Saturday, October 14, 2017

DHS Publishes 2017 CSSS Presentations

Yesterday DHS updated the 2017 Chemical Sector Security Summit (2017 CSSS) web page with links to some of the presentations that were made at this year’s Summit. Unfortunately, even with the Summit including web casts of several of the presentations, the links provided only provide copies of the slides used in the presentations.

The presentations available (in .PDF format) include:

How Vulnerable Are You? - Effective Strategies for Assessing Cybersecurity Risk
Global Partnerships: International Chemical Security Efforts
CTRA 4.0 – Chemical Terrorism Risk Assessment
When Disaster Strikes: Security Roles during a Disaster
A New Frontier: Unmanned Aircraft Systems (UAS)
Chemicals on the Move: Updates in Transportation Security

As I have mentioned a number of times, just providing copies of the slides, while better than nothing, are frequently frustrating. For example: in the ‘Chemicals on the Move’ presentation from the Coast Guard slide #2 is down-right cruel. In the discussion of the TWIC Reader Rule it lists one of the issues with that rule as being “Unintended consequences of Final Rule”. It would have been real interesting to hear what those consequences are as I am sure that people who attended the Summit did.

Having said that, there are some interesting bits of information included in these slides. They include:

• ‘A New Frontier’ provides a link to the “Unmanned Aircraft Systems (UAS) - Critical Infrastructure” web site;
• ‘CFATS Compliance Lessons Learned’ specifically mentions ‘cybersecurity’ as one of the things to pay attention to in the new Tiering letters being issued under CSAT 2.0;
• ‘What to Expect During a CFATS Inspection’ includes an important note: “Prepare list of attendees to the Opening Meeting. Have CVI numbers for each attendee ready.”
• ‘CTRA 4.0’ presentation notes that only 71 of the 185 chemical compounds assessed by Chemical Security Analysis Center (CSAC) are CFATS chemicals of interest (COI);
• ‘CFATS Regulatory Update’ mentions that “Will begin the Paperwork
Reduction Act process to expand [Personnel Surety Program] to Tiers 3 & 4 in the coming year”;
• ‘How Vulnerable Are You’ makes an important point: “A non-segmented network where CROWN JEWELS are not isolated will always be prone to failure from the failure of the weakest link”;

Remembering my complaint expressed above about the basic inadequacy of slides, I really do think that reviewing these presentations is worthwhile for anyone in the chemical facility security community. They do not take much time to review and there is some interesting information.

Having said that, the two most worthwhile presentations to review are the ones dealing with cybersecurity and disaster planning. As stand-alone documents, they both provide valuable and useful information. The latter is especially important (and in some ways prophetic) in light of the problems seen in the aftermath of Harvey.

One final note: The 2017 CSSS page provides a link to the page with the links to the presentation. It is odd, however, that the list of presentations is not an HTML page but rather a .PDF page. This makes loading a tad bit slow (as are the documents). And, as always, the Federal government’s reliance on .PDF documents with the attendant security issues is problematic (and more than a little ironic on a page devoted to security issues). Is there a more secure manner of presenting unalterable documents?

No comments:

/* Use this with templates/template-twocol.html */