(PDF) Benchmarking container port security risks by applying a FIS methodology

Int. J. Shipping and Transport Logistics, Vol. 10, No. 4, 2018 Benchmarking container port security risks by applying a FIS methodology Dimitrios I. Stavrou* and Nikolaos P. Ventikos National Technical University of Athens, 9 Iroon Polytechniou str., Zografou 15773, Greece Email:

Email:

*Corresponding author Zaili L. Yang Liverpool Logistics, Offshore and Marine Research Institute, Liverpool John Moores University, James Parsons Building, Byrom Street, Liverpool, L3 3AF, UK Email:

Abstract: This paper presents a fuzzy inference approach to estimate the security level of a port in a manner that it provides essential information to the stakeholders when evaluating security risks under uncertainty. A fuzzy inference system (FIS) methodology is developed on account to four predefined security factors. A team of experts is used to rank and survey potential port security risks whereas the experts’ ordinal preferences were combined using the Cook and Seiford method to come up with a consensus risks’ ranking. To validate the model, results are compared with those from an established fuzzy evidential reasoning approach given the same security risk inputs. The verified FIS can provide useful insights for security analysts to conduct security risk quantification under high uncertainty in data in the maritime sector as well as a wider range of other industries (e.g., aerospace and process) facing high terrorism threats with appropriate tailor and adaptation. Keywords: maritime; port safety; port security; fuzzy inference system; FIS; International Ship and Port Facility Security; ISPS; risk assessment. Reference to this paper should be made as follows: Stavrou, D.I., Ventikos, N.P. and Yang, Z.L. (2018) ‘Benchmarking container port security risks by applying a FIS methodology’, Int. J. Shipping and Transport Logistics, Vol. 10, No. 4, pp.377–405. Biographical notes: Dimitrios I. Stavrou is currently a Superintendent Engineer in a shipping company. He has been retired from the Hellenic Navy as a Lieut. Commander Officer after serving for approximately 23 years. He is also a Naval Architecture and Marine Engineer by the NTUA, Greece. He has published more than 20 technical papers on safety and risk analysis/assessment of maritime activities, human factor, multi-criteria analysis and decision support systems. He also has study STS transfer of cargo operations and associated issues. During his PhD studies, he was supported by the ‘IKY fellowships of excellence for postgraduate studies in Greece-Siemens program’. Copyright © 2018 Inderscience Enterprises Ltd. 377 378 D.I. Stavrou et al. Nikolaos P. Ventikos is an Assistant Professor in the School of Naval Architecture and Marine Engineering of the NTUA, Greece. He has published more than 120 publications. He’s expertise is in marine safety; risk analysis/assessment; (oil) marine pollution; maritime security; human factor; and statistical modelling. He was awarded the G.P. Livanos Grand Prize on Environmental Issues (2000). Zaili L. Yang is a Professor of the Maritime Transport at Liverpool John Moores University (LJMU), UK. His research interests are system safety, security and risk based decision making modelling, especially their applications in marine and supply chain systems. He has successfully completed five Postdoctoral and 16 PhD projects. He currently has 12 PhD students under his supervision in the research areas of maritime safety, logistics operation and port optimisation. His research findings have been published in more than 160 technical papers in risk and supply chain areas, including over 50 SCI/SSCI-cited journal papers. He is a member of editorial boards of eight international journals. He has also served as a member of review boards for national research councils of countries such as the USA, the UK, Norway and China. This paper is a revised and expanded version of a paper entitled ‘Use of fuzzy inference approach to estimate maritime security level’ presented at 3rd International Conference on Maritime Technology and Engineering, Lisbon, Portugal in 4–6 July 2016. 1 Introduction Shipping is considered as a safe, economical and environmentally friendly form of commercial transport, playing a crucial role in the economy and development in worldwide scale (Shariff et al., 2016). As a result, around 90% of world trading in volume is conducted by the existing global marine transportation system. The marine transportation system, namely the vessels, the waterways and the maritime supporting facilities forms parts of the global physical distribution and considered as the backbone of the world waterborne trade (Helmick, 2008). In today’s modern society, safety has become of utmost importance to optimise performance and minimise catastrophic events. However, after the terrorist attacks of 11/9, the concept of security has appeared and gain high priority and attracts growing attention in transportation in general and maritime in specific (Männistö et al., 2014). In this context, port and maritime operations together with their associated facilities and infrastructure consist of one of the greatest unaddressed security challenges compromising the integrity of the global energy and economy. There are many reasons for the difficulty to adequately safeguard the existing maritime transportation system. However, most of these reasons have common origins, located primarily in their topography. The typically oversized container ports are places where a variety of activities take place either on land, by water or even the combination of them. Also, container ports can simultaneously accommodate different transport means such as ships, trucks and trains using complex equipment to conduct all necessary transfers of a large variety of products. The movement of the goods is usually continuous and intensive which means that delays affect the entire transport and supply chain. Thus, Benchmarking container port security risks 379 whether delays on supply chain are related to security (Urciuoli and Ekwall, 2015), security falls by the wayside in the interest of time management or convenience. The potential of security violations makes the transportation system weak and vulnerable, causing great public concern. Security violations can be related either with theft or terrorist attacks. Nevertheless, violations related with theft are out of the scope of this study. Although terrorist attacks on the maritime domain maintain a significant low record of incidents (Chalk, 2008), the potential for disasters (Kwesi-Buor et al., 2016), which refers to episodes of mass violence (e.g., terrorism, industrial unrest leading to vandalism), forces the involved parties to give special attention to security matters. Potential targets in case of a terrorist action can be identified as container ports, carriers of dangerous cargoes such as liquefied petroleum gas (LPG) or liquid petroleum gas (LNG) carriers and other critical marine infrastructures such as offshore oil and gas platforms. Thus, the capability to respond to a potential terrorist activity is of utmost importance in the maritime domain. On the port facilities, the port security management (PSM) is an effective way to deal with potential threats. The PSM consist of the different types of security and counter-terrorism activities falling within the port’s domain, including the protection of port/terminal facilities and the coordination of security activities when ship and port interact (Ng and Gujar, 2008; Ng and Vaggelas, 2012). The PSM also includes piracy activities along major shipping routes, of which various sources provided evidence suggesting increasing complementarities between piracy and terrorism (Hastings, 2009; Fu et al., 2010). As a result of the growing international recognition of the importance of the PSM (Yang et al., 2009), many different measures and strategies were adopted in order to deal with port security threats resulting from terrorist actions, notably the International Ship and Port Facility Security (ISPS) Code by the International Maritime Organization (IMO). Although such measures and regulations have greatly enhanced port security