Monday, November 30, 2009

Transportation Security Rule

On Friday the web site noted that the Department of Transportation had sent the Pipeline and Hazardous Material Safety Administration’s (PHMSA) rule on Risk-Based Adjustment of Transportation Security Plan Requirements [PHMSA-06-25885 (HM-232F)] to the Office of Management and Budget for the final administrative review before it is published as a final rule. According to the Spring Regulatory Review noted that PHMSA had intended to publish this final rule in October but that deadline was obviously missed. The Rule I have no idea (yet) what made it into the draft of the final rule that was sent to OMB. The ANPRM was published before I started this blog, but I did report on the NPRM when it was issued in September of last year. According to the summary published in the NPRM:
“PHMSA, in consultation with the Transportation Safety [sic] Administration (TSA) of the Department of Homeland Security (DHS), is proposing to modify its current security plan requirements governing the commercial transportation of hazardous materials by air, rail, vessel, and highway. Based on an evaluation of the security threats associated with specific types and quantities of hazardous materials, the proposed rule would narrow the list of materials subject to security plan requirements and reduce associated regulatory costs and paperwork burden. The proposed rule also would clarify certain requirements related to security planning, training, and documentation and incorporate and build on recent international standards governing hazardous materials security.”
According to the NPRM the current security plan regulation (49 CFR 172.800) requires a vulnerability assessment and security plan for all shipments “that requires placarding under subpart F of part 172 of the HMR” (73 FR 52559). The NPRM recognized industry complaints that not all of those hazardous materials were at risk for a terrorist attack. The new rule produced a list that started with the United Nations Model Regulations on the Transport of Dangerous Goods (UN Recommendations) list of ‘high consequence dangerous goods’. PHMSA modified that list after conducting an analysis to determine if those chemicals would serve as a target for terrorist attack either as a release agent, a chemical that could be used to manufacture WMD, or chemicals that could be sabotaged or modified to create a chemical incident at some manufacturing facility. In addition to reducing the size of the list of covered materials, the NPRM also ‘clarified’ the requirements for the vulnerability assessment and the security plan. Among other things it required that the security assessment and security plan:
Would be in writing; Would address specific risks associated with specific routes or locations; Would identify the senior management official responsible for those documents; Would require an annual review and update; and Would require employee training for specific security duties.
Public Comments There were a large number of comments posted to the web site for the NPRM. Even though the comment period ended on November 10th last year, I was still commenting on new comments as late as December 18th with two additional comments posted even after that. The special effects community conducted a letter writing campaign objecting to the new ‘any amount’ threshold for requiring a security assessment/plan for Division 1.4 explosives instead of the old 1,000 lb floor. They fear that the expensive requirement would put a stop to their parcel shipments of small quantities of squibs and pyrotechnics used by the film and movie industries. A number of transportation companies and shippers objected to the ‘specific route’ requirements for risk assessments and security plans. The shippers objected that they would not know the routes used by the transporters. The transporters noted that truck routes were seldom fixed, but varied on various transportation requirements and traffic conditions. Moving Forward Regulatory review at the OMB can be time consuming. There are three other DOT rules currently being reviewed by OMB. They are (with date of referral)
Positive Train Control (10/23/2009); Enhancing Airline Passenger Protections (10/29/2009); and Hazardous Materials: Revisions to Requirements for the Transportation of Lithium Batteries (09/11/2009)
Once OMB approves the rule, barring the requirement of extensive re-writing, the rule should be published in the Federal Register. This will probably not happen until after the first of the year.

Wednesday, November 25, 2009


There is an interesting article over at C&EN at about inherently safer technology. C&EN is the weekly news magazine of the American Chemical Society. The editorial outlines the ACS position on the ICS provisions of HR 2868. ACS was another organization that openly proclaimed that they were working with Congress on HR 2868 to make it more acceptable to the chemical industry, a stance that many in the industry complained about according to the article. While the editorial is worth reading in it’s own light, the real reason that I point it out here is that how I found the article is more interesting still. I found the link to the piece on the Joe’s Blog page of the SOCMA web site. There is probably no bigger contrast in the public opposition to IST in the industry than between the approaches of SOCMA and ACS, yet the link is there. If we can get the discussion going within the industry, then maybe we can get an IST provision in the final bill that the industry can support, or at least not actively oppose. Then we can move on to helping DHS and EPA write good regulations implementing the legislation. BTW: Thanks Joe (and Bill) for updating the link to my blog on your page. It means a great deal to me.

Cyber Forensics Basics

As usual, Joe Weiss writing at Control provides some thoughtful contributions to the cyber security debate. Earlier this week he had a brief posting about the topic of cyber forensics that is well worth reading. For readers of this blog that are not control system cognoscenti a better understanding of Joe’s comments will require another brief session of Control System 101. Process Forensics Computer based control systems have evolved over time and a large part of that evolution has been driven by the memory available in those computers. As available memory has increased over time, so has the complexity of the instructions, the number of devices controlled and the amount of information retained in the system. With the first computer control system that I worked with we could go back and query the system and obtain information about weights, temperature and pressure at any point in the process for a particular manufacturing batch as long as we did it before the next batch was started; the memory had to be cleared before the next process could begin. This information was an important tool in diagnosing process upsets. The next system that was installed at the facility provided that same information to a data historian, a separate computer program that recorded the information in a data base that could be accessed for a much longer time. This increased the utility of the information, but it was still restricted to measurement data; it provided no data on the inputs to the processing system that affected the system. You could, for example, tell that a batch temperature increased, but you could not tell why. Was it because a steam valve was left open too long? Or, was it because an undesirable side reaction was taking place? The information provided could tell us what went wrong, but not why. The next computer upgrade provided significantly more memory and allowed us to begin to tie operating controls into the system in a new way; we could begin to tie control device status into the data historian. This meant that we could track when valves opened and closed; or it did when we replaced the existing valves with more complex (read expensive) ones that had the capability to communicate their status to the control systems. This was the introduction of smart controls in our facility. The next software upgrade allowed us to track the operator commands used to control the system. We could then track when an operator told the steam valve to close, when it started to respond and when that valve was completely closed. This allowed us to gain finer control over batch quality as the time lag between command and operation affected key parameters of the process. All of the above deal with process forensics, being able to go back and look at what occurred during the manufacturing process that caused the product to turn out the way that it did. Process forensics are a critical tool for the process engineer or process chemist to diagnose process upsets and to make the manufacturing process more efficient. Cyber Forensics Cyber forensics is the next step in the industrial control system development process. As process automation allows for more and more computer decision making in the manufacturing process it becomes important to be able to analyze how that control is executed. Ideally the systems engineer will need to know what inputs the computer received from smart devices, the instructions/commands received from outside of the computer, and what instructions/commands the computer actually executed. Unfortunately, we are still at the equivalent of the “weights, temperature and pressure” stage of cyber forensics. Until systems engineers have tools similar to what are currently available to process engineers, they will have to make semi-educated guesses about root causes for control systems failures. And that makes it very difficult to differentiate between an internal system error, a system-system interaction error, a system-human interaction error, and a cyber attack.

Reader Comment – 11-24-09 SOCMA vs ACC

Anonymous chimed in on the political efficacy discussion with the following comment:
“As someone directly involved in the HR 2868 process, I can say unequivocally that ACC was substantively and extensively involved in the Energy and Commerce Committee negotiations. They served their member companies well by engaging early and thoughtfully, and significant changes were made both to the citizen suits, IST, and employee participation provisions as a result. SOCMA was not nearly as involved, and did not have nearly the impact on the final product as a result. Your initial observation was correct.”
Comment on Anonymity Now it sounds like this is the Anonymous that has provided previous comments on the negotiation process on HR 2868 in the Energy and Commerce Committee, but it is impossible to know for sure. This is the problem with the use of that Nome de Plume; we don’t know who is providing the information so we cannot accurately assess the accuracy of the data provided. As always, I understand the need for anonymity for any number of people providing information to this blog. But the ‘Anonymous’ tag does compromise the utility of the information provided, particularly when there is controversy involved. If people were to at least use some unique name for their anonymous posts, we could assess the accuracy of their information over time and apply appropriate weight to their contribution to the debate. Alternatively one cold email me directly with the information so that I could vouch for the source, if not necessarily the accuracy. One final point on ‘anonymous’, I will not stop a comment posting because it is labeled as coming from ‘Anonymous’. Ultimately, I would rather have the contribution than not. I will, however, periodically remind readers of the problems associated with that tag. Relative Contributions Not withstanding my earlier comments that initiated this discussion, one would expect that the ACC would have more impact on chemical legislation than SOCMA. It is a much larger organization, representing (among others) some of the largest chemical facilities in the country. In the political process size does matter with more than a little justification. In a representative republic such as ours, it would seem reasonable that an organization representing more people would have more weight in the discussion. My comments were directed at the efficacy of tactics not organizational size. I believe that the public stance of SOCMA has been more confrontational than cooperative. If SOCMA has been more cooperative behind the scenes, that is great. Again, in my opinion, I think that this legislation is too important for confrontation to be the ruling mode of operation. I believe that both sides are better served by a clear recognition of the points of view of all involved and that requires discussion not confrontation.

