Monday, April 28, 2008

One University’s Response to CFATS

I ran across an article today about the University of Cincinnati’s response to the CFATS reporting requirements. Back in December of 2007, when it became obvious that DHS expected university laboratories to comply with the CFATS requirements, the University notified each faculty member of the requirement to submit a chemical inventory by February 1st of this year.

This gave the University’s VP for Research time to review and verify the submitted data before their March 22nd deadline (UC apparently took advantage of the 60-day reporting extension offered by DHS) to complete a Top Screen), if required. It turned out that the university did not have any of the chemicals of interest (COI) present in excess of the screening threshold quantity (STQ), so a Top Screen was not required.

The article did note that UC used the option of declaring each building housing chemicals to be a different ‘facility’ under the CFATS regulations. That meant that each building’s inventory was individually compared against the STQ requirements for the COI on hand. The article did not note if the University would have had to complete a Top Screen submission if they had opted to classify the entire institution as a single facility.

While no security rules were violated in the publishing of this article, I am sure that DHS would just as soon not see a large number of such articles published. The contents of a Top Screen submission would be considered Chemical Vulnerability Information (CVI), and as such could not be released for publication. Presumably for a facility to submit a Top Screen should also be considered CVI, since that would be the admission of the presence of a COI in excess of the STQ.

Facilities that did not have to submit a Top Screen are not covered by CVI rules. If enough facilities published the fact that they were not required to submit Top Screens, facilities that did not publish that fact would be presumed to have an STQ amount of a CVI. Thus, their security could be effectively compromised by the innocent acts of others.

Just another example of the conflict in a free society between the requirements for security and the public’s right to know.

No comments:

/* Use this with templates/template-twocol.html */