Using a Proposed Risk Computation Procedure and Bow-Tie Diagram as a Method for Maritime Security Assessment

Abstract

Terrorism, piracy, robbery, and cyber-threats on ships and at port facilities, as well as smuggling and drug trafficking through cargo and containers, are some of the international security problems for which national maritime security services must provide solutions. Cyber-attack is considered particularly important as it can be combined with all the other security vulnerabilities in the shipping industry. There is no extensive and in-depth literature for the risk acceptance criteria concerning maritime security. Basic information is drawn from other areas, such as civil aviation. It is necessary to standardize these criteria, as is the case with formal safety assessment, where practitioners know how to gather information, to make comparisons with previous experience, and to make decisions that are often based on experience from the past. The aim of the present study is to address the issue of maritime security through the development of a method applicable to the maritime industry that evaluates and manages maritime security-related risks. Security cost-benefit analysis and decision-making procedures will be required in the future. The proposed method uses the bow-tie diagram tool for the estimation of risk. A risk computation procedure is described after the application of a set of prevention barriers, which is based mainly on the accuracy of the definition of the probability and the contribution of each threat, as well as the accuracy of estimation of the effectiveness value of each prevention barrier for the same threat as defined by the user. Similarly, the risk computation for each consequence, after the application of a set of mitigation barriers, is based mainly on the accuracy of the definition of the risk value of each consequence as well as on the accuracy of the estimation of the effectiveness value of each mitigation barrier for the same consequence as defined by the user. The results of the risk computation appear in the bow-tie diagram providing a colored scheme of the risk values obtained for the top event and consequences after the introduction of the necessary prevention and mitigation barriers.Terrorism, piracy, robbery, cyber-threats, smuggling and drug trafficking etc., are some of the international security problems due to which the national maritime security services must provide solutions. There is no extensive literature for the risk acceptance criteria concerning maritime security and basic information is drawn from other areas. The aim of the proposed study is to develop a method applicable to the maritime industry that evaluates and manages maritime security related risks in a case of cyber-security. Security Cost-Benefit Analysis and Decision Making procedure will be required in the future. The proposed method uses the Bow-Tie diagram tool for the estimation of the risk. A risk computation procedure is described after the application of prevention barriers, which is based mainly on the accuracy of the definition of the Probability P _i and the Contribution C _i of each Threat ( i ) as well as on the accuracy of the estimation of the Effectiveness value E _ij , of each Prevention Barrier ( j ) for the same defined Threat ( i ), by the user. Similarly, the risk computation for each consequence, after the application of mitigation barriers, is based mainly on the accuracy of the definition of the Risk Value RV _i of each Consequence ( i ) as well as on the accuracy of the estimation of the Effectiveness value E _ij , of each Mitigation Barrier ( j ) for the same defined Consequence ( i ), by the user. The results of the risk computation appear in the Bow-Tie diagram providing a coloured scheme of the obtained risk values for top event and consequences.

Keywords

maritime security security risk assessment bow-tie diagram risk management risk identification risk analysis risk evaluation

Get full access to this article

View all access options for this article.

References

Burns

Port Management and Operations. CRC Press, Boca Raton, FL, 2015.

Rowbothan

Introduction to Marine Cargo Management – Lloyd’s Practical Shipping Guides, 2nd ed. Informa Law from Routledge, London, 2014.

IMO. Maritime Safety – Safety Topics – Formal Safety Assessment, 2019. International Maritime Organization. https://www.imo.org/en/OurWork/Safety/Pages/FormalSafetyAssessment.aspx.

IMO. Interim Guidelines for the Application of Formal Safety Assessment (FSA) for Use in the IMO Rule-Making Process. MSC/Circ.829-MEPC/Circ.335. International Maritime Organization, 1997.

IMO. Guidelines for Formal Safety Assessment (FSA) for Use in the IMO Rule-Making Process. MSC/Circ.1023-MEPC/Circ.392. International Maritime Organization, 2002.

IMO. Amendments to the Guidelines for Formal Safety Assessment (FSA) for Use in the IMO Rule-Making Process (MSC/Circ.1023-MEPC/Circ.392). MSC/Circ.1180-MEPC/Circ.474, (MSC 80). International Maritime Organization, 2005.

