I have been hearing comments from a couple of readers about
the new Top Screen being developed by the DHS Infrastructure Security
Compliance Division (ISCD). There appears to be some confusion about the roll
out of the new Top Screen. I have not seen any official documents from ISCD
about the roll out timing, but some recent submissions (April) to the OMB’s Office
of Information and Regulatory Affairs (OIRA), plus some private conversations
that I have had may help clarify some of the issues being discussed.
The New Top Screen
Back in February ISCD
announced
that they would be changing the Top Screen and Security Vulnerability
Assessment (SVA) tools in the on-line Chemical Security Assessment Tool (CSAT).
DHS subsequently made it known that the changes in the two tools were being
done to reflect the new risk analysis and tiering methodology that ISCD has
been working on for a couple of years now. ISCD intends to implement the new
risk analysis methodology sometime this fall and that implementation will include
the new Top Screen and SVA.
I
reported
on the webinar where ISCD demonstrated the new Top Screen. The version that was
demonstrated was more streamlined and it did include some questions that are
currently in the SVA tool. The earlier presentation of these questions is
necessitated by the new risk analysis model.
I understand that ISCD plans to demonstrate both the new Top
Screen and SVA tools at the Chemical Sector Security Summit next month. I am
hoping that they will be included in the presentations that will be web cast.
We should be seeing a final listing of the web cast presentations in the next
couple of weeks. DHS will be sending that out to people who have
registered
for the web cast.
Rulemaking
DHS does have a
rulemaking
in progress for changes in the Chemical Facility Anti-Terrorism Standards
(CFATS) program and according to the
latest
Unified Agenda a notice of proposed rulemaking (NPRM) is
scheduled
to be published in September. The change in risk analysis protocol and
subsequent changes in the Top Screen and SVA tools will not require rulemaking
to effect since there will be no changes to the regulations required.
Because the Top Screen and SVA are information collections,
ISCD is required to update their information collection request (ICR) with the
OMB’s Office of Information and Regulatory Affairs (OIRA). A
revised
ICR for the Chemical Security Assessment Tool (CSAT) was submitted to OIRA
on April 29
th, 2016. OIRA’s published acceptance of the ICR will be
required before ISCD can implement the changes to the Top Screen or SVA. There
is no way to know when OIRA will approve the ICR.
Implementation
Based upon past actions by the ISCD, once OIRA publishes
their approval of the changes to the ICR we can expect to see a notice
published in the Federal Register outlining how DHS will implement the new Top
Screen and SVA. This notice will not require any formal OMB approval since they
will have already approved that implementation plan as part of the ICR.
There is a rumor going around that DSH is going to require
all currently regulated facilities to submit a new Top Screen. Additionally,
the rumor goes, all facilities that have (or have had in the last 60 days) an
inventory of any of the 300+ DHS chemicals of interest (COI) at or above the
screening threshold quantity (STQ) for the COI, regardless of whether or not
they have already been notified by ISCD that they are not considered to be a
high risk facility.
Section 27.200(a) of 6 CFR provides the DHS Secretary the
authority to, “at any time, request information from chemical facilities that
may reflect potential consequences of or vulnerabilities to a terrorist attack
or incident, including questions specifically related to the nature of the
business and activities conducted at the facility”. Thus, the authority does
exist for the wholesale ‘re-do’ of the Top Screen as outlined in the rumors
that I have been hearing.
On the other hand, on page 15 of the
ICR
support document [.DOC download] submitted to OIRA, DHS is expecting only 1,000
facilities to submit Top Screens each year and on average half of those
facilities will submit 2 Top Screens in a year, reflecting changes in their COI
inventory. This hardly sounds like a wholesale requirement to re-do Top
Screens.
I would expect ICSD to have a pretty good idea as to whether
the changes in the risk tiering methodology will result in any changes in the
Tiering level of existing facilities. I would not be surprised if ISCD were to notify
such facilities to submit a new Top Screen. The notification of facilities that
had previously been notified that they were not at high-risk of terrorist
attack would be more problematic because of the numbers involved (about 45,000
facilities), but it would be possible on a case-by-case basis.
It must be remembered that existing CFATS facilities are
already on a regulatory schedule {
§27.210(b)}
to re-submit Top Screens (in addition to the requirement to submit a new Top
Screen when there is a material change in COI or processes involving those COI).
So all CFATS facilities will have to submit the new Top Screen at some point in
their future.
In Short
In short, ISCD is planning on rolling out their
Congressionally mandated, revised and vetted risk assessment methodology later
this year, probably in the Fall. This methodology will be used to determine
which facilities are at high-risk of terrorist attack and thus covered by the
CFATS program. It is also used to establish the Tier level (relative degree of
high risk) that determines the relative level of coverage of the security
measures included in the Site Security Plan based upon the Risk Based
Performance Standards guidance.
The revised methodology can be expected to require changes
in the information submitted in Top Screen and Security Vulnerability
Assessment tools in the CSAT process. The new information could result in
changes in the CFATS status of a chemical facility or the Tier rankings of
covered facilities. All CFATS facilities will eventually have to submit data
about their facility under the new Top Screen. All chemical facilities that
have new COI added to their chemical inventories at or above the SQT or have an
increase in inventories already reported to ISCD will also have to complete the
new Top Screen.
More information is expected to be released at the Chemical
Sector Security Summit next month.