As the maritime security envelope merges into an ever-expanding general transport security world, shipping is under increasing pressure to lead the way of technological and operational security developments.

Numerous recent, highly serious piracy attacks off Somalia, especially that using grenade launchers and machine guns against the luxury cruise-liner Seabourne Spirit on 5th November 2005, underscore the grim reality that exists in certain sea areas and restricted waters today. The acute need for enhanced security awareness and responsiveness cannot be over-emphasised, particularly when trading in or near violence-prone ocean regions of the world.

If this is to be the task during this volatile century, a great deal of work remains to be done, with little allowance for delay or inefficiencies. Therefore, the ISPS Code’s nearly 18 months of mandatory existence requires a closer look.

While the ISPS Code has had a polarising effect on the shipping industry, which is divided between advocates and opponents, the Code has nevertheless established itself as an acknowledged permanent member of the SOLAS regime. DNV believes that, despite the added operational and administrative demands on manpower, the Code possesses clear merits and potential but that these are not yet fully or uniformly recognised across the breadth of the shipping industry. As a result, the Code remains in a state of relative infancy during this phase of ongoing operational implementation. The 2004 barrage of over 20,000 new International Ship Security Certificates (ISSC), underpinned by accompanying Ship Security Assessments (SSA) and approved Plans (SSP), mirrors to some extent the mandatory introduction of the ISM Code in 1998. Correspondingly, it is generally accepted that performance thus far merely displays the raw beginning of the process – but by no means meets the final objectives.

Smooth start-up
The ISPS Code’s nearly 18 months of mandatory existence may be characterised as a ‘relatively smooth’ start-up. ‘Smooth’ in the sense that most ships had their security plans approved and ISSCs issued on time, with many companies and ships, to their credit, positively embracing the intentions of the Code. ‘Smooth’ also in the sense that there have been relatively few ‘pure’ ISPS detentions, at least compared to detentions for technical/class or statutory-related deficiencies, including those related to the International Safety Management (ISM) Code.

Interestingly, the role played by the ISM Code in shipping detentions has increased over the past 1-2 years as Port State Control (PSC) inspectors have learned to connect class and statutory deficiencies with an underlying ISM responsibility to variously address such regimes as ‘mandatory rules and regulations’ and shipboard maintenance.

To date, however, Port State Control Officers (PSCOs) have made few, if any, direct connections between the ISM and ISPS Codes, although that day may soon come. Meanwhile, the ISPS Code’s role in a broader shipboard management context is considerably narrower in dimension and scope than its more over-arching safety management forerunner and counterpart. It is also obvious that the ISM experience gained over seven years has given shipping companies a valuable boost towards more easily absorbing the ISPS Code.

Safety and security confront each other
The ISPS Code and SOLAS Chapter XI-2 acknowledge the dominant role of safety over security, as described in the master’s overriding authority and responsibility for placing safety before security when the two meet head-to-head.

No shipboard security incidents since July 2004 are known to have involved a direct face-off between safety and security, but it is also only a matter of time before a master must make a conscious decision in a life-threatening situation. From a more routine, but still critically important, standpoint, safety and security do indeed confront one another daily, too often without masters or Ship Security Officers (SSOs) even realising it. For example, and in violation of SOLAS, door-securing arrangements on board are frequently found to be grossly unsafe in an honest and well-meaning attempt to ensure the ship’s security profile by locking out potential intruders. Special tools or keys must not be required for escape. DNV has formed a special working group to look into the subject of ‘door security arrangements’ and is currently finalising a summary paper on the subject, since it considers this to be one of the more important spin-off effects of the ISPS Code’s introduction.

Far from robust
Besides the baseline requirements associated with the Code’s primary security control functions, additional security requirements address both routine and emergency security measures. To this end, it is clear from a combination of SSP approvals, shipboard audits, interpretative case-work and deficiency or detention-based experience that ISPS implementation has really only begun to take effective form. Maturity is not nearly as robust as needed to assure a genuine level of security system excellence in terms of: performance consistency; situation awareness; proactive planning, execution and follow-up; organisational skills; improvement process focus; and true acceptance of the Code’s purpose and objectives. Disturbingly, too many ships lately seem to be losing the very knowledge and skills initially verified and certified in 2004, as evidenced by unacceptable failures or reduced effectiveness in:

• Access Control;
• Restricted Area security;
• ship monitoring;
• SSAS alert and re-programming management;
• basic record-keeping;
• working language on board;
• training and drills programmes;
• ship-port coordination;
• already obsolete SSAs and SSPs;
• even certificate validity itself.

Few exercises
We also see few, if any, comprehensive, multi-participant exercises yet taking place, probably due to delays in meeting the 18-month exercise frequency requirement until closer to the Intermediate audit and/or difficulties in organising exercise scenarios.

Regardless, only by training, drilling and exercising their own system procedures; remaining vigilant about security threat conditions; updating the Ship Security Assessment and Plan (SSA and SSP); and communicating effectively with Ship and Company Security Officers (SSO/CSO), Port Facility Security Officers (PFSO), and the authorities, will companies ensure that ships achieve an optimal ISPS implementation progress curve.

Dual audits
Most ships will enter their one-year Intermediate time windows in the March-to-June 2006 timeframe. Assuming that many Intermediates will be delayed until later in the window, a sizeable audit surge will likely occur between late 2006 and spring 2007. Harmonisation with ISM audits is a concurrently noted trend, one which DNV actively supports and encourages, and which will result in a high number of combined ISM-ISPS ship audits during 2006 and 2007.

Auditors are already gaining significant experience in ‘dual’ audits, and will continue to hone these skills during coming months. To support this effort, DNV is examining improved audit protocols and procedures, with the aim of capitalising upon the synergies associated with combining ISM and ISPS verifications.

Not only for terrorism
DNV considers Security Management under the ISPS Code to be a natural extension of the ‘shipboard management systems’ constellation. Aligned alongside companion regimes of Safety; Environment; Quality; ILO, STCW and manning; Competence Management; and emerging management tools and methods such as Tanker Management Self Assessment (TMSA), or Dangerous Goods within Marine Packed Cargo, the ISPS Code provides the single most effective management system in guarding against unlawful acts intended to do harm to ships and ports. It is DNV’s further belief that the spirit and intent of the ISPS Code must thus drive the prevailing attitude rather than an excessive focus on the paper by-product or additional security tasks that follow.

Many in the shipping industry today are convinced that the ISPS Code was only designed to counter terrorism. This no doubt accounts for today’s scepticism voiced by many shipping companies, especially those operating in areas not historically prone to terror or piracy threats. While terrorism may represent the most dramatic scenario in maritime security, the ISPS Code in fact is ideally suited to help protect the ship, cargo, and crew against any unlawful act, whether the wilful planting of a bomb or the theft of a tool box. All potential threats, from piracy and sabotage to smuggling and stowaways, fall into the intervening risk zone, depending upon the ship’s own characteristics and trading profile. It is, therefore, essential that companies evaluate and update their Security Assessments (SSAs) and Plans (SSPs) on a frequent enough basis to ensure the most cost-efficient and response-effective security system. To rely for too long on a quickly produced or static system, approved and certified during the heat of an impending July 2004 deadline, is considered risky, yet we sense that many companies have become complacent already – an attitude that will only prove to be unnecessarily costly and inconvenient.

Can’t allow delay or ineffectiveness
Given the massive efforts already expended by the shipping industry toward establishing a uniformly functioning maritime security regime, further needed improvements neither be delayed nor ineffective.

To this end, DNV is working hard on multiple fronts to help underwrite a safe and secure shipping industry for the future.