Ship and port facility security are the critical elements of contemporary maritime security.1 The common language and operational concepts for ship and port facility security begin with customary international law. Sovereignty over ports and port facilities provides jurisdictional authority for port States to prescribe and enforce port State control rules. Likewise, customary international law of the sea, codified principally in the United Nations Convention on the Law of the Sea 1982 (UNCLOS) recognizes the plenary authority of the flag State over ships flying its flag—reflected in the concept of ‘exclusive flag state jurisdiction’.2
Article 94 of UNCLOS requires flag States to conform to ‘generally accepted international regulations, procedures and practices’ in the ‘construction, equipment and seaworthiness’ of ships, and this rule has important implications for vessel safety and security. In general, flag States have a legal duty to give effect in their national laws to international agreements to which they are party. The terms of UNCLOS require States to ‘give effect to’, ‘implement’, or ‘conform to’ internationally recognized standards, often reflected treaties, codes, and guidelines developed at the International Maritime Organization (IMO), which complement and implement obligations under UNCLOS.3 Along with UNCLOS, the International Convention for the Safety of Life at Sea 1974 (SOLAS), as amended, is a landmark treaty that is key to constructing and maintaining a global system of oceans governance.4 The SOLAS Convention sets forth the major provisions on ship and port security for ships on international voyages.
The original version of the SOLAS Convention emerged in response to the Titanic disaster, and the treaty was adopted by a meeting of States in London on 20 January 1914. The second iteration of SOLAS was adopted by a group of eighteen nations meeting in London from 16 April to 31 May 1929. Successive major updates to SOLAS were produced in 1948, 1960, and 1974. There have been numerous revisions to the 1974 version of SOLAS, which were adopted by the Member States of the IMO under the tacit acceptance procedure that was built into the Convention. Under tacit acceptance, all subsequent amendments automatically enter into force on a specified date unless, before that date, a specified number of states object to the amendment. Consequently, the 1974 SOLAS Convention has been updated numerous times, and remains in force, as amended.
Today, SOLAS, with its 1978 protocol and many amendments, including the International Safety Management Code (ISM Code)5 and the International Ship and Port Facility Security Code (ISPS Code), contains comprehensive measures for securing ship and shore installations.
The most far-reaching maritime security instrument in decades—the International Ship and Port Facility Security Code—emerged in the wake of the 9-11 terrorist attacks on the United States.6 In November 2001, only two months after the terrorist attacks of 9-11, the twenty-second session of the IMO Assembly adopted a resolution committing to a review of measures and procedures to prevent acts of maritime terrorism.7 An extraordinary meeting of the Maritime Safety Committee (MSC), also held in November 2001, began work on amending SOLAS to address the threat of maritime terrorism. Work continued during an MSC Inter-sessional Working Group in February 2002, which reported findings of the gathering to a meeting of the seventy-fifth session of the MSC in May 2002, when an ad hoc MSC Working Group was established to further develop proposals. An Inter-sessional MSC Working Group met in September 2002, and the results of the meeting were considered by the seventy-sixth session of the MSC in December 2002, immediately prior to the final text of the ISPS Code being sent to a Diplomatic Conference that same month.
The MSC and its associated Maritime Security Working Group led development of far-reaching amendments to the existing chapter XI of SOLAS. The amendments were adopted by the IMO Assembly and re-identified as chapter XI-1 of SOLAS. At the Conference of Contracting Governments to the International Convention for the Safety of Life at Sea, 1974 (Diplomatic Conference on Maritime Security), from 9–13 December 2002, the Member States of the IMO adopted a series of resolutions and measures amending SOLAS, which incorporated the new ISPS Code. Adopted by the Assembly and States Parties to the IMO, the ISPS Code incorporates international standards concerning maritime safety and security. The abbreviated name is ISPS Code, and it is the most comprehensive effort to institutionalize a global culture of maritime security.8
One hundred and nine States Parties to the SOLAS Convention participated in the negotiations. The meeting included representatives from numerous international, intergovernmental, and non-governmental organizations. The ISPS Code, included as a new SOLAS chapter X1-2 concerning special measures, was drafted at the same time. Chapter V of SOLAS was also amended. Due to the urgency and heightened sense of vulnerability on the waterfront and at sea, negotiations for the ISPS Code were completed in just over a year. The Diplomatic Conference also adopted resolutions to facilitate cooperation with the International Labour Organization (ILO) and the World Customs Organization (WCO).9
The ISPS Code contains a detailed mandatory section (Part A), which sets forth thirteen requirements for governments, port authorities, and shipping companies. A second, non-mandatory section (Part B) provides guidance on how the measures might be implemented. Generally, the distinction between the mandatory provisions and supporting guidance may be discerned from the use of the term ‘must’ or ‘is/are required’ in mandatory provisions, and ‘may’, ‘could’ or ‘should’ in recommendatory guidance.