performance, experiences in the past decades indicated that the need to strengthen the security regulatory framework often lacked an integrated strategy (Yang et al., 2014). In this context, maritime security assessment (MSA) was adopted by the shipping industry to bridge the gap between the theoretical approach of the legislative regime and the on-hands experience coming from reality. MSA is defined as the starting point for evaluating security risks and developing appropriate security measures to deal with the multidimensional terrorism threats that jeopardise the security of maritime assets and/or facilities. It is a methodological approach used to identify, assess and evaluate security risks to prevent them from occurring. One feasible way to tackle uncertainty coming from the stochastic nature of the composite sea environment is the use of fuzzy logic. The basic concept relies on the fuzziness of human perception by using linguistic descriptions to express decision variables. This unique feature to interfere between objective and human perceptive reality led fuzzy logic to be greatly developed over the last decades. The importance of security matters has also stimulated researches to present different approaches to deal with the matter. Among them, Haimes (2011) highlights in his work the complexity of the quantification of the multidimensional risk function, develops five systems-based premises on quantifying the risk of terrorism to a threatened system and advocates the quantification of vulnerability and resilience through the states of the system. In the light of the above, this paper presents a fuzzy-based model to support the stakeholders when deciding to adopt security policy measures. In particular, a fuzzy 380 D.I. Stavrou et al. inference system (FIS) based on the Sugeno’s methodology is developed taking into account four critical security factors (Yang et al., 2009); the likelihood of a threat-based risk to occur, the severity of a threat which corresponds to the combination of the destructive force/execution of a certain action and the resilience of the system after the occurrence of a failure or disaster and finally the probability of the occurrence of consequences which can be defined as the probability that damage consequences happen given the occurrence of the event. To do so, a team of four experts with relative experience to security matters, agreed to be involved in the survey and rank the four security factors on certain basic events/threats. Each expert’s evaluation led to a ranking of the security risk scenarios from the worst case to the best. Finally, the experts’ ordinal preferences were combined using the Cook and Seiford (1978) method to generate a consensus scenarios’ ranking. The outcome of the FIS engine gives security estimation (SE) number which indicates the degree of vulnerability of the investigated port on certain security threat scenarios. Finally, the results were compared with those from an established approach given the same inputs by Yang et al. (2009) who applied the fuzzy evidential reasoning (FER). A FER approach presents a methodological framework able to cope with the synthesis of various pieces of evidence obtained/evaluated in a fuzzy environment. It uses the concept of degrees of belief to model the knowledge coming from the experts in using fuzzy linguistic variables to estimate the above attribute values. The kernel of this approach is an ER algorithm developed based on the Dempster-Shafer (D-S) theory, which requires modelling the narrowing of the hypothesis set with the requirements of the accumulation of evidence. Compared to the traditional fuzzy inference mechanisms (i.e., max-min fuzzy operation), fuzzy ER approaches have the superiority of avoiding the loss of useful information in their inference processes (Yang et al., 2009). To accomplish the aforementioned goals, the rest of the paper is organised as follows. In Section 2, the theoretical background of the FIS method is described. In Section 3, the MSA method is presented about the port’s security, while, in Section 4, the FIS model is properly applied. Section 5 presents a discussion of the results. Finally, Section 6 concludes the paper. 2 A critical review of international maritime port security regimes 2.1 ‘Port security’ vs. ‘port safety’ Before the examination of the existing port security legislative regime, it is essential to determine the meaning of the term ‘port security’ and distinguish it by the term ‘port safety’ in the marine domain, due to their close relation that may confuse and mislead the readers. A practical way to distinguish ‘port security’ from ‘port safety’ is using the origins of the corresponding risks. Thus, the concept of ‘port safety’ addresses the safety of maritime installations with the primary purpose of protecting maritime professionals and the marine environment. Port safety in the first place implies the regulation of the construction of maritime installations, the regular control of their safety procedures as well as the education of maritime professionals in complying with regulations. Consequently, port safety refers to risks that accidentally can occur causing adverse effects to the human beings, to the environment and property loss. Benchmarking container port security risks 381 On the other hand, port security refers to risks coming from the intentional purpose to harm the human life, through the damage of the property or by affecting the environment adversely. The meaning of intentional purpose, in the case of security, is connected with a conscious action against human life as an objective target and not a violation of safety as referred in the work of Alper and Karsh (2009). When these risks are related to the maritime domain with a special focus on ports, they refer to maritime port security risks. The term maritime security, per the UK’s security approach, mainly refers to maritime security risks rather than threats. They mean the disruption to vital maritime trade routes as a result of the war, criminality, piracy or changes in international norms including cyber-attacks against shipping or maritime infrastructure (UK Government, 2014). Thus, port security could refer to a pyramid context in the top of which, is the human life under threat using the violation of the environment and the assets (e.g., the vessels, the infrastructures, etc.). This pyramid is covered by the port security threats and the relative security risks, the laws and treaty enforcements and counter-terrorism activities that fall within the port and maritime domain. 2.2 International port security legislative regime Currently, port security is governed by the ISPS Code (fully implemented in 2004) (IMO, 2002b) which is issued by the IMO based on the amendments made in 2002 to the International Convention for the Safety of Life at Sea (SOLAS) 1974 as amended and the addition of special measures in enhancing maritime security (Chapter XI-2) to SOLAS (IMO, 2002a). Other international laws applied for port security enhancement are the IMO/ILO Code of Practice and the WCO framework. The ISPS code contains requirements that relate to the security of the ship and the immediate ship/port interface. The code encompasses some significant elements such as the detection of the security threats, the implementation of the security measures and the presentation of several additional maritime security-related information. An essential part of the ISPS code refers the development of maritime security risk assessment methodologies, plans and procedures and the establishment of security-related roles and responsibilities for contracting governments, shipping companies and port operators. The risk assessment approach includes a three-level methodology to assess security system is provided in ports at all time, with a higher level indicating a greater likelihood of the occurrence of a security incident. Finally, the assessment in the ISPS code addresses significant security issues such as the identification and evaluation of important assets and infrastructure that need to be protected, the identification of possible threats to the assets and infrastructure and the likelihood of their occurrence, the