Guideline for performing Ship Security Assessment

Transcription

1 Guideline for performing Ship Security ssessment according to the International Code for the Security of Ships and Port Facilities (The ISPS Code) as mandated by SOLS Chapter XI-2 Vessel:.... Operator:. Trading area/ports:..... Responsible for Ship Security ssessment (name/rank):. SS performed, date:... Related Ship Security Plan, date:... Page 1 Version 1 ( )

2 LIST OF CONTENT LIST OF CONTENT BOUT THIS SHIP SECURITY SSESSMENT GUIDELINE THE IMO FRMEWORK THE MENDMENTS TO THE 1974 SOLS CONVENTION, CHPTER XI THE INTERNTIONL SHIP ND PORT FCILITY SECURITY (ISPS) CODE IMO REQUIREMENTS TO THE SS GLOSSRY FUTURE REVISIONS REFERENCES THE SHIP SECURITY SSESSMENT PROCESS...10 STEP 1: IDENTIFICTION OF POSSIBLE MOTIVES...11 STEP 2: IDENTIFICTION OF KEY SHIPBORD OPERTIONS...12 STEP 3: IDENTIFICTION OF EXISTING SECURITY MESURES, PROCEDURES, ND OPERTIONS.13 STEP 4: IDENTIFICTION OF POSSIBLE THRET SCENRIOS...14 STEP 5: THRET ND VULNERBILITY (RISK) SSESSMENT...15 STEP 6: DEVELOPMENT OF ONBORD SHIP SECURITY SURVEY CHECKLIST...16 STEP 7: ONBORD SHIP SECURITY SURVEY...17 STEP 8: IDENTIFICTION OF WEKNESSES, REMEDIL CTIONS REQUIREMENTS ND RECOMMENDTIONS TO THE SSP...19 PPENDIX IDENTIFICTION OF MOTIVES...22 PPENDIX B KEY SHIPBORD OPERTIONS...25 PPENDIX C THRET SCENRIOS ND SSESSMENT...28 PPENDIX D - SHIP SECURITY SURVEY CHECKLIST...34 PPENDIX E - SUMMRY OF SECURITY MESURES (PRT B, SECTION 9)...48 Page 2 Version 1 ( )

3 Ship Security ssessment Guideline bout this Guideline 1. BOUT THIS SHIP SECURITY SSESSMENT GUIDELINE This Ship Security ssessment (SS) Guideline is made to assist owners and operators of ships to carry out security assessments in a rational, standardised and systematic way. It is prepared in accordance with the requirements of Part of International Ship and Port Facility Code ( the ISPS Code, or, the Code ), and taking into account the guidance in Part B. The next Section 2 provides further background on the ISPS Code. This SS Guideline is prepared by also considering the requirements in the USCG Navigation and Vessel Inspection Circular (NVIC) Security Guidelines for Vessels. Even though the ISPS Code (IMO - world-wide) and NVIC (USCG - US water) are two different, security regimes, NVIC has been developed to assist vessel operators and owners to align with the security requirements under development in IMO at time of publication (October 2002). We are therefore of the opinion that this Guideline meets the NVIC requirements to ship security assessment. (Further, it should be noted that the USCG expects foreign flag vessels to verify compliance with Part B of the ISPS Code, and not merely Part. Eg, the USCG requires that, Verification of compliance could be established by flag administration documents or endorsements that indicate that the Ship Security Certificate was issued based upon full compliance with Part B (from the Federal Register/Vol. 6, No 250/Dec 30, This Guideline is primarily designed as a self assessment tool for Company and Ship Security Officers and other people responsible for security ashore or onboard. It is divided into 4 Sections, plus appendices (-E) which are provided in a format such that companies can use them for their own vessels: LIST OF CONTENT 1. BOUT THIS SHIP SECURITY SSESSMENT GUIDELINE 2. THE IMO FRMEWORK 2.1 The mendments to the 1974 SOLS Convention, Chapter XI 2.2 The International Ship and Port Facility Security (ISPS) Code 2.3 IMO Requirements to the SS 2.4 Glossary 2.5 Future Revisions 2.6 References 3. THE SHIP SECURITY SSESSMENT PROCESS Step 1: Identification of Possible Motives Step 2: Identification of Key Shipboard Operations Step 3: Identification of Existing Security Measures, Procedures, and Operations Step 4: Identification of Possible Threat Scenarios Step 5: Threat and Vulnerability (Risk) ssessment Step 6: Development of Onboard Ship Security Survey Checklist Step 7: Onboard Ship Security Survey Step 8: Identification of Weaknesses 4. REQUIREMENTS ND RECOMMENDTIONS TO THE SSP PPENDIX - IDENTIFICTION OF MOTIVES PPENDIX B - KEY SHIPBORD OPERTIONS PPENDIX C - THRET SCENRIOS ND SSESSMENT PPENDIX D - SHIP SECURITY SURVEY PPENDIX E - SUMMRY OF SECURITY MESURES (ISPS CODE PRT B) Good to know prior to start of the SS Self-assessement guideline, including development of checklist From SS to SSP Forms etc. for self-assessment Page 3 Version 1 ( )

