Friday, July 3, 2015

PSP Congressional Mandate vs ISCD ICR

Last month I reported that ISCD Director Wulf had announced (in response to my question) during the most recent EO 13650 update that he expected the OMB’s Office of Information and Regulatory Affairs (OIRA) to approve the pending CFATS Personnel Surety Program (PSP) information collection request (ICR) sometime in the near future. He then noted that the DHS Infrastructure Security Compliance Division would then publish a guidance document outlining how Tier I and Tier II facilities would be implementing the PSP requirements.

I was surprised to hear this as I had assumed (as had most people) that the PSP requirements outlined in the new 6 USC 622 requirements from HR 4007 would have killed the current PSP program and would have required ISCD to re-start the ICR process. I am pretty sure that that was the intention of Rep. Meehan (R,PA) when he introduced HR 4007 in February of 2014, just after the 30-day ICR notice was published.

Proposed PSP Process

First let me go back and review what the PSP ICR outlined for the vetting of personnel against the Terrorist Screening Database (TSDB). ISCD outline three options that a facility would have to complete the vetting process on all facility employees (and that could include contractors at the facility’s option):

OPTION 1 – Direct vetting;
OPTION 2 – Use of vetting conducted under other DHS programs; and
OPTION 3—Electronic verification of TWIC

Actually, there is a fourth option described in the ICR. Facilities could suggest alternative methods of vetting personnel which would be reviewed by ISCD on a case-by-case basis. In this post I’ll call that Option 4.

Option 1

This is fairly uncontroversial, but the most time consuming option. The facility would have to enter into the on-line Chemical Security Assessment Tool (CSAT) into a new tool that will be released presumably after the guidance document is issued. For US citizens and legal permanent residents the information required would be:

Full Name
Date of Birth
Citizenship or Gender (Gender for US citizens)

Provisions would be made in the CSAT PSP Tool to provide additional, optional information to reduce the possibility of false positives. Facilities could enter this information or they could designate a 3rd party to submit the information for them. ISCD has also said that they would set up a system for bulk-upload of this data rather than just requiring manual data entry in the CSAT PSP Tool.

The only place where Option 1 conflicts with the new law is the requirement at §622(d)(2)(B)(i)(II)(aa) that requires a facility to accept the presentation of a DHS vetted credential from a covered individual which then preempts the requirement to provide information on those individuals to the PSP. I suppose that this would be easy enough to address in the guidance document.

Option 2

This is where the most dramatic conflicts with the new statute would apparently occur. For individuals with other credentials that include DHS vetting against the TSDB (including TWIC, HME and various Trusted Traveler Programs) ISCD proposed to require facilities to report much the same information as in Option 1 with the addition of the document number of the credential which substantiates the TSDB vetting.

This option has drawn the ire of many in the industry and Congress. The opposition insists that the mere presentation of the credential (and probably copying it for records sake) should satisfy the vetting requirement and no information should be submitted to DHS. This certainly seems to be the intent §622(d)(2)(B)(iii)(I).

ISCD has in the past responded that the information that it is requiring to be submitted to the CSAT Tool is not being used to vet the individuals against the TSDB, they are simply going to use the information to ensure that the credential being used is valid and current. This is the problem with all of the credentials being used under Option 2 (with the potential exception of the TWIC); the casual observer has no way to validate the credential or ensure that it has not been withdrawn because of subsequent investigative data.

The statute addresses this in §622(d)(2)(B)(i)(II)(bb). It requires facilities to outline in their site security plan (or authorized alternative) “the measures it will take to verify that a credential or documentation from a Federal screening program described in subclause (I) is current”. This requirement is where ISCD has an out to continue to use Option 2. Facilities could voluntarily use Option 2 as the way they fulfill the requirement described above. Facilities wishing to use some other method of verifying the credential data would annotate that in their plan, effectively Option 4. ISCD is, of course, capable of invalidating the designated process if it proves to be inadequate leaving the facility to revise Option 4 or use one of the other options.

Personally, I don’t think that there is an alternative method for facilities to verify these other credentials (other than TWIC which I’ll discuss in Option 3), so facilities are going to be forced to use Option 2 for any employee that offers one of these credentials. If any of my erudite readers knows of a legitimate verification option, please let me know.

Option 3

This option addresses the credential verification and validation process for Transportation Workers Identification Credentials (TWIC). TWICs were designed to be verified and validated on site through the use of a TWIC reader. It was originally envisioned that each MTSA covered facility or vessel would check the TWIC with a TWIC reader each time the holder entered the facility. This has yet to be required since the Coast Guard has yet to issue their final rule on TWIC Readers.

