Costa Concordia and two different safety cultures

I haven’t examined the details regarding the grounding of Costa Concordia, but it is obvious that the safety culture onboard wasn’t what it should be.

 

Reason (2000) defines safety as the “ability of individuals or organizations to deal with risks and hazards so as to avoid damage or losses yet still achieve their goals”. Reason also states that effective safety work needs experienced and educated participants that can navigate close to the limits of acceptable danger, without passing over the edge. Therefore safety is not only a function of technical measures in the design and construction of the ship. From Reason’s description, it is clear that many proactive measures are dependent on the knowledge of the crew and on the human factors onboard such as man-machine interfaces and watch systems.

According to Parker et al. (2006), a desirable safety culture does not just emerge; it is a result of many aspects. These aspects of safety culture can be summarized to define three basic areas of safety culture:

- Formal regulations and processes including, for example, methods for benchmarking, audit systems, and risk analysis.
- Competence and training including work quality and safety observations.
- Shared risk awareness

It is clear to me (and as it seems the people examining the grounding) that Costa Concordia lacked all three aspects mentioned above.

So onboard Costa Concordia safety was about fulfilling the necessary regulations with as little effort as possible (under the assumption that safety costs and that it is important to reduce the cost). Which is a common approach onboard ship’s today. Which is far from showing a shared risk awareness which only can be achieved were the crew continuously weighs the risk against possible gain for every alternative and make sure to take no unnecessary risks (under the sumption that safety is about taking smart choices).

If we instead look at the upcoming salvage it is a totally different ballgame. My experience of the salvage industry has shown me companies in a risky business that very effectively are weighing options and where safety is about taking smart choices. I expect that a salvage company without risk awareness will not survive long on the international arena. Salvaging is a dangerous activity and the feedback on the risk awareness is immediate.

I’ll would hope that more ship owners and operators tried to work for creating good safety cultures onboard their ships and not treating safety as a cost, but as an important competitive edge.

REASON, J., (2000) Safety paradoxes and safety culture, International journal of injury control and safety promotion, 7(1), pp. 3-14.
PARKER, D., LAWRIE M. AND HUDSON P., (2006) A framework for understanding the development of organisational safety culture, Safety Science, 44, pp. 551-562.

Finally free!

The 22 person crew from MV Iceberg 1 that was pirated on 29 March 2010 has been released. They had been hostages for two years and nine months and are now according to reports recovering from their ordeal and are receiving food and medical care. The ship is still under the pirate’s control.

In total 114 hostages are held as hostages by Somalia pirates. Out of the 114 hostages 38, from 4 different ships, has been hostages since 2010 or early 2011.

Better times off Somalia, but tougher for the decision maker!

Looking at statistics on piracy off Somalia and following incidents reports it is clear that we have had a substantial decrease in the number of attacks as well as pirated vessels. This is promising and thanks to more than one change.

The fact that much more ships has for the last on years enforced the measures described in The best management practice (BMP4) in combination with that naval forces actions has lead to that the pirates has to put much more effort in every pirated a ship. This has during 2012 not only led to decrease in succeeded attacks, but also a drastic reduction in the number of reported attempts. This is however not the end to the piracy off Somalia, but I think it is reasonable to hope for much lower numbers of incidents (compared to 2009-2011) for the years to come.

An important question is what this new level of piracy does to the measures used. I don’t believe that ship and cargo owners are willing to spend as much as they have done during the last years, some measures has to go eventually. These waters are not the only risky ones and money saved can be used for protection else were or used for filling holes in a very tough business. This raises a lot of questions for the future:

Who will take the first step and reduce the protection measures or anti piracy activity off Somalia?

When will this happen, for how long can we have a low level of attacks and high level of protection efforts? Probably for some more months, but not for a year.

Based on what analysis, only historical or also forecast based on the development in Somalia?

But also; what will happen when we will have a high profile ship pirated after the guard is let down? Will it be considered a big thing or just an improbable event happening once?

Understanding risk, probabilities, uncertainties and risk perception is central in getting this right and uncertainties and risk perception is of much greater importance than the expected average level of attacks. This is hard on the analyst, but maybe even harder on the decision maker!

China - a future maritme player!

