Category Archives: MTSA

2018 Port Security Grant Program Posted

Yesterday, the Department of Homeland Security and FEMA posted the 2018 Port Security Grant Notice of Funding Opportunity (NOFO).  Federal allocation this year is $100 million, more than last year.  However, for private, for profit companies, the federal match is 50/50 vs the 25%/75% if last year.  Which means, that if a recipient applies for $100,000 in funding for an appropriate security project, DHS will award $50,000 and the company receiving the award will need to provide $50,000 in matching funds.

That may make the grants program less attractive for many companies; however, it is logical that fewer will apply, so the chances of winning an award may be better than last year.

The deadline for filing applications is June 20th – we have less than 30 days.

In the last few years, Don Greenwood & Associates Inc. has help clients write and submit ten grant applications and have won awards for eight of the ten, including the largest award given to a private company in 2016 – just under $1 million dollars.  Writing successful grant applications depends on the consultant’s ability to draft a persuasive argument that the facility in question needs the award to support the goals of the larger community, the Area Maritime Committee, as well as the submitting company and port facility.

Contact us at 281-435-2339 or don@greenwoodsecurity.com for more information.

TWIC NexGen Card

TSA plans to implement a new TWIC card, TWIC NexGen, in fiscal year 2018.

The TWIC NexGen updates are focused on enhancing the card functionality, new security features of the card, changes to the Technology Infrastructure Modernization (TIM) system.

Click here for TWIC Authentication Features.

TWIC Authentication & Identification

Based on the requirements of each facility/vessel and specific threat levels, TWIC is designed to be used in various Access Control Systems at different levels of security.

  • Static Identification –
    • Proximity card – Contact or Contactless Card Reader
    • Identify card using Cardholder Unique Identifier (CHUID).
      • Federal Agency Smart Credential Number (FASC-N) may be checked against the TWIC Canceled Card List (CCL).
  • Crytographic Authentication
    • TWIC PIN authentication
    • No biometric authentication
  • Biometric Identification
    • Biometric authentication
    • No card authentication
  • Combined Authentication – 2 Factor Authentication
    • Biometric authentication
    • Card authentication
    • FASC-N verified against CCL

USCG/TSA is also currently developing a mobile app to verify TWIC cards. The app will be capable of verifying the Credential Identification Number (CIN) printed on the TWIC against the CCL.

Status of TWIC Reader Final Rule

The status of TWIC Final Reader Ruling was brought up at the recent AMSC meeting held on January 10, 2018, at the St. Charles EOC, by several members of the maritime community. The concern was referencing information being circulated, verbally, in the maritime community that this ruling was being delayed or changed. We advised the maritime community members that the Coast Guard would research the TWIC Final Reader Ruling from August 23, 2016 to determine it’s true status and effective date.

Coast Guard Sector New Orleans Facility Division contacted Coast Guard Headquarters to obtain the most up to date information on this ruling which is listed below.

CG Headquarters (CG-FAC) continues to work with DHS to address concerns with the TWIC Reader Rule that were detailed in the petition filed under Docket # USCG-2017-0447-0003. Options being considered to clarify/correct the reader rule are: Delay of the current TWIC Reader Rule, a reader rule amendment, a new regulation, and clarification through policy. Each option requires time to process, review, approve, gain clearance, and finally publish. Once a way forward is determined and approved, the Coast Guard anticipates to respond to the petition at that time.

Note; if no change to the rule is made and the rule is implemented on Aug 23, 2018, Coast Guard will evaluate each facility to which the rule applies and will work with each facility operator to ensure implementation while striving to minimize impact to the facility.

Thanks Lester J. Millet (MSOC Port of South Louisiana) and Mike Sawyer (USCG Sector N.O./Port Security Specialist) for this update.

3 Tips for a Successful USCG Inspection

Many companies aren’t prepared when they receive a letter from the U.S. Coast Guard notifying them of an upcoming facility security inspection. You might have documents that are out of date, or you may be missing the necessary forms. If left unchecked, you could be forced to waste time and money in enforcing corrective actions. When it comes to advising our clients to be prepared, these are the top three tips we give them for a successful USCG Inspection.

Review Your Documents

When you receive a notice from the USCG about an upcoming inspection, this is always a good time to review your FSP and required documents to make sure that you have everything in order. Also, this is a good time to verify that you have conducted the required quarterly drills, annual exercise, and annual audit of the FSP.

Training Moment

Training is very important for facility personnel and this is a good opportunity to make sure all your training is up to date and to have a general discussion regarding security of the facility. The training can focus on topics that will most likely be covered during the inspection; including TWIC, screening, security personnel (who is the FSO, Alt. FSO?), MARSEC security measures, etc.

