Operational Excellence through Leadership and Compliance

Maritime Compliance Report

Welcome. Staying in compliance takes dedication, diligence and strong leadership skills to stay on top of all the requirements which seem to keep coming at a rapid pace. With this blog I hope to provide visitors with content that will help them in their daily work of staying in compliance. I hope you find it a resource worthy of your time and I look forward to your feedback, questions, comments and concerns. Thanks for stopping by. To avoid missing critical updates, don’t forget to sign up by clicking the white envelope in the blue toolbar below.

Cybersecurity for MTSA Facilities

 In the March 20, 2020 Federal Register, the Coast Guard published a Notice of Availability for Navigation and Inspection Circular (NVIC) 01-20: Guidelines for Addressing Cyber Risks at Maritime Transportation Security Act (MTSA) Regulated Facilities. On the same day the Coast Guard also published ALCOAST Commandant Notice 040/20, which states that all facilities will be required to conduct facility security assessments (FSA) and amend their facility security plans (FSP) to incorporate cybersecurity vulnerabilities and mitigation strategies in accordance with the NVIC. This requirement applies to all MTSA facilities.


The implementation period runs from the date of the release of these documents until September 30, 2021. During this implementation period the Coast Guard intends for facilities to assess cybersecurity vulnerabilities for their FSAs and prepare mitigation strategies for their FSPs. At the end of the implementation period, once all the issues have been addressed and the kinks worked out, facilities must submit their proposed amendments for review and approval. Beginning October 1, 2021, facilities must begin submitting FSP amendments or cybersecurity annexes by the facility's annual audit date. All submissions must be made by October 1, 2022.


Cybersecurity is a complex issue. Writing these amendments and cybersecurity annexes will require significant input of facilities' IT and OT personnel. The NVIC suggests, but does not require the use of, the National Institute of Standards and Technology's Framework for Improving Critical Infrastructure Cybersecurity. This is a comprehensive management document which covers the subject in great detail. It appears, based upon the guidance published by the Coast Guard, that they intend for facilities to have a thorough cybersecurity management plan incorporated into their FSPs.

As we move forward creating these cybersecurity annexes for our clients, I have one major concern: "scope creep."The Coast Guard makes it clear that this mandate is not based upon a new law, but originates from the MTSA. The Coast Guard is just providing guidance on how best to address the existing requirement to assess "vulnerabilities in computer systems and networks." The MTSA requires facilities to submit security plans for deterring a transportation security incident (TSI) to the maximum extent practicable. A TSI is defined in the regulations as: "a security incident resulting in a significant loss of life, environmental damage, transportation system disruption, or economic disruption in a particular area." All threat scenarios evaluated during an MTSA facility security assessment are supposed to be considered within the context of this TSI definition. Over the past seventeen years Coast Guard guidance has been aligned with this principle.

There are many cybersecurity threats to facilities. However, I suspect not all will cause or contribute to a TSI, a Breach of Security, and/or the identification of Suspicious Activity, and therefore will not rise to the level that will require inclusion in the FSP. This limited scope, described in the ALCOAST, is partially mentioned in one sentence in the NVIC, and is not mentioned at all in the Facility Inspector Cyber Job Aid, thus causing the potential for "scope creep." Remember, whatever is incorporated into the FSP basically has the force of law, and you can't change it without amending the FSP. The biggest challenge I see will be keeping cybersecurity threats addressed in the FSP within the limited scope described in the ALCOAST. This will require careful conversations with the Coast Guard personnel charged with review and approval.

  2448 Hits

Facility Security Officer Advanced Workshop

51Facility Security Officer

Advanced Workshop

33 CFR part 105



All facility security plans must be amended due to a recent Final Rule.
A great opportunity to ensure your FSP reflects the optimum level of compliance.

Tuesday, June 18, 2019                                                    Kevin Gilheany
New Orleans, Louisiana                   Maritime Compliance International, LLC
 

You will learn how to: 

  • Determine which TSI threat scenarios a facility is required to address under the law.
  • Determine which parts of a facility the MTSA applies to, and how to properly determine the MTSA footprint.
  • Determine what should be a restricted area.
  • Determine the secure area for optimum compliance, and the pros and cons of limiting the secure area.
  • Verify a TWIC, both visually and electronically, and how to make a TWIC reader FSP amendment.
  • Draft an amendment for Seafarer's Access as required by the recent Final Rule.
  • Mitigate the biggest unaddressed threat in facility security.
  • Go about a Coast Guard waiver, reconsideration, or COTP appeal, and when each is appropriate.

Instructor:
Kevin Gilheany: owner of Maritime Compliance International, retired USCG Chief Warrant Officer, drafter of hundreds of FSPs, trainer of hundreds of FSOs, successful in USCG reconsiderations, waivers and appeals; and first adjunct instructor of Maritime Security at Tulane University.

Registration $99.00

Courtyard by Marriott Gretna
5 Westbank Expressway
Gretna, LA 70053
(504) 366.1010


Tuesday, June 18, 2019
8:30 a.m. – 3:30 p.m.

