S&A Blog Title:  It's National Cyber Security Awareness Month!

Fellow Maritime Security Professionals - 

In case you missed it, the latest Coast Guard's Maritime Commons  http://mariners.coastguard.dodlive.mil/2017/10/02/1022017-october-national-cyber-security-awareness-month/utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+MaritimeCommons+%28Maritime+Commons%29) blog notes that October is National Cyber Security Awareness Month.  The Coast Guard's weekly blogs this month will contain important information on cybersecurity risk management.  And for a refresher, visit our web site, where we offer cyber security presentations from our Facility Security Symposium and webinars:

Cyber Security and the Maritime Transportation System

(https://seebald.com/fso-symposium-ppt-decks/60-cyber-security-the-maritimetransportation-system)

Building a Winning Cyber Security Program

(https://seebald.com/webinars/34-building-a-winning-cyber-security-program)

Stay sharp - be secure & safe - train, drill, and exercise your facility personnel!

We’ve listened to your feedback!  The blogs this month are designed to you assist you in controlling facility access points and remaining compliant with random screening requirements.  Topics include:

3 P’s of access control

  • Physical – security infrastructure and systems
  • Presence – bearing and attitude of security force personnel
  • Performance – security training, experience and application

Just what does random screening mean?

Random screening is just that – screening that occurs without definite aim, reason, or pattern.  Random is NOT every 10th person or vehicle.  You are required to develop a protocol for randomizing your screening.  A best practice in random selection is the “Marble Method,” which is recognized and approved by the Coast Guard.  Other randomizing techniques may include a software program that randomly selects a person or vehicle to screen.  DO NOT rely on individuals determining off the top of their head when to screen – their choices are NOT random.

Randomizing your screening makes your access control effective by eliminating predictability, and will deter folks entering your facility from trying to bring on prohibited items.  A random screening protocol will increase your facility’s security reliability!

Join us this month while we review the regulatory requirements for the sake of building your security awareness.  Suggested Reading - 33 CFR 105.255.

An FSP is required to be resubmitted every five years to include a new FSA.  You are required to submit one copy of the FSP for review and approval to the cognizant COTP and a letter certifying that the FSP meets applicable requirements of Subpart D - Facility Security Plan.  The FSP must be submitted 60 days prior to allow the COTP enough time to review, and if your FSP consists of new operations, then you cannot start operations until your FSP is approved.  The COTP will examine each submission for compliance and either:

  • Approve it and specify any conditions of approval, returning to the submitter a letter stating its acceptance and any conditions;
  • Return it for revision, returning a copy to the submitter with brief description of the required revisions
  • Disapprove it, returning a copy to the submitter with a brief statement of the reasons for disapproval

Remember, completing a thorough and proper FSP, which is based on your FSA, is a lengthy process and you should not wait until the last minute.  When Seebald & Associates conducts an FSA, and writes an FSP we start the process at least 6 months before your FSP is due for submission.

There is often confusion on when an amendment to your FSP is only needed or when an audit in addition to an amendment is required.  Essentially, an amendment documents a change to your FSP and maybe initiated by the owner or operator or the cognizant COTP to maintain the facility’s security.  If the facility owner or operator initiates the amendment, the proposed amendment must be submitted at least 30 days before the amendment is to take effect unless the cognizant COTP allows a shorter period. 

If the COTP gives the facility written notice an amendment is required, the facility owner or operator will have at least 60 days to submit its proposed amendments.  Until the amendments are approved, the facility owner or operator shall ensure temporary security measures are implemented to the satisfaction of the COTP.

You amend your plan when there is a change to your FSP such as a new FSO or Alternate FSO is assigned.  Where the confusion lies is when an audit is required to be conducted along with an amendment.  Such as the case when the owner or operator at the Facility changes, the FSO must amend the FSP to include the name and contact information of the new facility Owner or Operator and submit the affected portion of the FSP for review and approval to the COTP as well as conduct an audit for submission to the new Owner or Operator.  Other examples where the FSP must be audited along with amendments are if there have been modifications to the facility including but not limited to physical structure, emergency response procedures, security measures or operations.  There is an inclination to only submit an amendment on these changes when actually an audit is required as well.   Auditing the FSP as a result of modifications to the facility may be limited to those sections of the FSP affected by the facility modifications.  If the change in operations and modifications to the facility are significant enough, the audit will determine if you need to complete a new FSA and rewrite of the FSP.  This is laid out in 33 CFR 105.415.  Visit our February blogs for more information on your FSP audit.

Remember - before you draft an amendment or conduct an audit, be sure to check with Seebald & Associates or your local COTP to provide you with the proper way ahead.

The facility owner or operator must ensure the FSP consists of the 18 individual sections listed below per 33 CFR 105.405.  If the FSP does not follow the order as it appears in the list, the facility owner or operator must ensure the FSP contains an index identifying the location of each of the following sections:

1 - Security administration and organization of the facility

2 - Personnel training

3 - Drills and Exercises

4 - Records and Documentation

5 - Response to change in MARSEC level

6 - Procedures for interfacing with vessels

7 - Declaration of Security (DoS)

8 - Communications

9 - Security systems and equipment maintenance

10 - Security measures for access control, including designated public access areas

11 - Security measures for restricted areas

12 - Security measures for handling cargo

13 - Security measures for delivery of vessel stores and bunkers

14 - Security measures for monitoring

15 - Security incident procedures

16 - Audits and security plan amendments

17 - Facility Security Assessment

18 - Facility Vulnerability and Security Measures Summary (Form CG-6025)

The FSP must describe in detail how the requirements of 33 CFR 105 subpart B Facility Security Requirements will be met.  Note that when Seebald & Associates helps you in writing your FSP, there are additional FSP sections that we create to improve your FSP, make it meaningful, and easier to use.