Friday, December 26, 2014

More Detailed Analysis of NPRM on Seafarer Access

Below is a more detailed analysis of the Notice of Proposed Rulemaking that will be published in Monday Dec. 29 2014’s Federal Register, at www.gpo.gov/fdsys/pkg/FR-2014-12-29/pdf/2014-30013.pdf. For the record, my comments are based on 10 years’ work with MTSA facilities.  Some of that experience was obtained while employed in the job capacity of Facility Security Officer. My opinions are also informed by experience working for and with federal, state, and local public safety and security agencies beginning in 1976 and continuing until 2003. The comments are my own and do not reflect the opinions of the University of Findlay. 

The proposed rule will “require each owner or operator of a MTSA-regulated facility to implement a system for providing seafarers and other individuals with access between vessels moored at the facility and the facility gate. Each owner or operator would be required to implement a system, within 1 year after publication of the final rule, that incorporates specific methods of providing access in a timely manner, at no cost to the individual, and in accordance with existing access control provisions in 33 CFR part 105. We also propose to require each owner or operator to ensure that the FSP includes a section describing the system for seafarers’ access.

This rule would not affect the authority of the U.S. Customs and Border Protection (CBP) to inspect and process individuals seeking entry to the U.S. For those seafarers and other individuals subject to CBP’s authority, this rule would apply to facility owners and operators only after such seafarers and other individuals have been inspected, processed, and admitted to the U.S. by CBP.”

What does the NPRM contain?
Section 811 of the Coast Guard Authorization Act of 2010 (Pub. L. 111–281) (CGAA 2010), requires facility owners and operators to ensure shore access for seafarers and other individuals. Specifically, section 811 requires each MTSA-regulated facility to ‘‘provide a system for seamen assigned to a vessel at that facility, pilots, and representatives of seamen’s welfare and labor organizations to board and depart the vessel through the facility in a timely manner at no cost to the individual.’’ This new rule implements that section. The shore leave initiative is largely the work of the Seamen’s Church Institute. SCI has been conducting annual surveys of seafarers’ shore leave detentions and restrictions on seafarers’ and chaplains’ access through terminals in United States ports since 2002. For more information, see http://seamenschurch.org/primary-category/shore-leave.

This regulation requires owner/operators to provide timely access without unreasonable delay through the facility at no cost to the individual to seafarers and other individuals. Certain factors are specified to be used in determining whether the access is timely. Certain methods are to be used in granting access. A new FSP section on seafarer access is created, and the contents of the section are detailed.

Specifically, the proposed new rule:

Inserts a new federalism section into 33 CFR 101, 101.112, stating that 33 CFR 105 preempts State or local regulations if there is a conflict between 33 CFR 105 and State and local regulations.

Amends 105.200. Clarifies acronyms, clarifies wording.  Major changes:

CHANGES (b)(1) (1) Define the security organizational structure and provide each person exercising security duties and responsibilities within that structure the support needed to fulfill those obligations;

TO (b)(1)(1) Define the organizational structure of the security personnel and provide each person exercising security duties and responsibilities the support needed to fulfill those obligations;

CHANGES 105.200, (b)(9) ,  “Ensure coordination of shore leave for vessel personnel or crew change-out, as well as access through the facility for visitors to the vessel (including representatives of seafarers' welfare and labor organizations), with vessel operators in advance of a vessel's arrival. In coordinating such leave, facility owners or operators may refer to treaties of friendship, commerce, and navigation between the U.S. and other nations;”

TO “Ensure implementation of a system, in accordance with § 105.237 of this subpart, coordinating shore leave for vessel personnel or crew change-out, as well as access through the facility for visitors to the vessel, as described in § 105.237(b)(4) of this subpart, with vessel operators in advance of a vessel's arrival. In coordinating such leave, facility owners or operators may refer to treaties of friendship, commerce, and navigation between the U.S. and other nations;”

Inserts new section 105.237, System for seafarers access. This section has 6 subsections. (a) sets out the requirement that the facility must provide seafarers timely access at no cost to the individual, complying with the requirements of the TWIC program.  Access must be by a method specified in this section. (b) gives a list of the types of individuals who needs to be given this access. It is an expansion of the list given in the current version of 105.200 (b)(9), and includes a “catch-all” “other authorized individuals classification. (c) gives a list of factors that the owner/operator must consider when deciding the issue of “timeliness”. Owner/operators must provide the access in a timely manner without unreasonable delay, subject to review by the Coast Guard. The Coast Guard will review each FSP to ensure that the facility owner/operator has “appropriately considered” the factors listed in (c). (d) is a list of the 6 methods that may be used to perform the access. Methods allowed include types of escorting, use of third parties, monitoring, or some other arrangement with the permission of the Coast Guard. The method(s) included in the FSP will be subject to Coast Guard review and approval. The Coast Guard states that “We assume that most facilities would choose monitoring (Method 5) since the majority of them are small enough that existing security guards and/or monitoring equipment in place would be sufficient. However, if facilities choose this method, we anticipate 1 hour of training annually to review security protocol in the event that a seafarer leaves the designated passageway.” If a third party is used, a back-up method must be specified in case the third party is unable to or does not provide the required access. (e) sets out the requirement for “at no cost to the individual.” (f) describes the content of the new FSP section This is the new Section 9, System for seafarer access, which is the documentation of the facility’s system for providing the access as described in 105.237.

