National Security

 

 

https://adminsm.asisonline.org/Pages/Assessing-the-Safety-of-Chemical-Facilities.aspxAn Explosive Act: Assessing the Safety of Chemical FacilitiesGP0|#21788f65-8908-49e8-9957-45375db8bd4f;L0|#021788f65-8908-49e8-9957-45375db8bd4f|National Security;GTSet|#8accba12-4830-47cd-9299-2b34a43444652018-05-01T04:00:00Zhttps://adminsm.asisonline.org/pages/megan-gates.aspx, Megan Gates<p>​Just before Hurricane Harvey made landfall on Friday, August 25, 2017, chemical manufacturer Arkema made the decision to shut down its plant in Crosby, Texas, to brace for the storm. The plant soon lost power and received almost 40 inches of rain by Monday afternoon, causing heavy flooding that inundated its backup generators. A small crew of 11 people remained on site to monitor the storm damage and the safety of the organic peroxides that were stored at the plant.</p><p>These chemicals needed to be stored at a low temperature. But after the plant's backup generators were flooded, refrigeration failed. So, the crew transferred the chemicals from their current storage in warehouses into diesel-powered refrigerated containers and continued to monitor the situation—which worsened as the rain continued to pour down.</p><p>With the water continuing to rise, Arkema was forced to make another difficult decision: evacuate the plant and the 1.5-mile radius around it.</p><p>"Arkema is limited in what it can do to address the site conditions until the storm abates," the company said in a press release. "We are monitoring the temperature of each refrigeration container remotely. At this time, while we do not believe there is any imminent danger, the potential for a chemical reaction leading to a fire and/or explosion within the site confines is real."</p><p>To reduce the threat of an explosion injuring others, Arkema worked with the U.S. Department of Homeland Security (DHS) and the State of Texas to continue to monitor the situation. They soon realized that while the chemicals were not fully igniting as they began to warm up, they were beginning to degrade. To address the threat, Arkema decided to ignite the containers the chemicals were housed in to eliminate the threat of an uncontrolled blast.</p><p> "This decision was made by Arkema Inc. in full coordination with unified command," the company said. "These measures do not pose any additional risk to the community, and both Arkema and members of the unified command believe this is the safest approach."</p><p>While the situation in Crosby was not ideal, it showed how facilities that manufacture, store, and transport chemicals in the United States are embracing a new mindset towards security and planning how to handle the worst-case scenario when it happens—whether it is a power outage or a terror attack.</p><p>One effort that's helping to spearhead this mindset is DHS's Chemical Facility Anti-Terrorism Standards (CFATS) program, which has sought to address and mitigate the threat of chemicals since its inception in 2007. </p><p> "In 2007, chemical security was fairly new and people weren't really sure what it meant," says CFATS Acting Director Amy Graydon. "We've since been able to foster this environment of chemical security."</p><p>But that environment could be in danger if Congress does not reauthorize the CFATS program, which is set to expire in January 2019. </p><p>"We think that reauthorization is the key to reducing the threat of terrorists using chemicals," Graydon explains. "We think that the program has really reduced the risks and is an important element of making the country more secure."</p><h4>CFATS Basics</h4><p>In the 2007 DHS Approp­riations Act, Congress required the agency to create regulations that established risk-based performance standards for chemical facilities that present high levels of risk. DHS was also mandated to subject these facilities to vulnerability assessments and require them to develop and implement site security plans.</p><p>To do this, DHS worked with industry to create the CFATS program—which is part of its Infrastructure Security Compliance Division (ISCD). The program identifies and regulates facilities that possess chemicals of interest at specific concentrations and quantities.</p><p>These concentrations and quantities are listed in what's referred to as Appendix A of the CFATS regulation. More than 300 chemicals are included, along with their screening threshold quantities. The chemicals are also categorized into three groups depending on the potential security threat of the substances: release, theft or diversion, and sabotage.</p><p>Facilities that meet or exceed the screening threshold quantities for chemicals of interest listed in Appendix A are required to report their possessions to DHS via a questionnaire called a Top-Screen.</p><p>ISCD then reviews that Top-Screen and notifies facilities if they are considered high risk and ranks them into Tier 1, 2, 3, or 4—with Tier 1 the highest. As of February 2018, ISCD had received Top-Screens from more than 40,000 facilities and determined that roughly 3,500 of those are high risk and must comply with CFATS.