Port Security in EU: a Systemic ApproachGuide Words: Port security, homeland security, border security, ISPS, regulations, directives.Abstract:In responseto the tragic events of September 112001 and the growing concern for thesecurity of ships and ports, the International Maritime Organization set up new security regulationsimplementedintheInternational ShipandPortfacilitySecuritycodeasanamendmenttotheSafetyof Life at Sea convention on minimum security arrangements for ships and port facilities. It has beentransposed to the Community legal framework by the Regulation 725/2004, successively, extendedintothewholeportarea bytheDirective2005/65/CE.Ports constitutecrucial intermodal nodes inthefreightand passengertransportnetworkas well as important bordercontrol points.Theirsecurityistherefore of paramount importance not only because of their critical transport functions but alsobecause of their specific role, as control points, in the regional, national and European security. Indeed,port security is a cornerstone for the implementation of the new international maritime transportsecurity regime in what regards the protection of port users and public as well as the protection of themaritime vessels. The aim of the present paper is to analyses the problem, highlight the issues faced ina systematic way and provide a systemic framework towards a better port security without penalizingexcessively the trade or the port related activities.To this end::A basic taxonomy concerning ports, port facilities and security is established,. The main requirements from the EU and international regulations are highlighted..The port facility security, basic functional block for the port security, is analyzed and its mainparametersarederived..The current situation of EU port facilities is highlighted and some conclusions on the short termpriorities and the way ahead are drawn.I.INTRODUCTIONThe December 2002 amendments by IMO (International Maritime Organization) of the SOLAS(Safety of Life at Sea) convention and the ISPS (International Ship and Port facility Security) codeconstitute the new international security regime for ships, ports and port facilities, transposed to theCommunity legal framework by the Regulation 725/2004, successively, extended into the whole portarea by theDirective2005/65/CE.The aim of port security is to prevent any intentional unlawful acts that can threaten citizenssafety (workers, passengers or crew) and affect economy (e.g., property damage, loss of revenue, tradedisruption).It aims at a reasonable protection of the EU citizens interacting without penalizing
Port Security in EU: a Systemic Approach Guide Words:Port security, homeland security, border security, ISPS, regulations, directives. Abstract:In response to the tragic events of September 11 2001 and the growing concern for the security of ships and ports, the International Maritime Organization set up new security regulations implemented in the International Ship and Port facility Security code as an amendment to the Safety of Life at Sea convention on minimum security arrangements for ships and port facilities. It has been transposed to the Community legal framework by the Regulation 725/2004, successively, extended into the whole port area by the Directive2005/65/CE. Ports constitute crucial intermodal nodes in the freight and passenger transport network as well as important border control points. Their security is therefore of paramount importance not only because of their critical transport functions but also because of their specific role, as control points, in the regional, national and European security. Indeed, port security is a cornerstone for the implementation of the new international maritime transport security regime in what regards the protection of port users and public as well as the protection of the maritime vessels. The aim of the present paper is to analyses the problem, highlight the issues faced in a systematic way and provide a systemic framework towards a better port security without penalizing excessively the trade or the port related activities. To this end: • A basic taxonomy concerning ports, port facilities and security is established, • The main requirements from the EU and international regulations are highlighted. • The port facility security, basic functional block for the port security, is analyzed and its main parameters are derived. • The current situation of EU port facilities is highlighted and some conclusions on the short term priorities and the way ahead are drawn. I. INTRODUCTION The December 2002 amendments by IMO (International Maritime Organization) of the SOLAS (Safety of Life at Sea) convention and the ISPS (International Ship and Port facility Security) code constitute the new international security regime for ships, ports and port facilities, transposed to the Community legal framework by the Regulation 725/2004, successively, extended into the whole port area by the Directive 2005/65/CE. The aim of port security is to prevent any intentional unlawful acts that can threaten citizens’ safety (workers, passengers or crew) and affect economy (e.g., property damage, loss of revenue, trade disruption). It aims at a reasonable protection of the EU citizens interacting without penalizing
