Port security

Port security is part of a broader definition concerning maritime security. It refers to the defense, law and treaty enforcement, and Counterterrorism activities that fall within the port and maritime domain. It includes the protection of the seaports themselves and the protection and inspection of the cargo moving through the ports. Security risks related to ports often focus on either the physical security of the port, or security risks within the maritime supply chain.

Internationally, port security is governed by rules issued by the International Maritime Organization and its 2002 International Ship and Port Facility Security Code. Additionally, some United States-based programs have become de facto global port security programs, including the Container Security Initiative and the Customs Trade Partnership against Terrorism. However, some businesses argue that port security governance measures are ineffective and costly and that it negatively impacts maritime transport costs.

Maritime Supply Chain and Port Security
Physical port security involves the risks to the perimeters of the port. Risks to port security involves natural risks such as hurricanes and flooding, man-made risks such as operator error, and weapon risks such as chemical, biological and nuclear material. It also involves adequate security systems within the port, such as security guards, video surveillance and alarm systems.

Physical port security also falls under the umbrella of maritime terrorism. Ports are attractive targets for terrorists because ships and cargoes are fixed in time once they enter the port, which removes the uncertainty in relation to the location of the target.

Apart from physical port security, the port is connected to a larger supply chain. There are various risks along this supply chain that can affect port security, such as explosives attached to the vessel or unwanted passengers on the vessel. Ports are "potential targets of illegal activity which may impact their ability to function as intended, and ports as conduits into and out of national borders and supply chains, which can be exploited in order to introduce or move illegal materials, persons, or activities". That involves increasing the number of vulnerabilities to port security to the supply chain.

Port Security Risk Management
Security risk management practices of ports reflect the goal of preparing for the inevitable nature of risk before an event occurs.

Physical Port Security Risk Management
Examples of security risk management practices at ports are: employment of a security director, crisis leadership, contingency planning and the use of intelligence. Other measures include physical security barriers, such as CCTV cameras and adequate light at the port in order to ensure that cargo theft does not take place.

Maritime Supply Chain Risk Management
Examples of risk management practices within the maritime supply chain include ISPC (International Ship and Port Facility Security Code), CSI (Container Security Initiative) and whole-of-supply chain outcomes, CTPT (Customs-Trade Partnership Against Terrorism). These efforts have been criticised as the use of quantitative and statistical approach to security in the maritime supply chain is argued to overlook low probability, high impact events.

Cyberspace Security Risk Management
Examples of cyberspace security risk management practices of ports are: investment in cyber defense mechanisms for port infrastructure, cybersecurity awareness and training programs. These programs educate employees about cyber risks, to help prevent and to mitigate potential cyber threats.

Other measures include collaboration and information sharing. Collaboration with other relevant actors in the maritime sector can help ports stay well informed about global cyber threats, which in turn can help preemptively to address emerging cyber threats.

Privatisation of Port Security
Port security is often in the literature depicted as a responsibility of the state, as it concerns national security. Yet, the emergence of private security actors has also influenced aspects of port security governance. In the case of a port in Indonesian, the involvement of so many different types of state and non- state agencies actually lessened security.

Cyber Risks
Maritime security is undergoing rapid digitalization and technological advancements, leading to an increased reliance on onshore infrastructure to support critical maritime operations. The increased connectivity and digitization of services in the maritime industry has impacted the risk of cyber attacks and threats in several ways. It has expanded the attack surface, created new threats, created a hostile threat environment, and increased vulnerabilities onshore.

Malware Insertion
Maritime cyber risks include attacks on ports and port systems. Attacks such as malware insertion, including cyber and ransomware attacks. In these attacks, cyber criminals encrypt computers and networks within the onshore infrastructure, demanding a ransom in exchange for decryption.

Business Email Compromise Fraud
Other cyber risks include Business Email Compromise Fraud. In this instance, cyber criminals trick employees into wiring them money to a foreign account. In reality, the account belongs to the cyber criminals, which they will gain monetary benefits from.

Cyber Espionage
Foreign state espionage in the maritime sector is another cyber risk, threatening port security. It involves hackers employed by states to conduct cyber espionage. What the state hackers will gain from espionage is an insight into onshore facilities, like ports. Their intentions are strategic, aiming to acquire foreign technology, possibly to develop the cyber criminals’ destructive cyber attack capacity.