4 Ship Security ssessment Guideline bout this Guideline The vessel owner and operator have the primary responsibility for ensuring the physical security and safety of their vessels. Therefore, in addition to meeting the requirements of the ISPS Code, this SS Guideline is also prepared as a means to promote sound security practices. The Guideline does not, relieve owners or operators of their legal responsibilities neither with respect to the ISPS Code nor to any other parties, such as P&I clubs, crew, etc. The SS is an essential and integral part of the process of developing and updating the Ship Security Plan (SSP). The relation between this SS and the SSP can be illustrated in the following way (see also Section 4): Threat information from Background port material required assessments to conduct SS Identify key shipboard operations SS Decide on corrective security measures SSP Identify existing security measures Prepare SSP (based on the SS) Implementation of SSP Identify threats & vulnerability (risk) Review of SSP (by adm., RSO) Onboard verification Develop and perform ship security survey Possible adjustment of SSP Issuance of ISSC Identify weaknesses in measures, processes pproval of SSP It should further be noted that this Guideline does not provide any guarantee for the approval of the SSP by the Contracting Government or the recognised security organization to which this work has been delegated; it is up to the owner or operator to demonstrate that the proposed security process described in this Guideline is duly documented and meets the requirements of the ISPS Code. ppreciating that every ship is unique in design, operations, cargo, voyage pattern, etc. a ship owner/operator may wish to demonstrate that specific recommended security measures are/are not appropriate for his specific ships. For the same reason of uniqueness, this Guideline provides a method for owners/operators to balance the appropriate security measures by evaluating his ship s: 1. Key shipboard operations 2. Existing security measures. 3. ssessed threats, and, 4. Consequences and/or vulnerabilities (risk). Page 4 Version 1 ( )

5 Ship Security ssessment Guideline bout this Guideline Finally, it should be recalled that achieved security is highly dependent on the human element. Vigilance, prevention and response can only be as good as the crew s skills, knowledge, experience and attitude related to security. In addition to guiding you with carrying out a SS, we hope that this Guideline will promote good and sustainable security culture. Page 5 Version 1 ( )

6 Ship Security ssessment Guideline The IMO framework 2. THE IMO FRMEWORK 2.1 THE MENDMENTS TO THE 1974 SOLS CONVENTION, CHPTER XI gainst a background of potential threat to maritime shipping and ports, IMO s Diplomatic Conference on Marine Security in December 2002 adopted new regulations to enhance maritime security through amendments to SOLS Chapter XI. Chapter XI has been split into two chapters, where Chapter XI-1, Special measures to enhance maritime safety has been expanded to include additional requirements to Ship Identification Numbers and the carriage of a Continuous Synopsis Record. Chapter XI-2, Special measures to enhance maritime security, addresses the mandatory requirements such as the provision of Ship lert System and refers to the ISPS Code., Only the ISPS Code, and its application for ships (not ports), is dealt with in this document. 2.2 THE INTERNTIONL SHIP ND PORT FCILITY SECURITY (ISPS) CODE Owners and operators of ships have the primary responsibility for ensuring the physical security and safety, indeed of their ships, and the new security measures are centred around a proposed ISPS Code. Part of the ISPS Code will be mandatory, whereas Part B of the ISPS Code has been drafted as a guidance and is recommendatory. The regulations and the ISPS Code will apply to the following ships on international voyages: - ll passenger ships including HSLC ships - ll cargo ships and HSLC above 500 gt - MOU in transit. In addition, the ISPS Code will apply to port facilities serving such ships engaged on international voyages. The Code will take effect from July 1, n important part of the Code is the way risk is treated: because each ship and each port facility is different, the Contracting Government shall determine and set the appropriate security level (see section 2.1 and 7 of Part, and 1.8 and 4.8 of Part B): - Security Level 1: Normal; the level at which ships and port facilities normally operate. - Security Level 2: Heightened; the level applying for as long as there is a heightened risk of security incident. - Security Level 3: Exceptional; the level applying for the period of time when there is a probable or imminent risk of a security incident. Port & Ship Security Level (1-3) Security Level 1 Security Level 2 Security Level 3 dditional Security Measures Required The security levels create a link between the ship and the port facility since it triggers the implementation of appropriate security measures for the ship and the port facility. Further, it presents a methodology for performing security assessments so that plans and procedures to Page 6 Version 1 ( )

7 Ship Security ssessment Guideline The IMO framework react to changing security levels can be established. This SS Guideline provides such a methodology. Ship Security Plan (SSP) shall address the appropriate measures for the ship to move from security level 1 to 2 and from 2 to 3. Security level 1 is the level to which the SS Guideline should be based, but the SSP must specify the additional protective measures to be implemented for the heightened security levels (2 and 3). Further, prior to commencing the SS, the Company Security Officer (CSO) shall ensure that advantage is taken of information available on threat assessment for the voyage pattern and the ports at which the ship is calling. For ships trading between two (or more) fixed ports, these ports must be taken into account in the SS. For ships on the spot market, however, ports of call may be difficult to envisage, and for such situations your company should select typical and representative voyage pattern and ports you want to use in the SS (and the related SSP). This Guideline deals with the part of the ISPS Code which is relevant to the SS process only. Therefore, other requirements and guidance set forth in the Code are not further described here, and we refer to the Code for details about other ship security measures, port facilities and the responsibilities of the Contracting Governments. 2.3 IMO REQUIREMENTS TO THE SS The SS is an essential part of the process of developing and updating the SSP, and the Company Security Officer (CSO) shall ensure that the SS gives answers to the following questions: 2. Which key shipboard operations, systems, areas and personnel to protect? 3.What existing security measures, procedures and operations are in place? 4. How can anybody attack my ship? 1. Does a particular motive exist to attack my ship? 5. What are the likelihood and consequences? Security Officer In the ISPS Code language, Part of the Code stipulates that the SS shall include an onscene security survey where, at least, the following elements are included (see also figure, previous Section 1.1): Page 7 Version 1 ( )

