Maritime Transportation Security Act - Essay Example

Page Maritime Transportation Security Act - The Requirements for Maritime Vessel and Facility Plans and Assessments in 33CFR104 and 105 Table of Contents Title Page i Table of Contents ii Introduction 1 Starting on the Wrong Foot 2 Systems View of Maritime Transport System: Parts 104 and 105 3 Conclusions 7 Reference List 9 Appendix A: Code of Federal Regulations (CFR) Outline 12 Appendix B: Vessel Security Plan (VSP) Requirements (Ref. 33 CFR 104.405) 14 Appendix C: Facility Security Plan (FSP) Requirements (Ref. 33 CFR 105.405) 15 Table 1: Key Activities of MTSA 2002 16 Figure 1: Concept for MTS Security Net 17 Introduction This paper is an analysis from a security management perspective of some provisions of the Maritime Transportation Security Act of 2002 (MTSA 2002), namely the requirements for maritime vessel and facility plans and assessments contained in Subpart B of Title 33: Parts 104 and 105. The paper's main objectives are (1) to comment on these provisions aimed at minimizing any form of security breach and (2) suggest potential improvements. MTSA 2002 was a radical improvement in security preparedness for America's maritime ports which, prior to 9/11, focused on navigation and safety issues such as dredging channels and environmental protection. While the attacks focused attention on our aviation system's vulnerability, it became obvious that our maritime domain needed greater attention. Besides being gateways through which dangerous materials could enter, ports are attractive targets because they are often large and sprawling, accessible by water and land, close to crowded centers, and interwoven with highways, roads, factories, and businesses (Flynn, 2004). Security is made difficult by the number of stakeholders involved in port operations, which include local, state, and federal agencies; multiple law enforcement jurisdictions; transportation and trade companies; factories and other businesses. The MTSA imposed an ambitious schedule of requirements on federal agencies and called for a comprehensive framework that included planning, personnel security, and careful monitoring of vessels, facilities, and cargo. Table 1 contains the MTSA's key security-related activities. However, "Haste makes waste", and the urgent nature of the legislative and implementation efforts of the MTSA 2002 proved this to be true (Bouchard, 2005; Ervin, 2006; Haveman et al., 2007). Starting on the Wrong Foot The MTSA 2002, through the Department of Homeland Security (DHS), gave the U.S. Coast Guard (USCG) lead responsibility for most of its requirements. Timetables for implementing the provisions were tight, and adding difficulty was the need to implement MTSA after the most extensive federal reorganization after the Second World War. Most of the 22 agencies with MTSA responsibilities were reorganized into the DHS in March 2003, less than 5 months after enactment. Some departments such as the Transportation Security Agency (TSA) were new, while others such as the USCG, Customs Service, and the Immigration and Naturalization Service were transferred from various executive departments. This recombination of organizational cultures and the need to coordinate with other agencies such as the State, Transportation, and Justice Departments introduced complex chains of command and reporting responsibilities (MTSA,2002; DHS, 2005; USCG, 2007). The deadline for implementing MTSA of July 1, 2004 was tight. Unlike other areas of critical infrastructure security where the government was unwilling to set clear mandates for the private sector and push for meaningful change, the MTSA was a catalyst for action. Unfortunately, in the face of unrealistic deadlines and disjointed implementation milestones, good intentions were not necessarily translated into greater security at the pier. And to add insult to injury, the USCG not only proved incapable of managing the projects designed to improve its capability but became open to graft and corruption and overspending (Economist 2007, p. 36). The priorities established for maritime transportation security plans also wrongly assumed that all ports, facilities and vessels are equally vulnerable to attack and that all need to be protected to the same security standard. Several experts (Clyne, 2003; Bouchard, 2005; Ervin, 2006) observed that a risk-based approach that took actual terrorist threats into account and that concentrated on risks with the gravest consequences would have been more secure and economical. Systems View of Maritime Transport System: Parts 104 and 105 MTSA 2002 considered the Maritime Transport System (MTS) as complex, with many types of assets, operations, and infrastructure and a diverse set of stakeholders. The MTS from a systems perspective is a network of operations that interface with shore side operations at intermodal connections as part of overall global supply chains or domestic commercial operations (Figure 1). The various maritime operations within the MTS operating network have components that include vessels, port facilities, waterways and waterway infrastructure, intermodal connections, and users that share critical interfaces with