Before an FSO can assume their duties, they must: 

1) possess a valid TWIC, and

2) have general knowledge, through training or equivalent job experience, in 6 of the required 21 elements listed in 33 CFR 105.205, and

3) have knowledge of and receive training in the other 15 elements.

33 CFR 105.205 reads:

(1) The FSO must have general knowledge, through training or equivalent job experience, in the following:

(i) Security organization of the facility;

(ii) General vessel and facility operations and conditions;

(iii) Vessel and facility security measures, including the meaning and the requirements of the different MARSEC Levels;

(iv) Emergency preparedness, response, and contingency planning;

(v) Security equipment and systems, and their operational limitations; and

(vi) Methods of conducting audits, inspections, control, and monitoring techniques.

(2) In addition to knowledge and training required in paragraph (b)(1) of this section, the FSO must have knowledge of and receive training in the following, as appropriate:

(i) Relevant international laws and codes, and recommendations;

(ii) Relevant government legislation and regulations;

(iii) Responsibilities and functions of local, State, and Federal law enforcement agencies;

(iv) Security assessment methodology;

(v) Methods of facility security surveys and inspections;

(vi) Instruction techniques for security training and education, including security measures and procedures;

(vii) Handling sensitive security information and security related communications;

(viii) Current security threats and patterns;

(ix) Recognizing and detecting dangerous substances and devices;

(x) Recognizing characteristics and behavioral patterns of persons who are likely to threaten security;

(xi) Techniques used to circumvent security measures;

(xii) Conducting physical searches and non-intrusive inspections;

(xiii) Conducting security drills and exercises, including exercises with vessels; and

(xiv) Assessing security drills and exercises.

(xv) Knowledge of TWIC requirements.

It is the FSO’s duty to ensure they remain competent and informed on all the latest changes and trends associated with maritime security.  Take another look at these 21 elements and ask yourself, have you, or the FSO and/or the Alternate FSOs received the proper training or have the equivalent job experience?  Really??  If it’s been 2-3 years or more since you’ve taken a CG approved FSO Course, find a S&A FSO course in a location and time that works for you.  We recommend taking our one-day FSO Refresher course every year.

Next week we’ll see what other duties the FSO must perform.

Facility Security Threats – Battling the Unknown and Unseen

How do today’s threats differ from years past – what’s new?

Last week’s blog looked at the threats associated with terrorism, organized crime, lone criminal acts, cyber attack, and civil unrest.  This week we’ll delve into the remaining types of threats that challenge our facility security regime.  There are new perspectives that point toward the more traditional threats that we’ve previously explored. 

Random Acts of Stupidity – We’ve been all over the country conducting Facility Security Assessments and Facility Security Plan Audits.  Just about every facility we visit has one of the “random acts of stupidity” stories.  Whether it’s person in your security organization unwittingly compromising your security protocols, or a stranger wandering onto your facility, these threats can be difficult to predict.  The secret is to use your imagination when conducting drills and exercises – create scenarios involving random acts of stupidity and test your personnel’s performance in those situations.

Complacency – It’s hard to believe that we’re more than sixteen years removed from the tragic events of 9/11 that led us to today.  There is a natural tendency to become complacent over the course of time.  Still, there are crimes and terrorist incidents occurring nearly every day and many of our people remain complacent about their security.  Situational awareness is diminished by technology – think about all the people with their heads down looking at a cell phone, or ear buds & headphones canceling out ambient noise.  Most safety experts agree that their biggest threat is complacency.  The same could be said for security.

Communicable Diseases – The world is not ready for the next pandemic.  Whether disease or infection, we have a difficult challenge in defending against the threat of something so small that we can’t see it.  Our facilities are visited by vessels and personnel from all over the world.  We have very little awareness of where a pathogen originates.  The threats come in many varieties – insect-transmitted diseases, vaccine-preventable childhood illnesses (measles, mumps, pertussis), influenza, diseases from conflict zones and killing fields (ebola, kala-azar), vector-borne diseases (from insects and vermin).  How will these affect your facility’s security?

Natural Disasters – Severe and extreme natural events occur in all parts of the world.  We must be aware of the natural threats than can impact our security.  Last year’s hurricanes devastated facilities in many parts of the country.  Consider whether your facility is susceptible to wind or flooding damage from heavy weather, storm surge, structural damage from earthquakes, snowstorms, and the like.  Not only must we consider the impact to the facility, but also our personnel.  Will our security personnel be able to perform their responsibilities before, during, and after a natural disaster in our area?

As this month’s blogs on threats has revealed, there is a lot to think about when considering the threats we face in defending our homeland.  The best strategy is to take a risk-based approach to those threats.  With a well-thought, situationally aware mitigation effort, the threats can be addressed in a disciplined manner. 

