TWIC Delays - TSA Guidance
- Posted by Drew Tucci
Recently one of our clients notified us of problems they were having getting timely TWIC renewals for their workforce. We reached out to Captain Brad Clare, the U.S. Coast Guard MTSA program director for port facilities at Coast Guard Headquarters, who in turn reached out to his TSA counterpart to determine the extent of the issue.
The root of the problem is a substantial increase in applicants which is overwhelming enrollment centers. TSA provided the following report:
TSA is experiencing a surge in enrollments across all vetted populations in the National Transportation System to include aviation, maritime and surface populations. Beginning December 2020, TWIC® enrollments exceeded forecasts on a monthly basis. In March 2021, TSA recorded the highest single monthly enrollment total since 2017. TSA is prioritizing adjudication resources to adjudicate cases in a timely manner.
TSA encourages all applicants to enroll or renew at least 60 days before they require a TSA security threat assessment. While most applicants (~55 percent) are approved within 48 hours, the processing of certain applications requires review by a TSA adjudicator, and these cases are averaging 30 days for eligible applicants to receive a TWIC®. Applicants should use the Check My Service Status capability on Universal Enroll to check their status.
So this is a great time to remind your workforce to check their TWIC status and apply early if their TWIC is soon to expire.
Captain Clare also offered that the Coast Guard has issued several COVID related TWIC policies that provide some flexibility, and that facilities that find themselves in a bind should work with their local Captain of the Port. Seebald & Associates can help facilitate any such communication.
Approaching deadlines for Cyber Security in your FSA/FSP
- Posted by Edward Seebald
Marine Transportation System (MTS) cyber spotlight
Posted By: CWO Kurt Fredrickson on May 9, 2021
Editors note: This is the first in a series of articles addressing cyber risk management and cybersecurity within the Marine Transportation System (MTS). The maritime community is facing daily threats to their information and operational technology systems, whether through malicious actors, antiquated systems, or lack of emphasis on securing the cyber landscape. Cyber threats are constantly evolving, and it is crucial that our stakeholders have the guidance, resources, and awareness to mitigate these risks.
From the desk of Captain Bradley Clare
Office Chief for the Office of Port and Facility Compliance (CG-FAC)
CG-FAC is proud to present the first of these articles, providing a summary of Navigation and Vessel Inspection Circular (NVIC) No. 01-20: Guidelines for Addressing Cyber at MTSA Regulated Facilities and reminder of upcoming due dates. CG-FAC will be collaborating with cyber-focused personnel in the field, along with Headquarters program offices, to provide more information in the months ahead.
Approaching deadlines for incorporating cyber into Facility Security Assessments (FSA) and Facility Security Plans (FSP)
As evidenced by news of cyber incidents affecting critical infrastructure and the maritime environment, we are reminded that cyber threats to, and vulnerabilities of the MTS are constantly evolving. With a clear need to mitigate these risks, the Coast Guard is reminding MTS stakeholders, but specifically those facilities regulated under the Maritime Transportation Security Act of 2002 (MTSA), that the timeframe for incorporating cyber into FSAs and FSPs is rapidly approaching.
Navigation and Vessel Inspection Circular (NVIC) No. 01-20: Guidelines for Addressing Cyber at MTSA Regulated Facilities was issued in March of 2020. This NVIC provides guidance to facility owners and operators on complying with requirements to assess, document, and address computer system and network vulnerabilities. In accordance with 33 CFR parts 105 and 106, which implement MTSA, regulated facilities (including Outer Continental Shelf facilities) are required to assess and document vulnerabilities associated with their computer systems and networks in a FSA and FSP.
In announcing this guidance, the Coast Guard understood that facilities would require time to properly assess their cyber risks and vulnerabilities and establish a plan for documenting those as part of their FSAs and FSPs. The Coast Guard advised that facilities shall provide that cyber documentation, whether as an annex, addendum, enclosure, or other form as appropriate, to their local Captain of the Port (COTP) at the time of their annual audit date, beginning October 1st, 2021. COTPs will still have the flexibility, based on resource demands or upon discussion with facility personnel, to adjust when submissions are received, as along as all facility FSA and FSP (Headquarters for ASPs) submissions are received by the end of a one year period, no later than October 1st, 2022.
We continue to stress the importance of engaging early and often with respective COTPs to ensure alignment of expectations for achieving compliance. The Coast Guard is continually reviewing and updating guidance to both industry and CG field personnel, including Frequently Asked Questions and Cyber Security Job Aids, for added awareness.
Job Opportunity: Security Director/Facility Security Officer
- Posted by Edward Seebald
Position: Security Director & Facility Security Officer
Tradepoint Atlantic, LLC., the largest and most strategically important multi-modal industrial tract on the eastern seaboard, is seeking a Security Director & Facility Security Officer to join its Corporate Team headquartered in Sparrows Point, MD. The position will report to the SVP, Facilities Management. The Security Director & Facility Security Officer key task is to maintain security controls for the 3300 acre site, its occupants, employees, vendors, tenants and visitors.
