This is the third post covering the most recent meeting of the National Maritime Security Advisory Committee (NMSAC). The first post dealt with briefings and discussions on Seafarer Access to Shore, CDC Security, and the TWIC Program. The second post summarized NMSAC proceedings with regard to the future of the Maritime Critical Infrastructure Committee, the maritime security provisions of the Coast Guard Authorization Act of 2010, SAFE Port Act reauthorization issues, a report by the NMSAC TWIC Working Group, and US Mariners’ Second Amendment rights. This post covers what happened on the second day of the meeting.
Maritime Domain Awareness and Information Sharing The first item of business was a quick presentation by the Coast Guard and DHS Maritime Domain Awareness (MDA) and Information Sharing Executive. The briefer’s first point was that Maritime Domain Awareness “is a cognitive state, not a program.” MDA is heavily reliant on information sharing. Domestically it requires a whole-of-government approach for coordinated national leadership of participants at the federal, state, tribal, and local levels, as well those in the private sector. International MDA is also key to our common national and maritime security, defense, and safety.
There are four “hubs” for maitime information exchange, with a fifth on oceans under development. The four are:
Vessels â€” information such as country of origin, registry, ownership, etc.
Cargoes â€” origin, manifests, bills of lading, etc
People â€” citizenship, certifications, affiliations
Infrastructure â€” Marine facilities, shipping channels, navigation aids, etc.
Within the national Security Council Staff organization, the field falls within the cognizance of two groupsâ€”maritime security and information sharing. Keeping track of things requires cooperation with others and is essential as MDA is key to implementing any maritime security strategy. DHS has been engaged in outreach to industry for over two years and much progress has been made. There have been past complaints regarding the inability of nongovernmental entities to receive assessments, alerts, and other products that were either classified or designated For Official Use Only. Industry partners have also complained that they are not engaged early enough in the development of exercises and now there is a plan to address that.
A NMSAC member noted that the flow of information was a consistent sore point with industry, with some ports trying to scrub SSI to share information, but it’s very catch as can. He questioned why, given the high priority of MDA, haven’t agencies been able to come up with a way to distribute information without violating restrictions. The briefer replied that this was a long-term problem, as all agencies have their own processes. She noted that she has also heard complaints of too many information streams and not enough coordination.
A representative of the DHS Office of Infrastructure Protection (OIP) commented that he would grade the MDA Working Groups information sharing with the private sector over the last two years as a C- to a D+. It’s an effort to bring the private sector to the table. The existence of four “Executive Agents ” for MDA (the Secretary of the Navy for DoD, the Coast Guard for DHS, MARAD for DoT, and the National Maritime Intelligence Center for the DNI) confuses people. The DHS Information Sharing website MDA portal needs more private sector input. NMSAC could assist on outreach to the maritime industry. This prompted a complaint about shutting out trade association representatives from the Maritime Critical Infrastructure Council as a result of the anti-lobbyist directive. The way to reach the maritime industry is through the various trade associations. The OIP representative clarified that the ban only applies to registered lobbyists sitting on councils when they are providing input to government officials. In other industry sectors, classified briefings to industry representatives have been well received. Another comment highlighted industry frustration that the information flow was one way, from industry to the government without any feedback. Typically, the government says that the information can only be shared within the government. This included instances where industry had provided information to the government that the government then classified and said it couldn’t discuss the information with industry because it was classified.
Information Sharing and Analysis Centers
Next, a representative of the Maritime Security Council described Information Sharing and Analysis Centers (ISACs) in other sectors of the economy, with the suggestion that the maritime industry create one. These centers are set up by industry to share security information within the industry and with the government. The most analogous example is the Financial Sector ISACâ€”a vehicle that allows bank security departments to share information among themselves and to push it up to the federal regulators and law enforcement. Like the maritime industry, the financial sector is an international industry. Because the government sponsors the ISACs, anti-trust issues do not arise. Because they are not government agencies, the lobbyist issue with advisory boards does not arise. The government funds an ISAC for the first three to five years while it’s getting off the ground, then industry assumes the funding. Most sectors have found a sufficient business justification for taking over the funding responsibility. Analysts at the centers have appropriate clearances to handle classified material. DHS is committed to sponsoring clearances for analysts at ISACs.
The Council representative cited two examples of how an ISAC could pay off for the maritime industry: US Coast Guard agreements with foreign countries in the International Port Security Program restrict the Coast Guard from revealing many of its findings concerning foreign ports. A maritime ISAC could pass on sanitized information to industry. As a result, a vessel that has called at a port with problems might be able to avoid Port State Control difficulties upon arrival in the US. In the other direction, low-level security breaches such as stowaway attempts and opportunistic thievery are supposed to be reported, but usually aren’t. The ISAC could take information concerning such incidents and report it to the Coast Guard after stripping off information identifying the vessels in question. This would give the Coast Guard and other industry members a better picture of the problems at ports where such events have occurred.
In response to a question, the representative described an ISAC as a multi-tiered, 24/7 operation with communications based on what it was equipped to receive. This would involve exchanges of intelligence, whether classified, SSI, or open course, in real time, for real-time security decision-making. The beauty of an ISAC is that a company can named as the source of a report, if it wants the credit, or the report can be listed as “from a trusted industry source.”
Another NMSAC member asked where ISACs are located. Some are around DC; others in the New York area. The suggestion is to put the maritime ISAC at Project Sea Hawk, the fusion center in Charleston, SC, (the Project is amendable), with an analyst at the National Maritime Intelligence Center in Suitland, MD, and another on the West Coast.
