Page 1

Greater Houston

S ep te mb e r


Po r t B u r e a u

Cybersecurity Cybersecurity Basics: Why is it important, and is your company prepared?

Options vs Alternatives A Case Study in Language and Strategic Optionality

Spotlight On: Capt. Tim Downs General Manager, Shipping & Maritime Americas Shell

ATHOS I What a Circuit Court of Appeals decision may mean for terminal owner/operators


Captain’s Corner


So how do we win as a port community? We win by keeping commerce flowing; we show terrorists that they Working on this newsletter I’ve been thinking about cannot destroy our ability to supply the global economy. We show them that we are resilient, that we can withhow I dovetail port security with the topic that everyone stand their attacks and that we can rapidly recover from really wants to talk about—FOOTBALL. The easy way is through the popular football phrase “Defense Wins Cham- disruptions. Everyone wants a good defense— it wins champipionships.” With the Texans defensive coach Wade Philonships. But don’t you want a comeback quarterback, lips, and Pro Bowl players such as JJ Watt, Brian Cushing, such as Joe Montana, John Elway, and Brett Favre on your Johnathan Joseph, and Ed Reed, surely championships team too? I do. These guys were resilient—mentally are close. tough. Even if they were down three touchdowns at the In the maritime arena we tend to think of layered half, you didn’t turn the TV off, because you knew they security as our defense, and that we can prevent terrornever gave up—they played to win no matter how dire ists from scoring on us with guards, gates, and guns. In the situation. a similar way, every football team thinks its linesmen, Hello again football fans, as the Texans gear up for another season it’s time for my annual football column.

linebackers, and safeties are impregnable. But then we watch 49’ers wide receiver Lavelle Hawkins tip a pass, run into Chargers safety Jahleel Addae, spin out, bounce his way through the defense and take it to the house for a 45 yard touchdown, we realize layered security/defense sometime fails us.

As a port we need to develop our comeback quarterback mentality. Yes we need continue to build layers of great defense to prevent terrorist from scoring on us; however, the real measure of our team will be taken by our resilience to pull ourselves out of a tragedy, whether it is an attack or a hurricane. How do we build this mental toughness of Montana, Elway, and Favre? We do it by studying the game, practicing, and building teamwork.

So we send out Pro Bowl players Matt Schaub, Arian Foster, Andre Johnson, and Shane Lechler to inflict points In this newsletter we highlight our defensive team on the other team. However, in the port security game, as a port, we don’t get to take it to the terrorists—that is left that the Houston Ship Channel Security District is putting on the field through their funding: the Harris County Sherto our military and intelligence communities. 2|

September 2013

iff’s Office Marine Unit, Sheriff and Houston Police Department air support, and the augmentation of landside patrols by Baytown, Port of Houston Authority, Galena Park, and Houston Police Departments. What may not be apparent is the work that the Security District is doing to bolster our comeback quarterback toughness. Studying the game—the Security District is reviewing the game film from the 2007 ABS Port-Wide Risk Management study and the 2012 Chertoff study, and working with the security coaches of Witt O’Brien’s to develop a new Port Wide Strategic Risk Management/ Mitigation and Trade Resiliency/ Resumption Plan. We want to make sure our game plan shores up our weaknesses and highlights our stars. Practice—if you stink in practice you’ll stink in the game, so the Security District is going to support more two-a-days. In the morning practice the District is going to get more involved in regional security exercises and planning by supporting programs such as MASTT and SECUREX. In the afternoon they want to come back and provide more port wide Facility Security Officers (FSO) training to build teamwork among the FSOs and to lessen the training burden on individual companies. Building Teamwork—the Security District wants to help emphasize teamwork. The coach of our Area Maritime Security Committee team is Captain Brian Penoyer, the Coast Guard Sector Commander. In a recent meeting with CAPT Penoyer and HSCSD Chairman Robin Riley, the

two discussed steps to increase interagency coordination and better orchestrate Security District assets for Coach Penoyer. I’ll close with one more football clique: “Champions are made in the summer.” They are made by studying the game, practicing, and building teamwork before they ever take the field. Our ship channel is complex with many interdependent systems, extremely vulnerable to threats from both natural hazards and terrorism. Our ability to defend it is solid; let’s ensure our ability to rally like a great comeback quarterback is equally as solid. As with the start of any season we are extremely optimistic as our team takes the field. Go Texans.

BARGING AHEAD ever so politely.


Buffalo Marine Service, Inc.

Greater Houston Port Bureau | 3

August 2013 Commerce Club Featuring

Congressman Ted Poe Texas 2nd District


September 2013

Page Left: Top-Left: Tom Marian, Buffalo Marine Service, and Bernt Netland, Intercontinental Terminals; TopMiddle: CAPT Brian Penoyer, USCG Sector Houston-Galveston, and JJ Plunkett, Houston Pilots Association; UpperLeft: James Nash, Port Freeport, and Robert Sakowitz, Hazak Corporation; Upper-Middle: Ricky Raven, Chipolbrok, and Harmut Stuhldreier, Safmarine MPV; Upper-Right: Mike Sullivan, Harris County Treasurer, and Commissioner Dean Corgey, Port of Houston Authority; Lower-Left: Congressman Ted Poe speaks to the Commerce Club; LowerMiddle: Dennis Hansell, Suderman and Young Towing, and Chuck King, Buffalo Marine; Lower-Right: Jürgen Schröder, Schröder Marine Services, and Congressman Poe. Page Right: Upper-Left: Rex King, Mike King, and Joe Byers, Palletized Trucking; Upper-Right: LCDR Aaron Demo, USCG Sector Houston-Galveston, Dave Clark, Targa Resources, and CAPT Mike Baroody, USCG Sector HoustonGalveston; Lower-Left: Pat Studdert, Buffalo Marine Service, Congressman Poe, and Tom Marian; Lower-Right: Patrick Seeba, GHPB, Congressman Poe, and Bill Diehl, GHPB Greater Houston Port Bureau | 5

A “SINE” OF THE TIME - 2013’s TRENDING TREND Port Watch - Tom Marian, Buffalo Marine Service What happened? Was it back-to-school inventory madness? Anticipatory consumption frenzy associated with record highs on Wall Street? Or simply July repeating the even-month trend that 2013 has exhibited thus far? Whatever the reason, the total number of vessel arrivals in Texas ports for the month of July was the highest for the year. Only Brownsville registered a month-to-month decline but even with a 27% decrease the “border port” has already seen 23% more vessels this year. What is interesting to note for the year is the “transportation sine wave.” That is, every month of decline has been followed by a month of incline. In fact, each successive increase was greater than the preceding peak. July’s vessel arrival swing produced three double-digit gainers: Freeport, Texas City and Galveston. Galveston’s public wharves were on a tear and helped set the pace for the best month of the year with a 45% monthly jump – a huge gain that pulled the port from an annualized vessel arrival gain of less than 1% in June to 3.5% in July. Texas City’s monthly rise of 18% was not enough to pull the port into positive territory for the year – it is still off by nearly 8% - but the bulk of the increase was attributable to a steady export of chemicals. Freeport also had a record number of vessel arrivals for the year which was reflected in over 15% more ships for the month. Thus far, Freeport has seen 5% more arrivals in 2013 as compared to 2012. The remainder of the Texas ports tallied healthy single-digit monthly increases. Sabine which now has the distinction of being the “white hot” port of the year bested its best month by nearly 7% and is now nearly 26% above last year’s year-to-date arrival figures. Corpus Christi also had a record month with a 8.3% monthly positive swing which kept it in third place amongst the Texas ports in terms of year-to-date percentage increases (i.e., 18.6%). The Port of Houston vessel arrival yield for the month was up 8.5%. Yet, while this nudged the year-to-date results dial a tad to the right, Houston is

