Inspections Mirror

1
Maritime Security Services Development of
Region-Wide Port Strategic Risk
Management/Mitigation Port Resumption/Resilienc
y Plans April 2008
2
The Halcrow Team
3
RISK MANAGEMENT AND TRADE

• Region-Wide SF Bay and River Delta
• Interdependencies
• Impact Beyond a Single Facility
• Focus on MSRAM
• Focus Beyond the Waters Edge
• MTS Linkage Inland

4
WORKSHOP SCHEDULE
5
Quick Look at Risk andQuicker Look at Maritime
Security Risk Analysis Method (MSRAM)
6
Basic Elements of Risk
Risk Understanding
What can go wrong?
What are the impacts?
How likely is it?
Risk Incidents Frequency x
Consequence Risk Incidents (ORM) Exposure x
Probability x Consequence Risk Terrorism
Threat x Vulnerability x Consequence
Foundation for Risk Assessment

Historical experience

Analytical methods

Knowledge and intuition
7
Frequency Scoring Categories
Frequency Score Descriptions
Frequency Scores
Continuous
730 events per year
Daily
365 events per year
Weekly
52 events per year
Monthly
12 events per year
Quarterly
4 events per year
Annually
1 event per year
Decade
1 event per 10 years
Half-century
1 event per 50 years
Century
1 event per 100 years
Millennium
1 event per 1,000 years
8
Severity Scoring Categories
9
Risk Analysis Process
Expert judgment
Facilitated analysisof credible scenarios
Data
Natural hazardforecast model
10
Simple Terrorism Risk Model
Risk Threat Vulnerability Consequence
What can go wrong?

• Scenario
• Combination of a target and attack mode
• For each scenario, assess the following
• Threat likelihood of a specific terrorist
  attack
• Vulnerability probability that the attack will
  be successful
• Consequence level of impact associated with a
  successful attack

How likely is it?
What are the impacts?
11
How do we characterize the factors in the MSRAM
Risk Model?

• Scenario
• Application of an attack mode against a target
• Threat
• Relative likelihoods (0 to 1 scale)
• Vulnerability
• Probabilities of adversarial success (0 to 100)
• Primary Secondary Consequences
• Risk Index Number (RIN) using a consequence
  equivalency matrix
• Response
• Percent of consequences reduced (0 to 100)

12
Threat

• Threat in MSRAM is a relative value that has been
  assigned by the USCGs intelligence coordination
  center (ICC) generically for attacks on classes
  of targets
• For example
• Scenario 1 Boat bomb attack on a ferry terminal
• Relative threat score .5
• Scenario 2 Car bomb on a CDC facility
• Relative threat score 0.25
• Therefore, scenario 1 is treated as twice as
  likely to be undertaken as scenario 2.
• ICC provided a threat matrix which characterized
  the relative threat values for every combination
  of target class and attack mode

13
Response Capability
The response capability factor represents the
percent of the consequences of a successful
attack that can be reduced due to the response
actions of the stakeholders (owner/operator,
local 1st responders, USCG).

• Categories
• 95 to 100 of consequences can be reduced
• 85 to 95 of consequences can be reduced
• 65 to 85 of consequences can be reduced
• 35 to 65 of consequences can be reduced
• 15 to 35 of consequences can be reduced
• 5 to 15 of consequences can be reduced
• 0 to 5 of consequences can be reduced

14
Natural Hazard Threats

• Overview of Data
• Discuss lessons learned from major past incidents
  
• Discussion - Top-tier concerns

15
Flood and Earthquake

• Will be tapping FEMA HAZUS data

16
Maritime Mobility Concerns

• Disruption of vessel traffic patterns of major
  waterways for more than three days from one event
  
• Disruption of transfers of cargo or passengers
  within the port for more than three days from one
  event
• Disruption of processing (manufacturing/refining)
  facilities within the port for more than three
  days from one event.

17
Commodity Cargo Categorization

• Commodity Cargoes
• CDC and Hazardous Cargo
• Dry Bulk/Liquid Fertilizers
• Metals
• Wood Products
• Agriculture Feeds/Supplies/Grains
• Petroleum Products
• Palletized Cargo
• Coal/Rock/Sand
• Top-tier concerns
• Impact to flow
• Top-tier concerns

18
Quick Look at Risk Analysis Meeting Work

• Meetings will be facilitated and structured to
  ensure a comprehensive look at risks at a
  high-level. The meetings only examine risks
  associated with one unwanted event (i.e., threat
  scenario) at a time occurring in a section.
• Although some unwanted events may originate
  within a facility/or vessel, we are not
  interested in the specific vulnerabilities and
  actions of the facility or vessel rather the
  risk to the section and how the section manages
  the risk.

19
Quick Look at Risk Analysis Meeting Work (contd)

• We are using risk to measure port-level
  effectiveness of prevention, protection,
  response, and recovery capabilities, so that we
  can build a strategy for the port.
• We are not discussing specific facility plans nor
  scoring specific facility performance.
• The unwanted events and consequences of concern
  for these meetings are outlined. Security
  incidents are extracted from the Coast Guard
  MSRAM attack modes for high consequences MTSA
  facilities and AMSC concerns.

20
Risk Management Plan
21
Strategic Risk Management Plan
Regional Marine Transportation System (MTS)
Stakeholder Engagement
Identified Risk Priorities
Federal (DHS, DOT, DOD, etc.) State Govt. Local
Govt. Industry Public
Current State for Risk Management Activities
Focus On Authorities, Capabilities, Capacities,
Competencies, Partnerships Awareness,
Prevention, Protection, Response, Recovery,
Service
Programmatic and Organizational Gaps
(Roles/Responsibilities)
Risk Management Gaps For Key Scenarios (Roles/Resp
onsibilities)
Identification of Strategic Gaps
Recommendations to Close Strategic Gaps
Risk Significance Evaluation of Strategic Gaps
and Associated Recommendations
22
Strategic Risk Management Plan

• Executive Summary
• Purpose
• Critical Issues and Context
• Current State of Port-Wide Risk Reduction
  Measures
• Desired Future/End State of Port-Wide Risk
  Reduction Measures
• Gap Analysis of Port Community Vulnerabilities
• Objectives and Strategies
• Initiatives
• Port Community Risk Reduction Program Management

23
TRADE RESUMPTION/RESILIENCY

• Define the MTS
• ID Key Systems/Functions
• Prioritize Protection of Functionalities
• Analysis Current Capabilities and Gaps
• ID Interdependencies
• Investment Options for Mitigation

24
Immediate Needs for Building Deliverables

• Port Security Plan
• Port Continuity of Operations Plan
• Port Emergency Management Plan
• Port Contingency Plan
• Port Risk Assessments
• Port Event Data (MSRAM, MISLE (accidents and law
  enforcement), BARD)
• Exercises of above plans and lessons learned/
  recommendations from those exercises
• Port security initiatives (and their complete)
  that were funded in part with federal grant money
• Description of the ports economic impact
• Nasty cargoes transported/stored in the port
  (CDC/HAZMAT)

25
QUESTIONS