The statement from Chinas president, Hu Jintao, that China seeks "to be a maritime power" is very much in line with my blog-post a couple of weeks ago about maritime security being a strategic asset of its own.

The fact that the international seas (together with internet, space and international airspace) are by the US classified as one of the four important Global commons central for the future of modern living is of course also noted by China. The global commons are at least as important to Chinas as to the US.

Chinas drive to strengthen their navy is not a new concept. But this most recent statement from President Hu Jintao, speaking before the Communist Party Congress, is as I understand it the first time an official at the top has spoken so clearly about a bigger sea presence.

I personally also think that the last years anti piracy activity in the Bay of Aden and on the Indian Ocean have showed the Chinese leadership that it is possible to play an important role on the high seas under the flag of peaceful intentions. This will give China access to information about sea transport and other activity at sea that can help them making better use of their industry and be an even stronger international force in the future.

Risk-based ship security analysis – an approach based on civilian and military methods

THESIS FOR THE DEGREE OF LICENTIATE OF ENGINEERING

HANS LIWÅNG
Department of Shipping and Marine Technology
Division of Marine Design

Abstract

The demands on maritime operations today are increasingly higher in terms of control, efficiency and cost. The margins for accidents and security incidents are therefore decreasing. In the area of ship safety the regulations, guidelines and methods have a history and culture of systematic research, development and implementation. In contrast, international security is highly politicized and therefore not as transparent. The result is that a tradition of ship security is not as well established.

The overall aim of this thesis is to propose a method for ship security analysis that increases the overall safety of the crew and the ship. The objective is to develop a method that is systematic in order to ensure that assessment and response are complete and effective, and that the process is documented to provide evidence of decision-making.

The method used is probabilistic risk assessment where quantitative analysis is central. The proposed approach is consistent with the requirements of maritime safety work. However, in the work here, the proposed methods are specifically tested for security cases. This is because hazards (without intent) and threats (with intent) evolve in different ways into risk. Therefore, they must be analysed differently in order to capture the causal relationship.

The proposed approach consists of three steps: the first step consists of a threat description that documents qualitative and quantitative aspects that together describe how the threat most likely will act in relation to the ship’s vulnerability; the second step uses the threat description to define the system studied as well as the scenarios that collectively describe the harmful consequences; the third step evaluates the risk with tools from probabilistic risk assessment.

The overall conclusion is that the proposed method brings the procedure and results of ship security analysis into the open and therefore allows for criticism, improvements and shared risk knowledge, not possible with less structured methods. The results also show that the calculated probabilities agree with available statistics, which indicates that the analysis succeeds in describing the central causal relationships of the scenarios modelled.

Reference data and full text (pdf) extensive summary.

The thesis was presented and discussed in public on November 15:th, 2012, at Chalmers, Gothenburg, Sweden. Docent Jakob Kuttenkeuler from The Royal Institute of Technology was invited as the official discussion leader. The seminar was held in English.

Maritime security is a strategic asset

It is no secret that international shipping is important to the “modern way of living”. Therefore is maritime security very important and big nations like USA and Kina are dependent on that no one else dictates the conditions for shipping on international waters. To be a part of, and have a saying in, the development of maritime security is therefore seen as strategic asset in itself.

But who rules the high seas?

I would say no one. Which for most is better than that the high seas is ruled by somebody else. The big nations want to dictate their own conditions for international shipping and not be limited by others. The piracy off the coast of Somalia has however shown that maritime security is fragile and can easily be challenged.

But, the Somali piracy has also given a possibility for several nations and coalitions (for example USA, Kina, Iran, India, EU and NATO) to show that they are a force to be reckoned with in the maritime security of the future. To be present on the Indian Ocean to protect ships against pirates is politically safe way of using your naval ships on the international arena. But at the same time you can get a lot of experience out of being there at same time as everybody else. The typical friend and enemy situation is not valid. You are therefore able to work alongside nations you usually don't perform exercises with and the nations that not often participate in international exercise have the most to gain from this...

I understand that it is expensive to sustain a long-lasting commitment in the Indian Ocean, but I am not surprised that so many nations are present, IT IS THE SAFE CHOISE!

Conflict between safety and security measures

There are several conflicts between safety and security measures, on different levels.

