Cover -- Title Page -- Copyright Page -- Contents -- Introduction -- Foreword -- PART ONE The International Maritime Operating Environment -- CHAPTER 1 Unique Characteristics of Ports and International Shipping -- Introduction -- The Multinational Nature of Shipping and Business Drivers in Port Operations -- Flag States -- Vessel Registries -- Types of Vessel Registries -- Implications for Security -- Third Country Owners -- Implications for Security -- Multinational Crews -- Implications for Security -- Port States -- Regulatory Requirements -- International Treaties and Codes -- Oversight Mechanisms -- Ship-Port Relationships -- The Supply Chain -- Just-in-Time Delivery -- The Components of a Maritime Supply Chain -- Regulatory Issues -- Intermodal Links -- CHAPTER 2 The Criticality of Ports: Why and How They Matter -- Introduction -- Geopolitical Considerations -- Trade Routes -- Trade Chokepoints -- Sea Lines of Communication -- Ports -- Ports as Targets -- Ports as Conduits -- Cargo Theft -- Smuggling -- Ports as Borders -- Intermodal Connections -- PART TWO Threats to Ports and the Maritime Domain -- CHAPTER 3 Threats -- Introduction -- Threats by States -- State Actors -- Conventional Military Attacks Against Ports -- Conventional Attacks Against Supply Chains -- Asymmetric Attacks -- State Proxies -- Proxy Tactics -- Nonstate Actors -- Terrorism -- Criminal Activity -- Piracy -- Terrorism, State Actors, and Criminal Nexus -- PART THREE Current Approaches to Maritime and Port Security -- CHAPTER 4 Approaches to Security Policy Development -- Introduction -- Political Considerations -- Commercial Interests -- Costs of Implementation -- Increased Government Oversight -- Potential Delays -- Domestic Political Constituencies -- Container Screening -- Port Security Grants -- Measuring the Effectiveness of Security Measures -- Deterrence.

Punishment -- Denial -- Consequence Management -- Measurement of Activity vs. Effectiveness -- Measurement of Activity -- Resources Expended -- Measurement of Criminal Activity -- How to Measure Effectiveness -- Why Don't We Do This Already? -- The Maritime Context of Assessing Deterrence -- Lack of a Risk Approach -- What is Risk? -- Dynamic Risk -- Pure Risk -- Fundamental Risk -- Particular Risk -- Components of Security Risk -- Threat -- Vulnerability -- Consequence -- Risk Management -- The Weaknesses of Current Risk Management Approaches -- Lack of Understanding of Security Risk Components -- Lack of a Process to Determine Risk Tolerances -- Tendency Towards Risk Aversion or Avoidance -- Focus on Risk Mitigation (Reduction) instead of Risk Treatment -- Lack of Recognition of Critical Nodes in the Maritime Domain -- Overquantifying Security Risk -- Tendency to Use the Rubric of All-hazard Risk -- A Propensity to Minimize the Element of Threat in Performing Security Risk Assessments -- CHAPTER 5 A Critique of Current Maritime Security Measures and Approaches -- Introduction -- Regulations and Their Limits -- The ISPS Code -- Supply Chain Security -- International Organization for Standardization -- Lack of Recovery Planning for Key Maritime Supply Chain Components -- A Disjointed International Regulatory Environment -- Overreliance on Technology -- Maritime Domain Awareness (MDA) -- The Fallacy of 100 Percent Container Screening -- The "Magic" of Closed Circuit TV (CCTV) -- Failure to "Fire for Effect" -- The Staten Island Barge Explosion -- Minimizing the Importance of Understanding Threat -- Hurricane Katrina-the Wrong Lesson Learned -- Assessing Threat is Hard -- Why Understanding Threat Matters -- Bomb in a Box? -- Deconstructing the Threat -- Biological and Chemical Agents -- Radiological Material -- The Nuclear Grail -- The Risk Conundrum.