Complete text of this new section 105.237:
(a) Access Required. Each facility owner or operator must implement a system by (365 DAYS AFTER DATE OF PUBLICATION OF FINAL RULE) for providing access through the facility that enables individuals to transit to and from a vessel moored at the facility and the facility gate in accordance with the requirements in this section. The system must provide timely access as described in paragraph (c) of this section and incorporate the access methods described in paragraph (d) of this section at no cost to the individuals covered. The system must comply with the Transportation Worker Identification Credential provisions of this part.
(b) Individuals Covered. The individuals to whom the facility owner or operator must provide the access described in this section include—
(1) The seafarers assigned to a vessel moored at the facility;
(2) The pilots and other authorized personnel performing work for a vessel moored at the facility;
(3) Representatives of seafarers’ welfare and labor organizations; and
(4) Other authorized individuals in accordance with the Declaration of Security (DoS) or other arrangement between the vessel and facility.
(c) Timely Access. The facility owner or operator must provide the access described in this section without unreasonable delay, subject to review by the Captain of the Port (COTP). The facility owner or operator must consider the following when establishing timely access without unreasonable delay:
(1) Length of time the vessel is in port.
(2) Distance of egress/ingress between the vessel and facility gate.
(3) The vessel watch schedules.
(4) The facility’s safety and security procedures as required by law.
(5) Any other factors specific to the vessel or facility that could affect access to and from the vessel.
(d) Access Methods. The facility owner or operator must ensure that the access described in this section is provided through one or more of the following methods:
(1) Regularly scheduled escort between the vessel and the facility gate that conforms to the vessel’s watch schedule as agreed upon between the vessel and facility.
(2) An on-call escort between the vessel and the facility gate.
(3) Arrangements with taxi services, ensuring that any costs for providing the access described in this section, above the taxi’s standard fees charged to any customer, are not charged to the individual to whom such access is provided. If a facility provides arrangements with taxi services as the only method for providing the access described in this section, the facility is responsible to pay the taxi fees for
transit within the facility.
(4) Arrangements with seafarers’ welfare organizations to facilitate the access described in this section.
(5) Monitored pedestrian access routes between the vessel and facility gate.
(6) A method, other than those in paragraphs (d)(1) through (d)(5) of this section, approved by the COTP.
(7) If an access method relies on a third party, a back-up access method that will be used if the third-party is unable to or does not provide the required access in any instance. An owner or operator must ensure that the access required in paragraph (a) of this section is actually provided in all instances.
(e) No cost to individuals. The facility owner or operator must provide the access described in this section at no cost to the individual to whom such access is provided.
(f) Described in the Facility Security Plan (FSP). On or before [INSERT DATE 10 MONTHS AFTER PUBLICATION OF THE FINAL RULE], the facility owner or operator must document the facility’s system for providing the access described in this section in the approved FSP in accordance with 33
CFR 105.410 or 33 CFR 105.415. The description of the facility’s system must include.
(1) Location of transit area(s) used for providing the access described in this section;
(2) Duties and number of facility personnel assigned to each duty associated with providing the access described in this section;
(3) Methods of escorting and/or monitoring individuals transiting through the facility;
(4) Agreements or arrangements between the facility and private parties, nonprofit organizations, or other parties, to facilitate the access described in this section; and
(5) Maximum length of time an individual would wait for the access described in this section, based on the provided access method(s).

CHANGES 105.405   Format and content of the Facility Security Plan (FSP).
(a) A facility owner or operator must ensure that the FSP consists of the individual sections listed in this paragraph (a). If the FSP does not follow the order as it appears in the list, the facility owner or operator must ensure that the FSP contains an index identifying the location of each of the following sections:
(1) Security administration and organization of the facility;
(2) Personnel training;
(3) Drills and exercises;
(4) Records and documentation;
(5) Response to change in MARSEC Level;
(6) Procedures for interfacing with vessels;
(7) Declaration of Security (DoS);
(8) Communications;
(9) Security systems and equipment maintenance;
(10) Security measures for access control, including designated public access areas;
(11) Security measures for restricted areas;
(12) Security measures for handling cargo;
(13) Security measures for delivery of vessel stores and bunkers;
(14) Security measures for monitoring;
(15) Security incident procedures;
(16) Audits and security plan amendments;
(17) Facility Security Assessment (FSA) report; and
(18) Facility Vulnerability and Security Measures Summary (Form CG-6025) in appendix A to part 105-Facility Vulnerability and Security Measures Summary (CG-6025).

TO: 105.405   Format and content of the Facility Security Plan (FSP).
(a) A facility owner or operator must ensure that the FSP consists of the individual sections listed in this paragraph. If the FSP does not follow the order as it appears in the list, the facility owner or operator must ensure that the FSP contains an index identifying the location of each of the following sections:
1) Security administration and organization of the facility;
(2) Personnel training;
(3) Drills and exercises;
(4) Records and documentation;
(5) Response to change in MARSEC Level;
(6) Procedures for interfacing with vessels;
(7) Declaration of Security (DoS);
(8) Communications;
(9) System for seafarers access;
(10) Security systems and equipment maintenance;
(11) Security measures for access control, including designated public access areas;
(12) Security measures for restricted areas;
(13) Security measures for handling cargo;
(14) Security measures for delivery of vessel stores and bunkers;
(15) Security measures for monitoring;
(16) Security incident procedures;
(17) Audits and security plan amendments;
(18) The Facility Security Assessment (FSA) report; and
(19) The Facility Vulnerability and Security Measures Summary (Form CG-6025) in appendix A to part 105-Facility Vulnerability and Security Measures Summary (CG-6025).

Who will be affected by the NPRM?
The individuals granted access and the 2,498 facilities subject to MTSA.

Why does the USCG consider that a regulation is necessary?
Section 811 of the Coast Guard Authorization Act of 2010 (Pub. L. 111–281) (CGAA 2010) “requires facility owners and operators to ensure shore access for seafarers and other individuals. Specifically, section 11 requires each MTSA-regulated facility to ‘‘provide a system for seamen assigned to a vessel at that facility, pilots, and representatives of seamen’s welfare and labor organizations to board and depart the vessel through the facility in a timely manner at no cost to the individual.’’ The Coast Guard has decided that the provisions of this NPRM satisfy the requirements of the CGAA 2010 through a regulatory flexibility that offers the least costly of any alternative.

What are the costs of this proposed regulation?
There is a detailed cost break-down in the introductory material in the Federal Register notice. Some factors that I noticed when looking at the Coast Guard’s estimates of who will be affected by regulation, which will affect cost.  The Coast Guard states that in January 2010, 62% of all FSPs had been reviewed and only 4% lacked adequate seafarers access provisions, while stating elsewhere that 33 CFR does not require seafarer access measures that are “adequate” for the purposes of the CGAA 2010.  There is a huge difference between placing a sentence in an FSP to the effect, “The facility has procedures in place to ensure timely access of seafarers at no cost to the individual” and actually having a program in effect that meets the standards of the CGAA2010 and can be described out to that standard. I have looked at many FSPs and I don’t see what the Coast Guard is apparently seeing. It is not in the current plans because aside from the brief mention in the list of owner/operator responsibilities, shore leave or seafarers access is not covered in 33 CFR 105. I think the figure of facilities whose plans and programs will be affected is much higher than 10% and the corresponding cost of this regulation will be much higher.

