Port Security Gets Smart

Security experts consider seaports to be prime targets for a terrorist attack. The direct consequences of a successful attack are likely to include a significant interruption in commerce, and economic shockwaves would undoubtedly ripple throughout the nation’s economy in the months and years to follow. Security at the nation’s ports, therefore, has been recognized as critical to maintaining local employment, the regional tax base and commerce infrastructure.
The challenge of protecting these vast facilities is complex, and the sheer volume of purported technology solutions supporting their mission is overwhelming. Security technologies, no matter how dynamic, cannot by themselves appropriately address complex operational, physical and domain awareness needs. Successfully meeting the complex port security challenge requires not only dedicated stakeholders and a keen awareness of every aspect of the port domain, but a well-developed and executed plan to leverage every available resource.
In southern California, the Port of Long Beach has created and executed a comprehensive technology program combining symbiotic partnerships among port stakeholders supported by best-of-breed companies and technologies. Review of the Port’s model approach and highlighting their successes can provide every critical infrastructure security team with valuable information applicable to their security issues no matter the scale.

The Complex Challenge
The second busiest port in the United States, The Port of Long Beach is situated on the equivalent of more than 2,400 football fields woven into the downtown district of one of California’s largest cities. In 2008, the Port’s 80 berths and 71 cranes facilitated the delivery of more than 87 million metric tons of cargo. Roughly 5,300 vessels carrying more than 7.3 million containers (nearly 20,000 per day) moved goods valued at more than $140 billion. These impressive throughput numbers are matched by the employment and tax contributions to the regional economy. The Port is responsible for one out of every eight jobs locally (30,000) and one in 22 jobs within the southern California region (316,000). Approximately 1.4 million jobs nationally are related to Port of Long Beach activity. Port-related trade generates about $4.9 billion per year in local, state and federal taxes.
Facilitating transit of the large volume of cargo requires easy access from land and sea. The open-use nature of the public harbor and necessary access to nearby attractions are unavoidable. Easy landside and waterside access via cruise terminals, ferries, boat launches, beaches, tourist hot spots and transportation corridors complicates the security challenge. The port essentially has no control over most of these realities and must incorporate them into its security program.
The potential impact of an undesired “worst-case” event on the surrounding community adds even more reliance on the success of the security program. Nearby tourist destinations draw 3 million people annually. On any given day, the population in the immediately adjacent downtown Long Beach area can exceed 1 million. Every day, more than 8 million people occupy the 25-mile zone surrounding the port. The population of the City of Los Angeles, by comparison, is more than 4 million. To underscore the importance of meeting the complex security challenge at the Port of Long Beach, potential financial losses associated with Port closure due to a terrorist attack are estimated at $1 billion per day.

Domain Awareness
The Port of Long Beach team knows that security does not exist in a vacuum, and a more thorough understanding of other aspects of the port’s business is essential to the acceptance and ultimate effectiveness of the security technology program. Port security personnel have spent a good deal of time working with operations stakeholders, neighbors and others to learn their day-to-day business and how the differences between some parts of their missions affect security and how similarities can be exploited wherever practical.
In large organizations like the Port of Long Beach, political considerations are always identified throughout security-related activities. By proactively addressing potentially sensitive political issues on a continuing basis, pitfalls to security projects can be avoided. One beneficial byproduct of this outreach is that by reaching out to others, business operations and the port community in general has a greater appreciation of the port’s security mission and is more supportive of security technologies.
Thorough understanding of the port’s neighbors and their goals helped it to uncover valuable, mutually beneficial partnering opportunities. In one example with the U.S. Navy, the port discovered that by participating in a small portion of one of the Navy’s ongoing projects, it was granted access to data from a number of other security devices in the surrounding area that added substantially to the port’s waterside security capabilities. Identifying and implementing this type of leveraging opportunity turned a small capital investment into significantly more valuable results.
The concept of domain awareness is the cornerstone of the port’s new $21 million dollar regional fusion center. This new center brings dozens of local, state and federal security gatekeepers together in one place. The ability to easily communicate between Coast Guard, Navy, Customs agents, Port of Los Angeles police, terminal operators and even railroads has resulted in heightened awareness among the port partners and a more effective port security community overall.

