Friday, March 12, 2010

CFATS is Dying?

I got an interesting email from Bill Crews, Security Manager at the Port of Houston. He told me about a conversation he recently had with someone who mentioned that ‘CFATS was dying on the vine’. I’ve heard this in a couple of different places now and I think that that is a completely inappropriate conclusion to draw. Unfortunately, I may have had a hand in the starting of the rumors of the premature death of CFATS. Source of the Rumor Earlier this week published an article by Leischen Stelter based upon an interview she did with me. Entitled: CFATS: “It’s dead”; Leischen did a very good job describing my views on the state of legislation to extend and expand the authority for CFATS. Now anyone that has had anything to do with the news business knows that headlines are not necessarily communicators of fact, but are crafted as attention grabbers to get the reader to read the article. In this case, the “It’s Dead” quote is taken from my description of the apparent status of HR 2868, not CFATS. That is absolutely clear from reading Leischen’s article. CFATS Health Report First off, I have not heard a single politician say anything about canceling CFATS. While many people in the activist community believe that CFATS does not go far enough in protecting the people of the United States from the potential consequences of a terrorist attack on high risk facilities, they want to expand it not kill it. The opposition to the expansion of CFATS coverage has been generous in their praise of the current program and have offered lengthy extensions of the current CFATS authority as an alternative to the expansion of that authority. DHS has been slower on the implementation of CFATS than many of us would have liked to have seen, but they have been operating at a considerable handicap because they have had to make this stuff up as they go along. DHS has developed an innovative series of on-line tools for collecting very detailed information on a wide range of facilities that use potentially dangerous chemicals. Additionally they have had to establish a completely new regulatory scheme with little political guidance from Congress and some very serious constraints upon their authority. The CFATS inspection staff continues to grow. The latest series of new hires is preparing to attend the Chemical Security Academy (oh yes, this also had to be developed) so that they will have both the technical and regulatory skills necessary to help facilities adequately protect themselves against terrorist attacks. Another job posting is expected in the near future for the next class of inspectors. Finally, the leadership of the Infrastructure Security Compliance Division (the home of CFATS) has been running around talking to industry (and a very widely eclectic group of industries it is) to explain the new rules even while they are cajoling individual facilities into plugging the holes in their site security plans. And, oh yes, we’ve just learned that, even with all of that on their plate, they have completed a draft of comprehensive chemical security legislation so that maybe this time they’ll have a law that can actually be enforced. No, CFATS is not dead or dying. It is one of the more vibrant and active programs in DHS and it is just now reaching its maturity. Premature reports of its demise are not only incorrect but inappropriate.


Anonymous said...

Having assisted several clients in completing the SSP, the common opinion I heard was that the process is "headache inducing," convoluted, cumbersome and confusing. EHS experts told me this is the most bureaucratic and complicated process they have encountered. And once you're done, you have a completed checklist with planned and proposed measures but no actual plan. I now recommend instead creating the ASP as a true plan that addresses each of the RBPS's and better addresses the facility's true risks, vulnerabilities and threats.

I suspect that CFATS, as is the case with the rest of the DHS and TSA, has been primarily driven by law enforcement and military folks with little involvement of real security experts, which results in more of a focus on reaction than prevention. Having been involved with the original CCPS methodology, I believe that, for the DHS, deterrence is more of an after-thought, with their focus on detect, delay and respond.

While I'm getting things off my chest, this process looks like its developers never actually saw especially small facilities with relatively limited resources. The SSP tries too much to be all things to all facilities with little concern for their size, function, location, etc. Perhaps it would have been better if there had been separate SSP's based, in addition to Tier level, upon the size of facility or type (i.e. chemical, educational, manufacturing, paper, water treatment, etc.)

Thanks for letting me vent.

Dick Sem
Sem Security Management

PJCoyle said...

For my response to Dick Sem's comments see:

Anonymous said...

Having been in the "politics" business so to speak for some time now, I have come to learn that the general public is not as precise in its choice of words as are the wonks.

What happens is that a lay-person equates, in this case CFATS and HR2868, to be one in the same without the nuance of what PJD aptly explains.... they are not the same -- technically.

I contend that when the rumors spread, it's genesis stems from this linkage. Thus later creating confusion.

So the question, perhaps, remains --- is HR 2868 (and it's Senate version) dead? ie: Will the bill go to the President for signature?

PJCoyle said...

For my response to the comments made by Anonymous see:

/* Use this with templates/template-twocol.html */