Implementation of National Maritime Security Initiatives
Temporary Interim Rule With Request For Comments And Notice Of Meeting.
The Coast Guard has published a series of six interim rules in today's Federal Register to promulgate maritime security requirements mandated by the Maritime Transportation Security Act of 2002. The six interim rules consist of: Implementation of National Maritime Security Initiatives; Area Maritime Security; Vessel Security; Facility Security; Outer Continental Shelf Facility Security; and Automatic Identification System. In addition to the Automatic Identification System interim rule, we have issued a separate request for comments for further expanding the implementation of the Automatic Identification System. The series of interim rules addresses security assessments and plans, as well as other security standards, measures, and provisions that, with the exception of Automatic Identification System, will be codified in the new subchapter H of Title 33 of the Code of Federal Regulations.
This interim rule, the Implementation of National Maritime Security Initiatives, establishes the general regulations for subchapter H. It does so by providing a comprehensive discussion of industry-related maritime security requirements and a summary of the cost and benefit assessments of the entire suite of interim rules. The alignment of domestic maritime security requirements with the International Ship and Port Facility Security Code and recent amendments to the International Convention for the Safety of Life at Sea is also addressed here.
The discussions provided within each of the other five interim rules are limited to the specific requirements they contain.
1 action from July 2003
- Temporary Interim Rule
Table of Contents Back to Top
- FOR FURTHER INFORMATION CONTACT:
- SUPPLEMENTARY INFORMATION:
- Request for Comments
- Public Meetings
- Regulatory Information
- Background and Purpose
- Coordination With the SOLAS Requirements
- Impact on Existing Domestic Requirements
- Applicability of National Maritime Security Initiatives
- Method of Assessment
- Principles of Risk Management
- Process of Developing Maritime Security Risk Assessments
- What Was Assessed
- Maritime Security Incident Scenarios
- Assessment Results
- Applicability Evaluation for Ports
- Applicability Evaluation for Vessels
- Passenger Vessel Threshold Determination
- Gross Tonnage Threshold Determination
- AIS Threshold Determination
- Applicability Evaluation for Facilities
- Applicability Evaluation for Outer Continental Shelf (OCS) Facilities
- Assessment Limitations
- Discussion of Comments to Maritime Security Public Meetings
- Specific Comments on the 40 Issues Listed in the Public Notice
- Port Security Provisions
- Vessel Security Provisions
- Facility Security Provisions
- Other Security Provisions
- Discussion of Interim Rule
- Part 101—Subpart A—General
- Part 101—Subpart B—Maritime Security Levels
- Part 101—Subpart C—Communication
- Part 101—Subpart D—Control Measures for Security
- Part 101—Subpart E—Other Provisions
- Part 102—National Maritime Transportation Security Plan
- Incorporation by Reference
- Regulatory Assessment
- Summary of Changes in the Cost Assessment From the Meeting Notice
- Cost Assessment Summary
- Vessel Security
- Facility Security
- OCS Facility Security
- Port Security
- Automatic Identification System (AIS)
- Maritime Security Levels 2 and 3
- The U.S. Marine Transportation System
- The Ripple Effect of Port Closures on the U.S. Economy
- Benefit Assessment
- Why We Measured Benefits Using the N-RAT
- Results of the N-RAT Based Assessment
- Results of the N-RAT
- Small Entities
- Assistance for Small Entities
- Collection of Information
- Unfunded Mandates Reform Act
- Taking of Private Property
- Civil Justice Reform
- Protection of Children
- Indian Tribal Governments
- Energy Effects
- Trade Impact Assessment
- List of Subjects
- SUBCHAPTER H—MARITIME SECURITY
- PART 101—GENERAL PROVISIONS
- Subpart A—General
- Subpart B—Maritime Security (MARSEC) Levels
- Subpart C—Communication (Port-Facility-Vessel)
- Subpart D—Control Measures for Security
- Subpart E—Other Provisions
- PART 101—GENERAL PROVISIONS
- Subpart A—General
- International Maritime Organization (IMO)
- Subpart B—Maritime Security (MARSEC) Levels
- Subpart C—Communication (Port—Facility—Vessel)
- Subpart D—Control Measures for Security
- Subpart E—Other Provisions
- PART 102—NATIONAL MARITIME TRANSPORTATION SECURITY [RESERVED]
Tables Back to Top
- Table 2.—Consequence
- Table 3.—Comparison of Estimated Fatalities by Mode and Type of Incident
- Table 4.—Equivalent Terms
- Table 5.—Relation Between HSAS, MARSEC Levels and SOLAS-Required Security Levels
- Table 6.—Summary of Changes Made to Cost Assessment
- Table 7.—Annual Risk Points Reduced by the Interim Rules
- Table 8.—First-Year and 10-Year PV Cost and Benefit of the Interim Rules
- Table 9.—Summary of Initial and Annual Burden Hours and Costs
- Table 101.205.—Relation Between HSAS and MARSEC Levels
DATES: Back to Top
Effective date. This interim rule is effective from July 1, 2003 until November 25, 2003. On July 1, 2003, the Director of the Federal Register approved the incorporation by reference of certain publications listed in this rule.
Comments. Comments and related material must reach the Docket Management Facility on or before July 31, 2003. Comments on collection of information sent to the Office of Management and Budget (OMB) must reach OMB on or before July 31, 2003.
Meeting. A public meeting will be held on July 23, 2003, from 9 a.m. to 5 p.m., in Washington, DC.
ADDRESSES: Back to Top
Comments. To ensure that your comments and related material are not entered more than once in the docket, please submit them by only one of the following means:
(1) Electronically to the Docket Management System at http://dms.dot.gov.
(2) By mail to the Docket Management Facility (USCG-2003-14792) at the U.S. Department of Transportation, room PL-401, 400 Seventh Street SW., Washington, DC 20590-0001.
(3) By fax to the Docket Management Facility at 202-493-2251.
(4) By delivery to room PL-401 on the Plaza level of the Nassif Building, 400 Seventh Street SW., Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. The telephone number is 202-366-9329.
You must also mail comments on collection of information to the Office of Information and Regulatory Affairs, Office of Management and Budget, 725 17th Street NW., Washington, DC 20503, Attn: Desk Officer, U.S. Coast Guard.
Meeting. A public meeting will be held on July 23, 2003 in Washington, DC at the Grand Hyatt Washington, DC, 1000 H Street, NW., Washington, DC 20001.
Availability. You may inspect the material incorporated by reference at room 2110, U.S. Coast Guard Headquarters, 2100 Second Street SW., Washington, DC 20593-0001 between 8 a.m. and 4 p.m., Monday through Friday, except Federal holidays. The telephone number is 202-267-0257. Copies of the material are available as indicated in the “Incorporation by Reference” section of this preamble.
FOR FURTHER INFORMATION CONTACT: Back to Top
If you have questions on this rule, call Commander Suzanne Englebert (G-M-1), U.S. Coast Guard by telephone 202-267-1103, toll-free telephone 1-800-842-8740 ext. 7-1103, or by electronic mail email@example.com. If you have questions on viewing or submitting material to the docket, call Dorothy Beard, Chief, Dockets, Department of Transportation, telephone 202-366-5149.
SUPPLEMENTARY INFORMATION: Back to Top
Due to the short timeframe given to implement these National Maritime Transportation Security initiatives, as directed by the Maritime Transportation Security Act (MTSA) of 2002 (MTSA, Public Law 107-295, 116 Stat. 2064), and to ensure all comments are in the public venue for these important rulemakings, we are not accepting comments containing protected information for these interim rules. We request you submit comments, as explained in the Request for Comments section below, and discuss your concerns or support in a manner that is not security sensitive. We also request that you not submit proprietary information as part of your comment.
The Docket Management Facility maintains the public docket for this rulemaking. Comments and material received from the public, as well as documents mentioned in this preamble as being available in the docket, will be available for inspection or copying at room PL-401 on the Plaza level of the Nassif Building, 400 Seventh Street SW., Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. You may also find this docket on the Internet at http://dms.dot.gov.
Electronic forms of all comments received into any of our dockets can be searched by the name of the individual submitting the comment (or signing the comment, if submitted on behalf of an association, business, labor unit, etc.) and is open to the public without restriction. You may also review the Department of Transportation's complete Privacy Act Statement published in the Federal Register on April 11, 2000 (65 FR 19477-78), or you may visit http://dms.dot.gov/.
Request for Comments Back to Top
We encourage you to participate in this rulemaking by submitting comments and related material. Your comments will be considered for the final rule we plan to issue before November 25, 2003, to replace this interim rule. If you choose to comment on this rule, please include your name and address, identify the specific docket number for this interim rule (USCG-2003-14792), indicate the specific heading of this document to which each comment applies, and give the reason for each comment. If you have comments on another rule please submit those comments in a separate letter to the docket for that rulemaking.
You may submit your public comments and material electronically, by fax, by delivery, or by mail to the Docket Management Facility at the address under ADDRESSES. Please submit your public comments and material by only one means. If you submit them by mail or delivery, submit them in an unbound format, no larger than 81/2by 11 inches, suitable for copying and electronic filing. If you submit them by mail and would like to know that they reached the Facility, please enclose a stamped, self-addressed postcard or envelope. We will consider all comments and material received during the comment period.
Public Meetings Back to Top
We will hold a public meeting on July 23, 2003, in Washington, DC at the Grand Hyatt Hotel, at the address listed under ADDRESSES. The meeting will be from 9 a.m. to 5 p.m. to discuss all of the maritime security interim rules, and the Automatic Identification System (AIS) interim rule, found in today's Federal Register. In addition, you may submit a request for other public meetings to the Docket Management Facility at the address under ADDRESSES explaining why another one would be beneficial. If we determine that other meetings would aid this rulemaking, we will hold them at a time and place announced by a later notice in the Federal Register.
Regulatory Information Back to Top
We did not publish a notice of proposed rulemaking (NPRM) for this rulemaking and are making this rule effective upon publication. Section 102(d)(1) of the MTSA requires the publication of an interim rule as soon as practicable without regard to the provisions of chapter 5 of title 5, U.S. Code (Administrative Procedure Act). The MTSA also states that any interim rule issued to implement its provisions shall expire on November 25, 2003, unless it has been superseded by a final regulation. The Coast Guard finds that harmonization of U.S. regulations with maritime security measures adopted by the International Maritime Organization (IMO) in December 2002, and the need to institute measures for the protection of U.S. maritime security as soon as practicable, furnish good cause for this interim rule to take effect immediately under both the Administrative Procedure Act and section 808 of the Congressional Review Act.
Background and Purpose Back to Top
In the aftermath of September 11, 2001, the Commandant of the Coast Guard reaffirmed the Coast Guard's Maritime Homeland Security mission and its lead role—in coordination with the Department of Defense; Federal, State, and local agencies; owners and operators of vessels and marine facilities; and others with interests in our nation's Marine Transportation System—to detect, deter, disrupt, and respond to attacks against U.S. territory, population, vessels, facilities, and critical maritime infrastructure by terrorist organizations.
