Thursday, April 30, 2009

Maximum Security Facilities

John Honovich has another interesting article over on IPVideoMarket.info. He takes a look at the security detection requirements for ‘maximum security facilities’. Like most people, the first thing I thought of when I read that description was a prison holding the worst prisoners. John quickly cleared that up by explaining that a maximum security facility is one where “systems must be designed to stop adversaries before they reach critical assets”. I think that it is clear that high-risk chemical facilities, particularly those with toxic, flammable or explosive release COI, can easily be seen to fit this definition. Not Video Alone While John is mostly interested in video systems he does note that video alone will not provide adequate security for maximum security facilities. He identifies the additional security measures required this way:
“Barriers must be employed (fences, doors, gates, etc.) to slow the movements of adversaries. Guards must be able to respond quickly. Indeed, guards must be able to respond in less time than it takes to identify the threat and for the adversaries to pass the barriers.”
Video System Requirements John goes on to explain how video surveillance system can be integrated into a security system. Since the goal of the security system is to impose security personnel between the attackers and critical assets, the video surveillance system is designed to help that force track and intercept the intruders. John goes on to list three types of systems that support that objective:
“2D and 3D Mapping systems that embed the locations of cameras can help the guard determine where a suspect is and where they might be headed”; “PDAs/Phones with video monitoring applications can be used to help the on-foot responders locate and track the adversary”; and “Physical Security Information Management systems can be used to coordinate response and trigger other systems (like locking doors or turning on lights).”
The link in the above quote is typical of John’s articles. It takes the reader to a page with a listing and description of companies that provide such systems. It also provides John’s analysis of the strong points and weak points of the systems supplied by each vender. John also provides a link to a security reference book on Amazon.com that describes more fully the security system requirements for maximum security facilities. Recommended Article From time to time John slips up and does not explain an acronym (in this article ‘VMS software’ which I guess stands for ‘video mapping system’), but that is the only real fault that I can find in this article. It is short and readable, and well worth the time it takes to read it. As with all of John’s articles, this will not enable you to go out and design a security system for a maximum security facility, but it will help you to understand a consultant that is helping you with your site security plan.

President’s Homeland Security Web Page Changes

Well, now that the President has completed his first 100 days in office, there has been a significant change, nay a complete change, in the Homeland Security webpage on the WhiteHouse.gov web site. Gone is the list of the policy stances on a wide range of homeland security issues; a list that came to the White House site from the Obama campaign web site. There is now a brief review of accomplishments to date and a much smaller list of homeland security objectives. The new list of homeland security objectives is now limited to:
Defeat Terrorism Worldwide; Strengthen Our Bio and Nuclear Security; Improve Intelligence Capacity and Information Sharing; Ensuring a Secure Global Digital Information and Communications Infrastructure; Promote the Resiliency of our Physical and Social Infrastructure; Pursue Comprehensive Transborder Security; and Ensure Effective Incident Management.
Where the old web page promised to “work with all stakeholders to enact permanent federal chemical security regulations” the new web page provides an even more generic approach to chemical facility security. Under the heading of “Promote the Resiliency of our Physical and Social Infrastructure” it states:
“We will invest in our Nation's most pressing short and long-term infrastructure needs, including modernizing our electrical grid; upgrading our highway, rail, maritime, and aviation infrastructure; enhancing security within our chemical [emphasis added] and nuclear sectors; and safeguarding the public transportation systems that Americans use every day.”
It may not be entirely fair to infer from this degraded statement of intent that chemical facility security has been placed on the back burner of this administrations overloaded policy kitchen, but there has been little mention of chemical facility security from this administration, either in the campaign, the transition, or in it’s first 100 days. Lets hope that that will change.

NIST Password Guidance

One of the most common security measures for cyber systems and even access control systems is the use of a password to authorize system access. Most computer users have multiple passwords and face the constant conflict between maintaining adequate security and remembering complicated passwords. Sitting on the other side of the problem is the security manager that faces the same conflict, protecting the system yet allowing authorized users access to the system. The National Institute of Standards and Technology (NIST) recently weighed in on this problem with the publication of a draft guidance document on password management. NIST Special Publication 800-118 (DRAFT) has been prepared by the Information Technology Laboratory (ITL) at NIST to assist federal information system managers in selecting appropriate password standards for their systems. As with many unclassified draft documents prepared by government agencies, NIST is accepting public comments on the “Guide to Enterprise Password Management (Draft)”. Comments may be emailed to NIST at 800-118commends@nist.gov , with “Comments SP 800-118” typed in the subject line. Comments need to be sent to NIST by May 29th. Password Management The problem boils down to this, the more complex the password requirement is the more likely it becomes that people will forget their password or compromise it by writing it down as a memory aid. On the other hand, the easier the password is to remember, the easier it is for system hackers to guess or determine through brute-force sign-on attempts. To counter this problem the enterprise must establish a password management system. The draft NIST document defines the requirements for such a system this way (pg ES-1):
“This publication provides recommendations for password management, which is the process of defining, implementing, and maintaining password policies throughout an enterprise. Effective password management reduces the risk of compromise of password-based authentication systems. Organizations need to protect the confidentiality, integrity, and availability of passwords so that all authorized users—and no unauthorized users—can use passwords successfully as needed.”
The document goes on to identify four general recommendations that organizations should implement to protect the confidentiality of their passwords (pgs ES-1 to ES-2):
“Create a password policy that specifies all of the organization’s password management-related requirements.” “Protect passwords from attacks that capture passwords.” “Configure password mechanisms to reduce the likelihood of successful password guessing and cracking.” “Determine requirements for password expiration based on balancing security needs and usability.”
Background Information While the management guidelines presented in this document are certainly valuable, for most organizations just now taking a serious look at cyber security issues, the second and third sections of this document may actually be more valuable. Section two provides a detailed discussion about the use of passwords. Section three provides a look at the various threats to password security and ways that those threats can be mitigated. As security managers at high-risk chemical facilities start looking at their cyber security efforts for their site security plans, this document will be a valuable reference work. The document is relatively short (only 38 pages) and it is very readable; especially considering the agency that prepare the document. It should be downloaded and read by all security managers, but especially those at high-risk chemical facilities.

Wednesday, April 29, 2009

LNG-LHG Proposed Rule

As I noted in yesterday’s blog, the Coast Guard published a notice of proposed rule making (NPRM) on the safety and security reporting requirements supporting the Coast Guard’s development of a Letter of Recommendation for the permitting of liquefied natural gas (LNG) and liquefied hazardous gas (LHG) [not ‘liquefied hydrogen gas’ as I incorrectly reported yesterday] facilities. Comments on the proposed rule are required to be submitted by June 29th, 2009 and may be submitted to the Regulations.gov web site using docket # USCG-2007-27022. No public meetings are currently planned. Since the proposed regulation would require the submission of information to the Coast Guard, they have also filed an Information Collection Request (ICR) to the OMB to approve that data collection. Comments on the ICR can be submitted to the OMB by oira_submission@omb.eop.gov (include the docket number and ‘Attention: Desk Officer for Coast Guard, DHS’ in the subject line of the e-mail. Current Situation The Federal Energy Regulatory Commission (FERC) regulates LNG import facilities located onshore or in state waters. Under 18 CFR parts 153 and 157 FERC requires LNG facilities to submit a Waterway Suitability Assessment (WSA) to the Coast Guard as part of the pre-filing process for the LNG facility permit. Current Coast Guard regulations do not address the WSA issue, but they do use the WSA to formulate their letter of recommendation (LOR) to FERC about the safety issues related to the proposed LNG facility. The current Coast Guard WSA/LOR procedures are covered in Navigation and Vessel Inspection Circular (NVIC) 05-08. Coast Guard regulations (33 CFR part 127) do address notification issues related to construction and updating of LNG facilities. Section 127.007 requires LNG facilities to send a letter of intent (LOI) to the Coast Guard when there is an intention to construct, modify, or reactivate an LNG or LHG facility. The Coast Guard uses the information in the LOI to prepare a LOR for the permitting agency about the ‘suitability of the waterway’ for the intended facility. Proposed Regulation The proposed rule would amend part 127 of 33 CFR to bring the Coast Guard regulations in line with the requirements in the FERC regulations. The current 60 day time limits for LOI submission would be changed to prior to the pre-filing request to FERC under 18 CFR parts 153 and 157, or one year before the start of construction or one year before the start of transfer operations for facility reactivations. The same time limits would apply to non-FERC regulated LNG or LHG facilities. The FERC WSA requirements would be extended to all LNG and LHG facilities on or along regulated waterways where there would be maritime deliveries of LNG or LHG. The WSA rule would be expanded to require a Preliminary WAS and a Follow-on WSA. The preliminary WSA would be submitted with the LOI and include an introductory explanation of the following topics:
(1) Port characterization; (2) Characterization of the facility and tanker route; (3) Risk assessment for maritime safety and security; (4) Risk management strategies; and (5) Resource needs for maritime safety, security, and response.
The Follow-on WSA would require a more in depth explanation of the topics in the Preliminary WSA. It would be submitted at the same time as the FERC application, or, for non-FERC regulated facilities, at least 180 days before transfer operations began for LNG or LHG. Additionally, the Follow-on WSA would have to address “any other safety or security impacts to the port and waterway identified by the Captain of the Port (COTP) and not otherwise covered in the list of subjects discussed in the Preliminary WSA” (74 FR 19160). Because of other potential regulatory and construction delays, it is not unusual for a significant period of time to pass between the issuance of the Coast Guard LOR and the start of actual operations. In order to ensure that the WSA information remains current, the proposed rule would require facilities that have submitted both the Preliminary and Follow-on WSAs to annually review their Follow-on WSA and provide a written report of that review to the Captain of the Port. An updated WSA would be required any time that changes occurred that affected “the suitability of the waterway for LNG or LHG traffic”. A similar report would be required to be submitted between 60 and 30 days prior to the start of operations. My Observations on the NPRM Once again the Coast Guard has put a great deal of discretionary authority in regards to security requirements in the hands of the COTP. On one hand this may insure that the unique characteristics of the port in question are addressed in the identification of security issues and their resolution. On the other hand it makes it inevitable that there will be a variation in the application of security rules from port to port. Like the MTSA security rules, this new regulation puts an additional burden on the staff of the COTP. I hope that the training of the staff reflects these requirements. A well thought out and executed training development program for the security staff will go a long way to ensuring that there will be minimal and justifiable variation in the application of security rules under the various COTP.

