources required to achieve a systematic approach to security. If done properly, the solutions will continuously improve performance, prevent security breaches at all levels and mitigate the inevitable, increased cost demands on business. The solutions should be designed to incorporate existing infrastructures and technologies and be scalable and flexible in order to meet new opportunities and needs. This challenge will be difficult, but now is the time to act.
In the past 15 years, the maritime community has witnessed a rising tide of regulations that have focused primarily on safety and environmental protection. In the aftermath of September 11th, new rounds of regulations concentrating on security are likely to be created. This will bring added economic pressure to an industry that already suffers narrow profit margins and steadily increasing administration costs.
The industry has recently seen the implementation of two major international mandates, the International Safety Management (ISM) Code and the International Code for Seafarers Certification Training and Watchkeeping (STCW). These two initiatives have driven massive increases in administrative, compliance and other operating costs and, in turn, assisted in changing the overall face of the industry itself. As anxieties subside, and people and businesses return to normal, corrective actions will be reviewed and well intentioned professionals will attempt to implement solutions to increase security and provide protection to people, property and the public at large. It is a good and worthy goal. However, an initial concern for mariners is the possibility for the birth of another management system — Security Management.
The incorporation of a Security Management System is not needed, will confuse instead of improve the situation and will add to an already significant burden. The maritime industry presently operates under several management systems, including some that address Safety Management (ISM Code), Quality Management (ISO 9000) and Environmental Management (ISO 14000). These standards are perfectly suited to address security requirements and negate any necessity for establishing a new standard. As an example, consider the stated objectives of the ISM Code: "to ensure safety at sea, prevention of human injury or loss of life, and avoidance of damage to the environment, in particular, to the marine environment, and to the property." Further, the Code requires Companies to implement a system that "establishes safeguards against all identified risks," including preparing for the emergencies related to both safety and environmental protection.
All successful management systems are supported by the same basic principles. They require acceptance and leadership from senior management, a written policy, applicable written procedures, a cultural commitment and evidence of compliance. Advanced systems also require performance measurement to gauge an organization's execution of documented policies and procedures. For years management system experts have been preaching integration of management and technology systems as a key component of effectively managing processes. Today it is more imperative than ever to apply the principles of management systems across multiple functions (safety, environmental protection, quality and now security) and leverage the productivity benefits of information technology.
"Man will occasionally stumble over the truth, but most of the time he will pick himself up and continue on." — Winston Churchill
What are the Threats?
The Marine industry, like aviation, is a part of the transportation industry
and therefore an obvious target for terrorist attacks. Many ship managers have already envisioned the horror of having a bomb placed on one of their vessels in a populated port. Vessels such as tankers and cruise ships are particularly likely to be appealing targets for terrorists because of the high potential for loss of human life and destruction.
Another type of criminal posing a security threat to the maritime industry is pirates. International law defines piracy as the attack of a ship for private ends (money). Though motivated by money and not political or religious aims, piracy is an increasing menace to the international shipping trade and should be addressed in a company's Safety Management System.
Also, there are individuals who may pose as security threats to maritime businesses and our economy in general. These include hackers, who attack our information infrastructure, and disgruntled employees.
Shipboard Security Procedures
The international and dynamic nature of the business and services provided makes the shipping industry more vulnerable to security lapses than most other industries. The amount of variables involved in protecting a ship are, by far, more numerous than protecting a manufacturing plant. It's not effective to put a fence around a ship. However, with a comprehensive security program a company can limit access to both the ship and the terminal or port facility the vessel is calling on. Shipping companies should review the content of the policies, plans and procedures in their management systems to verify they adequately address elements such as training, communications, key procedures and emergency preparedness that apply to security issues. Some examples of management system improvements for shipboard security include:
A vessel's gangway is the easiest point of access to a vessel when it is moored at berth. Too often, the crew member assigned to monitor gangway access is not given clear instructions for boarding procedures and when to call for the assistance of an officer. Furthermore, decreased manning levels on ships often result in the gangway watch taking on additional responsibilities that require leaving the gangway unattended for periods of time. Vessel operators need to emphasize the security aspects of the gangway watch in procedures and training. Items to be addressed should include Embarking/Disembarking procedures (for crew, guests and contractors), communication procedures (internal and ship-to-shore), Stores and Package Receiving procedures, and Security Equipment (lighting, CCTV's, hand-held radios, etc.) In many ports, the terminal or a third party provides a security officer. In such cases, the vessel should have procedures to familiarize the security officer with his responsibilities to the vessel. In all cases, the Master of the vessel must ensure that this security is adequate and that security personnel know and understand shipboard requirements and procedures.
One of the most difficult processes to carry out aboard a vessel is validation of a crew member's certification. Forged and illegally obtained documents are widespread and must be dealt with through a cooperative effort from several sources. Validation procedures should include input from the vessel, vessel management, manning agencies or unions and, in some circumstances, flag-state administrations.
Captain's Interview of Crew Members
Ship's Masters should conduct one on one interviews with each new member of the crew as they sign on. A thorough interview will give the master insight to the capabilities and attitude of the crew member and provide the opportunity to immediately establish policy and expectations aboard the vessel.
Security Tours, Contingency Plans
Crew member's rounds, both at sea and in port, should always include elements of security. Tours and inspections throughout the vessel can include checks for intrusion and piracy, lock and key control and adherence to limited access spaces. Also, vessel management systems should be examined for content of their Emergency Response Plans. Most vessels have plans for emergency items such as pollution events (hazmat, oil spills), medical emergencies, fire, abandon ship, man overboard and many other. However, few vessels have contingency plans for bomb threats, dealing with intruders or hostage situations.
For all of the security measures that can be taken aboard a vessel, effective security in port is only possible if the port authority and terminal operator also engage in effective security measures. Items to consider for port security are guarding the perimeter of the terminal, including surveillance and protection of the water borne boundaries, conducting drills for bomb threats, hostage situations and intruders and practicing security measures in all terminal employees' routines. Port procedures and plans must be communicated to calling vessels and coordinated with vessel procedures and requirements. For example, security plans should be raised and coordinated during the initial operations briefing held between the vessel's cargo officer and the load/discharge supervisor ashore. Ideally, operations checklists provided by each party in this meeting should reflect security requirements.
Additionally port authorities must effectively coordinate all elements of the system (i.e., working with shipping agents to gain access to cargo manifests, ETA, ETD, previous port of call, destination, and tracking movements of dangerous materials in the port).
Fortunately, most of the financial services companies affected directly by the collapse of the World Trade Center had data recovery and data management systems already in place. Other companies around the world, however, have not prepared themselves for a disaster of this scale and are now considering solutions to solve issues raised by the crisis. According to Carrie Lewis, an analyst at Yankee Group Inc. in Boston. "Almost every company out there is rethinking what they are doing." The question for all companies to consider is "what would happen if a bomb destroyed the building that houses company computers?"
As the maritime community assesses its weaknesses with regard to vessel and port security it must bear in mind that the means to implement the improvements already exist through implemented Safety, Environmental and Quality Management Systems.
Companies with practicing management systems can simplify the otherwise daunting task of incorporating additional security measures by using the tools built into these management systems. Identification and implementation of the changes needed to a company's security procedures can be administered through existing audit, document control, and training procedures.