excessively the trade or generating competition between the EU ports. In order to achieve thisambitious goal, the European Commission services, themember state national and port authorities aswell as the private operators have undertaken a considerable effort for the efficient implementation ofthe above mentioned regulations and their eventual complement through minimum standards.guidelinesorbestpractices.Ports are extremely varied (in terms of functions, geography,accessibility,location etc.)involving a multitude of actors (passengers, operators, authorities, crews, port workers and public) anda complex context of large installations, facilities and vessels. Ports are critical nodes in highlyspecialized complex economic inter-modal subsystems that move people, goods and cargo around theworld but, in parallel, are important border control points. Ports are also shelter for maritime vesselsof allkinds and, in many cases,recreational areasfor large populations.Acomprehensive port securityframework should consider all these aspects; it should integrate with the transport chain security, thesecurity at corporate local, regional and national level, extending well ashore and quite far out to thesea.The aim of the present report is to highlight in a systematic way the current issues related to thesecurity of EU ports and give an insight as to the technologies that are best suited to secure EU ports,increasing rather than compromising their efficiency. This report is based on the work undertaken bythe JRC in direct support of DG TREN in the frame of TAPS and TAPS-2 studies on the technicalaspects of port facility security and the port area and sea-side security,including the results from asurvey on the security equipment and infrastructure at the Member States'port facilities.IIL.DEFDINITIONS&CONCEPTSA.Ports&PortFacilitiesPorts are very complex and diverse entities and can be classified according to numerousparameters (freight type, importance, location, land & sea access, administration etc.).However, intheir extreme diversity, ports have some fundamentally common functional characteristics. Their mainfunction is to move freight (and passengers) across the sea to land interface. Thus ports can be seen asintermodal points of convergence between two domains: the sea and the land. A port is a maritime butalso a land terminal, where inland traffic originates or ends. Besides being intermodal nodes, portshave a second fundamental function: that of servicing the maritime vessels (ie. provide a refuge,provide supplies, servicing and maintenance, receive the ship wastes, etc.). In most cases, these twofunctionalities co-exist.Where the intermodal functionality prevails then we speak about commercialports, classified according to the nature of cargo / passengers handled (like container, cruise, ferry,petrochemical, gas, bulk). Otherwise, we speak about servicing ports, classified according to theprevailing service offered (like marinas, yards, fishing ports, naval etc.)
excessively the trade or generating competition between the EU ports. In order to achieve this ambitious goal, the European Commission services, the member state national and port authorities as well as the private operators have undertaken a considerable effort for the efficient implementation of the above mentioned regulations and their eventual complement through minimum standards, guidelines or best practices. Ports are extremely varied (in terms of functions, geography, accessibility, location etc.), involving a multitude of actors (passengers, operators, authorities, crews, port workers and public) and a complex context of large installations, facilities and vessels. Ports are critical nodes in highly specialized complex economic inter-modal subsystems that move people, goods and cargo around the world but, in parallel, are important border control points. Ports are also shelter for maritime vessels of all kinds and, in many cases, recreational areas for large populations. A comprehensive port security framework should consider all these aspects; it should integrate with the transport chain security, the security at corporate local, regional and national level, extending well ashore and quite far out to the sea. The aim of the present report is to highlight in a systematic way the current issues related to the security of EU ports and give an insight as to the technologies that are best suited to secure EU ports, increasing rather than compromising their efficiency. This report is based on the work undertaken by the JRC in direct support of DG TREN in the frame of TAPS and TAPS-2 studies on the technical aspects of port facility security and the port area and sea-side security, including the results from a survey on the security equipment and infrastructure at the Member States’ port facilities. II. DEFDINITIONS & CONCEPTS A. Ports & Port Facilities Ports are very complex and diverse entities and can be classified according to numerous parameters (freight type, importance, location, land & sea access, administration etc.). However, in their extreme diversity, ports have some fundamentally common functional characteristics. Their main function is to move freight (and passengers) across the sea to land interface. Thus ports can be seen as intermodal points of convergence between two domains: the sea and the land. A port is a maritime but also a land terminal, where inland traffic originates or ends. Besides being intermodal nodes, ports have a second fundamental function: that of servicing the maritime vessels (i.e. provide a refuge, provide supplies, servicing and maintenance, receive the ship wastes, etc.). In most cases, these two functionalities co-exist. Where the intermodal functionality prevails then we speak about commercial ports, classified according to the nature of cargo / passengers handled (like container, cruise, ferry, petrochemical, gas, bulk). Otherwise, we speak about servicing ports, classified according to the prevailing service offered (like marinas, yards, fishing ports, naval etc.)
