National Maritime Law Enforcement Academy

With the areas where we can get “SMARTER” identified in the first section of the White Paper referred to above, and with the questions raised after each discussion within the paper – we've laid out a pathway towards a solution. From discussions with a multitude of maritime stakeholders, and input from recognized subject matter experts, we have developed a solution package and plotted a course. Here are the program’s Goals and Objectives.

 

Program Goal:  Take the Nation’s port security community into the digital age, by facilitating steps that can effortlessly, effectively, and efficiently enable that transformation, with clearly defined cost-savings and operational benefits, while establishing a National Standard for Maritime Security.

​

Program Mission:  Establish a Maritime Security Accreditation and Digitization Program (MARSEC ADaPt) for U.S. Ports, hosted by the National Maritime Law Enforcement Academy and powered by “best in class” security software, in partnership with the maritime domain’s leading organizations – and one that is recognized by the USCG, and establishes/demonstrates that accreditees have met a pre-requisite standard for Maritime Security Vulnerability Assessments, Training, Exercises, and Cybersecurity Maturity.

 

Program Objectives:

1. Create a Digital Twin for every U.S. Port.

2. Provide the U.S. Coast Guard a National Digital Library of maritime critical infrastructure.

3. Decrease the costs to ports for Vulnerability Assessments and provide continuous improvement through a 24/7/365 active “machine learning” tool – integrated with a port’s “Digital Twin.”

4. Ensure that the tools are validated and recognized by agencies like DOD, DOE, and DHS.

5. Decrease the costs of training and exercises, through industry-recognized software – integrated with a port’s “Digital Twin,” and allowing for accessible, affordable, adaptable, and accredited readiness and preparedness.

6. Provide a cybersecurity evaluation and measurement of maturity tool that is easy to implement, affordable, and allows port entities, their managers, and their leadership an easily and readily available “living” dashboard with quick access to improvement recommendations.

7. Provide access to regionally positioned port security specialists, and subject matter experts, so that “on the ground” knowledge, expertise, and experience can be provided quickly and easily.

8. Be able to share, collect and analyze cyber threat data on a national level, that can improve the security of each port.

9. Be able to demonstrate to participants in this program, first-year return on investment, and long-term, sustainable benefits.

10. Set the National Standards in each aspect of a port's DOMAIN for Maritime Security, and recognize those that meet them through Accreditation.

​

​

Program Elements:

​

​

​

​

​

​

​

​

​

​

​

​

​

​

These are the parts of the Maritime Security Accreditation and Digitization Program, that make it an essential, foundational, and maturation step for every maritime stakeholder and port partner. What is underlined are the parts of the elements that are required in the execution of this Program.

​

1. A Digital Twin: The first element of the program will provide organizations with a “digital twin” of their port and facilities. This will be a digital representation, or ‘twin’, of the physical components and systems, taking all the components of the physical entity – such as a port complex or terminal – and creating a 3D virtual map representation of the port, allowing interface and providing organized datasets for the user, that in turn can be used in the following components of the program. 

 

The ARES Security Digital Twin transforms unstructured data into a smart, digital asset

that is used to visualize, design, build, test, manage, and secure maritime critical

infrastructure. The ARES Digital Twin then creates substantial and sustainable

business value by facilitating safe, secure, and efficient security lifecycle operations

through digital innovation and automation.

 

Used as an operational tool, it can also be used as a vulnerability assessment

tool, an exercise tool, and a training tool (see elements below), a Digital Twin

will provide ports with a critical component that will directly impact preparedness,

readiness, responsiveness, and resiliency.

​

2. Digital Twin Library: The second element of this program is to create a digital library of all the Nation’s maritime critical infrastructure and provide access to the U.S. Coast Guard in order to better prepare for, respond to, manage the actions and mitigate the outcomes surrounding a significant port security event. This will be critical in our National Security, given the rising threats, both natural and man-made, and it will enable the Coast Guard to maximize the impact of the elements listed in the following paragraphs.

​

3. Vulnerability Assessment Software: Building off the Digital Twin component of the program, this element will provide ports with an intuitive user interface quickly create realistic 3D models of a facility that include interior and exterior features or structures, access points and entrances, natural features, and the placement of both active and passive barriers and detection tools. Once a site is modeled, the solution shall use Monte Carlo simulations in order to evaluate the comprehensive security design. An exclusive pathing algorithm will be utilized to determine the various pathways of adversaries, responders, and even natural hazards.

 

These assessments shall provide an organization with a complete understanding of their facility’s security and response to address vulnerabilities and optimize their configuration for both effectiveness and costs. The parameters must be easily changed within the model to address a wide range of security system configurations, threats and targets. Once the vulnerabilities and pathways have been identified and analyzed, users must be able to change and test new modeled sensors, systems, and procedures to improve their facility’s posture and thoroughly understand your return on investment. This quantitative approach shall provide a cost-effective means to continually assess risks and optimize a maritime partner’s security effectiveness against their budget.

​

AVERT Security Design and Assessment Solutions was chosen to execute this element of the Program. Developed by ARES Security Corp, AVERT will provide unique modeling and simulation software that visualizes and quantifies the performance of security and response configurations. The results provide clients with a detailed understanding of their comprehensive security and response configuration's effectiveness. Whether performing a cost-benefit analysis on security systems or a comprehensive vulnerability analysis, the AVERT solutions have saved clients millions of dollars while increasing their effectiveness.

