Regulations and money are all part of maritime security

Bringing Mixed Results

Regulations and money are all part of maritime security

Bring Mixed ResultsMaritime ports are complicated, amorphous creatures; their sheer breadth is staggering. In the United States alone, there are more than 3,700 cargo and passenger terminals with more than 1,000 harbor channels running along roughly 12,800 miles of coastline. The Port of Houston, not even the biggest, in fact, has 28 miles of coastline.

According to the U.S. Coast Guard, there are 361 major ports with port authorities as the others are governed by various state and local public entities, portnavigation districts and municipal port departments. Port authorities’ purview includes airports, bridges, tunnels, commuter rail systems, inland river or shallow draft barge terminals, industrial parks, Foreign Trade Zones, world-trade centers, terminal or short-line railroads, shipyards, dredging, marinas and other public recreational facilities. They compete amongst themselves because, ultimately, ports are engines of commerce…big engines of commerce.

Of the Business Roundtable’s most recent numbers (2012), international trade is responsible for approximately 38 million American jobs, including those who are employed in exporter/importer-related businesses and support industries throughout the United States. And, the airport and maritime security budgets are expected to grow to roughly $40 billion by 2018, up from $22.28 billion in 2013, according to market research reports.

An attack on a major U.S. port would have serious ramifications for the entire globe because, according to U.S. Census statistics, the value of international goods shipped through U.S. seaports in 2011 was $1.73 trillion, representing more than 11 percent of the total U.S. GDP. This does not include the value of domestic cargo moved through seaports (estimated to be one billion tons annually), the value of cargo-handling services or cruise-industry impacts.

Acting, not Reacting

When the U.S.S. Cole was attacked in 2000, it became apparent that ships and ports needed more protection, especially against unorthodox threats. But when 9/11 happened, a major sea change occurred: No longer could ports be defensive and laid back—they had to get proactive, and fast.

Two programs, the Maritime Transportation and Security Act (MTSA) and the International Ship and Facility Security (ISPS) Code, for international voyages, were put into law in 2002 and 2004, respectively.

The ISPS Code, introduced by the United Nations in conjunction with 108 countries, and the MTSA require vessels and port facilities to conduct regular vulnerability assessments and develop evolving security plans that include passenger-, vehicle- and baggagescreening procedures; security patrols; the establishment of restricted areas; initiation of personnel-identification procedures; access control measures and/or the installation of surveillance equipment. However, not all vessels and port facilities in the Unites States are affected by the MTSA regulations. Only those sectors considered to have a high risk of involvement in an incident are affected by this law.

Herman Gomez, a maritime security consultant and the former director of the Office of Training, Planning and Development of the Security/Police Division at the Port of Miami, said that the most important part of these codes is the requirement that each port create and maintain a thorough security plan, detailing everything that a port has, including how it is organized, how many people are dedicated to security, what kind of communications the officers use, what kind of training they give and how often it is done. Also mandated is maintaining a contingency plan in case of disaster.

“One problem with the security plan is that sometimes a port implements a new feature but it isn’t reflected in writing on the plan because of lack of time or sloppiness,” Gomez said.

These omissions could severely impact procedures during an incident. However, his major concern is that the codes require every major international seaport to secure its access control by water, and it is nearly impossible for all ports and marinas to have surveillance equipment or, at the very least, a patrol boat in the water.

“Major ports do this as required by the code,” Gomez said. “Some ports don’t have the money to comply with these regulations.”

The Port of Miami, one of the largest in the world, spent some $50 million to comply with security requirements for both the passenger and cargo areas. Smaller ports do what they can, but they remain the soft underbelly of the maritime security world.

Paving a Fast Lane for Access Control

The Transportation Worker Identification Credential, or the TWIC program, mandated that the DHS issue an ID card with biometrics to control access to secure areas of ports or on ships. Meant for Coast Guard-credentialed merchant mariners, port-facility employees, long shore workers, truck drivers and others requiring unescorted access to secure areas of maritime facilities and vessels regulated by MTSA, the Transportation Security Administration (TSA) had a preliminary deadline of six million maritime workers, all of whom were to have cards by 2004. It didn’t happen. As of April 14, 2014 the U.S. Coast Guard reported that total enrollment was 2.95 million with 1.99 million active cards. On them is the person’s name, the card’s expiration date, a digital photo and two fingerprints.

“The West Coast’s Long Shore Union won’t put their cards into the readers,” said Edward Madura, security chief of the Port of Everett, Wash. “They feel it’s an invasion of privacy.”

