Monday, March 17, 2008

General SVA and SSP Requirements under HR 5577

This is part of a continuing series taking a detailed look at the provisions of the new Chemical Facility Anti-terrorism Act of 2008 recently introduced in Congress (HR 5577IH). Today’s entry looks at the first part of Section 2104 dealing with the general requirements for the Security Vulnerability Assessments and Site Security Plans.


Previous blogs in this series include:


·        CFATA of 2008 Introduced as HR. 5577

·        Personnel Background Checks and HR 5577

·        Ranking of Chemical Facilities by HR 5577


Establish Procedures


The Secretary is required to establish ‘standards, protocols, and procedures’ for both Security Vulnerability Assessment and Site Security Plans. These will require that the owner/operator of each covered facility will:


  • “conduct an assessment of the vulnerability of the covered chemical facility to a chemical facility terrorist incident;”


  • “prepare and implement a site security plan for that covered chemical facility that addresses the security vulnerability assessment and the risk-based chemical security performance standards under subsection (c); and”


  • “include appropriate supervisory and non-supervisory employees of the covered chemical facility, and any employee representatives, as appropriate, in developing the security vulnerability assessment and site security plan required under this clause.”


The only new requirement in this portion of the legislation is the requirement to include a variety of personnel in the security process. Unfortunately the requirements say nothing about the qualifications of the personnel to contribute to the process. The stated idea, which has the support of many labor leaders, is that employees understand best the security vulnerabilities of the facility. While these employees may provide an intimate understanding of the day-to-day operations at the facility, their training and background may contribute little to the discussion of security.


At facilities where there is an adversarial relationship between labor and management, the inclusion of a labor union representative on the security team may put an unnecessary strain on the security process. At most facilities, however, the inclusion of ‘employee representatives’ may make it easier to get employee buy-in to various security processes.


Criteria for Procedures


The Secretary is required to ensure that the rules and procedures developed must be risk-based and performance-based. They must also take into consideration:


·        “the cost and technical feasibility of compliance by a covered chemical facility with the requirements under this title;”


·        “the different quantities and forms of substances of concern stored, used, and handled at covered chemical facilities; and”


·        “the potential extent of death, injury, and serious adverse effects to human health, the environment, critical infrastructure, national security, the national economy, and public welfare that would result from a chemical facility terrorist incident.”


It appears that the current CFATS regulation conform to these criteria, though they may require some minor revisions to make that more apparent. The second criteria is currently taken into account in the Top Screen evaluation in determining which facilities are declared ‘high-risk. The third criterion is addressed in the assignment of facilities to one of four risk-based tiers.


Provide Information


The Secretary is required to provide each covered facility some information to assist in the completion of the assessment and security plans. This information includes:


  • “the number of individuals at risk of death, injury, or severe adverse effects to human health as a result of a worst case chemical facility terrorist incident at the covered chemical facility;”


  • “information related to the criticality of the covered chemical facility for purposes of assessing the degree to which the facility is critical to the economy or national security of the United States;”


  • “the proximity or interrelationship of the covered chemical facility to other critical infrastructure, including any utility or infrastructure (including transportation) upon which the chemical facility relies to operate safely and securely; and”


  • “recommended best practices for securing chemical facilities”.


This is a completely new requirement in this legislation. Most of this information will be as readily available to the facility as it will be to the Secretary. The ‘number of individuals at risk’ will be determined from the ‘distance of concern’ provided by the facility in the current Top Screen. In most cases the management of the facility will have a better understanding of the relationship of their facility to the market place, their community, and the surrounding infrastructure than will the Secretary.


The one possible exception is the last information requirement; ‘recommended best practices for securing chemical facilities’. DHS almost certainly has more in-house expertise in security matters than all but the largest chemical companies. This does, however, completely change the character of the current chemical security program. The Section 550 authority for CFATS prohibited the Secretary for specifying any particular security requirement.

No comments:

/* Use this with templates/template-twocol.html */