As we start a new year and a new Congress (the 117th, for the record) it might be appropriate to take a look at what we can expect in the Chemical Facility Anti-Terrorism Standards (CFATS) program. First and foremost, the chemical security inspectors will continue their work with CFATS covered facilities to ensure the security of high-risk chemical facilities.
Legislation
First, since the program authorization was extended for three years in the last session of Congress, I do not expect to see any major congressional legislative activity this year. There may be some bills introduced attempting to tweak the program around the edges, but I would not expect them to see any significant committee activity on those bills.
There is one potential exception to this, depending on what comes out of the investigation of the Christmas bombing in Nashville. I have yet to see any news on the type of explosive that the bomber (allegedly Anthony Quinn Warner) used, but if this was (as I suspect) an improvised explosive device rather than commercial explosives, there are going to be questions about how he obtained the ingredients to make the large explosive device that damaged 41 buildings in downtown Nashville.
So far there has been minimal outrage from Rep Cooper (D,TN), Sen Alexander (R,TN) or Sen Blackburn (R,TN) about the bombing, mostly because no one was killed except the bomber. That could change depending on what news comes out of the investigation. That could result in legislation addressing some sort of ‘shortcomings’ in the CFATS program that allowed the bomber to obtain the material used in the vehicle borne improvised explosive device (VBIED).
If ammonium nitrate was one of the precursors in that bombing, then there will be a completely different type of legislative explosion forth coming since DHS has not implemented the 2007 congressional mandate for ammonium nitrate security regulations. While that attempted rulemaking is scheduled to be revisited this year, congress could direct CISA to implement the costly regulations proposed in 2011.
Regulations
As I reported last month CISA has announced that it intends to publish an advanced notice of proposed rulemaking (ANPRM) to make some limited changes to the Appendix A list of DHS chemicals of interest (COI). The notice in the Fall 2020 Unified Agenda indicates that CISA would like to see all of the Division 1.1 explosive chemicals removed from the COI list. Security for these chemicals is already covered under regulations from the Bureau of Alcohol, Tobacco, Firearms and Explosives, so CISA and the explosives industry believe that the CFATS regulations may be duplicative.
Interestingly, this probably would not provide much relief to manufacturers of those explosives. Many of the chemicals that they use to make these Division 1.1 materials are also covered under the CFATS program. Most of those precursors are not release (fire or explosion) hazard chemicals so the required security measures would be more targeted against theft (see my discussion above), so the cost of security might be lower for manufacturers.
According to the Unified Agenda, CISA was targeting January 2021 as the publication date for the ANPRM, but nothing has yet been submitted to the OMB’s Office of Information and Regulatory Affairs (OIRA) so that date is extremely unlikely. Again, the investigation into the Nashville bombing may slow down the progress on this rulemaking.
RBPS Guidance
One of the things that I have not seen any mention of is a proposal to update the Risk-Based Performance Standards (RBPS) Guidance document. Readers will recall that back in May of last year the GAO specifically called CISA to task about the outdated guidance in that document for cybersecurity measures. This is hardly surprising since the document dates back to 2009, a year before Stuxnet proved to the world that industrial control systems were vulnerable to attack.
Unfortunately, the entire document is out of date, not just the portion dealing with cybersecurity. The staff at the Infrastructure Security Compliance Division did a good job in publishing the document in short order as the CFATS program was being stood up. ISCD and industry have learned a lot of valuable lessons in the 11+ years since that document was published so it is long past time for the guidance to be updated.
Guidance documents are not listed in the Unified Agenda so we would not expect to see any official advanced notice. I had hoped to hear, however, some hint of an announcement about this during the December Chemical Security Summit (CSS) webinars. Unfortunately, nothing was said about updating this document. I do expect to see some news in this area as the year progresses.
Voluntary Programs
Almost two years ago Director Wulf mentioned in a congressional hearing on the CFATS program that DHS was looking at using the expertise that the Department had developed in the CFATS program implementation in standing up a voluntary chemical security program for facilities that were not covered by CFATS. During the December 16th CSS webinar Ann Hunziker Boyer from ISCD made a presentation about what that program could look like. While this program is still early in the development process she made it clear that ISCD was most concerned with the almost 40,000 facilities that had been required to complete Top Screens due to the presence of COI, but had not been declared to be at high-risk of terrorist attack that would place them in the CFATS program.
Again, the Nashville bombing could have an impact on the
roll out of this program. If the source of the VBIED precursor chemicals were
from CFATS covered facilities, then this program will almost certainly be
pushed back as ISCD would be forced to concentrate on a review and revamp of
the security measures for those chemicals. On the other hand, this program
could become a much higher priority if the chemicals came from one or more
facilities that were not under the CFATS umbrella.
No comments:
Post a Comment