"PREVENTION, PREPAREDNESS AND CONSEQUENCE
MANAGEMENT OF TERRORISM AND OTHER SECURITYRELATED RISKS"
HOME/2012/CIPS/AG
Call identifier: CIPS/ISEC 2012
Project acronym: CYSM
Project full title: Collaborative Cyber/Physical Security Management System
Grant agreement no.:
D2.2 Report on Stakeholder requirements
Deliverable Id :
Deliverable Name :
Due date of deliverable :
Actual submission date :
Work Package :
Organisation name of lead
contractor for this
deliverable:
Author(s):
Partner(s) contributing :
D2.2
Report on stakeholder requirements
M5
M5
WP2
PPA
I. Papagiannopoulos, I. Koliousis
PVF, SiLo, UPRC, DITEN
Abstract
A report (from the desk research and analysis of questionnaires) presents the main
requirements of the CYSM Collaborative Approach to Maritime Security Management imposed
by the national and international standardization efforts, methodologies, best practices as well
as the existing legal and regulatory regime (described in D2.1). The report will also depict the
fundamental aspects of the proposed security management system and services.
 Copyright by CYSM
Name
Month Year
History
Version
1
Date
05-06-2013
Modification reason
Formulation of the Table of Content
Modified by
N.Polemi, Y.
Papagianopoulos,
S. Papastergiou
CYSM
Page 2 of 22
Name
Month Year
Table of contents
1.
INTRODUCTION (PPA) ............................................................................ 7
2.
PORT SECURITY AWARENESS (SILO) ..................................................... 8
3.
INTERNATIONAL SAFETY PORT REQUIREMENTS (VPF) .......................... 9
4.
INTERNATIONAL SECURITY PORT REQUIREMENTS (DITEN) ................ 13
5.
REQUIREMENTS FOR A TARGETED, HOLISTIC SECURITY MANAGEMENT
METHODOLOGY (DITEN) ............................................................................. 14
6.
SYSTEM SECURITY MANAGEMENT REQUIREMENTS (UPRC, SILO)......... 15
7.
ADDITIONAL NATIONAL REQUIREMENTS (VPF, PPA, SILO, DITEN) ..... 16
8.
7.1.
PIRAEUS PORT (PPA) ............................................................................ 16
7.2.
VALENCIA PORT (VPF) ........................................................................... 16
7.3.
PORT OF MYKONOS (SILO/PORT OF MYKONOS) .............................................. 18
7.4.
PORT OF GENOA CASE (DITEN- UNIGE) .................................................... 18
CONCLUSIONS (PPA) ............................................................................ 19
GLOSSARY ................................................................................................... 20
REFERENCES ............................................................................................... 21
A.
APPENDIX A ......................................................................................... 22
CYSM
Page 3 of 22
Name
Month Year
List of figures
Error! No table of figures entries found.
CYSM
Page 4 of 22
Name
Month Year
List of tables
Error! No table of figures entries found.
CYSM
Page 5 of 22
Name
Month Year
Executive summary (PPA)
CYSM
Page 6 of 22
Name
Month Year
1. Introduction (PPA)
[This section will introduce the main concepts of the Deliverable in a very high-level
description]
CYSM
Page 7 of 22
Name
Month Year
2. Port security awareness (SiLo)
[This section will analyze the outcomes of the questionnaire completed in D.2.1 by all
ports. In particular it will provide an overview of the security awareness of all topics
of the questionnaire.]
CYSM
Page 8 of 22
Name
Month Year
3. International Safety Port Requirements
[Overview of the requirements imposed by ISPS and E.U. legislation. In this section
we will derive from the ISPS all the safety requirements for all port physical assets
which will be used in the CYSM methodology. A table may also be formulated where
the first column will list all port physical assets which need to be protected (according
to the ISPS), and the second column of the table will include all measures need to be
taken by the ports for protecting the respectful assets. ]
Following the tragic events of 11th September 2001, the twenty-second session of
the Assembly of the International Maritime Organization (the Organization), in
November 2001, unanimously agreed to the development of new measures relating
to the security of ships and of port facilities for adoption by a Conference of
Contracting Governments to the International Convention for the Safety of Life at
Sea, 1974 (known as the Diplomatic Conference on Maritime Security) in December
2002.
