Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
The Corporate Security Review (CSR) ProgramSeptember 11, 2008
Transportation Sector Network ManagementHighway and Motor Carrier Security Division
Andrea Di Spirito September 11, 2008 2
Corporate Security Review BackgroundSpring 2003 TSA Implemented the CSR ProgramReviews conducted by the Highway and Motor Carrier Division at:
Trucking- security sensitive, general freight,food transporters and rental/leasing companiesSchool Bus- publicly and privately owned/operatedMotorcoach Operators- intercity, charter, and tourState Highway Departments of TransportationInterstates, Turnpikes, and Toll Roads Privately owned assets (bridges and tunnels)
Andrea Di Spirito September 11, 2008 3
What is a CSR?• Voluntary/instructive security plan review
performed by TSA Transportation Security Specialists
• Review and validation of carrier’s security plan• Set of approximately 130 questions; 11 security
areas• Conducted on-site
Andrea Di Spirito September 11, 2008 4
Purpose• Validate implementation of
corporate security plans• Gather security data for
intra/intermodal comparative and trend analysis
• Identify, analyze, and mitigate vulnerabilities
• Develop security management reports
• Provide domain awareness of security measures throughout the transportation sector
• Supply baseline data that can be used to develop security standards
• Promote outreach to transportation security partners
o To ensure ongoing communication
o To foster relationships
Andrea Di Spirito September 11, 2008 5
Process• TSA requests a visit with the carrier• Information packet sent to carrier
Packet includes:o Background Informationo SSI Handling and Guidance (49 CFR Part 15 and
1520)o CSR Questions
• Meet with carrier to review plans and to tour the facility
Andrea Di Spirito September 11, 2008 6
Sections1. Management &
Oversight of Security Plan
2. Threat Assessment3. Criticality Assessment4. Vulnerability
Assessment5. Personnel Security6. Training
7. Physical Security Countermeasures
8. En-route Security9. IT Security10. Security
Exercises/Drills11. Hazmat Addendum
Andrea Di Spirito September 11, 2008 7
Security Plans
Andrea Di Spirito September 11, 2008 8
Management & Oversight of the Security Plan• Carrier has a security plan• Components of a security plan• Organizational level plan is created• Frequency of updates• Security coordinator/duties• Federal Points of Contact
Andrea Di Spirito September 11, 2008 9
Threat Assessment• Monitoring external sources for threat
information• Procedures for distributing threat information• Response to heightened level of threat
Andrea Di Spirito September 11, 2008 10
Criticality Assessment• List of critical assets• Allocation of security resources
Andrea Di Spirito September 11, 2008 11
Vulnerability Assessment• Conducting vulnerability assessments• Corrective Actions
o Recommended in assessmentso Implemented based on recommendations
Andrea Di Spirito September 11, 2008 12
Personnel Security• Background Checks• Identification Cards
o Employeeso Contractors
Andrea Di Spirito September 11, 2008 13
Training• Training for New and Current Employees
o Security Awareness o Security Plan
• Training Curriculum• Training Records
Andrea Di Spirito September 11, 2008 14
Physical Security Countermeasures• Physical Barriers• Intrusion Detection• Security Cameras• Key Control Programs• Use of Security Guards• Designated Secure Areas
Andrea Di Spirito September 11, 2008 15
En-route Security• Pre- and Post-Trip Security Inspections• Vehicle and Trailer Tracking
Andrea Di Spirito September 11, 2008 16
IT Security• IT Security Plan• IT Security Officer• Unauthorized Access to IT Systems• System Penetration Tests• Continuity of Operations
Andrea Di Spirito September 11, 2008 17
Security Exercises/Drills• Frequency of drills• Inclusion of external personnel or agencies when
conducting exercises/drills • Documentation of results/lessons learned
Andrea Di Spirito September 11, 2008 18
Hazmat Addendum• Address TSA’s Security Action Items (SAIs)• SAI- voluntary security guidelines for the
transport of Hazmat• Geared toward Highway Security-Sensitive
Materials • Questions Address
− Personnel Security − En-route − Unauthorized Access− General Security
Andrea Di Spirito September 11, 2008 19
Benefits• Provides data indicating the degree to which companies are implementing
Corporate Security Plans• Expands both the TSA’s and carrier’s domain awareness of existing mitigation
strategies• Evaluates transportation facility/system security posture• Provides necessary data to identify a current security baseline and conduct gap,
comparative, and trend analyses• Develop and share industry best practices• Reduces risk exposure from cargo and equipment theft, vandalism, and terrorist
activity• NOT a Compliance Review
o No enforcement actiono No penalties
• Seal of Approval from the TSAo Use in marketing and sales effortso Reduces liability and exposureo Insurance benefits
Andrea Di Spirito September 11, 2008 20
Initiatives• Reviews conducted by TSA HQ Transportation
Security Specialists• “Force Multiplying” Efforts
o The Missouri Piloto Federal Security Director (FSD) CSR Pilot
• Insurance Industry
Andrea Di Spirito September 11, 2008 21
The Missouri Pilot• Partnership
− TSA− Federal Motor Carrier Safety Administration (FMCSA)− Missouri Department of Transportation (MoDOT) Motor Carrier
Services Safety & Compliance Division− Commercial Vehicle Safety Alliance (CVSA)
• Spring 2006 Pilot Kick-off• Spring 2007 Program• Over 3,000 CSRs Completed• Future
o Partner with Additional States
Andrea Di Spirito September 11, 2008 22
FSD CSR Pilot• TSA field office personnel
o FSD Security Assessment Personnelo Surface Transportation Security Inspectors and Aviation
Transportation Security Inspectors• Training
o Pittsburgh, PA February 2008o Little Rock, AR March 2008o Reno, NV March 2008
• Futureo Expand FSD Involvement to Airports Nationwide
Andrea Di Spirito September 11, 2008 23
To Request a CSRContact: Phil Forjan
TSA Highway and Motor Carrier DivisionTruck Security Branch Chief(571) 227-1467
Email: [email protected]
Andrea Di Spirito September 11, 2008 24
Highway & Motor Carrier POCs
Phil Forjan, Branch ChiefTrucking BranchOffice: (571) 227-1467Email: [email protected]
Bud Hunt, Branch ChiefThreat, Vulnerability, & Consequences BranchOffice: (571) 227-2152Email: [email protected]
Ray Cotton, Assistant General ManagerOffice of Highway and Motor Carrier DivisionOffice: (571) 227-4237Email: [email protected]
Steve Sprague, Branch ChiefLicensing, Infrastructure, & PassengerSecurity BranchOffice: (571) 227-1468Email: [email protected]
Paul Pitzer, Branch ChiefPolicy, Plans, & Stakeholder Relations BranchOffice: (571) 227-1233Email: [email protected]
Bill Arrington, General ManagerOffice of Highway and Motor Carrier DivisionOffice: (571) 227-2436Email: [email protected]
Andrea Di Spirito September 11, 2008 25
Questions?