...
New permit applications generally involve processing rigor commiserate with the value of the permit. Permits for fisheries with low economic opportunity and/or low risk to the public resource generally receive only nominal scrutiny. Permits for fisheries with high economic opportunity and/or high risk to the public resource receive considerable scrutiny. In many cases this involves confirming vessel ownership with the US Coast Guard, verifying participation in prior fisheries through previously submitted state or federal fish tickets or logbooks, confirmation of business ownership, etc.
Permit renewals generally receive little scrutiny.
Permit transfers receive scrutiny commiserate with the complexity of the relevant fisheries management plan. For the more complex fisheries management regimes, changes to permit ownership patterns may have ripple effects. In the absence of complex ownership rules, permit transfers might receive little scrutiny.
Threat and Vulnerability Identification
Vulnerability | Threat-source | Threat Action | Category of Harm | Likelihood | Impact |
|---|---|---|---|---|---|
Impersonation in registration and/or transactions | Common Criminal, Identity Thief | Impersonation using stolen identity credentials (registration credentials or NPS identity credentials) | Inconvenience, distress or damage to standing or reputation | Low: general criminals won't have subject area expertise to discover a fraud opportunity and there are probably much more attractive targets | Low: impersonated parties would be likely to notice quickly and when detected, the impact could be effectively mitigated |
Impersonation in registration and/or transactions | Disgruntled industry employee | Impersonation using stolen identity credentials (registration credentials or NPS identity credentials) | Inconvenience, distress or damage to standing or reputation | Moderate: an employee would have the means, but risk exposure is not significantly different in electronic transactions than it is in paper transactions | Low: impersonated parties would be likely to notice and when detected, the impact could be effectively mitigated |
Impersonation in registration and/or transactions | Competitor | Impersonation using stolen identity credentials (registration credentials or NPS identity credentials) | Inconvenience, distress or damage to standing or reputation | Low: a competitor might have an opportunity to profit from fraud, but risk exposure is not significantly different in electronic transactions than it is in paper transactions | Low: impersonated parties would be likely to notice and when detected, the impact could be effectively mitigated |
Repudiation to escape accountability | Customer (fisher or processor) | Signer claims "I didn't sign that" | Inconvenience, distress or damage to standing or reputation | Low: in most cases a customer who repudiated an e-signed document submission could then be prosecuted for failure to file the repudiated document | Low: agency might expend effort to resolve, but the distress would be limited and short-term |
|
|
| Financial loss or agency liability |
|
|
|
|
| Harm to agency programs or public interest |
|
|
|
|
| Unauthorized release of sensitive information |
|
|
|
|
| Civil or criminal violations |
|
|
|
|
| Inconvenience, distress or damage to standing or reputation |
|
|
|
|
| Financial loss or agency liability |
|
|
|
|
| Harm to agency programs or public interest |
|
|
|
|
| Unauthorized release of sensitive information |
|
|
|
|
| Civil or criminal violations |
|
|
|
|
| Inconvenience, distress or damage to standing or reputation |
|
|
|
|
| Financial loss or agency liability |
|
|
|
|
| Harm to agency programs or public interest |
|
|
|
|
| Unauthorized release of sensitive information |
|
|
|
|
| Civil or criminal violations |
|
|
|
|
| Inconvenience, distress or damage to standing or reputation |
|
|
|
|
| Financial loss or agency liability |
|
|
|
|
| Harm to agency programs or public interest |
|
|
|
|
| Unauthorized release of sensitive information |
|
|
|
|
| Civil or criminal violations |
|
|