The Diplomatic Conference on Maritime Security held in London in December 2002
made amendments (in Chapter V and Chapter XI-1) and adopted new provisions
(new Chapter XI-2) in the International Convention for the Safety of Life at Sea,
1974 (SOLAS Convention) and the International Code for the Security of Ships and of
Port Facilities to enhance maritime security. The abbreviated name of this Code, as
referred to in regulation XI-2/1 of SOLAS 1974 as amended, is the International Ship
and
Port
Facility Security (ISPS
Code).
These new
requirements form
the
international framework through which ships and port facilities can co-operate to
detect and deter acts which threaten security in the maritime transport sector.
The provision of Chapter XI-2 of SOLAS 74 and this Code apply to ships and to port
facilities. The extension of SOLAS 74 to cover port facilities was agreed on the basis
that SOLAS 74 offered the speediest means of ensuring the necessary security
measures entered into force and given effect quickly. However, it was further agreed
that the provisions relating to port facilities should relate solely to the ship/port
interface.
In 31 of March 2004 the EU approved the Regulation (EC) No 725/2004 of the
European Parliament and of the Council on enhancing ship and port facility security,
with the main objective to introduce and implement Community measures aimed at
enhancing the security of ships used in international trade and domestic shipping and
associated port facilities in the face of threats of intentional unlawful acts. This
Regulation is also intended to provide a basis for the harmonised interpretation and
CYSM
Page 9 of 22
Name
Month Year
implementation and Community monitoring of the special measures to enhance
maritime security adopted by the Diplomatic Conference of the IMO on 12 December
2002, which amended the 1974 SOLAS Convention and established the ISPS Code.
The Spanish Government gave its approval to this agreement and was implemented
from July 2004. The Port Authority of Valencia (PAV) like public body responsible for
managing the three state owned ports Valencia, Sagunto and Gandia, is in charge of
applying the Regulation 725 and the ISPS Code in his ports. There are 25 facilities
identified which need to be protected, and in all of them are established a Security
level 1. For security reasons, PAV don’t inform us about which are those facilities and
which measures need to be taken for protecting the respectful facilities. But
according the ISPS Code, the port facility security plan (PFSP) should establish the
control points where the following security measures may be applied:
1. restricted areas which should be bound by fencing or other barriers to a
standard which should be approved by the Contracting Government;
2. checking identity of all persons seeking entry to the port facility in
connection with a ship, including passengers, ships personnel and visitors and
confirming their reasons for doing so by checking, for example, joining
instructions, passenger tickets, boarding passes, work orders, etc;
3. checking vehicles used by those seeking entry to the port facility in
connection with a ship;
4. verification of the identity of port facility personnel and those employed
within the port facility and their vehicles;
5. restricting access to exclude those not employed by the port facility or
working within it, if they are unable to establish their identity;
6. undertaking searches of persons, personal effects, vehicles and their
contents; and
7. identification of any access points not in regular use which should be
permanently closed and locked.
Other important European requirement that apply PAV is the Directive 2005/65/EC Of
The European Parliament and of The Council of 26 October 2005 on enhancing port
security, with the main objective of introduce Community measures to enhance port
security in the face of threats of security incidents. This Directive shall also ensure
that security measures taken pursuant to Regulation (EC) No 725/2004 benefit from
enhanced port security. These measures shall consist of: common basis rules on port
CYSM
Page 10 of 22
Name
Month Year
security measures; an implementation mechanism for these rules; and appropriate
compliance monitoring mechanisms.
