The Federal Bureau of Investigation's Efforts to Protect the Nation's Seaports
(Redacted and Unclassified)

Audit Report 06-26
March 2006
Office of the Inspector General

The nation's seaports and related maritime activities are widely recognized as being vulnerable to acts of terrorism. The consequences of a maritime-based terrorist attack are potentially devastating to both the economy and to public safety. The United States has more than 360 seaports, and 95 percent of overseas trade flows through these ports or inland waterways. Further, seaports are often located near major population centers and hazardous fuel or chemical storage facilities that may provide attractive terrorist targets. According to the National Commission on Terrorist Attacks Upon the United States (9/11 Commission), the risk of maritime terrorism is equal to or greater than the risk of terrorism involving civilian aviation. Although the United States has placed much attention on better securing civilian aviation since 2001, seaports remain largely at risk. The protection of U.S. seaports is a shared responsibility among the Department of Homeland Security’s (DHS) U.S. Coast Guard and U.S. Customs and Border Protection (CBP), and the Federal Bureau of Investigation (FBI). The Coast Guard has primary responsibility for the physical protection of the nation’s seaports, and it has law enforcement authority in the maritime domain. CBP enforces import and export laws and regulations and bears primary responsibility for cargo inspections at seaports. The FBI, as the lead federal agency for preventing and investigating terrorism, has an overarching role in helping to secure the nation’s seaports. The FBI’s responsibilities are part intelligence and part law enforcement, including assessing the threat of maritime-based terrorism; gathering, analyzing, and sharing information on maritime threats; and maintaining well-prepared tactical capabilities to prevent or respond to maritime-based terrorism. Unless incident command and other coordination issues are resolved in advance and response scenarios are exercised, the overlapping nature of the FBI’s and the Coast Guard’s responsibilities in the maritime domain may result in confusion and interagency conflict with the FBI in the event of a maritime incident. CBP’s more discrete responsibilities do not present as much likelihood for conflict. A 1979 memorandum of understanding (MOU) between the FBI and the Coast Guard acknowledges their overlapping jurisdiction and the need for cooperation and coordination in the maritime domain. After the September 11 terrorist attacks, the Maritime Transportation Security Act of 2002 increased the Coast Guard’s responsibility in maritime terrorism prevention and response. In addition, the National Strategy for Maritime Security, developed by an interagency committee and issued in September 2005, attempts to align federal government maritime security programs into a comprehensive national effort involving federal, state, local, and private sector entities. Eight plans support the National Strategy for Maritime Security. One of the plans is the Maritime Operational Threat Response (MOTR) plan, which was issued in October 2005. The MOTR describes the U.S. government’s plan to respond to terrorist threats in the maritime domain, including the roles of various federal agencies, protocols for lead and supporting agencies, and the need for additional planning. The MOTR assigned the DHS, implemented through the Coast Guard, lead agency responsibility for interdicting maritime threats where it operates and assigned the Department of Justice (DOJ), through the FBI, lead agency responsibility for investigating maritime threats and incidents. However, both the FBI and the Coast Guard have jurisdiction to interdict maritime threats, and the MOTR did not resolve potential conflict between the two agencies in incident command and response. The DOJ Office of the Inspector General (OIG) initiated this audit to examine the FBI’s seaport security efforts. We reviewed the FBI’s roles and responsibilities for preventing and responding to terrorist attacks in the maritime domain, and the extent and effectiveness of the FBI’s interagency coordination and cooperation. To accomplish these overall objectives, we examined the FBI’s: (1) initiatives to prevent maritime terrorism, including coordination with the Coast Guard and other agencies; (2) capability to respond to maritime incidents; and (3) efforts to assess the maritime terrorism threat. Our audit found that over the past 3 years the FBI has taken steps to enhance its capability to identify, prevent, and respond to terrorist attacks in the maritime domain, including seaports. Among the positive steps the FBI has taken to enhance seaport and maritime security are: creating Maritime Liaison Agents (MLA) at FBI field offices and assigning these agents responsibility for coordinating with the FBI’s maritime partners, including the Coast Guard and CBP; establishing a Maritime Security Program at FBI headquarters to oversee the MLAs and centralize the FBI’s maritime efforts; improving the FBI’s ability to respond to a maritime terrorism threat or incident, including creating enhanced maritime Special Weapons and Tactics (SWAT) teams located in the field offices closest to the Coast Guard’s counterterrorism response teams; providing maritime-related intelligence to other intelligence and law enforcement agencies; and establishing a database, the Guardian Threat Tracking System, to collect information on terrorist threats and suspicious incidents at seaports and elsewhere and manage follow-up action on these threats and incidents. However, we believe the FBI needs to take additional steps to improve its capability to deal with the threat of maritime terrorism by: resolving potential incident command, coordination, and response issues that could arise from confusion about the respective roles of the FBI and the Coast Guard; improving the collection and dissemination of lessons learned and best