U.S.

Coast Guard
Maritime Security Risk Analysis Model
(MSRAM)
“Balancing resources to risk”
Presentation for the
Critical Infrastructure Protection
Workshop
The Center for Homeland Defense and Security
June 2008
Presented by LCDR Brady Downs, USCG
Domestic Port Security Evaluations Division (CG-5142)
Directorate of Assessment, Integration and Risk Management
US Coast Guard Headquarters, Washington, D.C.
1
 USCG Security Risk Evolution

2001 - 2005 2006 2007 2008-2015

PSRAT MSRAM 1 MSRAM 2 MSRAM +
Focus: Focus: Focus: Future updates:
• Support COTP Risk • Support Field & • Improve training, • Address full scope of
Security Management Headquarters support, & data threat (Transfer & CBRN
• Addresses threat review/validation Threat)
Improve: element from ICC & • Expanded range of • Improve Consequence/
• Consistency & threat consistency issues scenarios Vulnerability analysis
• Consequence data to • Address 18 of 18 CIKR
support Operation Supported: Supported: • Support DHS, OGA,
Neptune Shield • COTP/Sectors • COTP/Sectors States, & other nation’s
• Port Risk data • Operation Neptune • Operation Neptune risk analysis
supported Port Shield Shield
Security Risk • Transportation Worker • Transportation Worker
Assessments Identification Card Identification Card
• Combating Maritime • Combating Maritime
Terrorism Terrorism
• Mounted Automatic
Weapon Project
GAO: GAO: GAO: GAO:
Good start – • Address concerns Most efficient tool for Maritime Security only
improvements • Addresses 13 of 18 risk management in area to receive the grade
needed Critical Infrastructure DHS of “Substantial Progress”
& Key Resources 2
OUR MISSION
o Prevent terrorist attacks within
the United States - (PREVENT)

o Reduce America’s vulnerability

to terrorism - (PROTECT)

o Minimize the resulting damage if prevention fails -

(RESPOND)

o Recover from attacks that do occur- Ensure

economic security - (RECOVER)

Homeland Security Act of 2002

3
 MSRAM Analysis
Crosses DHS Sectors
The complexity of the marine transportation system and
the maritime domain creates a unique opportunity for the
Coast Guard due to the vast array of critical infrastructure,
assets, key resources, systems, & networks that make up
our nation’s riverports, seaports and the maritime domain.

Maritime domain is a
microcosm of the national
economy. Risk crosses all 18
DHS Sectors

Similar situation for

Localities, Cities, State,
National, International
risk analysis 4
 MSRAM Risk Calculator
The MSRAM was designed to enhance security
and reduce the risk of terrorism by identifying
and prioritizing critical infrastructure, key
resources and high consequence transits and
events across sectors using a common risk
methodology, taxonomy and metrics to
measure security risk at the local, regional, and
national levels.

Support Senior Leadership risk based decision making process

5
 MSRAM Security Risk Concept

Threat Vulnerability Consequence

X X = Risk
Vulnerability = Consequence =
Achievability X Death and Injury, Primary and
Threat =
Capability X System Security Secondary Economic,
Intent (with X Target Environment , National security,
confidence) Hardness Symbolic Impacts X (Less
Response Capability)
And Secondary Economic Impact

ICC
Mitigated by Mitigated by Response
Strategic Interdiction Capability Capability
Threat
6
 Intentions & Confidence

Capability & Confidence

Attack
Threat
Geograhic Threat

Probability
Death Injury

Primary Economic Impact

Symbolic Effect

National Security

Environment Impact

Response - Owner/Operator
Target / Asset

Response - Local 1st

Responder
Primary Consequence +

Response - USCG
X Scenario Consequence

Recoverability
Scenario

Redundancy
Impact
Economic

Secondary Economic Impact

Secondary X

Achievability
System Security -
Owner/Operator
Attack Mode

System Security - LEA

System Security - USCG

Target Hardness
Vulnerability =
MSRAM Risk Components T*C*V=R

7
Risk
 Breadth of MSRAM Risk Information
644,000 Data Points
Target Factors Scenario Factors (Scenarios = Target +Attack Mode)
 Target name  Threat
 Target Class o Intent
 Availability o Capability
 Maximum Consequence  Consequence
 USCG Role (Lead, Support, Other) o Death/Injury
 Maritime Transportation Security Act o Primary Economic
Regulated o Secondary Economic (Recoverability/Redundancy)
 Area o Environmental
 Captain of the Port o National Security
 CG Station o Symbolic
 Port o Response Capability (Owner/Operator, 1st
 Waterway Responders, USCG)
 Latitude / Longitude  Vulnerability
 County (link to FEMA regions) o Achievability
 River Mile Marker o System Security (Owner/Operator, LE, USCG)
 DHS MCI/KR sector o Target Hardness
 DHS Grant Port  Risk
o Organic: 24 hour, steady state owner/operator
 Ability to add additional DOD target response
factors as necessary o Mitigated: risk including impact of USCG & LEA
o Primary: primary economic impact only
o Total: risk including secondary economic
8
 Depth of MSRAM Risk Information
Over 74,000 Judgements
Target Categories/Classes Attack Modes

