Peregrine Storrs-Fox Risk Management Director, TT Club
One of the key references in the context of security for port operators is the International Ship and Port Facility Security (ISPS) Code, a supplement to the Safety of Life at Sea (SOLAS) Convention considering maritime security, setting minimum security arrangements for ships, ports and government agencies.
Dating back to 2004, the ISPS Code ascribes responsibilities to a variety of stakeholders including port personnel, related to detecting threats and taking preventive measures affecting ships or port facilities used in international trade. The code also specifies the appointment of a Port Facility Security Officer (PFSO), responsible for the development and maintenance of a Port Facility Security Plan (PFSP).
Barrier fundamentals
Physical security will be a primary consideration. Getting the simple things right, such as perimeter fencing is fundamental. Beyond that will need to be proportionate to the risks assessed, inevitably influenced by volumes, throughput, the type of cargo being handled, the layout of the terminal and the technology available. There is an array of options and combinations to consider for perimeter fences; some designs may be more secure than others. It is recommended that palisade style fencing, for instance, be avoided as it may be more easily manipulated, allowing access. A mesh style of fencing is generally thought to offer greater levels of security. The height of the perimeter fence is another critical factor, influenced by the local topography. A minimum 2.4 metre height is recommended to deter bad actors from scaling or being able to pass items over. Higher fences or topping with electric fencing or razor wire for added security may need to be considered.
Accessibility
Controlling access is a necessary starting point; strict access controls will assist in managing the flow of people, legitimate and otherwise to the facility, together with reducing the number of physical entry and exit points to the minimum necessary. Alongside this, consider how such areas will be monitored and managed. This includes the extent to which security personnel will be deployed, introduction of physical barriers, and what logs will be kept and for how long. There will typically be a large number of restricted areas, buildings and rooms within a facility, where locks are utilised to prevent unauthorised access. Regardless of who may have them, robust processes are necessary to ensure that keys are returned and controlled, with timely intervention protocols. Key control and operational efficiencies may be significantly improved by the implementation of electromechanical key systems; these remove the risk of lost or stolen keys and security compromises, while providing valuable user data for management and control. Central programming ensures efficient and speedy modification of access permissions. Further smart and high security locks may be appropriate.
Line of sight
The deployment of cameras can add to security provisions and can have multiple benefits. Sophisticated camera systems monitoring the entry gate can serve not only to record access, but also capture the condition of the vehicle, container, chassis and cargo. All such records might prove invaluable evidence in the event of any dispute. Cameras can also be linked to the Terminal Operator System (TOS) and, using Optical Character Recognition (OCR) technology, can drive the development of operational efficiencies, identifying and locating individual containers.
Automatic Number Plate Recognition (ANPR) cameras can identify expected site visitors, providing both security and efficiency, potentially controlling the release of vehicles and containers with a binary “release, don’t release” prerogative. Visual analytics software can provide unrivalled insight, including managing the movement of visitors, restricting and controlling the areas of the facility that they are able to access. Additionally, if linked to the relevant authority and national databases, this could serve to identify bad actors and vehicles operating on false registration plates, often used to facilitate theft of cargo.
Thermal cameras are now being used for both security and fire detection. These may eliminate the need for continuous monitoring of cameras by alerting security personnel at the point of detection due to a fire or a person. CCTV cameras and software can also provide a deterrent to bad actors. However, take care to ensure that the procured system is fit for purpose, well maintained and that operators are trained to use the equipment proficiently. And don’t forget simple housekeeping – overgrown foliage or litter can trigger unwelcome false alarms.
Interfaces and insider risk
Some facilities might fall under the jurisdiction of the port police; regardless, working closely with local law enforcement will be vitally important. While operation specific security measures should always be implemented, interacting with port police or other local law enforcement agencies will be beneficial in ‘layering’ protections.
Technology can provide advanced levels of security. Drones are a recent addition to the security managers’ armoury – these may provide remote and autonomous surveillance, supplementing existing people and processes. Capable of deploying either to a set time period, randomly or in reaction to an alarm, security drones can capture valuable footage – and operating at height provides a barrier for intervention.
Technologies are likely to overcome the human, moral hazard. This can be further enhanced, for example with forensic coding security solutions – gels, sprays and liquids can be an effective deterrent, remaining on clothing and skin for prolonged periods, and thus increasing the risk of apprehension. This may be during questioning in relation to unconnected crimes, since those involved in criminal activity in and around ports will typically be involved in other crime.
Insider risk is prevalent within TT’s claims experience; information is the lifeblood of criminal activity and can be sourced from within an operation. This may be access codes, the location of a particular container or details of security provisions on site. Information security is a critical. Carry out a risk assessment of the information that your operation collects, stores and shares.
Recognise the value of that information in the wrong hands and consider thoroughly who has access and why, balancing access restrictions with operational efficiency. Prevent workstation sharing or sharing of passwords. The terminal operating system (TOS) is pivotal in the management of the container terminal. Protecting this key infrastructure is critical to maintain operational integrity and avoid business disruption.
Advanced technologies and cyber crime
The use of automation and innovative technologies including Artificial Intelligence (AI), Big Data, Internet of Things (IoT) and blockchain to improve port and terminal operational performance is becoming more commonplace. Although the industry is often regarded as conservative and resistant to change, this image is fast-changing. However, together with opportunity to improve efficiency come new risks in terms of cyber security, such as through an increase in the potential access points to the valuable data that is being collected through IoT technology.
These issues force increased focus and resource into the development of measures to secure the data and prevent unauthorised access. Cyber criminals often exploit the ‘people factor’ through the use of common hacking tool kits readily available in the public domain. Consequently, an ongoing mandatory awareness programme should be implemented for the workforce to explain the risk from cyber security events and set up preventive measures.
It is important to establish an appropriate cyber security incident response team along with an assigned contact point. Further to this, it should be recognised that many elements of operations are likely to be outsourced to third-party vendors; it remains the responsibility of the company to ensure sufficient due diligence has been taken to avoid a cyber incident resulting from the action or inaction of third parties. For example, ensuring information security management standards such as ISO 27001 are complied with by the third party can reduce the risk substantially.
To tackle cyber security incidents in an effective and consistent manner, it is essential to develop an appropriate strategic approach and a formal cyber security incident response process. The sheer volume of cargo moving through ports and onto their final destinations is staggering and is likely to grow with the predicted increase in global population. Unfortunately, this makes it a target for criminal exploitation, through the trade in illicit commodities and theft of cargo, to name a few.
Therefore, the adoption of ‘smart’ technologies such as IoT and blockchain within ports has the ability to increase the ‘visibility’ of the cargo throughout the supply chain. This increased visibility not only has the potential to improve efficiency, it can also improve security through transparency of the entire process. Increasing the transparency of the cargo flow, providing real-time information can reduce the opportunity time-window for criminal activity. Likewise, the digital fingerprint that is left through the use of blockchain, provides a smaller hiding place for criminals operating in the margins of our industry.
For further information, please visit: www.ttclub.com