Thursday, July 31, 2008

House Passes HR 4806 and HR 6193

Some days it does not pay to post blog entries. I had just posted my blog entry about HR 4806 and then I saw the news from Chairman Thompson that it, along with HR 6193 and a bunch of other homeland security committee bills, had passed in the House of Representatives. Further checking shows that they passed yesterday by voice votes.


Chairman Thompsons press release notes that:


  • I look forward to working with the Senate to include these vital measures in a House-Senate Conference on the Department of Homeland Security Authorization this year.”

In other words he does not expect these bills to make their way through the normal committee process in the Senate before the congress adjourns for the elections. He may be whistling in the dark since there are indications that there may not be a Homeland Security Authorization Bill this year. The House Bill has not yet been sent to the GPO. I seem to remember hearing that the Chairman of the House Appropriations Committee was holding up appropriations bills because of some slight he had received.


If the Congress continues to plan to not return after the elections, then there will have to be another omnibus spending bill if the government is to continue operating after October 1st. I don’t think that anyone would try to keep things running until late January on a single continuing resolution.

HR 4806 Status Update 7-24-08

At the same time that the Homeland Security Committee completed their work on HR 6193 (see: “HR 6193 Status Update 7-28-08”) they also finished up their report on HR 4806, the Reducing Over-Classification Act of 2007. The amended legislation and the accompanying report (House Report 110-776) are both now available through the Library of Congress web site.


While the amended version of the HR 6193 was a series of minor revisions for the most part, the amended version of HR 4806 is a complete rewrite. This makes my earlier review (see: “HR 4806 – Reducing Over-Classification Act of 2007”) less useful as a starting point for understanding the revised bill. Fortunately, Rep Harmon, the chair of the Subcommittee on Intelligence, Information Sharing, and Terrorism Risk Assessment, patterned the revised bill after HR 6193 so my earlier analysis (see: Analysis - Improving Public Access to Documents Act of 2008”) of that bill is worth reviewing.


Sharing Intelligence Data


The stated goal of this is to reduce the amountof needlessly or inappropriately classified data. What is probably more important is that it aims to increase the sharing of intelligence information. This may mean that a single provision in the bill {Section 210F(b)(2)} is the most important part of the legislation;


  • “(2) require that all finished intelligence products created by the Department be simultaneously prepared in the standard unclassified format, provided that such an unclassified product would reasonably be expected to be of any benefit to a State, local, tribal or territorial government, law enforcement agency or other emergency response provider, or the private sector, based on input provided by the Interagency Threat Assessment and Coordination Group Detail established under section 210D;”

In many cases a sanitized version of an intelligence report can be produced that will provide useable information to the front line operators in ‘war on terror’. The intent of this section is to require the intelligence agencies within the department to produce this cleaned up intelligence product.


Affect on CFATS


While HR 6193 might have an impact on the release of CVI material, this legislation will have no obvious near-term impact on operations at high-risk chemical facilities. The rules envisioned in this bill will only affect the more formal document classification system used by the Federal Government, not chemical-terrorism vulnerability information.


The long term impact could be an increased flow of usable intelligence information to security managers. This could help to increase the facility’s ability to manage its security program in a more efficient manner. Security procedures could be adjusted and modified as the threat profile changed.


Waxman Deal


One of the items buried in the committee report on both of these bills is a deal that Chairman Thompson has made with Rep. Henry Waxman, the chairman of the House Committee on Oversight and Government Reform. The deal resolves a potential territorial dispute between the two committees.


Arguably these two bills should also have been reviewed by Waxman’s committee since they deal with the reform of how classified/sensitive material is being handled at DHS. In fact, Waxman has his own bill in the works (HR 6575) that deals with similar issues for the government as a whole.


To avoid having the DHS bills having to be delayed by their transit through the hearing/report process at Oversight and Government Reform, Thompson struck a formal deal with Waxman. The deal would give Waxman right to name representatives to any conference committee serving these bills. Waxman also gets support from Thompson to get HR 6575 moved to the floor for consideration at the same time as HR 6193 and HR 4906.


This is a perfectly legitimate and above board deal made by two committee chairman. It is too bad that a similar deal could not have been made between Thompson and Dingell on HR 5577. This could have allowed a floor debate on the relative merits of HR 5577 and HR 5533 as the means for extending the DHS authority to regulate high-risk chemical facilities.

The Future of Al Qaeda

The House Subcommittee on Intelligence, Information Sharing and Terrorism Risk Assessment held a hearing yesterday on the future of al Qaeda. Two researchers, Peter Bergen and Lawrence Wright, from the NYU Center on Law and Security provided a brief review of the history of al Qaeda, including the background for the current political/theological divisions affecting that organization.


One procedural note; the Homeland Security Committee Web site has provided links to testimony from each of the researchers. In reality there is only a single written testimony prepared for both. Don’t waste your time downloading more than a single copy.


History of Al Qaeda


The testimony provides a short, very readable history of al Qaeda, concentrating on the philosophical underpinnings that allow it to conduct unrestricted warfare against all of its opponents, within and without ‘the one true faith’. It also describes the recent schism in the organization and explains how it is being exploited by the Egyptian government (among others). This would be a good read for anyone trying to understand their potential adversary.


Homegrown Terrorists


The testimony points out that the radicalization of the immigrant Muslim population in Europe has not been duplicated in the United States. They attribute this to the higher degree of integration of the immigrant community in the US. They do point (page 8) out that a recent poll of Muslim Americans show that 5% had a favorable view of al Qaeda. They calculate that this allows for a pool of 125,000 potential recruits for homegrown affiliated terrorist organizations.


Short Term Attack Potential


For those of us in the chemical facility security community there is an important message in this testimony. The authors feel (see page 7 of their testimony) that there is a very real organizational imperative for al Qaeda to conduct a successful attack against the United States within the next couple of months. In their opinion if “al-Qaeda is unable to strike during this period (between now and September 11th), it will reflect on its ability to remain operational.”


