USCG CDC Maritime Security Listening Session
The US Coast Guard held the second of two Listening Sessions in Houston, TX on August 18th, to discuss the development of a CDC Maritime Security National Strategy. Fortunately for those of us not in the Houston area, the session was webcast.
The purpose of developing the Strategy is to reduce risks associated with the transport, transfer, and storage of Certain Dangerous Cargo (CDC) in bulk within the U.S. Marine Transportation System. While the Coast Guard had begun working with industry in 2009 to develop a way forward on CDC security in the maritime environment, Section 812 of the Coast Guard Authorization Act of 2010 required both a study of the issue (due to Congress in October) and a then a National Strategy (due by April 15, 2011) for the security of maritime transportation of “especially hazardous cargo.”
Consistent with the agenda given in the Federal Register Notice announcing the two sessions, the meeting started with a presentation, by Captain Kevin Keifer of the Coast Guard’s Office of Port and Facility Activities, the sponsor of the Listening Sessions. After reviewing the history of the development effort thus far, he pointed out the three themes or elements to be embedded in the strategy: Risk-based assessments, maritime domain awareness, and consequence management. An interesting comment, to me at least, was the suggestion that if an area was good at consequence management, it might not need to devote as much effort to prevention (and vice versa) This is a logical implication of the Risk Assessment Equation, Risk = Threat X Vulnerability X Consequence, but it isn’t usually suggested in the counter-terrorism context. Captain Keifer also listed the Goals included in the current working draft of the CDC Maritime Security National Strategy The Goals included the four identified in the Notice (with one non-substantive wording change), plus an additional one that is largely focused on the Coast Guard internally:
- Provide to internal and external stakeholders real-time national, regional, and local awareness of the risk of intentional attacks on the CDC Marine Transportation System.
- Consistently assess vulnerability to threats of intentional attacks on the CDC Marine Transportation System and mitigate the vulnerability to an acceptable level.
- Dynamically assess the potential consequences of intentional attacks on the CDC Marine Transportation System and capably mitigate, through coordinated response, the impact of a successful attack.
- Lead the development of national, regional, and local resiliency/recovery capability from successful attacks on the CDC Marine Transportation System.
- Establish the internal organization and processes, and external stakeholder relationships, to manage the national maritime CDC security program to an acceptable risk level.
At the conclusion of his presentation, Captain Kiefer turned the floor over to a “facilitator,” Matt Johnson of C & H Global Security, LLC, subcontractor to ABS Consulting, which is assisting the Coast Guard in developing the CDC Maritime Security National Strategy. Captain (USCG, Retired) Johnson noted that the Strategy was designed to deal with intentional attacks on the CDC Marine Transportation System (transit, transfer, and storage of CDCs in bulk in the maritime zone covered by USCG jurisdiction) and was also designed to be implemented across the Security Spectrum of Awareness, Prevention/Protection, Response, and Recovery, although some aspects might be quite difficult to accomplish. (There will ultimately be a companion implementation plan.) Not everything in the Strategy is new—much is being done already, but the Strategy is integrated. He then turned to the individual Goals.
Goal 1 embraces development of common operation picture displays for various command centers, identification of key maritime areas for resource prioritization, threat intelligence and information collection and sharing among stakeholders, dynamic risk modeling (including weather, cargo characteristics, and plume modeling), advance notice of and tracking of CDC transits, and modeling of response and recovery by geographic areas. Captain Johnson acknowledged that the sharing of threat information had historically been a problem, but, in the Strategy, the Coast Guard is committing to share it with industry.
Goal 2 deals with the Prevention/Protection component of the Security Spectrum and the Vulnerability element of the Risk Assessment Equation. It involves defining “acceptable risk” and a broad approach to mitigation, including the capability to model a “mix of deployable resources (public and private)” with other mitigation measures to reduce vulnerabilities. Captain Johnson admitted that the “real hard part” lies in defining “acceptable risk”—what we, as a nation, can afford to take as a hit. The Strategy is also looking at an “appropriate” mix of voluntary and mandatory standards. It’s easier to adopt voluntary standards, but they don’t ensure consistent implementation. Integration of public and private security is also envisioned, the questions being the right mix of private assets and how they are utilized.
