Friday, September 2, 2016

Top Screen 2.0 – What’s Missing

This is the second in a series of blog posts about the new Top Screen manual recently published by the DHS Infrastructure Security Compliance Division (ISCD). This manual supports changes being made to the Chemical Security Assessment Tool (CSAT). These revisions are being called CSAT 2.0 by ISCD. Earlier blog posts in the series include:

Missing Items

While there are any number of changes being made in the new Top Screen manual one of the most obvious set of changes from the previous Top Screen Questions manual (besides the type set and organization) are the elements that are missing from the new manual. They include:

• CVI Authorizing Statements;
• Paperwork Burden Notice;
• Submission Statement;
• EPA RMP Facility Identifier;
• All refinery specific questions;
• All liquefied natural gas questions;
• All gasoline storage questions;
• All mission critical chemical questions; and
• All economically critical chemical questions.

The first three items are administrative in nature and the first and last of these may actually still be on the screen in the on-line Top Screen tool; they did not really need to be mentioned in this manual. The missing Chemical-terrorism Vulnerability Information (CVI) Authorizing Statement will be discussed more completely below.

The removal of the RMP question is interesting in light of recent concerns about the lack of information sharing between DHS, EPA and OSHA on issues of chemical safety and security (see EO 13650). This question never did seem to be of much use in assessing the terrorism risk level of a facility, but its inclusion could have been useful in setting up a formal information sharing process with the EPA.

The refinery questions in the original Top Screen were related to economic considerations (capacity, market share, end-users, etc). These were included as DHS intended to include economic risk considerations in their risk analysis. They never actually got around to doing this (due to the complexity of that analysis) and it would seem that they now have little intention of doing so. This would also explain the removal of the mission critical and economically critical chemical questions which were originally intended to be used for the same purpose.

The missing liquefied natural gas and gasoline storage questions are related to more complex issues that will be dealt with in a later posting in this series. While the gasoline storage questions from the earlier version of the Top Screen were removed, ISCD did include a few new question that will be dealt with in a later discussion of Release-Flammable COI section of the Top Screen.

CVI Issues

The CVI program is a part of the CFAT program that limits the release of sensitive but unclassified information about the security of facilities covered in the CFATS program. To access CVI information individuals have to complete a CVI training program and have a legitimate need to know, or access to, the information.

Since the individual bits of information that the facility uses to complete the Top Screen are not covered under the CVI program DHS has not required individuals filling out, reviewing, or submitting the Top Screen to have completed CVI training. It is only the completed Top Screen submission or the letter from DHS subsequent to the submission of the Top Screen that is considered to be CVI protected information.

The original intent of the CVI Authorizing Statement on the Top Screen was to serve as a non-disclosure agreement between the submitting facility and ISCD. It also provided information about how to get the required CVI training to be able to access CVI protected information in the future.

Either the DHS lawyers determined that this was not an effective non-disclosure agreement, or that one was not needed. It is also possible that this CVI information is being moved to the new CSAT registration tool manual that we are expecting to see in the next couple of weeks. We will just have to wait and see.

No comments:

/* Use this with templates/template-twocol.html */