identification, selection and prioritisation of countermeasures and proactive changes and their level of effectiveness in reducing vulnerabilities and the identification of weaknesses, including human factors within the infrastructures, policies and procedures (IMO, 2002b). Although the ISPS code has greatly enhanced port security performance, there are some issues that make the code weak and ineffective. For instance, while the ISPS Code requires the designated authorities to undertake port facility security assessments (PFSA), it does not prescribe any accepted methodologies to implement it in a quantitative manner. Furthermore, the ISPS Code suggests using three security levels to tackle different security risks that ports face in dynamic operational environments. However, it does not incorporate any risk analysis in the definition of the three security levels. It becomes more complicated when 382 D.I. Stavrou et al. taking into account the fact that the responsibilities of port security lie within the hands of the contractual governments which have the final power in making all decisions, including the approval of PFSA and port facility security plan (PFSP), the appointment of port facility security officers (PFSOs) and reviewing (parts of) the ship security plan in outstanding circumstances (Yang et al., 2014). Hence, the voice of requiring further justification of their effectiveness from maritime stakeholders is still very strong, as reflected by the views of many participants during the Annual Total Port Security Forum (ATPSF, 2012). The IMO/ILO code of practice is the result of the common effort of the Maritime Safety Committee of the IMO and the governing body of the ILO to establish a working group of interested parties to draft a code of practice relating to security especially in container ports. This draft was completed by the joint IMO and ILO working group in July 2003. The objective of this code of practice on security in container ports is to enable governments, employers, workers and other stakeholders to reduce the risk to container ports from the threat posed by unlawful acts. The code provides a method of identifying potential weaknesses in a container port’s security and outlines security roles, tasks and measures to deter, detect and respond to unlawful acts against ports serving international traffic and maritime operations (ILO, 2004). The code provides a guidance framework to develop and implement a container port security strategy appropriate to identified threats to security. However, it is not a legally binding instrument but a practical recommendation designed to guide all those responsible for addressing the issue of security in container ports. Although it provides a method to identify and assess container port security threats, the method is extremely simplified and uncertainty may turn the results to become unreliable and invaluable. However, the code provides a proactive approach to security in container ports and follows, where practicable, the practice and principles identified in SOLAS Chapter XI-2 and the ISPS Code (ILO, 2004). The WCO framework of standards to secure and facilitate trade (SAFE) was adopted in June 2005. The purpose was to enhance security and facilitate in global trade. The SAFE Framework lays on two fundamental connections, the first being customs-customs network arrangements and second being Customs to business partnerships. The customs-customs connection gives the potential to the customs administration to receive the essential control data on exports, imports, or goods in transit analysing whether the shipment is high-risk regarding national security. On the other hand, customs to business partnerships connections are based on the customs-customs connection with a recommended process where customs administrations validate as AEOs businesses that comply with security requirements and the cargo could, therefore, be considered as low-risk cargo and be treated as low-risk cargoes of the first connection. The SAFE framework of standards is a set of recommendations to the customs organisations, which include issues as: • Integrated customs control procedures for integrated supply chain management. • Authority to inspect cargo and use modern technology in doing so. • Risk-management system to identify potentially high-risk shipments. • Identification of high-risk cargo and container shipments. • Advance electronic information on cargo and container shipments. Benchmarking container port security risks • 383 Joint targeting and screening. Regarding the SAFE Framework, the risk-management to identify potentially high-risk shipments as well as the identification of high-risk cargo and container shipments could give essential information for potential cargoes of hazardous materials that could be the mean to compromise the security of a port through a terrorist action. As already mentioned above potential targets in case of a terrorist action can be identified for example carriers of dangerous cargoes such as LPG or LNG carriers. Apart from the applied regulatory framework, the application of risk management techniques in port security is a matter that has been problematise the academic community. In this respect, Bichou (2008) has examined the problematical issues of security perception, value and impact and discussed the limitations of the current regulatory framework in providing an integrated and effective approach to risk assessment and management, including for supply chain security new relevant approaches can be developed to assess the reliability of the maritime in the context of the complex network theory. Bichou (2008) concluded that new approaches can be developed to assess the reliability of the maritime in the context of the complex network theory. In a similar context, the work of Rugy (2009) presents Port security as a case example in strategic risk management to demonstrate how the government might use risk analysis in allocating resources to protect the nation. Rugy (2009) highlights the key aspects of the implementation of the strategic risk management for Port Security in the USA through an intensive look in different aspects that affect the implementation of security risk assessment findings. 3 Port security assessment (PSA) 3.1 General overview Generally speaking, maritime security is a mixture of different theories and cultures analogous to the theoretical background of the analyst. In that sense, maritime security can be interpreted given its relation to other concepts, such as marine safety, sea power, blue economy and resilience (Bueger, 2015). In a different approach, Carafano and Kochems (2005) have been aptly characterised the marine security as “a complex strategic problem encompassing a physical domain, land-based critical infrastructure, intermodal means of transportation and international supply chains that convey goods, services and passengers”. The first serious action by the international maritime community towards to confront threats to maritime security was the adoption of the ISPS Code which was entered into force on 2004 (IMO, 2003). The ISPS code came as the result of the aftermaths of the 9/11 attacks and it consists of a standardised, consistent methodological framework for evaluating risk, enabling governments to offset changes in threat with changes in vulnerability for ships and port facilities (IMO, 2002b). The code requires security risk assessment for various ship and PFSPs. Thus, the MSA was recently introduced as a ‘tool’ that allows the involved parties to recognise and address the security threats, to assess and analyse their potential, to identify and evaluate their special characteristics, all 384 D.I. Stavrou et al. in the context of the mitigation or elimination of the possibility of a security risk event to occur. 