Tuesday, April 28, 2009

Two New Coast Guard Rules

Today’s Federal Register contained two Coast Guard rules (actually an NPRM and a Final Rule) that might be of interest to the chemical security community. The Notice of Proposed Rule Making concerns safety and security requirements for new Liquefied Natural Gas (LNG) and Liquefied Hydrogen Gas (LHG) storage facilities. The Final Rule covers identification requirements for crewmembers on foreign commercial vessels in US waters. Waterway Suitability Assessment The proposed rule for LNG and LHG facilities will codify the current requirements for a waterway suitability assessment (WSA) that are currently outlined in the Coast Guard guidance document, Navigation and Vessel Inspection Circular (NVIC) 05-08. The WSA is the safety and security review that must be submitted to the Coast Guard to meet Federal Energy Regulatory Commission (FERC) regulatory requirements for LNG facilities. This proposed rule proposes to apply the WSA requirements to LHG facilities even though they are not generally regulated by FERC. Crewmember Identification Documents This Final Rule implements requirements of the Maritime Transportation Security Act (MTSA) that requires the Coast Guard to be able to positively identify all crewmembers on vessels operating on vessels in U.S. navigable waters. U.S. and registered alien crewmembers are already covered under the TWIC regulations. This Rule, which goes into effect on May 28th, 2009, will extend that capability to all foreign crewmembers without requiring the use of the TWIC process. Future Reviews Once I have had a chance to look over these two rules in detail, I will see if they look like they would be of general interest to the chemical security community. If they are, I will look at them in more detail in future blogs.

DHS Swine Flu Conference Call

There is a report on Icis.com from last night that DHS held a conference call yesterday with various manufacturers in critical industries, including chemical manufacturers, to discuss the current swine flu outbreak. The call was made as part of the standard communication procedures outlined in the National Infrastructure Protection Plan. DHS discussed precautions that companies should take as part of their contingency planning for the situation. The article quotes one participant describing the call this way:
“It was just a matter of raising awareness, telling people that if they’re not already taking action that they should be doing so, to instruct employees to take normal precautions, such as washing hands frequently, and that workers who have a fever should stay home or be sent home if necessary”.
Security Processes The way the article described the call, it dealt mainly with preventative actions that companies should take to keep critical manufacturing centers in operation during a potential pandemic situation. There was no mention of anything to specifically deal with security operations at such facilities. If there were no such discussion in the call, DHS certainly missed an important opportunity. Many high-risk chemical facilities, particularly the larger ones, have developed at least the sketch of a plan of how to deal with a variety of pandemic situations. I would be surprised if many of those had taken a serious look at how such a situation might affect the site security plan. Effect on Security Forces The first thing that obviously comes to mind is that in a wide spread pandemic situation the security force has the same potential to have large numbers of people out sick as does manufacturing, maintenance, or sales. Since many facilities have contract guard services, it is important for the facility security officer to contact the account manager and ensure that provisions have been made to have back-up personnel available to fill positions temporarily vacated due to illness. This is especially true if the facility uses armed guards as there is a much smaller pool of personnel qualified to fill those positions. While a facility might shut down in the worst part of the pandemic to reduce the chance of the illness spreading within their employee ranks, the same cannot be done for security personnel. In fact, the argument can certainly be made that the risk to a facility from a terrorist attack could actually increase during such a pandemic. A lowered security posture and the increased societal vulnerability during a pandemic could increase the perceived value and lower the perceived risk of such an attack; nothing like kicking a person, company, or society while they are down. Additionally, security personnel are probably going to be given additional tasks at facility entrances that deal with preventive actions for the pandemic. Screening for personnel who appear to be ill, and handing out special personal protective equipment (surgical masks for instance) are two such tasks that come to mind. While important to the health of employees and the facility, this will reduce their attention to standard security measures which must still remain their primary focus. Effect on Emergency Response Off site problems must also be taken into account by security managers. A major component of any site security plan is support from the local government, including security and emergency response. As those agencies are tasked for additional duties related to pandemic response their capability to respond to facility security and safety issues will be degraded. Significant illness within those forces will further upset response times and capabilities. Close communications with local agencies will allow the security manager to keep abreast of the status of such off-site response and adjust planning as appropriate. These are just some of the things that the facility security manager must start to consider as a potential pandemic situation starts to develop in this country. Yesterday’s conference call by DHS is a good first step in acknowledging that critical industries need to start to look at what they are going to do to minimize the impact of the current swine flu situation. DHS and high-risk facilities also need to take a hard look at the potential impacts of a pandemic on security at high-risk chemical facilities.

Monday, April 27, 2009

Public Comments TWIC Reader ANPRM – 04-24-09

More comments on the TWIC Reader ANPRM are starting to trickle into the Regulations.gov web site over the last week. We have two separate comments from one individual and comments from one company. The comments are from Tracy L Royce, #1, #2 Clipper Navigation Tracy L Royce Comments In the first comment Tracy Royce agrees that Risk Group C should not require on-board TWIC Readers. Would like to see rule specify a ‘minimum percentage of persons onboard’ are randomly verified. Royce would also like to see a ‘specified time interval’ for supplying company security officer with updated list of ‘suspended and revoked’ TWIC. Rule should require a report back to Coast Guard if person with a newly suspended or revoked TWIC were found on board. The second comment objects to the classification of coastal drilling platforms on the Outer Continental Shelf (OCS) as Risk Group B. Tracy Royce does not believe that that classification is justified. Clipper Navigation Comments Clipper Navigation echoes the comments of Jack Harmon that were reported in a previous blog that there should be public meetings outside of the Washington, DC area. Again, Clipper Navigation specifically recommends that a public meeting be held in the Seattle, WA area because of the large maritime community. My Comments on Comments Tracy Royce brings up a couple of interesting issues that were not dealt with in the ANPRM. First, off-shore facilities/vessels with large crews are going to find it difficult to do 100% weekly verification of TWIC. The suggestion for requiring a percentage of TWIC checks where there is little change in crew composition should be considered. The second suggestion points out something that should have been considered in drafting the ANPRM; what to do if a check shows that a current crew member’s TWIC is no longer valid. The planned regulation should require removal from sensitive duties and unaccompanied access to critical areas. It should certainly require reporting to the Coast Guard.

Congressional Hearings Week of 04-27-09

Not much on the schedule this week for hearings related to chemical security issues. As of this morning the House Homeland Security Committee website does not list a hearing schedule though there are three hearings reported in Friday’s Congressional Record Daily Digest. Wednesday the whole committee will receive a briefing on the TWIC. Two subcommittee hearings are scheduled that touch close to chemical security issues, combating violence on the US-Mexico border and interoperable emergency communications. The Senate Homeland Security and Government Operations Committee will be holding a hearing on cyber security measures, but there are no indications yet that it will look at the control systems issues. The 900-lb gorilla in the weekend’s news, the ‘swine flu emergency’, has not yet had a chance to make it into the committee schedules. I would be surprised if anyone is looking far enough ahead on this issue to look at security affects, but we can always hope.

