The General Roles and Responsibilities of Owners & Operators of Regulated Maritime Transportation Security Act for 33 CFR Facilities and Outer Continental Shelf Facilities.

What are the roles and responsibilities of owners and operators of 33 CFR Maritime Transportation Security Act (MTSA) Facilities and Outer Continental Shelf (OCS) Facilities?

Many of our Seebald & Associates International blogs over the past several years have focused on 33 CFR Part 105 Facility Security Officers (FSOs), Maritime Personnel with Security Duties (PSD) and more recently Part 106 OCS Company Security Officers (CSO)/OCS FSOs.  In this month of May 2019, we will bring you some important information about maritime security management and organization roles and responsibilities for 33 CFR Part 105 & 106 facilities.  

The absolute responsibility for a regulated facility’s security management regime starts and ends with the owners and operators.  While 33 CFR Parts 105 & 106 Subparts B, C and D sections are most familiar to CSOs and FSOs, Subpart Part A – General, identifies several mandatory requirements that owners and operators are responsible for. 

Why is this important for CSOs/FSOs to know?  In a successful maritime security regime, it makes strong operational sense for CSOs/FSOs to know and fully understand all the requirements below their positions and above.  The regulations permit owners and operators of facilities to designate personnel with the CSO and FSO duties in a relegated fashion, but regardless of designation, owners and operators are ultimately responsible in the eyes of the regulator, the U. S. Coast Guard.  Any security non-compliance issues may result in a citation to the owner and operator, CSO or FSO, and any critical citations may impact the facility’s ability to conduct its normal operations.  These mandatory requirements can result in loss of profits, productivity and services, and can impact shareholder opinion of how their investments are being managed.

Areas of 33 CFR Parts 105 & 106 Subpart A of significance are Applicability, Exemptions, Compliance dates, Compliance documentation, Non-compliance, Maritime Security (MARSEC) Directives and Rights of Appeal. 

  • Applicability - describes to owners and operators all the types of facilities and OCS facilities that are regulated under 33 CFR and required to have maritime security regimes in order to operate.
  • Exemptions - describe circumstances that owners and operators can expect to not comply with as long as they follow the local U.S. Coast Guard Captain of the Port (COTP) conditions. Failure to follow the COTP conditions may result in an exemption being withdrawn and the owners and operators must then comply with all the 33 CFR maritime security regime requirements.
  • Compliance dates – establishes mandatory dates the owners and operators must have their facility’s maritime security regime in place in order to operate. In some cases, interim FSPs and security operations are approved pending final submissions. For example, during the construction, drilling and production phases of OCS facility operations, owners and operators must demonstrate to the COTP/Officer in Charge Marine Inspection for the Gulf of Mexico (U.S. Coast Guard District 8 OCS Division), they incorporate appropriate security measures throughout each phase and give advanced notice as to when they are shifting from one phase to another.  Following the initial facility security assessment and FSP, there are set compliance dates going forward for renewals of the facility’s security regime requirements. 
  • Compliance documentation – directs owners and operators which security regime records are to be kept and the duration of required maintenance. Also directs the five-year resubmission and approval cycle for the FSP.
  • Non-compliance – defines actions taken by the owner or operator when the facility must temporarily deviate from Subpart A requirements.
  • MARSEC Directives – specify each owner or operator subject to Subpart A must comply with instructions contained in a MARSEC Directive issued under 33 CFR Part 101.405.
  • Rights of Appeal – states any person directly affected by a decision or action taken under Subpart A, by or on behalf of the U.S. Coast Guard may appeal as described in Part 101.420.

CSOs and FSOs of CFR Parts 105 & 106, knowing the roles and responsibilities of your owners and operators will help you help them, especially when new persons come on board your facilities in leadership or management roles of your maritime security regime and have no prior experience with MTSA requirements.  Remember any violation issued by U.S. Coast Guard security compliance inspectors is permanently recorded in a database that is shared across the Coast Guard.

