Potential adversaries are opportunistic and will attempt to exploit existing vulnerabilities, choosing the time and place to act according to the weaknesses they observe. Private owners and operators of infrastructure, facilities, and resources are the first line of defense for their own property, and they should undertake basic facility security improvements. They can improve their defenses against terrorist attacks and criminal acts by embedding into their business practices scalable security measures that reduce systemic or physical vulnerabilities. The elimination of security weaknesses depends upon incorporating best practices and establishing centers of excellence, including feedback loops for lessons learned, as well as a periodic review of each country's security standards for mutual compatibility.

　

 A close partnership between government and the private sector is essential to ensuring critical infrastructure and key resource vulnerabilities are identified and corrected quickly. Since 2001, the United States Government has developed and implemented a cargo container security strategy to identify, target, and inspect cargo containers before they reach U.S. ports. Under this strategy, the United States Government uses intelligence to review information on 100 percent of all cargo entering U.S. ports, and all cargo that presents a risk to our country is inspected using large x-ray and radiation detection equipment.

　

 Additionally, the United States Government requires that advance information about all containers be given to U.S. Customs and Border Protection well before they arrive. In fact, the information is required 24 hours before cargo is loaded onto vessels at foreign seaports (24-Hour Rule). Containers posing a potential terrorist threat are identified and targeted before they arrive at U.S. seaports by the National Targeting Center (NTC). The NTC was established as the centralized coordination point for all of Customs and Border Protection's anti-terrorism efforts. NTC uses intelligence and terrorist indicators to review advance information for all cargo, passengers, and imported food shipments before arrival into the United States. NTC coordinates with other Federal agencies such as the U.S. Coast Guard, Federal Air Marshals, FBI, Transportation Security Administration, and the Departments of Energy and Agriculture, as well as the intelligence community.

　

 Both the government and the private sector will continue to conduct vulnerability assessments to identify defenses that require improvement. A consistent risk management approach, which requires a comprehensive assessment of threat, likelihood, vulnerability, and criticality, will allow the private sector to invest in protective measures as a supporting business function.

　

 Further reduction in security vulnerabilities will also occur by encouraging the private sector, by means of outcome-based security standards, incentives, and market mechanisms, to conduct comprehensive self-assessments of their supply chain security practices; adhere voluntarily to baseline security criteria; and implement other regulatory security measures as deemed necessary by the Department of Homeland Security. Enhanced reporting, verification, and compliance procedures by the private sector, as well as the use of technology to allow greater visibility into the supply chain, will enable the government to develop more accurate processes for separating high-risk cargo from that which can be afforded expedited clearance. In exchange, the shipments of firms that comply will be eligible for expedited clearance and have a reduced likelihood of inspections at departure, transshipment, and arrival ports.

　

 The complexity of the process for handling containerized shipments makes it more difficult to embed security practices and reduce vulnerabilities than for other types of cargo. Container ships carry cargo for thousands of companies, and the containers are loaded individually away from the port. Each transfer of a container from one party to the next is a point of vulnerability in the supply chain. The security of each transfer facility and the trustworthiness of each company are therefore critical to the overall security of the shipment. Cargo must be loaded in containers at secure facilities and the integrity of the container maintained to its final destination. Supply chain personnel will employ various methods to prevent the misuse of containers and conveyances for transporting illegal commodities, as well as to detect tampering. They will report the occurrence of each incident to the Department of Homeland Security and, when appropriate, resolve such incidents prior to the arrival of the identified containers in the United States.

　

 Embedding security practices and vulnerability reduction efforts into commercial practices rests upon the implementation of key legislation, such as the Maritime Transportation Security Act of 2002 and the Trade Act of 2002, as well as International Maritime Organization requirements such as the International Ship and Port Facility Security Code, and public-private partnerships such as the Customs-Trade Partnership Against Terrorism. The United States will build upon these statutes, international instruments, and identified best practices to develop a program of formal maritime security governance.

　

 Commercial businesses must put in place effective means to control access to their facilities. In cooperation with the private sector, the United States will establish a system-wide common credential for use across all transportation modes by individuals requiring unescorted physical access to secure, restricted, and critical areas of the maritime domain. The identification card for access will use biometrics to link the person to the credential definitively. To receive this credential, individuals will undergo appropriate background checks. Credential services will also be available on a voluntary basis for frequent travelers under various registered traveler programs.