SSP and RBPS Update – 04-27-09

After I posted the news Saturday that OMB has approved the RBPS Guidance document I had a chance to talk with some people that I know in the ‘industry’. Based on those discussions I thought I would take some time today to discuss what we can expect to see in the coming weeks. Publishing Documents First, I expect that DHS will put the final version of the RBPS on their web site this week. I understand that DHS will notify registered CFATS users when it is posted. As soon as I see it on the site, I’ll post that information on this blog. Needless to say I will also start doing my typical reviews of the new documents. At this point it is not clear if OMB made any changes to the document. If there had been large changes, I am sure that we would have heard about them by now. But there is a possibility that there were small changes made. Even small changes could delay the roll-out of the SSP Tool on CSAT; even something as small as changes in metric numbering could require SSP revisions. In any case the SSP tool will soon go online. At the same time as that is made available I would expect DHS to publish two manuals to accompany the SSP Tool. First there should be a copy of the questions asked in the SSP. Second there would be the ‘users manual’ for the SSP Tool. If the draft SSP Template that I have seen is any indication these two documents will be much larger than those seen for the Top Screen or SVA tools. Changes to the RBPS Guidance will be potentially even more of a problem for these documents. Tiering Notifications DHS has not yet notified facilities of the results of the evaluations of SVA’s that were submitted last year. This was because the receipt of the notification letters would start the clock on SSP completion. Since the SSP tool has not yet been made available the decision was made to hold those letters until the SSP did become available. DHS had intended to send the letters out in a risk-based staggered schedule. Tier 1 facilities would receive the letters first then the other tiers would receive their’s over the next few months. I expect that the same thing will still happen, but the original schedule will certainly change (the original schedule called for Tier 1 and Tier 2 letters to have already been sent by now). If I were DHS (what a thought) I would send out Tier 1 letters next week, Tier 2 the first week of June, Tier 3 the first week of August, and Tier 4 the first week of October. As soon as DHS announces their schedule, I’ll discuss it’s implication in more detail. Stay Tuned for Further Information

Saturday, April 25, 2009

OMB has Approved RBPS

I just heard this morning that the Office of Management and Budget (OMB) has approved (late Thursday) the Risk-Based Performance Standards Guidance document for the CFATS program. As of this morning (0900 EDT) the approved RBPS Guidance was not yet posted on the DHS web site. I expect that within the next couple of days it will be posted as will the initial information on the SSP tool. According to what I am hearing, the first Tier 1 SVA letters will be going out sometime after May 1st.

Friday, April 24, 2009

HSIN Advisory Committee Meeting 05-12-09

The DHS Homeland Security Information Network (HSIN) Advisory Committee announced today that they would be holding a public meeting on May 12th thru 14th in Potomac, MD. The meeting is open to the public, but participation in the discussions is limited to Committee Members and DHS personnel. Advance registration is required to attend. Requests to make oral presentations or submission of written material to be distributed to Committee Members must be made by May 5th, 2009. According to the Federal Register Notice, the agenda includes:
An update and discussion on efforts concerning the improvement of HSIN; Discussions on federal, state, and local information sharing and portal consolidation; A briefing and discussion on the HSIN Mission Operators Committee and Business Case; and Discussions pertaining to HSIN community best practices and the HSIN law enforcement and fire services communities.

CFATS Webinar

The Alliance of Hazardous Material Professionals recently announced that they will be sponsoring a CFATS webinar next week on April 29th at noon EDT. Sue Armstrong, Director of Infrastructure Security Compliance Division (ISCD) at DHS (the action agency for CFATS) will be providing information on the current status of the CFATS program and coming implementation updates. Provisions have been made for participants to ask questions during and after the presentation. The cost for participation is $85 for AHMP members and $105 for non-members. Pre-registration is required. Special Note: I am beginning to hear hints that the OMB may be close to approving the RBPS Guidance document. This means that the SSP and RPBS Guidance document will soon be published and the SVA letters will start to go out to Tier 1 Facilities. This may make this webinar especially important as Ms. Armstrong is in the best position to address the rollout issues.

Another Look at Counter Surveillance

There is a good article on StratFor.com about the recent preventive arrests of an alleged terrorist in Manchester, UK. Anyone seeking to understand the dilemma of deciding when to break up a terrorist plot should read this article. In the middle of the article, however, is a short section of greater importance to members of the chemical security community. It deals with detecting a terrorist attack in the planning stages. Flawed Tradecraft Under the ‘flawed tradecraft’ heading the article states that “the suspects did not appear to possess any surveillance detection capability — or even much situational awareness — as they went out into Manchester to conduct pre-operational surveillance of potential targets while under government surveillance themselves”. The authors, Burton and Stewart, note that this is not unusual, claiming that “most militant groups do not provide very good surveillance training and as a result, poor surveillance tradecraft has long proven to be an Achilles’ heel for militants”. In this instance they note that “the suspects’ surveillance techniques appear to have been very rudimentary in that they lacked both cover for action and cover for status while conducting their surveillance operations”. Counter-Surveillance Plan As I have pointed out on a number of occasions, this means that the detection of potential attacks can be accomplished by standard counter-surveillance techniques. Burton and Stewart make the same point, saying that “because of this weakness, countersurveillance [sic] operations can be very effective at catching militant operatives when they are most vulnerable — during the surveillance phase of the terrorist attack cycle”. Counter-surveillance planning must be an integral part of any security plan directed at protecting a facility against potential terrorist attack. It must be remembered that counter-surveillance consists of two components; detection and investigation. The facility personnel will be actively involved in the detection phase, but the investigation phase, for a variety of practical and legal reasons, must be conducted by law enforcement. This means that the facility must establish an active relationship with local law enforcement organizations and develop procedures for reporting the detection of potential surveillance operations. While facility security staff will be an essential component of any counter-surveillance operation, every employee of the facility must be trained in the basic requirements of counter-surveillance operations; the more eyes that are watching for potential surveillance activities the better. High-risk chemical facilities must establish internal reporting procedures and actively encourage reporting of suspicious activity. The most obvious surveillance technique is someone taking detailed pictures or making drawings of the facility. More sophisticated surveillance operations will also include a personal approach to facility personnel asking questions about procedures, schedules and security. For terrorist operations this type of approach will typically be fairly clumsy and obvious; it takes a great deal of training to bring-off this type surveillance without raising suspicion. Surveillance Does Not Always Mean Terrorists One final note must be made in any discussion of counter-surveillance operations. Not everyone that is looking at a chemical facility is a terrorist. There are a number of constitutionally protected reasons that someone may be watching a chemical facility, even a high-risk chemical facility. Surveillance from public property, like roadways and sidewalks on public rights-of-way, is not illegal; suspicious perhaps, but not illegal. Harassment or interference with such protected behavior can certainly lead to expensive lawsuits and even criminal prosecution. This is one of the most important reasons to leave investigation to law enforcement personnel. Law enforcement is supposed to receive appropriate training to identify such protected behavior.

Thursday, April 23, 2009

Reader Comment – 04-23-09 – TWIC Exceptions

Earlier today our friend Anonymous posted a question to an earlier blog on TWIC exceptions. Anonymous asks:
“I'm a consultant for a asphalt terminal and just yesterday the terminal operator said the USCG told him that their is a TWIC exemption for bulk petroleum storage facilities like his. Does that sound familiar at all?”
Now let me preface my reply with a ‘legal disclaimer’ (I know I have at least a couple of lawyers reading this blog); I AM NOT A LAWYER. This is not legal advice or even a legal opinion; you have to be licensed to practice law to do either. No TWIC Exceptions I have not seen anything giving anyone an exemption for personnel with unaccompanied access to secure areas of MTSA covered facilities or vessels from the requirement to have a TWIC. There have been some time-limited modifications to allow people that have passed their background check, but have not yet received the physical TWIC. Those were issued because of some delays on last minute applications, but they were not facility based exceptions. TWIC Reader Exceptions The TWIC Reader ANPRM addresses proposed future rules for the use of TWIC Readers, electronic devices to read the personal identification information encoded in the radio-frequency identification (RFID) chip in the card. The ANPRM explains that the Coast Guard is considering not requiring some low risk MTSA covered facilities and vessels to use a TWIC Reader to routinely verify the identity of workers. Instead they would just be allowed to use the TWIC as the only acceptable ID card for visual verification of worker identity once the facility/vessel owner had used a TWIC Reader to establish the identity of the worker. This ‘exception’ would only be available to the lowest of three risk groups to be established by the future TWIC Reader rule. For an MTSA covered facility to qualify the Coast Guard is considering using the following description (74 FR 13367) for a ‘Risk Group C’ facility:
“(1) MTSA-regulated facilities that receive vessels carrying non-hazardous cargoes that are required to have a vessel security plan; “(2) Facilities that receive towing vessels engaged in towing a barge carrying non-hazardous cargoes; “(3) Facilities that receive vessels certificated to carry less than 500 passengers.”
I do not think that a ‘bulk petroleum storage facility’ that receives/ships material from a vessel would fit under the proposed description of a ‘Risk Group C’ facility. Even an ‘asphalt terminal’ that receives/ships asphalt from a vessel is handling ‘hazardous materials’ under the HMR. I believe that such facilities would probably fall under the middle category of ‘Risk Group B’. Those facilities would be required, if the current Coast Guard thinking is followed in the rule development process, to use TWIC Readers to verify worker identifications. Recurring Unescorted Access The only other thing that I can think of that someone might be considering is the ‘Recurring Unescorted Access’ provisions discussed in the TWIC Reader ANPRM (74 FR 13367-8). If a facility had no more than 14-personnel requiring unescorted access, this provision, again if included in the actual rule, would not be required to use a TWIC reader every time they entered the facility. Periodic use of the TWIC Reader would still be required. ANPRM’s are not Rules Just one last point; the TWIC Reader ANPRM is an advanced notice of proposed rule making not a rule or regulation. It is a formal start of the rule making process where the agency (the Coast Guard in this case) is establishing their current thoughts about what a regulation might look like. It is done to get public input on how easy it would be for the regulated community to live with the potential rules. The Coast Guard will take the public input, their internal review of that input, the inevitable congressional input, and then develop a draft of their proposed rule. That will then be published in the Federal Register under a notice of proposed rule making (NPRM) and they will again ask for public comments. We are a long way from a TWIC Reader rule going into effect.

