To be secure is to be: free from fear, anxiety or doubt; free from danger or attack; reliable and unlikely to fail. To deliver freedom from fear requires the establishment of faith, confidence and trust that your systems can consistently deliver the promise of security.
The irrational acts of terrorists have brought into question the ability of any security system to truly deliver freedom from fear. Efforts to deter attacks can often remind people of the threats that motivate the security measures. Is this a Catch 22, or a reminder that to deliver security to users and stakeholders requires a far more holistic view than we have offered to date? Or do we need to integrate secure thinking into everyday life, make it part of our business process in the way that safety should be?
Standard approaches to security management view everyone as a threat until proven otherwise. Meanwhile, operations management requires constant confirmation that activities are being undertaken as expected and promised. For the former, you must constantly prove you are permitted to do what you wish to do. In the latter, you must continue to do what you should be doing.
These statements should be mutually supportive. If you are doing what you should be doing you are not a threat, while anyone doing things they should not be doing represents a threat, either simply to company performance, or more generally a tangible security threat to everyone.
Security analysts say, “to protect we need to be ahead of potential threats and identify attacks before they occur”. An operations manager says, “to operate effectively we ensure everyone is doing what they should be doing”. To be secure is to be operationally effective. Security should work with all port stakeholders to understand their operations; what people, equipment and cargo should be doing. When activities are monitored and do not conform to expectations there is a threat, be it operational or security, and that threat needs to be resolved.
Shippers, shipping companies, terminals, stevedores, other tenants, port users and stakeholders all need to maintain security within specific boundaries, and these boundaries all intersect and overlap at ports. Consider a container, for example. It is easy to see the information overlaps between different port users and stakeholders. Operational information is sometimes shared for mutual benefit. But how often is the same information understood for its security implications?
Now consider the potential threats to that container. It could be placed next to the wrong commodity in another container. Someone could try to steal the contents or overload the container. It could be poorly secured. It could be used to smuggle people, bomb-making equipment, or worse. Control and management of the container is similar for all interested parties. However, the information flow about that container has multiple strands forming a complex web of “who knows what”. The security of the container is best served by an analysis of all the available information to identify exceptions, to be profiled into “threats”.
This approach can be repeated for all port operations and in almost all assessments you get similar results. Then you start to see why convergence of systemic operations and security risks is inevitable. To understand one is to understand the other, and in the blended or converged data you can identify the most significant threats. You may even identify hitherto unknown threats, encompassing risks to operational performance as well as drugs-and human-trafficking and terrorism-related threats.
Fine in theory, but in practice, what is global “best in class” port security? What approaches are leading ports taking to reduce the possibility of business interruption, avoid inefficiencies and keep ahead of developing risks?
Singapore and Rotterdam both have a long history of advanced applications for threat assessment and forecasting. They believe that operational information is of great interest in their security planning, whether that information covers vessels, cargo, crew, owners, scheduling etc.
They see company and fleet security officers as critical, and view stakeholder intelligence feeds as vital. The relevance of environmental and weather impacts is also recognised. These port authorities use a ‘”risk/operations/vulnerability matrix” with input from all stakeholders, seeing it as a key differential in security.
Major container lines outline the following as key operational information issues:
- Early notification of location, speed and performance
- Understanding performance, position and situation for fuel-saving strategies:
- ETA due to mechanical issues
- Berth availability due to on-berth failures
- Draught/tidal issues on arrival/departure
- Understanding and managing cargo delivery cut-off times
- Managing dual-fuel port requirements and possible loss of vessel power
- Regulatory issues as potential unexpected cost items
Leading ports and lines understand port security can be improved through better use of operational intelligence. The implication is that security data should also be used to improve operational performance.