As a result of ongoing commercial challenges and regulatory changes in the maritime industry, maritime organisations are undergoing many radical strategic and business model changes, including the drive to modernise outdated business processes. One of the prominent approaches for driving efficiencies, reducing costs and gaining competitive advantages has been through technological innovation. An existing example is the adoption of Electronic Chart Display and Information System (ECDIS), whilst the industry is also on the brink of numerous other developments, ranging from the paperless ship, to 24/7 ship internet connectivity and possibly even the contentious ‘driverless ship’.
As a software development company engaged in the maritime industry, some of the more intriguing aspects of the maritime technology landscape are the interlinked possibilities around electronic certification, online verification and the facilitation of the ‘paperless ship’.
Electronic certification and online verification of certificates increasingly is a topic of conversation with our contacts and clients (no longer something confined to the watercooler), which are also being accelerated by regulatory changes. However, despite the obvious benefits of electronic certification we are discovering that true digitisation is not necessarily being embraced as quickly as one might expect.
So, why not stick with paper, after all it has worked for hundreds of years?
Typically, the process for issuing paper certificates, or similar documents, involves a number of inherent inefficiencies in the modern world, as outlined below:
1. Manual processes: reliance on printing, stamping and posting in this modern technology age is inefficient, lengthy and costly.
2. Risk of Certificate loss: due to the nature of manual delivery, certificates can be lost and damaged during postage, leading to Port State Control (PSC) incidents, with the International Maritime Organization (IMO) having documented such cases.
3. Administrative burden: paper certificates contribute to the administrative burden placed upon ships’ masters, PSC as well as ship registries. In fact, they place a burden on anybody who has to engage with them in the overall process.
4. Security issues: identification of an ‘original’ gets more challenging and onerous, leading to exposure to forgery, particularly where validity and anti-forgery processes are not kept up-to-date.
With respect to security, the simple fact is that paper certificates are inherently insecure. In fact, certificate fraud is a well-documented issue, to the extent that the IMO itself has previously stated that this issue risks undermining the STCW convention.
A major study into Certificate of Competence (CoC) fraud by the UK Maritime & Coastguard Agency (MCA) also highlighted the vulnerability of paper certificates, with fraud occurring through:
• Counterfeit documents or their alteration (60%)
• Falsification of records (30%)
• Cloning or impersonation (10%)
Part of the issue with certificate fraud is that there appears to be no consistent certificate format or approach to verifiable features, making it extremely difficult, for example, for PSC inspectors to verify a document’s authenticity.
Meanwhile, new 2017 IMO regulations really focus the need to deal with the absence of online verification capabilities across the industry. Many regulatory flags, managers and crewing agents still struggle to check certificate validity before issuing an endorsement or providing employment, carrying an ongoing administrative burden as a result. New electronic certification verification processes should deal with the latter issue too.
Does regulation support the use of electronic certificates/documents?
The IMO’s Guidelines for the use of Electronic Certificates, issued in April 2016, does not appear to have focused stakeholder’s attention on widespread adoption, despite many in the industry already recognising the value of electronic certificates. However, the industry regulators and advisory bodies including IMO and FAL, who strive to ensure that all relevant maritime industry stakeholders use the highest practicable degree of uniformity in their formalities and other procedures, are very much providing and driving regulatory changes to allow this to happen.
The latest Facilitation Committee (40th session April 2016 – FAL 40) recommended changing the IMO Procedures for Port State Control so that electronic certificates are considered equivalent to paper certificates, including providing guidance for accepting certificates delivered via a website through the ship’s computer. This is a real step change and means that if the stakeholders (e.g. ship owners; flag states; Recognised Organisations) use electronic certificates, PSC officials could be viewing them either on the ship computer or possibly through their own devices, without needing to request a printed copy. As a result, the industry needs to be in a position to ensure that the ship has both the procedures and capability to verify certificates on-board if, for example, a PSC official questions a document’s authenticity.
Safeguards put in place at FAL40 are intended to encourage the acceptance of electronic versions and to help deal with the real-world issue that in some regions the electronic version is still routinely questioned. The IMO guidelines stipulate that ‘e-certificates’ must include a unique tracking number or reference and also be protected from modifications, which are both capabilities that the IT world is already very familiar with.
That the top industry bodies are putting in place the necessary provisions to ensure that industry can accept electronic certificates and documentation has been qualified by Roger Butturini, Chair of the ‘Working Group on Electronic Means for the Clearance of Ships of the FAL Committee’. Roger explained to us that: “FAL’s main goal in developing the FAL40 Circular was to remove barriers to the use of electronic certificates. We fairly quickly determined that the challenge to using electronic certificates was not a technological one, but a policy decision predicated on acceptance by Port State Control Officials. Otherwise, the advantages of electronic certificates are unquestionably preferred to paper certificates.”