I would guess that the most common is the safety regulation versus security risk, were a safety regulation with good intentions is formulated in way so that it is too prescriptive (i.e. the intention is lost in technical details not always applicable) and makes procedures unnecessarily complex onboard. These complex procedures will then increase the security risk by making security measures hard to get in place at the right time and drowning security issues in administrative safety work.

Another one is the fact that safety hazards often are the same for the ship and the security threat. For example; making it easy and safe for the crew to embark also can enable the threat with easier access to the ship or sailing in good weather also makes it easier for the threat to come close.

In my research I come across a lot of these challenges between safety and security. They are seldom big problems and so far not a big problem by them self. Often the crew find ways to work around the problem and no changes are “needed” higher up in the organization. However, on a system level, these challenges between safety and security is a proof of that safety and security analysis is performed separate from each other and are therefore a symptoms of one of the big limitations with the security work performed today: it is not mature enough to meet the results of the safety analysis.

The only way to find the right mix is to do safety and security analysis in the same way…

Practice makes perfect: but what about security?

I’ve spent part of the weekend as boat stunt driver performing a live stunt/prank in front of a wedding party. The stunt involved high speeds, cold water, a big white gown and people (acting as the wedding couple) falling into water.  From the experience it is clear that you never get it perfect the first time, even if you are very prepared, and thought all it through, over and over again in your head.

So, of course professionals have to practice, over and over again. There are basic drills, but there is, of course, also a need for complex exercises as real as possible. I’ve some experience with military exercises and have seen how the stress in a well performed exercise can affect people’s performance, but also in a positive way what people get out of the exercise. Without the advanced exercise you are not prepared.

- So, you can create the stress, but is it enough when preparing for security threats?

Don’t you also need to create an exercise with not only stress, but also the terror you must feel under attack? You probably do, but can’t without deceiving people.

Probably you have to do with the stress, but also remember that even after many exercises you don’t really know how people will react…

Ships: perfect!

I like boats, ships, sailing and water. So beside cost effective transport boats also give me a lot of fun moments.

As a researcher I can also appreciate the fact that ships are a perfect research object, because ships to me:

-        are relatively well defined technical artifacts (not to simple, not to complex, not to big, not to small…),

-        operate in a interesting sub set of the world,

-        have a nice amount of crew onboard (many enough to be interesting and few enough to be understood),

-        are produced by a well defined industry (not to big, not to small…), and

-        come in many sizes and for many purposes.

These conditions together make research interesting, rewarding and possible. For much more complex systems a researcher can never deal with anything but a small part of the system.

However, ships and shipping is not a typical industry to study. The industry is inbred, slow, backward and governed by old truths. This is probably true for many areas of our society; the problem is that the backwardness and old truths are unique for each industry.

 

I’m therefore thankful that my interest made me chose this line of business, but I’m also challenged by the fact that I’ve to know the industry in order to make a difference. So even though ships are perfect, researching them is not for everybody. But I like it!

Speed in pirate waters, expensive but important protection

According to several sources ships slow down in pirate waters to save fuel and according to the Financial Times (May 2012) shipping companies are now relying on guards, rather than speed, for protection because a single day at lower speeds can save enough to pay the guards for the whole journey.

I’ve not seen this among the ship owners and operators I’ve talked to, but it is clear that high speed is a costly security measure.

If in fact the speed in the high risk area is lowered it will lead to an increased number of attacks and that the failed attacks will end much closer to the ships. Speed is a very good and non-violent measure. The speed itself drastically reduces the number of feasible ships to attack; calculations show that increases from 16 to 18 knots can half the probability of a successful approach. But a small increase in speed also lead to a relatively big increase in wave height in the ship’s wave system. This amplifies the effect of the increased speed and also makes it much harder to get close to and board the ship.

The speed reduction will therefore lead to:

-  pirates getting closer and that the number of shots exchanged will increase, but also
-  much more dangerous shots as the probability of an hit is increased with several hundred percent!

Lowering the speed will therefore introduce new risks which are hard to predict. Armed guards should not be the first measure, it should be the last!

Collision between USS Porter and bulk/oil tanker M/V Otowasan

Busy waters means that incidents happen and the Strait of Hormuz are busy waters in more than one sense. I’ve no more information about the reason for the collision than others, but the incident itself is yet more evidence that the reality for military ships has changed; the interaction with civilian ships (friendly and antagonistic) has introduced a full range of new risks.