 Attack by Hijacked Vessel

 Barge
 Boat Bomb
o 10 classes
 Boat Bomb (while vessel is present)
 Facility  Car/Truck Bomb
o 14 classes
 Hijacking of Vessel
 Infrastructure  Passenger/Passerby Explosives/Improvised
o 7 classes Explosive Devices
 Key Asset  Sabotage
o 8 classes  Standoff Weapon Launched from Water and
 Other Land (including Man-Portable Air Defense
o 2 classes Weapon)
o High Population  Swimmer/Diver/Underwater Delivery Systems
o Events  Terrorist Assault Team (Hostage Taking)
 Attack by Hijacked Large Aircraft
 Vessel
 Small Suicide Aircraft
o 21 classes
 Chemical, Biological, Radiological, Nuclear
 Cyber Attack
 Mines (Aquatic) & Mines (Land)
 Transfer of Terrorist, weapons/materials
MSRAM target classes  Ability to add additional DOD attack modes as
necessary
link to DHS sectors
9
 MSRAM – Synergizes the Use of Other
Risk Tools, Models, and Assessments
Threat Consequence Vulnerability
ICC Strategic Threat Analysis  Studies (Blast & Consequence)  Assessments (AMSC, VSP, FSP,
RAM-D, MAST, PSA, RAMCAP, CRs,
 Intent w/Confidence  Plans (AMSP) SAV, PIVA, HLS-CAM, JISVA, FHWA).
 Capability w/Confidence  Tools (Chemtap, Oiltap,  Tools (ACAMS, ViSAT)
 Time Horizon when terrorist CAMEO, Aloha, Marplot)  Studies / Grants ( BZPP)
Capability Acquired  Consequence Data (RMP,  Workgroups (SME)
GCOA, HASZUS)
MSRAM Risk Calculator
X Scenario Consequence
T hreat
Attack Secondary X Vulnerability =
Primary Consequence + Economic Risk
Probability
P rim a ry E c o n o m ic

S y s te m S e c u rity -
S y s te m S e c u rity -

S y s te m S e c u rity -
G e o g ra h ic T h re a t

E c o n o m ic Im p a c t
Impact
N a tio n a l S e c u rity

T a rg e t H a rd n e s s
O w n e r/O p e ra to r
S y m b o lic E ffe c t

R e c o v e ra b ility
E n v iro n m e n t

A c h ie v a b ility
Redundancy
D e a th In ju ry
In te n tio n s &

C a p a b ility &
C o n fid e n c e

C o n fid e n c e

S e c o n d a ry
Response
C a p a b ility
Im p a c t

Im p a c t

USCG
LEA
Outputs Analyze & Exercise
 Prioritized Risk Ranking -
Common Risk Model (NADB) Strategic Risk Analysis Process
 Security Risk Profiles Protective Security Analysis Center (PSAC)
 Risk Drivers National Infrastructure Simulation and Analysis Center (NISAC)
 Data for Risk Management Coast Guard R & D Center / National Labs
Analysis
 Risk Management Priorities
Exercises: PREP, PORTSTEP, AMSTEP, TOPOFF
10
 MSRAM Data Review Process
Local, Regional and National
HQ Assessment, Review & RED = Data is
4 at the Secret
Analysis Provide consistency/ level
normalization between Areas

Area Review Provide

Review and Direction

3 consistency/normalization
between Districts

District Review Provide

2 consistency/normalization
between Sectors

1 COTP/Sector Assessment 
with AMSC Input - Identifies risk
profile for individual targets
Green = Data is at the Security
Sensitive Information level 11
 Previous Consequence-Based
Approach
Nuclear
Power
Cruise Plant Bridge Refinery Waterway
Ship
Freight Oil Ferry
Ship Tanker
CDC
Barge Chemical
Plant Defense
Facility

LOW Consequence HIGH Consequence

One Dimension Consequence Scale

12
 MSRAM creates a Risk-Based
Risk-Informed Security Profile
Bridge - Boat Bomb
HIGH
High Capacity Ferry
Ferry 150 Terminal- Car/Truck
Likelihood (Threat * Vulnerability)

-1000 – Boat Bomb

Bomb High Capacity Ferry –
Cruise Terminal –
Car/Truck Bomb
Boat Bomb

National Icon – Boat

Petroleum Refinery – Bomb
Car/Truck Bomb High Capacity Ferry -
Car/Truck Bomb
Cruise Ship -
Oil Tanker –
Boat Bomb
Boat Bomb

LPG Tanker - Boat Bomb

CDC Facility –
Cruise Ship - Car/Truck Bomb Car/Truck Bomb

Nuclear Power
Plant –
Car/Truck Bomb
Cruise Ship – Attack By Hijacked
Vessel
LPG Tanker – Stand-
Off Weapon