still down by 2.7% for the year. Interestingly, when one focuses on the various categories of vessels that call upon Houston, there have already been 236 fewer tankers as compared to 2012. That is nearly double the total arrival deficit for the port of Houston. In other words, if tankers were merely flat for the year, Houston would be up over 2% in terms of total arrivals! How is it that Houston is holding its own given that the category that typically comprises a quarter of its vessel arrivals is down by over 13%? Ironically, it is due to what is refined from the cargo holds of those tankers. Both chemical tankers and LPG carriers are exporting tens of thousands of tons of refined products at a record pace. Hence, chemical tankers are up over 6.6% as compared to last year’s banner performance fueled by a 11.5% monthly gain. LPG movements rose 25% from June to July and are currently 21% above last year’s pace. On the dry cargo side of the ledger, bulk carriers nearly matched LPG’s monthly tally with a 22% surge. Container vessels did not fare as well as LPG but a 12% gain ensured there was an abundance of activity across the docks. Unfortunately, this category in terms of vessel numbers is still off 6% against last year. General cargo remains flat for the year but rose over 7% from June to July. Car carriers are still actively calling upon the port but there were tw fewer arrivals over the month and 10% fewer vessels for the year. Ocean-going barges remain flat for the year but there was a bit of a monthly rebound with three Providing marine services to more units calling upon the port. All in all, maritime transportation enjoyed a very productive month. More importantly, it appears that the sinusoidal momentum genuinely reflects sustained regional prosperity. Prosperity associated with: the harvest of domestic barrels that flows unabated into the local refineries; cargoes of distillates being transported to foreign markets; infrastructure expansions - particularly on the storage tank and pipeline front - bringing more construction and service jobs to the state; an exodus of new workers who need a place to live; the drastic reduction of apartment vacancies; and the rise of new houses across vacant fields. Sounds like the markings of a “real” economy! - T. Marian, Buffalo Marine Service

vessels along the Gulf Coast for over 20 years. We own and operate USCG approved liquid vacuum trucks, a 10,000 bbl Tank barge for marine pollution (Marpol) waste, a 10,000 bbl tank barge for carrying industrial wastewater, a 10,500 bbl tank barge for carrying clean chemicals and a 1800 horsepower Tug for removal and transportation of various material.

Intergulf can accept the following materials • • • • • • • • • • •

MARPOL Annex I and II Wastes Category X Tank Washings Engine Room Sludge Tank Washings / Cargo Washings Hazardous Products using preapproved disposal facilities Used Oil Oily Bilge Water / Oily Ballast Water De-Bunkering Off-Specification Products and Fuels Gray and Black Water Hazardous and Non-Hazardous Waste

“Cost and Convenience Are Not Considerations When Addressing Safety”

(281) 474-4210 •

The 84th Annual Maritime Dinner On August 18, 2013, the Greater Houston Port Bureau’s 84 Annual Maritime Dinner brought nearly 600 executives and professionals from across the marine industry together to honor Harris County Judge Ed Emmett, the 2013 Maritime Person of the Year. Over the course of the evening, attendees enjoyed a silent auction, wine pull, networking with colleagues and customers, and gourmet dinner before hearing remarks from Ambassador Chase Untermeyer, former DOT commissioner and PHA Chairman Ned Holmes, and current PHA Chairman Janiece Longoria. th


September 2013

Greater Houston Port Bureau | 9

General Manager, Shipping & Maritime Americas - Shell

Capt. Tim Downs

eral UK shipping companies, but he accepted Shell’s offer. “It took me about four and a half years to complete my academic studies and gain sufficient sea time to take my first Certificate of Competency.” Tim spent a total of 20 years at sea onboard a variety of vessels ranging from 18,000 to 310,000 dwt, carrying a variety of cargoes; crude, products, chemicals, vegetable oils, LNG, LPG, coal, and iron ore - across the globe. “I obtained my Master’s License in 1984, stood by two new-builds in Copenhagen in the late ‘80s, and between 1989-1991, I was a Fleet Safety Instructor (FSI) in the Shell Fleet.” As an FSI, Tim visited ships in the Shell managed fleet carrying out Health/Safety/Envi“You never forget your first ship, do you? I met her in Sin- ronmental audits and conducting crew training, tailored to gapore as a Deck Cadet in November 1974, SS Hemisinus, an match the needs of the individual vessel. 18,000 DWT product tanker with mid-ships accommodation In 1993, Captain Downs took his first command – MS Sirbuilt in 1957. The Hemisinus had traded in the east for many atus, a three-year old 96,000 DWT product tanker trading beyears, loading in Singapore for many and varied ports – my first tween the Middle East, Singapore and the East Coast of Ausdischarge port was Bangkok! We also discharged jet fuel in Viettralia. “But actually, before that, I was also the Officer in Charge nam – Da Nang and Nha Trang, as the war was still being fought of a floating storage unit (FSU) off the coast of Gabon in West Afin 1974. Discharges in Vietnam were very protracted because rica. The FSU was a converted tanker which stored oil produced we were required to disconnect and had to steam off port limits from a small offshore platform, and discharged into an offtake every night – as discharge was only permitted during daylight tanker once sufficient cargo was on board”. hours – even so, we experienced an air attack on the port during our discharge in Da Nang. During discharge we also had several Coming ashore in 1994, Captain Downs was appointed Vietnamese marines on board for added security. One of their Head of Fleet Safety – responsible for the HSE management roles was to periodically ‘lob’ percussion grenades into the sea, of the Shell Fleet and coordinating the cadre of Fleet Safety to dissuade any Viet Kong divers with the mission of attaching Inspectors who ensured that the 65-70 ships of the Shell fleet limpet mines to the vessel (which was not uncommon). We had were audited and inspected. “My next role was focused mainly six officer’s wives on board at the time, all of whom were more on the regulatory aspects of shipping rather than fleet operathan a little interested in this grenade activity! One of the Ma- tions. I was involved with the Oil Companies International Marines on duty offered to let one of the wives throw one of the gre- rine Forum (OCIMF), and represented them on Working Groups nades into the sea – he took out the pin, handed to the wife, who at IMO, particularly during the early days of the Ballast Water promptly dropped it on the deck ! I’ve never seen anyone move Management issue – which is still very much a live issue!” quite so quickly - he dove to the ground, caught it, and threw it Tim accepted an assignment to Singapore in 2001, into the sea all in a single motion - the grenade couldn’t have where he spent nearly five years as a Senior Marine Advisor been more than two feet underwater when it exploded – I was no for Shell and was heavily involved in the development of the more than 10 feet away! Later in the trip, Hemisinus sailed from Ship Quality Assurance (SQA) Team in Singapore. Every vesTokyo Bay on Christmas Morning of 1974 with a glorious view sel in which Shell has a commercial interest, be it a charter or of Mount Fuji and headed for Anchorage...but we never made merely visiting a Shell terminal to load a 3rd party cargo – is it. We became icebound - about 100 miles from Anchorage. Forrequired to be positively vetted. “Not seen, not used “ is a key tunately the Captain managed to break free without damage element of the Shell vetting philosophy. The SQA Team uses to the ship and we discharged the cargo intended for Anchorevery available source of real time information when assessage in Seattle. From Seattle we made our way via the Panama ing vessels, to ensure the Company is never associated with Canal into the Caribbean. Curacao was then our load port for a a substandard vessel. “Each and every time a vessel is proposed few months, discharging in New York, Puerto Rico, and Venezufor Shell business, it is positively vetted, so we may clear a vesela, until we crossed the Atlantic to Rotterdam. We then headed sel for a voyage from Houston to New York today, but before arinto the Mediterranean – I left the ship in Athens – 6 months after rival in New York the same vessel is proposed for a subsequent joining - quite a first trip!” Born in Singapore during his father’s assignment to the Far East, whilst serving in the British Army, Captain Tim Downs has spent a career in the shipping industry. “My formative years were actually spent in Wigan – a town in northwest England, not far from Manchester – it’s famous for meat pies and the best Rugby League team in the world!” After talking to an older friend about his time at sea, he decided it was a career path he wanted to follow. Tim received job offers from sev10 | September 2013