Owners and operators, security directors and managers, to ensure your plan renewals and announced and unannounced U.S. Coast Guard compliance inspections will pass training standards, register your CSOs, FSOs/Alternates to attend a U.S. Coast Guard approved Seebald & Associates CSO/FSO training course.  To view a list of current and upcoming courses and for more information on how to register for a course visit www.seebald.com.

The United States Coast Guard formally approved Seebald & Associates’ Outer Continental Shelf Facility Security Officer Course confirming that this course adheres to the rigorous standards specified in Coast Guard regulations and policies.  This course meets the Maritime Transportation Security Act of 2002 professional competencies of Outer Continental Shelf Facility Security Officers and Company Security Officers, and joins Seebald & Associates’ Facility Security Officer and Personnel with Security Duties courses that have also been approved by the Coast Guard.  The newly approved course has two near-term convenings, April 16-18 in Houston, TX and July 16-18 in New Orleans, LA.  Visit www.seebald.com to register today, courses fill up quickly.

This is the first Coast Guard approved course specifically for 33 CFR Part 106 OCS facilities. This approved course is a milestone for the marine industry and maritime security training and consulting community.  Coast Guard regulations ensure that approved training courses cover all required topics for the complex marine industry.  Course approval also indicates that the instructors are themselves experienced and knowledgeable, and the course employs professional training and evaluation techniques to ensure the students learn and retain the required knowledge.

The offshore industry is a cornerstone component of our nation’s energy infrastructure and the marine transportation system.  With the United States now being a major exporter and the world’s leading producer of oil and gas, security in the offshore energy sector is more important than ever.  Economic terrorism, piracy, internal threats, inter-state conflicts, transnational organized crime, civil protests, and cyber-attacks are all global security threats that the industry must prepare for. 

Seebald and Associates is proud to contribute to the security of the industry through this newly approved training course, and through our other services.  Seebald and Associates strongly believes that professional training is the foundation of any security program.  Well trained personnel keep their facilities in compliance – and their fellow workers secure.

Seebald and Associates is an active supporting member of the Gulf of Mexico Area Maritime Security Committee. Coast Guard inspectors are coming so be sure to remain in compliance by having your personnel properly trained, your annual compliance audits up to date and your facility security assessments and facility security plans inspection ready.  The cost for losing any production time is extremely high at a time when the nation’s dependency on oil and gas production is at its peak. 

As mentioned above, our first approved course is scheduled for April 16-18, 2019 in Houston, TX, with our business associate J Conner Consulting Inc, a leader in offshore safety and risk management, providing the venue.  The second course is scheduled for July 16-18, 2019 in New Orleans, LA.  Registration is currently open for both courses.

“Approved and Certified?” - Not All Maritime Security Training Is the Same - How do you choose the right Course?

Will you choose a U.S. Coast Guard “approved” maritime security training course or not?  If you own or operate a Maritime Transportation Security Act of 2002 & 2010 (MTSA), 33 CFR Part 105 or 106 regulated port facility or outer continental shelf (OCS) facility your Facility Security Officer, Personnel with Security Duties and All Others are required by regulation to be trained.  Seebald & Associates International is your go-to U.S. Coast Guard “approved” training course.  Each regulated entity must have designated security officers and personnel whose duties are to conduct security activities.  MTSA 2002 & 2010 mandate that security personnel must be trained and certified.  While maritime security training courses and classes have been offered the past 16 years stemming from the MTSA requirements, “Not All Maritime Security Training Is the Same”.

To choose a fully qualified and Coast Guard approved security training course provider, the process is very simple,  click on this link https://www.dco.uscg.mil/Portals/9/NMC/pdfs/courses/courses.pdf for the National Maritime Center (NMC) and it should take  you to the NMC’s approved courses list and it will offer you a search function which will confirm whether the course you want is U.S. Coast Guard approved/accepted.  While conducting MTSA compliance inspections U.S. Coast Guard security inspectors must review training records of your security personnel, having them attend, complete and graduate with a certificate from a Coast Guard approved Seebald & Associates course will attest that your personnel have met the U.S. Coast Guard’s rigorous standards. 