3.2 Container port security threats Before the analysis of the potential port security threats, it would be interesting to interpret the current global security situation. It is known that initially, terrorists have focused on targets on aviation assets or to unleashed bomb suicide attacks to enhance the impacts of their attacks to the human beings. As a result, a strict and concrete context of protecting measures has been developed and enforced to deal adequately with these threats. The limitations that came with the new protecting measures lead terrorists to seek for more vulnerable and easy access targets. Thus, terrorists may soon turn their interest to the marine domain include ships, port, coastal facilities and container/container yards because the secondary emphasis has been placed on hardening these assets due to the urgent need to address threats to aviation facilities and transportation. In this context, there are many threats that can be identified by port and maritime domain. In particular, targets could be identified among others in the ramming of vulnerable vessels at sea, the blowing up of medium-sized vessels at ports, the attacking of vulnerable large cargo ships such as supertankers from the air by using explosive-laden small aircraft or underwater attacks by divers or suicide demolition teams, using limpet mines. Also, ports and shipping remain attractive targets for criminals and organised crime and piracy because of the centralised aggregation of both containerised and warehoused goods that often have not yet been subjected to end-user accounting and valuation (Goslin, 2008). 3.3 Conventional risk assessment approaches to evaluate port security threats Conventionally, risk can be defined as being the chance, in quantifiable terms, of an adverse occurrence. Risk, therefore, combines a probabilistic measure of the occurrence of an event with a measure of the consequence, or impact, of that event. When introducing the risk factor, the concept and measure of uncertainty must be considered. Risk assessment for PSA is applied when the questions need to be answered: • What can go wrong? • What is the probability of something going wrong? • What are the possible consequences? If the adoption of measures to mitigate or eliminate the risks is integrated into the evaluation process, then risk management is conducted taking into account the alternative options and/or trade-offs available between costs, benefits and risks. Thus, risk management consists of risk assessment together with policy decisions on future options and undertakings. There are many different conventional security risk assessment methodologies which are applied based on the input data. In particular, two factors are examined to implement the right method: 1 the dependence of the sequent events on each other 2 the type of the chosen analysis. These are presented in Table 1. Benchmarking container port security risks Table 1 385 Conventional security risk assessment methodologies according to the input data Consequence Causal The sequence of the events is dependent Event tree analysis (ETA) Markov process The sequence of the events is independent Failure mode and effect analysis (FMEA) Fault tree analysis (FTA) The implementation of the conventional models to conduct MSA can provide valuable knowledge for security event reporting and threat warning thresholds. It can also give reliable and valid information resulting from fears of regulatory actions. However, certain drawbacks make the conventional methodologies weak and ineffective. In particular, the implementation of the traditional methods perquisites several assumptions and conditions taken into account. Moreover, these methodologies are based on experts’ subjective judgments whose experience has a significant impact on the perception of risks in aspects of financial loss and safety and security incident related loss (Chang et al., 2016). Talas and Menachof (2014) also used expert’s judgment combining subjective assessments of the performances of the port facilities’ security systems with estimates of terrorism risk from a specialist terrorism underwriter. Thus, uncertainty of experts’ opinion is an issue of serious consideration. On the other hand, traditional safety management techniques may be capable of dealing with accidental, hazard-based risks in port, new vulnerability analysis methods are urgently required for tackling those caused by threats such as terrorist attacks (Yang et al., 2013). However, traditional methods suffer when dealing with this type of uncertainty. In this context this work proposes an advance method to remedy the weaknesses of the traditional approaches. 3.4 Defining security risks of container port facilities Port facilities are vulnerable to terrorists’ attacks in many different ways. In that sense, this study focuses on two highly likely categories: attacks coming from the channel/waterway or bombing the quayside infrastructures/facilities of the terminals. To identify the potential basic events that are related to each one of the relative categories a fault tree analysis was conducted by Yang et al. (2005, 2009) and the relative results are depicted in Figure 1. Table 2 The security risk scenarios under consideration Scenario EXT-CHA VES-CHA CARGO EMPLOYEE Description Using a missile or bomb to attack the channel Conducting a vessel ‘suicide’ attack by the channel Use a vessel as a mean to attack with bomb or hazardous cargo to the terminal Use a vessel as a mean to attach through a terrorist working as employee to EXT-TER Using a missile or bomb to attack the terminal VES-TER Conducting a vessel ‘suicide’ attack on the terminal 386 D.I. Stavrou et al. The interpretation of the results has addressed six basic events that can lead to security violation of the port either by channel or terminal attacks. Based on the basic events, a corresponding number of six potential security risk scenarios were constructed for evaluation. These risk scenarios are presented in Table 2. Figure 1 4 Fault tree analysis regarding terrorists attacking ports FIS theory 4.1 The FIS theoretical background The FIS method is a deductive methodology under the umbrella of the fuzzy logic (Zadeh, 1965). Its main objective is to solve problems that suffer from uncertainty. One of the main advantages of the FIS method is its ability to deal with impreciseness and ambiguity of a system (Elsayed, 2010). The fundamental principal of the FIS theory is the ability to use natural or linguistic terms to express the variances of variables while, at the same time, it provides an effective tool for the treatment or combination of different variables (Stavrou and Ventikos, 2014). FIS method is a complementary way to conduct a risk assessment in maritime operations where deterministic approaches are unable to deal with the inherent uncertainty and complexity. An FIS method consists of five consecutive steps: the first step refers to the fuzzification process where membership functions (MFs) are used to express the degree of relation of each input variables to a predefined fuzzy set. The second step refers to the application of fuzzy operators (AND or OR) to determine the antecedent part of each rule for the corresponding variables. After the determination of the weight of each fuzzy rule, Benchmarking container port security risks 387 the next step is to implement the implication method to calculate the consequent part of each rule represented as a fuzzy set by a membership function. The consequent parts of each rule are then used to aggregate to a total output function that can be used to express the fuzzy output of the implemented rules. The final step is the defuzzification process where the fuzzy product is transformed to crisp values. 