[Federal Register: October 22, 2003 (Volume 68, Number 204)]
[Rules and Regulations]
[Page 60515-60544]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr22oc03-14]
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
Coast Guard
33 CFR Part 105
[USCG-2003-14732]
RIN 1625-AA43
Facility Security
AGENCY: Coast Guard, DHS.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: This final rule adopts, with changes, the temporary interim
rule published on July 1, 2003, that provides security measures for
certain facilities in U.S. ports. It also requires owners or operators
of facilities to designate security officers for facilities, develop
security plans based on security
[[Page 60516]]
assessments and surveys, implement security measures specific to the
facility's operations, and comply with Maritime Security Levels. This
rule is one in a series of final rules on maritime security in today's
Federal Register. To best understand this rule, first read the final
rule titled ``Implementation of National Maritime Security
Initiatives'' (USCG-2003-14792), published elsewhere in today's Federal
Register.
DATES: This final rule is effective November 21, 2003. On July 1, 2003,
the Director of the Federal Register approved the incorporation by
reference of certain publications listed in this final rule.
ADDRESSES: Comments and material received from the public, as well as
documents mentioned in this preamble as being available in the docket,
are part of docket USCG-2003-14732 and are available for inspection or
copying at the Docket Management Facility, U.S. Department of
Transportation, room PL-401, 400 Seventh Street SW., Washington, DC,
between 9 a.m. and 5 p.m., Monday through Friday, except Federal
holidays. You may also find this docket on the Internet at http://dms.dot.gov
.
FOR FURTHER INFORMATION CONTACT: If you have questions on this final
rule, call Lieutenant Gregory Purvis (G-MPS-1), U.S. Coast Guard by telephone 202-267-1072 or by electronic mail gpurvis@comdt.uscg.mil. If
you have questions on viewing the docket, call Andrea M. Jenkins,
Program Manager, Docket Operations, Department of Transportation, at
telephone 202-366-0271.
SUPPLEMENTARY INFORMATION:
Regulatory Information
On July 1, 2003, we published a temporary interim rule with request
for comments and notice of public meeting titled ``Facility Security''
in the Federal Register (68 FR 39315). This temporary interim rule was
one of a series of temporary interim rules on maritime security
published in the July 1, 2003, issue of the Federal Register. On July
16, 2003, we published a document correcting typographical errors and
omissions in that rule (68 FR 41916).
We received a total of 438 letters in response to the six temporary
interim rules by July 31, 2003. The majority of these letters contained
multiple comments, some of which applied to the docket to which the
letter was submitted, and some of which applied to a different docket.
For example, we received several letters in the docket for the
temporary interim rule titled ``Implementation of National Maritime
Security Initiatives'' that contained comments in that temporary
interim rule, plus comments on the ``Facility Security'' temporary
interim rule. We have addressed individual comments in the preamble to
the appropriate final rule. Additionally, we had several commenters
submit the same letter to all six dockets. We counted these duplicate
submissions as only one letter, and we addressed each comment within
that letter in the preamble for the appropriate final rules. Because of
statutorily imposed time constraints for publishing these regulations,
we were unable to consider comments received after the period for
receipt of comments closed on July 31, 2003.
A public meeting was held in Washington, DC, on July 23, 2003 and
approximately 500 people attended. Comments from the public meeting are
also included in the ``Discussion of Comments and Changes'' section of
this preamble.
In order to focus on the changes made to the regulatory text since
the temporary interim rule was published, we have adopted the temporary
interim rule and set out, in this final rule, only the changes made to
the temporary interim rule. To view a copy of the complete regulatory
text with the changes shown in this final rule, see http://www.uscg.mil/hq/g-m/mp/index.htm
.
Background and Purpose
A summary of the Coast Guard's regulatory initiatives for maritime
security can be found under the ``Background and Purpose'' section in
the preamble to the final rule titled ``Implementation of National
Maritime Security Initiatives'' (USCG-2003-14792), published elsewhere
in this issue of the Federal Register.
Impact on Existing Domestic Requirements
33 CFR part 128, Security of Passenger Terminals, currently exists
but applies only to cruise ship terminals. Until July 2004, 33 CFR part
128 will remain in effect. Facilities that were required to comply with
part 128 must now also meet the requirements of this part, including
Sec. 105.290, titled ``Additional requirements--cruise ship
terminals.'' The requirements in Sec. 105.290 generally capture the
existing requirements in part 128 that are specific for cruise ship
terminals and capture additional detail to comply with the requirements
of SOLAS Chapter XI-2 and the ISPS Code.
Discussion of Comments and Changes
Comments from each of the temporary interim rules and from the
public meeting held on July 23, 2003, have been grouped by topic and
addressed within the preambles to the applicable final rules. If a
comment applied to more than one of the six rules, we discussed it in
the preamble to each of the final rules that it concerned. For example,
discussions of comments that requested clarification or changes to the
Declaration of Security procedures are duplicated in the preambles to
parts 104, 105, and 106. Several comments were submitted to a docket
that included topics not addressed in that particular rule, but were
addressed in one or more of the other rules. This was especially true
for several comments submitted to the docket of part 101 (USCG-2003-
14792). In such cases, we discussed the comments only in the preamble
to each of the final rules that concerned the topic addressed.
Subpart A--General
This subpart contains provisions concerning applicability, waivers,
and other subjects of a general nature applicable to part 105.
One commenter stated the public access area was a very well thought
out concept. Another commenter stated that the thresholds and exempted
facilities specified in Sec. 105.105 should remain as written.
One commenter requested that Sec. 105.105(a)(2) be revised,
stating that the security requirements of facilities should be based on
the terminal's size and capacity alone, rather than on the number of
passengers a vessel is certificated to carry.
While a terminal's size or capacity is a way to determine
applicability, we chose to focus on vessel interface and cargo handling
activities because this method is consistent with the conceptual
applicability standards employed internationally. When we focused on
vessel-to-facility interfaces, our risk assessment showed that vessels
certificated to carry over 150 passengers, and the facilities servicing
them, may be involved in a transportation security incident.
Two commenters requested clarification on our reference to
International Convention for Safety of Life at Sea, 1974, (SOLAS) and
facility applicability. One commenter stated that because the
applicability of the various chapters of SOLAS is not consistent, it is
necessary to specify particular chapters in SOLAS to define the
applicability of this regulation to U.S. flag vessels. The commenter
[[Page 60517]]
requested that we limit the reference to SOLAS in Sec. 105.105(a)(3)
to ``SOLAS Chapter XI-2.'' Another commenter stated that it is not
clear whether the words ``greater than 100 gross registered tons''
applied to SOLAS vessels as well as to vessels that are subject to 33
CFR subchapter I.
We agree that the general reference to SOLAS is broad and could
encompass more vessels than necessary. We have amended the
applicability reference to read ``SOLAS Chapter XI'' because subchapter
H addresses those requirements in SOLAS Chapter XI. Also, we have
amended Sec. 105.105(a) to apply the term ``greater than 100 gross
registered tons'' to facilities that receive vessels subject only to
subchapter I. We did not include references to foreign or U.S.
ownership in the applicability paragraphs because it is duplicative of
the existing language.
Two commenters were concerned about the breadth of the regulations.
One commenter asked that the regulations be broadened to allow for
exemptions. One commenter stated that the applicability as described in
Sec. 101.110 is ``much too general,'' stating that it can be
interpreted as including a canoe tied up next to a floating dock in
front of a private home. The commenter concluded that such a broad
definition would generate ``a large amount of'' confusion and
discontent among recreational boaters and waterfront homeowners.
Our applicability for the security regulations in 33 CFR subchapter
H is for all vessels and facilities; however, parts 104, 105, and 106
directly regulate those vessels and facilities we have determined may
be involved in transportation security incidents, which does not
include canoes and private residences. For example, Sec. 104.105(a)
applies to commercial vessels; therefore, a recreational boater is not
regulated under part 104. If a waterfront homeowner does not meet any
of the specifications in Sec. 105.105(a), the waterfront homeowner is
not regulated under part 105. It should be noted that all waterfront
areas and boaters are covered by parts 101 through 103 and, although
there are no specific security measures for them in these parts, the
AMS Plan may set forth measures that will be implemented at the various
MARSEC Levels that may apply to them. Security zones and other measures
to control vessel movement are some examples of AMS Plan actions that
may affect a homeowner or a recreational boater. Additionally, the COTP
may impose measures, when necessary, to prevent injury or damage or to
address specific security concerns.
Five commenters addressed the applicability of the regulations with
respect to facilities and the boundaries of the Coast Guard
jurisdiction relative to that of other Federal agencies. Four
commenters advocated a ``firm line of demarcation'' limiting the Coast
Guard authority to the ``dock,'' because as the rule is now written, a
facility may still be left to wonder which Federal agency or department
might have jurisdiction over it when it comes to facility security. One
commenter suggested that the Coast Guard jurisdiction should not extend
beyond ``the first continuous access control boundary shore side of the
designated waterfront facility.''
Section 102 of the MTSA requires the Secretary of the Department in
which the Coast Guard is operating to prescribe certain security
requirements for facilities. The Secretary has delegated that authority
to the Coast Guard. Therefore, the Coast Guard is not only authorized,
but also required under the MTSA, to regulate beyond the ``dock.''
We received 64 comments concerned with the application of these
security measures to ferries. The commenters did not want airport-like
screening measures implemented on ferries, stating that such measures
would cause travel delays, frustrating the mass transit aspect of ferry
service. The commenters also stated that the security requirements will
impose significant costs to the ferry owners, operators, and
passengers.
These regulations do not mandate airport-like security measures for
ferries; however, ferry owners or operators may have to heighten their
existing security measures to ensure that our ports are secure. Ferry
owners and operators can implement more stringent screening or access
measures, but they can also include existing security measures in the
required security plan. These measures will be fully reviewed and
considered by the Coast Guard to ensure that they cover all aspects of
security for periods of normal and reduced operations.
We understand that ferries often function as mass transit and we
have included special provisions for them. Even with these provisions,
our cost analysis indicated that compliance with these final rules
imposes significant costs to ferry owners and operators. To address
this concern, the Department of Homeland Security (DHS) has developed a
grant program to provide funding for security upgrades. Ferry terminal
owners and operators can apply for these grants.
Six commenters stated that the term ``fleeting facility'' in Sec.
105.105(a)(4) is more general than the definition of a ``barge fleeting
facility'' in Sec. 101.105. The commenters pointed out that temporary
staging areas of barges, or those areas for the breaking and making of
tows provided by the U.S. Army Corps of Engineers, are not included in
the definition of ``barge fleeting facility'' because they are not
``commercial fleeting areas.'' The commenters suggested that these
areas be included in AMS Plans.
We agree with the commenters and are amending Sec. 105.105(a)(4)
to make it consistent with the definition stated in Sec. 101.105 for
``barge fleeting facility.'' This new language can be found in Sec.
105.105(a)(6). With regards to barge fleeting areas that are provided
by the U.S. Army Corps of Engineers, in accordance with Sec.
105.105(b), those facilities that are not subject to part 105 will be
covered by parts 101 through 103 of this subchapter and will be
included in the AMS Plan for the COTP zone in which the facility is
located.
Three commenters disagreed with including all barge fleeting
facilities that handle barges carrying hazardous material in the
security requirements. The commenters stated that the security
requirements are an undue burden on industry because the fleeting
facilities are remote and routinely inaccessible by shore.
We developed the fleeting facility security requirements because
these facilities may, if they fleet hazardous barges, be involved in a
transportation security incident. Remoteness or inaccessibility of
fleeting facilities will be factors to consider during the Facility
Security Assessment and will be key in determining the security
measures to be implemented.
One commenter noted that Sec. 105.105(a)(4) does not apply to
barges in a gas-free state, and suggested that we amend this paragraph
to read, ``whether loaded, unloaded, or gas-free.''
Section 105.105(a)(4) applies to those barges that are actually
loaded with cargoes regulated under 46 CFR subchapter D or O, not those
that are gas-free. Barges that are gas-free are unlikely to be involved
in a transportation security incident.
Three commenters recommended that we amend Sec. 105.105(c)(3) to
clarify the applicability of facilities that support the production,
exploration, or development, of oil and natural gas.
We agree with the commenters that the exemptions in Sec.
105.105(c)(3) are confusing and are amending this section for clarity.
