Last week, the Department of Homeland Security and the Society of Chemical Manufacturers and Affiliates (as Chemical Sector Coordinating Council) co-hosted a two-day summit on “Chemical Sector Security.” The conference brought together industry groups, individual companies and government agencies to discuss the laws, regulations and pending initiatives relating to physical and data security of chemical facilities and industries. Several developments and issues are of particular interest:
- Suzanne Spaulding, DHS Deputy Undersecretary for the National Protection and Programs Directorate, noted that physical and cyber security are “inextricably linked” and must be addressed accordingly. She also stressed that public/private information-sharing must occur in both directions and emphasized efforts currently underway in DHS to improve the process. Others on the panel described the physical and cyber threats to owners and operators in the chemical sector, their proprietary information and industrial control systems. Recommended measures include planning and identification of response capabilities, incident response “playbooks” based on geography, and exercises to test the implementation of these measures.
- David Wulf, Director of the Infrastructure Security Compliance Division, reported on the progress of the Chemical Facility Anti-Terrorism Standards (CFATS) and the effort to obtain permanent authorization of the program in Congress. Compliance inspections for those facilities having approved Site Security Plans will begin in September 2013 or one year after approval. Some issues that have not been resolved include the tiering assignments for gas terminals, and the rules applicable to purchasers and sellers of ammonium nitrate.
- The Alternate Security Plan (ASP) process provides a more flexible approach to CFATS compliance. DHS evaluators and industry security representatives stressed the need to address all 18 Risk Based Performance Standards (RBPS) in an ASP, but also noted the potential efficiencies and cost-savings presented by this process. Use of the American Chemistry Council’s ASP guidance and template was strongly encouraged.
- The Personnel Surety Program (RBPS 12) continues to evolve since the Federal Register notice that was published March 22, 2013. DHS has withdrawn the Information Collection Request it submitted to the Office of Management and Budget, and engaged with the chemical and oil and gas sector coordinating councils and security partners to refine the process that will address both anti-terrorism requirements and the need to permit facility access to contractors and others having a valid need to visit.
Issues relating to chemical facility security apply not only to “traditional” chemical companies, but also to agricultural producers and retailers, semiconductor manufacturers, and liquefied petroleum sites. One DHS executive noted a recent inspection of a pistachio processing plant as an example of the broad applicability of the program. Another indication was a panel that included representatives from the Environmental Protection Agency, Occupational Safety and Health Administration, Bureau of Alcohol, Tobacco and Firearms, and U.S. Coast Guard (which administers the DHS implementation of the Maritime Transportation Security Act). One or more of these agencies may have a role in chemical security for a given facility depending on its location, function and use of chemicals.
While CFATS is an evolving program with numerous regulatory requirements, it can also improve security, efficiency and employee safety if implemented effectively at facilities that fall under its purview. Government and industry resources can assist compliance programs and resources such as the Homeland Security Information Network that can complement corporate risk management processes. This summit demonstrated that, while much work remains to be done, there is significant potential for process improvement and efficiencies.