The Spanish government to comply with the Directive 2005/65/EC on enhancing port
security and Spanish Act 48/2003 on the Economic System and Service Supply in
Ports of General Interest, modified by Act 33/2010, created the Royal Decree
1617/2007, of 7th December, establishes measures to improve port and maritime
transport security. The PAV’s Operational Safety Unit (which the Port Police of the
three PAV ports belongs to) is responsible for complying with the functions attributed
to the Port Authority of Valencia as a port security authority, as stipulated in the
same regulation.
Regarding critical infrastructures protection the PAV comply the European Council
Directive 2008/114/EC of 8 December 2008 on the identification and designation of
European critical infrastructures and the assessment of the need to improve their
protection, that establishes a procedure for the identification and designation of
European Critical Infrastructures (ECIs), and a common approach to the assessment
of the need to improve the protection of such infrastructures in order to contribute to
the protection of people. This Council Directive 2008/114/EC has been adopted by
Spanish Government through the Act 8/2011, of 28th April, establishes measures to
protect critical infrastructures and the Royal Decree 704/2011, of 20th May, which
approves the Regulation on the protection of critical infrastructures.
Other requirements for the PAV are the IMDG Code, the ISO 28000:2007
Specification for security management systems for the supply chain that is a supply
chain security management standard, use it to protect the assets and to establish the
supply chain security management system. In 2011, as part of its continuous
improvement strategy to enhance all the activities that make up its management
system, the PAV implemented a security system based on the ISO 28000 standard.
This standard ensures that the organisation is committed to protecting its staff,
facilities, goods and the information it exchanges. This initiative underlines the
importance the PAV gives to the development of measures aimed at improving the
security of goods and of the staff that work in the ports it manages by including best
practice and existing tools in its day-to-day management so as to comply with the
most demanding standards.
There are several initiatives of US Administration to be considered and that has been
implemented by PAV to control goods in containers. They are Container Security
Initiative (CSI), 2002 and Radioactive Risk Detection System (MEGAPORTS), 2008.
The CSI is an initiative of US government to help increase security for maritime
CYSM
Page 11 of 22
Name
Month Year
containerized cargo shipped to the United States from around the world, mainly to
detect illegal transit of weapons or drugs. This initiative consists in the detection of
the illegal content in container by means X Ray. By other hand, MEGAPORTS (US’s
initiative too), systematically enhance detection capabilities for special nuclear and
other radioactive materials in containerized cargo transiting the global maritime
shipping network with radiation detection equipment and alarm communication
systems.
CYSM
Page 12 of 22
Name
4. International
Month Year
Security
Port
Requirements
(DITEN, UPRC)
[Overview of the requirements imposed by the Security management methodologies,
frameworks, tools and best practices as well as the relevant E.U. legislation. A table
may also be formulated where the first column will list all port cyber assets which
need to be protected and the second column of the table will include all measures
(according to the ISO27001,27002, 27005 and the CIIP) that need to be taken by
the ports for protecting the respectful assets. ]
CYSM
Page 13 of 22
Name
Month Year
5. Requirements for the CYSM targeted, holistic
security management methodology (UPRC,
DITEN)
[Summarize the constraints, open problems and barriers of the security management
methodologies reported in D.2.1. Set criteria, KPIs and requirements that will be
used in order to formulate and evaluate the CYSM risk assessment methodology.]
CYSM
Page 14 of 22
Name
6. CYSM
Month Year
Security
management
System
Requirements (SiLo, UPRC)
[Formulate the technical, technological and functional requirements of the CYSM
system and services]
CYSM
Page 15 of 22
Name
Month Year
7. Additional National requirements (VPF, PPA,
SiLo, Diten)
[This section will describe requirements arise from the needs, the particularities and
the nature of the involved ports as well as the national legal framework and best
practices]
7.1. Piraeus Port (PPA)
[Overview of the requirements arise from the needs, the particularities and the
nature of the Piraeus Port Authority as well as the Greek legislation and national best
practices and guidelines]
7.2. Valencia Port (VPF)
[Overview of the requirements arise from the needs, the particularities and the
nature of the Port of Valencia as well as the Spanish legislation and national best
practices and guidelines]
The Port Authority of Valencia (PAV) or Valenciaport, like all other Port Authorities,
reports to the Ministry of Development. Moreover, it is governed by Act 27/1992 of
24 November relating to State Ports and the Merchant Navy modified by Act 62/97 of
26 December and Act 48/2003 of November 26 concerning the Economic System and
Service Supply in Ports of General Interest which stipulate the role to be played by
the PAV in fulfilling the functions assigned to it. The main role regarding security is
guaranteeing the security of Valenciaport by making it a safe port.