In November 2001, the Commandant of the Coast Guard addressed the IMO General Assembly, urging that body to consider an international scheme for port and shipping security. Recommendations and proposals for comprehensive security requirements, including amendments to International Convention for Safety of Life at Sea, 1974, (SOLAS) and the new ISPS Code, were developed at a series of intersessional maritime security work group meetings held at the direction of the IMO's Maritime Safety Committee.
The Coast Guard submitted comprehensive security proposals in January 2002 to the intersessional maritime security work group meetings based on work we had been coordinating since October 2001. Prior to each intersessional meeting, the Coast Guard held public meetings as well as coordinated several outreach meetings with representatives from major U.S. and foreign associations for shipping, labor, and ports. We also discussed maritime security at each of our Federal Advisory Committee meetings and held meetings with other Federal agencies having security responsibilities.
In January 2002, the Coast Guard also held a 2-day public workshop in Washington, DC, attended by more than 300 individuals, including members of the public and private sectors, and representatives of the national and international marine community (66 FR 65020, December 17, 2001; docket number USCG-2001-11138). Their comments indicated the need for specific threat identification, analysis of threats, and methods for developing performance standards to plan for response to maritime threats. Additionally, the public comments stressed the importance of uniformity in the application and enforcement of requirements and the need to establish threat levels with a means to communicate threats to the Marine Transportation System.
At the Marine Safety Committee's 76th session and subsequent discussions internationally, we considered and advanced U.S. proposals for maritime security that took into account this public and agency input. The Coast Guard considers both the SOLAS amendments and the ISPS Code, as adopted by IMO Diplomatic Conference in December 2002, to reflect current industry, public, and agency concerns. The entry into force date of both the ISPS Code and related SOLAS amendments is July 1, 2004, with the exception of the Automatic Identification System (AIS) whose implementation for vessels on international voyages was accelerated to no later than December 31, 2004, depending on the particular class of SOLAS vessel.
Domestically, the Coast Guard had previously developed regulations for security of large passenger vessels that are contained in 33 CFR parts 120 and 128. Complementary guidance can be found in Navigation and Vessel Inspection Circular (NVIC) 3-96, Change 1, Security for Passenger Vessels and Passenger Terminals. Prior to development of additional regulations, the Coast Guard, with input from the public, needed to assess the current state of port and vessel security and their vulnerabilities. As mentioned previously, to accomplish this, the Coast Guard conducted a public workshop January 28-30, 2002, to assess existing Marine Transportation System security standards and measures and to gather ideas on possible improvements. Based on the comments received at the workshop, the Coast Guard cancelled NVIC 3-96 (Security for Passenger Vessels and Passenger Terminals) and issued a new NVIC 4-02 (Security for Passenger Vessels and Passenger Terminals), developed in conjunction with the International Council of Cruise Lines, that incorporated guidelines consistent with international initiatives (the ISPS Code and SOLAS). Additional NVICs were also published to further guide maritime security efforts, including NVIC 9-02 (Guidelines for Port Security Committees, and Port Security Plans Required for U.S. Ports), NVIC 10-02 (Security Guidelines for Vessels); and NVIC 11-02 (Security Guidelines for Facilities). The documents are available in the public docket (USCG-2002-14069) for review at the locations under ADDRESSES.
On November 25, 2002, President George W. Bush signed into effect Public Law 107-295, MTSA, 2002, which had been proposed to Congress the year before as the Port and Maritime Security Act (S. 1214). The MTSA requires the Secretary to issue an interim rule, as soon as practicable, as a temporary regulation to implement the Port Security section of the Act. The MTSA expressly waives the requirements of the Administrative Procedure Act, including notice and comment, for this purpose.
Nevertheless, the Coast Guard, in coordination with other agencies of the Department of Homeland Security (DHS) (e.g., the Transportation Security Administration (TSA)) and the Department of Transportation (e.g., the Maritime Administration (MARAD)), held seven public meetings in areas of high maritime interest to engage the public in discussions about the impact of its maritime security requirements. Prior to issuing this interim rule, the Coast Guard wanted to receive preliminary comments that helped to structure the rulemakings published today. The seven public meetings were announced in a “notice of meeting; request for comment” document that was published in the Federal Register on December 20, 2002 (67 FR 78742). The comprehensive notice of meeting requested comments addressing 40 issues as well as comments on the concepts presented in the ISPS Code and the MTSA. Comments made during the public meetings and those submitted to the public docket are available in the public docket (USCG-2002-14069) for review at the locations under ADDRESSES. A discussion of these comments is contained in this preamble under the Discussion of Comments to Maritime Security Public Meetings. The Coast Guard plans to publish a final rule by November 2003. This date is critical to meeting the timeline set in the MTSA for finalizing these security requirements. It is just as critical in order to uniformly implement the ISPS Code and SOLAS amendments.
To comply with the mandates of the MTSA, the Coast Guard is implementing portions of section 102 of the MTSA (46 U.S.C. sections 70102, 70103b through 70103d, 70104, 70114, and 70117) through this and a series of five other interim rules published elsewhere in today's Federal Register. Within this common preamble, we will generally discuss each of the six interim rules. This common preamble will also discuss the National Maritime Transportation Security Plan, found in 46 U.S.C. 70103a, transportation security cards, found in 46 U.S.C. 70105, and foreign port assessments, found in 46 U.S.C. 70108, as they relate to the requirements established in the six interim rules.
Organization Back to Top
As already stated, we have segmented the maritime security regulations into six separate interim rules. The entire series of rulemakings establishes a new subchapter H, containing six new parts, in Title 33 of the Code of Federal Regulations. For the ease of reading and comprehension, the rulemakings were written to highlight each segment of the maritime community and structured based on the organization of the regulations rather than in one single interim rule. A brief description of each of the six interim rules follows:
1. Implementation of National Maritime Security Initiatives. This general discussion includes the introduction of the new subchapter H into Title 33 of the Code of Federal Regulations. It also discusses the General Provisions within part 101 of that subchapter, and reserves part 102 for the National Maritime Security plan and Advisory Committee requirements. This discussion covers the overall methodology we used to determine the appropriate application of security measures in accordance with the MTSA. A summary of the costs and benefits associated with implementing security requirements used for subchapter H are presented as well as a discussion of the security-related benefit for AIS. The requirements set out in this interim rule include the definitions for the entire subchapter and the provisions that pertain to all parts. It is strongly recommended that this interim rule be read prior to consulting one or more of the other specific parts or the AIS interim rule, which are published elsewhere in today's Federal Register, to ensure terms and applicability issues are understood. Additionally, the preamble to this interim rule includes a discussion of the comments made during the public meetings held on Maritime Security in January and February of 2003 and the comments submitted to the docket [USCG-2002-14069] that were received by February 28, 2003. All comments received after February 28, 2003, will be considered prior to the issuance of the final rules.
2. Area Maritime Security (AMS). The discussion in the preamble of the “Area Maritime Security” (USCG-2003-14733) interim rule found elsewhere in today's Federal Register relates to the provisions within part 103 of subchapter H. Discussions about cost and benefit assessment for the Area Maritime Security regulations are also found in the Area Maritime Security preamble.
3. Vessel Security. The discussion in the preamble of the “Vessel Security” (USCG-2003-14749) interim rule found elsewhere in today's Federal Register relates to the provisions within part 104, titled Vessel Security, of subchapter H. It also includes a discussion of the additional parts of 33 CFR and 46 CFR amended or revised by the Vessel Security interim rule. Discussions about cost and benefit assessments for the vessel security regulations are found in the preamble of the interim rule “Vessel Security.”. Consistent with customary international law, the requirements in part 104 do not apply to vessels engaged in innocent passage through the territorial sea of the U.S. or in transit passage through the navigable waters of the U.S. that form part of an international strait.
4. Facility Security. The discussion in the preamble of the “Facility Security” (USCG-2003-14732) interim rule found elsewhere in today's Federal Register relates to the provisions within part 105, titled Facility Security, of subchapter H. Discussions about cost and benefit assessments for the facility security regulations are found in the preamble of the interim rule “Facility Security.”
5. Outer Continental Shelf (OCS) Facility Security. The discussion in the preamble of the “Outer Continental Shelf Facility Security” (USCG-2003-14759) interim rule found elsewhere in today's Federal Register relates to the provisions within part 106, titled “Outer Continental Shelf Facility Security,” of subchapter H. Discussions about cost and benefit assessments for the OCS facility security regulations are found in the preamble of the interim rule “Outer Continental Shelf Facility Security.”
6. Automatic Identification Systems (AIS). The discussion in the preamble of the “Automatic Identification System; Vessel Carriage Requirement” (USCG-2003-14757) interim rule found elsewhere in today's Federal Register relates to the provisions within 33 CFR parts 26, 161, 164, and 165. These requirements relate to the fitting of AIS on certain vessels as mandated in 46 U.S.C. 70114 and MTSA section 102(e). Discussions about cost and benefit assessments for the AIS regulations with respect to both safety and security are found in the preamble of the interim rule “Automatic Identification System; Vessel Carriage Requirement.”
Coordination With the SOLAS Requirements Back to Top
For each interim rule, the requirements of the MTSA Section 102 align, where appropriate, with the security requirements embodied in the SOLAS amendments and the ISPS Code; however, the MTSA has broader application that includes domestic vessels and facilities. Thus, where appropriate, the Coast Guard intends to implement the MTSA through the requirements in the SOLAS amendments and the ISPS Code, parts A and B, for all vessels and facilities that are currently required to meet SOLAS, as well as those vessels on international voyages that fall below the mandated 500 gross tonnage, ITC (International Convention on Tonnage Measurement of Ships, 1969 (ITC)) threshold and facilities that are at risk of being involved in a transportation security incident. Further discussion on this risk and how we developed and assessed it for the maritime community is presented in the Applicability of National Maritime Security Initiatives discussion in this preamble.
In aligning the MTSA Section 102 requirements with the SOLAS amendments and the ISPS Code security requirements, we consider that the implementation of these requirements is best done through mandating compliance with the SOLAS amendments and the ISPS Code. The Coast Guard considers ISPS Code, part B, an essential element to ensure full and effective compliance with the intent of the MTSA. Foreign flag vessels entering the U.S. will be expected to carry valid International Ship Security Certificates (ISSC) and have the security plans fully implemented. The relevant provisions in ISPS Code, part B, will be taken into account by Port State Control Officers to assess if the security plan is fully implemented as required by the interim rules found elsewhere in today's Federal Register. The flag administration may also choose to provide a document or endorsement to the ISSC to verify that the security plan was based upon full compliance with the relevant provisions of ISPS Code, part B, to assist Coast Guard Port State Control Officers. We intend to implement strong Port State Control measures to aggressively enforce these regulations that will include tracking the performance of all owners, operators, flag administrations, recognized security organizations, charterers, and port facilities. Noncompliance will subject the vessel to a range of control and compliance measures, which could include denial of entry into port or significant delay. We will strictly enforce compliance with SOLAS and the ISPS Code for foreign SOLAS vessels, including assessing the risks posed by such vessels and any control measures that may be required when they call on foreign port facilities that do not comply with SOLAS and the ISPS Code, and we will similarly ensure that other vessels or port facilities covered by these regulations meet the requirements of this subchapter. A vessel's or port facility's history of compliance, or lack thereof, or security incidents involving a vessel or port facility, will be important factors in determining what actions are deemed appropriate by Coast Guard Port State Control Officers to ensure that maritime security is preserved. As mentioned, the performance of the owner, operator, flag administration, recognized security organization, charterer, or port facility related to maritime security will also be some of the other factors that will be considered for the enforcement of maritime security in the U.S.