4.2 The Sugeno’s method There are two well-known fuzzy inference methods: 1 the Mamdani’s fuzzy inference method 2 the Sugeno’s, or Takagi-Sugeno-Kang, method. The Mamdani’s method (Mamdani and Assilian, 1975) is based on a fuzzy rules aggregation process that produces fuzzy sets under the form of MFs. The Sugeno’s FIS is similar to Mamdani’s system in several ways. Both systems fuzzify the inputs in the same way and apply the same fuzzy operator. However, the Sugeno’s output MFs are either linear or constant (Sugeno, 1985). Mandani’s method is the most applied FIS method due to its intuitional characteristics, nevertheless the Sugeno’s method is used in this study due to its robustness and computational abilities. These abilities are coming from its unique characteristics on the efficiency of integrating with linear, optimisation and adaptive techniques, to present accuracy regarding performance to mathematical analysis and guaranteed continuity of the output surface (Mathworks, 2015). Figure 2 presents a diagrammatical approach of the Sugeno method. Figure 2 Diagram of the Sugeno’s method Source: Mathworks (2015) The Sugeno method uses rules under the form: If Input 1 = x and Input 2 = y, then Output z = ax + by + c (1) A zero-order Sugeno model gives constant output level z = const. (a = b = 0). Each rule weights its output level, zi by the firing strength of the rule, wi. For example, for an AND rule with Input 1 = x and Input 2 = y, the firing strength is zi = AndMethod ( F1 ( x ), F2 ( y ) ) (2) 388 D.I. Stavrou et al. where F1(x), F2(y) are the MFs for Inputs 1 and 2. The weighted average of all rule outputs gives the final output of the inference approach. ∑ Final Output = ∑ N i =1 N wi Z i i =1 (3) wi where N is the number of rules. 5 Methodology of the applied risk assessment modelling 5.1 FIS implementation for container port security risks In the study, six security risk scenarios (see Table 1), are assessed and evaluated with regard to four security risk factors: 1 the ‘will’ (W), which corresponds to the likelihood of a threat-based risk, which directly represents the lengths one goes through in taking a certain action 2 the ‘damage capability’ (D), which refers to the destructive force/execution of a certain action 3 the ‘recovery difficulty’ (R), which hints the resilience of the system after the occurrence of a failure or disaster 4 the ‘damage probability’ (P), which means the probability of the occurrence of consequences and can be defined as the probability that damage consequences happen given the occurrence of the event. The combination of D and R responds to the consequence severity of the threat-based risk (Yang et al., 2009). Figure 3 MFs of the corresponding antecedent parameters (W, D, R and P) Benchmarking container port security risks Figure 3 MFs of the corresponding antecedent parameters (W, D, R and P) (continued) Figure 4 FIS modelling based on the Sugeno’s method (see online version for colours) 389 The MFs that express the four security risk factors (W, D, R and P) are shown in Figure 3. Also, the outcome of the FIS model is a number, namely ‘SE’, which represents the potential of a security risk scenario violation to occur on the combination of the four risk factors. The FIS modelling about the antecedent parameters (W, D, R and P) as well as to the consequent parameter (SE) are presented in Figure 4. 390 D.I. Stavrou et al. 5.2 Tuning of the FIS parameters The choice of the most suitable MFs in a fuzzy set approach is a crucial issue that is related to the available data. Inference systems can be successfully applied to control systems, expert systems (Garibaldi and John, 2003) or even prediction systems (Mandal et al., 2012). Yet, the majority of the published work concerning the choice of the suitable MFs is related to control systems; see relevant refs Zhao and Bse (2002). In this study, MFs generated from the Gaussian distribution function have been finally selected instead of piece-wise linear functions; the Gaussian distribution generates more smooth results without (or with much fewer) irregularities (Stavrou and Ventikos, 2014). 5.3 Determination of the fuzzy rules To determine the fuzzy rules in the FIS model, four experts were asked to evaluate the relative importance of the input variables and the SE number so as to introduce the rules to the rules editor. The experts were two representatives of a port authority and two professionals with experience in maritime security matters. To overcome potential disagreement experts were asked to decide upon three different behavioural risk approaches; a conservative risk approach which means that experts overestimate the potential risk coming from the security risk scenarios, an aggressive approach where the potential risk is considered less important and a neutral approach where the experts have no preference regarding the risk potential. Thus, the experts have been asked to rate on a scale of low, medium and high, the risk coming from different W, D, R and P combinations for the three behavioural risk approaches. The results of the neural behaviour are illustrated in Tables 3(a) to 3(f). Also, the corresponding results for the conservative and the aggressive risk attitude are presented in Appendix A. Table 3(a) The fuzzy rule matrix of the will factor associated with the damage capability factor Negligible Moderate Critical Catastrophic Very weak L M M H Weak L M M H Average L M H H Strong M M H H Very strong H H H H Table 3(b) The fuzzy rule matrix of the will factor associated with the damage probability factor Very weak Unlike Average Likely Definite L M M H Weak L M M H Average L M H H Strong M M H H Very strong H H H H Benchmarking container port security risks Table 3(c) 391 The fuzzy rule matrix of the will factor associated with the recovery difficulty factor Easy Average Difficult Extremely Very weak L M M H Weak L M M H Average L M H H Strong M M H H Very strong H H H H Table 3(d) The fuzzy rule matrix of the damage capability factor associated with the damage probability factor Unlike Average Likely Definite Negligible L M M H Moderate L M H H Critical M M H H Catastrophic M H H H Table 3(e) The fuzzy rule matrix of the damage capability factor associated with the recovery difficulty factor Easy Average Difficult Extremely L M M H Negligible Moderate L M H H Critical M M H H Catastrophic M H H H Table 3(f) The fuzzy rule matrix of the damage probability factor associated with the recovery difficulty factor Easy Average Difficult Extremely Unlike L M M H Average L M H H Likely M M H H Definite M H H H 5.4 Mapping of the security risk factors using FIS Sugeno’s method After the implementation of the fuzzy rules for the three risk behavioural approaches, the mapping of the different combinations of the security risk factors is presented through three dimension (3D) surfaces created by the fuzzy inference application to the potential of a security risk scenario violation to occur; these are illustrated in Figures 5(a) to 5(f). Different scales of blue and yellow indicate the different areas of the potential of security risk violation, i.e., from an intense blue scale, areas with low potential of security risk violation, to a moderate blue and an intense yellow scale, which indicates areas of high level of security risk violation. 392 Figure 5 D.I. Stavrou et al. (a) Risk mapping of the port se based on the will against the recovery difficulty for neural behaviour (b) Risk mapping of the port SE based on the will against the damage probability for neural behaviour (c) Risk mapping of the port SE based on the will against the damage capability for neural behaviour (d) Risk mapping of the port SE based on the damage probability against the recovery difficulty for neural behaviour (e) Risk mapping of the port SE based on the damage capability against the recovery difficulty for neural behaviour (f) Risk mapping of the port SE based on the damage capability against the damage probability for neural behaviour (see online version for colours) (a) (b) Benchmarking container port security risks Figure 5 393 (a) Risk mapping of the port se based on the will against the recovery difficulty for neural behaviour (b) Risk mapping of the port SE based on the will against the damage probability for neural behaviour (c) Risk mapping of the port SE based on the will against the damage capability for neural behaviour (d) Risk mapping of the port SE based on the damage probability against the recovery difficulty for neural behaviour (e) Risk mapping of the port SE based on the damage capability against the recovery difficulty for neural behaviour (f) Risk mapping of the port SE based on the damage capability against the damage probability for neural behaviour (continued) (see online version for colours) (c) (d) 394 Figure 5 D.I. Stavrou et al. (a) Risk mapping of the port se based on the will against the recovery difficulty for neural behaviour (b) Risk mapping of the port SE based on the will against the damage probability for neural behaviour (c) Risk mapping of the port SE based