As I expected (see: “House Homeland Security Committee Hearings – 7-28-08”) there is nothing in this testimony that directly points to an attack on high-risk chemical facilities. None the less, security managers at such facilities should take note of the short-term increased potential for such an attack.


Wednesday, July 30, 2008

HR 6193 Status Update 7-28-08

Well, it took just one month, but the House Homeland Security Committee finally completed its report on HR 6193. The committee report (House Report 110-779) and the amended bill are now available for review on the Library of Congress web site. Now we can see what changes have been made to the Improving Public Access to Documents Act of 2008


Since I have already reviewed the bill in depth (see: “Analysis - Improving Public Access to Documents Act of 2008”) we can look at the significant changes to the bill. I say significant because the vast majority of changes are editorial in nature. These changes are of interest to scholars and lawyers arguing cases in the appellate court system.


Changes in HR 6193


There are two significant changes:


  • Change in the implementation schedule from 180 days to one year {Section 210F(b)}.
  • Added ‘protecting national security’ as on of the requirements of the new program {Section 210F(b)(3)}.


The changes in the implementation schedule are a realistic appraisal of the time necessary to take a new regulation through the writing and approval process. This is especially true when the legislation requires that the Archivist of the United States is to be ‘consulted’ with during the development of the regulation.


The inclusion of ‘national security’ corrects an apparent oversight in the original wording of the bill. Allowing for a national security reason to protect information would seem to be a no-brainer except that there is already a procedure for protecting ‘national security’ documents, the standard document classification system.


Protecting CVI


As I pointed out in an earlier blog (see: “Revise HR 6193”) there is no specific exemption in this legislation for protecting Chemical-terrorism Vulnerability Information from disclosure in a Freedom of Information Act action. CVI information should be protected under Section 210F(b)(3);


  • “(3) ensure that such policies, procedures, and programs protect the national security as well as the information privacy rights and legal rights of United States persons pursuant to all applicable law and policy, including the privacy guidelines for the information sharing environment established pursuant to section 1016 of the Intelligence Reform and Terrorism Prevention Act of 2004 (6 U.S.C. 485), as appropriate;”

The purpose of the regulations required under this act is to maximize disclosure of information. According to Section 210F(a)


  • The Secretary shall develop and administer policies, procedures, and programs within the Department to implement the controlled unclassified information framework to standardize the use of controlled unclassified markings on, and to maximize the disclosure to the public of, homeland security information, terrorism information, weapons of mass destruction information, and other information within the scope of the information sharing environment established under section 1016 of the Intelligence Reform and Terrorism Prevention Act of 2004 (6 U.S.C. 485) that must be disseminated to prevent and to collectively respond to acts of terrorism” (emphasis added).

Given these conflicting requirements, I would be much more comfortable with the delineation of a specific exemption from the general public disclosure of CVI in the legislation. In keeping with the information sharing aspects of this legislation (a process that I generally support) there should also be explicit requirements for sharing of CVI information with the local emergency response community and facility personnel.


Modifications to HR 6193


I see nothing in the amended version of HR 6193 that would cause me to change the suggested modifications to this legislation that I noted in my earlier blog. I would like to reiterate those recommendations here.


The modifications to HR 6193 should include:


  • An acknowledgement that CVI information is fundamentally different than intelligence information.
  • DHS should be required to develop a proactive plan for sharing CVI information with local emergency planning and response personnel.
  • High-risk chemical facilities should be required to develop a proactive plan for sharing CVI information with employees and security personnel.
  • The FOAI provisions of Section 210F(d) need to be revised to explicitly limit the types of CVI that may be considered releasable under FOAI requests.


I understand the government’s inclination to secrecy. No one wants to be the person that lets out information that aids a terrorist in the planning and execution of an attack on this country. Once information is publicly released, it can never be contained. With that as a given, it is much easier to error on the side of secrecy. Unfortunately, that inclination is counter productive in the long run and it foster’s an us-vs-them mentality between the government and various activist groups.


Unfortunately, this legislation is making it’s appearance late in the legislative season. The chances of it making its way to the floor of the House and through the Senate during this election shortened session are slim at best.

Tuesday, July 29, 2008

Security vs Freedom of the Press

The eternal conflict between security and a free press made the news again in Texas City, TX. A photographer for the Galveston County Daily News was stopped by the local police while he was taking pictures of a relatively small oil spill. When he refused to show them the pictures that he had been taking, he was detained for 45 minutes before being released. The local police/Joint Terrorism Task Force spokesman said that the police just wanted to see if any of the pictures compromised the chemical facility security.


Needless to say the photographer, the paper and the local ACLU office were more than a tad bit upset. Generally speaking, US courts have held that the government cannot exercise prior restraint of the press, even in areas of national security. At most, they can sue or even prosecute after national security information is published.


Facility Security and the Press


Fortunately, the facility management is not involved in this dispute. A security guard did ask the photographer to leave an unfenced portion of the facility property, but was apparently polite and non-confrontational in the request and the photographer complied. The facility is off the hook on this case.


The last thing that a chemical facility needs is to antagonize the local press. Putting any kind of restrictions on what the press does from outside the fence is stupid and probably illegal. Telling the press that you have something to hide is like telling a small child to stay out of a cookie jar lying on the floor. It is the surest way to get the press to dig.


Counter-surveillance and Photographers


I have mentioned on a couple of occasions (see: “Counter-surveillance in Operation”) that facility security personnel (in fact all facility personnel) should be alert for people conducting surveillance operations against the facility. A person taking pictures of the facility should be viewed with suspicion as possibly being part of surveillance operation.


When a photographer is spotted the security manager should be notified as quickly as possible. That manager is going to want to know three things:


  • Are they inside or outside of the security perimeter?
  • Are they acting overtly or covertly?
  • Are they obviously a news organization (a panel truck with the local TV station logo in three color paint job on the side is pretty obviously a newsie)?