In addition to tracking performance, the Coast Guard's Port State Control program will also closely scrutinize an Administration's designation of recognized security organizations to ensure that those organizations fully meet the competencies and qualifications in the ISPS Code. Vessels with International Ship Security Certificates issued by recognized security organizations that are not properly designated, or that do not meet the required competencies and qualifications, will be subject to strict control measures, including possible expulsion from port and denial of entry into the United States. Therefore, it is imperative that Administrations carefully evaluate an organization through a rational process, adhering to the stringent criteria in the ISPS Code and any future standards that are developed by IMO, before designating the organization as a recognized security organization and delegating certain security functions to it.
The requirements for the AIS interim rule found elsewhere in today's Federal Register align with the recent amendments to SOLAS Chapter V, Regulation 19 that were adopted during the IMO Diplomatic Conference in December 2002 and the MTSA (specifically, MTSA sec. 102(e) and 46 U.S.C. 70114).
Impact on Existing Domestic Requirements Back to Top
Many current requirements for security exist that are impacted by the interim rules published in today's Federal Register. 33 CFR part 120, Security of Vessels, and 33 CFR part 128, Security of Passenger Terminals, currently exist but apply only to certain cruise ships. We do not intend to revise 33 CFR parts 120 or 128 in the Vessel Security interim rule found elsewhere in today's Federal Register. However, in the future, this part may be revised or entirely deleted. This will consolidate the security requirements for all vessels in subchapter H. If this change to 33 CFR part 120 is made, foreign vessels that are required to comply with part 120 will be required to meet the requirements of part 104 including § 104.295 Additional requirements—Cruise Ships and passenger terminals that are required to comply with part 128 will be required to meet part 105.
The requirements in the interim rules also refer to and amend certain parts of 46 CFR and 49 CFR to ensure certificate of inspection requirements and other sections pertaining to facilities will include the new subchapter H requirements.
Notice of arrival requirements found in 33 CFR 160 have also been amended in the Vessel Security interim rule found elsewhere in today's Federal Register to ensure security-related information is provided to appropriate authorities prior to a vessel's entry into port. Additionally, the Captain of the Port (COTP) authorities within 33 CFR have been revised to ensure security-related elements and authorities are clearly highlighted.
Applicability of National Maritime Security Initiatives Back to Top
As required in section 102 of the MTSA (46 U.S.C. section 70102a), the Coast Guard conducted an assessment of vessel types and U.S. facilities on or adjacent to the waters subject to the jurisdiction of the U.S. to identify those vessel types and U.S. facilities that pose a high risk of being involved in a transportation security incident. The MTSA defines a transportation security incident as a security incident resulting in a significant loss of life, environmental damage, a disruption to the transportation system, or economic disruption in a particular area.
Method of Assessment Back to Top
In October 2001, the U.S. Coast Guard urgently needed to prioritize vessels and facilities based on the vulnerabilities to potential security threats and the consequences of potential incidents. We used a systematic, scenario-based process known as Risk-Based Decision Making (RBDM) to meet those needs. RBDM ensured a comprehensive evaluation by considering the relative risks of various target and attack mode combinations or scenarios. This provided a more realistic estimation of risk (and more efficient risk management activities) than a simple “worst-case outcome” assessment where only the worst possible consequences were considered.
In addition, the RBDM approach was based on the recommendations from the U.S. General Accounting Office (GAO). Managing risk is one of the best tools to complete a security assessment and to determine appropriate security measures (GAO-01-822). The GAO recommended a comprehensive security threat and risk assessment process (GAO-01-1158T).
Another GAO report, Homeland Security: A Risk Management Approach Can Guide Preparedness Efforts, illustrated a scenario-based, risk management approach as used within the private sector. This GAO report explained how a company successfully created a security plan using a risk-based approach. Like the company described in the GAO report, the Coast Guard's approach to commercial maritime security featured the systematic development and consideration of potential scenarios of concern. The generation of scenarios ensured completeness of the risk-based method (GAO/NSIAD-98-74).
Principles of Risk Management Back to Top
Risk management principles acknowledge that while risk generally cannot be eliminated, it can be reduced. Risk reduction is done by adjusting operations to reduce consequences, threats, or vulnerability of a security threat (consequences, threats and vulnerability will be discussed later in this document). Generally, it is easier to reduce vulnerabilities by adding security measures than to reduce consequences or threats (although reductions in all three are possible).
Risk assessments provide visibility into those elements of the risk equation that exert the greatest influence on risk. Those elements become the priorities in the risk management approach. The goal for maritime security is to ensure that if the level of threat increases, either the consequences or vulnerabilities decrease enough to offset that increase.
Process of Developing Maritime Security Risk Assessments Back to Top
First, to look at risk from the port level, local experts in the area of commercial maritime safety and security met with a team of professional risk consultants. Together we developed the Port Security Risk Assessment Tool (PS-RAT). The PS-RAT was provided to local authorities to evaluate vessels, facilities and infrastructure within their areas of responsibility for a variety of threat scenarios. The approach used for the PS-RAT was as previously described and advocated by GAO, where risk was assessed in terms of threat, vulnerability and consequence. The PS-RAT was initially implemented Coast Guard wide on 16 November 2001 and the individual COTPs completed baseline risk assessments on vessels, facilities, and infrastructure within their area of responsibility. Nationwide, the local assessors evaluated nearly 5200 scenarios on more than 2000 unique assets and infrastructure elements.
Second, at the area level, regional Coast Guard and other maritime experts in the area of commercial maritime safety and security compiled and analyzed the local level PS-RAT results to gain a better understanding of the security risks affecting their Coast Guard Districts and Areas. This assessment identified some recurring scenarios and common issues that needed to be addressed beyond the local level. It also helped clarify the need for another tool with a wider perspective that would be capable of evaluating risks at the national level.
Because of the local, relative nature of these assessments the PS-RAT did not support the national comparisons that were necessary for strategic planning. To accomplish strategic planning at the national level, a third team of Coast Guard subject matter and risk experts produced the National Maritime Homeland Security Risk Assessment Tool. Referred to in maritime circles as the National Risk Assessment Tool (N-RAT), the N-RAT provided a foundation for risk-based prioritization and subsequent regulatory assessment closely aligned with the guidance on conducting security risk assessments recommended by the GAO (GAO/NSIAD-98-74, GAO-02-150T, GAO-03-616T). The results of the N-RAT provided a national evaluation of the relative security risk facing the Marine Transportation System of the U.S. The experts compared the results from the national assessment with the previously performed local assessments (PS-RAT) to ensure that consistent assumptions were made and that comparable measures of risk were produced.
What Was Assessed Back to Top
The Coast Guard used the N-RAT to determine risks associated with specific threat scenarios against various classes of targets within the Marine Transportation System. The targets considered included vessels, facilities, waterways, and marine-related transportation systems. This allowed the Coast Guard to systematically consider all segments of the commercial maritime community to evaluate their potential for being involved in a transportation security incident.
Maritime Security Incident Scenarios Back to Top
The scenarios considered each element within the maritime community with respect to three general exposures: Susceptibility as a target; Use as a means of transferring or enabling the transfer of terrorists or terrorism-related materials; and Use of vessel or facility as a weapon.
The three above-mentioned general threat scenarios integrate multiple circumstances considered as specific attack modes. That is, there are subordinate scenarios under each general scenario. For example in the basic threat scenario of “susceptibility as a target”, a “boat loaded with explosives exploding alongside a docked tank vessel” is one attack mode while “tank vessel being commandeered and intentionally damaged” is another.
The N-RAT included over 50 target classes and 12 specific attack modes. This resulted in a matrix consisting of over 600 possible target/attack scenarios. Next, the 600 scenarios were screened for credibility by the expert panel. The credibility of a threat was based on the plausibility of an enemy actually carrying out the attack mode. For example, the “use as a means of transferring or enabling the transfer of terrorists or terrorism-related materials;” scenarios were screened out as “not credible attack modes” for military targets due to the inherent security measures in place. However, external attacks on these same targets were considered to be credible and were evaluated by the team. To balance comprehensiveness with efficiency, all scenarios were considered but only those scenarios deemed credible by the expert panel were further evaluated for risk.
Each credible threat scenario was evaluated by the panel of experts to determine the risk associated with a given attack against a specific target. The evaluation is based on a model showing the possible outcomes from any potential transfer or attack mode. Using previously cited GAO guidance in this area; the N-RAT risk was modeled as a function of the threat, vulnerability and consequences associated with each target/attack scenario. Each element is explained in the following sections. We realize that the terms used to identify each element may have recognized meanings in other contexts. In order to reduce confusion, we have included, as the first sentence in each element's discussion, the meaning associated with these terms for the purposes of the N-RAT.
Threat Back to Top
The term “threat” is a measure of the likelihood of an attack. It represents the perceived probability of an attack based on maritime domain awareness and the existence of intelligence.
Within the N-RAT, five threat levels were identified. The threat magnitude was described, and scoring benchmarks were provided for each level. Each benchmark of threat intensity was assigned a probability of occurrence for use in risk calculations. For each scenario, the experts estimated the threat associated with an attack after considering the intent of hostile groups, prior security incidents, the capability to carry out the attack mode and any intelligence that indicated an organization was planning an attack. Lacking specific, credible intelligence that would allow an increase or reduction in the threat score for a specific attack mode, this was fixed at a constant value consistent with the Maritime Security (MARSEC) Levels previously established by the Coast Guard. The baseline assumption was that terrorist cells were operating with unknown targets and methods of attack. Changes in MARSEC Levels or specific, credible intelligence would trigger an appropriate modification in threat.
Vulnerability Back to Top
The term “vulnerability” measures the conditional probability of success given that a threat scenario occurs. It evaluates the adequacy and effectiveness of safeguards (both existing and proposed).
For the N-RAT, an attack was estimated as likely to succeed only if: the target was available, the target was physically accessible to be attacked, organic security associated with the target would not detect and defeat the intended attack, and the mode of attack would be capable of producing the intended consequences by overcoming the inherent safeguards designed into the system.
If all of the above mentioned barriers fail to halt the intended attack, then the attack would result in one or more outcomes. Outcomes ranged from relatively minor to catastrophic levels. The above mentioned four elements described the targets' overall vulnerability and were scored by the expert team.
The availability of a target measured its presence and predictability as it relates to an enemy's ability to plan and conduct an attack. The accessibility of a target, evaluated its physical deterrence (i.e., location, perimeter fencing, etc.) against different attack modes. It related to physical and geographic barriers that deter the threat without organic security. Organic security of a target assessed the ability of the target's security measures to deter the attack. It included security plans, communication capabilities, guard forces, intrusion detection systems, and ability of outside law enforcement to prevent the attack. Target hardness was a measure of the ability of a target to withstand attack. It is based on the complexity of target design and material construction characteristics.