</p><p>Facilities that are tiered then must submit a Security Vulnerability Assessment and a Site Security Plan, or an Alternative Security Plan, that meets risk-based performance standards detailed in the CFATS regulation. These standards address factors such as perimeter security, access control, personnel security, and cybersecurity. The stringency of the requirements varies based on what tier a facility falls into, and facilities can create their own security plans—rather than having CFATS create a prescriptive security plan for them.</p><p>Once the plans have been submitted, ISCD inspectors perform a facilities inspection before approving the plans for implementation. </p><p>This process has proved beneficial to facility operators, says Jennifer Gibson, vice president of regulatory affairs for the National Association of Chemical Distributors.</p><p>"Those visits, while cumbersome, allowed for a lot of back and forth, getting clarity on what the agency was looking for," Gibson explains. "Usually it turned out that a facility would make changes to its plan, based on that inspection."</p><p>After inspectors approve the plans, facilities are expected to implement them. If they do not, they can be ordered to cease operations or issued a civil fine, with a maximum penalty of $33,333 per day per violation, as of February 2018.</p><p>Facilities are also required to resubmit their Top-Screen if they have a change in holdings, such as using new chemicals of interest for business processes.</p><p>"It could be that they may need some other security measures because we look at the type of chemical and its risks," Graydon says. "So, for theft and diversion, we're worried that a terrorist could be intentionally trying to either steal or divert the chemical for misuse; whereas for release, it's that the terrorist would be coming to the facility to cause a release."</p><p>During its first five years, CFATS did not approve a single facility site security plan. But since then, it has made major strides and completely eliminated its backlog to move into the compliance phase of the program. Now, approximately 140 inspectors are visiting sites based on risk—there is no mandated requirement for how often inspections occur.</p><p>"We have the compliance inspection index, and it takes into consideration a facility's tier, the number of planned measures that a facility has, and the amount of time since the last inspection," Graydon says. "So, we can get to folks in an appropriate manner." </p><h4>CFATS Changes</h4><p>After CFATS was up and running, some members of Congress and the chemical sector expressed concerns about the program. Primarily, concerns centered around the "administrative burden associated with the development of facility security plans and the pace of DHS efforts to process and approve them," according to a U.S. Government Accountability Office (GAO) report. </p><p>Congress addressed these concerns by passing the Protecting and Securing Chemical Facilities from Terrorists Attacks Act in 2014. It reauthorized the CFATS program and created an Expedited Approval Program (EAP), a voluntary option for Tier 3 and 4 facilities regulated under CFATS.</p><p>The EAP allows DHS to identify specific security measures that meet the risk-based performance standards of CFATS that facilities must implement to be compliant. </p><p>For example, release facilities would have to certify that their emergency equipment included at least one of the following: a redundant radio system that's interoperable with law enforcement and first responders, at least one backup communications system, an emergency notification system, an automated control system or process safeguards to place critical assets in a "safe and stable condition," or emergency safe-shutdown procedures.</p><p>"The EAP is expected to reduce the time and burden on smaller chemical companies, which may lack the compliance infrastructure and resources of large chemical facilities," GAO said. </p><p>CFATS implemented the EAP in June 2015. But as of April 2017, GAO found that only two organizations of 2,496 eligible facilities had used the EAP. </p><p>"Officials representing the two EAP chemical facilities told us that their companies involve small operations that store a single chemical of interest on site and do not have staff with extensive experience or expertise in chemical security," GAO reported. </p><p>Representatives from the two facilities also said they used the EAP because it helped them reduce the time and cost to prepare and submit their site security plans.</p><p>"For example, the contractor who prepared the site security plan for one of the two EAP facilities said that the facility probably saved $2,500 to $3,500 in consulting fees by using the EAP instead of a standard security plan."</p><p>Ultimately, only one of these organizations followed through with the EAP process because the other was later re-tiered and no longer considered a high-risk facility subject to CFATS.</p><p>Since the GAO report was issued, 16 facilities have used the EAP and Graydon says she is optimistic that more facilities will use the program moving forward.</p><p>"We think that only two facilities might have taken advantage of the EAP program because of where all facilities were in the process already by the time it rolled out," she adds. "Most facilities had already completed their site security plans or their alternative security programs."