Tuesday, November 24, 2009

Reader Comment – 11-23-09 – SOCMA Reply

It did not take long for William Almond, a Vice-President for SOCMA, to reply to yesterday’s blog about the efficacy of their recent efforts to block the passage of HR 2868. Since legislative liaison is one of his responsibilities with SOCMA, his comments are well worth reading. Bill’s comments are too lengthy to be totally reproduced here, but they are available at the end of yesterdays post and should be read by anyone interested in the politics of chemical security or HR 2868 in particular. Political Efficacy Bill did write, in the beginning of his response, that:
“The fact that any Democrats voted against HR 2868 was a welcomed development. You are the only one that I know of who seemed to think that it wasn't particularly surprisingly. If SOCMA had members in all 21 Democratic districts, perhaps our success rate would have been higher. But we are quite pleased with our ability to utilize our grassroots to help swing votes in districts where we do have members [emphasis added]. We don't have members in all 21 districts that voted against HR 2868, so, of course, we can't make a case that we helped impact the vote for the other districts.”
No, I wasn’t surprised that there were Democrats that voted against the bill. The chemical industry is large (very large when you define chemical facilities the way that CFATS does) and employees large numbers of people around the country. The chemical industry has done a good job of making their opposition to HR 2868 well known, especially its potential impact on jobs. Right now jobs are a pretty big issue. The Democratic Party has seldom been able to muster total control of their legislators on any measures other than those at the very core beliefs of their members. Chemical Facility Security has never been that high a priority for the House Leadership. With more than enough votes to pass the bill, there was no major effort to maintain a party line vote on this measure outside of the two committees drafting the legislation. I will admit that I did not take into account the number districts that were involved in the grassroots lobbying effort when I calculated the efficacy of the SOCMA effort; that number was not available in the article that I was looking at and was not mentioned in Bill’s response. That number would certainly give a better analysis of the efficacy of that effort. If 20 representatives had been targeted and 2 changed their votes, that would have given some heart to the other participants in the program. But, then again, that wasn’t what the article was bragging about; it bragged about the changing of two votes. As I was pointing out, changing two votes out of more than two hundred was not particularly impressive, especially since a total of 40 Democratic votes were needed to change the outcome. Bill does make the point that the “fact that Democrats voted against HR 2868 gives us momentum going into the Senate”. I’m not sure that I agree with that political calculus, particularly in regards to grassroot efforts like the one mentioned in the referenced article. Grassroot efforts by smaller organizations, businesses or political interest groups, do not have as much sway in Senate campaigns as they do in House races; too many votes and too much money to run a campaign. That, of course, changes in very close races, especially if the targeted member is influential. If SOCMA has a couple of member facilities in Nevada, for instance, their talking to Sen. Reid may be more effective than pressuring a Senator that road into office on President Obama’s coat tails and won’t be up for re-election for five more years. Political Strategy One of the things that has concerned me about SOCMA’s campaign against HR 2868 (and the Greenpeace campaign in favor of the bill) is that, publicly at least it has been an all or nothing effort. SOCMA has been very vocal in support of a straight re-authorization of §550. They have been equally adamant in their opposition to HR 2868 with special attention against IST and Citizen Suits. While I understand their position, and in fact agree with large portions of it, I am also aware that politics is the art of the achievable. In the current world, there is no way that Congress is going to re-authorize CFATS as it stands today. There are just too many dangerous holes in the coverage of that program and almost no protections of legitimate worker’s rights. What industry needs to do is look at the provisions of HR 2868 that offend them, and there were certainly some doozies included in the original draft, and find a way to make them practical. One example is the changes made to the citizen suit provisions. This is one of the areas where ACC has taken some credit (which has been acknowledged publicly in committee and on the floor of the House) for helping to get rid of some potentially disastrous language. Bill takes me to task for not acknowledging SOCMA’s contribution to this change; saying “It goes without saying that we have achieved much more than you have selectively pointed out in your blog that, because it hasn't been publicly reported, you are unaware of.” Everyone who has followed this bill in the news knows that SOCMA has been vocally opposed to this language, but I have seen nothing in the press that SOCMA has been working with the committees to achieve modification of the language. If SOCMA has been working behind the scenes to get these changes made, bully for them. But, I can only report on what I see in the press and on the net. I am not an investigative reporter with personal contacts on the Hill. If SOCMA wants public credit for their work behind the scenes, they need to let the press (including bloggers like myself) know about that work (which of course, Bill has just done). LATE NOTE: I just got additional confirmation of that work by a long term reader who was involved in the process. There may be more on that in a later blog. Highlighting SOCMA To Bill’s credit, he doesn’t make much of my attention to SOCMA over other industry organizations. I do pay more attention to what SOCMA does than any number of the other pro-industry groups. The reason for that is that SOCMA represents that portion of the chemical industry where I spent my chemistry career, the smaller specialty chemical manufacturers. I understand their concerns, limitations, and motivations on a personal level that I cannot feel for the major refiners or the large commodity chemical manufacturers. I have friends and neighbors that still work in that industry. I want the industry to survive and thrive. So I suppose that Bill and I will be having more of these discussions in the future. BTW: On a personal note, Bill, can you get Joe to change the link to my blog on his web site; I haven’t been on AOL for over a year now. I left numerous messages on the site, but have gotten no response. He was one of the first in the industry to post a link to this blog on his site and that means a bunch to me.

2010 Chemical Sector Security Summit

Yesterday DHS put up a new web page on their site announcing that the 2010 Chemical Security Summit will be held on July 7th and 8th in Baltimore, MD. This will be the fourth such summit held by DHS, marking the three years since the CFATS regulations went into force in 2007. The only registration information available at this time is the fact that there will be no fee required for registration. While the agenda has yet to be set, there will certainly be presentations by a variety of government agencies about the current status of their programs that affect chemical facility security issues. Of particular interest at this summit will be the upcoming changes in the CFATS regulations because of the probable enactment of HR 2868 or similar legislation that will make the CFATS permanent. Additionally, the ammonium nitrate regulations should be finalized (or nearly so) by that date, so there should be valuable insights to be gained about that program. To keep updated on further developments on the 2010 Chemical Security Summit you can sign up for email updates from or you can simply continue to watch this site. As more information becomes available I’ll certainly cover it here. Additionally, the link for the 2010 Chemical Security Summit is now included on the Chemical Security landing page. Surprisingly it did not make it to the new Critical Infrastructure Protection landing page. This surprises me because the host for the summit is the Chemical Sector-Specific Agency, a key component of the Infrastructure Protection team at DHS.

Monday, November 23, 2009

Reader Comment – 11-22-09 – Chlorine Cylinders

I had an interesting comment from Edward posted to an earlier blog, but he was addressing our anonymous engineer from New Zealand. Edward wrote (in part):
“The issue with the Chlorine is theft, and not a volumetric release so the factors used would be the inherent security of the facility, its proximity areas of consequence (towns, built up areas other infrastructure etc) and climactic conditions like the prevailing winds. While I cannot speak for DHS at all, I have not seen a facility with chlorine 1 ton cylinders as a COI in rural areas listed as Tier 1 or 2. My questions include: Where is your facility being built? Are there plans to continue to build around it? What populations concentrations exist and how far away are they? There are many other questions, but they border on CVI, so they are best left out.”
Theft vs Release Edward makes an interesting point about chlorine (and a number of other COI as well), it actually falls under multiple categories; it is a Release Toxic COI and a Theft Weapons of Mass Effect (WME) COI with separate a STQ for each (2,500 lbs and 500 lbs respectively). Edward does make a common mistake however. While a single ‘1 ton’ cylinder certainly does not hold a toxic release STQ, two such cylinders certainly do. DHS in their Top Screen requires facilities to report total inventory on site, so a facility with 16 ‘1 ton’ cylinders would be require response under both theft and release for the SSP. Actually, the bulk of Edward’s comment reflects considerations for the chlorine in the release toxic mode, rather than the theft mode. He makes a very good point, however in noting that the number of cylinders or pounds of chlorine for that matter would never be the sole factor in determining the risk tier of a facility. That is why DHS does not make a final tiering decision until the SVA is submitted. Covered Water Treatment Facilities Edward opened his comments by writing that “I have several clients that use chlorine for water treatment and their Tier rating varies dependent upon many other factors than just number of cylinders.” Now CFATS does not currently cover water treatment or waste water treatment facilities that are covered by specific EPA regulations, so Edward is obviously not talking about those types of water treatment facilities. But, having worked for a company that manufactured water treating chemicals, I am well aware that there is an awful lot of water treating going on in this country that does not meet the requirements of those particular exemptions. DHS vs EPA One last point I want to make; when we talk about security requirements for drinking water treatment facilities and waste water treatment works, it does not currently look like DHS will be making those tiering decisions when HR 2868 (or a similar Senate bill yet to be introduced) becomes law. The EPA will get to write those rules. While the Administrator is probably going to be required to ‘consult with’ DHS, it will still be EPA rules that will determine water facility rankings. Since COI are not the only concern at these facilities, a drinking water treatment facility could conceivably be ranked at Tier 1 without the presence of any COI; though I would only possibly expect that with the largest drinking water facilities. In any case, thanks for the participation Edward. NOTE to Readers You’ll notice that I try to address substantive reader comments in ‘Reader Comment’ blogs. The reason is that few readers will be going back to an August blog posting just to look for reader comments (as was done in this case). But I do have a number of people who find this site through search engines linking them to posts on specific issues. Since I am now moderating comments (approving them before they make it to the site), I can make sure that the comments made to even the oldest posts get the attention they deserve. Readers can continue the conversation by responding to the comment in the original posting (as Edward did) or to my newer ‘Reader Comment’ posting. If you are actually replying to the comment it might be better to reply at the original posting in case the initial commentor is watching that posting for comments. If you are responding to my comments, responding to the ‘Reader Comment’ blog may be more appropriate. I’ll try to ensure that these comments get tied back to the earlier posting.

