《运输工人身份证阅读器要求的风险知情分析(英)-2022.11-173正式版.pdf》由会员分享,可在线阅读,更多相关《运输工人身份证阅读器要求的风险知情分析(英)-2022.11-173正式版.pdf(173页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、An FFRDC operated by the RAND Corporation under contract with DHSHS ACHS ACACHOMELAND SECURITYOPERATIONAL ANALYSIS CENTERRisk-Informed Analysis of Transportation Worker Identif cation Credential Reader RequirementsJOSEPH C.CHANG,JAMES V.MARRONE,DAVID METZ,SEAN COLBERT-KELLY,MATTHEW A.DENARDO,KEITH G
2、IERLACK,CHELSEA KOLB,RYAN BAUER,DEVON HILL,KRISTIN J.LEUSCHNERThis research was published in 2022.Approved for public release;distribution is unlimited.iiiAbout This ReportTo help it implement the final reader rule entitled“Transportation Worker Identification Credential(TWIC)Reader Requirements,”th
3、e U.S.Coast Guard(USCG)asked the Homeland Security Operational Analysis Center(HSOAC)to estimate the population of the Maritime Transportation Security Actregulated facilities that the rule might affect;develop a transparent,objective risk assessment model for these facilities;and conduct a costbene
4、fit analysis of the regulation.This report describes our analytical efforts to address the three research areas mentioned above.Because there is no database of Maritime Transportation Security Actregulated facilities with all the requisite infor-mation about certain dangerous cargoes that facilities
5、 handle in bulk,we resorted to other data sources,such as the U.S.Environmental Protection Agencys databases,an online survey,and interviews,to estimate the facility population.For the facility risk model,we used the modeling approach for assessing potential con-sequence included in the risk engine
6、of the Cybersecurity and Infrastructure Security Agencys Chemical Facility Anti-Terrorism Standards(CFATS)program,harmonizing the TWIC and CFATS programs in con-sequence assessment.Because there was no credible estimate for the probability of a transportation security incident,we used a break-even a
7、nalysis to assess whether the final reader rule is cost-effective.This research was sponsored by the USCG Office of Standards Evaluation and Development and con-ducted within the Strategy,Policy,and Operations Program of the HSOAC federally funded research and development center(FFRDC).About the Hom
8、eland Security Operational Analysis CenterThe Homeland Security Act of 2002(Section305 of Public Law107-296,as codified at 6U.S.C.185)autho-rizes the Secretary of Homeland Security,acting through the Under Secretary for Science and Technology,to establish one or more FFRDCs to provide independent an
9、alysis of homeland security issues.The RAND Corporation operates HSOAC as an FFRDC for the U.S.Department of Homeland Security(DHS)under contractHSHQDC-16-D-00007.The HSOAC FFRDC provides the government with independent and objective analyses and advice in core areas important to the department in s
10、upport of policy development,decisionmaking,alternative approaches,and new ideas on issues of significance.The HSOAC FFRDC also works with and supports other federal,state,local,tribal,and public-and private-sector organizations that make up the homeland security enterprise.The HSOAC FFRDCs research
11、 is undertaken by mutual consent with DHS and is orga-nized as a set of discrete tasks.This report presents the results of research and analysis conducted under task order70Z02320FMSR04300,Risk-Informed Analysis of Transportation Worker Identification Credential(TWIC)Reader Requirements.The results
12、presented in this report do not necessarily reflect official DHS opinion or policy.For more information on HSOAC,see www.rand.org/hsoac.For more information on this publication,see www.rand.org/t/RRA1687-1.AcknowledgmentsWe want to acknowledge Kimberly Wilson,Jeffrey Horn,and their colleagues in the
13、 USCG Office of Stan-dards Evaluation and Development;and Bradley Clare,Nicolette Vaughan,Andrew Meyers,and their col-leagues in the USCG Office of Port and Facility Compliance for their strong support and expert guidance Risk-Informed Analysis of Transportation Worker Identification Credential Read
14、er Requirementsivthroughout the study.Kathryn Clay and Jay Cruz of the International Liquid Terminals Association;Kimberly Wise White,Jeffrey Sloan,and William Erny of the American Chemistry Council;and Jeff Gunnulfsen of American Fuel and Petrochemical Manufacturers have been tremendously supportiv
15、e by providing indus-try perspectives and reaching out to their respective memberships to seek additional inputs.We are grateful to the USCG Office of International and Domestic Port Security Assessment for providing the Maritime Security Risk Analysis Model data.We thank Henry Willis and Victoria G
16、reenfield of HSOAC for very informative discussions about the proper interpretation of the results of a costbenefit analysis.Comments from AlisonK.Hottes of HSOAC,our informal reviewer,have greatly improved this report.EllenM.Pint,EdwardW.Chan,and Katherine Tiongson,our formal HSOAC quality-assuranc