Since its entry into force on July 1, 2004, States Parties are obligated to establish security levels under the provisions of chapter XI-2 and Part A of the Code.10 SOLAS now consists of general articles, with the main features included in an Annex comprised of 12 chapters, as follows, with the ISPS Code contained as Chapter XI-2:
Contains requirement that passenger ships be subdivided into watertight compartments, plus standards for machinery, electrical systems, watertight integrity, and stability. In 2010, ‘Goal-based standards’ for new construction of oil tankers and bulk carriers were adopted.
Contains the Global Maritime Distress and Safety System (GMDSS), which apply to passenger ships and all cargo ships of 300 gross tons on international voyages. Ships must carry distress radio beacons called emergency position-indicating radio beacons (EPIRBs) and search and rescue transponders (SARTs) to aid in search and rescue.
Contains navigation safety services applicable to all ships on all voyages, such as meteorological, ice patrol service; ships’ routeing, carriage of the automatic ship identification system (AIS) and voyage data recorders (VDRs), and search and rescue services. The chapter reiterates the legal duty of masters to provide assistance to mariners in distress.
Part A contains special regulations on carriage of dangerous goods in packaged form, including labelling and storage, making mandatory the International Maritime Dangerous Goods Code (IMDG Code), which came into effect on 1 January 2004. Part B makes mandatory the International Bulk Chemical Code (IBC Code) for chemical carriers, and Part C promulgates International Gas Carrier Code (IGC Code) for gas carriers and ships carrying liquefied gases in bulk. Finally, Part D contains rules for the carriage of packaged irradiated nuclear fuel, plutonium and high-level radioactive wastes on board ships, which are set forth in the International Code for the Safe Carriage of Packaged Irradiated Nuclear Fuel, Plutonium and High-Level Radioactive Wastes on Board Ships (INF Code).
The new security measures create a governing framework for cooperation among governments and the shipping and port industries to deter and respond to security threats affecting international seaborne trade. States must provide updates to IMO on their security measures every five years, with the last interval being 1 July 1999, and the next due on 1 July 2019. The ISPS Code focuses on the ship or the port facility as a target, the potential use of the ship as a weapon, and the use of the ship as a means for transporting persons intending to cause a security incident. The use of ships in lawful trade to generate revenue to finance terrorist activities is not explicitly covered by the Code. But SOLAS ships are required to carry documentation concerning passengers and cargo that may be used to investigate terrorist financing. The respective roles and responsibilities of participants in the global marine transportation system were set forth, and a methodology was created for governments and the private sector to assess and react to a fluid threat environment. Designated governmental authorities, ship and port facility officers, and personnel on the shore and at sea each play an integral part in maintaining systemic security.
The ISPS Code applies to ships on international voyages (including passenger ships, cargo ships of 500 gross tons and upwards, and mobile offshore drilling units) and now, the port facilities serving such ships.11 The Code does not apply to vessels entitled to sovereign immunity, however, including warships, naval auxiliaries or vessels owned or operated and used by a government on non-commercial service.12 The SOLAS Convention applies to most ships that are engaged in ‘international voyage’, and the port facilities that serve such ships. An ‘international voyage’ is one that occurs from one country to which the SOLAS Convention applies to a port outside such a country.
Although SOLAS applies to passenger and cargo vessels on international voyages, for example, a flag State could choose to apply the rules to ships solely involved in cabotage or domestic voyages. Similarly, although the maritime security measures do not extend to offshore activities or installations located on a coastal State’s continental shelf, governments may adopt the exact or similar requirements for ships, mobile offshore drilling units on location, and fixed and floating platforms engaged in oil or gas production. When foreign flagged ships are operating in support of these activities, they may be covered by both the security measures adopted by IMO as well as additional coastal State regulations. Some coastal States have defined fixed platforms, or even floating production storage and offloading (FPSO) vessels used in oil and gas exploration and located on the continental shelf, as port facilities, which require appointment of a PFSO and preparation of a PFSP.13
Tugboats and other harbour craft, offshore supply and support ships, fishing vessels and recreational vessels, and the facilities that serve these craft also may be regulated by maritime security measures through domestic legislation.14 Notably, however, the security measures do not apply to the activities of foreign-flagged ships operating off the shore of a coastal State in water beyond the territorial sea. That is, the measures do not apply within a state’s Exclusive Economic Zone (EEZ) or Continental Shelf, even though it is common for SOLAS ships to operate in these waters and interface with off-shore installations such as mobile offshore drilling units on location, and FPSOs or other vessels, including non-SOLAS ships. Consequently, governments may develop bilateral or other multilateral security regimes that regulate interaction in areas beyond the territorial sea.
Since the requirements of Part A of the ISPS Code are mandatory, most of the legislative focus among States Parties has focused on rules to implement that part. Part B is non-mandatory. Numerous governments, however, have integrated provisions of Part B into their national legislation as well. Some States lack the legal and policy architecture needed to fully implement the measures, including resolution of jurisdictional issues among government agencies. Resource constraints also limit the amount and quality of training for security officers and professionals, such as security officers, facility guards, and port managers. These factors have led to different levels of diligence, just as new threat patterns and incidents continually test the effectiveness of the existing rules.