Each vulnerability type was scored over five levels of magnitude (1-5—lowest to highest). Again, scoring benchmarks were used to help ensure consistency. Each level of magnitude in every vulnerability category was assigned a probability of allowing an attack mode to proceed. The probability for each vulnerability category was factored, along with the threat probability, in risk calculations to determine the probability term of the risk equation. The individual probabilities were then multiplied together to derive the overall probability assessment for the target/attack scenario under consideration.
Consequence Back to Top
The term “consequence” is the estimation of adverse effect from the target/attack scenario and is an important consideration in risk evaluation and security planning. Six categories of effects were considered in evaluating the consequence of an attack: death/injury, economic, environmental, national defense, symbolic effect, and secondary (follow-on) national security threat. Inherent in this consideration was the criticality of the target. For each effect category, five levels of severity were described, and scoring benchmarks are provided. Unlike vulnerability, each severity level was assigned a common consequence value for use in risk calculations. For example, the most severe economic impact consequences were considered equivalent to the most severe death/injury and symbolic effect consequences. The selected level for each factor was then converted to a representative value of potential loss for the consequence factor. These consequence scores were then summed across all appropriate categories to develop the consequence values for the target/attack scenario combination.
The estimated probability and consequence values were multiplied to calculate the overall risk for each target/attack scenario. This is essentially an estimate of the expected losses should a specific target/attack scenario occur.
Assessment Results Back to Top
The following graph is a demonstration of the type of the relative-risk results the N-RAT gave. Specific results, including scores, have been designated as sensitive security information (SSI). This graph simply displays the relationship between some types/classes of vessels and facilities or port infrastructure based on their relative risk. In each line, the parenthetical (I) and (D) stands for “international” or “domestic,” respectively.
BILLING CODE 4910-15-U
[Graphic not available; view image of printed page]
BILLING CODE 4910-15-C
Below is a summary of the application requirements for these interim rules based on the N-RAT results:
Applicability Evaluation for Ports Back to Top
The N-RAT results focused on individual vessel types and facilities subject to the authority of the Coast Guard. Scenarios were also developed that involved port transportation infrastructure that is vital to the port communities such as bridges, channel openings, and tunnels. This evaluation led to the conclusion that many structures within a port are also at risk of a transportation security incident and therefore should be covered by security measures. Therefore, we determined it would be appropriate to include specific guidance in part 103 to have the Area Maritime Security (AMS) Plan address these types of transportation infrastructure as well as those smaller vessels or facilities that fall below the transportation security incident threshold. This application for the AMS ensures all maritime concerns are assessed and security is systematically evaluated nationwide.
Applicability Evaluation for Vessels Back to Top
The N-RAT results indicate the following vessel types are at a high risk of a transportation security incident and therefore are required to meet specific security measures as laid out in part 104 of subchapter H:
- All ships, both cargo and passenger, that are subject to SOLAS;
- All vessels greater than 100 gross register tons that are subject to 46 CFR subchapter I (this includes vessels on the Great Lakes);
- All barges subject to 46 CFR subchapter I engaged on an international voyage;
- All domestic passenger vessels subject to 46 CFR subchapters H and K;
- All barges, regardless of route, which are subject to 46 CFR subchapter D and O;
- All tank ships, regardless of route, which are subject to 46 CFR subchapters D and O;
- All Mobile Offshore Drilling Units (MODUs) subject to 46 CFR subchapter I-A;
- All vessels subject to 46 CFR subchapter L;
- All towing vessels greater than 8 meters in registered length that are engaged in towing barges which are subject to 46 CFR subchapter D O; and
- All towing vessels greater than 8 meters in registered length that are engaged in towing barges that are subject to 46 CFR subchapter I on an international voyage.
The N-RAT results indicate that the following vessel types are at a lower risk of a transportation security incident and are therefore subject to parts 101 through 103 of subchapter H:
- Uninspected vessels, unless otherwise noted;
- Domestic small passenger vessels certificated under 46 CFR subchapter T;
- Barges subject to 46 CFR subchapter I engaged exclusively on domestic voyages;
- Towing vessels engaged in towing 46 CFR subchapter I barges not on international voyages;
- Vessels certificated under 46 CFR subchapter I engaged exclusively on domestic voyages;
- Fleeting tugs or harbor tugs; and
- Other vessels not specifically addressed in part 104 (as an example, recreational vessels).
The inclusion of towing vessels (traditionally included with other uninspected vessels) was done because these vessels interface with and are responsible for the movement of barges that carry higher consequence cargoes, such as Certain Dangerous Cargoes (CDCs). When scored on the N-RAT, the high consequence of the barge cargoes significantly adds to the risk of a transportation security incident for the towing vessel.
The N-RAT was not able to provide the sensitivity needed to assess certain elements of the definition of a transportation security incident. For example, the transportation security incident calls for a determination of what the term “significant loss of life” should be or where the threshold for an “economic disruption in a particular area” should be placed. In order to determine these elements of a transportation security incident, the Coast Guard used the N-RAT model itself as a guide along with a comparison with other transportation modes. We also used the preliminary intermodal comparison work of the other agencies of the DHS (e.g., TSA).
First, using the N-RAT, we assessed what consequences or combination of consequences would result given a vessel, facility, or port structure that had a high baseline vulnerability. Recalling from the previous N-RAT explanation that the consequence assessment portion of the N-RAT evaluation was based on six categories and five levels (as shown in Table 2), we looked at the numerical results of a scenario when given some vulnerability benefits assumed for implemented AMS Plans, and other general security measures in place for a port.
|Consequence category—Level||Death/injury||Economic impact||Environmental impact||National defense||Symbolic effect||Follow-on HLS threat|
The results showed that a score of at least one consequence factor at the “Catastrophic” level or a combination of two “High” scores could not be offset by the vulnerability reduction achieved by the AMS Plan or general port security efforts. The risk to these types of vessels, facilities, or port structures would need further vulnerability reduction to get out of the potentially “Catastrophic” or “High” consequence arena. This then, is the threshold that the Coast Guard determined could be considered a transportation security incident.
To further determine the thresholds of a transportation security incident with respect to the “loss for life” category, the Coast Guard compared the potential loss of life between various transportation modes and various operations. To look at the “economic disruption” category of transportation security incident as well as its other elements, we looked at damage and casualty data to determine if comparisons between modes could be used to formulate thresholds based on vessel size.
Passenger Vessel Threshold Determination Back to Top
To compare potential loss of life between transportation modes, we examined probable fatalities given an accident to the air, rail, or maritime mode. The first step in this process included a comparison of the current regulatory and operational thresholds that currently exist in each industry.
In aviation, regulations cover aircraft carrying 20 or more passengers as a commuter airline (14 CFR part 125). Most commercial aircraft are larger than this smaller commuter, with 69 percent of the U.S. market dominated by an aircraft with a capacity of 189 passengers.
In rail, we considered transit service (light, heavy, or commuter) and long-haul rail travel. Light rail can carry up to 150 passengers in each car of the train. Heavy rail cars typically carry 100 passengers, though they can carry twice that many during periods of peak traffic. Commuter rail cars carry an average of 125 passengers, with peak capacities of over 200 passengers per car for certain seating configurations. Inter-city rail passenger coaches typically carry about 80 passengers per car depending on the configuration. The average train length is reported to be 6 to 8 cars.
In the maritime passenger trade, we have small passenger vessels, commuter ferries of all sizes, large passenger vessels, and cruise ships. The average passenger capacity on small passenger vessels is 49. The average capacity for commuter ferries is 587 and for large passenger vessels the average capacity is 1154 passengers.
Looking at casualty statistics for these three modes and different passenger operations, we estimated the probable fatalities given a successful transportation security incident occurred. We assume that, in general, a transportation security incident would have a higher fatality rate than that of an accident because of the hostile motivation behind perpetrators' actions deliberately produce more severe consequences. For aircraft, the more severe airline crashes were used to estimate the transportation security incident fatality rate. The hostile intent may also render certain safety measures less effective in a transportation security incident compared to their demonstrated performance in an accident. We also considered average occupancy rates for each mode into the calculations to estimate a relative potential loss of life comparison. The table below compares the average estimated fatality rates across modes for various passenger-carrying operations.
|Mode||Representative passenger capacity (potential fatalities)||Estimated average occupancy (percent of capacity)||Estimated average occupancy (number of passengers)||Fatality average rate1 (in percent)||Estimated average fatalities|
|1Accident data from the National Transportation Safety Board and USCG.|
|2Typical passenger capacity for USCG Documented vessels.|
|Air (14 CFR 135) Commuter Plane||80||78||62||74||80||46||50|
|Air (14 CFR 121) Large Pass. Plane||189||75||142||74||80||105||113|
|Rail (single commuter car)||180||66||119||5||25||6||30|
|Rail (6 car commuter Train)||1080||66||713||5||25||36||178|
|Rail (8 car long-haul Pass. Train)||640||66||422||5||25||21||106|
|(Subchapter H) Large Pass. Vessels (100 GT)||1154||72||831||32||46||266||382|
|Maritime2(Ferries—Sub. H K)||587||72||423||32||46||135||194|
|Maritime2(Subchapter T) Small Pass. Vessels (150 pax.)||49||72||35||32||46||11||16|
Table 3 shows that per plane/rail-car/vessel, the estimated loss of life from a transportation security incident is estimated to range from a low of 16 per a typical small passenger vessel to a high of 382 for large passenger vessels. The Coast Guard determined that based on the above comparison and the results of the N-RAT vulnerability scores for vessels that result in two “High” consequence scores, that a threshold of 150 passengers is appropriate. We also looked at the N-RAT vulnerability condition for a “Catastrophic” consequence score and determined that added measures were appropriate for vessels carrying 2,000 or more passengers. These additional security measure requirements for larger passenger vessels and the terminals that serve them are justified to offset their elevated risk from a transportation security incident.
Gross Tonnage Threshold Determination Back to Top
The N-RAT was also limited in its sensitivity to identify the vessel gross tonnage that sufficiently pointed to a determination of the terms “economic disruption in a particular area, transportation system disruption, or environmental damage” which are required elements of the transportation security incident definition.
Small, dry-cargo vessels (gross tonnage less than 500) were identified by the N-RAT results as vessels of concern. These vessels, regulated under 46 CFR subchapter I and in the gross tonnage range of 15 to 500, are not required to comply with SOLAS and thus are exempt from ISPS Code requirements. We believe this creates a significant security vulnerability that must be considered and addressed at an appropriate level. To establish the appropriate threshold, we evaluated the risk for a transportation security incident posed by smaller vessels (gross tonnage 500) to determine where a reasonable threshold should be drawn.