on the will against the damage capability for neural behaviour (d) Risk mapping of the port SE based on the damage probability against the recovery difficulty for neural behaviour (e) Risk mapping of the port SE based on the damage capability against the recovery difficulty for neural behaviour (f) Risk mapping of the port SE based on the damage capability against the damage probability for neural behaviour (continued) (see online version for colours) (e) (f) Benchmarking container port security risks 395 5.5 Consensus risks’ ranking using the Cook and Seiford method The model was tuned by the assistance of a team of four experts with relevant experience to port and security issues and the outcome was the ranking of potential security risks per their harmfulness. All experts come from different domains of the marine industry, e.g., from the police department, the security department, the port authorities and the logistic chain department to represent in the most accurate way the different perspectives of the port security industry. The different experts’ ordinal preferences were combined using the Cook and Seiford (1978) method to come up with a consensus scenarios’ ranking. A preference set was inferred through the FIS engine according to each expert’s risk ranking. The final ranking of the security risk scenarios was estimated by the minimisation of the summation of the absolute differences of the evaluation experts’ rankings from the assessed one (Spyridakos et al., 2001). The experts’ ordinal preferences, as well as the consensus ranking of the security risk scenarios, are shown in Table 4. More information regarding the steps of the implemented method can be found in Cook and Seiford, (1978). Table 4 Experts’ ordinal preferences and the consensus ranking of the security risk scenarios with the Cook and Seiford method EXT-CHA E1 E2 E3 E4 Cook & Seiford Aggr. ranking 6 6 6 6 6 6 VES-CHA 1 1 1 1 1 1 CARGO 3 3 3 3 3 3 EMPLOYEE 5 4 4 5 4 5 EXT-TER 4 5 5 4 4 4 VES-TER 2 2 2 2 2 2 The Cook and Seiford method give the same ranking in fourth place for security risk scenarios ‘EMPLOYEE’ and ‘EXT-TER’. To compare in a higher degree these scenarios, the aggregated values of the different experts’ evaluations are compared to each other under the assumption that the aggregation of each expert’s evaluation can give the total risk potential of the corresponding scenario. The relative results indicate that the ‘EXT-TER’ scenario with a total value of 3.221 takes the fourth place whereas the ‘EMPLOYEE’ scenario, with a total value of 3.198 takes the fifth place in the consensus ranking. Thus, the final ranking of the security risk scenarios is presented in the last column of Table 3. Moreover, the relative results for the different risk behaves are presented in Appendix B. 5.6 Sensitivity analysis of the FIS parameters Sensitivity analyses are a typical uncertainty analysis method used to quantify the uncertainties in relevant variables. Sensitivity analysis contributes in the better understanding of the relationships between input and output variables. Thus, to control the stability of the model, sensitivity analysis is conducted to determine the fluctuations of the risk factors (will, damage capability, damage probability, recovery difficulty) against the total output SE number. To do so, an irrigation procedure is performed: each time three out of the four risk factors are maintained constant in the 50% of their value 396 D.I. Stavrou et al. range, whereas the fourth risk factor changes the value from minimum to maximum range values. This process is repeatedly performed for the Sugeno’s FIS model. Finally, the values of the SE indicator are recorded and the corresponding results are depicted in a comparative way in Figure 6. Figure 6 Sensitivity analysis of the four security risk factors (see online version for colours) Notes: Each time three out of the four risk factors are maintained constant in the 50% of their value range, whereas the fourth risk factor changes the value from minimum to maximum range values. The picture shows the total output se number by changing each risk factor. 6 Results and discussion Undoubtedly, safety is mount ‘Everest’ for the maritime industry for more than one century. On the other hand, ports are clearly important to the national and global economies (Trepte and Rice, 2014). Despite that it was difficult to imagine a concept more important than safety, however, today; the concept of maritime security is widely spread all over the world and shares almost equally with safety, the concerns of the maritime community. Maritime security refers to the intentional violation of safety with the aim to harm the human life. To deal with maritime security threats security assessment is necessary to analyse the threats of high risks. A MSA is defined as the starting point for evaluating security risks and developing appropriate security measures when dealing with the multidimensional terrorism threats that jeopardise the security of maritime assets and/or facilities. Although the implementation of this work is restricted by the limitations taken in the work of Yang et al. (2009) who applied the FER for particular ports, nevertheless it is a framework that could be applied in any other case after defining the parameters such as the region of the ports of interest the special circumstances, etc. Thus, this methodological approach could be considered as a global method for the estimation of port security risks. Benchmarking container port security risks Table 5 Experts’ evaluations and Sugeno’s inference result for the three different types of attitude EXT-CHA VES-CHA CARGO EMPLOYEE EXT-TER VES-TER 397 E1 E2 E3 E4 W D R P 0.3 0.5 0.5 0.75 0.3 0.5 0.5 0.7 0.3 0.5 0.5 0.7 0.3 0.5 0.5 0.8 Aggressive Neutral Conservative 0.567 0.711 0.894 0.55 0.7 0.893 0.55 0.7 0.893 0.59 0.729 0.893 W D R P 0.7 0.86 0.85 0.75 0.7 1 0.5 0.75 0.72 0.9 0.8 0.8 0.7 0.92 0.85 0.8 Aggressive Neutral Conservative 0.998 0.998 1 0.923 0.924 0.959 0.999 0.999 1 0.999 0.999 1 W D R P 1 0.5 0.55 0.54 0.92 0.5 0.5 0.45 1 0.5 0.5 0.55 1 0.5 0.54 0.5 Aggressive Neutral Conservative W D R P Aggressive Neutral Conservative W D R P Aggressive Neutral Conservative 0.809 0.917 0.964 0.5 0.35 0.45 0.875 0.662 0.77 0.802 0.6 0.35 0.55 0.75 0.7 0.842 0.897 0.681 0.82 0.909 0.5 0.35 0.5 0.85 0.689 0.802 0.834 0.6 0.35 0.5 0.75 0.655 0.739 0.865 0.783 0.888 0.952 0.5 0.35 0.5 0.9 0.714 0.813 0.837 0.6 0.35 0.5 0.8 0.674 0.803 0.864 0.777 0.898 0.95 0.5 0.35 0.5 0.9 0.714 0.813 0.837 0.6 0.35 0.54 0.8 0.709 0.837 0.89 W D R P 0.7 0.7 0.55 0.875 0.7 0.74 0.5 0.85 0.72 0.75 0.5 0.9 0.7 0.75 0.54 0.9 Aggressive Neutral Conservative 0.938 0.942 0.974 0.904 0.906 0.958 0.915 0.916 0.959 0.941 0.942 0.972 398 D.I. Stavrou et al. The results presented hereafter in this section refer to the six potential security risk scenarios of Table 2. This paper proposes a novel approach to estimate the risk potential of six different security risk scenarios on four risk security factors for a port facility. A team of experts with experience to maritime security risks agreed to survey and rank each one of the risk scenarios about the four security risk factors (W, P, R and D) and according to the three-alternative risk behavioural approaches (conservative, neutral and aggressive). The experts’ opinion was expressed with different types of fuzzy numbers [see in ref. Yang et al. (2009), Table 5]. The fuzzy numbers were transformed to crisp values using the centroid method (Mizumoto, 1995). The crisp values of the security risk factors (W, D, R and P), as well as the outcome of the FIS model on the alternative risk behaviours, are presented in Table 5. To come up with consensus rankings the Cook and Seiford method were used for each case. Thus, the final consensus rankings for each risk behavioural approach are presented in Table 5. The latter results are compared with the results of a similar study of Yang et al. (2009) who used the FER method to rank the six security risk scenarios on the same risk factors. FER approach is an advanced approach with reliable results in risk assessment methodologies. The ranking of the FER approach is shown in the last column of Table 