Friday, October 31, 2008

Video Surveillance Book – 2nd Edition

Back in July I did a review (see: “Review: Security Managers Guide to Video Surveillance”) of an e-book, Security Manager’s Guide to Video Surveillance. John Honovich, the author and owner of the IPVideoMarket.Info web site, has recently published the 2nd Edition of that book. He has updated the information and provided even more links to video surveillance information on the internet. Still Not a How to Book In my earlier review I noted that the e-book was “not the how-to book that one might expect from the title”. It was targeted at the experienced security manager that had some experience with the older surveillance systems that are still common in many installations. The second edition has expanded the amount of ‘elementary’ level information, but it will still not allow a novice security manager to design, install, or troubleshoot an effective video surveillance system. To be fair, John makes no claim that it will. It does provide a better spread of information that will better allow a novice security manager to intelligently discuss video surveillance systems with a security video consultant. Links to Other Tutorials John has done something fairly unusual with this book. He had included an entire chapter (Chapter 11: Directory of On-Line Video Surveillance Tutorials) that describes and provides links to other web sites where more detailed information is available. The subjects cover a wide range of issues, including Basic Lighting for Cameras (link to www.axis.com), Basic Overview of Security Cameras (link to www.electronichouse.com) , and Webinar Introduction to Video Analytics (link to www.isc365.com) among many others. Special Offer This is a free e-book and I have seen nothing on the site where John asks for any money related to this book. Even so, there is a ‘special offer’ found on the third page of the book, an offer similar to what you would expect to see on a late-night infomercial. In this case there is no claim of ‘no extra charge’ since there is no charge to add to. What John is offering is essentially a free email consultation. Here is what the book says:
“From now until December 31, 2008, IP Video Market Info is offering free product recommendations. Simply send an email to jhonovich@ipvideomarket.info with your request (looking for cameras, DVRs, video analytics, etc., describe any special needs or constraints). I will review the request, probably send you a follow up email or two and then provide a one page private report recommending products and explaining my rationale.”
Please read the book before you request this free recommendation. This way you will understand that even with this recommendation in hand you will not be ready to install and integrate a video surveillance system. This is still something that is better left to the experts. Recommendation I think John has greatly improved an already good book and I recommend that everyone working with security at high-risk chemical facilities should read this book. If you have read the first edition, throw it out and get the 2nd. Remember, sometime early next year site security plans will have to be submitted and a video surveillance system will be an integral part of most of those security systems.

Thursday, October 30, 2008

Ammonium Nitrate ANPRM – Comments Requested

Yesterday I noted that DHS had published their ANPRM for Ammonium Nitrate. DHS is looking for public input as they develop the regulations that will implement the requirements set forth in § 563 of the 2008 Consolidated Appropriations Act, Subtitle J, Secure Handling of Ammonium Nitrate (``Section 563''), Public Law 110-161. 

Section 563 Requirements Last year I described the Ammonium Nitrate requirements from § 563 (see: “DHS and the Omnibus Spending Bill”). Generally speaking that section requires DHS to establish a regulatory structure to control the sale and transfer of Ammonium Nitrate (AN) in a variety of forms and concentrations. The regulations would require the registration of AN manufacturing, sales and using facilities. It would also require the sale or transfer of AN could only take place between registered individuals or facilties. 

DHS breaks the requirements down into four categories of ‘activities’ and a number of supporting ‘sub-activities’ that would be regulated. Their listing would look like this: Category 1: Registration Activities
A. Registration Applications.

          B. Terrorist Screening Database (TSDB) Checks. 

         C. Registration Numbers.

Category 2: Point-of-Sale (POS) Activities
A. Seller Verification of Purchaser's Registration and Identity.

          B. Recordkeeping.

Category 3: Additional Regulatory Activities/Requirements
A. Reporting Theft or Loss of AN.

          B. Inspections and Audits. 

          C. Guidance Materials and Posters

Category 4: Administrative Activities
A. Appeals and Penalties.

          B. Establishing Threshold Level of AN in a Substance

Comments Requested 

The ANPRM provides a list of thirteen areas that DHS would like to have addressed by the soon-to-be-regulated community. These comment areas range from data about the computer skills employees working in the various parts of the AN industry (to evaluate the potential use of computers instead of paper for record keeping) to the potential economic impact of these regulations. 

The area of economic impact, both to various levels of government and the regulated community, is one of apparent special interest to DHS. They provide some of the highest level of detail in describing the type of data they are looking for. There are separate descriptions of governmental and civilian data requests. DHS explains the civilian data request this way:
“Comments on the monetary and other costs anticipated to be incurred by U.S. citizens and others as a result of the new compliance requirements, such as the costs in time and money that an individual may incur to obtain an AN registration. These costs may or may not be quantifiable and may include actual monetary outlays, transitional costs incurred to obtain alternative documents, and the costs that will be incurred in connection with potential delays at the point of sale.”
Late Rule Making Progress 

The legislation sets out a fairly aggressive schedule for developing and adopting the regulations to support this requirement. The following schedule was provided:
90 Days (3-25-08) Establish threshold concentration of AN in solution

         6 Months (6-26-08) Publish Proposed Rule 

         12 Months (12-26-08) Publish Final Rule

DHS could justifiably claim that the 90 day requirement was achieved before this legislation was passed last December. Appendix A to 6 CFR part 27 provides concentrations for both explosive AN (any commercial grade) and fertilizer AN (33% solid AN). DHS does not take that position in this ANPRM. One of the comment areas in the ANPRM deals with the “detonability of AN at certain concentrations”. 

DHS has missed the Proposed Rule deadline by five months already. By the time the current comment period is closed eleven months will have already passed since the legislation was passed; it is unlikely that even the proposed rule will be completed in the time remaining for the Final Rule Deadline.

Reasons for Delay 

There are a number of probable reasons for the delay. The first would be the matter of priorities; CFATS implementation has obviously been given a higher administrative priority. When this legislation was passed, the DHS chemical security people were deep into receiving Top Screen submissions. In fact, the Section 563 requirement complicated the already difficult agricultural submissions and was partially responsible for Agriculture Top Screen Extension (see: “Update on Agriculture Top Screen Extension”) 

The Top Screen was followed by preparing the SVA program for implementation. This included writing two new manuals. Additionally, the two Top Screen manuals were revised to reflect the lessons leaned in the first mass Top Screen submission. Once the SVA submissions started (with the attendant problems that have not been made public) the rewrite of the two CVI manuals was the next big role-out followed quickly by the publication of the draft RBPS Guidance document. The chemical security writers and reviewers have been busy campers. 

Another possible reason for the delay can be found in a presidential directive not to publish last minute rules in the closing months of the current administration. Apparently President Bush remembered well the flurry of rule making that marked the waning days of the Clinton Administration. He expressed a desire not to inflict the same burden on the next administration. 

Additionally, there appears to be at least some Congressional complicity in the delay of the development of these regulations. We can deduce this using the Sherlock Holmes technique of noticing what the dog did not do; there has been no vocal outcry from Chairman Thompson about the delay. Chairman Thompson has never been known to shy away from taking the Secretary to task for programmatic delays, but we have seen no such public pillaring over this issue. This probably indicates that the Chairman is looking forward to an Obama administration developing these rules. 

Finally the power of the agriculture lobby can not be discounted as a contributing factor in the delay in developing this rule. There has not been the same public level of opposition to this rule as we saw last year in the great propane fight, but there was undoubtedly pressure brought to bear to delay this rule. In any case, the next administration will have the opportunity to publish the Proposed Rule for the regulation of Ammonium Nitrate sales and transfers.