practices from maritime counterterrorism exercises; allocating FBI resources according to the threat and risk of maritime terrorism relative to other threats against other critical infrastructures such as aviation; ensuring that all FBI field offices use the Guardian database to enter and maintain data on threats and suspicious incidents at seaports and elsewhere; and improving maritime-related intelligence gathering and dissemination. Maritime Initiatives The FBI established its MLA program in 2004 as a result of a joint FBI and Coast Guard investigation into the threat posed by divers and combat swimmers. MLAs are assigned to most of the FBI’s 56 field offices and are the most visible and active FBI resource dedicated to preventing maritime terrorism. There are 73 MLAs, about two-thirds of whom are FBI agents and one-third are other agency personnel assigned to the FBI’s Joint Terrorism Task Forces. MLAs are primarily responsible for coordinating with other entities who share responsibility for security at the nation’s ports, thereby facilitating the sharing of information on threats and security measures. According to FBI Counterterrorism Division (CTD) managers, MLAs should be maritime experts with the knowledge and relationships to significantly assist the FBI in resolving any terrorist threat or event that may occur at local seaports. However, we found that the FBI does not always assign MLAs according to the threat and risk of a terrorist attack on a given seaport. An analysis performed by the DHS for its Port Security Grant program suggests that 24 FBI field offices are responsible for helping protect over 80 percent of the seaports facing the greatest risk of a terrorist attack. But because the FBI assigns MLAs without assessing the threat and risk of terrorists attacking or using a particular seaport for an attack, MLAs are not necessarily assigned to the most critical ports. Instead, we found that FBI field offices with multiple vital ports may have only one MLA, while other FBI field offices with only minor maritime activity may have multiple MLAs. For example, one FBI field office has six significant ports in its territory but only one MLA. In contrast, another FBI field office has no strategic ports in its area but five MLAs. Furthermore, the FBI does not track the amount of time MLAs or other agents or analysts spend on maritime terrorism. Such tracking would help the FBI determine where its maritime activity is occurring, how much time is being spent on specific activities such as interagency training or coordination with Coast Guard-sponsored Area Maritime Security Committees (AMSC), and where additional resources should be deployed.1 In July 2005, during the course of our audit, the CTD created a Maritime Security Program, which now has responsibility for the MLA program. The Maritime Security Program is intended to be the focal point for the FBI’s maritime efforts, including carrying out the FBI’s responsibilities under the National Strategy for Maritime Security and the strategy’s eight implementing plans. Because the Maritime Security Program is a recent initiative, we could not fully assess its impact. It has, however, already changed the MLA program by asking all field offices with MLAs to name an FBI special agent as the field office’s lead MLA. In addition, the Maritime Security Program plans to visit 30 percent of the nation’s major transportation hubs, metropolitan areas with both a major seaport and major airport. The purpose of the visits is to learn about the vulnerabilities of seaports, the activities of the MLAs, how to improve guidance to the MLAs, and how to better focus the Maritime Security Program. We view this as an indication that the FBI is beginning to consider the threat and risk of maritime terrorism in conducting its Maritime Security Program. The Maritime Security Program has also announced 13 objectives for fiscal year (FY) 2006, many of which we believe will be beneficial and help focus the FBI’s efforts at preventing maritime terrorism. However, we are concerned that these objectives are not described in a way that will allow the program to assess progress toward meeting its goals. In addition, the objectives do not include critical needs such as maritime threat assessments and the identification of informants who can provide information on maritime threats. Maritime Response Capabilities The response to terrorist threats or incidents in the maritime domain presents unique challenges to the FBI and other responders. The FBI has several tactical assault options for maritime situations and also the capability to deal with maritime-based weapons of mass destruction (WMD) through: field office SWAT teams, including 14 teams with some additional maritime training; the Hostage Rescue Team (HRT), which has specialized training and equipment and is able to assault and take control of a ship whether it is docked or underway; and the Hazardous Devices Response Unit, with capabilities to deal with terrorist attacks using chemical, biological, radiological, or nuclear weapons — including a WMD aboard a ship. The Coast Guard has significant responsibilities for enforcing laws in the maritime domain, a role that received an added counterterrorism component with the passage of the Maritime Transportation Security Act in 2002. This Act required the Coast Guard to create Maritime Safety and Security Teams (MSST) capable of rapidly responding to threats of maritime terrorism. The Coast Guard has 13 MSSTs nation-wide. At the same time, the FBI created enhanced maritime SWAT teams to enable it to work better with the Coast Guard’s MSSTs. Nearly all of the FBI’s teams are located in the FBI field office closest to an MSST. Overlapping Responsibilities Officials at the FBI and the Coast Guard agreed that the Maritime Transportation Security Act created overlapping responsibilities between the agencies. This overlap has the potential to confuse the respective responses of the FBI and the Coast Guard to a maritime-based terrorism incident. For