Raise your hand if you are fine with business coming to a screaming, and expensive halt for, say a month or two.  A cyber-attack can be the business equivalent of a deadly, metal-on-metal sound coming from under the hood of your car.  Sure you can get it fixed, but it won’t be quick, or cheap, or easy.  A ransomware attack on the City of Baltimore had just this effect.  

At Seebald & Associates, we can’t prevent all cyber-attacks, but we can help organizations recognize their risk and build resilience.  We address cyber security during training courses, audits, and security assessments. Our goals during these activities are as follows:

  • We help FSOs and others to recognize that many of the systems they use have cyber components – and therefore cyber vulnerabilities.  These systems could be anything from simple wi-fi enabled cameras and web-based employee alert systems to sophisticated cargo and industrial control systems.

  • During audits and assessments, we gauge the client’s overall approach to cyber security, addressing, in the most basic of terms, topics such as employee training, network access policies, IT/OT segregation, and the role of cyber security in MTSA regulated functions such access control and cargo systems.

  • We encourage cooperation between FSOs/VSOs and the organization’s dedicated cyber security professionals.  This cooperation should include suspicious activity reporting, risk assessment and mitigation activity, and response operations.  

  • We encourage cyber professionals to participate in information sharing organizations, and to take advantage of well recognized cyber security standards and resources, such as are published by NIST,SANS, and CISA.

Maritime organizations will increasingly require more technical assistance, and we are proud to refer them to Make A Difference with MAD Security.  MAD Security is a highly respected managed security services organization with close ties to S&A and experience working with port and waterways organizations, industrial and other private sector clients, as well as with the U.S. Coast Guard, the Department of Defense, NASA, and other government agencies.  They provide 24/7 network monitoring and intrusion detection and will ensure you become compliant with emerging Coast Guard/DHS requirements. So go ahead and get MAD.  With their cyber expertise, and S&A’s holistic approach to security, your vessel or facility can be well prepared and resilient when (not if!) cyber or other threats come your way.  

Seafarer’s Access is in the news once again and it is time to prepare.  The Coast Guard’s Office of Port and Facility Compliance recently published a Marine Safety Information Bulletin on this topic, reminding facility operators of the requirements, including key dates.

In plain language, the purpose of the Seafarer’s Access Final Rule is to ensure that waterfront facilities have a way to accommodate mariners who wish to transit through a Maritime Transportation Security Act regulated facility in order to go into town, or to return to or join the ship.  The regulation also applies to pilots, and to members of Seafarer welfare organizations, like Seaman’s Church Institute. 

Most of us who work with mariners can appreciate the need to treat our seafarers with dignity, and to find ways to improve the quality of their lives without compromising security.

The next milestone in the Seafarer’s Access program is February 3, 2020.  By that date, facility operators must have a system for accommodating Seafarer Access documented in their Facility Security Plans.  This will require an amendment to your Facility Security Plan.  Given that the Coast Guard requires facility operators to submit amendments 60 days in advance, you should be working on those procedures now.

Not sure of what, exactly, is required or how to get it to the Coast Guard for approval?  Not to worry, Seebald & Associates are here to help.  We have been incorporating Seafarer Access procedures in our audits, and submitting the necessary amendments to the Coast Guard for approval, since the Final Rule was published.  We are also incorporating Seafarer Access into Facility Security Assessments and Facility Security Plans.

We are glad to review your plan and develop an amendment that will meet Coast Guard regulations and align with your business operations.  With Seebald & Associates, you have access to experts on Seafarer’s Access – and to the finest maritime security risk experts available anywhere. 

Calendar year 2019 is almost halfway over and after conducting numerous Facility Security Plan annual mandated audits, we note many Facility Security Officers (FSO), Company Security Officers (CSO), Alternate FSOs, Personnel with Security Duties (PSD) and All Others (AO) are not current on their required Maritime Transportation Security Act (MTSA) training. 

This non-conformity is a compliance risk and will draw warnings and citations from a U.S. Coast Guard facility security inspection.  It is generally recommended that facility security staff attend a U.S. Coast Guard approved 33 CFR, Part 105 or Part 106 training course at a minimum initially, then every 3-5 years with a refresher course.  Depending on when security personnel have been trained, even within the past 5 years, many new MTSA regulation, guidance and policy updates and changes have taken place.  Recent topics of significant interest are cyber-security threats, seafarer access, active shooter threats, TWIC card access procedures and cruise terminal screening requirements. 