2010 Methyl Bromide

The Environmental Protection Agency announced in today’s Federal Register their proposed allocations for the production and use of methyl bromide for 2010. The use and production of methyl bromide was supposed to have been completely phased out by 2005 under the Montreal Protocol on Substances that Deplete the Ozone Layer (Montreal Protocol), as implemented by 40 CFR part 82, subpart A. Year-by-year extensions have been granted because of critical uses of methyl bromide as a fumigant/insecticide that have no reasonable substitute. This rule proposes to allocate the already approved amounts for use, production and import of methyl bromide for next year. While this is a serious issue strictly from an environmental point of view, it also has some implications for the chemical security community. Methyl bromide is an odorless, colorless, toxic gas. As such one would assume that it would be a DHS chemical of interest under CFATS, but one would be mistaken. It was removed from the list of proposed COI when the final version of Appendix A was published in November 2007 because methyl bromide and chloropicrin were being phased out under the Montreal Protocol. This current proposed rule would authorize (74 FR 61085) the use of 3,263 tons of methyl bromide in 2010 with production and or import of 759 tons being authorized. This, of course, implies that there is more than 2,500 tons of the material currently being stored in the United States. The rule also mentions authorizing continued usage of methyl bromide for 2011 is already being considered. As I have noted on previous occasions, it is probably time that DHS reconsiders its decision not to include methyl bromide and chloropicrin in their list of COI in Appendix A.

Political Efficiency

I ran into a brief interesting piece on about the efficacy lobbying effort that went on leading up to the House vote on HR 2868. It notes that Socma (sic) Connect targeted some members of Congress with a letter writing campaign to gain their support. Only two targeted members were identified in the piece, Berry (D, AR) and Ross (D, AR), both of whom voted against passage. Apparently the other 19 Democrats who voted against the bill, did so without outside assistance. This means that SOCMA Connect only converted 2 of the needed 21 additional Democrats necessary to defeat HR 2868. Even by baseball stats (batting average of 95) standards this is a very poor political performance. Statistically, given the same performance in the Senate, they will not be able to change enough votes to stop the bill from coming to the floor for a vote, much less stop passage. Perhaps SOCMA needs to concentrate more of their efforts on the amendment process to make specific provisions more workable. This has been the tact taken by the American Chemistry Council. That revision process resulted in changes to the Citizen Suit procedures that still allowed for citizen action without making facilities face the prospect of frivolous law suits.

DHS CSAT FAQ Page Update – 11-20-09

Last week DHS added four new questions to their CSAT Frequently Asked Questions (FAQ) web page. One question was already addressed here last week; the other questions were: 1648: How does a SSP user navigate through the SSP Tool? How are answers to questions saved in the SSP Tool? 1650: What happens after a facility submits its Site Security Plan (SSP)? 1651: How do I start an SSP? After Initial SSP Submission As more and more facilities complete the submission of their SSP the inevitable question is what happens next; that is answered in the response to question 1650. Once DHS receives the submission they will review the submission. The first review is largely automated; a check to see if all of the appropriate questions have been answered for all of the COI listed in the notification letter. Then a number of subject matter experts will review the details of the submission to see if the plan meets all of the requirements of 6 CFR 27.225. If all of the issues are adequately addressed, DHS will issue a ‘Letter of Authorization’ that ‘authorizes’ the facility to proceed with the implementation of the Site Security Plan outlined in their submission. DHS will then schedule a site inspection to determine if the facility is in compliance with their SSP. The inspectors will look at the existing and planned security procedures that are detailed in the submission to ensure their adequacy in meeting the risk-based performance standards outlined in the regulations. DHS has told Congress that they expect to start the inspections in December with priority being given to the Tier 1 facilities that were required to submit their SSP’s earlier this fall. If the facility’s SSP submission is inadequate, DHS has two different approaches that it can take. If the facility appears to be on the right track, but has some issues with its submission DHS will send the facility a guidance letter that outlines specific things that are missing or need clarification with the facility submission. Provisions are made for additional consultation with DHS to correct these deficiencies. As part of that consultation the facility might consider asking for courtesy inspection where an inspector will visit the facility to look at the facility’s situation and security measures. This visit will not be considered to be the SSP inspection. If the facility’s SSP submission is completely inadequate DHS may formally disapprove the SSP. The letter making that notification will outline the deficiencies in the SSP. Instructions on how to proceed and a new deadline for correcting those deficiencies will be included. Facilities should keep in mind that the Secretary has the authority to seek civil sanctions on non-compliant facilities including issuing a cease operations order until the facility is in compliance. One would assume that those options would be outlined in the notification of disapproval. SSP CSAT Tool Both of the other questions deal with the actual operations of the SSP tool. Facilities that have yet to start their SSP submission should read these two responses to reinforce the instructions provided in the SSP on-line instructions manual and the initial notification letter. The brief responses will not be an adequate substitute for reading the actual instructions, but do serve to re-enforce some key points.

Friday, November 20, 2009

CSAT FAQ #1649

For the last year or so I have typically been reporting on new and updated DHS CSAT Frequently Asked Question (FAQ) on a weekly basis. These are not usually urgent and it takes up too much time and effort to report on each and every FAQ change as it is posted. I do, however, review them every morning because from time to time one comes up that may appear to require quicker reporting. Yesterday, DHS posted such a new FAQ: 1649 How do I request an extension of my facility’s Top-Screen, SVA or SSP filing deadline? Actually, the question does not appear to time critical, but the response indicates a potential problem with DHS receiving these requests. The response states: “A request for an extension must be submitted to DHS in writing by USPS or delivery service. DO NOT FAX your extension request to the CSAT Help Desk.” The emphasis was added by DHS, not here at the blog. I can think of a number of legal reasons that DHS might require an original document with signature, but I also know, from long experience, that things sent by fax to not always get to the recipient in a timely manner or they get garbled in transmission. BTW: CVI rules do allow for transmission of CVI by fax, but they do require prior coordination with the receiver to ensure that a CVI authorized user with need to know is on the receiving end of the fax transmission to ensure that appropriate security measures are put into place to protect the document upon its receipt. In any case; when DHS shouts at us with CAPS in their fax, I assume that they are especially concerned that the message is important. So please, do not fax your extension requests to the CSAT Help Desk.

Thursday, November 19, 2009

New DHS CIKR Website

There has been a wide variety of discussion (see for example) over the last couple of days about Secretary Napolitano’s recent meeting with “private sector leaders to discuss critical infrastructure security”. She emphasized that the national approach to critical infrastructure security was built around a public-private partnership based on “promoting vigilance, preparedness and risk reduction”. The DHS press release also mentioned the opening of a new web page for critical infrastructure protection. There isn’t really much new information on this page, but it does serve as a pretty decent landing page for infrastructure protection. There are three links to chemical security pages, (chemical security, CVI training, and CSAT). There is also links for transportation and maritime security that may be of interest to the chemical facility security community. Unfortunately, this set of links is not nearly as comprehensive as I would have hoped. A glaring omission is the lack of a links to legal documents that affect infrastructure protection; I would have added the Laws & Regulation page from Counterterrorism. This should certainly be on the landing page. I disagreed with the selection of pages that was listed for the representation of the chemical security program. Instead of the chemicals security page listed, I would used the Chemical Security landing page for counterterrorism. This provides a link to the page given as well as four other sources of chemical security information. Since not all chemical facilities (by a huge percentage) are covered under CFATS, I would have also added a link to the VCAT (Voluntary Chemical Assessment Tool), if I could find one. The best I have been able to find is a brief reference on the MTI page and a link to a video presentation. One last complaint; there is no date reference on the bottom of the page to allow serious surfers, like me, to tell if there have been any recent changes on the page. Still, even with my nit-picking complaints, I still think this IP landing page is another example of DHS trying to use the internet to ensure that they communicate with their served community. Good job; just keep trying to improve.