The CFATS PSP would not require daily checking of the TWIC. The ICR does not, in fact, say anything about how often TWICs should be checked. But in keeping with the requirements of the new statute, ISCD will not be requiring the submission of any information on individuals if their TWIC has been electronically verified.

Moving Forward

It looks like it would be possible for the PSP outlined in the ICR submitted to OIRA on February 10th, 2014 to be interpreted as meeting the requirements of 6 USC 622. We would still need to see the guidance document and the new CSAT Tool instruction manual to know that ISCD has included the necessary caveats and instructions so that it does not run afoul of the congressional mandate.


I am fairly certain that the legal staff at DHS is fully capable of ensuring that those documents will be appropriately worded. If not, there will almost certainly be law suits from a number of organizations to point out the errors of their ways.

HR 2886 Introduced – V2V Research

Last week Rep. Lipinski (D,IL) introduced HR 2886, the Future Transportation Research and Innovation for Prosperity (Future TRIP) Act. This is a comprehensive bill establishing research requirements for the Department of Transportation to support the development, deployment and regulation of vehicle to vehicle (V2V) communications.

The bill covers a wide variety of topics, including:

Automated and connected vehicle research initiative.
University transportation centers program.
Office of science and technology policy working group.
Research and technology development and deployment amendments.
State planning and research additional purposes.
Bureau of transportation statistics.
National cooperative freight transportation research program.
Commercial remote sensing products and spatial information technologies.
Transportation research and development strategic planning.
Centers for surface transportation excellence.

Readers of this blog are going to be principally interested in two areas of discussion that are found within this bill; cybersecurity and hazmat transportation.

Cybersecurity

Section 2 of the bill requires the Secretary of Transportation to establish an Automated and Connected Vehicle Research Initiative. Part of the research agenda for that initiative would be a requirement to look at potential deployment guidance for the V2V program. The section directs that cyber-physical security would be included in that guidance.

In §2(h) the Secretary is directed to “establish a competitively selected Intelligent Transportation Systems Science & Technology Center”. Part of the purpose of that Center would be to train “the next generation of the transportation workforce” {§2(h)(3)}in cross-disciplinary fields, including cybersecurity.

And finally, in §2(i) the bill requires the Secretary to report to Congress about progress made under this Act. One of the topics in that report would be guidance on “the relationship of the proposed deployment of connected and automated vehicles to the national architecture and standards and protocols” required under 23 USC 517 {§2(i)(4)}. That guidance is to be based upon:

Cyber-physical security and privacy; and
Examines the interaction with other cyber-physical systems

Hazmat Transportation

One of the key goals of the V2V program envisioned in this bill it an increase in efficiency in road-based freight transportation by being able to safely increase the density and flow of over-the-road transportation. To support that §8 of the bill would add a new §509 to 23 USC. It would require the Secretary to establish a national cooperative freight transportation research program. The research agenda supporting that program would include “an emphasis on the safe and efficient transportation and handling of hazardous materials by all modes of transportation” {new §509(b)(1)(A)}.

Moving Forward

Lipinski is the Ranking Member of the Research and Technology Subcommittee of the House Science, Space and Technology Committee, so he almost certainly has the pull to get the bill considered by that Subcommittee. Interestingly, he is also a member of the Highways and Transit Subcommittee in the House Transportation and Infrastructure Committee, the other Committee that has been given the bill to consider. It looks like he may be uniquely positioned to help move this bill through both committees.

This is a complex bill but one that is probably high on the agenda for many organizations in the automotive industry. This is one of those bills that, if it makes it to the floor of the House (and that is not a given at this point) it will probably have to be considered under a Rule as I would suspect that there would be a desire to amend the bill on the part of a number of Members.

Commentary

While the topic of cybersecurity is mentioned in a number of places in this bill, I’m not sure that there is really enough emphasis on the topic. For example, in the list of agencies with which the Secretary is required to consult with in establishing the Research Initiative in §2, an agency that is strangely absent is DHS which is responsible for cybersecurity. I would really like to see either US-CERT, ICS-CERT or at least the DHS Office of Cybersecurity and Communications included on that list.

Because cybersecurity should be an important component of the V2V initiative I would have liked to see a specific research initiative set up to look at the issues of communications security, device security and most importantly cybersecurity patching. It is unlikely that individual car owners would be watching government web sites for vulnerability announcements and most would be unable (and more over un-willing) to deal with firmware updates. This is a study issue that should be addressed in this bill.