Two commenters requested exemptions for ``facilities that handle
certain fertilizers,'' stating that they do not pose risks to human
health or the
[[Page 60518]]
environment from a transportation security perspective. The commenters
requested that we exempt facilities that handle only certain non-
hazardous fertilizers from the requirements of part 105, stating that
these facilities are not likely to be involved in a transportation
security incident.
Our risk assessment determined that facilities that receive vessels
on international voyages, including those that carry non-hazardous
fertilizers, may be involved in a transportation security incident. We
are not, therefore, amending the applicability for facilities in part
105 to exempt these facilities. The facility owner or operator may
apply to the Commandant (G-MP) for a waiver as specified in Sec.
105.130. Because a Facility Security Plan is based on the results of
the Facility Security Assessment, the security measures implemented
will be tailored to the operations of the facility. Those security
measures will be appropriate for that facility, but will differ from
the measures implemented at a facility that handles dangerous goods or
hazardous substances.
One commenter stated that we needed to clarify how the regulations
apply to facilities in ``caretaker status.''
Facilities operating with ``caretaker status'' as defined in 33 CFR
154.105, that are not engaged in any of the activities regulated under
part 105, will be covered under parts 101 through 103. Facilities in
``caretaker status'' engaging in or intending to engage in any of the
activities regulated under Sec. 105.105 must comply with part 105 by
conducting a Facility Security Assessment and, 60 days prior to
beginning operations, submitting a Facility Security Plan to the local
COTP for approval. In such situations, the ``caretaker'' is the ``owner
or operator'' as that term is defined in the regulations.
Six commenters stated that part 105 should not apply to marinas
that receive a small number of passenger vessels certificated to carry
more than 150 passengers or to ``mixed-use or special-use facilities
which might accept or provide dock space to a single vessel'' because
the impact on local business in the facility could be substantial. Two
commenters stated that private and public riverbanks should not be
required to comply with part 105 because ``there is no one to complete
a Declaration of Security with, and no way to secure the area, before
the vessel arrives.'' Two commenters stated that facilities that are
``100 percent public access'' should not be required to comply with
part 105 because these types of facilities are ``vitally important to
the local economy, as well as to the host municipalities.'' This
commenter also stated that vessels certificated to carry more than 150
passengers frequently embark guests at private, residential docks and
small private marinas for special events such as weddings and
anniversaries and may visit such a dock only once.
We agree that the applicability of part 105 to facilities that have
minimal infrastructure, but are capable of receiving passenger vessels,
is unclear. Therefore, in the final rule for part 101, we added a
definition for a ``public access facility'' to mean a facility approved
by the cognizant COTP with public access that is primarily used for
purposes such as recreation or entertainment and not for receiving
vessels subject to part 104. By definition, a public access facility
has minimal infrastructure for servicing vessels subject to part 104
but may receive ferries and passenger vessels other than cruise ships,
ferries certificated to carry vehicles, or passenger vessels subject to
SOLAS. Minimal infrastructure would include, for example, bollards,
docks, and ticket booths, but would not include, for example, permanent
structures that contain passenger waiting areas or concessions. We have
not allowed public access facilities to be designated if they receive
vessels such as cargo vessels because such cargo-handling operations
require additional security measures that public access facilities
would not have. We amended part 105 to exclude these public access
facilities, subject to COTP approval, from the requirements of part
105. We believe this construct does not reduce security because the
facility owner or operator or entity with operational control over
these types of public access facilities still has obligations for
security that will be detailed in the AMS Plan, based on the AMS
Assessment. Additionally, Vessel Security Plans must address security
measures for using the public access facility. This exemption does not
affect existing COTP authority to require the implementation of
additional security measures to deal with specific security concerns.
We have also amended Sec. 103.505, to add public access facilities to
the list of elements that must be addressed within the AMS Plan.
We received 26 comments dealing with the definition of
``facility.'' One commenter asked whether a facility that is inside a
port that handles cargo or containers, but does not have direct water
access, is covered under the definition of facility. Another commenter
recommended that the definition specify that facilities without water
access and that do not receive vessels be exempt from the requirements.
One commenter asked whether small facilities located inland on a river
would be subject to part 105 if they receive vessels greater than 100
gross registered tons on international voyages. One commenter asked
whether a company that receives refined products via pipeline from a
dock facility that the company does not own qualifies as a regulated
facility. One commenter asked whether part 105 applies to facilities at
which vessels do not originate or terminate voyages. Two commenters
stated that the word ``adjacent'' in the definition should be changed
to read ``immediately adjacent'' to the ``navigable waters.'' One
commenter suggested that, in the definition, the word ``adjacent'' be
defined in terms of a physical distance from the shore and the terms
``on, in, or under'' and ``waters subject to the jurisdiction of the
U.S.'' be clarified. Two commenters understand the definition of
``facility'' to possibly include overhead power cables, underwater pipe
crossings, conveyors, communications conduits crossing under or over
the water, or a riverbank. One commenter asked for a blanket exemption
for electric and gas utilities. One commenter suggested rewriting the
applicability of ``facilities'' in plain language or, alternatively,
providing an accompanying guidance document to help owner and operators
determine whether their facilities are subject to these regulations.
One commenter asked us to clarify which facilities might ``qualify''
for future regulation and asked us to undertake a comprehensive review
of security program gaps and overlaps, in coordination with DHS. One
commenter stated that a facility that receives only vessels in ``lay
up'' or for repairs should not be required to comply with part 105.
We recognize that the definition of ``facility'' in Sec. 101.105
is broad, and we purposefully used this definition to be consistent
with existing U.S. statutes regarding maritime security. A facility
within an area that is a marine transportation-related terminal or that
receives vessels over 100 gross tons on international voyages is
regulated under Sec. 105.105. All other facilities in an area not
directly regulated under Sec. 105.105, such as some adjacent
facilities and utility companies, are covered under parts 101 through
103. If the COTP determines that a facility with no direct water access
may pose a risk to the area, the facility owner or operator may be
required to implement security
[[Page 60519]]
measures under existing COTP authority. With regard to facilities that
receive only vessels in ``lay up'' or for repairs, we amended the
regulations to define, using the definition of a general shipyard
facility from 46 CFR 298.2, and exempt general shipyard facilities from
the requirements of part 105 unless the facility is subject to 33 CFR
parts 126, 127, or 154 or provides any other service beyond those
services defined in Sec. 101.105 to any vessel subject to part 104. In
a similar manner, in part 105, we are also exempting facilities that
receive vessels certificated to carry more than 150 passengers if those
vessels do not carry passengers while at the facility nor embark or
disembark passengers from the facility. We exempted facilities that
receive vessels for lay-up, dismantling, or placing out of commission
to be consistent with the other changes we have discussed above. The
facilities listed in the amended Sec. 105.105 as exceptions and Sec.
105.110 as exemptions will be covered by the AMS Plan, and we intend to
issue further guidance on addressing these facilities in the AMS Plan.
Finally, while not in ``plain language'' format, we have attempted to
make these regulations as clear as possible. We have created Small
Business Compliance Guides, which should help facility owners and
operators determine if their facilities are subject to these
regulations. These Guides are available where listed in the
``Assistance for Small Entities'' section of this final rule.
Twelve commenters questioned our compliance dates. One commenter
stated that because the June 2004 compliance date might not be easily
achieved, the Coast Guard should consider a ``phased in approach'' to
implementation. Four commenters asked us to verify our compliance date
expectations and asked if a facility can ``gain relief'' from these
deadlines for good reasons.
The MTSA requires full compliance with these regulations 1 year
after the publication of the temporary interim rules, which were
published on July 1, 2003. Therefore, a ``phased in approach'' will not
be used. While compliance dates are mandatory, a vessel or facility
owner or operator could ``gain relief'' from making physical
improvements, such as installing equipment or fencing, by addressing
the intended improvements in the Vessel or Facility Security Plan and
explaining the equivalent security measures that will be put into place
until improvements have been made.
After further review of the rules, we are amending the dates of
compliance in Sec. 105.115(a) and (b), Sec. 105.120 introductory
text, and Sec. 105.410(a) to align with the MTSA and the International
Ship and Port Facility Security Code (ISPS Code) compliance dates. For
example, we are changing the deadline in Sec. 105.115(a) for
submitting a Facility Security Plan from December 29, 2003, to December
31, 2003.
One commenter requested that we clarify Sec. 105.125,
Noncompliance, to ``focus on only those areas of noncompliance that are
the core building blocks of the facility security program'' stating
that the section requires a ``self-report [of] every minor glitch in
implementation.''
We did not intend for Sec. 105.125 to require self-reporting for
minor deviations from these regulations if they are corrected
immediately. We have clarified Sec. Sec. 104.125, 105.125, and 106.120
to make it clear that owners or operators are required to request
permission from the Coast Guard to continue operations when temporarily
unable to comply with the regulations.
Three commenters recommended developing an International Maritime
Organization (IMO) list of port facilities to help foreign shipowners
identify U.S. facilities not in compliance with subchapter H. In a
related comment, there was a request for the Coast Guard to maintain
and publish a list of non-compliant facilities and ports because a COTP
may impose one or more control and compliance measures on a domestic or
foreign vessel that has called on a facility or port that is not in
compliance.
We do not intend to publish a list of each individual facility that
complies or does not comply with part 105. As discussed in the
temporary interim rule (68 FR 39262) (part 101), our regulations align
with the requirements of the ISPS Code, part A, section 16.5, by using
the AMS Plan to satisfy our international obligations to communicate to
IMO, as required by SOLAS Chapter XI-2, regulation 13.3, the locations
within the U.S. that are covered by an approved port facility security
plan. Any U.S. facility that receives vessels subject to SOLAS is
required to comply with part 105.
We received seven comments regarding waivers, equivalencies, and
alternatives. Three commenters appreciated the flexibility of the Coast
Guard in extending the opportunity to apply for a waiver or propose an
equivalent security measure to satisfy a specific requirement. Four
commenters requested detailed information regarding the factors the
Coast Guard will focus on when evaluating applications for waivers,
equivalencies, and alternatives.
The Coast Guard believes that equivalencies and waivers provide
flexibility for vessel owners and operators with unique operations.
Sections 104.130, 105.130, and 106.125 state that vessel or facility
owners or operators requesting waivers for any requirement of part 104,
105, or 106 must include justification for why the specific requirement
is unnecessary for that particular owner's or operator's vessel or
facility or its operating conditions. Section 101.120 addresses
Alternative Security Programs and Sec. 101.130 provides for
equivalents to security measures. We intend to issue guidance that will
provide more detailed information about the application procedures and
requirements for waivers, equivalencies, and the Alternative Security
Program.
After further review of parts 101 and 104-106, we have amended
Sec. Sec. 101.120(b)(3), 104.120(a)(3), 105.120(c), and 106.115(c) to
clarify that a vessel or facility that is participating in the
Alternative Security Program must complete a vessel or facility
specific security assessment report in accordance with the Alternative
Security Program, and it must be readily available.
One commenter stated that facilities should be permitted to use
equivalent security measures because facilities vary greatly in their
design and security risk profile.
We agree and have provided facilities the opportunity to apply for
approval of equivalent security measures in Sec. 105.135.
Subpart B--Facility Security Requirements
This subpart describes the responsibilities of the facility owner
or operator and personnel relative to facility security. It includes
requirements for training, drills, recordkeeping, and Declarations of
Security. It identifies specific security measures, such as those for
access control, cargo handling, monitoring, and particular types of
facilities.
Two commenters suggested that the Coast Guard should not regulate
security measures but should establish security guidelines based on
facility type, in essence creating a matrix with ``risk-levels'' and
identified suggested measures for facility security.
We cannot establish only guidelines because the MTSA and SOLAS
require us to issue regulations. We have provided performance-based,
rather than prescriptive, requirements in these regulations to give
owners or operators flexibility in developing security plans
[[Page 60520]]
tailored to vessels' or facilities' unique operations.
One commenter asked who would be ensuring the integrity of security
training and exercise programs.
Since the events of September 11, 2001, the Coast Guard has
developed a directorate responsible for port, vessel, and facility
security. This directorate oversees implementation and enforcement of
the regulations found in parts 101 through 106. Additionally, owners
and operators of vessels and facilities will be responsible for
recordkeeping regarding training, drills, and exercises, and the Coast
Guard will review these records during periodic inspections.