Academic Lab Security

In an earlier blog posting, while I discussed the proposed amendment to HR 2868 that would provide special treatment for academic labs, I mentioned an email from a reader who was upset about the American Chemical Society support for that amendment. The same reader, who wishes to remain anonymous to avoid professional conflicts, sent me another email on the subject after reading a recent piece in C&ENews about that ‘important’ addition to HR 2868. He makes the following point: “While indeed it is obvious what you said before about the STQs in academic labs deserving the same level of security. The fact that smaller quantities of hazardous substances would not be just as vulnerable as bulk quantities I think has firmly been proven wrong what with the incident in Denver, CO which did indeed involve a small quantity of a chemical of interest.” The reader, of course, refers to the purchase of small commercial quantities of hydrogen peroxide solution by a suspected terrorist at Denver area beauty supply stores for the alleged production of backpack explosives. While most of the public focus on CFATS has centered on large quantities of dangerous chemicals like chlorine gas, those regulations also look to regulate facilities that maintain smaller inventories of chemicals that can be stolen and used by terrorists to make improvised explosive devices (IED) or very deadly chemical warfare type chemicals.
NOTE: The hydrogen peroxide solutions involved in the Denver ‘incident’ were too dilute to be covered by the CFATS regulations. Whether or not this was a reasonable distinction in setting up Appendix A requirements will be left for a discussion in a future blog.
There may be some university labs that are covered under CFATS because of bulk inventories of Release COI (inventories typically in excess of 10,000 lbs), but most will be covered because of their smaller inventories of Theft/Diversion COI. Those inventories range from 2,000 lbs for some ammonium nitrate concentrations to 100g for actual CW gasses. According Rep. Olson (R, TX) during the floor debate on the amendment (Congressional Record, 11-6-09, pg H12529), there are 99 academic facilities that are currently high-risk facilities under CFATS and 23 of them fall in either Tier 1 or Tier 2. One Size Fits All Myth During the House floor debate of the Foster/Lujan Amendment Rep. Foster (D, IL) makes the statement that: “One-size-fits-all safety regulations only create more paperwork, more bureaucracy and more confusion without necessarily making us safer” (CR pg H12528). He is, of course, correct. This is one of the reasons that Congress, when they authorized CFATS, prohibited the Secretary from specifying any particular security measure as a pre-condition for approval of site security plans. The CFATS regulations are hardly a one-size-fits-all system. What it does do, however, is to assess the risk to the facility, the community and the country from a potential terrorist attack on a chemical facility. It established a very limited list of chemicals of interest that it would consider to be indicators of potential risk of terrorist attack and established a risk-based inventory level for those chemicals that would trigger an initial reporting requirement under the CFATS regulations. There is only a single, on-line form used to report that initial data, the Top Screen tool on CSAT. The Top Screen provides for filing information on the facility location and description, but the bulk of the questions deal with the inventory of selected chemicals that the facility has on hand. Academic institutions objected to this because it would require them to conduct actual inventories of chemicals that they had at their facility. Similarly, there is only a single SVA tool and a single SSP tool in CSAT. But, once again, these are only questionnaires asking questions about a facility’s security situation. Not all of the questions apply to every facility. In most cases a facility is not even required to respond to the questions that are not applicable, the default answer is that it does not apply or exist. There was no way that DHS could develop facility specific questions, not with 30,000+ facilities potentially being covered by the CFATS regulations. Alternative Security Plans DHS and Congress realized early on that there was no way that the CFATS program could adequately address all of the industry specific situations in their development of the facility security rules. DHS in their first draft of the CFATS regulations allowed as how they would favorably consider industry specific security plans; industry could develop security procedures that adhered to the principals set out by the Center for Chemical Process Safety and DHS would take cognizance of those procedures when they evaluated SVA’s and SSP’s. The Academic Community quickly asked DHS to develop an alternative security plan (ASP) for academic laboratories. DHS explained that they had neither the time, the manpower, nor the expertise to set up a plan specific to academic labs. They recommended that academia set up a committee to come up with their consensus standards. Academia demurred; it wasn’t their responsibility to be concerned with security. Security interfered with academic freedom; DHS should be responsible for that interference. The Coyle Academic Lab Security ASP Since neither DHS nor academia is interested in establishing an ASP for Academic Facilities, I will undertake the immense effort to do so; reader responses, questions and suggestions are welcome. The following is a general outline of the Coyle Academic Lab ASP (CAL ASP). Details will be developed in future blogs. Applicability: The following standards will only apply to academic labs with STQ amounts of theft/diversion COI (TDCOI) as defined in Appendix A to 6 CFR part 27. Facilities with STQ inventories of release COI or sabotage COI will not be covered under this ASP. General Requirements: The facility management will be responsible for ensuring that unaccompanied access to storage areas for TDCOI will be limited to qualified and vetted personnel. Personnel authorized unaccompanied access will be vetted in accordance with the DHS Risk-Based Performance Standards Guidance Document, RBPS #12. Facility Definition: TDCOI will only be stored in secured chemical storage facilities (SCSF); the SCSF will be the covered facility under CFATS regulations. TDCOI in excess of STQ quantities used in experiments in labs will be closely controlled by qualified and vetted personnel. When the lab is not in actual operation under such supervision, TDCOI will be returned to the secured chemical storage facility. Exceptions will be allowed for labs that meet the security requirements of SCSF. Security Requirements: TDCOI will be stored in locked containers within a high-security room within the SCSF. Entrances to the SCSF, the high-security room, and the individual locked containers will be monitored by video and at least one other intrusion detection device at all times. Monitoring will be done by Campus Security or Local Law Enforcement, as appropriate. Emergency Response Requirements: Campus Security, and all other emergency response personnel who are expected to respond to incidents at SCSF will be fully trained in the chemical and security hazards associated with the TDCOI stored in the SCSF. All potentially unauthorized access events will be reported immediately to local law enforcement and will be investigated by appropriate security personnel. All confirmed intrusions will be immediately reported to the FBI.

Wednesday, November 18, 2009


I just don’t get back to check the DHS CERT Control Systems Security Program (CSSP) web page often enough. I checked it today and found that last week they announced the official launch of the Industrial Control System Cyber Emergency Response Team (ICS-CERT) coordination center in Idaho Falls, ID. Now the ICS-CERT have been operational since early this year, but their coordination center is now up and running. The brief article on the ICS-CERT contains a link to a two-page brochure about the ICS-CERT. It describes their mission and genearl capabilities. Probably the most valuable item in the brochure, however, is the ICS-CERT contact information. I’ll reproduce that whole section here.
“CSSP and ICS-CERT encourage you to report suspicious cyber activity, incidents and vulnerabilities affecting critical infrastructure control systems. Online reporting forms are available at You can also submit reports via one of the following methods: “ICS-CERT Watch Floor: 1-877-776-7585 “ICS related cyber activity: “General cyber activity: “Phone: 1-888-282-0870”
I certainly recommend that anyone that has an ICS cyber incident to immediately contact ICS-CERT. Even if the result of that particular incident seems relatively innocuous, it should still be reported. The intelligence and counter-intelligence portion of the ICS-CERT mission is very important and requires these inputs to be effective. Near-miss or ‘cyber-scouting’ incident reporting can be important in preventing serious incidents.

Automated Safety Systems and Security

Yesterday, after I made my posting here about automated safety systems and their applicability as security systems, I posted a question on the same subject over on the security discussion board. While that site hasn’t been too active of late, I thought that it might be a good place to get feed back from control system professionals. The question posted was: “Is anyone using an existing automated safety system as a documented mitigation technique as part of a facility security plan?” I was pleasantly surprised to get two quick responses to the question. Actually neither was a direct response to the question, but were supportive of the idea. Both the response from Walt Boyes (Editor at Control and at and fenton2 (a regular contributor at that site) are worth reading. If there are any readers here that would be interested in joining that discussion feel free to post your responses at the site, I’ll make sure that such postings get cross coverage here. Readers preferring to post their response here, will of course be appreciated.

Tuesday, November 17, 2009

Comingling Safety and Control Systems

There is an interesting blog post by Joe Weiss over at about concerns in the regulatory community about the comingling of control systems and safety systems. To understand the concern we need to do a little instructional backgrounder here as part of Industrial Control Systems 101. Industrial Control Systems 101 In a chemical facility an industrial control system (ICS) may be used to control a chemical process. An operator typically uses a computer to monitor process conditions (weights, temperatures, pressures, etc) and control process equipment (valves, pumps, etc). These systems can be fairly simple with all process decisions and actions being controlled by the human operator or more complex with active computer controls of multiple process parameters. A safety system is a system used to protect process equipment, personnel and/or the environment from unsafe process upsets. These can be straight mechanical systems like pressure relief valves or they can be automated systems where there is, at a minimum, a sensor, an actuator and a controller between the two. The sensor is used to detect an impending process upset, the controller receives the signal from the sensor and directs one or more actuators to take action to prevent that upset. You may have a chemical process where heat is used to drive a reaction to completion. There will be optimum process temperature conditions that the operator will use a control system to maintain; too low a temp and the process will be inefficient; too high a temp and there will be quality issues with the product. The ICS will be used to manipulate heating and cooling to maintain the process within that optimum temperature range. The same process may have a temperature above the optimum temperature range where an unsafe chemical reaction can take place; an auto-ignition temperature for example. A safety system would be in place to automatically turn off heating and start cooling if the process temperature gets within a pre-set limit of that unsafe temperature. Now the ICS should never allow the temperature to approach that unsafe condition because it is beyond the optimum temperature range. But the safety system is put into place because there is always the possibility that there could be a failure in the ICS, a human error, or some other problem that allows the temperature to rise to an unsafe level. It would seem obvious that one would want to make sure that a failure in the ICS that would allow an unsafe temperature rise would not affect the safety system. This is one of the reasons that in the ‘good ole days’ safety systems were designed as stand alone systems with their own sensors, controllers and actuators. The power systems were even separate with battery back up systems for the safety systems where electric systems were used. As both safety systems and control systems became more complex it became easier to justify the linkage of parts of these two systems. Sensors became more robust with very low failure rates and multiple sensors were being used in any case, so why not use the same sensor array for both systems. As systems became more complex it became harder to physically fit in separately actuated systems that accomplished the same thing so common controls were used in both systems. Finally, as the programming of the control system became more complex and interactive it became easier to justify putting the safety system controller on the same computer system as the ICS. Unfortunately, with the mergers of these two systems it becomes easier to posit a single system failure that could affect both systems. Some systems engineers feel that the new system failure rate is lower than the rate of double failures in the old systems so the combination of the two systems is justified as being safer than the old separate systems. This is certainly true, but two systems with modern low failure rates would be safer still. Safety Systems as Security Systems This discussion would not seem to be germane to the discussion of security at high-risk chemical facilities, until one realizes that safety systems are actually the final line of defense against a cyber attack on the facility control system. In addition to protecting against a failure in the ICS they would also prevent catastrophic consequences from a deliberate misuse of that system. Using the example in the ICS 101 discussion above, suppose a terrorist gained control of the ICS either through corrupting an operator or via a cyber attack on the control system computer. Changing the high temperature limits of the control system could allow the system temperature to rise to the auto-ignition temperature, causing a catastrophic fire in the facility equipment. An old-style safety system would prevent that occurrence and stymie the terrorist attack. In other words, an existing old-style stand-alone safety system could be considered to be a security measure. No added cost or complexity, just another layer in the protective shield around the facility. But, that would only be true if the safety system were maintained as a separate system from the ICS. A safety system that is tied into the ICS would be subject to the same attack and would not prevent the catastrophic consequences of the attack.

