A long time reader and former CISA CFATS team member, Cheryl Louck, left a comment on an almost random post of mine on LinkedIn. It was a very short comment: “CFATS should return.” This is a very common comment that I have heard formally and otherwise from many Chemical Facility Anti-Terrorism Standards program alumni. And even more surprising, it is a sentiment that is also frequently heard from the regulated community. And it is certainly an idea that I support.
Having said that, it is, unfortunately, not an idea that is going anyplace soon. Now over two years since congressional inaction (effectively set in motion by one Senator’s objection in the Senate) there are several factors that ensure that the program will remain dead. First and foremost is the fact that Sen Paul (R,KY; the infamously objecting senator) is in a position of even more power to ensure that any program restoring legislation would not receive any consideration in the Senate.
But even if Paul was struck with overwhelming CFATS remorse, there would still be enormous obstacles to restarting the program. At this point most CFATS alumni are no longer working for the federal government, and I suspect that most would be reluctant to return because of the way government employees have been treated this year.
Perhaps a bigger problem than that is that since the enforcement of the CFATS program’s Site Security Plan program stopped on July 28th, 2023, facilities have not been treating the program requirements as a federally enforceable part of their security program, with the more onerous requirements falling quickly by the wayside. What security measures (almost certainly most of them at most facilities) remain active have been modified to meet changing facility operations and funding limitations. I would be surprised to hear that any of the 3,000 plus covered facilities as of July 27th, 2023, could pass an inspection of their approved site security plan today.
Any legislation to restart the CFATS program would have to take all of this into consideration. First off, it would have to provide for a period of time to train a corps of chemical security inspectors, backend regulatory, and technical support folks to replace those that were runoff by DOGE and the current administration. Then the bill would have to outline a timeframe for refiling Top Screens to reflect current chemical inventories, resubmitting vulnerability assessments and proposed site security plans to reflect current security issues. And, of course, a whole new inspection process would have to be initiated to support the renewing site security plans.
Finally, the start of the legislative process would inevitably restart the political debates that have long surrounded the CFATS process. Environmental folks are going to want to see inherently safer technology language added to the bill. Labor folks are going to want to see stronger whistleblower language and requirements for employee participation in the development of security processes. Cyber folks are going to want to see stronger cybersecurity requirements written into the program. Farm folks are going to want stronger exceptions for the agriculture industry. Chemical safety folks are going to want to see water treatment facilities added to the program. The chemical industry is going to want to see counter drone authority added. And, of course, there is going to be strong opposition to each and every one of these wants.
Last year, I did a series of blog posts about using the ChemLock program as a voluntary replacement for the CFATS program. Unfortunately, due to the emasculation of the infrastructure security division of CISA, that is no longer a realistic alternative.
So those of us that want to see CFATS restored to its earlier glory are just going to have to live with the memory. And remember to bite our tongues when everyone asks why nothing was done to prevent the inevitable attack on a chemical facility.
Posts
No comments:
Post a Comment