Seas Of TRANQUILITY
The world has taken a series of bold steps in an historic bid to lock terrorists and other criminals out of the international maritime industry.
The United Nation’s International Maritime Organization (IMO), governments around the world, legitimate shippers and their customers, the World Customs Organization (WCO), and the International Labor Organization (ILO) have joined forces to build a maritime security system.
Four concerns drive maritime security:
the traditional openness of the world’s port facilities;
the lack of security aboard ships;
the containers in which goods are carried on ships; and
the seafarers that handle the containers moved by ships.
On July 1, 2004, the International Ship and Port Facility Security Code (ISPS) issued by the IMO required ports and vessels operating around the globe to implement security plans that have been in the making for years.
In the United States, the Maritime Transportation Security Act (MTSA), signed last November, incorporates the ISPS standards into U.S. law and mandates security provisions for more than 300 coastal and inland ports in the United States. Under MTSA, the ISPS standards also apply to the vessels that dock at U.S. ports each year. Most major trading nations have enacted laws around the ISPS standards as well.
Industry observers say that ports and shipping concerns are struggling with the difficult and expensive process of ISPS compliance. Officials hope that once the largest ports and shipping companies comply, the rest of the world will follow suit. Hopes rest on the fact that non-compliant nations will likely find their ports and trading companies cut off from important shipping partners.
Maritime security goes beyond ports, vessels and shipping companies. It extends to the shippers who fill the containers used to transport goods by sea. A single container is large enough to hold up to 500 computer monitors. Individual ships can carry as many as 3,000 containers. This year, 7,500 commercial vessels will deliver six million containers to U.S. ports. Within 20 years, 24 million containers will enter the United States annually.
While ISPS empowers the IMO and member nations to secure ports and vessels, it is the job of the World Customs Organization (WCO) to monitor and control the worldwide fleet of 11 million shipping containers. In the United States, the Department of Homeland Security is working with the WCO to develop procedures designed to track containerized goods from the point of manufacture, where containers are loaded, to the point of delivery, where they are unloaded.
The fourth component of maritime security involves the seafarers that sail the ships moving cargo across the oceans. The ILO is working with governments to develop Seafarers Identity Documents that will function as international credentials for seafarers.
THE COSTS OF PORT SECURITY
That ISPS covers port facilities as well as ships is a departure for the IMO, which has only dealt with ships in the past, says Scott Glover, director of port and cargo security programs for Reston, Va.-based Unisys Global Public Sector.
As of July 1, ISPS requires that ports begin operating security plans approved by their nation. Between 80 and 90 percent of the U.S. ports covered by the mandate have submitted plans, but many are struggling with implementation. “In the urgency created by Sept. 11, ports signed onto things that are very expensive, and they are having difficulty complying,” says Glover, whose experience includes 27 years as an officer with the Coast Guard, working in the maritime safety and security area.
Ports are extremely vulnerable, adds Clint Rand, a former FBI agent and industry program manager of public safety and Homeland security for Zebra Technologies Corp., a Vernon Hills, Ill.-based manufacturer of printers for security and other applications. “Ports are located in major metropolitan areas,” he says. “They have major roadway and rail access. They have giant fuel farms to store oil. And they are easy to get into.”
According to the American Association of Port Authorities (AAPA) in Alexandria, Va., U.S. ports currently spend $1.7 billion on operations and an additional $1.7 billion on capital improvements every year. Securing the nation’s traditionally open ports will add an estimated $5.4 billion to port budgets over the next 10 years. The first-year cost will total $1.25 billion for equipment, hiring, training and administrative tasks. In years two through nine, ports will spend another $467 million per year.
Federal funding for port security has fallen woefully short of need. The Department of Homeland Security participates in port security funding by providing grants. In 2002, the Department approved grants totaling $92 million, increasing to $245 million in 2003. This year will follow on with an expected $229 million.
AAPA estimates that grant proposals made by the nation’s ports have requested close to $1 billion per year since 2002, meaning many ports have found themselves on their own when it comes to security.