What are the benefits of this proposed regulation?
The regulation will grant access to around 907 seafarers annually.  It will put into action a section of law passed in 2010. It will align us more closely with the Intent of the International Ship and Port Facility Security Code.

What timelines are involved?
The Coast Guard intends to hold a public meeting on this regulation in Washington, DC January 23, 2015 from 9:00 a.m. to 12:00 p.m. The deadline to reserve a seat is January 16, 2015. Comments need to be submitted by February 27, 2015.  FSPs would need to be updated within 10 months after publication of the final rule.

What will the average MTSA facility need to do to comply with this new regulation, if the final rule closely resembles this NPRM?
1. Codify the existing shore leave procedures if they have not been captured in policy or post orders. The vessel agents who service your dock are always a good source of information and advice. For example, if your policy states that the vessel needs to contact the security detail via cell phone to arrange for the on-call escort, the vessel agent will know or be able to find out the availability of cell phones on the vessels.
2.  Decide which of the 6 methods of providing access is right for your operation. If a third-party escort service will be utilized, be sure to provide a back-up method. If you have a method that is not mentioned in the new rule that you wish the Coast Guard to consider, you should get the Coast Guard approval for this method in advance of FSP submission. Contact your petty officer to see how he/she wants you to handle this issue.
3.  Absent any further policy on the subject, use the format in 105.237 (f) for the FSP Section. You can add anything you like to this section but these 5 elements (or however many survive in the final rule) must be included in the section.
3. Don’t wait til the very end of the 10-month period to submit your amended FSP! Depending on your location, the inspection corps may have a heavy lift at this time.

What does the Notice say about submitting comments?
The Notice gives the procedure for submitting comments.  The docket number is USCG–2013–1087. In the Notice, on pp.77987-77988, the Coast Guard has a list of topics on which they specifically request comments. From past presentations on the comment process, the Coast Guard has advised:
1. Don’t include comments about unrelated topics
2. Form letters aren’t particularly effective

3.  Suggest solutions to identified problems or criticisms

NPRM and Public Meeting on Seafarer Access in Monday Dec. 29 Federal Register

In Monday Dec. 29 2014’s  Federal Register, the Coast Guard issues a notice of proposed rulemaking, and a notice of public meeting, on seafarer access, at www.gpo.gov/fdsys/pkg/FR-2014-12-29/pdf/2014-30013.pdf.

The proposed rule will “require each owner or operator of a MTSA-regulated facility to implement a system for providing seafarers and other individuals with access between vessels moored at thefacility and the facility gate. Each owner or operator would be required to implement a system, within 1 year after publication of the final rule, that incorporates specific methods of providing access in a timely manner, at no cost to the individual, and in accordance with existing access control provisions in 33 CFR part 105. We also propose to require each owner or operator to ensure that the FSP includes a section describing the system for seafarers’ access.


This rule would not affect the authority of the U.S. Customs and Border Protection (CBP) to inspect and process individuals seeking entry to the U.S. For those seafarers and other individuals subject to CBP’s authority, this rule would apply to facility owners and operators only after such seafarers and other individuals have been inspected, processed, and admitted to the U.S. by CBP.”

The Coast Guard will hold a public meeting in Washington, DC to solicit comments on the proposals in this notice on January 23, 2015 from 9:00 a.m. to 12:00 p.m. The deadline to reserve a seat is January 16, 2015.

Thursday, December 18, 2014

Coast Guard Publishes Request for Comments on How to Identify Vulnerabilities to Cyber-Dependent Systems

In today's Federal Register, the Coast Guard published a notice, requesting public input from the maritime industry and other interested parties on how to identify and mitigate potential vulnerabilities to cyber-dependent systems. Information on how to comment is included in the notice.  The text of the notice can be found at http://www.gpo.gov/fdsys/pkg/FR-2014-12-18/pdf/2014-29658.pdf. The text of the notice is reprinted below.Two things should be abundantly clear to all maritime security stakeholders. #1, the Coast Guard is very serious about listening to our voice on this issue. #2, the Coast Guard takes the issue of cyber security vulnerability very seriously and has moved it up the queue of security worries. If we don't participate in this process (help drive the train) we may find ourselves being the subject of a regulatory process that could have been managed another way (grit beneath the wheels).
________________________________________________________

Coast Guard

[Docket No. USCG–2014–1020]

Guidance on Maritime Cybersecurity Standards

AGENCY: Coast Guard, DHS.

ACTION: Notice with request for comments.