CSB Preliminary Report on CropScience Accident

The Chemical Safety Board released their preliminary findings on the August 28th, 2008 accident at the Bayer CropScience facility outside of Institute, WV ahead of this evening’s public meeting in Institute. They have determined that a combination of issues lead to this ‘preventable’ accident. Their investigation continues. The press release notes that there “were significant lapses in the plant's process safety management, including inadequate training on new equipment and the overriding of critical safety systems necessitated by the fact the unit had a heater that could not produce the required temperature for safe operation”. Additionally there is an ongoing look at the potential impact of employee fatigue on the incident. The inherently safer technology (IST) issues raised in Tuesday’s congressional hearing were briefly addressed in the press release. It notes that “other chemical companies, notably DuPont, no longer store MIC in their chemical production and we are looking into other systems that make and then immediately use the MIC, eliminating the need for storage”. Subcommittee Chair Stupak had charged CSB Chairman Bresland with making detailed IST recommendations as part of the final report on this incident. This evening’s community meeting will “will include a review of emergency response communications problems, chemical exposure symptoms for Methomyl and methyl isocyanate (MIC), and placement and protection of the MIC storage vessel”, according to this release.

Bayer v CSB Hearing: Additional Information

On Tuesday the House Subcommittee on Oversight and Investigations (Energy and Commerce Committee) completed their hearing on the Bayer CropScience fatal accident of August 2008. Yesterday I went back to the Committee web site to see if they had yet posted the statements from Senator Rockefeller and Congresswoman Capito (they were not posted when I checked just before noon). I found that four new supporting documents had been posted to their site. These documents were obtained in the process of the staff investigation into the incident. They new documents are:
Emergency Response Documents – a copy of transcripts taken from Metro Fire radio calls, telephone conversations between Bayer CropScience and Metro 911, letter from Kanawha County Commission to Bayer CropScience detailing concerns about lack of information provided during incident, letter from West Virginia State University to Bayer CropScience on the same subject, A Bayer PowerPoint® presentation on the incident, a Bayer press release on emergency response issue, a 12-29-08 draft of Bayer memo on public relations strategy, and a Bayer community outreach opportunities memo.

MIC Documents – a copy of the Bayer CropScience emergency operations center (EOC) log, copy of 12-18-08 document request from CSB, transcript of plant manager comments at 10-08-08 public meeting, CSB email requesting additional information about MIC involvement in incident, a copy of letter to CSB from Bayer lawyers commenting on CSB draft presentation, CSB emails about potential IST process for MIC, a copy of a 05-13-03 Bayer memo on safety of MIC process at their newly acquired WV facility, a copy of an 08-12-03 PowerPoint® presentation on the ‘MIC Inventory Model’ at the facility, and a copy of a 03-27-09 letter from Bayer to CSB detailing SSI status of documents previously provided to CSB.

Information Concealment Documents – copies of a variety of communications (internal and between CSB, Coast Guard, Bayer and their Lawyers) discussing the SSI status of specific documents. Photos of Bayer Plant After Fire – 21 post-incident photos from the Larvin unit.

Too much information to digest quickly. Interesting to note that many of the documents are marked ‘Sensitive Security Information’ and ‘Business Confidential’. There is some redaction of contact information (telephone numbers and email addresses), but no apparent removal of ‘sensitive’ information. Ignoring for the moment the question of if these documents are properly classified, do ‘disclosure’ rules apply to Congress? Probably not. Comments on Photos Having ‘played’ with explosives in the military and having worked in a facility that had ‘over pressure’ incident, I am not too surprised at the pictures provided in this file. Photos of damaged process equipment are not as impressive as actually seeing them in person. The first photo in the file, for instance, can only truly be appreciated if one had seen the tank in its original condition. I assume that this was the vessel that ‘over pressured’. I have taken photographs of the results of a much smaller incident and there is no way that two dimensional photographs or even videos of the damage can adequately convey the destruction. Chemical process equipment is inherently three dimensional and has a specific order and logic. The disruption of those systems just cannot be adequately conveyed in two dimensional images.

Wednesday, April 22, 2009

Reader Comment – 04-21-09 – SSP Template Copy

Yesterday Gap57 left an interesting question posted to a blog I posted on another reader comment about the SSP Template that I had received. Gap57 asked “How could a fellow ‘researcher’ get an advanced copy of this document so that I can get ahead start on my SSP?” Boy, would I like to sell you a copy, but that wouldn’t be too ethical would it? I mean to profit from providing you with a copy. But, a trade for information, that wouldn’t be an ethical problem at all. A Special Deal I am interested in information about security challenges, problems or solutions that facilities have come up with. I can not use any information that would be considered CVI, so the information would have to be appropriately cleansed of identifying marks. Post a comment to this blog marked ‘PRIVATE’ (so I won’t clear it to be publicly displayed) with your piece of information and your email address. I will then send a copy of the draft SSP template that I have been writing about. It is a .PDF document about 309 pages long. This is a non-exclusive offer open to anyone that can provide interesting information. Any information provided to me is subject to being written about in this blog, or not, solely at my discretion. If you do want your name or handle associated with the information please specifically state that in your posting. Other wise it will be listed as coming from my good friend Anonymous if/when I write about the information. Caveat Emptor I make no claims or warranties about the accuracy of the draft SSP template that I have. I did not receive it from DHS. Even if it did come from DHS it was developed prior to OMB approval of the RBPS Guidance document so any references to RBPS metrics may be void. The only information that I have any level of confidence about is the material through page 37 of the document (because it feels right), and even that I cannot guarantee because of the source of the material.