IMO. Amendments to the Guidelines for Formal Safety Assessment (FSA) for Use in the IMO Rule-Making Process (MSC/Circ.1180-MEPC/Circ.474). MSC-MEPC.2/Circ.5, (MSC 82). International Maritime Organization, 2009.

IMO. Revised Guidelines for Formal Safety Assessment (FSA) for Use in the IMO Rule-Making Process. MSC-MEPC.2/Circ.12. International Maritime Organization, 2013.

IMO. Revised Guidelines for Formal Safety Assessment (FSA) for Use in the IMO Rule-Making Process. MSC-MEPC.2/Circ.12/Rev.1. International Maritime Organization, 2015.

10.

IMO. Revised Guidelines for Formal Safety Assessment (FSA) for Use in the IMO Rule-Making Process. MSC-MEPC.2/Circ.12/Rev.2. International Maritime Organization, 2018.

11.

European Commission, Directorate-General for Employment, Social Affairs and Inclusion, Guidance on risk assessment at work, Publications Office, 1996. http://osha.europa.eu/en/topics/riskassessment/guidance.pdf.

12.

Threat, Vulnerability, Risk – Commonly Mixed up Terms. Threat Analysis Group LLC, Sugar Land, TX, 2019. https://www.threatanalysis.com/2010/05/03/threat-vulnerability-risk-commonly-mixed-up-terms/.

13.

Psarros

Rolf

Magnus

The Acceptability of Maritime Security Risk. Journal of Transportation Security, Vol. 2, No. 4, 2009, pp 149–163.

14.

Fransas

Nieminen

Salokorpi

Rytkönen

Maritime Safety and Security: Literature Review. University of Applied Sciences, Kymenlaakso, Finland, 2012.

15.

Nyman

Tuominen

Rytkönen

Kujala

Ylitalo

Preliminary Study of Developing a New Method to Control Maritime Safety and Security Risks Together. Electronic report, not published. The Finnish Transport Agency, Ministry of Defence, The Finnish Border Guard, Aalto University, Kymenlaakso University of Applied Sciences and Technical Reseach Centre of Finland, Espoo, 2010.

16.

Klein

Maritime Security and the Law of the Sea. Oxford University Press, Oxford and New York, 2011.

17.

Bradford

J. F.

Japanese Anti-Piracy Initiatives in Southeast Asia: Policy Formulation and the Coastal State Responses. Contemporary Southeast Asia, Vol. 26, No. 3, 2004, pp 480–505. https://doi.org/10.1355/cs26-3e

18.

Reniers

Security of Multimodal Dangerous Freights: The Way Forward. In Safety and Security Engineering ( Guarascio

Reniers

Brebbia

C. A.

Garzia

, eds.), WIT Press, Southampton, UK, 2011, pp. 327–335.

19.

Ministry of Defence of Finland. Security Strategy for Society. Government Resolution 2010 Dec 16. Ministry of Defence, Helsinki, 2011.

20.

US Navy. The Commander’s Handbook on the Law of Naval Operations. US Marine Corps, US Coast Guard, Norfolk, 2007.

21.

Raymond

C. Z.

Morriën

Security in the Maritime Domain and Its Evolution Since 9/11. In Lloyd’s MIU Handbook of Maritime Security ( Rupert

H. B.

Bateman

Lehr

, eds.), CRC Press, London, 2008.

22.

Jones

Maritime Security: A Practical Guide. Nautical Institute, London, 2006.

23.

United Nations. Information and communications technology (ICT)/enterprise resource plannning (ERP/Security, disaster recovery and business continuity (DRBC). General Assembly Resolutions. A/RES/63/262, 2008

24.

Bakir

N. O.

A Brief Analysis of Threats and Vulnerabilities in the Maritime Domain. In Managing Critical Infrastructure Risks ( Linkov

Wenning

R. J.

Kiker

G. A.

, eds.), Springer, Dordrecht, 2007, pp. 17–49.

25.

King

The Security of Merchant Shipping. Marine Policy, Vol. 29, No. 3, 2005, pp. 235–245.

26.

Crist

Security in Maritime Transport: Risk Factors and Economic Impact. OECD Directorate for Science, Technology and Industry–Maritime Transport Committee, Paris, 2003.

