b'UNDERSTANDING AND PERFORMING AN IN-DEPTH, RISK-BASED SECURITY ASSESSMENT AND CREATING A SECURITY PLAN REQUIRES TAKING INTO CONSIDERATION FOUR MAIN ELEMENTS:RISK THREATRisk is the chance that an aggressor/attacker completes hisThreatrepresentstheprospectofanattack,basedonthe or her mission causing a security event or a transportationexistenceofintelligenceandmaritimedomainawareness. security incident (TSI).In order to mitigate risks, we mustALLpossibilitiesmustbeconsidered.However,each know what they are. We are all involved in risk assessment andpotential attack should be examined further to determine the management every daybefore stepping off the curb to crossprobability that it may actually happen. a street, without even thinking about it, we assess the risks to ourselves and our companions of entering the roadway. VULNERABILITYCONSEQUENCEVulnerability represents the probability of an attack being Consequence is the total result of a successful attack acrosssuccessful. When developing a facility/vessel security plan or an array of impact types: loss of life, environmental damage,program, vulnerability is the element of risk that should be negativeimpacttocommerceofaparticularareaandmodified by implementing security measures targeted to deter transportation system disruption.or prevent certain risks.In order to mitigate risk, facility owners/operators must adjust operationsof unaccompanied baggage, employee-only areas and any other areas toreducevulnerabilities,threatsorconsequences.Facilityowners/ containing equipment or sensitive security information that must be operators have limited ability to affect threats however; they can affectprotected from unauthorized access. Interior security often involves vulnerabilities and consequences. By focusing on the most likely threatsemploying the use of signage, locks, key cards, monitoring, etc.presenting the greatest consequences, resources can be focused on areas of most concern, while still satisfying the requirements of the regulations.Forbestresults,consideringthesethreelevelswhenassessingyour facilitys security can be beneficial in producing an in-depth, risk-based An assessment must be performed and documented before a security plansecurity assessment, creating a security assessment report and developing can be created, amended, and submitted for re-approval. An assessmenta security plan that will provide a consistent means of identifying and shouldalsobecompletedifthereisachangeinoperationsand/ordeterring threats.ownership of the facility.The first activity of the assessment should be a facility walk-through called an on-scene survey of the outer perimeterInaddition, while complying with the facility security assessment security, the inner perimeter security, and interior security.During thisrequirement, be sure to assess, document, and address computer system survey of the facility structures and grounds, primary attention shouldornetworkvulnerabilities.Inaccordancewith33CFRpart105, beonthreeareas:existingmeasuresinplace;inwhatwaysecurityregulated facilities are required to evaluate and document vulnerabilities canbeimproved;andhowtoaddressexistingandnewlydiscoveredassociated with their computer systems and networks. If vulnerabilities vulnerabilities.are identified, the applicable sections of the facility security plan must show mitigation measures for those weaknesses.The outer perimeter security, defined by the actual property line, often referred to as the facility footprint, outlines the outer perimeter. When securing the outer perimeter, the goal is to control who can walk or driveFOR MORE IN-DEPTH INFORMATION onto the grounds. Many facilities have fences that include gates at activeon protecting your computer systems and networking access points.Inactive access points must be secured.Gates at active accessequipment please see NVIC 01-20 Guidelines for points may be locked, remotely operated, or manned by a security guard.Addressing Cyber Risks at MTSA Regulated Facilities at Facilities without physical barriers may use CCTV, roving patrols or otherthe following address: https://www.dco.uscg.mil/Portals barriers. Some locations may even have natural barriers such as lakes, mountains,desertsorotherdifficult-to-traverseterrain.DeterminingOther publications with information to help us get through the type of perimeter security to implement requires weighing the riskthe pandemic:of an intruder accessing the property and the types of damage such an intruder could cause. These outer perimeter controls may be paired withAdditional TWIC info:Click for TWIC Information the Transportation Worker Identification Credential (TWIC) providingOn Declarations of Security, Noncompliance, Audits and another layer of security.The person(s) performing the assessment shouldmore:Click for More Information not overlook checking the integrity of fences (if in use), piers and any other associated structures. Be sure to regularly visit:Mariners Coast Guard Blog Inner perimeter security involves securing doors, windows and walls. Alarm systems may be used as a warning if an entry or exit is breached. Additional security measures may include locks, keys, CCTV, additionalABOUT THE AUTHOR: TWIC readers, and key controls.These measures help control the path of visitors into the facility and deters entry from unauthorized locations. BETTY McMENEMYU.S. COAST GUARDInteriorsecurityaddressesthebuildingsinnerspacessuchasBettyMcMenemyisaMarineTransportation passengerwaitingareas,employeeoffices,locationofcomputer,SpecialistattheOfficeofPortandFacility telecommunications and network systems, storage of ships stores, spacesCompliancefortheU.S.CoastGuardin containing surveillance equipment or any other security systems, storageWashington, DC. DEC 2020 9 FOGHORN FOCUS: SECURITY'