The Corporate Security Review (CSR) Program September 11, 2008

Similar documents
Highway & Motor Carrier Orientation & Modal Overview. June 2018

TSA/FTA Security and Emergency Management Action Items for Transit Agencies

Chemical Facility Anti-Terrorism Standards. T. Ted Cromwell Sr. Director, Security and

PIPELINE SECURITY An Overview of TSA Programs

Transit Safety and Security. Lynn Spencer Director, Office of System Safety Office of Transit Safety and Oversight May 16, 2016

PREPARED STATEMENT OF ERNEST R. FRAZIER, SR., ESQ. AMTRAK, CHIEF OF POLICE AND SECURITY DEPARTMENT

Jim Keane Port Authority of New York and New Jersey General Manager, Operations Safety New York, NY

Heavy Vehicle Cyber Security Bulletin

Published Privacy Impact Assessments on the Web. ACTION: Notice of Publication of Privacy Impact Assessments (PIA).

Transportation Security Risk Assessment

The Office of Infrastructure Protection

The Office of Infrastructure Protection

Office of Infrastructure Protection Overview

CRS Report for Congress

GAO. PASSENGER RAIL SECURITY Federal Strategy and Enhanced Coordination Needed to Prioritize and Guide Security Efforts

CNSC Presentation to the Federal Agency for Nuclear Control

INFORMATION ASSURANCE DIRECTORATE

Overview of Customs-Trade Partnership Against Terrorism (C-TPAT)

NYDFS Cybersecurity Regulations: What do they mean? What is their impact?

ICAO Aviation Security Assistance Program and Guyana s efforts to meet GASeP S Goals. Presented by: Mr. Abraham Dorris

Technical Vulnerability and Patch Management Policy Document Number: OIL-IS-POL-TVPM

Pipeline Security Guidelines. April Transportation Security Administration

Written Statement of. Timothy J. Scott Chief Security Officer The Dow Chemical Company

Department of Homeland Security

DHS Cybersecurity: Services for State and Local Officials. February 2017

Virginia Department of Transportation Hampton Roads Bridge-Tunnel Action Plan Implementing the Independent Review Panel Recommendations

FTA Safety and Security Initiatives

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Monthly Cyber Threat Briefing

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

The Office of Infrastructure Protection

Transit Bus Safety and Security Program

Motorcoach Security Best Practices

ACI-NA 2018 Risk Management Conference SAFETY Act. Washington, D.C

10/18/2016. Preparing Your Organization for a HHS OIG Information Security Audit. Models for Risk Assessment

Best Practices for Campus Security. January 26, 2017

Performance Measurement, Data and Decision Making: A Matter of Alignment. Mark F. Muriello Assistant Director Tunnels, Bridges & Terminals

COUNTERING IMPROVISED EXPLOSIVE DEVICES

The Office of Infrastructure Protection

Department of Homeland Security Customs and Border Protection. Centers of Excellence and Expertise

National Policy and Guiding Principles

Engaging Maryland toward CAV advancements Christine Nizer, Administrator

National Transportation Worker ID Card (TWIC) Credentialing Direct Action Group Functional Requirements DRAFT

How AlienVault ICS SIEM Supports Compliance with CFATS

Compliance with ISPS and The Maritime Transportation Security Act of 2002

Understanding how MRA works and realizing the benefits for both Customs and Trade

Updates to the NIST Cybersecurity Framework

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

SAFETY Act AAPA Port Security Seminar July 19, 2012 Miami, FL. Washington, D.C

Awareness as a Cyber Security Vulnerability. Jack Whitsitt Team Lead, Cyber Security Awareness and Outreach TSA Office of Information Technology

Food and Agriculture Sector Criticality Assessment

Critical Infrastructure Protection Version 5

ISAO SO Product Outline

Cybersecurity and Data Protection Developments

Department of Defense INSTRUCTION

Why C-TPAT? An Overview

Security Guideline for the Electricity Sub-sector: Physical Security Response

Physical Security Reliability Standard Implementation

The Office of Infrastructure Protection

Port Facility Cyber Security

Statement for the Record

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Department of Homeland Security Customs and Border Protection. Centers of Excellence and Expertise

Connected & Automated Vehicle Activities

GAO. PASSENGER RAIL SECURITY Federal Strategy and Enhanced Coordination Needed to Prioritize and Guide Security Efforts

