Security and Safety for Autonomous Ships
This third article in a series on practical considerations for autonomous ships examines an important distinction between safety and security programs. The core difference is that a safety hazard does not have intent. It is often the product of physical conditions or flawed operational decisions. Security threats, on the other hand, act with intent. Security threats will have observed their targets, chosen their opportunities, planned their activities and will conduct them in such a way that they have the best opportunity to defeat controls and realize their goals.
Within the realm of safety management, the hazards are relatively known quantities and can be described in terms of probabilities and the engineering sciences. A deck crane that is designed to serve a specific purpose, used for that purpose, maintained in accordance with engineering specifications, operated by trained persons using acceptable practices and under acceptable conditions will most likely pose little problem for the safety manager.
Security threats do not share these characteristics. They may act unpredictably in ways that are very difficult to quantify. The threat may also observe the changes being made to a system and adapt its own plans to attack in response to those changes. In some cases, it may even decide to shift its focus onto another area. This challenge within the security industry is referred to as a shifting threat, and given the advances in computer coding, it should be looked at within both the physical and digital domains.
This also holds true for the nature of the threats. Safety hazards are largely tied to scientific or engineering-based principles—such as the failure of materials that have been allowed to corrode. Security threats, on the other hand, can learn and adopt new methodologies.
For the executive responsible for overseeing safety and security programs (particularly given propensity to merge these programs), understanding this difference will be crucial to success. Within the realm of safety, one might well use set practices, continuous improvement cycles and checklists to ensure that the job is being done right. Taking the same approach within the realm of security, however, will leave the organization significantly vulnerable and exposed.
The key within the security management function will be managing the program in line with the following principles (within the context of cost-benefit analyses):
- Robustness, resilience, and redundancy: steps are taken to manage foreseeable threats, and the organization is reasonably well-prepared to deal with the unexpected or the potential failure of one part of the system;
- A clearly defined and well-practiced decision-making process that allows the organization to observe, orient, decide and act in such a manner that its decisions can keep up with threats; and
- Managing the above in a cycle that ensures that it can detect gaps in its risk management as quickly as possible (such as through the PDCA-based model of risk assessment, control design, control implementation and monitoring).
The security challenges on the horizon will require that executives maintain a careful watch over their organizations to (1) make sure that the groups function as a team within the context of enterprise risk management, (2) ensure that the security management function does not devolve into checklists and set-piece defensive postures that are easily examined and exploited, and (3) that their organizations maintain an appropriate balance of internal and external resources that can deal with technical issues quickly.
The challenges are not insurmountable, but they will take more than cursory efforts and may involve adjustments within the various companies moving towards this kind of technology. That ability to work with unknowns in a fluid and evolving environment is simply part of the security industry.
This article is intended to promote thoughtful consideration of future risks. It is not intended to express anything that should be construed as a government policy or approach, nor is it an offer of legal advice.
Allan McDougall BA BMASc PCIP CMAS CISSP CPP PSP CMSP is the chief learning officer of the IAMSP and an executive vice president of Knowledge Advancement Solutions based in Ottawa, Canada. In addition to his military experience, he has served as a security advisor with Canada’s Coast Guard, Department of Fisheries and Oceans and Canada Border Services Agency. He was also previously a senior inspector with Transport Canada’s Marine Security Operations and has coauthored several works associated with infrastructure protection and emergency preparedness.
The opinions expressed herein are the author's and not necessarily those of The Maritime Executive.