Picking up where we left off last week – the list of required duties of an FSO keep on going:

(11) Ensure the execution of any required Declarations of Security with Masters, Vessel Security Officers or their designated representatives;

(12) Ensure the coordination of security services in accordance with the approved FSP;

(13) Ensure that security equipment is properly operated, tested, calibrated, and maintained;

(14) Ensure the recording and reporting of attainment changes in MARSEC Levels to the owner or operator and the cognizant COTP;

(15) When requested, ensure that the Vessel Security Officers receive assistance in confirming the identity of visitors and service providers seeking to board the vessel through the facility;

(16) Ensure notification, as soon as possible, to law enforcement personnel and other emergency responders to permit a timely response to any transportation security incident;

(17) Ensure that the FSP is submitted to the cognizant COTP for approval, as well as any plans to change the facility or facility infrastructure prior to amending the FSP; and

(18) Ensure that all facility personnel are briefed of changes in security conditions at the facility.

(19) Ensure the TWIC program is being properly implemented.

Many of the FSOs we work have other responsibilities at their facility as well.  Remember, the FSO has to know all this and ensure the duties are being performed in a competent fashion.  But that doesn’t mean the FSO can’t leverage their Alternate FSOs and security supervisors to assist with the performance requirements.  We highly encourage FSOs to use others in the Facility Security Organization, it helps keep these key personnel engaged and proficient too.

Last week we looked at the 2 requirements required to be an FSO, and the FSO’s duty to be competent in 21 knowledge elements.  This week we’ll cover additional duties an FSO must perform to reduce compliance, business, and operational risk…and keep your turf secure!

The FSO must, for each facility for which he or she has been designated:

(1) Ensure that the Facility Security Assessment (FSA) is conducted;

(2) Ensure the development and implementation of a FSP;

(3) Ensure that an annual audit is conducted, and if necessary that the FSA and FSP are updated;

(4) Ensure the FSP is exercised per § 105.220 of this part;

(5) Ensure that regular security inspections of the facility are conducted;

(6) Ensure the security awareness and vigilance of the facility personnel;

(7) Ensure adequate training to personnel performing facility security duties;

(8) Ensure that occurrences that threaten the security of the facility are recorded and reported to the owner or operator;

(9) Ensure the maintenance of records required by 33 CFR 105;

(10) Ensure the preparation and the submission of any reports as required by 33 CFR 105;

Does this list sound a bit daunting, are you squirming or are you telling yourself “I got this!”  If you’ve been trained by S&A’s, follow our weekly Blogs, attend the monthly Webinars, and use our monthly Drill scenarios, you’ll likely to be closer to telling yourself “I got this!”  That’s our goal.  We want you to be proficient in the knowledge as well as in performance as an FSO, so when the Coast Guard Inspector makes their visit they’ll be satisfied that you and your facility are in compliance with applicable laws and regulations.

Whew!!  We’re about half-way through an overview of an FSO’s Duties…more to follow next week.

Before an FSO can assume their duties, they must: 

1) possess a valid TWIC, and

2) have general knowledge, through training or equivalent job experience, in 6 of the required 21 elements listed in 33 CFR 105.205, and

3) have knowledge of and receive training in the other 15 elements.

33 CFR 105.205 reads:

(1) The FSO must have general knowledge, through training or equivalent job experience, in the following:

(i) Security organization of the facility;

(ii) General vessel and facility operations and conditions;

(iii) Vessel and facility security measures, including the meaning and the requirements of the different MARSEC Levels;

(iv) Emergency preparedness, response, and contingency planning;

(v) Security equipment and systems, and their operational limitations; and

(vi) Methods of conducting audits, inspections, control, and monitoring techniques.

(2) In addition to knowledge and training required in paragraph (b)(1) of this section, the FSO must have knowledge of and receive training in the following, as appropriate:

(i) Relevant international laws and codes, and recommendations;

(ii) Relevant government legislation and regulations;

(iii) Responsibilities and functions of local, State, and Federal law enforcement agencies;

(iv) Security assessment methodology;

(v) Methods of facility security surveys and inspections;

(vi) Instruction techniques for security training and education, including security measures and procedures;

(vii) Handling sensitive security information and security related communications;

(viii) Current security threats and patterns;

(ix) Recognizing and detecting dangerous substances and devices;

(x) Recognizing characteristics and behavioral patterns of persons who are likely to threaten security;

(xi) Techniques used to circumvent security measures;

(xii) Conducting physical searches and non-intrusive inspections;

(xiii) Conducting security drills and exercises, including exercises with vessels; and

(xiv) Assessing security drills and exercises.

