Sets forth practices to ensure security and foster international trade
Written with an international perspective, this book analyzes the complex set of factors affecting the security of port and maritime operations, including shipping, politics, economics, crime, and terrorism. Author Michael Edgerton critiques current approaches to maritime and port security based on his more than twenty-five years of experience in the field. He not only points out vulnerabilities in today's practices, but also provides a set of proven and tested recommendations that recognize the role and interests of both government and the private sector in enhancing security while ensuring the flow of international trade. Readers may be surprised to learn that, with greater efficiency, they can actually improve security while reducing the cost of security at the same time.
Using real-world case studies to support its analyses and recommendations, A Practitioner's Guide to Effective Maritime and Port Security:
- Reviews the core components of the international maritime operating environment
- Assesses the potential threats to ports in the maritime environment
- Examines approaches to maritime port security in the United States, European Union, and around the world
- Presents principles for effective, risk-based maritime and port security
At the end of the book, two appendices provide a framework for conducting security risk assessments and threat assessments. There's also a third appendix to help organizations assess their "risk appetite."
Recommended for students and professionals responsible for the safety and security of ports and maritime trade, this book reframes port and maritime security as a key component of a multidisciplinary system in which secure and efficient trade is the objective.
Table of Contents
Introduction xiii
Foreword xvii
Part OneThe International Maritime Operating Environment
Chapter 1 Unique Characteristics of Ports and International Shipping 3
Introduction 3
The Multinational Nature of Shipping and Business Driversin Port Operations 6
Flag States 7
Vessel Registries 7
Types of Vessel Registries 8
Implications for Security 10
Third Country Owners 11
Implications for Security 11
Multinational Crews 13
Implications for Security 14
Port States 14
Regulatory Requirements 16
International Treaties and Codes 16
Oversight Mechanisms 18
Ship-Port Relationships 19
The Supply Chain 20
Just-in-Time Delivery 20
The Components of a Maritime Supply Chain 21
Regulatory Issues 22
Intermodal Links 24
Chapter 2 The Criticality of Ports: Why and How They Matter 27
Introduction 27
Geopolitical Considerations 27
Trade Routes 27
Trade Chokepoints 28
Sea Lines of Communication 30
Ports 33
Ports as Targets 34
Ports as Conduits 36
Cargo Theft 38
Smuggling 40
Ports as Borders 41
Intermodal Connections 42
Part TwoThreats to Ports and the Maritime Domain
Chapter 3 Threats 47
Introduction 47
Threats by States 49
State Actors 49
Conventional Military Attacks Against Ports 49
Conventional Attacks Against Supply Chains 51
Asymmetric Attacks 52
State Proxies 56
Proxy Tactics 57
Nonstate Actors 58
Terrorism 61
Criminal Activity 62
Piracy 67
Terrorism, State Actors, and Criminal Nexus 68
Part ThreeCurrent Approaches to Maritime and Port Security
Chapter 4 Approaches to Security Policy Development 73
Introduction 73
Political Considerations 73
Commercial Interests 74
Costs of Implementation 74
Increased Government Oversight 74
Potential Delays 75
Domestic Political Constituencies 76
Container Screening 77
Port Security Grants 79
Measuring the Effectiveness of Security Measures 81
Deterrence 81
Punishment 81
Denial 82
Consequence Management 84
Measurement of Activity vs. Effectiveness 87
Measurement of Activity 87
Resources Expended 87
Measurement of Criminal Activity 88
How to Measure Effectiveness 91
Why Don’t We Do This Already? 92
The Maritime Context of Assessing Deterrence 93
Lack of a Risk Approach 94
What is Risk? 95
Dynamic Risk 96
Pure Risk 96
Fundamental Risk 97
Particular Risk 97
Components of Security Risk 97
Threat 97
Vulnerability 98
Consequence 98
Risk Management 99
The Weaknesses of Current Risk Management Approaches 99
Lack of Understanding of Security Risk Components 100
Lack of a Process to Determine Risk Tolerances 100
Tendency Towards Risk Aversion or Avoidance 101
Focus on Risk Mitigation (Reduction) instead of
Risk Treatment 101
viii Contents
Lack of Recognition of Critical Nodes in the
Maritime Domain 101
Overquantifying Security Risk 102
Tendency to Use the Rubric of All-hazard Risk 104
A Propensity to Minimize the Element of Threat in Performing
Security Risk Assessments 104
Chapter 5 A Critique of Current Maritime Security Measuresand Approaches 107
Introduction 107
Regulations and Their Limits 108
The ISPS Code 109
Supply Chain Security 112