Wednesday, October 29, 2008

PHMSA HAZMAT Security Rule Comments – 10-24-08

Last month I posted an entry (see: “PHMSA Transportation Security Proposed Rule”) about the PHMSA proposed rule modifying HAZMAT transportation security rules. Until last week there was only a single comment, hardly worth blogging about. Last week that changed, there were three additional comments, so I thought that I would update my readers about the comments that have been filed on this rule. Interestingly all four of the comments submitted to date come from companies and individuals in the special effects community. All of them use explosive and pyrotechnic devices to augment presentations in the entertainment industry; everything from TV to movies to concerts. The four comments come from:
Technic Services Hi-Tech Fx Peter Albiez J&M Special Effects
Technic Services Comments Reuben Goldberg, the owner of Technic Services, notes that the special effects industry uses a variety of Division 1.4 explosives in their daily business. They typically use small quantities of these materials and he objects to small quantity shipments of these materials requiring placarding and security plans for the shipments. He feels that this will increase the cost of these materials, unfairly affecting his company Mr. Goldberg proposes that the following Division 1.4 materials be given a small quantity (250 devices) exemption to the security plan provisions of the rule:
Detonator assemblies, non electric for blasting (UN 0361, UN 0500) Detonators, electric, for blasting (UN 0255, UN 0456) Detonators, non-electric, for blasting (UN 0267, UN 0455) Cord, detonating, mild effect (UN 0289) Cord, detonating, mild effect, metal clad (UN 104) Charges, shaped, flexible, linear (UN 0237) Charges, shaped, without detonator (UN 0440, UN 04410)
Hi-Tech Fx Comments Brian Panther, the President of Hi-Tech Fx LLC, notes that his special effects company frequently uses UN 0361, Detonators- Non electric, UN0456, Detonators-Electric for Blasting, UN0289 Cord, Detonating Flexible, and ‘flash paper’ (a division 4.1 desensitized explosive shipped wet with water). He states that the shipments that he receives are typically less than 1 Kg in weight. He expresses his concern that requiring security plans for these shipments will cause carriers to either increase shipping surcharges to the extent that he could no longer afford to use these devices, or simply refuse to carry the materials in question. Since his company frequently uses these materials at remote locations with rapidly changing requirements this would put an undue financial burden on his company. Peter Albiez Comments Mr. Albiez has been working in the special effects industry for 40 years and is licensed by both the State of California and the BATF to handle division 1.4 and 4.1 explosives. He makes many of the same points made by the previous commenters. He proposes that PHMSA adopts the recommendations made in public hearing comments (11-30-06) made by the Institute of the Makers of Explosives. They proposed that only placarded amounts (1001 lbs) of division 1.4 explosives and desensitized explosives (class 3 and division 4.1) be required to have a shipment security plan. J&M Special Effects Comments Mr Bohdan Bushell, Planning & Administrative Officer for J&M Special Effects objects to the changing of the amounts of Division 1.4 explosives and desensitized explosives. He feels that changing the amount to ‘any amount’ for the level requiring shipment security plans will effectively make these materials un-shippable in the small quantities used by the special effects industry. My Comments on Comments It is always interesting to see an industry respond to new regulations. This may or may not be an organized campaign. If it is, the commenters are doing a better job of writing individualized comments than is normally seen. It will be interesting to see how many more comments are received from this industry between now and November 10th when the comment period ends.

Another IST Implementation with Problems

There was an article posted this last weekend to the DenverPost.com web site about a recent switch-over from chlorine to industrial strength bleach at a major waste water treatment plant for the city. Not only was the chlorine replaced, but the sulfur dioxide used to dechlorinate the water discharged from the facility was replaced with safer sodium bisulfite.

Lack of a Reliable Supply of Bleach 

The Metro Wastewater Reclamation District has been working on this switch over since 2000 and the work was speeded up after the 2001 terrorist attacks made clear to management that the potential risks of handling the two PIH chemicals were too high. Even so there are still rail cars of sulfur dioxide and chlorine sitting behind fences and armed guards while the agency continues to try to certify its new process. That process is handling most of the waste treating work at the facility.

The problem stopping the complete switch to the bleach/bisulfite process, according to the director of operations and maintenance, is the lack of a “dependable, long-term supply of sodium hypochlorite”. Industrial strength bleach (sodium hypochlorite) degrades over time and the degradation is accelerated by heat. This means that the long distance transportation of bleach is not practical, especially by rail. Even if the facility must maintain a supply of chlorine and sulfur dioxide as a backup treatment option, the volume on hand will be greatly reduced, as will the number of railcars of these TIH chemicals shipped into the facility.

Cost of Replacement 

The new storage and handling equipment for the bleach and bisulfite process cost the facility $11 Million. Increased operating costs are projected at about $1 Million per year. Even so the Metro Wastewater Reclamation District management feels that that increased cost is “offset by the benefits in improved site safety”.

Moving the Hazard The one point that this article, and many discussions of replacing chlorine treatment with bleach treatment, fail to address is the fact that chlorine is still the actual disinfection agent. The two processes use roughly equal amounts of chlorine. The bleach is just easier and safer to transport and handle. Most commercial production of bleach uses chlorine as a raw material.

The chlorine is shipped to the bleach production facility by rail car. So switching water treatment and waste water treatment facilities to bleach does little to reduce the number of rail shipments of chlorine. If the bleach production facility is located further from areas of large populations than is the treatment plant, there is a net gain in safety and security. If the rail routing to the bleach production facility avoids more urban areas than the routing for the treatment facility there is a net gain in safety and security. If the opposite is true in either case the result may be an overall decrease in safety and security.

IST Benefit Calculations 

Inherently safer technology is not necessarily easy to identify. Switching from chlorine to bleach could result in less safety and security, not more. It all depends on the circumstances. If there is no net gain in safety or security, the added costs do not produce any benefit to society.

Ammonium Nitrate ANPRM Published

DHS published in today’s Federal Register the Advanced Notice of Proposed Rule Making (ANPRM) for regulating the sale and transfer of ammonium nitrate. This rule was required by provisions of the Omnibus Budget Bill passed last December. Comments on the ANPRM (docket # DHS 2008-0076) are due by November 29th. The purpose of this proposed rule is to “regulate the sale and transfer of ammonium nitrate by an ammonium nitrate facility * * * to prevent the misappropriation or use of ammonium nitrate in an act of terrorism”. Additionally, DHS has added a new web page describing this same ANPRM. This is similar to the web page I described in yesterday’s blog (see: “RBPS Guidance Web Page”). This page may also be reached from the Critical Infrastructure: Chemical Security web page. I’ll be taking closer look at this rule in future blogs.

Tuesday, October 28, 2008

Request a CFATS Presentation Page

About a week ago I did a posting about a CFATS Brochure (see: “CFATS Brochure”). In that blog I noted that DHS had added a “Request a CFATS Presentation” link on their Chemical Security web page. Well, when that page was changed yesterday, the link changed from a ‘mailto’ link to an actual link to a new web page. Well, I missed that change until I got a web page change email from the GovDelivery.Com people notifying me of the latest change on the Chemical Security Web Page. The new page has no reference to the brochure that I described in the earlier blog. That is a shame since that was a well produced PR type publication. It appears that that brochure is no longer available, at least on the web site. What the new page does have is a description of a DHS ‘request a speaker’ program. It provides a mechanism to request a DHS speaker to come talk to your group about CFATS issues. It provides a list of questions that DHS would like answered about the group and venue to aid in their speaker allocation process. They say that they will respond to requests within about two weeks, so you need to get your requests in early. This is a relatively low tech ‘mechanism’. They provide an email address (the CFATS@DHS.Gov address that goes to those friendly Help Desk people) and want you to paste that into your email program. For the text of the message they would like you to paste in the questions and then provide the answers before sending your email. DHS certainly has the programming personnel to develop a higher tech version of this request, but they are probably working on something else; like maybe the SSP format or registration tools for the long awaited ammonium nitrate program. I know, this small tool should be much more important than that stuff.

RBPS Guidance Web Page

Yesterday amongst all of the other blog posts, I did not get a chance to comment on a change to the DHS Chemical Security web pages that was related to yesterday’s posting of the Draft Risk-Based Performance Standards Guidance Document (see: “Public Comment Requested on Draft RBPS Guidance”). In the great scheme of things the web page changes are not earth shattering, but they are indicative of the outreach effort that DHS is making as they continue to implement CFATS. As noted in the Federal Register listing there was a link on the DHS.Gov/Chemical Security web page to get a copy of the Guidance Document. Instead of taking you directly to a .Pdf copy of the document it takes you to a new page, the Notice of Availability and Request for Comments web page for the Draft RBPS Guidance document. This new page provides the web surfer with information on how to make comments about this document. This is the first time that I have seen these instructions outside of the Federal Register listing. Kudos to the internet design team over at DHS – Chemical Security (probably the Help Desk crew) for the outreach effort. The other interesting thing that was done with this web page was that the link to the document takes one back to the Regulations.Gov web page where the document is posted as part of the CFATS docket. I guess this frees up some space on the DHS web server and Regulations.Gov does need to keep a copy posted in any case. This may actually be a case of cyber efficiency in the US government; quite a thought.