In the freight transportation realm we have an interesting possibility of being able to solve one of the long standing problems for first responders coming upon a freight related accident, telling what hazardous materials may be involved in the incident. It would be a good idea to include in the freight transportation research program a requirement to look at using V2V technology to provide manifest and Safety Data Sheet data to first responders directly from the vehicle communication system.

DHS Announces ISAO Workshop

Today the DHS Office of Cybersecurity and Communications (OCC) published a meeting notice in the Federal Register (80 FR 38453-38454) for a public workshop concerning Information Sharing and Analysis Organizations (ISAO). The public meeting will be held in San Jose, CA on July 30th [date corrected, 07-03-15 10:20 CDT].

No agenda is currently available for this meeting. Advance registration is required, but the RSVP link mentioned in the notice does not yet exist. Public comments about this program may be submitted via the Federal eRulemaking Portal (www.Regulations.gov; Docket # DHS-2015-0017).

Commentary

This will be the third ISAO workshop being held by DHS since the publication of  EO 13691; Promoting Private Sector Cybersecurity Information Sharing. I mentioned the second in an earlier post and noted that like this meeting announcement there had been no agenda provided in the meeting notice. Even though that meeting was held on June 9th, there is still no meeting agenda provided for that meeting on the ‘ISAO Engagements’ page. There is more information available on the first meeting that was held in March.

All in all the OCC seems to be doing a really bad job of information sharing about this new program. It makes me wonder about how much commitment and support this program is receiving in DHS.

BTW: DHS does have an $11 Million dollar grant available for developing standards for ISAO’s. The application period closes on July 17th, 2015. There is no direct link to the grant opportunity notice (DHS-15-NPPD-128-001), but here are the directions on how to get to the site:


A Notice of Funding Opportunity (NOFO) for the ISAO Standards Organization Cooperative Agreement has been created and posted online to Grants.gov. To locate the NOFO and application package, please visit http://www.grants.gov/web/grants/search-grants.html and search “97.128” in the CFDA Number search bar on the top left of the page. The Funding Opportunity Number is DHS-15-NPPD-128-001.

Thursday, July 2, 2015

Acrylonitrile Train Fire Update – Afternoon 7-2-15

We are still a long way from know all of the details about this accident, but thanks to some detailed reporting from a local TV station and a local paper there is now an abundance of information including photos of the burning rail car.

It is now apparent that there is a single rail car involved and it is still on the tracks (though CSX is still technically calling it a derailment). The preliminary cause of the incident appears to be that a broken train axle punctured the acrylonitrile tank and produced sparks that started the leaking liquid on fire. See the photo here of where the accident actually happened.

The train car continues to leak feeding the small pool of flames (see photo here). The local fire department (almost certainly in consultation with CSX) have decided to let the fire burn until the leak stops. This will reduce the potential environmental effects from the acrylonitrile spill. Local authorities are already advising against drinking from local wells until the problem is resolved.

FRA inspectors are already on site, but will not be able to really start their investigation until the fire burns out.


I made the comment in my earlier post about the combustion byproducts for acrylonitrile. Those comments assumed complete combustion in a hot fire from a major spill. In the small scale fire like the one we are seeing in this case the combustion is not necessarily complete and there may be significant amounts of cyanide produced. News reports indicate that some of the first responders in the hospital may be suffering from cyanide exposure.

PHMSA Announces Pipeline Risk Modeling Workshop

Today DOT’s Pipeline and Hazardous Material Safety Administration (PHMSA) published a meeting notice in the Federal Register (80 FR 38266-38267) for a risk modeling methodologies workshop to be held in Washington, DC on September 9th, 2015. The longer than normal advance notice is due to the fact that PHMSA is also soliciting abstracts from potential presenters at the workshop on the topic of relevant engineering and technical modeling considerations related to advancing pipeline risk models, and risk modeling methodologies used in other non-pipeline applications.

PHMSA is not satisfied that current pipeline risk management models are adequate to the task of identifying ways to reduce risks. In this request for abstracts PHMSA is interested in engineering and technical modeling considerations including;

Quantitative and semi-quantitative risk approaches;
Interacting integrity threats;
Applicability to evaluating preventive measures and mitigative measures;
Availability of data to support identified risk modeling approach;
Risk models;
Approaches to pipeline facility risk;
Investigative performance of the example potential approach;
Adaptation of model approaches from non-pipeline systems; and
Cost.


