Tuesday, August 30, 2011

Certain Dangerous Cargo Security

Back in July I did a post about two public meetings that the Coast Guard was scheduling to discuss their development of a strategy for the protection of Certain Dangerous Cargo (CDC) chemicals in the maritime environment. I was not able to watch either of the public meetings (web cast though they were; good job Coasties), but fortunately John C.W. Bennett over at the Maritime Transportation Security News and Views was. He has one of his typically detailed reports on the second of the two meetings in a recent post on his blog; well worth the read if you have any maritime exposure to these chemicals.

Prevention vs Mitigation

In any sort of risk reduction process there are two complementary approaches that can be taken, reducing the probability that the negative consequence event will happen (prevention) and reducing the negative consequences of the event if it does happen (mitigation). According to John, the Coast Guard addressed this dichotomy in their meetings;

“An interesting comment, to me at least, was the suggestion that if an area was good at consequence management, it might not need to devote as much effort to prevention (and vice versa)  This is a logical implication of the Risk Assessment Equation, Risk = Threat X Vulnerability X Consequence, but it isn’t usually suggested in the counter-terrorism context.”

The chemical industry is well familiar with dealing with these two sides of risk reduction in their process safety programs. There are numerous instances when there are just not enough ways to prevent (a single mode of prevention is never adequate) a safety incident so that mitigation measures must be addressed to achieve an acceptable level of safety. Since the element of ‘risk’ is the same in a security situation (with the exception that you are looking at intentional instead of accidental acts), the same considerations should apply.

While Risk Based Performance Standard (RBPS) 9 in the CFATS program deals with response to a security incident it doesn’t really address the issue of mitigation of the results of an attack. I’m encouraged to hear that the Coast Guard is at least considering this dichotomy in the development of their strategy.

Politically the Coast Guard is going to have an interesting fight on their hands if their plan includes a specific tradeoff between prevention and mitigation. The environmental folks (Greenpeace, etc) have never been comfortable with mitigation (or even prevention), they would much rather see the ‘dangerous chemicals’ outlawed. This is the whole basis for their campaign for ‘inherently safer technologies’ (IST).

Voluntary vs Mandated Standards

John notes that the Coast Guard strategy under development is looking at the issue of voluntary vs mandated standards and the integration of public and private security efforts. He writes:

“The Strategy is also looking at an “appropriate” mix of voluntary and mandatory standards.  It’s easier to adopt voluntary standards, but they don’t ensure consistent implementation.  Integration of public and private security is also envisioned, the questions being the right mix of private assets and how they are utilized.”

The chemical industry has been quick to point out in any forum where chemical security rules are discussed that they have spent huge sums of money increasing the security at their facilities in the wake of the 9/11 attacks. Industry organizations such as SOCMA and ACC have done a lot of work developing security standards to be integrated into their safety programs. The major shortcoming with these programs is that they only apply to organization members and any facility can opt out of the requirements by quitting the organization.

On the other hand, the use of mandatory standards is not without its own unique shortcomings. Mandatory programs always have to deal with the ‘compliance’ vs ‘real’ issue. In security the meeting of a set of minimum standards does not really ensure adequate security. But, most managers that are not well versed in security (and that probably includes the vast majority) will look at compliance as an adequate response.

This is further complicated by the fact that security requirements cannot be uniformly described for all facilities. Security for a 10,000 gallon anhydrous ammonia tank in an urban setting will have to be much more involved than that for a similar tank on an Iowa farm. The obvious response is to develop risk-based standards, but the problems that the ISCD folks are having with the implementation of their RBPS at CFATS facilities are at least partially traced to the use of risk-based standards. Trying to get agreement on the level of risk at any given facility certainly will cause conflict between the regulators and the regulated.

Security Response

We continue to have a discussion about the response to an armed attack on chemical facilities. John notes that one “commentator suggested that the Coast Guard could expect industry stakeholders to respond to a terrorist attack by following their Vessel and Facility Security Plans, but not by interdicting any aggressive forces, which would be a purely governmental function.” As I have noted in numerous posts in this blog, the chemical industry, for a number of legitimate and important reasons, is very reluctant (in many cases adamantly opposed) to provide for armed security on-site.

The CFATS program fails to deal with this issue and won’t even discuss the issue in their Guidance document. There are many reasons for this and an important one (beyond the industry stance) is that the folks at ISCD have no mandate or ability to regulate the response of local law enforcement personnel to an incident at a local chemical facility; the response capability used by almost every chemical facility covered under that program.

While any port side maritime program will also rely to some extent on local law enforcement agencies for their armed response to a terrorist attack, a major component of the typical response will include an armed Coast Guard response. That combined with the fact that CG Sector Commanders will already have a working relationship of some sort with local law enforcement agencies will ensure some level of coordination between the facility, the CG and LLE. It will be interesting to see how that discussion continues during the development of this strategy.

Moving Forward

The Coast Guard is required to report to Congress on the issues raised during the development of their strategy to secure the maritime transport of ‘especially hazardous cargo’ by October of this year and to adopt a strategy by April of next year. I’ll watch for progress in both areas and will certainly continue reporting on this area of chemical security. I’ll almost certainly also continue to refer readers to John’s blog as he continues his coverage.

No comments:

/* Use this with templates/template-twocol.html */