each other and with overarching information systems such as maritime commerce systems and Maritime Domain Awareness (MDA) systems. The maritime domain of the U.S. includes 361 commercial ports with roughly 3,700 maritime facilities, cargo and passenger terminals, and approximately 60,000 ships that arrive annually, including about 8,100 foreign flag vessels. Although cargo, container and supply chain security are considered, these important issues are only tangentially covered. Improving MTS security must focus on four primary elements: (1) Component Security: MTS component security ensures that the individual physical components (e.g., vessels, vehicles, facilities, infrastructure items, and cargo) have measures in place to prevent exploitation and to protect against attack. (2) Interface Security: MTS interface security addresses the potential for corruption between modes of transportation and at key interactions between MTS components. (3) Information Security: MTS information security ensures that key data systems are (1) not corrupted or exploited by terrorists, and (2) continually available to support maritime operations (including security management functions). (4) Network Security: Network security is the "big picture view" that focuses on enhancing security through the overarching systems that drive the MTS as a whole. Understanding the MTS as a system of systems helps in developing the strategic efforts to fulfill the vision to improve its security (GAO, 2003; DHS, 2005). MTSA 2002 Title 33 (Navigation and Navigable Waters) includes Parts 104 and 105 (Appendix A), which refer to the Component Security element of the MTS: vessels and vehicles (Part 104), facilities (Part 105), and the security handling of cargo (104.275 and 105.265). These are critical to MTSA's success because by requiring vessel owners and operators to take steps toward reducing the risks of someone or something carried on their ship causing or being used to cause intentional damage to other vessels or facilities, they provide a frontline for security initiatives that contributes to the over-all safety of the MTS. The primary components of the MTSA are the security plans that are required and mandated in Parts 104 and 105 for ports, vessels, and offshore installations. Under MTSA 2002, ships will be required to have USCG-approved Vessel Security Plans (VSPs); port facilities need to have Facility Security Plans (FSPs) as well. Vessel owners or operators submit VSPs to the USCG for approval following the requirements (MTSA 2002, 33 CFR 104 addresses "Vessel Security"). This is applicable to most vessels destined for or departing from a port or place subject to U.S. jurisdiction, and any cargo or passenger vessel subject to SOLAS, as well as foreign commercial vessels greater than 100 tons not subject to SOLAS1. By July 1, 2004, all vessel owners or operators must ensure their vessels carry a VSP approved by the USCG before entering a U.S. port following the requirements of Subpart B (33 CFR 104.200 ff.), which impose several duties. Although the regulations include specific requirements, generally speaking the Masters are required to use their best judgment to ensure the safety and security of their vessels, passengers and crew. The Master must also inform the USCG and any relevant foreign government if the vessel is on a foreign voyage, and of course, report any security incidents. 33 CFR 104.210 also addresses Company Security Officers' (CSO) extensive duties. The CSO must meet the qualifications set forth and is generally responsible for administering and ensuring overall compliance with MTSA for the vessel owner or operator and all the vessels in its fleet. In addition 33 CFR 104.215 requires that the Vessel Security Officer (VSO) meet the qualifications and be a member of the crew of the vessel for which s/he is responsible. In general terms, the VSO is responsible for enforcement of the VSP on the vessel(s) for which he/she serves. Subpart C addresses Vessel Security Assessment/Reporting requirements. Subpart D is on details of the Vessel Security Plan (VSP) (33 CFR 104.400), which follow the format set out in 104.405 (17 sections as in Appendix B). The VSP must describe how the requirements of Subpart B are met, and include the use of Transportation Security Cards to ensure that no unauthorized personnel can gain access to "secure areas" of vessels or facilities. Cards will be issued to individuals who meet the requirements. Generally, they will be denied if the individual poses a security risk or for other reasons such as having a criminal background or illegal immigration. Persons who do not carry a Transportation Security Card may not access the vessel's "secure areas" unless accompanied by someone with one (USCG, 2007). Due to the volume of persons and cargo that passes through terminal facilities in the U.S., the MTSA provides specific regulations for such facilities in 33 CFR Part 105. This applies to facilities that receive (1) vessels certified to carry more than 150 passengers; (2) vessels subject to SOLAS and/or (3) vessels greater than 100 tons (including vessels navigating solely on the great Lakes) and; (4) most barge fleets. However, it