The significant point here is, that from a pure technology perspective, enabling the solutions for true electronic certification and online verification are all very achievable, however the challenges of engagement, acceptance and business change represent the greater hurdles.
How technology can address these issues
The challenge here is not dissimilar to electronic documentation, digitisation and online service changes that have been faced in other industries, where such technology already exists. However, people need to know how to use it, what to use and be able to trust it.
Within PDMS Maritime’s MARIS ship registries platform, we are launching new functionality which includes generating electronic signatures and unique tracking numbers for every new version of a certificate, to protect against counterfeiting of documents. The use of cryptography aligned with the inbuilt security within the platform will further protect documents from being modified, altered or falsified.
The issue of ensuring a document comes from a trusted source and hasn’t been modified since being issued are both neatly dealt with by digitally signing the document with what is termed a security-certificate. In an unfortunate clash of terminology, this has nothing to do with a pen and paper signature, nor a vessel or seafarer certificate. These security-certificates are issued by global authorities that certify the validity of the certificate and any documents signed using it. The ‘security-certificate’ in this case is electronic data issued and held by an accredited certificate authority.
This can be thought of as a set of keys used to encrypt and decrypt an electronic document. In each case, there are two keys. The first, a private key, is held securely with the authority and is used by the platform to create and encrypt the digital signature of a document. The second is a public key which is freely available to anyone requiring it and is used by an eDocument reader to decrypt the digital signature which consequently validates the contents and origin of the document. Details of the signature are then displayed to anyone viewing the document to indicate that it is authentic and has not been tampered with.
Once a signature is created it can only be read by using the public key. The origin of the public key can be verified with the certificate authority ensuring the signature was generated by the private key that was issued to the ship registry, or creator. So, once digitally signed, documents are truly ‘read only ‘and cannot be modified.
Benefits of e-Certification and online verification
There are considerable benefits of e-Certification and e-Verification for stakeholders throughout the industry. It can significantly reduce the administrative burden placed upon ship’s masters and all stakeholders, as well as eliminating the need to courier certificates, or e-mail unsecured attachments all around the world, reducing unnecessary costs and service lead times.
Furthermore, online verification (including for printed hard copies) will also enable key stakeholders, e.g. PSC and ship registries, to type in the unique document tracking code and receive an instant digital authentication. This significantly reduces the amount of time spent manually requesting verifications of a certificate or document.
In parallel, the ability to access an electronically stored certificate 24/7 from anywhere in the world and from any device is hugely beneficial for industry stakeholders including: owners; crewing agents; management companies and ship managers, to name a few.
Barriers to uptake and trusting technology
Despite the clear benefits of e-Certification and e-Verification, there are a number of barriers which can still lead to a reluctance to embrace them – with similar resistances experienced when aiming to move away from paper through both the Maritime Single Window project and ECDIS. One of the primary issues has been acceptance, with legitimate concerns that PSC can be reluctant in many cases to accept e-Certificates. However, the recent IMO/ FAL guidance means the drive for acceptance should be further empowered and so this should no longer be seen as a barrier. In our experience, another key issue which has led to slow engagement has been general concern from the maritime industry with respect to cyber-security implications.
However, as this paper has set out to articulate, the technology is not the real problem and has been proven in other industries. So, resolving these issues is already in the domain of technology experts which should leave maritime businesses, including PSC and ship registries, for example, to focus on their core business activities with the confidence that they shouldn’t need to worry about the technology. The real challenge in the maritime industry is one of full engagement, acceptance and business process change.
These represent the greater hurdles, even with the FAL and IMO recommendations. In the broader maritime technology landscape, it is also important to consider e-Certification and online verification, along with the complete stakeholder engagement, in the wider context of the ‘paperless ship’. Electronic certificates are certain to become the norm, aided significantly by provision of viable 24/7 connectivity on board ships, which to many is no longer viewed as a luxury but a necessity.
Full engagement with e-Certification and electronic documentation will not only improve service provision, efficiencies and quality across the industry but will also provide modern tools to address increasing service expectations whilst still under the ever-present commercial challenges. It must surely be embraced.
Source: PDMS Maritime
Reblogged this on Brittius.
Reblogged this on Mar Equinoccial and commented:
Troublesome paper certificates and why the maritime industry must embrace e-Certificates