</p><p>Graydon's sentiments echo GAO's analysis, which found that the timing of EAP's implementation, its prescriptive nature, the lack of an authorization inspection, and a certification form requirement may have initially hindered participation in the program.</p><p>"DHS conducts in-person authorization inspections to confirm that security plans address risks under the standard process, but does not conduct them under the expedited program," GAO said. "DHS officials noted that some facilities may prefer having this inspection because it provides them useful information."</p><p>Since the EAP's rollout, CFATS has made other changes to the program that might also affect participation. For instance, DHS updated the online tool that facilities use to send data to ISCD for their Top-Screen to make it a much more streamlined process.</p><p>"We really took the opportunity to streamline and bring it up into the 21st century so we were using smart tools with logic," Graydon says. "We were able to reduce some duplicative questions, reducing the time it would take people by 50 percent—down to six hours."</p><p>This streamlining effort cascaded throughout CFATS data collection processes, dropping the time it took to complete a security vulnerability assessment from 65 hours to 2.5 hours, and site security plans from 225 hours to 20 hours.</p><p>"We were able to do that because the reauthorization had given us the stability to move forward," Graydon says. "The reauthorization gave not only industry the stability it needed to make capital investments…it gave us the opportunity to make some internal changes as well."</p><p>CFATS also launched a re-tiering effort looking at 27,000 facilities' initial Top-Screens from 2007 and 2008, and asking them to resubmit. It then re-tiered some facilities by incorporating threat and vulnerability into the overall tiering methodology, which is not public.</p><p>"We refined what we were looking at, particularly for facilities for theft and diversion," Graydon says. "We were able to incorporate some inherent vulnerability in that." For instance, Graydon gave the example of looking at the portability of chemicals and taking that into account when determining the risk level for a facility.</p><p>"It would be easier to steal a vial than a big tank; we were able to model the actual amount of the chemicals…," and include them in the tiering methodology, Graydon adds.</p><p>In a recent hearing before the U.S. House Homeland Security Subcommittee on Cybersecurity & Infrastructure Protection, Chet Thompson—president of the American Fuel and Petrochemical Manufacturers—said the re-tiering effort was an improvement on the old system.</p><p>"Folks believe risks are being better assessed, and a number of our facilities have been re-tiered," he explained. </p><p>However, Kirsten Meskill, director of corporate security for BASF Corporation, testifying on behalf of the American Chemistry Council (ACC), said that while ACC has seen a reduction in higher-risk facilities under the re-tiering, there's still a lack of transparency in the process.</p><p>"We don't know how these risk tierings were applied to the general sites," she said, adding that—from her perspective—there was no way to know whether the new method is addressing "real risks out there."</p><p>To address this, panelists at the hearing suggested that the GAO be brought in to review the new CFATS tiering methodology and issue a report on its effectiveness.​</p><h4>Future of CFATS</h4><p>Despite some complaints about lack of transparency, all the panelists at the subcommittee hearing were in favor of reauthorizing the CFATS program. </p><p>"Any lapse in the program would be a serious concern to us," said Pete Mutschler, environment, health, and safety director for CHS Inc., adding that it would be "highly disruptive to both the industry and the regulated community" if CFATS were allowed to lapse and then be reinstated.</p><p>Mutschler said he was in favor of a multiyear reauthorization for CFATS to provide certainty to the regulated community so it can make "long-term investments" in security to comply with the program.</p><p>Doug Leigh, who serves as manager of legislative affairs for the National Association of Chemical Distributors, says that his members are also in favor of a lengthy reauthorization for the CFATS program. </p><p>"The last thing we want to see is a three-month reauthorization," Leigh says. "It would be going backwards instead of going forwards."</p><p>Graydon says she is optimistic about CFATS being reauthorized by Congress, due to its track record over the past several years in improving processes and reducing risk.</p><p>"We feel that we have demonstrated that we are a smart regulatory program—that we look for efficiencies," Graydon explains. "We are able to incorporate lessons learned, and we would like permanent or long-term reauthorization to make sure we have continued stability for industry and the program to continue to make efficiencies."</p><p>As of <em>Security Management'</em>s press time, no member of Congress had introduced a bill to reauthorize the CFATS program. </p>