Valenciaport places at the disposal of all its users the mechanisms to prevent and
resolve situations in which people, the environment or assets may be at risk within
its service areas.
- An Emergency Control Centre (CCE) that is responsible for maintaining
safety within the ports of Valencia, Sagunto and Gandia.
- An Internal Emergency Plan (PEI), which ensures the work and port stay of
our customers, users and visitors.
CYSM
Page 16 of 22
Name
Month Year
All these actions are carried out in strict compliance with current legislation
concerning both personnel and our port users. This legislation could be international
(see 3. International Safety Port Requirements), national or local. Below you can see
a collection of some the national or local basic legislation for safety in ports and
particularly referring to dangerous goods (the legislation adapted from European
legislation is mentioned in section 3. International Safety Port Requirements):
- Act 27/1992 on State Ports and the Merchant Navy modified by Act
62/1997.
- Act 48/2003 on the Economic System and Service Supply in Ports of General
Interest, modified by Act 33/2010
- Act 2/1985 on Civil Protection
- Royal Decree (R.D.) 145/1989 “National Regulations for the Admission,
Handling and Storage of Dangerous Goods in ports”.
- R.D. 210/2004 which sets out a tracking and information system on
maritime traffic.
- R.D.- ACT 9/2002, of 13 December, whereby measures were adopted for
tanker vessels transporting dangerous or contaminating goods
- Ruling for servicing and policing service areas in ports included in the area of
action of the Autonomous Port of Valencia (published in the Official Bulletin n2
26 of 31-86)
- R.D. 253/2004 establishing measures to prevent and fight pollution in
shipping, discharging and handling operations of hydrocarbon products in
maritime and port areas.
- R.D. 1381/2002 on port facilities receiving garbage generated by vessels
and cargo wastes.
- R.D. 1254/1999, of 16th July, by adopting measures to control the risks
inherent in major accidents involving dangerous substances.
- R.D. 393/2007, of 23th March, approving the Self-protection Basic Norm of
centers, institutions and agencies engaged in activities that may lead to
emergency situations.
Also, Valenciaport participate in several R&D and innovative projects to improve
permanently the security in his ports. Some of these project are: SEDUCE (explosive
quick detection); Development of reliable face recognition systems; Development of
CYSM
Page 17 of 22
Name
Month Year
vessel identification systems and remote risk assessments; INPOSS (communications
systems in hostile environments); CONTAIN (safety container contents through the
seal testing, during transport of the container), etc.
7.3. Port of Mykonos (SiLo/Port of Mykonos)
[Overview of the requirements arise from the needs, the particularities and the
nature of the Port of Mykonos as well as the Greek legislation and national best
practices and guidelines]
7.4. Port of Genoa Case (DITEN- UNIGE)
[Overview of the requirements arise from the needs, the particularities and the
nature of the Port of Genoa as well as the Italian legislation and national best
practices and guidelines]
CYSM
Page 18 of 22
Name
Month Year
8. Conclusions (PPA)
[This section will draw conclusions]
CYSM
Page 19 of 22
Name
Month Year
Glossary
CYSM
Term
Definition
Table Cell 1
Table Cell 2
Table Cell 4
Table Cell 5
Table Cell 7
Table Cell 8
Page 20 of 22
Name
Month Year
References
[1]
References are marked using a numbered list style referred to as References.
[2]
Additional references.
[3]
CYSM
Page 21 of 22
Name
Month Year
A. Appendix A
[The ports may provide additional information if needed]
CYSM
Page 22 of 22