Bayer v CSB Hearing: Detailed Look

Yesterday the House Subcommittee on Oversight and Investigations (Energy and Commerce Committee) completed their hearing on the Bayer CropScience fatal accident of August 2008. Brought about because of the public brouhaha surrounding proposed restrictions on the CSB public reporting on the incident, the Committee Staff did an extensive background investigation in support of the hearing. While I reported yesterday on my impressions about the 3 hour hearing, today I would like to take a little closer look at the prepared testimony. The Incident I’m not going to go into any great detail about the incident itself. CSB Chairman John Bresland provided a reasonable summary of the incident in his testimony, but a better presentation is in the works. On Thursday the CSB is scheduled to provide an extensive public report on the preliminary findings about the incident at a public meeting in Institute, WV. The incident took place in the residue treatment equipment in the Methomyl/Larvin unit at the Bayer CropScience plant. A runaway reaction during the thermal degradation of residual methomyl in the recovered solvent stream from the process resulted in a rapid increase in pressure in the pressure vessel. While venting was attempted the pressure build up was too quick and too much. The vessel catastrophically failed and became a projectile, flying through production equipment. The resulting destruction produced chemical releases of a wide variety of chemical feed stocks and the fire in the unit. Two employees were killed; one died the night of the incident and one a month later from the burns received that night. A number of people, including fire fighters and train crew members, reported apparent chemical exposure symptoms and sought medical treatment. Incident Reporting One of the concerns in the local community was the lack of information provided to local emergency responders during the incident. Testimony from the St. Albens, WV Police Chief, the West Virginia Department of Environmental Protection (WV DEP), and an environmental advocate from the WV DEP provide the gruesome details about the confusion and lack of information from that evening. Of particular concern is that all three witnesses reported under questioning that they had still not been informed of the chemicals potentially released into their community until they heard the testimony of Chairman Bresland yesterday. The testimony of William Buckner (Bayer CropScience President and CEO) seems to contradict many of the claims made in the testimony of local witnesses. He claims that while there was an apparent ‘break down in communication’, Bayer provided all relevant information to the local 911. Still he vowed (pg 2):
“In addition to taking steps to prevent such an incident from happening again, since the incident we have taken several specific actions to improve our emergency communications. For example, we have implemented new procedures for communicating with our region’s emergency response center, Metro 911, installed dedicated methods of communication with Metro 911, hired a new emergency services leader to work with Metro 911 and other first responders in the region, and provided new real-time chemical monitoring technology to Metro 911.”
Both the Committee Staff report and the testimony of CSB Chairman Bresland indicate that transcripts of the 911 Center from that evening supports the descriptions provided by local witnesses not Buckner. For example the staff memo states that evidence “obtained by the Committee demonstrates that Bayer engaged in a campaign of secrecy by withholding critical information from local, county, and state emergency responders” (pg 2). I would expect additional details to be provided in the CSB presentation on Thursday. Security Sensitive Information One of the surprising things to come out of the Bayer testimony was that they considered denying the CSB access to documents about methyl isocyanate (MIC) operations by classifying them as SSI. Buckner’s written testimony (pgs 6-7) acknowledges that:
“CropScience acknowledges that in January 2009, there were some in company management who initially thought that the Maritime Transportation Security Act of 2002, 46 U.S.C. Chapter 701 (“the Act”), could be used to refuse to provide information to the CSB about issues regarding Methyl isocyanate (“MIC”) beyond those related to the MIC day storage tank in the unit involved in the incident. We admit that.”
After ‘further review’ of the MTSA regulations CropScience realized that the CSB personnel were ‘covered personnel’ and could not be denied access to SSI. They then tried to limit public discussion of MIC issues by classifying 2,000 pages of documents as SSI. This is where the public discussion of the SSI controversy began. Under questioning Buckner noted that they finally turned those documents over to outside attorneys for classification determination; only 12% ended up classified as SSI. Rear Admiral Watson noted under questioning that the Coast Guard had not reviewed the classification of those remaining 12% to see if they were properly classified. He did explain that CropScience was responsible under the SSI regulations for the proper classification of documents; but there were only sanctions for improper disclosure not over classification. One committee member (I missed the name) opined that this provided an incentive for companies to over classify. CSB Chairman Bresland was very upset about the effect these SSI rules could have on his agency. He agreed that the current problem, the presentation for Thursday’s public meeting, has been resolved. The larger issue remains to be resolved, according to his testimony (pg 11):
“Mr. Chairman, it requires little imagination to see the potential for misuse if such an interpretation prevails. In the future, companies may be able to delay our investigations for years while complex claims and counterclaims under MTSA or CFATS are painstakingly resolved between the CSB and various homeland security agencies. Public confidence in the independence, thoroughness, and efficiency of our critical life-saving work may be undermined.”
Mr. Buckner’s written testimony addressed the SSI issue. He stated (pg 9):
“As our experience demonstrates, there is a need for further education and guidance regarding the interplay between the SSI regulations and CSB investigations. We do believe that whatever tension may exist between CSB’s desire to inform the public and the Coast Guard’s mandate to protect homeland security, these two important federal interests can be reconciled. We look forward to the ongoing dialogue between these two agencies and their efforts to balance these important federal interests.”
I’ll be looking at this issue more in later blogs. Inherently Safer Technology Anyone that hoped that the MIC process would not be an issue in this hearing was quickly disappointed. In his opening statement Subcommittee Chair Stupak explained: “We will also explore ways for companies to employ safer technologies [emphasis added] to protect their communities so that tragedies like this one do not happen again” (pg 3). Opening statements by other committee members also addressed this issue. Chairman Waxman’s statement (pg 2) was most emphatic:
“Twenty-five years after the catastrophe in India, I think it's finally time to ask whether it makes sense to allow Bayer to continue producing and storing such massive amounts of this highly toxic chemical.”
CropScience obviously realized that this issue would be addressed in the hearing. Mr Buckner’s testimony (pg 11) explained their position on the MIC IST issue:
“CropScience, continuing the work previously done at the Institute site, has invested significant time, thought, effort, and financial support into ensuring that we employ robust and safe production strategies for our various production units that use MIC. We have examined alternative technologies for MIC and determined that our process is as safe as those other technologies.”
Under direct questioning the facility manager reiterated this position. He noted that to eliminate the large storage capability for MIC at the West Virginia facility, CropScience would have to establish four separate MIC production units. He also noted that the frequent start ups and shutdowns of those units would increase the risk of process accidents since start ups were the most dangerous times in any of these processes. Chairman Stupak charged CSB Chairman Bresland with specifically addressing the inherently safer technology issue in the CSB final report. It was an interesting hearing. As I stated yesterday, I think that CropScience came off looking as bad as any of the activists in West Virginia have claimed. They have a lot of PR work to do if they intend to convince anyone that they are good corporate citizens. Their performance at the Thursday public meeting will be under close scrutiny.

Tuesday, April 21, 2009

Bayer v CSB Hearing: First Response

I just completed listening to the testimony before the Subcommittee on Oversight and Investigations of the House Energy and Commerce Committee on “Secrecy in the Response to Bayer’s Fatal Chemical Plant Explosion”. I have to say that Bayer CropScience came off looking real bad. I’ll do a detailed review of the testimony for tomorrow’s blog, but right now I just want to hit on my impressions. All of the response personnel testifying told a scary story of seeing and hearing the explosion that hot August night, but not being able to get any information from Bayer to make appropriate emergency response decisions. They described communications that could only be charitably called stonewalling, but were characterized by Bayer testimony as being ‘a break-down in communications’. Chairman Bresland of the CSB described the mechanics of the incident in scary details. An inappropriately high concentration of byproduct waste was fed into a system to be thermally degraded. Safety controls on the equipment were routinely defeated to initiate the thermal degradation process. With a non-diluted waste stream the heat built up faster than normal and a runaway reaction resulted that led to a catastrophic failure of the reaction equipment. The worst part of the story came from the Bayer management testimony. The Bayer CropScience President and CEO admitted that his company initially attempted to hide data about their methyl isocyanate production and storage system from CSB behind the SSI designation. When informed by legal counsel that that was not appropriate they still tried to limit the CSB’s public disclosure of that information by classifying 2000 documents as SSI. Subsequent review by Bayer counsel determined that only 12% of those documents could be classified as SSI. No one, outside of Bayer and its counsel, have verified the SSI status of those remaining documents. The Coast Guard testimony was cheerful, but disappointing. It was noted that Bayer alone was responsible for classifying information for their facility as SSI. There are potential civil penalties for Bayer if they disclose SSI, but no penalties for over classifying information. Thus there is every reason for Bayer to overly classify information. Finally, the questions from the Committee members were very supportive of the first responders, community leaders and unsupportive of Bayer. Chairman Stupak’s final round of questions was especially telling. He kept pounding on the Bayer CropScience President and the Plant Manager about inherently safer technology. He challenged them on why they were the only plant that still stored large amounts of MIC instead of using a produce as you consume process. When they responded that they thought they were using the safest process he asked if they would submit their analysis to outside review. Their failure to accept even that did not impress him. As I said before, there will be a more considered evaluation tomorrow.

Oops, Again

I have a factual error in yesterday’s blog about the UP petition before the STB that I need to correct. In the first sentence of the ‘Final Note’ section of the blog I said that: “Today is the day that UP is supposed to file their response to all of the replies and comments submitted to the STB.” That was not correct. I forgot to update the tickler file when STB granted the TSA request for extension. The real ‘due date’ is April 30th, 2009. Sorry about that.

Fire as a Weapon

Yesterday on my personal blog I discussed some of the process safety issues associated with the recent food processing facility fire in St. Charles, MN. That fire resulted in the evacuation of the town of almost 4,000 because of the fear of the possible imminent explosion of five anhydrous ammonia storage tanks in the facility. Not only was there concern about the potential release of 30,000 lbs of anhydrous ammonia, a toxic inhalation hazards (TIH) chemical, but the catastrophic failure of pressure tanks would have resulted in concussive blast effects and flying bits of metal. Aggressive action by local fire departments prevented the failure of the storage tanks. The pressure relief releases of anhydrous ammonia to the atmosphere were controlled to maintain safe off-site concentrations of the toxic gas. All in all it was a successful emergency response, the facility was essentially destroyed by the fire, but there were no serious injuries or deaths and no significant chemical exposures. While process safety people are interested in examining incidents like this for lessons to be learned, the chemical security community should also look at such incidents. Accidents are much more common than terrorist attacks (thank goodness) so we should take a look at serious accidents as surrogates for terrorist attacks. Fire as a Release Initiator Because of the physical characteristics of toxic inhalation hazard (TIH) chemicals, they are stored in pressure tanks. The construction of these tanks is such that they are much more resistant to explosions and fire arms than are most chemical storage tanks. This makes for a slightly easier to defend potential target. This is especially true when one considers that for maximum effect there must be a catastrophic breach of the storage tank to get the highest concentration toxic plume. Small holes make for slower releases and faster dispersion to sub-toxic levels. The ‘easiest’ way to get a catastrophic breach is to over-pressure the storage tank, quickly increase the pressure in the tank to more than its rated pressure capacity. The word ‘easiest’ is in quotes because chemical engineers are well aware of these potential hazards and spend a great deal of time designing the tank and its associated hardware and software systems to prevent over-pressure situations. Redundant temperature and pressure sensors, cooling systems, valve interlocks, high-level and high-pressure alarms and pressure relief systems are just some of the tools that are used to prevent over-pressure situations. There is one over-pressure scenario that makes chemical engineers cringe; the fire case. This is where there is ‘direct impingement’ of flames from a vigorous fire on the walls of the tank. The heat from the fire increases the head space pressure by increasing the temperature. With low boiling point chemicals (like TIH chemicals) the liquid in the tank quickly reaches the boiling point and it expands exponentially during conversion from liquid to gas. At the same time the heat from the flames on the metal walls of the tank will reduce the strength of the metal decreasing the pressure rating. In short order a very hot fire will result in the explosive failure of the pressure tank, effectively releasing the entire contents instantaneously. Given the rapid action involved, the astronomical increases in pressure, and the weakening of the vessel walls, there is no practical safety system that can prevent the catastrophic failure of the pressure tank in a fire case. The only solution is to keep combustible materials away from the storage tanks so that there can be no fire that will directly impinge on the walls of the tank. This is why TIH chemicals are most often stored in tanks remote from structures and other storage tanks. New Attack Scenario Security planners need to keep the above facts in mind when they look to provide effective security for large PIH storage tanks. They need to re-evaluate the normal chemical engineering effort to protect the tank from an over-pressure situation. They need to insure that there are no combustible materials stored in the vicinity of the tank, even on a temporary basis. Then they need to look at potential attack scenarios that would allow a terrorist to introduce combustible materials into the area around the tank. The simplest attack scenario would be for the terrorist to place a flammable liquid on the ground beneath the TIH storage tank and ignite it. This can be done by routing hoses or puncturing transfer lines (typically an insider attack). Another successful technique would be to cause the catastrophic failure of a nearby flammable (or even combustible) liquid storage tank and igniting that spill. A small explosive device that would be of little use against a pressure tank would be very effective against the typical sheet metal construction of most storage tanks. A similar attack on a properly placed portable storage tank or delivery truck would accomplish the same ends. For facilities that do not have the luxury of being able to keep their TIH storage tanks separate from other chemical storage, or must keep the tank in or near buildings that can burn, special precautions must be taken to avoid the affects of the fire case. Typical fire suppression systems are probably not adequate. A deluge system that keeps a high volume water flow across the entire surface of the tank for the duration of the fire is necessary. This does come with the attendant problem of stopping the potentially contaminated runoff from leaving the site. Again, learning from the mistakes or successes of others is the least expensive way to learn a lesson. A truly intelligent person looks at unrelated situations and extrapolates the lessons learned to their own situation. Protecting TIH storage tanks from fire case situations is not just a safety requirement. It should also be an objective of facility security officers.

