Friday, October 30, 2009

HR 2868 Revisions Analyzed

As I noted last night, there is a reconciled version of HR 2868 now on the House Rules Committee web site. Sponsored by three committee chairs and three sub-committee chairs, this is clearly the behind the scenes work of a number of committee staffers hopefully with some help from the ISCD people at DHS. Reviewing the New Document I have had a chance to do a detailed review of Title 1, Chemical Facility Security. I’ll take a look at Title 2 and Title 3 over the weekend. This is a lengthy document (171 pages) and to do an effective review I had to compare it to both the Homeland Security Committee and the Energy and Commerce Committee versions of the bill. Title 2, Drinking Water Security, will be a little easier to do since there is only one committee version of HR 3258 that will have to be looked at. I don’t expect to see many revisions others than those necessary to take into account the new provisions in Title 3 for waste water treatment facilities. The two will probably not stand completely separate because of the number of agencies that govern both water treatment and waste water treatment facilities. While I expect that Title 3, Waste Water Treatment Works Security, will be very similar to Title 2, it will have to be looked at very closely. Chairman Oberstar was added as a sponsor because the Transportation and Infrastructure Committee and Ms. Johnson’s Water Resources and Environment Subcommittee have jurisdiction over Waste Water Treatment Works (she is also a co-sponsor of the revised bill). Since this is their first chance to have input on the legislation, I expect that we will find some of their changes in Title 3. The Backbone of Title 1 Title 1 of the ‘new’ HR 2868 is firmly based on the bill amended and reported by the Homeland Security Committee (HSC). This can be seen I the eight sections taken almost word-for-word from the HSC version of the bill. Those sections are:
2101 - Definitions. 2102 - Risk-based designation and ranking of chemical facilities. 2106 - Timely sharing of threat information. 2107 - Enforcement. 2108 - Whistleblower protections. 2109 - Federal preemption. 2114 - Office of Chemical Facility Security. 2118 - Notification system to address public concerns.
Two sections of the revised bill come almost directly from the Energy and Commerce Committee (ECC) version of the bill. Those Sections are:
2115 - Security background checks of covered individuals at certain chemical facilities. 2116 - Citizen enforcement.
The remaining eight sections have substantial revisions made to their language. Four of the revised sections are based substantially on the HSC version and four on the ECC version. Revisions to HSC Sections The following paragraphs were removed from the language from the HSC versions of the indicated sections:
§2103(a)(1)(H) – SVA standards for academic labs; §2103(b)(3) – SSP standards for academic labs; §2103(g)(2)(K) – SSP Emergency Response moved to (J); and §2105(b) – Provision of records to employee reps moved to §2110(b)(2).
The following sections from the HSC version were modified by adding paragraphs from the ECC version of the bill:
§2103(b) – qualifications of participants; §2103(f)(1)(C) – Personnel Surety for MTSA facilities; §2103(g)(2)(J) – Training on mitigation procedures; §2103(g)(3) – Equivalent training provisions; §2104(d) – Adding 100 inspectors in FY2010/2011; §2104(e) – Confidential communications during inspections; §2110(b)(2) – Provisions for sharing info with employee reps; §2110(g)(1)(B)(v) – Protection of drill and training data; and §2113(c) – Allows facility access authorized by other laws or regulations.
Two paragraphs were added to §2112 exempting “any public water system subject to the Safe Drinking Water Act (42 U.S.C. 300f et seq)” and “any treatment works, as defined in section 212 of the Federal Water Pollution Control Act (33 U.S.C. 1292)” from coverage under Title 1 of HR 2868. These were added for obvious reasons. Revisions to ECC Sections There was only one paragraph removed from an ECC section of the proposed bill; §2117(d) – Final agency action provisions. There were three additions to ECC sections that were taken substantially from the HSC version of the legislation:
§2111(b)(1)(A)(i)(IV) – prohibit the switch of hazards to transportation sector; §2111(d) – report on impact on small covered facilities; and §2120(3) – Requiring sodium fluoroacetate review.
Other Revisions There were three other substantial revisions that were made out of whole cloth. These were not arbitrary additions, but items that were some how overlooked in earlier deliberations. They dealt with penalties for information disclosure, evaluation of facility IST assessments, and the interim status of the current CFATS regulations. Section 2110(b)(3) provide specific provisions for penalizing anyone who “discloses protected information in knowing violation of the regulations and orders issued under” these regulations. This section provides that violators “shall be fined under title 18, United States Code, imprisoned for not more than one year, or both, and, in the case of a Federal officeholder or employee, shall be removed from Federal office or employment”. Section 2111(b)(1)(B) addresses the requirement for the Director of the Office of Chemical Security to address in writing the reasons for requiring a facility to implement ‘methods to reduce the consequences of terrorist attack’. An earlier paragraph requires that the decision must be based on the facilities assessment. This paragraph clarifies this by requiring the Director to analyze the facility’s analysis though these is no description of what type of analysis the director is required to do. All of the earlier versions of this legislation terminated the current authorization of the CFATS regulations upon passage of this bill. They then allowed the Secretary 18 months to publish the final rule for implementing this legislation using as much of the current regulations as ‘she’ deemed appropriate. Unfortunately the status of the current regulations in the interim was left in legal limbo. Section 2120(d)(4)(a) allows for the continued enforcement of the current CFATS regulation in the interregnum. Evaluation None of the revisions that were made in this reconciled version of the chemical facility security provisions of HR 2868 produce any major changes in the legislation that will provide anyone with a reason to change their stance on the bill. The changes from the two source versions appear to do a decent job of meshing the two into a bill with reasonable internal consistency. While the final result is not the same as either source, it is true to both of them. That is all that one can ask from this ad hoc process in a democratic system. Now we just wait and see what further revisions can be tacked on and still allow the bill to be passed on the floor of the House. It seems clear to me that the opponents of this bill will probably not be able to stop its passage in the House. Nor do they have the votes to change it to suit their desires. The most they can expect is to slightly modify the provisions that they consider the most onerous. That is what their amendments need to attempt if they want to have any voice in the final product.

Reader Comment: 10-29-09 HR 2868 to Floor

A reader posted a comment early last evening telling me about the impending hearings for HR 2868. Boyfall wrote “Apparently, HR 2868 will be on the floor next week. Most likely Wednesday.” Seeing my posting on HR 2868 later last night the good reader would conclude that boyfall was probably correct. With amendments to be submitted to the Rules Committee by Monday evening, that committee will probably meet on Tuesday. That could allow the bill to move to the floor on Wednesday, November 4th. It might be later than that, but not any sooner.

Thursday, October 29, 2009

Revised HR 2868 Ready for House Amendments

The House Rules Committee has posted an ‘amendment in the nature of a substitute’ on their web site for HR 2868. It lists the author’s of the amendment as: Mr. Thompson Of Mississippi, Mr. Waxman Of California, Mr. Oberstar of Minnesota, Mr. Markey Of Massachusetts, Ms. Jackson-Lee Of Texas, and Ms. Eddie Bernice Johnson of Texas. The text of HR 2868, Chemical and Water Security Act of 2009, is a major revision with a combination of both HR 2868 and HR 3258. In addition to a Title 1 for chemical facility security and a Title 2 for water treatment facility security, there is also a Title 3 for waste water treatment facilities. A quick review of the language shows that the IST provisions for the chemical facility portion of the ‘amendment’ more closely resembles the Energy and Commerce version with a little touch of Homeland Security. The Citizen Suit provisions also more closely the Energy and Commerce provisions with an additional section added to deal with a notification system to address public concerns. The review of sodium fluoroacetate, however, still remains in the bill. The Rules Committee also announced that they intend to meet the week of 11-2-09 to formulate the rule to bring this bill to the floor. As such they want any amendments filed with the Rules Committee by 6:30 pm EST on Monday the 2nd. I’ll do a review of the revised HR 2868 this evening and have a report posted first thing in the morning.

Obama Signs HR 2892

Yesterday President Obama signed HR 2892, the Department of Homeland Security Appropriations Act, 2010. Arguably the most important item in the bill for the chemical security community was the extension of the congressional authority for the CFATS program until October 4, 2010 (§550). The bill provides $103.4 million for the CFATS program, increasing the staffing for the program to 246 full time employees. Another ‘General Provision’ of the bill addresses the abuse of the ‘Sensitive Security Information’ protections of 46 USC 70103(d), 49 USC 114(r), or 49 USC 40119(b). Sensitive Security Information Section 561, the American Communities’ Right to Public Information Act, prohibits anyone from using the ‘sensitive security information’ designation as a means to:
“Conceal a violation of law, inefficiency, or administrative error; “Prevent embarrassment to a person, organization, or agency; “Restrain competition; or “Prevent or delay the release of information that does not require protection in the interest of transportation security, including basic scientific research information not clearly related to transportation security.”
This provision should be known as the ‘Bayer CropScience Slap-in-the-Face’ Act. It was written by Sen. Rockefeller (D, WV) in direct response to the efforts made by Bayer CropScience to prevent the Chemical Safety Board from disclosing safety mistakes made by Bayer during last year’s fatal incident at the Institute, WV facility.