Attendance is limited to individuals working at MTSA regulated facilities, or as otherwise approved by MCI. All attendees must show a TWIC at the door.

Pay by credit card online by going to our Public Seminars page.

Or, reserve your spot via email and pay by check, payable to Maritime Compliance International, at the door or mail to 132 Lavergne St., New Orleans, LA 70114.

For more information call: 504.249.5291 or This email address is being protected from spambots. You need JavaScript enabled to view it..
  15343 Hits

Book Launch

Warning: This is not compliance related...

I wanted to let you to know that my memoir: Minding the Helm – An Unlikely Career in the U.S. Coast Guard, has been published by the University of North Texas Press, and is currently available. I have attached the publisher's press release. Feel free to share this email with anyone you think might be interested.

If you can, please try to make one of the following book events so I can sign your copy.

If not, you can order it from Amazon Books.

I will book more events, but I won't bother you with further emails. Please connect with me on FB or LinkedIn if you want to stay tuned.

Book Events:

May 25, 2019, 1-3pm
Barnes and Noble
Tanasbourne Center
18300 NW Evergreen Pkwy
Beaverton, OR

June 1, 2019, 1-3pm
Barnes & Noble
3721 Veterans Hwy
Metairie, LA

July 13, 2019, 1-3pm
Barnes & Noble
1601B West Bank Expressway
Harvey, LA

July 28, 2019, 2-4pm
Barnes & Noble
28801 Chagrin Blvd.
Woodmere, OH

July 31, 2019, 2-4pm
The Bookman
715 Washington Avenue
Grand Haven, MI

August 1, 2019, 7-9pm
Barnes & Noble
5275 Harvey Street
Muskegon, MI

August 13, 2019, 6:30-8pm
Hubbell Library
725 Pelican Avenue
New Orleans, LA

Thanks very much for your support.
I look forward to seeing y'all.

Kevin

"An honest and inspiring tale of dogged determination in the face of adversity." 

  • Lt Col Waldo Waldman, author of the New York Times& Wall Street Journal bestseller Never Fly Solo
  3538 Hits

Seafarer's Access to Maritime Facilities

On May 1, 2019, the Final Rule on Seafarer's Access to Maritime Facilities went into effect. All FSPs must be amended to include a "system" for how the facility will ensure the seafarers, pilots, representatives of seafarer's welfare organizations and labor unions get to and from a vessel, in a timely manner, at no cost to those individuals. All facilities must submit their amendments by February 3, 2020, and have the system fully implemented by June 1, 2020.

Escorting is the main area of concern. All docks are "secure areas," by definition. Docks are also designated as "restricted areas," as typically required by the Coast Guard. "Monitoring" is not an authorized method of escorting in a secure area which is also designated as a restricted area. Only side by side escorting is authorized in such areas. Do not be fooled by 33CFR 105.237(d)(5) regarding "monitoring pedestrian routes" as an access method. The Final Rule states the system must comply with the TWIC provisions… Therefore, "monitoring pedestrian routes," as a sole means of escorting, is only allowable in secure areas which are not also "restricted areas." That excludes every dock I have ever been on.

It occurred to me that some facilities, such as free floating barge fleeting facilities, might not have an application for such an amendment. However, I could find no exception in the Final Rule for any particular type of facility. Since it is a regulation, the proper procedure would be to get a waiver from Commandant, if a facility felt this regulation was not applicable. So, unless a facility applies for a waiver, or just hopes the Coast Guard won't enforce it on their facility, the FSP must be amended.

I have confirmed all this in writing with the Coast Guard Headquarters point of contact. We have already submitted our first "system for seafarer's access" in an FSP renewal.

Let us know if you need help with figuring out the optimum level of compliance and getting your FSP amendment approved. These topics will be covered in detail in our up-coming one-day FSO Advanced Course. Stand by for dates and details… 

  3238 Hits

Sub M - Coast Guard Option Success Story

With only three months to go before the July deadline, we received a call recently from a tug company looking to get ready for Subchapter M. They asked for a Towing Safety Management System (TSMS), as they were sure it was mandatory from all they had heard. We could have sold them a good TSMS, but instead I told them the story of American Tugs, Inc. in Puerto Rico.

We first met the Rivera family, owners of American Tugs, Inc., at the Workboat Show a number of years ago. This family operation, running eleven tugs in Puerto Rico, quickly became a one of our best clients. In the years leading up to Subchapter M we partnered with them to gets their boats and crews ready. When Subchapter M arrived they embraced the change and started to implement our Towing Vessel Record/ Compliance Management System well ahead of time. They also followed our regulatory compliance surveys and got their boats up to Subchapter M standards.

When the time came to see if all their hard work had paid off, they called the Coast Guard and scheduled their inspections. Here's what an inspector from Sector San Juan reported back to the company after their first COI inspection: "…Inspections such as the Marilin R are what makes my job very satisfying. The inspection team was more than pleased with the condition of the vessel and the knowledge of the crew. I could tell that the crew and your employees put a lot of time and effort to get the vessel ready for USCG inspection standards."