Surveillance
Another cyber risk ports are faced with is hackers that are compromising IT systems on board  of ships, allowing the cyber criminals to gain an insight into, for an example, the ship’s location and cargo. Ports use a variety of sensors, such as Wi- Fi and satellite- based Internet systems which are increasingly automated. Such systems are vulnerable to penetration and manipulation and risk being misused for hacktivism and by terrorists. Not only can this affect port security in terms of the parameters of the surface of the port, but a possible hacking of data can be used to trace ships and mislead them for hijacking purposes.

Liquefied Natural Gas Trade
Technological developments coupled with the U.S. Shale Revolution has allowed for increasing exports of liquefied natural gas (LNG). The commodity, consisting of 70-90 percent methane and 0-20 percent of butane, propane and ethane is similar to crude oil as it forms through pressurising and heating.

LNG derives at onshore or offshore ports, where the infrastructure at the port contains terminals that bring the LNG further. It can either be attached to a gas liqufication or storage plant, a regasification and storage plant or just a storage and distribution plant. The infrastructure at LNG terminals are therefore concerned with highly flammable content that is of security risk to personnel. Onshore LNG ports that are located close to cities or dense populations are also a security risk to the area surrounding the port. Risks to port security will vary considerably and depend on the waiting position of a tanker, location of the port, and security risk management practices of each specific port.

LNG is naturally linked to maritime terrorism, as disputed areas and chokepoints -such as the Strait of Malacca and Singapore Strait- has the potential to result in hijacking and bombs as the area becomes more active. As the new demand centres for LNG is most notably in Asian countries such as China, India, Japan and South Korea, new geopolitical tensions might increase in the region between LNG- exporting countries such as the U.S., Russia and Qatar. This also relates to energy security, as import dependent countries are vulnerable to a sudden stop in supply of LNG.

Port Security in the United States
Following the September 11 Attacks, the U.S. Government acknowledged the threat of unsecured ports and shipping containers. By 2001, the U.S. economy was already heavily reliant on maritime shipping, and that reliance was set to double by 2020. Former U.S. Coast Guard officer Stephen Flynn has stated that interest in shipping container security has seen a definitive shift pre and post-9/11. Shipping container and port security pre-9/11 was focused primarily on promoting the advancement of globalization. These interests were prioritised over sea and border defence. Additionally, prior to 9/11, the U.S. Customs and Border Protection was more focused on combating drug smuggling.

The maritime suicide bombing carried out against the USS Cole in October 2000 by Al-Qaeda illustrated the probability of future maritime based terrorist attacks against the U.S. In response, terrorist groups such as Al-Qaeda were flagged as the largest threat to maritime supply chains; as their maritime skills were rapidly improving and U.S. maritime security regimes remained weak. However, post-9/11, the U.S. government realized the risks and threats associated with unsecured maritime transport - particularly the containerised transport of nuclear material into U.S. ports. Additionally, the U.S. government showed an interest in funding and developing homeland security, which has been critiqued by maritime experts as merely ‘constructing barricades to fend off terrorists’. In the years since, academics have called for the creation of an international security regime that allows the U.S. ‘to remain an open, prosperous, free and globally engaged society’ as more than 6000 international vessels and 100,000 seafarers visit U.S. ports every year.

Shipping Container Surveillance
Every year, the United States Marine Transportation System moves more than 2 billion tons of domestic and international goods. It imports 3.3 billion tons of domestic oil, transports 134 million passengers by ferry, serves the 78 million Americans engaged in recreational boating and hosts more than 5 million cruise ship passengers a year.

Although shipping containers have been widely used since World War II, in 2002 it was estimated that less than 3% of the 20 million containers that entered U.S. ports were scanned or inspected.

This statistic is made clearer when understood in the context of the U.S. Customs and Border Protection’s protocol. At Port Newark-Elizabeth Marine Terminal, 82% of the product passing through is "trusted" by the Customs agents as routine activity. Only 18% of the shipments are an "anomaly" to the known shipments. This, in addition to the requirements for shippers to provide cargo lists, explains the reasoning behind such low search figures.