Monday, April 20, 2009

Draft SSP Review – Risk Based Performance Standards

This is the last in a series of blogs describing the draft SSP Template that was provided by a reader of this blog, not DHS. Just a quick reminder, this means that there might be differences between this template and the one that DHS will shortly be opening on the CSAT web site. The previous blog in the series were: Draft SSP Review – General Facility Information Draft SSP Review – Facility Operations Draft SSP Review – Facility Security Measures Draft SSP Review – Asset Security Measures The bulk of the SSP Template consists of questions and answers regarding the Risk-Based Performance Standards. Any legitimate detailed discussion of the questions will require reference back to the RBPS Guidance document. Unfortunately, the Office of Management and Budget has still not yet approved the final version of this Guidance Document. With the amount of time that it has taken to get OMB approval, it is very possible that there will be some significant required by OMB before the guidance document can be published. That would require at least some changes form the draft version of the SSP that I currently have. Even trying to divine the contents of the Guidance documents from the questions available in the draft SSP Template that I have would be difficult at best and unfair at worst. For example, one of the controversies raised in the Draft RBPS Guidance document was the issue of ‘requiring’ an on-site armed response force. Question 10.33 in RBPS # 4 asks about security force weapons. This is a legitimate question even if there is no indication in the RBPS Guidance that DHS would like to see some facilities have an armed response force. So, until the RBPS Guidance document is published, there isn’t much else I can say about the draft Site Security Plan Template.

This Week’s Congressional Hearings 04-20-09

Congress will be coming back from their two-week Easter Recess tomorrow. The only Committee (among those that I routinely track, anyway) that currently has any chemical facility security related hearings scheduled for this week is the House Energy and Commerce Committee. The Subcommittee on Oversight and Investigations is going to conduct their long planned hearing on the SSI Controversy about the Chemical Safety Board public meeting on the Bayer CropScience incident. The hearing is scheduled for tomorrow at noon. Neither the House Homeland Security Committee nor the House Appropriations Committee has any committee hearings posted on their web sites yet for this week. Witness List It really looks like Chairman Stupak (D, MI) is planning on having an interesting hearing. He has certainly got all of the active players in the controversy scheduled to appear before the Subcommittee. The current witness list includes:
The Honorable John D. Rockefeller, IV, US Senator, West Virginia; John Bresland, Chairman, U.S. Chemical Safety and Hazard Investigation Board; William Buckner, President and CEO, Bayer CropScience; Nick Crosby, Vice President, Institute Site Operations, Bayer CropScience; Admiral James Watson, U.S. Coast Guard; Joseph Crawford, Chief of Police, City of St. Albans, West Virginia; Michael Dorsey, Chief of Homeland Security and Emergency Response, WV DEP; Kent Carper, President, Kanawha County Commission, Kanawha County, West Virginia; Pamela Nixon, Environmental Advocate, WV DEP
Web Update The House Committee on Energy and Commerce re-did their web site this weekend. It is a lot cleaner look and is certainly professionally done. The change did kill a lot of the old links to their web site. If you have links saved, they probably no longer work. Check out their new web site.

Public Comments TWIC Reader ANPRM – 04-17-09

More comments on the TWIC Reader ANPRM are starting to trickle into the Regulations.gov web site. We have three new comments posted in the last two weeks. Additionally the Coast Guard has posted two new supporting documents to the site. The comments were received from: Judy Visscher Lake Carrier’s Association Jack Harmon The supporting documents are: USCG Analysis in Support of the Transportation Worker USCG Analysis in Support of the Transportation Worker Identification Credential (TWIC) Program Independent Verification and Validation of Development of Transportation Worker Identification Credentials Reader Requirements Judy Visscher Comments Ms Visscher, writing for the James De Young Generating Facility, applauds the Coast Guard establishing the Risk Groups, noting that, with the limited use of the restricted area at their facility, it would not make economic sense to buy and maintain a TWIC Reader. Lake Carrier’s Association Comments LCA represents companies operating 65 US-flag vessels on the Great Lakes. LCA supports not requiring low-risk vessels to have a TWIC Reader on board. They do, however, doubt that there will be enough TWIC readers located in the Great Lakes area to meet the requirements of the one-time biometric match requirement. They recommend that computer software be made available to accomplish that match. They recommend that the Recurring Unaccompanied Access (RUA) provisions be extended to cover a loading crew of up to 14 individuals at each Port of Call. LCA notes that their members use an Association developed Alternative Security Plan (ASP). They recommend that they be allowed to avoid making the required changes to that 200 page ASP until the next required review. They suggest that a one-page supplemental document covering the RUA provisions would be an adequate interim measure. Jack Harmon Comments Mr. Harmon’s comments are actually on the planned public meeting in the Washington, D.C. He would like to suggest that the Coast Guard conduct additional public meetings at other areas across the country, particularly in the Seattle, WA area. Mr. Harmon notes that many smaller operators cannot afford to travel to Washington, D.C. to attend such meetings. Supporting Documents The two documents posted to the docket website last week deal with the risk analysis that was done to establish the Risk Groups used to regulate when a TWIC Reader would be required to be used to verify the identity of a worker to granted unaccompanied access to a secure area of an MTSA covered vessel or facility. The Coast Guard document details the analytical method used to establish the Risk Groups. The second document details the peer review process conducted by the Homeland Security Institute to validate the Coast Guard method. Both documents are heavily redacted, removing a wide range of Sensitive Security Information (SSI) that was used in the analysis. My Comments on Comments It seems to me that LCA misread the intent of the Recurring Unaccompanied Access provisions of the TWIC Reader ANPRM. The way that I read the ANPRM, the Coast Guard intended the RUA procedure to be used (on vessels) to avoid repetitive ID checks of the vessel crew. The intent was not to allow shore based personnel at each new port of call to have RUA to the vessel. RUA is based on personal recognition of the personnel that one works with on a daily basis. Once an individual’s identity is adequately identified, personal recognition by co-workers, especially in the intimate setting of a vessel or small facility, is always going to be a more secure method of identification than any other kind of ID system. That intimate personal recognition would be absent for the work crews that had to board a ship for a relatively brief period of time involved in a loading/unloading situation.

