Had an interesting comment posted to yesterday’s blog post about DHS announcing that it was sending out new Tiering Letters based upon the new CSAT 2.0 Top Screens that have been submitted since October. Bill Crews, a long-time reader, wanted to know how this change in the Chemical Facility Anti-Terrorism Standards (CFATS) would affect security consultants.
This is really a wider question about how many facilities were going to be added to the CFATS program and how many are going to have to make significant revisions to their existing site security plans (SSP). We are probably not going to know exactly what the numbers look like until the webinar later this month (see yesterday’s blog for details). But based upon a conversation I had with David Wulf and his staff last fall, I can make some guesses.
First off, there will be some number of new facilities that will be added to the CFATS program. The Infrastructure Security Compliance Division (ISCD) has sent (actually is sending) letters to all facilities that had ever submitted a Top Screen (40,000+ facilities since 2007) requiring them to submit a new Top Screen reporting on their holdings of DHS chemicals of interest (COI). Not all of them will submit (some have gone out of business), but some small percentage of those that had previously not been deemed to be at high-risk of a terrorist attack will have had a different result under the new risk assessment methodology.
ISCD was also going to be making another outreach effort thru a wide number of industry associations to ensure that all potentially affected facilities (those with inventories of 300+ COI) were made aware of their Top Screen reporting responsibilities if they had more than the screening threshold quantity (STQ) on hand in the last 60-days. Some of those newly reporting facilities are going to be notified that they are covered under the CFATS program.
Nearly all of these new CFATS facilities are going to need some level of help in developing and executing a site security plan that can be approved by ISCD. This is going to mean new business for all manner of security contractors including firms that manage background checks.
Only some of this is going to hit immediately. ISCD has been careful to spread out the notification pain in the past, and we can expect them to do so again. As I said earlier, they are still sending out Top Screen notification letters.
What is going to be interesting to see is how ISCD handles public reporting of progress on this next phase of CSAT 2.0 implementation. They discontinued their monthly reporting of site security plan authorizations and approvals when they started the CSAT 2.0 implementation. I would like to see them resume similar periodic reporting as they start sending out SVA/SSP notification letters.