The Corporate Security Review (CSR) ProgramSeptember 11, 2008

Transportation Sector Network ManagementHighway and Motor Carrier Security Division

Andrea Di Spirito September 11, 2008 2

Corporate Security Review BackgroundSpring 2003 TSA Implemented the CSR ProgramReviews conducted by the Highway and Motor Carrier Division at:

Trucking- security sensitive, general freight,food transporters and rental/leasing companiesSchool Bus- publicly and privately owned/operatedMotorcoach Operators- intercity, charter, and tourState Highway Departments of TransportationInterstates, Turnpikes, and Toll Roads Privately owned assets (bridges and tunnels)

Andrea Di Spirito September 11, 2008 3

What is a CSR?• Voluntary/instructive security plan review

performed by TSA Transportation Security Specialists

• Review and validation of carrier’s security plan• Set of approximately 130 questions; 11 security

areas• Conducted on-site

Andrea Di Spirito September 11, 2008 4

Purpose• Validate implementation of

corporate security plans• Gather security data for

intra/intermodal comparative and trend analysis

• Identify, analyze, and mitigate vulnerabilities

• Develop security management reports

• Provide domain awareness of security measures throughout the transportation sector

• Supply baseline data that can be used to develop security standards

• Promote outreach to transportation security partners

o To ensure ongoing communication

o To foster relationships

Andrea Di Spirito September 11, 2008 5

Process• TSA requests a visit with the carrier• Information packet sent to carrier

Packet includes:o Background Informationo SSI Handling and Guidance (49 CFR Part 15 and

1520)o CSR Questions

• Meet with carrier to review plans and to tour the facility

Andrea Di Spirito September 11, 2008 6

Sections1. Management &

Oversight of Security Plan

2. Threat Assessment3. Criticality Assessment4. Vulnerability

Assessment5. Personnel Security6. Training

7. Physical Security Countermeasures

8. En-route Security9. IT Security10. Security

Exercises/Drills11. Hazmat Addendum

Andrea Di Spirito September 11, 2008 7

Security Plans

Andrea Di Spirito September 11, 2008 8

Management & Oversight of the Security Plan• Carrier has a security plan• Components of a security plan• Organizational level plan is created• Frequency of updates• Security coordinator/duties• Federal Points of Contact

Andrea Di Spirito September 11, 2008 9

Threat Assessment• Monitoring external sources for threat

information• Procedures for distributing threat information• Response to heightened level of threat

Andrea Di Spirito September 11, 2008 10

Criticality Assessment• List of critical assets• Allocation of security resources

Andrea Di Spirito September 11, 2008 11

Vulnerability Assessment• Conducting vulnerability assessments• Corrective Actions

o Recommended in assessmentso Implemented based on recommendations

Andrea Di Spirito September 11, 2008 12

Personnel Security• Background Checks• Identification Cards

o Employeeso Contractors

Andrea Di Spirito September 11, 2008 13

Training• Training for New and Current Employees

o Security Awareness o Security Plan

• Training Curriculum• Training Records

Andrea Di Spirito September 11, 2008 14

Physical Security Countermeasures• Physical Barriers• Intrusion Detection• Security Cameras• Key Control Programs• Use of Security Guards• Designated Secure Areas

Andrea Di Spirito September 11, 2008 15

En-route Security• Pre- and Post-Trip Security Inspections• Vehicle and Trailer Tracking

Andrea Di Spirito September 11, 2008 16

IT Security• IT Security Plan• IT Security Officer• Unauthorized Access to IT Systems• System Penetration Tests• Continuity of Operations

Andrea Di Spirito September 11, 2008 17

Security Exercises/Drills• Frequency of drills• Inclusion of external personnel or agencies when

conducting exercises/drills • Documentation of results/lessons learned

Andrea Di Spirito September 11, 2008 18

Hazmat Addendum• Address TSA’s Security Action Items (SAIs)• SAI- voluntary security guidelines for the

transport of Hazmat• Geared toward Highway Security-Sensitive

Materials • Questions Address

− Personnel Security − En-route − Unauthorized Access− General Security

Andrea Di Spirito September 11, 2008 19

Benefits• Provides data indicating the degree to which companies are implementing

Corporate Security Plans• Expands both the TSA’s and carrier’s domain awareness of existing mitigation

strategies• Evaluates transportation facility/system security posture• Provides necessary data to identify a current security baseline and conduct gap,

comparative, and trend analyses• Develop and share industry best practices• Reduces risk exposure from cargo and equipment theft, vandalism, and terrorist

activity• NOT a Compliance Review

o No enforcement actiono No penalties

• Seal of Approval from the TSAo Use in marketing and sales effortso Reduces liability and exposureo Insurance benefits

Andrea Di Spirito September 11, 2008 20

Initiatives• Reviews conducted by TSA HQ Transportation

Security Specialists• “Force Multiplying” Efforts

o The Missouri Piloto Federal Security Director (FSD) CSR Pilot

• Insurance Industry

Andrea Di Spirito September 11, 2008 21

The Missouri Pilot• Partnership

− TSA− Federal Motor Carrier Safety Administration (FMCSA)− Missouri Department of Transportation (MoDOT) Motor Carrier

Services Safety & Compliance Division− Commercial Vehicle Safety Alliance (CVSA)

• Spring 2006 Pilot Kick-off• Spring 2007 Program• Over 3,000 CSRs Completed• Future

o Partner with Additional States

Andrea Di Spirito September 11, 2008 22

FSD CSR Pilot• TSA field office personnel

o FSD Security Assessment Personnelo Surface Transportation Security Inspectors and Aviation

Transportation Security Inspectors• Training

o Pittsburgh, PA February 2008o Little Rock, AR March 2008o Reno, NV March 2008

• Futureo Expand FSD Involvement to Airports Nationwide

Andrea Di Spirito September 11, 2008 23

To Request a CSRContact: Phil Forjan

TSA Highway and Motor Carrier DivisionTruck Security Branch Chief(571) 227-1467

Email: highwaysecurity@dhs.gov

Andrea Di Spirito September 11, 2008 24

Highway & Motor Carrier POCs

Phil Forjan, Branch ChiefTrucking BranchOffice: (571) 227-1467Email: phil.forjan@dhs.gov

Bud Hunt, Branch ChiefThreat, Vulnerability, & Consequences BranchOffice: (571) 227-2152Email: bud.hunt@dhs.gov

Ray Cotton, Assistant General ManagerOffice of Highway and Motor Carrier DivisionOffice: (571) 227-4237Email: ray.cotton@dhs.gov

Steve Sprague, Branch ChiefLicensing, Infrastructure, & PassengerSecurity BranchOffice: (571) 227-1468Email: steve.sprague@dhs.gov

Paul Pitzer, Branch ChiefPolicy, Plans, & Stakeholder Relations BranchOffice: (571) 227-1233Email: paul.pitzer@dhs.gov

Bill Arrington, General ManagerOffice of Highway and Motor Carrier DivisionOffice: (571) 227-2436Email: william.arrington@dhs.gov

Andrea Di Spirito September 11, 2008 25

Questions?