HR 2996 Conference Report

Yesterday the Conferees for HR 2996 completed their revisions of HR 2996 to reconcile the differences between the House and Senate Versions of the Department Of the Interior, Environment, And Related Agencies Appropriations Act, 2010. While there were no specific provisions in the bill affecting chemical facility security rules or regulations, there were two provisions of the Conference Report that will be of interest to the chemical security community. IST Study The first provision was included in the section of the legislation pertaining to the Chemical Safety Board. Out of the appropriations for that organization the legislation specifies that “$600,000 shall be for a study by the National Academy of Sciences to examine the use and storage of methyl isocyanate including the feasibility of implementing alternative chemicals or processes and an examination of the cost of alternatives at the Bayer CropScience facility in Institute, West Virginia” (pgs 133-4) This provision was inserted specifically by Sen. Byrd (D, WV) and clearly supported by Sen. Rockefeller (D, WV). Brought about by last year’s fatal accident at the Bayer CropScience facility and this year’s fiasco in the run up to the CSB hearing, this is a direct slap at operations and management at that facility. It is not clear whether this is a security issue or purely a safety issue, but it is clearly an IST assessment similar to those envisioned in HR 2868 and HR 3258. It is not clear how the $600,000 figure was arrived at, or whether it will ultimately be enough to cover the costs of the evaluation done by NAS. It does establish a baseline of sorts for the types of costs that a complex IST evaluation might be expected to incur. Congress needs to take this into account when they continue their consideration of HR 2868 and HR 3258. Continuing Resolution II Division B of this version of HR 2996 is another continuing resolution for the appropriation bills that have yet to wind their way through the House and Senate. The date on this CR is December 18th. That now becomes the effective target date for the first session of the 111th Congress to adjourn. Since the work on the Homeland Security and now the Environmental Protection Agency appropriation bills have been completed the CR will not directly affect chemical security regulation funding. It does provide a glimpse, however, about how much longer legislative work has to get completed in the current session.

Wednesday, October 28, 2009

HR 3619 Passed in House

On Friday the House passed HR 3619, the Coast Guard Authorization Act of 2010, on a recorded vote of 385-11. There were a number of floor amendments made to this bill, though none had any affect on the chemical security related concerns that I addressed in my earlier blog on this bill. There are a number of new provisions that might be of interest to the chemical security community. Security Awareness Section 1101 was expanded to provide for a more comprehensive program to encourage reporting of potential terrorist or criminal activity around vessels and port facilities. Rather than just being targeted at the recreational boating community, the revised America’s Waterway Watch Act is now looking at bringing all citizens into the voluntary and anonymous reporting program. The bill is allocating $3 million for each fiscal year through 2015 to support this program through educational materials and training programs. Semi-Submersibles Section 1332 was added requiring the Secretary to develop a “comprehensive strategy to combat the illicit flow of narcotics, weapons, bulk cash, and other contraband through the use of submersible and semi-submersible vessels”. To date these vessels have been periodically intercepted with cargoes of illegal drugs, but as I mentioned in a blog last year, these could certainly be used in attacks against chemical facilities located at ports. Homeland Security Mission Section 1333 was added to make it clear that the homeland security mission of the Coast Guard take priority over the marine safety mission. That homeland security mission includes protecting ports, waterways and marine transportation systems from acts of terrorism as well as preventing the flow of illegal firearms and weapons of mass destruction through those same facilities. Moving Forward The bill was received in the Senate on Monday, but as of Tuesday afternoon had not yet been assigned to a committee, though it will almost certainly be assigned to the Commerce, Science and Transportation Committee. Many provisions of this legislation were already included in a bill (S 1385) that was co-sponsored by Chairman Rockefeller, so I suspect that this bill will probably see prompt action in that Committee.

Reader Comment 10-27-09 Second Session

Yesterday our good friend Anonymous apparently caught me out in a parliamentary error in a comment posted to my blog from last week about the HR 2868 markup. Anonymous wrote: “Wait. Why? Cant the process continue through the second session of the 111th Congress?” When I wrote that the process would have to start over again next year I had made an examination of pages 307-310 of the House Rules Manual and its discussion of the term “session”. This would seem to indicate that uncompleted business at the end of the session died. Looking back at some bills that were introduced in the first session of the 110th Congress, there were certainly some bills that had actions conducted in both sessions. So, it would seem that the wording of the resolution ending the first session can allow that bills filed in the first session can be carried over to the second session of a Congress. If anyone has any better source of explanation of what happens to bills in progress at the end of a session, please let me know.

Security System Webcast

I got my weekly email from SecurityDirectorNews.com updating me on news from that site. Included in the email was a brief advertisement for a free webcast that will discuss a new trend in security systems, a unified security platform. This is the integration of automated access control and video surveillance systems. The Genetec sponsored webcast will be on November 18th at 1:00 PM EST. What really caught my attention was the presence of John Honovich on the panel that will be discussing the developments in this area. Long time readers of this blog will be well familiar with John’s name from my frequently mentioning it as a source of information on video surveillance systems. Webcasts like this are frequently nothing more than infomercials, but with John on the panel I am convinced that this is more likely to be a real information exchange. According to the webcast registration page the discussion will cover:
“Where access and CCTV integration is headed “The benefits of a unified security platform for vendors, integrators and end users “The enabling networking and IT technologies that make unification possible”
Security managers at high-risk chemical facilities that employ, or are considering employing, an automated access control system should probably watch this web cast. It should provide some valuable information that could impact the design of that system.

Tuesday, October 27, 2009

Reader Comment 10-26-09 Awareness

Last night a reader, cardrunners, left a comment on my blog earlier this month on the release of the “8 Signs of Terrorism” video. Cardrunners wrote: “[John] Elway seemed to have very genuine intentions of creating awareness of a serious issue in this country.” I was never a John Elway fan (Joe Montana was the best) and have not followed his career since he left football, so I am not qualified to even make a guess as to his motivation. If he is a true believer as cardrunners supposes, all the better. From a PR point of view, however, there is no doubt that having John Elway as a sponsor of the public service production is a great thing. He has great name recognition in Colorado and is apparently still well respected in that State. If that gets even some people to pay attention to the video message, that is an important contribution, regardless of the motivation. As I noted in the original blog, this is not the first time that this type video has been produced. I have watched earlier versions from Nevada and Michigan. The production values vary, but they all have a similar and valuable message. The more often this message gets put in front of the public the better.

NDWAC Meeting 11-11-09

Yesterday the Environmental Protection Agency posted a notice in the Federal Register announcing that the National Drinking Water Advisory Council would be holding a three day meeting starting on November 11th in Philadelphia, PA. As one might expect seeing the notice in this blog, one of the subjects on the agenda is water security. Given the recent legislative progress being made on passage of HR 3258, the Drinking Water Security Act of 2009, this should not be unexpected. The meeting is open to the public and the NDWAC encourages public participation in the meeting. A one-hour period, 11:30 to 12:30, on November 12th has been set aside for 5 minute oral presentations. The Committee asks that there only be one presentation per group or organization. Presenters need to notify Veronica Blette (202-564-4094) no later than November 4th. Written matter to be considered by the Committee needs to be sent to Ms. Blette by the same date. Written matter can be sent by email (blette.veronica@epa.gov) or mailed to: U.S. Environmental Protection Agency Office of Ground Water and Drinking Water (MC 4601M) 1200 Pennsylvania Avenue, NW. Washington, DC 20460

Monday, October 26, 2009

Ammonium Nitrate Regulations

A recent article on the ABCNews.go.com web site reported on an unusual bipartisan security concern being voiced by the House Homeland Security Committee. Both Chairman Thompson and Ranking Member King were complaining about the lack of progress being made on establishing regulations to control the sale and transfer of ammonium nitrate, a prime raw material for historically significant improvised explosive devices. Congress added special provisions to the DHS FY 2008 appropriations bill authorizing the Secretary to develop regulations controlling the sale and transfer of this very common IED precursor chemical. As I noted almost two years ago §563 required DHS to publish a final rule on ammonium nitrate by 12-26-08, but DHS was only able get the comment period of their Advanced Notice of Proposed Rule Making (ANPRM) done by that date. In another blog late last year I laid out a wide variety of other requirements that had gotten in the way of the ability of DHS to take timely action on the preparation of that ANPRM. Since that time, the ISCD has had to continue working on the ammonium nitrate regulations while they were expending a great deal of time producing the final version of the Risk Based Performance Standards Guidance document, two SVA manuals and the SVA CSAT tool. All the while they were also executing a number of public outreach programs to explain the CFATS regulations and the Site Security Plan implementation schedule while dealing with numerous requests for compliance assistance visits. I did a series of blogs late last year (11-07-08, 12-05-08, 12-12-08, 12-19-08, 12-26-08, 01-09-09, and 01-30-09) on the comments received about the ANPRM. The comments expressed the expected concerns about regulation stifling the legitimate use of ammonium nitrate, but they also raised a number of important issues that would need to be addressed in the eventual regulations. As I pointed out on a number of occasions, DHS would have its work cut out for it dealing with the issues that Congress never envisioned when they required the regulations to be developed. DHS has been working closely with the potentially regulated community to insure that while the regulations restrict the access of potential terrorists to this potent IED precursor, it does not unduly restrict the legitimate end users of ammonium nitrate fertilizers, commercial explosives and other minor uses. Since DHS hopes to have the final regulations in place before the next fertilizer application season next spring, it is important to get the bugs worked out in advance. According to the ABC web article, DHS has essentially completed the draft of the Notice of Proposed Rule Making (NPRM), the next stage in the regulatory development process. As soon as the internal review is completed by the Obama Administration, the NPRM will be published in the Federal Register. Obviously, I will report on that as soon as I see it.