Response to Photographers


Anyone found within the security perimeter should be detained and turned over to the local police. The facility needs to have their legal people go over the rules for detaining trespassers very carefully. Those rules should have a very clear definition of what the military calls the ‘rules of engagement’; what force can be used for detention. Extensive, repetitive training needs to be conducted and documented on those rules. Do not mess with any photographic, video or audio recording equipment; that needs to be dealt with by counter surveillance professionals.


Outside the security perimeter the rules get a lot murkier and can vary from city to city. A safe assumption is that outside of that perimeter the facility personnel have no legal right to detain or question anyone. This means that the rule is to be polite, be polite, and be polite.


Covert photography should be dealt with from a distance. Get pictures of the people if at all possible. Notify the local police department counter-terrorism people (even Mayberry would have a designated counter-terrorism person today). And increase the facility alert level for a period of time, just in case.


Overt photography needs to be dealt with very carefully. The photographer could be a news person, a government regulator, an investor, an activist for a deep pockets environmental group, or just a camera geek. A security supervisor should approach the photographer and politely ask why the person is taking photographs. If the photographer is will to provide identification the name and affiliation should be recorded.


The representative should explain that the facility management would prefer that photographs of security measures not be taken. Then the photographer should be left alone. A full report should be prepared and shared with the local counter-terrorism people.


News Photographers are a Special Case


A news photographer should be given the business card of the person at the facility that has been designated (and trained) to deal with the press. If a news organization has been identified, the editor or manager should be contacted by the management representative to discuss the facilities security concerns.


The last thing that any facility needs is to have a news organization do a major expose on their security arrangements or lack there of. The only practical way of preventing such an expose is to have a good working relationship with the press

Monday, July 28, 2008

DHS FAQ Update 7-25-08

Well, I decided to do a weekly review of the DHS FAQ web page changes due to the increase in changes. The first week there were only two; go figure. The two questions were:


  • 1549:  “May a covered facility disclose its preliminary tier level to another entity or individual (e.g. a trade association or another facility)?”
  • 1451:  “When I log in to the Top-Screen, I get a message that my passwords has expired and that I need to create a new one. However, when I enter a new password, I get an "invalid" error. What do I do next?”

Neither of these are new questions are new; they have both been listed before. The answer has changed a little on the first question and not at all on the second. Both answers are worth reviewing.


Sharing CVI


A paranoid individual (there is no paranoia in the security business) might think that the question about sharing tier level information may have been driven by my blog on tier level rankings of oil refineries (see: “CSAT Tier Rankings”) from July 18th. In any case the answer is interesting:


  • Yes, provided that each individual within the other entity, or any other individualto whom that information is disclosed, is a CVI Authorized User and has a "need to know" for that information” (emphasis added).

This is the first time I have seen mention of a requirement that all employees of any company must be cleared for CVI. There is certainly nothing that I have seen in the CVI Procedures Manual. Paragraph 6.2 of that manual covers this situation:


·        “With the consent of CSCD Director, regulated chemical facilities may also share CVI  with private third parties, i.e. bank, insurance company, utility commission, etc. that have  vested interest in the chemical facility and a need to know. These individuals are not  considered authorized users since they will (not) have the right to further disseminate CVI.  These individuals must sign a chemical facility approved NDA and complete the training provided to authorized users.”


Having said that, there is a class of ‘entities’ that should take heed of this ‘requirement’; security consultants. A chemical facility should be able to assume that the consultant firm that is dealing with their security information is completely covered. There is an expectation that the consultant is completely prepared to protect the security information of the facility.


CSAT Passwords


DHS apparently continues to have problems with users understanding the procedures for changing their CSAT password. First, the CSAT password is only good for 90 days. Given the time between the January completion of Top Screens and the June start for SVA’s, most facilities starting work on their SVA may have expired. This assumes that DHS has eliminated their misguided email notifications for password expiration (see: “Potential DHS PHISHING Alert”).


The biggest problem with changing passwords appears to be a non-standard requirement to enter the new password three times instead of the more normal two times. This coupled with the “invalid” screen message instead of a message to re-enter the password is apparently confusing people. Here is the DHS explanation for the password change process:


  • “First enter the old password, then enter a new password and then select enter. The user will see what appears to be an "invalid" error message prompting you to reenter the new password to confirm it (these are not truly "errors"; the wording is generated by a sign-on system that is trying to validate your new password). Enter your new password again. The user may see the "invalid" message again.  After entering the new password three times, login should be successful. Be sure to write down the new password for future reference.”

I am concerned about the last sentence in the answer. Most security professionals will tell you to never write down you password. That is one of the fastest ways to compromise passwords. Of course there is a problem with everyone having multiple passwords for the wide variety of “secure” computing environments that the average person works in. I wish that I had a good answer for this problem.

Friday, July 25, 2008

House Homeland Security Committee Hearings – 7-28-08

The House Homeland Security Committee released their hearing schedule for next week. Nothing directly dealing with Chemical Facility Security, but there are two hearing that may have an oblique, long-term impact. Both of them are sub-committee hearings that will be held on Wednesday, July 30th.


Future of Al Qaeda


The Subcommittee on Intelligence, Information Sharing and Terrorism Risk Assessment is holding a hearing on the future of Al Qaeda and the implications for Homeland Security. This is a topic that should be reviewed periodically to ensure that we focus on the present and the future, not the past.


There are two witnesses listed for this hearing:


  • Peter Bergen, Senior Fellow, New America Foundation
  • Lawrence Wright, Fellow, NYU Center on Law and Security

Anyone responsible for anti-terrorist security planning at chemical facilities should at least read the published remarks of these two witnesses after the hearing next week. We certainly won’t expect tactical level intelligence, but this would fall under the heading of ‘Know Your Enemy’. Testimony like this is usually fairly short and easy to read; a good summary document.


Homeland Security Quadrennial Review


One of the many tasks facing the incoming administration next year will be the conduct of the first Quadrennial Review of the Department of Homeland Security. This is patterned after the same review conducted at DOD. It will allow the new administration to put their stamp on the future development of the department.