27.

Chalk

International Security: Terrorism, Piracy, and Challenges for the United States. Center for Terrorism Risk Management Policy. RAND, Santa Monica, CA, 2008.

28.

Talley

W. K.

Rule

E. M.

Piracy in Shipping. In Maritime Safety, Security and Piracy ( Talley

W. K.

, ed.), Informa, London, 2009, pp. 89–101.

29.

Bichou

Security and Risk-Based Models in Shipping and Ports: Review and Critical Analysis. OECD International Transport Forum Discussion Paper No. 2008/20. OECD Publishing, 2008.

30.

IMO. International Ship and Port Facility Security (ISPS) Code and SOLAS Amendments, Adopted on 12 December 2002. Electronic edition, Sales number E116E, International Maritime Organization, London, 2003.

31.

IMO. Guidance to Masters, Companies and Duly Authorized Officers on the Requirements Relating to the Submission of Security-Related Information Prior to the Entry of a Ship Into Port. MSC/Circ.1130. International Maritime Organization, 2004.

32.

IMO. Revised Guidance to Masters, Companies and Duly Authorized Officers on the Requirements Relating to the Submission of Security-Related Information Prior to the Entry of a Ship Into Port. MSC.1/Circ.1305. International Maritime Organization, 2009.

33.

Brooks

Pelot

Port Security: A Risk-Based Approach. In Maritime Safety, Security and Piracy ( Talley

, ed.), Informa, London, 2008, pp. 195–216.

34.

Parnell

Figueira

J. R.

Bennett

Bobylev

Del Pup

Ganoulis

Haruvy

, et al. Decision Analysis Tools for Safety, Security, and Sustainability of Ports and Harbors. In Managing Critical Infrastructure Risks NATO Security through Science Series C: Environmental Security ( Linkov

Wenning

R. J.

Kiker

G. A.

, eds.), Springer, Dordrecht, 2007, pp. 245–260.

35.

Lambert

J. H.

Risk-Cost-Benefit Analysis for Port Environmental Security Investments. In Managing Critical Infrastructure Risks ( Linkov

Wenning

R. J.

Kiker

G. A.

, eds.), Springer, Dordrecht, 2007, pp. 299–307.

36.

Skjong

Vanem

Endresen

Ø.

Risk Evaluation Criteria. Technical Report, Safedor -D-4.5.2-2007-10-24-DNV-RiskEvaluationCriteria-rev-3.0, 2007. http://www.safedor.org/resources/SAFEDOR-D-04.05.02-2005-10-21-DNVRiskEvaluationCriteria-rev-3.pdf.

37.

Protecting America’s Ports. US Maritime Transportation Security Act of 2002. Homeland Security, Washington, D.C., 2002.

38.

OECD. Security in Maritime Transport: Risk Factors and Economic Impact OECD – Maritime Transport Committee. Directorate for Science, Technology and Industry, Paris, 2003.

39.

UK Parliament. Regulatory Impact Assessments: 1st July to 31st December 2004. Presented to Parliament by the Minister for the Cabinet Office. London, 2005.

40.

Yang

Wang

Toward Robust Management of Maritime Risk and Security. In P. T-W. Lee and K. Cullinane (eds.), Dynamic Shipping and Port Development in the Globalized Economy. Palgrave Macmillan, London, 2016, pp. 122–149.

41.

Yang

Wang

Quantitative Analysis of Maritime Security Assessment in ISPS. European Safety and Reliability Association Conference 2009 (ESREL09), Prague, Czech Republic, 2009.

42.

Yang

Wang

Incorporating Quantitative Risk Analysis in Port Facility Security Assessment. International Association of Maritime Economics Conference 2011 (IAME2011), Santiago, Chile, 2011, pp. 26–28.

43.

Yang

Formal Security Assessment - New Approaches to Maritime Security Risk Quantiﬁcation. International Association of Maritime Economics Conference (IAME2014), Norfolk, VA, 2014, pp 15–18.

44.

Yang

Quantitative Maritime Security Assessment: A 2020 Vision. IMA Journal of Management Mathematics, Vol. 23, No. 4, 2016, pp. 453–470.

45.

