ABSTRACT
When an unspecified terrorist threat against Norway was identified in the summer of 2014, the security level was heightened at all of Norway’s 600 plus International Ship & Port facility Security code (ISPS) ports. A type of classification system was necessary in order to identify which ports required security measures dependent on the different types of situations which could potentially arise. However, classifying infrastructures by criticality is a complex task with little guidance available. The main challenge was how to decide which level of protection the facilities would require. We evaluated whether the ad hoc approach, used to return security levels to baseline, was a good approach, and if there were other best practices available. Furthermore, we asked how the more than 600 different facilities could apply the same classification system. This paper proposes an approach for how to arrange different port facilities into “security profiles”. A general threat assessment was made, based on a literature review and contact with security authorities, in order to determine what kind of scenarios would be relevant for the ports. We then continued to map the different types of ports, and common denominators for security issues. Through the literature review, workshops and input from the Norwegian Coastal Administration, we developed value-based categories for criticality. The findings in this paper can help clarify and present solutions which might help practitioners overcome challenges related to assessing security and threats to their facilities. The approach presented in this paper may also be a useful framework for other critical infrastructures to help select categories for ranking or classification.