CFATS Inspector Finds Damaged HF Tank

The reports out of Norphlet, AR might show some confusion about the difference between hydrochloric acid and hydrofluoric acid, but every report agrees that schools were canceled when a DHS inspector detected a crack in a storage tank at an inactive chemical plant. While the tank was not leaking, the 30,000 gal (or hundreds of gallons or 7,800 gal depending on the report) tank posed an ‘imminent threat of release’, and a Union County Judge declared a state of emergency. As of Friday, operations were under way to remove the chemicals from the site. According to a client alert put out by Hunton and Williams, the DHS inspector was at the chemical facility for a ‘Chemical Facility Anti-Terrorism Standards (CFATS) compliance assistance site visit’. Even though the site has not been operational for over a year (and has apparently never been fully operational since its construction in 2007) the site is covered under CFATS. It’s a good thing that the DHS inspector was on-site. If the tank had leaked it is likely that the chemical fumes would have been injuring and perhaps killing people before anyone knew what was happening. Identifying the source of the problem and identifying the offending chemical would have taken too much time and first responders would have been put in harms way with inadequate information to protect themselves during the initial response. Inactive Chemical Sites The circumstances that resulted in this plant being inactive have not been explained in the press other than to say that the plant was not made fully operational because of ‘financial problems’. It does, however, represent an increasing problem in the chemical industry, inactive facilities. Because of the economic ‘slow down’ many companies have idled production facilities due to lack of sales. In most cases the stated intention is to resume production when the economy recovers. I don’t know of anyone that is keeping track of how many of these facilities still have significant amounts of hazardous chemicals on hand. I would suspect that what ever inventory was on-hand when they were idled still remains at most facilities. If the facility has a DHS chemical of interest (COI) on hand in excess of the screening threshold quantity (STQ), the facility would still be potentially covered by the CFATS regulations whether or not the plant was actively manufacturing. From the news reports it is not clear if the inspector’s compliance assistance site visit was at the request of the facility or part of an outreach effort to look for non-reporting facilities. For this plant it looks like that point is no longer important, the COI are being removed. This incident does raise the question of how many idled facilities still need to be regulated by CFATS. I’m sure that there are facilities on the current high-risk facility list that are not currently in production. When DHS starts sending out SVA result letters, it is still going to expect those facilities to complete their Site Security Plan submissions if there are still regulated quantities of COI on site. If those chemicals have been removed, DHS will continue to consider the facilities high-risk facilities until new Top Screens have been submitted showing that there are no longer STQ amounts of COI on site. Only after receiving such Top Screens can DHS remove the facilities from the high-risk list. Employees as Security If facilities continue to maintain inventories of COI above the listed STQ, they are going to have to develop appropriate security procedures to protect those chemicals. The fact that the facilities are not currently operational will probably make those Site Security Plans more complicated. An active workforce present on site is actually part of the security arrangements of most facilities, even though most security planners fail to list it. The extra sets of eyes moving about the facility make it easier to detect intruders. Operators and maintenance personnel are more likely to detect tampering and offensive devices than even the best security forces because they are more familiar with the equipment. On site emergency response is drawn from the same workforce. Lack of that workforce significantly reduces the mitigation capability of the facility. Government Reaction I am sure that DHS is going to respond to this incident. I would not be surprised to hear that inspectors are showing up at idled facilities that are on the current high-risk list within the next couple of weeks. They will not be looking for cracked tanks; that is not their job (though obviously if they see deteriorating COI equipment they will report it). They will be looking to see if there is adequate security. And no, padlocked gates and a roving guard armed with a clip board and a flashlight will not be considered adequate. Hopefully, EPA and OSHA inspectors will be making similar visits to the same facilities. They are the ones that should be looking at equipment, chemical storage and safety training for the on-site maintenance team that is usually left in such circumstances. Those are the two organizations that were caught flat footed by the Norphlet, AR situation. DHS was on the job.

TSA and DOT Replies to UP STB Petition – 04-10-09

Ten days ago the comment period ended on the UP petition to the Surface Transportation Board (STB) to avoid quoting tariff rates for the transportation of chlorine over long distances and through high-threat urban areas (HTUA) when adequate sources were available from closer sources. On the last day of that comment period both TSA and DOT, at the request of STB, submitted their comments on the UP Petition. TSA Opposes UP Petition TSA starts out by observing that the “the issues involved in the petition transcend common carrier rates; they involve issues of safety and security” (pg 1). They then proceed to explain why the safety and security procedures put into place by TSA and DOT have the safety and security issues covered. TSA notes that the two agencies have “analyzed the risks to safety and security of transporting chlorine and other hazardous materials by rail and established comprehensive regulatory programs to address these risks” (pg 3). They address the safety and security issue by stating that:
“When rail shipments conform to the TSA and DOT regulations, the risks of transporting chlorine by rail are appropriately mitigated and such movements can take place without posing unnecessary safety and security risks.”
TSA also takes exception to the claim by UP that they have urged rail carriers to limit the shipping miles and HTUA exposure to TIH shipments. They note that their regulatory efforts to “enhance rail transportation security were not intended to inhibit transportation” (pg 4). They emphatically state (pg 6) that: “TSA has not urged, and its rules provide no basis for, freight railroad carriers to discontinue the transportation of such shipments.” They conclude (pg 6) that:
“Granting the petition will not enhance transportation security and safety and may have adverse unintended consequences. Future rail security and safety enhancements should be accomplished through DHS and DOT rule makings.”
DOT Opposes Petition DOT simplifies the UP petition to a single issue. They note that “the railroad is effectively seeking to avoid its common carrier obligation to quote rates to ship the material [chlorine] to certain locations (pg 2). They dismiss the safety issue by stating (pg 2) that: “Compliance with existing regulatory safeguards would appropriately mitigate the relevant risks.” The DOT response reminds STB that “only Congress, by the passage of legislation addressing the risks associated with the rail movement of PIH materials, can modify a common carrier's obligation to transport such materials” (pg 4). They then note (pg 4) that: “Congress has rejected railroads' repeated requests for the enactment of legislation that would either eliminate the railroads' common carrier obligation to transport PIH materials or cap the railroads' liability for transportation incidents involving the movement of PIH materials.” DOT concludes (pg 15) that:
“Accordingly, there is no reason for the STB to entertain pleas to avoid the basic common carrier obligation or the application of the rules designed to ensure the safe and secure fulfillment of that obligation. DOT therefore recommends that STB dismiss the UP's petition.”
My Comments on the Comments With both TSA and DOT unequivocally recommending against the approval of the UP petition, there does not seem to be much leeway for the STB to do any thing but requiring UP to provide the requested rates. To me the issue was simple, the law required UP to provide the rate quote and the STB does not have the authority to change or void that law. Only the courts can void laws and only Congress can change them. It is interesting to note that both agencies provided railroads with the potential arguments for future attacks on the requirement to transport TIH chemicals. The TSA opening is just a tiny crack that may be shut in the near future. The DOT opening, on the other hand knocked down an entire wall and installed a new door. TSA noted (pg 3) that: “In discharging its responsibilities as the lead federal agency for transportation security, TSA is developing other rulemakings to make further enhancements to rail transportation security.” This seems to contradict their earlier claim that they had established “comprehensive regulatory programs”. It’s a small opening, but an opening none the less. DOT establishes a whole new potential argument by stating (pgs 14-15) that:
“Consequently, as both a legal and a practical matter, the task of initial route selection is best left to the railroads, based on all the factors set out in the Routing Rule, and any potential modifications to a carrier's routing decisions [emphasis added] should only be made according to the regulations implementing Congressional judgment.”
This would seem to allow a railroad, in a limited number of instances, to conclude that there is no safe route available for the shipment of TIH chemicals. The argument would require extensive preparation and the manipulation of data supporting the 27 criteria outlined in the PHMSA rail routing rule. To avoid charges of collusion, the railroad in question would have to control all potential routes through the high-risk areas. It does not appear that the Federal Railroad Administration could exercise their review authority to require a railroad to use a route that the railroad deemed to be unsafe or un-secure since their authority is limited to requiring the use of an alternate route. Final Note: Today is the day that UP is supposed to file their response to all of the replies and comments submitted to the STB. While there have been a wide variety of interesting and apparently valid arguments submitted by a number of commentors, to my mind the only two that count are the DOT and TSA comments as they both undercut the basic arguments made by UP. I don’t see any way that STB can determine that these two agencies are wrong in their areas of expertise. It will be interesting to see how UP deals with this. I do not think that there is any way that UP can counteract the DOT and TSA arguments. They would also have a hard time maintaining their claim that there are other adequate sources of chlorine in face of the responses from the Chlorine Institute and various chlorine suppliers. I think that the smartest thing that UP could do in this instance would be to formally withdraw their petition and prevent the STB from ruling. This would leave the way open for potential future challenges.

Saturday, April 18, 2009

National Maritime Sec Adv Comm Meeting – 05-04-09

In Monday’s Federal Register the Coast Guard is announcing that the National Maritime Security Advisory Committee (NMSAC) will be meeting on May 4th, 2009. The day long meeting will be a combination public/closed meeting. The public agenda will be discussed in the morning. The afternoon session will be closed to allow the Committee to address classified national security issues. Written material and requests to address the Committee during the public portion of the meeting should be submitted by April 24th. According to the meeting notice the public agenda will include:
(1) “Update on Transportation Workers Identification Credential. (2) “Update on Seafarers' Access to Shore leave. (3) “Discussion of USCG 5 year review of the International Ship and Port Facility Security (ISPS) code. (5) “Discussion of Tiering Maritime Transportation Security Act (MTSA) regulated facilities. (6) “Discussion of the eNOAD process.”
The two issues of probable interest to the chemical security community will be the update on the TWIC and the facility tiering discussion. The tiering issue is discussed briefly in the TWIC Reader ANPRM (74 FR 13367), and I have covered that discussion in an earlier blog.

Friday, April 17, 2009

When do Mobile Hazmat Sources Become Facilities?

Because I have been recently writing articles for the Journal of Hazmat Transportation I have been paying more attention to regulations concerning hazmat transportation. Last week the Pipeline and Hazardous Materials Safety Administration (PHMSA) published a new Final Rule with some changes to the Hazardous Materials Regulations (HMR). One change caught my interest because of potential chemical facility security implications.