CSAT FAQ Update 10-23-09

Last week DHS updated a fairly large number of their responses to Frequently Asked Questions on the CSAT FAQ page. The questions addressed include: 103: I am a member of a media organization seeking information about CSAT. Who should I contact? 453: Relating to Mission Critical Chemicals, what is the National Emergency Production Rate? 459: How can I print the completed Top-Screen, SVA, or SSP? How can I print the completed Top-Screen, SVA, or SSP? 1392: How do I transfer my account or reassign my user role? 1405: How will I know the agricultural extension has been lifted and what to do next? 1508: Where can I find more thorough descriptions of the attack scenarios? 1517: I completed my CVI training. Why does it take me back to CVI training when I log into my Top Screen or SVA? 1608: What is the format for entering my CVI authorization number when I am prompted for it, for example,during CVI training? 1609: I need assistance navigating through the CSAT application. However, I am not a registered CSAT user. 1617: Why does CSAT log me off prior to the 20 minute timeout period? 1618: How do I access and acknowledge CSAT letters (for example, my facility's tiering letter)? 1644: What should be done with my CVI Authorization User Number? 1645: Do I need to report chlorine bleach (sodium hypochlorite) as Chlorine on the CSAT Top-Screen? A number of these, according to my records, are new entries on the CSAT FAQ page. As such they should probably be read by all CSAT users just to make sure that they understand current CFATS policy. These new questions are: 405, 459, 1517, 1608, 1617, 1618, 1609, 1644, and 1645. Of these nine new questions four of them are particularly interesting. Agriculture Extension The answer to question 1405 about the change in status of the Agriculture extension is important, in and of itself, but it also provides some valuable advice for tracking any changes in the CFATS regulations. First it provides the link to the source page for CFATS on the DHS web site, http://www.dhs.gov/chemicalsecurity, where one can sign up for email notification of changes to that web site. Second it provides a link to the www.regulations.gov web site where you can sign up to be notified of changes to specific dockets; in this case docket number DHS-2006-0073. This will provide email notification of official changes to the CFATS program. CVI Authorization Number Question 1608 provides a good description of the format for the CVI Authorization Number that everyone receives upon completion of the online CVI training. The number comes in two distinct parts; first the date the training was completed and the second part is the sequential number assigned to each authorized user. Both portions are required to be entered in separate boxes when a user is required to provide authentication of authorization to use CSAT applications. Question 1644 addresses a non-procedural question about the protection of CVI numbers. DHS ISCD recommends that authorized users need to protect their CVI number the same way that they would protect their driver’s license number or credit card numbers; sharing the number only with trusted organizations and people. IP Addresses Question 1617 deals with something that is normally transparent to most internet users; your computer’s IP Address. It seems that many corporate IT programs use multiple ‘proxy servers’ to provide protection of individual computers from malicious attacks. Switching IP addresses during extended stays on the internet is one way of using these proxy servers to protect corporate computers. Unfortunately, changing the IP address during a session on one of the CSAT applications causes the DHS computer to shut down access, to protect the DHS computer from attack. The answer to question 1617 provides a detailed discussion of how to deal with this problem. You would suspect this is the reason you are being kicked off CSAT when you receive a "504 Proxy Server Error" notification. Interesting Response Revisions Most of the revised questions have relatively minor changes to the previously provided response to the FAQ. There are two questions that the changes made to the responses are worth discussing. Question 453 provides a much more detailed description of what to consider when a facility determines its National Emergency Production Rate for their Top Screen submission. This answer is well worth reading before a facility re-submits or submits their first Top Screen. One change I’m not really sure was productive was removing the link provided to the Census page referenced in the explanation. In the old response that link, http://www.census.gov/cir/www/mqc1pag2.html, was provided. Question 1508 addresses the issue of access to the details of the SVA attack scenarios. The new change keeps the explanation that this information is only available to authorized users working on an active SVA. It removes the instruction to contact the Help Desk for assistance in finding the document. The only assistance provided for locating the document is noting that it is “available in the CVI Document Vault”.

Hearings Week of 10-26-09

There is only one Congressional hearing currently scheduled this week that will be of interest to the chemical security community. This is a business meeting of the Senate Homeland Security and Government Operations community to be held on Wednesday, 10-28-09, at 10:00 am EDT. The agenda looks like it will be a lengthy meeting with a number of nominations and bills naming post offices to be considered. There will be two bills (among a number of others) that will be marked up; S 1649, the Weapons of Mass Destruction (WMD) Prevention and Preparedness Act of 2009, and HR 553, the Reducing Over-Classification Act of 2009. I have covered the Senate bill briefly in an earlier blog. HR 553 was pushed quickly through the House in February and I didn’t get a chance to take a good look at it, but it is very similar to a bill that was introduced by Rep Harmon (D, CA) last year. It would require the Secretary of Homeland Security to develop a strategy to prevent the over-classification of homeland security information and encourage the sharing of that information; both could ultimately affect CFATS information sharing. I’ll take a closer look at it after the Senate hearing. HR 2868 No word yet when the Rules Committee will hold their hearing on HR 2868. I would expect that we will see a hearing later this week or early next week. This hearing would be important because it could spell out how the House will deal with the competing versions of the bill being reported. More on that later.

CFATS and the Fire in Puerto Rico

With the Caribbean Petroleum Corporation's fuel storage depot fire in Bayamon, PR essentially out and the investigation into the cause just barely beginning, it does appear that this fire may have a significant impact on CFATS enforcement. What the Chemical Safety Board is calling a “major explosion [emphasis added] and fire at a petroleum storage facility” may provide the definitive answer to the question of whether or not gasoline is capable of forming a ‘vapor cloud explosion’. This is important because the petroleum industry is currently claiming that fuel storage facilities should not be considered high-risk facilities because of the low chance of a gasoline release resulting in a vapor cloud explosion. Providing fuel storage facilities a blanket removal from consideration as potential high-risk facilities would allow the fuel distribution industry to continue their current practice of providing only minimal security measures at such facilities.

Friday, October 23, 2009

Reader Comment 10-21-09 Uncertainty

On Wednesday evening our good friend Anonymous posted the following comment to my earlier blog posting on the uncertainty principal in CFATS:
“Lack of certainty isn't only tied to the legislative action. All of CFATS is only a rule based on Section 550. 550 is not very specific. DHS could come out with a proposed new CFATS rule tomorrow with a whole new set of RBPS. It would have to go through the rulemaking process, but it could happen, especially with a new administration.”
Anonymous is legally correct, the broad mandate of the §550 authorization provides a great deal of discretion to the Secretary as to the shape and scope of the resulting regulations. But one does not even have to look for a re-writing of the CFATS regulations, a simple programming change in the Top Screen evaluation program and you could see a significant change in the Tier Ranking System. You could double (or halve) the number of High-Risk facilities with little fanfare and no notice. After all, §550 gives the Secretary sole authority to determine what facilities are at ‘high-risk’ of terrorist attack. This is the conundrum that faces Congress whenever it crafts legislation creating a new regulatory scheme. It can either be very specific in the rules that are to be established or it can provide a broad mandate. A broad mandate gives the Executive branch the maximum flexibility to establish a responsive regulatory framework. A specific set of narrowly crafted requirements almost ensures that the Executive’s regulations will have unnoticed holes and unintended consequences. There are, of course, a wide variety of checks and balances written into our Constitution and reinforced in the regulatory framework established on that base over the years. There are rules that govern the regulatory process and an Administration that violates those rules faces both the wrath of Congress and the Courts. When Congress and the Executive are of the same point of view, the Courts still exist to hamper the potential abuses of power of the majority. And, finally, the voters ultimately control who holds that legislative and executive power. As any student of American history could quickly point out, the system is not perfect and there are numerous examples that could be pointed to as exemplars of the abuse of executive power. The ebb and flow of political power in this country has, however, corrected the most egregious examples of that abuse. This is why business leaders generally behave as if the current regulations will be fairly and reliably enforced. This provides the framework for their long term business decisions. This is one of the unspoken reasons that much of the chemical manufacturing establishment generally opposes sweeping changes to the CFATS regulations. While the current regulations may be expensive and complex, they are at least known. Significant changes in the authority upon which those regulations are based will inevitably result in large and somewhat unpredictable changes in the regulatory scheme in which these companies must work

