Port States and Flag States have historically had a rather uneasy relationship, however in the past few years they have been drawing closer together. This is especially true of the more reputable Flags. Both entities have been concerned with improving the safety and environmental protection standards of shipping, one concerned with the quality of ships entering ports under its jurisdiction and the other concerned with the quality of ships operating under its Registry. The advent of the Black, Grey and White lists have concentrated the minds of Owners/Class/Flag on raising and maintaining the condition of the ships. It has also had the effect of concentrating the mind of Port State Control (PSC)Officers on substandard ships and black listed flags. This has had the combined effect of improving the standard of vessels operating in areas with tighter PSC regimes and the migration of substandard tonnage to those areas where PSC procedures are not so well developed.

International Legislation affecting Port State Control

ISM

The advent of the ISM Code sent a shock wave through the industry, because for the first time it gave the industry a yardstick by which the performance of a vessel and owner could be measured. Many reputable owners already had well developed written procedures and had been using them for a number of years prior to ISM however a considerable percentage of the industry did not. Those Owners were now faced with the additional task of preparing procedure manuals, a not inconsiderable task as some of you may remember.

One of the first things examined in the case of a casualty or dispute are the ship’s procedure manuals. Owners now have to show documentary evidence that the vessel is being operated in accordance with those written procedures. Any material departures from the written procedures can raise the spectre of a claim for negligence.

I believe there was also a certain amount of glee within the legal fraternity at the thought of the possibility of expanding their scope of litigation work.

ISPS Code

The ISPS Code will likewise have a significant impact on all vessels engaged in International trade. The ISPS Code will of course also affect the operation of Port facilities and the ship/port interface.

There are fundamental differences however between the ISM and ISPS Code. Security concerns the risk associated with protection against intentional acts of disturbance, damage or destruction. Safety concerns the risk associated with protection against accidental disturbance, damage or destruction.

Security is not a new issue, the vulnerability of ships at sea has long been recognised, but primarily in the context of piracy. One of the earliest examples of terrorism in the Maritime Industry was the attack on the Achille Lauro in 1985. This event initiated many of the changes we see today to the security procedures on passenger vessels.

What are the possible threats involving shipping?

Ships can be used to carry hidden weapons or other dangerous cargo for terrorist use.

Ships or containers may be used as a devise to cause disruption in busy shipping lanes or port facilities. If the vessel has a hidden explosive device activated or the ship rammed into a jetty or scuttled in a narrow channel this would cause extensive disruption to the operation of that port and indeed the economy of that country and its trading partners.

Ships themselves may face terrorist attack as in the cases of the Limburg and the USS Cole.

Such activities would cause widespread consternation within the industry and seriously affect world trade. Sadly it is not possible to be 100% “terrorist proof.” The best we can achieve is to try and minimise the opportunities available to the terrorist.

In an effort to combat the threat of terrorism to ships and port facilities the ISPS Code has been drawn up by the IMO, Part A of which is mandatory and Part B which is recommendatory. Some countries in addition have decided to adopt certain parts or all of Part B as compulsory. The Code clearly defines the roles of the various participants:

1. The Flag State
2. Owner and the Ship
3. The Port and Port State Control

I will now briefly examine the specific roles of the participants and attempt to show how they should interact to provide a safe and secure environment.

Responsibilities of the Flag State

(i) Ship Security Plan Approval

It is important to emphasise that under the Code, Ship Security Assessments and Ship Security Plan (SSP) Approvals are viewed as two distinct functions. The Code clearly states that the Organisation undertaking the review and approval of a ship security plan shall not have been involved in either the ship security assessment or the preparation of the SSP.

Different Flag States handle this step differently. Some Flag Administrations, such as the Marshall Islands, have entrusted some of the Classification Societies with the role of Recognised Security Organisation who will carry out review and approval of the SSP. Other Administrations may carry out plan review and approvals by themselves. In such circumstances Owners will either use consultants to assist in the preparation of the SSP or prepare it in house.

