There is a report on NorthJersey.com that should make people stop and think. It is about some reported calls to chemical companies in the Midwest asking questions about plant safety. The caller supposedly claims to be with the Center for Chemical Process Safety and is asking for this information as part of a survey. According to Alex Nussbaum, the reporter for the story, the CCPS is not conducting any such survey.
It appears that at least three facilities received these calls and in turn reported them to the authorities. There is no way of telling how many other facilities were called, but I would assume that DHS has been making some phone calls to try to determine if anyone else has been approached. According to Elvin Montero, a spokesman for the Chemistry Council of New Jersey, DHS has been making notifications to industry associations.
While there is nothing on the CCPS or DHS web site about this matter, it would behoove everyone in the chemical industry to be aware of the potential for this type of data gathering ‘attack’. While it may be nothing more than someone trying to get some business intelligence, it could just as easily be someone gathering intelligence for a potential attack. Any such contact should be reported to the authorities. Section 27.230(a)(16) of the new CFATS regulation requires that facilities have procedures in place to: “Identify, investigate, report, and maintain records of significant security incidents and suspicious activities in or near the site.” This type of incident would certainly fall under the intent of this section.