RBPS Guidance Shortcomings

Having had a chance to review the entire Guidance document, I am afraid that I am going to have to take this opportunity to take DHS to task for the major shortcoming that I have found in this document rather than to do my normal detailed review of the provisions. I’ll get back to my normal review in my next blog entry on this document. As I noted in my first review post (see: “RBPS Guidance – Introduction”) prominent feature of the Guidance document is the DHS Disclaimer. This is probably necessary given the Congressional mandate that DHS may not require any specific security provision in the approval process of the high-risk chemical facility Site Security Plan (SSP). General Considerations This non-prescriptive nature of the Guidance document is further emphasized in the discussion of the General Considerations for Selecting Security Measures (page 15) section of the document. There DHS notes that:
“In fact, Congress has expressly prohibited DHS from disapproving a Site Security Plan based on the presence or absence of a particular security measure. Accordingly, the measures and activities listed in each chapter and in Appendix C are neither mandatory nor necessarily the “preferred solution.” Nor are they the complete list of potential activities from which a high-risk facility must choose to meet each RBPS. Rather, they are some example measures that a facility may choose to implement as part of its overall strategy to address the RBPSs. Facility owners/operators may consider other solutions based on the facility, its security risks, and its security program, so long as the suite of measures implemented achieve the targeted level of performance” (emphasis added).
Metrics that Do Not Measure Unfortunately, earlier in the How to Use This Guidance Document (page 13) section of the document, DHS makes this comment in the discussion of the metrics that are provided in the discussion of the individual RBPS:
“Note that the metrics included within the RBPS guidance document are for exemplary purposes only, and a facility need not necessarily meet any or all of the individual metrics to be in compliance with CFATS. Rather, the summary and individual metrics are meant to help a facility identify gaps in its own security posture and potentially mitigating activities by understanding the levels of performance that a compliant facility typically will be able to demonstrate. While a facility meeting all of the metrics is likely to be in compliance with the CFATS RBPS, the failure to meet any particular metric or summary level – or the substitution of alternative measures – does not automatically mean that a facility will not be in compliance with CFATS.”
While that sounds like it is in keeping with the Congressional restrictions provided in Section 550 of the Homeland Security Appropriations Act of 2007 (P.L. 109-295) one just has to look at the metrics provided in the Guidance document to see how unnecessary that waffling is. For example, here is the Tier 1 summary metric for RBPS #1, Restrict Area Perimeter:
“The facility has an extremely vigorous perimeter security and monitoring system that enables the facility to thwart most adversary penetrations and channel personnel and vehicles to access control points; including a perimeter intrusion detection and reporting system with multiple additive detection techniques that can demonstrate an extremely low probability that perimeter penetration would be undetected.”
There is clearly no requirement for specific security measures in that metric. Loop Hole Makes CFATS Unenforceable While the vast majority of the 7,000+ high-risk chemical facilities will use this Guidance document the way that it was intended, there will certainly be a significant number of facilities that will use the evasiveness of this document to deter DHS enforcement activities and delay implementing serious security measures. There will be much back-and-forth consultation until a harried DHS inspector is not careful in the wording used to ‘suggest’ an adequate security remedy. As soon as that is done the facilities lawyers will head to court to claim violation of Federal Law and Congressional Intent. And most of those claims will be upheld. In the event that DHS does levy sanctions on non-complying facilities there will be a bevy of lawyers available to argue that the vagueness of the standards makes them unenforceable. Claims will be made of inequitable enforcement and allowing too much leeway for inspector opinions. Correcting the Problem DHS needs to de-emphasize the repetitive disclaimers. The single disclaimer at the front of the document should be legally sufficient, especially since DHS uses standard type sizes and color-highlights the text box in which the disclaimer is printed. The needless repetition of the disclaimer language in the body of the Guidance document is unnecessary and should be removed. Finally, the disclaimer about the metrics found on page 13 is completely unnecessary and not required by the §550 language as long as the summary metrics do not specify security measures.

Monday, October 27, 2008

Comments on Impact of Chemical Weapons Convention

Today, the Bureau of Industry and Security (BIS) published their annual request for public comments on the impact that the enforcement of the Chemical Weapons Convention “has had on commercial activities involving 'Schedule 1' chemicals during calendar year 2008”. Comments should be received by November 26th. This information is needed for the Secretary of Commerce’s annual report to Congress on the impact the CWC has on “the legitimate commercial activities and interests of chemical, biotechnology, and pharmaceutical firms in the United States”. Comments can be sent to Willard Fisher (wfisher@bis.doc.gov or fax (202) 482-3355) at the Bureau of Industry and Security. All comments will be posted at http://www.bis.doc.gov/foia. BIS will not accept comments “accompanied by a request that a part or all of the material be treated confidentially because of its business proprietary nature or for any other reason”. Any such comments will be returned without action or consideration.

DHS CSAT FAQ Page Update 10-24-08

Last week DHS reviewed or updated the FAQ responses to three questions. I found no new information in any of the answers. The questions were from two areas: CFATS Regulations and Chemical-terrorism Vulnerability Information (CVI). The three questions updated were:
1601: I completed the DHS CVI training to become a CVI Authorized User prior to September 22, 2008, and was required to sign a Non-disclosure Agreement (NDA) with DHS. I understand that a revised CVI Procedural Manual and updated CVI Authorized User training were made available on September 22, and that DHS no longer requires an NDA as part of the training to become an Authorized User. Is my CVI NDA still binding? 1604: Do I need to keep a record and/or printout of my survery before transmitting it to DHS? 1605: I am already a CVI Authorized User. Do I need to take the CVI training again to maintain my CVI Authorized User status?

Reader Comment 10-24-08

Fred Millar, an activist working on a variety of railroad hazmat issues, posted a comment to last Friday’s blog on the RBPS Guidance Document. Fred notes that the RBPS is the effective equivalent of the guidance document being developed for the railroads for making their routing decisions. I too am waiting for the release of that guidance since that proposed process certainly smacks of what Fred called a “Rube Goldberg-like complex process”. I do take objection to one of Fred’s comments. The Bush Administration did not refuse to order IST provisions in their facility security rule. Congress, in the authorizing legislation, specifically forbade DHS from requiring any specific security measure. And Congress has been unable or unwilling to change that restriction. When DHS issued the interim final rule on CFATS they did note that removing the COI from the facility, or reducing the amount of the COI on hand at the facility could result in a removal of facility from a ‘covered status’ or reduce the tier level of the facility. I do admit that it would have been nice to see this included in the discussion of RBPS 5 – Shipping, Receipt, and Storage in the Guidance Document.

Possible Eco-terrorist Attacks on Canadian Gas Pipeline

According to a recent blog posting on CounterTerrorismBlog.org, two separate explosive attacks on a ‘sour gas’ pipeline near Dawson Creek, BC are being blamed on ‘eco-terrorists’ by the “former chief of strategic planning for the Canadian Security Intelligence Service”. The RCMP has not been willing to call the bombings ‘terrorist attacks’, preferring the term vandalism. Vandals, however, do not usually warn their targets to get out of town.

Stop the ‘Deadly Gas’ 

The term eco-terrorist covers a lot of ground. This does not look or sound like one of the better known groups like the Animal Liberation Front or the Earth Liberation Front. The letters sent to local newspapers before the first bombing did not name any group. Instead the letters just attacked the energy companies for their ‘deadly’ gas wells in the area and called those energy companies ‘terrorists’. And, it warned them to shut down their gas wells and get out of town.

The ‘deadly gas’ is natural gas being pumped out of the ground. It is called ‘sour gas’ because it is contaminated with relatively small amounts of hydrogen sulfide. Well, ‘relatively small amounts of hydrogen sulfide’ is misleading. With concentrations of about 0.07% in the gas, it does lend some toxicity concerns to significant releases of this material. Presumably this is why the letter writer complained that “as you keep on endangering our families with crazy expansion of deadly gas wells in our homelands” according to the local paper.

Eco-terrorists Attacks 

This could very easily be a single person rather than an organization conducting this ‘terror campaign’. This would not be unusual for a so-called eco-terrorist attack. They tend to be executed by small groups and individuals outside of the control of any easily tracked group. This makes these groups harder to pre-empt since they are so difficult to detect and penetrate. The other characteristic of a eco-terrorist attack is that these bombings were conducted in remote areas were there was little possibility of collateral damage.

There was also a certain level of escalation in the two attacks, with the second attack being slightly more ‘effective’ in that the gas line was actually damaged slightly. Further escalation can probably be expected if there is no ‘appropriate’ response from the gas companies.

Energy Infrastructure Attacks 

This is the second time in a year and a half that there have been energy infrastructure attacks by terrorists in the Americas. Last year there were the very successful attacks on oil pipelines in Mexico by native separatists. Now this eco-terrorist attack on gas pipelines in Canada.

We have not yet seen state sponsored groups or al Qaeda resort to such attacks in the Americas. However, the recent plunge in the price of crude is certainly going to hurt some countries (Iran or Venezuela for instance) that are known to have associations with a variety of terrorist groups. It would not be beyond the realms of possibility that groups sponsored by these countries could try to destabilize the oil markets (and raise crude prices) by attacking oil infrastructure in this country.

Energy Infrastructure Vulnerability 

These attacks point out the vulnerability of energy infrastructure, it is widely distributed and thus vulnerable to attack. A successful attack can be visually impressive and have wide spread impact away from the attack site.

Pipelines are especially vulnerable to these attacks because they are hard to defend, as are remote pump sites. Storage sites may be less vulnerable, but promise much more impressive ‘results’ from a successful attack.

Ethanol transportation links are equally vulnerable. Railcars in transit or sitting at transloading stations are just as vulnerable as pipelines. And ethanol has a wide variety of social, economic and environmental detractors. It is not hard to imagine that this legitimate opposition could spawn individuals or small groups that would resort to violence to stop the spread of ethanol use.

To date there have not been any successful terrorist attacks on energy infrastructure in the United States. In today’s world that is not necessarily a predictor of continued safety.

Public Comment Requested on Draft RBPS Guidance

In today’s Federal Register DHS posted their notice that the Draft Risk Based Performance Standard (RBPS) Guidance document (Draft Guidance) is now available for public comment. Comments need to be filed by November 26th. A copy of the Draft Guidance was not published in the Federal Register, nor will the final version be published there according to this notice. The notice states that suggested changes and comments should identify the appropriate page and line number in the Guidance Document. Commenters should also cite “data, information, or authority that supports such recommended changes”. Comments can be submitted electronically at http://www.regulations.gov or by mail. Comments must include the agency name and the docket number (DHS-2006-0073). All comments will be published on the Regulations.gov web site. This notice did not contain the normal warnings about proprietary data or CVI in submissions. If you need to include such data to justify proposed changes I would suggest contacting Dennis Deziel {Office of Infrastructure Protection, Mail Stop 8100, Washington, DC 20528, telephone number (703) 235-5263} before making such a submission. You can download a copy of this draft from the Regulations.gov website. I will periodically add posts about published comments in this blog.

