Sunday, January 9, 2022

Review - ChemLock Exercises – Chemical Sector IED

NOTE: This is the first in a series of blog posts looking at various CISA Tabletop Exercises Packages (CTEP) offered to chemical facility managers by the new CISA ChemLock program, a voluntary chemical security program run by the Office of Chemical Security (the CFATS folks). It is a follow-up to my earlier Overview post. CTEP administrative documents can be found here. The scenario manuals can be found here.

This post looks at the Chemical Sector IED (docx download link) (BTW: someone needs to talk with CISA about the hazards of links that automatically download MS Office or .PDF documents) scenario. For those of you who have played wargames or D&D, this scenario is going to be a bit of a disappointment. There is no dungeon master script and there are no unit markers with strength points and movement allowances. More importantly, there are no winners. These scenarios provide a brief generic description of an attack and its aftermath with a series of discussion questions about what should have been done, what should be done, and who had responsibility for the various actions.

The Scenario Document

The basic scenario document downloaded from the Physical Security Scenario page consists of a Word® document that facilities can customize for their situation. It contains three modules:

• Incident and Response,

• Sustained Response, and

• Short-Term Recovery.

Each module contains a brief and rather generic description of the each phase of the incident and a series of questions to guide a discussion between the exercise participants about actions that could have been taken before during and after each phase of the incident to mitigate the effects. Some of the questions will not be appropriate for smaller scale exercises with limited (or no) outside participation. Those questions should just be ignored during the exercise. Management may want to raise those questions, though, with the Local Emergency Planning Committee (LEPC).

Alternate Use

While these questions were designed to be discussed after a facility has had a chance to develop a site security plan (SSP), an enterprising security manager would do well to look at these questions while developing that SSP. The questions, while not exhaustive, are comprehensive and provide a good look at what the site security plan should include for this particular scenario. They provide an informed look at some of the issues that the plan should be expected to address.

For more details, including the major discussion questions, see my article at CFSN Detailed Analysis - - subscription required.

No comments:

/* Use this with templates/template-twocol.html */