Federal Legislature
In 2001, the Port and Maritime Security Act of 2001 was submitted to the House of Representatives, and subsequently referred to the Committee on Commerce, Science, and Transportation. Some changes were made to the bill, however it was passed into law in 2002 as the Maritime Transportation Security Act of 2002. Many of the provisions within the Maritime Transportation Security Act of 2002 call for additional attention to be paid to seaports as potential targets of terrorist attacks, and the coordination of the U.S. Coast Guard and government agencies to update their maritime counter terrorism plans. Some of the points include directives to develop anti-terrorism cargo identification tracking, improved screening systems to be used on containers being shipped to the U.S. from foreign ports and enhanced physical security of shipping containers including updates standards on seals and locks. Additionally, federal security standardizations were set for the first time regarding restrictions to specific areas, surveillance measures and developing security plans.

In the 2005 109th Session of Congress, the most maritime security related bills were introduced since 9/11, showing a significant increase in interest in these issues among federal officials.

All 7 bills, however, died in either the House of Representatives or the Senate.

Security Initiatives
The period following 9/11 demonstrates a broadening of security initiatives and focus on terrorist capabilities. Former U.S. Coast Guard officer John Harrald states that while there has been significant growth in container surveillance interest and initiatives from 2001 to 2005, in comparison to the growth of conventional national security and aviation security it is ‘dwarfed’.

In 2001, the Customs-Trade Partnership Against Terrorism (CTPAT) was created in an attempt to bolster the Bush Administration's post-9/11 multi-layered cargo enforcement strategy. The initiative is a voluntary partnership between principal stakeholders in the public and private sector (importers, shipping container carriers, customs brokers and manufacturers).

A year later, in 2002, the Container Security Initiative (CSI) was launched by the U.S. Customs and Border Protection. Specifically focusing on containerised cargo entering U.S. ports, the bilateral information sharing initiative was intended to ‘extend the zone of security outward so that American borders are the last line of defence, not the first’. The reciprocal system between U.S. and foreign ports, makes it possible for U.S. bound shipping containers to be inspected at their host port, instead of upon arrival in the U.S. The 2002 RAND SeaCurity conference revealed that the European Commission ‘strongly opposes’ the Container Security Initiative (CSI) and particularly the Customs-Trade Partnership Against Terrorism (CTPAT). One reason given was that the shipping container's safety seal is only required to be placed on its doors at the port of departure, not the port of origin. Therefore, the container is unsealed and exposed through most of its journey through international ports.

The United Nations Office on Drugs and Crime (UNODC) was established in 1997, however expanded after 9/11 to include maritime crime and piracy. In 2015, the UNODC released the first annual report on their Global Maritime Crime Programme. The programme assists 18 countries in combating ‘the smuggling of migrants and people trafficking, wildlife and forestry crime, piracy and armed robbery, Somali charcoal smuggling, fisheries crime and the growing threat of narcotics trafficking on the high seas of the Indian Ocean’. However, neither the UNODC's annual reports, nor their Maritime Crime Manual for Criminal Justice Practitioners, make any mention of shipping container surveillance.

The International Ship and Port Facility Security Code (ISPS) is an amendment of the Safety of Life at Sea Convention (SOLAS), which entered into force in July 2004. The code provides a security regime for international shipping and port security. Compliance is mandatory for the 148 contracting parties to SOLAS, however there are no consequences for non-compliance. ISPS is therefore a security framework for states, whereby 'each ship and each port facility will have to determine the measures needed to intensify its security measures to appropriately offset the threat by reducing its vulnerability.

Maritime security expert Peter Chalk acknowledges that government initiatives up until 2008 have ‘conferred a degree of transparency' by laying the parameters - the 'rules, principles, and attendant responsibilities for international cooperation', providing a ‘common framework in which to further develop’. Chalk, however, is quick to point out that even by 2008, government initiatives were still limited in scope. Criticising the International Ship and Port Facility Security Code as a failure, since it includes countries who lack resources to properly comply and audit. Leaving many ports conducting "tick in the box" security verification procedures on container shipments which will eventually arrive in U.S. ports. Stating the U.S. must begin by working with like minded allies internationally.