Friday, October 24, 2008

Chemical Transportation Advisory Committee Meetings – 11-18/19-08

The Coast Guard announced in today’s Federal Register that there will be a series of meetings of the Chemical Transportation Advisory Committee on November 18th and 19th in League City, TX. A variety of working groups and subcommittees will be making presentations and reports at these meetings. Public participation is welcome. The Hazardous Cargo Transportation Security (HCTS) Subcommittee will be meeting from 10:00 a.m. to 12:00 p.m. on the 18th. They will be making a status report and will be discussing “progress with the Transportation Workers Identification Credentials (TWIC) program and proposed Advanced Notice of Arrival (ANOA) regulatory changes.” There will also be a presentation on “on the response to the Vinyl Chloride Monomer spill in Corpus Christi, TX.”

RBPS Guidance – Introduction

This is the first in a series of blog posts that looks at the recently released draft DHS guidance document for implementing the Risk-Based Performance Standards (RBPS) in site security plans (SSP) for high-risk chemical facilities. The RBPS are a key component of the Chemical Facility Anti-Terrorism Standards (CFATS). This first post is a general introduction to the document. Background When Congress authorized DHS to establish the CFATS regulations they included a provision that prohibited DHS from requiring any specific security program or procedure. Instead it dictated that DHS should develop risk-based performance standards that high-risk chemical facilities could use to develop a security program best suited to their unique situation. The big problem with RBPS is that it can be difficult to tell when one meets the standards. With command type regulations that specify what must be done, it is relatively easy to determine when the regulations have been complied with. With RBPS it is less clear. When RBPS are applied to a new field like chemical facility security, it becomes even more difficult. That is the reason that DHS is publishing this guidance document. It is an effort to make it easier for facilities to understand the complexity of the standards. According to this draft the purpose of the guidance document is:
“To assist high-risk facilities in selecting and implementing appropriate protective measures and practices and to assist DHS personnel in consistently evaluating those measures and practices for purposes of the Chemical Facility Anti-Terrorism Standards (CFATS), 6 CFR Part 27”.
RBPS Guidance Document Disclaimer At the top of the Overview page and the beginning page of the discussion for each performance standard DHS has included a text box that contains an official disclaimer. While the disclaimer is rather extensive the important parts are covered in just two sentences:
“This guidance reflects DHS’s current views on certain aspects of the Risk-Based Performance Standards (RBPSs) and does not establish legally enforceable requirements for facilities subject to CFATS or impose any burdens on the covered facilities. Further, the specific security measures and practices discussed in this document are neither mandatory nor necessarily the 'preferred solution' for complying with the RBPSs.”
It is obvious that DHS takes the Congressional mandate requiring RBPS very seriously. Wording similar to these two sentences from the disclaimer shows up repeatedly throughout the text. DHS wants to make sure that no one mistakes the RBPS guidance for a prescriptive, command-type regulatory document. General Guidance While the Guidance document provides detailed discussions about how to select appropriate security measures for each of the 18 performance standards, the introductory portion provides some general guidelines or ‘considerations’ that facilities should take into account when selecting and developing their security procedures. Briefly stated those considerations (pages 15 – 19) are:
“The Non-Prescriptive Nature of Risk-Based Performance Standards. “The Impact of the Nature of the Security Issue Underlying the Facility’s Risk Determination. “The Impact of the Type of Facility and Its Physical and Operating Environments. “An Individual Measure May Support Achievement of Multiple Risk-Based Performance Standards. “Layered Security/Combining Barriers and Monitoring to Increase Delay. “Asset-Specific vs. Facility-Wide Measures.”
These considerations (to be discussed in more depth in later blogs in this series) reflect the varied nature of the different high-risk chemical facilities covered by the CFATS regulations. They also go a long way toward explaining why the RBPS are so critical to the CFATS process; it is highly unlikely that any specific security procedure would support these considerations for a significant number of high-risk facilities. COI and RBPS Requirements The various types of security problems that a high-risk chemical facility will have to deal with in their SSP will vary with the COI that are stored or used on site. The guidance document provides some examples of how this might work. For instance, “if a facility has no dangerous chemicals for which theft or diversion is a security issue, then it does not need to implement any additional measures to comply with RBPS 6 – Theft and Diversion” (page 11). This does not mean that a facility can ignore any of the 18 RBPS listed in 6 CFR § 27.230. They must all be addressed in the SSP. However, when “a facility believes it can satisfy a RBPS without the implementation of any specific security measures or practices, the basis for this belief should be clearly articulated in the facility’s Site Security Plan”. Tier Level Affects RBPS Requirements The other major factor that will affect a high-risk chemical facilities selection of security measures is the level of risk found at that facility. This risk level is reflected in the Tier level to which the company was assigned after their SVA submission. This reflects the intent of Congress to insure that the facilities that presented the highest risk to the public would have to take the most precautions to protect the public. Some of the RBPS are less affected by facility tier level than others. The response to the ‘Restrict Area Perimeter’ (RBPS #1) standard will certainly be more robust for Tier 1 facilities. The facility SSP provisions for the ‘Reporting of Significant Security Incidents’ (RBPS #15) will be less dependant on the facility tier status. This will be reflected in the discussion for each RBPS. Future Blogs In future blogs I will take a more detailed look how this Guide is organized and at the individual RBPS. When this document becomes publicly available I will certainly note that and provide information on where to download this lengthy (178 pages) document. In the next week or so we can expect to see this published in the Federal Register along with notification of how the public and industry can provide their comments on the document.

Thursday, October 23, 2008

Greenpeace Continues Pressure

There is an editorial on Philly.com today that appears to be part of the continued push by Greenpeace and other groups to pressure Congress to pass comprehensive chemical security legislation. The piece was written by Rick Hind, the Legislative Director for Greenpeace. Rick avoids my earlier complaints about pressuring this Congress for action next year (see: “Push for New Chemical Facility Security Law”) by calling for action this year when Congress comes back into session. While it is not yet clear that their will be a post-election session this year, I am happy to see this tactical change in message. Isolating the IST Message I am disappointed that Rick only addressed a single issue, Inherently Safer Technology, in his editorial. The coalition of environmental, labor and political action groups (of which Greenpeace is a member) letter that was sent to all members of Congress cited ‘four fatal flaws’ in the law authorizing the current CFATS regulations. All four of those flaws should have been addressed. This is especially true when the vast number of facilities that “use and store highly toxic, volatile chemicals such as sulfur dioxide and chlorine gas” are exempted from the current interim regulations. Adding the IST provisions to the regulations without removing the exemption for water-treatment and waste-treatment plants will achieve little. I understand that it is easier to preach a single message that is easy to characterize as a clear-cut black and white issue. I do think that it ill serves the argument to oversimplify the discussion in this way. This is even more important when the argument is being made to the members of Congress, not the body politic. No one is running this year on homeland security issues. There is nothing to be gained by resorting to easily refuted scare tactics. Move Forward on HR 5577 Having said all of that, I do agree with Rick Hind that Congress does need to take action. I agree completely with his final statement; “It's not too late for Congress to redeem itself when members return to Washington after the election.”

New Emission Control System a Source for IEDs?

I ran into an interesting article over on AutoWeek.com earlier this week. It seems that Mercedes Benz is getting ready to sell a car in the United States that uses a urea solution to catalyze the elimination of NOx emissions from its diesel-engine. Each vehicle would carry a 7-gal tank holding a urea-water solution that would provide for vehicle operations for somewhat more than 10,000 miles. This is obviously not a place to discuss the merits of an automotive emissions control system. What make this development interesting in this forum is the fact the urea is a precursor to an easily made explosive, urea nitrate. This explosive is roughly equivalent to ammonium nitrate in its explosive power. It has been identified as being used in improvised explosive devices (IEDs) Urea as a COI Urea was included in the original DHS chemical of interest list published in the spring of 2007. It was listed as a theft/diversion IED precursor chemical. It had a 2,000 lb screening threshold quantity (STQ). DHS removed urea from the final version of Appendix A because they felt that it was easier to regulate Nitric Acid, the other chemical required to make urea-nitrate. When the current Appendix A was released the STQ for similar IED precursors was changed to 400 lbs of any commercial grade of the COI. If urea had not been removed from the list the amount of the urea solution in vehicle tanks would not be any where near enough to amount to an STQ amount. Refill tanks at vehicle dealers would certainly contain more than 400 lbs. Reconsidering Urea One of the major reasons that urea was removed from the COI list was that it was a widely used as both an agricultural and industrial chemical. This would have required too many facilities to be included in CFATS coverage. Since its required co-reactant is so much easier to control, it was easy to justify removing urea from the list of COI. This new use of urea (new in the United States, it has been used in this application in Europe for a couple of years now) might require a rethinking of the COI status of the chemical. The dispensing tanks of urea-water solution will be found in dealerships in urban and suburban areas where urea has been rare. With ‘home-grown’ terrorists more often found in these same areas, this may present too tempting a target. Alternatives to Appendix A Listing Is this enough to justify adding urea back to Appendix A? Probably not. The original risk calculation outlined in the Final Rule still applies to the vast majority of facilities that use urea. There is an alternative. The Secretary has the authority to designate individual facilities or classes of facilities as high-risk without regard to the Appendix A status of chemicals in use at the facility. Needless to say, the security requirements for a facility with a relatively small tank of urea-water solution will be significantly less complex than for a facility with a large chorine storage tank. That is one of the reasons that the risk-based performance standards used to evaluate site security plans is so valuable. It will allow facilities to scale their security plans to the actual risk at that site. Risk Analysis Is the risk of theft of this urea-water solution sufficient to require the Secretary to single out these car dealers? I’m not sure. I don’t have the intelligence information necessary to adequately weigh the answer to this question. I do think that the rise of a new class of uses for an IED precursor justifies a DHS review of the status of that chemical.