All Seebald & Associates facility security training courses address these topics, and our certified master instructors and Coast Guard-approved training courses fully address and inform students of the new topics.  You do not need an audit to know if your training is current and in compliance.  To request an FSO, CSO/OCS FSO, PSD, OCS PSD or AO training course or event please contact Ed Seebald at This email address is being protected from spambots. You need JavaScript enabled to view it., or phone 716-481-5597, and we will help you meet your MTSA training needs. 

The Specific Roles and Responsibilities of Owners and Operators of Regulated Maritime Transportation Security Act for 33 CFR Part 106 Outer Continental Shelf (OCS) Facilities

 

What are the specific duties and responsibilities of MTSA 33 CFR Part 106 Facility Owners and Operators?

33 CFR Part 106 Subpart B – OCS Facility Security Requirements, outlines and describes the roles and responsibilities of owners and operators of 33 CFR Part 106 Facilities. 

As mentioned in the previous blogs, the absolute responsibility for a regulated facility’s security management regime starts and ends with the owners and operators.  While 33 CFR Parts 106 Subparts B, C and D sections are most familiar to Company Security Officers (CSO) and OCS Facility Security Officers (FSO), Subpart B – OCS Facility Security Requirements, identifies more specific requirements that owners and operators are responsible for.  Subpart B also addresses the knowledge, training and experience requirements for CSOs, OCS FSOs, Company or Facility Personnel with Security Duties and All Other persons who work at the facility.  For this final blog focusing on owners & operators, we remain focused on owners and operators of 33 CFR Part 106 Facilities and the specific roles and responsibilities of owners and operators are listed below:

  • Each OCS facility owner or operator must ensure that the OCS facility operates in compliance with the requirements of Subpart B.
  • For each OCS facility, the OCS facility owner or operator must:
    1. Define the security organizational structure for each OCS facility and provide each person exercising security duties or responsibilities within that structure the support needed to fulfill those obligations;
    2. Designate in writing, by name or title, a CSO and an FSO for each OCS facility and identify how those officers can be contacted at any time;
    3. Ensure that a Facility Security Assessment (FSA) is conducted;
    4. Ensure the development and submission for approval of a Facility Security Plan (FSP);
    5. Ensure that the OCS facility operates in compliance with the approved FSP;
    6. Ensure that the TWIC program is properly implemented as set forth in this part, including:
      • Ensuring that only individuals who hold a TWIC and are authorized to be in the secure area are permitted to escort; and
      • Identifying what action is to be taken by an escort, or other authorized individual, should individuals under escort engage in activities other than those for which escorted access was granted.
    7. Ensure that adequate coordination of security issues takes place be- tween OCS facilities and vessels, including the execution of a Declaration of Security (DoS) as required by Subpart B;
    8. Ensure, within 12 hours of notification of an increase in MARSEC Level, implementation of the additional security measures required by the FSP for the new MARSEC Level;
    9. Ensure all breaches of security and security incidents are reported in accordance with part 101 of this sub- chapter;
    10. Ensure consistency between security requirements and safety requirements;
    11. Inform OCS facility personnel of their responsibility to apply for and maintain a TWIC, including the dead- lines and methods for such applications, and of their obligation to inform TSA of any event that would render them ineligible for a TWIC, or which would invalidate their existing TWIC;
    12. Ensure that protocols consistent with 106.260(c) of Subpart B, for dealing with individuals requiring access who report a lost, damaged, or stolen TWIC, or who have applied for and not yet received a TWIC, are in place; and
    13. If applicable, ensure that proto- cols consistent with 106.262 of Subpart B part, for dealing with newly hired employees who have applied for and not yet received a TWIC, are in place.

CSOs and FSOs of CFR Parts 105 & 106, knowing the roles and responsibilities of your owners and operators will help you help them, especially when new persons come on board your facilities in leadership or management roles of your maritime security regime and have no prior experience with MTSA requirements.  Remember any violation issued by U.S. Coast Guard security compliance inspectors is permanently recorded in a database that is shared across the Coast Guard.

Owners and operators, security directors and managers, to ensure your plan renewals and announced and unannounced U.S. Coast Guard compliance inspections will pass training standards, register yourself, CSOs, FSOs and Alternates to attend a U.S. Coast Guard approved Seebald & Associates CSO/FSO training course.  To view a list of current and upcoming courses and for more information on how to register for a course visit www.seebald.com.

The Specific Roles and Responsibilities of Owners & Operators of Regulated Maritime Transportation Security Act for 33 CFR Part 105 Facilities

 

What are the specific duties and responsibilities of MTSA 33 CFR Part 105 Facility Owners and Operators?