PORT SECURITY TECHNOLOGY
The first round of federal port security grants paid for security assessments. Since then, the money has covered technology needs including access control systems, biometrics, closed circuit television (CCTV) and perimeter security hardware such as fencing.
Access control technology manages people coming onto port property from the land. It also helps to control access to facilities within the port. “If you need hazardous materials training to do your job at a port, we can make sure that your credential is valid only if your training is up to date,” says Bill McGinty, PSP, security solutions project development engineer for Milwaukee-based Johnson Controls Inc., and a member of the board of the National Safe Waterways and Seaports Alliance.
The Transportation Security Administration (TSA) is also exploring the use of biometric technologies in access control, McGinty says. Technologies under investigation include fingerprint, hand geometry and iris scan. Testing aims to prove the reliability and throughput efficiency of the different methods.
Optical character recognition systems play a role in port CCTV applications. “This is smart video that recognizes letters and numbers,” says McGinty. “Using the same principles as facial recognition technology, you store license numbers and other data at your site. When a landside vehicle arrives, you can use the system to determine that it is authorized to be on the premises.”
Perimeter security uses conventional and technological tools. Ports are installing fences around their perimeters and securing them with technologies that range from conventional motion detection video to vibration-sensing systems that monitor changes in signals sent down long runs of coaxial cable. “We’re also looking at a combination of CCTV and video analysis for perimeter security,” McGinty says. “New video software systems have the ability to analyze scenes caught by cameras. We can look for motion, for loiterers, for packages that haven’t moved. The systems can be set to call an operator’s attention to things that don’t look right.”
Video analysis software can also help protect the waterside of a port by looking for movements on the water, McGinty adds. The latest systems can distinguish between wave motion and riding atop the waves.
Finally, port security involves controlling the movement of freight and people inside port facilities — another steep expense for ports. Ingersoll-Rand has developed an initiative that aims to integrate security and port operations technology in ways that will help control costs. “A port is paid for taking assets off of vessels and putting the assets onto a truck or railroad car,” says James Ligotti, vice president of maritime solutions with Ingersoll-Rand Co. Ltd. (IR). “Ports have traditionally kept track of their people with time-and-attendance systems. They keep track of openings with access control systems. And they control assets with asset tracking systems. Modern technology makes it possible for ports to integrate security into each of these processes.”
For example, ports generally employ CCTV cameras throughout their facilities. Today’s digital video recording systems make it possible to integrate CCTV with existing asset tracking technologies. “For example, many ports will pay as much as $500,000 a year to shippers claiming that a container was damaged in port,” Ligotti says. “But was it? By tying the digital video recording system into the asset tracking system, you can easily review video of what happened to container ABC as it moved off the ship, through the port, and out. You can find out if it was damaged in port or not.”
Access control systems can also be re-designed to work with transportation worker identification cards (TWIC), says Ligotti. TWIC is currently being tested at the Port of Los Angeles Long Beach, Philadelphia and Florida. According to Ligotti, Ingersoll-Rand is proposing systems in which operators would insert TWIC cards in readers built into equipment such as forklifts. The cards would authorize the operator to use the forklift. Then, sensors would read the TWIC cards as the forklifts move from zone to zone inside the port and permit access or not. The technology would add security, while feeding data to asset tracking systems. Overall, the facilities would become safer and more efficient at doing business. “It will take time to redesign facilities to integrate security and business systems,” Ligotti says. “But I think we’ll find that security technology will offer ways to boost efficiency in the business model.”
ALL THE SHIPS AT SEA
Unlike the problems encountered in securing ports, ship security has proven relatively easy to implement, Glover says. “Compliance with ISPS shipboard security requirements has been much higher,” he says. “There were dire predictions about how difficult this would be. But the big shipping companies knew that they had to take this seriously if they want to come to U.S. ports, and they have.”
Flag-states, the states from which ships emanate, are responsible for complying with ship security under ISPS. Ships carrying U.S. flags, for instance, must undergo inspections by the U.S. Coast Guard. The inspections evaluate ship security plans for controlling access to the vessel and to the various zones on board.
