Port, vessel operators need to meet challenges of complying with ISPS, other regulations
- By John Diedam
- May 21, 2008
The maritime industry is clearly one of the most
powerful drivers of international commerce and
economic vitality in the world. The statistics are
astounding, including a worldwide fleet of nearly 11
million marine containers, a transportation cargo unit
that can hold up to 500 computer monitors.
The European Union, which is the main trading partner
for two-thirds of the world, exports and imports more
than EUR 1,000 billion a year. The global ocean-liner
shipping industry owns approximately $155 billion in
vessels, containers, marine terminals and other direct
operating assets in service around the world. Almost 16
million Americans work in port-related jobs, producing
$210 billion in federal, state and local taxes annually.
A Global Shift
Security in the maritime industry has seen major
changes since Sept. 11, 2001. Two months after 9/11, the
International Maritime Organization agreed to develop
new measures for enhancing the security and safety of
ships and ports. By December 2002, the IMO had
defined and ratified its comprehensive approach as the
International Code for the Security of Ships and of Port
The ISPS code’s primary objective is to establish a
framework for IMO’s contracting governments to cooperate
in taking preventive measures against security and
safety threats that could affect the maritime industry.
ISPS also outlines a methodology for ports and vessel
operators to assess their levels of security risk and
describes mandates they must fulfill to comply. As
required by ISPS, contracting IMO governments have
begun to pass legislation that mirrors the new code’s
requirements and compliance deadlines.
In the United States, the Coast Guard, working with
government agencies such as the Department of
Homeland Security, is responsible for monitoring compliance
at ports and on vessels.
The ISPS Requirements
ISPS requires companies and agencies involved in maritime
trade implement an unprecedented range of security
and safety measures. For many port and vessel
operators, the process of installing security systems
that comply with the new requirements will continue to
be a daunting task. Three of the industry concerns are
The high cost of compliance. Although contracting
governments are obligated to help fund the costs of
added security in their countries, the financial burden of
installing new equipment, training people and managing
new security systems ultimately rests with port and vessel
operators. For many operators, the question of how
they will fund the high costs of compliance is the single
biggest concern they have with the legal requirements.
Best efforts may not be not good enough. Never
before have port and vessel operators been required to
comprehensively assess security needs and implement a
plan for reliably reducing security and safety risks. For
these operators, the process of outlining and implementing
an effective plan that both meets regulatory requirements
and stays within the limits of their operational
cost structure may be a challenge they are unable to fulfill,
despite their best efforts.
Minimal compliance. It is likely that many ports and
vessels will try their luck, waiting to see what actions
enforcement agencies take with others who are noncompliant
before deciding to make a full commitment to
security and safety. While some may slip through the
cracks for a time, most who fail to comply face stiff
fines and lost business opportunities from boycotts by
other ships and ports.
The face of security and safety at ports has changed little
during the last century. Almost all conventional security
and safety systems available continue to be built
around the same four fundamental characteristics that
such systems have shared for decades.
Typically, these characteristics result in systems that
are unreliable at promoting security and safety and are
difficult and costly for the average business and government
agency to implement and manage. These four characteristics
of conventional security are the following:
Security-specific. Most conventional security and
safety systems work in a vacuum, separate from other
business processes. These systems in no way enhance
business productivity or otherwise assist managers.
Paper-based. Conventional security systems typically
rely on paper forms of ID, such as driver’s licenses and
Social Security cards, to verify the identity of people
seeking access to secure areas of a facility. Paper forms of
ID—which colleagues can share and criminals can steal
or forge—are inherently unreliable. The process of
screening paper-based IDs typically requires recording
data by writing it down or making photocopies—a timeconsuming
process that risks infringing on privacy rights.
People-driven. In order to screen paper forms of ID
and track the movement of individuals throughout a
facility, an organization needs security personnel.
Security personnel are often difficult to train, costly to
hire and undependable.
Point-oriented. Conventional security systems are
designed to secure specific points or areas of concern at
a facility. Specific points include cargo, entrances to a
vessel and equipment. Because conventional approaches
focus on specific points, one facility may have several
disparate security systems serviced by different vendors.
For instance, a CCTV system installed by one vendor
for monitoring cargo may work independently of an
access-control system installed by another vendor for
granting access to truckers who transport cargo. A facility
that relies on point-based solutions is inefficient,
poorly accommodates change in security needs and can quickly become unmanageable.