Organize

One thing that we recommend and develop for majority of our clients is to have a single security plan binder with all relevant documents and forms. This is a perfect, centralized place to store and secure all the forms and documents that the USCG will want to review during the inspection. We have had great success with these binders for all of our regulated clients; MTSA, CFATS, TSA, DOT, etc. As we tell our clients, it is best to get the inspectors the requested material in a timely fashion and get the inspection over with as quickly as possible.

Recently one of our clients had a US Coast Guard inspection that they passed without any issues, “We went through our MARSEC book while the USCG was here and we were complimented on how all the files for MARSEC were in one book and not in different locations.  We didn’t spend much time with it, because everything was in the binder that they had questions about. “

Let us know if we can help you prepare for USCG Security Inspection and develop a security binder for you and help you succeed with your inspections.

Changes in USCG Leadership Indicate Strong Continued Interest in Port Security

  • Rear Adm. Paul Thomas moves from Prevention Policy to command of the Eighth District – New Orleans.
  • Rear Adm. John Nadeau assumes position as assistant commandant for Prevention Policy.

Rear Adm. Paul Thomas, in an article posted in Maritime Commons, stated:

This week marks my last as assistant commandant for prevention policy. I assume command of the Coast Guard’s Eighth District in mid-August. It has been a distinct privilege to lead and represent the men and women of the U.S. Coast Guard who are dedicated to ensure our national security and economic prosperity by ensuring the safety, security and environmental soundness of our Marine Transportation System globally . . .Thank you for your professional and productive relationship with the U.S. Coast Guard.

About Rear Admiral Nadeau, Thomas stated:

I am pleased to introduce Rear Adm. John Nadeau as the new assistant commandant for prevention policy effective today. His most recent assignment was as assistant commandant for capability, where he was responsible for identifying and sourcing new and extended capabilities, competencies, and capacity to meet mission requirements. Prior to that, he served as commanding officer of the Coast Guard Marine Safety Center where he led the review and approval of plans for the design, construction, alteration, and repair of U.S. and foreign flag commercial vessels subject to U.S. laws, regulations, and international standards. Rear Adm. Nadeau’s other assignments cover the full spectrum of marine safety and inspections and span the bulk of his nearly three decades long career: chief of inspections, senior investigating officer, MSU commanding officer, captain of the port and federal on scene coordinator, Officer In Charge, Marine Inspection, and chief of the Office of Design and Engineering Standards.

In summary: Prevention Policy is assumed by a strong advocate for robust port security with a background in marine safety and inspection, and the command of District Eight is assumed by the former assistant commandant for prevention policy.  These moves indicate a strong continued interest in port security programs.

2017 Port Security Grant Program (PSGP) Update 2.0 – May 2017

Port Security Grants possibly announced in two weeks.

FEMA Grant Programs Directorate provided a presentation regarding the FY2017 Port Security Grant Program (PSGP).

Summary:

  • Announcement expected May 19, 2017.
  • Grants will need to be submitted to FEMA by June 19, 2017.
  • Anticipated to be for the same amount as FY2016, $100,000,000.00.
  • Funding priorities remain the same as 2016:
    • Enhancing Maritime Domain Awareness
    • TWIC Readers
    • Cybersecurity Capabilities
    • Training and Exercises, etc.
  • Cost sharing remains the same as 2016, 25/75 split.

To read more about the PSCP, click here and here.

TWIC Reader Clarification

Recently the Coast Guard shared a blog post to clarify the TWIC Reader Requirements Final Rule regarding CDC facilities.

The rule applies to facilities that are considered a Certain Dangerous Cargo (CDC) facility. These facilities are designated as Risk Group A facilities and will be expected to comply with the TWIC reader rule requirements effective August 23, 2018.

The blog post clarifies what a CDC facility is. According to PAC Decision 20-04 Certain Dangerous Cargo Facilities, in “order for a facility to be classified as a CDC facility, a vessel-to-facility interface must occur, or be capable of occurring, and involve the transfer of CDC’s in bulk”.

Blog can be read here and PAC 20-04 can be found here. To read more about the TWIC Reader Requirements Final Rule, click here.

2017 Port Security Grant Program (PSGP) Update

Last year the 2016 PSGP Notice of Funding Opportunity (NOFO) was released mid-February and applications had to be submitted by late April. It looks like this year, we will have to wait until late April or early May before the NOFO is released.

DHS/FEMA has an approved budget of $93 million for the 2017 PSGP, but are currently operating under a Continuing Resolution. The 2017 PSGP documents have been prepared and some are posted in draft. However, the actual launch of the program until the federal budget is approved. Again, this is expected in April.

This delay should not keep applicants from making sure their registrations are up to date and making sure they have a plan in place. This gives applicants more time to prepare their Investment Justifications (IJs) and ensure that their project budgets are ready to go when the NOFO is released.