Duties and Responsibilities:
-
Oversees security organization of the facility, including maritime, general vessel and facility operations and conditions.
-
Emergency preparedness, response, and contingency planning.
-
Ensures compliance with all federal, state, and local requirements, including knowledge of applicable laws (Maritime Transportation Security Act (MTSA), Security and Accountability For Every (SAFE) Port Act), regulations (33 CFR 101, 105), and agency guidance (Coast Guard NVICs, policies, MARSEC directives)
-
Proper protection and handling for Sensitive Security Information and security-related communications.
-
Ensure notification to law enforcement and facility personnel and other emergency responders for security or safety matters within the facility property.
-
Security equipment and systems knowledge and operation.
-
Positive control of all accountable items in compliance with contractual security obligations.
-
Provide oversight and guidance to assigned third-party security workforce.
-
Interact with senior management, contract field managers, stevedoring operations, tenant managers and public emergency officials/personnel as applicable.
-
Participate in facility security audits, assessments, and planning.
-
Maintain security knowledge through ongoing training and education.
-
Implement and maintain the Facility Security Plan and standard operating procedures.
-
Control access to protected areas and facilitate visitor requests for incoming personnel.
-
Support the Tradepoint Atlantic acquisition process as needed.
-
Ensure compliance with cyber and information systems security requirements.
-
Assist and adhere to security measures required to safeguard personnel and prevent unauthorized access to equipment, facilities, and materials.
Education & Experience:
-
Fulfillment of all Facility Security Officer (FSO) requirements in 33 CFR 105.205
-
Completed USCG approved FSO training and certification within the last two years, or must complete USCG approved FSO training/certification within three months of employment.
-
BS/BA degree in a related field (e.g., Criminal Justice/Criminal Law, Homeland Security, Business Administration) preferred; equivalent work experience in a related career or Military Occupational Specialty may be considered in lieu of a degree.
-
Minimum two years of FSO experience at an MTSA regulated facility preferred; equivalent work experience in a related career or Military Occupational Specialty may be considered in lieu of FSO experience.
-
Port/Terminal/Marine operating systems experience preferred.
-
Must possess a valid driver’s license and ability to obtain and maintain a Transportation Worker Identification Credential.
-
Problem solving and decision-making skills.
-
Computer skills using Microsoft Office products.
-
Strong verbal, written and interpersonal skills.
Working Conditions
Must be able to work outside, exposed to all weather conditions, including heat, cold, wind, and rain. Standing and walking will be required throughout the course of a normal day. The wearing of personal protective equipment including, but not limited to, shoes, a safety vest and a hard hat will be required. Required to observe all safety and health requirements for maritime operations.
Hours
Normal working hours are Monday – Friday 8:00 a.m. – 5:00 p.m. with exceptions made for activities related directly to vessel operations. Exceptions may include extended shifts, days, evenings and nights.
How to Apply
Send resume and cover letter to
Tradepoint Atlantic LLC is an Equal Opportunity Employer. All qualified candidates will receive consideration for all positions without regard to race, religion, color, sex, gender identity, sexual orientation, pregnancy, age, national origin, ancestry, physical or mental disability, military or veteran status, genetic information, marital status, ethnicity, alienage, marital status, or any other characteristic protected by applicable law.
Wanted: Technical Project Manager
- Posted by Edward Seebald
Job Posting by MAGNAR
Postion Title: Technical Product Manager
Location: Audubon, NJ
Duration: Full-Time
To Apply: Please submit your cover letter and resume to
Who we are:
At Magnar, we are passionate about helping improve the safety and security of the United States. Our mission is to develop and deliver innovative technologies that improve the security, safety, and operational efficiencies of facilities within our nation’s critical infrastructure. We accomplish this through a collaborative, agile, and fast-paced team environment that reflects our values of excellence, innovation, integrity, and active/respectful listening.
What we’re looking for:
Our next Technical Product Manager is a data-driven, strategic team leader, who understands customer requirements and can effectively translate them into innovative solutions that fully satisfy those requirements. You must be capable of product discovery, feasibility, development, and deployment planning; communicating with diverse stakeholder groups; optimization of internal and external resources; project management; systems engineering; and strategic coordination with a cross-functional leadership team. As a member of Magnar’s leadership team, you will help define corporate strategy and planning. Your responsibilities will include execution of corporate and departmental plans, new product development, roadmapping, and product lifecycle management, along with management of related vendors and systems.