Security Technology
Well before plans to develop the port security command center were unveiled, companies had been pushing their security technology equipment or solutions in the hopes of using Long Beach as a product development platform or a marketing mechanism to gain more business within the maritime community. Using their experience, consultation within the industry and a formal deliberation process, more than a dozen core security technologies were identified and ultimately selected as essential to port security operations. These new security technologies included “above-water” systems, such as access control, video, intrusion detection and emergency notification; “on the water” systems, such as radar and vessel identification; and “below-water” systems, such as sonar and underwater mapping. It became clear to port officials that a good plan of action to maximize the effectiveness of each of these technologies and ensure that systems operate symbiotically was viewed as essential to the success of the security technology program.
Finite manpower and financial resources, coupled with the specialized nature of these systems, required an easy-to-use security management platform (SMP) to integrate and distill the data produced by these various systems. Knowing exactly what each system can really do vs. the promise of cut sheets was critical for port officials to understand before making any key decision. This need prompted a call to a trusted technology consulting partner to help sift through proposed solutions, narrow the field and rank which solutions best met the challenge.
Working closely with port stakeholders, a customized evaluation process was created to identify the port’s needs and facilitate the review, testing and ultimate selection of the SMP solution. The importance of this implementation dictated that this evaluation process involved drilling down well beyond the detailed manuals of the subsystems. Non-disclosure agreements were executed with the firms under consideration, and the capabilities of each platform’s application programming interface (API) were dissected to determine to what extent each solution met the port’s “off-the-shelf” integration goals.
The results of this work were surprising. While most products reported “full” integration with the port’s security systems, some companies left out critical functional elements (initiating video recording, among others) of their integration development. This meant that if the port selected a product with these hidden deficiencies, it could have been blindsided by this lack of functionality during implementation or testing. Ultimately, the port may have had to wait an undetermined amount of time until developers got around to updating their program or pay substantial additional costs to expedite this essential functionality.

Exception-Based Reporting
Modern security systems possess more sophisticated capabilities and intelligence than ever before. Manufacturers continue to push the envelope to develop intriguing software-based systems that can generate many streams of data under a myriad of programmable circumstances. The Port of Long Beach understood that having operators attempt to absorb, understand and respond to the volume of information generated by more than a dozen systems would be both an unreasonable task and an inefficient use of valuable resources.
Exception-based reporting, or “Actionable Intelligence” to some, involves comparing incoming data from various systems to established rules or “flags” that identify and present to operators only “pre-validated” security incidents. To make best use of this process, the criteria include both security exceptions and business rules. In one example, a certain activity might be normal in one part of the port but prohibited in others. In another part of the port, the same activity might be expected at certain times of day but might be cause for concern at others.
As each security system is integrated with other systems and brought online, the “normal” conditions were identified, validated and modified as needed during a ‘burn-in” period to ensure that only valid security incidents are presented to operators. A well-developed and executed exception-based reporting scheme can result in immediate measurable benefits in compliance, staff productivity, scheduling, improved documentation and faster incident resolution.
The path to success has required the sustained efforts of many within the port community — including collaboration with industry partners and a dedicated focus on the port’s strategic security vision. In the end, the Port of Long Beach has seen significant tangible benefits in successfully leveraging opportunities throughout the port community and taking full advantage of the industry best-of-breed security technologies. The port is pleased to regularly host tours for international and domestic port representatives to share their lessons learned and to help others achieve similar benefits.

James R. Black, CPP, PSP, CSC, CET, serves as senior security consultant for TRC Solutions out of its Irvine, Calif., office. Over the past 15 years, Mr. Black has assessed threats, engineered systems and facilitated compliance for many of the nation’s critical infrastructures. He can be reached at jblack@trcsolutions.com.