One commenter stated that it is appropriate for Federal, State, and
local authorities to assume responsibility for terminal security, and
that there must be a responsible party for the terminal at all times
whether a vessel is there or not.
Section 105.200(a) states that the owner or operator of the
facility must ensure that the facility operates in compliance with the
requirements of this part. Therefore, the owner or operator is
responsible for terminal security at all times whether or not a vessel
is at the facility.
Five commenters stated that the requirement of Sec. 105.200(b)(2),
which compels Facility Security Officers to implement security measures
in response to MARSEC Levels within 12 hours of notification would be
problematic, especially for facilities with limited manpower, and
during weekends, or nights.
We disagree with the commenters and believe that it is well within
reason to expect that Facility Security Officers can implement the
necessary security measures changes within 12 hours.
Two commenters recommended that the word ``adequate'' be deleted
from Sec. 105.200(b)(6) because the commenter believes that the
owners' or operators' definition of ``adequate'' might not be the same
as intended in the regulations.
The use of the word ``adequate'' throughout the regulations
emphasizes that minimal coordination of security issues may not be
sufficient and allows for differences in individual circumstances.
One commenter recommended that facility owners or operators should
limit access to vessels moored at the facility to those individuals and
organizations that conduct business with the vessel, contending that
the word ``visitor'' may have too broad a connotation.
The regulations provide flexibility to define who can have access
to a facility. The Facility Security Plan must contain security
measures for access control and can limit access to those individuals
and organizations that conduct business with the vessel. We do specify
that a facility must ensure coordination of shore leave for vessel
personnel or crew change-out, as well as access through the facility
for representatives of seafarers' welfare and labor organizations.
One commenter suggested adding a provision that would allow
unimpeded access for passengers to board charterboats at facilities
regulated under part 105, stating that the ``extraordinary measures''
required to ensure facility security could hamper public entrance to
these facilities.
A facility owner or operator must coordinate access to the facility
with vessel personnel under Sec. 105.200(b)(7); however, that owner or
operator is also required to implement security measures that include
access control. We did not allow any group of vessel passengers or
personnel unimpeded access to a facility regulated under this
subchapter because it would undermine the purpose of access control. A
facility owner or operator may impede passengers' access to
charterboats if he or she perceives that these passengers pose a risk,
are at risk, or if such passage is not in compliance with the
facility's security plan.
Nineteen commenters were concerned about the rights of seafarers at
facilities. One commenter stated that the direct and specific
references to shore leave in the regulations conform exactly with his
position and the widespread belief that shore leave is a fundamental
right of a seaman. One commenter stated that coordinating mariner shore
leave with facility operators is important and should be retained,
stating that shore leave for ships' crews exists as a fundamental
seafarers' right that can be denied only in compelling circumstances.
The commenter also stated that chaplains should continue to have access
to vessels, especially during periods of heightened security. Four
commenters requested that the regulations require facilities to allow
vessel personnel access to the facilities for shore leave, or other
purposes, stating that shore leave is a basic human right and should
not be left to the discretion of the terminal owner or operator. One
commenter stated that seafarers are being denied shore leave as they
cannot apply for visas in a timely manner and that seafarers who meet
all legal requirements should be permitted to move to and from the
vessel through the facility, subject to reasonable requirements in the
Facility Security Plan. One commenter stated that it is the
responsibility of the government to determine appropriate measures for
seafarers to disembark. One commenter encouraged the government to
expedite the issuance of visas for shore leave.
We agree that coordinating mariner shore leave and chaplains'
access to vessels with facility operators is important and should be
retained. Sections 104.200(b)(6) and 105.200(b)(7) require owners or
operators of vessels and facilities to coordinate shore leave for
vessel personnel in advance of a vessel's arrival. We have not
mandated, however, that facilities allow access for shore leave because
during periods of heightened security shore leave may not be in the
best interest of the vessel personnel, the facility, or the public.
Mandating such access could infringe on private property rights;
however, we strongly encourage facility owners and operators to
maximize opportunities for mariner shore leave and access to the vessel
through the facility by seafarer welfare organizations. The Coast Guard
does not issue, nor can it expedite the issuing of, visas.
Additionally, visas are a matter of immigration law and are beyond the
scope of these rules. Finally, it should also be noted that the
government has treaties of friendship, commerce, and with several
nations. These treaties provide that seafarers shall be allowed ashore
by public authorities when they and the vessel on which they arrive in
port meet the applicable requirements or conditions for entry. We have
amended Sec. Sec. 104.200(b) and 105.200(b) to include language that
treaties of friendship, commerce, and navigation should be taken into
account when coordinating access between facility and vessel owners and
operators.
Three commenters stated that many of the requirements of Sec.
104.265, security measures for access control, should not apply to
unmanned vessels because there is no person on board the vessel at most
times.
We disagree. The owner or operator must ensure the implementation
of security measures to control access because unmanned barges directly
regulated under this subchapter may be involved in a transportation
security incident. As provided in Sec. 104.215(a)(4), the Vessel
Security Officer of an unmanned barge must coordinate with the Vessel
Security Officer of any towing vessel and Facility Security Officer of
any facility to ensure the implementation of security measures for the
unmanned barge. We have amended Sec. 105.200 to clarify the facility
owner's or operator's responsibility for the implementation of security
measures for
[[Page 60521]]
unattended or unmanned vessels while moored at a facility.
Four commenters stated that any future interim rules should not
apply to certain waterfront areas, such as seafarers' welfare centers
and clubs, and that these areas should not be considered facilities
subject to the regulations under part 105.
Seafarers' welfare centers and clubs are not specifically regulated
under part 105 unless these facilities are contained within a marine
transportation-related facility. Any future rulemakings regarding these
types of centers or clubs would be subject to notice and comment.
One commenter requested that we amend Sec. 105.200(b)(9) to
clarify that owners or operators must report ``transportation''
security incidents because the word ``transportation'' is missing.
We agree with the commenter and have amended the section
accordingly. This language is now found in Sec. 105.200(b)(10).
Five commenters supported the Coast Guard in not specifically
defining training methods. Another commenter agrees with the Coast
Guard's position that the owner or operator may certify that the
personnel with security responsibilities are capable of performing the
required functions based upon the competencies listed in the
regulations. Two commenters stated that formal security training for
Facility Security Officers and personnel with security related duties
become mandatory as soon as possible. One commenter stated that they
were concerned with the lack of formal training for Facility Security
Officers.
As we explained in the temporary interim rule (68 FR 39263) (part
101), there are no approved courses for facility personnel and,
therefore, we intend to allow Facility Security Officers to certify
that personnel holding a security position have received the training
required to fulfill their security duties. Section 109 of the MTSA
required the Secretary of Transportation to develop standards and
curricula for the education, training, and certification of maritime
security personnel, including Facility Security Officers. The Secretary
delegated that authority to the Maritime Administration (MARAD). MARAD
has developed model training standards and curricula for maritime
security personnel, including Facility Security Officers. In addition,
MARAD intends to develop course approval and certification requirements
in the near future.
Three commenters stated that it would be difficult for smaller
companies to meet the qualification requirements for Facility Security
Officers that are set out in Sec. 105.205.
We recognize that some companies will find it harder than others to
locate individuals who are qualified to serve as Facility Security
Officers. We believe there is flexibility in the structure of our
requirements, and therefore these requirements are able to take this
into account. We allow Facility Security Officers to have general
knowledge, which they may acquire through training or through
equivalent job experience. Formal training is not a prerequisite in the
designation of a Facility Security Officer. We also allow an individual
to serve as a Facility Security Officer on a collateral-duty basis, to
serve as the Facility Security Officer for multiple facilities, and to
delegate duties, all of which make it easier for companies to identify
and designate qualified Facility Security Officers.
Fifteen commenters asked that the Coast Guard re-examine the
requirement that if a Facility Security Officer serves more than one
facility, those facilities must be no further than 50 miles apart. The
commenters argued that companies with multiple facilities should be
able to assign Facility Security Officer delegations, regardless of
distance between facilities, especially since this section allows the
Facility Security Officer to delegate security duties to other
personnel, so long as he or she retains final responsibility for these
duties. Four of these commenters did not support the limitation on
Facility Security Officers from serving facilities in different COTP
zones, even if the facilities are within 50 miles of each other. One
commenter stated that many facilities that are not co-located may be
managed as multiple site complexes using shared operational and
administrative resources, and that, as such, they should have one
Facility Security Officer assigned to them regardless of the distance
between them.
We believe these commenters misinterpreted Sec. 105.205(a)(2).
There is no requirement that the Facility Security Officer must be
situated within any particular distance of the facilities for which he
or she serves. Section 105.205(a)(2) pertains to the maximum distance
between the individual facilities that can be served by a single
Facility Security Officer. We determined that a distance of 50 miles
between facilities within a single COTP zone was appropriate for
several reasons. During our initial public meetings we received
comments from many small facility operators who have numerous similarly
designed, equipped and operated facilities in proximity to each other.
They believed that a single Facility Security Officer could adequately
meet the responsibilities set out in Sec. 105.205(c) in situations
like this. The 50-mile distance requirement was determined because
facilities sharing a similar design, equipment, and operations would
often share other similar characteristics such as geography,
infrastructure, proximity to population centers, and common emergency
response and crisis management authorities. In addition to the 50-mile
limit, we require all single Facility-Security-Officer-served-
facilities to be within a single COTP zone because the COTP is the
Facility Security Plan approving authority, and the COTP, as Federal
Maritime Security Coordinator, is the Federal official charged with
communicating the MARSEC Levels to the Facility Security Officer. We
have not specified where the designated Facility Security Officer must
be in proximity to the facilities he or she serves. However, it is our
opinion that in order to effectively carry out the duties and
responsibilities specified in Sec. 105.205(c), the Facility Security
Officer should be able to easily make on-site facility visits of
sufficient frequency and scope so as to be able to effectively monitor
compliance with the requirements established in 33 CFR part 105.
Nine commenters requested formal alternatives to Facility Security
Officers, Company Security Officers, and Vessel Security Officers much
like the requirements of the Oil Pollution Act of 1990, which allow for
alternate qualified individuals.
Parts 104, 105, and 106 provide flexibility for a Company, Vessel,
or Facility Security Officer to assign security duties to other vessel
or facility personnel under Sec. Sec. 104.210(a)(4), 104.215(a)(5),
105.205(a)(3), and 106.210(a)(3). An owner or operator is also allowed
to designate more than one Company, Vessel, or Facility Security
Officer. Because Company, Vessel, or Facility Security Officer
responsibilities are key to security implementation, vessel and
facility owners and operators are encouraged to assign an alternate
Company, Vessel, or Facility Security Officer to coordinate vessel or
facility security in the absence of the primary Company, Vessel, or
Facility Security Officer.
One commenter stated that allowing the Vessel Security Officer and
Facility Security Officer to perform collateral non-security duties is
not an adequate response to risk.
[[Page 60522]]
Security responsibilities for the Company, Vessel, and Facility
Security Officers in parts 104, 105, and 106 may be assigned to a
dedicated individual if the owners or operators believe that the
responsibilities and duties are best served by a person with no other
duties.
Two commenters stated that the Facility Security Officer should be
allowed to assign the day-to-day security activities to other
personnel.
The regulations, allow for the Facility Security Officers to assign
security duties to other facility personnel under Sec. 105.205(a)(3).
After further review of Sec. 105.205, we are amending Sec.
105.205(c)(11) to clarify that the responsibilities of the Facility
Security Officer includes the execution of any required Declarations of
Security with the Masters, Vessel Security Officers, or their
designated representatives.
Two commenters suggested that ferries be exempt from the ``while at
sea'' clause in Sec. 104.220(i) that requires company or vessel
personnel responsible for security duties to have knowledge on how to
test and calibrate security equipment and systems and maintain them,
arguing that ferries are not oceangoing and, therefore, typically use a
manufacturer's service representative to perform equipment testing and
calibration while at the dock. In addition, one commenter requested
clarification on whether a manufacturer's technical expert could be
used to perform regularly planned maintenance at the ferry terminal.