8 Ship Security ssessment Guideline The IMO framework 1. Identification of existing security measures, procedures and operations. 2. Identification and evaluation of key ship board operations that are important to protect. 3. Identification of possible threats to the key ship board operations and the likelihood of their occurrence, in order to establish and prioritise security measures. 4. Identification of weaknesses, including human factors in the infrastructure, policies and procedures. Part B of the ISPS Code, gives further guidance as to how a SS shall be carried out. The CSO shall also ensure that the assessment is carried out by competent persons with skills to evaluate the security of the ship. Importantly, the SS shall be documented (electronic format is accepted too), reviewed, accepted, and retained by the Company. 2.4 GLOSSRY To provide a more precise understanding of the ISPS Code and this SS Guideline, the following definitions from Part should be noted (see section 2 of Part ): Ship Security Plan (SSP) means a plan developed to ensure the application of measures onboard the ship designed to protect persons onboard, cargo, cargo transport units, ship s stores, or the ship from the risks of a security incident. Port Facility Security Plan (PFSP) means a plan developed to ensure the application of measures designed to protect the port facility and ships, persons, cargo, cargo transport units, and ship s stores within the port facility from the risk of a security incident. Ship Security Officer (SSO) means the person onboard the ship, accountable to the Master, designated by the Company as responsible for the security of the ship, including implementation and maintenance of the SSP and for liaison with the CSO and the PFSO. Company Security Officer (CSO) means the person designated by the Company for ensuring that a Ship Security ssessment (SS) is carried our; that a ship security plan (SSP) is developed, submitted for approval, and thereafter implemented and maintained, and for liaison with the Port Facility Security Officers (PFSO) and the Ship Security Officer (SSO). Port Facility Security Officer (PFSO) means the person designated as responsible for the development, implementation, revision, and maintenance of the PFSP and for liaison with the SSO and the CSO. Declaration of Security (DOS) is an agreement reached between a ship, and either a port facility or another ship with which it interfaces, which provides a means for ensuring that the critical security concerns are properly addressed and security will remain in place throughout the ships s interface with the port facility or the other ship.. Security for the ship is properly addressed by delineating the responsibilities for security arrangements and procedures between a ship and waterfront facility. Page 8 Version 1 ( )

9 Ship Security ssessment Guideline The IMO framework Security incident means any deliberate suspicious act threatening the security of the ship (incl. a mobile offshore drilling unit), its crew, passengers, stores and cargo, or a port facility. Security level means the qualification of the degree of risk that a security incident will be attempted or will occur. 2.5 FUTURE REVISIONS It is the responsibility of the user of this Guideline to review the SS process in the light of the current development in maritime security, and to revise the SS, and the SSP, as and when necessary. 2.6 REFERENCES This document is based on the outcome of the Diplomatic Conference on Maritime Security held in London in December 2002 where amendments to the SOLS 74 were adopted. The ISPS Code is included in the two documents SOLS/CONF.5/DC/2 dated 11 December 2002 (Part ) and SOLS/CONF.5/DC/2/dd.1 dated 12 December It is also based on the USCG s circular, Security Guidelines for Vessels (NVIC 10-02), see Section 1 of this paper. It is further based on the experience and work of people with considerable experience in maritime operations in general and security in particular. Page 9 Version 1 ( )

10 Ship Security ssessment Guideline The SS process 3. THE SHIP SECURITY SSESSMENT PROCESS The ship security assessment (SS) process is divided into 8 steps as described below: Initial screening, Step 1-3: Step 1: Identify any particular motives that may exist to threat or harm your ship, persons, cargo, or operations. Step 2: Identify critical operations, activities, and persons that are important to protect. Step 3: Get an overview of security measures in place. This is an in-office screening and not a comprehensive review. Prioritise operations, areas, systems, and personnel for threat assessment, focus on those found most critical and with a low level of protective security measures. Threat assessment, Step 4-5: Step 4: Identify threat scenarios, or security incident scenarios, that reflect the motives and prioritised operations, areas, systems and personnel. If no particular motives are identified, and no prioritization can be made, use a standard list of possible threat scenarios. Step 5: ssess likelihood and potential consequences of the scenarios. Do it roughly and qualitatively. Likelihood may be classified as unlikely and not Step 1: Step 2: Motives Key ship board operations Step 3: Existing security measures Step 4: Step 5: Threat Vulnerability scenarios (risk) likelihood, consequences Step 6: Step 7: Security Ship survey security checklist survey Step 8: Weaknesses Focused Ship Security Plan unlikely, and consequences as moderate, high and extreme. Prioritise scenarios found not unlikely in combination with consequence severity high or extreme. Onboard audit, Step 6-7: Step 6: Develop a ship security survey checklist that reflects the prioritised scenarios, existing measures assumed to be in place, and critical operations. Step 7: Survey your ship with the checklist. Identify measures in place and comment on deficiencies, training needs, safety conflicts, manning constraints, security equipment Identification of needs, Step 8: Step 8: Evaluate identified improvement needs through the ship security survey in terms of required security measures and weaknesses of existing measures.( and of possible remedial actions?) Initial screening Threat assessment Onboard audit Identification of needs Develop SSP fter these 8 steps, the SS is complete. The steps should be documented and is a basis for the development of a SSP. Remember also to document the limitations/assumptions of the SS (trading area, onboard systems, etc.) The remainder of this SS Guideline gives detailed descriptions for each step (1-8) including related checklists and other tools. Page 10 Version 1 ( )