 

 

https://adminsm.asisonline.org/Pages/Postal-Peculiarities.aspx2017-12-01T05:00:00ZPostal Peculiarities
https://adminsm.asisonline.org/Pages/How-to-Build-a-Wall.aspx2017-06-01T04:00:00ZHow to Build a Wall
https://adminsm.asisonline.org/Pages/How-Smugglers-and-High-Risk-Travelers-Enter-the-US.aspx2017-05-04T04:00:00ZHow Smugglers and High Risk Travelers Enter the United States

 

 

https://adminsm.asisonline.org/Pages/Assessing-the-Safety-of-Chemical-Facilities.aspx2018-05-01T04:00:00ZAn Explosive Act: Assessing the Safety of Chemical Facilities
https://adminsm.asisonline.org/Pages/Missed-Deadline.aspx2018-03-01T05:00:00ZMissed Deadline
https://adminsm.asisonline.org/Pages/Tasers-and-the-United-Nations.aspx2018-03-01T05:00:00ZTasers and the United Nations

 

 

https://adminsm.asisonline.org/Pages/Space-Jam.aspx2018-05-01T04:00:00ZSpace Jam
https://adminsm.asisonline.org/Pages/The-Land-of-Plunder.aspx2018-04-01T04:00:00ZThe Land of Plunder?
https://adminsm.asisonline.org/Pages/The-Price-of-Destruction.aspx2018-04-01T04:00:00ZThe Price of Destruction

 

 

https://adminsm.asisonline.org/Pages/Book-Review---Nanoweapons.aspx2018-05-01T04:00:00ZBook Review: Nanoweapons
https://adminsm.asisonline.org/Pages/Book-Review---Emergency-Planning-for-Nuclear-Power-Plants-.aspx2018-05-01T04:00:00ZBook Review: Emergency Planning for Nuclear Power Plants
https://adminsm.asisonline.org/Pages/What-We-Know-Toronto-Vehicle-Attack.aspx2018-04-24T04:00:00ZDeadly Toronto Vehicle Attack: What we Know

 You May Also Like...

 

 