Monday, November 16, 2009

Reader Comment – 11-15-09 Water Tiering

An anonymous engineer from New Zealand had a question about the potential tier ranking of a water treatment facility that he is working on the design for. He posted the question to one my blogs about HR 3258. Its an interesting question and one that will have to be asked in a lot of facility design operations. So let’s take a stab at giving some sort of answer. Disclaimers We need to start this theoretical discussion with lots of disclaimers. First off, DHS (and likely EPA will follow suit) has been very reluctant to talk about the methodology it uses to rank the security risk for chemical facilities. Without filing an actual Top Screen for the facility, your not going to get a firm answer from anyone. I’m not sure that DHS has developed an internal procedure for dealing with facilities in development. More importantly for water facilities there will be additional complicating factors. First, HR 2868 has not yet been signed into law so numbers of changes can still be made to that legislation. Next EPA will have two years to write their regulations implementing the law. As currently written the EPA is required to ‘consult with’ DHS in establishing their chemical security rules, but that leaves a lot of leeway. Finally, since our NZ Engineer specifically asked about Tier 1 and 2 rankings, I’m going to guess that he was concerned about IST complications. Since that decision, as the bill is currently written, will be made by State agencies, that will be tougher still. I would bet that states like California and New Jersey may be more likely to require IST implementation, but that is a somewhat educated guess, not a prediction. Disinfectant Decisions One of the first decisions that must be made for a water treatment facility is the determination of the disinfection technique that will be used at the facility. I am not qualified to weigh in on the actual decision, but I can offer this; do a detailed assessment of all of the alternatives and do a formal documentation of that assessment. That assessment will form an invaluable starting point for future assessments, Remember to include the costs of security and safety in the assessment. All drinking Water facilities that serve more than 3300 will come under the new federal security rules regardless of what chemicals they use for disinfection. This means that some of the security costs will be there regardless of the chemicals used. Chlorine Gas To get an idea of the tiering for a chlorine gas facility you are going to have to identify the number of people affected by a terrorist related release of chlorine gas. DHS would require you to use the total amount of chlorine on-site for making this determination. The EPA RMP would use the amount in the largest container, but I would guess that for security the EPA will go with the DHS technique. DHS does use the EPA RMP*Comp online tool to calculate the ‘distance of concern’ for a toxic chemical release. Select chlorine gas and enter the maximum on-site inventory to get that distance. Then draw a circle with that radius centered on the facility. Then determine the maximum number of people in that circle during a normal work day. DHS uses both residents and people working in the area in this calculation. The larger the number the more likely the facility is to be a Tier 1 or Tier 2 facility. Security Costs There are two types of security costs that you are going to face when you employ a toxic chemical like chlorine gas. First you need to isolate the storage from the attacker, and then you need to provide mitigation measures to deal with a successful attack. First you are going to have to have a perimeter that looks impressive and will allow for early detection of a penetration. Next, since only the largest facilities will be able to afford having a security force on site to respond to an attack, most facilities will use local law enforcement responding to an incident. That means that there needs to be additional security layers to delay an attacker until the police arrive. If you are using chlorine cylinders like our friend from New Zealand, then keep them in a secure room in a secure building. I would keep my stored cylinders in a separate secured room from the cylinders in use. The more you can isolate the cylinders, one from another, the more difficult it will be to release the total on-site inventory in a single attack. Mitigation costs can be divided into active and passive measures. Active measures work to reduce the off-site movement of the toxic cloud while passive measures alert the potentially affected population to take appropriate action. Active measures can include water deluge systems or scrubbers protecting the tank storage rooms. Passive measures would include a reverse 911 system or sirens to warn of the release and an education program to teach neighbors how to respond to the warning. In Closing… This is, of course, just a brief over view. The American Water Works Association is supposed to be developing a computerized assessment tool. They won’t release it to outsiders like me, but it will probably help in the assessment process. The Metropolitan Water District in Southern California seems to have a pretty good handle on this situation; you might want to talk to them. I hope I have been of some small measure of help.

DHS CSAT FAQ Page Update – 11-13-09

Last week DHS posted three new questions and responses to the already extensive CSAT Frequently Asked Question (FAQ) list. Those questions were: 1610: Can a consultant request a user change? 1646: The CSAT Security Vulnerability Assessment (SVA) Tool does not allow printing of large summary reports. Will facilities be able to print large summary reports from the CSAT Site Security Plan (SSP) Tool? 16:47: What data and information from a facility’s Top-Screen(s) and Security Vulnerability Assessment(s) (SVA) will be pre-populated by CSAT in the facility’s Site Security Plan (SSP)? User Changes It isn’t often that I can catch the FAQ preparers in a mistake, but their response to Question 1610 does contain a significant oversight. The answer starts out by stating that: “A consultant may not request or initiate a CSAT user change.” Then they go on to say:
“In general, the original user must make any change to his/her user role – e.g., authorizer changes authorizer, submitter changes submitter, preparer changes preparer.”
Since a consultant or contractor may be a Preparer, the consultant can request changes to their status as a Preparer. I would be willing to bet that what the answer was intended to say was that a consultant may not request changes to Authorizers, Submitters or for Preparers other than himself/herself. Pre-Populated Data The answer to Question 1647 contains the standard information about where the data comes from that should be pre-populated on the facility’s Site Security Plan when that tool is initially opened. It also reminds users to review and correct that data. The cautionary note about having to change errors in latitude and longitude only with the assistance of the Help Desk is, as usual, not explained. DHS uses the latitude and longitude of the facility as a major component of its internal tool to determine if the facility is a high risk facility and to assign its tier ranking. If there is an error in that location, there might have been an error made in making those determinations. That is why changes to the latitude and longitude must be made via the Help Desk.

Reader Comment – 11-13-09 Vigilance

Friday evening Laurie Thomas, an MTSA writer and instructor, left a comment on my blog about security fencing. She wrote:
“‘Backed up with observation and response’ is so important, and the first line of defense we have anywhere is employee vigilance. When you have an absence of employee vigilance, all the security whistles and bells in the world may still land you on the front page of the Federal Register under the listing of "how not to run your shop," as in the Lynn MA LNG intrusion.”
Facility security is certainly part of everyone’s job at high-risk facilities. While my blog focused on perimeter penetrations over, under, and through security fencing, penetration under the guise of legitimate site business is also of serious concern. It is in this area that employee attention to where visitors are and are not supposed to be is crucial to successful prevention of commercial and intellectual property theft as well as preventing successful terrorist attacks. Facility security at high-risk chemical facilities is typically focused outwards in their defense of the facility from terrorist attacks. Employee vigilance is very important at detecting threats that have slipped through the system. This can only be achieved when employees are fully trained on the potential threats and security processes in place. An essential part of that training is convincing every employee that the security processes and procedures are put there, in part, to protect the employees from the results of a successful terrorist attack.

Saturday, November 14, 2009

Congressional Hearings Week of 11-16-09

Congress is back from their short Veterans Day recesses and looking forward to next weeks Thanksgiving Recess. In this work week between there are three hearings currently scheduled that might be of interest to the chemical security community, all in the House. Intelligence Update The Subcommittee on Intelligence, Information Sharing and Terrorism Risk Assessment of the Homeland Security Committee will be looking at al Qaeda (al-Qa’ida?; transliteration is always a problem from non-roman script languages) and how it is evolving. The hearing is on Thursday at 10:00 am EST. A partial witness list on the Homeland Security web site shows all witnesses coming from non-governmental organizations, so at least that panel will be unclassified. If they add a panel of government witnesses the discussion may go closed and classified. I doubt that there will be any specific mention of threats against chemical facilities, but any unclassified terrorist intelligence updates should be followed by anyone in the chemical security community. Cyber Security The House Science and Technology Committee continues to look at cyber security and to ignore control systems. The full committee will be conducting a mark-up of HR 4061, the Cybersecurity Enhancement Act of 2009, on Wednesday at 10:00 am EST. A quick scan of the bill shows no specific reference to industrial control systems or SCADA, but the bill does allocate funds for cyber security research so it is important. Fire Grants The Rules Committee has announced that they are accepting amendments to HR 3791, Fire Grants Reauthorization Act of 2009, until 10:00 am on Tuesday. That means that there will probably be a hearing on the bill on Tuesday afternoon or more likely Wednesday. Again, no specific mention of grants for response activities at high-risk facilities, but these grants will be available to many departments that would be responding to chemical incidents.