Also, did you know? …

We’re in full planning mode for the 2018 Facility Security Symposium.  It will be a fantastic gathering of the best and brightest in maritime facility security.  Be sure to join us June 4-8 in New Orleans.  The Symposium is preceded by an FSO course (4-6 June) and an FSO Refresher course (5 June).  Course registration includes admittance to the Symposium.  The Symposium begins on Wednesday June 6th at 1:00pm and runs through Friday June 8th at noon. 

That’ll do for this month’s blog topic.  Next month we’ll examine the FSO’s duties – stay tuned!

Facility Security Threats – What’s in Your Crystal Ball?

What types of threats are we facing?

Last week’s blog discussed threats as a key factor in our risk equation.  This week we’ll delve into the types of threats that challenge our facility security regime.

Over the course of many years, we’ve placed threats in various categories.  In our courses we highlight threats from terrorism, organized crime, lone criminal acts, cyber, civil unrest, and our ever-popular “random acts of stupidity.”  Recently we’ve added to these types of threats to now include complacency, communicable diseases, and natural disasters. 

Let’s look at a few of these threats…

Terrorism – On average, there are well over 100 terrorist attacks globally every month.  Recent domestic terror events clearly demonstrate that terrorists are entrenched in America.  Our history is rife with terrorists dating back to the Revolutionary War.  Today is no exception.  The terrorist will capitalize on our weaknesses and will be patient in planning the attack.  They’re not afraid to die, but they are afraid to fail.  Our awareness is crucial – detecting terrorist activity while the attack is in the planning stage is the most effective defense.  Your facility’s security posture can help deter a terrorist attack – become a hard target. 

The term "lone wolf" is used by U.S. law enforcement agencies and the media to refer to individuals undertaking violent acts of terrorism outside a command structure.  While the lone wolf acts to advance the ideological or philosophical beliefs of an extremist group, they act on their own, without any outside command or direction. The lone wolf's tactics and methods are conceived and directed solely on their own; in many cases, the lone wolf never has personal contact with the group they identify with.  As such, it is considerably more difficult for officials to gather intelligence on lone wolves, since they may not come into contact with routine counter-terrorist surveillance.

Organized Crime – Referred to as Transnational Organized Crime (TOC), the FBI cites that these groups are self-perpetuating associations of individuals who operate, wholly or in part, by illegal means and irrespective of geography.  They constantly seek to obtain power, influence, and monetary gains.  There is no single structure under which TOC groups function - they vary from hierarchies to clans, networks, and cells, and may evolve into other structures.  These groups are typically insular and protect their activities through corruption, violence, international commerce, complex communication mechanisms, and an organizational structure exploiting national boundaries.

With few exceptions, TOC groups’ primary goal is economic gain and they will employ an array of lawful and illicit schemes to generate profit.  Crimes such as drug trafficking, migrant smuggling, human trafficking, money laundering, firearms trafficking, illegal gambling, extortion, counterfeit goods, wildlife and cultural property smuggling, and cyber crime are keystones within TOC enterprises.  Note that each of these crimes can have a maritime component.

Lone Criminal Act – This threat is contrasted with the lone wolf terrorist.  For example, a lone criminal could be an Active Shooter, who is defined as “an individual actively engaged in killing or attempting to kill people in a confined and populated area; in most cases, active shooters use firearms and there is no pattern or method to their selection of victims.  Recently, the word ‘shooter’ is often dropped because a method of attack can be by any means.  The semantic distinction may seem trivial but it is critical to security.  For example, instead of Active Shooter, in Israel the term used is ‘sacrificial attack.’  Other examples of lone criminals include a saboteur, who destroys or damages something deliberately, or a thief, who steals property, especially by stealth and without using force or violence.  Remember, a lone criminal as a threat can have a broad application.

Cyber Attack – This is the threat that is most likely to occur.  There are all sorts of cyber attacks occurring in today’s world.  Wikipedia characterizes these attacks as follows: 

  • Indiscriminate attacks - These attacks are wide-ranging, global and do not seem to discriminate among governments and companies.
  • Destructive attacks - These attacks relate to inflicting damage on specific organizations.
  • Cyber warfare - These are politically motivated destructive attacks aimed at sabotage and espionage.
  • Government espionage - These attacks relate to stealing information from/about government organizations.
  • Corporate espionage - These attacks relate to stealing data from corporations related to proprietary methods or emerging products/services.
  • Stolen email addresses and login credentials - These attacks relate to stealing login information for specific web-based resources.
  • Stolen credit card and financial data, stolen medical-related data – Attacks that gain access to personal data, resulting in compromised finances and personal information.