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Department of Management Services REQUEST FOR INFORMATION

uanacia 1+1 MARINE SECURITY OPERATIONS BULLETIN No:

Executive Order 13556

Massachusetts Department of Transportation Highway Division TSA I-STEP New England RISE July 11, 2018 AASHTO TSSR Annual Meeting San Diego, CA

Control Systems Cyber Security Awareness

New Guidance on Privacy Controls for the Federal Government

Planning for Resiliency. June 20, 2017 Richard Tetreault, PE WSP USA Office Lead VT, NH, and ME

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

The J100 RAMCAP Method

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

State of South Carolina Interim Security Assessment

Department of Public Health O F S A N F R A N C I S C O

Why you should adopt the NIST Cybersecurity Framework

National Strategy for CBRNE Standards

Ohio Supercomputer Center

Streamlined FISMA Compliance For Hosted Information Systems

Presented by Joe Burns Kentucky Rural Water Association July 19, 2005

Credit Card Data Compromise: Incident Response Plan

Maintaining Resiliency Within the Defense Industrial Base Through Preparedness Response and Recovery

Security Survey Executive Summary October 2008

The Office of Infrastructure Protection

Cyber Threats? How to Stop?

The Office of Infrastructure Protection

DEFINITIONS AND REFERENCES

Airport Security & Safety Thales, Your Trusted Hub Partner

Infrastructure & Building Risk Assessment on New and Existing Buildings

Amy Schick NHTSA, Occupant Protection Division April 7, 2011

AVIATION. The leading provider of integrated security solutions in the field of aviation fjcsecurity.com/fjcaviation

Emerging Issues: Cybersecurity. Directors College 2015

The Office of Infrastructure Protection

Threat and Vulnerability Assessment Tool

Critical Information Infrastructure Protection Law

Oracle Data Cloud ( ODC ) Inbound Security Policies

Member of the County or municipal emergency management organization

Transcription:

The Corporate Security Review (CSR) Program September 11, 2008 Transportation Sector Network Management Highway and Motor Carrier Security Division

Corporate Security Review Background Spring 2003 TSA Implemented the CSR Program Reviews conducted by the Highway and Motor Carrier Division at: Trucking- security sensitive, general freight, food transporters and rental/leasing companies School Bus- publicly and privately owned/operated Motorcoach Operators- intercity, charter, and tour State Highway Departments of Transportation Interstates, Turnpikes, and Toll Roads Privately owned assets (bridges and tunnels) Andrea Di Spirito September 11, 2008 2

What is a CSR? Voluntary/instructive security plan review performed by TSA Transportation Security Specialists Review and validation of carrier s security plan Set of approximately 130 questions; 11 security areas Conducted on-site Andrea Di Spirito September 11, 2008 3

Purpose Validate implementation of corporate security plans Gather security data for intra/intermodal comparative and trend analysis Identify, analyze, and mitigate vulnerabilities Develop security management reports Provide domain awareness of security measures throughout the transportation sector Supply baseline data that can be used to develop security standards Promote outreach to transportation security partners o To ensure ongoing communication o To foster relationships Andrea Di Spirito September 11, 2008 4

Process TSA requests a visit with the carrier Information packet sent to carrier Packet includes: o Background Information o SSI Handling and Guidance (49 CFR Part 15 and 1520) o CSR Questions Meet with carrier to review plans and to tour the facility Andrea Di Spirito September 11, 2008 5

Sections 1. Management & Oversight of Security Plan 2. Threat Assessment 3. Criticality Assessment 4. Vulnerability Assessment 5. Personnel Security 6. Training 7. Physical Security Countermeasures 8. En-route Security 9. IT Security 10. Security Exercises/Drills 11. Hazmat Addendum Andrea Di Spirito September 11, 2008 6

Security Plans Andrea Di Spirito September 11, 2008 7

Management & Oversight of the Security Plan Carrier has a security plan Components of a security plan Organizational level plan is created Frequency of updates Security coordinator/duties Federal Points of Contact Andrea Di Spirito September 11, 2008 8

Threat Assessment Monitoring external sources for threat information Procedures for distributing threat information Response to heightened level of threat Andrea Di Spirito September 11, 2008 9

Criticality Assessment List of critical assets Allocation of security resources Andrea Di Spirito September 11, 2008 10