Thursday, October 22, 2009

NSTAC Teleconference 11-19-09

DHS announced yesterday that the President’s National Security Telecommunications Advisory Committee will be holding a teleconference on November 19th. Portions of the teleconference will be open to the public. The public portion of the teleconference will be followed by closed session to discuss classified matters and sensitive business information. According to the Federal Register notice the “NSTAC advises the President on issues and problems related to implementing national security and emergency preparedness telecommunications policy” (74 FR 54061). The public agenda for this meeting includes:
Government stakeholder comments, A discussion and vote on the Satellite Task Force Report, and A discussion of the January-May portion of the NSTAC Work Plan.
Anyone wanting access to the teleconference needs to contact Ms. Sue Daage at (703) 235-5526 or by e-mail at sue.daage@dhs.gov by 5 p.m. November 12, 2009. Personnel wishing to submit comments or information to be considered by the committee needs to submit the material by November 30th. Submissions can be made via www.regulations.com (Docket NCS-2009-0004).

Reader Comment 10-20-09 Generalities

Like many bloggers that have full time jobs, I sometimes get in a hurry when I write a blog post. When that happens I frequently get a little careless in my use of generalities in describing various situations. Well, last Tuesday a reader, Anonymous, caught me and called me to task. The comment is a little too long to re-post here, but you can find it appended to the end of my post, "IST and TIC Manufacturers".

I certainly admit that not all large companies have good safety or security programs. Anonymous’ example of Bayer CropScience is certainly an excellent example of a facility that has very questionable and objectionable safety processes. The point that I was trying to make was that large companies have adequate resources that are a prerequisite for good safety and security programs. The fact that some (more than a few readers would say ‘many’) do not use those resources in a way that benefits the welfare of their employees and neighbors is the reason that we need a strong oversight capability from the Federal government.

Likewise, smaller companies with their limited resources, generally have a harder time putting adequate security programs into place. The fact that a small facility can be at particularly high-risk facility because of the chemicals on site makes this a particularly dangerous combination. Having said that, I am sure that there are small high-risk facilities that have made very efficient use of their resources to effect a perfectly good security program. These facilities deserve recognition that, for security reasons, they will never adequately receive.

Finally, I certainly did not intend to imply that simply requiring facilities to conduct an IST assessment will result in the wholesale conversion of facilities to less hazardous processes. There are very many, probably most, facilities that use very dangerous chemicals that, for a variety of technical and financial reasons, will never be able to convert to safer chemicals or processes. What I wanted to call attention to is that for facilities that do not have the internal expertise to do a real, in-depth process safety analysis (which is what an IST assessment really is), there is no way for them to identify an IST alternative.

Requiring them to get an assessment done, almost certainly by outside consultants, might reveal to them a safer, more economical way to get their jobs done. If a clearly beneficial IST is identified in such an assessment, companies will implement them. Anyone that believes that chemical companies, as a matter of course, conduct ‘real, in-depth process safety analysis’ of process before it is started up are in for a rude awakening. Just read the Chemical Safety Board report on the explosion at the T2 facility in Florida.

Usually the quality of such PSAs is reflective of the resources available and thus the facility size. But, large companies have certainly been known to cut corners, see the multiple problems at the BP facility in Texas City. Again, this is why strong enforcement action is necessary. In closing, thanks to Anonymous for calling me out on my gross use of generalizations. Even bloggers need the occasional inspection report to keep them on the straight and narrow.

Wednesday, October 21, 2009

HR 2868 and HR 3258 Markup 10-21-09

Today the full House Energy and Commerce Committee conducted a markup hearing on four pieces of legislation, two of which are of direct interest to the chemical security community; HR 2868 and HR 3258. Both bills, after amendment, were individually ordered to be reported favorably. Republican members of the Committee were given the required two days to prepare a minority report on each bill to be submitted as part of the Committee reports. HR 3258 was approved on a voice vote and HR 2868 was approved on a recorded vote of 29-18. In today’s blog I’m just going to look at the revised provisions of HR 2868. I’ll leave HR 3258 for another day. HR 2868 as Amended Mr. Markey (D, MA) offered an amendment ‘in the nature of a substitute’, Congressional short hand for a large number of changes. Most of the changes were minor, technical changes. There were two changes made to the IST provisions of the legislation. The first was small, but significant and the latter was larger and probably not as significant. In the version of the bill reported by the Energy and Environment Subcommittee last week the proposed revision provided for the Director of the Office of Chemical Security to require a facility to implement an IST provision “based in part on an assessment conducted pursuant to subsection (a)” {§2111(b)(1)(A)}. This implied that the Director could ‘make-up’ an IST provision that had not been reviewed by the facility. Mr. Markey’s amendment removed that language, returning to the older version that allowed the Director to require an IST implementation “using the assessment conducted pursuant to subsection (a)”. The second revision was the addition of §2111(c). This provided that the Secretary would provide guidance to ‘Farm Supplies Merchant Wholesalers’ (FSMW), “tools, methodologies or computer software” to aid such wholesalers in complying with the IST requirements of this legislation. Once again, the agricultural special interests have managed to carve out special treatment under the chemical facility security rules. Background Checks for Employee Representatives Only two other amendments to HR 2868 were accepted by the Committee. Mr. Scalise (R, LA) was allowed to add language that required that ‘employee representatives’ that would participate in the security process at a facility would be required to undergo the same background checks as would the employees of the facility with similar access. The inclusion of the words “including any designated employee representatives” to §2115(a)(1)(B)(ii) insure that there is no confusion about the status of labor representatives involved in the security process. Just a quick side note; there should probably be similar language for contractors and consultants, just to be fair. As I noted in my discussion of last year’s HR 5577 employee representative provisions, the regulations for the personnel surety of employee representatives (and contractors and consultants) will be difficult to write and enforce. Labor unions would be very reluctant to provide personal information on their employees to facility management. Would union (contractor, consultant) management then be held responsible for the conduct of the background check? Would they certify that check to the facility security officer or DHS? If there were potentially disqualifying information found in the check would the employer (union, contractor, or consultant) make the access decision or would the facility? These are just some of the tough questions that will have to be addressed in developing these regulations. Agriculture Strikes Again The only other amendment to HR 2868 that was approved today was one offered by Mr. Ross (D, AR) and Mr. Space (D, OH). They wanted further special treatment for the agriculture industry and modified Mr. Markey’s agricultural amendment. They added a grant program to assist FSMW with conducting their IST assessments. They also added ‘aerial commercial applicators’ to the definition of FSMW. They also included language requiring DHS to prepare a report to Congress on the affect of these regulations on FSMW. It would include the number of FSMW that were covered facilities under the CFATS rules and how many of those were Tier 1 and Tier 2 facilities. More importantly it would require the Secretary to identify known IST methods for FSMW that did not require the elimination of pesticides or fertilizers, including the assessment of costs of implementation and the evaluation of technical feasibility. It just goes to show that the conventional chemical industry (ACC, SOCMA, NPRA, etc) are rank amateurs in their lobbying efforts. Instead of lobbying against the IST provisions that they objected to, they just should have insisted that DHS do the assessments for them, being careful not to identify anything that would require them to give up any hazardous or toxic chemicals, and then provide the chemical industry grants for using the DHS assessments. The Way Forward The Energy and Commerce Committee report cannot be filed before the 23rd. When the report is filed, there will be two different ‘as amended’ versions of the bill. I do not know how the differences will be resolved. I assume that there will be some sort of ad hoc committee formed to ‘reconcile’ the two versions of the bill. That will provide a third report on the bill. There is a long way to go before we will know how this bill will turn out. It is not clear that this bill can clear the House before Congress adjourns for the year. If the bill has not completed its journey through both the House and the Senate before that date, the whole process will start all over again next year.