LOW
Bridge – Attack By Hijacked Vessel

LOW Consequence HIGH Consequence

13
 MSRAM creates reports for analysis
Use reports to
quickly scan for
Risk by Target Class
risk by target
classes

SAMPLE DATA

Bridges & Tunnels

14
 Comparison of Chemical facilities

ILLUSTRATIVE SAMPLE DATA

R
I
S
K

Chlorine Ammonia LNG

15
 MSRAM Analysis – Compare Risk
Density by State
Risk Density for Type Target by Gulf State
(Illustrative)

Other
8000
6000 Vessels
4000 Key Assets
2000 Infrastructure
0 Facilities
Barges

SAMPLE DATA

16
 MSRAM change case supports
Risk Mitigation Decision Strategies

17
 MSRAM National Risk Profile

Response/Recovery
X# target
represent
top 20% of the
X# target represent total risk
top 40% of the
(Threat * Vulnerability)

total risk
LIKELIHOOD

e
i m

Prevention/Protection
eg
y R
tor
la
egu
R
X# target represent
top 60% of the
total risk
18,000+ targets represent
100 % of the total risk

CONSEQUENCE
18
 Senior Leadership can utilize MSRAM
to illustrate High Risk Scenarios
by Attack Mode locally, regionally, nationally
Attack Modes
Illustrative Car / Truck Bomb
Boat Bomb (while vessel is present)
3 6 Swimmer/Diver/Underwater Delivery Systems
Standoff Weapon Launched from Water
Attack by Hijacked Vessel

19 11

11 9 18
3
12 15
If we receive a threat advisory for 7
high capacity passenger vessels? 10 13
11
This slide illustrates MSRAM’s ability to
support decisions in times of crisis by
identifying what scenarios are the highest
risk, the risk drivers and where they are
located.
13 12 1
13 6
2 23 18
9
19
 MSRAM assists to identify where are the
greatest risks and risk drivers are in your AOR
Geographic distribution of high risk attacks in Sector Miami

Illustrative for
demonstration purposes

This slide illustrates the geographic

distribution of high risk scenarios Attack Modes
within an AOR. The highlights the Car / Truck Bomb
Boat Bomb (while vessel is present)
richness of MSRAM risk information Swimmer/Diver/Underwater Delivery Systems
and how it can be used to inform Standoff Weapon Launched from Water
Attack by Hijacked Vessel
the operational commanders 20
 MSRAM supports Local, Regional and
National applications
 Strategic Uses
o Provides an understanding of:
• the types of targets and attacks that present the highest risk
• the risk-based distribution of targets regionally (Risk Density)
o Strategic planning outcomes measure
o Support of Strategic planning effort-Combating Maritime Terrorism (CMT)
o Transportation Worker Identification Credential (TWIC) implementation
o DHS Port Security Grant Process (risk formula and grant evaluation)
o National Maritime Security Risk Assessment (NMSRA)
o National Maritime Threat Assessment Methodology
o Strategic Operational Planning Process (SOPP)
 Operational Uses
o Operation Neptune Shield
o Geospatial Risk Map
o Area Maritime Security Plans (AMSP) / Action Plans / Contingency plans
o Mounted Automatic Weapon allocation project
 Tactical Uses
o Incident Command System (ICS) risk management cycle
o National Special Security Event (NSSE)
o Communication tool amongst stakeholders-AMS Committee
o Supports updates to NVIC 09-02 AMSPs and 03-03 Facility security plans
21
 Global Supply Chain Security Risk
MSRAM can assist in determining the risk & interdiction capability along critical nodes
International Ship &
CBP Booking 96 Hour
Port Facility Container Security
24 Hour Advance Information Compliance Notice of Arrival
Shipment Notice CTPAT Initiative
DNDO, Deep Water, Domain Awareness Entry State / Local
Carrier Movements

Truck, Rail, Distribution Truck, Rail, Port of Trans- Port of Truck, Rail, Distribution
Factory Water shipment Air
Barge Center Barge Lading Entry Barge Center
Conveyance Port Conveyance
Transport Transport Transport

DR. Lewis MSRAM

CFR

Critical Network Transportation Security Risk Regulatory Enforcement

Analysis Security Analysis Regime
22
 Unified Risk Coast Guard Missions
Expected Residual Loss (Risk) that the CG has the ability to influence due to:
8000 All incidents (excluding transfer of WMD)

7000
Severity
6000 Category-8
Important Note: These are not suggested
Category-7
5000
resourcing profiles! Context is required before
Category-6
these profiles are able to meaningfully inform Category-5
4000 planning and budgeting decisions. Category-4
Category-3
3000
Category-2
2000 Category-1

1000

MSRAM data
contributes to
this risk profile 23
 Maritime Security Risk
Analysis Model
Support Senior Leadership risk based/informed decision making process

“In the absence of emotion and Political influence

Risk is where risk is.”
Quote by LCDR Brady Downs, USCG during Congressional briefing 2007

Questions? Topics for Discussion!

24