Yesterday the DHS Cybersecurity and Infrastructure Security
Agency (CISA) continued their on-going process of brand updating various web
sites affecting chemical sector security. The changes made yesterday included
the addition of some new pages and updates on information on other pages.
The two main pages updated (including new CISA.gov URLs) were:
NOTE 1: CISA continues to have problems with dating their
web pages. Most web pages do not have dates of last changes; this makes it hard
to keep up with changes on the web sites. Other sites have dates but they are
not accurate; for example the Chemical Security page was dated for today and was
live yesterday.
NOTE 2: If you save .PDF copies of the web pages (as I do),
CISA has made some changes that will affect that effort. The old pages
automatically expanded the ‘hidden’ information, the CISA.gov pages do not. You
have to manually ‘expand all’ before saving the page in order to see that
information on the .PDF document.
The new pages (at least I have not seen them before) are
found associated with the Chemical Security page. They include:
CFATS Pages
The CFATS landing page is reformatted, but most of the same
information and links remain. One odd (and rather inconsequential) bit of
information was removed from the new page. Under the ‘CFATS Monthly Statistics’
header the following paragraph was removed, and the remaining two paragraphs
were combined into one:
“After the Top-Screen submission,
facilities determined to be high-risk and tiered go through the process of
authorization and approval. These high-risk facilities are divided into four
tiers (/cfats-tiering-methodology)
, with Tier 1 facilities posing the highest security risk.”
As best I can tell (I did not click on all of the supporting
pages, there are too many and not enough time), all of the linked pages on the
landing page have been reformatted to the CISA.gov format; this includes new
links for all of the pages. The old DHS.gov pages appear to remain available,
but there is no telling for how long those links will work or if they will
automatically re-link to the new pages. If you are maintaining a URL link file,
you will certainly want to update it.
There are only two pages that I have found to contain new
information:
Neither of the old DHS.gov links to these sites go to the
new information. I suspect that this is a harbinger of the way CISA will be
treating all of the old DHS.gov links.
Monthly Statistics
The Infrastructure Security Compliance Division stopped
updating the Monthly Statistics page after posting the July information. Long-time
readers of this blog will note that I stopped covering the monthly updates a
bit earlier than that (March).
I keep looking at the information, but it is hard to come up with new words
each month to report the new numbers and apparently no one notice (or at least
did not complain about) the fact that I stopped the reporting.
The new page does provide updated information through September.
The two tables below show the data from July (for June) and the most recent
data.
|
CFATS Activities
|
June
2019
|
Sept
2019
|
|
Authorization Inspections to
Date
|
4033
|
4074
|
|
Authorization Inspections Month
|
12
|
20
|
|
Compliance Inspections to Date
|
5120
|
5440
|
|
Compliance Inspections Month
|
144
|
124
|
|
Compliance Assistance Visits to
Date
|
5585
|
5771
|
|
Compliance Assistance Visits
Month
|
48
|
96
|
|
CFATS Facility Status
|
June
2019
|
Sept
2019
|
|
Tiered
|
137
|
110
|
|
Authorized
|
210
|
195
|
|
Approved
|
2975
|
3011
|
|
Total
|
3322
|
3316
|
The gap in data points between June and September is going
to make continued statistical analysis of the reported data very difficult, so
I will stop trying; it is not worth the effort especially with all of the
information that ISCD cannot or will not provide in their reporting. Hopefully,
the GAO will have access to the missing data for their own internal analysis
for their annual reports to Congress.
Advisory Opinions
Back in October 2016 ISCD added
a new page to its CFATS web site; Advisory Opinions. The idea was not new,
PHMSA had published such a page years earlier, but it did provide a new way for
ISCD to share information about how it was interpreting the CFATS rules and
regulations. Unfortunately, once those first three advisories were published,
ISCD stopped adding new advisories. Until yesterday; the new CISA.gov page
provides a link to CFATS
Advisory Opinion 2019-001, discussing ‘Top-Screen Reporting of
Theft/Diversion EXP/IEDP Mixtures’.
The advisory notes that:
“Read together, Appendix A and 6
C.F.R. § 27.204(b)(3) require that any mixture containing the COI at the
minimum concentration specified must be reported should the facility possess
the screening threshold quantity of that total mixture. Reporting of the mixture
is required notwithstanding the fact that the exact name of the mixture does
not appear on Appendix A with its own unique entry”
It then goes on to provide what is probably the most
important part of the advisory; the specific example that almost certainly
caused the original question to be asked:
“As one example, Appendix A does
not explicitly list Calcium Ammonium Nitrate (CAN) as a COI. Appendix A does,
however, list solid ammonium nitrate, the primary component of CAN for the
security issue of Theft – EXP/IEDP. Appendix A provides that a chemical facility of interest must
report a mixture of solid AN if the mixture contains the minimum concentration
of 33% AN and the facility possesses the screening threshold quantity of 2,000
pounds. Most formulations of CAN available in commerce meet or exceed the 33%
minimum concentration of AN and therefore the majority of CAN formulations
would be reportable if they are solid AN and the facility possesses the
screening threshold quantity of 2,000 pounds.
CAN has some slightly different agricultural
applications than ammonium nitrate (AN), but its use has expanded where AN
has been banned because of it’s use in improvised explosive devices. CAN has to
be converted to AN to be used in IED’s, but that still makes it an IED
precursor which is certainly a concern under the intended purpose of the CFATS
program.
Posts
No comments:
Post a Comment