At least in Europe as well as NATO there is a discussion about how much of the design principles and safety work for naval ships that can be based on civilian rules and codes. Evidence of this is for example the military class codes offered by several classification societies and the NATO Naval Ship Code that is “based on, and benchmarked against, conventions and resolutions of the International Maritime Organisation” (NATO Standardization Organisation, 2010). The reasons for this are several; one is that taking use of the experience in the civilian industry can reduce costs and another is that navy operations today are performed in waters extremely busy with civilian activity.

I’m however not sure that we know how to balance the different kinds of risks against navy ships. In the recent years we have for example the attack on USS Cole, the USS Poster collision and three years ago a collision between the USS Hartford, a nuclear-powered submarine, with the USS New Orleans, an amphibious ship also in the Strait of Hormuz.

Mentioned events above are all three very different types of risk. However, these kinds of events can influence the decisions taken about configurations and organizations on naval ships without enough knowledge on how likely the events actually are. For many it is enough evidence that they have happened ones! This is off course not the right way to handle the future. When it comes to such important things as weighing different alternatives for navy vessels we need to do a much more thorough analysis.

The tools for that kind of analysis are not included in the new rules and codes from NATO and classification societies. The analysis (and choice of tools) is therefore the responsibility of each nation and much more research is needed before we can do such an analysis with confidence.

A Swedish contribution to operation Atalanta for 2013



HSwMS Carlskrona. Photo: Anna Norén/Combat Camera

In the beginning of July the Swedish government decided to, in 2013, send the Royal Swedish Navy's HSwMS Carlskrona to the waters off Somalia to join Operation Atalanta for the second time.

The decision isn’t especially controversial and is an important contribution, especially considering the low number of ships included in the operation (at the moment 5 ships and 3 aircrafts). So every ship counts and really increases the area covered and ships supported by the operation. I also think (as many others) that many other good things come out from the experience of having European ships working together on task like this. Off course Sweden should be a part of this again!

From my perspective an interesting question is how operation Atalanta best supports the shipping through the region. The UN defined tasks off course: the protection of vessels of the WFP; the deterrence, prevention and repression of acts of piracy and armed robbery off the Somali coast; the protection of vulnerable shipping off the Somali coast; and the monitoring of fishing activities off the coast of Somalia. But doing this EU NAVFOR gets a lot of information about the pirates, some which is time critical and some that is more general. Is this information used and passed on as effectively as possible?

Photo: Swedish Armed Forces

Doing interviews with ship operators I can see that the information they get about piracy is important in their risk management and I think there is room for more information, especially if it is more than raw data on incidents. The incidents reports are only snap shots of the piracy activity. If EU NAVFOR could use their information (from land, sea and air) I'm sure they could present a much more comprehensive picture of the piracy activity which could help ship operators with route planning and deciding between different risk control options.

Ship operators also would like to have a more integrated cooperation with navy units in order to improve the exchange of experience in regards to ship security and pirate’s modus operand.

Do I need a reality check?

It is easy to sit here at my office and have comments on other persons risk taking and I really try not to judge peoples actions. I want to be constructive and help to improve safety and security work further. But off course also I wonder “what would I’ve done” or “how would I’ve reacted” when hearing stories from the real world outside my office.

After now spending a couple of weeks at sea with loved ones and captain of the boat (both sail and power boats) I now have some resent empirical actions and events to reflect upon. Doing this I can see that reviewing my own vacation risk management at sea meets many of the same challenges as I meet in my regular research such as:

-          What is/was the probability of the occurred events,

-          what is “inventible” and what is a result of my own actions and choices, and

-          I don’t really have good documentation on what actually happened.

But I can also recognize the tradeoffs I do between risks and rewards especially in my choices of anchoring places (as we do it in Sweden with the stem towards land and anchor at the stern).

The rewards is to get to beautiful places on small islands without other boats and people and the risk is the shallow waters with a lot of rocks below the water surface in combination with at times challenging wind and weather.

To the left chart over typical waters for secluded mooring and below to the right the rewarding tranquility that the efforts and risk can lead to.