Commercial PortShip servicingTrans-shipmentSeaLandWasteSupplydomaindomainRepair&CrewInlandRallmaintenancewatersPipeRoadlinesVesselapproachLoading&AdministrationunloadingMooringInfrastructureLogisticsSupportLoading&Storage&unloadingwarehousingoperationsVesselleavingFig.1Functional breakdown ofageneric commercial portBeing transport network convergence nodes, commercial ports also constitute,de-facto, importantborder control points in the flux of people and cargo. Ports, due to their nature and their extent, alsoconstitute borders that, much like land borders, require surveillance so that the flux of persons orgoods is channeled exclusively through the designated accesses (i.e. terminals). Ports, besides theabove cited functions, have a range of secondary, yet important functions related to their host cities,thelocal andthewidercommunities.They canbebroadlyclassifiedasof private(likeprofessional orindustrial activities, property etc.) or of public nature (like leisure, transport, restaurants, sports). Upuntil the September 11 2001 events, security has not been among the major criteria or constraints inthe development of any of the port subsystems, which have been driven mainly by economicefficiency. Building port security retroactively is not a simple matter at all as it requires systemicintervention in all systems within and around the port, taking carefully into account all the abovestated functionalities.Port facilities (or terminals) are the elementary blocks, starting point on which port securitymeasures are built. It is important to distinguish between port facilities and ports: Port facility: alocation where the ship/port interface takes place; this includes areas such as anchorages, awaiting
Fig. 1 Functional breakdown of a generic commercial port Being transport network convergence nodes, commercial ports also constitute, de-facto, important border control points in the flux of people and cargo. Ports, due to their nature and their extent, also constitute borders that, much like land borders, require surveillance so that the flux of persons or goods is channeled exclusively through the designated accesses (i.e. terminals). Ports, besides the above cited functions, have a range of secondary, yet important functions related to their host cities, the local and the wider communities. They can be broadly classified as of private (like professional or industrial activities, property etc.) or of public nature (like leisure, transport, restaurants, sports). Up until the September 11 2001 events, security has not been among the major criteria or constraints in the development of any of the port subsystems, which have been driven mainly by economic efficiency. Building port security retroactively is not a simple matter at all as it requires systemic intervention in all systems within and around the port, taking carefully into account all the above stated functionalities. Port facilities (or terminals) are the elementary blocks, starting point on which port security measures are built. It is important to distinguish between port facilities and ports: Port facility: a location where the ship/port interface takes place; this includes areas such as anchorages, awaiting
berths and approaches from seaward, as appropriate, [Regulation (EC) No 725/2004];Port: a specified area of land and water, with boundaries defined by the Member State in whichthe port is situated, containing works and equipment designed to facilitate commercial maritimetransport operations,[Directive 2005/65/EC]Hence, the term port will indicate the area encompassing a number of port facilities plus otherpublic or private installations, infrastructure, spaces, sea access etc.The term port facility, unlessotherwise stated, will indicate a commercial port facility i.e. one of the following terminal types:.Containerterminals. Cruise terminals, servicing passengers· RO-RO3ferry terminals, servicing passengers, commuters and vehiclesLiquid bulk terminals, usually handling petrochemicals.Gas terminals, usually handling LNG or LPG4. Dry bulk terminals, handling grain, coal, metals etc.·Multi-modal terminalsB.The notions of Safety&SecurityThere is considerable confusion as to the meaning and sense of the words safety and securityespecially as these notions are quite close to each other and they are used in a highly varied context. Inmany languages there only exists one word for both terms. Usually, security is perceived as ensuringsafety against intentional threats (crime, terrorism, external threat etc.) while safety encompasses allnon-intentional threats/hazards. Hereon, the following definitions will be used: Safety: the state ofbeing free of risk or danger (natural or man-made, accidental or intentional). When used as anattribute,it encompasses all measures, actions or systems aiming at ensuring the state of safetySecurity: the set of means / actions through which safety is ensured, in particular against intentionalthreats. It encompasses all measures, actions or systems aiming at preventing intentional threats fromcompromising safety