(ii) Security Risks

Flag States shall monitor security risks and provide guidance on security matters. Flag states must assess both the general security situation prevailing in various locations around the world and the security threat to vessels in specific ports.

The Flag Administration will set the following security levels as appropriate:

Security Level 1: Normal Security Level.

Security Level 2: Heightened Security.

Security Level 3: High Level of Security.

This is an exceptional situation and should only be decided when an incident is imminent or probable. Whenever level 3 is declared, the Flag Administration should provide appropriate security related information and instructions. Flag Administrations will be required to provide a 24 hour, 7 days per week service.

(iii) Declaration of Security (DOS)

A DoS shall be completed anytime the Administration, Contracting Government, Port Facility Security Office (PFSO), Company Security Officer (CSO) or SSO deems it necessary.

Flag Administrations will need to establish the requirements for a Declaration of Security. A Declaration of Security provides a means for ensuring that critical security concerns are properly addressed prior to and during a vessel/facility interface or a vessel/vessel interface.

(iv) Continuous Synopsis Record (CSR)

The CSR will be issued by the Flag State and is intended to be an on board record of the history of the vessel from the time of its initial issuance. It will contain information relating to the ownership of the vessel, the operators of the vessel, bareboat charterer, classification society, details of the organisation who issued the DOC, SMC, ISSC. If any changes occur affecting the information contained on the CSR then a new CSR will be issued by the Flag State, eg transfer of ownership, transfer of registry and change of manager.

Although not a responsibility under the ISPS Code, Flag States have an obligation to advise their Owners on how best to implement the Code and attain the ISSC in good time before the 1 July deadline. The Marshall Islands has held a series of seminars around the world giving guidance to Owners on the ISPS Code.

Duties of the Owner

Each Company shall develop, implement and maintain a functional security plan aboard each ship compliant with SOLAS Chapter XI-2 and the ISPS Code.

1. Appoint a CSO
2. Carry out a security assessment of each vessel
3. Prepare a SSP
4. Train the SSO
5. Obtain approval for the SSP from the Recognised Security Organisation/Flag Administration
6. Train ship’s crew
7. Implement the SSP
8. Audit and Verification of the SSP
9. Obtain the ISSC

Duties of the Ship Security Officer

Conduct regular security inspections to ensure the appropriate security measures are maintained (Level 1, 2 or 3).

Maintaining and supervising the implementation of the Ship Security Plan.

Co-ordinating the security aspects of cargo and stores handling with ship’s staff and the PFSO.

Review the SSP and propose changes if necessary.

Report any deficiencies and non-conformities found during internal audits, periodic reviews and security inspections.

Enhance security awareness on board.

Ensure ship’s staff have been given adequate training.

Report all security incidents.

Co-ordinate implementation of the SSP with CSO and PFSO.

Ensure security equipment is tested and maintained.

As you can see there is a considerable workload on the SSO. One of the major questions for owners is who is going to be the SSO. In these days of reduced manning, the ship’s staff are already under intense pressure. As soon as the vessel ties up there are a host of people waiting to get on board once it is cleared by Customs and Immigration. Port State Control, Charterer’s Representatives, Vetting Inspectors and Chandlers.

Who is the person most able to act as the SSO?

The Chief Officer will usually be involved with the terminal/port facility regarding loading/discharging sequences and the need to start ASAP.

The Chief Engineer and Second Engineer will usually be desperate to start essential maintenance work.

The Master will be dealing with Customs and Immigration and then PSC.

The Marshall Islands has stipulated that the SSO should be a management level officer and it is highly recommended that it is the Master. The CSO may also decide that there should be more than one SSO on board.