Every single ship with a Shell interest - cargo or terminal - has to be positively vetted

voyage from New York to Rotterdam. The same vetting process will be completed again, as new information may be available about the vessel during her visit to Houston – a USCG visit report for example.” With almost 40,000 clearances completed by the Global Teams located in Houston, London and Singapore per annum, SQA out of necessity is a 24/7 operation. “In addition we have a Barge Vetting team here in Houston, who assure all am glad to say that none of our vessels has been attacked. Neverdomestic barge movements in which Shell has an interest, an ad- theless, 2008-2011 were very stressful years for all those involved in shipping security. The frequency of pirate attacks has reduced ditional 12,000 clearances per annum.” significantly over the last 18 months but our vigilance is still at a “We were in Singapore for four and a half years and really very high level.” enjoyed it, but the family and I were ready to return to the UK” Tim In 2011, Captain Downs came to Texas as Shell’s Regional explains. “Whilst it was an easy place to live, with every conveMarine Manager “I had oversight over the operational shipping nience and service readily at hand, we found it vaguely claustrorisk in the US. Since the beginning of this year, that oversight has phobic, with every available space utilized – many expats tended been expanded to cover the Americas ‘pole to pole’. We have a to regularly take a few days out of Singapore to find space!” network of Marine Technical Advisors (MTAs) based in various In 2005, Captain Downs and his family moved back to locations around the Americas, from the Seattle area and LA to the UK, where he spent two years as Team Lead, Ship Quality Buenos Aries, Rio, Barbados, the Gulf, and the US East Coast, all Assurance, and oversaw the day to day activities of the Global the way up through Montréal and Calgary. The MTAs manage SQA team. “The role was interesting in that every day required a the shipping risk in their areas and also assist in the response number of vetting decisions which were not ‘black or white’ and to any emergencies which have a maritime element. Hurricane needed experience, knowledge and occasionally courage to re- Sandy in 2012 and the devastation it caused in the New York area solve.” Measures taken by the SQA team included putting con- is a good example.” trols in place to reduce risk exposure to an acceptable level, In February 2013, Captain Downs was promoted to Genand a key role of the Team Lead was to identify those mitigants eral Manager, Shipping/Maritime Americas, and with overand ensure they were implemented before a vessel was finally sight over the Shell Shipping and Maritime Americas Projects cleared. Team, Maritime Operations, Domestic Chartering, and Vessel In 2007, Tim returned to Fleet Management to wear a Quality Assurance. “I’m not sure how much longer I’ll be in Housthree cornered hat – Designated Person Ashore (DPA) Emer- ton, but I absolutely love it here. Given the choice of working in gency Response Manager and Company Security Officer. DPA either London, Singapore or Houston – Houston wins every time!” is a position mandated by the International Safety ManageTim is married, and has, with his wife Helen, three chilment (ISM) Code to provide a link between vessels within the Fleet and the highest level of Shore Leadership – in case of dren: Jack, 20, in his final year at Nottingham University (UK), problems on board the vessel not addressed via the normal Tom, 18, who’ll be starting at Loughborough University (UK) in channels, i.e., the vessel’s superintendent, the vessels are en- September, and daughter Ellie,16, in school outside London. couraged to contact the DPA, who is then obliged to bring the “And as far as sports go - there’s only one team, Wigan Rugby issue to the attention of the senior leader. As Emergency Re- League - who won the Challenge Cup, the 117 year old, knock out sponse Manager, Tim led the Shipping Emergency Response competition - on August 24. My boys also support Wigan AthTeam in London. This team not only responded to any emer- letic football club, who won the FA Cup last season but also found gency occurring in the Shell managed fleet but also within themselves relegated from the Premier League. Before moving to the Shell Time and Voyage Charter fleet. On any given day the Texas, I was a Milton Keynes Dons season total number of internationally traded vessels on the water, ticket holder , a team in the third tier of managed or chartered by Shell is in the order of 400 units, English football. Milton Keynes, my any of which may become involved in an incident requiring home in the UK, is a small city 50 a response. The final element of the role was Company Secu- miles north of London. I’m a big rity Officer. “During the latter part of my time in the role, a sig- believer in supporting your local nificant portion of my time was dedicated to preventing security team, so I’m getting into the Astros, incidents because of the developing piracy situation in the Gulf of Texans and the Dynamo, although Aden and the Arabian Sea,” Tim explains. “Ensuring the safety of basketball is not quite my cup of tea our seafarers was absolutely paramount – we introduced a num- (sorry Rockets!).” Out of the office, Tim ber of security procedures, and installed equipment on board our gets to the gym when he is able, plays a managed vessels to give our seafarers the very best protection. I little golf and is a keen cyclist. “I ride 40+ miles most weekends, completed the 180 mile Bike Round the Bay last October, and my first MS150 Houston to Austin ride this year – the finish in Austin was truly awesome - thousands of people at the finish, I couldn’t believe it. One of those moments you’ll remember the rest of your life!” Greater Houston Port Bureau | 11

“The decision is unprecedented and ignores both legal precedent and the realities of industry custom and practice, as well as the role and responsibilities of the Army Corps and the Coast Guard for the Federal Project waters of the river. “


Decision has Far Reaching Consequences for Terminal Owner/Operators Frank P. DeGiulio - Palmer Biezup & Henderson, LLP George R. Zacharkow - Mattioni, Ltd. In May, 2013, the United States Third Circuit Court of Appeals issued a decision which will have significant legal and financial consequences for the maritime industry and particularly those who are in involved with the ownership and operation of marine terminals. The case arose out of the oil spill from the tanker ATHOS I in the Delaware River on November 26, 2004. The spill resulted when the tanker, loaded with a full cargo of crude oil, struck an uncharted and abandoned anchor while navigating through Federal Anchorage No. 9 (Mantua Creek Anchorage) in the Delaware River en route to the CITGO Asphalt Refining Company (“CARCO”) terminal at Paulsboro, NJ. The contact punctured the hull and caused the second largest oil spill from a tanker in U.S. history. The tanker was more than three footballs fields away from CARCO’s berth at the time, and it is undisputed that the entire incident occurred within the Federal Anchorage. The Federal Anchorage, as well as the deep-draft dredged channels from the mouth of the Delaware Bay to Philadelphia and beyond, are part of the Delaware River Federal Project.* The dredged channels and anchorages of the Federal Project were created by the Army Corps of Engineers pursuant to specific laws enacted by the U.S. Congress, and the Army Corps has the responsibility to conduct hydrographic surveys and maintenance dredging of all Federal Project waters. The geographic boundaries of the Federal Project waters, including the Federal Anchorage, are specifically defined in the Code of Federal Regulations, and the locations of those boundaries are clearly indicated on all official navigational charts. The ATHOS I never entered CARCO’s berth area, which was beyond the designated limits of the anchorage. The culprit anchor was a stockless design commonly used by the U.S. Navy. There was no chain attached and the shank had been cut off, eliminating all manufacturer’s marks and serial numbers. The party who was responsible for depositing the anchor in the Federal Anchorage has never been identified, although there are indications that the anchor had been used as a weight to facilitate dredging operations. The only parties authorized to dredge in the Federal Anchorage are the Army Corps and its selected dredging contractors.