17、e reviewers,have also kept us grounded and provided helpful guidance.Rebecca Weir skillfully processed the U.S.Environmental Pro-tection Agencys Risk Management Plan data.Finally,we want to express our sincere gratitude to Terry McClure of the Cybersecurity and Infrastruc-ture Security Agency and Th
18、omas Taylor of ABS Group for their generous support in providing technical expertise in and conducting a massive number of simulations of the CFATS risk engine.Without their assis-tance,this study would not have been possible.vSummaryS.1.IssueThe Transportation Worker Identification Credential(TWIC)
19、program,jointly administered by the U.S.Coast Guard(USCG)and the Transportation Security Administration(TSA),requires anyone accessing a secure area at a Maritime Transportation Security Act(MTSA)regulated facility,vessel,or outer continen-tal shelf facility either to have a TWIC or to be escorted b
20、y someone with a TWIC.1 Facilities must maintain access control programs at secure areas to verify each persons identity and business purpose.Until recently,facilities could conduct these checks by inspecting TWICs visually;however,a 2016 USCG regulation,known as the final reader rule on TWIC reader
21、 requirements,would require any facility that the USCG determines to be of high risk to inspect TWICs electronically and verify the identities of credential holders using stored biometric data.Final implementation of the reader rule has been delayed(from 2020)until May8,2023,for three categories of
22、facilities that handle certain dangerous cargoes(CDCs)in bulk.2 During the delay period,the USCG wanted to reexamine the population of facilities subject to the reader rule delay and to reestimate the costs and benefits of the TWIC reader rule.The USCG asked the Homeland Security Operational Analysi
23、s Center,a federally funded research and development center operated by the RAND Corporation for the U.S.Department of Homeland Security,to conduct a risk-informed analysis to support the implementation of the final reader rule.The specific research questions were as follows:How many facilities are
24、subject to the reader rule delay?Is the final reader rule cost-effective for those facilities?The researchers conducted three main tasks to answer the research questions:1.We estimated the population of maritime facilities that handles CDCs.2.We developed an objective,transparent risk model for thes
25、e facilities.3.We developed a revised costbenefit analysis for the reader rule delay based on the population estima-tion and the facility risk model.Although many commodities are considered CDCs,only 43CDCs are authorized to be transported by vessels in bulk,according to a 2020 USCG CDC job aid.Faci
26、lities that handle these 43CDCs in bulk are the focus of this report.1 For purposes of this report,facility refers toany structure or facility of any kind located,in,on,under,or adjacent to any waters subject to the jurisdiction of the United States and used,operated,or maintained by a public or pri
27、vate entity,including any contiguous adjoining property under common ownership or operation.(33C.F.R.101.105)2 For purposes of this report,bulk refers to a“commodity that is loaded or carried without containers or labels and that is received and handled without mark or count.This includes cargo tran
28、sferred using hoses,conveyors,or vacuum systems”(33C.F.R.101.105).Risk-Informed Analysis of Transportation Worker Identification Credential Reader RequirementsviS.2.Our ApproachThe overarching principle of our study is transparency and defensibility in support of rulemaking and imple-mentation.To th
29、at end,we used only unclassified and nonproprietary data applied consistent,reproducible approaches clearly documented the formulations,assumptions,and limitations of our approaches.For example,because a single comprehensive data source with the requisite information does not exist,we collected and
30、collated facility-level information from multiple unclassified data sources to estimate the popu-lation of facilities subject to the reader rule delay.We decided to conduct a consequence-based risk assess-ment for this study because threat and vulnerability information is typically restricted.Our fa
31、cility risk model is based on the Cybersecurity and Infrastructure Security Agencys well-known and well-documented Chemical Facility Anti-Terrorism Standards risk engine(Cybersecurity and Infra-structure Security Agency,2021),whose consequence(in terms of the number of fatalities resulting from a po
32、tential CDC release)assessment methodologies are objective(i.e.,physics-based and reproducible)and transparent(i.e.,with ample documentation).We further developed a facility typology to practically group facilities based on observable attributes,such as CDC quantity and local population density.Harm
33、onizing the consequence assessment approaches for both the Chemical Facility Anti-Terrorism Standards and TWIC programs is consistent with a 2021 U.S.Government Accountability Office recommendation that similar Department of Homeland Security chemical security programs should collaborate better(U.S.