The U.S. government has taken a segmented approach to problem solving container surveillance weaknesses in an attempt to protect maritime commerce - ‘by necessity, domestic and international maritime security programs have been implemented in parallel to the creation of a coherent strategy and before the development of any measures of effectiveness. The result has been the collection of programs which overlap, interact and leave significant gaps. The overall effectiveness of national and international efforts is impossible to assess’.
 * Radiation Portal Monitor Technology


 * In 2002, the U.S. Government installed Radiation Portal Monitors at marine security checkpoints to check for neutron gamma rays. A small amount of HEU, or Highly Enriched Uranium is a substance that can be used to successfully create Weapons of Mass Destruction without much skill. It was later found that the Radiation Portal Monitors installed in 2002, did not scan for the total nuclear energy of the item or the characteristics of the item, which made it difficult to differentiate between harmless and harmful radioactive materials. This led to many false alarms and additional searches by the U.S. Customs and Border Patrol. Additionally, the poorly functioning portal monitors made it possible for successful experiments simulating the smuggling of nuclear material into ports to expose further issues with the machines. One of these experiments included hiding a lead lined steel pipe containing depleted uranium (simulating the properties of a nuclear weapon) in a suitcase. The suitcase passed through countries to simulate the journey of a potential terrorist and was ultimately packed into a container in Istanbul. When the container arrived in New York it was pulled to the side for additional screening, however customs officers did not detect the uranium.


 * In response, the Department of Homeland Security developed a second generation model of the Radiation Portal Monitors, with hopes to lower the rate of false alarms. However, the machines were still not dependable and were unable to successfully detect Highly Enriched Uranium.
 * In 2007, George W. Bush signed the recommendations from the 9/11 Commission Report, stating that within five years all maritime cargo was to be scanned before being loaded onto vessels in foreign ports headed to the U.S. He also ordered an increase in the use of the Radiation Portal Monitors despite their inconsistencies and reported issues.

Federal Authorities' Homeland Security Initiatives
Immediate federal responses to 9/11 included the establishment of the Department of Homeland Security in 2002; reorganising the leading federal port security agencies U.S. Coast Guard, U.S. Customs Service and the Transportation Security Administration into 5 new separate offices. The Department of Homeland Security regards the U.S. Coast Guard as the ‘lead federal agency for maritime homeland security’. As the nation's principal maritime law enforcement authority, the U.S. Coast Guard is responsible for ‘evaluating, boarding, and inspecting commercial ships as they approach U.S. waters, for countering terrorist threats in U.S. ports, and for helping protect U.S. Navy ships in U.S. ports’. The U.S. Customs Service is responsible for inspecting commercial cargoes and cargo containers. Experts, however, have expressed discontent over the lack of clear roles and responsibilities of federal agencies - particularly their overlap and duplication. Flynn, particularly criticises the trend of ‘tweaking the roles and capabilities of agencies whose writ runs only to the nation's shores’.


 * ‘There are many public and private stakeholders operating in a port environment motivated by conflicting agendas. A major concern for U.S. policy makers is assigning roles and responsibilities for maritime security among federal agencies; among federal, state, and local agencies; and between government agencies and private industry’..

Collaborative efforts between the U.S. Immigration and Naturalization Service (INS), the U.S. Coast Guard, the U.S. Bureau of Consular Affairs and the U.S. Department of State have been attempted through a Memorandum of Agreement. However, in 2004, their intelligence was still only limited to ‘detecting a containserized WMD at its port of entry’. In a 2003 report made for Members of Congress, the Congressional Research Service stated that the U.S. Coast Guard and U.S. Customs and Border Protection's programs ‘represent only a framework for building a maritime security regime, and that significant gaps in security still remain’. The report concluded that there is administrative hesitancy within security agencies, specifically ’implementation issues’ regarding the "24 Hour Rule". Under Customs Regulations, U.S. Customs and Border Protection agents are required to ‘receive, by way of a CBP-approved electronic data interchange system, information pertaining to cargo before the cargo is either brought into or sent from the United States by any mode of commercial transportation (sea, air, rail or truck)’. However, U.S. Customs and Border Protection agents have noted this 'will greatly impact the balance between a prosperous economy and sea and land border defense’. In a 2007 report made for Members of Congress, the Congressional Research Service quoted former Department of Homeland Security Inspector General Richard Skinner, who stated that ‘overall resource hours devoted to USCG’s homeland security missions grew steadily from FY 2001 through FY 2005’. However the U.S. Coast Guard only achieved 5 out of 19 (26%) homeland security goals. Evaluated with reference to the expectations set out in the Ports and Waterways Safety Act of 1972 and the Maritime Transportation Security Act of 2002, the U.S. Coast Guard's homeland security operations fell short in 9 key areas: funding, assets and personnel levels for performing homeland and non-homeland security missions; division of budget between homeland and non-homeland security missions; coordination with other Department of Homeland Security offices, federal, state and local authorities involved in maritime security - including coordination of operations and intelligence; monitoring compliance with facility and vessel security plans; completing foreign port security assessments; implementing long-range vessel-tracking system required by MTSA; implementing Automatic Identification System (AIS); inland waterway security; and response plans for maritime security incidents.