Wednesday, October 22, 2008

Risk Based Performance Standards – Draft Released

Steve Roberts, a Houston-based homeland security attorney, just sent me a copy of the DHS draft of their proposed Risk Based Performance Standards (RBPS). According to Steve this document will be published in the Federal Register in the next week or so for comments. Legal Disclaimers I haven’t had a chance to do any detailed reading yet but the disclaimer on page 7 of the document is interesting. It begins by describing the purpose of the document:
“To assist high-risk facilities in selecting and implementing appropriate protective measures and practices and to assist DHS personnel in consistently evaluating those measures and practices for purposes of the Chemical Facility Anti-Terrorism Standards (CFATS), 6 CFR Part 27, DHS’s Infrastructure Security Compliance Division has developed this Risk-Based Performance Standards Guidance Document.”
Once that description is completed the disclaimer gets very legalistic. It claims that the document “reflects DHS’s current views” on RBPS, but is very quick to note that these do not “not establish legally enforceable requirements”. The document provides a series of examples of how to meet the RBPS, but “specific security measures and practices discussed in this document are neither mandatory nor necessarily the “preferred solution” for complying with the RBPSs”. The bottom line is described in the last line of the disclaimer:
“High-risk facility owners/operators have the ability to choose and implement other measures to meet the RBPSs based on the facility’s circumstances, including its tier level, security issues and risks, physical and operating environments, and other appropriate factors, so long as DHS determines that the suite of measures implemented achieves the levels of performance established by the CFATS RBPSs.”
Future Blogs Needless to say, I’ll be taking a long hard look at this document. There will be a number of blogs, mine and probably others, which will delve into the details of this document. I’ll also be watching the comments filed with DHS when this gets released in the Federal Register. There won’t be any shortage of topics to write about for a while.

Rail Safety Improvement Act Provides Small Labor Victory

Fred Millar, a reader that works on a variety railroad hazmat issues, called my attention to a ‘victory for labor’ in the Rail Safety Improvement Act of 2008. That bill recently signed into law by President Bush (PL 110-432) does provide a ‘small’ victory for the railroad unions; it requires railroads to provide Emergency Escape Breathing Apparatus for each crewmember on a train hauling toxic-, or poisonous-by-inhalation (TIH/PIH) chemicals. The provision is a short section (Section 413) in a lengthy bill and it was included in this law due to the fatal train derailment in Graniteville, SC in January, 2005. Crew members from the Norfolk Southern train that derailed may have survived the resulting chlorine leak, if they had had an escape respirator handy. Small Victory I called this a ‘small’ victory for the unions for a variety of reasons. It was not because this an unimportant rule; ensuring that workers have the necessary safety equipment for their work environment is never unimportant. No, the first reason that it is a small victory is that it took three years for Congress to require this relatively low cost safety equipment. Second, this should have already been covered by OSHA regulations. Thirdly, management that cares about its employees should not have required legislation in the first place to provide this minimal level of protection. Finally, this legislation is fatally flawed. It specifically requires that the breathing apparatus be stored in the locomotive. While most trains no longer contain the classic caboose, there are a number of occasions where train crew members ride in cars other than the locomotive. This legislation would provide no protection for those crew members. Alternative Wording If I had been writing these requirements I would have substituted the generic term ‘crew spaces’ for ‘locomotive cabs’ or ‘locomotive’ to ensure that areas routinely accessed by the crew enroute were included in the requirements. The way the legislation is currently written, the FRA does not apparently have the authority to include these areas in this requirement. Finally, I would have included provisions requiring chemical alarms on any TIH/PIH rail car that would alert the crew to the necessity of putting on their protective equipment. Most TIH/PIH chemicals have characteristic odors associated with them that can provide trained workers with adequate warning. Unfortunately, workers outside of the chemical industry that routinely produce or use those chemicals will not likely be able to identify all of those warning odors in time to secure and don the required protective equipment. Small Step Forward This is a small step forward for protecting railroad crews from the worst of the chemicals that they are required to transport. Unions should not rest on their laurels as this issue has not been adequately resolved. Management needs to step up and accept that this is only the minimum requirement necessary to protect their workers.

Tuesday, October 21, 2008

Tracking HAZMAT Railcars

One of the complaints that one periodically hears from local law enforcement and first responders is that they do not know what types of hazardous materials (HAZMAT) are moving through their towns on highways and train tracks. They have almost always been met by the response that it is too difficult to track these shipments on a timely basis. That may be changing if a recent report on GSNMagazine.com is accurate, at least for rail traffic. According to the article:
“TSA has awarded a contract worth more than $600,000 to Railinc Corp., a subsidiary of the Association of American Railroads, to provide it with a continuous data feed about rail car movements and bulk shipments of sensitive cargo, such as explosives, toxic inhalation hazardous materials and radioactive materials.”
Tank Car Tracking Project Last year in the Freight Rail Modal Annex to Transportation Sector-Specific Plan TSA described a tank car tracking project (page 12). It would gather data using “wayside detectors and radio frequency identification (RFID) tags” that the railroads were using to track rail cars. A pilot project was started with TSA, the FRA and Railinc. It would “provide the government with timely car location reports on all TIH and other selected HAZMAT car”. It is not clear from the present article if the contract is part of that pilot project or an out growth from a successful conclusion of that project. In any case, the contract size is much too small to be able to provide a comprehensive reporting capability to allow local community first responders access to real time data about HAZMAT shipments through their community. Growing a HAZMAT Tracking System The data being gathered in the pilot project and presumably in this contract could provide a basis for constructing such a notification procedure. This information would have to be analyzed by a GIS based system to determine where the reported locations were in relation to communities desiring the information. There would have to be a communication protocol that would provide the appropriate information to the local responder. Finally, there would have to be a software package at the local responder level that would allow real time access to the data to provide hazard information in the event of a transportation incident. Additionally, local responders and emergency planners would need to have access to periodic summary data to see what types and quantities of HAZMAT were transiting the community. This data would allow them to prioritize the purchase of response equipment and supplies. It would also allow them to select the appropriate training for the local first responder population. Watching the Way Forward It will be interesting to see if the TSA does grow this contract into a process that allows first responders access to information about HAZMAT shipments moving through their community.

CFATS Brochure

Last week DHS made an easily missed change to the Chemical Security web page; they added a link to “Request a CFATS Presentation”. The link provides a ‘mailto’ address, allowing a person to email a request to receive the presentation. No further information is provided on the web site. Even I might have missed the new link if it were not for the email I received from DHS notifying me of the change (anyone can sign up for this notification, just click on the “Get e-mail updates when this information changes” link on the top of the page). On Saturday I sent off the email to DHS. Since I wasn’t sure how they would send the presentation I provided both my email and snail mail address. Yesterday morning I received the email with the CFATS_Sept_2008.pdf file attached. No problem receiving this document at an AOL address. Obviously, the snail mail address was not required. CFATS Presentation The 15-page document provides a good overview of the CFATS program. Each page briefly covers a separate topic. Those topics include:

Chemical Facility Anti-terrorism Standards (CFATS): Overview Threat to the Homeland Chemical Security Assessment Tool (CSAT) Chemicals of Interest: Appendix A Facilities Identification and Tiering Process Risk Based Performance Standards (RBPS) Chemical-terrorism Vulnerability Information (CVI) Regional Approach to Enforcement Preliminary Tiering Results Program Milestones and Schedule Program Status and Outreach Efforts CSAT Help Desk Contact Information

Enforcement Regions The brochure provides some information about the organization of the enforcement offices that has not been generally available. There is a map that shows the ten regions that those offices will cover. The brochure notes that these regions have been aligned with other federal regions. Site Security Plans The brochure provides some new information about the next phase of the CFATS implementation, the submission of site security plans (SSP). First the brochure notes that “DHS has established a government-industry working group to assist in development and execution of the CSAT SSP.” It then reports that the “CSAT SSP will be operational in early 2009”. Get Your Copy The information provided in this brochure will not make anyone a CFATS expert. It does provide a general background on the program and could serve as a handout for CFATS general awareness training program. Anyone that is involved in chemical facility security or reporting on chemical facility security should get a copy of this presentation.

