Late in 2012, ACA responded to a survey request by the U.S. Government Accountability Office (GAO) reviewing the Department of Homeland Security’s Chemical Facility Anti-Terrorism Standards (CFATS) Program. At the request of several interested congressional committees, GAO is conducting a review of the CFATS Program, and asked ACA, as a key Chemical Sector trade association, for its views on the efficacy of DHS’s Infrastructure Security Compliance Division's (ISCD) CFATS-related outreach efforts.
GAO asked for both general and specific feedback from industry. For both, ACA responded that member companies find the CFATS data collection requirements onerous and repetitive/duplicative. Members perceive the CFATS requirements as a “data dump,” and report that it does not appear to be designed to elicit actionable information, but rather appears to be a massive data collection project that requires regulated entities to submit massive amounts of information, little of which appears germane to legitimate or apparent chemical security requirements.
When specifically questioned about the transparency of the CFATS tiering process, ACA responded that the feedback it received on tiering methodologies is that the process is extremely non-transparent, and other than perhaps being aware that other similarly situated facilities have been tiered in the same manner, members have little insight into why possessing a particular chemical in a particular quantity results in a facility being placed into a specific tier. ACA’s understanding is that this may be deliberate on the part of ISCD, in that the concept behind the Chemical Security Assessment Tool (CSAT) is that it functions as a “black box” of sorts, therefore providing insight into how and why facilities are tiered enable submitters to “game” the system and avoid being brought into the program.
GAO also sought comment on how useful CSAT data collection has been in reducing risk at CFATS regulated facilities, and whether the Top Screen, Security Vulnerability Assessment (SVA), and Site Security Plan (SSP) documentation requirements have demonstrated their value in reducing risk at regulated facilities. In response, member feedback underscored that the Top Screen process and SVAs are extremely burdensome, repetitive and collect far more information than appears to be necessary to perform the functions it is supposed to perform. Regarding the development of Site Security Plans (SSPs), some member feedback indicated that SSPs seem to serve as a pointless data collection exercise and do not appear to support any specific security objectives — this is particularly highlighted by the lack of feedback most members report having received on the SSPs they submitted. In fact, ACA responded that at least one member has been seeking to put in place an Alternative Security Plan (ASP) involving multiple facilities, but has received no constructive feedback from DHS on this process or the status of the submitted ASP.
In general, ACA also commented that greater responsiveness to the work efforts placed by members into developing SSPs and ASPs would be especially helpful and appreciated.
ACA has previously testified in Congressional hearings that CFATS should be made permanent and could provide benefits, such as eliminating potential reformulation costs that might be required should the program change; these costs could include, in some cases, potential loss of markets, physical security upgrade costs, and CFATS compliance administrative costs. However, industry believes that a permanent program should include the following improvements: (a) the Top Screen process should be reviewed in order to simplify likely Tier 4 facilities having a single “chemical of interest” (COI), (b) DHS’s Infrastructure Security Compliance Division (ISCD) should provide timely follow-through to regulated entities through timely feedback on SSPs and ASPs, and (c) DHS should engage in dialogue on the technical nature of the threat posed by theft-and-diversion COIs (such as commercial grades of aluminum paste), which are commonly used in the coatings industry.
One major concern ACA and its members have is that their considerable investment in CFATS specifically, and chemical security generally, might be “stranded” if the program is discontinued in its current guise or if major revisions to the program require re-engineering of the compliance measures already in place. ACA has consistently expressed the view that the government’s approach to chemical security should be stabilized long enough for it to become effective. Changing the approach to chemical security in a major way before the program has been afforded the opportunity to mature — such as adding new mandates imposing arbitrary “inherently safer technology” requirements — is something that industry believes would be extremely counter-productive.