In hindsight I see my preparations in the form of a daily risk analysis were I actually consider applied scenarios and possible consequences including probabilities and beforehand define suitable risk control options with contingency plans as well as things that are risk drivers that I should not do. So far it has been working!

And when analyzing the groundings I’ve seen this summer (by other boats) it is clear they all have common aspects:

-          The skipper is somewhat unfamiliar with the situation

-          Something small happens (incident A) that interfere with the intentions

-          The actions taken to fix incident A are ”effective” in regards to that incident but creates other bigger problems (the actions are risk drivers)

-          The skipper loses control over the situation

But luckily the consequences are small even though the event is embarrassing for the skipper and crew.

I can at least draw one conclusion: A big percentage (more than 50%) of the groundings I see every year (by vacation boaters) could be eliminated with a risk aware planning which only would take minutes.

If I had more time I would do a research paper on this!

Our mind tell us how to perceive the reality

We are really not made for grasping the concept of probabilities, especially not small probabilities (this is well documented). This is especially problematic when it comes to systematic security work were taking the right decision in relation to small probabilities is the key to effective measures.

In security analysis one has to identify the most important weak areas out of several, all with low probability. This we’re not meant to be doing and if done unaided we’re going to be making bad choices. Research show that we overestimate the probability of things happening close to us (even if it exist good proof that the probability is low, i.e. purchase earth quake insurance after the earth quake).

I fear that, in the case of maritime piracy, some of the information/rumors floating around in the industry actually makes things worse and makes the already hard security choices even harder. As this information is not giving people the full picture (not necessarily by purpose, rather describing the events close to one self) it will make people assuming wrong things about small probabilities.

But there seems also to be companies out there that make a business out of presenting events that fit in to their agenda. The other day I visited a blog by a North America based maritime security company which presented “piracy news”. From my perspective the “news” seemed a bit to selective and the blog will make it even harder for people to make the right decisions.

Risk: only a part of the truth

Many (both some people working with risk analysis and people trying to explain why they don’t) seem to have a hard time remembering that the assessment/calculation/analysis of risk most often doesn’t have that much value in itself; it is one part of a bigger understanding of a system (ship, enterprise, family vacation…). Therefore you can’t do a risk analysis without first considering the rest of the system and what you really want to analyze. After that you can define your system and decide what type consequences you measure.

Often the measured consequence is number of deaths, or people injured, and in reliability you focus on the system output. But use the aim of the analysis to decide the measured consequence, you don’t need to be limited by what others do.

So whatever you are interested in: resilience, safety, security, reliability, utility, effectiveness or efficiency the risk analysis should be used as one, out of several, perspectives used when analyzing your system and develop system specific knowledge to base your decisions on.

Law on armed guards on Swedish ships

The debate regarding piracy off the coast of Somalia (and ship security) in Sweden has for the last years been focusing on the possibility to have armed guards on board. Swedish ship owners association has the opinion that Swedish ships should have the possibility to use armed guards and that it should be regulated by Swedish law (at the moment it is unregulated). I don't mind their position, but I can maybe think that the debate has been somewhat single-minded.

As I understand it will now be regulated (and allowed) from Jan 2013. Which of course is better than the current situation, but it won't really change anything as guards already are used on Swedish ships and most often picked out with reasonable care.

I'm however more interested in were the ship security focus will be turned now when the big former question seems to be resolved. I can think that one important issue is to educate people about how lonely ships are on the seas and that the security is limited to the ships security, there is no one else, no police to call. Which also stresses the point that ship security is not only a question of terror threats using ships against ports, ie that ships are important of their own.

Hazards with incentives

On the topic of the difference between analyzing security and safety:

There could be a difference regarding the size of the probabilities were safety incidents in many cases have higher probabilities than security incidents. This is discussed by Kunreuther in an article on risk analysis in an uncertain world where he draws some conclusions from terrorist attacks in USA.

Kunreuther however doesn’t discuss the fact that the security threat has a mind, incentives, agenda and intent. In the article Freakonomics of Maritime Piracy J. Kraska uses Steven Levitt’s concept of freakonomics on piracy. They both argue that in many situations human conduct can be described by economic incentives which reveal “interesting findings about the risks people are willing to take, the rewards they seek, and the rationale they use in negotiating choices”.

