Since the terrorist attacks of September 11, 2001, the nation ‘s ports and waterways have been viewed as likely targets of attack. The Department of Homeland Security ( DHS ) has called for using risk-informed approaches to prioritize its investments, and for developing plans and allocating resources that balance security and the stream of department of commerce. The U.S. Coast Guard — a DHS component and the run union agency responsible for nautical security — has used its Maritime Security Risk Analysis Model ( MSRAM ) as its primary approach for assessing and managing security system risks. GAO was asked to examine ( 1 ) the extent to which the Coast Guard ‘s risk assessment approach path aligns with DHS risk assessment criteria, ( 2 ) the extent to which the Coast Guard has used MSRAM to inform nautical security risk decisions, and ( 3 ) how the Coast Guard has measured the impact of its nautical security programs on gamble in U.S. ports and waterways. GAO analyzed MSRAM ‘s risk judgment methodology and interviewed Coast Guard officials about hazard judgment and MSRAM ‘s use across the agency.
MSRAM broadly aligns with DHS risk assessment criteria, but extra software documentation on key aspects of the model could benefit users of the results. MSRAM generally meets DHS criteria for being complete, reproducible, documented, and defendable. Further, the Coast Guard has taken actions to improve the quality of MSRAM data and to make them more complete and reproducible, including providing train and tools for staff entering data into the model. however, the Coast Guard has not documented and communicated the implications that MSRAM ‘s key assumptions and other sources of doubt have on MSRAM ‘s risk results. For example, to assess risk in MSRAM, Coast Guard analysts make judgments regarding such factors as the probability of an fire and the economic and environmental consequences of an attack. These multiple judgments are inherently immanent and establish sources of doubt that have implications that should be documented and communicated to decision makers. Without this documentation, decision makers and external MSRAM reviewers may not have a accomplished understand of the uses and limitations of MSRAM data. In addition, greater transparency and documentation of doubt and assumptions in MSRAM ‘s risk estimates could besides facilitate periodic peer reviews of the model — a best practice in risk management. MSRAM is the Coast Guard ‘s primary creature for managing nautical security risk, but resource and trail challenges hinder use of the creature by Coast Guard field functional units, known as sectors. At the national level, MSRAM supports Coast Guard strategic plan efforts, which is coherent with the agency ‘s intent for MSRAM. At the sector level, MSRAM has informed a diverseness of decisions, but its practice has been limited by lack of staff time, the creature ‘s complexity, and competing mission demands, among other things. The Coast Guard has taken actions to address these challenges, but providing extra training on how MSRAM can be used at all levels of sector decisiveness make could further the Coast Guard ‘s risk management efforts. MSRAM is capable of informing operational, tactical, and resource allotment decisions, but the Coast Guard has generally provided MSRAM training only to a minor total of sector staff who may not have insight into all levels of sector decision take. The Coast Guard developed an result measure to report its performance in reducing maritime risk, but has faced challenges using this measure to inform decisions. Outcome measures describe the intended result of carrying out a program or action. The measurement is partially based on Coast Guard subject matter experts ‘ estimates of the percentage decrease of nautical security risk discipline to Coast Guard determine resulting from Coast Guard actions. The Coast Guard has improved the measure to make it more valid and reliable and believes it is a useful proxy measure of performance, noting that developing consequence measures is challenging because of limited historic data on maritime terrorist attacks. however, given the uncertainties in estimating risk reduction, it is ill-defined if the measure would provide meaningful operation data with which to track advance over time. In addition, the Coast Guard reports the hazard reduction quantify as a particular estimate preferably than as a range of plausible estimates, which is inconsistent with risk analysis criteria. report and using consequence measures that more accurately reflect mission effectiveness can give Coast Guard leaders and Congress a better sense of progress toward goals. GAO recommends that the Coast Guard provide more exhaustive software documentation on MSRAM ‘s assumptions and early sources of uncertainty, make MSRAM available for peer review, implement extra MSRAM education, and report the results of its risk decrease operation measure in a manner consistent with risk analysis criteria. The Coast Guard agreed with these recommendations.
Read more: What is the Maritime Industry?