This is the final blog in a series taking a critical look at
the recent
Heritage Foundation report on the problems with the CFATS program. While
the report authored by Jessica Zuckerman is not up to the usual editorial
standards of the Heritage Foundation it does raise some interesting issues. The
earlier blog posts can be found here:
The final section of the Heritage Foundation report on the
CFATS program is called “Developing Market-Oriented Chemical Security Solutions”.
As one would expect with a concluding section of a report it summarizes the
author’s conclusions. This post will address those conclusions and some of the
other shortcomings of the report.
Report Conclusions
Here is my summary of those conclusions (okay, I stole them
from the subheading in the section):
• Take a truly risk-based approach
to chemical security;
• Reject calls for greater regulation;
• Expand SAFETY Act protections to
encourage greater innovation;
• Promote public–private partnerships
to enhance aging U.S. infrastructure; and
• Foster greater transparency and
cooperation.
I have dealt with most of these conclusions in earlier the
earlier posts on this report, so I will not dwell on them further here. There
is one new area found in this concluding section that it not addressed anywhere
else in the report and that is the one dealing with ‘aging U.S. infrastructure’.
It is a shame that Ms. Zuckerman forgot to address this issue in the body of
her report because she may have made a potential contribution to the discussion
of chemical facility security. Unfortunately, we are left with glittering
generalities such as:
“The United States’ overall
critical infrastructure, including the chemical sector, is inadequate and
aging. Greater investment is needed not only to ensure that U.S. critical
infrastructure is protected but that it is capable of bouncing back quickly
when disaster strikes.” (pg 10)
In general there is more than a little truth in the
description of critical infrastructure as ‘aging’ and ‘inadequate’ covers a
wide range of perceived and actual problems. The conclusion that ‘greater
investment is needed’ is hardly revolutionary, but it begs the question of
where the money is going to come from for that investment. This issue is one
that deserves a whole host of reports about specific areas of infrastructure,
public and private, that could have a potential effect on chemical facility
security.
Industry Response
One would be forgiven for concluding, after reading this
report, that industry was widely disillusioned with the CFATS program and
wanted to see it replaced with a radically different program. This is never
specifically stated in the report, but Ms. Zuckerman does repeatedly talk about
the burdens that the program places upon industry.
In the last couple of days, however, the chemical industry
has started to respond to this report, and it hasn’t been favorable. An article
over at NTI.org (Government Security Newswire, GSN) quotes representatives from
two of the largest organizations representing chemical facility owners, the
American Chemistry Council (ACC) and the Society of Chemical Manufacturers & Affiliates (SOCMA) as being
generally supportive of continuing the CFATS program. They acknowledge problems
with the current implementation, but support the basic premise and design of
CFATS.
These two organizations certainly don’t represent all of the
chemical facilities that are covered under CFATS, but I would be willing to bet
that they cover a majority of the Tier 1 and Tier 2 facilities that are having
to spend the greatest amount of money on upgrading the security measures at
their facilities to comply with the program.
Now part of that support is simply fear of the unknown. Not
knowing what type of program would replace CFATS, and Ms. Zuckerman provides
nothing beyond glittering generalities, industry would rather deal with the
devil they know than accept the potential for an entirely new program.
Given the fact that Congress has been unable to craft
comprehensive chemical security legislation since 2001, it is unlikely that it
would be able to do so any time in the foreseeable future. Eliminating the
CFATS program would leave a void with unpredictable consequences. The GSN
article notes that industry fears that an EPA based program might result in
requiring IST implementation. What is even more likely is that several State
and local governments, no longer restricted by the supremacy of the CFATS
program, would craft a patchwork of local regulations that would leave selected
facilities with onerous requirements (certainly including IST provisions in
many localities) while leaving their competitors with no regulations.
Areas That Were Not Addressed
There are a number of problem areas in the CFATS program that
were glossed over, minimally mentioned, or completely ignored in this report.
