Chemical Facility Security News

Subject: House Homeland Security Committee Hearings – 7-28-08
Time: 11:20:00 AM EDT
Author:  pjcoyle

The House Homeland Security Committee released their hearing schedule for next week. Nothing directly dealing with Chemical Facility Security, but there are two hearing that may have an oblique, long-term impact. Both of them are sub-committee hearings that will be held on Wednesday, July 30th.

 

Future of Al Qaeda

 

The Subcommittee on Intelligence, Information Sharing and Terrorism Risk Assessment is holding a hearing on the future of Al Qaeda and the implications for Homeland Security. This is a topic that should be reviewed periodically to ensure that we focus on the present and the future, not the past.

 

There are two witnesses listed for this hearing:

 

• Peter Bergen, Senior Fellow, New America Foundation
• Lawrence Wright, Fellow, NYU Center on Law and Security

Anyone responsible for anti-terrorist security planning at chemical facilities should at least read the published remarks of these two witnesses after the hearing next week. We certainly won’t expect tactical level intelligence, but this would fall under the heading of ‘Know Your Enemy’. Testimony like this is usually fairly short and easy to read; a good summary document.

 

Homeland Security Quadrennial Review

 

One of the many tasks facing the incoming administration next year will be the conduct of the first Quadrennial Review of the Department of Homeland Security. This is patterned after the same review conducted at DOD. It will allow the new administration to put their stamp on the future development of the department.

 

This hearing will be conducted by the Subcommittee on Management, Investigations, and Oversight. They are currently showing three witnesses:

 

• Alan Cohn, Deputy Assistant Secretary for Policy (Strategic Plans), Department of Homeland Security
• Christine E. Wormuth, Senior Fellow, Center for Strategic & International Studies
• Major General Michael Sumrall, Assistant to the Chairman, Joint Chiefs of Staff for National Guard Matters

General Sumrall’s appearance is kind of interesting. The National Guard is an organization undergoing its own redevelopment. The large number of deployments of National Guard Units in support of military missions in Iraq and Afghanistan along with a variety of homeland security missions (guarding the border, bridges and nuclear power plants) has stretched that organization well beyond its pre-9/11 character. It will be interesting to hear Gen. Sumrall’s views on the future of Homeland Security.

Written by pjcoyle Permalink | Blog about this entry |  Add to del.icio.us |  digg this This entry has 0 comments: Add your own

Subject: Water Supply Security
Time: 9:46:34 AM EDT
Author:  pjcoyle

There is an interesting article on Stratfor.com that deals with the issue of terrorist attacks on water systems by contaminating water supplies. The article was written in response to reader questions about an earlier article on the closure of the road that runs across the Dillon Dam in Colorado. Those readers asked why the earlier article dealt only with a physical attack on the dam and not contamination of the water supply

 

Toxicity is Dose Related

 

The Stratfor.com authors, Fred Burton and Scott Stewart, do an excellent job in explaining why it is so difficult to adulterate a water supply at the source. They point out that it would take 830,000 gallons of a contaminant added to the 83 Billion gallon reservoir to reach a 10 ppm level of contamination.

 

Even these authors underestimate the complexity of the operation, saying that it would take 55 tank trucks of material to accomplish that kind of attack. That estimate is way low because they assume each truck would carry 15,000 gallons. Normal tank trucks carry about 5,000 gallons of liquid; so it would take more than 150 tank trucks dumping a contaminant into that reservoir to reach the 10 ppm level. Most deadly toxins take a much higher concentration than 10 ppm to kill people.

 

Water Treatment Makes it Even More Difficult

 

To make matters even more difficult for the terrorist there is a complete water treatment and distribution network between the potential contamination at the reservoir and the water tap. The whole purpose of that system it to remove contaminants from the drinking water supply.

 

The article does a good job of describing how the treatment and distribution network helps to protect the citizens drinking the water from the municipal treatment system. They clearly make the point that an attack upstream of the treatment plant is likely to be totally ineffective in killing people.

 

Industrial Chemical Contamination

 

If this is true, why does the government get so concerned about ground water pollution? Cities that use ground water for their drinking water also treat the water. The difference is that the EPA is not worried about contamination that is going to kill people drinking a couple of glasses of water. They are worried about contamination that is going to make people sick with exotic cancers or other diseases after twenty or thirty years of drinking the contaminated water. That is much too long a time frame to be useful to a terrorist.

