Sunday, September 11, 2011

9-11 Anniversary and CFATS

The memory of the 9-11attacks will always be inexorably linked to chemical security for me. I was working in a chemical manufacturing facility on that fateful day. As I split my time between my job as a plant chemist and as a horrified human being watching the day’s events unfold I started to look at the facility where I worked in an entirely new light.

I think that it would be useful today to look at how we have progressed in our handling of chemical security issues at high-risk chemical facilities since that fateful day ten years ago.

Potential Targets

With this attack it had become obvious that the American homeland was no longer safe from the inhumanity of terrorism that had been plaguing the rest of the world for so many years. With that realization came the thought that we now needed to think of places like the chemical plant where I worked as potential targets that needed to be protected and defended.

Many years earlier while studying urban combat for the US Army Berlin I realized that chemical facilities that stored toxic chemicals could be used as field expedient chemical weapons. A simple mortar attack on the right type of facility could release volumes of chemicals unheard of in military lore, covering huge swaths of urban areas in deadly concentrations of toxic gas. I urged the Command to identify such facilities in Berlin and to take them into account in their planning for the defense of the City.

On the afternoon of 9-11-01 I used that knowledge to look at the facility in which I worked.  Even that relatively benign facility had two storage tanks of chemicals that were sufficiently toxic by inhalation that they could constitute a potential threat to the surrounding area. Fortunately we were in the middle of an industrial park and far enough away from any houses and schools that any catastrophic chemical release would affect a relatively small population. That made us, in our estimation, a very low probability terrorist target.

Increasing Security

Never the less, on September 12th we started increasing the level of security at our facility. Like most of the rest of the world, the unthinkable was now something that had to be planned for. Unfortunately, none of the management of that facility had any security training or experience. The local security vendors were experienced in commercial loss protection not counter-terrorism. The security measures put into place were haphazard and ineffective; not from a lack of concern or a lack of money, but from the absence of knowledge and training.

Over the next couple of years that changed some. We were a Responsible Care® facility and when their new security standard was added to that program we complied to the best of our ability. It was a loose standard, requiring a self-assessment and providing the broadest suggestions for risk-based security measures. We underwent both a Responsible Care security audit and a DHS security audit, but both focused on how well we were complying with our security plan, not how effective that plan was.

Establishing Standards

I was laid off at that chemical plant two days after Congress passed the 2007 DHS appropriations bill that included the §550 authorization for what became known as the Chemical Facility Anti-Terrorism Standards (CFATS). I had loosely followed the many attempts at establishing federal chemical security rules over the years since 9-11 and I fully understood the industry’s reluctance to have the federal government set specific security standards.

Chemical facilities, individually, are complicated places. They include a wide variety of chemical and physical hazards and no two are even as closely alike as the proverbial snowflakes. Even facilities with similar product lines are significantly different, reflecting different design styles, product mixes and levels of technological innovation. Even within a single company two chemical facilities producing the same product are going to be different as they reflect the lessons learned at earlier facilities and the resulting changes in process, equipment and control systems that were made as the industry continued to innovate.

To make matters even more complicated, many facilities have constantly changing risk profiles. I worked at a chemical facility that did toll manufacturing. That meant that along with the company’s line of products, we also made a variety of different chemical products for other customers. Since we were a batch-manufacturing facility, this meant that there could be significant changes in the chemical inventory we had on hand on almost a weekly basis. Those changes were not only in volumes, but also in the types of chemicals we had on hand. A realistic appraisal of the threat and design of the security system would have to be made on that basis.

Finally, there was the lack of counter-terrorism security knowledge available for chemical facilities. Because the United States homeland had not been directly affected by the scourge of terrorism that had affected large portions of the rest of the world, there was a dearth of people available who understood both counter-terrorism and chemical facilities. The major multi-national players had developed some internal expertise because of their overseas operations, but the vast majority of chemical facilities did not have access to people with the experience and training necessary to develop an effective counter-terrorism program.


Like most of the chemical industry, I was very surprised and pleased when DHS published the NPRM for the CFATS program. It had clearly been designed to take into account the wide variety of potential chemical threats that would have to be addressed. Given the limitations provided by Congress in the §550 authorization DHS had produced a very workable plan for establishing industry wide standards for securing high-risk chemical facilities.

When NPPD announced the establishment of the on-line Chemical Security Assessment Tool to collect information from the universe of potential chemical targets of terrorist attack to weed the facilities down to a workable number of targets at high-risk of terrorist attack, I was impressed. The concept alone was impressive, but the short time in which it was developed and deployed was truly amazing for a government organization.