The N-RAT results showed a significantly greater risk for vessels of gross tonnage above 100 being involved in a transportation security incident than for smaller vessels. Based on the N-RAT assessment, the smaller vessels (gross tonnage 100) are unlikely to be involved in a transportation security incident because of the limited consequences they are expected to produce due to their limited size and speed. A review of the domestic freight vessels that are documented with gross tonnage under 100 reveals that less than 2 percent of these vessels are capable of causing significant consequences to facilities or other vessels, and that some of these vessels are already regulated under this rule due to the nature of the cargo carried. However, because of their greater dimensions and the trades in which they operate, vessels with gross tonnage above the 100 threshold do present the potential of being involved in a transportation security incident. A limited analysis of potential collision effects leads us to the conclusion that these vessels may not be able to cause catastrophic personnel casualties or environmental damage. However, based on our knowledge of port operations, navigable waterways, and vessel design, construction, and operations, we believe that a significant risk of a transportation security incident (one “Catastrophic” or two or more “High” consequence ratings) exists for vessels with gross tonnage above 100. This is primarily driven by potential impact on the economy, national defense, or secondary national security threat from certain scenarios. Examples of these potential effects exist in Coast Guard accident reports where incidents documenting the blockage of channels in various rivers and ports occurred due to vessel casualties. These blockages resulted in substantial economic impacts as the mobility and commerce within the port was seriously affected.
As for the difference in the Convention Measurement tonnage and the Regulatory Measurement tonnage within this analysis, we used the Regulatory Measurement where assigned. There was also an impelling reason to use the Regulatory Measurement for implementing maritime security measures because there is a significant body of existing regulations that are constructed around this measurement system. Therefore, for application, the Regulatory Measurement tonnage (gross register tons) was primarily used unless a certain maritime security requirement was solely meant to reduce risk on vessels that engage in international voyages.
Based on the above, we believe that 100 gross register tons (and not 15 gross register tons) is a reasonable lower end for applicability for dry-cargo vessels. We are also regulating those vessels in the range of 100-500 gross register tons that are not covered by SOLAS and are therefore exempt from ISPS Code requirements.
AIS Threshold Determination Back to Top
The applicability thresholds used for the implementation of AIS on certain vessels is a separate issue, for which we did not use the N-RAT. The MTSA clearly mandates AIS applicability in 46 U.S.C. 70114 and the installation dates are included in MTSA sec. 102(e). The thresholds for vessels: a self-propelled commercial vessel of at least 65 feet in overall length; or a passenger vessel, carrying more than a number of passengers for hire determined by the Secretary; or a towing vessel of more than 26 feet in overall length and 600 horsepower; as well as any other vessel for which the Secretary decides that an AIS is necessary for the safe navigation of the vessel, are related to both safety and security. Thus the thresholds are somewhat lower than those discussed above for vessels at a high risk of a transportation security incident.
Applicability Evaluation for Facilities Back to Top
The N-RAT results indicate that the following facilities are at a high risk of a transportation security incident and therefore are required to meet specific security measures as laid out in part 105 of subchapter H:
- Facilities that handle cargo subject to 33 CFR parts 126, 127, or 154;
- Facilities that receive vessels certified to carry more than 150 passengers;
- Facilities that receive commercial vessels greater than 100 gross register tons on international voyages, including vessels solely navigating the Great Lakes; and
- Fleeting facilities/areas for barges carrying cargoes in bulk, regulated by 46 CFR subchapter D or O or carrying certain dangerous cargoes.
The N-RAT results indicate that the following facility types are at a lower risk of a transportation security incident and are therefore subject to parts 101 through 103 of subchapter H:
- Facilities adjacent to the navigable water that handle/store cargo that is hazardous or a pollutant;
- Facilities that receive only domestic bulk non-hazardous cargo;
- Facilities that service a vessel that carries fewer than 150 passengers;
- Fleeting facilities/areas that service barges subject only to 46 CFR subchapter I or barges that are certified to be gas-free that are certificated under subchapter D and O; and
- Oil and natural gas production, exploration, or development facilities regulated by 33 CFR part 154 that engage solely in the exploration, development, or production of oil and natural gas; and do not meet or exceed the operating conditions in § 106.105 of the Outer Continental Shelf (OCS) Facilities rulemaking published elsewhere in today's Federal Register;
- Facilities supporting the production, exploration, or development of oil and natural gas regulated by 33 CFR parts 126 or 154 that engage solely in the support of exploration, development, or production of oil and natural gas; and transport or store quantities of hazardous materials that do not meet and exceed those specified in 49 CFR 172.800(b)(1)-(6); or stores less than 42,000 gallons of cargo regulated by 33 CFR part 154;
- Mobile facilities regulated by 33 CFR part 154;
- Isolated facilities that receive materials regulated by 33 CFR parts 126 or 154 by vessels due to the lack of road access to the facilities and do not distribute the material through secondary marine transfers; and
- Other facilities not specifically addressed in part 105.
As mentioned in the above Applicability for Vessels discussion, the 150-passenger threshold will be reviewed for the maritime community when other agencies of DHS (e.g., TSA) have completed their assessment of the national transportation system as a whole and has provided guidance on intermodal thresholds that may refine the “significant loss of life” determination for the implementation of the MTSA. We are concerned about the gap that may be created by requiring only facilities that service larger passenger vessels to have plans, when some other facilities that service only smaller vessels may, at any point in time, have an aggregation of more than 150 passengers on a facility or pier (such as commuters at small passenger vessel terminals). In addition, small passenger vessels that are not required by subchapter H to have vessel security plans may share the same facility as a larger passenger vessel for which a plan is required. This distinction may put the facility at a higher risk from the small passenger vessel and therefore is a potential “weak link” in the security system. Even though the Vessel Security interim rule found elsewhere in today's Federal Register does not directly regulate these types of small passenger vessels, the facility security plan must nevertheless address the risks presented by accommodating multiple vessel types, even if some of those vessels may not have individual security plans. Additionally, the AMS assessment may indicate that the COTP should impose security requirements on small passenger vessels through the use of orders or security zones to complement those measures being implemented by the facility. The AMS Plan will reflect what additional necessary measures may be imposed by the COTP on vessels and facilities not subject to parts 104 to 106 of subchapter H, and other activities within the port area, at the three Maritime Security (MARSEC) Levels.
It is important to note the N-RAT focused on the potential for certain vessels and facilities to be involved in a marine-related incident, and its results reflect that relative risk. The Coast Guard took this approach because of our longstanding familiarity with vessel and waterfront facilities, because it was a logical follow-on to the PS-RAT efforts of the COTPs, and because it allowed us to meet the initial mandates of the MTSA to promulgate these interim rules as soon as practicable. However, the MTSA is broader and permits direct regulation of any vessel and facility that may be involved in a transportation security incident, as that term is broadly defined. This could include those facilities and infrastructure not traditionally regulated by the Coast Guard, such as facilities that do not have accommodations for vessels but are nonetheless on or adjacent to waters subject to the jurisdiction of the U.S. The Coast Guard is currently working with other agencies of DHS (e.g., TSA) and other federal agencies to assess the security requirements of these other vessels and facilities located on or adjacent to waters subject to the jurisdiction of the U.S. Therefore, the interim rules published today, especially the applicability sections of parts 104, 105, and 106, do not exhaust the types of vessels and facilities that may be regulated under the MTSA. We may be involved in follow-on regulations to address these adjacent facilities in the future. In the interim, the AMS Plan will address these types of facilities and COTPs may require specific facilities storing dangerous or pollutant cargoes to add security measures appropriate to their operations and the MARSEC Level.
Applicability Evaluation for Outer Continental Shelf (OCS) Facilities Back to Top
The N-RAT results indicate that the following OCS facilities are at a high risk of a transportation security incident and are therefore subject to part 106 of subchapter H:
- OCS facilities that produce 100 thousand barrels of oil or 200 million cubic feet of natural gas per day or regularly host more than 150 personnel on a daily basis (may exceed this number for periods of time not in excess of 90 days).
The N-RAT results indicate that the following OCS facilities are at a lower risk of a transportation security incident and are therefore subject to parts 101 through 103 of subchapter H:
- Unmanned platforms and lower production level platforms.
The N-RAT was also not able to provide sensitivity to the OCS facility size or production level that sufficiently pointed to a determination of the terms “significant loss of life, economic disruption in a particular area, transportation system disruption, or environmental damage” which are required elements of the transportation security incident definition. To develop this threshold, we worked in conjunction with the Minerals Management Service (MMS) to compare OCS facility production rates and operations throughout the industry. The 150-person threshold was also used to remain consistent with the vessel and facility thresholds. Those OCS facilities that do not fall within the rather narrow parameters of this threshold should consider security measures. We will continue to work with the MMS to validate this threshold as the results of the other agencies of DHS (e.g., TSA) intermodal comparisons are completed. In the interim, the AMS Plan will address these types of OCS facilities and COTPs may require specific offshore facilities with unique or higher-risk operations to add security measures appropriate to their operations and the MARSEC Level.
Assessment Limitations Back to Top
While the N-RAT is a very useful tool and offers an excellent way to collect and organize expert judgments about security risk issues, it is not perfect. One limitation is that the quality of the results depends directly on the knowledge and expertise of the expert assessors. Inexperienced personnel with limited perspectives will produce results with limited value. It is essential that seasoned evaluators with a broad experience base be used to ensure full consideration of multiple aspects of the issues. The Coast Guard assessment teams included mid-career and senior professionals with experience in ship design, construction and operation, hazardous materials and facility inspections as well as waterways management and port operations.
Another limitation of the N-RAT is that it looks at risk in a relative way. The N-RAT is considered a “relative risk-indexing” tool, meaning that it is only useful in comparing scenarios evaluated with the tool. The N-RAT does not provide a measure of absolute risk that can be compared to other situations not evaluated in this tool.
A third limitation is that the N-RAT is unable to measure all of the benefits attributable to intelligence or information gathering initiatives, which are commonly called “Maritime Domain Awareness (MDA) initiatives.” Measures such as AIS increase awareness and may provide earlier detection or even serve as a deterrent to a transportation security incident, but the assessment tool is unable to capture this effect based on the factors evaluated and the sensitivity of the rating scales. Increased awareness by itself does not decrease the threat or vulnerability at a measurable level subject to the sensitivities of the model. Therefore, the expert panel was unable to account for all of the benefits we believe should be derived from specific MDA initiatives.
Since the N-RAT results highlight the worst-credible case scenarios, a fourth limitation is that the listed results are not sensitive to all scenarios, such as a high profile historically-based incident. We know that small boats loaded with explosives were used as weapons to attack the USS COLE and the tank ship LIMBURG. We cannot discount the possibility of this type of incident in the U.S. or against U.S. vessels outside of the U.S. It is our belief that the best means of deterring such an incident, to the maximum extent practical, is to require certain facilities used in maritime commerce to conduct an assessment of their vulnerability to being used as a staging area for terrorist activities. These facilities would then construct a detailed plan to control access to the facility, permitting the movement or entrance of only authorized persons and cargoes onto and through the facility. This plan will enable the facility to have increased vigilance, awareness and control over those vessels and persons that are served by the facility. We also believe the possibility of a “COLE-like” incident can be reduced by requiring vessels that would likely be the target of such an attack to likewise assess their vulnerability to such an incident and similarly develop a security plan. This plan would include procedures for security monitoring and increased security vigilance, including security with respect to vessel-to-vessel activities. In addition, vessel and facility plans should include how they would address recreational vessels approaching that they reasonably suspect may pose a threat to them. These facility and vessel security requirements will be complemented by the development of an AMS Plan involving port stakeholders. This plan will address the security measures to be implemented for all port activities at different security levels. The control and movement of vessels, such as small vessels that could be used as a weapon, will be considered and addressed in the AMS Plan. These controls would include such measures as the possible restriction of all small vessel movements, the implementation and through enforcement of security zones and the coordination of all security patrols in the port.
