Wednesday, June 23, 2010

Reader Comment 06-23-10 Enforcement

Anonymous left a comment about my post earlier today concerning the enforcement action that DHS is taking against eighteen facilities that essentially refused to submit their site security plan. Anonymous provides some appropriately vague additional information that sounds like it is coming from an insider, writing:
“All 18 sites refused to turn in their SSP back in 2009. All of these sites had SSP deadlines prior to February. All were also issued warning letter after warning letter regarding the issue.”
Finally, Anonymous asks “what else CAN DHS do?” The legalistic answer, of course, is assess $25,000 per day fines and ultimately shut down the facilities. I’m sure that was not the intent of the question that Anonymous asked. Again, I sense the frustration of a DHS employee that I’m sure reflects the frustration of the leadership of the Infrastructure Security Compliance Division. DHS has worked hard to make the CFATS regulations work. They developed the initial framework in record time and worked hard to keep the regulated facilities in the loop during the development of the process. With each new process added to the program, they field tested their newly developed tools at some of the highest risk facilities in the country. Even after being tested and revised, the DHS people have been quick to correct and revise their tools to reflect the real world problems that can only be found during the enforcement process. This is not to say that industry has always been happy with the rules that came out of the CFATS process. From the beginning a number of groups attempted to bring political pressure to bear on DHS to go easy on them. Where there were legitimate reasons to ease the rules (most farmers are hardly terror targets so DHS gave them a temporary bye while they worked on the higher risk facilities first) DHS backed off. Where the reasons were less clear cut, DHS went to a formal comment process to get a clearer understanding of the issues. DHS has worked hard to keep the community informed about the process. They have gone to just about every possible venue where they could talk about CFATS to people that would actually be implementing the rules. They have gone to talk to industry groups and participated in webinars. They established a truly extensive frequently asked questions page and regularly updated the information on that page. They offered to conduct courtesy visits and routinely negotiated differences between what they wanted and facilities were able or willing to give. Finally, DHS has taken a great deal of heat about the slow pace of their inspections and approvals. They stoically stood and took the abuse for that, knowing full well that the reason that the process was taking longer than many people expected was that DHS was proactively living within the constraints set by Congress and taking pains not to try to specify procedures and equipment. Instead of taking the regulatorily easy route to enforcement, they have been negotiating appropriate security measures for facilities. So, with DHS taking great efforts to work with industry to come up with the appropriate ways of protecting facilities against terrorist attacks, they still run into 18 facilities that essentially thumb their nose at ISCD, the Federal Government and of course their neighbors. I understand the frustration but take heart, those 18 facilities are less than 1/3 of 1% of the universe of high-risk facilities. If that is the limit of the recalcitrant facilities they have to deal with, DHS can mark itself lucky. This is why sanctions were included in the CFATS regulations. DHS just needs to continue to slog on and apply those sanctions as they have done all of their work to date, professionally, dispassionately and effectively. If these facilities cannot come into the fold, fine them and shut them down. Don’t waste a great deal of time or effort; there are many more facilities that need and want the assistance that DHS can provide.

No comments:

/* Use this with templates/template-twocol.html */