The Consequences of not Understanding the Threat -- Hitting the Bystander -- AI Qaeda's View of Saddam's Iraq and Vice Versa -- The Threat That Wasn't -- The Fallout -- The Lack of a True Risk-Based Approach -- Insufficient Focus on System Integrity -- Transparency -- Corruption -- Implications for the Maritime Domain -- The Impact of Corruption -- Lack of Incentives for the Private Sector -- PART FOUR Principles for Effective Maritime and Port Security -- CHAPTER 6 Security as an Enabler -- Introduction -- Why is it Important for Security to be an Enabler? -- Security as a Value-Add -- A Culture of Security -- Changing Security's Image -- Security a Key Organizational Component -- Resilience -- Why Resilience? -- Risks of Ignoring Resiliency -- Additional Risks -- The Benefits of a Resilience Approach -- Resilience and Maritime Security -- Resilience Guidance -- Integrating Security into Resilience -- The Elements of Resilience -- The Medical Comparison -- Enabling Resilience -- CHAPTER 7 Standards and Regulations -- Introduction -- Review of the ISPS Code -- The ISPS Code -- ISPS Code 2.0 -- Use ISO 28000 as the Foundation for a new ISPS Code -- Considerations -- Acceptance Issues -- Implementation Issues -- Other Implementation Considerations -- Notional Contents and Structure of a New Code -- The New Code -- CHAPTER 8 Assessing and Managing Risk -- Introduction -- ISO 31000 -- Risk Terminology -- Risk -- Risk Management -- Risk Assessment -- Risk Analysis -- Risk Appetite or Tolerance -- Other Definitions -- Threat -- Hazards -- Vulnerability -- Likelihood -- Consequence -- Core Components of Risk -- Establishing the Risk Management Context -- Identify Risks -- Analyze Risks -- Evaluate Risks -- Treat Risks -- Making the Business Case for Risk Treatment -- What is a Business Case? -- Composition of the Business Case.

The Business Case and Risk Treatment -- Monitor and Review -- Communicate and Consult -- Maritime Considerations -- CHAPTER 9 Measuring Effectiveness -- Introduction -- Measure Effectiveness, Not Security Activity -- Measurement of Activity -- Resources Expended -- Measurement of Criminal Activity -- Uniform Crime Reporting System -- CompStat -- The Black Swan Effect -- Measuring Effectiveness -- A Hybrid Solution -- Ask the Enemy -- Crunch the Numbers -- Deterrence as the Primary Measure -- Deterrence -- Ensuring Integrity and Countering Corruption -- Foster Continuous Improvement -- CHAPTER 10 Conclusion -- APPENDICES -- APPENDIX A Conducting Security Risk Assessments -- Introduction -- Risk Assessment Steps -- Establish the Risk Management Context -- Identify Risks -- Analyze Risks -- Evaluate Risks -- Conducting Risk Assessments -- Assessment Team Composition -- All Assessors -- Lead Assessor -- Assessment Team Members -- Facility Risk Assessment Process -- Facility Risk Assessment Preparation -- Written Notification to Facility Operators -- Planning Assessment Activity -- Facility Risk Assessment Administration and Logistics -- Facility Risk Assessment Activity -- Document Reviews -- Formal and Informal Interviews -- Observations -- Assessment Opening and Closing Meetings -- Opening Meeting -- Closing Meeting -- Facility Assessment Reporting -- Assessing Vulnerability -- Assessing Consequence -- Developing a Risk Rating -- APPENDIX B Conducting Threat Assessments -- Introduction -- Consistency with ISO 31000 -- Threat Identification -- Identify the Range of Potential Threat Actors -- Identify an Extensive List of Threat Actor Characteristics -- Identify Sources of Threat-Related Information -- Analyze and Organize Threat-Related Information -- Threat Evaluation -- Threat Actors and Scenarios -- Develop The Design Basis Threat.

APPENDIX C Tips for Assessing Risk Appetite -- Introduction -- Defining Risk Appetite -- Risk Appetite and ISO 31000 -- Assessing Risk Appetite -- Helping a Client Determine Risk Appetite -- Pairwise Exercise -- Risk Appetite and Risk Treatment -- Index.