Goal 3 deals with the Consequence element of the Risk Assessment Equation and the Response component of the Security Spectrum and includes the capability to dynamically assess local response preparedness, such as the extent to which another event is already taxing response capabilities. The Strategy envisions providing plume models to USCG Sector Commanders for risk assessments and integrating the assessment of local response capabilities into the acceptable risk model. Dynamic risk assessment would also consider such factors as current weather (which way the wind is blowing) and population factors (rush hour commuter traffic, central business district deserted at night). Ensuring capability to respond, whether public or private, is also necessary. This Goal raises the question of whether it is alright to allow the existence of a robust response/recovery capability to reduce the resources devoted to prevention. Another important question is whether industry stakeholders should be required to have stand-by contracted response capabilities, as is required for possible oil spills.
Goal 4 also deals with the Consequence element of the Risk Assessment Equation, as well as the Recovery component of the Security Spectrum. It involves assessment of local recovery capabilities and development of recovery/resiliency plans. The development of plans raises the issue of standards. Recovery capabilities should be integrated into the acceptable risk model. Secondary as well as primary impacts need to be considered. Key questions include what proportion of capability recovered would be deemed sufficient for “recovery” in the medium term and the appropriate amount of redundancy. From the national standpoint, how much planning for rerouting should there be.
Goal 5 focuses on the Coast Guard’s program management for this low-probability, high-risk threat. An implementation plan is needed and the program must be managed according to the plan. This Goal embraces standards development, accountability through agreements with other stakeholders, some level of compliance by industry with voluntary standards, and internal USCG organization and resource issues.
After that exposition, Captain Johnson earnestly solicited comments from the attendees. As indicated in the Federal Register Notice, the Coast Guard’s primary interest was to obtain stakeholder input on the goals the Service has identified and how best to implement those goals under “a ‘shared responsibility’ paradigm.” No one was so crass as to attack shared responsibility directly; rather concerns were raised that the USCG be adequately resourced to do the job. Another commentator suggested that the Coast Guard could expect industry stakeholders to respond to a terrorist attack by following their Vessel and Facility Security Plans, but not by interdicting any aggressive forces, which would be a purely governmental function. The industry response would not be much different from the response to an accident or natural disaster.
Other issues addressed by more than one speaker included the concern that any USCG security requirements might have impacts on competitiveness, either by driving shippers to truck or rail transport (which were seen as less efficient, less safe, and less secure) or by giving an advantage to marine operators who were less meticulous about complying with voluntary standards. Multiple speakers also urged that any new security requirements be driven by real security needs–not by public perceptions or for the sake of appearing to do something–and that they have real security value. A number also stressed the need for national consistency in requirements, rather than local rules, and a uniform input system. Two commentators addressed public perceptions as a dangerous issue because of hysterical reactions to security situations. The Coast Guard should be prepared to defend itself and industry from being “heavily vilified,” particularly in an incident where the assessed availability of robust response/recovery capabilities had led to relaxation of prevention efforts. Education and outreach were called for, as people who are familiar with chemical facilities are “not so afraid of them.”
Other interesting comments included the suggestion that the Jones Act provided a certain risk reduction through US ownership and manning. One speaker pointed out that inland waterways transportation doesn’t involve ships and they can’t be lumped together. He also commented that supposedly high-consequence events may not actually be that high-consequence, citing some maritime accidents involving CDCs. In response to a comment suggesting that risk assessment could not involve blanket rules, Captain Johnson stressed the emphasis in the Strategy on dynamic risk modeling as a “more surgical approach to security” is needed. In response to a question about securing the rest of the CDC supply chain, he noted that it would be nice if the Strategy was designed to plug seamlessly into strategies for reducing risks in other transportation modes, but the Coast Guard could only deal with matters within its jurisdiction and one had to start somewhere.
Only about ten people offered comments, after which the comment session was closed. Captain Keefer offered two points in wrapping up: The details would come in the implementation plan and the Coast Guard needs continued assistance from the industry to develop a methodical approach to CDC maritime security. Comments can be submitted to the Coast Guard through the end of September at firstname.lastname@example.org.
NOTE: This post may be copied, distributed, and displayed and derivative works may be based on it, provided it is attributed to Maritime Transportation Security News and Views by John C. W. Bennett,http://mpsint.com.