This hearing will be conducted by the Subcommittee on Management, Investigations, and Oversight. They are currently showing three witnesses:


  • Alan Cohn, Deputy Assistant Secretary for Policy (Strategic Plans), Department of Homeland Security
  • Christine E. Wormuth, Senior Fellow, Center for Strategic & International Studies
  • Major General Michael Sumrall, Assistant to the Chairman, Joint Chiefs of Staff for National Guard Matters

General Sumrall’s appearance is kind of interesting. The National Guard is an organization undergoing its own redevelopment. The large number of deployments of National Guard Units in support of military missions in Iraq and Afghanistan along with a variety of homeland security missions (guarding the border, bridges and nuclear power plants) has stretched that organization well beyond its pre-9/11 character. It will be interesting to hear Gen. Sumrall’s views on the future of Homeland Security.

Water Supply Security

There is an interesting article on that deals with the issue of terrorist attacks on water systems by contaminating water supplies. The article was written in response to reader questions about an earlier article on the closure of the road that runs across the Dillon Dam in Colorado. Those readers asked why the earlier article dealt only with a physical attack on the dam and not contamination of the water supply


Toxicity is Dose Related


The authors, Fred Burton and Scott Stewart, do an excellent job in explaining why it is so difficult to adulterate a water supply at the source. They point out that it would take 830,000 gallons of a contaminant added to the 83 Billion gallon reservoir to reach a 10 ppm level of contamination.


Even these authors underestimate the complexity of the operation, saying that it would take 55 tank trucks of material to accomplish that kind of attack. That estimate is way low because they assume each truck would carry 15,000 gallons. Normal tank trucks carry about 5,000 gallons of liquid; so it would take more than 150 tank trucks dumping a contaminant into that reservoir to reach the 10 ppm level. Most deadly toxins take a much higher concentration than 10 ppm to kill people.


Water Treatment Makes it Even More Difficult


To make matters even more difficult for the terrorist there is a complete water treatment and distribution network between the potential contamination at the reservoir and the water tap. The whole purpose of that system it to remove contaminants from the drinking water supply.


The article does a good job of describing how the treatment and distribution network helps to protect the citizens drinking the water from the municipal treatment system. They clearly make the point that an attack upstream of the treatment plant is likely to be totally ineffective in killing people.


Industrial Chemical Contamination


If this is true, why does the government get so concerned about ground water pollution? Cities that use ground water for their drinking water also treat the water. The difference is that the EPA is not worried about contamination that is going to kill people drinking a couple of glasses of water. They are worried about contamination that is going to make people sick with exotic cancers or other diseases after twenty or thirty years of drinking the contaminated water. That is much too long a time frame to be useful to a terrorist.


The Psychological Effect


The authors point out that even a non-deadly attack on water supplies may end up being an effective attack due to the psychological effects on the population. We have come to rely on our water systems for safe drinking water and expect very low contaminant levels. This can be seen by the recent public reactions to ultra low levels of various pharmaceutical residues in city water supplies.


Eco-Terrorist Type Attack


This would not be the type of large-scale, spectacular attack that we have come to expect from al Qaeda related terrorist groups. It would be more in line with the symbolic types of attacks that we have seen from various eco-terrorist groups. To date those groups have not executed attacks that resulted in spectacular deaths, they have instead gone for economic effects to gain their headlines.


To see how effective a pre-treatment water supply attack could be we need only to look at a recent water tower vandalism incident in Las Lomas, CA. There the hatch to a water tower was discovered open in circumstances that indicated an intruder had accessed the tank. At least one test of water quality indicated very low levels of mercury contamination. Even though other tests did not replicate the results (perhaps because the contamination levels were so close to the detection limits of the test) residents were warned and the tank was drained and cleaned.


If the same incident had been accompanied by the publication of a manifesto against chemicals manufactured or used by a local facility the incident would have attracted much more attention. The resultant publicity would fit in well with the objectives of many eco-terrorist groups.


Preventive Publicity


To avoid problems with this type of attack water utilities need to be proactive in explaining all of these facts to their customers before an attack takes place. Articles similar to the one on need to be prepared and sent to customers on a regular basis. Periodic publicity campaigns using local media need to be employed. Once an attack takes place, it will be too late to prepare and use such a campaign to prevent panic.

Thursday, July 24, 2008

Too Much Faith in Biometrics?

Every once in a while everyone needs to be reminded that there is no such thing as total security; there is no such thing as the forgery-proof identification. There is a report on about a recent arrest in Dubai. Two Russians and a Moldavian were arrested with forged eye biometrics recognition stamps.


The UAE uses iris scans at their airport to verify identity of people entering the country. These three were arrested “for suspicion of smuggling forged eye biometrics recognition stamps with intent to facilitate the entry to the UAE of individuals who were previously banned”. The brief article does not explain exactly how these forged stamps would be used, but people on both sides of the arrest apparently felt they would circumvent the identification process.


Every security professional knows that there is no such thing as a security program or device that cannot be subverted. What ever man can devise, man can subvert. From time to time we all need to be reminded of that.

HR5577 Lobbying Effort

Greenpeace is running a grassroots lobbying effort to get HR 5577 (Chemical Facility Anti-Terrorism Act of 2008) passed. Their 'Action Center’ has a brief blurb touting the IST provisions of the bill and a form letter that will be emailed to the appropriate congressional delegation if you fill out the data collection information.


Greenpeace IST Claims Misleading


While I personally think that the passage of HR 5577 would probably be a good thing for the industry and the country, I think that the Greenpeace effort is misleading. Their claims that the inherently safer technology (IST) provisions of the bill would “ensure the use of safer, cost-effective technologies to reduce the terrible consequences of a terrorist attack at a chemical plant” are blatant nonsense.


HR 5577 mandates the evaluation of inherently safer technology, but it only authorizes the Secretary to require implementation if the facility finds that there is an IST process that is practicable (see: “Inherently Safer Technology Implementation under HR 5577”).


Greenpeace IST Claims Counterproductive


This campaign by Greenpeace is a continuation of the polarization politics that is crippling government in this country. By pushing this gross over simplification of the provisions of the bill Greenpeace is providing ammunition for many people that oppose this bill for various reasons. Industry will always, and rightfully so in my opinion, vociferously oppose the imposition of mandatory IST implementation requirements.