Monday, October 20, 2008

DHS CSAT FAQ Page Update – 10-17-08

There were no new FAQ addressed this week on the DHS CSAT FAQ page, nor were there any reviews or changes made to the answers for existing questions. That is certainly not to say that the Help Desk has been idle. They have added a new feature to the FAQ page; an on-line Help Request Form. Until now questions were only able to be submitted by phone or email. The actual form can only be reached after having successfully completed a CAPTCHA Challenge. This is done to prevent the Help Desk from being swamped with a barrage of automated questions in a denial of service attack on the site. I think that this is probably over-kill, but at least someone is taking cyber attacks seriously. Identification Information The rather expansive heading portion of this form is intimidating. Reportedly there is a ‘requirement’ for the Help Desk to enter the requested information into some sort of database before they can provide an answer. Presumably, they requested the same information from personnel calling in with questions. The ‘for tracking purposes’ explanation provided for requiring this information is a bit disingenuous. I would suspect that, while the questions are certainly being tracked, the facility information is being provided to ensure that questions about high-risk chemical facilities are being handled in such a way to ensure that no chemical-terrorism vulnerability information (CVI) about that facility is even tangentially released to someone without the required need to know. CVI Submissions There is nothing on site that provides guidance on the inclusion of CVI information in any of the questions submitted via this form. The CVI Procedure Manual allows for submitting CVI on a secure server like that used for submission of Top Screens or SVAs. It is not clear that this form is on such a secure server. The instructions for the form state that “At successful completion of this form, an e-mail containing the submitted information is sent to the CSAT Helpdesk and a copy to the e-mail address you provide on the form.” That would certainly seem to indicate that the form should be treated as email. In that case the CVI Procedure Manual calls for sending the CVI material as an encrypted attachment or a password protected attachment (with the password sent via a separate message). Since I see no provisions for attaching files, it is unlikely that CVI should be sent via this form.

Escort Procedures for Rail Crews

Last week (see: “Railroads and TWIC”) we looked at how the MTSA regulations and implementing Coast Guard instructions provided for identifying rail crew members entering secured and restricted maritime facilities. I noted that the CFATS regulations do not require the same procedures, but high-risk chemical facility security managers could learn from those requirements. The MTSA regulations (33 CFR Subchapter H) require that only personnel with a Transportation Workers Identification Card (TWIC) issued by TSA can be granted unaccompanied access to secure areas of maritime facilities. Inevitably this will mean that there will occasionally be one or more members of a train crew that will not be TWIC holders. The facility will then face some problems meeting the escort requirements of the MTSA regulations that a non-TWIC holder “is continuously accompanied while within a secure area in a manner sufficient to observe whether the escorted individual is engaged in activities other than those for which escorted access was granted” (33 CFR §101.105). Once again, CFATS does not have the same requirements found in the MTSA regulations. Congress prohibited DHS from applying specific security requirements for high-risk chemical companies. The MTSA regulations can provide guidance to CFATS facilities with railroad access to the facility. Secure and Restricted Areas A Coast Guard document, NVIC 03-07, provides guidance for maritime facility security planners on how to implement the TWIC requirements. To understand that guidance we first have to look at how the Coast Guard characterizes security areas within maritime facilities. Essentially everything within the fenced area of the facility, except for clearly public areas, is considered to be ‘a secure area’. Within that area facility security assessment identifies areas where additional security is required or access needs to be limited. These areas are called restricted areas. Restricted areas require the closest monitoring of non-TWIC holders. The standard required is side-by-side accompaniment. A TWIC holder may monitor up to five non-TWIC holders in a restricted area using this technique. In this technique the TWIC holder must maintain “continuous physical proximity to and visual contact with the escorted individual in order to enable the TWIC holder to witness the escorted individual’s actions” (Enclosure 3, NVIC 03-07). This allows the TWIC holder to ensure that the non-TWIC holders remain in the area in which they have been authorized to work doing only that which they were authorized. The same side-by-side accompaniment technique can be used in the more extensive ‘secure areas’ of the facility. Due to the lessened security concerns in these areas a single TWIC-holder may accompany as many as 10 non-TWIC holders using the same standards. The MTSA regulations allow (CFR 33 §105.275) allow additional, less intrusive methods of monitoring non-TWIC holders in these areas. Those means include security guards, closed circuit television, automatic intrusion detection devices, and other surveillance devices. Now let’s look at two scenarios at separate theoretical high-risk chemical facilities. In both cases the railroad has agreed in principal that crews servicing the facility will have TWIC. The railroad agrees to notify the facility in advance of the crew TWIC status and require non-TWIC holders to wear a red safety helmet. Low Security-Risk Scenario The first high-risk chemical facility neither receives nor ships DHS Chemicals of Interest (Appendix A, 6 CFR part 27) by rail. There are no sensitive areas of the facility directly adjacent to the rail line. The railroad advises the facility of a 10:00 am delivery with one non-TWIC holder on the crew. At 9:30 am the normally unmanned rail-gate is manned by a security guard. When the train arrives at 10:30 the guard opens the gate and waves the train through. The security supervisor is notified. The security supervisor will check the TWIC credentials of the train crew during randomly selected deliveries. The railroad-gate guard closes the gate and monitors the train crew through a CCTV monitor in the guard shack. The same cameras are monitored in the security control room. A variety of cameras on both sides of the track allow continuous coverage of the progress of the train. People working in sensitive areas are notified that the train crew is on the facility grounds and security procedures are increased slightly. At noon the railroad-gate guard closes and locks the railroad-gate behind the departing train. Local alarms are turned on and verified with the security control room. The guard closes and locks the guard shack and departs to the main gate. High Security-Risk Scenario The second high-risk chemical facility receives a COI by rail and typically has two railcars of that material on site at any time. The railroad typically removes an empty tank car and drops off a full tank car in a single trip. The portion of the siding where the two rail cars are parked is enclosed by security fencing. The railroad advises the facility of a 10:00 am delivery with one non-TWIC holder on the crew. At 9:30 am the normally unmanned rail-gate is manned by a security guard who is a retired train crew member. When the train arrives at 10:30 the guard opens the gate and along with a member of the train crew conducts a walk-around inspection of the train. They are verifying car numbers on the train cars being delivered to the facility. They also check for unauthorized train riders, damage to the train cars and the presence of improvised explosive devices. Once the walk-around inspection is done, the guard notifies the security supervisor that the train is entering the facility. Receiving an acknowledgment, the guard allows the train to enter the facility. The railroad-gate guard closes the gate and monitors the train crew through a CCTV monitor in the guard shack. The same cameras are monitored in the security control room. A variety of cameras on both sides of the track allow continuous coverage of the progress of the train. People working in other sensitive areas are notified that the train crew is on the facility grounds and security procedures are increased slightly. The train is met at the entrance to the storage area by the security supervisor who opens the gate. A security guard is on hand to escort the non-TWIC holder if that crew member needs to get off the train. The supervisor and a member of the train crew complete a walk-around inspection of the empty train car that the train will be removing from the facility. Once the train crew finishes with operations in the sensitive area, the Security Supervisor closes the train-gate to that area. When the train exits the facility the railroad-gate guard closes and locks the railroad-gate behind the departing train. Local alarms are turned on and verified with the security control room. The guard closes and locks the guard shack and departs to the main gate. Remember the Purpose of Monitoring The purpose of monitoring people that are not granted unaccompanied access to security areas is the same for maritime and CFATS facilities. It is expressed very clearly in NVIC 03-07; monitoring must “provide a reasonable assurance that an individual under escort is not engaging in activities other than those for which access was granted”.

Friday, October 17, 2008

Real Life IST Complications

There is an interesting article on AcornOnline.com concerning a public hearing that includes an IST issue at a local water treating plant. The IST provisions of the proposed improvements at the Aquarion Water Co’s water treatment plant near Greenwich, CT are not central to the local dispute, but the dispute points out the potential problems that can arise out of an IST project.

The proposed upgrades to the 80 year old plant are quite extensive and amount to a significant expansion of the facility. According to the article the changes are “are necessary to deal with low overhead space and poor lighting at the current location, and to handle a chemical switchover from chlorine gas to liquid bleach”. It is not clear if the chemical change led to the planned physical plant changes.

There is one local resident that is complaining about the threat of potential from leaks from bleach delivery trucks. The upgraded facility will result in delivery trucks using a shared driveway. This brings a larger volume of a less dangerous chemical closer to his house. He claims the change will cause his drive to “become the toxic highway of Greenwich”. It is hard to convince this resident that he is safer even though he acknowledges that the community safety level is almost certainly increased.

This particular project is a long way from approval, much less completion. This is the first in a series of public hearings before a variety of regulatory boards. This $23 million upgrade to the water facility will serve about 52,000 customers or about $442 per customer. This IST project certainly seems to be cost effective. We will just have to wait and see what happens in the local regulatory bodies.