We disagree with exempting ferry or facility security personnel
from understanding how to test, calibrate, or maintain security
equipment and systems. However, Sec. Sec. 104.220 and 105.210 provide
the company the flexibility to determine who should have an
understanding of how to test, calibrate, and maintain security
equipment and systems. By stating ``company and vessel personnel
responsible for security duties must * * * as appropriate,'' we have
allowed a company to write a Vessel or Facility Security Plan that
outlines responsibilities for security equipment and systems. If the
company chooses to have company security personnel hold that
responsibility, then vessel or facility security personnel would simply
have to know how to contact the correct company security personnel and
know how to implement interim measures as a result of equipment
failures either at sea or in port. Sections 104.220 and 105.210 do not
preclude a manufacturer's service representative from performing
equipment maintenance, testing, and calibration.
One commenter stated that crowd management and control techniques,
under Sec. 105.210(e), should not be required of facility personnel
with security duties, stating that this function is solely a
responsibility of public responders.
We believe that crowd management and control techniques may be
appropriate for facility security personnel with certain security
duties. The overall security and safe operation of a facility rests
with the owner or operator of that facility. It is not outside the
realm of facility personnel's duties to consider security and their
role in minimizing risk, including crowd management and control
techniques.
Two commenters requested that ferries and their terminals be exempt
from conducting physical screening and, therefore, should also be
exempt from Sec. Sec. 104.220(l) and 105.210(l), which require
security personnel to know how to screen persons, personal effects,
baggage, cargo, and vessel stores.
We disagree with exempting ferries and their terminals from the
screening requirement and, therefore, will continue to require that
certain security personnel understand the various methods that could be
used to conduct physical screening. Because ferries certificated to
carry more than 150 passengers and the terminals that serve them may be
involved in a transportation security incident, it is imperative that
security measures such as access control be implemented. Section
104.292 provides passenger vessels and ferries alternatives to
identification checks and passenger screening. However, it does not
provide alternatives to the requirements for cargo or vehicle
screening. Thus, ferry security personnel assigned to screening duties
should know the methods for physical screening. There is no
corresponding alternative to Sec. 104.292 for terminals serving
ferries carrying more than 150 passengers; therefore, terminal security
personnel assigned to screening duties should also know the methods for
physical screening.
One commenter suggested exempting ferry terminals from Sec.
105.210(l) concerning methods of physical screening of persons,
personal effects, baggage, cargo, and vessel stores because ``it is not
applicable.''
We disagree that all ferry terminals should be exempted, as this
comment appears to presuppose that portions of the regulations are not
applicable to all ferry terminals. We determined that facilities that
receive vessels certificated to carry more than 150 passengers are at
risk of being involved in a transportation security incident and are
regulated under Sec. 105.105.
Forty-one commenters requested that Sec. Sec. 104.225, 105.215,
and 106.220 be either reworded or eliminated because the requirement to
provide detailed security training to all contractors who work in a
vessel or facility or to facility employees, even those with no
security responsibilities such as a secretary or clerk, is impractical,
if not impossible. The commenters stated that, unless a contractor has
specific security duties, a contractor should only need to know how,
when, and to whom to report anything unusual as well as how to react
during an emergency. One commenter suggested adding a new section that
listed specific training requirements for contractors and vendors.
The requirements in Sec. Sec. 104.225, 105.215, and 106.220 are
meant to be basic security and emergency procedure training
requirements for all personnel working in a vessel or facility. In most
cases, the requirement is similar to the basic safety training given to
visitors to ensure they do not enter areas that could be harmful. To
reduce the burden of these general training requirements, we allowed
vessel and facility owners and operators to recognize equivalent job
experience in meeting this requirement. However, we believe contractors
need basic security training as much as any other personnel working on
the vessel or facility. Depending on the vessel or facility, providing
basic security training (e.g., how and when to report information, to
whom to report unusual behaviors, how to react during a facility
emergency) could be sufficient. To emphasize this, we have amended
Sec. Sec. 104.225, 105.215, and 106.220 to clarify that the owners or
operators of vessels and facilities must determine what basic security
training requirements are appropriate for their operations.
One commenter agreed with our inclusion of tabletop exercises as a
cost-effective means of exercising the security plan.
Eleven commenters requested clarification on drills and exercises.
One commenter suggested that an exercise be defined as a tabletop
exercise, while a drill be a one-topic, specific exercise that is one-
hour in length and is easily incorporated into daily operating
activities. The commenter also suggested that the frequency of exercise
requirements be extended to once every three years. Additionally, two
commenters requested that security drills and exercises be integrated
with non-security drills and exercises. Two commenters requested that
certain
[[Page 60523]]
facilities be allowed to deviate from the requirements in Sec.
105.220. Two commenters stated that exercises should be a company-wide
test of a company's security readiness. One commenter requested a
waiver from the three drills per year requirement, based upon facility
size.
We disagree that exercises should be exclusively tabletop
exercises. Under Sec. 105.220(c), exercises may be full scale or live,
tabletop simulation, or seminar or combined with other appropriate
exercises as stated in Sec. 105.220(c)(2)(i-iii). Section 105.220(b)
provides enough flexibility for drills to allow them to be incorporated
into daily operations. We do not disagree that a drill may be
accomplished in a one-hour period but believe that the length of time
would actually depend on which portion of the security plan the drill
is testing. Therefore, we did not constrict or prescribe a drill time-
length in the regulation. We believe that annual exercises are
necessary for each facility to maintain an adequate level of security
readiness. These security exercises, however, may be part of a
cooperative exercise program with applicable facility and vessel
security plans or comprehensive port exercises as stated in Sec.
105.220(c)(3). We agree that the exercises should be a company-wide
test of a company's security readiness in its areas of operation.
Additionally, any facility owner or operator may request a waiver from
any of the security requirements, in light of the operating conditions
of the facility, in accordance with Sec. 105.130.
Four commenters suggested that security drills are not needed when
the only option is to call ``911.''
Although calling ``911'' may test one element of the Facility
Security Plan, additional drills are required to cover the other
elements of the Facility Security Plan to ensure its effective
implementation.
Nine commenters stated that companies should be able to take credit
toward fulfilling the drill and exercise requirements for actual
incidents or threats, as under Sec. 103.515.
We agree that, during an increased MARSEC Level, vessel and
facility owners and operators may be able to take credit for
implementing the higher security measures in their security plans.
However, there are cases where a vessel or facility implementing a
Vessel or Facility Security Plan may not attain the higher MARSEC Level
or otherwise not be required to implement sufficient provisions of the
plan to qualify as an exercise. Therefore, we have amended parts 104,
105, and 106 to allow an actual increase in MARSEC Level to be credited
as a drill or an exercise if the increase in MARSEC Level meets certain
parameters. In the case of OCS facilities, this type of credit must be
approved by the Coast Guard in a manner similar to the provision found
in Sec. 103.515 for the AMS Plan requirements.
One commenter stated that the language in Sec. 105.225, regarding
recordkeeping, does not specify where the records should be kept. The
commenter stated that it is presumed that such records may be kept off-
site in a secure location accessible to the Facility Security Officer
and other appropriate personnel. One commenter asked for clarification
of sensitive security information because there is no suitable place
for such information to be protected on board an unmanned vessel. One
commenter recommended that records be kept onshore and not on board the
vessel.
Sections 104.235(a) and 105.225(a) state that the records must be
made available to the Coast Guard upon request, and Sec. Sec.
104.235(c) and 105.225(c) state that the records must be protected from
unauthorized access. Therefore, a facility or vessel owner or operator
must ensure that records are kept safely and also are available for
inspection by the Coast Guard upon request, but the records do not
necessarily have to be kept at the facility or on the vessel.
One commenter asked for a definition of ``security equipment'' and
suggested using the term ``security system'' instead. The commenter
also asked how much detail must be included in records of maintenance,
calibration, and testing.
Depending on how a facility owner or operator decides to implement
the security measures of this part, either term would be appropriate.
Some may choose to install stand-alone equipment, while others may
choose to have an integrated security system. We did not prescribe
specific details for recordkeeping of security equipment because of the
diverse possibilities of implementation. The intent of the
recordkeeping requirements in Sec. 105.225 was to keep a general log
of calibration, testing, and maintenance performed.
Two commenters recommended that a sentence be added to the end of
Sec. 105.225(b)(1) that reads: ``Short domain awareness and other
orientation type training that may be given to contractor and other
personnel temporarily at the facility and not involved in security
functions need not be recorded.'' The commenters stated that this
change would eliminate the unnecessary recordkeeping for this general
``domain awareness'' training.
We agree that the recordkeeping requirements in Sec. 105.225 for
training are broad and may capture training that, while necessary, does
not need to be formally recorded. Therefore, we have amended the
requirements in Sec. 105.225(b)(1) to only record training held to
meet Sec. 105.210. We have also made corresponding changes to
Sec. Sec. 104.235(b)(1) and 106.230(b)(1).
Six commenters stated that the majority of the recordkeeping
requirements for facilities and OCS facilities were overly burdensome
and unnecessary. One commenter suggested adding exemptions to Sec.
105.110(b) to exempt public access areas from the recordkeeping
requirements under Sec. Sec. 105.225(b)(3), (b)(4), (e)(8) and (e)(9).
We disagree with the commenters. Recordkeeping serves the vital
function of documenting compliance with the regulations. We also
disagree that exemptions from the recordkeeping requirements are
appropriate for public access areas. We note that there is no Sec.
105.225(e).
We received 28 comments regarding communication of changes in the
MARSEC Levels. Most commenters were concerned about the Coast Guard's
capability to communicate timely changes in MARSEC Levels to facilities
and vessels. Some stressed the importance of MARSEC security
information reaching each port area in the COTP's zone and the entire
maritime industry. Some stated that local Broadcast Notice to Mariners
and MARSEC Directives are flawed methods of communication and stated
that the only acceptable ways to communicate changes in MARSEC Levels,
from a timing standpoint, are via email, phone, or fax as established
by each COTP.
MARSEC Level changes are generally issued at the Commandant level
and each Marine Safety Office (MSO) will be able to disseminate them to
vessel and facility owners or operators, or their designees, by various
ways. Communication of MARSEC Levels will be done in the most
expeditious means available, given the characteristics of the port and
its operations. These means will be outlined in the AMS Plan and
exercised to ensure vessel and facility owners and operators, or their
designees, are able to quickly communicate with us and vice-versa.
Because MARSEC Directives will not be as expeditiously communicated as
other COTP Orders and are not meant to communicate changes in MARSEC
Levels, we have amended Sec. 101.300 to remove the reference to MARSEC
Directives.
[[Page 60524]]
Six comments were received concerning the requirement that
facilities communicate changes in MARSEC Levels to vessels. Four
commenters requested that OCS facilities only notify those vessels
subject to part 104 of a change in MARSEC Level, instead of notifying
all vessels conducting operations with the OCS facility, vessels moored
to a facility, or scheduled to arrive within 96 hours.
We disagree with the commenter. Although vessels not covered under
part 104 may not be likely to be involved in a transportation security
incident, they may interface with facilities that are likely to be
involved in a transportation security incident. Therefore, the Coast
Guard requires facilities to transmit the necessary information on
MARSEC Levels to all vessels they interface with regardless of whether
the vessels have their own Vessel Security Plan to ensure that security
at the facilities is not compromised.
We received 15 comments on the facility owner's or operator's
responsibility to communicate changes in MARSEC Levels to vessels bound
for the facility. Nine commenters noted that it would be difficult and
impractical for facilities to notify vessels 96 hours prior to arrival
of changes in MARSEC Levels because some vessels and facilities do not
have a means to provide secure communications. Three commenters stated
that facilities should not be responsible for notifying vessels that
have not arrived at the facility of MARSEC Level changes. In contrast,
one commenter suggested that the Coast Guard amend Sec. 101.300(a) to
include a provision for facilities to notify vessels of MARSEC Level
changes within 96 hours, much like that which is currently found in
Sec. 105.230(b)(1).
The intent of the regulations was to give vessel owners or
operators the maximum amount of time possible to ensure the higher
MARSEC Level is implemented on the vessel prior to interfacing with a
facility. This ensures that the facility's security at the higher
MARSEC Level is not compromised when the vessel arrives. Therefore,
while it may be difficult to contact a vessel in advance of its
arrival, it is imperative for the security of the facility and the
vessel. Additionally, communications between the facility and the
vessel do not need to be secure, as MARSEC Levels are not classified
information. We have not amended Sec. 101.300(a), as the commenter
suggested, because this section is intended to regulate communication
at the port level, whereas Sec. 105.230(b)(1) is intended to regulate
communication at the individual facilities within the port.
