The strength of the ISPS Code lies in the clarity and uniformity it has brought to maritime security. A common understanding of security levels, roles and responsibilities of different security officers, and security procedures has brought together contracting governments, government agencies, local administrations, the shipping and port industries, and other stakeholders in identifying and tackling security threats. This common language facilitates powerful cooperation that is guided by a common methodology for ship and port security assessments for each security level. However, this methodology is where the core challenge of the code lies.
Isps Code Arabic.pdf
The ISPS Code is currently limited in its capacity to pre-emptively identify emerging threats because the code is focused on mitigation measures and post-event response. The primary example of a developing maritime security threat is cybersecurity. In the nearly 20 years since the implementation of the ISPS Code, the technology utilised in all commercial industries has changed drastically. While increased capacity, connectivity, monitoring and improved security measures have doubtlessly led to improvements across the shipping industry, they also present new threats. Due to the inherent interconnected nature of the maritime industry, the ISPS Code for both ports and vessels has to be workable in a space with a wide variety of potential spill-over risks from industries and companies co-operating with them. This was seen most notably in cyberspace in the NOT PETYA attack which originated in a small Ukrainian software company whose tax filing software serviced a large number of Ukrainian businesses. The attack spilled over into Maersk through their Ukrainian branch which had the software on one of their computers and simultaneously infiltrated every connected device in their network, severely impacting Maersk's systems worldwide, including their 76 ports and 800 vessels. The ISPS Code is intended to improve security of vessels and port facilities, limiting the impact of a security incident if it happens and to maintain functionality of systems in the event of an incident. A cyber-attack now has the potential to severely compromise both physical security and operability of ports and vessels. To address this vulnerability, the International Association of Ports and Harbours (IAPH) in cooperation with World Bank has recently submitted cybersecurity guidelines to the IMO for consideration. Whilst this is a step in the right direction for the industry to self-implement improvements, it highlights the importance of introducing a more formal process that continuously assesses whether the ISPS Code is up to date and coherent with emerging risk factors, such as cybersecurity.
A third limitation of the ISPS Code connects to how the code treats the security impacts of goods in ports. The ISPS Code mandates that the port security assessment accounts for the identification of potential targets and weaknesses relating to the transport of goods, including explosive and dangerous material, which may be located and/or stored in a port at some point. It highlights the importance of recognising and implementing security measures around threats to and from dangerous materials, however it also emphasises the responsibility of ports and contracting governments to ensure adequate implementation. Despite the requirement for constant assessment of security measures and risks, it is not feasible for holistic port security to be reassessed every time new cargo arrives. This explains why the security assessment of transiting cargo predominately accounts for stationary risk, rather than transitory and adaptive threats.
The ISPS Code has made a significant, positive difference to maritime security, bringing about formalised and standardised maritime security for ships and ports with clear enforcement systems and extensive guidelines for implementation, regulation, and designation of responsibility. However, in its current form, the code does not adequately account for the nuance of the multidimensional, varying, and evolving nature of risk in the maritime industry. This is less the result of inadequate planning, but reflective of the ever-evolving nature of risk. Informed parties would be hard pushed to debate the legitimacy of the ISPS Code, however increasingly there are questions regarding its relevance within the contemporary security environment.
Furthermore, since ISPS code is based on 9/11 outcome and the early piracy activity in the area of Somalia, no amendments or revisions have been made to the code and new types of security threats have not been identified and incorporated (i.e. attacks on Tankers in the area of Persian gulf, Hormuz straight etc). 2ff7e9595c
Comments