33 CFR Part 105 Subpart B – Facility Security Requirements, outlines and describes the roles and responsibilities of owners and operators of 33 CFR Part 105 Facilities. 

As mentioned in the previous blog, the absolute responsibility for a regulated facility’s security management regime starts and ends with the owners and operators.  While 33 CFR Part 105 Subparts B, C and D sections are most familiar to Facility Security Officers (FSO), 33 CFR Part 105 Subpart B – Facility Security Requirements, identifies more specific requirements that owners and operators are responsible for.  Subpart B also addresses the knowledge, training and experience requirements for Facility Security Officers, Maritime Personnel with Security Duties and All Other persons who work at the facility.  For this blog we are focused on owners and operators of 33 CFR Part 105 Facilities and the specific roles and responsibilities of owners and operators are listed below:

  • Each facility owner or operator must ensure that the facility operates in compliance with the requirements of Subpart B.
  • For each facility, the facility owner or operator must:
    1. Define the security organizational structure and provide each person exercising security duties and responsibilities within that structure the support needed to fulfill those obligations;
    2. Designate, in writing, by name or by title, a Facility Security Officer (FSO) and identify how the officer can be contacted at any time;
    3. Ensure that a Facility Security Assessment (FSA) is conducted;
    4. Ensure the development and submission for approval of an FSP;
    5. Ensure that the facility operates in compliance with the approved FSP;
    6. Ensure that the TWIC program is properly implemented as set forth in Subpart B, including:
      • Ensuring that only individuals who hold a TWIC and are authorized to be in the secure area in accordance with the FSP are permitted to escort;
      • Identifying what action is to be taken by an escort, or other authorized individual, should individuals under escort engage in activities other than those for which escorted access was granted; and
      • Notifying facility employees, and passengers if applicable, of what parts of the facility are secure areas
      • Identifying what action is to be taken by an escort, or other authorized individual, should individuals under escort engage in activities other than those for which escorted access was granted; and
      • Notifying facility employees, and passengers if applicable, of what parts of the facility are secure areas and public access areas, as applicable, and ensuring such areas are clearly marked.
    7. Ensure that restricted areas are controlled, and TWIC provisions are coordinated, if applied to such restricted areas;
    8. Ensure that adequate coordination of security issues takes place between the facility and vessels that call on it, including the execution of a Declaration of Security (DoS) as required by Subpart B;
    9. Ensure coordination of shore leave for vessel personnel or crew change- out, as well as access through the facility for visitors to the vessel (including representatives of seafarers’ welfare and labor organizations), with vessel operators in advance of a vessel’s arrival. In coordinating such leave, facility owners or operators may refer to treaties of friendship, commerce, and navigation between the U.S. and other nations;
    10. Ensure, within 12 hours of notification of an increase in MARSEC Level, implementation of the additional security measures required for the new MARSEC Level;
    11. Ensure security for unattended vessels moored at the facility;
    12. Ensure the report of all breaches of security and transportation security incidents to the National Response Center in accordance with Part 101 of Subchapter H;
    13. Ensure consistency between security requirements and safety requirements;
    14. Inform facility personnel of their responsibility to apply for and maintain a TWIC, including the deadlines and methods for such applications, and of their obligation to inform TSA of any event that would render them ineligible for a TWIC, or which would invalidate their existing TWIC;
    15. Ensure that protocols consistent with section 105.255(c) of Subpart B, for dealing with individuals requiring access who report a lost, damaged, or stolen TWIC, or who have applied for and not yet received a TWIC, are in place; and
    16. If applicable, ensure that protocols consistent with 105.257 of Subpart B, for dealing with newly hired employees who have applied for and not yet received a TWIC, are in place.

FSOs of CFR Parts 105, knowing the roles and responsibilities of your owners and operators will help you help them, especially when new persons come on board your facilities in leadership or management roles of your maritime security regime and have no prior experience with MTSA requirements.  Remember any violation issued by U.S. Coast Guard security compliance inspectors is permanently recorded in a database that is shared across the Coast Guard.

Owners and operators, security directors and managers, to ensure your plan renewals and announced and unannounced U.S. Coast Guard compliance inspections will pass training standards, register yourself, FSOs and Alternates to attend a U.S. Coast Guard approved Seebald & Associates CSO/FSO training course.  To view a list of current and upcoming courses and for more information on how to register for a course visit www.seebald.com .