This is the final blog in a series taking a critical look at the recent Heritage Foundation report on the problems with the CFATS program. While the report authored by Jessica Zuckerman is not up to the usual editorial standards of the Heritage Foundation it does raise some interesting issues. The earlier blog posts can be found here:
The final section of the Heritage Foundation report on the CFATS program is called “Developing Market-Oriented Chemical Security Solutions”. As one would expect with a concluding section of a report it summarizes the author’s conclusions. This post will address those conclusions and some of the other shortcomings of the report.
Here is my summary of those conclusions (okay, I stole them from the subheading in the section):
• Take a truly risk-based approach to chemical security;
• Reject calls for greater regulation;
• Expand SAFETY Act protections to encourage greater innovation;
• Promote public–private partnerships to enhance aging U.S. infrastructure; and
• Foster greater transparency and cooperation.
I have dealt with most of these conclusions in earlier the earlier posts on this report, so I will not dwell on them further here. There is one new area found in this concluding section that it not addressed anywhere else in the report and that is the one dealing with ‘aging U.S. infrastructure’. It is a shame that Ms. Zuckerman forgot to address this issue in the body of her report because she may have made a potential contribution to the discussion of chemical facility security. Unfortunately, we are left with glittering generalities such as:
“The United States’ overall critical infrastructure, including the chemical sector, is inadequate and aging. Greater investment is needed not only to ensure that U.S. critical infrastructure is protected but that it is capable of bouncing back quickly when disaster strikes.” (pg 10)
In general there is more than a little truth in the description of critical infrastructure as ‘aging’ and ‘inadequate’ covers a wide range of perceived and actual problems. The conclusion that ‘greater investment is needed’ is hardly revolutionary, but it begs the question of where the money is going to come from for that investment. This issue is one that deserves a whole host of reports about specific areas of infrastructure, public and private, that could have a potential effect on chemical facility security.
One would be forgiven for concluding, after reading this report, that industry was widely disillusioned with the CFATS program and wanted to see it replaced with a radically different program. This is never specifically stated in the report, but Ms. Zuckerman does repeatedly talk about the burdens that the program places upon industry.
In the last couple of days, however, the chemical industry has started to respond to this report, and it hasn’t been favorable. An article over at NTI.org (Government Security Newswire, GSN) quotes representatives from two of the largest organizations representing chemical facility owners, the American Chemistry Council (ACC) and the Society of Chemical Manufacturers & Affiliates (SOCMA) as being generally supportive of continuing the CFATS program. They acknowledge problems with the current implementation, but support the basic premise and design of CFATS.
These two organizations certainly don’t represent all of the chemical facilities that are covered under CFATS, but I would be willing to bet that they cover a majority of the Tier 1 and Tier 2 facilities that are having to spend the greatest amount of money on upgrading the security measures at their facilities to comply with the program.
Now part of that support is simply fear of the unknown. Not knowing what type of program would replace CFATS, and Ms. Zuckerman provides nothing beyond glittering generalities, industry would rather deal with the devil they know than accept the potential for an entirely new program.
Given the fact that Congress has been unable to craft comprehensive chemical security legislation since 2001, it is unlikely that it would be able to do so any time in the foreseeable future. Eliminating the CFATS program would leave a void with unpredictable consequences. The GSN article notes that industry fears that an EPA based program might result in requiring IST implementation. What is even more likely is that several State and local governments, no longer restricted by the supremacy of the CFATS program, would craft a patchwork of local regulations that would leave selected facilities with onerous requirements (certainly including IST provisions in many localities) while leaving their competitors with no regulations.
Areas That Were Not Addressed
There are a number of problem areas in the CFATS program that were glossed over, minimally mentioned, or completely ignored in this report. While I have addressed most of these in some details in various posts over the years, I would like to take this opportunity to mention some of the more important ones (in my opinion) so that future researchers might have a better chance of preparing a report that deals with actual issues and problems in the CFATS implementation.
Ms. Zuckerman briefly mentions the problem with the qualifications of Chemical Facility Security Inspectors (CFSI). The initial members of the CFSI were drafted from the Federal Protective Service. These were law enforcement personnel with a background in physical security, they had little or no background in dealing with chemical facilities. The folks at ISCD realized this problem and established a Chemical Security Academy. I did an initial blog posting on that topic a number of years ago. Since then I have done a number of other blog postings on the issues related to training of CFSI. They include topics such as:
Armed Security Forces
A number of commenters on the Anderson Memo about the problems associated with the current CFATS program have taken particular issue with the problem of current CFSI who started out as sworn law enforcement personnel wanting to continue carrying their side arms. Leaving aside for the moment the definition of enforcement in the CFATS environment, the failure of ISCD to address the issue of the use of armed security personnel to stop terrorist attacks on high-risk chemical facilities is a much unnoticed failing of the program. I have dealt with this issue in a number of blog posts:
• Armed Guards;
• Perimeter Fencing; and
The biggest current problem with ISCD is their apparent inability to effectively authorize any Site Security Plans. While many commenters have noted this problem, no one has attempted to determine the root cause. While I have not had the opportunity to do a detailed study of the problems on the ground, it is clear from the limited comments we have heard from DHS and the inspected community that there is a serious shortcoming with the current SSP tool in CSAT; it is not adequately soliciting the information needed by ISCD to conduct a paperwork evaluation of the programs at the facility.
Any security professional that looks at the questions asked in the SSP tool would realize that the level of detail required for an adequate assessment of the security plans at the facility would not be provided by those questions as asked. This has resulted in DHS establishing the Pre-Authorization Inspection program where presumably the CFSI are tasked with seeking out the necessary information.
I have addressed the ways that this problem might be addressed by facilities in submitting their SSPs, but it seems to me that the SSP tool needs a fairly extensive revision if it is ever going to provide the level of detail necessary for ISCD or its contractors to evaluate the security planning at CFATS covered facilities. Lacking that ISCD should institute a program where they send a detailed letter to the facility seeking the specific information they need to make their evaluation rather than sending the CFSI out to get the information.
While there are any number of other security related issues that might be addressed by any reasonable revamp of the administration of the CFATS program, I’ll just address one more in this posting, the lack of an approved personnel surety program. RBPS #12 requires facilities to conduct background checks on all facility employees and contractors and any visitors requiring unaccompanied access to critical areas of the facility. The provisions for checking identity, criminal history and legal authorization to work can be adequately complied with by using any of a number of commercial organizations to conduct background investigations. The one area that cannot be accomplished by such organizations is the identification of people with terrorist ties.
The failure of ISCD to come up with a reasonable program for allowing facilities to have ISCD or some other agency of DHS to vet personnel against the Terrorist Screening Database is inexcusable. Such a program should allow for the use of any of the currently available TSA vetted identification programs (TWIC, HME, etc) and/or provide a simple method of submitting individual information to ISCD for such vetting. ISCD tried to make their program much more complicated than was necessary. Since that program was recently withdrawn, ISCD’s delay in getting such a program established will continue to put off establishing a terrorist screening program for an even longer period of time.
ISCD and the CFATS program have a number of challenges and problems to overcome. Documents that are purportedly comprehensive looks at the program like this Heritage Foundation report could provide a basis for the discussion of how to move proceed with developing a workable chemical security program for high-risk chemical facilities. Unfortunately, Ms. Zuckerman did little to move the discussion forward.