DHS makes significant headway with CFATS security plan approvals

Since it was created in 2007, the Chemical Facilities Anti-Terrorism Standards (CFATS) program has been a work in progress for both the Department of Homeland Security, which is responsible for its implementation, as well as chemical manufacturers which have sought clarification on the level of security needed for their facilities. As to be expected, the process of conducting a security assessment, making the appropriate upgrades and having DHS sign off on the site security plans of individual plants has been time consuming.

Earlier this month, the National Association of Chemical Distributors (NACD) joined the DHS’s Infrastructure Security Compliance Division in a ceremony celebrating the 750th site security plan approved under the CFATS program. In fact, according to the NACD, the DHS has approved nearly 250 site security plans since the beginning of February.  

“It got off to a slow start which is understandable because it was a brand new program that DHS, a relatively new agency, had to create so it did get off to kind of a rocky start,” said Jennifer Gibson, vice president of regulatory affairs for the NACD. “For the past two years, I think they’ve made great progress. The crew that has been running the infrastructure compliance division that oversees CFATS has done s a great job of turning things around, setting up new procedures and really expediting the security plan review and approval process.”

Gibson credited the agency’s encouragement of the use of alternative security plans as one of the main factors behind the uptick in plan approvals.

“The site security plan template that they developed as part of CFATS was very cumbersome and it was a kind of fill in the blank,” she explained. “When a facility would do that it would spit out a 400-page document that really didn’t mean anything to either the facility or the DHS inspectors, so they’ve really tried to streamline that and one way to do that is by allowing facilities to submit alternative security programs and that allows them to address CFATS risk-based performance standards, but in a way that makes sense to them.”

Gibson said that these alternative plans can be done in a narrative form, which not only provides more meaningful security insights for chemical plants, but also the inspectors trying to evaluate them. Additionally, Gibson said that the agency has also started to look at security from the corporate level of chemical companies that have multiple sites regulated by CFATS. This enables them to see some of the common security measures that should be in place at all of the company’s facilities and verify whether they are following these procedures on an individual, plant-by-plant basis.

“The chemical security assessment tool (from CFATS) is organized by risk-based performance standards and there is a lot of overlap between those standards, so a lot of the questions were really repetitive and it didn’t flow very well,” added Gibson. “Whereas for an alternative security plan, a company can look at their own procedures that they have and then look at the risk-based performance standards and then match them up and do a narrative about how the procedures they have in place or any new procedures they’ll adopt to address the performance standards will meet the security needs.”

Despite this progress, there are those who remain sharply critical of the lack of progress DHS has thus far made with CFATS. At a hearing of the Senate Homeland Security and Governmental Affairs Committee held earlier this month, Sen. Tom Coburn (R-Okla.), said that to date, nearly $600 million has been spent on the program and that less than two percent of facilities have had a compliance inspection.

“In my review I’ve learned some things,” said Coburn at the hearing. “One is that CFATS is not significantly reducing the risk that terrorists will use chemicals to conduct an attack against the United States. The second thing I’ve learned is that the approach to assessing risks in chemical facilities which guides the CFATS program is broken. Third, DHS is far behind in meeting its deadlines in this program – reviewing security plans and inspecting facilities.”

During his opening comments, Coburn held up different security guidelines required by the U.S. Coast Guard, EPA and the TSA, all of which paled in comparison to the large binder of requirements for meeting CFATS standards.

“One of the reasons it is hard to fix is because we put all of this gobbledygook that has no attendant impact on what we’re doing,” added Coburn. “We’ve got to look at this program, we’ve got to fix it, it’s an important thing that we need to do and we need to solve the problems.”  

Suzanne Spaulding, undersecretary, national protection and programs directorate at DHS, said that just two years ago, the agency hadn’t approved a single site security plan or compliance inspection. However, she said the agency has since approved more than 760 site security plans, completed 31 compliance inspections and more 1,000 authorization inspections.

In addition, Spaulding said that 98 percent of Tier 1 facilities have an approved security plan, while 66 percent of Tier 2 and 39 percent of Tier 3 facilities have an approved plan.

“We are sustaining an average rate of more than 80 approvals each month, which would cut in half GAO’s estimate of how long it would take to clear the backlog of plan approvals,” Spaulding said during her testimony before the committee. “Approximately 75 percent of these facilities’ plans included measures recommended by the DHS or the facility as necessary upgrades in order to satisfy the applicable risk-based performance standards. This is significant progress.”

Gibson believes that in order for the DHS to continue clearing this backlog of facility inspections they’re going to have continue with what they’ve been doing and that means companies adopting the aforementioned alternative security plans. “Now that it’s starting to go faster, I don’t see any reason why that trend won’t continue,” she said.

Gibson also credited Congress with spurring the DHS into action on completing these site assessments by holding them accountable. “I think Congress has really held their feet to the fire and encouraged them to make some progress,” she said.

In the near future, Gibson said that Congress needs to pass a longer term authorization bill to fund CFATS to ensure that the progress that has been made over the past couple of years continues. When the government shutdown occurred last year, Gibson said that technically, the CFATS program didn’t exist during that time period and that many lawmakers now realize that something needs to be done to address the issue of funding for this program.

“That would be helpful because it would give a lot more certainty to the program and what they’re looking at now is an authorization of about three years, so at least that would tell both DHS and the industry that this program is going to be around for awhile and the efforts being made will be recognized,” she said.  

Loading