From this I draw the conclusion that in order to analyze security risks we have to understand the threat’s incentives and from that describe the intent and modus operandi. And when the intent and modus operandi is given we have limited the scenarios, choices and valid probabilities considerably, at least if we are discussing the security of a specific thing such as a car, building, computer system. This because there has to be a link between our protected asset and the intent or it won’t be attacked. But…

…when analyzing the risk of terrorist attacks on society there is no specific asset in the intent, the intent is to cause terror. The specific assets involved are chosen out of convenience. This does off course not limit the scenarios, choices and probabilities and the number of alternatives to analyze is endless. But…

…this if you are to consider the probability of an terrorist attack on society, are you instead ONLY interested in limit a specific assets (car, plane, ship, material…) probability of being used in an terrorist attack, again there has to be a link between that asset and the intent.

Security or safety hazards, how do they differ?

There is alot of experience in dealing systematically with safety hazards, atleast much more than security hazards. So what is the difference then?

The biggest is that the security "hazard" as an agenda and the safety hazard doesn't even have a mind. But how does this affect risk assessment?...

I'll have to get back to you about that, this year or mabey next...

I'm not alone!

It turns out that Dstl in UK is barking up the same tree as me: the survivability risk assessment tree (they do it for military helicopters). Apparently for the same reasons (to find right security/survivability solutions for a specific platform), but refreshingly with some other tools and interesting ideas about the output.

At a classified workshop somewhere on Europe

The somewhat ridiculous post title aside:
These kinds of multi national workshops are proof of a very intense cooperation between European countries. Swedes are sometimes accused of being to USA focused which probably also goes for some other European countries. We need these kinds of cooperation in Europe, especially as so much of the academic cred is dictated by the guys on the other side of the Atlantic. This to make sure that we will have influential future.
P.S. But the balance between being intimate enough for fruitful cooperation and open enough for making sure to get enough critique is important and hard to get right, especially if you are dealing with defence or security.

Get out of the comfort zone

The research on piracy I’ve been involved with seems to be interesting for people outside my regular network. As a result I get invitations to all kinds of organizations to do presentations. Every event off course steals time and often is somewhat undefined in objective, suitable scope and so on … but seems to be rewarding in the long run.

At each event I get good constructive critique, some laughs, the possibility to see my own work with a new perspective, often a good cup of coffee and sometimes even a nice bowl of ice cream.

I’m generally content with my situation, colleagues and network, but in regards to my research I must say that dealing with a topic that get people’s attention is good for me and my research and gets me out of my comfort zone.

Do people really need to be so secret about security?

I’ve been working with classified stuff, luckily so long ago so I’ve forgotten everything of importance. But one thing I remember is that very much about security, survivability and threats is non-classified. But why then are people so secretive about security?

When visiting seminars and conferences I notice that people in a ridiculous way talks around security probably thinking they are very clever. Tell it like it is! That you are doing security analysis and why; it is most likely not classified so be open with that, but the results are probably classified so don’t discuss them.

Instead the public (and press) go and do a lot of assumptions about security assessment that really isn’t fruitful and make the society un educated in regards to security.

”A very opinionative guy”

The failure of risk management: Why it’s broken and how to fix it by D. W. Hubbard is an interesting book. The book discusses risk management in many different areas from economics to engineering and argues successfully (I think) that if you are going to do any kind of risk analysis; do it well and quantitatively. Hubbard also in a good way discusses the challenges with probabilities.

When discussing the book with a famous Operations Research professor the professor described the book with the words “He [Hubbard] is a very opinionative guy”. My interpretation of that now after I read the book is that Hubbard manages to cram very much about risk management in to the book and if you make sure to at least consider all the areas discussed you are very well set of if you need to defend your work.

P.S. Hubbard also argues that it actually is easier than you think to do a more extensive risk analysis (but you have to have the right knowledge) and it is therefore worth the extra effort.

Surprised

…when doing research, meeting people and discussing my work I sometimes get very surprised about the level of knowledge people show when discussing things they should know about…

When being a representative of a European ship owner: shouldn’t you then know there are pirates operating out of Somalia?

When being involved in European transports policy making: shouldn’t you then know that transport security in regards to shipping is in many cases the same as ship security (because there actually is no one else protecting the ship than the crew and the measures on board)?