I understand that Greenpeace is in favor of the implementation of IST. Anyone with a modicum of sense would agree that using safer chemicals and processes can provide a significant reduction in the risks from terrorist attacks and process accidents. But, by implying that this bill would require implementation of a magic bullet IST in every case is misleading proponents and opponents of the rational IST implementation.


Rational IST Implementation


The provisions of HR 5577 that require the IST review be conducted as part of the security process ensures that facilities will be actively reviewing safer alternatives at the same time they are looking at the increased costs of security. This will allow for the realistic comparison of the benefits of IST and the costs of security. If there is a realistic IST alternative available, this is the best way to ensure that companies see that it is in their best interest to implement that program.


Moving HR 5577 Forward


I applaud the intentions of Greenpeace to move the legislative process forward on HR 5577. I believe that their method needs to be modified. The House leadership is not moving this bill forward (see: “Update HR 5577 07-11-08”) and it does not appear that this bill will ever come to a vote. Instead of an email campaign to get votes lined up for the bill, there should be a campaign to get the House Committee on Energy and Commerce to take up the bill in a serious manner and move it to the floor for a vote.

Wednesday, July 23, 2008

PHMSA Issues Request for Comments

In today’s Federal Register is a Notice for Petitions for Rule Making from the Pipeline and Hazardous Materials Safety Administration (PHMSA). It deals with two separate petitions requesting that PHMSA issue an interim rule providing for allowing for the design and building of a new series of railcars for the shipment of PIH chemical while the PHMSA completes its current rule making process on PIH Tank Car Construction Standards (see: “Proposed Rail Rule Will Increase Pressure for IST”). Comments are required to be submitted by August 22, 2008.


Problems with the Current Proposed Rule


As I noted in a series of blogs (see: “Comments on Rail Security and Safety Rules – 6-16-08” the last in the series) there have been some serious concerns expressed by shippers and the railroads about the unintended consequences of that rule. Since the proposed rule mandates an 8 year phase out of all current railcars used in the transport of PIH chemicals, no new railcars for that service are being produced or designed pending final action on the proposed rule.


This means that the PIH rail fleet is getting smaller as out-of-date railcars are removed from service. Additionally, fleet upgrade programs at many larger PIH shippers have been stopped, leaving less-safe railcars still in service. Comment after comment from the industry recommended that PHMSA issue an interim rule to encourage the production of the current state of the art PIH railcar until the radical new design is completed, tested and fielded.


Petitions for an Interim Rule


PHMSA has receivedtwo formal petitions to do just that. While the details of the two different petitions are different, they both seek an interim rule establishing a transitional standard that would allow an adequate service life for the new cars added to the fleet between now and the time the more radical proposed standard goes into effect.


PHMSA is looking for comments on these two petitions. In the Federal Register notice PHMSA put it this way:


  • “This document is issued to obtain comments on the merits of the petitions and to assist PHMSA in making a decision of whether to proceed to issue a rule responding to the petitions under the ongoing HM-246 tank car rulemaking.”

 In most cases the comments will be a re-hash of the comments that had already been submitted on the current rule. It will be interesting to see what new data may be added. Even with the short comment period (30 days) I don’t see the PHMSA moving on this petition quickly. The Bush Administration has already announced that it is going to slow up on starting new rules in its last six months in office so it will probably be the next administration that will guide any potential interim rule through bureaucratic process.

Critical Infrastructure Partnership Advisory Council Meeting

Yesterday DHS announced the upcoming meeting of the Critical Infrastructure Partnership Advisory Council on July 30th. The one day meeting will be held in <?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />Washington, D.C. The public may attend, but may not participate in the council discussions unless invited. Written comments may, however, be submitted.

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> 

According to the notice:


·             “The Critical Infrastructure Partnership Advisory Council represents a partnership between government and critical infrastructure/key resource (CIKR) owners and operators and provides a forum in which they can engage in a broad spectrum of activities to support and coordinate critical infrastructure protection.”


The agenda for this meeting includes panel discussions between participating CIKR Sectors regarding the following topics:


·             Asset-Based Infrastructure Protection.

·             Systems-Based Infrastructure Protection.

·             Cross-Sector Dependencies and Interdependencies.

·             Regional Implementation of the National Infrastructure Protection Plan.

Tuesday, July 22, 2008

Evolving Eco-Terrorist Groups - Update

Every blogger needs someone that questions assumptions. For this blog that person is apparently Fred Millar. He responded to my earlier blog today and questioned how I got from “mass action” to “attack”. Looking just at the article in the Independent it is an easy jump to make. I should have looked a little farther than that.


If you were to go to the home page for Climate Camp 08, the jump is not as clear cut. While the page does call for “taking direct action to tackle dangerous development” it also includes instructions to leave at home things “like pen knives and anything that looks remotely nasty”.


Their web site makes the ‘climate camp’ and the ‘mass action’ seem like a giant party; bring the kiddies (a children’s tent will be available). But, the goal of the camp is to close down the coal fired power plant (slated for closure in the near future, another fact omitted from the Independent article).


Anyway, look at both sides and make your own call, only the future will tell which way things will go. I would (and have) go back and change only one thing in my earlier article:


  • Original - “The 2008 Camp for Climate Action group is the latest group that appears to be willing to drift from protest to violent action.”


  • New – “The 2008 Camp for Climate Action” is the latest civil disobedience group that could drift from protest to violent action. We have to wait and see what the group dynamic actually is on the day of their protest.”

Alternatives to CFATS for Theft/Diversion Chemicals

There was a brief note this last weekend on about an alternative method for controlling theft/diversion chemicals if you are dissatisfied with the complexities of the CFATS regulations. The Chinese do it the old fashioned way; paperwork.