(xv) Knowledge of TWIC requirements.

It is the FSO’s duty to ensure they remain competent and informed on all the latest changes and trends associated with maritime security.  Take another look at these 21 elements and ask yourself, have you, or the FSO and/or the Alternate FSOs received the proper training or have the equivalent job experience?  Really??  If it’s been 2-3 years or more since you’ve taken a CG approved FSO Course, find a S&A FSO course in a location and time that works for you.  We recommend taking our one-day FSO Refresher course every year.

Next week we’ll see what other duties the FSO must perform.

Facility Security Threats – Battling the Unknown and Unseen

How do today’s threats differ from years past – what’s new?

Last week’s blog looked at the threats associated with terrorism, organized crime, lone criminal acts, cyber attack, and civil unrest.  This week we’ll delve into the remaining types of threats that challenge our facility security regime.  There are new perspectives that point toward the more traditional threats that we’ve previously explored. 

Random Acts of Stupidity – We’ve been all over the country conducting Facility Security Assessments and Facility Security Plan Audits.  Just about every facility we visit has one of the “random acts of stupidity” stories.  Whether it’s person in your security organization unwittingly compromising your security protocols, or a stranger wandering onto your facility, these threats can be difficult to predict.  The secret is to use your imagination when conducting drills and exercises – create scenarios involving random acts of stupidity and test your personnel’s performance in those situations.

Complacency – It’s hard to believe that we’re more than sixteen years removed from the tragic events of 9/11 that led us to today.  There is a natural tendency to become complacent over the course of time.  Still, there are crimes and terrorist incidents occurring nearly every day and many of our people remain complacent about their security.  Situational awareness is diminished by technology – think about all the people with their heads down looking at a cell phone, or ear buds & headphones canceling out ambient noise.  Most safety experts agree that their biggest threat is complacency.  The same could be said for security.

Communicable Diseases – The world is not ready for the next pandemic.  Whether disease or infection, we have a difficult challenge in defending against the threat of something so small that we can’t see it.  Our facilities are visited by vessels and personnel from all over the world.  We have very little awareness of where a pathogen originates.  The threats come in many varieties – insect-transmitted diseases, vaccine-preventable childhood illnesses (measles, mumps, pertussis), influenza, diseases from conflict zones and killing fields (ebola, kala-azar), vector-borne diseases (from insects and vermin).  How will these affect your facility’s security?

Natural Disasters – Severe and extreme natural events occur in all parts of the world.  We must be aware of the natural threats than can impact our security.  Last year’s hurricanes devastated facilities in many parts of the country.  Consider whether your facility is susceptible to wind or flooding damage from heavy weather, storm surge, structural damage from earthquakes, snowstorms, and the like.  Not only must we consider the impact to the facility, but also our personnel.  Will our security personnel be able to perform their responsibilities before, during, and after a natural disaster in our area?

As this month’s blogs on threats has revealed, there is a lot to think about when considering the threats we face in defending our homeland.  The best strategy is to take a risk-based approach to those threats.  With a well-thought, situationally aware mitigation effort, the threats can be addressed in a disciplined manner. 

Also, did you know? …

We’re in full planning mode for the 2018 Facility Security Symposium.  It will be a fantastic gathering of the best and brightest in maritime facility security.  Be sure to join us June 4-8 in New Orleans.  The Symposium is preceded by an FSO course (4-6 June) and an FSO Refresher course (5 June).  Course registration includes admittance to the Symposium.  The Symposium begins on Wednesday June 6th at 1:00pm and runs through Friday June 8th at noon. 

That’ll do for this month’s blog topic.  Next month we’ll examine the FSO’s duties – stay tuned!

Facility Security Threats – What’s in Your Crystal Ball?

What types of threats are we facing?

Last week’s blog discussed threats as a key factor in our risk equation.  This week we’ll delve into the types of threats that challenge our facility security regime.

Over the course of many years, we’ve placed threats in various categories.  In our courses we highlight threats from terrorism, organized crime, lone criminal acts, cyber, civil unrest, and our ever-popular “random acts of stupidity.”  Recently we’ve added to these types of threats to now include complacency, communicable diseases, and natural disasters. 