Friday, November 13, 2009

Security Fencing

There is an interesting story over at about a recent anti-nuke protest in Washington. It seems that five senior citizen protestors penetrated three successive security fences at a nuclear weapon storage facility on the Kitsap Naval Base before they were apprehended by security personnel; hours after they entered the perimeter and within yards of a weapons bunker. This penetration exercise by people in their 60’s and 80’s brings security measures into question at yet another nuclear weapons facility. It also provides a good object lesson in security measures; fences do not stop penetration. Now, anyone with infantry training already knows this. One of the first lessons one learns in planning and executing a defensive operation is that a barrier plan must include provisions for observation and cover fires. Concertina wire and even minefields must be covered by direct and indirect fire weapons to be effective. Without such coverage, attackers are slowed some what, but not stopped. Even with such coverage, military history is replete with costly yet successful attacks on well prepared defenses. Security Fence Observation First rule of security fencing: there is no such thing as an impenetrable fence. The standard industrial security fence, a six-foot chain link fence even with an 18” barbwire outrigger takes just seconds for a trained person to go over or through. It does mark the legal perimeter and keeps honest people out, but it does little to stop a deliberate penetration. Even ‘unclimbable’ fences can be scaled or penetrated by trained personnel. To be an effective part of a ‘deter, detect, and delay’ security plan a perimeter fence must be kept under continuous and obvious observation. Periodic observation is not effective because a trained attacker will just conduct their penetration during a time when there is no observation. The reason for ‘obvious observation’ is less, well, obvious. If the perimeter fence is obviously under continuous observation it will deter most attackers; sending them to easier to penetrate targets. Actually the observation plan for a security fence should include both obvious and hidden means of observing the perimeter. The obvious method will help to deter most attackers and the hidden will make it harder to bypass observation. A readily visible video camera system backed up by some sort of motion sensor system would be example of such a dual system. Care should be taken to ensure that the two systems cannot be countered by a single measure. For example, cutting a single power feed should not disable both systems. Nor should loss of perimeter lighting defeat both systems. The whole point is to make it as difficult as possible for an intruder to penetrate the perimeter without detection. Security Response When the breach of a perimeter fence is detected, there must be some sort of security response. The most obvious response is to send security personnel to detain or apprehend the intruder. There is a legal difference between ‘detaining’ and ‘apprehending’ with subtle variations in the distinction in different jurisdictions. The security plan must take these differences into account and the security force needs to be well trained in their allowed role. The physical response of security personnel to a perimeter penetration is an integral part of the ‘deter’ portion of a security plan. A well trained terrorist will make efforts to determine the facility response to a perimeter penetration as part of their planning efforts. If there is a timely and effective response, it will help to lessen the chance of an actual attack on the facility. If there is no, or an ineffective, response, the terrorist is likely to be emboldened. An effective security plan will have additional responses to a perimeter penetration that are not obvious or visible from outside the facility. This will help to ensure that an attacker can not design counter measures to all of the security responses. This could include things like activation of other countermeasures, process shutdowns and the isolation of critical facilities and chemicals. At a very minimum, the high-risk chemical facility would have procedures in place for notification of local police, emergency response and the FBI. A perimeter fence is only a minor part of a security plan for the protection of high-risk chemical facilities from terrorist attack. To be effective it must be tied into the entire plan and backed up with observation and response. Without this integration the security fence is not even a barrier to penetration by octogenarian activists.

Reader Comment – 11-12-09 Gasoline

I received a brief and favorable comment on a blog from last week about gasoline vapor cloud explosions. Prasad wrote: “Hi, thanks for giving valuable information about gasoline.” While I already have an enlarged ego, I always enjoy feeding on praise. And, in an attempt to garner more praise, I’ll talk a little bit more about the hazards of gasoline. PR Fuel Depot Fire First a brief update on the fire in Puerto Rico. According to the last news report that I have seen, the FBI announced that the source of the fire was a fuel leak during the filling of a gasoline storage tank. The resulting vapor cloud expanded until it ‘found’ an ignition source. The resulting explosion damaged other tanks and spread the fire. The investigation continues, looking for the reason for the leak and the identity of the ignition source. While a number of other fuel tanks became involved in the fire there have been no reports of additional explosions. This appears to be relatively typical for fuel tank farm fires; no large explosions once a tank fire has actually started. The reason for this is simple, gasoline is easily ignitable and the flame front spreads quickly across the full surface area of the exposed liquid. This means that additional vapor clouds do not typically form once the conflagration has begun; no vapor clouds, no vapor cloud explosions (VCE). This is one of the reasons that the fuel distribution industry has argued against DHS calling fuel distribution facilities high-risk chemical facilities. They note that once a fire gets started, the damage is typically isolated to the facility property, making the fuel distribution centers poor terrorist targets. Fuel Depots as Terrorist Targets Actually, there are a couple of reasons that fuel depots make good targets for terrorists. First, for jihadists in particular, the fuel industry is practically synonymous with the American operations in the Middle East. Many Muslim fundamentalists feel that if it were not for oil, that American Imperialists would have no interest in what goes on in the that area of the world. This means that oil company facilities are symbolic targets. This is one of the reasons that al Qaeda has called for attacks on oil company facilities. Next, fires at fuel storage facilities are high profile events. They provide long term impressive video feeds for news organizations so they quickly make national and international news. Such attacks are visible for long distances so they have a major psychological affect on the surrounding community. If these affects were combined with a terrorist claim of responsibility for the attack, it would become a very major attack even if there were minimal off-site consequences. There is an additional economic affect that cannot be ignored. While it would be less obvious in the current economic situation, the loss of a major fuel terminal, particularly if the underlying pipeline were significantly damaged, would have a tremendous affect on the fuel supply in that service area. The ensuing shortage of gasoline would have tremendous local economic consequences and would certainly result in increased fuel prices in entire region and perhaps the country. Finally, a ‘properly’ executed attack could have huge off-site consequences. An attack that caused a catastrophic failure of a large gasoline storage tank would produce a huge vapor cloud. A subsequent ignition event, properly timed and executed, would produce an immense vapor cloud explosion that would be felt over an extensive off-site area. If the terminal were located in a large suburban area, like too many are, the potential death and destruction would rival the twin towers attack. CFATS Coverage These factors all weighed into the decision of DHS to include fuel storage questions in the Top Screen even though gasoline and the other listed fuels are not in the COI list in Appendix A. It would seem obvious, to me at least, that this was a legitimate exercise of the Secretary’s discretion under §550 to designate what facilities “present high levels of security risk”. The fuel distribution industry took objection to that decision. When a number of fuel terminals were notified after their Top Screen submission that they were preliminarily identified as ‘high-risk’ facilities an industry association took legal action to stop DHS from making that determination final. As I understand the situation, DHS is currently unofficially suspending final evaluations of fuel terminal SVAs pending final evaluation of the situation. The two recent incidents at fuel terminals should provide adequate proof that the potential for gasoline vapor cloud explosions is real enough for these facilities to be regulated under the CFATS regulations. Hopefully the Secretary will not require an actual terrorist attack on such a facility to realize that they are potential targets.

Thursday, November 12, 2009

Coordination of Security Programs

I was reading the Roberts Law Group blog yesterday about the MTSA provisions of HR 2868 and it struck me that the committee staff over at the House Homeland Security Committee missed a couple of other security regulations that could affect facilities covered under this legislation that might also require coordination between the regulation writers at the Office of Infrastructure Protection and other Federal agencies. If the legislation needs to require formal coordination between the Coast Guard and IP then it should also require similar coordination with these other Federal Agencies. For example the Transportation Security Administration (TSA) regulates (49 CFR 1580) facilities that ship and receive rail security-sensitive materials (including poison inhalation hazard chemicals like chlorine and anhydrous ammonia). There are overlaps between those regulations and the requirements of HR 2868 in all three titles. To avoid conflicts in those overlapping requirements there will need to be coordination between TSA and IP. Duplication of training requirements should also be addressed. There are security training requirements in the previously mentioned TSA regulations, but the PHMSA also has security training requirements in their hazmat shipping regulations (49 CFR 172.704). These overlapping training requirements should also be addressed with appropriate interagency coordination mandates. PHMSA also requires (49 CFR 172.800) facilities that ship specified hazardous materials by truck must develop security plans that address personnel surety and security of materials being prepared for shipment. Both areas overlap requirements of Title 1 of HR 2868. Again, coordination should probably be required. NOTE: The PHMSA regulations do allow that ‘other’ security requirements “may be used to satisfy the requirements” of their regulations “provided such security plans address the requirements specified” (49 CFR 172.804 for example), but that does not necessarily ensure lack of conflict. Only specific coordination of requirements will limit those legal conflicts. There are likely other regulations that include security provisions that overlap with the provisions of HR 2868. While there are no requirements that Congress write laws that do not conflict with existing regulations, it certainly makes it easier for the regulating agencies if Congress addresses these conflicts in the legislative process so the agencies don’t have to worry about it in the regulatory process.