In the lead-up to the Olympic Games, China has taken on the complex task of controlling chemicals that might be useful to terrorists. Buyers must submit copies of business licenses and personal identification cards. Sellers are also regulated:


  • “…, firms selling the chemicals must be in possession of permits and will be given the fun task of filing all information about the purchasers, such as address, transaction date, names of the chemicals purchased, quantities and the purpose of the purchase, state media reports”

Neither of these will address the theft issue. Of course, since this is one of the last ‘worker’s paradises’, they have no problems with bourgeois problems like theft. This sounds an awful lot like hand-gun control measures in various states and cities in this country; those measures have been successful in keeping hand-guns away from criminals, haven’t they?


Oh, I forgot, I shouldn’t make fun of the Chinese for their efforts. After all, Congress mandated that DHS develop the same kind of regulations for ammonium nitrate (see: “DHS and the Omnibus Spending Bill”).

Tags: , , ,

Evolving Eco-Terrorist Groups

NOTE: This blog was revised at 14:30 EDT on 7-22-08. See for an explanation of what was changed and why.


A little over a week ago there was an interesting article in the online version of the British newspaper the Independent. It described a threatened attack on a power plant in Kent. A group of environmentalists have proclaimed their intent to “to force their way into the current generating station (also coal-fired) and stop it operating – for good – on the camp's ‘day of mass action’ on 9 August.” They are ‘protesting’ the intended construction of an additional coal fired plant on the same site.




The 2008 Camp for Climate Action” is the latest civil disobedience group that could drift from protest to violent action. We have to wait and see what the group dynamic actually is on the day of their protest. Whether this makes them a terrorist group has yet to be seen. If they content themselves with a human assault on the fences of the power plant they remain protestors, illegal protestors to be sure (there is a court injunction against their announced assault).


If they attempt to use weapons, or undertake a cyber attack, or subvert insiders to damage the generating station, they cross the line to become terrorists. If they do resort to terrorist action to further their cause, they will join a growing list of eco-terrorist organizations around the world.


The Fringes of Protests


Every protest movement has a wide variety of people that form that movement. The larger the movement the more likely it is that there is a fringe group that will believe that their protest justifies the use of force. The resurgent ‘green’ movement is no exception.


The global warming debate has fueled the re-growth of the green movement. As the rhetoric increases about the consequences of the continued uses of fossil fuels and it becomes clearer that governments are not going to eliminate coal and oil fired power generation overnight, the green fringe is going to increase.


Power Plants as Chemical Facilities


Power plants have always been chemical facilities at their core. They convert chemical energy (the combustion of fuel) to electrical energy. Modern plants have increased the chemical complexity of their operations. Anhydrous ammonia may be used to scrub various pollutants from the smoke stacks of many facilities. Chlorine may be used to control the growth of biological organisms in the cooling water. A wide variety of other chemicals are used to optimize various processes within the facility.


An attack on a power plant can very easily result in chemical releases of various sorts. In targeting a coal fire power plant as a CO2 source, eco-terrorists might not even know that they may be unleashing what amounts to chemical warfare on the area surrounding the plant, the employees of the facility, and even themselves. Then again, an attack on the hazardous chemical storage might just be another way to call attention to their cause.

Monday, July 21, 2008

DHS FAQ Update 7-18-08

I had some problems keeping up with all of the new updates on the DHS FAQ page. On both the 15th and the 17th they posted questions at two different times. There is obviously some increased interest in the CSAT process (maybe due to SVA’s?), so rather than try to keep up with this on a daily basis (at least until things slow down), I’m going to do this weekly.


As of Friday there were eleven new FAQ entries (not counting the ones that I had already reviewed last week. They span a range of topics covering Registration, Top Screen, SVA, Site Security Plans and even enforcement.



  • 1544: How does a facility register to complete at CSAT Top Screen?
  • 1547:  Is the fact that a facility is a covered facility under 6 CFR part 27 considered CVI?
  • 1548:  Is the preliminary tier determination of a covered facility by DHS considered CVI?
  • 1549:  May a covered facility disclose its preliminary tier level to another entity or individual (e.g. a trade association or another facility)?
  • 1550:  Does DHS need to be notified when a CVI Authorized User at a covered facility shares CVI (e.g., its preliminary tier determination) with another CVI Authorized User, who has a "need to know", within the private sector?
  • 1551:  Can individuals who are not USCitizens be CVI Authorized Users?
  • 1552:  Are chemicals in transit regulated under the Chemical Facility Anti-Terrorism Standards (CFATS)?
  • 1553:  Does DHS have the authority to enforce the use of Inherently Safer Technology (IST) at a facility?
  • 1554:  Does DHS have the authority to shut down a facility?
  • 1555:  I'm not sure how this whole CSAT thing works. Can you explain it in a few sentences?
  • 1556:  What web browser settings are required to access CSAT?


Chemical-terrorism Vulnerability Information


Almost half of the questions (5 out of 11) relate to CVI. This is not surprising since most people have little or now training or experience with document security measures. None of these questions (1547 through 1551) is complicated nor are the answers. The answers can be summarized as follows.


  • That a facility is covered under CFATS (and thus a high-risk facility) is not CVI.
  • The preliminary (and the final) tier level assignment is CVI.
  • CVI data can be disclosed to a CVI Authorized User who has the need to know.
  • DHS does not need to be notified when CVI is shared between Authorized Users with a need to know (to be safe keep a log of receipt and transmission of CVI)
  • You do not have to be a US Citizen to be an Authorized User.
How Does CSAT Work?


This is an interesting, if probably unrealistic question. Given that the Help Desk people lived up to their name a short concise summary of the whole shebang. Who says that government has to be obfuscating? Here is the complete reply:


  • “A facility with Appendix A COI at or above the applicable STQ is required to use the CSAT system in order to complete and submit a Top-Screen.  A facility covered by CFATS is also required to use the CSAT system, for example, to do the following:
    • “Access the User Registration System
    • “Identify, assign, and authorize the Authorizer, Submitter, and Preparer.
    • “Send in the signed PDF form that is produced by the User Registration System to DHS.
    • “Receive usernames and passwords from DHS.
    • “Access the CSAT website to transfer accounts, if needed.
    • “Access the CSAT website to add Reviewers, if needed.
    • “Access the CSAT website to conduct the Top-Screen questionnaire, if needed.
    • “Access the CSAT website to complete a Site Vulnerability Assessment, if required.”

