Maritime Security Risk Analysis Model

Maritime Security Risk Analysis Model (MSRAM) is a process and model that supports the U.S. Coast Guard's mission to understand and mitigate the risk of terrorist attacks on targets in U.S. ports and waterways. MSRAM began as a Captain of the Port-level risk analysis tool developed shortly after 9/11/2001. In 2005, the USCG began development and implementation of MSRAM in order to take advantage of lessons learned with the initial effort and to apply a risk approach that can be applied at both the field and headquarter levels. To develop this program, USCG HQ invited representatives from headquarters, and all levels of command to define requirements and identify milestones. This led to an action plan that fielded the first MSRAM system in 2006. Since the first MSRAM rollout, USCG is in the third iteration of MSRAM as of 2008.

Following is a summary of the use of MSRAM data and future enhancements.

Method
Risk = Threat * Consequence * Vulnerability. The unit of analysis is a generic attack mode against a specific target. All of the Department of Homeland Security’s planning scenarios are addressed. However, each attack mode is defined in sufficient detail to support analysis of consequences and vulnerabilities. The target is defined in terms of classes, location, potential maximum consequences, geographic location and other key facts used for analysis. Based on the target class and potential consequences, a number of attack modes are specified for analysis of consequences and vulnerabilities. Consequence scoring is based on a value system that considers death and injury, primary and secondary economic impacts, environmental impact, national security impact and symbolic impact. The values and scales for these consequences are determined by the USCG leadership. The values are intended to represent those of the American people. Vulnerabilities are broken down into five factors: Attack achievability, three system security factors (owner operator, local law enforcement, and USCG) and target hardness.

Model
MSRAM methodology is a Microsoft Access application in two versions. The field-level version supports data collection, analysis, and "what if" analysis. The HQ version supports analysis and "what if" analysis of combined data at the classified level. The USCG MSRAM Model is supported with geographic risk displays at the local and HQ's levels.

Process
MSRAM data comes from two sources and is subjected to an iterative review leading to its use in informing programs, strategy, procedures and local application of resources to mitigate and/or manage risk of terrorist attacks in our nation's maritime system. Threat data is provided by the USCG Intelligence Coordination Center for all combinations of attack modes and target classes. The detailed target and scenario level data is captured at the field level, in collaboration with owner operators and local law enforcement and its responders.

MSRAM data
At the field level, MSRAM data is used to prioritize use of USCG resources. Sector Commanders use it to assess and prioritize Port Security Grant Applications. Sector HQ's use it to assess risk in difference seasons or for different threats. District HQ and Area HQ's use the data to inform operational decisions. HQ uses the data to inform resource, strategy and policy decisions.

Future enhancements
Each MSRAM cycle has implemented a number of improvements based on feedback from field and HQ users as well as comments by the U.S. Government Accountability Office and risk experts. The next iterations will address the Terror Transfer Threat and other relevant scenarios. In addition, USCG is working to apply lessons learned and concepts with other agencies.