CFATS Uncertainty

As I noted last week on my personal blog, I was interviewed for two different articles on the CFATS program and the new legislation that may change that program over the next couple of years. Yesterday the first of those articles was posted on SecurityDirectorNews.com. That article by Leishen Stelter addresses the uncertainty that facilities are facing as they submit their first site security plans under CFATS. Risk Based Performance Standards The first uncertainty is due to the nature of the CFATS regulations and their authorizing legislation. Since Congress forbade DHS from specifying security measures that could be required for SSP approval, DHS was only able to outline 18 risk based performance standards (RBPS) that the facilities were required to address in their site security plan. To help facilities adequately address those performance standards, DHS published the Risk Based Performance Standards Guidance document. Because of the requirements of the authorizing legislation (§550 of the FY2007 DHS Appropriations Bill) the metrics provided for each of the 18 RBPS in the Guidance are less than precise in their specifications. Each one uses descriptive phrases to describe what must be accomplished rather than clearly measurable requirements of what must be done. This means that as each facility Submitter clicks on the ‘submit’ once their SSP submission is complete, there is an inherent uncertainty as to whether or not DHS will view the SSP as adequate. In December, DHS is scheduled to start sending inspection team to the Tier 1 facilities that completed their SSP submissions last month. If the inspectors bless the plans the facilities will know that they interpreted the Guidance document correctly. It is not clear that facilities with an unapproved SSP will receive anymore detailed guidance on how to correct their deficiencies; §550 still rules. The lower ranked tiers take little consolation from the fact that Tier 1 facilities will get their SSP’s evaluated first. Because of the Chemical-Terrorism Vulnerability Assessment rules that restrict sharing of facility security information, the follow on tiers will get little additional guidance from the inspections being conducted on the higher risk tiers. CFATA Legislation To add to that confusion, Congress is still in the process of trying to craft a permanent and ‘comprehensive’ authorization for the CFATS program. The current §550 authorization for CFATS expires on October 31st. The FY 2010 DHS Appropriations bill that was just sent to President Obama yesterday will provide an additional 11 months of extension for that authorization while Congress bangs out the details of the new legislation. What seems clear at this point in the legislative process is that the Democratic leadership of the House of Representatives is convinced that a Chemical Facility Anti-Terrorism Act should address a number of perceived deficiencies in the original authorization for CFATS. The current legislation working its way through the House committee process will result in a number of significant changes in the way that DHS will regulate chemical facility security. What those changes will be has yet to be determined by the political process. So, while high-risk chemical facilities are working hard on getting their SSP’s submitted and approved, they are also watching the political process change the landscape of their regulatory world. As they spend money on installing security equipment that may or may not be adequate for the current regulations, they face the prospect that even those vague requirements are in the process of changing. The only saving grace is that even if the current legislation were approved tomorrow, it would be at least 18 months before the new regulations will go into effect. So, the facility security teams working on their SSP need to ignore, for now, the political machinations that will affect their next iteration of the SSP process. They need to concentrate their work on finalizing their current SSP; leave upper management to worry about the final wording of the final CFATA legislation.

Tuesday, October 20, 2009

HR 2892 to President Obama

This afternoon the Senate Appropriations Committee posted a press release on their web site announcing that HR 2892 had passed today in the Senate by a vote of 79 to 19. The bill now goes to the President for signature. The President effectively has 10 days to sign the bill to avoid having the Department of Homeland Security budget tied up in another potential continuing resolution. For the chemical community the most important provision in this bill is, appropriately, §550 that extends the current CFATS authorization until October 4th, 2010. The Administration proposed this provision in their DHS budget request to allow Congress to continue working on the development of permanent authorizing legislation. I’ll do a detailed look at the other provisions of the legislation that will apply to the chemical security community at a later date.

HR 2868 and HR 3258 Full Committee Markup

The Energy and Commerce Committee will hold their full committee markup of HR 2868 and HR 3258 on Wednesday, October 21st, at 10:00 am EDT. Also included in the hearing will be the less controversial HR 3276 and HR 2190. This information just appeared on the Committee web site late this morning.

IST and TIC Manufacturers

As could be expected, Greenpeace was less than happy to hear that provisions of the HR 2868 markup in the Energy and Environment Subcommittee last week would limit the number of facilities covered by the IST mandate provisions to only 107 high-risk chemical facilities. While it is not clear to me that the provisions will actually be effective in reducing the number of facilities covered, the 107 facilities potentially remaining will be those which house significant amounts of chemicals that Greenpeace and their fellow environmental and labor groups have been fighting the hardest against; the toxic chemicals that are most likely to produce disastrous affects on large urban populations. I hope that Greenpeace, et al, realize that almost 15% of the facilities on the list will get an automatic bye on the IST mandate. These are the facilities that produce the toxic inhalation hazard (TIH) chemicals. Since even the base legislation (which Greenpeace actively promoted) provided an economic viability exclusion, the IST evaluation for facilities that produce and sell TIH chemicals will be no more than a look at inventory control practices at the facility. There will be no need to look at alternate manufacturing or alternative chemicals at those facilities.
NOTE: The 15% figure is based on the assumed 107 facilities being covered under the new regulations and 16 manufacturers. The manufacturer data is taken from the CAP “Chemistry 101” pamphlet’s Appendix A and Appendix B.
Any distribution or repackaging facilities on the list of 107 should be able to justify a similar cursory review of inventory control practices. Again, since their business is based on the sale of these chemicals, any mandated reduction in the volume sold would have an adverse affect on their business. Some might say that on-site production of these chemicals would reduce the volume of the TIH chemicals at the location, but distributors typically work on tight margins and would find the capital expenditure to add production capability very difficult to justify financially. The Worth of IST Where the IST language in this legislation will be most useful will be in the requirement for Tier 3 and Tier 4 facilities to conduct an IST evaluation. While the large chemical companies routinely review their safety and security programs to reduce their risks, smaller chemical companies and facilities typically continue to operate the way they always have. This operational inertia is not caused by malfeasance or an evil disregard for safety, but rather a limit of resources to conduct the necessary evaluations. Adding the requirement is going to force many of these smaller facilities to go to outside contractors to conduct reasonable IST assessments. In those situations where the assessments clearly indicate an economically viable method to reduce risk, most facilities will not require a federal mandate to execute the change.

HR 2892 Back to Senate

The Senate will begin consideration of HR 2892, the Department of Homeland Security Appropriations Act 2010, this morning. While passage of conference reports is usually a formality, the inclusion of language in this Conference Report that allows for transfer of the Guantanamo Detainees into the United States for trial might cause problems for this bill. There has been significant opposition to bringing detainees from Gitmo into the United States for any reason among Republicans and moderate Democrats. State side trials for some of the detainees is a key part of the Obama Administration’s plan for the closure of the Guantanamo Bay facility, so it will be interesting to see if Sen. Reid can hold together a coalition of Democrats and moderate Republicans to get a cloture vote on the debate for this bill. LATE NOTE (8:26 am - 10-20-09): There will be no cloture vote necessary on the HR 2868 Conference Report. Yesterday’s Congressional Record Daily Digest (pg D1194) includes the following description of today’s planned proceedings:
“A unanimous-consent-time agreement was reached providing that at approximately 11:30 a.m., on Tuesday, October 20, 2009, Senate begin consideration of the conference report to accompany H.R. 2892, making appropriations for the Department of Homeland Security for the fiscal year ending September 30, 2010, with debate on the conference report limited to three hours and 15 minutes”.

Monday, October 19, 2009

National Rail Plan

The Federal Railroad Administration (FRA) recently posted a copy of their Preliminary National Rail Plan (PNRP) to their web site. The production of this preliminary plan was required by the Passenger Rail Investment and Improvement Act of 2008 (PRIIA). According to the Executive Summary (pg 1) of the PNRP:
“This Preliminary Plan lays the groundwork for developing policies to improve the U.S. transportation system. Its goals are consistent with the top goals of the U.S. Department of Transportation’s (DOT): to improve safety, to foster livable communities, to increase the economic competitiveness of the United States, and to promote sustainable transportation. The important attributes of rail—safety, fuel efficiency, and environmental benefits—can meaningfully assist in achieving these goals.”
The FRA is clear that this document does not provide a great deal of detail on how that organization intends to improve rail transportation. They note that the PNRP does not provide details on the development of the National Rail Plan (NRP), but rather “it is designed to create a springboard for further discussion” (pg 2). It does note that the development of the full blown NRP can only take place with “input from the States, and freight railroads, who are expected to provide valuable information and perspectives. The end focus is on the shippers and riders who use the rail system.” It would seem to me that this ‘end focus’ can only be met with input from the ‘shippers and riders’ who will be served by the system. PNRP and Hazardous Chemicals The chemical security community will find little in the PNRP that addresses the safety or security of chemical shipments. The only direct mention of hazardous materials shipments is found on page 13 where there is a brief discussion of the Positive Train Control (PTC) system requirements. If one reads the document closer, however, the following passage (pg 9) addresses a key problem with chemical safety and security issues.
“The privately owned freight rail system, however, must generally finance improvements through current cash flow based on expectations of future demand. Corporate railroads have a responsibility to generate income for their shareholders and look for ways to maximize their return on investment. However, activities that may provide a broad public benefit may not adequately contribute to (and may even harm) efforts to increase revenue or reduce expenses.”
This is one of the key reasons that the railroads have become the key corporate proponents of mandated inherently safer technology. They realize that they alone bear the full liability risk for release of toxic inhalation hazard (TIH) chemicals that are being hauled by the railroads. Shippers, on the other hand, maintain that they use safe shipping techniques and all recent major releases of TIH chemicals have been the result of railroad worker errors. This needs to be a major discussion point in the development of a true National Rail Plan. The liability issue for TIC shipments needs to be addressed in a way that benefits both the shippers and railroads. A starting point for that discussion could be a delineation of liability responsibility along the following lines:
Railroads would be liable for releases due to railroad issues, Shippers would be liable for releases due to packaging issues, and The Federal government would be liable for releases due to terrorist attacks.
A further aid to both the railroads and shippers would be a railroad transportation liability cap similar to that found with terrorism insurance. This would make liability insurance cheaper and easier to obtain for both the railroads and shippers. TIH Routing Issues The other chemical shipping issue that is completely ignored in the PNRP is the routing of TIH shipments around major urban areas. The shipment of these chemicals through cities is both a safety and a security issue. The current PIH routing rules are totally inadequate for keeping through shipments of TIH rail shipments out of major urban areas. While some improvement of the situation can be had by requiring carriers to use alternative routing via other carrier routes, this is not always possible due to the way cities grew up around rail terminals and along rail lines. Rerouting freight rail main lines around urban areas should be a major priority for the NRP. Moving Forward The TIH shipping community in particular and the chemical shipping community in general need to insure that their voices are heard during the development of the National Rail Plan. The FRA has promised to conduct a public outreach program to bring all shareholders into the development process, but due to the critical place rail shipments of chemicals has in the chemical industry, chemical rail shippers need to be proactive in insuring that their voices are heard.