Vulnerability Assessment Conducting vulnerability assessments Corrective Actions o o Recommended in assessments Implemented based on recommendations Andrea Di Spirito September 11, 2008 11

Personnel Security Background Checks Identification Cards o o Employees Contractors Andrea Di Spirito September 11, 2008 12

Training Training for New and Current Employees o Security Awareness o Security Plan Training Curriculum Training Records Andrea Di Spirito September 11, 2008 13

Physical Security Countermeasures Physical Barriers Intrusion Detection Security Cameras Key Control Programs Use of Security Guards Designated Secure Areas Andrea Di Spirito September 11, 2008 14

En-route Security Pre- and Post-Trip Security Inspections Vehicle and Trailer Tracking Andrea Di Spirito September 11, 2008 15

IT Security IT Security Plan IT Security Officer Unauthorized Access to IT Systems System Penetration Tests Continuity of Operations Andrea Di Spirito September 11, 2008 16

Security Exercises/Drills Frequency of drills Inclusion of external personnel or agencies when conducting exercises/drills Documentation of results/lessons learned Andrea Di Spirito September 11, 2008 17

Hazmat Addendum Address TSA s Security Action Items (SAIs) SAI- voluntary security guidelines for the transport of Hazmat Geared toward Highway Security-Sensitive Materials Questions Address Personnel Security En-route Unauthorized Access General Security Andrea Di Spirito September 11, 2008 18

Benefits Provides data indicating the degree to which companies are implementing Corporate Security Plans Expands both the TSA s and carrier s domain awareness of existing mitigation strategies Evaluates transportation facility/system security posture Provides necessary data to identify a current security baseline and conduct gap, comparative, and trend analyses Develop and share industry best practices Reduces risk exposure from cargo and equipment theft, vandalism, and terrorist activity NOT a Compliance Review o o No enforcement action No penalties Seal of Approval from the TSA o o o Use in marketing and sales efforts Reduces liability and exposure Insurance benefits Andrea Di Spirito September 11, 2008 19

Initiatives Reviews conducted by TSA HQ Transportation Security Specialists Force Multiplying Efforts o The Missouri Pilot o Federal Security Director (FSD) CSR Pilot Insurance Industry Andrea Di Spirito September 11, 2008 20

The Missouri Pilot Partnership TSA Federal Motor Carrier Safety Administration (FMCSA) Missouri Department of Transportation (MoDOT) Motor Carrier Services Safety & Compliance Division Commercial Vehicle Safety Alliance (CVSA) Spring 2006 Pilot Kick-off Spring 2007 Program Over 3,000 CSRs Completed Future o Partner with Additional States Andrea Di Spirito September 11, 2008 21

FSD CSR Pilot TSA field office personnel o FSD Security Assessment Personnel o Surface Transportation Security Inspectors and Aviation Transportation Security Inspectors Training o Pittsburgh, PA February 2008 o Little Rock, AR March 2008 o Reno, NV March 2008 Future o Expand FSD Involvement to Airports Nationwide Andrea Di Spirito September 11, 2008 22

To Request a CSR Contact: Phil Forjan TSA Highway and Motor Carrier Division Truck Security Branch Chief (571) 227-1467 Email: highwaysecurity@dhs.gov Andrea Di Spirito September 11, 2008 23

Highway & Motor Carrier POCs Bill Arrington, General Manager Office of Highway and Motor Carrier Division Office: (571) 227-2436 Email: william.arrington@dhs.gov Ray Cotton, Assistant General Manager Office of Highway and Motor Carrier Division Office: (571) 227-4237 Email: ray.cotton@dhs.gov Bud Hunt, Branch Chief Threat, Vulnerability, & Consequences Branch Office: (571) 227-2152 Email: bud.hunt@dhs.gov Paul Pitzer, Branch Chief Policy, Plans, & Stakeholder Relations Branch Office: (571) 227-1233 Email: paul.pitzer@dhs.gov Phil Forjan, Branch Chief Trucking Branch Office: (571) 227-1467 Email: phil.forjan@dhs.gov Steve Sprague, Branch Chief Licensing, Infrastructure, & Passenger Security Branch Office: (571) 227-1468 Email: steve.sprague@dhs.gov Andrea Di Spirito September 11, 2008 24

Questions? Andrea Di Spirito September 11, 2008 25

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback