On the final day of our 2023 Security Symposium, Captain Andy Meyers, CG-FAC, served as our morning keynote speaker.  Captain Meyers is the program manager at Coast Guard Headquarters for the Coast Guard’s facility inspection program, including safety, security, and environmental standards.

Captain Meyers addressed several important security topics, including cyber, TWIC, and the growing use of drones in and around waterfront facilities.  Captain Meyers also discussed recovery and resilience, and the growing use of novel fuels in the maritime industry, such as hydrogen and ammonia.  Facilities that may be adding these fuels to their inventory should certainly consider the safety, security, and emergency response risks they may bring.

Sergeant Jay Santalucia, of the Broward County Sherriff department was our second speaker.  With 35 years of law enforcement experience, he gave us a frank and engaging presentation on active shooter incidents.  A few takeaways: develop a warrior mindset, consider “stop the bleed” training, https://www.stopthebleed.org/training/, and work with your local law enforcement agencies before an incident to build relationships and understand how to report and respond to an active shooter incident, including how to behave once law enforcement arrives.

SA_Team.png

After lunch Eric Linden, Integritas Security Service Inc., showed us how they train and use canines for explosives and narcotics.  It was clear that the dogs are enthusiastic and very good at their jobs and could be an effective security tool in many scenarios.

Lastly, Ian Wristbridge, MAGNAR LLC, gave us an education on the value of access control technologies, including the social and economic factors that can make it effective.  We know that access control is the most common violation issued by the Coast Guard, so clearly, we have some work to do in this critical area.

After the Symposium concluded, Mark Dubina, Vice President and Security Chief for Port Tampa Bay hosted a cruise through the Port.  It was a delightful end to a great week.  Thank you Mark and thanks to all our FSOs, participants, and partners who made the Symposium a tremendous success!

On Wednesday morning the FSO course finished when the students made their presentations and took the final exam.  The good news is that everyone passed, and the better news is that our nation and marine transportation system is now stronger by 34 fully qualified Facility Security Officers!

In the afternoon the symposium kicked off with opening remarks from Captain Michael P. Kahle, Commander of Sector St. Petersburg and Captain of the Port here in Tampa.  He emphasized the importance of supply chains and the need for the Coast Guard, other agencies, and the many private sector companies to cooperate in preparing for contingencies and building resilience.

After Captain Kahle’s remarks, our own John Felker chaired a cybersecurity panel discussion with three experts from the Coast Guard:  LCDR Matt Whitney from Coast Guard Headquarters, Mr. Nick Parham from Coast Guard Atlantic Area, and Mr. Carl Hatfield from Coast Guard District Eight. These three individuals have tremendous technical expertise, but they helped us all understand cyber risks in simple terms.  

They also discussed some emerging policies and described the Coast Guard’s “Cyber Protection Teams”, which are available, free of charge, to help MTSA facilities with cybersecurity challenges.  These teams are NOT part of the Coast Guard’s regulatory program, so you can take advantage of their services without the risk of a fine or requirement.  Contact any S&A member for more information or contact them directly at This email address is being protected from spambots. You need JavaScript enabled to view it..

Award.png

Jorge Torres, Port Tampa Bay FSO, receives S&A Maritime Excellence award

Spencer Byrum, CEO of HRS Consulting, introduced us to the concept of High Reliability Organizations, situational awareness, and not driving your ship straight into the lighthouse.  Many of us have operational environments that are “volatile, uncertain, complex, and ambiguous”, but we can learn to recognize red flags and take action to address these complex risks.

Dr. Will Wilkins, Executive Director, Global Security & Construction Management for Valero made a captivating presentation on preparing and responding to protest activities.  Have a clear-eyed discussion with both your security personnel, and your senior management, about how to respond to these types of events BEFORE they happen to you.

After the presentations we all attended an informal reception where we were delighted to present Jorge Torres, of the Port of Tampa Bay, with our Maritime Excellence Award.

The start of day three for the Facility Security Officer (FSO) Course and the day prior, the one day FSO Refresher Course wrapped up with 21 "old hands" sharing years of experience and wealth of knowledge.  These were all seasoned FSOs, many of them senior managers at their organizations, taking the time to refresh their knowledge about Coast Guard requirements and emerging threats. 

While all Seebald & Associates courses benefit from student discussions, the refresher course typically has at least as many “sea stories” and examples from the students as formal lecture from Captain Brian Kelley, the lead instructor.  Discussions about everything from the use of shotguns to remove rust and slag from ships (no kidding, you had to be there), to how to best support security guards quickly dominated the course.  Had we not had to break from lunch Master Instructor Captain Brian Kelley might never have had the chance to return to his course plan.

TWIC was the first topic in the afternoon, which included some interesting stories about forgeries.  Many of us have seen guards fooled by fairly simple fakes, like those made on a copy machine and hotel rewards cards.  Good training can catch these fakes, but professional forgeries are all too easy to find these days.  Fortunately electronic TWIC readers, which a majority of our students are using, can catch these threats.

Another key topic was Facility Security Assessment (FSA) procedures.  The FSA is the foundation of your Facility Security Plan, and if done correctly, will help you identify the security procedures at all MARSEC levels that will reduce your operational risk, meet the regulations, and align with your business practices.  At Seebald and Associates we take pride in our FSA process, which always includes a risk-based-analysis of threats, vulnerabilities, and consequences.

Speaking of FSAs, we also discussed the latest Coast Guard policy guidance on incorporating cybersecurity into the FSA, which was released just weeks earlier.  Seebald & Associates is already incorporating this policy into our procedures. 

Wednesday closes out the FSO course, with 34 graduates joining the 21 Refresher FSO students as we transition to the Symposium, with special guest speakers and panel discussions on cybersecurity, high reliability and situational awareness and ending the day with Dr. Watkins, Valero Executive Director for Global Securities will discuss the response and lessons learned from the recent protests on Valero facilities in the United Kingdom and Valero's planning against this threat against their facilities in the U.S.

On January 23, 2023, the United States Coast Guard released new guidance on cybersecurity for port facilities regulated by the Maritime Transportation Security Act and 33 CFR Part 105.

The “Maritime Cybersecurity Assessment and Annex Guide (MCAAG)” helps facility operators with the cybersecurity aspects of a Facility Security Assessment (FSA) and provides a template for incorporating the results of that process into a Cybersecurity Annex to a Facility Security Plan (FSP).

Before getting into the details of this new guidance, let’s first clarify that this does NOT impact facilities that already have approved Cybersecurity Annexes.  Those facility operators are NOT required to resubmit new Annexes based on this guidance.  However, this guidance will clearly be an appropriate tool for when existing FSPs come up for their normal, five-year renewal.

Here at Seebald & Associates, our experts have taken a preliminary look at this guidance and we think it will be a useful tool in helping facilities identify and manage their cyber risks.  Here are a few key points:

·      The guidance begins with terms, definitions, examples, and a discussion of how various Information Technology (IT) and Operational Technology (OT) systems are often connected.  This reflects sound cybersecurity principles and helps us all recognize that a vulnerability in one part of a network can have consequences elsewhere.

·      The guidance recommends that facility operators identify a “Cybersecurity Officer (CySO) to work with the FSO on cybersecurity matters. 

·      The guidance includes a step-by-step process for facility operators to identify cyber vulnerabilities in an FSA, determine mitigation strategies, and document the results in a Cybersecurity Annex of an FSP.

·      The guidance uses the NIST Framework functions (Identify, Protect, Detect, Respond, Recover), and select categories and subcategories as baseline or additional measures, based on the organization’s risk tolerance.

At Seebald & Associates, we are in regular contact with U.S. Coast Guard cybersecurity personnel, both at the Headquarters and local Captain of the Port level.  We will keep all our clients informed as we all learn more about how to how the Coast Guard expects us to apply this guidance.  In the meantime we look forward to working with all of you to improve your security programs.

It’s football season, and I hope you all will help Ed by cheering on the Buffalo Bills, who will doubtless go to the Superbowl this year.  Just ask him! 

In between games, give some thought to cybersecurity, where the goalposts always seem to be moving.  Most of us can find the combination of ever evolving threats and countless new standards to be overwhelming. 

Here at Seebald & Associates, we keep in close contact with cybersecurity experts at the U.S. Coast Guard, and at the Cybersecurity and Infrastructure Security Agency (CISA), to provide you with the best, most credible advice on how to manage your cybersecurity risks while meeting Coast Guard requirements.

CISA recently published “Cross-Sector Cybersecurity Performance Goals”.  This document, which is written in plain language, is a set of voluntary core cybersecurity practices.  It is intended to reduce risk for both individual organizations and our nation’s critical infrastructure.  You can access the document at https://www.cisa.gov/cpg.

The U.S. Coast Guard is encouraging vessel and facility operators to consider these performance goals.  You can read the Coast Guard’s information on this topic at https://mariners.coastguard.blog/2022/11/08/cisa-releases-cross-sector-cybersecurity-performance-goals/

According to CISA, these performance goals can help address the concerns of small and medium sized businesses who struggle to know where to focus and invest their scarce cybersecurity resources.  Our cybersecurity experts at S&A agree that this is a valuable addition to the best practices developed by CISA, and jointly promulgated with the Coast Guard.

Cybersecurity really does have moving goalposts.  But to make that touchdown every time for our clients, Seebald & Associates constantly updates our training aids, audit checklists, and Facility Security Assessment processes to reflect current standards and best practices.  The audit we provide next year will be different from this year’s, especially in cyber.  This is how we ensure that your security programs provide meaningful security that reduces compliance, operational, and reputational risk. 

For all the latest in cyber and other security issues, be sure to attend our upcoming Security Symposium, 30 January – 2 February 2023 in Tampa, FL.  We’ll have an impressive list of senior Coast Guard and industry experts who will address cybersecurity, TWIC, preparing for protest activity, security guard management, and more.  To register and for more information, go to at https://fsosymposium.com/.