SUMMARY: The Coast Guard is developing policy to help vessel and facility operators identify and address cyber-related vulnerabilities that could contribute to a Transportation Security Incident. Coast Guard regulations require certain vessel and facility operators to conduct security assessments, and to develop security plans that address vulnerabilities identified by the security assessment. The Coast Guard is seeking public input from the maritime industry and other interested parties on how to identify and mitigate potential vulnerabilities to cyber-dependent systems. The Coast Guard will consider these public comments in developing relevant guidance, which may include standards, guidelines, and best practices to protect maritime critical infrastructure.
DATES: Comments must be submitted to the online docket via http://www.regulations.gov, or reach the Docket Management Facility, on or before February 17, 2015.
ADDRESSES: Submit comments using one of the listed methods, and see SUPPLEMENTARY  INFORMATION for more information on public comments.
• Online—http://www.regulations.gov following Web site instructions.
• Fax—202–493–2251.
• Mail or hand deliver—Docket Management Facility (M–30), U.S. Department of Transportation, West Building Ground Floor, Room W12–140, 1200 New Jersey Avenue SE., Washington, DC 20590–0001. Hours for hand delivery are 9 a.m. to 5 p.m., Monday through Friday, except Federal holidays (telephone 202–366–9329).
FOR FURTHER INFORMATION CONTACT: For information about this document call or email LT Josephine Long, Coast Guard; telephone 202–372–1109, email Josephine.A.Long@uscg.mil or LCDR Joshua Rose, Coast Guard; 202–372–1106, email Joshua.D.Rose@uscg.mil.
For information about viewing or submitting material to the docket, call Cheryl Collins, Program Manager, Docket Operations, telephone 202–366–9826, toll free 1–800–647–5527.
SUPPLEMENTARY INFORMATION:
Public Participation and Comments
We encourage you to submit comments (or related material) on the questions listed below. We will consider all submissions and may adjust our final policy actions based on your comments.
Comments should be marked with docket number USCG–2014–1020, and should provide a reason for each suggestion or recommendation. You should provide personal contact information so that we can contact you if we have questions regarding your comments; but please note that all comments will be posted to the online docket without change and that any personal information you include can be searchable online (see the Federal Register Privacy Act notice regarding our public dockets, 73 FR 3316, Jan. 17, 2008).
Mailed or hand-delivered comments should be in an unbound 81⁄2 x 11 inch format suitable for reproduction. The Docket Management Facility will acknowledge receipt of mailed comments if you enclose a stamped, self-addressed postcard or envelope with your submission.
Documents mentioned in this notice, and all public comments, are in our online docket at http://
www.regulations.gov and can be viewed by following the Web site’s instructions.
You can also view the docket at the Docket Management Facility (see the mailing address under ADDRESSES) between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays.
Discussion
The Coast Guard is developing policy to help vessel and facility operators identify and address cyber-related vulnerabilities that could contribute to a Transportation Security Incident (TSI).1 Coast Guard regulations require certain vessel and facility operators to conduct security assessments, and to develop security plans that address vulnerabilities identified by the security assessment.2 Vessel and facility security plans must also address specific security functions, including the following:
• Communications
• Security Training Requirements
• Procedures for vessel/facility interfacing
• Declaration of Security
• Security Systems and Equipment Maintenance
• Security Measures for Access Control
• Security Measures for Handling Cargo
• Security Measures for Monitoring
• Security Incident Procedures
The Coast Guard is seeking public input on the following questions:
(1) What cyber-dependent systems, commonly used in the maritime industry, could lead or contribute to a TSI if they failed, or were exploited by an adversary?
(2) What procedures or standards do vessel and facility operators now employ to identify potential cybersecurity vulnerabilities to their operations?
(3) Are there existing cybersecurity assurance programs in use by industry that the Coast Guard could recognize? If so, to what extent do these programs address vessel or facility systems that could lead to a TSI?
(4) To what extent do current security training programs for vessel and facility personnel address cybersecurity risks and best practices?
(5) What factors should determine when manual backups or other nontechnical approaches are sufficient toaddress cybersecurity vulnerabilities?
(6) How can the Coast Guard leverage Alternative Security Programs 3 to help vessel and facility operators address cybersecurity risks?
(7) How can vessel and facility operators reliably demonstrate to the Coast Guard that critical cyber-systems meet appropriate technical or procedural standards?
(8) Do classification societies, protection and indemnity clubs, or insurers recognize cybersecurity best practices that could help the maritime industry and the Coast Guard address cybersecurity risks? (See also http://www.dhs.gov/publication/cybersecurityinsurance.)
Authority
This notice is issued under the authority of 5 U.S.C. 552(a).
Dated: December 12, 2014.
Captain Andrew Tucci,
Chief, Office of Port & Facility Compliance, U.S. Coast Guard.
[FR Doc. 2014–29658 Filed 12–17–14; 8:45 am]
1 A Transportation Security Incident is defined in 33 CFR 101.105 to mean ‘‘a security incident resulting in a significant loss of life, environmental damage, transportation system disruption, or economic disruption in a particular area.’’
2 33 CFR parts 104 and 105, subparts C and D.
3 An Alternative Security Program is defined in 33 CFR 101.105 to mean ‘‘a third-party or industry organization developed standard that the Commandant [of the Coast Guard] has determined provides an equivalent level of security to that established by [33 CFR Chapter I, Subchapter H].’’


Monday, December 15, 2014

Jan. 15 2015 USCG Public Meeting In Washington DC to Receive Comments on the Development of Cybersecurity Assessment Methods for Vessels and Facilities Regulated by the Coast Guard

On Friday, December 12, 2014, the United Stated Coast Guard posted a notice of a January 15 2015 public meeting in Washington DC to receive comments on the development of cybersecurity assessment methods for vessels and facilities regulated by the Coast Guard. The docket number for submitting comments prior to this meeting is USCG-2014-1020.  Comments may be submitted both before and after the meeting.  There are several deadlines for persons interested in participating.  For attendance in person, the Coast Guard advises that seating is limited and should be reserved by the method specified in the notice NLT January 05, 2014. There will be a live video feed of the meeting.  To access the video feed, the request must be made by the means specified in the notice NLT January 13, 2015. Persons who wish to attend the meeting in person are advised of transportation and identification requirements.

My memory may be failing me but it seems to me like the last time I tried to access this building (Department of Transportation Headquarters building) two government-issued photo IDs were required, not one, as the notice specifies.  Below is the text of the notice from regulations.gov.  The supplemental documents referenced in the notice have not been posted as of noon 12/15/14.

Action

Notice of public meeting and request for comments.

Summary

The U.S. Coast Guard announces a public meeting to be held in Washington, DC, to receive comments on the development of cybersecurity assessment methods for vessels and facilities regulated by the Coast Guard. This meeting will provide an opportunity for the public to comment on development of security assessment methods that assist vessel and facility owners and operators identify and address cybersecurity vulnerabilities that could cause or contribute to a Transportation Security Incident. The Coast Guard will consider these public comments in developing relevant guidance, which may include standards, guidelines, and best practices to protect maritime critical infrastructure.

Dates

The meeting will be held on Thursday, January 15, 2015 from 9:00 a.m. to 12:00 p.m. The deadline to reserve a seat is Monday, January 5, 2015. All written comments and related material must either be submitted to the online docket via http://www.regulations.gov on or before January 29, 2015 or reach the Docket Management Facility by that date.