34、Government Accountability Office,2021).(The TWIC program also applies to nonchemical facilities,such as ferry and cruise terminals.)S.3.Key FindingsS.3.1.How Many Facilities Are Subject to the Reader Rule Delay?We developed the lower-and upper-bound estimates of 471 and 711MTSA-regulated facilities,
35、respectively,that are likely to be subject to the reader rule delay.To develop the lower bound,we counted every facility that reported at least one CDC in our data sources.Merging facilities that handle CDCs in bulk across disparate data sources required substantial matching and validation efforts.T
36、o develop the upper bound,we applied a reasonable extrapolation scheme to identify additional facilities that had operations that were likeliest to handle CDCs in bulk.These estimates(i.e.,471 and 711)fall between the(low)USCG estimate in the reader rule delay and the(high)estimate from trade associ
37、ations.The USCG may revise the final reader rule to carve out some facilities that we identified as handling CDCs.As a hypothetical example,we discussed the possibility of excluding barge fleeting,container,and International Convention for the Prevention of Pollution from Ships(best known as MARPOL,
38、for“marine pollution”)facilities(that are not also bulk liquid facilities)and provided estimates of the numbers of such facilities.USCGs estimate in the 2020 TWIC reader rule delay of the number of affected facilities was based on its original standard for identifying facilities that handled CDCs an
39、d other hazardous materials,called risk groups.Our analysis shows that these original facility risk groups were a poor proxy for the population of facilities subject to the reader rule delay.Many facilities that had been categorized as not handling CDCs did,in fact,report CDCs to the data sources we
40、 used in our analysis.Among the facilities that handled CDCs,Summaryviianhydrous ammonia was the most-common CDC,although many facilities handle more than one type of CDC.S.3.2.Is the Final Reader Rule Cost-Effective for Those Facilities?Using the facility population estimates and the facility risk
41、model,we conducted a costbenefit analysis for MTSA-regulated facilities subject to the reader rule delay.When estimating costs,we considered the capital,maintenance,operational,additional(i.e.,card and reader failures),and government costs.For estimation of benefits,we used the value of a statistica
42、l life(Putnam and Coes,2021)to monetize the potential con-sequences avoided(in number of fatalities as suggested by the facility risk model).We assessed costs and benefits using break-even analysis,which estimates the average number of transportation security incidents(TSIs)that must be averted each
43、 year for the regulation to be cost-effective.We estimated that the TWIC reader rule would have to avert a TSI approximately every 60 to 90years,at a minimum,to be cost-effective.The USCG previously rejected regulatory alternatives for the TWIC reader requirements when the required break-even freque
44、ncy was at or below a rate of one TSI every 50years.Whether a threshold of 60 to 90years is reasonable will require some subjective judgment.Although the reader rule is potentially cost-effective even in its current form,reasons exist to con-sider a more-targeted approach that excludes low-quantity
45、or low-population density facilities,or both.Using hypothetical regulatory options,we demonstrated that a more-targeted approach affecting only higher-consequence facilities would need to avert only one TSI approximately every 200 to 600years to be cost-effective.Both a targeted approach and the rea
46、der rule in its current form have supporting arguments.A targeted approach lowers the regulatory burden on lower-consequence facilities,focusing on higher-consequence facilities only.As a result,a targeted approach is likelier to be cost-effective,even if TSIs occur less than once in 100 or 200years
47、.But a targeted approach leaves lower-consequence facilities unhardened,which could be undesirable if threat or vulnerability at those facilities is believed to be high.In addition,the rule as written is more straightforward than a targeted rule,and it satisfies the precautionary principle that cast
48、ing a wide net is preferable so long as it is cost-effective.Ultimately,the USCG must consider these trade-offs in addition to cost-effectiveness when implementing the final reader rule.S.4.ConclusionImplementation of the final reader rule will inevitably require ongoing monitoring and enforcement.T
49、his is because the facility population will change as facilities open or close;indeed,our population estimates could become outdated in just a few years.In addition,implementation would benefit from data infrastructure that does not currently exist,such as knowledge of which facilities actually hand
50、le CDCs in bulk.Therefore,implementation of the final reader rule would be greatly streamlined by developing a reporting system that records,at a minimum,the types and quantities of CDCs being handled at each MTSA-regulated facility.In addition,if the final reader rule carves out certain exceptions,