The Member States of the IMO balanced the risks with the costs of security. Besides the obvious financial burden of implementing the security measures, there are associated intangible costs. For example, tight security still must accommodate reasonable access to shore and shore leave by seafarers and permit access to ships by persons representing organizations promoting seafarer welfare. The rules contained in the ISPS Code are integrated into other ongoing IMO initiatives and require a balance between the openness needed to facilitate trade and economic prosperity, and security measures, such as effective screening of ships and cargo, and the maintenance of port and ship security.
Because of the many different types and sizes of ships and facilities, the ISPS Code does not specify specific measures that each port and ship must take. Instead it outlines a standardized framework for evaluating and responding to risk. The risk assessment enables governments to offset changes in the threat condition with adjustments in the security measures. For ships, the new security measures include requirements for creation of ship security plans, designation of ship security officers for each vessel, appointment of company security officers for each company, and requirements for certain equipment to be carried on board ships. Similarly, port facilities are required to develop security plans, designate security officers, and install certain security equipment. Both ships and port facilities are required to monitor and control access, maintain awareness of the activities of people and cargo, and maintain viable communications.
The requirements contained in the ISPS Code are in force for 148 States, which together constitute over 99 per cent of the gross tonnage of the world’s merchant fleet. Security is a risk management exercise and in order to determine appropriate security measures for ships and ports, an assessment of the risk must be made in each specific case. The Code sets forth a standardized and consistent formula for evaluating risk, and in assisting governments in synchronizing changes in the threat level with security measures in order to reduce vulnerability of the assets and infrastructure. First, governments are required to conduct port facility assessments that identify and evaluate important shipping infrastructure that, if damaged, could cause significant loss of life or damage to the economy or the environment. Second, governments identify actual threats to critical infrastructure and prioritize security measures. Finally, governments conduct vulnerability assessments to accurately gauge and evaluate risk. These comprehensive security assessments include the areas of physical security, structural integrity, utilities, communications, and port procedures.
Accomplishing the complete implementation of the ISPS Code is unfolding—a work in progress—with some States struggling to enter into compliance. Application of the Code has been imperfect, but already it has had a global impact by linking ship and port facility security programmes between governments and commercial enterprise in a more integrated fashion.
The ISPS Code complements the World Customs Organization’s (WCO) Safe Framework of Standards that facilitates uniform rules for screening and inspection for national customs administrations, representing 99 per cent of global trade. The International Labour Organization (ILO) works with the shipping industry to promulgate training and standards for seafarers whose job it is to implement security protocols. These three interlocking international organizations—IMO, WCO, and ILO—create an institutional rule set for protecting the global cargo supply.
Flag States have inherent authority to prescribe and enforce domestic laws and adopt and implement international rules for ships flying their flag. Normally vessels are subject to the exclusive jurisdiction of the flag State—the nation in which the ship is registered. Flag States are responsible for ensuring ships flying their flag comply with internationally accepted standards. Flag State responsibilities normally are undertaken by the Administration for each country, which is responsible for verifying the compliance of ships with the provisions of chapter XI-2 and Part A of the ISPS Code applicable to ships. Thus, the flag State Administration approves ship security plans and issues International Ship Security Certificates.15
All officers, security officers, vessel crew, and shipboard personnel should satisfy training in a security awareness programme. It is incumbent on the various government agencies, port facility operators and administrators, and industry shippers and carriers to maintain awareness of security in the supply chain. Core elements of security awareness include vigilance, information sharing, and training. Security drills or exercises help officers and crew to acclimate to security issues. Local communities, land-holders, and small boat operators may be reached through general media concerning threats and countermeasures, whereas messages with greater fidelity, such as those targeted to mariners or the shipping industry, increase the effectiveness of law enforcement and enhance the vigilance of ships’ crews.
The ISPS Code promulgated a standardized methodology for conducting security assessments on board ships and in port facilities, extending earlier work at the IMO to strengthen maritime security.16 For example, greater guidance on the security of cruise ships and the ports that they use was issued by the IMO Maritime Safety Committee (MSC) in the wake of the 1985 attack on the Achille Lauro. This initial guidance covered the appointment of responsible officials within governments and in the private sector. Governments were required to appoint a Designated Authority (DA), who is responsible for cruise ship and port security. Shipping companies operating cruise ships must appoint a Company Security Officer (CSO) for the fleet, as well as individual Ship Security Officers (SSO) for every cruise ship. Commercial shipping firms also were required to undertake a Ship Security Survey (SSS) of each cruise ship, and then prepare a Ship Security Plan (SSP) tailored to each vessel. The SSP is subject to approval by the Designated Authority within the flag State government.
Each ship is required to carry a Ship Security Plan approved by the flag state administration. A ship security plan should describe actions the crew will take in response to the threat of piracy and armed robbery at sea, maritime terrorism, or other maritime crime or violence. The Ship Security Plan also should set forth measures based on three security levels designed to deter such attacks, and specific steps that will be taken in reaction to an attack. At the time a Ship Security Plan is submitted for approval, it is accompanied by the Ship Security Assessment, on which the plan or amendment was based.