Review - ChemLock - On-Site Assessments and Assistance

NOTE: Last week, CISA announced their new voluntary chemical security program, ChemLock. This post is part a deep dive into that program. CISA’s new ChemLock program was developed upon the realization that there are literally tens of thousands of chemical facilities that house, produce or use dangerous chemicals that could be used by terrorists to effect chemical attacks here in the United States. A small percentage of those facilities are covered by the Chemical Facility Anti-Terrorism Standards (CFATS) program, but the remaining facilities have had no government assistance to help them protect their facilities from terrorist attention. ChemLock is designed to change that.

The first step in any security planning exercise is the conduct of a security assessment. While the CFATS program utilizes a suite of on-line tools for facilities to submit information to the Office of Chemical Security to conduct such an assessment, the ChemLock program avoids the requirement for facilities to submit data to CISA. In ChemLock, a facility simply requests assistance via a rather simple on-line form, and OCS will contact the facility to coordinate a visit by chemical security inspectors.

Security Assessment

The ChemLock program envisions two different types of security assessments for which they would be providing assistance:

• Security Awareness Consultation: CISA experts work with facilities to identify potentially dangerous chemicals and the security risks that those chemicals may pose.

• Security Posture Assessment: CISA experts work with facilities to assess their current security posture and identify security enhancements that are tailored to the facility’s unique circumstances and needs.

As currently configured, the ChemLock program does not require facilities to submit any information to CISA about the chemicals stored at the facility or the security measures in place at, or planned for, the facility.

Security Goals

The whole point of the ChemLock program is to provide assistance to chemical facilities so that they can achieve the following security goals:

• DETECT an attack,

• DELAY the adversary,

• RESPOND in a timely manner, and

• SECURE your cyber assets.

Conducting an appropriate security assessment, with the help of experts from CISA is a first step in achieving those goals.

For more details about these security assessments, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/chemlock-on-site-assessments-and - subscription required.