Let’s look at a few of these threats…

Terrorism – On average, there are well over 100 terrorist attacks globally every month.  Recent domestic terror events clearly demonstrate that terrorists are entrenched in America.  Our history is rife with terrorists dating back to the Revolutionary War.  Today is no exception.  The terrorist will capitalize on our weaknesses and will be patient in planning the attack.  They’re not afraid to die, but they are afraid to fail.  Our awareness is crucial – detecting terrorist activity while the attack is in the planning stage is the most effective defense.  Your facility’s security posture can help deter a terrorist attack – become a hard target. 

The term "lone wolf" is used by U.S. law enforcement agencies and the media to refer to individuals undertaking violent acts of terrorism outside a command structure.  While the lone wolf acts to advance the ideological or philosophical beliefs of an extremist group, they act on their own, without any outside command or direction. The lone wolf's tactics and methods are conceived and directed solely on their own; in many cases, the lone wolf never has personal contact with the group they identify with.  As such, it is considerably more difficult for officials to gather intelligence on lone wolves, since they may not come into contact with routine counter-terrorist surveillance.

Organized Crime – Referred to as Transnational Organized Crime (TOC), the FBI cites that these groups are self-perpetuating associations of individuals who operate, wholly or in part, by illegal means and irrespective of geography.  They constantly seek to obtain power, influence, and monetary gains.  There is no single structure under which TOC groups function - they vary from hierarchies to clans, networks, and cells, and may evolve into other structures.  These groups are typically insular and protect their activities through corruption, violence, international commerce, complex communication mechanisms, and an organizational structure exploiting national boundaries.

With few exceptions, TOC groups’ primary goal is economic gain and they will employ an array of lawful and illicit schemes to generate profit.  Crimes such as drug trafficking, migrant smuggling, human trafficking, money laundering, firearms trafficking, illegal gambling, extortion, counterfeit goods, wildlife and cultural property smuggling, and cyber crime are keystones within TOC enterprises.  Note that each of these crimes can have a maritime component.

Lone Criminal Act – This threat is contrasted with the lone wolf terrorist.  For example, a lone criminal could be an Active Shooter, who is defined as “an individual actively engaged in killing or attempting to kill people in a confined and populated area; in most cases, active shooters use firearms and there is no pattern or method to their selection of victims.  Recently, the word ‘shooter’ is often dropped because a method of attack can be by any means.  The semantic distinction may seem trivial but it is critical to security.  For example, instead of Active Shooter, in Israel the term used is ‘sacrificial attack.’  Other examples of lone criminals include a saboteur, who destroys or damages something deliberately, or a thief, who steals property, especially by stealth and without using force or violence.  Remember, a lone criminal as a threat can have a broad application.

Cyber Attack – This is the threat that is most likely to occur.  There are all sorts of cyber attacks occurring in today’s world.  Wikipedia characterizes these attacks as follows: 

  • Indiscriminate attacks - These attacks are wide-ranging, global and do not seem to discriminate among governments and companies.
  • Destructive attacks - These attacks relate to inflicting damage on specific organizations.
  • Cyber warfare - These are politically motivated destructive attacks aimed at sabotage and espionage.
  • Government espionage - These attacks relate to stealing information from/about government organizations.
  • Corporate espionage - These attacks relate to stealing data from corporations related to proprietary methods or emerging products/services.
  • Stolen email addresses and login credentials - These attacks relate to stealing login information for specific web-based resources.
  • Stolen credit card and financial data, stolen medical-related data – Attacks that gain access to personal data, resulting in compromised finances and personal information.

Civil Unrest – America’s civil stability is increasingly threatened and the dangers are now bigger than the collective episodes of violence we’ve witnessed in recent years.  Much civil unrest is characterized as low-intensity conflicts with episodic violence in constantly moving locales.  The question is whether our facility could be one of those locales.  What relationship does your facility have with the community outside your fence line?  How does your public reputation impact your perceived threat of civil unrest activity either on or adjacent to your facility?

Next week we’ll wrap up our look at facility security threats…

Also, did you know? …

Registering for either the Seebald & Associates Facility Security Officer Course (4-6 June) or Facility Security Officer Refresher Course (5 June) will enable you to attend the 2018 Facility Security Symposium (6-8 June in New Orleans) for free!  Register now to participate!  And, if you register by April 2, 2018, you’ll receive a one-year subscription to the Seebald & Associates Platinum Membership, a $925 value!