Mobile Refrigeration Systems The preamble to the Final Rule (74 FR 16136) describes mobile refrigeration systems this way:
“In the NPRM, in response to Western Growers Association (WGA) petition P-1352, we proposed to revise the HMR to provide for the transportation of large, mobile refrigeration systems used by the agricultural produce industry at field sites to help preserve freshly harvested fruit and vegetables. These refrigeration systems consist of ASME non-DOT specification pressure components with a maximum total volumetric capacity per vehicle of 2,500 gallons.”
The reason these systems are covered under the HRM is that, while in transportation to and from their field locations, they contain residual amounts of Division 2.2 refrigerant gases or anhydrous ammonia, both of which are hazardous materials under DOT regulations.

Temporary Hazmat Facilities What is interesting to me is not so much the transportation aspects of this equipment, but what happens when these systems are set up and operating. With a 2,500 gallon capacity and using anhydrous ammonia, it would appear that this equipment contains a screening threshold quantity (10,000 lbs for anhydrous ammonia) of a chemical of interest as defined in 6 CFR §27.200(b)(2). The CFATS regulations do not make separate provisions for permanent or temporary facilities.

A chemical facility is defined as “any establishment that possesses or plans to possess [emphasis added], at any relevant point in time, a quantity of a chemical substance determined by the Secretary to be potentially dangerous or that meets other risk-related criteria identified by the Department” (6 CFR §27.105). Now the typical rural location where these systems would be expected to be set up would probably ensure that the submitted Top Screen would not result in a finding by DHS that they were high-risk chemical facilities.

However, with the rapid spread of suburbia into farming areas in many parts of the country, this would not always be true. And since DHS refuses to share their criteria for the ‘high-risk chemical facility’ selection, there is no practical way for the owners of these systems to determine if a particular location would make them high-risk.

 Practically speaking it would be nearly impossible for DHS to enforce CFATS rules on these facilities. A facility has 60-days from the time they have an STQ amount of a COI on site before they must complete their Top Screen. Technically, I suppose that they would have to submit a Top Screen within 60-days of when they filled a unit on site, even if the unit was drained and moved within that 60-day limit. Practically, even if the unit were set up somewhere that made it an attractive terrorist target, it would be drained and gone before the letter arrived from DHS that the ‘facility’ was initially determined to be a ‘high-risk’ facility and an SVA required.

Why Worry About This? I would assume that the operators of these systems are not complying with the reporting requirements of the CFATS regulations. I would bet that many are not even aware of the requirements. I would also bet that none of these systems has a security plan more advanced than having locks on the drain valves. Since the largest normal threat to these refrigeration systems is pilfering of anhydrous ammonia by illicit meth manufacturers, this would typically be sufficient.

But, somewhere this next harvest season one of these units will be parked just upwind of a rural school, hospital, nursing home or a spreading suburban housing development. Or perhaps one will be deployed to a major urban area hit by a flood, tornado or hurricane to support relief operations. In any of these cases the population density could be raised to the point where the temporary site fits the description for a Tier 4 CFATS designation as a high-risk chemical facility. But, no one will know because a Top Screen will not be filed because of the rules ‘don’t apply to me’ attitude associated with this ‘low risk’, temporary facility. Finally, I doubt that this is the only type of ‘temporary’ chemical facility currently in existence.

What to Do? First off, this is not an urgent issue. Let’s get the Site Security Plans for large fixed-site high-risk chemical facilities out of the way first. Then DHS can take a look at this type of issue. First, DHS will need to establish a definition of what constitutes a ‘temporary chemical facility’. That definition needs to include a minimum and maximum time that will constitute ‘temporary’.

Below the minimum time, the facility should be considered ‘in transportation’ and covered by the 49 CFR security rules. Above the maximum time limit the facility should be treated as a regular fixed site. Temporary facilities that house Theft/Diversion or Sabotage COI should be regulated regardless of their proximity to populated areas. The current rules for Top Screens, Security Vulnerability Assessments and Site Security Plans could be adapted to be equipment oriented rather than location oriented.

The security apparatus, and registration would move with the equipment from temporary location to temporary location. Temporary facilities that contained Release COI (like anhydrous ammonia) would be regulated according to their proximity to populated areas. The guiding principal would be the number of people within the affected area of a potential catastrophic release of the COI. Below a certain number of at hazard population there would be a minimal level of security required.

There would then be a threshold established for each of the four Tier levels with different security requirements for each level. Those security standards would be established in advance so that the owner could include the cost of security into his cost calculations for site selection. High-risk chemical facilities come in all sorts of types and sizes. Now we need to start considering if they can also be temporary as well as permanent.

TWIC Requires Security

I was reading an interesting article over on SecurityManagement.com about the TWIC and complaints from unions and some in Congress that the Coast Guard had gone ahead with the TWIC deadline, but did not yet have TWIC Readers available to make full use of the security provisions of the TWIC. I almost passed the article off as complaining too little too late when I read a reader comment posted by Walt August. He wrote: “These new TWIC cards are built on the FIPS 201 standard. This is the same standard the US federal government employee ID card called the PIV uses. There is a Radio Frequency Identification (RFID) chip in the TWIC card. The federal government employees are issued a FIPS 201 approved shielded card holder when they get their card. No such holder is issued with the TWIC. Workers have to purchase their own to protect their privacy.” He then went on to plug the company that “manufactures the holders for NASA, DOT, and other agencies”, Identity Stronghold. According to the web site these holders block the radio frequency (RF) broadcast of the RFID chip in the TWIC. Of course the TWIC would have to be removed from this holder to be read by the TWIC Reader when they are deployed, but Identity Stronghold claims that this is easy to do, even one handed, with their holders. Now the TWIC does have an RFID chip that allows for remote reading of the information on the chip; that is the whole point of the TWIC. I would assume that there is a significant level of encryption of this data, but any encryption can be broken. I remember reading reports last year of a European student breaking the encryption on another type security card that used RFID technology. There have been reports of US Passport RFID encryption already having been broken. If I had paid good money for a TWIC, I would consider spending a little bit of additional money on protecting the data on that card. I’m not sure that Identity Stronghold is the company that I would buy from; I don’t have the technical information (or knowledge) to make that evaluation. It would be worth looking into. Does anyone out there know if the government or some standards organization has looked at the efficacy of these RF blocking sleeves? I doubt that Consumer Reports® has looked at these devices, but surely someone has.

Draft SSP Review – Asset Security Measures

This is another in a continuing series of blogs describing the draft SSP Template that was provided by a reader of this blog, not DHS. Just a quick reminder, this means that there might be differences between this template and the one that DHS will shortly be opening on the CSAT web site. The previous blog in the series was: Draft SSP Review – General Facility Information Draft SSP Review – Facility Operations Draft SSP Review – Facility Security Measures In the last blog I looked at the Facility Security Measures section of the Draft SSP Template. The next, largest, and potentially the most controversial portion of the template deals with questions supporting each of the 18 Risk-Based Performance Standards (RBPS). I am going to skip that portion for now for a look at the final section in the template; the Asset Security Measures. We will look at the specific RBPS in later blogs. Asset Security All of the discussion about security measures in the SSP so far has dealt with the security for the entire high-risk facility. In many instances it may be appropriate to provide the highest level of security protection to just a few areas of the facility where COI are stored, produced, loaded or unloaded; where that COI is most vulnerable. This targeted security is known as ‘asset security’ or critical asset protection’. Not all assets covered in this section will be specifically associated with a unique COI. The best example of this would be a control room; because of the access to control, safety and perhaps security systems available in this location this location could be expected to be a prime target in a terrorist attack on a chemical manufacturing facility. Asset Description The first thing that must be done in this section of the template is to identify the assets for which there will be asset specific security measures reported. It is not necessary to identify all assets associated with COI, just those that have unique security measures not previously identified in the Facility Security Measures section. Each asset will be given a unique name (34 character limit) and a description that includes a listing of the primary function of the asset. Once the asset is identified there will be a unique sub-section of the template produced for each of the listed assets. For each asset there will be another series of questions that relate to the COI present at the facility to determine if those COI are ‘associated’ with the asset. The term ‘associated’ does not necessarily mean present; a control room for example would be associated with any COI that can be controlled from that location. RBPS Identification The final portion of the asset identification process is the determination of what risk-based performance standards would apply to that particular asset. There are only four RBPS that could be identified for this section of the template: #2 – Secure Site Assets; #3 – Screening and Access Controls; #5 – Shipping, Receiving and Storage; and #6 – Theft and Diversion. Only those RBPS for which there will be an identifiable security measure need to be selected for a particular asset. As a practical matter, submitters might want to initially select all four RBPS for each asset described. Subsequently, if no questions are answered affirmatively for that particular asset in that RBPS, the facility can always de-select that RPBS. RBPS Questions Each of the four RBPS sections will have similar questions to those found in the Facility Security Measures section of the SSP Template. At the start of each RBPS in this section, the submitter will be given the option of pre-populating the section with the same answers provided in the main section of the SSP. This would be useful if the same type security measures used for the facility in general are duplicated at the asset. For example, if the asset is surrounded by the same type of fencing that forms the facility perimeter. But, an asset that does not have a barrier around it does not get ‘credit’ for the facility barrier in this section. This section is used only to describe security measures that are specifically protecting the described asset.
 
/* Use this with templates/template-twocol.html */