Seven commenters stated that although facility or vessel personnel
need to understand the current MARSEC Level and have a heightened state
of awareness, in most cases, the specifics of the threat should not be
disclosed.
It is necessary for the vessel or facility personnel to know about
threats to the vessel or facility because this helps to focus their
attention on specific attempts or types of threats to the vessel or
facility. To balance this need with sensitive security concerns,
Sec. Sec. 104.240(c) and 105.230(c) give the owners or operators
discretion in deciding how much specific information needs to be
disclosed to facility or vessel personnel.
Thirty-three commenters stated that the public lacks either the
authority or the expertise for implementing the security measures for
MARSEC Level 3, which include armed patrols, waterborne security, and
underwater screening.
We disagree and believe that owners and operators have the
authority to implement the identified security measures. For example,
it is well settled under the law of every State that an employer may
maintain private security guards or private security police to protect
his or her property. The regulations do not require owners or operators
to undertake law enforcement action, but rather to implement security
measures consistent with their longstanding responsibility to ensure
the security of their vessels and facilities, as specifically
prescribed by 33 CFR 6.16-3 and 33 CFR 6.19-1, by: deterring
transportation security incidents; detecting an actual or a threatened
transportation security incident for reporting to appropriate
authorities; and, as authorized by the relevant jurisdiction, defending
themselves and others against attack. It is also important to note that
the security measures identified by these commenters, while listed in
Sec. Sec. 104.240(e) and 105.230(e), are not exclusive and only relate
to MARSEC Level 3 implementation. In many instances, the owner or
operator may decide to implement these security measures through
qualified contractors or third parties who can provide any expertise
that is lacking within the owner's or operator's own organization and
who also have the required authority.
One commenter asked for clarification of Sec. 104.240(b)(2)
because ``facility and barge fleets have control of unmanned vessels''
moored at their facilities.
We agree that the owners and operators of barge fleeting facilities
have control of unmanned vessels that are moored at their facilities.
As such, it is the responsibility of the facility owner or operator to
ensure that the COTP is notified when compliance with a higher MARSEC
Level has been implemented at the facility, including on the unmanned
vessels moored at the facility.
Two commenters stated that Sec. 105.235(b) requires an effective
means of communications be in place and documented in the facility
plan. One of the commenters asked if it was acceptable to communicate
with the vessel through the person in charge.
Section 105.235(b) provides enough flexibility that it may be
appropriate to list the person in charge, as defined in 33 CFR part
155, as a means of communication in the Facility Security Plan,
provided it meets with the approval of the cognizant COTP.
Two commenters suggested that the Coast Guard should be responsible
for facilitating communications between vessels and facilities.
We believe that it is the Coast Guard's role to ensure that vessels
and facilities have the proper procedures and equipment for
communicating with each other. The Coast Guard does have communication
responsibilities, as found in Sec. 101.300. It is imperative, however,
that vessels and facilities effectively communicate with each other in
order to coordinate the implementation of security measures. Thus, we
have placed this requirement on the owner or operator, not the Coast
Guard. The Coast Guard will be inspecting facilities and vessels to
ensure this communication is accomplished.
We received 14 comments about the length of the effective period of
a continuing Declaration of Security for each MARSEC Level. Five
commenters stated that there is little need to renew a Declaration of
Security every 90 days and that it should instead be part of an annual
review of the Vessel Security Plan. Three commenters stated that the
effective period of MARSEC Level 1 should not exceed 180 days while the
effective period for MARSEC Level 2 should not exceed 90 days. One
commenter noted that a vessel may execute a continuing Declaration of
Security and assumed that this means that a Declaration of Security for
a regular operating public transit system is good for the duration of
the service route. Three commenters recommended that the effective
period for a Declaration of Security be either 90 days or the term for
which a vessel's service
[[Page 60525]]
to an OCS facility is contracted, whichever is greater. Two commenters
recommended allowing ferry service operators and facility operators to
enact pre-executed MARSEC Level 2 condition agreements rather than
initiating a new Declaration of Security at every MARSEC Level change.
We disagree with these comments and believe that continuing
Declaration of Security agreements between vessel and facility owners
and operators should be periodically reviewed to respond to the
frequent changes in operations, personnel, and other conditions. We
believe that the Declaration of Security ensures essential security-
related coordination and communication among vessels and facilities.
Renewing a continuing Declaration of Security agreement requires only a
brief interaction between vessel and facility owners and operators to
review the essential elements of the agreement. Additionally, at a
heightened MARSEC Level, that threat must be assessed and a new
Declaration of Security must be completed. Less frequent review, such
as during an annual or biannual review of the Vessel Security Plan,
does not provide adequate oversight of the Declaration of Security
agreement to ensure all parties are aware of their security
responsibilities.
Five commenters requested that Sec. 104.255(c) and (d) be amended
so that a Declaration of Security need not be exchanged when conditions
(e.g., adverse weather) would preclude the exchange of the Declaration
of Security.
We are not amending Sec. 104.255(c) and (d) because as stated in
Sec. 104.205(b), if in the professional judgment of the Master a
conflict between any safety and security requirements applicable to the
vessel arises during its operations, the Master may give precedence to
measures intended to maintain the safety of the vessel and take such
temporary security measures as deemed best under all circumstances.
Therefore, if the Declaration of Security between a vessel and facility
could not be safely exchanged, the Master would not need to exchange
the Declaration of Security before the interface. However, under
Sec. Sec. 104.205(b)(1), (b)(2), and (b)(3), the Master would have to
inform the nearest COTP of the delay in exchanging the Declaration of
Security, meet alternative security measures considered commensurate
with the prevailing MARSEC Level, and ensure that the COTP was
satisfied with the ultimate resolution. In reviewing this provision, we
realized that a similar provision to balance safety and security was
not included in parts 105 or 106. We have amended these parts to give
the owners or operators of facilities the responsibility of resolving
conflicts between safety and security.
Five commenters asked whether a company could have an agreement
with a facility that outlines the responsibilities of all the company's
vessels instead of a separate Declaration of Security for each vessel.
The commenters stated that this would make the Declaration of Security
more manageable for companies, vessels, and facilities that frequently
interface with each other. One commenter raised a similar concern
regarding barges and tugs conducting bunkering operations. One
commenter suggested that Declarations of Security not be required when
the vessels and ``their docking facilities'' share a common owner.
As stated in Sec. Sec. 104.255(e), 105.245(e), and 106.250(e), at
MARSEC Levels 1 and 2, owners or operators may establish continuing
Declaration of Security procedures for vessels and facilities that
frequently interface with each other. These sections do not preclude
owners and operators from developing Declaration of Security procedures
that could apply to vessels and facilities that frequently interface.
However, as stated in Sec. Sec. 104.255(c) and (d), 105.245(d), and
106.250(d), at MARSEC Level 3, all vessels and facilities required to
comply with parts 104, 105, and 106 must enact a Declaration of
Security agreement each time they interface. We believe that, even when
under common ownership, vessels and facilities must coordinate security
measures at higher MARSEC Levels and therefore should execute
Declarations of Security. For MARSEC Level 1, only cruise ships and
vessels carrying Certain Dangerous Cargoes (CDC) in bulk, and
facilities that receive them, even when under common ownership, are
required to complete a Declaration of Security each time they
interface.
Two commenters did not support the restriction on the Facility
Security Officer from being able to delegate authority to other
security personnel in periods of MARSEC Levels 2 and 3. The commenters
suggested that the Coast Guard use the same language in Sec.
105.245(b), which allows the Facility Security Officer to delegate
authority to a designated representative to sign and implement a
Declaration of Security at MARSEC Levels 2 and 3.
Section 105.205 allows the Facility Security Officer to delegate
security duties to other facility personnel. This delegation applies to
the authority of the Facility Security Officer to sign and implement a
Declaration of Security at MARSEC Levels 2 and 3. In order to clarify
the regulations, however, we have amended Sec. 105.245(d) to include
the language found in Sec. 105.245(b), allowing the Facility Security
Officer to delegate this authority. We have also made the same change
in Sec. 106.250(d).
Three commenters suggested that the regulation should require that
the Vessel Security Officer and Facility Security Officer have
verified--via e-mail, phone, or other suitable means prior to the
vessel's arrival in the port--that the provisions of the Declaration of
Security remain valid.
We disagree that there is a need to specify the means of
communicating between the Vessel Security Officer and the Facility
Security Officer about the provisions of the Declaration of Security.
To maintain flexibility, the regulations neither preclude nor mandate a
specific means to use when discussing a Declaration of Security.
Eight commenters stated that there is significant confusion
regarding the requirements to complete Declarations of Security,
especially when dealing with unmanned barges. One commenter asked if a
Declaration of Security is required when an unmanned barge is ``being
dropped'' at a facility or when ``changing tows.''
We agree with the commenter and are amending Sec. Sec. 104.255(c)
and (d) and 106.250(d) to clarify that unmanned barges are not required
to complete a Declaration of Security at any MARSEC Level. This aligns
these requirements with those of Sec. 105.245(d). At MARSEC Levels 2
and 3, a Declaration of Security must be completed whenever a manned
vessel that must comply with this part is moored to a facility or for
the duration of any vessel-to-vessel interface.
Three commenters asked when the Coast Guard would communicate
standards for U.S. flag vessels and facilities as to the timing and
format of a Declaration of Security. One commenter requested
information about how Declaration of Security requirements will be
communicated to and coordinated with vessels that do not regularly call
on U.S. ports and specific facilities.
As specified in Sec. 101.505, the format of a Declaration of
Security is described in SOLAS Chapter XI-2, Regulation 10, and the
ISPS Code. The timing requirements for the Declaration of Security are
specified in Sec. Sec. 104.255 and 105.245. The format for a
Declaration of Security can be found as an appendix to the ISPS Code.
We agree that the format requirement was not clearly included in Sec.
101.505(a) when we called out the incorporation by reference.
Therefore,
[[Page 60526]]
we have explicitly included a reference to the format in Sec.
101.505(b).
One commenter wanted to know who will become the arbiter in the
event of a disagreement between a vessel and a facility, or between two
vessels, in regards to the Declaration of Security.
We do not anticipate this will be a frequent problem. The
regulations do not provide for or specify an arbiter in the event that
an agreement cannot be reached for a Declaration of Security. It is
important to note that failure to resolve any such disagreement prior
to the vessel-to-facility interface may result in civil penalties or
other sanctions.
Five commenters suggested that we add language to the requirements
for security systems and equipment maintenance in Sec. Sec. 105.250
and 106.255 to allow facility and OCS facility owners or operators to
develop and follow other procedures which the owner or operator has
found to be more appropriate through experience or other means.
The intent of the security systems and equipment maintenance
requirement is to require the use of the manufacturer's approved
procedures for maintenance. If owners or operators have found other
methods to be more appropriate, they may apply for equivalents
following the procedures in Sec. Sec. 105.135 or 106.130.
One commenter suggested that the Coast Guard establish additional
criteria for certain expensive security equipment (such as access
controls, lighting, and surveillance). The commenter said this would be
helpful in ensuring a minimum compliance standard for those equipment
elements that will be most costly to owners and operators.
Our regulations set performance standards. Some industry standards
already exist or are being developed by trade or standards-setting
organizations. Owners and operators may assess their own security needs
and the measures that best meet those needs, given the particular
characteristics and unique operations of their vessels or facilities.
One commenter stated that Sec. 105.255(a) regarding access control
should explicitly state that the implementation of security measures
should be based on the type of cargo handled and the Facility Security
Assessment.
We are not amending Sec. 105.255(a) because, through the
development of the Facility Security Assessment and Facility Security
Plan, the cargo handled should be a primary consideration of a
facility's vulnerability to a transportation security incident. The
security measures implemented will be based on the Facility Security
Assessment and Facility Security Plan, which expressly account for the
facility's specific operations.
We received nine comments dealing with facility access control as
it pertains to identification checks. Seven commenters asked us to add
regulatory language to stipulate what will be accepted forms of
identification for representatives from Federal agencies, because there
is no standardized requirement for these representatives to carry their
agency identification at all times and some agencies believe an officer
in uniform and carrying a badge should be sufficient identification to
gain access to a facility. One commenter suggested that security plans
include access control measures specifically aimed at fumigators.