Sunday, October 18, 2009

CG Authorization Bill

The second authorization bill for an agency of the Department of Homeland Security is moving towards a floor vote in the House. The Coast Guard Authorization Act of 2010 (HR 3619) was reported out of the House Transportation and Infrastructure Committee on Friday. The House Rules Committee has requested the submission of floor amendments by Wednesday morning in preparation for the Committee’s meeting to formulate the rule for early consideration of the bill. Most of the provisions of this bill are well beyond my area of expertise or interest. There are some provisions that will be of specific interest to the chemical security community. They deal principally with the Transportation Workers Identification Credential (TWIC), but also include a new classification of hazardous materials and some studies to be conducted by DHS. TWIC Provisions Section 1102 requires the Secretary to report to Congress on the results of the current pilot program for the use of TWIC Readers. This section also requires the GAO to review the report being submitted to Congress. While Congress will be waiting on this report the industry will be waiting for the publication of the TWIC Reader proposed rule that is also awaiting completion of this trial. Section 1112 deals with the reported problems of individuals finding a location where they can get their fingerprints taken to use for submitting an application for the TWIC. It will require DHS to establish procedures for allowing these fingerprints to be taken at any DHS operated or contracted facility that already performs fingerprinting of the public. This should ease one of the significant burdens of getting a TWIC application completed. Section 1118 requires the Secretary of DHS to establish biometric identification procedures for issuing TWIC where it is not possible to take or read an individual’s fingerprints. Section 1121 requires the Secretary of DHS to conduct an assessment of current TWIC enrollment sites with a view to keeping them open past September 29th, 2009 (a date which has fairly obviously already passed). Especially Hazardous Materials Section 1117(d) defines a new classification of hazardous materials for special protections under Coast Guard operations, especially hazardous materials (EHM). “The term ‘especially hazardous material’ means anhydrous ammonia, ammonium nitrate, chlorine, liquefied natural gas, liquefied petroleum gas, and any other substance identified by the Secretary of the department in which the Coast Guard is operating as an especially hazardous material.” Section 1117(b) provides a number of limitations on the formulation of future facility security plans for EHM terminals or shore side facilities servicing EHM tankers. These limitations include restrictions on the use of State or local government provided security forces. Miscellaneous Studies Section 1108 requires the Secretary of DHS to prepare a report to Congress “analyzing the threat, vulnerability, and consequence of a terrorist attack on gasoline and chemical cargo shipments in port areas in the United States”. There are no restrictions on the classification of the report, so it will almost certainly contain significant amounts of classified material. Hopefully, DHS will be able to share a sanitized version of this report with the regulated community. Section 1120 requires the Secretary to prepare a report to Congress on the extent of State and local government support for Coast Guard security functions in and around port areas. This will focus in large part on the training requirements for State and local law enforcement officers as compared to the training requirements for Coast Guard personnel performing the same functions. Moving Forward With the Rules Committee requiring the filing of amendments by Wednesday morning it is likely that the Rules Committee hearing on this legislation to take part late Wednesday afternoon or on Thursday. Typically this would mean that this legislation would reach the House Floor the following week.

Reader Reply 10-18-09 IST Changes

A continuing conversation on the recent IST changes made by Chairman Markey of the Energy and Environment Subcommittee in their markup hearing last week. Earlier posts in this conversation can be found at: HR 2868 IST Changed Reader Comment 10-16-09 IST Changes Reader Reply – 10-17-09 IST Changes Anonymous replied to the last posting, stating that: “Actually, materials circulated prior to the markup stated that the number of facilities covered BEFORE the change was made was 659. After the change, the number was reduced to 107.” If those numbers came directly (or reliably indirectly) from DHS, then we can proceed with a reasonable discussion of the issue. If DHS was not the source, there would be no one with reasonably complete information to produce reliable numbers. Individual facilities are not supposed to share that information, but I would suspect that they would report general Tier level assignments to the primary industry association that they would belong to, but no single organization represents more than a fraction of the covered facilities. Since I know that DHS ISCD has been working closely with the Committee staff on reworking HR 2868, I would assume that the numbers came from them and are thus reliable. The difference between the 659 number provided to the Committee and my 873 number is simply due to changes in facility status caused by downsizing, closings, and changes in chemicals and processes (yes industry does do voluntary IST where it is practical). Sue Armstrong alluded to this decrease in number of covered facilities and changes in tier rankings when she testified before the subcommittee on October 1st. Now, there is absolutely no way that DHS has ranked 552 Theft/Diversion facilities in Tier 1 and Tier 2, especially if there were only 650 facilities to start with. What I am forced to conclude is that most of the facilities removed from the Tier 1 and Tier 2 listing of facilities were facilities with Release Flammable and Release Explosive chemicals of interest (COI), this would leave 107 facilities that had significant amounts of Release Toxic COI that could possibly be required to implement IST changes to their operations. The only problem is that I see absolutely nothing in the wording of §2111(b)(1)(A) that would allow DHS to distinguish between Release Toxic COI and Release Flammable or Release Explosive COI. The wording of that section describes the facilities to which the authority to require IST implementation applies as being those Tier 1 and Tier 2 facilities that are assigned to that tier ranking “because of the potential extent and likelihood of death, injury, and serious adverse effects to human health, the environment, critical infrastructure, public health, homeland security, national security, and the national economy from a release of a substance of concern at the covered chemical facility”. If the wording of that statement had been restricted to ‘human health, public health or the environment’, one could make the argument that it would only apply to toxic materials. But including the terms ‘critical infrastructure’, ‘homeland security’, and ‘the national economy’ certainly seems to me to include flammable and explosive COI. The only other way around this dilemma would be to change the description of the category for Flammable and Explosive COI to something other than ‘Release’. It did always seem to me to that the term ‘Release’ with respect to Flammable and Explosive COI did not adequately describe the danger associated with these chemicals. It would not be sufficient with these chemicals to simply release them from their containment for it to be a successful terrorist attack. Conditions would have to be established to ensure their ignition under appropriate circumstances to result in a catastrophic explosion for the maximum effect of these chemicals to be felt. Release Toxic chemicals, on the other hand simply need to be released into the environment to do their nasty work. Unfortunately, there is nothing in the published record that indicates that DHS will be changing the categorization of flammable and explosive COI as release chemicals. So we can only read the written record and apply our judgments to that information. Based upon the written record, I stand by my opinion stated in my reply to the original comment by Anonymous; that the ‘concession’ on the types of facilities covered by the IST implementation rule under §2111(b)(1)(A) of the marked up version of HR 2868 is actually a nearly inconsequential change to that regulation, affecting to few facilities to be of any major impact.