Hazmat Training Grants

Last week the Department of Transportation announced that they had provided grants to four labor organizations to develop instructor training programs. The $4 million in Hazardous Materials Instructor Training (HMIT) grants were given to the International Brotherhood of Teamsters, the National Labor College, the International Association of Machinists and the International Chemical Workers. The grants are part of the PHMSA HMEP grant program and are funded by user’s fees paid by hazmat shippers and carriers. Instructors trained under this program will use training programs also developed with these grants to conduct hazmat employee training required under PHMSA regulations. Further information on the grant program can be found on-line.

Wednesday, November 11, 2009

Annual CWC Report

The Department of Commerce published their annual request for information about the effects of the Chemical Weapons Convention Regulations (15 CFR parts 710-722) on commercial activities involving Schedule 1 chemicals. The DOC’s Bureau of Industry and Security (BIS) needs this input to provide their annual report to Congress on the affects of the CWC implementation on the legitimate commercial activities and interests of chemical, biotechnology, and pharmaceutical firms in the United States. ‘Schedule 1’ chemicals are those chemicals listed in Supplement 1 to 15 CFR 712. They are generally considered to be chemicals that can be used as chemical weapons or their direct precursors. The CWCR restrict commercial production of ‘Schedule 1’ chemicals to research, medical, or pharmaceutical purposes. The Federal Register ‘notice of inquiry’ (74 FR 58004) lists summarizes the specific restrictions placed on facilities that produce or use Schedule 1 chemicals. The BIS is requesting that comments be submitted by December 10th, 2009. They may be submitted by email (, or delivered/mailed to: Willard Fisher U.S. Department of Commerce Bureau of Industry and Security Regulatory Policy Division 14th Street & Pennsylvania Avenue, NW., Room 2705 Washington, DC 20230

HR 2868 Status 11-09-09

Yesterday HR 2868 was formally received in the Senate. According to, the bill was assigned just to the Homeland Security and Governmental Affairs Committee. Many observers had also expected it to be assigned to the Commerce, Science and Transportation Committee because of the two titles dealing with security at water facilities. Those facilities and the EPA are normally covered under the Commerce Committee not Homeland Security. Additional Senate Action reported yesterday [subscription required] that two Senators, Susan Collins (R, ME) and Frank Lautenberg (D, NJ) were preparing to submit their own versions of chemical facility security legislation. At least one major difference between the two of them was expected to be IST provisions. Sen. Collins has been an opponent of government mandated IST while Sen. Lautenberg has been a supporter. I have no idea why Lautenberg has waited so long to introduce this legislation. With Sen. Collins one would guess that she has been avoiding a repeat of the 2006 intra-committee conflict she had with Sen. Joe Lieberman (I, DE). This has been one of the few bones of contention between these two leaders of the Senate Homeland Security Committee. Having said that, these two will be the pair most likely to craft a truly bipartisan approach to the IST issue.

Tuesday, November 10, 2009

Counter IED Symposium

Thanks to Stephen Melvin at for letting me know about a Counter IED Symposium being held on December 1st thru 3rd in Washington, D.C. The Interagency Council for Applied Homeland Security Technology (ICAHST) is sponsoring this event. The symposium will address key issues and critical mission needs in support of IED defeat and prevention in the United States and reflect on the differences between military and civilian response needs. According to the agenda on the NCSI web site the symposium will focus on the following critical areas:
“Threat Environments: Domestic and Military Response; “Threat Analysis: Research and Technology; “Incident Response and Training; and “Information Sharing.”
This symposium is really targeted at Federal, State and local government agencies that will be charged with responding to IED incidents in the United States. The NCSI web site does note that “industry, academia and laboratories sponsored by the Government” will be attending the event. While I don’t suspect that will include many high-risk chemical facilities, I would hope that some industry organizations like ACC or SOCMA will have representatives in attendance. Registration information is available on-line.

USM v UP Oral Arguments

Earlier this year we saw US Magnesium (USM) win a decision before the Surface Transportation Board (STB) requiring the Union Pacific (UP) railroad to provide chlorine delivery service. In a blog about that decision I noted that: “That order clarified the requirement that UP has an ‘obligation to quote common carrier rates and provide service for the transportation of chlorine for the movements at issue in this case’ (pg 1).” The issue of reasonable rates was not addressed in that decision. Last week the STB announced that they would be hearing oral arguments on November 23rd on a petition by USM to address that subject. USM Position USM is asking the STB to require UP to establish ‘reasonable rates’ for the transportation of chlorine gas from the USM production facility in Utah to two customer facilities in Arizona. USM notes that they previously had reasonable contract rates for the carriage of chlorine gas, but that contract expired in March of this year. When contract renewal discussions were started last fall, UP announced that they would raise the rates to levels unacceptable to USM. Since the date that the contract expired USM has been forced to pay a common carrier tariff (UP Tariff 4949) established by UP. USM claims that the common carrier tariff rates are “dramatically higher than the contract rates previously paid by USM in 2008 for this transportation and are unreasonably high in violation of 49 U.S.C. §§10701 and 10704” (pg 5). USM notes that the rates “produce revenues substantially in excess of 180% of UP’s variable costs of providing the transportation” (pg 8). USM contends that the rates are 568% and 422% for the respective customer locations USM claims that they have no alternative transportation for their chlorine gas to these customers so they have been forced to pay the rates set by UP because of UP’s ‘market dominance’ in the area. UP owns the rail lines at both ends of the transportation routes and there are no reasonable alternative forms of transportation. USM is asking the STB to “order UP to establish reasonable rates for transportation of chlorine” on the indicated routes and “order that reparations be paid, plus interest, for any unlawful charges assessed by UP from and after March 3, 2009” (pg 9). UP Position UP agrees that the rates established by the Tariff Rate 4949 are substantially higher than those set under the previous contract. UP maintains that those higher rates are a reflection in recent and proposed regulatory changes for the shipment of toxic inhalation hazard (TIH) chemicals like chlorine and anhydrous ammonia. UP claims that the new tariff reflects a reasonable increase in the rate to support those new requirements. UP notes that the method that USM is asking the Board to use in its evaluation of the UP tariff (the Three-Benchmark Method) would not adequately reflect the changes in the market and regulation that make the new rate reasonable. The reason is that the method relies heavily on the rates and costs of the previous three year period (2004 through 2007 in this case) and does not reflect recent changes. UP questions the Board’s ability to adequately address the problem of ‘regulatory lag’ in this case using this method and proposes changes to the Three-Benchmark method to address that issue. UP maintains that they have incurred and continue to incur increased costs because of these new safety and security regulations reflected in new procedures and training requirements. UP notes that the most costly of these new regulatory requirements is the new requirement to install positive train control (PTC) on mainlines used to transport TIH chemicals like chlorine gas. In their Opening Evidence document, UP maintains that “These costs associated with TIH movements should be borne by TIH shippers, rather than UP’s other shippers, to avoid cross-subsidization of TIH shipments.” (pg 19) HAZMAT Shipping Implications There are a number of reasons that this decision may not be a ‘landmark’ case in controlling future rate setting cases for TIH chemicals. First, UP notes that all of their other chlorine shippers have been accepting routine increases in their shipping costs reflecting the changes in regulatory requirements. Next, USM is not a regular chlorine producer; they produce chlorine as a byproduct of their magnesium production process. This means that their chlorine shipments are irregular in frequency and destination, resulting in potentially higher costs. Having said that, UP has raised the issue of having TIH shippers essentially pay for the installation of PTC on lines where it is being required solely because of the shipment of TIH chemicals. There is certainly at least some justification for this, but it will raise some significant cost issues where there is only a single TIH shipper on a given line. This case certainly provides the STB the chance to establish a potentially landmark decision on the allocation of PTC costs.

Monday, November 9, 2009

DHS CSAT FAQ Page Update – 11-06-09

Last week DHS added responses to five new questions on their extensive CSAT Frequently Asked Questions page. Those questions were: 1268 Am I exempt from registering since I fall under Part 105 of the Maritime Transportation Security Act? 1558 May I continue to work on my SVA while I replace, or after I replace, an existing Top-Screen? 1613 What is the anticipated timeframe for receiving a response to an extension request? 1614 My circumstances have changed from my original Top-Screen submission. What do I base my SVA on – my original submission or the material modifications I have made? 1615 I have resubmitted my Top Screen because of material modifications at my facility. This resulted in a change to my tiering. In this case, what happens to my current SVA? As always, I recommend that site security managers read all new responses as they are posted. There is no telling which might affect the CFATS implementation at a facility without reading the individual answers. New Top Screens With the economic situation being so bad for the chemical industry in general, many facilities are closing, reducing operations, or eliminating product lines; all things that can result in the reduction or elimination COI. This means that DHS has been receiving large numbers of Top Screen resubmitals that might result in lowering of risk level ratings or removal from the list of high-risk chemical facilities. What affect this has on facility SVAs is the basis for four of this week’s new questions. First, DHS makes clear that once an SVA notification letter is sent to a facility the facility is required to complete the SVA for the underlying Top Screen unless or until DHS removes the requirement. If a facility feels that their subsequent Top Screen will result in removal from the high-risk list (if they no longer have COI on-site for example) they should request an extension of the time to file their SVA under the old Top Screen siting the lack of COI and the new Top Screen submission as justification. In the event that the resubmitted Top Screen does not result in a change of tier level the new top screen will almost certainly not result in a change in date for the submission of the SVA previously required. This is the reason that DHS wants facilities to continue working on their current SVAs or SSPs while their new Top Screen is being evaluated. If a new Top Screen does result in a change of preliminary tier rankings, DHS still might not change the due date of a previously ordered SVA. If there were no changes in the list of covered chemicals held at the facility, there will likely be no need to change the SVA submission, so DHS would keep the same date. Similarly, if there was an elimination of a minor (by inventory standards) COI while large scale storage of other COI remain, DHS might not change the SVA date. The later situation might not even change the completion date of an ordered Site Security Plan.