 * ‘The Coast Guard will be unable to increase total resource hours without the acquisition of additional aircraft, cutters, and boats. Consequently, the Coast Guard has a limited ability to respond to an extended crisis, and therefore must divert resources normally dedicated to other missions’.

Marine Domain Awareness
The adoption of Maritime Domain Awareness (MDA) has been suggested by experts as a replacement for the Bush Administration's initial homeland security approach ‘Since FY 2001, more Coast Guard resource hours have been dedicated to homeland security missions than for non-homeland security missions.’ Loy and Ross insist that MDA collaboration between ‘military power, diplomatic influence, economic power... and the private sector’ is the only way to deal with potential security threats.’. Stating that current customs procedures were only ‘developed for economic protection’ by promoting ‘just-in-time delivery’. Whereby ‘final papers are not required to be submitted for a container shipped under customs bond until after the container arrives at its official port of entry, which can be as many as 30 days after it enters the country.’. Highlighting that the DHS’ security training programs and their creation of security plans have very little to no effect on reforming administrative procedures.

Ronald O’Rourke, a specialist in U.S. naval affairs, who details the Coast Guard's self assessment for the fiscal year of 2006 and their subsequent trialing of Marine Domain Awareness (MDA) and Automated Identification Systems (AIS) nationwide. Known as Project Hawkeye, the trial was aimed at bringing maritime cargo transport security to the level of air cargo (O’Rourke 2–3). However the radars confused waves with boats and the long range surveillance cameras were only able to capture ‘a sliver of the harbor and coasts’. Due to their ineffectiveness ‘Coast Guard staff personnel have been told not to waste much time looking at it’. Additionally, the Automated Identification System can be turned off, or used to enter an incorrect vessel location and identity.

Academic Discourse
Admiral James Loy and Captain Robert Ross suggest a multilateral approach with U.S. trading partners (public and private) be pursued.

Former U.S. Coast Guard Commander Stephen Flynn also suggests extending current initiatives to include bilateral and multilateral international inspection zones.

European stakeholders take a similar position to Loy, Ross and Flynn, encouraging the inclusion of the private sector in any counter-measure actions taken by the government, so as to avoid ‘affect container throughput – affecting the commercial imperative’.

Maritime Terrorism and Piracy
The importance of the container shipping industry is equally matched by its vulnerabilities to terrorist attack. The U.S. maritime system consists of over 300 sea and river ports with more than 3,700 cargo and passenger terminals. The United States and global economies depend on commercial shipping as the most reliable, cost efficient method of transporting goods, with U.S. ports handling approximately 20% of the maritime trade worldwide. The volume of trade throughout the U.S. and the world creates a desirable target for terrorist attack. An attack on any aspect of the maritime system, mainly major ports, can severely hamper trade and potentially affect the global economy by billions of dollars.

The security of ports and their deficiencies are numerous and leave U.S. ports vulnerable to terrorist attack. The vulnerabilities of our ports are many, leading to potential security breaches in almost all aspects of the container shipping industry. With the sheer volume of maritime traffic, there is serious concern of cargo/passenger ship hijackings and pirate attack, as well as accountability of the millions of shipping containers transported worldwide. Given the overwhelming number of ships and containers, there are many areas of concern regarding the security of U.S. ports.