berths and approaches from seaward, as appropriate, [Regulation (EC) No 725/2004]; Port: a specified area of land and water, with boundaries defined by the Member State in which the port is situated, containing works and equipment designed to facilitate commercial maritime transport operations, [Directive 2005/65/EC] Hence, the term port will indicate the area encompassing a number of port facilities plus other public or private installations, infrastructure, spaces, sea access etc. The term port facility, unless otherwise stated, will indicate a commercial port facility i.e. one of the following terminal types: • Container terminals • Cruise terminals, servicing passengers • RO-RO3ferry terminals, servicing passengers, commuters and vehicles • Liquid bulk terminals, usually handling petrochemicals • Gas terminals, usually handling LNG or LPG4 • Dry bulk terminals, handling grain, coal, metals etc. • Multi-modal terminals B. The notions of Safety &Security There is considerable confusion as to the meaning and sense of the words safety and security, especially as these notions are quite close to each other and they are used in a highly varied context. In many languages there only exists one word for both terms. Usually, security is perceived as ensuring safety against intentional threats (crime, terrorism, external threat etc.) while safety encompasses all non-intentional threats/hazards. Hereon, the following definitions will be used: Safety: the state of being free of risk or danger (natural or man-made, accidental or intentional). When used as an attribute, it encompasses all measures, actions or systems aiming at ensuring the state of safety. Security: the set of means / actions through which safety is ensured, in particular against intentional threats. It encompasses all measures, actions or systems aiming at preventing intentional threats from compromising safety
NaturalIndustrialhazardhazardWeaponsInfrastructureMediaEnvironmentHumanetcerrormeansWeaponsHealthEnvironmerInfrastructureMediaLifeCivil rightsEnvironmentHumanetcintentionCitizenSecuritythreatSecuritythreatSecurityincidentSafetyproblemFig.2Citizencenterriskmodel:citizensperceiveasthreatAnything that risks compromising any of their values. Manmade threats of nature are securitythreats. Any person perceives as threat anything that can compromise one or more of his personalvalues.Aprioritized set of common values across a society constitutes a social scale ofvalues,usuallycoded in legislation or embedded in collective practices, consciousness, habits etc. Safety / security ofthe citizenreferto threats/hazardsagainst one ormore items of a social scaleof values.Securitythreatsimplytheexistenceofoneormorepersonswhointendtocompromiseoneormoreaspectsofthe citizenssafety, possibly using certain means (like weapons, infrastructure, the media, theenvironment, specialized knowledge/ability etc.).The intending human actor plus the necessarymeansfor the execution of the threat constitute the security threat.Security aims at preventing (orminimizing the probability) that a security threat materializes into a security incident. Once a securityincident has happened it becomes a safety concern.Consequently,any actions or measures dealingwith the consequences of a security incident (i.e. crisis management, mitigation etc.) should not beclassified under the term security. Strictly speaking, security should comprise only work aiming atidentifying potential threats and preventing them from materializing.These notions are depictedgraphically in Figure 1 above.It is very important to consider also the dynamics of security: a security system can be seen as thecontrol function of a system trying to minimize the effects of a security threat (perturbation),following the simple dynamic control model depicted in Figure 3. In such a model, the system's
Fig. 2 Citizen center risk model: citizens perceive as threat Anything that risks compromising any of their values. Manmade threats of nature are security threats. Any person perceives as threat anything that can compromise one or more of his personal values. A prioritized set of common values across a society constitutes a social scale of values, usually coded in legislation or embedded in collective practices, consciousness, habits etc. Safety / security of the citizen refer to threats / hazards against one or more items of a social scale of values. Security threats imply the existence of one or more persons who intend to compromise one or more aspects of the citizens’ safety, possibly using certain means (like weapons, infrastructure, the media, the environment, specialized