12 |

Evidence discovered at a local university after the spill indicated that the anchor was present on the bottom for at least three years prior to the incident and possibly longer. It was undisputed that neither CARCO nor the Army Corps of Engineers or the Coast Guard knew of the existence of the abandoned anchor prior to the incident. Annual hydrographic surveys *Analogous to the Houston Ship Channel Federal Project September 2013

by the Army Corps, including a survey just six months before the incident, failed to detect the anchor. During the three years before the incident, hundreds of vessels with drafts as deep or deeper than the ATHOS I used the anchorage or called at the CARCO terminal, all without incident. As required by the Oil Pollution Act of 1990, the owner of the ATHOS I engaged contractors to clean up the oil pollution and incurred substantial costs, some of which were reimbursed by the federal government. The vessel owner and the United States sued CARCO as the owner and operator of the Paulsboro marine terminal where the ship was bound on the voyage in question, to attempt to recover damages and pollution cleanup costs. The case was tried in 2010 in the U.S. District Court at Philadelphia and resulted in a decision exonerating CARCO from all liability to the vessel owner or the government.

The Trial Court’s 2010 Decision At the trial the vessel owners argued that the Federal Anchorage constituted part of the “approach” to the terminal for which CARCO was responsible based on the theory that a vessel necessarily had to navigate through those federal waters in order to reach the terminal. The vessel owner argued that CARCO therefore had a legal responsibility to survey the Federal Anchorage to ensure that no hazards to navigation were located in those Federal waters. In response, CARCO argued: (a) no U.S. court has ever held that a private terminal owner/operator has any legal responsibility for federal waters; (b) that the Federal Anchorage was a public waterway open for use by all vessels of any type for various purposes

Greater Houston Port Bureau | 13

and that a finding that a private terminal owner has legal liability for the safety of those waters would potentially expose the terminal to liability to all users; (c) that USACE, NOAA and USCG are statutorily charged with the responsibility to survey, dredge, chart and issue operating regulations for the Federal Anchorage; (d) that the vessel owner’s argument that the anchorage became part of the “approach” simply because the vessel had to navigate through it created an impossible standard of liability since the same could be said for all waters through which the vessel navigated on its voyage up the Delaware River. Following a lengthy trial the U.S. District Court rejected all of the claims against CARCO, finding that it had no liability to either the vessel owner or to the government. In rejecting the vessel owner’s argument that the Federal Anchorage was the “approach” to the CARCO terminal the court astutely and correctly arrived at the following conclusion: “But the definition of “approach” that [the vessel owner] urges the Court to adopt is unreasonably expansive. Although the docking pilot was aboard the ATHOS I, the ship was in an area of the Anchorage open for the passage of all ships, not an area used exclusively, or even primarily, by vessels docking at the Paulsboro refinery. From 2000 to 2004, a total of 673 vessels anchored in the Anchorage (including repeat visits from the same vessel), and in 2004 alone, 121 different cargo vessels anchored in the Anchorage…In 2004, 42 vessels docked at CARCO’s terminal (including repeat visits from the same vessel)…Although not all of these ships would have passed through the area that [the vessel owner] contends CARCO should have scanned, the volume of traffic illustrates that CARCO had no control over the use of the Anchorage. To accept [the vessel owner’s] argument would have the effect of potentially expanding the definition of “approach” to the entire Anchorage or to the entire Delaware River. A more reasonable definition of “approach” is the area “immediately adjacent” to the berth or within “immediate access” to the berth.”…Under these definitions, the Anchorage was not within the approach to CARCO’s berth, and CARCO did not have the legal obligation to survey there.”

The Court of Appeals’ Decision The vessel owner and the government appealed the District Court’s decision to the Third Circuit Court of Appeals. CARCO opposed the appeal, and various terminal owners and operators on the river

14 |

September 2013

Greater Houston Port Bureau | 15

and throughout the country, as well as interested terminal and port associations, also filed a brief urging the Court of Appeals to affirm the District Court’s decision. In its May, 2013, decision, the Court of Appeals overruled the District Court and held that the tanker’s selected path through the Federal Anchorage was the “approach” to the terminal. Although the Court recognized that CARCO neither controlled nor maintained the Anchorage and that the Anchorage is available for use by any vessel regardless of its intended destination, the Court nevertheless held that CARCO had a legal responsibility for the “safety” of the Anchorage. The decision is unprecedented and ignores both legal precedent and the realities of industry custom and practice, as well as the role and responsibilities of the Army Corps and the Coast Guard for the Federal Project waters of the river. No other U.S. court has ever held that a private terminal operator is responsible for the safe navigation of vessels in Federal Project waters. For more than a century the law here and throughout the country has provided that a terminal operator’s responsibility is limited to the berth itself and the immediately adjacent waters providing entrance and exit, and that a terminal operator had no responsibility for the safety of surrounding waters in the “vicinity” of the berth over which it has no control. In 1976 the same Court of Appeals affirmed a district court decision which held that the Army Corps was liable to a vessel owner for damage to its vessel caused by an unreported obstruction in one of the Delaware River dredged channels. In that decision the court held that the industry was entitled to rely on the Army Corps to survey and maintain the specified depth of all Federal Project waters and to accurately report conditions through public notice. Even more troubling than its holding that a private terminal operator now is responsible for the safety of the Federal Project waters outside its berth is the Court’s new and unprecedented definition of what will constitute the “approach” to a terminal in future cases for the purpose of determining a terminal operator’s legal responsibility. The Court of Appeals held that in any specific instance when a ship is bound for a berth, the geographic area that will

Across the Gulf Coast, we’ve been meeting the needs of our clients for 123 years.

With the Port of Houston expanding, do you have a bank that will grow with your financial needs? With over 9 billion in assets, Trustmark offers expertise in the areas of Trade Finance, Maritime Lending as well as a wide range of products and services tailored to meet your financial needs. For more information on how Trustmark can assist you, please contact one of our experienced lenders. Mike Quiray Senior Vice President Trade Services & Maritime Finance 713.827.3707 16 | September 2013

Jeff Deutsch Senior Vice President, Corporate Banking Manager 713.827.3717

Member FDIC

constitute the “approach” depends entirely on the route to the berth chosen unilaterally by the vessel’s navigators. Specifically the Court held that “when a ship transitions from its general voyage to a final, direct path to its destination, it is on an approach” even if the selected path is through Federal Project waters. The Court has created a “moving target” definition of “approach” that will result in legal and commercial chaos for terminal owners and operators. The “path” to a terminal is a decision within the sole province of a vessel’s navigators and local pilots, and it varies from ship to ship based on the tides, currents, winds, and number of assisting tugboats. There is no “usual path,” and a terminal owner cannot predict or control the vessel’s navigational decisions, nor should it be charged with that responsibility. By defining a terminal owner’s duty in terms of a ship’s navigational choices, rather than a fixed geographical area that is within the terminal owner’s control, as had been the case before, the Court’s decision puts terminal owners in an impossible position – there is no ability to accurately determine the area for which they now have responsibility as it will vary from ship to ship. Ships docking at the vast majority of terminals on the Delaware River typically take a docking pilot and assist tugs and begin maneuvering along the “path” to the berth while in the main dredged river channels or Federal anchorages. Thus, under the Court’s new definition of “approach” each terminal will be responsible for the safety of portions of the Federal Project waters including the main channels and anchorage areas. The Court of Appeals has imposed a costly, onerous, and amorphous burden on terminal owners by creating an affirmative duty to survey, locate and remove hidden obstructions in their now expanded but unbounded approaches. It is impossible to know what types of survey techniques and methods will satisfy a terminal owner’s duty, how often surveys must be undertaken, or how terminals are supposed to coordinate their responsibilities in publicly used waterways over which the Army Corps and Coast Guard have exclusive jurisdiction.