The registration program was well thought out and the Top Screen did a very good job of collecting the necessary information while placing a minimal burden on facilities that would not ultimately be covered by the CFATS process. Furthermore, DHS demonstrated an early willingness to beta-test and modify the programs to make them even more useful.

SVA Issues

I started to get a little concerned with the CFATS program when the Security Vulnerability Assessment (SVA) tool was added to CSAT. It was obvious that this was not an SVA methodology like that developed by the Center for Chemical Process Safety. While it was certainly based in large part on the CCPS methods, it was not really a tool to be used by a facility to assess their actual risks associated with a potential terrorist attack. Rather, it was a tool to be used by DHS to assess the relative risk of a large number of facilities so that they could programmatically address the overall risk and prioritize the order in which facilities security programs would be addressed.

My concern was not with how the tool was being used; DHS had a responsibility to the tax payers and the country to husband their resources and secure the riskiest facilities first. I was more concerned that DHS had not appropriately communicated this to the chemical community and many facilities actually thought that they were performing a real security vulnerability assessment that they could use for developing their facility security plan.

There was one critical shortcoming of the SVA tool if it was to be used as an actual assessment of facility security. It did not include a realistic threat assessment. While it did include a limited number of ‘attack scenarios’ it did not provide facilities with any information about the current perceived ability of the unspecified terrorist to carry out any of the specified attacks. Nor did it include information about the training and equipment available to terrorists to accomplish these attacks.

The limited attack information provided did allow DHS to assess the relative risk of the 7,000 facilities covered in the initial SVA assessment, but it did not allow the individual facilities to accurately gauge their individual vulnerability to a terrorist attack. Understanding that potential vulnerability is a key pre-requisite to preparing an effective security program and DHS did not provide the necessary information to conduct that assessment. Rather it left facilities with the impression that they had already conducted an adequate assessment.

Risk-Based Performance Standards

The publication of the Risk-Based Performance Standards guidance document clearly established how limited Congress had left DHS in their ability to guide chemical facilities in the development of their counter-terrorism security programs. Time and again throughout the document the NPPD drafters made clear that they could not and would not provide any specificity in describing what security measures would be necessary to adequately meet the 18 risk-based performance standards outlined in the CFATS regulations.

While this met both the letter and the intent of the Congressional authorization, it was readily obvious to anyone that had experience in compliance auditing that this was going to put both industry and DHS in very difficult situations as the Site Security Plan (SSP) process moved forward. Industry was going to have to make a largely uneducated guess as to what security measures would suffice and plan their security budgets and expenditures based upon those guesses.

Since DHS would not be able to specify what actions would be necessary to address any shortcomings in that plan, the approval of site security plans was going to be, at best, an iterative process. Each facility was going to have to go through its own learning process with DHS because of the information sharing restrictions of the Chemical-Terrorism Vulnerability Information (CVI) rules.

Even organizations that used security contractors with experience at multiple CFATS facilities would be able to only gain limited advantage in this iterative development process. Because of the differences in facilities, what was acceptable at one facility would not necessarily be applicable at a different chemical plant. Security measures for facilities with release risk COI will be significantly different than those for facilities with theft/diversion risk COI. Even release COI facilities will require different security measures for flammable, toxic or explosive release COI.

In my conversations with officials in ISCD during the early days of CFATS implementation it was clear that they regarded the Site Security Plan approval process as a negotiation process with individual facilities. One member of ISCD management described the approved Site Security Plan as a ‘contract’ between the facility and DHS that would form the basis for subsequent compliance inspections.

Site Security Plans

The continuing glacial progress in Site Security Plan approval process reflects this iterative negotiated SSP process. It also reflects a basic misunderstanding of the purpose of the Site Security Plan tool in CSAT. As with all of the other tools found in CSAT it is a tool that is designed by DHS to assist them with evaluating huge amounts of information from multiple facilities with a very limited manpower pool, limited in both number and chemical facility security experience.

It is clear from reports in the media that too many facilities have confused the tool with the plan that the tool was designed to evaluate. Simply responding to the questions in the SSP tool does not constitute the formation of a site security plan. Again, part of the reason for that industry confusion can be placed at the door of the CSAT developers; they did not make it sufficiently clear that the SSP tool was not a tool to develop a facility security plan, but a tool to evaluate the effectiveness of the security plan.

Additionally, the developers of the SSP tool did not apparently understand that there would have to be a significant difference between this tool and the Top Screen and SVA tools that preceded it. The earlier tools were designed to aid in the evaluation of relative risk and as such allowed for a certain level of generality in the questions and response. The SSP tool would have to look at the specific requirements for each facility and a generalized questionnaire would not be adequate to that task.