It is important to remember that the SSO does not have to perform all the above duties himself and similarly does not have to remain on board at all times. There is no stipulation within the code as to who should be the SSO, it is up to the Company and the CSO to decide. However it should be noted that the responsibilities detailed in the Code are such that only a senior officer will have the experience and authority on board to satisfactorily carry out the SSO’s duties. The Master has the overriding authority under the Code and any SSO is answerable to the Master and the CSO. A number of Companies are intending to place another Officer on board the vessel to take care of Safety and Security matters, however not all companies wish to take this step and indeed on smaller vessels may not even have the accommodation capacity for another officer.

The essential point to emphasize is that each Company must develop a strong sense of security awareness so the entire ships complement are enforcing basic security precautions and looking out for suspicious persons and unusual occurrences.

I think most people will agree that the security awareness of the average seafarer at this moment is almost non existent. The security precautions maintained by most ships are also almost non existent with perhaps the exception of piracy watches during passages through known piracy waters such as Malacca Straits and for passenger vessels as mentioned earlier. Many companies especially tanker companies have spent much time and expense on enhancing the safety awareness of the ship’s staff. Likewise many of the oil terminals have strict security criteria. However many other owners are going to have to start from a very low security awareness level and invest considerable resources to raise their security standards just to a basic minimum level.

Port Facility Security

Port Facilities are also required to establish security measures and procedures and act upon the security levels set by the Contracting Government where the port is situated. The Port Security measures should be implemented in such a way as to cause as little disruption as possible. The Port Facility has a complementary function to that of the ship and is required to establish:

Port Facility Security Officer
Port Facility Security Assessment
Port Facility Security Plan

The Security Plans of the port and the vessel are mutually exclusive, this can easily create considerable confusion, especially if it is felt that one SSP should take precedence over the other. It is not the intention that the ship and the port should swap plans to decide who has the best plan. In order to try and clarify the situation the DoS should be used to clearly identify the responsibilities of the ship and those of the port facility. Ports are facing the same problems as shipowners but to a much larger extent due to the variety of people coming and going. Oil and Gas Terminals are probably more advanced than the bulk carrier public berths and repair yards. The repair yards especially will find it difficult to effectively implement a SSP.

The Marshall Islands Administration has recommended to it’s owners that a DoS is completed at every port call.

Port State Control Security Responsibilities

In addition to the normal PSC regime currently in force PSC inspectors will now also assess the effectiveness of the SSP.

PSC inspections should be limited to verifying that there is on board a valid ISSC or an interim ISSC, they will most likely also make a very basic assessment of the effectiveness of the SSP.

How will PSC test the effectiveness of the SSP?

At the present time the security guidelines for PSC officers are still being drafted and may not be ready until Spring 2004. However it is likely that initially the tests will be very basic and possibly become more intensive as the industry becomes more familiar with the procedures.

The initial test will probably be as simple as:

(i) Keeping a good gangway watch, if PSC Officers can board the vessel unchallenged this will not make a good impression and can lead to a closer scrutiny of the SSP. It is essential that crew members are trained to carry out an effective gangway watch where visitors are stopped and asked to identify themselves and to state their business. This is not as easy as it sounds, some nationalities are reluctant to stop visitors especially those in uniform.

(ii) Masters understanding of the SSP

(iii) Awareness of the identity of the CSO.

(iv) Sighting a valid ISSC or Interim ISSC

(v) Check that security equipment is functional

However if the PSC inspectors have “Clear Grounds” to believe that the vessel is not complying with the ISPS Code or SOLAS XI-2 or is not able to produce a valid ISSC then PSC are authorised to impose controls on the vessel. Control measures are as follows;

(a) Inspection of the vessel
(b) Delay of the vessel
(c) Detention of the vessel
(d) Restriction of operations including movement within the port
(e) Expulsion of the ship from the port.

The definition of Clear Grounds and examples of such can be found in the ISPS Code Part B 4.32 and 4.33.

If a detailed inspection is required the SSP should only be reviewed if either the flag state or Master agrees, even then only limited access should be given to a specific section.