Lastly, the threat, vulnerability, and consequence scores each have discrete values associated with them. Because there were only 5 scores (1 through 5) for each input variable, the level of resolution (or “granularity”) of the risk calculations was limited. This was especially true when assessing the impact of risk reduction initiatives or actions. In many cases, a new initiative or action may have a distinct improvement, but not enough to change a score assignment (e.g., changing the accessibility score from a score of 4 to a score of 3).
Discussion of Comments to Maritime Security Public Meetings Back to Top
As mentioned, the notice of meeting published on December 30, 2002, requested comments on requirements that align domestic maritime security requirements with the ISPS Code and recent SOLAS amendments, to comply with section 102 (Port Security) of the MTSA, 2002.
General Comments for all public meetings. Several comments and issues were discussed at all seven public meetings that reflect general, overarching concerns of the maritime community for implementing National Maritime Security requirements. These common issues are included in the following discussion.
Commenters voiced the desire to ensure we align the maritime security requirements with other agencies and States that have already tightened security. We have been working with all federal agencies that have security or response related functions and in multiple venues to facilitate the various security initiatives related to homeland security. The joint team that worked on the interim rules found in today's Federal Register is just one example of this type of coordination. Other joint efforts include the ongoing work to implement the Presidential Decision Directive PDD-63 on critical infrastructure protection and The National Strategy for The Physical Protection of Critical Infrastructures and Key Assets. The Department of Homeland Security (e.g., Information Analysis and Infrastructure Protection) is leading this critical infrastructure program. We have also worked with State officials that have implemented maritime security requirements and have broadened this discussion to include all State level homeland security representatives to raise the awareness of maritime security and the importance of the marine elements of the national transportation system throughout our nation. Further interagency coordination on maritime security issues will also be established when the National Maritime Transportation Advisory Committee is in place. We anticipate that this Committee will assist in ensuring the continued coordination of all involved in maritime security on a national scope.
On a related issue, commenters requested to know how other cargo-handling requirements or proposals by other agencies would affect the maritime industry. Cargo security measures are addressed in 46 U.S.C. 70116, Secure Systems of Transportation, and Section 111, Performance Standards, of the MTSA. Section 111 has an implementation date of January 1, 2004. Other agencies of DHS (e.g., TSA and the Bureau of Customs and Border Protection) are responsible for these sections of the MTSA and will work with the Coast Guard in implementing them. The other agencies of DHS (e.g., TSA and the Bureau of Customs and Border Protection) are actively working toward developing the cargo security measures called for in these sections. They have assembled an interagency team to evaluate the proposals for supply chain security submitted for Operation Safe Commerce (OSC) and hope to have cooperative agreements signed by summer 2003 to analyze supply chain security and to prototype procedural and technological solutions to supply chain security.
The information gleaned from the OSC effort, as well as information gleaned from other cargo security and productivity initiatives and from experience in other cargo security programs, will form the foundation of forthcoming cargo security regulations. We recognize that, although cargo security will be a component in vessel and facility security plans, facilities and vessels will not want to create and install cargo security technologies in advance of these cargo security requirements, out of a concern that the technologies they create or install will not meet the requirements. Guidelines will be developed and provided for acceptable cargo security measures that can be used until the cargo security requirements are promulgated. These guidelines will address procedural measures.
Again, related to interagency coordination, some commenters stressed the need to harmonize any requirements with the Research and Special Program Administration (RSPA). RSPA published a final rule amending 49 CFR part 172 in the Federal Register on Tuesday, March 25, 2003, (68 FR 14510). The final rule established new requirements to enhance the security of hazardous materials transported in commerce. Like the maritime security interim rules discussed in this rulemaking, shippers and carriers of certain highly hazardous materials must develop and implement security plans that address three issues: personnel security; unauthorized access; and enroute security. In addition, all shippers and carriers of hazardous materials must assure that their employee training includes security awareness training and, for shippers or carriers of certain highly hazardous materials, in depth employee training for each hazardous material employee. While RSPA's final rule allows training that is conducted and security plans that are prepared to meet regulations, standards, protocols, or guidelines issued by other entities, the final rule comes into effect before the interim rules for maritime security. Shippers and carriers must be in compliance with the RSPA final rule by September 26, 2003. Shippers and carriers that are required to meet the interim rules for maritime security discussed in this rulemaking will have to submit security plans no later than December 2003. As a result, shippers and carriers that must comply with both the RSPA requirements and the maritime security requirements will need to ensure the September date is met. In order to minimize duplicative efforts, we recommend those shippers and carriers develop and implement the training and security plan components of the maritime security interim rules that also meet the standards of the revised 49 CFR 172.800 by September 26, 2003 in order to comply with the RSPA requirements. Because the RSPA regulations do not require plan review, by completing and implementing those portions of the maritime security interim rules that fulfill the RSPA regulations, a shipper or carrier will comply with the RSPA regulations. In other words, if a Vessel or Facility Security Plan is completed and implemented but not yet approved by the Coast Guard, if it contains the elements mandated by the RSPA regulations the shipper or carrier will comply with RSPA. Once the Vessel or Facility Security Plan is approved, both requirements will be met.
Finally, the Environmental Protection Agency (EPA) also has existing regulations for non-transportation-related onshore facilities and certain offshore facilities to prevent the discharge of oil and to prepare plans for responding to discharges of oil or substantial threats of discharges of oil. The Coast Guard and the EPA will continue to explore the impacts of these maritime security interim rules on facilities under EPA jurisdiction and will clarify the impacts of the maritime security regulations, if any, before publishing a final rule. These maritime security interim rules are not intended to require the owner or operator of a facility under EPA jurisdiction to amend the Facility Response Plan (FRP) or Spill Prevention Control and Countermeasure (SPCC) Plan. We do not intend to require the National Schedule Coordination Committee to modify the existing schedule for exercise. Additionally, we do not intend to require the owner or operator of a facility under EPA jurisdiction to amend the facility's EPA-approved training program, exercises, or drills or record keeping of such training, exercises, or drills. The maritime security regulations for training, exercises, drills, and record keeping in these interim rules are strictly within the purview of the new legislative mandate for security and may be combined with existing training, exercises, or drills, where appropriate.
Commenters requested that we recognize industry-developed standards that achieve an equivalent level of security to the SOLAS and ISPS Code requirements. We have been working on security-related issues and have discussed or required security measures on vessels and facilities (including offshore facilities) since well before the development of the ISPS Code or the MTSA. In this work, we have reviewed and assisted in the development of many industry standards for security that implement high security standards and are effective in preventing security-related incidents. In addition, we have worked with many States that have successfully developed crime prevention standards for the maritime community that are substantial and effective. Recognizing the substantial body of work in various maritime industry sectors on security, we anticipate recognized industry-developed standards to provide the backbone for implementing many of the security measures contained in the maritime security interim rules found in today's Federal Register. Key to this recognition will be a comprehensive review of the industry-developed standard to determine whether it is equivalent to the security requirements being met by those using the standards found in the maritime security interim rules in today's Federal Register. It is imperative that the industry-developed standards be deemed equivalent in order to ensure that those vessels and facilities that use the industry-developed standards and have a high likelihood of experiencing a transportation security incident have adequately reduced their risk to the benefit of the entire U.S. Marine Transportation System (MTS).
Commenters requested that the requirements be flexible enough to tailor measures to different industries and be performance based rather than prescriptive. Fundamental to the requirements for security has been the concept of a security assessment. This assessment is specifically linked to security plans and is focused on a vessel, facility, or port as a unique operation. Thus, the assessment results drive the security measures implemented to set or increase each security level and, thus, make each plan unique as well as performance-based. The enforcement of security measures is always difficult when dealing with a purely performance-based system, as opposed to a prescriptive one; however, in this case, it will be clear whether access control, for example, exists or does not. The requirements contained in the maritime security interim rules found in today's Federal Register include clear measures to conduct standard security assessments and draft standard security plans throughout the maritime community. This approach will result in security plans which incorporate specific measures, unique to the operation, but in overall alignment with the objectives of all plans, to detect and deter a transportation security incident.
Commenters requested that the requirements be consistent among ports. We recognized the need for industry to have requirements tailored to their specific and diverse operations yet be afforded the consistency of the larger port-wide security measures. This said, no port has the same critical operations or geographic constraints, which make mandating the same security measures ineffective. However, we believe the framework of assessments and plans as laid out in the maritime security interim rules found in today's Federal Register, provides the consistency between ports and will be effective. This approach should ensure industry concerns are addressed within each COTP's area of responsibility. Each AMS Plan will also be reviewed and approved at both the District and Area level to assess consistency across the maritime community and to emphasize coordination across all borders. Additionally, we have included some flexibility in the AMS Plan requirements so that some geographic areas can be treated as systems, such as the Western Rivers, the Great Lakes, or the OCS. This geographic coordination of security measures to encompass an entire system will promote effective as well as efficient maritime security for all.
Commenters raised concern on the restrictions to mariner shore leave, detention aboard their vessels, and service provider access to mariners, such as port chaplains, union representatives, etc. This is a very important issue and it is addressed in the Vessel and Facility Security interim rules found elsewhere in today's Federal Register. The interim rules encourage both the vessel and the facility operators to coordinate shore leave for mariners, as well as procedures for access through the facility by visitors, including port chaplains and union representatives.
Commenters raised concern over the high cost of requirements and disparity between federal funds for the maritime versus the aviation sectors. We understand that many believe the cost of security is overwhelming. The requirements in this set of interim rules focus on those on those vessels and facilities that are at a higher risk of having a transportation security incident. We have developed flexible measures to meet the security requirements. The disparity between funding available between transportation modes is outside the scope of this rulemaking. There are, however, programs, such as the Maritime Security Grant Program, which is funded through the Transportation Security Administration and jointly administered by the Maritime Administration, Coast Guard and the Transportation Security Administration. This grant program can provide some funding for owners and operators regulated under subchapter H. An excellent reference for this program can be found at https://www.portsecuritygrants.dot.tsa.net.
Commenters voiced a desire to have the Transportation Security Card requirements promulgated quickly. As discussed under issue number 37 in the Specific Comments on the 40 issues listed in the public notice section below, there are many credentialing efforts in development. 46 U.S.C. 70105, Transportation Security Cards, addresses unescorted personnel access to secure areas of facilities and vessels. Other agencies of DHS (e.g., TSA) are responsible for implementing this section of the MTSA. Other agencies of DHS (e.g., TSA) are developing the Transportation Worker Identification Credential (TWIC) that will be a transportation system-wide common credential, used across all modes, for all U.S. transportation workers requiring unescorted physical and logical access to secure areas of our transportation system. The goal is to have one standardized credential that is universally recognized and accepted across our transportation system and can be used locally within the current facility infrastructure. We recognize that personnel access control will be a component in vessel and facility security plans, and understanding that facilities and vessels will not want to create and install personnel access control systems in advance of the TWIC infrastructure. In order to address these competing concerns, guidelines will be developed jointly by other agencies of DHS (e.g., TSA) and the modal administrations, and will provide for acceptable personnel access control measures that can be used until the TWIC is available. These guidelines will address procedural measures.
