Security at Sea

The Old Spice man isnt going to like it.

Nor will any of the seafaring workers who mold themselves in the centuries-old stereotype of the merchant sailor, with a floating address and a romance in every port. The International Ships and Port Security (ISPS) Code, set out by the International Maritime Organization (IMO), and scheduled to be implemented in little more than a month, will surely cramp their style.

For example, according to the new regulations, internationally traveling vessels over 300 gross tonnage that are not cruise ships or tankers must have an Automatic Information System (AIS) in operation by their next safety inspection, and no later than December 31. AISs include a beacon or transponder so as to create, collectively, a virtual map of the ships at sea. Ships must also keep a continuous synopsis record of ship and crew history, down to the individual.

But these requirements are just a few technical details in the sweep of what the ISPS demands. The Code is primarily a framework for consistency of security measures among the IMOs 162 member countries, whose governments have passed their own legislation to put in force the Codes requirements and deadlines (in the United States, thats the Maritime Transportation Security Act (MTSA). Under this, each port facility serving international traffic and every vessel docking at such ports must submit a security and risk assessment, as well as a three-tiered security plan, to their flag states overseeing body (in the United States, thats the Coast Guard). When theyve done that to their flag states satisfaction, they get a security certificate (which ships must carry on board). Shipping companies must designate company security officers as well as ship security officers for each of their vessels. Some ports will be required to have security officers as well. Ports must develop access control systems. Ships must develop security alert systems that can warn somebody on land that things are awry, without alerting the ship. All in all, its a lot of paperwork, a lot of technology, a lot of interagency cooperation, and a lot of speed on the part of government entities.

Still, many countries are bullish on the prospect of their ports and registered vessels being compliant in time. In late April, for example, Kenya Ports Authority Managing Director Brown Ondego said Kenya will meet the July deadline. And Pakistans director general of ports and shipping, Anwar Shah, said his country was ready to meet the deadline for implementation of the ISPS Code. On May 10, New Zealands Maritime Safety Authority announced that the first of 19 N.Z. ports required to meet international security requirements had achieved full compliance and called the other 18 on target.

Yet a January article in The CalTrade Report reported that only about 5,000 of 10,000 U.S.-registered vessels and only 1,100 of 5,000 U.S. port facilities and terminals had met a January 1 deadline for submitting the mandated maritime security plans. On March 29, the IMO issued a bulletin urging port facilities worldwide to get going, noting that port facilities seemed to be lagging behind shipsa serious problem because compliant ships cannot call on noncompliant ports without damaging their own security status. And on May 25, IMO chief Efthimios Mitropoulos said fewer than 6 percent of the world's ports now comply with the security code's conditions, and the agency has accepted just 1,933 of the 12,283 security plans submitted by commercial vessels, adding that the July deadline won't be extended.

The Coast Guard believes that the industrys present value cost of implementation for basic (not elevated) security level compliance could be about $7.348 billion over the next ten years for all U.S. vessels, facilities, ports, and offshore facilities affected. On the other hand, noncompliance isnt cheap, at $25,000 a violation. Furthermore, according to a Maritime International Secretariat Services report, policy makers and regulators have repeatedly emphasized that the Code will be rigorously enforced on a global basis and & that ships unable to demonstrate full compliance should anticipate serious delays, potential imposition of legal penalties and the possible denial of entry to certain ports. And, as noted above, noncompliant ports will likely be shunned by shippers, and could even be closed down.

As becomes evident, this complex array of administration and implementation is one big hairy project. The stakes are high, the execution difficult, the players practically innumerable. Do you think it can be done? What will happen if July 1 dawns to shipping bedlam? Are you making contingency plans?

Copyright © 2004 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)