This is part of a continuing series of blog posts discussing
President Obama’s recently signed executive order on “Improving Chemical Facility
Safety and Security”. The other posts in the series are:
Sharing CFATS Data
As I noted in the original blog post on the Chemical Safety
and Security EO (
EO 13650)
there are two actions required by the DHS Secretary that will be taken in
coordination with the Working Group, but are specifically required to be
accomplished by the Secretary. One of those areas addresses the requirement to
improve operational coordination with State, Local, and Tribal partners, the
Secretary is specifically required (by November 5
th) to “assess the
feasibility of sharing Chemical Facility Anti-Terrorism Standards (CFATS) data
with SERCs, TEPCs, and LEPCs on a categorical basis” {§3(c)}.
The main impediment to sharing CFATS information with these
local officials is the fact that the appropriate information has been protected
by the Chemical-Terrorism Vulnerability Information (CVI), a sensitive but
unclassified program established by Congress in the §550 authorization for the
CFATS program. A DHS web site outlines the requirements for information sharing
with
State,
Local and Tribal agencies that have been established for that program. More
detailed information is available on Page 12 of the
CVI Procedures
Manual.
There are two prerequisites that must be met before CVI
information can be shared. First the personnel receiving the information must
have completed the on-line training program that provides the information about
the program and how the information must be protected. Second the person to
whom the information is being given must have a need to know the information.
Having personally completed the training program there is
little problem with meeting this requirement. The training program is
relatively easy to complete and shouldn’t take more than 30 minutes for any
individual to complete the training. Once the training is completed the
individual is provided with a certificate and ISCD maintains a list of people that
have completed the training so that facilities can verify that that
prerequisite has been met.
What has not been established in this executive order
requirement is whether a valid need to know exists that would support the
categorical sharing of the CVI information. I am not questioning the need of
these organizations to know about the emergency response plans for CFATS
covered facilities; this is something that I have been preaching since the
CFATS program was established. But emergency response plans are not covered
under the CVI program, specifically because of the need to share those plans
with a wide audience, much wider than the organizations listed in §3(c) of the
EO.
In fact, there is no specific requirement in the CFATS
regulations for having an emergency response plan. The requirement for that
plan falls under the EPA’s
Emergency
Planning and Community Right to Know Act (EPCRA). That program
requires that the facility notifies the State Emergency Response Commission
within 60 days of receiving the first shipment of a qualifying amount of an
extremely hazardous substance (
40
CFR part 355).
The Part 355 list is not identical to the list of DHS
chemicals of interest (COI) that define the CFATS program. Most of the EPA’s
list can be found on the DHS list (this was one of the sources of information used
by DHS in developing their COI list), but DHS added a number of other chemicals
(including ammonium nitrate, for example) to their list.
While some of the DHS COI list should be added to the EPA’s extremely
hazardous substance list (most notably ammonium nitrate), but a number of other
chemicals, because of the extremely small quantities involved (various chemical
weapon chemicals) of some of the
chemicals and because others are only dangerous when combined into
improvised explosive devices or improvised chemical munitions, should not be
added to the EPA list. The DHS coverage is not based upon release of these
chemicals from the owning facility, but upon their theft and subsequent use as
part of a terrorist weapon.
There is no clear need for facilities to share security
information protected by the CVI program with emergency response personnel.
Local law enforcement personnel and perhaps State law enforcement personnel,
certainly need to be appraised of much of the security information protected
under the CVI program. But emergency response personnel only need to be
appraised of the emergency response planning information developed under EPCRA.
The Secretary needs to make a clear distinction between the
two types of information and ensure that facilities understand the difference.
Open sharing of EPCRA related emergency response information needs no special
action by DHS; they do not own nor control the information developed under that
program. There are no CFATS restrictions on sharing that information with SERCs,
TEPCs, and LEPCs.
Within 90 days of the date of this order, the Secretary of
Homeland Security shall identify a list of chemicals, including poisons and
reactive substances, that should be considered for addition to the CFATS
Chemicals of Interest list. §6(d)
Updating Appendix A
The second specific CFATS action required to be undertaken by
the DHS Secretary is found in §6(d) of the EO. There the Secretary is required
to “identify a list of chemicals, including poisons and reactive substances,
that should be considered for addition to the CFATS Chemicals of Interest list”.
This action also has a November 5th deadline.
Readers of this blog will certainly expect me to make my
standard appeal for adding methyl bromide to the DHS COI list. I’ll make that
here and get it out of the way. Methyl bromide was left of the COI list because
DHS misunderstood the EPA program to phase out this chemical. If DHS had
understood the process, methyl bromide probably would not have been removed
from the list of COI in the first place; enough said.
One other chemical that has been repeatedly brought up as
needing to be added to the COI list is sodium fluoroacetate a rodenticide that
is produced in a single location in the United States and is principally
manufactured for export. There is widespread concern with this product (with
very limited us in the United States) in
the environmental activist community and that appears to be the driving force
behind the COI listing of this material. It appears that the hope is that the
additional security costs will drive the current manufacturer out of the
business. Sodium flouroacetate does not meet the requirements of any of the
current CFATS chemical categories as a potential terror weapon.
There are a couple of other categories of chemicals that
were not listed or listed under unusually large quantities on the current COI
list for political reasons. The most obvious example is propane. All other
listed flammable gasses have a screening threshold quantity of 10,000 lbs. The
STQ was set at 60,000 lbs at the insistence of the agricultural lobby. The
reason given was that large quantities of propane are used in the agricultural
sector and the security requirements for the smaller amounts would have been
prohibitively expensive for farmers. The fact that farmers would probably not
have had to do anything more than file a Top Screen report to have DHS decide
that they were not at high-risk of terrorist attack and thus exempt from any
security planning requirements was completely ignored by the farm lobby.
Similarly, gasoline and ethanol have all but been exempted
from the CFATS program based upon political influence rather than risk
assessment.
The EO specifically addresses adding poisons to the COI list.
The DHS COI list currently includes toxic inhalation hazard (TIH) chemicals
based upon their potential use as terrorist equivalents of chemical warfare
agents. Most other poisons are excluded from the list. Potassium cyanide is an
obvious exception, but it is listed as a sabotage hazard because when it is
contaminated with water it produces a TIH chemical. Arsenic, on the other hand
is not a listed COI.
Expanding the list of poisons beyond TIH chemicals or their
precursors would add a huge additional burden to the CFATS enforcement program
with little or no obvious benefit. One might as well add fireworks (used in the
Boston Marathon IED) and commercial grades of peroxides and acetones because of
their potential for use in IEDs. Reasonable lines must be drawn so that only
chemicals at risk of use in terrorist weapons of mass destruction (and the FBI
not withstanding, a pressure cooker bomb is not an WMD).
Overlooked DHS
Mandate
There was a mandate that the President overlooked in his
efforts to make chemical safety and security a broader area of executive
responsibility. While OSHA were directed to look at the current PSM exemptions
for retail facilities and commercial grade products, the current DHS CFATS exemption
for agricultural production facilities was completely overlooked.
On January 9
th, 2009 DHS published a letter in
the Federal Register (
73 FR 16400)
establishing an “a time extension for farmers and other agricultural users who
are required to submit information (known as the Chemical Security Assessment
Tool Top-Screen) under federal chemical security regulations”. That exemption
still stands and a large (unknown) number of agricultural facilities have not
filed their required Top Screens for possessing COI at or above the screening threshold
quantity.
A formal re-evaluation of this exemption needs to be
accomplished (
a
preliminary record collection effort was undertaken a couple of years ago,
but there were all sorts of problems with the questionnaire).