6. The applied FIS based on Sugeno’s methodology proposes an empirical evaluation approach rather than other fuzzy approaches such as fuzzy AHP, fuzzy TOPSIS, etc. The Sugeno’s methodology, as shown above, can inherently model nonlinear features which are a very strong point against the other traditional fuzzy methods listed above that mostly used to capture linear function of fuzziness of risk parameters. According to the results of Table 6, the ranking of the first three security risk scenarios (VES-CHA, VES-TER, CARGO) is consistent and independent of the methodological approach of the risk evaluation. In particular, the ‘VES-CHA’ scenario which corresponds to the scenario of conducting a vessel ‘suicide’ attack by the channel presents the highest level security risk scenario whereas VES-TER (conducting a vessel ‘suicide’ attack on the terminal) and CARGO (use a vessel as a mean to attack with bomb or hazardous cargo to the terminal) come in the second and third place accordingly. Thus, in case that the operators want to take additional security measures their efforts should concentrate on the control of the passing vessels. Table 6 Scenario ranking The ranking of the security risk scenarios for the different risk behavioural approaches Conservative risk approach Neutral risk approach Aggressive risk approach Yang et al. (2009) FER approach 1 VES-CHA VES-CHA VES-CHA VES-CHA 2 VES-TER VES-TER VES-TER VES-TER 3 CARGO CARGO CARGO CARGO 4 EXT-CHA EXT-TER EMPLOYEE EXT-TER 5 EXT-TER EMPLOYEE EXT-TER EMPLOYEE 6 EMPLOYEE EXT-CHA EXT-CHA EXT-CHA Moreover, the comparison of the results of the different risk behavioural approaches with those from the study of Yang et al. (2009) indicates that only the neutral attitude gives the same results. However, the FIS approach is recommended because it gives to the decision-makers the ability to come up with results from different risk perspectives, e.g., Benchmarking container port security risks 399 when they want to follow a more conservative or aggressive risk approach. The ability to rank security risk scenarios about the risk attitude of the experts adds extra value to the study of the MSA problems using the FIM method because operators can use an additional parameter with cultural roots to evaluate risk security threats in the maritime environment. In addition, fuzzy inputs in the two approaches are slightly different given in Yang et al (2009), linear membership was used while here curves are employed. Another observation from a technical aspect about the comparison of the FIS approach against the alternative FER method comes from the number of rules used for the inference process. The FIS model uses 108 fuzzy rules instead of the 320 rules associated with the FER approach. This gives some extra benefits to the use of the FIS method because the FIS method could be used also to more complex scenarios saving computational power and time consumption. However, the FER approach seems more computationally efficient than the FIS method because it uses the information of the experts’ opinion in the original fuzzy form without the possibility of losing any information. The latter does not work for the FIS modelling because the input data come from the transformation of the original fuzzy numbers to crisp values using the centroid method. Thus, when applying the Cook and Seiford method there is always the possibly to have risks of the same ranking and, in that case, extra assumptions should be taken for the final ranking. The results of the comparison between the FIS and the FER approach are summarised in Table 7. Table 7 Results of the comparison between the FIS and the FER approach Advantages Disadvantages FIS Offer behavioural approaches rules simplicity Possible loss of exp information FER No loss of exp information Offer only neutral behaviour rules complexity 7 Conclusions The aim of this paper was to apply an FIS model as a novel approach to risk assessment for port MSA. Results indicate that the selected factors can successfully be combined to map and estimate the security risks of port facilities. Hence, the proposed methodology can be used as a mean to assess the potential security threats to take the necessary measures to mitigate the security risk. Also, MSA seems to be an essential way to identify, assess and evaluate the potential port security risks to give the operations the necessary means to decide about the most effective measures to deal with potential security threats. In that sense, the MSA can provide a mean to keep the balance between economic and security concerns through the analysis of the potential commercial, economic benefits of security solutions. The enhancement of maritime security requires a long-term, coherent and sustainable research agenda that is based on the assessment and evaluation of the potential threats that can compromise the integrity of the waterborne supporting facilities. In this context, this paper focused on conducting, in a systematic way, a security risk assessment for port facilities to assist in the study of alleviating and/or mitigating the risk of a potential corresponding terrorism attack. In this study of port security risks, experts’ opinion has been used to define the security factors and next to evaluate the security risk scenarios. 400 D.I. Stavrou et al. The experts were generally in consensus regarding their evaluations; however, a matter of discussion and further research comes in case of disagreements where the need of the implementation of special techniques to cope with the uncertainty coming from experts’ bias is unavoidable. Thus, the implementation of other techniques from the discipline of the multi-criteria decision aid (MCDA) problems under uncertainty could be applied to examine in depth the concept of uncertainty coming from experts’ bias. Acknowledgements This work was partially supported by the ‘IKY fellowships of excellence for postgraduate studies in Greece-Siemens program’ in which the corresponding author currently participates. It is also supported by the EU Marie Curie IRSES ENRICH project (PIRSES-GA-2013-612546). References Alper, S.J. and Karsh, B-T. (2009) ‘A systematic review of safety violations in industry’, Accident Analysis and Prevention, Vol. 41, No. 4, pp.739–754, DOI: 10.1016/j.aap.2009.03.013. ATPSF (2012) Conference, Brochure, Kuala Lumpur [online] http://www.liquidlearning.com.au/ documents/NPS0212/NPS0212_Q.pdf (accessed 20–21 February 2012) Bichou, K. (2008) Security And Risk-Based Models In Shipping And Ports: Review And Critical Analysis, Discussion Paper 2008-20 © OECD/ITF. Bueger, C. (2015) ‘What is maritime security?’, Marine Policy, Vol. 53, pp.9–164. Carafano, J. and Kochems, A. (2005) Making the Sea Safer: A National Agenda for Maritime Security and Counterterrorism, Heritage Special Report SR-03, The Heritage Foundation. Chalk, P. (2008) The Maritime Dimension of International Security: Terrorism, Piracy, and Challenges for the United States, RAND, Santa Monica, CA. Chang, C-H., Xu, J., Song, D-P. (2016) ‘Impact of different factors on the risk perceptions of employees in container shipping companies: a case study of Taiwan’, International Journal of Shipping and Transport Logistics (IJSTL), Vol. 8, No. 4, pp.361–388. Cook, W.D. and Seiford, L.M. (1978) ‘Priority ranking and consensus formation’, Management Science, Vol. 24, No. 1, pp.59–73. Elsayed, T. (2010) Risk Assessment of Marine LNG Operations, Natural Gas, InTech, ISBN: 978-953-307-112-1. Fu, X., Ng, A.K.Y. and Lau, Y.Y. (2010) ‘The impacts of maritime piracy on global economic development: the case of Somalia’, Maritime Policy & Management, Vol. 37, No. 7, pp.677–697. Garibaldi, J. and John, R. (2003) ‘Choosing membership functions of linguistic terms’, Proceedings of the 2003 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE 2003), St. Louis, USA, May 2003. Goslin, C. (2008) Maritime and Port Security, White Paper, Duos Technologies, Inc. Hastings, J.V. (2009) ‘Geographies of state failure and sophistication in maritime piracy hijackings’, Political Geography, Vol. 28, No. 4, pp.213–223. Helmick, J.S. (2008) ‘Port and maritime security: a research perspective’, J. of Transportation Security, Vol. 1, No. 