Addresses

The public meeting will be held at the Department of Transportation Headquarters, Oklahoma Room, 1200 New Jersey Avenue SE., Washington, DC 20590; the building telephone number is 202-366-1035. The building is accessible by taxi, public transit, and privately-owned conveyance. However, public parking in the vicinity of the building is extremely limited. Meeting participants are encouraged to use mass transit.
Seating is limited, so please reserve a seat as soon as possible, but no later than January 5, 2015. To reserve a seat, please email Josephine.A.Long@uscg.mil with the participant's first and last name for all U.S. Citizens, and additionally, official title, date of birth, country of citizenship, and passport number with expiration date for non-U.S. Citizens. To gain entrance to the Department of Transportation Headquarters building, all meeting participants must present government-issued photo identification (e.g., state-issued driver's license). If a visitor does not have a photo ID, that person will not be permitted to enter the facility. All visitors and any items brought into the facility will be required to go through security screening each time they enter the building.

The Coast Guard will provide a live video feed of the meeting. To access the video feed, email a request to LT Josephine Long at Josephine.A.Long@uscg.mil no later than January 13, 2015.

The docket for this notice is available for inspection or copying at the Docket Management Facility (M-30, U.S. Department of Transportation, West Building Ground Floor, Room W12-140, 1200 New Jersey Avenue SE., Washington, DC 20590, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. You may also find this docket on the Internet by going to http://www.regulations.gov, entering USCG-2014-1020 in the search box and following the instructions.

Written comments may also be submitted in response to this notice. All written comments and related material submitted before or after the meeting must either be submitted to the online docket via http://www.regulations.gov on or before January 29, 2015 or reach the Docket Management Facility by that date. You may submit written comments identified by docket number USCG-2014-1020 before or after the meeting using any one of the following methods:
(1) Federal eRulemaking Portal: http://www.regulations.gov.
(2) Fax: 202-372-1990.
(3) Mail: Docket Management Facility (M-30), U.S. Department of Transportation, West Building Ground Floor, Room W12-140, 1200 New Jersey Avenue SE., Washington, DC 20590-0001.
(4) Hand delivery: Same as mail address above, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. The telephone number is 202-366-9329.
To avoid duplication, please use only one of these four methods.

The Coast Guard will post a video recording and written summary of the meeting to the docket.

For Further Information Contact

If there are questions concerning this meeting, please call or email LT Josephine Long, Coast Guard at 202-372-1109 or via email at Josephine.A.Long@uscg.mil or LCDR Joshua Rose, Coast Guard; at 202-372-1106 or via email at Joshua.D.Rose@uscg.mil. If there are questions on viewing or submitting material to the docket, call Ms. Cheryl Collins, Program Manager, Docket Operations, telephone 202-366-9826.

Supplementary Information

Background and Purpose

On February 12, 2013, the President signed Executive Order (E.O.) 13636 “Improving Critical Infrastructure Cybersecurity.” The E.O. provided the national approach to protecting critical infrastructure cybersecurity and directed federal agencies to assess cyber risk to critical infrastructure. Pursuant to E.O. 13636, the National Institute of Standards and Technology (NIST) developed a voluntary Preliminary Cybersecurity Framework, (1) followed by the February 12, 2014 publication of a Framework for Improving Critical Infrastructure Cybersecurity (2) (Cybersecurity Framework). The Cybersecurity Framework serves to help industry stakeholders reduce their cyber risk and vulnerabilities. The Coast Guard encourages vessel and facility owners and operators to adopt the Cybersecurity Framework voluntarily to achieve a minimum standard of cybersecurity protection.
Section 7(d) of E.O. 13636 states that in developing the Cybersecurity Framework, the Director of NIST “shall engage in an open public review and comment process” and consult with stakeholders including owners and operators of critical infrastructure. Similarly, the Coast Guard will host this public meeting to engage the public and obtain comments to assist in the drafting of procedures to enable operators of vessels and facilities regulated pursuant to the Maritime Transportation Security Act of 2002 (MTSA) to identify and address cybersecurity risks that could result in a Transportation Security Incident (TSI). (3) This may include standards, guidelines, and best practices to protect maritime critical infrastructure. 

The meeting will include the following topics:

(1) Identify: What cyber dependent systems perform vital functions that are addressed in MTSA requirements, such as access control, cargo control, and communications?
(2) Protect: What standards are suitable to ensure the integrity of these systems?
(3) Detect: What procedures are available to owners and operators to detect cyber intrusions that could compromise the integrity of vital systems or contribute to a TSI?
(4) Respond: What response and notification procedures can minimize the consequences of cyber events?
(5) Recover: What procedures can owners and operators take to promote rapid maritime transportation system recovery after a cyber incident?

In addition to the topics outlined above, the Coast Guard is posting several supplemental documents to the online docket for this notice. The supplemental documents provide additional background information that may be useful for the public to consider in formulating comments. We encourage individuals interested in participating in the public meeting and/or submitting comments to the docket to review the supplemental documents. To view the supplemental documents and other documents mentioned in this notice as available in the docket, please follow the instructions described above in the ADDRESSES section. If you do not have access to the Internet, you may view the docket online by visiting the Docket Management Facility in Room W12-140 on the ground floor of the Department of Transportation West Building, 1200 New Jersey Avenue SE., Washington, DC 20590, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. The Coast Guard has an agreement with the Department of Transportation to use the Docket Management Facility.

The Coast Guard encourages the public to participate by submitting comments either in person at the meeting or in writing. The public may submit written comments to Coast Guard personnel at the meeting. The Coast Guard will post these comments to the online public docket. All comments received will be posted without change to http://www.regulations.gov and will include any personal information you have provided.

Privacy Act

Anyone can search the electronic form of comments received into any of the dockets by the name of the individual submitting the comment (or signing the comment, if submitted on behalf of an association, business, labor union, etc.). There is a Privacy Act notice regarding the public dockets for review in the January 17, 2008, issue of the Federal Register(73 FR 3316).

Information on Services for Individuals With Disabilities

For information on facilities or services for individuals with disabilities or to request special assistance at the public meeting, contact LT Josephine Long at the telephone number or email address indicated under the FOR FURTHER INFORMATION CONTACT section of this notice.

