A House Appropriations Committee
draft
report on the FY 2013 DHS appropriations bill that was marked up yesterday
contains an extensive and scathing analysis of the problems associated with the
CFATS program. While the recommendations and mandates included in the report do
not carry the force of law, they can be enforced by the Committee’s funding of
programs in subsequent years.
The ISCD Problem
While the Committee has not held any hearings on the
problems self-identified by the Infrastructure Security Compliance Division,
the Committee has reached a definitive conclusion about the effects of these
problems (pg 99):
“It is the Committee’s
understanding that even with the changes that are currently being implemented,
it will still be more than a year before the CFATS regulatory process
authorizes, approves, and inspects even a single facility of the over 4,500
facilities that are part of the program. Furthermore, based on information
received by the Committee, it may be almost seven years before all facilities
will be fully authorized, approved, and inspected. This type of timeline and
lack of progress is unacceptable.”
The report goes on to note that another large-scale
industrial security program operated by elements of DHS has been effectively
implemented in a timely manner. The report describes the Coast Guards Maritime
Transportation Security Act (MTSA) implementation this way (pg 99):
“In less than two years after
enactment of that Act, vessels and port facilities had conducted vulnerability
assessments and developed security plans to include: passenger, vehicle, and
baggage screening procedures; security patrols; restricted areas; personnel
identification procedures; access control measures; and/or installation of
surveillance equipment. The Coast Guard had reviewed and approved these plans
and, to this day, continues to regularly inspect the facilities and vessels for
compliance to ensure there is a consistent, risk based security program for all
the Nation’s ports to better identify and deter threats.”
Based upon this apparent disparity between the successes of
the two programs the Committee “directs the Under Secretary for NPPD in
conjunction with the Commandant of the Coast Guard” to conduct a critical
review of the CFATS implementation. There are eight specific areas that the
report identifies to be included in the review (pgs 99-100):
1. Is the ISCD organized to
efficiently, effectively, and faithfully carry out the requirements detailed in
Section 550 of Public Law 109–295?
2. Is the Site Security Plan
program sufficient and justified to accomplish the goals of the CFATS program?
3. Should the facility inspection
process be streamlined and if so, what is the most efficient mechanism to do
so, particularly for low-threat facilities?
4. Are the requirements for ISCD
personnel for the inspection process—to include manning, training, site visits,
and enforcement— being met?
5. Have clear training and guidance
materials been provided to the inspectors so that they can review security
plans and conduct inspections consistently, regardless of the type of facility visited?
6. Has ICSD developed adequate
plans for follow up inspections for entities whose Site Security Plans have
been approved?
7. Does the CFATS program include
the appropriate level of stakeholder outreach to address valid industry
concerns?
8. Are the requirements outlined in
the Information Collection Request Reference Number 201105–1670–002 [Personnel
Security Program] duplicative of other programs?
It is absolutely clear that the Committee intends for this
review to be more than they typical congressionally mandated paper study.
Instead of the typical 90- or 180- day reporting period the Report mandates
that the report be submitted to Congress by April 1st, 2013; almost
a full year for the completion of the study.
Alternative Security Programs
The Report also addresses a perennial congressional favorite
security topic, the utilization of ‘alternative security programs’. It notes
that “the use of alternative security programs established by private sector
entities in the implementation of the CFATS program” (pg 100) is specifically allowed
by the §550 authorization for the program. The Committee directs the Under
Secretary to report on the ISCD use of alternative security programs to “address
the massive backlog of unapproved site security plans”. This report will also
be due on April 1st, 2013.
Interestingly the Committee demonstrates its lack of
understanding of the fundamental definitions of the CFATS program when the
report comments that:
“While alternative site security programs
may not be advisable for high-risk facilities, the Committee believes that in
many cases the use of alternative programs may be an efficient and effective
method to reduce the backlog currently in existence.”
All facilities covered by the CFATS program are, by
definition, ‘high-risk facilities’. There are rankings or tiers of ‘high-risk’,
but all covered facilities are at high risk for terrorist attack as determined
by the Secretary. Additionally, no one in Congress has explicated how these
alternative security programs will reduce the approval and inspection work load
of ISCD. Unless Committee is suggesting that non-governmental organizations can
be delegated the inherently governmental responsibility of conducting site
approval and inspection activities, ISCD will still have to do the hard work of
the program.
Personnel Assurance Program
The Appropriations Committee becomes the third Committee in
Congress (Homeland Security and Energy and Commerce Committees being the other
two) that has expressed concerns about the personnel surety program that has
yet to be finally defined by DHS. Every Congressman that has commented on the
program has expressed concerns that the program does not recognize TWIC or HME
identifications as meeting the requirements of the program. Since we haven’t
seen the final document on the program (another oft delayed program) it isn’t
clear that this is actually the case, but the complaints are continuously
voiced.
The other concern included in this report about the personnel
surety program is the provision that if a submitted name is found to be on the Terrorist
Screening Database (TSDB), ISCD specifically has stated that they did not
intend to notify the facility of that determination. The Report notes the Committee’s
concern (pg 101):
“While the Committee understands
the need to protect ongoing investigations, the liability concerns of allowing a
person in the TSDB into a chemical facility is distressing to the Committee and
to industry stakeholders.”
Another report to be submitted by April 1st, 2013
will be required to address these surety concerns. An interesting requirement
in this report is inclusion of an analysis of the number of chemical workers
(presumably at CFATS facilities) are already covered by the TWIC. Since no one
will be able to make a realistic assessment of the TWIC status until facilities
submit the list of covered personnel that will be covered by the surety
program, I don’t see how ISCD will legitimately make this information
available.
While it might be reasonable to provide a one-year reporting
period one would like to think that other Committees in the House and Senate
might actually step up and address the problems that I have been identified in
the ISCD implementation of the CFATS program. Or maybe not. After all the
Senate Homeland Security and Government Affairs Committee has yet to hold a
hearing on the problems; they’re more interested in looking as the Secret
Service agents consorting with prostitutes.