Terrorists can, and eventually may, exploit the shipping industry's deficiencies in port security. Potential threats include the smuggling of weapons of mass destruction (WMD), a radiological "dirty" bomb, a conventional explosive device, and transportation of terrorist operatives, as well. Studies have claimed a Hiroshima sized nuclear detonation at a major seaport would kill fifty thousand to one million people. It is common knowledge within the industry that security measures of major ports cannot have a significant effect on the movement of goods, thereby allowing exploitation of the system for terrorist use.

The geographical/physical layout of the ports themselves is of concern. The protection and security of the landside perimeter of a port is difficult due to their large size. Ports located in highly urbanized areas allow terrorists a densely populated area in which to hide while infiltrating or escaping the port area at their perimeter. The high volume of trucks entering and exiting port facilities pose a threat to the port, as well as surrounding geographical areas. Exiting trucks may contain WMD or terrorist operatives that are to infiltrate a surrounding metropolitan area, i.e., transporting a chemical explosive device (from the Port of Los Angeles) to a more densely populated area (downtown Los Angeles). Container ships anchored at port facilities are particularly vulnerable to both highjacking and explosive devices as they are stationary targets. Most crews of cargo ships are unarmed, and would be defenseless to an armed attack. The disabling of a ship at port is enough to halt all activity at that port for an extended period of time, especially if the disabled ship is blocking a throughway for other vessels.

The economic impact of such an attack would be disastrous on a global scale. An example of such an economic impact can be drawn from a labor-management dispute that closed ports along the west coast of the United States. These port closures cost the U.S. economy approximately $1 billion per day for the first 5 days, and rose exponentially thereafter. When the International Longshore and Warehouse Union strike closed 29 West Coast ports for 10 days, one study estimated that it cost the United States economy $19.4 billion. Many manufacturing companies of the world employ a just-in-time distribution model, allowing for lower inventory carrying costs and savings from warehouse space. The shipping industry is essential to this method, as its speed and reliability allow new inventory to be shipped and received precisely when it is needed. The adopting of the just-in-time method has dropped business logistics cost from 16.1% of U.S. GDP to 10.1% between 1980 and 2000. Although this method has dropped costs significantly, it has put a stranglehold on security options, as the shipping times of these shipments are exact and cannot afford delays from inspection. Other aspects of economic impact include costs of altering shipping routes away from a disabled port, as well as delays from ports operating over capacity that receive the rerouted ships. Most ports operate at near capacity and can ill afford an attack of this nature.

Although there are many government sponsored agencies involved with port security, the responsibility of providing that security is of state and local governments. Allen (2007) states that 'under the protective principle, a state has jurisdiction to prescribe and enforce laws against acts that threaten vital state interests'. The protective principle 'recognizes that a state may apply its laws to protect vital state interests, such as the state's national security or governmental functions'. Some ports may enact their own police forces in addition to city law enforcement.

There have been proposals to consolidate federal agencies responsible for border security. The consolidation may offer some long-term benefits, but three challenges may hinder a successful implementation of security enhancing initiatives at the nations ports: standards, funding, and collaboration.

The first challenge involves implementing a set of standards that defines what safeguards a port should have in place. Under the Coast Guard's direction, a set of standards is being developed for all U.S. ports to use in conducting port vulnerability assessments. However, many questions remain about whether the thousands of people who have grown accustomed to working in certain ways at the nation's ports will agree to, and implement, the kinds of changes that a substantially changed environment will require.

The second challenge involves determining the amounts needed and sources of funding for the kinds of security improvements that are likely to be required to meet the standards. Florida's experience indicates that security measures are likely to be more expensive than many anticipate, and determining how to pay these costs and how the federal government should participate will present a challenge.

The third challenge is ensuring that there is sufficient cooperation and coordination among the many stakeholders to make the security measures work. Experience to date indicates that this coordination is more difficult than many stakeholders anticipate, and that continued practice and testing will be key in making it work.

Policing
Whilst the threat of terrorism cannot be totally be dismissed the day-to-day operations of port and harbour police more often deals with more mundane issues, such as theft (including pilferage by dock workers), smuggling, illegal immigration; health and safety with regards to hazardous cargoes, safe docking of vessels, and safe operation of vehicles and plant; environmental protection e.g. spillages and contaminated bilge water.