1, pp.15–28, DOI 10.1007/s12198-007-0007-3. Haimes, Y.Y. (2011) ‘On the complex quantification of risk: systems-based perspective on terrorism’, Risk Anal, Vol. 31, No. 8, pp.1175-86, 31 August 2011. Benchmarking container port security risks 401 ILO (2004) Security in Ports. ILO and IMO Code of Practice. Geneva, International Labour Office/London, International Maritime Organization, 2004, Safety, Occupational Safety, Port, Docker, Code of Practice, 15.06, ISBN 92-2-115286-3. IMO (2002a) Amendments to the Annex to the International Convention for the Safety of Life at Sea (SOLAS), 1974 as Amended, SOLAS/CONF.5/32, London, December 2002. IMO (2002b) International Code for the Security of Ships and Port Facilities, SOLAS/CONF.5/34, IMO, FAQ on ISPS Code and maritime security, London, December 2002 [online] http://www.imo.org/ (accessed 20 September 2007). IMO (2003) International Ship & Port Facility Security (ISPS) Code, 2003 and December 2002 Amendments to SOLAS, London. Kwesi-Buor, J., Menachof, D. and Talas, R. (2016) ‘Scenario analysis and disaster preparedness for port and maritime logistics risk management’, Accid. Anal. Prev., PubMed: 27491716, DOI: 10.1016/j.aap.2016.07.013 Mamdani, E.H. and Assilian S. (1975) ‘An experiment in linguistic synthesis with a fuzzy logic controller’, Int. J of Man-Machine Studies, Vol. 7, No. 1, pp.1–13. Mandal, S., Choudhury, J.P. and Chaudhuri, S.R.B. (2012) ‘In search of suitable fuzzy membership function of time series data’, Int. J of Computer Science Issues, Vol. 9, No. 3, pp.293–302. Männistö, T., Hintsa, J. and Urciuoli, L. (2014) ‘Supply chain crime – taxonomy development and empirical validation’, Int J of Shipping and Transport Logistics (IJSTL), Vol. 6, No. 3, pp.238–256. Mathworks, Inc. (2015) Fuzzy Logic Toolbox; User’s Guide, Natick, MA. Mizumoto, (1995) Improvement of Fuzzy Control Methods, Fuzzy Logic and Intelligent Systems, Springer, pp.1–16. Ng, A.K.Y. and Gujar, G.C. (2008) ‘Port security in Asia’, in Talley, W.K. (Ed.): Maritime Safety. Security and Piracy, LLP, London, pp.257–278. Ng, A.K.Y. and Vaggelas, G.K. (2012) ‘Port security: the ISPS code’, in Talley, W.K. (Ed.): The Blackwell Companion to Maritime Economics, pp.674–700, Blackwell, Hoboken, NJ. Rugy, V. (2009) ‘Applying strategic risk management to allocating resources for homeland security: a case example of port security’, Strategic Risk Management in Government: A Look at Homeland Security, pp.41–68 Shariff, D.N., Jayaraman, K., Shah, M.Z. and Saharuddin, A.H. (2016) ‘Service quality determinants of the container haulage industry: an empirical study in Malaysia’, Int. J. of Shipping and Transport Logistics, Vol. 8, No. 1 pp.66–80. Spyridakos, A. Siskos, Y., Yannacopoulos, D. and Skouris, A. (2001) ‘Multicriteria job evaluation for large organizations’, European Journal of Operational Research, Vol. 130, No. 2, pp.231–448. Sugeno, M. (1985) Industrial Applications of Fuzzy Control, Elsevier Science Pub. Co., Japan. Stavrou, D. and Ventikos, N. (2014) ‘Ship to ship (STS) transfer of cargo operations: risk assessment applying a fuzzy inference system (FIS)’, Int. J of Risk Analysis and Crisis Response, Vol. 4, No. 4, pp.214–227. Talas, R. and Menachof, D. (2014) ‘Using portfolio optimisation to calculate the efficient relationship between maritime port security residual risk and security investment’, Int. J. of Shipping and Transport Logistics (IJSTL), Vol. 6, No. 3, pp.314–338. Trepte, K. and Rice Jr., J.B. (2014) ‘An initial exploration of port capacity bottlenecks in the USA port system and the implications on resilience’, Int. J. of Shipping and Transport Logistics (IJSTL), Vol. 6, No. 3. UK Government (2014) National Strategy for Maritime Security, UK Government, London. Urciuoli, L. and Ekwall, D. (2015) ‘The perceived impacts of AEO security certifications on supply chain efficiency – a survey study using structural equation modelling’, Int. J. of Shipping and Transport Logistics (IJSTL), Vol. 7, No. 1, pp.1–20. 402 D.I. Stavrou et al. Yang, Z.L., Bonsall, S., Fang, Q.G. and Wang, J. (2005) ‘Formal safety assessment of container liner supply chains’, Proc. European Safety and Reliability Conference, ‘05, Tri-City, Poland. Yang, Z., Wang, J., Bonsall, S. and Fang, Q. (2009) ‘Use of fuzzy evidential reasoning in maritime security assessment’, Risk Analysis, Vol. 29, No. 1, pp.95–120, DOI: 10.1111/j.15396924.2008.01158. Yang, Z., Adolf, K.Y. and Ng, W.J. (2013) ‘Prioritising security vulnerabilities in ports’, Int. J. of Shipping and Transport Logistics (IJSTL), Vol. 5, No. 6, pp.622–636. Yang, Z., Ng, A.K.Y. and Wang, J. (2014) ‘A new risk quantification approach in port facility security assessment’, Transportation Research Part A: Policy and Practice, Vol. 59, pp.72–90. Zadeh, LA. (1965) ‘Fuzzy sets’, Information and Control, Vol. 8, No. 3, pp.338–353. Zhao, J. and Bse, B. (2002) Evaluation of Membership Functions for Fuzzy Logic Controlled Induction Motor Drive, IEEE. Appendix A Fuzzy rule matrixes for different behavioural approaches The fuzzy rule matrixes for aggressive attitude against potential security risk threats. Table 8(a) Will against damage capability Negligible Moderate Critical Catastrophic Very weak L L M H Weak L L M H Average L M M H Strong M M H H Very strong H H H H Unlike Average Likely Definite L L M H Table 8(b) Will against damage probability Very weak Weak L L M H Average L M H H Strong M M H H Very strong H H H H Table 8(c) Very weak Weak Average Strong Very strong Will against recovery difficulty Easy Average Difficult Extremely difficult L L L M H L L M M H M M M H H H H H H H Benchmarking container port security risks 403 Table 8(d) Damage capability against damage probability Unlike Average Likely Definite Negligible L L M H Moderate L L M H Critical M M M H Catastrophic M H H H Table 8(e) Damage capability against recovery difficulty Easy Average Difficult Extremely Negligible L L M H Moderate L L M H Critical M M M H Catastrophic M H H H Table 8(f) Damage probability against recovery difficulty Easy Average Difficult Extremely difficult Unlike L L M H Average L L M H Likely M M M H Definite M H H H The fuzzy rule matrixes for conservative attitude against potential security risk threats. Table 9(a) Will against damage capability Very weak Negligible Moderate Critical Catastrophic L M H H Weak L M H H Average L M H H Strong M M H H Very strong H H H H Average Likely Definite Table 9(b) Will against damage probability Unlike Very weak L M H H Weak L M H H Average L M H H Strong M M H H Very strong H H H H 404 D.I. Stavrou et al. Table 9(c) Will against recovery difficulty Easy Average Difficult Extremely difficult L M H H Very weak Weak L M H H Average L M H H Strong M M H H Very strong H H H H Table 9(d) Damage capability against damage probability Unlike Average Likely Definite L M H H Negligible Moderate L M H H Critical M M H H Catastrophic M H H H Table 9(e) Damage capability against recovery difficulty Easy Average Difficult Extremely L M H H Negligible Moderate L M H H Critical M M H H Catastrophic M H H H Table 9(f) Damage probability against recovery difficulty Easy Average Difficult Extremely difficult L M H H Average L M H H Likely M M H H Definite M H H H Unlike Appendix B Consensus in ranking for different risk behaviours using the Cook and Seiford method The experts’ ordinal preferences and the consensus ranking of the security risk scenarios after the implementation of the Cook and Seiford method for both the conservative and aggressive risk behaviour are presented in the following Tables 10 and 11. Benchmarking container port security risks Table 10 405 Experts’ ordinal preferences and the consensus ranking of the risk scenarios using the Cook and Seiford method for the conservative risk approach E1 E2 E3 E4 Consensus ranking Cook and Seiford EXT-CHA 5 4 4 4 4 VES-CHA 1 1 1 1 1 CARGO 3 3 3 3 3 EMPLOYEE 6 6 6 6 6 EXT-TER 4 5 5 5 5 VES-TER 2 2 2 2 2 Table 11 Experts’ ordinal preferences and the consensus ranking of the risk scenarios using the Cook and Seiford method for the aggressive risk approach E1 E2 E3 E4 Consensus ranking Cook and Seiford EXT-CHA 6 6 6 6 6 VES-CHA 1 1 1 1 1 CARGO 3 4 3 3 3 EMPLOYEE 5 3 4 4 4 EXT-TER 4 5 5 5 5 VES-TER 2 2 2 2 2