This seems a vacuous stance, since even smartphones use biometric fingerprints. Moreover, these same longshoremen could shut down commerce and leave a facility unable to move its goods.

Bureaucracy also bedevils port-security professionals.

“It took us a year to get the TSA to realize that sometimes TWIC cards are illegitimate,” Madura said. “They told us operators that we couldn’t take action on someone who tried to illegitimately use a valid TWIC. We can kick them off the facility, but we cannot call the police or take the card.”

What they can do is fine them $10,000 per person, per incident, but if that fraudulent user happened to have a malevolent goal, too bad—once a dirty bomb or some other sort of WMD has reached a port, it’s already too late.

The TWIC system has another major oversight problem—it does not tap into the national criminal database. So, if a card holder has a felony, is a drug dealer or simply had their driver’s license revoked, they would still be able to get a card.

“TWIC is a federal requirement, and it’s good, but some seaports require other types of ID in addition to the TWIC, and that is working better,” Gomez said.

It makes a lot of sense, especially because the AAPA has major concerns about which ports will or will not use the reader, the inflexibility of the risk analysis methodology and the lack of tailoring reader requirements for the individual circumstances of each port or facility.

A Fast Lane for Ca rgo that’s Running out of Money

Other major initiatives stemming from 9/11 are the Customs-Trade Partnership Against Terrorism (C-TPAT) and the Container Security Initiative (CSI), which are voluntary supply-chain security programs headed up by U.S. Customs and Border Protection (CBP). They focus on improving the security of the foreign ports and private sector’s supply chains vis-à-vis terrorism.

Companies that obtain a C-TPAT or a CSI certification must have a documented process for assessing and alleviating risks throughout their international supply chain. The plan allows companies to get quicker cargo processing and fewer Customs examinations.

Lack of funding is a major bugaboo of this program, but security managers know they need to have it in order to keep goods flowing.

“CBP is doing its job; there are Xray machines in most major seaports and smaller ones use two antennae with CBRNE sensors, which the cargo container passes through,” Gomez said. “Many are private ports, meaning the land belongs to the government and the port operation belongs to the private sector. They try to save money as much as they can, and some international ports are lagging behind.”

At this point, roughly 12 percent of all international cargo shipments are inspected in the United States. However, there are about 60 CSI-certified ports in Europe, Latin-America and Africa that are well-equipped, too, according to Gomez. These ports handle about 80 percent of the cargo entering the United States.

The CSI and C-TPAT programs are considered to be excellent, but, according to these experts and the AAPA, evidence collected by the DHS Office of Inspector General reveals that CBP and the Domestic Nuclear Detection Office don’t have any plans for the continuing maintenance, replacement or funding of these machines; nor do the ports feel they should pay for a program initiated by the federal government.

Upgrading Technologies

In the 10 years since the ISPS and MTSA codes have been in place, security at U.S seaports and aboard vessels has improved tremendously, and so has technology. Smaller ports are doing what they can to upgrade to the latest 360-degree surveillance technologies, and install radar and other sensors in terminals and around their perimeters. Cruise ships, too, are upgrading both onboard and in terminals.

Roughly 22 million people took a cruise last year. Cruise lines have separate laws from ports and according to Steve Donovan, Oncam Grandeye’s director of sales for the Americas, “A lot of the video guidelines were so subjective that the industry hasn’t implemented any video standards.”

Donovan is in charge of the Royal Caribbean work with Oncam Grandeye. He indicated that Royal Caribbean was a leader because they took a proactive approach to security by arming each of its 20 ships with more than 700 cameras.

“For years, cruise lines didn’t want to discuss video security,” said Donovan. “Now, they need to prove they are safe for customers, and they are upgrading to 360-degree technology, which saves them money because it requires fewer cameras and less storage space while giving them better visibility as to what is happening onboard.”

Ironically, the biggest concern for some ports is the cruise ships themselves, because when a floating city comes into port it opens up a whole new can of worms.

“Cruise ships bring security and operational concerns exponential to anything else in the marine industry,” Madura said.

That may be, but it also brings in a huge pot of gold to the ports and the cities they visit. According to Cruise Market Watch, the total worldwide cruise industry is estimated to be worth $37.1 billion, a 2.3 percent increase over 2013.

“Getting the cruise lines brings in more jobs for people onboard, in parking facilities and building new infrastructure,” Donovan said.

What are needed, though, are stronger security standards, a sentiment that is echoed throughout the entire maritime world.

This article originally appeared in the July 2014 issue of Security Today.

Featured

Featured Cybersecurity

Webinars

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3