knowledge/ability etc.). The intending human actor plus the necessary means for the execution of the threat constitute the security threat. Security aims at preventing (or minimizing the probability) that a security threat materializes into a security incident. Once a security incident has happened it becomes a safety concern. Consequently, any actions or measures dealing with the consequences of a security incident (i.e. crisis management, mitigation etc.) should not be classified under the term security. Strictly speaking, security should comprise only work aiming at identifying potential threats and preventing them from materializing. These notions are depicted graphically in Figure 1 above. It is very important to consider also the dynamics of security: a security system can be seen as the control function of a system trying to minimize the effects of a security threat (perturbation), following the simple dynamic control model depicted in Figure 3. In such a model, the system’s
security has the role of the control function. Anticipating a certain threat, the system takes preventivemeasures so as to minimize its consequences.Such a scheme is generally stable in case ofperturbations that are independent of the control, like in the case of natural or industrial hazards. Onthe contrary, in the case of security, the threat seeks to maximize its effects and counter any securitymeasures taken. This is, by definition, an unstable system. Modelling of such complex non-linearsystems cannot yield any reliable quantitative results. Instability is, in general, characterized by moreand more frequent, high-consequence, unpredictable events.IncidentThreatOutputPerturbatiorTargetSecuritymeasuresControlSecuritysystemFig. 3 The security system tries to counter a threat (manifested, anticipated or perceived) based on the criterion ofminimization of its effectsTodate,securityisprimarilyensuredbydeterrence.However,inthemoderncontextofthesocalled emerging threats, the importance of deterrence is relative. On top of the existing criminal andantifraud framework,preventivemeasures areneeded.Suchmeasures usually aim at the segregationof potential threatening actors and their means of execution from their assumed targets through accesscontrol and screening activities. Presumed intentions cannot, at least in our society, justify any actionor denial of access or service and this poses formidable regulatory, technical and procedural problems.Most practical security assessment methodologies start from identifying the assets to protectproceed to identify some possible threats or attack scenarios and, finally, evaluate the vulnerability ofthe asset to a given threat and the consequences if it materializes. While there have been severalproposals on more or less rigorous security risk assessment methodologies, often transposingtechniquesand methodsfromthe industrial risks,theyareall areasgood as the empirical predictionsontheprobabilitiesforoneoranotherattackscenarioIIL.PORT SECURITYA.Legal frameworkandpracticesIn response to the tragic events of 11thSeptember 2001 and the growing concern for the security,the International Maritime Organization (IMO) agreed to define and implement a new security regimeof maritime transport the cornerstone of which is the International Ship and Port facility Security(ISPS) code operative since 2004. The ISPS code constitutes an amendment to the Safety of Life atSea (SOLAS) convention on minimum security arrangements for ships and port facilities. Itestablishes international cooperation to take preventative measures against any threats to people safetyinfrastructures, and trade. It has been transposed to the Community legal framework by the Regulation
security has the role of the control function. Anticipating a certain threat, the system takes preventive measures so as to minimize its consequences. Such a scheme is generally stable in case of perturbations that are independent of the control, like in the case of natural or industrial hazards. On the contrary, in the case of security, the threat seeks to maximize its effects and counter any security measures taken. This is, by definition, an unstable system. Modelling of such complex non-linear systems cannot yield any reliable quantitative results. Instability is, in general, characterized by more and more frequent, high-consequence, unpredictable events. Fig. 3 The security system tries to counter a threat (manifested, anticipated or perceived) based on the criterion of minimization of its effects To date, security is primarily ensured by deterrence. However, in the modern context of the so called emerging threats, the importance of deterrence is relative. On top of the existing criminal and antifraud framework, preventive measures are needed. Such measures usually aim at the segregation of potential threatening