specifically excludes from application U.S. military facilities and oil and gas production facilities regulated by 33 CFR 126 or 154 if they are engaged exclusively in the exploration, development or production of oil and/or gas and they are not located on the Outer Continental Shelf and otherwise covered by 33 CFR 106.105. The compliance dates for facility owners or operators are the same as those for vessel owners and operators (July 1, 2004). Facilities owners or operators must make the following documents available to the USCG upon request: the approved Facility Security Plan (FSP) with approved amendments and a letter of approval from the local USCG Captain of the Port (COTP) dated in the prior 5 years; if FSP not yet approved, the FSP submitted for approval and a letter from the COTP stating the Coast Guard is reviewing FSP and that the facility may continue to operate in compliance with submitted FSP; or for facilities operating under a Coast Guard approved Alternate Security Plan, a copy of the plan and letter signed by the facility owner or operator identifying which plan is being used and that the facility is in full compliance with that plan (MTSA, 2002). Subpart B (33 CFR 105.200 ff.) places requirements on facility owners and operators similar to those imposed on vessel owners and operators. These require the facility owner or operator to ensure that the facility operates in compliance with the regulations; define the security organizational structure and provide necessary support to all personnel exercising security functions; designate a Facility Security Officer (FSO) and identify how they can be contacted at all times; ensure that a Facility Security Assessment (FSA) is conducted; ensure development and submission for approval of a Facility Security Plan (FSP); ensure compliance with FSP; ensure adequate coordination of security issues between the facility and vessels calling at it, including the execution of a Declaration of Security (DoS); ensure coordination of shore leave or crew changes as well as access though the facility for visitors to the vessel, all in advance of a vessel's arrival; ensure compliance with all changes in MARSEC Level within 12 hours of notice; and report all breaches of security and security incidents to the national Response Center. Likewise, 105.205 enumerate Qualifications (subpart (b)) and Responsibilities (subpart (c)) of the FSO. Similar to the CSO and VSO on vessels, the FSO has responsibility for ensuring the development and implementation of the FSA and the FSP, as well as training personnel and maintenance of security equipment, security drills and annual exercises, reporting of security incidents, maintenance of the required records and coordinating with and assisting VSOs regarding identification of visitors passing through the facility. There are detailed instructions on how the FSO complies with these requirements (33CFR 105.210 to 296). Subpart C 33 CFR 105.300 ff. addresses the Facility Security Assessment (FSA) consisting of required background information about the person preparing the FSA, the facility itself and its personnel, an on-scene survey/analysis of information. FSA preparation can be sub-contracted as long as the FSO reviews and accepts the final FSA before its submission to the COTP. Appendix C outlines these requirements. Parts 104 and 105 conform to a systems-oriented security regime built upon layers of protection and defense-in-depth that reduces critical system security risks while preserving MTS functionality and efficiency. Understanding the most effective security risk management strategies involves cooperation and participation of both domestic and international stakeholders acting at strategic points in the system. Regulations aim to improve security via cohesive efforts involving stakeholders to support the view that MTS is best expressed as a series of nets providing layers of protection to manage security risks (Fig. 1). Conclusions Increased emphasis on port security is warranted by the importance of maritime transport to the U.S. economy, which makes its safety a daunting challenge, more so in this era of "just in time delivery" that greatly increases the importance of protecting maritime transportation from disruption. Factories, wholesalers and retailers no longer maintain large inventories in warehouses due to the cost of storing them and the emphasis on speed, letting shipping systems act as virtual warehousing facilities. This helped increase productivity and profitability for U.S. companies and reduced the cost of goods, but it has increased the vulnerability of the U.S. economy to disruption of international trade or maritime transport (WSC, 2003; Clyne, 2003; Flynn, 2004; MI-5, 2006; Haveman et al, 2007). Estimates of the economic impact that a terrorist attack on a seaport would have, particularly if the federal response were to shut down all shipping, range between $6.3 billion to $19.4 billion. A DHS estimate of a terrorist attack on U.S. ports begins with an immediate daily loss between $1.5 and $2.7 billion, rising to $5 billion after 3-5 days. After 45 days, perhaps even sooner, the U.S. economy collapses into an unprecedented depression