Authors will need to submit their abstracts vis the Federal eRulemaking Portal (www.Regulations.gov; Docket # PHMSA-2015-0139) and send an email to Kenneth Lee (Kenneth.lee@dot.gov) by July 15, 2015.


PHMSA is also soliciting public comments on the topic. Those comments may also be submitted to the above docket.

Acrylonitrile Train Fire

The latest train accident involving chemicals occurred last night just after midnight CDT. As usual, early news reports (here, here, and here) are sketchy and contradictory. Apparently a train car carrying acrylonitrile is on fire outside of Maryville, TN. Local residents have been evacuated and some first responders may be in the hospital for exposure related problems.

I wouldn’t be mentioning this accident quite this early except for one interesting report via Good Morning America (ABC):

“Despite initial reports that train cars derailed, there was no derailment and the fire only involved one car, Blount County Sheriff’s spokeswoman Marian O’Briant said.”

It is VERY unusual for a moving rail car to catch fire without derailing.

In the case of acrylonitrile (and many other toxic chemicals) a burning railcar (if the fire can be limited to just that car) may actually be better than a leaking railcar. The combustion products would be the normal CO, CO2, NOx that, while not pleasant or safe, are much less hazardous than acrylonitrile.


I think that we may be watching the news on this accident for a while.

Wednesday, July 1, 2015

S 1626 Introduced – Rail Safety

NOTE: I did not report this bill when it was introduced on June 18th because the introduction title clearly stated that it was a bill to “reauthorize Federal support for passenger rail programs”. I should have gotten suspicious about the “and for other purposes” tagged on at the end of the title. Then, listening to the Senate Commerce, Science and Transportation business meeting on June 25th, it became clear that the bill also included crude oil train provisions.

Two weeks ago Sen. Wicker (R,MS) introduced S 1626, the Railroad Reform, Enhancement, and Efficiency Act. The vast majority of the bill deals with passenger rail issues which I don’t intend to cover in this blog. There are, however, three sections in Title IV, Rail Safety, that do directly apply to freight railroads. Those sections deal with:

Confidential close call reporting system;
Technology implementation plans; and
Emergency response.

Confidential Close Call Reporting System

Section 402 would require the Secretary of Transportation to establish regulations to “encourage and facilitate the voluntary participation of railroad carriers, railroad carrier contractors, and employees of railroad carriers or railroad carrier contractors… in a confidential close call reporting system” {§402(a)}. Generally speaking this would be patterned after the aviation community’s close call reporting system. There are a lot of details involved that I don’t intend to go into.

Technology Implementation Plans

Section 407 would amend 49 USC 20156(e)(4) by adding a new subparagraph (c).  This would require each carrier required to submit a positive train control (PTC) plan to “analyze and, as appropriate, prioritize technologies and practices to mitigate the risk of overspeed (sic) derailments”. While this would appear to be a specific reaction to the latest Amtrak accident, it would directly affect all of the Class 1 railroads who are also implementing PTC; actually implementing PTC over more track than the passenger rail operations.

Emergency Response

Section 409 would require the Secretary to conduct a study to “determine whether limitations or weaknesses exist in the emergency response information carried by train crews transporting hazardous materials” {§409(a)}. Specifically the study will look at any differences between the current PHMS Emergency Response Guide (ERG) Book and the emergency response information carried by train crews. The inevitable report to congress on this study is supposed to include recommendations for legislative actions.

Committee Mark-Up

As I mentioned earlier this bill was marked up by the Senate CST Committee last week with a number of amendments offered and approved by voice votes with no discussion. Two of those amendments added requirements specifically affecting freight railroads; an amendment by Chairman Thune (R,SD) and an amendment modifying that amendment offered by Sen. Manchin (D,WV).

The Thune amendment (and the subsequent Manchin amendment) added a new Subtitle C, Hazardous Material by Rail, to Title IV. Some of the sections in this subtitle only apply to passenger railroads (I know, it doesn’t make sense) so I will ignore those, but those actually dealing with hazmat shipments by rail include:

Real-time emergency response information;
Thermal blankets;
Comprehensive oil spill response plans;
Hazardous materials by rail liability study;
Study and testing of electronically controlled pneumatic (ECP) brakes; and
Modification reporting.

