The anniversary of 9/11 has historically been not only a time to mourn those we lost on that day, but also a time to reflect on the extent to which we’ve made meaningful progress on stopping the next catastrophic attack. That reflection has included assessing the present state of transportation security, with aviation security understandably foremost on experts’ minds. On the heels of the recent discovery of five explosive devices at an Elizabeth, New Jersey train station, and with the attack on a Brussels rail station last March still resonating, the safety of rail transportation has also been a prominent feature of that discussion in recent weeks, as it ought to be.
Against this backdrop, is another anniversary — the October 12th sixteenth anniversary of the attack on the USS Cole, during which Al Qaeda operatives rammed an explosives-laden motorboat into the Navy vessel, which at the time was docked for refueling in Aden, Yemen. Seventeen sailors were killed. On that day, terrorists acted on their interest and capability to attack a significant maritime target using asymmetric tactics – that, and their record for targeting the transportation sector, should be taken as indicators that they remain interested in maritime attacks, likely now with a view to domestic targets including civilian ships and the ports servicing both passengers and freight.
Sixteen years after the USS Cole, despite some important progress in the past decade, troubling vulnerabilities persist in the maritime domain.
In 2009, it became mandatory that individuals requiring unescorted access within regulated US maritime facilities and vessels possess a biometric security credential (with name, expiration date, photo and two fingerprints), known as the Transportation Worker Identification Credential, or TWIC, issued by the Department of Homeland Security (DHS).
This past August, the US Coast Guard published its long-awaited final rule on TWIC readers, which requires a range of covered facilities and vessels to install electronic TWIC readers within the next two years. The intent of requiring an electronic TWIC reader is to prevent the use of forged credentials.
Weeding out forged TWICs is eminently sensible, but it won’t do much good if the TWIC was legitimately issued to a malevolent actor in the first place. DHS’s Inspector General (IG) recently issued a report indicating that there are concerning flaws in the Transportation Security Administration’s (TSA) TWIC issuance process – one line in the IG’s audit that especially stands out is that, “Adjudicators may grant TWICs even if questionable circumstances exist.”
While the insider threat to maritime targets requires continued vigilance, the outsider threat is no less salient and the trend towards innovation is cause for concern. Drug cartels have been moving large amounts of narcotics into the United States on homemade “narco submarines,” which since their debut in 1993 have become more sophisticated in their ability to evade detection by radar or sonar. Given previous and ongoing cooperation between drug cartels and terrorist organizations, it is entirely feasible that the cartels would share this technology with those who may want to use it to deliver, or act as, an underwater improvised explosive device (IED). Recognizing this threat, the Department of Defense is already working with the private sector to design and field a remotely operated underwater vehicle to detect and disarm underwater IEDs.
Then there’s the threat of intrusion from afarin the form of cyberattacks on our port operations and maritime vessels. Port and maritime operations have become highly automated in previous years, adding to economic efficiency while simultaneously creating opportunities for hackers to infiltrate the system and potentially cause severe damage. In addition to the economic consequences of such breaches, there is a significant public safety concern as well – Congress has already noted that hackers could cause the release of dangerous chemical cargoes passing through American ports, many of which are near populated areas, and others have warned that today’s large ships are highly reliant on automated GPS navigational systems, the compromise of which could result in intentional collisions. The US Coast Guard and Congress have both been taking steps to address the threat of cyber-attacks on maritime assets, but it remains to be seen whether such processes will stay ahead of that threat, or lag behind it.
To make matters more challenging, we are not adequately bolstering our frontline defense. The American Association of Port Authorities (AAPA) testified before Congress last summer that in fiscal year 2015 when Customs and Border Protection was given budget authority to hire 2,000 staff, fewer than 20 officers of which were assigned to ports. AAPA also observed that directors of port security in the United States are not routinely given security clearances to receive briefings from the federal government on the threat outlook for their respective ports.
AAPA had high praise for the Federal Emergency Management Association (FEMA) Port Security Grant Program, but that program has seen steady reductions in funding during the past several years – from a height of over $388 million in FY 2008, down to today’s FY 2016 funding level of $100 million, a roughly 74 percent decrease. As it currently stands, 80 percent of the TSA $7.4 billion budget goes towards aviation security.
There are efforts underway in Congress to put more transportation security focus on the maritime domain. Senators John Thune (R-SD) and Bill Nelson (D-FL) recently introduced legislation to require TSA to provide an assessment on threats to surface and maritime transportation, and to implement a risk-based strategy to address those threats, using a risk-based budget plan.
Thune’s bill is the Surface Transportation and Maritime Security Act (S.3379).
The House version of the FY 2017 Intelligence Authorization Act contains language requiring DHS to submit a report to Congress on the threat of cyber-attacks on US ports, while the House has already passed legislation to direct DHS to create voluntary guidelines for ports to facilitate reporting on cyber threats.
At the moment, however, these initiatives are on hold.
Sixteen years after the USS Cole, the port/maritime space remains a target. Now is the time for policymakers, at all levels of government, to redouble their efforts to better secure it.
Ben Lerner is Vice President for Government Relations with the Center for Security Policy.