11 Ship Security ssessment Guideline Step 1 STEP 1: IDENTIFICTION OF POSSIBLE MOTIVES References: Part of threat identification (Part, 8.4.3) Objective: To trigger a creative process to identify what types of motives for security incidents that do exist, and which motives that are particular for my ship and trade. re there any particular motives for unlawful acts against my ship? Outcome: Prioritised list of relevant motives that may exist. pplication: The identified motives form a basis for the identification of possible threat scenarios (Step 4). What to do: Use proposed worksheet (ppendix ). The worksheet is not complete and it should be used as a guideline only. dd your own questions be creative! Political Economical 11.september Fear Symbolic 1. The worksheet (ppendix ) is divided in five motive categories: a. Political b. Symbolic c. Economical d. Fear, and, e. Other. It is important that you think exclusively on motives, and that you are conscious about the category of the motive. 2. In the end, make an overall assessment and evaluate which motives that should be considered. Keep the outcome from this evaluation of motives fresh in mind when you later on go through Step 4, Identification of possible threat scenarios. But first you should identify key shipboard operations (Step 2) and your existing security measures (Step 3). Page 11 Version 1 ( )

12 Ship Security ssessment Guideline Step 2 STEP 2: IDENTIFICTION OF KEY SHIPBORD OPERTIONS References: Part, 8.4.2; Part B, 8.3, 8.6, 8.8 Objective: To identify operations, systems, areas, and personnel critical to protect if subject to a security incident. What operations, systems, areas, and personnel are important to protect to avoid a security incident? Outcome: list of security-critical operations, systems, areas, and personnel onboard. pplication: To prioritise the most critical operations, systems, areas, and personnel to protect with respect to a security incidents. What to do: 1. Obtain and record the information required to conduct the ship security assessment, such as general layout of ship, stowage arrangement plans, etc (ref. Part B, 8.5) 2. Identify critical ship operations where security incidents may take place (e.g., cargo operations, bunkering, repair work, change of crew/passengers, etc.). 3. List systems, physical areas, and personnel that may be targeted and used in security incidents. Which are important to protect? The attached worksheet (ppendix B) gives some initial ideas as to how to structure this activity. The worksheet includes all elements that is recommended to be covered by the ship security plan (Part B, ). The SFI Group System may also be used to further trigger some ideas. 4. Go through the list, discuss and identify the critical operations, systems, areas, and personnel that may be important to protect to prevent threats or security incidents. The figure below illustrates the main critical operations (as in ppendix B) and systems, areas, operations, and personnel that may be relevant for your vessel (list is not exhaustive your list may look different) CRITICL OPERTIONS People accessing the ship Ship navigation and operation Cargo handling Ship stores handling Security monitoring Loading Voyage Discharging/ embarkation Security communication system Emergency response Navigation capacity Security communication system Ship stores Crew, passengers, visitors 6 Emergency response Cargo Theship(hull, propellers, ) Page 12 Version 1 ( )

13 Ship Security ssessment Guideline Step 3 STEP 3: IDENTIFICTION OF EXISTING SECURITY MESURES, PROCEDURES, ND OPERTIONS References: Part, 8.4.1; Part B, 8.5, 8.7 (partly 8.14) Objective: Outcome: To identify and describe existing security measures, procedures and operations. List of existing security measures related to critical operations, areas, systems, and personnel. What existing security measures, procedures and operations do I have in place? pplication: To get an overview of existing measures to be used : a. To identify critical operations that may have insufficient security b. Onboard during the ship security survey (Step 7). What to do: This is an office screening of your existing security measures rather than an onboard survey (this you will do later on!). Use ppendix B to help you through: 1. Identify security measures in place for each critical operation, and give some key words for what kind of measures that do exist. 2. Refer to the list for critical operations (Step 2), and prioritise those operations, systems, areas, and personnel found critical with limited/weak security measures in place (the upper-right corner of the right-hand box, see below). The figure illustrates the described process: From identifying key shipboard operations (Step 2), to assessing existing security measures (this Step 3). Operations, systems, areas, and personnel critical to protect if subject to a security incident? (from Step 2) Security measures, procedures in place? (this Step 3) Low High Yes No Comments High Critical operations Low Security measures in place? Yes No Page 13 Version 1 ( )

14 Ship Security ssessment Guideline Step 4 STEP 4: IDENTIFICTION OF POSSIBLE THRET SCENRIOS References: Part, Part B, 8.9 Objective: To identify the most relevant scenarios for security incidents that reflect critical operations, existing measures, particular motives, and the trade of the ship. How can anybody attack my ship? Outcome: List of relevant security incident scenarios, or threats. pplication: To assess relevant threats of the ship to prioritise the vital few for planning of security measures. The threat scenarios will further be evaluated with respect to vulnerability (Step 5). What to do: Identification of possible security threats is surrounded by uncertainty; hence do not try to do this too detailed. This is a brainstorming type of session, and there is no standard answer. Take into account the specifics of your ship in terms of crew, cargo, trade area, ports, and similar. 1. If no particular motives are identified for your ship (Step 1), use the standard list of possible threat scenarios as mentioned in the ISPS Code, Part B, 8.9. (figure below). 2. If motives do exist (Step 1), however, use a more detailed list of security incident scenarios. ppendix C contains a proposed list for your use. When assessing the possible threats to your ship, use the information identified and assessed in the previous Steps 1-3: a. Motives (Step 1) b. Prioritised, critical operations (Step 2) c. Security measures in place (Step 3). Means, methods Hijacking ISPS Code, Part B, Others take control over ship Unauthorised access Part B, Tampering with cargo Part B, 8..3 t berth t anchor t sea Security incidents Use the ship as a weapon Part B, Damage to or destruction of the ship Part B, Damage to cargo or passenger onboard Smuggling of weapons Part B, Use the ship to carry perpetrators Part B, Page 14 Version 1 ( )