Civil Unrest – America’s civil stability is increasingly threatened and the dangers are now bigger than the collective episodes of violence we’ve witnessed in recent years.  Much civil unrest is characterized as low-intensity conflicts with episodic violence in constantly moving locales.  The question is whether our facility could be one of those locales.  What relationship does your facility have with the community outside your fence line?  How does your public reputation impact your perceived threat of civil unrest activity either on or adjacent to your facility?

Next week we’ll wrap up our look at facility security threats…

Also, did you know? …

Registering for either the Seebald & Associates Facility Security Officer Course (4-6 June) or Facility Security Officer Refresher Course (5 June) will enable you to attend the 2018 Facility Security Symposium (6-8 June in New Orleans) for free!  Register now to participate!  And, if you register by April 2, 2018, you’ll receive a one-year subscription to the Seebald & Associates Platinum Membership, a $925 value!

Facility Security Threats – What’s in our Risk Equation?

Last week we looked at the regulatory requirement to be aware of security threats and patterns.  This week we’ll explore threats and risk.

Where do threats fit into our facility’s risk equation?

Before specifically starting our focus on threats, it’s essential to remember that threat patterns constantly change, and facility security threats vary from facility to facility.  That’s why we must remain vigilant to our vulnerabilities and the consequences of an attack on our facility as critical factors in our risk equation, as they could be an indicator of the type of threats that we could encounter. 

This points to the importance of a thorough Facility Security Assessment and Risk-Based Analysis.  Those with intent to harm our personnel and facilities often plan and rehearse their attacks, and their methods are geared toward success.  If we’re in tune with our risk profile – our threats, vulnerabilities, and the consequences of an attack – we can take actions to mitigate our risk. 

Just as we have a risk equation for our facility, the Coast Guard takes a risk-based approach to security.  A primary driver for setting our Maritime Security (MARSEC) Level is the threat to our nation, area, region, zone, industry or facility type.  We can slice and dice our security readiness to be prepared for the threat, as dictated by the Coast Guard directing the appropriate MARSEC Level.

In next week’s blog, we’ll start to dig into the various types of threats we’re facing…

Also, did you know? …

The 2018 Facility Security Symposium (6-8 June in New Orleans) will allow port facility professionals from around the country and world to share their expertise as well as current and future trends.  Attendees will hear from senior Coast Guard personnel and other key partners that will deliver cutting-edge insight on regulation changes with a spotlight on exemplary facilities that are leading the way.  Register now to participate!

Facility Security Threats – It’s a Knowledge Requirement!

Before we get started on our threat discussion this month, let’s see what 33 CFR 105 requires of us.  In particular, our knowledge and training must include awareness of security threats and patterns. 

  • §105.205 Facility Security Officer (FSO).

(b) Qualifications.

(2) In addition to knowledge and training required in paragraph (b)(1) of this section, the FSO must have knowledge of and receive training in the following, as appropriate:

(b)(2)(viii) Current security threats and patterns;

  • §105.210 Facility personnel with security duties.

Facility personnel responsible for security duties must maintain a TWIC, and must have knowledge, through training or equivalent job experience, in the following, as appropriate:

(a) Knowledge of current security threats and patterns;

  • §105.225 Facility recordkeeping requirements.

(b) Records required by this section may be kept in electronic format. If kept in an electronic format, they must be protected against unauthorized deletion, destruction, or amendment. The following records must be kept:

(6) Security threats. For each security threat, the date and time of occurrence, how the threat was communicated, who received or identified the threat, description of threat, to whom it was reported, and description of the response;

The Coast Guard takes a risk-based approach to security.  Threats are an important consideration in their many activities, such as setting MARSEC levels.  In lieu of your own research, or trying to navigate through Homeport, you can take advantage of participating in your Area Maritime Security Committee (AMSC) to learn more about what the Coast Guard perceives as the prominent threats in your area.  Have that discussion with your Coast Guard facility inspector and with your colleagues in the AMSC. 

Remember that the specific threat discussions may include Sensitive Security Information (SSI), so it’s our duty to be careful to protect this information.  If you’re having a threat discussion, then be sure to know your surroundings.  Also, when recording a security threat to your facility or personnel, be sure to mark the record as SSI, and protect it along with your other facility documentation.

Next week’s blog will look at Threats as a component of our facility’s risk equation…

Also, did you know? …

The Facility Security Symposium and FSO Academy (June 6-8 in New Orleans) was created to give members of the international port community a unique opportunity to have direct access to the foremost leaders that establish the industry's best practices and procedures.  Register now before it’s too late – rooms and seats are going fast!