International Organization for Standardization 116
Lack of Recovery Planning for Key Maritime
Supply Chain Components 117
A Disjointed International Regulatory Environment 117
Overreliance on Technology 118
Maritime Domain Awareness (MDA) 118
The Fallacy of 100 Percent Container Screening 120
The 'Magic' of Closed Circuit TV (CCT V) 121
Failure to 'Fire for Effect' 122
The Staten Island Barge Explosion 122
Minimizing the Importance of Understanding Threat 123
Hurricane Katrina--the Wrong Lesson Learned 124
Assessing Threat is Hard 126
Why Understanding Threat Matters 126
Bomb in a Box? 127
Deconstructing the Threat 127
Biological and Chemical Agents 128
Radiological Material 128
The Nuclear Grail 128
The Risk Conundrum 129
The Consequences of not Understanding the Threat 130
Hitting the Bystander 130
Al Qaeda’s View of Saddam’s Iraq and Vice Versa 130
The Threat That Wasn’t 131
The Fallout 131
The Lack of a True Risk-Based Approach 131
Insufficient Focus on System Integrity 135
Transparency 135
Corruption 135
Implications for the Maritime Domain 135
The Impact of Corruption 136
Lack of Incentives for the Private Sector 137
Part FourPrinciples for Effective Maritime and Port Security
Chapter 6 Security as an Enabler 141
Introduction 141
Why is it Important for Security to be an Enabler? 142
Security as a Value-Add 142
A Culture of Security 142
Changing Security’s Image 143
Security a Key Organizational Component 143
Resilience 144
Why Resilience? 145
Risks of Ignoring Resiliency 145
Additional Risks 147
The Benefits of a Resilience Approach 147
Resilience and Maritime Security 149
Resilience Guidance 149
Integrating Security into Resilience 150
The Elements of Resilience 151
The Medical Comparison 155
Enabling Resilience 156
Chapter 7 Standards and Regulations 159
Introduction 159
Review of the ISPS Code 159
The ISPS Code 160
ISPS Code 2.0 161
Use ISO 28000 as the Foundation for a new ISPS Code 162
Considerations 164
Acceptance Issues 164
Implementation Issues 167
Other Implementation Considerations 171
Notional Contents and Structure of a New Code 173
The New Code 174
Chapter 8 Assessing and Managing Risk 177
Introduction 177
ISO 31000 178
Risk Terminology 180
Risk 180
Risk Management 180
Risk Assessment 180
Risk Analysis 180
Risk Appetite or Tolerance 180
Other Definitions 181
Threat 181
Hazards 181
Vulnerability 181
Likelihood 181
Consequence 181
Core Components of Risk 182
Establishing the Risk Management Context 182
Identify Risks 183
Analyze Risks 185
Evaluate Risks 186
Treat Risks 188
Making the Business Case for Risk Treatment 190
What is a Business Case? 192
Composition of the Business Case 192
The Business Case and Risk Treatment 193
Monitor and Review 194
Communicate and Consult 195
Maritime Considerations 197
Chapter 9 Measuring Effectiveness 199
Introduction 199
Measure Effectiveness, Not Security Activity 200
Measurement of Activity 201
Resources Expended 201
Measurement of Criminal Activity 201
Uniform Crime Reporting System 202
CompStat 202
The Black Swan Effect 202
Measuring Effectiveness 203
A Hybrid Solution 203
Ask the Enemy 204
Crunch the Numbers 207
Deterrence as the Primary Measure 207
Deterrence 208
Ensuring Integrity and Countering Corruption 209
Foster Continuous Improvement 210
Chapter 10 Conclusion 211
Appendices
Appendix A Conducting Security Risk Assessments 215
Introduction 215
Risk Assessment Steps 216
Establish the Risk Management Context 217
Identify Risks 217
Analyze Risks 218
Evaluate Risks 218
Conducting Risk Assessments 219
Assessment Team Composition 219
All Assessors 219
Lead Assessor 219
Assessment Team Members 220
Facility Risk Assessment Process 220
Facility Risk Assessment Preparation 221
Written Notification to Facility Operators 221
Planning Assessment Activity 222
Facility Risk Assessment Administration and Logistics 223
Facility Risk Assessment Activity 223
Document Reviews 224
Formal and Informal Interviews 224
Observations 224
Assessment Opening and Closing Meetings 224
Opening Meeting 224
Closing Meeting 225
Facility Assessment Reporting 225
Assessing Vulnerability 225
Assessing Consequence 227
Developing a Risk Rating 227
Appendix B Conducting Threat Assessments 231
Introduction 231
Consistency with ISO 31000 232
Threat Identification 233
Identify the Range of Potential Threat Actors 234
Identify an Extensive List of Threat Actor Characteristics 234
Identify Sources of Threat-Related Information 234
Analyze and Organize Threat-Related Information 238
Threat Evaluation 238
Threat Actors and Scenarios 241
Develop The Design Basis Threat 241
Appendix C Tips for Assessing Risk Appetite 259
Introduction 259
Defining Risk Appetite 259
Risk Appetite and ISO 31000 260
Assessing Risk Appetite 260
Helping a Client Determine Risk Appetite 261
Pairwise Exercise 262
Risk Appetite and Risk Treatment 263
Index 269