In conversations with U.S. Coast Guard security inspectors, they can tell which companies’ security personnel have attended Seebald & Associates MTSA security training.  They can also tell which companies have engaged Seebald & Associates for their annual compliance audits, facility security assessments and facility security plans.  If you need maritime security training, annual compliance audits, facility security assessments or facility security plan development please contact us at www.seebald.com.   Our courses fill rapidly so check our website often for a course that fits your schedule.   

Keeping Business Moving While Stopping Threats 

Last week we defined and explained credentialing and screening.  These activities are vital components of any security program, but we know that they can be tedious, time consuming, and prone to error.  How can we keep business moving while stopping threats?

The TWIC checks that are at the heart of credentialing are problematic, especially for facilities with a high volume of TWIC holders.  Pull out your TWIC and check the photo against that handsome face in the mirror, then check the expiration date against today’s date – what year is it anyway?  Then check the holograms, the condition of the laminate, and the other security features.  Now repeat the process with other TWICs a few dozen times in the next half hour.    Eyes looking down and glazing over, or up and alert to your surroundings?  By the way, the line is growing.  Feeling secure? 

Human beings just aren’t good at this kind of task.  Fortunately, TWICs are designed to be read by machines.  That gold square at the bottom isn’t there for decoration, it has an antenna for contactless reading, and a chip packed with information.  An electronic reader can validate the TWIC and compare it to the CCL, or Canceled Credential List.  If an individual is convicted of certain serious crimes, or is placed on a terrorist watch list, their name is placed on the CCL, effectively canceling their TWIC if they hold one, and preventing them from obtaining a new or replacement TWIC.  This CCL check is only possible with an electronic reader.

Like all electronics, TWIC readers have dropped in price and increased their capability and reliability since they were first introduced.  Most electronic readers I’ve seen work in a few seconds – less time than it takes to conduct even a cursory manual check.  Some work in non-biometric mode, which still require a visual comparison of the individual to the photo, but electronically validate the TWIC and compare it to the CCL.  For Group B facilities, which aren’t required to do a biometric check, this may be an ideal and affordable option. 

While improving speed and reliability, electronic TWIC readers also allow human beings to do what human beings do better than machines – evaluating the individual for suspicious behavior while remaining alert to the general surroundings for other security concerns.  This combination of increased speed and reliability, while allowing your PSD to observe human behavior, makes electronic readers a good choice, especially for high volume facilities. 

Once your PSD have validated the TWIC, how do they then select individuals for screening?  At MARSEC 1, your FSP or VSP probably specifies some percentage of all arrivals for screening.  A common but poor practice is to screen on a steady, rotational basis, such as every 5th arrival to achieve a 20% screening rate.  This creates an easily observable and avoidable pattern.  I’d bet you dollars to donuts that regular employees (also known as insider threats) are quite aware of any existing pattern.  External threats need only the ability to watch your main gate for a few hours and count to arrive at the same information.  Arrive in between the pre-determined screening points and you in the clear. 

A much better approach is to select persons and vehicles for screening on a random basis.  Unpredictability is the relevant security principle in this case.  If threat actors can’t predict when they might be subject to screening, they can’t predict when they might get caught. 

So how do you make that random determination?  Any way that works.  We recommend the “marble method”, where your security guards pull a marble out of a jar when someone arrives.  A given percentage of the marbles are a certain color, and those lucky individuals get screened.  Gumballs in a machine, a roll of the dice, a spinner from a game board, there are many ways to do this.  There are also electronic devices that will randomly generate a “screen or not screen” decision for you.  Whatever method you use, your PSD should have the discretion to select additional arrivals for screening if they have any concerns. 