　

 Overly restrictive, unnecessarily costly, or reactionary security measures to reduce vulnerabilities can result in long-term harm both to the United States and global economies, undermine positive countermeasures, and unintentionally foster an environment conducive to terrorism. Security measures must accommodate commercial and trade requirements, facilitate faster movement of more cargo and more people, and respect the information privacy and other legal rights of Americans. To support the accelerating growth of global commerce and security concerns, security measures must: (1) be aligned and embedded with supply chain information flows and business processes; (2) keep pace with supply chain developments; (3) optimize the use of existing databases; and (4) be implemented with the minimum essential impact on commercial and trade-flow costs and operations. This will require new and enhanced partnerships, as well as cost- and burden-sharing between the private and public sectors.

　

　

 The ability to achieve maritime security is contingent upon a layered security system that integrates the capabilities of governments and commercial interests throughout the world. The public and private sectors acting in concert can prevent terrorist attacks and criminal acts only by using diverse and complementary measures, rather than relying upon a single point solution. Specifically, a layered approach to maritime security means applying some measure of security to each of the following points of vulnerability: transportation, staff, passengers, conveyances, access control, cargo and baggage, ports, and security en route. This layered security is not static, but deters attack by continually evolving through calculated improvements that introduce uncertainty into the adversary s deliberate planning process and efforts to conduct surveillance or reconnaissance. In deciding whether to implement a new security layer, the United States must take into account its effectiveness and cost in reducing risks Americans face, both in absolute terms and relative to other possible measures, and must ensure consistency with the information privacy and other legal rights of Americans.

　

Physical protection is a fundamental layer of security. Primary protection measures by government agencies include maritime security or enforcement zones, vessel movement control, and the inspection of targeted cargo. Security zones are established and enforced around designated fixed facilities, certain vessels in transit, and sensitive geographic areas to provide an exclusion zone for controlled access and use only by the government. Mound these zones, the private sector employs other layers of physical security, such as access barriers, fencing, lighting, surveillance cameras, and guards, along with oversight procedures, to ensure system integrity for the critical infrastructure and key resources that they own and operate. Security standards and procedures employed in the United States are developed in conjunction with other nations and industry, and are shared with State, local, and tribal governments.

　

 Physical cargo inspection adds another layer of security. With as many as 30,000 containers entering the United States every day, physical inspection of all cargo would effectively shut down the entire U.S. economy, with ripple effects far beyond the seaports. Inspections on this scale are prohibitively expensive and of ten ineffective. Using mandatory reporting information provided by the private sector, the United States will screen all inbound cargo and inspect all cargo designated as high-risk and ideally prescreen it before loading. In addition, all inbound cargo will be screened for WMD or their components. Establishment of the Domestic Nuclear Defense Office will contribute to improving the detection of a nuclear device or fissile or radiological material entering the United States through the maritime domain.

　

 Interdiction of personnel and materials that pose a threat to the United States or the maritime domain is an essential layer of security. Interdiction, whether against terrorist personnel, terrorist materiel support, WMD, or other contraband, will be carefully coordinated to ensure prioritization of intelligence, proper allocation of resources, and, when necessary, swift, decisive action. The United States, along with its international partners, will monitor those vessels, cargoes, and people of interest from the point of origin, through intervening ports, to the point of entry to ensure the integrity of the transit, to manage maritime traffic routing, and, if necessary, to interdict or divert vessels for inspection and search. The United States will promote efforts to enhance the efficiency and effectiveness of detecting and determining the status of unidentified or unauthorized vessels, people, and cargo within the maritime domain.

　

 Military and law enforcement response provides a fourth security layer. For maritime security operations on the high seas or in its exclusive economic zones, territorial seas, internal seas, inland rivers, ports, and waterways, the United States must have well-trained, properly equipped, and ready maritime security forces from both the U.S. Armed Forces and national, regional, State, and local law enforcement agencies to detect, deter, interdict, and defeat any potential adversary. For protection and deterrence to be successful, maritime security forces must be visible, vigilant, well-trained, well-equipped, mobile, adaptive, and capable of generating effective presence quickly, randomly, and unpredictably.

　

 In many instances each layer of maritime security is the responsibility of a different agency with multiple jurisdictions and functions. Integrating these disparate maritime security layers requires a clear delineation of roles and responsibilities and cannot be achieved through cooperation alone. In particular, to achieve unity of effort and operational effectiveness, maritime security forces from both the U.S. Armed Forces and law enforcement agencies must have the capability and authority to operate in mutually supporting and complementary roles against the spectrum of expected security threats. These security forces must have a high degree of interoperability, reinforced by joint, interagency, international training and exercises to ensure a high rate of readiness, and supported by compatible communications and, where appropriate, common doctrine and equipment.