Saturday, October 17, 2009

Reader Reply – 10-17-09 IST Changes

On Friday I responded to a reader comment about changes made to the IST provisions of HR 2868 in the Energy and Environment Subcommittee markup. The comment from Anonymous was that I had missed a significant change made in my earlier discussion. That change reduced the potential coverage of IST mandates to Tier 1 and 2 facilities with Release COI. I acknowledged (and detailed) that change, but opined that it wasn’t really significant because of the small number of facilities that it could potentially effect. On Saturday morning Anonymous posted the following reply to that opinion:
“The debate indicated that reducing the IST implementation universe of facilities to those in tiers 1 or 2 because of a risk of release (as opposed to theft or sabotage) greatly reduces the numbers of facilities that would be covered. Basically it means that the IST implementation authority would apply ONLY to the facilities that have large quantities of COI AND are located in areas where a release of the COI could hurt alot of people. This was a significant compromise on the part of Chairmen Markey and Waxman.”
It would appear that Anonymous (in this particular case any way) is someone that is close to the debate in the Energy and Commerce Committee, possibly even a committee staffer. While I lack any way of verifying that assumption, I will make that assumption for this discussion and will accept that someone told Waxman and Markey that such a change would ‘greatly reduce the number of facilities that would be covered’ by the provision while not limiting the practical effectiveness of the change. Having made clear my assumptions, lets look at the practical effect of this change. Tier 1 and Tier 2 Facilities First we have to understand that DHS has been very tight lipped about the procedure they use for making the decision to make a Top Screen reporting facility into a high-risk facility actually covered by CFATS and how those facilities are ranked into the four risk-based tiers. Chairmen Waxman and Markey may have been briefed on that decision making process, but I certainly haven’t. I can, however, make some reasonable guesses. The only publicly available information on the Tier rankings is the number of facilities that have been placed in each Tier. While those exact numbers change frequently as chemical inventories and processes change, for the purposes of this discussion I think we can safely use the figures that DHS briefed at this year’s Chemical Security Summit. According to slide number 4 of the DHS Chemical Facility Anti-Terrorism Standards Overview presentation there are 195 Tier 1 facilities and 678 Tier 2 facilities out of a total of 6,400 covered facilities. This means that there are 873 facilities out of the more than 30,000 facilities that submitted Top Screens that present the highest risk of terrorist attack. Presumably a successful attack on these facilities would wreck a savage toll on the surrounding communities, causing inconceivable amounts of death and destruction. Types of COI There are three categories of chemicals of interest (COI) that DHS uses in classifying threats to chemical facilities; Sabotage, Theft/Diversion, and Release. Of these three categories it is only the Release COI that poses an immediate danger in the event of a successful terrorist attack. The other two categories will be moved to another location where additional work must be done to make them into terrorist weapons. Most of the Theft/Diversion COI, for instance, are precursors to making chemical warfare agents or improvised explosives. The balance of that category are those chemicals that are themselves CW agents or explosives and are also listed, in larger quantities, as Release COI. Release COI are those toxic, flammable, or explosive chemicals that if released on site pose a great danger to the facility and local community. Of the three types of Release COI, arguably the most dangerous to the largest area are the toxic release chemicals. There are some of these toxic release COI that have potential calculated casualties in the hundreds of thousands. While the flammable and explosive release COI will probably not be responsible for anywhere near the number of casualties, the damage they can produce will be much more visibly impressive and produce longer term consequences due to their damage of critical infrastructure. Consequences of Successful Terrorist Attacks If we were to look at the almost 900 facilities that make the Tier 1/2 list of facilities, I would be willing to bet that DHS only included facilities that, if successfully attacked, would have immediate consequences on the largest number of people. This would require that the facilities would be near significant population centers and house large amounts of release COI. The other types of COI give DHS and law enforcement additional time after a successful attack to stop significant loss of life. That significantly reduces their risk. Furthermore, I would be willing to bet that the largest majority of Tier 1 facilities are those with significant amounts of Release Toxic COI. These toxic chemicals have a significantly larger area of lethal effect, pound for pound, than do Release Flammable COI or Release Explosive COI. The only way facilities with these chemicals would have a chance of making it to the small list of Tier 1 facilities is to have such large stores of these chemicals that, if successfully attacked, would produce an explosion of cataclysmic proportions. Limiting COI Requiring IST Now, back in February of this year I wrote that: “Restricting the mandatory IST provisions to just Release Toxic COI will undercut some of the industry opposition to IST since it will severely curtail the number of facilities that will face the prospect of implementing the IST provisions.” I also noted that the environmental and labor groups pushing hardest on the IST issue were focusing on toxic chemicals like chlorine, anhydrous ammonia, and hydrogen fluoride; focusing on Release Toxic COI would specifically satisfy their demands. If the people making the arguments to Chairmen Waxman and Markey were attempting to reduce the number of facilities that were exposed to the IST provisions, then they did not read my blog closely enough. Whatever political price they paid for the Waxman/Markey concession on this matter was much too high a price for what little they achieved. Messrs. Waxman and Markey, however, come out of this deal smelling like a rose. They made, practically speaking, a small concession covering a limited number of facilities and now look like statesmen. That is the stuff of politics played in the big leagues. I’m sorry that I had to blow their cover.

Friday, October 16, 2009

Reader Comment 10-16-09 IST Changes

Our good friend Anonymous left a comment on my earlier blog about changes made to HR 2868 by the Energy and Environment Subcommittee. Anonymous wrote: “You missed a big one. Mandatory IST only applies for facilities tiered 1 and 2 for release risk, not theft/diversion etc.” What Anonymous is referring to is the language in §2111(b)(1)(A) that reads in part:
“The owner or operator of a covered chemical facility that is assigned to tier 1 or tier 2 because of the potential extent and likelihood of death, injury, and serious adverse effects to human health, the environment, critical infrastructure, public health, homeland security, national security, and the national economy from a release of a substance of concern [emphasis added] at the covered chemical facility, shall implement methods to reduce the consequences of a terrorist attack on the chemical facility if the Director of the Office of Chemical Facility Security determines….”
The word ‘release’ would seem to eliminate facilities that did not have release toxic, flammable or explosive materials from consideration under this provision. As a practical matter however, this is not really a major change. Almost all of your Tier 1 or Tier 2 facilities and most of the Tier 3 facilities will have release COI. This is what places them in the highest risk categories. There may be an occasional facility that could make it to the higher tiers just because of the huge quantity of a theft/diversion COI but they would be few and far between.

Armed Guards

I had an interesting email conversation with a reader last week about the issue of armed guards at high-risk chemical facilities. The reader wanted to know my opinion about whether or not DHS would ‘require’ the use of armed guards for Tier 1 or 2 facilities. I did a series of postings on the subject over a year ago, but that was before the Risk Based Performance Standards Guidance document was published. Perhaps it is time to revisit the issue. 

Of course, DHS cannot ‘require’ any security measure in the approval of the facility’s Site Security Plan. This is specifically prohibited by the §550 authorization for the CFATS regulations. The real question is under what circumstances would DHS expect to see the use of armed guards to adequately address the Deter, Detect and Delay performance standard? 

Armed Guards and the Guidance Document 

The discussion portion of RBPS #4 in the Guidance document has very little to say about security guards. The single paragraph discussing armed guards (pg 53) states that:
“Protective forces are often used to enhance perimeter security and provide a means of deterrence, detection, delay, and response. Such forces can be proprietary or contracted and can be armed or unarmed. They may be qualified to interdict adversaries themselves or simply to deter and detect suspicious activities and to then call local law enforcement to provide an interdiction.”
Even in the metric portion of the Guidance document there is only a very limited discussion of security forces. Metric 4.1, Deterrence and Delay (General), briefly addresses ‘on-site security’ (pg 55) by stating, for Tier 1 facilities:
“Through a combination of on-site security, barriers and barricades, hardened targets, and well-coordinated security response planning, the facility has a very high likelihood of deterring an attack and/or delaying an attack for a sufficient period of time to allow appropriate security response.”
Other brief mentions of the use of security forces can be found in RBPS #1 and #2 where they describe such forces as ‘standing posts at critical assets’, ‘using remote surveillance’, or ‘conducting roving patrols’. No mention is made of the employment of armed personnel. Metric 3.1 mentions that access control points are manned by ‘security personnel’, but there is no discussion of whether or not they might be armed personnel. 

As one would expect, the SSP Questions Manual does not give much in the way of guidance. There are a number of questions listed about security forces (see pages 148 thru 152), including questions about what whether they are armed (for example: Q:10.33-15459, pg 149). None of these questions provides any hint of what DHS would like to see. There are a number of questions, however, in the facility information portion of the SSP about response capabilities, both on-site and off. On-site response questions include asking if the facility has snipers or ‘tactical response (combat)’ teams (pg 30). The off-site response questions are much more extensive and include questions about the local police force capabilities as well as their response time. The response time questions (pg 31) address both initial response (first officer on scene) and ‘tactical response’ times. 

Determining Need for Armed Guards 

Lacking specific guidance from DHS on when and where armed guards are ‘required’, how does a facility make the determination whether or not they need armed guards? To answer that we need to go back and look at the RBPS 4.1 Metric; for tier 1 facilities the need is for a security system that is capable of “delaying an attack for a sufficient period of time to allow appropriate security response”. 