Sounds painless, doesn’t it?

Chemical Incident Review 7-21-08

Once again, since there have been no reported terrorist incidents at chemical facilities reported in the press, we will look at chemical accidents and incidents that have been reported. It has been a busy couple of weeks according to news reports, so we have lots to choose from. Remember, this is not being done to review safety, but rather to look at such incidents to see what they can teach us about security and mitigation.


Four Clover Farms; Muhlenberg Township, PA


A leaking valve on an anhydrous ammonia tank caused the evacuation of the facility when the valve broke during an attempt to stop the leak. First responders spayed a water mist on the tank from an adjacent building. The water mist knocked down the toxic cloud, converting the anhydrous ammonia to its less toxic aqueous form. No one was injured in the incident.


Many toxic inhalation hazard (TIH) chemicals are at least partially soluble in water and become less toxic when dissolved in water. With this in mind, a method of leak mitigation used by first responders for these TIH it to spray the cloud with a water mist. There is no reason why these tanks could not be ‘protected’ by an automated water misting system similar to a fire sprinkler. It would not eliminate the downwind hazard, but it would reduce the area affected and slow the spread.


Kimberly-Clark, New Milford, CT


Two contractors were taken to the hospital when they were overcome by chemical fumes while working on the roof of a building at the Kimberly-Clark mill. The fumes came from a roof-top vent of a bleach storage tank. The local area around the mill was shut down while the source of the problem was identified.


This is a not unusual problem with storage tanks that vent directly to the atmosphere. The most toxic chemicals are normally vented through scrubbers, but a wide variety of problematic chemicals are vented directly to the atmosphere. While not normally a problem, they may present a problem to personnel working around the vents.


In non-standard conditions, like fires, these vents may become more of a problem. Vents for combustible storage tanks may be the source of explosive fumes when the tanks are heated near their boiling point during a fire. Security plans for facilities with flammable-release COI need to take this into account.


Propane Tanks used to Transport Stolen Anhydrous Ammonia


The following information is not strictly a chemical incident, but is worth passing along. It comes from an organization for security guards, They report that methamphetamine labs are using empty portable propane tanks to store anhydrous ammonia. Some of these tanks are apparently being turned back into propane tank exchange facilities; a serious potential hazard to those that refill such tanks.


Anhydrous ammonia is a required chemical in the manufacture of methamphetamines. It is most often stolen from commercial or agricultural storage tanks. Anhydrous ammonia requires a pressurized tank for storage, so it should not be surprising that propane tanks, the most readily available portable pressure tanks available, are being used for this purpose.


It does point to a potential terrorist weapon problem. Anhydrous ammonia is not normally available in small portable tanks (other than the wheeled tanks used for agricultural applications) so it is not regulated under CFATS as a Theft/Diversion chemical like Chlorine. Many agricultural states do regulate anhydrous storage tanks, mandating security procedures to prevent theft by illicit drug manufacturers.

Changes to DHS Chemical Security Web Pages – 7-18-08

Last week DHS made some significant changes to two of their web pages dealing with chemical facility security and issued a revised CSAT User Registration manual. These changes are part of the continuing support of the on-going SVA process under way at 7,006 high-risk chemical facilities nationwide.


Critical Infrastructure: Chemical Security


Those of you who have signed up for the page change notification process will already know that the Critical Infrastructure: Chemical Security page was changed. They added a “What’s New” section at the top of the page which currently explains the SVA process in brief.


The new section includes links to:



Chemical Security Assessment Tool


The other page that was changed last week is the Chemical Security Assessment Tool. The only real change to this page was a link to an updated version of the <AHREF="FILE: chemsec_csatuserregismanual.pdf? assets xlibrary C:> 

The CSAT User Registration manual was not drastically changed. The version number changed from 2.0.a to 2.0.b. This means that changes are mainly cosmetic. The Change Log in the documents lists the following changes:


  • Updated the version number to 2.0.b
  • Updated the date to July 2008
  • Changed “Chemical Security Compliance Division” to Infrastructure Security Compliance Division” on pages 1 and 36
  • Updated project manager name to Dennis Deziel on page 1
  • Replaced two images on page 35 showing the new PRA expiration date of 5/31/2011
  • Removed the word “Top-Screen” on pages 13, 31 and 41
  • Replaced “Can I hire consultants to complete the CSAT Top-Screen for my facility?” with “Can I hire consultants to complete the CSAT requirements for my facility?” on page 19
  • Replaced “CSAT Top-Screen” with “CSAT application” on pages 3 and 41
  • Replaced “CSAT Top-Screen” with “CSAT information” and “CSAT data” on page 33


The interesting thing about the division name change is that it is not reflected elsewhere on the web site. For instance, on this CSAT page where it provides an address for the submission of an Alternative Security Plan it still uses the old division name. That is nit picking of the highest order, and I have, of course, never committed that type of editorial mistake (tongue firmly in cheek).

Friday, July 18, 2008

CSAT Tier Rankings

I received an interesting reader email the other day. The reader told me that he knew of at least a couple of oil refineries that had received a tier ranking from DHS and were surprised to find that they had been placed in Tier 4 (the lowest of the high-risk categories under CFATS). Since I was a ‘CFATS Expert’, he wanted to know if I had any idea of why they were rated so ‘low’. I thought this was an interesting question, so I told him I would take a stab at answering.


First, I am not an employee or even a consultant for DHS. I don’t have any inside information about the workings of CSAT other than what DHS has published publicly. So the conclusions that I arrive at here are based on my analysis of the available data. Flaws in that analysis are mine alone. I’ll try to identify my assumptions as I go to give everyone a fair chance at identifying those flaws.