actors and their means of execution from their assumed targets through access control and screening activities. Presumed intentions cannot, at least in our society, justify any action or denial of access or service and this poses formidable regulatory, technical and procedural problems. Most practical security assessment methodologies start from identifying the assets to protect, proceed to identify some possible threats or attack scenarios and, finally, evaluate the vulnerability of the asset to a given threat and the consequences if it materializes. While there have been several proposals on more or less rigorous security risk assessment methodologies, often transposing techniques and methods from the industrial risks, they are all are as good as the empirical predictions on the probabilities for one or another attack scenario. III. PORT SECURITY A. Legal framework and practices In response to the tragic events of 11thSeptember 2001 and the growing concern for the security, the International Maritime Organization (IMO) agreed to define and implement a new security regime of maritime transport the cornerstone of which is the International Ship and Port facility Security (ISPS) code operative since 2004. The ISPS code constitutes an amendment to the Safety of Life at Sea (SOLAS) convention on minimum security arrangements for ships and port facilities. It establishes international cooperation to take preventative measures against any threats to people safety, infrastructures, and trade. It has been transposed to the Community legal framework by the Regulation
(EC)725/2004In that regulation, maritime security is defined as the combination of preventive measuresintended to protect shipping & port facilities against threats of intentional unlawful acts. The simplescheme in Figure 3 below illustrates the main categories and characteristics of maritime securityactivities. It reflects the facts that maritime security deals both with the ship and the port. In both casesit involves extremely varied, large inventories, installations and vessels, involving the passengers,crewandportworkersbutalsothegeneralpublicLargevolumeoftradeLargevolumeoftradeLarrgeandhazardousExtensive&vanedportfacillitiesscargoLargecarriervesselClosetoinhabitedaresMaritime SecurityShipsPortsThreatstotheDisruption ofThreats to thepersons'safetytrade&safetyof(passengersmobilitygeneral publicworkers,crewsThreat toIndirect threattopublicpublic safetysafety throughclosetoportsandcoastsmugglingFig.4SchematicbreakdownofthemaritimesecuritythreatsThe prime target of ISPS and the Regulation 725/2004 is the security of the maritime vessels anditsland interfaces.Portfacilities(orterminals)aretheelementaryvessel/land interfaces and,as suchare the building blocks of port security. It is prescribed that each port facility should have a PortFacilitySecurityOfficer(PFSO),aPortFacilitySecurityPlan(PFSP)dullyformulatedafteradedicated risk analysis and approved by the National Authorities of the Member States. MemberStates and European Commission perform inspections on the practical application of the aboveRegulation 725/2004 has been extended into the whole port area by the Directive2005/65/CE.ThecornerstoneofISPScodeisthePortFacilitySecurityAssessment(PFSA),anessentialandintegral part of the process of developing and updating the Port Facility Security Plan (PFSP). Theassessment should be periodically reviewed and updated, taking into account changing threats and/orminor changes in the port facility and should, in any case, be reviewed and updated upon majorchanges to the port facility. PFSA is carried out by the contracting government directly or byrecognised security organisations and should include the following:: Identification and evaluation of critical assets and infrastructure that it is important to protect
(EC) 725/2004. In that regulation, maritime security is defined as the combination of preventive measures intended to protect shipping & port facilities against threats of intentional unlawful acts. The simple scheme in Figure 3 below illustrates the main categories and characteristics of maritime security activities. It reflects the facts that maritime security deals both with the ship and the port. In both cases it involves extremely varied, large inventories, installations and vessels, involving the passengers, crew and port workers but also the general public. Fig. 4Schematic breakdown of the maritime security threats The prime target of ISPS and the Regulation 725/2004 is the security of the maritime vessels and its land interfaces. Port facilities (or terminals) are the elementary vessel / land interfaces and, as such, are the building blocks of port security. It is prescribed that each port facility should have a Port Facility Security Officer (PFSO), a Port Facility Security Plan (PFSP) dully formulated after a