DHS-ChemITC Webinar

As I mentioned earlier this week ChemITC and DHS Infrastructure Security Compliance Division hosted a webinar today on the “DHS CSAT Site Security Plan”. The webinar was completed earlier this afternoon, and I was pleased with the presentation. The people who prepared and presented the program did a very good job on the presentation. There was plenty of good information in the program and I recommend it to anyone that is getting ready to start their SSP preparation process. Facility Submitters will be given information about signing up for the webinar when they receive their email from DHS notifying them that there SSP notification letter has gone out. Any facility that has received their letter, but not the Submitter email should contact the CSAT Help Desk (866-323-2957) for more information. Miscellaneous Information On disheartening, but probably inevitable piece of information that was provided early on in the presentation is that facilities should expect a potential delay of ‘months’ between the SSP submission and the appearance of the DHS implementation inspection. This delay is due to the extensive review process that needs to be done of the SSP submission and the small number of inspectors currently available for the review process. While I was writing this posting I received a ‘follow-up’ email from one of the presenters with some additional information about questions that were asked at the end of the presentation. One that will be of interest to readers of this blog concerns the status of the DHS notification letters. David E. McCullin, Program Analyst, Infrastructure Security Compliance Division, writes that: “The process of sending the tier two letters has begun but is not yet complete. Approximately 2/3 of the tier two facilities and 1/4 of the tier three facilities have been sent.” SSP Assets Probably the most valuable part of the presentation is the clarification of what assets need to be identified in the SSP submission. The presenters made clear that the SVA assets have nothing to do with the SSP. The one minor problem this part of the presentation was the continual reference to the ‘definition of assets in the RBPS document’ without a specific reference to where. It took some looking but page 16 of the RBPS Guidance Document provides the following definition:

“‘Asset’ means any on-site or off-site activities; process(es); systems; subsystems; buildings or infrastructure; rooms; capacities; capabilities; personnel; or response, containment, mitigation, resiliency, or redundancy capabilities that support the storage, handling, processing, monitoring, inventory/shipping, security, and/or safety of the facility’s chemicals, including chemicals of interest (COI).”

The RBPS Guidance then goes on to provide a listing of some typical assets. All of this is good, but does not provide much guidance on what ‘assets’ should be listed in the SSP. The presenters provided some interesting guidelines that sound like they should be helpful. No recording was allowed of the presentation so this is my paraphrase of what they said:

Any on-site asset that has no security measures beyond those available to the site as a whole need not be listed. Any asset that has specific security measures unique to just that asset should be listed. Any asset that the facility thinks may have inadequate security should be listed. Any off-site asset should be listed.

The presenter short-stopped the question of why anyone would voluntarily report an inadequately protected asset by noting that the DHS inspectors will certainly note inadequate security in their initial inspection of SSP implementation so the facility should get ahead of the curve and self-identify the problem. This was definitely a good presentation and I recommend that facilities sign-up for this weekly presentation as soon as they receive their notification emails. It would probably be a good idea to set this up in a facility conference room so that the entire SSP team can view the presentation together. An internet linked computer is required as is a phone with a ‘mute button’. One last operational note: this presentation is made over the HSIN network. DHS will not send out the link to the presentation until just before the start of the presentation. So the person submitting the email request for the presentation should be able to access their email from the computer where the presentation will be viewed. The phone number and access code for the audio link will be provided on-line just before the start of the presentation. This is a little different than most webinars and was not adequately explained to those of us who signed up for today’s presentation through ChemITC.