Second, I do not know any of the details of the Top Screen submissions for these facilities. I do not even know the names of the facilities. Nor do I know, or really care, how my reader came to know the tier rankings of these facilities. In fact, to be perfectly honest, I have no way of even knowing if facts presented in his question are actual facts.

High-Risk Chemical Facilities

First we must remember that DHS was given authority to regulate chemical facilities that were at high-risk of terrorist attack. Specifically the Section 550 authorization provides that the CFATS regulations would "apply to chemical facilities that, in the discretion of the Secretary, present high levels of security risk".

This means that any facility that received a DHS notification letter requiring the facility to complete a Security Vulnerability Assessment (SVA) is preliminarily considered a high-risk chemical facility. All of the requirements of the CFATS regulations will apply to those facilities if they are confirmed as being a high-risk facility after the DHS review of the SVA.

All high-risk chemical facilities will be required to complete and submit site security plans that will address all of the security risks identified in the SVA. The standards that DHS will use in reviewing those plans for adequacy will be the same 18 risk-based performance standards (Section 27.230) for each of the high-risk chemical facilities.

The Purpose of Tiering

When DHS wrote the CFATS regulations they were faced with the dilemma of how to regulate an expected 8,000 high-risk chemical facilities with limited manpower and limited time (the regulations expire in three years from October 2006). When faced with a job of this size and limited resources available to DHS, one must prioritize.

The four risk-related tiers that DHS is placing the 7,006 high-risk chemical facilities into is a method of prioritizing the work that must be done. The tier 1 facilities are the highest risk facilities and thus the highest priority for DHS. This is reflected in the short time limit these facilities have to complete their SVA (90 days vs 180 days for tier 4 facilities).

DHS has been adamant in their refusal to discuss the details of the decision process that put into their tier. They believe that that level of risk analysis information could provide a well informed terrorist with too much information about the security processes at high-risk chemical facilities. I think, however, that we can assume that off-site consequence is a major component that goes into the decision to make a facility a tier 1 facility.

Off-Site Refinery Risks are Varied

Oil refineries are complex chemical manufacturing facilities. They take a mixture of organic liquids and solids known as crude oil and through a number of separation techniques and chemical reactions turn that material into a wide variety of chemical and fuel products. They use and produce a number of different hazardous chemicals. This means that there are a variety of risks associated with these facilities.

Flammable-Release Hazards

The most visible hazard to the public comes from flammable-release COI. While gasoline is a major product there are a number of flammable liquids and gasses that are stored and produced at these facilities. While fires associated with these chemicals can be a devastating issue for the refinery their off-site consequences are not that large, The large black clouds associated with hydrocarbon fires generally lift into the air quickly so the area of greatest toxic affects is fairly limited. Even when those clouds hug the ground most of the toxic affects are chronic rather than acute; they aggravate and cause long term medical conditions rather than killing immediately.

The worst potential off-site consequences are not associated with fires, but with explosions. The release of flammable gasses and very volatile flammable liquids produce large clouds of dangerous fuel-air mixtures. When ignited these mixtures produce huge explosions that can produce over-pressure effects over a large area.

It is easy to calculate the worst-case results from such an event. Assuming the total release of the largest storage tank containing such chemicals, there are mathematical formulas for calculating the area where the over-pressure affects are sufficient to produce significant damage. Comparing that area to the location of off-site facilities and people provide a way of measuring the off-site hazard.

Toxic Release Hazards

The wide variety of chemicals used and produced in the oil refinery includes a number of dangerous, toxic chemicals. The off-site consequences for these are most pronounced for toxic inhalation hazard (TIH) gases like hydrogen fluoride (HF). Again, those consequences can be calculated by comparing how far they can spread before they loose their acute toxic affect due to dilution with air. That area of spread can then be compared to the location of off-site personnel to determine the number at risk.

Economic Hazards

Anyone that has watched the news lately is aware that the disruption of even a single refinery’s output has an immediate affect on the price of gasoline. The tight supply of refined petrochemicals in the United States makes this inevitable for the foreseeable future. What additional effects would be seen from a successful terrorist attack on such facilities is more difficult to predict in detail, but we could assume that there would be an additional fear-premium added to fuel prices.

DHS did attempt to take economic costs into account in the Top Screen. There were a number of questions posed for refineries about market share and critical market served. I do not believe that DHS considered in their model the current fuel market volatility in this economic assessment.

Mitigating Factors

While DHS has not mentioned taking any sort of mitigating factors into account in their preliminary facility tiering decision, I think that it is possible that some special factors may have been taken into account with oil refineries.

First off most oil companies conduct operations in many parts of the world. Many of their facilities are located in areas where they have had to deal with attacks by a wide variety of bandits and terrorists. As such the large oil companies have a better handle on site security issues than almost any other player in the chemical facility arena. Thus DHS could expect that they would not require the same level of handholding during the CFATS process that most other facilities would.

Secondly, most of these facilities will already have completed an SVA using the API/NPRA SVA. This SVA methodology is already approved by the CCPS as being equivalent to their methodology. And DHS based much of their SVA on the CCPS method. This means that DHS would not expect to have many problems approving a Alternate Security Plan (ASP) based on API/NPRA SVA. Remember, only a Tier 4 facility can submit an ASP in lieu of an SVA.


Having considered all of this for a couple of days now, I could understand how an oil refinery could be legitimately assigned to a Tier 4 risk ranking by DHS. There would be more than a few caveats to that:

  • The 3-psi overpressure area for the worst-case flammable liquid/gas release would not include any significant (populated or economically/strategically important) off-site areas.
  • The distance of concern for the worst case release of any toxic release COI would not include any significant off-site areas.
  • The facility is owned/operated by a major oil company with experience operating in high-threat areas of the world.
  • DHS would have already contacted the refinery in question with a notice to increase their security profile due to the publicly avowed al Qaeda threats to the US oil infrastructure.

Remember, these facilities are still going to have to prepare a site security plan that will address all of the hazards identified in the SVA. More importantly, DHS can go back and raise their tier ranking once the SVA is submitted.

/* Use this with templates/template-twocol.html */