The Australian Port Wide Risk Assessment Experience
advertisement
The Australian Port Wide Risk Assessment Experience 33rd APEC Transportation Working Group, MEG-SEC Slide two: Topics to be covered • Introduction • The typical Australian port • History of Australia’s port wide risk assessment (PWRA) process • What is a PWRA? • Advantages of the PWRA • Challenges and issues • Conclusion Slide three: Introduction • Most of us in this room represent member States of the International Maritime Organization (IMO). • The IMO’s International Ship and Port Facility Security Code (the ISPS Code) requires each Contracting Government to undertake a port facility security assessment of every port facility within its territory that serves ships engaged in international voyages. • The ISPS Code further requires each Contracting Government to periodically review and update those port facility security assessments and prepare a report upon the completion of each assessment. • These port facility security assessments must, at the least, identify: o important assets and infrastructure that it is important to protect; o possible threats to the assets and infrastructure and the likelihood of their occurrence; o countermeasures and procedural changes and their level of effectiveness in reducing vulnerability; and o weaknesses, including human factors, in the infrastructure, policies and procedures. • In meeting these obligations under the ISPS Code, Australia has begun implementing a system of Port-Wide Risk Assessments (PWRA) at some ports. Slide four: The typical Australian port • To understand how this translates into practical application in the Australian environment, it is necessary to note the unique nature of a typical Australian port. • Firstly, it is important to point out that Australia has three levels of government: local, State or Territory, and Commonwealth. Australia’s ports must comply with a mixture of government legislation from all three levels, and there is some overlap in the field of port security. o The key measure of the legal framework for Australia’s maritime security regime is the Maritime Transport and Offshore Facilities Security Act 2003 (MTOFSA). Under MTOFSA, maritime industry participants are required to undertake security risk assessments and develop and implement approved security plans which address identified risks. o However, a State government might define port boundaries in a different way to the boundaries of a security regulated port area under MTOFSA. This can lead to confusion when discussing ‘portwide’ and so any discussions must be put into the appropriate context. State governments also have their own terrorism, critical infrastructure and security legislation and it is important to understand how these impact on your operations and the PWRA. • Secondly, most Australian ports are neither purely private nor purely public entities. Rather, they are usually owned and operated by an independent port corporation whose sole shareholder is the relevant State or Territory government. • Thirdly, within the port there is an added layer of private enterprise, such as terminal operators or service providers. Sometimes, other Commonwealth agencies, such as the Department of Defence or the Australian Customs and Border Protection Service, will also own and/or use some of the land within Australian ports. • Sydney’s ports present a prime example of these issues: o Sydney’s ports are governed by both Commonwealth and New South Wales legislation, including over matters of security. o Sydney Harbour and Port Botany Bay are owned and operated by the Sydney Ports Corporation which is owned by the State of New South Wales. o Within Port Botany Bay, for example, a number of private terminal operators and service providers conduct their operations, such as the Patrick Stevedores. o There are also some government bodies that operate within Port Botany Bay, such as the Australian Customs and Border Protection Service. Therefore, you can see that a typical Australian port is by no means a homogenous body. It is a mixture of public, quasi-public and private enterprise and it must comply with three levels of regulation. As such, it is difficult to manage and legislate for a port as a single entity. Slide five: History of Australia’s Port-Wide Risk Assessment (PWRA) • It was in this context in 2007 that the Office of Transport Security (OTS) undertook a review of Australia’s maritime security regime. • Prior to the review, maritime industry participants undertook individual risk assessments, resulting in individual security plans being implemented which did not necessarily take into account the measures and plans proposed by other users of the same port. • A key recommendation of the review was to adopt a more integrated approach to security risk assessment within port communities. • The PWRA project was initiated to consider an integrated approach across ports and incorporate PWRA into normal security planning. It builds on and reinforces an approach which was already being advanced by a number of industry participants. • In designing the PWRA process, there was much consultation with the port industry, through forums and working groups as well as through a certain level of individual engagement. • One of the outcomes of this process was the production of a ‘Good Practice Guide’ to Port Wide Risk Assessments that is available to industry from my Department’s website. This paper gives industry participants assistance when undertaking a PWRA and provides advice where applicable on the process and outcomes of PWRA. • Importantly, it is not compulsory for a port community to undertake a PWRA. This decision was made as a result of the concerns as to how the associated costs of a PWRA could be distributed equitably. • Since the review, four ports have conducted a PWRA: Brisbane (completed July 2008), Melbourne (October 2008), Sydney (completed March 2009) and Newcastle (completed May 2009). • The port of Brisbane even won the Lloyd’s award for Innovation in Security in October 2008 for trialling the PWRA process for the first time. Slide 6: What is a PWRA? • A typical PWRA