Authority
This notice is issued under the authority of 5 U.S.C. 552(a).
Dated: December 3, 2014.
Andrew Tucci,
Chief, Office of Port & Facility Compliance, U.S. Coast Guard.
[FR Doc. 2014-29205 Filed 12-11-14; 8:45 am]

BILLING CODE 9110-04-P

Friday, November 21, 2014

End of TWIC Extended Expiration Date (EED) Program


TSA TWIC administrators have been publicly stating that the EED program is at an end. Today the official announcement was posted on the TSA website. It should be noted that the deadline to take advantage of this program - which I do not support because it does not include any updated background review - is December 23.
"End of Extended Expiration Date (EED) TWICs: The opportunity to obtain an Extended Expiration Date (EED) TWIC ends this year.  After December 31, 2014 current TWIC holders will no longer be able to obtain a replacement card extending the expiration date of their current TWIC by three years.  Since August 2012, U.S. citizens and U.S. Nationals holding a TWIC expiring on or before December 31, 2014 could obtain an EED TWIC by placing their order before their current card expires and paying the $60 card replacement fee.  The EED TWIC option will end as scheduled at the end of this year and will not be extended or renewed.
Eligible TWIC holders who wish to obtain an EED TWIC should place their order as soon as possible.  There is no benefit in delaying an EED card order since the EED expiration date is based on the expiration date of the currently held TWIC; not when the order is placed.  Orders should be placed prior to December 23rd to ensure processing prior to the end of the program.
EED TWICs can be ordered on line here; by calling the TWIC Call Center at (855) 347-8371 between 8 a.m. and 10 p.m. Eastern Time; or by visiting a Universal Enrollment Service Center (to find a location click here or call the TWIC Call Center)."   

Monday, October 20, 2014

U. S, Coast Guard has Issued Marine Safety Information Bulletin 17- 14 dated October 17, 2014 Ebola Virus Precautions

The U. S, Coast Guard has issued Marine Safety Information Bulletin 17- 14 dated October 17, 2014 Ebola Virus Precautions – Update at  https://www.uscg.mil/msib/

“The purpose of this Bulletin is to provide an update to the maritime industry with respect to assessing Ebola risks and the responsibility of vessel/facility agents, owners, masters, operators, Area Maritime Security Committee members, and persons to immediately report potential communicable disease hazards to the United States Coast Guard (USCG) and the Centers for Disease Control and Prevention (CDC).”

The MSIB includes key points to remember concerning Ebola.

Wednesday, October 15, 2014

Truncated Last Name on TWIC Card: Names Limited to 19 Characters

Recently, TSA posted the following information of concern to persons with lengthy last names, at http://www.tsa.gov/stakeholders/transportation-worker-identification-credential-twic. (TSA does not date the bulletins on its website so I am unable to state the exact date of this posting.)

Truncated Last Name on TWIC Card: Since TSA began issuing the new version 2.03 TWIC® cards in May 2014, only the first 14 characters (including spaces, hyphens, and apostrophes) of the applicant’s last name are printed on the card.  The last name is always followed by a comma.  If a person’s last name exceeds 14 characters, all after the 14th character are not printed, and a comma follows immediately after the 14th character.  This has caused some Transportation Workers to have their credentials questioned at facilities because the name on the card does not match the person’s full name.


On October 17, 2014, a system change will be made to extend the last name as printed on the TWIC® to a maximum of nineteen (19) characters, followed immediately by a comma.  Last names containing fewer than 19 characters will continue to be followed immediately by a comma.  TSA is looking into ways to include full last names, regardless of the number of characters, given the limited space available on the card for printing.  Until a satisfactory solution is developed and implemented, the last name printed on TWICs® beginning October 17, 2014 will be limited to the first 19 characters of the last name.

Monday, October 13, 2014

Information on the new policy for the MTSA training course submission and review process posted on Coast Guard’s Homeport site

Information on the new policy for the  MTSA training course submission and review process can be found on the U. S. Coast Guard Homeport site, on the public side, at Missions > Maritime Security > Maritime Transportation Security Act (MTSA) > General Information > Maritime Transportation Security Act Training Courses.

Maritime Transportation Security Act Training Courses

Our nation is more secure today because of the hard work and patriotism of vessel and
facility operators across the country, and the many associated industries and
organizations that have developed to support the goals of the Maritime Transportation
Security Act (MTSA). Training is a key element of the MTSA, and in 2004, the
Maritime Administration (MARAD) established a MTSA Training Course Certification
process. This process required course providers to submit a course to MARAD, who then
contracted with a Coast Guard accepted Quality Standard System (QSS) organization for
review.

As of October 1, 2014, that contract is expired, and course providers should now submit associated with the training course submission and review process. The National Maritime Center will complete the course review for vessel courses. For questions regarding Vessel Security Officer (VSO), Maritime Security for Vessel Personnel with Specific Security Duties (VPSSD) and Maritime Security Awareness
(MSA) should contact:
Robert L Smith
United States Coast Guard
National Maritime Center
100 Forbes DR
Martinsburg, West Virginia 25404-0001
Robert.L.Smith3@uscg.mil

The following courses may be submitted directly to a Coast Guard accepted QSS:
Facility Security Officer (FSO), Company Security Officer (CSO), Maritime Security for
Military, First Responder, and Law Enforcement Personnel (MSLEP), and Maritime
Security for Facility Personnel with Specific Security Duties (FPSSD). Below are the
current Coast Guard accepted QSSs:

Gordon Halsey
Det Norske Veritas Germanischer Lloyd (DNVGL)
North America Advisory Services Maritime
1600 Sawgrass Corporate Parkway, Suite 110
Sunrise, FL 33323

Pavan Lall
American Bureau of Shipping (ABS)
Learning Center Manager
16855 Northchase Drive
Houston, Texas 77060
60
plall@eagle.org

Effective security training for maritime industry professionals is critical to the success of
the nation’s security efforts. The Coast Guard may continue to use successful completion
of a valid course certified under this process or previously certified under the MARAD
contract as meeting certain training requirements under Title 33 Code of Federal
Regulations (CFR) Parts 104 and 105. As the Coast Guard continues to develop
regulations to establish comprehensive FSO training requirements I strongly encourage
them to take approved courses. 

USCG and MARAD Guidance re Ebola Virus Precautions

Both the Maritime Administration and the United States Coast Guard have recently issued bulletins regarding the Ebola guidance.  Each guidance is reproduced below.

From the Coast Guard: https://www.uscg.mil/msib/docs/012_14_8-7-2014.pdf.  This is an August 07, 2014 Marine Safety Information Bulletin, Ebola Virus Precautions.