Does the ISPS Code equate to security overkill

The implementation of the ISPS Code will incur considerable costs for the Owner both in terms of hardware AIS, Security Alert, and software - training required for the CSO and SSO and the ship’s complement. It has recently been reported in Lloyds List that the OECD estimates the cost to the global shipping industry of implementing the new Maritime Security measures to be in the region of USD 1.3 billion. The subsequent annual costs have also been estimated to be USD 730 million.

Big numbers certainly but rather meaningless.

If we assume that there are about 35,000 vessels that will be subject to the ISPS code then that roughly equates to about USD 37,000 per vessel for implementation and USD 21,000 annually per vessel. This does not include cost to the ports and terminals. The US Dept of Homeland Security clearly sees a maritime threat as a great potential danger to the country and a well co-ordinated attack could cause serious disruption to the operation of the port or ports in addition to any damage caused. The OECD report also concluded that the cost to the US economy could be in the region of USD 58 billion.

The implementation date of the ISPS Code is rapidly approaching and there is much to do. As I mentioned before there are around 35,000 vessels affected by the ISPS Code and to date only 1 or 2 SSP Approvals have been carried out. The requirements of the Code will not change nor will the implementation dates. Both the USCG and Paris MOU have stated that there will be no extensions and zero tolerance for those vessels not compliant by 1st July 2004. The USCG will from 1st January 2004 request vessels for details of their ISSC. If the vessel has no ISSC, an examination will be carried out to ascertain the general level of security on board, recommendations will be made via a letter issued to the vessel. It will also advise that the ISPS Code comes into force on 1st July 2004 and if the vessel does not hold an ISSC by that date it will be refused entry into the USA.

If you feel it is overkill I would urge you to ensure that your vessels are ready by the required date and complain about it later as valuable time will be wasted. It is however a very salient point to remember that terrorists work on the element of surprise, and if ships staff are trained and encouraged to be vigilant then that will go some way in neutralising their activities. Although the Code will cost money to implement the consequences of a half hearted implementation could be catastrophic for the owner. Imagine what would happen if a terrorist induced casualty such as the Prestige took place.

On a more commercial note just as the ISM code provides a yardstick by which the management of the ship can be measured so the ISPS code will measure the effectiveness of the security precautions on board the ship. When the liability is being apportioned in any case of damage or pollution caused by terrorist activity, there will no doubt be a very close examination of the implementation and effectiveness of the ISPS Code.

I understand BIMCO already have the necessary charter party clauses ready, those that specify that the vessel must fully comply with the ISPS code and hold an ISSC and those clauses that specify that the port facility must likewise comply.

Conclusion

As I mentioned at the start of my talk PSC are working more closely with Flag States and Owners to try and improve the overall standards of safety and environmental protection of ships calling at their ports. In a similar fashion Port States are working closely with Flag States and Owners to try and ensure the secure and safe continuation of seaborne commerce where the lives of seafarers and those involved in the shore side of the shipping industry are safeguarded.

In order to achieve this goal it essential that Ship’s staff embrace the security culture wholeheartedly supported by the Owners. It is essential that Owners develop a culture of security which goes hand in hand with the culture of safety which they should have in place already. Similarly Port Facilities must also develop a culture of security with their employees wholeheartedly supported by senior management. Tanker operators and terminals are probably somewhat more advanced in this regard than in the bulk or general cargo trades, however they will and must catch up fast. Failure to implement the ISPS Code effectively can mean at best the ship will be detained by the PSC or at worst the subject of a terrorist attack with the added penalty of bearing a greater apportionment of the costs due to negligent performance.

Just as the SSO, CSO and PFSO cannot be stand alone figures in the defence against terrorism and must rely on the eyes and ears of all employees, no individual company within the Maritime Industry can effectively mount defences against terrorism unilaterally. A ship entering port may have an excellent security plan which is effectively implemented but it can be totally undermined if it is not matched by an equally effective security plan at the port where the vessel is berthed.

On a more positive note the advent of the ISPS Code may provide Flag State, Port State, Owners Port Facilities with an opportunity to really work closely together for the benefit of all concerned.