Transcript Slide 1
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Chemical Facility Anti-Terrorism Standards Update Ohio Chemical Technology Council November 12, 2013 Chemical Facility Anti-Terrorism Standards The Chemical Facility Anti-Terrorism Standards (CFATS) regulatory program focuses specifically on security at high-risk chemical facilities – The CFATS program identifies and regulates highrisk chemical facilities to ensure they have security measures in place The Department works closely with the private sector and industry to assess risks, implement protective programs, and measure effectiveness – Facilities must meet and maintain performancebased security standards appropriate to the facilities and the risks they pose Source: DHS 2 Origins in a Post-9/11 World For decades, chemical facilities were safe, but not necessarily secure – Post 9/11 paradigm shift to security – However, many chemical facilities did not voluntarily invest sufficiently in security Senator Corzine proposed Federal legislation six weeks after 9/11 – Vehemently opposed by industry; failed to pass Pittsburgh Tribune-Review expos – Throughout 2002 & 2003, Reporter Carl Prine walked into chemical facilities around the country with a smile and wave 60 Minutes story (6/13/04) – Steve Kroft & Carl Prine walked into many of the same plants, this time with cameras – Public groundswell arose for action Pittsburgh Tribune-Review available at Newseum.org Images of Kroft and Pine available on PBS.org 3 Legislative Development DHS agreed that chemical facility security legislation should be a top priority – A successful attack on one of many chemical facilities could cause significant loss of human life – Immediately post-9/11, many chemical facilities had woefully insufficient security – Simply relying on voluntary industry security efforts was not having a sufficient effect Many Congressmen heeded the call, and various bills were introduced – Legislation was supported by the public, Congress, and even industry – Multiple detailed bills were proposed but no agreement was reached On October 4, 2006, President Bush signed House Homeland Security Appropriations Bill, which included a provision to give DHS regulatory authority over “high-risk chemical facilities” To implement this new authority, the Department developed the Chemical Facility Anti-Terrorism Standards (CFATS), 6 CFR Part 27 4 Guiding Principles of the CFATS Program Not all chemical facilities present the same level of risk – The most scrutiny should be focused on those that, if attacked, could endanger the greatest number of lives, have the greatest economic impact, or present other significant risks Facility security should be based on reasonable and clear performance standards – Facilities should be given flexibility to select site-specific security measures that will effectively address those risks Recognize the progress many responsible companies have made to date and build on that progress Security measures should never compromise safety measures Chemical facility security risks should not be transferred to surrounding communities 5 Who Is Regulated? Whether CFATS applies to a facility depends on the facility’s unique characteristics, starting with the quantity of Chemicals of Interest (COI) the facility possesses. Potential regulation is not based on the facility type, meaning that many different types of facilities may be subject to CFATS, including: – Chemical manufacturers – Warehouses and distributors – Oil and gas operations – Hospitals – Semi-conductor manufacturers – Colleges and universities Congress did exempt several types of facilities from regulation: – Facilities regulated under the Maritime Transportation Security Act (MTSA) or regulated by the Nuclear Regulatory Commission (NRC) – Facilities owned or operated by the Departments of Defense or Energy – Public water systems and water treatment works 6 CFATS Process Initiate CFATS Process Complete Top-Screen Complete SVA or ASP Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Facility with Chemicals of Interest (COI) at or above the Screening Threshold Quantity (STQ) recognizes the need to submit a TopScreen and completes CVI training and CSAT user registration. CFATS Help Desk registers the facility and provides a user ID and password. Facility completes Top-Screen, identifying chemicals and quantities and providing other relevant information. DHS reviews TopScreen information and determines the facility's Preliminary Tier status or determines that facility is not high risk. DHS sends facility a Preliminary Tier letter and deadline for completing a Security Vulnerability Assessment (SVA) or an Alternative Security Program (ASP for Tier 4 facilities, if they choose). If DHS has determined that the facility is not high risk, the facility is sent a letter releasing it from further regulation. Covered (high-risk) facility completes an SVA or ASP to provide more detailed information about COI and vulnerability to attack. SVA/ASP Review Step 7 DHS reviews SVA or ASP information provided and determines either the facility’s Final Tier or that facility is not high risk. Complete SSP or ASP Step 8 DHS notifies the facility of its final status, and tiered facilities are provided deadlines for completing an Site Security Plan (SSP) or ASP. Step 