As part of the requirements for access control in Sec.
105.255(e)(3), a facility owner or operator must conduct a check of the
identification of any person seeking to enter the facility, including
vessel passengers and crew, facility employees, Federal agency
representatives, vendors (such as fumigators), personnel duly
authorized by the cognizant authority, and visitors. We have provided
minimum standards for identification in Sec. 101.515, which must be
met by all persons requesting access. This includes Federal agency
representatives, and means that just a uniform will not be sufficient
to meet the minimum standard set in Sec. 101.515, and only those
badges meeting that standard will be acceptable.
It should be noted that, with respect to Federal agency
representatives, we have amended Sec. 101.515 by adding a new
provision to clarify that the identification and access control
requirements of this subchapter must not be used to delay or obstruct
authorized law enforcement officials from being granted access to the
vessel, facility, or OCS facility. Authorized law enforcement officials
are those individuals who have the legal authority to go on the vessel,
facility, or OCS facility for purposes of enforcing or assisting in
enforcing any applicable laws. This authority is evident by the
presentation of identification and credentials that meet the
requirements of Sec. 101.515, as well as other factors such as the
uniforms and markings on law enforcement vehicles and vessels. Delaying
or obstructing access to authorized law enforcement officials by
requiring independent verification or validation of their
identification, credential, or purposes for gaining access could
undermine compliance and inspection efforts, be contrary to enhancing
security in some instances, and be contrary to law. Failure or refusal
to permit an authorized law enforcement official presenting proper
identification to enter or board a vessel, facility, or OCS facility
will subject the operator or owner of the vessel, facility, or OCS
facility to the penalties provided in law. In addition, an owner or
operator of a vessel (including the Master), facility, or OCS facility
that reasonably suspects individuals of using false law enforcement
identification or impersonating a law enforcement official to gain
unauthorized access, should report such concerns immediately to the
COTP.
Seven commenters suggested that, instead of requiring disciplinary
measures to discourage abuse of identification systems, the Coast Guard
should merely require companies to develop policies and procedures that
discourage abuse. One commenter opposed provisions of these rules
relating to identification checks of passengers and workers. The
commenter stated that these provisions threaten constitutional rights
to privacy, travel, and association, and are too broad for their
purpose. The commenter argued that identification methods are
inaccurate or unproven and can be abused, and that the costs of
requiring identification checks outweigh the proven benefit.
We recognize the seriousness of the commenters' concerns, but
disagree that provisions for checking passenger and worker
identification should be withdrawn. Identification checks, by
themselves, may not ensure effective access control, but they can be
critically important in attaining access control. Our rules implement
the MTSA and the ISPS Code by requiring vessel and facility owners and
operators to include access control measures in their security plans.
However, instead of mandating uniform national measures, we leave
owners and operators free to choose their own access control measures.
In addition, our rules contain several provisions that work in favor of
privacy. Identification systems must use disciplinary measures to
discourage abuse. Owners and operators can take advantage of rules
allowing for the use of alternatives, equivalents, and waivers.
Passenger and ferry vessel owners or operators are specifically
authorized to develop alternatives to passenger identification checks
and screening. Signage requirements ensure that passengers and workers
will have advance notice of their liability for screening or
inspection. Vessel owners and operators are required to give particular
consideration to the convenience, comfort, and personal privacy of
vessel personnel. Taken as a whole, these rules strike the proper
[[Page 60527]]
balance between implementing the MTSA's provisions for deterring
transportation security incidents and preserving constitutional rights
to privacy, travel, and association.
Four commenters asked for amendments to Sec. Sec. 105.255(c)(2)
and 106.260(c)(2) to include coordination with aircraft identification
systems, when practicable, in addition to coordination with vessel
identification systems as a required access control measure.
We agree with the commenters, and have amended Sec. Sec.
105.255(c)(2) and 106.260(c)(2) to reflect this clarification. Most
facilities, including OCS facilities, are accessible by multiple forms
of transportation; therefore, coordination with identification systems
used by those forms of transportation should enhance security.
One commenter asked if the Coast Guard would issue guidelines on
screening.
The Coast Guard intends to coordinate with the Transportation
Security Administration (TSA) and the Bureau of Customs and Border
Protection (BCBP) in publishing guidance on screening to ensure that
such guidance is consistent with intermodal policies and standards of
TSA, and the standards and programs of BCBP for the screening of
international passengers and cargo. Additionally, TSA is developing a
list of items prohibited from being carried on board passenger vessels.
One commenter asked if there is a difference between the terms
``screening'' and ``inspection'' as used in Sec. 104.265(e)(2),
requiring conspicuously posted signs.
In 33 CFR subchapter H, the terms ``screening'' and ``inspection''
fully reflect the types of examinations that may be conducted under
Sec. Sec. 104.265, 105.255, and 106.260. Therefore, both terms are
included to maximize clarity.
We received 10 comments regarding signage and posting of signs. Ten
commenters stated that posting new signs required in Sec.
104.265(e)(2) aboard unmanned barges to describe security measures in
place is unnecessary because existing signs indicate that visitors are
not permitted aboard. One commenter stated that the requirements in
Sec. 105.255(e)(2) regarding signage are too prescriptive and believed
that facilities should be allowed to post signs as they deem necessary
and not attract additional attention.
We disagree with the comment and believe that signs, appropriately
posted, serve as a deterrent against unauthorized entry and provide
awareness for facility security personnel. Although signage is
primarily aimed at manned vessels, we extended this to all vessels
because all vessels may on occasion be boarded by persons whose entry
would subject them to possible screening. If existing signs accomplish
this, the owner or operator is in compliance with the regulation.
We received two comments on vehicle searches. One commenter stated
that vehicle screenings prior to boarding vessels ``are not
warranted.'' One commenter suggested that the government is responsible
for vehicle inspections and searches.
We disagree. Vehicles may be used to cause a transportation
security incident. Therefore the screening of vehicles is warranted,
and we have required the owner or operator to ensure this is done.
We received comments from other Federal agencies requesting that
government-owned vehicles on official business be exempt from screening
or inspection. We have amended section 105.255(e)(1) and (f)(7)
accordingly. This does not exempt government personnel from presenting
identification credentials, on demand, for entry onto vessels or
facilities.
One commenter requested that owners or operators of small private
facilities be exempt from the requirement to screen baggage, under
Sec. 105.255, because they do not deal with passengers.
Section 105.255(e)(1) states that owners or operators must screen
baggage at the rate specified in the facility's approved security plan.
Because Facility Security Plans are tailored to the specific facility,
it is possible that an approved plan could have very different baggage-
screening provisions from a larger facility that serves multiple
vessels. It is also possible that an approved plan could have
provisions for coordinating baggage screening with vessels. However, we
consider baggage screening an imperative security provision and have
not exempted it in this final rule.
Eight commenters suggested that access control aboard OCS
facilities only be required when an unscheduled vessel is forced to
discharge passengers for emergency reasons, and that the provisions of
Sec. 105.255 and Sec. 106.260 be the responsibility of the shoreside
facility and the vessel owner. The commenter stated that the need to
duplicate the process at the facility is wasteful. The commenters asked
for amendments to Sec. 105.255 and Sec. 106.260 in order to make
clear that security controls should be established shoreside.
The Coast Guard believes that access control must be established to
ensure that the people on board any vessel or facility are identified
and permitted to be there. We recognize that access control and
personal identification checks at both the shoreside and OCS facility
could be duplicative, and did not intend to require this duplication,
unless needed. Our regulations provide the flexibility to integrate
shoreside screening into OCS facility security measures. We note,
however, that the OCS facility owner or operator retains ultimate
responsibility for ensuring that access control measures are
implemented. This means that, where integrated shoreside screening is
implemented, the OCS facility owner or operator should have a means to
verify that the shoreside screening is being done in accordance with
the Facility Security Plan and these regulations. Even if integrated
shoreside screening is arranged, the Facility Security Plan must also
contain access control provisions for vessels or other types of
transportation conveyances that do not regularly call on the OCS
facility or might not use the designated shoreside screening process.
One commenter asked for clarification on whether fencing was
required and the dates by which the construction of the fences should
be accomplished, stating that fences could make normal business
operations difficult.
The Coast Guard does not mandate fencing to prevent unauthorized
access. Section 105.255 gives facility owners and operators the
flexibility to implement those security measures that meet the specific
performance standards for access control. Facilities must submit their
security plan for approval by the Coast Guard on or before December 31,
2003, and must be operating under a plan approved by the Coast Guard by
July 1, 2004. If a facility owner or operator intends to make physical
improvements, such as installing fencing, but has not done so, this can
be addressed in the Facility Security Plan. However, until improvements
have been made, equivalent security measures must be explained in the
Facility Security Plan and implemented.
In reviewing sections dealing with access control requirements, we
noted an omission in text and are amending Sec. 104.265(b) to include
a verb in the sentence for clarity. We are also mirroring this
clarification in Sec. Sec. 105.255(b) and 106.260(b).
Nine commenters were concerned about the designation of restricted
areas. Six commenters requested that the Coast Guard clarify the
wording in
[[Page 60528]]
Sec. Sec. 104.270(b) and 105.260(b) that states ``Restricted areas
must include, as appropriate:'' because it is contradictory to impose a
requirement with the word ``must,'' while offering the flexibility by
stating ``as appropriate.'' One commenter stated that the provision
that allows owners or operators to designate their entire facility as a
restricted area could result in areas being designated as restricted
without any legitimate security reason.
We believe that the current wording of Sec. Sec. 104.270(b),
105.260(b), and 106.265(b) is acceptable. While the word ``must''
requires owners or operators to designate restricted areas, the word
``appropriate'' allows flexibility for owners or operators to restrict
areas that are significant to their operations. The regulations provide
for the entire facility to be designated as a restricted area, whereby
a facility owner or operator would then be required to provide
appropriate security measures to prevent unauthorized access into the
entire facility.
One commenter asked us to provide alternatives, including the use
of locks, to the restricted-access control measures specified in Sec.
105.260(d).
The measures specified in Sec. 105.260(d) do not constitute an
exclusive list; however, in Sec. 105.260(d)(2) we specifically provide
for the use of measures to secure access points that are not in active
use, and this could include the use of locks.
One commenter stated that his facility could not implement the
requirements of Sec. 105.260(e)(4) regarding restricting parking
adjacent to vessels because the facility does not own the area where
those vehicles are parked. The commenter also stated that the facility
does not own the area where vessels are unloaded.
Designating the area of the facility that is adjacent to a vessel a
restricted area is of importance because vehicles may be used to cause
a transportation security incident. Section 105.260(b)(1) requires, as
appropriate, that areas adjacent to a vessel be designated as a
restricted area. Section 105.260(e)(4) further emphasizes the
importance of limiting parking near a vessel during heightened threat.
The specific security measures implemented at the facility will be
based on the Facility Security Assessment and Facility Security Plan,
which expressly account for the facility's specific operations and the
vessels it receives. Under certain circumstances, as documented in the
facility security assessment report, it may be appropriate to park a
properly screened vehicle alongside a vessel. However, in other
circumstances it may be inappropriate based on the type of cargo and
vessel involved and the current MARSEC Level. One way for a facility
operator to restrict parking near the vessel is to coordinate
arrangements with the neighboring facility owner so the area can be
controlled. The Coast Guard will take into account issues concerning
the individual responsibilities and jurisdiction of operators and the
owners when reviewing the Facility Security Plan.
Two commenters suggested that Sec. 105.265, ``Security Measures
for Handling Cargo'' should state that it is applicable only to
facilities that receive vessels that handle cargo.
We agree that only facilities that receive vessels that handle
cargo should comply with Sec. 105.265. Facilities that receive vessels
that do not handle cargo do not have to comply with Sec. 105.265.
One commenter stated that the language in Sec. 105.265(c) does not
define the term ``active.'' The commenter wanted to know if the Coast
Guard has developed an internal interpretation as to what is meant by
``active'' access points and whether it is appropriate to assume that
the facility has the discretion of identifying those access points.
Access points to the facility that can be used for entering or
exiting a facility should be blocked during heightened security levels.
Any access point to a facility that can be used for entering or exiting
a facility is considered an active access point.
Three commenters asked for editorial revisions in Sec. 105.265(a).
