Bill Wayman is the director of security services for TVA Fire & Life Safety.
Much has been written about the safety and security of our nation's chemical plants - and for good reason.
The consequences of a catastrophic failure at a chemical plant's process area or storage tank can cause extensive injuries, environmental damage, and even fatalities, both on site and in the surrounding communities. And since many chemical plants are located near large population centers, an event could potentially affect millions of citizens.
Theft of certain chemicals also is a major issue. The American Chemistry Council (ACC) and the FBI compiled a list of more than 90 commonly used chemicals found at manufacturing facilities that are considered to be "chemicals of concern." This list includes chemicals that can be used as weapons of mass destruction (WMDs), such as chlorine, ammonia and phosgene, and chemicals that, in combination with others, can be used to manufacture WMDs.
The ACC's and FBI's findings came as no surprise to executives in the industry: they have known for decades the threats these chemicals pose. The tragic events of 9/11, however, vividly illustrated that the unthinkable could happen in the United States.
Given all of these factors - the close proximity of chemical plants to population centers, the potentially disastrous consequences of an event, The ACC's and FBI's findings, and the ongoing threat of terrorism - industry executives have been actively looking for better ways to ensure plant safety.
Additionally, considering that the chemical industry generates $450 billion dollars a year in revenue, accounts for $80 billion in U.S. exports, and employs more than one million Americans, it is essential that this critical sector of the economy is protected appropriately. It also is just good business sense for the chemical industry to safeguard the environment and surrounding communities.
Achieving enhanced plant protection first requires a basic understanding of past practices and legislation. Here is a quick look at pre-9/11 initiatives.
In 1971, the American Chemistry Council launched the Chemical Transportation Emergency Center (Chemtrec) - a 24/7 emergency communication center for chemical transportation incidents that provides emergency responders technical assistance from product safety specialists, toxicologists, and other industry experts. Another noteworthy initiative was the Responsible Care Code - a formalized set of management practices intended to improve safety; provide critical information to local communities in the event of a failure; and protect employees, communities and the environment.
So what is the chemical industry now doing to protect the citizens, the environment, and the economy from a potential terrorist attack? And what regulations has U.S. government passed to enhance security?
What follows is a brief overview of important initiatives implemented since 9/11.
In October 2001, the ACC, the Chlorine Institute, Inc., and the Synthetic Organic Chemical Manufacturers Association (SOCMA) jointly published Site Security Guidelines for the US Chemical Industry. In April 2002, the ACC established the Information Sharing and Analysis Center (ISAC), utilizing its Chemtrec communications center for direct communications between the chemical industry and the Department of Homeland Security.
In June 2002, the ACC adopted the Responsible Care Security Code, which is a mandatory managing guideline for all ACC members and Responsible Care Partner companies. The Security Code - which addresses site, cyber and transportation security concerns - requires companies to conduct comprehensive security threat and vulnerability assessments of their sites, to implement security enhancements to control or mitigate identified vulnerabilities, and to obtain independent verification that appropriate enhancements have been made. A strict timeline for complying with this code also is required.
The three major points of the Security Code are:
- Prioritize and Assessment: Companies prioritize their sites according to a four-tier system that uses vulnerability as the key criterion. Security vulnerability assessments (SVAs) are scheduled at all facilities according to the prioritization process.
- Implementation: After completing the SVA process, companies implement security enhancements designed to control or mitigate the identified risks. The following steps are taken:
- Protect Information and Cyber-Security: Protecting information and process control systems is a crucial element of good security management and a fundamental principal of the Security Code.
- Training, Drills and Guidance: Emergency preparedness is a key feature of the Responsible Care initiative. Training, drills and guidance are offered to employees, contractors, emergency responders and other personnel in order to enhance security awareness and maximize the facility's response capabilities.
- Communications, Dialogue and Information Exchange: Communications emphasizes cooperation among chemical producers, customers, suppliers, shippers and government agencies.
- Response to Security Threats and Incidents: Companies evaluate, respond report, and communicate security threats as appropriate. Security incidents trigger a similar process, but include additional steps such as the conducting of an investigation and the taking of corrective action.