Developers had, in their previous tools, come up with all of the necessary applications necessary to measure even these facility specific requirements. Text blocks were used in previous tools to explain ‘Other’ responses in the generic questions and they were used the same way in this tool. Unfortunately, this did not provide the evaluators at ISCD with adequate information to determine if the facility security plan would provide adequate protection against potential terrorist attacks.

What probably should have been done with these text blocks would be to require the submitting facility to include the appropriate section of the written security plan that covered the questions in that section of the SSP tool. That would allow the ISCD headquarters evaluators to determine if the facility was planning to adequately meet the requirements of that particular RBPS.

This would of course require each facility to produce a written security plan. Of course, anything as complicated as a security plan for a high-risk chemical facility needs a written plan, but DHS has never specifically told facilities that they need to have prepared such a document. That really is a prerequisite for any sort of adequate security program.

Future of CFATS

The current CFATS program was envisioned as an interim program while Congress banged out the political issues surrounding a permanent chemical facility security program. It took about five years to work out the compromise that allowed the interim regulations to be established and the basic political conflict that necessitated that compromise still exists.

On one hand, industry is satisfied with the basic outlines of the current regulations. They see the rules as establishing a level playing field where the costs of security are being borne by all facilities using a common chemical base. The chemical industry has spent billions of dollars on security measures since 9-11 and has the expectation that they are approaching an acceptable level of security. They are concerned that major changes to the program will result in new expenditures before the efficacy of the current program is evaluated.

On the other hand, many environmental activists see changes to the CFATS program as a chance to deal with a basic chemical safety problem that they feel has been inadequately addressed by the EPA and OSHA. They see a class of chemicals, toxic inhalation hazard (TIH) chemicals, as being so inherently dangerous that they should be virtually eliminated from industrial chemical processes. They see the risk of a potential of a terrorist attack on TIH chemical storage and transportation as a legitimate reason to require the removal of these chemicals from industrial facilities.

There are certainly applications where there are readily available alternatives to the use of TIH chemicals. The problem comes from defining when the ‘available alternatives’ are commercially viable alternatives. While there are some extreme activists that insist that ‘available’ should be the sole measure of whether or not an alternative process/chemical should be required, most inherently safer technology (IST as it is generically known) advocates would agree that the substitute would have to be commercially viable for it to be required.

Who would make the decision as to commercial viability is the major sticking point between industry and the activists. Industry maintains that the current rules have made industry re-examine the use all of the COI covered by CFATS not just the TIH chemicals. They note that a large number of facilities have made changes to the chemicals they use and the processes in which they use them to avoid the security costs associated with the CFATS program. They also maintain that DHS has neither the personnel nor the expertise to evaluate the commercial viability of a chemical process; a fact which DHS acknowledges.

The activists inherently mistrust the chemical industry. They point to the bad old days when the industry as a whole was completely oblivious to safety and environmental issues. When industry points out that they have made wholesale changes in the way they deal with these issues, the activist point to recent actions at too many facilities (look at relatively recent releases in ‘Rubbertown’ and the Bayer MCI incident response for examples) as proof that industry is not to be trusted.

That lack of trust, combined with the security restrictions on making the decision information publicly available mean that these activists would require DHS to evaluate the decision making process. DHS has also advocated that they should be the arbiter of IST implementation, but for entirely different reasons. They are concerned that many of the current changes made to inventory levels have been essentially cosmetic changes; increased number of shipments of the COI to make the maximum on-site inventory come in below the CFATS coverage mandate while maintaining the total level of COI usage. This does reduce the threat at the facility, but it moves the increased threat of potential terrorist attack to the essentially unregulated security of the transportation sector.

Neither side of the political debate has been able to gain a large enough political majority in both houses of Congress to be able to force through their version of the permanent CFATS program. In the Senate in particular, the minority has always been large enough to prevent consideration of bills to make this small interim program permanent. As a result the chemical industry has continued to get annual extensions of the current interim program, but they have lost the fight to get a permanent program that would ensure that their current and planned expenditures are not undercut by entirely new requirements.

Neither side is willing to oppose the annual extension of the CFATS interim rules. The current rules are certainly better than no rules and there is little prospect that any new program could be formed from scratch in the current environment. Until the two sides are willing to sit down and discuss what they can agree upon and what they are willing to trade, the status quo will continue into the foreseeable future. In fact, the only thing that I can see making a change happen would be for a successful attack to take place on a chemical facility. Then, the activists will almost certainly get their way with significant restrictions on the use, storage and transportation of TIH chemicals regardless of the business consequences of those restrictions.

No comments:

/* Use this with templates/template-twocol.html */