dedicated risk analysis and approved by the National Authorities of the Member States. Member States and European Commission perform inspections on the practical application of the above. Regulation 725/2004 has been extended into the whole port area by the Directive 2005/65/CE. The cornerstone of ISPS code is the Port Facility Security Assessment (PFSA), an essential and integral part of the process of developing and updating the Port Facility Security Plan (PFSP). The assessment should be periodically reviewed and updated, taking into account changing threats and/or minor changes in the port facility and should, in any case, be reviewed and updated upon major changes to the port facility. PFSA is carried out by the contracting government directly or by recognised security organisations and should include the following: • Identification and evaluation of critical assets and infrastructure that it is important to protect
·Identification of threats to assets and infrastructure in order to establish and prioritize securitymeasures..Identification, selection and prioritization of measures and procedural changes and their levelof acceptance in reducing vulnerability.. Identification of weaknesses, including human factors, in the infrastructure,policies andprocedures.· Identification of perimeter protection, access control and personnel clearance requirements foraccess to restricted areas of the port.· Identification of the port perimeter and, where appropriate, the identification of measures tocontrol access to the port at various security levels.·Identification of the nature oftheexpectedtraffic intoor out of theport (e.g.passengers, crew,ship/cargotype)A simplified risk-based method / tool is used for a PFSA or a PSA, is the Threat and RiskAnalysis Matrix (TRAM).The object is to compare/evaluate security measures that will reduce,independently, the vulnerability or the impact and, collectively, will reduce the overall risk score,having in mind that a security measure for one threat may increase the risk of another. It usuallyincludes 7 steps:1. Identification of the potential targets2. Identification of the threat scenarios and threat evaluation3. Vulnerability assessment of the identified potential targets for each of the identified threats4.Impact assessment ofeachpotential security incident5. Risk Score, calculated as the product of: threat x vulnerability x impact.6. Action Prioritization: assessing the priority for protection measures against each potentialincident7. Finally, in order to give a systematic picture of the overall security situation, a master TRAMfor the whole port facility is assembled from the individual vectors of each potential target, groupingsimilar threat scenarios and common security measures.B.Port facility security parametersSystemic analysis of the main commercial port functions,under the perspective of acitizen-centric security model, resulted in a classification of the main port security parameters andcosts. Four main classes of security parameters (further broken-down as in Figure 5) were identified:a.Threatfactors:everythingrelated to the motivation/intentionto mount an attackb. Physical access control: control of the flow of persons (perimeter security and access control)c.Material items flow control:screening of cargo,luggage, personal items, equipment,consumables etc
• Identification of threats to assets and infrastructure in order to establish and prioritize security measures. • Identification, selection and prioritization of measures and procedural changes and their level of acceptance in reducing vulnerability. • Identification of weaknesses, including human factors, in the infrastructure, policies and procedures. • Identification of perimeter protection, access control and personnel clearance requirements for access to restricted areas of the port. • Identification of the port perimeter and, where appropriate, the identification of measures to control access to the port at various security levels. • Identification of the nature of the expected traffic into or out of the port (e.g. passengers, crew, ship/cargo type). A simplified risk-based method / tool is used for a PFSA or a PSA, is the Threat and Risk Analysis Matrix (TRAM). The object is to compare/evaluate security measures that will reduce, independently, the vulnerability or the impact and, collectively, will reduce the overall risk score, having in mind that a security measure for one threat may increase the risk of another. It usually includes 7 steps: 1. Identification of the potential targets 2. Identification of the threat scenarios and threat evaluation 3. Vulnerability assessment of the identified potential targets for each of the identified threats 4. Impact assessment of each potential security incident 5. Risk Score, calculated as the product of: threat x vulnerability x impact. 