for a port covers the entire area that is governed by Commonwealth security regulations. It includes the regulated areas that the port operator directly controls and the areas under the control of port facility operators and port service providers. • The PWRA Good Practice Guide uses as its foundation, Australian/New Zealand Standard 4360:2004, Risk management, and Standards Australia HB167:2006, Security risk management. Broadly speaking, these standards use a process of risk management whose main elements are: o communicating and consulting; o establishing the context; o identifying risks; o analysing risks; o evaluating risks; o treating risks; and o monitoring and reviewing. • However, it recognises that the matters considered in the PWRA will vary from port to port as every environment is different. Slide Seven: • The entire PWRA process is managed by the port operator who is best placed to cover the broad range of risks, threats and vulnerabilities to the port. • The PWRA covers all operations, such as port facilities, common user berths, regulated areas of water between the land of the port and the open waters outside the port, and anchorages used for the loading and unloading of ships. • In addition, a PWRA may cover areas under control of the maritime industry participants within the port area, and the operation of the port service providers within the port. • Every port is different and so matters considered within the PWRA will vary from port to port. Slide eight: • If a PWRA is conducted, maritime industry participants must still develop their own maritime security plans and consider the PWRA when completing their individual security risk assessments. • A number of methodologies can be employed in order to conduct a PWRA. From Australia’s experience, the most effective have been individual interviews with maritime industry participants and external stakeholders, desk reviews, site visits and workshops with maritime industry participants. • Typically, a PWRA takes up to 3 months to complete. • Because of the scope of a PWRA, there must be a lot of consultation and collaboration with the port’s maritime industry participants, and other stakeholders, from the first preparatory stages through to the completion of the PWRA. Slide 9: Advantages of PWRA • This approach recognises that ports are generally communities of maritime industry participants with shared risks, threats and vulnerabilities. This approach is more integrated and will bring out the linkages between maritime industry participants operating in a shared port environment. • Ultimately, the PWRA provides an overall security risk profile for the port and for each maritime industry participant which would not have been otherwise available. • The PWRA process leads to a common understanding of security risks as it involves a process of sharing security plans, risk assessments and other information between the maritime industry participants, and with the technical experts engaged to undertake the PWRA. • This common understanding of security risks, in turn, leads to improved coordination of security risk mitigation measures, minimising the level of vulnerabilities at port boundaries. It also improves the communication between the maritime industry participants. • If adopted by all members of the port community, the PWRA also directly benefits maritime industry participants through cost and operational efficiencies (i.e. shared resources), business resilience and increased operational capability. • In Sydney, the PWRA even helped to identify a number of significant changes to the security regulated port over the previous five years. The port is comprised of a large number of stakeholders working to achieve common security outcomes that support their respective operations. It became apparent that many of the security measures identified in previous years were either complete or well on their way to being implemented. Slide Ten: Challenges and issues • One of the biggest challenges in instituting a PWRA is the reluctance of maritime industry participants to take part. Often, individual business entities want to identify and manage their own security risks. o This is because the identification of risks can sometimes lead to an increase in insurance costs. It is for this reason that consultation with maritime industry participants is vital in the preparatory stages of any PWRA. o Whilst this is certainly a challenge, Australia’s experience has shown that it can be overcome. In Brisbane, for instance, 25 maritime industry participants took part in the PWRA. • Another issue is that where there is shared risk, there is also diffused accountability because no single entity is responsible for a specific risk. It is for this reason that PWRAs work best in conjunction with individual risk assessments and security plans. • In Australia’s experience, perhaps the biggest challenge to the PWRA process is the unique nature of our ports that I discussed earlier. A port is not a homogenous body; it is a collection of different enterprises which have different risks, making a PWRA a high level document which provides a broader context of a port’s risk environment. This means that individual maritime industry participants must still complete individual risk assessments for their businesses. Conclusion • Ultimately, all this means that a PWRA certainly has a number of benefits to offer port communities, but it can be complex and difficult to implement. • This is not to say that we shouldn’t continue to promote the use of PWRAs. However, it does mean that a PWRA has not (and perhaps cannot) replaced individual risk assessments for maritime industry participants, mostly due to the accountability issues. • Nonetheless, a PWRA can complement the individual risk assessments by providing a high level understanding of common security threats, risks and vulnerabilities that would not otherwise have been developed. • Moreover, by providing this broader risk context, a PWRA can assist maritime industry participants in identifying risks in their individual assessments that they may not have otherwise noticed. Slide eleven: Questions
