ISCD Reorganization Continues

The house cleaning at ISCD continues in an apparent effort to get the CFATS program ‘back on track’. I learned this evening that Larry Stanton is one of the latest people to be moved on. Readers of this blog might remember a couple of posts from last year that Larry was working on the Department’s effort to figure out a reasonable way to implement some manner of tracking the voluntary implementation of inherently safer technology at high-risk chemical facilities. I haven’t heard anything about Stanton’s replacement, but I doubt that the person has acquired his expertise on the IST issue.

The way I understand the current situation is that every leadership position outside of the actual inspection force is made-up of temporary, acting personnel. This isn’t a problem of Congressional approval since none of these positions requires the ‘advice and consent’ of the Senate; they are all career positions. No the problem is finding people with the expertise in chemical security matters; this is a relatively new field after all.

Hiring people from the outside is nearly impossible. The few security people that understand chemical manufacturing are commanding much better salaries than the government will ever be able to pay working for large chemical companies. ISCD was forced to do what most mid-size and smaller chemical companies have had to do since 2007; train people with other valuable skills to be chemical security experts.

How We Got Here

Let’s review how we got to this untenable position. In December 2006 Congress told DHS to put together a chemical facility security program from scratch in six months. The only guidance provided by Congress was a series of things that DHS could not do. The Department accomplished the task of writing the regulations in near record time. They then developed a list of just over 300 chemicals that might make an industrial, commercial, educational or what ever facility a potential target for terrorist attack and established a minimum quantity for each of those chemicals that would make such an attack worth while.

Then the Department developed from scratch an innovative on-line data collection tool that allowed any facility with the covered chemicals to provide enough data to DHS to allow the initial determination of whether a facility holding the covered chemicals was in a position to be at a credible level of threat of being attacked by terrorists because of the chemicals made/used/stored on-site. In just a little over a year from the date of the Congressional mandate that allowed DHS to reduce over 30,000 possible facilities of concern to just over 7,000.

Next DHS developed, again from scratch, another innovative on-line data collection tool that allowed those 7,000+ facilities to provide additional data about their facility and surrounding community. This SVA tool allowed the folks at ISCD to make a final determination of the risk of terrorist attack and place covered facilities into one of four risk-based tiers.

Before DHS could require facilities to develop effective security programs they had to develop the standards by which effectiveness would be measured. Since Congress prohibited DHS from requiring any specific security measures, these standards not only had to be effective from a security point of view, but they also had to be politically correct as well. So, DHS wrote, published for comment and revised the Risk-Based Performance Standards (RBPS) Guidance Document; again it was done in record time.

All of this was being done while DHS had to fight political battles with at least two of the most powerful lobbying groups in American politics, the agriculture industry and the petrochemical industry. They partially caved before the Ag Lobby and mainly held against the gasoline people. Every thing considered it was a pretty impressive record for an upstart Executive Branch agency.

With one major objective left to accomplish ISCD made their first significant mistake. To collect data on site security plans they went back to the same type of innovative on-line data collection tool that had brought them so far so successfully. Unfortunately, the longest, most complex tool that they had developed to date just did not provide enough information for the Department to determine whether or not the site security plan was sufficient to meet the vague requirements of the RBPS.

Rather than go back and try to revamp that tool and making it complex enough to provide the necessary data, the management of ISCD decided to use the inspection force that was being under utilized waiting to begin inspecting facility compliance with their approved SSP. They sent those inspectors out to help the facilities develop the necessary data that would allow for the proper evaluation of the effectiveness of their site security plans.

It was only after that Pre-Authorization Inspection program was well under way that DHS realized that they had set themselves up for a nearly impossible situation. With 4,000+ facilities still in the program, there wasn’t going to be enough time to conduct all of the PAI’s necessary to get the SSP data needed for DHS to conduct their evaluations.

And Now What Do We Do?

So, like any bureaucracy, the management of NPPD decided to ignore all of the things that the management team at ISCD had done right and then decide that those same people were incapable of correcting the current problem. Move out all of the people that understood what had been done right to ensure that the interim team would not be distracted in their job of fixing the current problem. Make sure that anyone left remaining from the team that had done so much correctly knew that it was in their best interest to keep their mouths shut if they wanted to keep their jobs.

Fortunately for Under Secretary Beers, no one in Congress appears to notice. At least no one is really interested in asking any questions. With good reason; Congress couldn’t get its act together to provide real guidance on how the program should be established; wouldn’t provide the necessary resources, and spent more time arguing over who should have oversight responsibility than was spent on actual oversight of the program.

How else could a Congressional committee accept being told that ‘his people’ had been told that they would complete the remaining 41 Tier 1 PAI’s before the end of the year. No, he didn’t say that they would approve the remaining Tier 1 SSPs (4 have been approved, none have passed inspection) by the end of the year, but the 41 remaining PAI’s. At that rate it will be 30 years before all of the high-risk chemical facilities have approved and inspected security programs. GIVE. ME. A. BREAK.

What Needs to Be Done

Let’s bring back the team that did almost everything correctly. Apologize to them for over-reacting to their one, understandable, shortcoming. Tell them to do what they did with every other tool they developed; revise the tool to reflect what information is really needed from the facilities. Then provide the review resources that ISCD needs to evaluate the information. If you can’t increase the head count, then hire contractors to do the review.

Or you can always take the EPA/OSHA way to compliance. Have the high risk facilities certify that they have an adequate site security plan. Then, when a successful terrorist attack proves the certification wrong, you can send a team in to find all of the short comings and fine the hell out of them. Those fines always make the victims feel better.