Real-Time Emergency Response Information

Section 431 would require the Secretary to establish regulations for Class 1 railroads to “generate accurate, real-time and electronic train consists” {§431(a)(1)(A)}. Those railroads would also have to enter into a memorandum of understanding with ‘each applicable fusion center’ to provide secure and confidential access to those train consists. Those fusion centers would be required to provide those train consists to “first responders, emergency response officials and law enforcement personnel” {§431(a)(2)} requesting that information in the event of “an incident, accident, or public health or safety emergency” involving those trains.

The regulations would also be required to establish “security and confidentiality protections to prevent the release of electronic train consist information to unauthorized persons” {§431(a)(4)}.

Voluntary sharing of the same information by railroads with State emergency response commissions or emergency personnel would not be prohibited in the required regulation.

Thermal Blankets

Section 432 would require the Secretary to establish a regulation requiring all DOT 117 and DOT 117R railcars to be equipped with a thermal blanket between the tank shell and the tank jacket. Current tank cars with existing thermal blankets would not have to be modified to meet the thermal blanket standards set forth in this section.

Comprehensive Oil Spill Response Plans

Section 433 would require the Secretary to publish an NPRM requiring railroads “transporting Class 3 flammable liquids to have a comprehensive oil spill response plan” {§433(a)}. This would apparently be separate from the oil spill response plans required under 33 USC 1321(j)(5) as there is no mention of the Oil Pollution Act of 1990 in this section. This section certainly expands the requirements of the OPA since there is no mention of a minimum container size and it is applicable to any Class 3 flammable liquid. And once again, there is no mention of fire fighting in this bill, just spill containment and cleanup.

Presumably the bill requires the quick publication of an NPRM because PHMSA published an advance notice of proposed rulemaking (ANPRM) last year. There is a difference between that ANPRM and this section, the ANPRM applied to HHFT trains only.

Hazardous Materials by Rail Liability Study

Section 434 would require the Secretary to initiate a study looking at “the levels and structure of insurance for a railroad carrier transporting hazardous materials” {§434(a)}. This should be an interesting study because railroads have long maintained that they could not get adequate coverage for transporting the most hazardous substances like toxic inhalation hazard (TIH) chemicals. There is, of course, the mandatory report to congress.

Study and Testing of Electronically Controlled Pneumatic Brakes

Section 435 would require the Government Accounting Office to do a comprehensive review of the data available to the DOT on ECP brakes. Additionally the bill would require the Secretary to enter into an agreement with  the National Cooperative Rail Research Program (NCRRP) to do “complete testing of ECP brake systems during emergency braking application, including more than 1 scenario involving uncoupling of a train with 70 or more DOT 117-specification or DOT 117R-specification tank cars” {§435(b)(1)(A)}.

Funding for the NCRRP testing would come from the rail cooperative research program (49 USC 24910). Since they are supposed to crash at least four trains Thune expects that this may exceed the amount authorized for that program, so any additional funds would have to come out of the “amounts appropriated to the Office of the Secretary” {§435(b)(4)(B)}.

Since ECP brakes are already required under the new HHFT regulations, this section would require the Secretary to modify those requirement (within 60 days of the bill being adopted) to provide a two phased approach to ECP brake system requirements. The first phase would require that all DOT 117 and DOT 117R railcars be constructed to “have an ECP-ready configuration” if they are to be used “in high-hazard flammable unit train service” {§435(c)(1)}.

The second phase would occur after the ECP brake study is completed and the Secretary considers the second phase necessary. The second phase would essentially be the current final ECP brake requirements from the new HHFT regulations.

Thune does not define HHFUT the same as the Secretary defined HHFT in the new regulation. HHFUT would be any train “transporting 70 or more loaded tank cars containing Class 3 flammable liquid” {§435(f)(6)}.

Modification Reporting

The Manchin amendment would add §438 to the Thune amendment. It would require the Secretary to establish a reporting requirement “to monitor industry-wide progress toward modifying tank cars used in high-hazard flammable train service by the applicable deadlines or authorized end dates set in regulation” {§438(a)}. Interestingly, Manchin does use the current HHFT definition in this section.

Moving Forward


Senator Thune clearly intends to get this bill on the floor of the Senate as quickly as possible and there is broad bipartisan support to do so in the Committee. In fact a couple of more controversial amendments were withdrawn to make it easier to get the bill to the floor of the Senate. They will, of course, be offered as amendments on the floor. This will be a bill that a number of people would attempt to amend so it is difficult to predict whether or not it could ultimately be passed. More high profile accidents in either freight or passenger rail service will make it easier to pass.
 
/* Use this with templates/template-twocol.html */