9 Facility completes an SSP or ASP detailing sitespecific security measures to satisfy applicable RiskBased Performance Standards. Authorization Step 10 DHS reviews SSP or ASP and (a) issues an authorization letter for SSP or ASP and schedules an inspection or (b) issues notice to resolve deficiencies. Failure to resolve deficiencies may result in disapproval. Inspection & Approval Step 11 Step 12 DHS conducts authorization inspection, reviews all available information, and either issues a Letter of Approval for the SSP or ASP or issues notice to the facility to resolve deficiencies. Failure to resolve deficiencies may result in disapproval. If SSP or ASP is approved, DHS conducts compliance inspections on a regular and recurring basis to verify continued compliance with the approved SSP or ASP. Risk-Based Performance Standards RBPS guidance, though non-prescriptive, exemplifies security measures that covered facilities may wish to consider when developing SSPs or ASPs. Facilities are free to include other measures in their SSPs or ASPs, provided such measures satisfy applicable RBPS. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Restrict area perimeter Secure site assets Screen and control access Deter, detect, delay Shipping, receipt, and storage Theft and diversion Sabotage Cyber Response Monitoring 11. 12. 13. 14. 15. 16. 17. 18. Training Personnel surety Elevated threats Specific threats, vulnerabilities, or risks Reporting of significant security incidents Significant security incidents and suspicious activities Officials and organization Records 8 Program Status: Covered Facilities DHS has received over 46,000 Top-Screens. Of the Top-Screens received and analyzed, DHS issued preliminary tier notification and SVA due dates to over 8,500 facilities. DHS has received over 8,500 SVAs and has reviewed nearly all of them. As of November 4, 2013, CFATS covers 4,321 facilities (3,398 final tiered facilities, 923 preliminarily tiered facilities) across all 50 states. Tier Final Tiered Facilities Facilities Awaiting Final Tier 1 110 12 2 359 50 3 1032 174 4 1897 687 Total 3398 923 All statistics are current as of November 4, 2013 9 Program Status: Other Results Since the program’s inception, more than 3,000 facilities have voluntarily removed or reduced the onsite quantity of chemical of interest (COI), or modified their processes, to the point that they are no longer considered high-risk 10 Progress on CFATS Implementation The Department is working to continuously strengthen the CFATS program and improve its implementation Progress in the last year includes: – Improving the SSP/ASP review process and increasing the pace of SSP/ASP reviews and approvals – Engaging industry in the development of ASP templates – Instituting corporate security reviews – Completing an external peer review of the CFATS risk assessment methodology – Publishing a Federal Register 60- Day Notice on the Personnel Surety Program. The Notice closed on June 4, 2013 – Conducting the first Compliance Inspection in September Upcoming: – 30-Day Personnel Surety Notice in the Federal Register 11 Executive Order on Chemical Safety and Security On August 1, 2013, the President issued an Executive Order to improve the safety and security of chemical facilities and reduce the risks of hazardous chemicals to first responders, workers, and communities. The Executive Order directs the Federal Government to: – – – – Improve operational coordination with state and local partners; Enhance federal agency coordination and information sharing; Modernize policies, regulations and standards; and Work with stakeholders to identify best practices. DHS, along with the Environmental Protection Agency (EPA) and the Department of Labor (DOL), are serving as co-chairs for the Chemical Safety and Security Working Group. Federal agencies have formed subworking groups and begun implementing actions of the Executive Order. More information can be found at http://www.whitehouse.gov/the-pressoffice/2013/08/01/executive-order-improving-chemical-facility-safety-andsecurity 12 Executive Order Improving Chemical Facility Safety and Security EO Listening Sessions November 5, 2013 Texas City, Texas November 15, 2013 Washington, DC November 19, 2013 Springfield, IL November 25, 2013 Webinar December 4, 2013 Hamilton, NJ December 11, 2013 Orlando, FL December 16, 2013 Webinar Week of January 8, 2014 California (Tentative) January 14, 2014 Washington, DC Week of January 20, 2014 Houston, TX (Tentative) Comments and questions are also being collected through submission to [email protected] 13 Learn More About CFATS CFATS Web site: For CFATS Frequently Asked Questions (FAQs), and other useful CFATSrelated information, please go to www.dhs.gov/chemicalsecurity. Presentations and Conferences: DHS is interested in participating in events to provide information and updates on the CFATS program– request a presentation or a chemical security conference booth by e-mailing DHS at [email protected]. CFATS Help Desk: DHS has developed a CFATS Help Desk that individuals can call or email with questions on the CFATS program. – Toll-Free number: 1-866-323-2957; e-mail address: [email protected]. 14 For more information visit: www.dhs.gov/criticalinfrastructure Frank Blair Chemical Security Inspector, ISCD [email protected]