due to a severe energy crisis, widespread shortages and rampant price gouging by the energy industry. While estimates of the economic cost of a terrorist attack on the maritime transport system vary depending on the many variables involved and assumptions used, the stakes are clearly enormous (White, 2002; McCrie, 2003; DHS, 2005). On the other hand, multiplying the bureaucratic requirements can make the problem worse. A proposed solution revolves around a simpler conceptual framework to maritime security that would ensure minimal loss of efficiency in the system: (1) emphasize risk assessments focused on the threat and consequences of a terrorist attack rather than vulnerability; (2) increase attention to continuity of operations to enable the maritime transportation security system to recover quickly in the event of a terrorist attack, reducing the economic consequences of a severe disruption, thereby denying attackers their central strategic goal; (3) introduce better technology, including radiation detection, global positioning, and the scanning of smart shipping containers at the world's leading ports to prevent the nightmare scenario - a nuclear bomb in a box; and (4) strengthen enforcement of supply chains through no-notice Customs inspections and annual third-party security audits. Port security is a national imperative and requires a national approach. Since the benefits of maritime operations extend to 50 states, there should be a system where the costs of better security are shared across the country. That is what a genuine partnership really does. Federal government, states, municipalities and private owners and operators are all players in the global commerce system and must help secure it, but only the government can set appropriate mechanisms to spread the burden across the system, making it sustainable in the long-term. As current provisions fail to achieve that goal, a new approach is needed. MTSA 2002 addressed the neglect of maritime security, but recent experiences show that flaws must be corrected to achieve effective security and strengthen the ability to minimize the consequences of a terrorist attack. MTSA implementation has been hampered by the government's misstep of focusing on measures that are too wide, detailed, and stringent, making compliance difficult, leaving our ports less secure and more vulnerable than ever. Reference List Asis International (2004). Threat advisory system response guideline: Considerations and potential actions in response to the Department of Homeland Security Advisory System. Document ASIS GDL TASR 09-2004. Alexandria, VA: Asis International. Bouchard, J. F. (2005). "New strategies to protect America: Safer ports for a more secure economy". Homeland security: Critical infrastructure strategy series. Washington, DC: Center for American Progress. Clyne, R. (2003). "Terrorism and port/cargo security: Developments and implications for cargo recoveries". Tulane Law Review, 77 (5/6), 1183-1222. Economist (2007, April 21). "In Deepwater". London: The Economist, 36. Ervin, C.K. (2006). Open target: Where America is vulnerable to attack. New York: Palgrave Macmillan. Flynn, S. (2004). America the vulnerable: How our government is failing to protect us from terrorism. New York: Harper Collins. GAO (2003, September 9). "Maritime security: Progress made in implementing maritime transportation security act, but concerns remain". Statement of Margaret Wrightson Director, Homeland Security and Justice Issues. Report GAO-03-1155T. Washington, DC: GAO. Haveman, J.D., Jennings, E.M., Shatz, H.J. & Wright, G.C. (2007). The container security initiative and ocean container threats. Journal of Homeland Security and Emergency Management, 4 (1), Article 1. Maritime Transportation Security Act of 2002 (2002). Public Law 107-295 of November 25, 2002. Washington, DC: U.S. Government Printing Office. McCrie, R.D. (ed.) (2003). Readings in security management: Principles and practices. Washington, DC: Asis International. MI-5 (2006). Protecting against terrorism. London: National Counter Terrorism Security Office. National Research Council (2002). Making the nation safer: The role of science and technology in countering terrorism. Washington, DC: National Academies Press. U.S. Coast Guard (USCG) (2007). Code of Federal Regulations. Volume 33 (1): Navigation and Navigable Waters. Washington, DC: USCG. U.S. Department for Homeland Security (DHS) (2005). Maritime transportation system security recommendations for the national strategy for maritime security. Washington, DC: DHS. White, J. (2002). Terrorism: An introduction, 2002 update (4th Ed.). Stamford, CT: Wadsworth-Thomas Learning. World Shipping Council (2003, July 31). Comments of the World Shipping Council before the United States Coast Guard in the matter of maritime security temporary interim rules: Docket numbers: USCG-2003-14792; USCG-2003-14733; USCG-2003-14749; USCG-2003-14732; and USCG-2003-14757. Washington, DC: WSC. Appendix A: Code of Federal Regulations (CFR) Outline Title 33: Navigation and Navigable Waters. Part 104: Maritime Security: Vessels (Source: USCG, 2007) Subpart A: General 104.100Definitions 104.105Applicability 104.106xxx 104.107xxx 104.110Exemptions. 