Reader Comment 11-08-09 Recommit

Anonymous wrote in yesterday morning to take me to task for my description of Mr. Dent’s (R, PA) motion to recommit in my blog about the final day of the debate on HR 2868 in the House. Anonymous wrote, in part:
“That was not the motion to recommit. The motion to recommit barred DHS from requiring IST implementation unless it found that doing so would cause no net NATIONAL reduction in jobs, and would apply anytime unemployment was over 4%. In the past 478 months, unemployment has been under 4% SIX times, the last time being just before George W Bush took office.”
Dent’s Similar Amendment I must admit that it was rather late when I finished up my posting and I rushed through my description of the Dent motion to get the blog posted. Further I made the mistake of applying less than adequate analysis to words of a politician in a debate. Here is what Dent said
“When I offered a similar amendment [emphasis added] at the full committee, my friend, Ms. JACKSONLEE, and my friend, Mr. CUELLAR, both spoke in strong support stating, [‘]We want to make sure that it does not adversely affect the workforce, which is something we all support.[’] That provision passed unanimously. That’s why I was angered when it was stripped out by the Rules Committee.” (CR, Nov 6, pg H12533)
‘Similar’ is a slippery word, particularly when used in a political debate. The amendment that Mr. Dent was referencing modified §2111(b)(1)(D) to read: “(D) would not significantly or demonstrably reduce the operations of the covered chemical facility or result in a reduction of the workforce of the covered chemical facility”. The amendment was not ‘stripped out by the Rules Committee’; this implies that targeted action was taken against the amendment. This amendment was found in the Homeland Security Committee version of the bill. As I reported earlier the version of the bill reported out by the Rules Committee used the Energy and Commerce Committee version of the bill for the §2111 language. Chairmen Thompson and Waxman did not include the Dent language in modifications subsequently made to that section. The Actual Motion to Recommit The Dent amendment included in the motion to recommit actually read:
“(iv) would not significantly or demonstrably reduce the operations of the covered chemical facility or result in any net reduction in private sector employment when national unemployment is above 4 percent.”
This language appears to be very restrictive. As Anonymous pointed out there has not been less than 4% unemployment since the beginning of the previous administration. Add to that the language about resulting in “any net reduction in private sector employment” and you put the Secretary in a position of determining if a particular IST implementation would result in a large enough job reduction to result in a net reduction. Anonymous feels that this “language would have gutted the IST provision”. I think that that may be a bit of political hyperbole. A ‘pro-business’ Secretary could arguably decide, as a matter of personal discretion, that any IST implementation would result in a net reduction to avoid imposing any IST implementation. An ‘environmentalist’ Secretary could just as arguably decide that there was no number of layoffs at a particular facility that would have a negative affect on the net level of private sector employment to justify requiring a wide swath of IST implementations. Leaving such a wide level of discretion, based on a vague standard that has nothing to do with the underlying regulation, makes for very poor law. After this closer examination I have to admit that I agree with Chairman Thompson’s evaluation of this amendment that he voiced in the floor debate; I am opposed to this provision in “its present form”. If his amendment had been a straight duplication of the one added in the Homeland Security Committee markup, I think that Dent’s motion to recommit would have been readily accepted by the Democratic Leadership, if for no other reason that it would have shown that the debate was being handled in a ‘bipartisan’ manner. Thanks to Anonymous for making me look at this matter in more detail.

Sunday, November 8, 2009

HR 2868 Passed in House on Friday

Most readers of this blog are certainly aware of the fact that HR 2868 passed in the House on Friday afternoon. There have been a number of news articles and blogs written about the fact of passage. Some have cheered about the results and others have jeered. The bill will be officially delivered to the Senate on Monday and everyone interested in the bill will turn their attention to that body in the coming weeks and months ahead.

 Before I start my coverage of the Senate’s efforts on this bill, I want to take one last look at some of the political oddities that occurred on the floor of the House Friday afternoon as the Committee of the Whole House dealt with the 10 amendments that the Rules Committee included in the rule for the debate.

In an earlier blog I mentioned that I noted that a “shoe-in for passage on the floor is the amendment submitted by Chairman Thompson. This will make ‘a number of technical corrections and fixes typos and verbiage issues’. These almost always pass.” I almost mentioned that they typically pass on voice votes.  

Manager’s Amendment 

At the start of this debate I was having problems with my CSPAN link so I was following the summary of the debate on the House Clerk’s website. When I saw that a voice vote was requested on this amendment I assume that it was a delaying tactic, which presaged a long afternoon. It wasn’t until this morning when I read a copy of the debate in the Congressional Record that I understood what was going on.

Now the first thing that you need to understand is that the ‘Manager’s Amendment’, which this was, is almost always an amendment that corrects grammatical errors, technical mistakes, and the like. It is done to make a piece of legislation more professional and to remove errors that might make interpretation difficult at a later date.

Substantive changes are not normally made to avoid problems in passing the legitimate changes to the bill. It is because of this that I did not closely read the Thompson Amendment, I wish I had. On page 4 (for Title 1), page 7 (for Title 2), and page 10 (for Title 3), the amendment makes a major change to the rules for protecting information about the security plans for plants.

Making a policy change in the manager’s amendment is offensive enough, but the wording of these changes makes it appear that the disclosure of security information by a third party is excluded from the information protection rules of the legislation. Here is what Mr. Barton (R, TX) said when he made the unusual move to rise in objection to the Manager’s Amendment:
“So what we are doing here, Mr. Chairman, is saying, as the distinguished chairman said, we don’t want to try to give the Department of Homeland Security the ability to prevent information that has already been publicly disclosed by somebody we regulate as part of the site security plan. But then they are creating this new loophole, that if a group that is not controlled by Homeland Security somehow gets information, they can publish it. They can put it on their Web site, and they’re not liable.” (Congressional Record, pg H12517).
It is no wonder that the vote on this amendment followed straight party lines, Democrats supporting their leadership and Republicans in opposition. It was the only vote in the process that split perfectly along party lines.

The Republican Amendments 

As I noted in my earlier blog about the amendments I noted that four of the Republican amendments had no chance of passing, any more than they had in both the Homeland Security Committee and the Energy and Commerce Committee markup hearings. In committee the vote was a strict party line vote. The votes here were slightly less one sided.

The Barton Amendment, changing the pre-emption language in the legislation, fell the furthest from the party line. Eighteen Democrats voted ‘Aye’ in support and twenty-two Republicans voted against the amendment. The two Dent amendments, one providing for a straight extension of the §550 CFATS authority and the other striking the IST provision, garnered 17 and 22 Democratic votes respectively while loosing no Republican votes.

The McCaul Amendment striking the citizen enforcement provisions garnered the support of 28 Democrats while loosing the support of one Republican.

Bipartisan Amendments 

As I predicted, the Flake Amendment was the single Republican Amendment that passed. But even I was surprised that it passed without opposition. No one spoke against the amendment and Mr. Pascrell (D, NJ) even spoke in favor of the amendment. It was one in a series of amendments that passed on voice votes without spoken opposition.

I had predicted that the remaining four Democratic amendments would pass, but I was surprised that the Republicans did not even object to the amendments in their allocated 5 minutes of debate. Instead they used their support of the amendments as a platform for discussing what they felt were the shortcomings of the over-riding bills. In any case, the discussion and vote gave the appearance that there was genuine bi-partisan support for the amendments. That alone was worthwhile in this contentious legislative year.

Recommit with Instructions to Amend 

After the final vote on the bill there was one parliamentary hurdle left; the motion to recommit to committee. In this case Mr. Dent (R, PA) took what appeared to be an easy pass at that requirement. His motion to recommit was within instructions to return the legislation to the Homeland Security Committee with instructions to return the bill ‘forthwith’ with a minor amendment. In this case, the amendment was one that was unanimously approved in the Energy and Commerce Committee. It required the Secretary to take into account job loss in determining whether to require implementation of an IST method.

The motion to recommit failed with 19 Democrats joining the Republicans in support of the motion; one Republican joined the majority in opposing the motion. The final vote was 189 to 236. HR 2868, the Chemical and Water Facility Security Act of 2009 passed in the House. Next week it will be delivered to the Senate.
/* Use this with templates/template-twocol.html */