Monday, April 8, 2019

Coast Guard Office of Port and Facility Compliance Issues 2018 Year in Review

On May 05, 2019, Coast Guard Maritime Commons, the Coast Guard’s blog for maritime professionals, published a notice that the Office of Port and Facility Compliance (CG-FAC) has issued its Annual Review, available on the CG-FAC website. The Maritime Commons post is at    The Year in Review report is at the bottom of the CG-FAC homepage at

As stated in the document, “The mission of the Office of Port and Facility Compliance (CG-FAC) is to provide safety, security, and environmental stewardship for the nation’s ports and facilities.”[1] Cargo and container security, facility security, TWIC, cyber security, the Area Maritime Security Committees, and most of the Maritime Transportation Security Act of 2002 (MTSA) activities vital to Facility Security Officers are managed from this office. This is a short, very readable document. The very important activities of this Office in 2018 are presented in brief summaries. There are often links included to source documents.
Topics addressed in the report include:
  • ·      Highlights of 2018:
  • o   Marine Transportation System Recovery
  • o   Biennial Facility Inspector & Port Security Specialist Workshop
  • o   Committee for the Marine Transportation System (CMTS) Workshop
  • o   Common Assessment and Reporting Tool (CART)
  • o   Explosive Handling Supervisor Program Manual
  • o   Regulated Bulk Liquid Transfer Monitor Manual
  • o   API 570 Policy Letters
  • o   International Engagement
  • o   Arctic Work on Prevention of Pollution of the Marine Environment
  • o   Liquefied Natural Gas (LNG) Facility Support
  • o   Reporting of Inadequate Port Reception Facilities
  • o   Marine Information for Safety & Law Enforcement (MISLE) Enhancements
  • o   Policy Advisory Council (PAC) Document Registry
  • o   National Maritime Security Advisory Committee (NMSAC)
  • ·         Cyber Risk Management
  • ·         Unmanned Aerial Systems (UAS)
  • ·         2018 Statistics
  • ·         Container Updates
  • ·         Rulemakings
  • ·         Training
  • ·         Area Maritime Security Committees
  • ·         On the Horizon for 2019[2] 

While all of these topics are important, here are several that really caught my attention.

First of all, 2018 enforcement statistics:

From 2018 Year in Review

It’s no surprise that access control generates the most citations of the top five. Next in line comes owner/operator requirements, followed by drill and exercise requirements, then comes a tie between restricted area and reporting (breach of security). Facility inspectors across multiple Coast Guard Sectors have been stating that reporting is becoming an area of concern. This is confirmed here. Four out of the top 5 citations appeared in LCDR Jennifer Osburn’s excellent 2017, report, MTSA Effectiveness[3], which listed these violations, 1) Access Control, 2) Restricted Areas, 3) Drills & Exercises, 4)Owner/Operator Requirements, and 5) Audits & VSP/ASP Amendments (stating that they were not in order and were “common” and “typical”).

Cyber risk management:
While the draft Cyber NVIC is going through review, units are encouraged to engage in conversations with facility owners, operators, and security officers about facilities’ cybersecurity/cyber risk management programs and how to begin incorporating cyber into FSAs and FSPs. The Cyber NVIC itself is an awareness tool to inform industry of the requirement to include cyber and provides examples of how cyber might relate to cites within 33 CFR 105 and 106. The NVIC itself is not a template for a Facility Security Plan (FSP) update, addendum, or otherwise example, and therefore addressing cyber risks should not pend on its publication.[4]

Unmanned Aerial Systems (UAS)
There is an excellent discussion here of a best practice from Sector New Orleans, focusing on focus on tracking authorized UAS flights rather than trying to determine unauthorized flights.
In an effort to support this established novel practice, CG-FAC is working with the Coast Guard
Operations Systems Center (OSC) to develop a voluntary “Notice of UAS Operations” submissions tool on Homeport. The objective is to develop a communications network similar to New Orleans’. CG-FAC is also working on a policy letter to provide guidance on the procedure for reporting unauthorized UAS flights to include the FAA reporting guidelines.[5]

This section contains an explanation of where we are (or are not) with the TWIC reader final rule. Congress forbad the USCG from implementing the rule or any similar rulemaking until an assessment of the TWIC program is reported to Congress. The RAND Corporation is performing this assessment.
Once completed (estimated June 2019 by HSOAC/RAND), the Coast Guard will review the
results of the assessment and move forward with the TWIC Reader Rule implementation
process, taking into consideration any changes resulting from the assessment, coordination with the Transportation Security Administration (TSA) and the Screening Coordination Office
(SCO), and any possible Congressional feedback concerning the assessment.[6]

Policy Advisory Council (PAC) Document Registry
PACs are “decision documents…that provide interpretation of regulations covered under the Maritime Transportation Security Act (MTSA) of 2002. PACs are a valuable tool for explaining maritime security regulations and aiding Coast Guard field units and the maritime industry.”[7] PACs were issued from 2003 to 2011. Since then, these documents may have been superseded or policy may have changed.  The Coast Guard reviewed all the PACS in 2017.
All active PACs were compiled into a single Adobe document that is indexed and keyword searchable. PACs deemed “no longer required” were rescinded and those incorporated into other policy documents were noted in the registry. The new registry was published on Feb 6, 2018, replacing the individual PAC files previously posted on Coast Guard’s Homeport website. The registry will be reviewed by CG-FAC-2 on an annual basis, where updates and changes will be tracked, noted in the registry, and communicated to port stakeholders through Homeport.[8]

On the Horizon for 2019
CG-FAC is working to address Coast Guard specific tasking within the recent FAA
Reauthorization Act, which directs the Coast Guard, in coordination with other stakeholders, to establish a cyber risk assessment model for the marine transportation system. This cyber risk assessment tool will follow the National Institute of Standards and Technology’s Cybersecurity Framework, similar to CG-FAC’s work on Cybersecurity Framework Profiles (CFP).[9]

What this section doesn’t mention: issuance of two NVIC updates, 03-03 CH-3 and 03-07 CH-1. NVIC 03-07 CH-1 may be waiting on the reader rule which means it is on the shelf depending on what Congress says about the Rand report. NVIC 03-03 CH-3 has been worked on for several years and should be ready to go?

There is something for every MTSA stakeholder in this Office of Port and Facility Compliance 2018 Year in Review. FSOs are urged to read the entire report.

[1] U.S. Department of Homeland Security. United States Coast Guard. Office of Port & Facility Compliance.
[2] U.S. Department of Homeland Security. United States Coast Guard. Office of Port and Facility Compliance.
2018 Annual Report. 2019.
[3]Osburn, Jennifer. Maritime Transportation Security Act of 2002 (MTSA) Effectiveness. 2017.
[4] U.S. Department of Homeland Security. United States Coast Guard. Office of Port and Facility Compliance.
2018 Annual Report. 2019.
[5] Ibid.
[6] Ibid.
[7] Ibid.
[8] Ibid.
[9] Ibid.