https://adminsm.asisonline.org/Pages/What’s-New-in-Technology.aspxQ&A: What’s New in Technology<p>​Steve Surfaro, industry liaison with Axis Communications and chair of the ASIS Security Applied Sciences Council, discusses emerging technology that cities and organizations can use to become smarter and safer.</p><p><em><strong>Q. </strong>How can smart buildings increase the safety of those who work there?</em></p><p><strong>A. </strong>First responders with mobile devices can use mobile location technology to find victims inside a building without relying on GPS. If all tenants who live or work in a smart building register their mobile devices, it’s possible to find out whose phone is not registered and potentially identify the approximate location of an active shooter. Seconds count on this. </p><p><strong><em>Q.</em></strong><em> What about the future of gunshot detection and triangulation?</em></p><p><strong>A.</strong> Gunshot detection is a really controversial issue. There are companies that use triangulation technology that estimates the location of a gunshot based on strategically placed microphones, but they can produce false alarms. Newer technologies use acoustic signature recognition. It employs deep learning and can be fine-tuned to listen for a particular pattern, and, once that pattern is established, it’s repeatable and does not create as many false alarms. In an environment where there’s noise of one type, like vehicles passing by, and there’s an explosion or a gunshot or glass is broken, that is a definitive acoustic signature. </p><p><strong><em>Q. </em></strong><em>What trends can we expect to see from surveillance cameras?</em></p><p><strong>A. </strong>Thermal imaging is such a tremendous technology and is getting better. Cooled thermal imaging sensors are expensive, especially when mounted on a helicopter—but they can save lives. One such sensor located the Boston bomber after the Boston Marathon bombing. Some lower-cost thermal imaging cameras can detect temperature gradients as well, so they can discern between people moving around and an explosion. This will also help firefighters. I’m from Phoenix, and out there, and in California, people suffer so much and have lost firefighters to these rapidly spreading fires. Through this technology, you’re able to have early warning if fires start to get too close to firefighters.</p><p><strong><em>Q.</em></strong><em> What about facial recognition?</em></p><p><strong>A. </strong>It’s used largely for forensics, so if investigators are trying to find an individual based on a photo, they can run a search on a facial recognition database. But the technology is being used in other ways as well. For example, airlines are testing it to streamline boarding. Stores in St. Louis, Missouri, were being robbed a few times a month, and one chain worked with the St. Louis Police Department, which had pictures of the robbery suspects. They created technology that stored images of the robbers in a microcomputer and compared them to a camera feed of people walking up to the convenience store door. The person looks up at the camera and the door is automatically unlocked in stride. If it’s not unlocked, either you’re not looking at the camera, or your picture is one of those tagged ones. Their faces aren’t being recorded, just compared to a list of potential suspects. During the test period of six months, there were no false positives and no armed robberies.</p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://adminsm.asisonline.org/Pages/Book-Review---Active-Shooter.aspxBook Review: Active Shooter<p>​Active Shooter: Preparing for and Responding to a Growing Threat. By Kevin T. Doss, CPP, PSP, and C. David Shepherd. Butterworth Heinemann. Available​ from ASIS; item #2267; 318 pages; $59 (ASIS members); $65 (nonmembers).</p><p>Anyone concerned with protecting soft targets can learn something from this book, especially those who safeguard schools, universities, public buildings, and other areas where large numbers of people gather, such as sports arenas, parades, political rallies, and other outdoor venues.</p><p>Authors Doss and Shepherd are obviously well acquainted with the issues of workplace violence and active shooters, and they provide ample focus on each important area of knowledge. Much of the information in this book is also useful for dealing with other security challenges, such as improvised explosive devices (IEDs), vehicle-borne IEDs (VBIEDs), and, to a lesser extent, civil disorder incidents.</p><p>The first portion of the book deals with “left of boom” issues; that is, everything that precedes an incident. This is important because an active shooter incident is typically of very short duration. Many measures that could be effective against other types of security threats have no usefulness once the shooting begins. The authors focus on what organizations and communities can do to mitigate the incident through emergency planning and response and recovery planning. The whole chapter on planning is excellent, and following its advice could minimize the adverse results of a shooting incident. It is rare to see a book go into detail on how support departments, such as human resources and safety planning, can play an important role in preventing and mitigating an active shooter incident.  </p><p>This book is relentlessly practical from a management standpoint; it explains how the management process can be leveraged to reduce the likelihood of and mitigate an active shooter incident. It is impressive to see the authors deal with oft-forgotten issues, such as assisting persons with disabili­ties during a shooting incident. Also, it is good to see that the book can help manage­ment focus on first re­sponders and training for optimal employee actions during an incident.  </p><p>The appendices offer additional insights into related issues, including classifications of murderers, psychological char­acteristics of murderers, frequently asked questions on workplace violence recovery, case studies (an extremely useful section), and a valuable section on training exercises.</p><p>Altogether, this is one of the most comprehensive and readable books on this important subject. Readers will no doubt look forward to more from these authors.</p><p>--</p><p><em><strong>Reviewer: Thomas L. Norman, CPP, PSP, </strong>has more than 35 years of experience as an international security consultant, with offices in the United States and Lebanon. He specializes in risk analysis, security countermeasures, and counter­terrorism, focusing on high-threat en­vironments. Norman is the author of several security industry books, with more to come.</em></p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://adminsm.asisonline.org/Pages/Active-Shooter.aspxActive Shooter Guidelines<p>​How to handle an active shooter situation is the subject of two new guidelines, including one <a href="http://www.dhs.gov/publication/active-shooter-how-to-respond" target="_blank">released by the Department of Homeland Security</a> that​ targets a more general audience of managers and employees.</p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465