15 Ship Security ssessment Guideline Step 5 STEP 5: THRET ND VULNERBILITY (RISK) SSESSMENT References: Part, 8.4.3; Part B, 8.9, 8.10 Objective: To assess ship vulnerability to threats security incident scenarios in terms of likelihood and potential consequences. Do some of the scenarios appear more likely than others and what could the consequences be? Outcome: List of the vital few scenarios implying the highest risk. pplication: To give guidance with respect to operations, areas, systems and personnel that should be evaluated and surveyed to identify whether additional security measures are required. What to do: Use the list of threat scenarios developed (Step 4/ppendix C). Do not try to quantify consequences and likelihood, but indicate if they are low or high : 1. ssess whether some scenarios are more likely than others. Take into account motives, existing measures and critical operations when assessing the likelihood. Likelihood may be categorised in terms of unlikely and not unlikely. 2. ssess potential outcome of the scenarios. consequence categorisation ( moderate, high and extreme ) is provided in ppendix C. 3. Prioritise the scenarios that are not unlikely in combination with consequence severity high and extreme (the two upper-right squares in the right-hand figure, below). Scenarios Consequences Likelihood Not unlikely Unlikely 2 5 Moderate High Extreme Consequences Page 15 Version 1 ( )

16 Ship Security ssessment Guideline Step 6 STEP 6: DEVELOPMENT OF ONBORD SHIP SECURITY SURVEY CHECKLIST References: Objective: Part, 8.4, Part B, entire section 8 (8.14 in particular) Develop an onboard security survey checklist specific for your ship based on the information gathered through Steps 1-5 and relevant parts of the ISPS Code, Part and B. What should I check onboard my ship and what is the status? Outcome: n onboard ship security survey checklist, to be used in Step 7. pplication: The checklist shall be used to perform, and document, an onboard ship security survey. What to do: Build your ship specific checklist by using ppendix D, the information gathered so far and, most importantly, your own experience related to your ship and your trading area(s). ppendix D is not meant to be a comprehensive checklist but rather a generic guide which will assist you in the work to build a specific checklist for your ship: Ship Security Checklist Ship Security Checklist Ship Security Check item Checklist Yes No Comments Ship Security Check item Checklist Yes No Comments Security management Ship Security Check item Checklist Yes No Comments Security item management Yes No Check Comments 1.. Security item management Yes No Check Comments 1.. Security management Security management Physical ssecurity.... Physical ssecurity Physical ssecurity Physical ssecurity Physical security Generic checklist Tailormade checklist Ship Security Checklist Check item Yes No Comments Security management.. Existing measures.. Scenario related.. ISPS Code related Identify operations, areas, systems, and personnel related to the threat scenarios developed in Step Select the most relevant security areas from ppendix D. 3. dd the existing security measures and the gaps identified in Step Identify any additional items to verify onboard according to your own experience. Importantly, ppendix E provides you with an overview over measures recommended by the ISPS Code related to security level 1, 2, and 3. You should also consider this according to what security level you are currently evaluating for. Page 16 Version 1 ( )

17 Ship Security ssessment Guideline Step 7 STEP 7: ONBORD SHIP SECURITY SURVEY References: Part 8.3; Part B 8.14 and 8.10 (in particular) Objective: Outcome: To perform, and document, an onboard ship security survey. Confirmation of security measures assumed to be in place, identification of non-existent/ insufficient security measures. What security measures are lacking and what are the weaknesses of the existing? pplication: Security measures identified as non-existent/insufficient create the basis for the SSP. They also define the remedial actions to be taken. The SSP shall be written to include the duties and responsibilities of those onboard and ashore for implementing these security measures at varying security levels. What to do: 1. Perform an onboard assessment of the ship security by using your checklist developed in Step Go through each item on the checklist and make remarks about the weaknesses, such as: a. Conflict between security and safety measures b. Conflicts between shipboard duties and security assignments c. Watch keeping and manning constraints with implications on crew fatigue, alertness, and performance d. Security training deficiencies e. Insufficient, poorly maintained, sub-standard security equipment/systems. Ship Security Survey Checklist Issue to check: No Yes Comment Existing security measures in place, ok, but: conflict with safety- evacuation Page 17 Version 1 ( )

18 Ship Security ssessment Guideline Step 8 STEP 8: IDENTIFICTION OF WEKNESSES, REMEDIL CTIONS References: Part 8.4.4; Part B 8.3, 8.7, 8.8, 8.9, 8.14 Objective: To identify issues for which security improvements may be needed based on the onboard survey. Propose remedial actions. What security improvements are needed to reduce vulnerability and weaknesses? Outcome: list with identified needs for security improvements; outline of proposals for remedial action. pplication: The identified needs form the basis for the Ship Security Plan by having identified what to plan for. What to do: 1. Go through the checklist from the ship security survey and evaluate the areas where remarks have been made. 2. Identify improvement needs per area. 3. Propose remedial actions for the same security gaps. Ship Security Survey Checklist Issues for improvement Issues to check: No Yes Comment Existing security measures in place, ok, but: conflict safetyevacuation Page 18 Version 1 ( )

