As I promised earlier this week I am taking a closer look at the report issued earlier this week by the Heritage Foundation on the CFATS program. Jessica Zuckerman presents an overview of the CFATS program that presents a newspaper style review of the program problems and concludes that the program is too complex and overly burdensome. Unfortunately she is weak on the program details, glosses over some real problems, and provides little in the way of details that would actually contribute to the discussion much less justify her conclusions that the CFATS program should be eliminated.
This is the first in what is going to end up being a multi-part look at the Heritage Foundation Report and the real problems with the CFATS program.
Ms. Zuckerman presents a brief history of the events leading up to the adoption of the authorization of the CFATS program by §550 of the Department of Homeland Security Appropriations Act of 2007. She starts as do most commentators with the Bhopal disaster, but only lists the 1990 Clean Air Act Amendment containing the General Duty Clause as a legislative response to that incident, ignoring the legislation dealing with community right-to-know, emergency planning and process safety management. A number of the current problems in the CFATS program can be traced back to these pieces of legislation and the government’s inability, for both technical and political reasons, to provide for proactive inspection forces to oversee the implementation of those rules.
The Report goes on to look at the political conflict that prevented the establishment of a comprehensive chemical security program. Unfortunately, Ms. Zuckerman only mentions (without ever providing the name or bill number; S 1602, the Chemical Security Act of 2001) the original legislation proposed by Sen. Corzine (D,NJ), but never mentions the alternative proposals that did not contain inherently safer technology proposals (such as Sen. Inhofe’s (R,OK) S 993, the Chemical Facilities Security Act of 2003).
Thus she provides only a one-sided view of the debate that held up passage of any chemical security legislation until §550 provided for an interim final rule (IFR) that resulted in the CFATS program. This provision for an IFR clearly indicated that Congress was cobbling together a short-term measure that would be replaced at some later date by more comprehensive legislation. Many of the problems of the current program can be traced back to this ‘interim’ nature of the legislation.
She also ignores the political implications of establishing a chemical security program through a short paragraph in an appropriations bill. This has provided for a singular lack of Congressional oversight of the program because there is no clear delineation of which House committee would be responsible for that oversight.
The Zuckerman report provides an adequate overview of the CFATS program under a section entitled ‘Overly Burdensome and Confusing Standards’. This conclusive (and misleading) section title is a perfect example of the low standards of scholarly work exhibited throughout this report. She starts in the opening paragraph by describing the current ‘chemical terrorism threat’ by claiming that:
“Indeed, of the 51 publicly known Islamist-inspired thwarted terrorist plots against the United States since 9/11, at least three have involved chemical facilities or the diversion of potentially dangerous chemicals.” (pgs 2-3)
She cites no source for these numbers nor does she even provide a footnote with a brief description of the three chemical related attacks. Now I have been following chemical security issues for some time now and I don’t recall any publicly-acknowledged thwarted-attacks on any chemical facilities. The closest that I can remember is the plot on the New York airport fuel lines, hardly a chemical facility under any of the currently accepted definitions.
Then before she can even begin to describe the current program she concludes that:
“While a degree of government oversight over chemical security is needed, current standards are exceedingly burdensome and complicated, and overprescribe federal solutions with which the private sector must comply, threatening innovation and economic expansion.” (pg 3)
Zuckerman does provide a reasonably concise explanation of the four stages of the CFATS process. Her description continues to pre-judge the process, however, starting her description by stating that:
"Currently, CFATS requires that each facility undergo a complicated and often confusing four-step process, any aspect of which the facility can be required to repeat, should its chemical supplies change….” (pg 3)
This statement clearly exhibits her misunderstanding of both the CFATS process and the nature of the chemical industry and the potential threats that it faces. She clearly misunderstands that chemical facilities are not what are really at risk of terrorist attack (or at least not more so than any other critical infrastructure facility); but that terrorists would attack chemicals produced, used or stored at those facilities to achieve an even larger chemical munitions effect on the surrounding community.
Tier Ranking Confusion
She is a little loose in her description of the Tier ranking process, but it isn’t clear if this is because of a fundamental misunderstanding of the process or poor writing skills. In describing the Top-Screen process she states that:
“These facilities then received an initial risk ranking, with Tier 1 indicating the highest level of risk and Tier 4 the lowest.” (pg 3)
DHS clearly refers to this as a ‘preliminary’ Tier ranking in their discussion of the Top Screen results. The difference between ‘preliminary’ and ‘initial’ may seem to be nit-picking on my part, but she later exemplifies her apparent confusion when she states in her description of the SVA process that:
“From the submitted SVA information, the DHS ultimately determined that 4,569 of the more than 7,000 initial facilities should in fact be designated high-risk, and gave them a preliminary-tier or final-tier ranking.”
A misunderstanding of such a simple yet important part of the CFATS process exemplifies a low level of process knowledge that brings the remainder of her critique into question.
SSP Preauthorization Visit
In her description of the SSP ‘Authorization and Compliance’ step of the CFATS program, Ms. Zuckerman glosses over the first indication of the current problems with the CFATS program. She describes the SSP approval process this way:
“In order for an SSP to be approved and a facility to be considered fully CFATS-compliant, the ISCD must conduct a pre-authorization visit and an authorization inspection.”
There is nothing in the CFATS regulations or SSP documentation provided by ISCD that describes the use of or requirement for a ‘pre-authorization visit’. This was a compliance tool that DHS added when it became clear that the information being submitted in the SSP process by facilities was inadequate for judging the compliance of SSP with the Risk-Based Performance Standards. The addition of this ‘visit’ as part of the compliance process was the first real indicator that we had about the current problems with the CFATS process.
Misses the Program Strengths
While Ms. Zuckerman’s description of the CFATS process is adequate, as part of a serious look at the efficacy of the regulatory regime it falls well short of being comprehensive. There is no description of the development of the Chemical Security Assessment Tool, the series of on-line tools that allow for the electronic submission of information to DHS. The success of the tools for the Registration, Top Screen and Security Vulnerability Assessment is often overlooked in critical reviews of the CFATS program.
The use of the Registration and Top Screen tools made it relatively easy for facilities that met the initial operational definition of a potentially at-risk chemical facility (possession of a significant quantity of potentially hazardous chemicals) to submit the required information to allow DHS to remove the vast bulk of those facilities from further consideration under the CFATS program.
Furthermore, the internal computer-based modeling made the complex decision-making process based upon the Top Screen information much more efficient. The process of whittling down the initial 38,000 facilities to little more than 7,000 potentially at risk facilities was accomplished in remarkably short order, a process that couldn’t have been done in nearly the same amount of time, or by the same small staff, by the old-fashioned paper-based information submissions.
The Top Screen tool and the ISCD modeling work do not get near the credit that they deserve in the CFATS process. The SVA submission tool provided another innovative information submission and analysis capability that Ms. Zuckerman can only find fault with because it might take as much as 250 hours to complete. She also notes that that is a DHS pre-implementation estimate and forgets to mention that there has been no effort to document the actual amount of time that it took facilities to complete their submissions.
Furthermore, it is clear to anyone that has looked at the CFATS process in any detail that the success of the Top Screen and Security Vulnerability Assessment tool inevitably led the leadership at ISCD to try to extend that methodology to a process that was so much more complex that the same type tools could not provide the level of information necessary to adequately judge the level of compliance with the established RBPS.
Again, Ms. Zuckerman’s misunderstanding of the strengths and weaknesses of this program weaken the importance of the conclusions that she draws; conclusions that I will address in subsequent blog posts.