security has the role of the control function. Anticipating a certain threat, the system takes preventivemeasures so as to minimize its consequences.Such a scheme is generally stable in case ofperturbations that are independent of the control, like in the case of natural or industrial hazards. Onthe contrary, in the case of security, the threat seeks to maximize its effects and counter any securitymeasures taken. This is, by definition, an unstable system. Modelling of such complex non-linearsystems cannot yield any reliable quantitative results. Instability is, in general, characterized by moreand more frequent, high-consequence, unpredictable events.IncidentThreatOutputPerturbatiorTargetSecuritymeasuresControlSecuritysystemFig. 3 The security system tries to counter a threat (manifested, anticipated or perceived) based on the criterion ofminimization of its effectsTodate,securityisprimarilyensuredbydeterrence.However,inthemoderncontextofthesocalled emerging threats, the importance of deterrence is relative. On top of the existing criminal andantifraud framework,preventivemeasures areneeded.Suchmeasures usually aim at the segregationof potential threatening actors and their means of execution from their assumed targets through accesscontrol and screening activities. Presumed intentions cannot, at least in our society, justify any actionor denial of access or service and this poses formidable regulatory, technical and procedural problems.Most practical security assessment methodologies start from identifying the assets to protectproceed to identify some possible threats or attack scenarios and, finally, evaluate the vulnerability ofthe asset to a given threat and the consequences if it materializes. While there have been severalproposals on more or less rigorous security risk assessment methodologies, often transposingtechniquesand methodsfromthe industrial risks,theyareall areasgood as the empirical predictionsontheprobabilitiesforoneoranotherattackscenarioIIL.PORT SECURITYA.Legal frameworkandpracticesIn response to the tragic events of 11thSeptember 2001 and the growing concern for the security,the International Maritime Organization (IMO) agreed to define and implement a new security regimeof maritime transport the cornerstone of which is the International Ship and Port facility Security(ISPS) code operative since 2004. The ISPS code constitutes an amendment to the Safety of Life atSea (SOLAS) convention on minimum security arrangements for ships and port facilities. Itestablishes international cooperation to take preventative measures against any threats to people safetyinfrastructures, and trade. It has been transposed to the Community legal framework by the Regulation
security has the role of the control function. Anticipating a certain threat, the system takes preventive measures so as to minimize its consequences. Such a scheme is generally stable in case of perturbations that are independent of the control, like in the case of natural or industrial hazards. On the contrary, in the case of security, the threat seeks to maximize its effects and counter any security measures taken. This is, by definition, an unstable system. Modelling of such complex non-linear systems cannot yield any reliable quantitative results. Instability is, in general, characterized by more and more frequent, high-consequence, unpredictable events. Fig. 3 The security system tries to counter a threat (manifested, anticipated or perceived) based on the criterion of minimization of its effects To date, security is primarily ensured by deterrence. However, in the modern context of the so called emerging threats, the importance of deterrence is relative. On top of the existing criminal and antifraud framework, preventive measures are needed. Such measures usually aim at the segregation of potential threatening actors and their means of execution from their assumed targets through access control and screening activities. Presumed intentions cannot, at least in our society, justify any action or denial of access or service and this poses formidable regulatory, technical and procedural problems. Most practical security assessment methodologies start from identifying the assets to protect, proceed to identify some possible threats or attack scenarios and, finally, evaluate the vulnerability of the asset to a given threat and the consequences if it materializes. While there have been several proposals on more or less rigorous security risk assessment methodologies, often transposing techniques and methods from the industrial risks, they are all are as good as the empirical predictions on the probabilities for one or another attack scenario. III. PORT SECURITY A. Legal framework and practices In response to the tragic events of 11thSeptember 2001 and the growing concern for the security, the International Maritime Organization (IMO) agreed to define and implement a new security regime of maritime transport the cornerstone of which is the International Ship and Port facility Security (ISPS) code operative since 2004. The ISPS code constitutes an amendment to the Safety of Life at Sea (SOLAS) convention on minimum security arrangements for ships and port facilities. It establishes international cooperation to take preventative measures against any threats to people safety, infrastructures, and trade. It has been transposed to the Community legal framework by the Regulation
(EC)725/2004In that regulation, maritime security is defined as the combination of preventive measuresintended to protect shipping & port facilities against threats of intentional unlawful acts. The simplescheme in Figure 3 below illustrates the main categories and characteristics of maritime securityactivities. It reflects the facts that maritime security deals both with the ship and the port. In both casesit involves extremely varied, large inventories, installations and vessels, involving the passengers,crewandportworkersbutalsothegeneralpublicLargevolumeoftradeLargevolumeoftradeLarrgeandhazardousExtensive&vanedportfacillitiesscargoLargecarriervesselClosetoinhabitedaresMaritime SecurityShipsPortsThreatstotheDisruption ofThreats to thepersons'safetytrade&safetyof(passengersmobilitygeneral publicworkers,crewsThreat toIndirect threattopublicpublic safetysafety throughclosetoportsandcoastsmugglingFig.4SchematicbreakdownofthemaritimesecuritythreatsThe prime target of ISPS and the Regulation 725/2004 is the security of the maritime vessels anditsland interfaces.Portfacilities(orterminals)aretheelementaryvessel/land interfaces and,as suchare the building blocks of port security. It is prescribed that each port facility should have a PortFacilitySecurityOfficer(PFSO),aPortFacilitySecurityPlan(PFSP)dullyformulatedafteradedicated risk analysis and approved by the National Authorities of the Member States. MemberStates and European Commission perform inspections on the practical application of the aboveRegulation 725/2004 has been extended into the whole port area by the Directive2005/65/CE.ThecornerstoneofISPScodeisthePortFacilitySecurityAssessment(PFSA),anessentialandintegral part of the process of developing and updating the Port Facility Security Plan (PFSP). Theassessment should be periodically reviewed and updated, taking into account changing threats and/orminor changes in the port facility and should, in any case, be reviewed and updated upon majorchanges to the port facility. PFSA is carried out by the contracting government directly or byrecognised security organisations and should include the following:: Identification and evaluation of critical assets and infrastructure that it is important to protect
(EC) 725/2004. In that regulation, maritime security is defined as the combination of preventive measures intended to protect shipping & port facilities against threats of intentional unlawful acts. The simple scheme in Figure 3 below illustrates the main categories and characteristics of maritime security activities. It reflects the facts that maritime security deals both with the ship and the port. In both cases it involves extremely varied, large inventories, installations and vessels, involving the passengers, crew and port workers but also the general public. Fig. 4Schematic breakdown of the maritime security threats The prime target of ISPS and the Regulation 725/2004 is the security of the maritime vessels and its land interfaces. Port facilities (or terminals) are the elementary vessel / land interfaces and, as such, are the building blocks of port security. It is prescribed that each port facility should have a Port Facility Security Officer (PFSO), a Port Facility Security Plan (PFSP) dully formulated after a dedicated risk analysis and approved by the National Authorities of the Member States. Member States and European Commission perform inspections on the practical application of the above. Regulation 725/2004 has been extended into the whole port area by the Directive 2005/65/CE. The cornerstone of ISPS code is the Port Facility Security Assessment (PFSA), an essential and integral part of the process of developing and updating the Port Facility Security Plan (PFSP). The assessment should be periodically reviewed and updated, taking into account changing threats and/or minor changes in the port facility and should, in any case, be reviewed and updated upon major changes to the port facility. PFSA is carried out by the contracting government directly or by recognised security organisations and should include the following: • Identification and evaluation of critical assets and infrastructure that it is important to protect