Thursday, November 19, 2009

Academic Lab Security

In an earlier blog posting, while I discussed the proposed amendment to HR 2868 that would provide special treatment for academic labs, I mentioned an email from a reader who was upset about the American Chemical Society support for that amendment. The same reader, who wishes to remain anonymous to avoid professional conflicts, sent me another email on the subject after reading a recent piece in C&ENews about that ‘important’ addition to HR 2868. He makes the following point: “While indeed it is obvious what you said before about the STQs in academic labs deserving the same level of security. The fact that smaller quantities of hazardous substances would not be just as vulnerable as bulk quantities I think has firmly been proven wrong what with the incident in Denver, CO which did indeed involve a small quantity of a chemical of interest.” The reader, of course, refers to the purchase of small commercial quantities of hydrogen peroxide solution by a suspected terrorist at Denver area beauty supply stores for the alleged production of backpack explosives. While most of the public focus on CFATS has centered on large quantities of dangerous chemicals like chlorine gas, those regulations also look to regulate facilities that maintain smaller inventories of chemicals that can be stolen and used by terrorists to make improvised explosive devices (IED) or very deadly chemical warfare type chemicals.
NOTE: The hydrogen peroxide solutions involved in the Denver ‘incident’ were too dilute to be covered by the CFATS regulations. Whether or not this was a reasonable distinction in setting up Appendix A requirements will be left for a discussion in a future blog.
There may be some university labs that are covered under CFATS because of bulk inventories of Release COI (inventories typically in excess of 10,000 lbs), but most will be covered because of their smaller inventories of Theft/Diversion COI. Those inventories range from 2,000 lbs for some ammonium nitrate concentrations to 100g for actual CW gasses. According Rep. Olson (R, TX) during the floor debate on the amendment (Congressional Record, 11-6-09, pg H12529), there are 99 academic facilities that are currently high-risk facilities under CFATS and 23 of them fall in either Tier 1 or Tier 2. One Size Fits All Myth During the House floor debate of the Foster/Lujan Amendment Rep. Foster (D, IL) makes the statement that: “One-size-fits-all safety regulations only create more paperwork, more bureaucracy and more confusion without necessarily making us safer” (CR pg H12528). He is, of course, correct. This is one of the reasons that Congress, when they authorized CFATS, prohibited the Secretary from specifying any particular security measure as a pre-condition for approval of site security plans. The CFATS regulations are hardly a one-size-fits-all system. What it does do, however, is to assess the risk to the facility, the community and the country from a potential terrorist attack on a chemical facility. It established a very limited list of chemicals of interest that it would consider to be indicators of potential risk of terrorist attack and established a risk-based inventory level for those chemicals that would trigger an initial reporting requirement under the CFATS regulations. There is only a single, on-line form used to report that initial data, the Top Screen tool on CSAT. The Top Screen provides for filing information on the facility location and description, but the bulk of the questions deal with the inventory of selected chemicals that the facility has on hand. Academic institutions objected to this because it would require them to conduct actual inventories of chemicals that they had at their facility. Similarly, there is only a single SVA tool and a single SSP tool in CSAT. But, once again, these are only questionnaires asking questions about a facility’s security situation. Not all of the questions apply to every facility. In most cases a facility is not even required to respond to the questions that are not applicable, the default answer is that it does not apply or exist. There was no way that DHS could develop facility specific questions, not with 30,000+ facilities potentially being covered by the CFATS regulations. Alternative Security Plans DHS and Congress realized early on that there was no way that the CFATS program could adequately address all of the industry specific situations in their development of the facility security rules. DHS in their first draft of the CFATS regulations allowed as how they would favorably consider industry specific security plans; industry could develop security procedures that adhered to the principals set out by the Center for Chemical Process Safety and DHS would take cognizance of those procedures when they evaluated SVA’s and SSP’s. The Academic Community quickly asked DHS to develop an alternative security plan (ASP) for academic laboratories. DHS explained that they had neither the time, the manpower, nor the expertise to set up a plan specific to academic labs. They recommended that academia set up a committee to come up with their consensus standards. Academia demurred; it wasn’t their responsibility to be concerned with security. Security interfered with academic freedom; DHS should be responsible for that interference. The Coyle Academic Lab Security ASP Since neither DHS nor academia is interested in establishing an ASP for Academic Facilities, I will undertake the immense effort to do so; reader responses, questions and suggestions are welcome. The following is a general outline of the Coyle Academic Lab ASP (CAL ASP). Details will be developed in future blogs. Applicability: The following standards will only apply to academic labs with STQ amounts of theft/diversion COI (TDCOI) as defined in Appendix A to 6 CFR part 27. Facilities with STQ inventories of release COI or sabotage COI will not be covered under this ASP. General Requirements: The facility management will be responsible for ensuring that unaccompanied access to storage areas for TDCOI will be limited to qualified and vetted personnel. Personnel authorized unaccompanied access will be vetted in accordance with the DHS Risk-Based Performance Standards Guidance Document, RBPS #12. Facility Definition: TDCOI will only be stored in secured chemical storage facilities (SCSF); the SCSF will be the covered facility under CFATS regulations. TDCOI in excess of STQ quantities used in experiments in labs will be closely controlled by qualified and vetted personnel. When the lab is not in actual operation under such supervision, TDCOI will be returned to the secured chemical storage facility. Exceptions will be allowed for labs that meet the security requirements of SCSF. Security Requirements: TDCOI will be stored in locked containers within a high-security room within the SCSF. Entrances to the SCSF, the high-security room, and the individual locked containers will be monitored by video and at least one other intrusion detection device at all times. Monitoring will be done by Campus Security or Local Law Enforcement, as appropriate. Emergency Response Requirements: Campus Security, and all other emergency response personnel who are expected to respond to incidents at SCSF will be fully trained in the chemical and security hazards associated with the TDCOI stored in the SCSF. All potentially unauthorized access events will be reported immediately to local law enforcement and will be investigated by appropriate security personnel. All confirmed intrusions will be immediately reported to the FBI.

No comments:

/* Use this with templates/template-twocol.html */