example, the FBI officials with whom we spoke were unsure of MSST capabilities and were concerned that these Coast Guard tactical teams might duplicate the FBI’s HRT and SWAT teams. Based on our discussions with FBI personnel, we believe the HRT has unique capabilities to board, assault, and take control of a ship whether it is docked or underway. Prior to the release of the Maritime Operational Threat Response plan, officials from both the FBI and the Coast Guard agreed that the MOTR should resolve jurisdictional issues. However, the MOTR issued in October 2005 is an interim plan, which FBI officials say does not clearly delineate the respective roles of the Coast Guard and the FBI. In our opinion, a lack of jurisdictional clarity in the MOTR could hinder the ability of the FBI and the Coast Guard to coordinate an effective response to a terrorist threat or incident in the maritime domain. Specifically, we are concerned about how confusion over authorities will affect the two agencies’ ability to establish a clear and effective incident command structure. While a final MOTR plan may resolve the problem of overlapping roles, we believe the FBI should propose an MOU to the Coast Guard and conduct joint exercises with the Coast Guard to resolve any coordination or incident command issues. Compared to the FBI-Coast Guard relationship, the relationship between the FBI and CBP is better defined given the more distinctive roles of each agency. The FBI, for example, does not have a direct role in cargo inspection. Consequently, the coordination required between the two agencies centers on intelligence sharing and notification in the event of a threat or incident. Lesson Learned Exercises, whether operational or incident command exercises, can provide valuable lessons and identify best practices for improving future response capabilities. FBI policy requires the preparation and dissemination of after-action reports following exercises and major operations. However, the FBI was unable to provide after-action reports for most maritime exercises, and we concluded that reports were not prepared for all exercises. During FYs 2002 through 2005, the FBI prepared reports for 6 of 19 maritime-related exercises or incidents. Most of these six involved interagency exercises with the Coast Guard and other elements of the DHS, such as CBP. We reviewed the FBI’s after-action reports and found that most raised concerns about interagency incident response in the following areas: communication, adequacy or coordination of resources, command and control coordination, and jurisdiction or authority. According to an acting unit chief in the FBI’s Critical Incident Response Group, the FBI has not systematically reviewed these after-action reports to identify and disseminate the lessons learned from these exercises. Due to the critical need for the FBI to resolve any jurisdictional, communications, or incident command and response issues, we believe the FBI should prepare after-action reports and take action on the lessons learned from all interagency and FBI maritime terrorism exercises. Scope of the Maritime Threat The FBI faces a difficult challenge in trying to cover all likely terrorist tactics and targets given the many types of infrastructure in the United States and the huge number of potential targets. Although the FBI has conducted general terrorist threat assessments, it has neither conducted nor reviewed a threat assessment that indicates where seaports and the maritime domain rank among the tactics and likely targets of terrorists. Assessing the maritime threat would be useful not only to define the nature, likelihood, and severity of the threat compared to other threats but also to allow FBI managers and others to make informed decisions about resource allocation. In reviewing the FBI’s maritime-related intelligence reports over the 4 years since the 9/11 terrorist attacks, we found that the FBI tended to focus on just two potential tactics: attacks by scuba divers or combat swimmers and infiltration of the United States by various maritime methods. We are concerned that the FBI may not be devoting its intelligence resources to assessing high-risk maritime areas. For example, although terrorists have indicated a strong desire to use a WMD and vessels can be used to transport a WMD for detonation in a port or elsewhere, none of the FBI’s intelligence reports assessed the threat and risk of terrorists smuggling a WMD in a shipping container aboard a cargo ship. The FBI’s Directorate of Intelligence establishes requirements for meeting the FBI’s intelligence needs but does not follow up to ensure that the FBI’s operational divisions and field offices are working to address these requirements concerning maritime or other threats. Therefore, intelligence questions about terrorists’ maritime intentions and plans may go unanswered. Further, the FBI does not correlate its list of intelligence requirements with its intelligence reports. This lack of linkage hampers the FBI from readily identifying those intelligence reports that answer intelligence questions about maritime terrorism. Consequently, the FBI might have intelligence about maritime terrorism that is not easily located within the intelligence reports. However, we found that the Directorate of Intelligence is aware of these shortcomings and has several initiatives ongoing to ensure that the FBI addresses its intelligence-gathering requirements in the maritime domain and other areas. The FBI has not collected complete data on the number of suspicious activities or terrorist threats involving seaports. However, using a database called the Guardian Threat Tracking System (Guardian), the FBI appears to be making significant progress in identifying, tracking, and internally sharing information on maritime and other terrorist threats and suspicious incidents. However, Guardian cannot be easily searched to identify trends in maritime-related suspicious activities or threats, and the FBI has not ensured that FBI offices comply with directives