Secure haven

Ports boast 24/7 activity. Countless companies, people, containers and vessels pass through ports daily, which raises the question: how do you ensure the security within and around a port? Maritime by Holland Magazine has secured the answers to this question.

Ever since 9/11 new rules and regulations were introduced to safeguard ports and vessels worldwide. The so called ‘International Ship and Port Facility Security Code’ or ISPS code was set into place to enhance port security measures. ”Did you know this code actually broke a record?”, smiles David Anink, sector manager at the Holland Shipbuilding Association. ”It was created within a year. This very rarely happens as most codes take years to complete. It had a lot to do with the aftermath of 9/11 when we realised how vulnerable we all were.” IMO’s website explains the ISPS code as follows: ”In essence, the Code takes the approach that ensuring the security of ships and port facilities is a risk management activity and that, to determine what security measures are appropriate, an assessment of the risks must be made in each particular case. The purpose of the Code is to provide a standardised, consistent framework for evaluating risk, enabling governments to offset changes in threat with changes in vulnerability for ships and port facilities through determination of appropriate security levels and corresponding security measures.” Anink continues that though the ISPS code serves a good purpose it has changed many things. ”On 10 September 2001 you could sail to any port and quite simply walk off a ship into the port. Of course customs did their checks, but there was a certain simplicity to the action. That is definitely different now.”

Price to pay

The Royal Association of Netherlands Shipowners agrees with this statement by Anink and goes on to explain that the United States were adamant about the development of the ISPS code, which in turn meant countries wanting to do business with the US had to submit to the code. A spokesperson for the Royal Association of Netherlands Shipowners comments: ”The code was devised in the aftermath of a terrorist attack and as such the code means to protect vessels from an attack like this in the future. Next to that it details the guidelines in the unfortunate event of an attack. The code was not developed based on piracy. Piracy is a different issue. Terrorist attacks are often part of political woes, where the main goal of piracy often is financial gain. Measures stipulated in the ISPS code vary from obligated gangway control, and the increase or decrease of ISPS levels according to the threat at sea or within ports. Another very simple security measure is the introduction of passes to enter offices or other port locations. Ports worldwide all work with access control systems, knowing who is on site or has been on site can be valuable information.” Though the security measures are not extreme, they are often time consuming and do mean extra workload for people in the ports or on board of vessels. Will putting up fencing and security cameras keep out the unwanted? Moreover, what price do you put on security?

Passive sonar

Checking visitors, securing gates and installing security systems are only part of the equation. The largest area of a port consists of water, so what is being done on the waterside? One known threat is the use of ‘parasitic devices’ that are attached onto vessels. These devices are placed on the hull of a vessel and often contain drugs that are then retrieved by a diver at the destination port. Martijn Clarijs of TNO has been project leader for research on waterside security possibilities for several years and explains that this development could pose a very real threat, he says: ”Dutch customs divers inspect ship hulls for the presence of drugs, but run the risk of an encounter with a criminal diver aiming to retrieve the drugs. We performed a joint project in Rotterdam with Dutch customs, AVIC – Dutch SME – that resulted in a prototype system that can detect whether a diver is in the water before starting inspection. Furthermore, if one can attach a device containing drugs, what are the other scenario? The damage such a parasitic device containing explosives could do to, for instance, a cruise ship is unimaginable. I believe we have to consider the worst and act upon this, before it has the chance of happening.” There are security products on the market to search for divers, which use active sonar. Clarijs: ”The technology we have been developing is based on passive sonar. In active sonar, emitted sound signals echo-reflect on the target, providing information on the type of intruder. However, active sonar shows limited performance in a confined port area where sounds is reflected on much more than just the target you are looking for. Also, continuous emission of sound can have a negative effect on marine life. That is why we started researching – supported by the Dutch Ministry of Defence – the potential of passive sonar, that only listens to intruders such as divers and small boats. In addition, passive sonar technology is more economic and covert, meaning that the intruder is unaware he is being detected. All in all, it means you can keep your port waters secure without disturbing the marine life.” TNO is currently looking for a partner to create a product based on this so-called SOBEK technology following previous tests in the Netherlands as well as more recently in Aruba. ”The port of Aruba is a popular destination for cruise vessels, and although there are no current threats, Authority Ports Aruba believes in the importance of waterside security. Also, marine life in those waters is so abundant that our passive sonar technology would prove extremely useful there”, says Clarijs. ”We started a joint project to know how passive sonar would work in warmer waters as before then we had only tested in colder waters. An important first step has been to record and understand the underwater sound field near the cruise port and coral reefs, and that is just what we did last December.”

Maritime hackers

Having covered the physical safety on landside and waterside, what about digital safety? The use of computers for almost all tasks and processes within ports certainly makes life easier and more (cost)effective, however, it also makes ports vulnerable. Eric Luiijf of TNO has extensive knowledge on cyber security issues. He states that cyber crimes happen more frequently than we realise. Luiijf: ”What we see is that criminals want to enter a port’s network to check on the arrival of a container that contains, for instance, drugs or high-value goods. A variety of things can then happen. The criminals may manipulate information allowing a lorry driver to pick up the container or to plan for the best moment to intercept the container on its further journey outside the port. They can also keep tabs on the container scanning process by customs. When they see their container has attracted the attention of customs, they may choose not to pick it up and avoid arrest.” In 2011, the port of Antwerp fell victim to a large scale cyber attack. Over a period of two years a group of drug traffickers planted large quantities of cocaine in wood and banana shipments from South America. This group enlisted the help of hackers to infiltrate the computer networks of two companies within the Belgian port. Crafted emails were their first entry to success; later they physically entered the premises to add devices to the computers. By doing so they could check the location of the containers, they consequently hacked the security systems and eventually sent men in to retrieve the drug containers. Luckily this did not go unnoticed, employees raised the alarm when they noticed that containers had disappeared. Authorities researched this incident and during a raid were able to confiscate a large amount of cocaine, heroin, money, an AK-47 and other weapons, and also the computer and hacking tools used.

Human factor

The incident in Antwerp proved that cyber attacks on maritime ports are a reality. So what can be done? Luiijf: ”Apart from the organisational and technical issues, a large part of cyber attacks will always have a human angle. Port organisations and their employees need to be aware of the cyber risk. If, for instance, an employee is able to locate each and every container at a port via a computer system, he or she may be the target of a cyber attack. Criminals could selectively send a convincing email which causes the installation of a Trojan giving them unauthorised system access. Blackmail is another way to acquire the necessary information about shipments, or to manipulate via information systems the container routing. Part of security is realising who knows what, where the highest risk is, and to act accordingly.” All in all there is not one definitive answer on how you can ensure the security in any port around the world, what we do know is that a lot is being done and developed so that vessels worldwide arrive in a secure haven.

Rebecca McFedries