American Tugs has, reportedly, received the first two Subchapter M COIs in Sector San Juan. They did it not with a Third Party Organization (TPO) and a TSMS, but buy simply getting into compliance with Subchapter M. Don't make this more complicated than it has to be. 

  3483 Hits

Important Read - WorkBoat February 2019

 Great article in the February 2019 Workboat Magazine about the Subchapter M Think Tank we did at the Workboat Show in December. Good questions, good answers.

  2875 Hits

Towing Vessel Inspections

 One hundred percent of our towing vessel clients who have been through the Coast Guard's COI process have been sucessful, and have done at minimum expense.

We only employ retired Coast Guard guys who know exactly what they are talking about. We provided surveys, TVRs, H&S plans, and training, and our clients took action and got their COIs.

If you know of any companies that have not signed up with a TPO for the TSMS option, that need help with obtaining a COI through the Coast Guard, please share these great comments provided by our satisfied clients:

"I wish all boats were like this, this job would be a lot easier. The drills went flawlessly." -U.S. Coast Guard Marine Inspector following a COI for American Tugs, Inc."

After reviewing your Overboard Prevention procedures, I'm impressed. These are probably the best and most articulated procedures I've seen so far after 25+ COI applications." -U.S. Coast Guard Marine Inspector to a client on our Health & Safety Plan 

"Hiring Kevin Gilheany was an easy decision. Without his assistance, we would not have been able to receive a COI as quickly as we did." - Phil Andrie, President, Ashton Marine, LLC

 "We appreciate all the experience and research you put into your TVR and Compliance Management System. As you must be delighted to hear, they are performing well in the inspection process and, truly, helping captains operate more safely and efficiently." - Biblia, Inc. Marine Towing & Transportation

"Maritime Compliance International (MCI) has always given our company all the right tools to be in compliance. Their TVR is excellent, and Sub M surveys are a great tool to get ahead in the game. MCI has an excellent staff, and we couldn't be happier with choosing MCI as our compliance partners" - Pedro F. Rivera Jr, Maritime Administrator, American Tugs Inc.

 "Maritime Compliance International responded quickly to our requested for assistance in becoming compliant with Subchapter M, without the complications of electronic forms, with simple forms and training that all of our Captains deckhands could comprehended." – Mike Schmeltzer, Durocher Marine Division
  2042 Hits

Subchapter M Think Tank

 I really liked the Think Tank format at the Workboat Show this year. We had a great discussion about Third Party Option vs. Coast Guard option, Coast Guard OCMI authority to defer enforcement, the level of intensity of audits under Subchapter M, and much more.


Please let us know if any company you know of needs help getting into compliance, regardless of the chosen compliance option. We are not a TPO. We work on behalf of the client alone, not the government.
  2483 Hits

Subchapter M Think Tank - Workboat Show

 This should be a very interesting discussion. We hope to see you there.

  2406 Hits

Book Recommendation

On my first Coast Guard cutter we got the ship lost. True story. It was before GPS, but there was a new Navy satellite receiver on board called SatNav. Because there wasn't as many satellites up as there are now, you had to wait for them to rise and set to get a good fix. We thought it automatically updated our position whenever a good fix came in, but that was not always true. If it went a long time without a good fix we were supposed to do a, "Code 51, Enter." No one knew that. No one really studied the user manual. We could have wrecked the ship. Luckily we figured out our error before we got close to land. It was certainly a "near miss" in today's terminology. It was my first year in the Coast Guard, and I was only an E-2, but I could have read the manual too. That lesson did not escape me.

In reading Rachel Slade's book, Into the Raging Sea, on the sinking of the U.S. flag ship El Faro, I was shocked to find that not knowing the ship's equipment also played a role in that disaster. According to the book, the captain made his decision to continue on his track based upon the private weather service forecasts, which he may not have known, were based a data which was twelve hours old. They also had the NWS forecasts available on board, which are based upon data only four hours old, but the captain preferred the private weather service forecasts. He may not have read the user manual.

I highly recommend this excellent book to anyone interested in continuous improvement in the maritime industry. The lessons to be learned are many, and apply to vessel personnel, shoreside staff, ocean going vessels, inland vessels, regulators, and their agents (TPOs). We talk a lot about lessons learned, and learning from our mistakes. This book provides an excellent opportunity to learn from others' tragic mistakes. If we don't learn from mistakes, such as not "knowing your equipment," we are bound to repeat them. 

  2730 Hits

Contact Us

This email address is being protected from spambots. You need JavaScript enabled to view it.
Phone: 504.249.5291

Copyright ©
Maritime Compliance International
All rights reserved | Privacy Policy

Maritime Compliance Report Sign-Up

Click here to subscribe to the Maritime Compliance Report blog for critical email updates on compliance issues.