Awareness on the Waterfront
Print Issue: August 2013
THE PORT OF HOUSTON is one of the busiest ports in the world. It ranks first in the United States for foreign waterborne tonnage and second in U.S. import tonnage. In addition, millions of visitors pass through the port annually. The port also contains the world’s second largest petrochemical complex, which poses its own unique set of challenges and regulatory measures that must be dealt with.
Following is a look at how the port has integrated security into all of its operations and how it uses a physical security information management (PSIM) system to integrate its various security technologies into a common viewing platform for enhanced situational awareness and response.
Understanding the way the port is managed is an important consideration when it comes to security. The Port of Houston Authority (PHA) is a state-owned entity that operates eight major terminals along the 52-mile Houston Ship Channel. Governed by a seven-member elected commission, the PHA is responsible for helping to maintain a secure, economically prosperous environment for the Port of Houston and the 150-plus businesses operating within it.
The PHA facilitates many crucial operations involving the waterways in and around the Port of Houston, including dredging—the deepening of the channel so that ships can pass through—and overseeing the Houston pilots, who are maritime experts charged with guiding ships in and out of the port.
Marcus Woodring is the PHA’s managing director of health, safety, security and environment. He represents PHA on three major committees responsible for security at the Port of Houston. First is the Houston Ship Channel Security District, a managing body created by the Texas state legislature in 2007 to govern security initiatives in the ship channel region. The ship channel security district is an umbrella organization for security. It is the body through which everyone within the port can get together to discuss issues.
Second is the Lone Star Harbor Safety Committee, which is led by local industry; it deals primarily with safety issues. Third is the Area Maritime Security Committee, which is led by the U.S. Coast Guard—the federal body for law enforcement and security at the port.
“You can see that the safety, the security, and the stewardship of the environment all have collaborative groups that get together,” explains Woodring. He points out that some ports that are small have one overarching security office, but Houston is relatively large, and the port has a 25-mile-long complex. As a result, “Houston is very collaborative—and it is so big that that’s the only way to do it,” he says. “It’s a great group of people. When a crisis hits, they all pull together.”
Woodring says that “in a crisis, there are representatives from each section of industry.” That may include personnel from shippers, container ships, chemical ships, oil tankers, the port authority, the refineries, the tug boats, and the Houston pilots.
“Everybody gets on a conference call,” Woodring says. They discuss the current status of the different terminals, as well as which ships get priority to move first once the incident has ended. While large ships like oil tankers are often given priority, sometimes an unexpected vessel needs precedence, making the coordination effort important, he explains.
“It doesn’t matter if it’s an oil spill, if it’s fog, if it’s a terrorist act, if it’s a hurricane… this team will activate,” says Woodring.
Woodring has firsthand experience with crises at the Port of Houston. “I was here during Hurricane Ike,” he notes. At the time, he was with the Coast Guard, where he served as captain of the port (until two years ago, when he retired from that position). “So from that side, I saw everybody pull together: safety, security, and stewardship, and we used those three committees to respond to that crisis,” he explains.
Woodring says that his current role with the PHA still allows him to contribute to the port’s overall well being. “Some days I’m wearing my Port of Houston Authority hat, where I’m just concerned with my eight terminals,” he says, “and on other days I have to spin my hat around and be worried about the greater good.”
Security Process Integration In March 2008, the PHA became the first port authority in the world to achieve the ISO 28000, the international standard certification for supply chain security management. In 2011, the PHA was recertified through 2014.
Patricia Ramsey is a senior administrative security program manager at PHA. She and her team report to Woodring, as do the PHA police chief, fire chief, safety director, facility security officers, and the environmental director. “We have a well-integrated team between the above-mentioned positions and their staffs,” she notes.
Ramsey says that PHA sought to answer a single question by obtaining the ISO certification: “How could we vertically integrate security into all our processes most efficiently so that security wasn’t something just off by itself but was totally integrated so that we maintained compliance with all the security regulations?” PHA “felt the best way to do that would be through an ISO certification that gave us a structure and a standard,” she says.
“The scope of our certification is perimeter security, so that includes fence lines, rail gates, guard posts, all entry points into the terminals,” explains Ramsey. She adds that “there are many processes that come under the standard as well, such as emergency response, purchasing, training, documentation, communications, [and] senior management review.”
The PHA Port Police, as well as two of the eight terminals—the Bayport and Barbours Cut terminals—were originally certified to the standard after three years of developing the system and applying its criteria and procedures. Later, the Manchester terminal was added, and Ramsey says they’re currently working on getting a fourth terminal, Turning Basin, certified. But Ramsey notes that all of the terminals work under the ISO standard’s procedures and guidelines even though not all of them have formally been certified yet. “We’re always working toward improvements based on our policy, [which] is to maximize port security while expediting the flow of commerce,” she says.
Obtaining the certification required an organized, documented approach, as well as the involvement of a core team, with representatives from different sectors of the port authority. “We’re lucky in that our structure is already set up so that we have engineers that are on the security team; we have IT people that are on the security team; we have access to our environmental management representative; we have an attorney who’s assigned to security matters,” Ramsey explains. “We have a core team that always works on security together, so we used that advisory group” for the standard.