Yang

Bonsall

Wang

Facilitating Uncertainty Treatment in the Risk Assessment of Container Supply Chains. Journal of Marine Engineering and Technology, Vol. 9, No. 2, 2010, pp 23–36.

46.

Orosz

Southwell

Barrett

Bakir

Chen

Maya

PortSec: Port Security Risk Management and Resource Allocation System. 12th IFAC Symposium on Transportation Systems, Redondo Beach, CA, September 2–4, 2009.

47.

Yang

Wang

A New Risk Quantification Approach in Port Facility Security Assessment. Transportation Research Part A: Policy and Practice, Vol. 59, 2014, pp 72–90.

48.

Yeo

G. T.

Pak

J. Y.

Yang

Analysis of Dynamic Effects on Seaports Adopting Port Security Policy. Transportation Research Part A Policy and Practice, Vol. 49, 2013, pp. 285–301.

49.

Patterson

S. A.

Apostolakis

G. E.

Identification of Critical Locations Across Multiple Infrastructures for Terrorist Actions. Reliability Engineering & System Safety, Vol. 92, No. 9, 2007, pp. 1183–1203.

50.

Pristrom

Yang

Wang

Yan

A Novel Flexible Model for Piracy and Robbery Assessment of Merchant Ship Operations. Reliability Engineering and System Safety, Vol. 155, 2016, pp. 196–211.

51.

Kristiansen

Maritime Transportation: Safety Management and Risk Analysis, 1st ed. Elsevier-Butterworth-Heinemann, London, 2004.

52.

ISO. Risk Management ISO 31000. International Organization for Standardization, Geneva, 2018. https://www.iso.org/files/live/sites/isoorg/files/store/en/PUB100426.pdf.

53.

ISO. Ships and Marine Technology — Maritime Port Facility Security Assessments and Security Plan Development ISO 20858, 2007. International Organization for Standardization. https://www.iso.org/standard/46051.html.

54.

Wolters Kluwer. Managing Cyber Security Risks using Bowties, 2003. https://www.wolterskluwer.com/en/expert-insights/managing-cyber-security-risks-using-bowties.

55.

ISO. Information Technology – Security Techniques – Information Security Risk Management ISO/IEC 27005. Technical Report, International Organization for Standardization, ICS : 35.030, 2011. http://www.iso.org/iso/cataloguedetail?csnumber=56742.

56.

Agrawal

A Framework for the Information Classiﬁcation in ISO 27005 Standard. Department of Information Security and Communication Technology, Norwegian University of Science and Technology, Gjøvik, Norway, 2017.

57.

Makrodimitris

Polemi

Douligeris

Security Risk Assessment Challenges in Port Information Technology Systems. Springer, Cham, Switzerland, 2014.

58.

Edgerton

A Practitioner’s Guide to Effective Maritime and Port Security. John Wiley & Sons, Inc., New Jersey,2013.

59.

Yang

Wang

Prioritizing Security Vulnerabilities in Ports. International Journal of Shipping and Transport Logistics. Vol. 5, 2013, pp. 622–636.

60.

DNV-GL. Cyber Security Resilience Management for Ships and Mobile Offshore Units in Operation. DNVGL-RP-0496, Sept. 2016. DNV-GL AS, 2016. https://www.gard.no/Content/21865536/DNVGL-RP-0496.pdf

61.

Saaty

T. L.

The Analytic Hierarchy Process: Planning, Priority Setting, Resources Allocation. McGraw-Hill, London, 1980.

62.

Schinas

Examining the Use and Application of Multi-Criteria Decision Making Techniques in Safety Assessment. International Symposium on Maritime Safety, Security and Environmental Protection. Athens, Greece, September 2007. https://www.researchgate.net/publication/261833664_Examining_the_use_and_application_of_Multi-Criteria_Decision_Making_Techniques_in_Safety_Assessment

Supplementary Material

Please find the following supplemental material available below.

For Open Access articles published under a Creative Commons License, all supplemental material carries the same license as the article it is associated with.

For non-Open Access articles published, all supplemental material carries a non-exclusive license, and permission requests for re-use of supplemental material or any part of supplemental material shall be sent directly to the copyright owner as specified in the copyright notice associated with the article.

0.00 MB

0.35 MB