Thursday, October 16, 2008

New RFID Sensors for Plume Monitoring

There is a geeky type article over at RFIDUpdate.Com that security managers and emergency response planners ought to read. It concerns some new technology being developed by GE that will make it easier to track toxic clouds from accidental, or terrorist attack related, chemical releases. It is not quite available yet, but it will allow the deployment of a large number of very-small, passive chemical-detectors that can be queried by a central station to determine the presence of a variety of toxic chemicals.

Tracking Chemical Plumes

One of the major problems that site managers and emergency responders have when dealing with chemical incidents is determining the extent of the contamination. This is especially true when dealing with a toxic gas or low vapor-pressure liquid. Even releases with visible vapor clouds can present hazardous concentrations beyond the visible boundary of the cloud. Current technology consists of placing appropriate chemical detectors down-wind of the release to detect the approaching cloud. While the cost of detectors is coming down, their cost still limits the supply.

This requires incident commanders to make complex decisions about where to place the available detectors. Place them too close together and significant portions of the cloud may bypass the detection array. Place them too far apart and the problem becomes cloud infiltration between the sensors. In either case, inadequate definition of the hazard area may lead to wrong decisions about areas to evacuate or shelter-in-place.

This, of course, assumes that the incident commander has the appropriate chemical detectors available. Where there is a fixed chemical facility with a limited variety of chemicals on site, having the appropriate detectors on hand is more often a budgetary decision. For Hazmat teams responding to transportation incidents, it may be budgetary, but it is more likely to be the luck of the draw.

New Technology 

The ‘battery-free, multi-detection radio-frequency identification (RFID) sensing platform’ being developed by GE will radically change this playing field. First, the ‘battery-free’ aspect of the device will make it cheaper to produce; that’s cheaper than current RFID sensors. Remember current ‘expensive’ RFID sensors are still cheaper that current chemical detectors. 

Second the ‘multi-detection’ portion of the description means that one type ChemDetect RFID (you saw that name here first) will report the presence of multiple chemicals. This will make it easier for hazmat responders to have an appropriate sensor on hand, even for transportation incidents.

 Finally, the small size of the RFID, smaller than a dime, will make them easy to store and transport. This is always an important consideration for hazmat teams. There is only so much room in their vehicles, no matter how large those vehicle continue to get, and there is always more equipment that could be crammed into one, just-in-case.

Pre-Incident Deployment 

Chemical facilities that have toxic chemicals on site could pre-deploy these devices in layers around storage areas and areas where those chemicals are routinely used. They could be automatically queried on a routine schedule, once every minute for example. When a tag reported detecting the toxic chemical an alarm would sound and query schedule would be increased and more remote tags would be included in the schedule.

The results of the scans would be displayed on a facility map using a GIS based program. This would help facility management to quickly define the scope of the release. A slowly spreading cloud is a smaller leak than a quickly spreading cloud. If the detection array was dense enough, it should even be possible to calculate the leak rate.

Visual and auditory warning devices could be deployed around the plant, especially along traffic and escape routes. If the toxic cloud were in or near those routes the GIS system could activate those devices and allow evacuating employees to avoid the chemical hazards. For facilities with the potential for off-site effects from a toxic release the array could be extended to off-site locations. Special emphasis would be placed on large population densities, special needs populations, and schools.

The detection tags would be placed between these areas and the chemical facility, at the boundaries of those areas and within those areas. The local emergency management authorities could be given access to the GIS reports from the detection management system. This would allow them to make informed decisions about issuing shelter-in-place or evacuation orders.

Emergency Response Deployment 

It is not unusual for law enforcement to be the first on scene for a transportation related hazmat incident. Arriving on the scene of an accident involving a placarded truck or railcar, they could deploy a small array of these tags around the vehicle to allow for warning of a developing leak. They would select the appropriate small box of tags from a larger box based on the placards on the vehicle.
Subsequent responders; law enforcement, fire, hazmat, what ever; could expand that initial array with tags that they carry. This would allow them to protect themselves from unhealthy exposure while allowing the incident commander to better define the extent of the problem.

DHS S&T Involvement 

GE is developing the basic technology for these tags. Nothing in the two articles that I have seen says anything about developing the GIS based detection management system (DMS) that I have described. This would be something that DHS S&T should get involved in. It would be important to have a standard system that multiple jurisdictions could use. That way all of the devices deployed by law enforcement (local, state and federal), fire and hazmat personnel could all be queried and reported by all of the DMS controllers on the scene.

Wednesday, October 15, 2008

Reader Comment – 10-14-08

A reader, ThomKay, took exception to the blog I wrote early yesterday where I wrote that a recent letter to Congress was ‘nothing but a fund raising publicity stunt’. Though I did partially retract that comment in a later blog when I learned that there were serious discussions of a post-election session of Congress, his comments do deserve consideration and a reply. I’ll look at each of his three points in turn. Donations ThomKay writes “You think people donate their own money because they like the letters we write? Donors care about results, and that's what all of these groups are working towards.” Fund raising certainly is more prosperous if you can show results, everybody likes a winner. Lacking results, a good fight is the next best thing and an honest effort will keep the base activated. That is what I thought this letter to Congress was; an effort to show the base that these organizations were still working this issue even when Congress obviously isn’t. I certainly was not involved in the discussions that led to the issuance of these letters, so I do not know the motivation behind them. All I can do is report what it looks like to me. A letter that appears to be completely ineffective politically probably has other motives. Fund raising is a legitimate objective for these organizations. I probably should have omitted the word ‘stunt’ from my original post. 90% of Congress Will Return ThomKay writes “’This’ congress is going to be about 90% the same as next congress. We have to continue our fight through recess if we're going to get these provisions passed by next October.” I think that the 90% figure may be a little high this year, but the point is legitimate that most of those letters are going to people who will be in Congress next year. The only problem is that the memory of politicians is exceedingly short. Letters going out now, just before the election will be ancient history by the time the next Congress gets together in January. Politically, this is a meaningless exercise at this time. The Blame Game ThomKay writes “The letter does not blame Republicans or Democrats. It doesn't emphasize fault at all. Its emphasis is on the importance of passing the provisions.” I’ll bite the bullet here and admit that I blew it. My blog posting clearly implies that these organizations blame the Republicans and the industry for opposing HR 5577 this year. Since I haven’t actually seen the letter and the article did not quote anyone from the organizations in assigning that blame that inference is unfair. I apologize. An Ineffective Response I do stand by the original intent of my blog posting. This letter (again, I have not actually seen it) appears to be an ineffective and ill timed attempt at supporting what I believe is a crucial piece of legislation. While I do not agree with all of the provisions, I think that HR 5577 was a well-crafted, politically-possible solution to the problems inherent in the CFATS authorizing legislation. This is the type bill that should have been passed two years ago. Where was this letter back in July when this bill was bleeding to death waiting for action by the Energy and Commerce Committee? Where was this letter when Speaker Pelosi granted extension after extension? Senator Collins (R,ME) was petitioned by a 10,000 card campaign to support this bill (see: “http://chemical-facility-security-news.blogspot.com/2008/08/groups-press-sen.-collins-on-hr-5577/2973”), where were the cards for Speaker Pelosi and Chairman Dingell asking them to bring the bill to a floor vote? If I missed any of those, I greatly apologize. I certainly would have given them what little publicity I can manage. While I am criticizing the effectiveness of the effort, I believe that we want essentially the same thing. I think that the chemical industry needs this bill, whether they like it or not. I want to see security at high-risk chemical facilities increased before we have the terroristic equivalent of Bhopal here in this country. Moving Forward If Congress does come back into session after the election, I think that the groups that were involved in this letter need to be aggressively and proactively involved in bringing HR 5577 to a floor vote. The ‘opposition of industry and DHS’ will be at its weakest then. Honest politicians will be less beholden to special interests and many of those retiring (voluntarily or otherwise) can be convinced to do something for the good of the country. DHS will be more interested in getting a smooth transition started than fighting a final battle. A Personal Point ThomKay writes “I get that you're a former, and hope to be a future, industry employee.” Yes, I am a former chemical industry employee and that does color my opinion as does my former membership in some environmental organizations. I have no plans to return to direct employment in the chemical industry, so I do not need to curry favor with anyone in the industry. Anyone that knows me personally knows that I have always spoken my mind; I always will. But I do accept that others will disagree, and I will always listen to opposing ideas. And my opinions can and do change. Please keep the responses coming.