- Continuous Improvement: This includes planning, establishing goals and objectives, monitoring progress and performance, analysis of trends, and development and implementation of corrective actions.
- Independent Verification: Facilities undergo independent audits by credible third parties to assure that they have implemented necessary security enhancements.
According to an ACC Fact Sheet (published in May 2004), chemical companies have made and kept significant operational commitments. The Fact Sheet states that all Responsible Care facilities (more than 2,000 nationwide) have completed thorough security vulnerability assessments. The Fact Sheet goes on to note that the highest-priority facilities (Tier 1) have already implemented security enhancements where appropriate, and that the remaining facilities are on schedule to implement additional security measures by the end of 2004.
Completion of this commitment could not be verified at the time of writing this article. The ACC states, however, that full implementation of the Code will be completed by June 30, 2005. Regardless, a statement published by the ACC in April 2004 noted that its members had invested more $800 million in 2003 alone to enhance security at their facilities.
Beyond hardening of their facilities, chemical companies also began to look for safer, less toxic, or volatile products that would provide the same quality and properties as their more dangerous predecessors. This approach typically carries a very high initial cost to chemical producers and users, but if successful it can pay off in many ways: providing a safer workplace, creating a cleaner environment, and lowering operational costs associated with handling hazardous material found in older chemical processes.
Another initiative is to reduce the "on-hand" amount of these chemicals; in other words, reducing inventories to the minimum essential for efficient operation. Although this sounds like a logical approach, minimal inventories requires more frequent deliveries of hazardous materials using our highways, rail systems, and shipping channels - something that increases the chances of accident and mishap. So lowering risk in one area raises it in another.
Another example of a trade-off using the "on-hand" approach: water utilities must weigh the safety benefit of lower inventories of chlorine against the risk of not having adequate stockpiles of this purification chemical, which assures the security of our water supplies.
Despite the many advances of the last few decades and, in particular since 9/11, many problems remain. Although all ACC member companies adopted the ACC's recommendations, this only covered approximately 2,000 of the 15,000 chemical plants in the United States. Many independent users and manufacturers have yet to embrace the Responsible Care? Security Code.
Because of these gaps, there have been several attempts to pass legislation aimed at regulating security for all chemical plants. Nothing has been passed to date in either the House or Senate, but a bill introduced by Senator Joseph Corzine of New Jersey would require companies to perform vulnerability assessments, implement security enhancements, be subject to audits, and actively pursue alternative approaches to the way they manufacture their products (these alternative approaches mirrored some of the steps the industry had voluntarily started to implement).
Senator Corzine's bill has not been passed in large part because it requires chemical producers and users to reduce the amount of chemicals they use and store, and mandates the use of alternative, less hazardous chemicals - two requirements not easily met by industry.
Senator James Inhofe of Oklahoma introduced a competing a bill to the Senate in May 2003 that would require the chemical industry to perform vulnerability assessments, implement security enhancements and be subject to audits. It does not, however, require the industry to pursue alternative approaches to the way they manufacture their products. Senator Inhofe's bill has had wide support from the chemical sector and security industry, but the bill was not passed in the last session of Congress.
Regardless of which bill passes, it is only a matter of time before Congress and the Senate pass legislation to regulate the security of the chemical industry.
What the final legislation will include is difficult to determine at present, but with groups like the ACC, the Chlorine Institute and SOCMA, along with safety and security professionals publicly supporting efforts to adopt security-focused legislation that will establish meaningful and effective national guidelines for the entire chemical industry, this legislative session in Washington might finally produce much-needed legislation.
In our second part (which will be available via SecurityInfoWatch.com on March 1, 2005), look for a discussion of common pitfalls and how you can reduce risk at your facility.
About the author: William Wayman, director of security services for TVA Fire & Life Safety, is responsible for managing and providing vulnerability and risk analysis and property hazard control services. In this capacity, he is specialized in the physical security field, and in chemical, petrochemical, heavy industrial, utilities and high-tech industries.