19 Ship Security ssessment Guideline Requirements and recommendations to the SSP 4. REQUIREMENTS ND RECOMMENDTIONS TO THE SSP This section provides an overview of some important requirements of the ISPS Code to the Ship Security Plan (SSP) and some recommendations as to how to structure the SSP. The SS is, as stated earlier, and essential an integral part of the process of developing and updating the ship security plan (SSP). The SS shall be documented, reviewed, accepted and retained by the Company, and the submission of a SSP, or amendments, for approval shall be accompanied by the documented SS on the basis of which the SSP, or the amendments, has been developed. The ISPS Code, Part and B, section 9, provides detailed requirements to the SSP. There is not only one right way to structure and prepare a good SSP. Based on experience already done with the making and review of SSP s, a few general recommendations should be noted: 1. Start with the SSP requirements in the ISPS Code, Part B in particular. The Code provides comprehensive information to the content of the SSP. 2. Keep it simple and practical (and remember, what s in the SSP, you must follow)! 3. Use a structured, systematic approach. 4. The documented SS process is a very important basis for the SSP the output from the SS process has provided you with a huge amount of information and knowledge, and has significantly raised your security awareness, making it easier to prepare the SSP. So, how should a good SSP look like? s mentioned, every SSP will look different, and the SSP that fits your ship is not necessarily the right one for another ship. This SS Guideline will not go into detail in the making of a high-quality SSP, but a good guidance as to how to structure the SSP can be found by looking at a few external sources. One such guideline can be found in the recommendations to the SSP from the USCG (NVIC 10-02), Vessel Security Plan Outline : 1. Introduction 2. Ship data, drawings 3. Ship organisation/ ship security organisation 3. Company Security Officer (CSO) 4. Ship Security Officer (SSO) 5. Plan documentation 6. Communication and co-ordination with port, waterfront facility, law enforcement, company, the CSO and the SSO 7. Ship Security ssessment Page 19 Version 1 ( )

20 Ship Security ssessment Guideline Requirements and recommendations to the SSP 8. Maritime Security Levels and associated measures 9. Security ctions 10. Ensuring the performance of all ship security duties 11. Monitoring restricted areas to ensure that only authorised persons have access 12. Controlling access to the ship 13. Monitoring of deck areas and areas surrounding the ship 14. Controlling the embarkation of persons and their effects 15. Supervising the handling of cargo and ship stores 16. Ensuring that port-specific security communication is readily available 17. Ship/waterfront facility interface 18. Training and drills 19. Contingency Plans & Standard Operating Procedures (SOP s) maintenance The International Chamber of Shipping ( is also about to develop an outline of an approved SSP. Results from this work will be presented in early nother source of information can be found by looking at the (preliminary) checklist to a SSP prepared by an RSO (Det Norske Veritas). Remember, it is the RSO who is going to approve your SSP. The following checklist based on the ISPS Code, indeed will most likely be modified in the coming weeks and months as more SSP s are approved, yet it provides a good idea to the required content & structure of an SSP: 1 General 1.1 Introduction 1.2 Ship, port, and trade specific data 1.3 Ship data 2 Ship Security ssessment 2.1 General 2.2 Qualifications 2.3 Expert assistance 2.4 Prerequisites 2.5 Information required 2.6 Threats and vulnerabilities 2.7 Identification of measures 2.8 Examination of access 2.9 Existing security measures 2.10 Potential vulnerabilities 2.11 On-scene security survey 3 SSP Details 3.1 General 3.2 Company statement 3.3 Master s discretion 3.4 Ship organization and communication 3.5 Company Security Officer Page 20 Version 1 ( )

21 Ship Security ssessment Guideline Requirements and recommendations to the SSP 3.6 Ship Security Officer 3.7 Qualifications of the SSO 3.8 Shipboard personnel 3.9 Shipboard personnel qualifications 3.10 Training, exercises and drills 3.11 udits 3.12 Periodic review 3.13 Reporting of security incidents 3.14 Interface with port facilities 3.15 Dangerous goods 3.16 Declaration of security 3.17 dministration of SSP 3.18 Security equipment 3.19 Ship security alert system 3.20 Records 3.21 Crewing and charterers 4 Ship Security Measures to be Implemented based no the Security Level 4.1 ccess to the ship (Sections: General, Security Level 1, 2, and 3) 4.2 Restricted areas (General, Security Level 1, 2, and 3) 4.3 Handling of cargo (General, Security Level 1, 2, and 3) 4.4 Delivery of ship stores (General, Security Level 1, 2, and 3) 4.5 Handling of unaccompanied luggage (General, Security Level 1, 2, and 3) 4.6 Monitoring the security of the ship (General, Security Level 1, 2, and 3) 4.7 Differing security levels 4.8 ctivities not covered by the ISPS Code 4.9 Response to security threats 4.10 Response to security actions 4.11 Contigency procedures, evacuation 4.12 DNV (RSO) recommendation 5 Conclusions and Recommendations for further Work [in the certification, plan approval process] Relevant report forms, e.g. on reporting of unlawful acts, should also be included in the SSP. Other RSO s have their own, and probably alternative, checklists to the content of an SSP. It should also be mentioned that the Company is obligated to ensure that the SSP contains a clear statement emphasising the Master s authority. The Master has the overriding authority and responsibility to make decisions with respect to the security of his ship, and to request the assistance of the Company, or of any Contracting Government, as may be necessary. The Company shall ensure that the Company Security Officer, the Master and the Ship Security Officer are given the necessary support to fulfil their duties and responsibilities in accordance with the Code. Page 21 Version 1 ( )