For certain applications, conventional
security systems that use decentralized
paper- and people-based systems may be
an effective, if not optimal, approach for
promoting reliable security and business
efficiency. The manager of a small corporate
office with a couple dozen employees
and a handful of daily visitors may
determine that hiring a security guard or
two to screen building badges suffices for
the company’s security needs.
Managing People, Openings
In the complex world of maritime trade, a
system of security that relies on paper and
people to track, manage and monitor vulnerable
assets is both inefficient and undependable.
Instead, ports need to integrate
the security and safety requirements for
every element and activity that takes
place at a facility. These elements and
activities may be categorized as people,
openings and assets.
For instance, a ship’s openings include
the engine control room, electrical control/
equipment room, cargo storage area,
bridge and steering gear room. A port’s
people include longshoremen, crew,
administrators, maintenance workers and
truck drivers. Assets for both a port and
vessel may include the vessels, equipment,
vehicles, containers and cargo.
Ports need to link people, openings
and assets through a connected IT infrastructure
based on an expandable, open
architecture. Data is generated through
the power of electronics—access cards
with electronic codes or biometric identifiers
replacing paper IDs and significantly
reducing the number of security
personnel required for screening.
By using an open architecture, a port’s
system will easily accommodate the addition
of new security applications—for
example, a remote-monitoring system—
as modules to a shared database.
A Better Mousetrap
The result is a highly reliable system that
coordinates remote monitoring, access
control, time and attendance, CCTV surveillance,
and other technologies and
processes designed to secure a facility. As
a result, a typical port and vessel could
enhance security and safety while promoting
efficiencies. The following are
some key applications to consider:
Track crew at ports of call. Under
ISPS, vessels must maintain and manage
records showing the last five ports each
crew member visited. While a conventional
security system using paper-based
tracking systems would be hard-pressed
to fulfill this challenge, ports can leverage
time and attendance with access control
technologies to easily generate the
Verify truckers. Likewise, ports need
to screen truckers. By using biometric
readers with smart-card chips, the two
largest ports in Europe—Rotterdam, The
Netherlands, and Antwerp, Belgium—
have implemented a fast method of identifying
drivers, avoiding costly transport
delays and ensuring the highest security.
The hand geometry template has only
nine digits, leaving plenty of room on the
smart-card chip for additional information.
At the entrance, drivers identify
themselves by using their cards with the
hand geometry reader. Scan information
of the left hand is compared with the template
information on the smart card. The
drivers repeat the process upon leaving.
The biometrically enhanced smartcard
system ensures that information cannot
be manipulated or changed. Drivers
do not have to remember specific information
such as a PIN, the smart card cannot
be transferred to other people and
mistakes such as typing in incorrect ID
numbers are impossible.
Automated response to different
security levels. If an emergency or threat
to security arises, the port’s system should
be able to quickly adopt different levels of
access control, such as might be defined
according to different MARSEC levels,
for authorized and unauthorized people.
For instance, in an emergency that
requires people to exit a vessel quickly, all
major exits would open rapidly and automatically.
For another threat, the system
may close certain exits or allow only people
with specific authorization to pass.
Minimize costs for damage claims.
Many port managers contend that their
facilities are responsible for no more than
one-third of the total cost they pay annually
to settle claims for damaged containers.
But they traditionally have not had a
mechanism for proving their innocence.
By facilitating the generation of easy-tonavigate
reports and video clips that show
at what time and location a container was
harmed, the security system could minimize
costs from unfair claims.
Identification cards. The IMO has
called upon contracting governments to
issue seafarer ID cards that can be used to
verify someone to all personnel in the maritime
transportation industry. In similar
fashion, the United States is finalizing
plans for a prototype phase of the
Transportation Worker Identification
Credential, an electronic smart card that
contains coded information, such as biometric
identifiers and bar codes, for 15
million U.S. transportation workers.
The Time to Act is Now
Conventional security and safety
approaches are inadequate for the unique
demands of a maritime environment. Port
and vessel operators need to meet the
challenges of complying with ISPS and
other regulations. By creating an overall
plan with an integrated, open architecture
solution, port security systems can act as
a foundation for accommodating a growing
body of legislation and the industry’s
increasing reliance on technology. Such
an approach will help operators save
costs now and in the future while ensuring
that a port’s people, openings and
assets are secure.