CHALOS & Co, P.C. INTERNATIONAL LAW FIRM New York | Houston | Miami | Athens | Cyprus

Our proven ability to resolve problems in a realistic, cost effective and result-oriented way is our trademark.

CARCO intends to petition the U.S. Supreme Court to review and reverse the Court of Appeals’ decision. There will be an opportunity for concerned industry groups to support this appeal to the U.S. Supreme Court through the filing of amicus or “friend of the court” briefs to inform the Supreme Court of the adverse impact the decision will have on day-to-day port operations and the legal liability of marine terminals throughout the United States. GHPB thanks and wishes to recognize the Maritime Exchange of the Delaware River and Bay for this article. If you have questions or require additional information please contact one of the authors, Frank P. DeGiulio of Palmer Biezup & Henderson, LLP (; 215625-7809) or George R. Zacharkow of Mattioni, Ltd. (; 215-6291600).




New York



+1-305-377-3700 Greater Houston Port Bureau | 17

Options and Alternatives A Brief Look at Language Generally speaking, people use the words “options” and “alternatives” interchangeably, which, when consulting the Merriam-Webster Dictionary, is essentially correct. Option: an act of choosing; the power or right to choose; freedom of choice Alternative: a proposition or situation offering a choice between two or more things only one of which may be chosen; However, in practical application, a very subtle differentiation is revealed. An alternative is a choice available in the present, while an option includes the opportunity for the choice to be in the future; it is temporal. For example, a Master of a ship traveling on a waterway and approaching a junction has the choice of traveling either channel A or channel B. This choice is an alternative. It occurs in the present. However, the opportunity to add a rail junction at a landside terminal that the terminal has the ability to acquire five years in the future, at an agreed price, in exchange for paying a fee today, is an option. The choice occurs in the future. What is an Option? An option is an arrangement which for the payment of a fee (the option premium), provides for the right, but not the obligation, for the owner of the option to choose whether or not an agreed action will occur at a predetermined date in the future. There are two general types of options – a call option and a put option. A call option gives the buyer the right to buy and the put option gives the buyer the right to sell. In both cases, once the buyer exercises the right to either buy or sell, the seller is then obligated to either deliver or receive the underlying asset at the contractually agreed price. What Types of Options are Being Used Today? Options, which were originally focused in the financial arena, have now migrated to the asset world where the optionality associated with real assets is now a standard component of any project evaluation exercise. Initially, real options were utilized by firms with exposure to either very high front-end expenditures or long-lead times necessary to bring a new product to market. Examples of these types of firms would include resource exploration and extraction, technology and telecommunications development, and any firm with 18 |

September 2013

high research and development costs, such as pharmaceuticals, heavy manufacturing, and automotive. In today’s world, a large number of firms are incorporating real options into the investment decision process. What is the Worth of Strategic Optionality? The worth of an option, like beauty, is in the eye of the beholder. No two firms will derive the same benefits from valuing an option. Why is this? Strategic decisions of a firm are based on both objective analysis and subjective processes. All subjective processes impact objective decision making. For example, the risk profile of a firm will dictate the acceptable rate of return that is applicable to each and every investment. The capital currently committed to existing projects will impact the rational choices available for all future projects. In addition, any external constraints on capital, such as bond covenants, or any other financial or managerial restrictions may influence the priority ranking of projects. These are some of the reasons that each firm will view each project from a different perspective with the consequent result that the outcomes will also differ. Factors that influence not only the creation of optionality, but also its valuation are risk and uncertainty. At each juncture of uncertainly, choices exist. If choices exist then options exist. If options exist, then a value can be determined. Applying option valuation methodology is a mechanism that will allow the firm to objectively value the choice at each intersection of choice along the path toward project completion. Options allow the valuation of uncertainly during the life of a project. Furthermore, option valuation methodology can also place a value on the risk of the unknown. Exogenous events occurring randomly can dramatically change the viability of a project. Unsuspecting events such as popular uprising, terrorism, and regime change are a few examples at the extreme, but also rapidly changing events in technology, infrastructure, and consumer preferences are the more common exogenous occurrences that create instantaneous change and hence risk that can affect a project’s outcome. Optionality is a process that allows these as well as similar events to be quantified and incorporated as an inherent aspect of any project – from conception through development, construction, implementation, and even disposal. Knowing the value of the options inherent in a project moves the decision making process from not only the subjective to the objective, but also the context from reaction to pro-action. What are the Benefits of Optionality? The benefit of optionality is creating a disciplined systematic approach to identifying, understanding, valuing, and managing uncertainty in a dynamic business environment. Identifying opportunities that include optionality is essential to: •

Creating more realistic cash flow projections for a firm

Improving decision-making capability of the firm by placing a value on choice

Increasing flexibility of the firm to have the ability to

more quickly adapt and respond to changing conditions •

Increasing the value of the firm by capturing the value of optionality

Identifying, valuing, and then capturing the value of optionality is essential for success in both today’s world as well as in the future as the rapidly increasing rate of innovation also increases the intensity of competition. What are Possible Real Options in the Maritime Community? The realm of possible real options that can be utilized by the maritime industry, or any industry for that matter, is infinite. They are a function of the creativity of the firm’s people and management’s level of understanding and accepting a risk defined level of uncertainty. A few that readily come to mind are: •

Vessel operations – option to sell and charter-in; option to sell and charter-in at the end of “x” time periods; operate or charter-out with option to buy-back; operate or charter-out with option to terminate if freight rates reach “y” dollars per day.

Terminal operations – option to acquire additional land for expansion, where expansion can include increasing direct terminal operations, incorporating landside transport, such as a rail siding or expanded vehicle access. Other opportunities include adding throughput with the ability to adjust throughout rates based on the increased volume of the customer’s product.

Importers and Exporters – option to increase or decrease throughput or dock utilization; option to switch the revenue basis to or from a user fee based on throughput to fixed price or vice versa; option to extend utilization at predetermined rate; option to sub-lease.