Shipboard procedures include a gangway watch to check credentials of anyone boarding the ship and controlling the movements of people on the vessel. “If terrorists signed on as part of the crew, they won’t have access to areas considered dangerous,” Glover says.
Ship access control systems appear generally to rely on old-fashioned key-locks. More sophisticated systems may be used aboard ships carrying dangerous cargo such as oil or liquefied natural gas (LNG).
“Overall, ship security has proven to be the least challenging part of the ISPS implementation,” Glover says.
The most challenging element of maritime security involves tracking what goes into the shipping containers that go onto ships. Several years ago, a terrorist was discovered living in a container traveling in a ship that had docked in Italy. “Terrorists have used containers to sneak people around the world for years,” Glover says. “Containers are also used by smugglers and illegal immigrants.”
For maritime security to be effective, the industry must find a way of monitoring and controlling container cargo. Last year, DHS began funding a program called Operation Safe Commerce as a first step in the work of securing ship cargo containers. Initial funding for the program was $58 million and covered 18 pilot programs. Unisys was awarded four of those programs.
The first of the Unisys demonstrations has been completed and a final report will be issued in late summer. The project involves securing the supply chain for coffee beans being containerized and shipped from Santos, Brazil, to New York.
In the project, procedures were developed to load and lock the container at a Sara Lee coffee processing plant in Santos. In the test, a trusted agent was assigned to watch and sign off on the loading process. Sara Lee hired a third party to act as the trusted agent to monitor loading. Once the container was sealed, the agent punched information into a PDA and sent it to a database saying that container ABC had been properly loaded and sealed and was leaving Santos. The container was then tracked on its route to New York, from the drayage company that delivered it to the port in Brazil, through various ports of call, to New York. Tracking continued as the container was delivered to a trucking company that would unload the container and return it to the port.
Evaluations were made along the way. For example, evaluators knew that truck trip from the processing plant to the port would take four hours. If it took 4.5 hours, fine. If it took eight hours, an investigation would ensue. “We used a tracking system that added points to a risk score at different legs on the trip,” says Glover, who monitors Unisys’ Safe Commerce projects.
Tagging technology designed to reveal whether and when a container has been tampered with appears to remain a weak link in the process. Glover declines to talk about it, saying that TSA has asked for confidentiality.
Glover will say that the four demonstration projects followed different types of cargo, from coffee beans to advanced technologies and experimented with a variety of procedures. “TSA was clear in saying that we should try different approaches and not worry about failures, which could provide valuable information,” Glover says.
Part of the test also aimed to provide useful shipping information to the shipping and receiving companies, to offset security expenses with business efficiencies. “The hope is that an integrated supply chain will not only provide security, but also asset visibility, more control over inventory, and theft reduction,” Glover says.
The latest issue raised by the United States involves credentialing seafarers, the people who work on the ships delivering containers. The United States requested a plan that would enhance the security provided by existing credentials. The IMO suggested coordinating this effort with the International Labor Organization, or ILO, which represents the interests of seafarers.
The solution being considered uses an identification card encoded with a fingerprint. A U.S. sailor at port in the Philippines would use the card at a reader to re-board the ship. He would offer a fingerprint while carding in. The reader would do a one-to-one match between the real fingerprint and the one stored on the card. A match would indicate that the presenter is the person whose fingerprint is on the card.
Eventually, the system would be further secured with the addition of a database maintained in the seafarer’s home country. When the card and fingerprint are offered at the ship in the Philippines, an Internet communication would match the fingerprints against a database and confirm that the presenter was issued seafarer documents in the home country — and proving that he or she did not buy a fraudulent card somewhere.
Unisys is studying ways to implement a test of the concept in the Philippines, which is the largest provider of seafarers in the world.
While worldwide maritime security is no more than a couple of years old, the emerging discipline has taken steps to address each of four major concerns: security at ports, on ships, inside cargo containers, and among the people that do the work. So everything, if not secure, is at least on board for the trip.