One commenter asked us to revise Sec. 105.265(a)(2), which requires
facilities to ``prevent cargo that is not meant for carriage from being
accepted and stored.'' The commenter stated that the section, as
written, would preclude facilities from engaging in some legitimate
activities such as warehousing or temporary storage. One commenter
suggested adding the word ``unidentified'' before the word ``cargo'' in
Sec. 105.265(a)(6) because some facilities only store goods and do not
transport them. One commenter asked why the term ``location'' is used
twice in Sec. 105.265(a)(9).
We agree with the commenter that many waterfront facilities may be
used for warehousing or temporary storage of goods, etc., that are not
intended for carriage in maritime commerce. We have amended Sec.
105.265(a)(2) to make it clear that facility owners or operators can
store items that will not be shipped in maritime commerce if they do so
knowingly. We have not added the word ``unidentified'' in this
amendment because only identified items can be stored. We have reviewed
and agree that the use of the word ``location'' twice in Sec.
105.265(a)(9) is redundant. We have amended this section to remove the
redundancy.
One commenter asked us to confirm its inference that Sec.
105.265(a)(6) allows for the legitimate accumulation of cargo for a yet
to be determined vessel, or for operational reasons by either the
vessel or facility operator.
We agree with the commenter's interpretation. Facility owners or
operators may accept cargo that does not have a confirmed date for
loading, if they determine that it is appropriate to do so under the
circumstances.
Three commenters requested clarification on the restrictions of
cargo entering a facility. Two commenters asked us to clarify the
requirements in Sec. 105.265(a)(6) so that its restriction on entry of
cargo to a facility would only apply to break-bulk and packaged cargo
shipments, and would exclude bulk-liquid facilities. One commenter
asked us to exempt bulk cargo facilities from the requirements of Sec.
105.265.
We disagree with the commenters. The intent of this regulation is
to ensure that only those cargoes that have a legitimate reason for
being at the facility are allowed entry. By excluding certain cargoes,
as suggested by the commenters, the intent of the regulation would be
weakened, and we do not see an improvement in security derived from the
suggestion.
Fourteen commenters stated that the requirements in Sec. 104.275
regarding cargo handling are overly burdensome and difficult to
implement. One commenter suggested that the regulations ensure that
empty containers be opened and inspected. Three commenters stated it is
not possible for a vessel owner or operator to ensure that cargo is not
tampered with prior to being loaded, to identify cargo being brought on
board, or to check cargo for dangerous substances. One commenter stated
that imports should be screened at the loading port, not after they
arrive in the U.S., and that the U.S. focus should be on knowing with
whom vessel owners and operators are doing business. One commenter
urged that the final rule clarify whether coordinating security
measures with the shipper or other responsible party is mandatory. One
commenter stated that checking cargo for dangerous substances and
devices is a governmental function. Three commenters stated that the
requirement in Sec. 105.265(a)(9) to maintain a continuous inventory
of all dangerous goods and hazardous substances passing through the
facility
[[Page 60529]]
is unnecessarily burdensome and should be deleted.
We recognize that screening for dangerous substances and devices is
a complex and technically difficult task to implement. We have amended
Sec. Sec. 104.275 and 105.265 to clarify that cargo checks should be
focused on the cargo, containers, or other cargo transport units
arriving at or on the facility or vessel to detect evidence of
tampering or to prevent cargo that is not meant for carriage from being
accepted and stored at the facility without the knowing consent of the
facility owner or operator. Screening of vehicles remains a requirement
under these regulations; however, checking cargo containers may be
limited to external examinations to detect signs of tampering,
including checking of the integrity of seals. The issue of cargo
screening will be addressed by TSA, BCBP, and other appropriate
agencies through programs such as the Customs-Trade Partnership Against
Terrorism (C-TPAT), the Container Security Initiative (CSI),
performance standards developed under section 111 of the MTSA, and the
Secure Systems of Transportation (SST) under 46 U.S.C. 70116. The
requirement to ensure the coordination of security measures with the
shipper or other party aligns with the ISPS Code. It is intended that
provisions be coordinated when there are regular or repeated cargo
operations with the same shipper. This facilitates security between the
shipper and the facility, therefore, we have made this type of
coordination mandatory. We have, however, amended Sec. Sec.
104.275(a)(5) and 105.265(a)(8) to clarify that this coordination is
only required for frequent shippers. The requirements in Sec.
105.265(a)(9) may be challenging to implement, but the requirements are
consistent with the ISPS Code, part B. We believe that a continuous
inventory of goods is important to the security of facilities,
especially for those that handle dangerous goods or hazardous
substances and may be involved in a transportation security incident.
Ten commenters were concerned about health and occupational safety
during inspection of cargo spaces. Five commenters raised this concern
in connection with tank barges under Sec. 104.275(b) and (c) vessel
security measures for handling cargo. Two other commenters raised the
concern under the facility cargo handling requirements in Sec.
105.265(b)(1) and (b)(4).
Under Sec. 104.275, we provide flexibility in how cargo spaces
must be checked. This allows owners and operators to take safety into
account in devising cargo check procedures. To emphasize safety during
cargo operations, we have amended Sec. Sec. 104.275(b)(1) and
105.265(b)(1) to reflect that a check on cargo and cargo spaces should
be done unless it is unsafe to do so. We did not amend Sec.
104.275(b)(4) in a similar manner because if the check of seals or
other methods used to prevent tampering is unsafe for vessel personnel
to conduct, they should liaise with the facility to ensure this is
done.
One commenter requested changes in the MARSEC Level 2 cargo
handling provisions of Sec. 105.265(c). The commenter stated that the
container segregation provisions of paragraph (c)(5) are impractical,
and that the provision in paragraph (c)(7) for limiting the number of
locations where dangerous goods or hazardous substances are stored
would merely create easier targets for terrorists.
We agree that the requirement in Sec. 105.265(c)(5) could be
impractical for the majority of cargo operations; however, it should be
noted that this section lists various methods to use in order to meet
MARSEC Level 2. It was neither an exhaustive list nor a mandated one.
To list an alternative cargo handling option, we have changed Sec.
105.265(c)(5) by removing the requirement for cargo segregation and
replacing it with the option to coordinate cargo shipments with regular
shippers as was mentioned in Sec. 105.265(a). This change now aligns
the facility cargo handling security measures with those found in Sec.
104.275 for vessels, as appropriate. We did not amend Sec.
105.265(c)(7) because we believe there may be circumstances when the
requirement is desirable because it facilitates other security measures
such as monitoring and access control.
Two commenters stated that fleeting facilities should not be exempt
from the requirements for security measures for delivery of vessel
stores and bunkers because at some fleeting areas, stores are put on
board vessels, surveyors collect samples, and equipment repairs are
completed.
We believe that certain activities, such as provisions being put on
board vessels, surveyors collecting samples, and equipment repairs done
at the fleeting facility, occur so infrequently that they would be
adequately covered by the security measures of the involved vessels or
barges. Those fleeting facilities where these activities routinely
occur should take those activities into consideration in their Facility
Security Assessments.
One commenter stated that, as detailed in Sec. 105.270, the
facility's responsibilities for the security of vessel stores are
excessive. The commenter said that anything beyond validating the
vendor's identity and the stores order should be the government's
responsibility.
We disagree with the commenter. A facility is a vital link in the
transfer of vessel stores from vendor to vessel. Our requirements focus
on the safety and integrity of stores brought into the facility and on
preserving stores from tampering while they are at the facility, and
therefore help protect both the facility and those whom it serves.
Two commenters stated that the facility's responsibilities for the
security of vessel stores as detailed in Sec. 105.270 are less
restrictive than security measures for handling cargo. The commenter
recommended combining the security requirements for stores and bunkers
with those requirements for handling cargo. One commenter stated that
the delivery of vessel stores and bunkers are usually coordinated with
the ship's agent and not the facility, and therefore the facility owner
or operator should not be required to ensure that security measures are
implemented.
We disagree with the commenters. We allow for the owner or operator
to enact scalable measures that can provide for different levels of
security. The owner or operator may enact more stringent measures for
stores and bunkers to match those for handling cargo if desired.
However, procedures for vessel stores and bunkers are appreciably
different than procedures for most other cargo handling and usually
involve different personnel; therefore, we have retained the language
in Sec. 105.270. Further, we believe that the facility owner or
operator has the responsibility for providing appropriate security
measures for all deliveries on the facility.
We received ten comments questioning our use of the words
``continuous'' or ``continuously'' in the regulations. Four commenters
requested that we amend language in Sec. 104.245(b) by replacing the
word ``continuous'' with the word ``continual,'' stating that
``continuous'' implies that there must be constant and uninterrupted
communications. One commenter requested that we amend language in Sec.
104.285(a)(1) by replacing the word ``continuously'' with the word
``continually,'' stating that ``continuously'' implies that there must
be constant and uninterrupted application of the security measure. One
commenter requested that we amend language in Sec. 106.275 to replace
the word ``continuously'' with the word ``frequently.'' One commenter
[[Page 60530]]
recommended that instead of using the word ``continuously'' in Sec.
105.275, the Coast Guard revise the definition of monitor to mean a
``systematic process for providing surveillance for a facility.'' One
commenter stated that the continuous monitoring requirements in Sec.
106.275 place a significant burden on the owners and operators of OCS
facilities because increased staff levels would be necessary to keep
watch not only in the facility, but also in the surrounding area.
We did not amend the language in Sec. Sec. 104.245(b) 105.235(b),
or 106.240(b) because the sections require that communications systems
and procedures must allow for ``effective and continuous
communications.'' This means that vessel owners or operators must
always be able to communicate, not that they must always be
communicating. Similarly, Sec. Sec. 104.285, 105.275, and 106.275, as
a general requirement, require vessel and facility owners or operators
to have the capability to ``continuously monitor.'' This means that
vessel and facility owners or operators must always be able to monitor.
We have amended Sec. Sec. 104.285(b)(4) and 106.275(b)(4) to use the
word ``continuously'' instead of ``continually'' to be consistent with
Sec. 105.275(b)(1). This general requirement is further refined in
Sec. Sec. 104.285, 105.275,and 106.275, in that the Vessel and
Facility Security Plans must detail the measures sufficient to meet the
monitoring requirements at the three MARSEC Levels.
One commenter asked how the Coast Guard defines ``critical vessel-
to-facility interface operations'' that need to be maintained during
transportation security incidents.
Section 104.290(a) requires vessel owners or operators to ensure
that the Vessel Security Officer and vessel security personnel can
respond to threats and breaches of security and maintain ``critical
vessel and vessel-to-facility interface operations,'' while paragraph
(e) of that section requires non-critical operations to be secured in
order to focus response on critical operations. The Coast Guard does
not define the critical operations that need to be maintained during
security incidents, because these will vary depending on a vessel's
physical and operational characteristics, but requires each vessel to
provide its own definition as part of its Vessel Security Plan. Section
104.305(d) requires that they discuss and evaluate in the Vessel
Security Assessment report key vessel measures and operations,
including operations involving other vessels or facilities.
Two commenters supported the exemption from this part for those
facilities that have designated public access areas. One commenter
suggested that ferries be exempted from screening unaccompanied
baggage. One commenter recommended that we explicitly exempt public
access areas from MARSEC Level 2 and 3 passenger screening and
identification requirements.
We do not intend to exempt unaccompanied baggage from screening
since we believe that it is absolutely necessary to screen
unaccompanied baggage. We have amended the regulations to clarify the
requirements for passenger vessels, ferries, and public access areas in
Sec. 105.285 and to exempt public access areas from the MARSEC Level 2
and 3 passenger screening and identification requirements in Sec.
105.110.
One commenter asked us to define the term ``CDC facility'' used in
Sec. 105.295, and recommended that the section should apply only when
CDC is actually present on a facility.
A CDC facility is a ``facility'' that handles ``certain dangerous
cargo (CDC).'' Both of these terms are defined in Sec. 101.105. We
disagree that Sec. 105.295 should apply only when CDC is actually
present on a facility, because the measures required by the section
must be taken in advance so that they can be implemented when CDC is
present. It should be noted that when defining what constitutes a CDC,
we referenced Sec. 160.204 to ensure consistency in Title 33. We are
constantly reviewing and, when necessary, revising the CDC list based
on additional threat and technological information. Changes to Sec.