Real Options Generically, the types of options related to projects – real assets – that can be encountered are: •

Option for future growth

Option to delay

Option to expand

Option to contract

Option to switch

Option to exit

Option for sequential investment

In each one of these instances, the value of the option can be objectively determined, which is beneficial to the objective decision making ability of the firm. Optionality gives a firm the capability to quantify risk and uncertainty heretofore either subjectively assessed or ignored. Including the option valuation at the various decision points of uncertainly gives the firm the capability to continually and dynamically evaluate the benefits of a project; at any point in the project’s life-cycle. -D. Cooley, GHPB

Greater Houston Port Bureau | 19


New Orleans 7%

The Port Security Grant Program: 2013 Houston Share Lowest Level Since Program Inception Delaware Bay 4%

National PSGP Allocations - FY2013 Group II Ports 42%

Group I Ports 58%

Group I Port Allocations - FY2013 HoustonGalveston 10%

Puget Sound 15%

LA/LB 13%

San Diego 1%

San Francisco Bay 25%

New York/New Jersey 25%

New Orleans 7%

The Port Security Grant Program (PSGP), established in January 2002 to assist ports, terminals and waterfront operators with meeting new regulations and implementing security programs, has allocated over $2.5 billion over the past decade. With subject-matter expertise provided by the Coast Guard’s participation in award decisions, PSGP allocations have included more than $250 million of assistance to regional entities such as Harris County, the Port of Houston Authority, and the City of Houston, as well as private terminals along the channel. In late August, the Department of Homeland Security released figures for the FY2013 Port Security Grant Program, which competitively awarded grant funding to support increased port-wide risk management, enhance domain awareness, conduct training and exercises, expand port recovery and resiliency capabilities, as well as further capabilities to prevent, detect, respond to, and recover from attacks involving IEDs and other non-conventional weapons. According to DHS, “these activities will assist ports in the implementation of the National Preparedness System by supporting the building, sustainment, and delivery of core capabilities essential to achieving the goal of a secure and resilient nation.” PSGP funding is statutorily focused towards the implementation of Area Maritime Security Plans (AMSP) and Facility Security

Delaware Bay 4%

Group II Ports 42%

Group I Ports 58%

20 |

September 2013

Plans (FSP) among ports authority, facility operators, and state/local governmental agencies required to provide port security services. This direction is one reason why the Houston Ship Channel Security District is assisting with the cost-match for updating the regional Port Wide Strategic Risk Management/Plan, upon which the AMSP is based. The Houston-Galveston region, including public and private facilities of Houston, Galveston, and Texas City, are one of eight Group One areas identified as the highest risk ports in the US - these eight ports shared over 58% of FY2013 allocations. Houston’s $5 million allocation for 2013 represents a 6% share of national funds and an 11% share of Tier I Port disbursements - the lowest percentage since the program’s inception in 2002. $450


Port Security Grant Funding

90% 80%



70% $300

60% $250 50%

$200 40% $150 30% $100

Million USD



10% 0%

FY 2002

FY 2003

FY 2004

FY 2005

FY 2006

FY 2007*

FY 2008

FY 2009**

FY 2010

FY 2011

FY 2012

FY 2013

Houston Allocation













National Allocation













Greater Houston Port Bureau | 21


Building a Case: Cybersecurity As a critical piece of our national economic engine, the maritime industry is responsible for 99.4% of US global trade tonnage, and nearly one-third of US GDP value. A 2011 report by the European Network and Information Security Agency (ENISA), a group established to address cybersecurity issues in the European Union, noted that: The awareness on cyber security needs and challenges in the maritime sector is currently low to non-existent. Member States should consider developing and implementing awareness raising campaigns targeting the maritime actors. In particular the provision of appropriate cyber security training to relevant actors (e.g. shipping companies, port authorities, etc.) would be highly recommended. The report, a scathing indictment of the state of cybersecurity readiness across

22 |

September 2013

the maritime industry made several recommendations including the establishment of best practices for maritime IT systems, the addition of cybersecurity provisions to current physical safety and security regulations, and expansion of coordination between relevant stakeholders through public-private interaction/partnerships. More recently, the Brookings Institute published a report by CDR Joseph Kramek, USCG detailing numerous cyber vulnerabilities at US port facilities. Referencing research conducted by ENISA, CDR Kramek also pointed out that “of the six ports studied [for this report], only one had conducted a cybersecurity vulnerability assessment and not a single one had a cyber incident response plan. Moreover, of the $2.6 billion allocated to the U.S. Port Security Grant Program—created in the wake of 9/11 to fund new congressionally mandated security requirements at U.S. ports—to date, less than $6 million has been awarded for cybersecurity projects.”

In 2011, the director of DHS’s National Cybersecurity and Communications Integration Center explained to Congress that : Malicious actors in cyberspace, including nation states, terrorist networks, organized criminal groups, and individuals located here in the United States, have varying levels of access and technical sophistication, but all have nefarious intent. Several are capable of targeting elements of the U.S. information infrastructure to disrupt, or destroy systems upon which we depend. ... Criminal elements continue to show increasing levels of sophistication in their technical and targeting capabilities and have shown a willingness to sell these capabilities on the underground market. ... While some have commented on terrorists’ own lack of technical abilities, the availability of technical tools for purchase and use remains a potential threat. Malicious cyber activity can instantaneously result in virtual or physical consequences that threaten national and economic security, critical infrastructure, public health and welfare. Similarly, stealthy intruders can lay a hidden foundation for future exploitation or attack, which they can then execute at their leisure—and at their time of greatest advantage. Securing cyberspace requires a layered security approach across the public and private sectors. While making progress in identifying the risks and costs associated with cybersecurity deficiencies, CDR Kramek points out in his report that DHS has not done a proactive job in prioritizing cybersecurity. “[As of FY 2012,] While cybersecurity projects certainly fit within the [Port Security Grant Program (PSGP)] Funding Opportunities, to date, cybersecurity has never been an expressly stated criteria in a PSGP solicitation.” That dynamic changed in FY2013 when “Enhancing cybersecurity capabilities” was listed as one of the seven sustainment activities supported by the PSGP.

From DHS: Who Commits Cyber Attacks? Bot-Net Operators

Bot-net operators use a network, or bot-net, of compromised, remotely controlled systems to coordinate attacks and to distribute phishing schemes, spam, and malware attacks. The services of these networks are sometimes made available on underground markets (e.g., purchasing a denial of-service attack or services to relay spam or phishing attacks).

Criminal Groups

Criminal groups seek to attack systems for monetary gain. Specifically, organized criminal groups use spam, phishing, and spyware/malware to commit identity theft, online fraud, and computer extortion. International corporate spies and criminal organizations also pose a threat to the United States through their ability to conduct industrial espionage and largescale monetary theft and to hire or develop hacker talent.


Hackers break into networks for the thrill of the challenge, bragging rights in the hacker community, revenge, stalking, monetary gain, and political activism, among other reasons. While gaining unauthorized access once required a fair amount of skill or computer knowledge, hackers can now download attack scripts and protocols from the Internet and launch them against victim sites. Thus, while attack tools have become more sophisticated, they have also become easier to use. According to the Central Intelligence Agency, the large majority of hackers do not have the requisite expertise to threaten difficult targets such as critical U.S. networks. Nevertheless, the worldwide population of hackers poses a relatively high threat of an isolated or brief disruption causing serious damage.


The disgruntled organization insider is a principal source of computer crime. Insiders may not need a great deal of knowledge about computer intrusions because their knowledge of a target system often allows them to gain unrestricted access to cause damage to the system or to steal system data. The insider threat includes contractors hired by the organization, as well as careless or poorly trained employees who may inadvertently introduce malware into systems.


Nations use cyber tools as part of their information-gathering and espionage activities. In addition, several nations are aggressively working to develop information warfare doctrine, programs, and capabilities. Such capabilities enable a single entity to have a significant and serious impact by disrupting the supply, communications, and economic infrastructures that support military power—impacts that could affect the daily lives of citizens across the country. In his January 2012 testimony, the Director of National Intelligence stated that, among state actors, China and Russia are of particular concern.


Individuals or small groups execute phishing schemes in an attempt to steal identities or information for monetary gain. Phishers may also use spam and spyware or malware to accomplish their objectives.


Individuals or organizations distribute e-mail with hidden or false information in order to sell products, conduct phishing schemes, distribute spyware or malware, or attack organizations (e.g., a denial of service).