Tuesday, October 14, 2008

Railroads and TWIC

A reader provided me with a copy of an interesting document last week and asked me to comment on it. It was produced by the TWIC/MTSA Policy Advisory Council and it concerned how the MTSA rules affected the TWIC requirements for railroad employees. Now I haven’t used those acronyms in this blog before because they refer to two things about which I knew little. But, after some studying this weekend I found that the document raises some interesting questions for high-risk chemical facilities. Explaining Acronyms For those of you who, like me, do not keep up with every arcane acronym that comes out of the Federal bureaucracy let me explain the two acronyms from the first paragraph: TWIC and MTSA. Both are related to security at maritime facilities. TWIC is the transportation workers identification card. MTSA is the Maritime Transportation Security Act. A simplistic explanation of MTSA is that it is to facilities in and adjacent to our nation’s ports as CFATS is to high-risk chemical facilities, only it is administered by the Coast Guard. TWIC and MTSA Anyone that has seen (in person or on TV) operations at any of our major ports knows that there are a large number of truck drivers that pick-up and deliver cargo to these ports every day. Security planners quickly realized that these truck drivers, with identification from 50 different states and three different countries (remember NAFTA) were a huge potential security problem at these ports. To help control this problem the TSA came up with the TWIC. This provided a single document that ‘proved’ the holder had been checked and approved as not being a known terrorist. According to the MTSA regulations (33 CFR 101.514):

“All persons requiring unescorted access to secure areas of vessels, facilities, and OCS facilities regulated by parts 104, 105 or 106 of this subchapter must possess a TWIC before such access is granted, except as otherwise noted in this section. A TWIC must be obtained via the procedures established by TSA in 49 CFR part 1572.”

Anyone without a TWIC still had to provide identification, but they have to be ‘escorted’ when in one of those security areas. It was a simple enough plan; which meant that there were certainly problems with it. Railroads and Unaccompanied Access Almost as ubiquitous as trucks at these ports are rail lines; rail lines that go into or through security areas at those ports; rail lines that carry trains and personnel on those trains. That presents some potential problems. First, how do you stop a train to check IDs when they frequently enter at unmanned gates? Second, how do you ‘escort’ a member of a train crew when the railroad will not let untrained personnel on their trains? For facilities where a track transits the secured area, how do you check the IDs on the crew when the train does not stop? The Coast Guard came up with some basic answers. First it recommended that all train crews servicing MTSA facilities obtain TWICs. Then it said that the Captain of the Port (COTP) would accept advance notification from the railroad to the facility as an acceptable alternative to stopping the train to check TWIC as part of the facility’s security plan (FSP) as long as there were periodic spot checks of TWIC on site. Finally, COTPs were instructed to accept creative methods of ‘escorting’ train crew without TWIC credentials as long as they provided ‘equivalent security’. Affect on CFATS Currently there is no requirement for use of a TWIC for unaccompanied access to secure areas of high-risk chemical facilities. In fact, DHS is prohibited by the authorizing legislation for CFATS from requiring any specific security program like the use of TWIC. So what does this MTSA guidance document have to do with high-risk chemical facilities? What this does is to identify a problem, how to properly identify railroad crew members entering the facility. A large number of the facilities identified as high-risk by DHS have railroad delivery of raw materials and also ship by rail. At most of these facilities, railroad crews unlock the plant gate across the rail line and announce their presence once they get well into the core of the facility. Train crews are unsupervised in their work around hazmat railcars. Allowing truck drivers to do this would never be allowed by site security plans. The problems seen at port facilities are magnified at CFATS facilities by the fact that there is no easy way for facilities to vet the train crews. No CFATS facility will have the political pull to require railroads to have all of their crews obtain TWIC. Some crews will already have TWIC, because they routinely service MTSA facilities, but most crews away from the ports will not. The largest chemical facilities will have pull with local short lines, but no single chemical facility could bring sufficient force to bear on the major long-line railroads. Lacking Congressional action to require all train crews to have TWIC, chemical facilities will have to come up with some way of checking rail crews. The good news for the bulk of the facilities is that they are typically served by a limited number of local crews. This limits the number of people being covered. But, some method of identifying train crews operating on high-risk chemical facility sites will have to be worked out. Few sites are large enough to have their own yard crews. All other facilities will have to work with the railroads. What is really needed is Congressional action, something almost as difficult to get as cooperation with the railroad.

Post-Election Congress

I may have to take back some of my disparaging comments from today’s earlier blog (see: “Push for New Chemical Facility Security Law”). The letters to current Congressmen may be useful if the article I just read on Politico.com is correct. The article says that a post-election congressional session “seems all but certain” because Speaker Pelosi wants to pass an economic stimulus package before the end of the year. Of course, nothing was said in the article about a chemical facility security bill. One thing about Congress though, it isn’t a state legislature that can be called back into ‘special session’ to only address a single issue. If Congress is in session, anything can (but seldom does) happen. I’ll keep an eye on the Homeland Security and the Energy and Commerce Committees to see if they take any action on chemical facility security legislation. As of this morning, no hearings have been scheduled in either committee.

Push for New Chemical Facility Security Law

There was an interesting article yesterday on HSToday.US about a ‘new’ push for chemical security legislation. According to the article by Phil Liggiere, a varied group of labor, environmental and public interest groups just recently sent a letter to the current members of Congress calling for passage of a chemical facility security bill with provisions similar to those found in HR 5577. The best I can tell this is nothing but a fund raising publicity stunt by the groups. This Congress is not due to meet again, so it really can’t do anything, nor has it shown any inclination to act in any case. I’ll be much more impressed if they send a letter to the winners of the November election. Or, more importantly, if they work against the re-election of the people responsible for the failure of HR 5577 to come to a floor vote, the Speaker and the Democratic Chairman of the Energy and Commerce Committee. The article, and presumably the letter, blames the Republican minority and business interests from holding up work on chemical security legislation. While the Republican minority in the Senate was large enough to stall legislation the same could not be said in the House. The failure of the House to pass HR 5577 was more about committee status and the inability of Speaker Pelosi to control the Democrats. The article does note that Rep Wynn (D-Md) was opposed to HR 5577, but it fails to note that he had effectively resigned from Congress prior to HR 5577 being introduced (and went to work for a chemical industry lobbying firm). If he had stayed in Congress he could have held up consideration of HR 5577, but he had no official effect on the legislation. No, the failure of HR 5577 in the House can only be blamed on the leadership (a clear misnomer) of the House.

Saturday, October 11, 2008

Changes in Terrorist Support Structures

Last week read two interesting articles concerning the potential strategic changes in terrorist organizations. The first was an AP article that I found on HSToday.US dealing with potential linkages between the drug trade and jihadist terror organizations. The second was an article on Stratfor.com concerning the potential return of Russia as a state sponsor of terrorism. Both articles were speculative, looking at potential future strategic developments. The Jihadist – Drug Trade Alliance The first article, written by Curt Anderson, is a look at the apparently increasing likelihood of an alliance or working relationship between the jihadist terror organizations and the South American drug trade. Based on information provided at a recent conference on the drug trade sponsored in part by the U.S. Southern Command, the article looks at what the jihadists could gain from such a relationship. Since the 9-11 attacks, the government has been working on shutting down the easy ways for terrorists to get personnel and equipment into the United States for a terror attack. While the efficacy of those efforts could be debated, it is clear that a significant future attack will require a more sophisticated smuggling organization than was used to support those earlier attacks. Establishing that organization from scratch will be expensive and time consuming. The South American drug lords already have an extensive and sophisticated smuggling operation in place. They have the equipment, people and connections in-place to smuggle personnel, money and equipment into this country, almost at will. Renting out some of their excess capacity would provide an added income stream. Increasing terror operations in the United States would reduce the government attention on drug smuggling operations. The benefits to both sides seem so obvious that one wonders why, or if, it hasn’t already taken place. The article notes that “(e)xtremist group operatives have already been identified in several Latin American countries”, so this developing alliance may already be more advanced than open source reports acknowledge. Russia as Potential Sponsor of Terror Back in the Cold War days, the Soviet Union was a well known sponsor of a wide variety of Marxist-leaning terror organizations around the world. It was a relatively low-cost adjunct to their on-going conflict with the United States. It provided them with a destabilization tool that was safe and fairly easy to direct, if not control. With the fall of the Soviet Union, most of those organizations withered or died. The Stratfor.com article, written by Reva Bhalla, takes a look at how Russia could benefit from the same sort of tactics in the modern ‘New World Order’. The article points out how the US involvement with the war on terror makes it less likely that the US could directly respond to incidents like the recent Russian incursion into Georgia. Contributing to global instability allow the Russian’s a much freer hand at extending their control and influence into the old Soviet sphere. A point that Bhalla missed in the article is the financial incentive that Russia has in instability in some specific areas of the world. Rebel groups that attack oil producing infrastructure in places like Nigeria or Mexico add to the instability in the oil and gas markets. That contributes to inflated prices for two commodities that Russia is selling in the market place. Those energy dollars help to fund Russian government and economy. Client States and Terrorists For a variety of historical and practical reasons, it is unlikely that Russia would be able to control any of the major jihadist terror organizations. Past Soviet operations in Afghanistan and several Soviet Republics and more recent Russian operations in Chechnya contribute to a high degree of mistrust between Russian and jihadist interests. These organizations might take Russian money, but they would be very suspicious of any attempts at control. Both of these articles point out another path for the Russians to use to influence such organizations. In much the same way at the Soviets used East Germany and Hungary to exert control over earlier terror groups, the Russians could use new client states like Venezuela or Bolivia to provide support and direction to terrorist groups acting in the Americas. Not only could these states be used to influence jihadist efforts against the United States, but they could also provide support for separatist and radical groups in Mexico. Again, attacks on Mexican petroleum interests could further destabilize Latin America, but also the oil and gas markets. Both would be beneficial to the Russians.
 
/* Use this with templates/template-twocol.html */