A description of actual screening techniques is better suited to a classroom than a blog, but I’ll mention that if screening an individual with a vehicle, it is best to ask the person to exit the vehicle, screen the person first, and then the vehicle, all the while keeping the individual in sight.  Hand held metal detectors, mirrors, cameras, and lighting can make the process speedy and effective.  Be sure you have sufficient space for your PSD to conduct screening without stepping into traffic or other safety hazards.  Designing your gate area to allow other traffic to continue while screening promotes security, safety, and keeps business moving. 

While improving your credentialing and screening practices can’t guarantee security for all possible scenarios, they can make your facility or vessel a less attractive target for both insider and external threats.  By focusing on an area that all crew, workers, visitors, and Coast Guard inspectors experience, you will minimize compliance and operational risk, and promote a strong security culture. 

Who and What is Allowed on Board Anyway?

Knowing who and what comes across your brow or through your gate is a fundamental security procedure.  Coast Guard regulations describe this as “access control”, and all Vessel and Facility Security Plans include this process.

While the concept of access control is simple, some of the terms and techniques can be misunderstood.  This can lead to regulatory problems and poor security practices, potentially letting unauthorized persons or dangerous substances and devices on board.

We’ll begin with credentialing.  We all know that TWIC, the Transportation Worker Identification Credential, is a vital component of any access control program.  Coast Guard regulations are unusually prescriptive as to how your Personnel with Security Duties are supposed to validate a TWIC.  But before we get into that procedure, note that the “C” in TWIC stands for credential, not card.  Why is that?  As I’ve explained at FSO classes, a credential is something you get after some vetting or testing.  Anyone can get a library card (and everyone should), but only people who have passed a federal background check are entitled to a TWIC. 

The rigorous application and vetting process to obtain a TWIC enables you to determine who you allow on board with confidence – but your Personnel with Security Duties must do their part.  Coast Guard regulations specify that your PSD must either use an electronic reader or manually compare the photo with the individual, check the expiration date, and examine the various security features of the TWIC to confirm it is not counterfeit or tampered with.  This credentialing process, if done manually, can be tedious even for alert PSD, but it is vital.   

Before we move on to screening, it is worth pointing out that the list of disqualifying offences for TWIC is not a comprehensive list of every crime from jaywalking on up.  On the contrary, it is a fairly short list of terrorism related and other quite serious crimes.  Holding a TWIC does not entitle you to date my daughters (as if they would listen to me).  My point is that if an individual is using a bogus TWIC because they can’t get their own TWIC you really don’t want them on board – which is why it is so important that your PSD credential and screen properly.

Credentialing helps you keep out dangerous individuals.  Screening is focused on dangerous substances or devices.  The Coast Guard defines screening as the “reasonable examination of persons, cargo, vehicles, or baggage….to ensure that dangerous substances and devices, or other items that pose a real danger of violence or a threat to security are not present.” 

Screening is not searching.  Searching is a term used in the law enforcement community, and refers to a more intrusive process than your PSD have the legal authority to employ.  While less intrusive than a search, proper screening procedures can detect and deter the introduction of weapons and other dangerous devices and substances.  Screening may employ metal detectors, mirrors for checking the undercarriage of vehicles, scanning devices for luggage and packages, and, most importantly, careful observation by your PSD. 

The frequency and exact techniques used for screening will vary with individual FSP/VSPs, and with the MARSEC level, but Coast Guard regulations require some level of screening at all times.  At elevated MARSEC levels, your access program should “increase the frequency and detail of the screening of persons, baggage, and personal effects for dangerous substances and devices” (33 CFR 105.255). 

At all MARSEC levels training is key.  A PSD who has never seen a cargo container up close, or the underside of a truck won’t be effective at detecting tampering, even with all the mirrors, lighting, and cameras money can buy.  

Smart policies in combination with well trained and properly equipped PSD are vital to any access control system.  We’ll talk more about how to improve the efficiency and effectiveness of your credentialing and screening procedures next week.  In the meantime, take the time to actually observe your PSD as they carry out their access control duties.  How confident are you in your first line of defense?