Commenters requested that we provide guidelines on training requirements for vessel and facility security. The ISPS Code specifies the designation of a Company Security Officer, Ship Security Officer and a Port Facility Security Officer and details their required competencies, duties, and responsibilities. To supplement these requirements, the IMO is developing model courses that identify the key competencies for each of the three security officer positions. The U.S. and India have been asked by the IMO to develop these model courses by September 2003.
In addition to the ongoing international training initiatives, section 109 of the MTSA requires the Secretary of Transportation to develop standards and curricula to allow for the education, training, and certification of maritime security personnel. This task has been delegated to MARAD, which has charged a group of experts at the U.S. Merchant Marine Academy (USMMA) with developing the training requirements for the three security officer positions as well as the requirements for any other personnel with security duties. The USMMA working group has developed a base-level curriculum for maritime security education. This curriculum was refined through public outreach that included an international conference hosted by MARAD at the USMMA on March 20, 2003.
The “Conference on Maritime Security Standards and Curricula” drew 136 delegates from the U.S. and numerous other countries. The meeting focused on the framework for seven model courses that had been provided to attendees prior to the conference. The seven model course frameworks discussed were:
1. “Vessel Security Officer;”
2. “Company Security Officer;”
3. “Facility Security Officer;”
4. “Maritime Security for Vessel Personnel with Specific Security Duties;”
5. “Maritime Security for Facility Personnel with Specific Security Duties;”
6. “Maritime Security for Military, Security and Law Enforcement Personnel;” and
7. “Maritime Security Awareness.”
The discussions also included issues related to certification of personnel and quality control of training courses. A panel consisting of the USMMA working group members and representatives from the Coast Guard, TSA and MARAD also responded to questions and comments from participants as part of the conference forum.
Ongoing interagency collaboration and efforts to harmonize international and U.S. requirements have led to the expansion of this project to include the development of three model maritime security courses for the IMO. In cooperation with the government of India, the working group prepared and submitted draft model courses for the Ship Security Officer, the Company Security Officer, and the Port Facility Security Officer to the IMO by May 30, 2003. Following review by an IMO validation panel, the finalized courses will be forwarded to the IMO not later than September 8, 2003.
Therefore, the requirements in the vessel security and facility security interim rules found elsewhere in today's Federal Register require the Vessel Security Officer, Company Security Officer and Facility Security Officer positions to have designated personnel and company-certified qualifications until other training provisions are complete. For company-certified qualifications, we anticipate that owners and operators will use the model courses as guidance. Further work on training requirements and implementation of the security measures may indicate a need to require formal training for these positions, which could be promulgated under a separate rulemaking.
Commenters requested that the process used to determine the applicability of security requirements and their value be explained. We have discussed the initial assessment and subsequent application of these interim rules in the Applicability of National Maritime Security Initiatives discussion above. Additionally we have discussed the value of implementing security measures throughout the maritime community in the Benefit Assessment section of this rule.
Some commenters were concerned about the idea of applying international standards to domestic trade. In the public notice of meeting, we included an appendix that had the ISPS Code and the new security-related SOLAS amendments. We took this approach to provide the public with an opportunity to comment on a body of work that substantially represented the international security requirements and current best practices for maritime security. As stated previously, we had been working on security-related issues and discussed or required security measures on vessels and facilities since well before the development of the ISPS Code or the MTSA. We took these requirements and discussions further by proposing comprehensive measures for security in our submission to the MSC76 IMO meeting in May 2002. These proposals were developed with respect to security as a system, because fundamental security must be universal—terrorists attack foreign and domestic targets without bias. The flexibility to tailor security plans and measures based on a security assessment is a key to ensuring that a vessel, on either a domestic or non-domestic route, has operational security sufficient to deter, to the maximum extent practical, a transportation security incident. The fact that domestic transportation links are as viable as international avenues for a terrorist attack makes this systems approach even more important, i.e., foreign and domestic vessels must have security measures in place on the same timeframe, making it more difficult to transfer the threat of a transportation security incident to a “softer” target. Finally, the application of ISPS, part B, to all vessels ensures a consistency of security measures implemented while in U.S. ports.
Specific Comments on the 40 Issues Listed in the Public Notice Back to Top
In the notice, we specifically requested response to 40 issues, helping to shape the regulations published in all six interim rules. A discussion of the responses to each of the issues raised in the notice follows.
1. Obligations of Contracting Government with Respect to Security. The SOLAS amendments (Regulation 3) and ISPS Code (part A, section 4, and part B, paragraph 4) lay out a series of requirements for Contracting Governments and Administrations to mandate security levels that are appropriate for their vessels and ports. In the notice, we explained our intention to implement these requirements in coordination with the Homeland Security Advisory System (HSAS) and asked for comments on how to relay information to the maritime community on changes in security levels, as well as methods to provide the public a forum to report suspicious acts.
Many commenters viewed as imperative that the threat and security level information be provided quickly and by all means available, including secure Web sites or e-mail. They also felt that the information should be provided to all components of the maritime community, including recreational boaters and shore-side personnel, should be formalized, and should be provided proactively. In this interim rule, the process for this communication is formalized through the AMS Plan, which will include all forms of communication available to the COTP in coordination with the private sector, State, local, and Federal agencies. Therefore, a standard communication method will be established across the nation, complemented with regional methods to ensure wide dissemination of threat information and security requirements. As discussed in the Notice for Meeting, the Coast Pilot and Broadcast Notice to mariners will remain key communication tools for vessels underway or coming to the U.S. from foreign ports.
Other commenters suggested that the MARSEC Level should be directly linked to the HSAS at all levels. This contrasts with the comments of many others who voiced a concern about changing levels due to the HSAS system, based on threat information not specifically related to the maritime community nor a specific region. Therefore, they suggested adopting a separate security level mechanism or incorporating some flexibility into the alignment of HSAS to the MARSEC Level. We stated in our notice of meeting that we were considering a link with the HSAS levels and were implementing the MARSEC Level system to ensure both flexibility for the maritime community, as well as to align with the 3-level international security level system. This remains our intent and we have coordinated these alignments with DHS. The regulations lay out further discussion of the MARSEC Levels and their alignment with HSAS Threat Conditions (see Table 101.205).
Some commenters stressed that coordination with other agencies was needed, and that two-way communications was important to the security of the waterfront and its operations, as is the ability to report incidents that are out of the ordinary. Concern was also noted by some that the communications procedures should directly inform the Facility Security Officers, the Company Security Officers, and the Vessel Security Officers while underway, in lay up, or after hours, since toll-free numbers do not always work from overseas locations or are sometimes reported as busy. We have included other means for communication at the local and national levels in this interim rule to provide alternative means for providing information on suspicious activity. We are working to develop advanced information technologies to interconnect agencies, organizations, vessels, and personnel. The advanced information technologies will facilitate the rapid transmission of critical safety and security information both vertically and horizontally. Additionally, we expect to build a strong communication process with Company Security Officers, Vessel Security Officers, and Facility Security Officers at both the national and area levels once these Officers are designated and the owner or operator provides their contact information to us.
2. Procedures for Authorizing a Recognized Security Organization (RSO). The ISPS Code (part A, section 4, and part B, paragraph 4) allows Contracting Governments to delegate certain security related duties to a RSO. In order to ensure proper initial implementation of the MTSA and SOLAS, particularly with the accelerated implementation timelines, the Coast Guard discussed in the Notice of Meeting its intent not to delegate authority to an RSO and requested comments on RSO authorities, qualifications, and competencies (other than those listed in the ISPS Code, part B, paragraph 4.5).
Some comments indicated that class societies, while possibly suitable for RSO delegation, should not be considered because of the aggressive timeline to review assessments and plans. Similarly, others indicated their strong support for the Coast Guard to retain all approval authorities, citing that delegation would defeat the purpose and intent of the MTSA. In contrast, some commenters disagreed, stating that the Coast Guard did not have adequate resources. They requested that the Coast Guard delegate its authority to an RSO, establish a timeline for when we would begin consideration of RSOs, and provide instructions on how RSOs should request consideration. We have retained in this regulation the intent to keep the approval of assessments, plans, and other security measures as a Coast Guard function. While it is understandable that organizations within the maritime community would seek to have their security expertise recognized, the Coast Guard believes it is imperative to maritime and homeland security to ensure consistent application of the requirements found in the interim rules and will conduct the required reviews and approvals without delegation, at this time. A timeline and further delegation discussions may be provided, once a stable, nationwide foundation for maritime security has been established.
As for the adequacy of the list of RSO competencies provided in the ISPS Code, part B, some commenters considered it an adequate list, while others indicated that there should be additional qualifications, such as a familiarity with national and local security plans. We believe this list encompasses the essential qualifications and competencies of organizations that wish to assist the maritime industry in the development of their security assessments and plans. The comment on knowledge of local security plans has merit and should be considered in addition to the ISPS Code, part B, competencies by those hiring security personnel.
3. Consideration of Other Organizations Competent in Maritime Security. In our Notice of Meeting, we discussed the potential need within the maritime community for assistance with the development of security assessments and plans from organizations advertising maritime security competency. We asked for comments on whether we should establish a standard for these organizations or companies and vet them against a benchmark, such as the one in the ISPS Code, part B, paragraph 4.5.
Several commenters requested that we develop standards or at least an outline of what they should expect from a company that professes maritime security competency and many also stated that the ISPS Code, part B, list was sufficient. Some commenters went further to suggest that we put this standard into guidance rather than regulations or leave it to the trade organizations to develop, because of concern over rigid requirements favoring larger companies and, therefore, limiting the flexibility of owners and operators. Many commenters did not believe the Coast Guard needed to vet these maritime security organizations, however, many suggested that examples of acceptable plans would be helpful to smaller operators. In contrast, other commenters stated that a list of organizations which meet industry or trade organization standards should be provided, and some went further to recommend the Coast Guard certify organizations, thus creating the basis for a new industry. Finally, some commenters requested that we develop and mandate industry standards for waterborne security and armed guards.
In these interim rules, we reference ISPS Code, part B, paragraph 4.5, as a list of competencies all owners and operators should use to guide their decision on hiring a company to assist with meeting the regulations. We may provide further guidance on competencies for maritime security organizations, as necessary, but do not intend to list organizations, provide standards within the regulations, or certify organizations. We consider standards and requirements for waterborne security and armed guards a subset of the above discussion. While these security measures may be appropriate for some vessels or facilities at a particular MARSEC Level, they are not necessary for all situations. Thus, we have indicated, in only the vessel and facility security interim rules found elsewhere in today's Federal Register, that they are among the additional measures that owners or operators may consider implementing, specifically at heightened security levels, and COTPs may impose, when deemed necessary to ensure maritime security in certain situations. The standards for private armed security guards are a matter of State and local law, as are the legal parameters for use of force. There are also differing standards that apply to armed private waterborne security in some States and local jurisdictions. Even though the interim rules do not address standards for private security guards in subchapter H, considering this a matter of State and local law and private contract between the owners and operators of vessels and facilities and the security company, we intend to work with State homeland security representatives to encourage the review of all standards related to armed personnel and the services that they provide to the maritime community.