Spyware/malware authors with malicious intent carry out attacks against users by producing and distributing spyware and malware. Several destructive computer viruses and worms have harmed files and hard drives, including the Melissa Macro Virus, the Explore.Zip worm, the CIH (Chernobyl) Virus, Nimda, Code Red, Slammer, and Blaster.


Terrorists seek to destroy, incapacitate, or exploit critical infrastructures in order to threaten national security, cause mass casualties, weaken the economy, and damage public morale and confidence.

Cyber Security Basics Unlike the physical security environment, cyber-attacks are rarely

Greater Houston Port Bureau | 23

bounded by air, sea, land or space. The nature of cyber-attacks can range from a relatively benign individual causing accidental harm to nation-states or rouge actors maliciously and meticulously seeking to steal money, compile confidential information, or even cause physical damage to a facility. Using methods that range in sophistication from simple data collection on an unsecured network to persistent attack and destruction, cyber attackers have a range of options available to gain access to

their targets. Tables on this and the previous page detail various types of attacks and attackers in the cyber-realm. Attacks and Defense

In August 2011, a cyber-attack damaged over 30,000 computers at the national oil company Saudi Aramco. The company’s Vice President for Corporate Planning explained that “The main target was to stop the flow of oil and gas to local and international markets.” Even the United States has been linked with cyber warfare, as From DHS: Different Types of Cyber Attacks leaks from western officials and interviews with An attack that uses third-party web resources to run script within the vic- NSA whistle-blower Edward Snowden describe Cross-Site tim’s web browser or scriptable application. This occurs when a browser America’s involvement in Operation Olympic Scripting visits a malicious website or clicks a malicious link. The most dangerous Games, which they claim was responsible for consequences occur when this method is used to exploit additional vulthe Flame and the Stuxnet viruses. Stuxnet, nerabilities that may permit an attacker to steal cookies (data exchanged between a web server and a browser), log key strokes, capture screen discovered in June 2010, targets Siemens inshots, discover and collect network information, and remotely access and dustrial control systems, affected industrial (including suspected nuclear material enrichcontrol the victim’s machine An attack that prevents or impairs the authorized use of networks, sys- ment) facilities in Iran, Indonesia, India, and Denial-ofothers, while Flame targeted various governtems, or applications by exhausting resources. Service mental institutions in Iran, Israel, Sudan, Syria, Distributed A variant of the denial-of-service attack that uses numerous hosts to perSaudi Arabia, and Egypt. At the same time, the form the attack. Denial-ofDirector of DHS’s National Cybersecurity and Service Communications Integration Center appeared A piece of programming code intentionally inserted into a software sysLogic before Congress to express his concern that tem that will cause a malicious function to occur when one or more speciBombs “Copies of the Stuxnet code, in various different fied conditions are met. iterations, have been publicly available for some A digital form of social engineering that uses authentic-looking, but fake, Phishing time now. ... The Department is concerned that e-mails to request information from users or direct them to a fake website attackers could use the increasingly public inforthat requests information. mation.” Passive WireTapping

The monitoring or recording of data, such as passwords transmitted in clear text, while they are being transmitted over a communications link. This is done without altering or affecting the data.

SQL Injection

Individuals or organizations distribute e-mail with hidden or false information in order to sell products, conduct phishing schemes, distribute spyware or malware, or attack organizations (e.g., a denial of service).

Trojan Horse

A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms by, for example, masquerading as a useful program that a user would likely execute.


A computer program that can copy itself and infect a computer without the permission or knowledge of the user. A virus might corrupt or delete data on a computer, use e-mail programs to spread itself to other computers, or even erase everything on a hard disk. Unlike a computer worm, a virus requires human involvement (usually unwitting) to propagate.

War Driving

The method of driving through cities and neighborhoods with a wirelessequipped computer– sometimes with a powerful antenna–searching for unsecured wireless networks.


A self-replicating, self-propagating, self-contained program that uses network mechanisms to spread itself. Unlike computer viruses, worms do not require human involvement to propagate.

Zero-Day Exploit

An exploit that takes advantage of a security vulnerability previously unknown to the general public. In many cases, the exploit code is written by the same person who discovered the vulnerability. By writing an exploit for the previously unknown vulnerability, the attacker creates a potent threat since the compressed time-frame between public discoveries of both makes it difficult to defend against. 24 |

September 2013

Recently, the United States has taken a more active approach to cybersecurity and cyber-operations. In October 2010, the US Army established US Army Cyber Command at Fort Belvoir, VA to “earmark the Army’s entry into the new operational domain of cyberspace”, and in 2012, Secretary Napolitano announced a new initiative by the Department of Homeland Security to increase resources, add capabilities, and improve coordination by centralizing its key cybersecurity functions under a Deputy Undersecretary. DHS’s efforts in the cyber security arena include opening a 24-hour watch center for National Cybersecurity and Communications, responding to hundreds of thousands of incident reports and releasing over 10,000 actionable cybersecurity alerts and information products to public and private sector partners. DHS’s Stop. Think. Connect. program, in place since 2010, has worked to carry out the Department’s cyber mission by providing resources for greater awareness and understanding of cyber threats.

US interagency partnerships include a DHS/DOD memorandum of agreement to protect against threats to critical civilian and military computer networks, pilot programs with the Financial Services Information and Analysis Center to protect key critical networks within the financial services sector, and work with the Office of Management and Budget to help all agencies across the federal government to coordinate the protection of the nation’s federal information systems. Case Study: The Port of Houston Authority As an illustration of the scale which modern ports may achieve, CDR Kramek discusses the Port of Houston as exhibiting many of the difficulties associated with security over its 52-mile port complex. “Most of the 150 port facilities... are in private hands. Networked systems govern their operations, and ... any cyber security measures these port facilities have in place is mostly known only to the entities that own and operate these terminals.” Using the Port of Houston Authority as an example of an operator on the channel, CDR Kramek explains: “PHA is a limited operating port, leasing some terminals and operating others itself. ... PHA monitors its terminal operations from a state of the art coordination center with a 24/7 watch. However, like its cargo operations, much of PHA’s physical security relies upon network systems.” Going on, he explains that while the Port Authority has “never used its substantial PSGP grant monies for a cybersecurity project... it has sought and been approved to use PSGP monies for projects that have a dubious impact on enhancing security.” When it comes to internal discussion of cybersecurity, CDR Kramek allows that while PHA uses commercial systems to control access and monitor vulnerabilities, maps its network - including non-computerized networked systems, and even goes as far as hiring outside experts to conduct penetration testing, he also contends that many basic cyber-hygiene steps are being missed with new employees, with contracted stevedores identified as the largest culprits. “Notwithstanding PHA’s reliance on networked systems for their terminal operations and security, if PHA were the victim of a cyber attack, it would rely upon in-house IT staff to manage any response. The scale of these kinds of vulnerabilities should not be understated.” While

Greater Houston Port Bureau | 25

seemingly harsh on the Port of Houston Authority, CDR Kramek does not single the regional entity out when lambasting the state of cybersecurity at the nation’s ports authority. With case studies poking holes in cybersecurity measures at the ports of Los Angeles, Long Beach, Vicksburg, Beaumont, and others, he describes cybersecurity awareness as low and the cybersecurity culture at most US ports as lacking. Suggesting that ports need to, in addition to educating their workers and employees on basic cybersecurity, develop risk management steps and response plans, he calls on the federal government to act. “While Congress continues its effort to pass comprehensive cybersecurity legislation, the full suite of existing authorities should be scrutinized to see how they might be applied in the interim... In the end, cybersecurity in port facilities should not be viewed as a regulatory intrusion into a new domain, but rather as a natural extension of the existing suite of security measures required to protect our ports.” Commander Kramek’s paper echoed concerns brought by ENISA whose conclusions suggested a three-pronged approach to addressing cybersecurity on the (quasi-)national level. In the short term, stimulate dialogue, raise awareness and focus on “good practices”. For the mid-term, ENISA advocated the development of training programs, defined roles and responsibilities at the national level, and defining a holistic, risk-based approach to cybersecurity. Finally, the organization advocated for standards and regulations, harmonized across national borders which allow for regulatory frameworks already existing in the maritime sector to incorporate cybersecurity. Basic Cybersecurity and Cyber-Hygiene Steps With these findings in mind, many regulatory organizations and private companies are beginning to publish best-practices for cybersecurity. Just as responsible homeowners pay attention to the environment around them and utilize precautionary measures such as gates, locks, and security systems when necessary, there are a number of cybersecurity basics that can begin to mitigate the risks involved in communications and information technology.