6. Action Prioritization: assessing the priority for protection measures against each potential incident 7. Finally, in order to give a systematic picture of the overall security situation, a master TRAM for the whole port facility is assembled from the individual vectors of each potential target, grouping similar threat scenarios and common security measures. B. Port facility security parameters Systemic analysis of the main commercial port functions, under the perspective of a citizen-centric security model, resulted in a classification of the main port security parameters and costs. Four main classes of security parameters (further broken-down as in Figure 5) were identified: a. Threat factors: everything related to the motivation / intention to mount an attack b. Physical access control: control of the flow of persons (perimeter security and access control) c. Material items flow control: screening of cargo, luggage, personal items, equipment, consumables etc
d. Information flow control: efficient and secure management of information concerning themovement of vessels, vehicles and goods; communications.Port security has a cost which is notalways evident or easy to quantify. Correct cost evaluation of the of any eventual security measures iscrucial for a good planning and, ultimately, an effective implementation of whatever measures aredeemed necessary. In Fig. 6 the main cost factors are given.Main Parametersaffecting the SecurityofaGenericPortFacilityVulnerabilitytoPhysical AccessVulnerabititytoWeaponsThreatInformationfactorsFlowsof PersonsFlowsofGoodsManagementUseQualityPerceivedTrustedCargoSecurityPotential ImpactSupplies/wastesIdentifiedNon identifiedLuggagePersenal ItemsPerceivedEfficiencyVulnerabilityDurationTypeBulkPermanentRegularContainerizedContext,OccasionalTools&EquipmentSymbolismetcAccessareasPotentialPoueteInnocuousExplosivesRestrictedFlamableToxic/RadioactiveWeaponsAccessmeansInventoryVesselVehicleLargeLimitedRailPedestrianMinuteQuantityStorage areasMearaePublicWorkLimitedRestrictedFig.5Portfacilitysecurityparameters
d. Information flow control: efficient and secure management of information concerning the movement of vessels, vehicles and goods; communications. Port security has a cost which is not always evident or easy to quantify. Correct cost evaluation of the of any eventual security measures is crucial for a good planning and, ultimately, an effective implementation of whatever measures are deemed necessary. In Fig. 6 the main cost factors are given. Fig. 5 Port facility security parameters
Costfactorsforthe Securityof a Generic Port FacilityRevenuesCostsBenefitsAquisitionLesstheftInstallationlossesOperatingLesscustomsSalariesContractsrevenuelossesBillsMaintenanceDriveforEquipmentReadinessefficiencyDrills&ExercisesStudies&DevelopmentTrainingSpecializedIncreasedGenericaccountabilityPersonnelawarnessOverheadIntangibletoPortOperatlonsPublic imageSaferareaLand useIntangibleConflictsLossofrevenewEFig.6PortfacilitysecuritycostfactorsC.EU standard instructionsforPFSAThese parameters, elaborated for each of the main port facility types, should be taken into account,together with any specific factors, duringtheportfacility security assessment (PFSA).Indeed, such auniformPFSAmethodology is a prerequisitefor establishing in a fair level playing manner, acceptablelevels of protection of the EU port facilities. From the analysis outlined above, it is evident that not allport facility types can be assessed in the same way. Security essentially deals with the control of theflows of.? Persons and.Material itemsThus, the main criteria for the classification of port facilities in terms of their security assessmentrequirements is the quantity and nature of persons accessing the facility and the volume and nature ofthe material items handled. Coherently with our analysis, it is proposed to introduce 5 distinct classes
Fig. 6 Port facility security cost factors C. EU standard instructions for PFSA These parameters, elaborated for each of the main port facility types, should be taken into account, together with any specific factors, during the port facility security assessment (PFSA). Indeed, such a uniform PFSA methodology is a prerequisite for establishing in a fair level playing manner, acceptable levels of protection of the EU port facilities. From the analysis outlined above, it is evident that not all port facility types can be assessed in the same way. Security essentially deals with the control of the flows of: • Persons and • Material items Thus, the main criteria for the classification of port facilities in terms of their security assessment requirements is the quantity and nature of persons accessing the facility and the volume and nature of the material items handled. Coherently with our analysis, it is proposed to introduce 5 distinct classes