“To date, there have been 1603 confirmed cases of individuals infected with the Ebola virus worldwide with 887 deaths. The epidemic is slowing in Guinea but continues unabated in Liberia and Sierra Leone. Also, four cases have been reported in Nigeria. There have been two reported cases of Americans serving in health care or missionary work in West Africa but, no reported cases in Department of Defense, Coast Guard, or with U.S. mariners. The Center of Disease Control (CDC) has issued travel warnings. We strongly recommend that personnel traveling to those affected countries review travel alerts issued by the CDC prior to their arrival. Travel alert information can be found at: http://wwwnc.cdc.gov/travel/notices
Some key points to remember concerning Ebola:

• Symptoms include fever, headache, joint and muscle aches, sore throat, and weakness, followed by diarrhea, vomiting, and stomach pain. In addition, skin rash, red eyes, and internal and external bleeding may be seen in some patients.
• Travelers could be infected if they come into contact with blood or body fluids from someone who is sick or has died from Ebola, sick wildlife, or meat from an infected animal. Health care providers caring for Ebola patients and family and friends in close contact with an ill person are at highest risk because they may come into contact with blood or body fluids.
• Monitor your health for 21 days if you were in an area with an Ebola outbreak, especially if you were in contact with blood or body fluids, items that have come in contact with blood or body fluids, animals or raw meat, or hospitals where Ebola patients are being treated.
Vessel owners/operators and local stakeholders should be aware of the following:
• Vessel representatives are required to report sick or deceased crew or passengers within the last 15 days to the CDC under 42 CFR 71.21. Regional CDC quarantine station points of contact can be found at: http://www.cdc.gov/quarantine/QuarantineStationContactListFull.html
• The Coast Guard will review all Notice of Arrivals to determine if a vessel has visited a country impacted by Ebola virus outbreak within its last five ports of call.
• Vessel masters should inform any Coast Guard boarding teams of any ill crewmembers on board.
• Local industry stakeholders, in partnership with their Coast Guard Captain of the Port, should review and be familiar with section 5310 Procedures for Vessel Quarantine and Isolation, and Section 5320 Procedures for security segregation of Vessels in their Area Maritime Security Plan.
• Local industry stakeholders, in partnership with their Coast Guard Captain of the Port, should review and be familiar with their Marine Transportation System Recovery Plan.

Questions regarding this should be forwarded to the Coast Guard Office of Commercial Vessel Compliance, Foreign and Offshore Vessel Division (CG-CVC-2) at 202-372-1218 or by email at CGCVC@uscg.mil.
Captain Kyle McAvoy, U.S. Coast Guard, Chief Office of Commercial Vessel Compliance (CG-CVC), sends.”


Advisory #:         2014-02
Date Issued:       Sep 02 2014

To:          All Operators of U.S.-Flag, Effective U.S. Control Vessels, U.S. Merchant Mariners and Other Maritime Interests

Subject:               Ebola Virus

THIS IS THE FULL TEXT VERSION OF MARAD ADVISORY 2014-02.  THE NATIONAL GEOSPATIAL-INTELLIGENCE AGENCY HAS TRANSMITTED A SHORTENED VERSION.
1. U.S.-FLAG OPERATORS ARE REQUESTED TO FORWARD THIS ADVISORY TO THEIR SHIPS BY THE MOST EXPEDITIOUS MEANS.

2. EBOLA, ALSO KNOWN AS EBOLA VIRUS DISEASE (EVD) AND EBOLA HEMORRHAGIC FEVER, IS A RARE AND DEADLY DISEASE CAUSED BY A VIRAL INFECTION. FIRST DISCOVERED IN 1976 NEAR THE EBOLA RIVER IN WHAT IS NOW THE DEMOCRATIC REPUBLIC OF THE CONGO, THE VIRUS AFFECTS HUMANS AND SOME ANIMALS. SINCE THEN, OUTBREAKS HAVE APPEARED SPORADICALLY IN SEVERAL AFRICAN COUNTRIES. AS OF AUGUST 28, 2014, EBOLA HAS INFECTED 3,069 AND KILLED MORE THAN 1,552 PEOPLE IN FOUR COUNTRIES (GUINEA, LIBERIA, SIERRA LEONE AND NIGERIA) SINCE THE CURRENT OUTBREAK WAS FIRST DETECTED IN MARCH OF THIS YEAR.

3. SYMPTOMS OF EBOLA INCLUDE FEVER AND ADDITIONAL SYMPTOMS SUCH AS SEVERE HEADACHE, MUSCLE PAIN, VOMITING, DIARRHEA, STOMACH PAIN, OR UNEXPLAINED BLEEDING OR BRUISING. SYMPTOMS MAY APPEAR ANYWHERE FROM 2 TO 21 DAYS AFTER EXPOSURE TO EBOLA VIRUS, ALTHOUGH 8-10 DAYS IS THE MOST COMMON.

4. EBOLA IS SPREAD THROUGH DIRECT CONTACT WITH BLOOD OR BODY FLUIDS (URINE, SALIVA, FECES, VOMIT AND SEMEN) FROM A PERSON WHO IS INFECTED AND CURRENTLY HAS SYMPTOMS OF EBOLA. EBOLA MAY ALSO BE TRANSMITTED THROUGH CONTACT WITH OBJECTS (E.G., NEEDLES) CONTAMINATED WITH BLOOD OR BODY FLUIDS FROM A SYMPTOMATIC PERSON OR THROUGH CONTACT WITH, OR CONSUMPTION OF AN ANIMAL INFECTED WITH EBOLA. THE VIRUS ENTERS THE HUMAN BODY THROUGH MUCOUS MEMBRANES (E.G., EYES, NOSE OR MOUTH) OR THROUGH BREAKS IN THE SKIN. PEOPLE ARE INFECTIOUS AS LONG AS THEIR BLOOD AND SECRETIONS CONTAIN THE VIRUS. EBOLA IS NOT AIRBORNE AND IT CANNOT BE TRANSMITTED FROM A PERSON WHO IS NOT SYMPTOMATIC.