Responsibilities:
-
Work with the leadership team to align corporate and departmental strategy, planning, and execution
-
Collaborate with cross-functional teams on new product ideation, discovery, feasibility, development, and deployment planning across web and mobile applications
-
Manage development projects to ensure that they are completed on time and within budget
-
Be the end-to-end owner of the product life cycle; identify the customer experience, manage the business case, identify value propositions, build out the product requirements, etc.
-
Turn high-level project objectives and customer, regulatory, and best-practice requirements into a comprehensive set of system requirements
-
Work closely with cross-functional teams and external stakeholders to prioritize product features on the product roadmap
-
Systems integration and management
-
Successfully manage stakeholder feedback and expectations
-
Communicate development updates with the leadership team
-
Oversee Quality Assurance
-
Develop & document requirements, specifications and use cases for new product features
Requirements:
-
Bachelor's degree in Computer Science, Software Engineering, or Computer Engineering, with a minimum of 5-years experience in a related field
-
Project management experience (PMP certification is a plus)
-
Familiarity/experience with agile methodologies
-
Familiarity/experience with Android software development
-
Familiarity/experience with Android-based hardware
-
Familiarity/experience with web application development
-
Familiarity/experience with Mobile Device Management (MDM) systems
-
Understanding of cyber security optimization/analysis is a plus
-
An ability to work with both technical and non-technical stakeholders, along with the ability to translate between the two
-
Ability to be a customer-facing technical resource
-
Experience with data-driven decision making
-
Ability to effectively prioritize and deliver results under pressure
-
Ability to creatively problem-solve
-
Great people skills, and a proven track record of building relationships at all levels of the organization
Total Compensation:
-
Highly Competitive Salary
-
Performance-based bonuses
-
Health and Dental Insurance
-
3% 401k company Match
-
Vacation, Personal, Sick and Holiday Pay
U.S. Coast Guard MSIB 03-21: CONTINUED AWARENESS: ACTIVE EXPLOITATION OF SOLARWINDS SOFTWARE
- Posted by Edward Seebald
The Coast Guard continues to monitor the maritime impact from the ongoing Advanced Persistent Threat (APT) cyber incident in the United States, as previously reported in Marine Safety Information Bulletin (MSIB): 25-20. For more details, please see the Joint Statement by the recently established Cyber Unified Coordination Group (UCG) composed of the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Office of the Director of National Intelligence, and National Security Agency.
This incident will require a sustained and dedicated effort to remediate. The UCG believes that the APT actor’s compromise of the SolarWinds Orion supply chain affected approximately 18,000 public and private sector customers and that the actor targeted a much smaller subset of that group with follow-on activity. CISA continues efforts to identify and confirm initial access vectors and identify any changes to the APT’s tactics, techniques, and procedures (TTPs). Please continue to refer to CISA Alert AA20- 352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations. A comprehensive repository of CISA resources related to this incident is available at https://www.cisa.gov/supply-chain-compromise. CISA will update these resources as new information is discovered.
Even if you do not own SolarWinds Orion, you may be impacted as your third-party networks, services, and vendors may use SolarWinds Orion. It is critical that the Coast Guard understands the potential risks of this APT actor on marine transportation system networks and supply chain connections.
Reporting malicious cyber activity enhances maritime domain awareness and allows us all to be better postured to prevent and respond to cyber incidents that could disrupt commerce or jeopardize national security. Any owner or operator of a Maritime Transportation Security Act (MTSA)-regulated facility or vessel that relies on SolarWinds software for a system that serves or supports a critical security function per its security plan shall, in accordance with 33 CFR 101.305(b) and CG-5P Policy Letter No. 08-16, Section 3.A.i, report a breach of security if:
- They have downloaded the trojanized SolarWinds Orion plug-in (see FBI Private Industry Notification 20201222-001 https://www.ic3.gov/Media/News/2020/201229.pdf); or
- They note any system with a critical security function displaying any signs of compromise, including those that may have not originated from the SolarWinds Orion compromise but utilize similar TTPs (see CISA Alert AA20-352A).
This release has been issued for public information and notification purposes only.
CISA recommends utilizing three open-source tools—including a CISA-developed tool, Sparrow—to help in detecting and remediating malicious activity connected to this incident. Specifically, Sparrow was created to detect possible compromised accounts and applications in the Azure/Microsoft 365 environment. For guidance on all three tools, see CISA AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments.
Any potential threat to the physical security or cybersecurity of your vessel or facility should be taken seriously. Any Breach of Security or Suspicious Activity resulting from Cyber Security Incidents for MTSA-regulated vessels or facilities shall be reported to the National Response Center at 1-800-424- 8802. If you have any version of SolarWinds Orion but are unsure if you are at risk, or for any other questions regarding cyber threats or potential compromises, consider also contacting the Coast Guard Cyber Command 24x7 watch at 202-372-2904 or
Richard V. Timme, RDML, U. S. Coast Guard, Assistant Commandant for Prevention Policy sends