26 |

September 2013

Microsoft’s best-practices for strong passwords include: •

Avoid passwords that include dictionary words (in any language)

Avoid words spelled backwards

Avoid common letter-to-symbol conversions

Avoid sequences, or repeated characters

Avoid personal information that could be easily guessed or discovered

Ensuring that your passwords are complex, strong, and regularly changed is a good first step, however once you’re using your system, basic cyber-hygiene steps will help maintain a minimum level of security. •

Keep your operating system, browser, and other critical software optimized by installing updates when available

Maintain an open dialogue with friends, family, and colleagues about internet safety

Use privacy settings and limit the personal information you post online

Be cautious about online offers: just like in the physical world, if it sounds too good to be true, it probably is

Verify the authenticity of requests from companies or individuals by contacting them directly. If you are being asked to provide personal information via email, you can independently contact the company directly to verify this request.

Pay close attention to website URLs. Pay attention to the URLs of websites you visit. Malicious websites sometimes use a variation in common spelling or a different domain (for example, .com instead of .net) to deceive unsuspecting computer users.

Greater Houston Port Bureau | 27

Email and Social Media Tips: •

Turn off the option to automatically download attachments

Save and scan any attachments before opening them.

Be sure your anti-virus software is up to date

Save the file to your computer or a disk

Run an anti-virus scan using your computer’s software

Limit the amount of personal information you post to social media sites. Do not post information that would make you vulnerable, such as your address or information about your schedule or routine. If your friend posts information about you, make sure the information is something that you are comfortable sharing with strangers • Take advantage of privacy and security settings. Use site settings to limit the information you share with the general public online • Be wary of strangers and cautious of potentially misleading or false information At Work • Restrict access and secure the personal information of employees and customers to prevent identity theft. • Be suspicious of unsolicited contact from individuals seeking internal organizational data or personal information. Verify a request’s authenticity by contacting the requesting entity or company directly. • Immediately report any suspected data or security breaches to your supervisor and/or authorities. What to Do When You’re Attacked Best practices for how to prevent an attack vary by the situation but what about when an attack has already occurred? DHS has released targeted advice for different sectors and levels of technical knowledge, but recommends some basic, immediate corrective action: • Check to make sure the software on all your systems is up-to-date • Run a scan to make sure your system is not infected or acting suspiciously • Disconnect your device from the Internet. By removing the connection, you prevent an attacker or virus from being able to access your machine

28 |

September 2013

Don’t Navigate Your Finances Alone. With experienced maritime bankers and the capacity to lend, Bank of Texas has the resources you need to help navigate your finances. We offer competitive structures and terms to meet your growing capital needs. As a trusted name in marine financing and a committed partner to the maritime industry, let us chart you a course for success. Give us a call, or better yet, let us come see you.

Vessel Financing | Lines of Credit | Leasing Real Estate & Terminal Expansion 832.786.5178 | Greater Houston Port Bureau | 29

Š 2013 Services provided by Bank of Texas, a division of BOKF, NA. Member FDIC. Equal Housing Lender

You work in real-time. Shouldn’t your information?

Real-time Schedule Changes. Accurate Information. (713) 678-4300 — 30 |

September 2013

and perform tasks such as locating personal data, manipulating or deleting files, or using your device to attack others. •

If you have anti-virus software installed on your device, update the virus definitions and perform a manual scan of your entire system

If you have access to an IT department, contact them immediately: the sooner they can investigate and clean your computer, the less damage to both your machine and others on the network

If you believe you might have revealed sensitive information about your organization, report it to network administrators who can be alert for suspicious or unusual activity

Report the incident to the appropriate authorities: local police, US Secret Service Electronic Crimes Task Force, the Federal Trade Commission, and others.

Cybersecurity, like physical security or safety, is a 24/7 operation that requires all employees and operators to understand the tools that they are using and manage their risk and exposure. With basic knowledge of cyberhygiene and careful vigilance when dealing with new situations, you, your coworkers, and your employees will be able to work more safely, efficiently, and with fewer lost time incidents, creating an undeniable competitive advantage.

DIRECTION Maritime Solutions for Moving Forward


Scott Dobry

PERMITTING Greater Houston Port Bureau | 31

Advertise in the Port Bureau News

Your Order:

CaPTain’s CuP golf TournamenT

n n uA l

Quarter, Half and Full Pages Available!

5 th A

Reach 6,500+ Maritime executives & professionals every month for as low as $2,000/year.

The greaTer housTon PorT Bureau’s

novemBer 4, 2013 • 4-man shamBle

(713) 678-4300

REGISTRATION noW oPen for sponsorships and teams with sponsorships. Open registration begins October 1.

Team regisTraTion: $1,300 Located at the members-only

BraeBurn Country Club 8101 Bissonnet Houston, TX 77074 Advertising in the Port Bureau News is open to GHPB Members Only

Greater Houston Port Bureau 111 East Loop North Houston, TX 77029 T. +713-678-4300 F. +713-678-4839

Includes 4-man Team, $100 Gear Certificate per Golfer, Green Fees, Golf Cart, Tournament Entry, Drinks on the Course, Boxed Lunch & Steak Dinner

sPonsorshiP oPPorTuniTies Premier Dinner ........... $3,500 Lunch ...................... $2,000 Dinner Bar ............... $1,500 Beverage Cart (2) ....... $1,500 Closest-to-Pin (3) ......... $1,000 ÄIncludes space for marketing tent Longest Drive (1) ........ $1,000 Hole-in-One (1) ........... $1,000 ÄIncludes space for marketing tent Putting Green (2)............ $750 Practice Range (2) ........... $750 Hole Sponsors................. $500 Contact the Greater Houston Port Bureau for more details: 713.678.4300 or

Advertising Directory Bank of Texas...................................................................................... 29 Blades International....................................................................................... 14 Buffalo Marine Service..................................................................................... 3 Cargoways...........................................................................................15 Chalos & Co.....................................................................................................17 Clark Freight Lines......................................................................................... 27 Equipment Depot........................................................................................... 28 Gulf Winds International................................................................................. 13 HarborLights.................................................................................................. 30 HDR............................................................................................................... 31 Houston Pilots................................................................................................ 22 Intergulf................................................................................................. 5 John L Wortham & Son................................................................................... 22 McCarthy....................................................................................................... 27 Odfjell............................................................................................................ 20 Port of Houston Authority................................................................................4 Shrader Engineering...................................................................................... 25 The Richardson Companies............................................................................ 26 Trustmark National Bank................................................................................ 16 Vopak............................................................................................................. 13 Whitney Bank................................................................................................. 21 Greater Houston Port Bureau | 32

Sept. 2013 Port Bureau News