4. Procedures for Accepting Alternatives and Equivalencies. The Notice of Meeting discussed that the SOLAS amendments to Chapter XI-2, Regulation 11 and 12 along with ISPS Code, part B, paragraphs 4.26 and 4.27, allow us to permit alternatives and equivalencies to the security requirements for U.S. flag vessels if they are at least as effective as the mandates and are reported to IMO. This provision is relevant to those vessels operating on international voyages and certificated by the U.S. The issue of industry standards was raised to cover domestic requirements, and is separate from the alternative and equivalencies provisions in SOLAS. The Coast Guard indicated its intent in the Notice of Meeting to make alternative and equivalency determinations at the national level and requested comment on the provisions of alternatives and equivalencies, as well as the process to submit a proposal to us for consideration (suggesting a process similar to 46 CFR 30.15 or 70.15).
Many commenters suggested that alternatives and equivalency determinations were needed to ensure compliance, yet allow for the unique international operations within some regions or in specific industries. Many commenters also supported the idea of a “master plan” for their vessel fleet or facilities that would eliminate some work and still effectively capture the security measures for the individual vessels or facilities covered. Some also asked if an appeals process would be included so a higher authority could reconsider equivalency and alternative determinations. A few commenters requested that this provision be delegated to the local level rather than be done at Coast Guard Headquarters to account for unique regional operations. Many commenters also stated that the submission process, as it exists for safety (46 CFR 70.15) or subchapter W, is adequate as long as it is timely.
We have included the alternatives and equivalency provisions in this interim rule to provide vessel and facility owners and operators the flexibility to request them. However, they will only be approved if they are determined to be equivalent to the security requirements in subchapter H and 33 CFR parts 120 and 128, if applicable. The provisions of submission and the appeal process are also included in the regulations presented in this interim rule. Because the equivalency and alternative determinations are obligations under SOLAS and the ISPS Code, the Coast Guard is placing the decision to accept equivalents and alternatives at the Commandant level, at this time. This will ensure consistency and retain control over the U.S. flag administration obligation. As always, State, local and regional expertise will be used when reviewing alternatives and equivalencies, as appropriate for the proposals.
5. Procedures for Accepting Industry Standards. In addition to the equivalencies and alternative provisions discussed above, we discussed in the Notice of Meeting that, for those vessels that are currently not required to meet SOLAS, industry standards could be accepted as an equivalent or alternative. We sought comment on the concept of accepting industry standards and asked whether an independent audit could also be used in conjunction with this system. We also requested comment on the intent to review these standards at the national level and provide a submission process similar to that found at 46 CFR 50.20-30.
An overwhelming number of commenters strongly supported this proposal and voiced endorsements for various industry standards, both for vessels and facilities, which are either published and in use or currently under development. Some commenters recommended that industry standards for assessments already exist that could be determined equivalent to the assessment requirements proposed in the Notice of Meeting and should be considered. Many commenters indicated they intend to submit their standards for approval and will also seek approval for plans or assessments already conducted to meet State requirements. Several commenters also stated that an independent audit should not be required if the vessel is already inspected by the Coast Guard. Many commenters also requested that the industry standards or alternatives be approved at the local or regional level rather than at the Commandant level. Additionally, some commenters expressed the desire to have the industry standards reflect lower security measures requirements that would not be equivalent to those discussed in the Notice of Meeting.
We have considered the acceptance of industry standards to be a key element of implementing the requirements of the MTSA. The public meeting response to our questions on this issue indicates that the industry is willing to tailor security standards to their industries' needs and work with us to implement them. The issue of equivalency is fundamental to implementing an effective system of maritime security. Therefore, equivalency is a requirement for the acceptance of industry standards in the regulations presented in this interim rule. When a security assessment is conducted on a vessel or facility operation, the resultant security measures that can logically mitigate and meet the security risks are tailored to the situation. Thus, an industry standard for the small passenger industry will be different from the industry standard for chemical ships, simply based on the difference in their respective vulnerabilities and the associated consequence of a transportation security incident. To accommodate this wide diversity of industry standards and substantiate their equivalency to the requirements in subchapter H, the review and approval of industry standards will remain at the Commandant level. However, we intend to coordinate review of industry proposals with the local and regional levels, if appropriate. In addition, standards already developed to meet State requirements or other industry concerns may be submitted for an equivalency review and subsequently approved under the requirements of this section, if found appropriate. In the requirements of this interim rule, we have titled this industry standard concept, “Alternative Security Programs,” because it is a broader term that implies a program or system that is more inclusive, i.e., an industry association or a company could submit these requests for consideration.
6. Declaration of Security (DoS). The ISPS Code (part A, section 5) requires Contracting Governments to determine when a DoS is required for vessels and facilities conducting vessel-to-port or vessel-to-vessel activities. A DoS is a document that establishes an agreement between a vessel and a facility, or between vessels, on their security arrangements to ensure their coordination and communication is clearly set out.
In the notice of meeting, we requested comments addressing recommendations for those operations or security levels when the DoS would be appropriate to facilitate coordination of security measures between a vessel and facility. As requested, we received comments addressing our question. Comments supported the intent of the requirements but expressed confusion at when it was needed. In particular, ferry operators questioned if they would be required to submit a DoS for every transit. Other commenters suggested that the DoS only be required at higher MARSEC Levels (2 and 3) for specific operations and are not appropriate for domestic vessels. Additionally, commenters suggested that transfers that are brief or involve barges should not have DoS requirements.
We believe a DoS is a valuable security communication tool for vessels, facilities and for COTPs. While a DoS is generally a MARSEC Levels 2 or 3 tool, there are certain operations that benefit from added coordination between the facility and the vessel. In the AMS requirements found elsewhere in today's Federal Register, each AMS Plan will be required to address DoS requirements for certain operations within the ports, especially related to MARSEC Levels 2 and 3. In addition, the AMS Plan will be required to include the procedures for what actions to take when vessels are at a higher MARSEC Level than the Port and request a DoS or other security measures in order to enter the Port. A DoS will not be required for all vessels and all facilities in all operations. In addition to the requirements found in the AMS Plan, both the Vessel Security and the Facility Security interim rules found elsewhere in today's Federal Register discuss when and for what operations a DoS will be required. We have determined that some operations always require a DoS and therefore vessels engaged in those operations may need to complete a DoS on a regular basis, due to their high-risk operations or locations. However, we believe a standing procedure or agreement can be used to meet this requirement. The COTP may determine, based on the localized repetitive nature of an operation, that a standing agreement which lays out the information in a DoS, can replace the daily use of the DoS.
We also requested comments in our public notice on how long a DoS should be kept on file (we suggested 2 years) and asked how the format of a DoS should be promulgated (guidance or regulation). In addition, the ISPS Code allows flag administrations to give guidance on when their ships should request a DoS during a port call or when interacting with other vessels. Many commenters suggested that a 2-year time frame for record retention was much too long. Many commenters also noted that they preferred guidance rather than regulation on the format for a DoS. Based on comments we received and to further align with the ISPS Code requirements, the Vessel Security requirements found elsewhere in today's Federal Register include requirements to keep DoS's on file for the vessel's last 10 port calls. The Facility Security requirements found elsewhere in today's Federal Register include requirements to keep DoS's on file for at least 90 days. As for DoS format, the interim rules mentioned above specify required elements for a DoS to ensure facility and vessel forms are acceptable for COTP reviews. For U.S. flag vessels, we intend to provide guidance to Company Security Officers on when to request a DoS based on vessel operations and world threat conditions.
7. Security of Information Contained in Port, Vessel and Facility Security Assessments and Plans. The ISPS Code, part A, sections 9 and 16, and the MTSA (46 U.S.C. section 70101(d)) require documents related to security, especially security assessments and plans, to be kept in a manner that is protected from unauthorized access or disclosure. In our notice of meeting, we asked for comments on whether a classification for sensitive security material would be useful in the implementation of National Maritime Security initiatives.
The majority of commenters supported a designation for all security-related materials to ensure this information is not available to the general public and some requested a higher security designation such as what the Defense Department is using. Some other commenters did not want a security-related designation because they wished to ensure the Freedom of Information Act remained primary to all information. Other commenters suggested that individuals should have clearances to see this material or that the Coast Guard be the only agency allowed to review the material. In contrast, some State and local government representatives stated their wish to have access to the material and wanted us to include provisions for this access. Additionally, some commenters stated that a federal preemption clause was needed for this designation to ensure that if material was protected from disclosure at the federal level, a loophole at the State or regional level did not compromise its security.
Security-related information has traditionally not been in the public forum since it inherently puts at risk the very system that is being protected. Understanding the imperative need to safeguard maritime security material to ensure its dissemination does not make the vessel, facility, or port vulnerable to a transportation security incident, we have included provisions in this interim rule noting this type of material is to be designated as SSI in accordance with 49 CFR part 1520. Information designated as SSI is generally exempt under FOIA, and we believe that State disclosure laws that conflict with 49 CFR part 1520 are preempted by that regulation.
We did not believe that a security designation above SSI was needed for this material however, we did include provisions in this interim rule for a COTP to designate a higher level of security if there are provisions in the AMS Plan that indicate a higher level is appropriate. Access to the AMS Plan will be limited to those on the Area Maritime Security (AMS) Committee that have agreed to protect the material in a manner appropriate to its security sensitivity and have a need to know the material. Guidance on SSI and its use will be issued to assist AMS Committee members, consistent with 49 CFR part 1520. For material that is designated at a level higher than SSI, the COTP will screen AMS Committee members for appropriate clearances and take precautions appropriate to the material's sensitivity. Individuals and Federal agencies outside those with transportation oversight authority will not be allowed to view plans or assessments of vessels and facilities unless circumstances provide a need to view it. As stated in the Vessel Security interim rule found elsewhere in today's Federal Register, certain portions of each vessel security plan and assessment must be made accessible to authorities; however, those portions not required to be disclosed are protected with the SSI designation and need-to-know criteria. Owners and operators of vessels and facilities may also request a determination of a higher designation than SSI for their plans. The Commandant or the COTP, whoever is responsible for reviewing the security plan, will retain the designation authority. In all cases, the material, if retained by a Federal agency, must be safeguarded to the appropriate designation.
Port Security Provisions
8. Port Security Plans and Committees. The requirements for port plans stem from the development of the new SOLAS amendments and the ISPS Code as well as the MTSA (46 U.S.C. sections 70103, 70104 and 70112). The definition of port facilities is broad and covers all aspects of the interface between a ship and a facility, including anchorages and other areas typically considered by the U.S. as public waterways, as well as other structures located under, in, on, or adjacent to U.S. navigable waters. Thus, in the public meeting notice, we discussed our in