5. THE LIKELIHOOD OF CONTRACTING EBOLA IS VERY LOW UNLESS THERE HAS BEEN DIRECT CONTACT WITH THE BLOOD OR BODY FLUIDS FROM A SYMPTOMATIC PERSON OR AN ANIMAL INFECTED WITH EBOLA, OR WITH A CONTAMINATED OBJECT.  SIMPLY TRAVELING TO AN AREA WHERE EBOLA IS PRESENT DOES NOT MEAN A PERSON WILL BE EXPOSED TO THE VIRUS.  GIVEN THE UNPRECEDENTED NUMBERS OF CASES ASSOCIATED WITH THIS OUTBREAK, THE U.S. CENTERS FOR DISEASE CONTROL AND PREVENTION (CDC) ISSUED A LEVEL 3 WARNING TO  AVOID NON-ESSENTIAL TRAVEL TO SIERRA LEONE, GUINEA AND LIBERIA, AND A LEVEL 2  ALERT TO PRACTICE ENHANCED PRECAUTIONS IF TRAVELING TO  NIGERIA OR THE DEMOCRATIC REPUBLIC OF THE CONGO.  PRECAUTIONS INCLUDE PRACTICING CAREFUL HYGIENE, AVOIDING CONTACT WITH BLOOD AND BODY FLUIDS OF PERSONS SICK WITH EBOLA OR WITH ITEMS THAT MAY HAVE BEEN IN CONTACT WITH SUCH FLUIDS, AVOIDING CONTACT WITH WILD ANIMALS AND AVOIDING RAW OR UNDERCOOKED MEAT.  OTHER PRECAUTIONS ARE AVAILABLE ON THE CDC WEBSITE.

6.  THE CDC MAINTAINS UP-TO-DATE WEB RESOURCES WHICH PROVIDE INFORMATION ON THE CURRENT STATUS OF THE OUTBREAK, PREVENTATIVE STEPS THAT CAN BE TAKEN TO REMAIN HEALTHY BEFORE AND DURING TRAVEL, AS WELL AS ACTIONS THAT SHOULD BE TAKEN IF A TRAVELER BECOMES ILL AT ANY POINT.  THESE WEB RESOURCES, ALONG WITH CDC TRAVEL NOTICES, CAN BE FOUND AT THE FOLLOWING WEBSITES: http://wwwnc.cdc.gov/travel/notices  and http://www.cdc.gov/vhf/ebola/. FURTHERMORE, U.S. MERCHANT MARINERS WITH ACCESS TO UNCLASSIFIED HTTPS://WWW.INTELINK.GOV CAN ALSO ACCESS FORCE HEALTH PROTECTION ADVISORIES FROM THE NATIONAL CENTER FOR MEDICAL INTELLIGENCE (NCMI) FOR MORE SPECIFIC COUNTRY RELATED INFORMATION AT  HTTPS://WWW.INTELINK.GOV/NCMI/."

7. THE WORLD HEALTH ORGANIZATION (WHO) RECOMMENDS THAT TRAVELERS TO AFFECTED AREAS AVOID ALL CONTACT WITH BLOOD, SECRETIONS, ORGANS OR OTHER BODY FLUIDS OF INFECTED LIVING OR DEAD PERSONS OR ANIMALS, AND ADVISES THAT PERSONS WHO HAVE HAD SUCH CONTACT, OR WHO HAVE AN ILLNESS CONSISTENT WITH EBOLA, SHOULD NOT BE ALLOWED TO TRAVEL EXCEPT AS PART OF AN APPROPRIATE MEDICAL EVACUATION. WHO DOES NOT OTHERWISE RECOMMEND ANY BAN ON INTERNATIONAL TRAVEL OR TRADE.

8. THE US COAST GUARD HAS ISSUED A MARITIME SAFETY INFORMATION BULLETIN ON EBOLA VIRUS PRECAUTIONS, WHICH INCLUDES A REMINDER TO VESSEL MASTERS TO REPORT SICK OR DECEASED CREW MEMBERS OR PASSENGERS TO THE CDC IN ACCORDANCE WITH 42 CFR 71.21.  ADDITIONALY THE COAST GUARD REMINDS OWNERS, OPERATORS, AGENTS, MASTERS OR PERSONS IN CHARGE OF THE REQUIREMENT TO IMMEDIATELY NOTIFY THE NEAREST COAST GUARD SECTOR OFFICE OR GROUP OFFICE OF THE EXISTENCE OF HAZARDOUS CONDITIONS ON THEIR VESSELS AS REQUIRED BY 33 CFR 160.215. THE COAST GUARD CONSIDERS CREWMEMBERS INFECTED WITH EBOLA OR DECEASED FROM ILLNESS RELATED TO EBOLA A HAZARDOUS CONDITION AS DEFINED BY 33 CFR 160.204 DEFINITION OF "HAZARDOUS CONDITION”. THE COAST GUARD WILL CHECK ALL ADVANCE NOTICES OF ARRIVAL TO DETERMINE WHETHER A VESSEL HAS VISITED A COUNTRY IMPACTED BY THE EBOLA VIRUS OUTBREAK WITHIN THE PREVIOUS FIVE PORT CALLS.  THE BULLETIN IS AVAILABLE AT HTTPS://WWW.USCG.MIL/MSIB/DOCS/012_14_8-7-2014.PDF.

9. MARAD ADVISORIES ARE PUBLISHED ON THE MARAD WEB SITE AT HTTP://WWW.MARAD.DOT.GOV/NEWS_ROOM_LANDING_PAGE/MARITIME_ADVISORIES AND THE MARITIME SAFETY INFORMATION WEB SITE:  HTTP://MSI.NGA.MIL/NGAPORTAL/MSI.PORTAL. UNDER "BROADCAST WARNINGS", SELECT MARAD ADVISORIES TO DETERMINE MARITIME ADVISORIES THAT REMAIN IN FORCE.  CONSULT THE MARITIME ADMINISTRATION WEB SITE AT HTTP://WWW.MARAD.DOT.GOV OR THE MOST RECENT U.S. NOTICE TO MARINERS.

10.FOR FURTHER INFORMATION, CONTACT CAPTAIN ROBERT FORD, MARITIME ADMINISTRATION, OFFICE OF SECURITY, CODE: MAR-420, ROOM W25-308, 1200 NEW JERSEY AVE, S.E., WASHINGTON, DC 20590, TELEPHONE 202-366-0223, TLX II 710.822.9426 (MARAD DOT WSH) OR EMAIL:  MARADSECURITY@DOT.GOV.