 

AVERT software has been accredited by the Department of Defense and the Department of Energy, certified by the Department of Homeland Security, and published as a “Best Practice” by the World Institute of Nuclear Security.[1]

​

4. Virtual Exercise Software:  The Virtual Tabletop element of this Program will be able to mimic real-time scenarios and asset tracking for training purposes. Using the Virtual Tabletop, users must be able to run and control detailed simulations while commanding a virtual blue force against adversaries and see the real-time impacts of their decisions through a common operating picture. As a simulation runs, force commanders will be provided with limited information in which they must make decisions and position their forces based on adversary advances. The commander's decisions will update the agents and objectives within the simulation which in turn will change the simulations’ outcome. Users must be able to select specific scenarios that are relevant to their facility and study the direct effects of each decision or an entire response.

​

Because of its DHS “SAFETY Act Certified” Software, the capability of AVERT Virtual Tabletop Physical Security software was chosen to run simulations on the various threats facing an organization. Upon discovering a facility's weaknesses and most likely attack avenues, executives will be able to host training exercises within those specific simulations. With the capability to simulate anything from terrorists and cyber-attacks to natural disasters, the Virtual Tabletop shall have a direct impact on a staff’s preparedness, readiness, and responsiveness.

​

5. Training Software & Learning Management System: This element of the program will allow operators and their security forces to perform realistic training scenarios on a regular basis and stay prepared for any situation, using the Digital Twin and tools/elements described in the preceding paragraphs. Additionally, any training for any personnel working in the maritime domain will be integrated into online/virtual and instructor-led training tools, that can dramatically lower the cost of training, ease the scheduling of training, and allow all training to be readily and easily accessed.

 

PortTraining, operated by the NMLEA, began as the nation's only comprehensive

seaport security curriculum with flexible delivery options and its online training

management system was developed with Department of Homeland Security

funding in 2005 and direct oversight by the US Coast Guard, the US Maritime

Administration, and FEMA. A team of 72 Florida State University instructional designers and staff developed this single-point training solution for ports, terminal operators, and first responder agencies. An active Industry Advisory Group guided every phase of work with the goal of creating a whole-system approach that "meets regulatory requirements...while recognizing seaports' central purpose of commerce." Today, PortTraining is a resource for ports all across the country, providing an accessible, adaptable, and affordable means to meet the MTSA requirements – and much more.

​

aLEX is an NMLEA sponsored and developed product that provides a solution to an industry confronted with increased challenges to time, budgets, and an evolving workforce that public safety agencies are facing all across the country (see the White Paper: Navigating the Changing Seascape ofMaritime Public Safety[2]).

​

The Academy has used its knowledge, relationships, resources, adult learning

expertise, and technology partnerships to provide a mobile, easily accessible,

and affordable solution for every officer, department, and maritime stakeholder.

Put simply, aLEX provides a complete Learning Management System

at no cost to its users and partners.

​

6. Cybersecurity Maturity Model Software:  Because cyber risk is a persistent, ever-evolving danger to port and maritime operators, effective cyber risk management cannot be achieved through an annual checklist-based approach. Therefore, this element of the program will provide a maturity-model methodology that will help an organization align with established best practices, nationally recognized standards, federal and international guidelines.

​

To successfully address the complexities of today’s cyber threat environment, it is recognized that effective cyber risk management requires both persistent engagement and a multi-disciplined approach. Managing cyber risk is not just the responsibility of the IT department. And therefore, this element of the program must facilitate a shared obligation of all the key stakeholders and include them in the maturity assessment process - security, operations, health and safety, administration, finance, accounting, incident response, training, legal, communications, and procurement.

​

PortLogix, developed by HudsonCyber and recognized by Lloyd’s as a Digital Innovation Winner, was selected to provide an organizational “starting point” for assessing cybersecurity. PortLogix is not a scanning tool, monitoring application, or form of network defense. It is a cloud-based application that brings together stakeholders from across the organization to stimulate in-person (or virtual) cross-functional collaboration, promote awareness, and enhance communication and information sharing. It facilitates self-assessments that baseline, target, measure, and support cybersecurity capability growth and cybersecurity resilience over time.

​

PortLogix is based on a maturity-model methodology that helps an organization align with the below standards, best practices, and guidelines:

• U.S. National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity (V1.1) (commonly referred to as the “NIST CSF”);

• NIST Special Publication 800-82 (Rev. 2) Guide to Industrial Control Systems Security;

• U.S. Department of Homeland Security Cybersecurity Capability Maturity Model (C2M2);

• Center for Internet Security Critical Security Controls for Effective Cyber Defense (V7);

• U.S. Coast Guard Navigation and Inspection Circular No. 01-20: Guidelines for Addressing Cyber Risks at Maritime Transportation Security Regulated Facilities (2020);

• The IMO’s Guidelines on Maritime Cyber Risk Management (MSC-FAL. 1/Circ. 3 (2017);

• ISO/IEC 27001:2013 RE: Information Security Management Systems – Requirements;

• European Union Agency for Cybersecurity (ENISA) Cyber Risk Management for Ports: Guidelines for Cybersecurity in the Maritime Sector (December 2020); and,

• U.S. Customs and Border Protection Customs-Trade Partnership Against Terrorism (CTPAT) Minimum Security Criteria: Cybersecurity

 

7. Deployed Port Security SME’s Throughout the Country: The last element, but just as important, is to provide ports with the availability and access to recognized security professionals to provide consultation, training, component facilitation, grant writing, and more. Because the dynamic post-pandemic workforce challenges are affecting every organization, port participants will have access to knowledgeable, experienced, and skilled trusted partners located throughout the country.  Participants in this program will be able to reach out at any time, to people serving over 100 ports – and get what they need, when they need, from trusted partners.

 

[1] https://aressecuritycorp.com/avert

[2] https://www.nmlea.org/research-and-white-papers