The PHA’s security management team is working on several projects to hold itself to the standard. For example, they recently implemented a new visitor management solution, which is composed of an electronic gate list system for registering visitors to the port. “We previously had another system that was not as effective, so we took all of the hopes and wishes and problems that we had with the previous system and rolled them into a new system that we had built for us,” Ramsey says.
“We created a system that’s for the port environment. Because [when] we have a ship come in, it’s here for three or four days, a lot of people need to come in and off the ship; we need to streamline their access,” Ramsey notes.
Overall, Ramsey says, the standard provides “a real structure for continual improvement.” She adds, “It’s made us much more efficient [because it is now] much easier to quantify requirements for improvement. It’s much easier to track almost anything we want to track, whether it’s if we’ve had security breaches or false IDs,” for example.
Ramsey says maintaining the certification is an ongoing process that requires constant reevaluation and assessment.
As a part of the ongoing process, they also conduct three internal audits per year, as well as one audit carried out by an external group. “The internal audit process ensures that not only are we meeting the standard but also that our documented procedures and processes are being followed and that we are achieving continual improvement,” says Ramsey.
The various bodies at the port each have their own monitoring centers where they can view sensory information coming in from various points around the port. For example, the Houston Ship Channel, which is part of the Port of Houston, is protected with many different types of physical security systems—including access control, surveillance cameras, radar, sonar, a vessel tracking system, GIS mapping software, and intrusion alarms— which come from various vendors. The Harris County Sheriff’s Office command center, referred to as the SMAG (Sherriff’s Monitoring and Analysis Group), monitors security for the Ship Channel. It needed a way to bring all the data from these various systems together for monitoring and analysis. It turned to a physical security information management (PSIM) system that integrates disparate tools into one common viewing platform. The other bodies at the port—such as the Coast Guard, the Port Authority, the SMAG, as well as Houston Transtar, which is a partnership of the Texas Department of Transportation, Harris County, The Metropolitan Transit Authority of Harris County, and the City of Houston—can see everything the PSIM is monitoring, which helps with situational awareness.
John Chaney, a mobility architect at the Harris County Information Technology Center, which supports the Houston Ship Channel Security District, was involved in the process. He explains that the SMAG implemented a NICE Systems PSIM product called Situator. Chaney says the use of that technology has allowed them to gain better situational awareness and integrate existing disparate technologies into one, easy-to-manage interface.
“Before that, we really didn’t have anything that would bring those different disparate information sources together,” he says. “We just looked at Situator and NICE’s products as something that would give us a good foundation to not only coordinate better but then better refine our processes for long-term.”
Another NICE product, called NICE Inform, gives the SMAG the ability to go back and review the way an incident was handled. “Say a scenario happens at the port, and there’s radio involved, there’s phone involved, and information sharing and different things like that that Situator would handle,” Chaney explains. “Inform lets us come back and play the scenario after the event and then better reform our processes…. It integrates all those different sources, and you can bring it into one common viewing platform,” says Chaney. “You can take in the different stovepipes and integrate that information.”
That integration leads to more meaningful intelligence and, ultimately, better incident investigations as well as improved real-time detection and response. For example, Chaney says the Situator integration recently led to the SMAG being able to arrest four men who broke into a warehouse at the port.
In addition to better situational awareness, the PSIM system also displays the port’s standard operating procedures for each particular type of incident when it occurs so that operators can maintain protocol even during a stressful situation when they might not be able to recall the proper procedures from memory.
“Integration is usually the best mechanism of having better situational awareness,” says Dr. Bob Banerjee, senior director of Training and Development at NICE Systems, developer of the PSIM solution the port implemented. He explains that PSIM addresses three crucial areas when it comes to reacting to a situation: awareness, management, and reconstruction.
Banerjee notes that that reconstruction is crucial for security in a port environment. “[Situational reconstruction] is exactly what ports want, and that’s what people who are interested in continuous improvement want,” he says. “Because if you can analyze a complete incident, then you can see better where you went wrong, you can change your standard operating procedures, and then do a dry run of that new operating procedure, and see if the outcome is better. Did we detect it faster? Did we resolve it faster? Did it escalate less because of our improved operating procedure?”
“PSIM is about detecting things earlier, managing situations faster, and then learning from your mistakes. And that’s exactly what ports are doing all the time now,” he says. “You do have multiple command centers, and it becomes very challenging for those command centers to share information.” This helps.
Another project Chaney is working on is helping to deploy the Long Term Evolution (LTE) public safety broadband network, which was designed for public-safety communications. Harris County is one of only three counties in the United States to carry out the broadband deployment, according to Chaney.
The center was awarded funding for the project by the Port Security Grant Program, and got a waiver from the Federal Communications Commission (FCC). It plans to deploy smart devices to first responders in the field for more efficient situation management using Situator. “To be able to supply video and situational awareness and better coordination capabilities to public-safety people was a huge benefit for us for the build out of this network,” says Chaney. “Long-range, we see that as a great opportunity.”
Chaney sees PSIM solutions as a great way to maintain security at the port. “Our goal and concept there is to provide as much situational awareness [as possible] to public-safety first-responders in any kind of event,” he says. “The whole concept is the better you can do that, the safer your cities will be.”