concerning the use of Guardian and the need to document the resolution of all incidents entered in Guardian. The number of Guardian entries varies greatly by field office, with two field offices accounting for 21 percent of the entries made by field offices. Also, as of August 2005, Guardian contained about 6,000 entries that showed no outcome of any follow-up or investigation. According to FBI officials, a new version of Guardian, scheduled to be deployed in March 2006, will enhance the FBI’s ability to search the database for maritime-related incidents. But the success of Guardian and the FBI’s ability to identify trends in suspicious incidents, including maritime-related incidents, is highly dependent on field agents using the system as required. Through our review of the FBI’s maritime-related intelligence reports, we identified useful initiatives at the FBI’s Chicago, Newark, and Seattle field offices. Chicago and Newark issue intelligence bulletins discussing maritime-related incidents to other federal, state, and local law enforcement agencies. A Seattle intelligence assessment used a weighted ranking system to evaluate whether a given maritime-related suspicious incident was indicative of pre-operational planning for a terrorist attack. We believe that the FBI should consider making greater use of these initiatives. Conclusions and Recommendations The FBI faces a difficult task in protecting the nation from all potential terrorist targets and methods, and seaports are just one type of critical infrastructure that requires protection. Yet due to the vulnerability of seaports and maritime activities to a terrorist attack, the FBI has a responsibility to not only provide the resources needed to ensure an adequate response capability and intelligence gathering and sharing, but also to contribute to an effective, coordinated government response to any maritime–related terrorist threat. The FBI recognizes the general threat of maritime-based terrorism due to the inherent vulnerability of seaports, and it has established a Maritime Security Program, assigned MLAs to many FBI field offices to coordinate with other agencies involved in securing the nation’s seaports (although the FBI should ensure that MLAs are assigned to the higher-risk locations), participates in Coast Guard-sponsored AMSCs, and has trained and equipped tactical assault forces and hazardous materials experts that can operate in the maritime domain. To ensure an effective federal government response to maritime terrorism, the overlapping responsibilities, jurisdictions, and capabilities of the FBI and the Coast Guard need to be sorted out before an incident occurs and not during an incident. Unfortunately, the MTSA and the MOTR plan have not eliminated the potential for interagency conflict and confusion in the event of a terrorist incident at a seaport or elsewhere in the maritime domain. The shared responsibility among the FBI, Coast Guard, and to a lesser extent CBP, to ensure the safety of U.S. seaports requires the FBI to update the 1979 MOU or otherwise come to agreement with the Coast Guard on each agency’s respective roles and authorities. Once such agreement is reached on incident command and related issues, the FBI should emphasize leading or participating in more interagency maritime-related exercises involving likely terrorism scenarios. Such exercises are important to identify and resolve any problems or misunderstandings over jurisdiction, incident command, communications, tactical operations, or other matters that might impede the swift and effective resolution of a maritime terrorist incident. In addition, the FBI should ensure that it gleans lessons learned and best practices from all interagency maritime-related exercises to help resolve any disputes, confusion, or communications problems and improve its response capabilities. The FBI has not specifically assessed the threat and risk of terrorism at U.S. seaports, although it is addressing aspects of seaport security in its intelligence gathering and reporting activities. However, in addition to assessing the threat and risk of maritime-based terrorism, the FBI’s Directorate of Intelligence should better track how the FBI’s field offices are addressing the FBI’s intelligence collection requirements pertaining to seaport security. The FBI is in the process of enhancing the search capabilities of its Guardian threat-monitoring database used to identify and track threats and suspicious activities, including those at seaports. However, the FBI needs to ensure that the database is more universally applied throughout FBI field offices and that the entries receive prompt follow-up or investigation. In our report, we make 18 recommendations to the FBI to help enhance the FBI’s contributions to the security of U.S. seaports. Among our recommendations are that the FBI: resolve potential role and incident command conflicts in the event of a maritime terrorist incident through joint exercises and, if necessary, a revised and broadened MOU with the Coast Guard; ensure that the Maritime Security Program has measurable objectives; assign MLAs based on an assessment of the threat and risk of a terrorist attack to critical seaports; prepare after-action reports after all maritime-related exercises and use the reports to identify and disseminate lessons learned and best practices; assess the threat and risk of maritime terrorism compared to other terrorist threats; focus intelligence reporting to more comprehensively address potential maritime-related terrorist targets and methods; and monitor the progress of operating divisions and field offices in answering intelligence collection requirements pertaining to seaports and maritime terrorism. Footnotes AMSCs, mandated by the Maritime Transportation Security Act, are comprised of federal, state, and local agencies as well as representatives of the shipping and port communities. Each committee is charged with assessing its port’s vulnerabilities and developing plans to meet security requirements.