160.204 would affect the regulations in 33 CFR subchapter H because any
changes to the CDC list would also affect the applicability of
subchapter H. Any such change would be the subject of a future
rulemaking.
Six commenters inquired whether Sec. 105.295(b)(2) requires
personnel to be present or if electronic equipment, such as cameras or
monitors watched by personnel, may be used to satisfy the requirement.
Cameras or monitors watched by personnel could be used to meet the
requirements of Sec. 105.275, Security measures for monitoring, for
MARSEC Level 1. However, the intent of Sec. 105.295(b)(2), Additional
requirements--Certain Dangerous Cargo (CDC) facilities, is to provide a
higher level of security at MARSEC Level 2 or 3 for facilities handling
CDCs. Guards and patrols provide a visible deterrent which we believe
is an appropriate higher standard of security for CDC facilities
because of the risk they pose if involved in a transportation security
incident. To clarify, we are amending Sec. 105.295(b)(2) by removing
the words ``guard or'' to eliminate any ambiguity as to the need for a
physical presence at a facility that handles CDC during MARSEC Levels 2
and 3. The intent of these regulations is to provide a higher level of
security for these facilities.
Five commenters stated that the additional requirements for barges
in fleeting facilities (as stated in Sec. 105.296) should only apply
to CDC barges at MARSEC Level 1.
We disagree that the additional requirements for barges in fleeting
facilities should only apply to CDC barges at MARSEC Level 1. In order
to protect the facilities and barges, the requirements applying to
barges carrying CDC should also apply to those carrying cargoes subject
to subchapters D or O at MARSEC Level 1.
Nine commenters stated that barges with CDC, subject to 46 CFR
subchapters D or O, should be segregated ``as appropriate,'' or based
on the results of a security assessment, because segregation of tank
barges can be impractical when trying to assemble or break down a mixed
tow and may only create a more attractive target for would-be
terrorists.
We recognize that facility owners and operators need flexibility in
storing and handling barges and have modified Sec. 105.296 by removing
the requirement to segregate barges carrying CDC or cargos subject to
46 CFR subchapters D or O. Instead, we have required barges carrying
these cargoes to be kept within a restricted area. This will allow
facility owners and operators to store other barges within the
restricted area. The regulations do not prohibit or require that the
assembly or break down of tows occur within the restricted area. The
security measures that will be applied while assembling or breaking
tows must be addressed in the Facility Security Plan. We have also
amended, for clarity, the requirements of part 105 so that it only
applies to those barges that carry cargo regulated under 46 CFR
subchapters D or O in bulk by amending Sec. Sec. 105.105 and 105.296.
Six commenters asked us to clarify whether Sec. 105.296 requires
one towing vessel per 100 barges that carry CDC.
As written, Sec. 105.296 requires one towing vessel per 100
barges, which means any type of barge, irrespective of cargo. It should
be noted that this requirement conforms to the existing 1-to-100 tug/
barge ratio that already exists in 33 CFR part 165 during high water
conditions.
Two commenters stated that most barge fleeting facilities are
difficult to
[[Page 60531]]
access by land and patrolling the shoreside is impractical. One
commenter stated that it would be very difficult to coordinate shore-
side patrols when the facility owner does not own the land.
We recognize that it may be difficult to monitor or patrol remote
barge fleeting facilities. However, we have determined that barge
fleeting facilities may be involved in a transportation security
incident if fleeting barges carry dangerous goods or hazardous
substances. Section 105.296 does allow facility owners and operators to
use monitoring in remote locations as an alternative to shore-side
patrols.
Two commenters encouraged the formal training of Coast Guard Port
State Control officers in enforcing these regulations to include the
details of security systems and procedures, the details of security
equipment, and the elements of knowledge required of the Vessel
Security Officer and Facility Security Officer.
The Coast Guard conducts comprehensive training of its personnel
involved in ensuring the safety and security of facilities and
commercial vessels. We continually update our curriculum to encompass
new requirements, such as the Port State Control provisions of the ISPS
Code. This training, however, is beyond the scope of this rule.
Subpart C--Facility Security Assessment (FSA)
This subpart describes the content and procedures for Facility
Security Assessments.
We received 22 comments pertaining to sensitive security
information and its disclosure. Twelve commenters requested that the
Coast Guard delete the requirements that the Facility Security
Assessment or Vessel Security Assessment be included in the submission
of the Facility Security Plan or Vessel Security Plan respectively,
stating that the security assessments are of such a sensitive nature
that risk of disclosure is too great. Four commenters stated that the
form CG-6025 ``Facility Vulnerability and Security Measures Summary''
should be sufficient for the needs of the Coast Guard and would promote
facility security. Two commenters stated that there are too many ways
for the general public to gain access to sensitive security
information. One commenter stated that it was not clear how the Coast
Guard would safeguard sensitive security information. One commenter
stated that training for personnel in parts of the Facility Security
Plan should not require access to the Facility Security Assessment.
Sections 104.405, 105.405, and 106.405 require that the security
assessment report be submitted with the respective security plans. We
believe that the security assessment report must be submitted as part
of the security plan approval process because it is used to determine
if the security plan adequately addresses the security requirements of
the regulations. The information provided in form CG-6025 will be used
to assist in the development of AMS Plans. The security assessments are
not required to be submitted. To clarify that the report, not the
assessment, is what must be submitted with the Vessel or Facility
Security Plan, we are amending Sec. 104.305 to add the word ``report''
where appropriate. We have also amended Sec. Sec. 105.305 and 106.305
for facilities and OCS facilities, respectively. Additionally, we have
amended these sections so that the Facility Security Assessment report
requirements mirror the Vessel Security Assessment report requirements.
All of these requirements were included in our original submission to
OMB for ``Collection of Information'' approval, and there is no
associated increase in burden in our collection of information summary.
We also acknowledge that security assessments and security assessment
reports have sensitive security information within them, and that they
should be protected from unauthorized access under Sec. Sec.
104.400(c), 105.400(c), and 106.400(c). Therefore, we are amending
Sec. Sec. 104.305, 105.305, and 106.305 to clarify that all security
assessments, security assessment reports, and security plans need to be
protected from unauthorized disclosure. The Coast Guard has already
instituted measures to protect sensitive security information, such as
security assessment reports and security plans, from disclosure.
Ten commenters addressed the disclosure of security plan
information. One commenter seemed to advocate making security plans
public. One commenter was concerned that plans will be disclosed under
the Freedom of Information Act (FOIA). One commenter requested that
mariners and other employees whose normal working conditions are
altered by a Vessel or Facility Security Plan be granted access to
sensitive security information contained in that plan on a need-to-know
basis. One commenter stated that Company Security Officers and Facility
Security Officers should have reasonable access to AMS Plan information
on a need-to-know basis. One commenter stated that the Federal
government must preempt State law in instances of sensitive security
information because of past experience with State laws that require
full disclosure of public documents. Three commenters supported our
conclusion that the MTSA and our regulations preempt any conflicting
State requirements. Another commenter is particularly pleased to
observe the strong position taken by the Coast Guard in support of
Federal preemption of possible State and local security regimes. One
commenter supported our decision to designate security assessments and
plans as sensitive security information.
Portions of security plans are sensitive security information and
must be protected in accordance with 49 CFR part 1520. Only those
persons specified in 49 CFR part 1520 will be given access to security
plans. In accordance with 49 CFR part 1520 and pursuant to 5 U.S.C.
552(b)(3), sensitive security information is generally exempt from
disclosure under FOIA, and TSA has concluded that State disclosure laws
that conflict with 49 CFR part 1520 are preempted by that regulation.
46 U.S.C. 70103(d) also provides that the information developed under
this regulation is not required to be disclosed to the public. However,
Sec. Sec. 104.220, 104.225, 105.210, 105.215, 106.215, and 106.220 of
these rules state that vessel and facility personnel must have
knowledge of relevant provisions of the security plan. Therefore,
vessel and facility owners or operators will determine which provisions
of the security plans are accessible to crewmembers and other
personnel. Additionally, COTPs will determine what portions of the AMS
Plan are accessible to Company or Facility Security Officers.
Information designated as ``sensitive security information'' is
generally exempt under FOIA, and TSA has concluded that State
disclosure laws that conflict with 49 CFR part 1520 are preempted by
that regulation. 46 U.S.C. 70103(d) also provides that the information
developed under this regulation is not required to be disclosed to the
public.
Two commenters stated that our regulations suggest that information
designated as sensitive security information is exempt from FOIA. One
commenter suggested that all documentation submitted under this rule be
done pursuant to the Homeland Security Act of 2002, to afford a more
legally definite protection against disclosure.
``Sensitive security information'' is a designation mandated by
regulations promulgated by TSA and may be found
[[Page 60532]]
in 49 CFR part 1520. These regulations state that information
designated as sensitive security information may not be shared with the
general public. FOIA exempts from its mandatory release provisions
those items that other laws forbid from public release. Thus, security
assessments, security assessment reports, and security plans, which
should be designated as sensitive security information, are all exempt
from release under FOIA.
We received four comments regarding the use of third party
companies to conduct security assessments. Two commenters asked if we
will provide a list of acceptable assessment companies because of the
concern that the vulnerability assessment could ``fall into the wrong
hands.'' One commenter requested that the regulations define
``appropriate skills'' that a third party must have in order to aid in
the development of security assessments. One commenter stated that the
person or company conducting the assessment might not be reliable.
We will not be providing a list of acceptable assessment companies,
nor will we define ``appropriate skills.'' It is the responsibility of
the vessel or facility owner or operator to vet companies that assist
them in their security assessments. In the temporary interim rule (68
FR 39254), we stated, ``we reference ISPS Code, part B, paragraph 4.5,
as a list of competencies all owners and operators should use to guide
their decision on hiring a company to assist with meeting the
regulations. We may provide further guidance on competencies for
maritime security organizations, as necessary, but do not intend to
list organizations, provide standards within the regulations, or
certify organizations.'' We require security assessments to be
protected from unauthorized disclosures and will enforce this
requirement, including through the penalties provision, in Sec.
101.415.
Six commenters suggested that a template for security assessments
and plans be provided for affected entities. One commenter specifically
asked for guidance templates for barge fleeting facilities.
We intend to develop guidelines for the development of security
assessments and plans. Additionally, the regulations allow owners and
operators of facilities and vessels to implement Alternative Security
Programs. This would allow owners and operators to participate in a
development process with other industry groups, associations, or
organizations. We anticipate that one such Alternative Security Program
will include a template for barge fleeting facilities.
One commenter requested that we allow a group of facilities that
combine to act as an identified unit to be considered as an equivalency
or add a definition of either ``port'' or ``port authority.'' The
commenter also stated that part 105 should allow port security plans,
developed by local government port authorities and approved by State
authorities, to serve as equivalent security measures.
We do not agree with adding a definition of ``port'' to recognize a
group of facilities that combine to act as an identified unit. However,
groups of facilities may work together to enhance their collective
security and achieve the performance standards in the regulations.
Locally developed port security plans may serve as an excellent
starting point for those facilities located within the jurisdiction of
a port authority. We believe that the provisions of Sec. Sec.
105.300(b), 105.310(b), and 105.400(a) permit the COTP to approve a
Facility Security Plan that covers multiple facilities, such as a co-
located group of facilities that share security arrangements, provided
that the particular aspects and operations of each subordinate facility
are addressed in the common assessment and security plan. A single
Facility Security Officer for the port or port cooperative should be
designated to facilitate this common arrangement. Finally, local
security programs developed by entities such as a port authority or a
port cooperative may be submitted to the Coast Guard for consideration
as Alternative Security Programs in accordance with Sec. 101.120(c).
Four commenters requested that the Company and the Facility
Security Officers be given access to the ``vulnerability assessment''
done by the COTP to facilitate the development of the Facility Security
Plan and ensure that the Facility Security Plan does not conflict with
the AMS Plan.
The AMS Assessments directed by the Coast Guard are broader in
scope than the required Facility Security Assessments. The AMS
Assessment is used in the development of the AMS Plan, and it is a
collaborative effort between Federal, State, Indian Tribal and local
agencies as well as vessel and facility owners and operators and other
interested stakeholders. The AMS Assessments are sensitive security
information. Access to these assessments, therefore, is limited under
49 CFR part 1520 to those persons with a legitimate need-to-know (e.g.,
Facility Security Officers who n