To read more about preparing for the 2017 PSGP, click here.

USCG Issues Policy Regarding Reporting Suspicious Activity and Breaches of Security

This is CG-5P Policy Letter 08_16.   It discusses requirements and guidelines as summarized below for MTSA regulated ports.  The regulatory standing is quoted as 33 CFR 46, 70103.  It is dated December 14 and was distributed on January 16.  This renewed focus includes reporting requirements for cyberattacks and Unmanned Aircraft Systems activity.

The stated purpose of the letter is to “Promulgate policy for use by Maritime Transportation Security Act (MTSA) regulated vessels and facilities outlining the criteria and process for suspicious activity (SA) and breach of security (BoS) reporting”.

It states, “An owner or operator of a vessel or facility that is required to maintain an approved security plan . . . (a) shall, without delay, report activities that may result in a Transportation Security Incident (TSI) to the National Response Center (NRC), including SA or a BoS. And, (b), the Facility Security Plan (FSP) shall . . . be consistent with the requirements of the National Transportation Security Plan and Area Maritime Transportation Security Plans.”

“The COTP will affirm consistency to help ensure alignment of SA and BoS communication procedures within FSPs throughout their area of responsibility.” 

Regarding cyber activity the letter states, The target and intent of malicious cyber activity can be difficult to discern. The fact that business and administrative systems may be connected to operational, industrial control and security systems further complicates this matter. The Coast Guard strongly encourages vessel and facility operators to minimize, monitor, and wherever possible, eliminate any such connections.

The letter goes on to describe U. S. Coast Guard requirements for reporting BoS and SA for both physical and network or computer-related events.  The U.S. Coast Guard regulations define a breach of security as “an incident that has not resulted in a TSI but in which security measures have been circumvented, eluded, or violated.” This definition includes the breach of telecommunications equipment, computer, and networked system security measures where those systems conduct or support functions described in vessel or facility security plans or where successful defeat or exploitation of the systems could result or contribute to a TSI.

BoS incidents may include, but are not limited to, any of the following:

  •  Unauthorized access to regulated areas;
  • Unauthorized circumvention of security measures;
  • Acts of piracy and/or armed robbery against ships;
  • Intrusion into telecommunications equipment, computer, and networked systems linked to security plan functions (e.g., access control, cargo control, monitoring), unauthorized root or administrator access to security and industrial control systems, successful phishing attempts or malicious insider activity that could allow outside entities access to internal IT systems that are linked to the MTS;
  • Instances of viruses, Trojan Horses, worms, zombies or other malicious software that have a widespread impact or adversely affect one or more on-site mission critical servers that are linked to security plan functions; and/or
  • Any denial of service attacks that Any denial of service attacks that adversely affect or degrade access to critical services that are linked to security plan functions.

 The letter contains lists of Suspicious Activities and Breaches of Security that should be reported and concludes with a Glossary of Terms.

Click here  for the complete document.

Get Ready Now for 2017 Port Security Grants

It is not too soon to start the registration processes.

The Administration has budgeted $93 million for port security grant awards in 2017.
It is not too soon to begin the application process. Typically, the schedule goes like this:

  • Mid-February the Grant Program is announced, Instructions are posted, and the application period begins. The 2016 application period began on February 17.
  • Late April – the application period closes. In 2016 the application deadline was April 25th.

However, before a facility can upload a grant application they must:

  • Obtain and/or verify the DUNS number for the specific facility and business unit involved. Your legal or tax department may be able to help with this.
  • Register in the government’s System for Award Management (SAM.gov).  FEMA states, “It may take 4 weeks or more after the submission of a SAM registration before the registration becomes active in SAM.gov, then an additional 24 hours for Grants.gov to recognize the information.”
  • Once the SAM’s registration is complete, register and set up an account in a second government web-portal, Grants.gov.  Receive an account log in and password.
  • Once the Grants.gov registration is complete and approved, use that account to set up a third registration in a third government web portal, NDGrants.gov (the site to specifically upload “non-disaster” grants.  All application documentation will be uploaded through NDGrants.gov.  This is also the portal wherein the FEMA officials will communicate with the applicant.

Is it worth doing? Absolutely YES!

Don Greenwood & Associates Inc. has an excellent track record in applying for and winning grants for our clients. In 2016, we developed and submitted several grant applications for a total of $3 million in awards.

Of special interest to DHS in 2016 were applications that included funds for cyber security protections, as well as the fundamentals – access control, gates, TWIC readers, etc.

Let’s get started. Before we can develop an application we need to discuss your facility, what is needed, and whether or not your needs meet the grant priorities. Successful grant writing is more an art than a science. Give us a call at 832-717-4404 or email don@greenwoodsecurity.com.