This is part of a continuing series of blog posts about the
recently released Federal
Register notice about the implementation of the Chemical Facility
Anti-Terrorism Standards (CFATS) personnel surety program (PSP). The notice
outlines how the Infrastructure Security Compliance Division (ISCD) is planning
to implement the vetting of covered chemical facility personnel and visitors
against the FBI’s Terrorist Screening Database (TSDB) to determine if any
covered personnel are suspected of having ties to terrorist organizations.
Other posts in this series include:
In this post I will be looking at some of the problems that
can be expected to arise as the new terrorist ties portion of the CFATS
Personnel Surety Program is put into operation. Some of these potential
problems will have reasonable workarounds readily available and others will
require programmatic changes by ISCD. This discussion, however, is predicated
on my current understanding of the PSP implementation that we have not yet seen
published. A lot will depend on the way that ISCD sets up the data submission
tool in CSAT.
Multiple Facilities
There are a significant number of companies in the United
States that have multiple facilities covered under the CFATS program. ISCD has
been accommodating in the past in allowing for these types of organizations to
submit data to CSAT from the corporate level that is common to two or more
facilities and I suspect that they intend to continue this practice with the
PSP.
ISCD has made it clear in
their Notice that they would like to see individual TSDB screening tied to facilities
so that if subsequent changes to the TSDB turn up terrorist ties, ISCD will be
able (law enforcement rules allowing) to notify the affected facility of the
problem. While most of the employees whose screening data is submitted from corporate
will be tied to a particular facility, that will not be the case for all
employees. There will be corporate level personnel that will need to be able to
move through all of the covered facilities.
It is conceivable that ISCD would require the information on
those corporate level individuals to be submitted on each facility CSAT
account. While this would not technically violate the 6
USC 622(d)(2)(A)(i) prohibition of requiring more than one data submission
on an individual by a covered facility, it would certainly conflict with the
Congressional intent. And it would likely put ISCD in the position of having to
pay for multiple TSDB screenings of an individual.
The simplest way around this problem would be for ISCD, in
allowing for corporate data submissions for multiple facilities to not tie the
names submitted to an individual facility, but rather to the larger
organization. That way ISCD would still have a point of contact about the
individual in the event of a positive match or question about identification,
but the individuals would be able to move about all of the covered facilities
within the organization.
Facility Turnaround
Contractors
Many chemical facilities (continuous process facilities in
particular) conduct periodic facility shutdowns for maintenance called
turnarounds. A contractor typically provides a large temporary workforce to
quickly conduct the large scale repair, replacement and system upgrades that
are part of this maintenance activity. These contractors serve multiple
facilities and have a high employee turnover, especially when seen from the
facility point of view.
It is extremely impractical for facilities to do individual
information submissions for the contractor employees in this type of situation.
Additionally, such data submissions would place an unreasonable load on the
administration of the PSP at ISCD.
This would be an ideal situation for the use of Option 3.
Each of the turnaround employees would be required to have a Transportation
Workers Identification Credential (TWIC) and the contractor would be required
to operate a TWIC Reader at the contractor entrance to the facility.
Local Delivery Drivers
While a facility may well be able to require over-the-road
truck drivers delivering to the facility to have TWIC or HME for facility
entrance, that is less likely for local less-than-load truck drivers, and
completely beyond the bounds of reason for local deliveries from retail
establishments and package delivery services.
The easiest way to deal with these drivers under the PSP
program is to exclude them from the program. This can be done by setting up a
specially designated delivery location outside of the facility’s restricted
area or an area in clear view of the security personnel (either visually or via
CCTV). They can be met there by facility personnel and if they have to enter the
restricted area they would be escorted during that time.
Electronic Access
Many facilities routinely provide remote access to computer
systems to a variety of folks. While employees are already covered under the
PSP. A serious problem arises, however, when various outside service personnel
or contractors are provided access to covered computer systems. Contractors
with routine off-site access can presumably be covered in the same way as
on-site contractors are but I would suspect that ISCD is going to want to see
strong evidence that the facility has some sort of strong control on a
contractors vetting of personnel. What is going to be much more problematic
will be large vendors (and especially internationally based vendors) where the
facility does not have a significant measure of economic influence on the
vendor to require that they limit personnel to those that have been
appropriately vetted by the PSP. ISCD is going to have to provide some clearer
guidance on this issue.
False Positives
The biggest problem with the PSP program will be the issue
of false positive matches with the TSDB. The TSDB is a name-based database that
includes little or no biometric information on the individuals on the list. It
is inevitable that there will be matches of names submitted by chemical
facilities to TSDB listings that actually have no relationship to the
individual on the TSDB. I suspect that the rate of false positives will be such
that larger CFATS facilities will have to deal with multiple instances of
receiving unfounded notifications of possible terrorist ties. All facilities must
be prepared to deal with this situation when they submit their initial lists
under Option 1.
After the initial data submissions this problem will be less
important as most employment agreements will provide for termination of new
hires that come back as positive on the TSDB screening in much the same way as
drug screens and background checks call for termination and requests for
redress will be handled as an individual matter. With this initial data
submission for all current employees the situation is quite a bit different.
When a key employee comes back with a positive TSDB match that is likely a
false positive, then the organization has a stake in the redress process that
is not anticipated in the ISCD privacy
documentation [Note: this is the latest Privacy Impact Assessment document
for the PSP]. The current redress procedures are:
“If you believe that the
information submitted by [INSERT NAME OF CFATS COVERED FACILITY AND OF THEIR
DESIGNEE(S) (IF APPLICABLE)] has been improperly matched by DHS to the identity
of a known or suspected terrorist, you may write to the NPPD FOIA Officer at
245 Murray Lane SW, Washington, D.C. 20528-0380. You may also request an
administrative adjudication under CFATS [6
CFR 27.310(a)(1)].”
Facilities are almost certainly going to need to have
procedures in place in their newly revised SSP to cover how they are going to
deal with the receipt of notification of a TSDB match for current personnel.
Those procedures are going to have to be able to deal with a relatively new hourly
worker, a well-known and respected long-time employee, and a manager coming
back with a positive match. If the facility expects to keep any of these
employees around during the almost certainly lengthy redress process, they are
going to have to be able to convince ISCD that mitigating controls are in place
to address the risk that these employees actually do have terrorist ties. I
have no idea what mitigating controls other than personal escort might be
acceptable to ISCD.
Other Situations Will
Come Up
Facilities are going to have to take a hard look at their
specific situation to see what areas of their facility are routinely entered by
non-employees. Where there is little advance notice of who that non-employee is
going to be, facilities are going to have to come up with ways to provide PSP
vetted escorts. Where there is sufficient advance notice to provide for
execution of one of the four TSDB vetting options, facilities will have to
decide in advance how they are going to select the appropriate option.
As more of these complicated situations arise, I would
certainly like to hear about them. I would particularly like to hear about
those situations where ISCD has agreed to an innovative way of dealing with the
problem.
Posts
No comments:
Post a Comment