An ISAC institutionalizes the exchange of information that previously occurred, if at all, on basis on who knew whom. A NMSAC member pointed out the longstanding reluctance in the maritime industry to share internal security information, because revealing the information so often came back to bite the discloser. A representative of the Marshall Islands gave a briefing on the attack on the tanker M STAR in the Strait of Hormuz to the Office of Naval Intelligence (ONI). Later, ONI refused to discuss the briefing with the representative because ONI had classified the information Top Secret. This is the type of situation an ISAC could help with. Often the difference between classified and SSI may be a few words, such as something that might reveal methods and sources. Analysts at an ISAC could identify such issues and get the government to authorize release of an SSI or uncontrolled version.
Questioned as to what needs to be done to set up a maritime ISAC, the representative replied that a sponsoring government agency was needed. The Coast Guard was the obvious choice, but wouldn’t have to provide the funding. It would be desirable to bring maritime labor in on the ISAC.
Two Resolutions and a Motion
NMSAC then turned to crafting two resolutions. The first one expressed NMSAC’s support for section 806 of the Coast Guard Authorization Act of 2010. This section expands on the International Port Security Program by establishing the Coast Guard Assistance Program. This will allow the Coast Guard to provide equipment and technical training to help bring foreign ports into compliance with the ISPS Code and to correct deficiencies identified during USCG port assessments. The purpose of the proposed resolution was to support bringing all countries into compliance, so that vessels arriving in the US wouldn’t have to bear the costs of additional security measures required of them as conditions of entry. There was some suggestion of modifying the resolution to reflect equal treatment for US ports, but it was pointed out that appropriated funds could only be spent for the purposes specified. Instead, the resolution was amended to require the Coast Guard to continue to work with domestic ports on compliance. Discussion of penalizing vessels coming from noncompliant ports by applying the conditions of entry after the first port in the US resulted in a suggestion to take that issue upon a separate resolution applicable to all US government agencies. The resolution passed unanimously.
The second resolution dealt with section 827 of the Coast Guard Authorization Act of 2010. In relevant parts, this section requires the Coast Guard to make its Maritime Risk Assessment Model (MSRAM) the standard for all Sectors to use in developing Area Maritime Security Plans and to make an unclassified version of it available to MTSA-regulated vessels and facilities so that they may conduct “true” risk assessments “using the same criteria employed by the Coast Guard.” Committee member comments included that this section will cause facilities to use the same metrics as the Coast Guard. While the Coast Guard assesses the overall port, this will allow owner/operators to analyze key infrastructure elements with the same tool. The Coast Guard is in the process of modifying MSRAM to share it and the implementation plan includes provision of training. While one NMSAC member pointed out that DHS has an assessment tool available that is a lot more suitable for industry, and much more detailed (e.g., taking into account the height of the fence and the number of strands of barbed wire), another responded that Congress had endorsed MSRAM. Another member commented that when MTSA had first gone into effect, no one had an idea how to do an assessment and the Coast Guard didn’t know how to deal with assessments. MSRAM provides an excellent common denominator. A NMSAC member then said that it would be good to endorse making the MSRAM available, but it should not be made mandatory as the only tool a regulated entity could use. The draft resolution was modified to take out references to MSRAM as a “standard” to avoid endorsing MSRAM as a mandatory planning tool. As amended, the resolution passed 10-1.
The Committee then took up a motion for NMSAC to send a letter to TSA disagreeing with TSA’s decision not to share detailed information on the TWIC Pilot Program with NMSAC. This motion passed. Here, I think there was a misunderstanding. During the TSA briefing on the first morning, I distinctly heard the TSA representative say that TSA would be willing to provide the details to NMSAC, but not in a public setting. The lack of sharing of details that TSA is planning is not sharing them with the maritime industry at large, to avoid the appearance of endorsing any reader brand over another. Sharing details with NMSAC, however, will mean that NMSAC members will have knowledge, not available the industry as a whole, that would enable them to shape their organizations’ purchasing decisions (assuming there are any clear winners or clear losers). I’m not suggesting any lack of ethics on anyone’s part, rather it strikes me as absurd to expect that someone who knew the score would stand idly by and let their organization buy a dud.
Future Meetings and Agenda Items The last matter that NMSAC considered in public was future meetings. The tentative dates for the next two meetings were reiterated. (Before the meeting was called to order on the second morning, Committee members had already discussed scheduling and had reached consensus on tentative dates for the next two NMSAC meetings.) The next meeting is now scheduled for July 19-20, in DC (presumably once again at the ABS facility, at which this meeting and the previous meeting were held). The following meeting is currently set for September 27-28 in New England (probably Portland, ME), with the location contingent on the Coast Guard finding the necessary funds.
The Agenda for the July meeting will include:
NMSAC’S recommendation on seafarer access to shore
Review and endorsement of the Small Vessel Security Implementation Plan
Recommendations regarding SAFE Port Act reauthorization
A joint USCG/MARAD briefing on proposed port security training
Review of the OCS ANOA Rule
Review of AIS security issues
Review of the TSA response to NMSAC’s letter requesting detailed information from the TWIC Pilot Program
With that, the Committee went into Executive Session to discuss communications between industry and the government.
NOTE: This post, or any portion of it, may be copied, distributed, and displayed and derivative works may be based on it, provided it is attributed to Maritime Transportation Security News and Views by John C. W. Bennett, http://mpsint.com.