22 Ship Security ssessment Guideline ppendix PPENDIX IDENTIFICTION OF MOTIVES Motive: Questions to be asked: Example: 1. POLITICL: 1.1 Does it exist political (incl. religious, ideological, Cargo (e.g. weapon parts, Norwegian whale, nuclear ethnical, nationalistic) motives related to your ship cargo) and trade area/port (Middle East, US) (flag, owner, crew) or trade (cargo, passengers, trade area or port)? 1.2 Does your ship trade in an area with unstable political Countries with elections, demonstrations, civil war, situation? riots (West frica, Middle East) 1.3 dd other relevant questions: Motivating factors? Not likely Probable Likely Comment: 2. SYMBOLIC: 2.1 Can your ship be used as a means to harm symbolic constructions on the trade? 2.2 Does your ship visit a port where international events take place? 2.3 Can your ship be used as means to harm important environmental areas? 2.4 Does your ship itself represent or carry a symbolic value? Well known buildings, statues, bridges, etc. (Golden gate, Sidney opera, etc.) Exhibitions, sports, political, etc. (Olympic Games, EXPO, WTO meeting, etc.) reas for tourism, commercial exploitation of nature (fish farming, beaches, coastal cities, etc.) Ship carries special cargo (e.g. weapons), support operations (oil to war actions, equipment to industry projects), represent attitudes at debate (cruise, natural resources, etc.). Page 22 Version 1 ( )

23 Ship Security ssessment Guideline ppendix 2.5 Does the visibility or the profile of your ship, company or brand represent a motive for unlawful acts? 2.6 dd other relevant questions: Because of your policy (exploitation of labour, political attitudes), the operations you are involved (natural resources, weapons, etc.). 3. ECONOMICL: 3.1 Gain: Does your ship carry special cargo (economical value, Plutonium, equipment for mass destruction, etc. restricted availability)? Is it likely that terror related smuggling take place from ports your ship is visiting? Smuggling of people/goods from frica to Italy. (Intelligence) Is it likely that your crew can take part in or embrace Ethnical motives and common cause. terror related smuggling? Is your ship trading in an area known for piracy? See nnual Piracy Report (ICC) Does your ship, cargo or passengers represent risk for Hijacking? Valuable ship, cargo and passengers used for threats and barging demands dd other relevant questions: 3.2 Damage to Society/Industry: Can your ship be used to damage important nodal points for trade or commercial activity? Block ports or canal, collide with bridges or offshore installations, etc Is the trade your ship represents critical to society? Critical equipment to industry projects (e.g. pipelines, offshore installations, etc.), or for industry production (gold, silver, silicates, etc.) Page 23 Version 1 ( )

24 Ship Security ssessment Guideline ppendix Will an unlawful act against your ship or trade harm the state of the industry? dd other relevant questions: Reduced market due to reduced trust (cruise, passenger transport, etc.) 3.3 Damage to Company: Does your ship itself or the cargo represent critical income for your company? Does your company have any enemies that are capable of committing unlawful acts? dd other relevant questions: Significant loss because of specialised ship for special cargo, operation, etc. Political groups, business competitors, former employees, etc. 4 FER: 4.1 Can your ship be used as a means to escalate consequences and thus create fear in the society? 4.2 dd other relevant questions: Explosion, collision with construction, ammonia discharge, etc. Because of the consequences that result (numerous fatalities of passengers, discharge of radio actives, etc.) 5 OTHER: 5.1 re there any other motives for use of unlawful acts against your ship? 5.2 dd other relevant questions: Unlawful acts towards your ship will result in media attention. OVERLL SSESSMENT OF MOTIVES - Summarise the check-offs and evaluate which one that should be considered Page 24 Version 1 ( )

25 Ship Security ssessment Guideline ppendix B PPENDIX B KEY SHIPBORD OPERTIONS ppendix B may be used to, 1. Identify critical shipboard operations, systems, physical areas and personnel that may be subject to security incident (left column, input from Step 2). These should be evaluated in relation to your trading area(s), the ship and operations characteristics, and so on. 2. Existing security measures for the same operations, systems, areas (right column input from Step 3 - includes elements from Part B ) Operations with related systems, areas and personnel 1. CCESS CONTROL - Personnel, passengers, visitors, etc. 1.1 ccess ladders 1.2 ccess gangways 1.3 ccess ramps 1.4 ccess doors, side scuttles, windows and ports 1.5 Mooring ropes and anchor chains 1.6 Cranes and hosting gear 1.7 ccess by ships side (freeboard) 1.8 Equipment and baggage brought onboard 1.9 Unaccompanied baggage found onboard dd issues you find relevant: From Step 2: From Step 3: Security measures in Criticality place Low High Yes No Comments Page 25 Version 1 ( )

26 Ship Security ssessment Guideline ppendix B Operations with related systems, areas and personnel 2. RESTRICTED RES ON THE SHIP 2.1 Navigation bridge 2.2 Navigational means (radio, radar, GPS, etc.) 2.3 Machinery spaces, power supplies, steering rooms 2.4 Control rooms 2.5 Galley/pantry 2.6 Ventilation and air conditioning system 2.7 Spaces with access to potable water tanks, pumps or manifold 2.8 Hull, ballast tanks 2.9 Rudder and propeller dd issues you find relevant Security measures in Criticality place Low High Yes No Comments 3. CRGO HNDLING 3.1 Cargo access points (hatches, ports, pipings) 3.2 Cargo storage spaces (incl. access points) 3.3 Spaces containing dangerous goods or hazardous substances 3.4 Cargo handling equipment dd issues you find relevant: Page 26 Version 1 ( )

27 Ship Security ssessment Guideline ppendix B Operations with related systems, areas and personnel 4. SHIP STORES HNDLING 4.1 ccess points for delivery to ship 4.2 Storage spaces 4.3 ccess points to storage spaces dd issues you find relevant: Security measures in Criticality place Low High Yes No Comments 5. SECURITY MONITORING 5.1 Lighting 5.2 Watch-out (voyage) 5.3 Security guards and deck watches, including patrols 5.4 utomatic intrusion detection advice 5.5 Surveillance monitoring 5.6 Security and surveillance equipment spaces dd issues you find relevant: 6. SFETY OPERTIONS 6.1 Life boats and life belts 6.2 larms, signals and marking 6.3 Evacuation routes 6.4 Fire fighting system dd issues you find relevant: Page 27 Version 1 ( )