104.115Compliance 104.120Compliance documentation 104.125Noncompliance 104.130Waivers 104.135Equivalents 104.140Alternative Security Programs 104.145Maritime Security (MARSEC) Directive 104.150Right to appeal Subpart B: Vessel Security Requirements 104.200Owner or operator 104.205Master 104.210Company Security Officer (CSO) 104.215Vessel Security Officer (VSO) 104.220Company or vessel personnel with security duties 104.225Security training for all other vessel personnel 104.230Drill and exercise requirements 104.235Vessel recordkeeping requirements 104.240Maritime Security (MARSEC) Level coordination and implementation 104.245Communications 104.250Procedures for interfacing with facilities and other vessels 104.255Declaration of Security (DoS) 104.260Security systems and equipment maintenance 104.265Security measures for access control 104.267xxx 104.270Security measures for restricted areas 104.275Security measures for handling cargo 104.280Security measures for delivery of vessel stores and bunkers 104.285Security measures for monitoring 104.290Security incident procedures 104.292Additional requirements-passenger vessels and ferries 104.295Additional requirements-cruise ships 104.297Additional requirements-vessels on international voyages Subpart C: Vessel Security Assessment (VSA) 104.300General 104.305Vessel Security Assessment (VSA) requirements 104.310Submission requirements Subpart D: Vessel Security Plan (VSP) 104.400General 104.405Format of the Vessel Security Plan (VSP) 104.410Submission and approval 104.415Amendment and audit Title 33: Navigation and Navigable Waters. Part 105: Maritime Security: Facilities (Source: USCG, 2007) Subpart A: General 105.100Definitions 105.105Applicability 105.106Public access areas 105.110Exemptions 105.115Compliance dates 105.120Compliance documentation 105.125Noncompliance. 105.130Waivers 105.135Equivalents 105.140Alternative Security Program 105.145Maritime Security (MARSEC) Directive 105.150Right to appeal Subpart B: Facility Security Requirements 105.200Owner or operator 105.205Facility Security Officer (FSO) 105.210Facility personnel with security duties 105.215Security training for all other facility personnel 105.220Drill and exercise requirements 105.225Facility recordkeeping requirements 105.230Maritime Security (MARSEC) Level coordination and implementation 105.235Communications 105.240Procedures for interfacing with vessels 105.245Declaration of Security (DoS) 105.250Security systems and equipment maintenance 105.255Security measures for access control 105.257Security measures for newly-hired employees 105.260Security measures for restricted areas 105.265Security measures for handling cargo 105.270Security measures for delivery of vessel stores and bunkers 105.275Security measures for monitoring 105.280Security incident procedures 105.285Additional requirements-passenger and ferry facilities 105.290Additional requirements-cruise ship terminals 105.295Additional requirements-Certain Dangerous Cargo (CDC) facilities 105.296Additional requirements-barge fleeting facilities Subpart C: Facility Security Assessment (FSA) 105.300General 105.305Facility Security Assessment (FSA) requirements 105.310Submission requirements Subpart D: Facility Security Plan (FSP) 105.400General 105.405Format and content of the Facility Security Plan (FSP) 105.410Submission and approval 105.415Amendment and audit Appendix A to Part 105-Facility Vulnerability and Security Measures Summary (Form CG-6025) Appendix B: Vessel Security Plan (VSP) Requirements (Ref. 33 CFR 104.405) 1. Security organization of the vessel; 2. Personnel Training; 3. Drills and exercises; 4. Records and documentation; 5. Response to changes in the MARSEC Level; 6. Procedures with interfacing with facilities and other vessels; 7. Declarations of Security; 8. Communications; 9. Security systems and equipment maintenance; 10. Security measures for access control; 11. Security measures for restricted areas; 12. Security measures for handling cargo; 13. Security measures for delivery of vessels stores and bunkers; 14. Security measures for monitoring; 15. Security incident procedures; 16. Audits and Vessel Security Plan amendments; 17. Vessel Security Assessment Report. Appendix C: Facility Security Plan (FSP) Requirements (Ref. 33 CFR 105.405) 1. Security administration and organization of the facility; 2. Personnel training; 3. Drills and exercises; 4. Records and documentation; 5. Response to change in MARSEC level; 6. Procedures for interfacing with vessels; 7. Declaration of Security (DoS); 8. Communications; 9. Security systems and equipment; 10. Security measures for access control including designated public access areas; 11. Security measures for restricted areas; 12. Security measures for handling cargo; 13. Security measures for making delivery of vessel stores and bunkers; 14. Security measures for monitoring; 15. Security incident procedures; 16. Audits and security plan amendments; 17. FSA reports; 18. Facility Vulnerability and Security Measures Summary (Form CG-6025). Table 1: Key Activities of MTSA 2002 [Source: GAO-03-1155T, 2003, p.4] Figure 1: Concept for MTS Security Net [Source: DHS, 2005, p.3] Read More