While I have addressed most of these in some details in various posts over the
years, I would like to take this opportunity to mention some of the more
important ones (in my opinion) so that future researchers might have a better
chance of preparing a report that deals with actual issues and problems in the
CFATS implementation.
CFSI
Ms. Zuckerman briefly mentions the problem with the
qualifications of Chemical Facility Security Inspectors (CFSI). The initial members
of the CFSI were drafted from the Federal Protective Service. These were law
enforcement personnel with a background in physical security, they had little
or no background in dealing with chemical facilities. The folks at ISCD
realized this problem and established a Chemical Security Academy. I did an
initial blog posting on that topic a number of years ago. Since then I have
done a number of other blog postings on the issues related to training of CFSI.
They include topics such as:
Armed Security Forces
A number of commenters on the Anderson Memo about the
problems associated with the current CFATS program have taken particular issue
with the problem of current CFSI who started out as sworn law enforcement personnel
wanting to continue carrying their side arms. Leaving aside for the moment the definition
of enforcement in the CFATS environment, the failure of ISCD to address the
issue of the use of armed security personnel to stop terrorist attacks on
high-risk chemical facilities is a much unnoticed failing of the program. I
have dealt with this issue in a number of blog posts:
• Armed
Guards;
• Perimeter
Fencing; and
SSP Shortcomings
The biggest current problem with ISCD is their apparent
inability to effectively authorize any Site Security Plans. While many commenters
have noted this problem, no one has attempted to determine the root cause.
While I have not had the opportunity to do a detailed study of the problems on the
ground, it is clear from the limited comments we have heard from DHS and the
inspected community that there is a serious shortcoming with the current SSP
tool in CSAT; it is not adequately soliciting the information needed by ISCD to
conduct a paperwork evaluation of the programs at the facility.
Any security professional that looks at the questions
asked in the SSP tool would realize that the level of detail required for
an adequate assessment of the security plans at the facility would not be
provided by those questions as asked. This has resulted in DHS establishing the
Pre-Authorization Inspection program where presumably the CFSI are tasked with
seeking out the necessary information.
I
have addressed the ways that this problem might be addressed by facilities
in submitting their SSPs, but it seems to me that the SSP tool needs a fairly
extensive revision if it is ever going to provide the level of detail necessary
for ISCD or its contractors to evaluate the security planning at CFATS covered
facilities. Lacking that ISCD should institute a program where they send a
detailed letter to the facility seeking the specific information they need to
make their evaluation rather than sending the CFSI out to get the information.
Personnel Surety
While there are any number of other security related issues
that might be addressed by any reasonable revamp of the administration of the
CFATS program, I’ll just address one more in this posting, the lack of an
approved personnel surety program. RBPS
#12 requires facilities to conduct background checks on all facility
employees and contractors and any visitors requiring unaccompanied access to
critical areas of the facility. The provisions for checking identity, criminal
history and legal authorization to work can be adequately complied with by
using any of a number of commercial organizations to conduct background
investigations. The one area that cannot be accomplished by such organizations
is the identification of people with terrorist ties.
The failure of ISCD to come up with a reasonable program for
allowing facilities to have ISCD or some other agency of DHS to vet personnel
against the Terrorist Screening Database is inexcusable. Such a program should
allow for the use of any of the currently available TSA vetted identification
programs (TWIC, HME, etc) and/or provide a simple method of submitting
individual information to ISCD for such vetting. ISCD tried to make their
program much more complicated than was necessary. Since that program was recently
withdrawn, ISCD’s delay in getting such a program established will continue
to put off establishing a terrorist screening program for an even longer period
of time.
Moving Forward
ISCD and the CFATS program have a number of challenges and
problems to overcome. Documents that are purportedly comprehensive looks at the
program like this Heritage Foundation report could provide a basis for the discussion
of how to move proceed with developing a workable chemical security program for
high-risk chemical facilities. Unfortunately, Ms. Zuckerman did little to move
the discussion forward.
Posts
No comments:
Post a Comment