First we need to understand what an ‘appropriate security response’ is. In large part this will depend on the COI at the facility. For Theft/Diversion COI an appropriate response may be the apprehension of the terrorists with the COI in their possession before they have a chance to employ them in a subsequent attack. For facilities with a large quantity of Release Toxic COI, an appropriate response would have to be one capable of stopping a successful release of that COI into the surrounding community. That response must be capable of stopping a determined and likely armed attack on the facility; this requires an armed response force. 

The next question the facility must answer is whether or not they are going to rely on on-site or off-site response forces for their ‘appropriate response’. If an off-site response force is going to be used for the final line of defense, the on-site security system (including security force) is going to have to be able to delay an attacker until that response force can arrive on scene, apprise themselves of the situation and assume a tactical position that maximizes the potential success of their mission. How much time that will be will vary according to the situation, but it can be determined with the gaming of a number of likely attack scenarios. 

Once the appropriate response time is determined, the facility simply needs to determine if their security devices, procedures and personnel are capable of delaying a determined attack for that length of time. The best way to determine this is to have tactically experienced personnel conduct a penetration exercise. Lacking that an evaluation by an independent security team not connected with the installation or maintenance of the security systems should be conducted. 

The bottom line is that if a toxic release COI is present in large enough volumes to present a threat to a relatively large off-site population, an armed response is going to be necessary to prevent a terrorist attack aimed at that COI. If the response force is on-site, it must be armed. If the response force is off-site, it may be necessary to have an on-site security force that is armed to delay the potential attack long enough for the response force to arrive and defeat the attackers.

Thursday, October 15, 2009

HR 2868 IST Changed

The Energy and Environment Subcommittee of the House Environment and Commerce Committee held the first markup hearing for HR 2868 in that committee. This is a major move forward, a step that was never reached in last year’s consideration of HR 5577. Various news reports indicate that the full committee markup will probably occur next week. All of the significant changes to the bill were made in the Manager’s Amendment proposed by Chairman Markey (D, MA). While that amendment made a large number of small changes, large changes were made to the IST, civil suits and background checks provisions of bill. It appears these changes were designed to broaden the potential support for (or at least reduce the opposition to) the bill. Inherently Safer Technology The IST provisions of the markup provide wins and losses for both sides in the debate. First the changes require the Department to consult with the local Captain of the Port before ordering an MTSA covered facility to implement an IST. Next the time to file an appeal of a mandate to implement IST, as well as the time for DHS to review such an appeal were both extended to 120 days. Finally, DHS is required to consult with “experts in the subjects of environmental health and safety, security, chemistry, design and engineering, process controls and implementation, maintenance, production and operations, chemical process safety, and occupational health” {§2111(b)(2)(B)}during the review of the appeal. All of these items were done to assuage the concerns of the chemical industry. To keep the environmentalists and labor groups from screaming about the weakening of the IST provisions, Chairman Markey changed the basis for the DHS decision process on mandating IST implementation. In the original bill the Secretary could only mandate the implementation of an IST technique identified by the facility as effective and feasible. The revised legislation moves the decision to the Director of the Office of Chemical Facility Security and allows more leeway in what IST techniques can be mandated. The new standard retains the standards of technical and financial feasibility and job retention. It specifically allows for the decision to be made at the discretion of the Director “based in part on an assessment conducted” {§2111(b)(1)(A)} by the facility. This provides for the prospect of the Director seeing and requiring an IST implementation that the facility ignored or overlooked. As a practical matter, it would be an unusual situation where the Director had sufficient information to require a facility to implement an IST technique not identified by the facility. This change also makes sure that the decision to require the implementation of IST is made by a career DHS employee rather than by a political appointee. Presumably this would insure that a professional is making the decision and not someone that is being swayed by the politics of the situation. Additionally, the phrase “in his or her discretion” {§2110(b)(1)(A)} exempts this decision from the citizen suit provisions of the legislation. Citizen Suits The Markey Amendment makes two significant changes to the Citizen Suits provisions of HR 2868. First it will restrict those citizen suits to suits filed against government entities. Even this would be limited in that it would be restricted to non-discretionary actions taken by the government. Where this would have its largest effect would be at Federally owned high-risk chemical facilities. It is not clear what facilities this would cover because §2112 still exempts DOD owned facilities and facilities regulated by the NRC. Instead of allowing citizens to sue privately owned facilities for non-compliance with this regulation, it would require the Secretary to establish a Citizen Petition process. This would provide a formal mechanism for private citizens to identify persons (including government agencies) that are “alleged to be in violation of any standard, regulation, condition, requirement, prohibition, plan, or order that has become effective under this title” {§2117(b)(1)} and to specify the alleged violation. The Secretary is required to investigate all of the alleged violations reported under this new procedure. Reports will be made back to the submitter of the initial support providing information, within the limitations of the information security requirements of the legislation, on the results of the investigation including any enforcement actions taken by the Secretary. To ensure transparency in the allegation review process the Secretary is required to allow the DHS Inspector General full access to the records of investigation. The one loophole that remains in this process is that there is no ‘at the discretion of the Secretary’ language in this section that would protect the Secretary against citizen suits under §2116 for failure to take actions under this section. Still, the non-government owned chemical facilities are being separated from the citizen suit process and should have no expectation that DHS would not investigate allegations of violations of the regulations prepared in support of this proposed legislation. Background Checks The background check section of the legislation {§2115} has undergone a major rewrite to increase the protections of employees in the background check process. Labor unions have long been concerned that the necessary personnel surety programs would be used by management to get rid of uncomfortable employees that are protected under a variety of labor laws. Most of these changes clarify what findings in a background check justify ‘adverse employment actions’ and better delineate the required redress procedures. The other issue that is addressed is the use of the TWIC card as a substitute for the required background checks under this regulation. To make sure that it is clear that no additional checks are necessary for TWIC holders the legislation specifically states {§2115(h)} that: “Such regulations shall provide that no security background check under this section is required for an individual holding a transportation security card issued under section 70105 of title 46, United States Code.” Not in the Revision I was surprised less at what was in the revised legislation than what was not in the bill. I expected to see an amendment removing waste water facilities from coverage under CFATS (to go the HR 3258 and EPA responsibility). Nor was there a provision authorizing the Secretary to use some form of staggered implementation of IST as was requested by DHS and the Administration. These may yet show up in the full committee markup, perhaps as early as next week. The provisions changed in the legislation yesterday should make the bill a little more palatable to industry, but I don’t think they will be enough to garner any significant number of Republican votes. It may, however make the bill easier to pass because it should be easier to convince moderate Democrats to follow the party line and vote for the bill. This will be especially important in the Senate. One final comment; I really appreciate the thorough web site that the House Energy and Commerce Committee maintains for recording these hearings. The markup web page provides copies of all of the amendments discussed in the hearing. This allows for a much better understanding of the proceedings. Chairman Waxman is to be commended on this innovative use of the Committee web site.

HR 2892 Rule

The House Rules Committee held their hearing today to develop the rule for the early consideration of the Conference Committee Report on HR 2892. The Committee prepared the resolution (H Res 829) that provides for one hour of debate on the HR 2892 Conference Report. One motion to recommit may be allowed, but no other intervening motions will be allowed. This will allow for a quick, final vote on HR 2892 after the debate is concluded. The Committee filed their report (H Rept 111-300), but it is not yet available on the Library of Congress or the GPO web site. It is likely that H Res 829 will be debated on Thursday or Friday. The Senate is not likely to take up the HR 2892 Conference until Friday at the earliest; more likely it will come next week.

Wednesday, October 14, 2009

DHS Privacy Impact Assessments

On Wednesday DHS published a notice in the Federal Register about a number of Privacy Impact Assessments (PIA) that were approved by DHS Privacy Office last spring. Of the twelve PIA listed in the notice two deal with the CFATS system. All of the PIA will be available on the DHS Privacy web site until December 14th. After that they will be available upon request to the privacy office (pia@dhs.gov). The two CSAT PIA are currently listed on the DHS Counterterrorism Laws and Regulations web page. There are a number of links on that page and it might be difficult to find the PIA links. The specific links are provided in the brief discussions below. The first of the CSAT PIA was designed to update the CSAT PIA for the addition of the Site Security Plan and the increased number of personnel that were authorized to be Preparers for that document. Additionally, the ‘new’ CSAT Tip Line was included as the Help Desk would be asking for voluntary submission of personal identification information (PII) when people made reports on the Tip Line. This PIA was approved June 5th. The second CSAT PIA was added to reflect the collection of PII from government employees and contractors to authorize their use of the CHEMS system. This is an internal DHS system that extracts facility contact information from CSAT and provides it to authorized government employees and contractors working on chemical facility security issues. CHEMS also allows these people to verify CVI status. This PIA was approved June 11th. Both of these PIA provide detailed information about how a variety of personal information collected by the CFATS program through the CSAT tool is used and protected by DHS. Everyone who has provided personal identification information through CSAT owes it to their own peace of mind to review these documents.
 
/* Use this with templates/template-twocol.html */