28 Ship Security ssessment Guideline ppendix C PPENDIX C THRET SCENRIOS ND SSESSMENT The SS should consider all possible threats, which may include (ISPS Code Part B, 8.9): 1. Damage to, or destruction of, the ship (bombing, arson, sabotage) 2. Hijacking or seizure of the ship/persons onboard Means, methods Hijacking ISPS Code, Part B, Others take control over ship Unauthorised access Part B, Tampering with cargo Part B, Tampering with cargo, ship equipment, systems ship stores t berth 4. Unauthorised access or use, incl. stowaways t anchor 5. Smuggling of weapons or equipment, weapons of mass destruction t sea 6. Use the ship to carry perpetrators and their personal equipment 7. Use of the ship as weapon or as means to cause damage, destruction Security incidents Use the ship as a weapon Part B, Damage to or destruction of the ship Part B, Damage to cargo or passenger onboard Smuggling of weapons Part B, Use the ship to carry perpetrators Part B, This list below is not comprehensive but it provides you with a long range of scenario examples. Try to think out of the box, and find scenarios that are relevant for your vessel and your trade. Make comments and evaluate consequences and likelihood on an appropriate level. Consequence categories to be used: Moderate: Little or no loss of life or injuries, minimal economic impact, or some environmental damage. High: Multiple losses of life or injuries, major regional economic impact, long-term damage to a portion of the eco-system Extreme: Numerous loss of life or injuries, major national or long term economic impact, complete destruction of multiple aspects of the eco-system over a larger area Page 28 Version 1 ( )

29 Ship Security ssessment Guideline ppendix C Threat: 1. Damage to, or destruction of, the ship (bombing, arson, sabotage, vandalism) Hide explosives onboard, initiate with timer/remote From Step 4 From Step 5: Relevant: Possible Consequences - Human, Material, Environment Yes No Moderate High Extreme Likelihood Not likely Not unlikely Comment: Bring explosives onboard, suicidal/high risk action Place explosives in cargo, initiate with timer/remote ttach explosives to hull, initiate with timer/remote Explode ship by external craft, torpedo, mine, etc. Force oil/gas leakage: engine room / cargo tanks Set ship on fire Open bow port, cargo hatch (to sink or capsize) Drain holes, to sink or capsize Cut pipes (water intake) to change trim ctivate pumps to change trim.other Threat: 2. Hijacking or seizure of the ship or of persons on board Relevant: Possible Consequences - Human, Material, Environment Yes No Moderate High Extreme Likelihood Not likely Not unlikely Comment: Crew takes control over ship Passengers take control Page 29 Version 1 ( )

30 Ship Security ssessment Guideline ppendix C Stowaways/boarded person take control Hijacking through (bomb) threat Hijacking of crew or passengers Unlawful detention of ship / crew or passenger by port authority or state other Threat: 3. Tampering with cargo, essential ship equipment or systems or ship s stores Relevant: Possible Consequences - Human, Material, Environment Yes No Moderate High Extreme Likelihood Not likely Not unlikely Comment: Block critical systems like propulsion, steering etc Contaminate bunker Damage ship systems, navigation, loading, False nav data/guidance (radar, VTS, pilot, chart) Contaminate drinking water or food Release gas onboard Contaminate cargo Destroy lifesaving equipment Destroy ship interiors other Page 30 Version 1 ( )

31 Ship Security ssessment Guideline ppendix C Threat: 4. Unauthorised access or use including presence of stowaways Relevant: Possible Consequences - Human, Material, Environment Yes No Moderate High Extreme Likelihood Not likely Not unlikely Comment: Stowaways sneaking onboard /hiding in cargo Boarding ship at port or during voyage as passenger or crew Boarding ship at port or during voyage as pilot, supplier, surveyor, fake castaway Unauthorised boarding ship at pilot entrance or STS operations Unauthorised boarding of ship at voyage via vessel/craft/helicopter Unauthorised boarding ship at voyage via shipwrecked (Unauthorised use, see item 5) other Threat: 5. Smuggling weapons or equipment, including weapons of mass destruction Hide goods in cargo Relevant: Possible Consequences - Human, Material, Environment Yes No Moderate High Extreme Likelihood Not likely Not unlikely Comment: Hide goods in crews luggage Hide goods in passengers luggage Hide goods in ship supplies other Page 31 Version 1 ( )

32 Ship Security ssessment Guideline ppendix C Threat: 6. Use of the ship to carry perpetrators and their personal equipment Relevant: Possible Consequences - Human, Material, Environment Yes No Moderate High Extreme Likelihood Not likely Not unlikely Comment: Stowaways sneaking onboard /hiding in cargo Boarding ship at port or during voyage as passenger or crew Boarding ship at port or during voyage as fake pilot, supplier, surveyor, or similar..other Threat: 7. Use of the ship itself as a weapon or as a means to cause damage or destruction Relevant: Possible Consequences - Human, Material, Environment Yes No Moderate High Extreme Likelihood Not likely Not unlikely Comment: Crew take control over ship Passengers take control Stowaways/boarded person take control Block critical systems like propulsion, steering etc in a critical position (near terminal etc) Given a hijacked situation (item 4): Take control over ship and hit another ship Given a hijacked situation (item 4): Take control over ship and hit a landbased construction / terminal / chemical plant or similar Given a hijacked situation (item 4): Take control over ship and hit an offshore Page 32 Version 1 ( )