 

The Psychological Effect

 

The authors point out that even a non-deadly attack on water supplies may end up being an effective attack due to the psychological effects on the population. We have come to rely on our water systems for safe drinking water and expect very low contaminant levels. This can be seen by the recent public reactions to ultra low levels of various pharmaceutical residues in city water supplies.

 

Eco-Terrorist Type Attack

 

This would not be the type of large-scale, spectacular attack that we have come to expect from al Qaeda related terrorist groups. It would be more in line with the symbolic types of attacks that we have seen from various eco-terrorist groups. To date those groups have not executed attacks that resulted in spectacular deaths, they have instead gone for economic effects to gain their headlines.

 

To see how effective a pre-treatment water supply attack could be we need only to look at a recent water tower vandalism incident in Las Lomas, CA. There the hatch to a water tower was discovered open in circumstances that indicated an intruder had accessed the tank. At least one test of water quality indicated very low levels of mercury contamination. Even though other tests did not replicate the results (perhaps because the contamination levels were so close to the detection limits of the test) residents were warned and the tank was drained and cleaned.

 

If the same incident had been accompanied by the publication of a manifesto against chemicals manufactured or used by a local facility the incident would have attracted much more attention. The resultant publicity would fit in well with the objectives of many eco-terrorist groups.

 

Preventive Publicity

 

To avoid problems with this type of attack water utilities need to be proactive in explaining all of these facts to their customers before an attack takes place. Articles similar to the one on Stratford.com need to be prepared and sent to customers on a regular basis. Periodic publicity campaigns using local media need to be employed. Once an attack takes place, it will be too late to prepare and use such a campaign to prevent panic.

Written by pjcoyle Permalink | Blog about this entry |  Add to del.icio.us |  digg this This entry has 0 comments: Add your own

Subject: Too Much Faith in Biometrics?
Time: 12:52:27 PM EDT
Author:  pjcoyle

Every once in a while everyone needs to be reminded that there is no such thing as total security; there is no such thing as the forgery-proof identification. There is a report on HSDailyWire.com about a recent arrest in Dubai. Two Russians and a Moldavian were arrested with forged eye biometrics recognition stamps.

 

The UAE uses iris scans at their airport to verify identity of people entering the country. These three were arrested “for suspicion of smuggling forged eye biometrics recognition stamps with intent to facilitate the entry to the UAE of individuals who were previously banned”. The brief article does not explain exactly how these forged stamps would be used, but people on both sides of the arrest apparently felt they would circumvent the identification process.

 

Every security professional knows that there is no such thing as a security program or device that cannot be subverted. What ever man can devise, man can subvert. From time to time we all need to be reminded of that.

Written by pjcoyle Permalink | Blog about this entry |  Add to del.icio.us |  digg this This entry has 0 comments: Add your own

Subject: HR5577 Lobbying Effort
Time: 11:47:21 AM EDT
Author:  pjcoyle

Greenpeace is running a grassroots lobbying effort to get HR 5577 (Chemical Facility Anti-Terrorism Act of 2008) passed. Their 'Action Center’ has a brief blurb touting the IST provisions of the bill and a form letter that will be emailed to the appropriate congressional delegation if you fill out the data collection information.

 

Greenpeace IST Claims Misleading

 

While I personally think that the passage of HR 5577 would probably be a good thing for the industry and the country, I think that the Greenpeace effort is misleading. Their claims that the inherently safer technology (IST) provisions of the bill would “ensure the use of safer, cost-effective technologies to reduce the terrible consequences of a terrorist attack at a chemical plant” are blatant nonsense.

 

HR 5577 mandates the evaluation of inherently safer technology, but it only authorizes the Secretary to require implementation if the facility finds that there is an IST process that is practicable (see: “Inherently Safer Technology Implementation under HR 5577”).

 

Greenpeace IST Claims Counterproductive

 

This campaign by Greenpeace is a continuation of the polarization politics that is crippling government in this country. By pushing this gross over simplification of the provisions of the bill Greenpeace is providing ammunition for many people that oppose this bill for various reasons. Industry will always, and rightfully so in my opinion, vociferously oppose the imposition of mandatory IST implementation requirements.

 

I understand that Greenpeace is in favor of the implementation of IST. Anyone with a modicum of sense would agree that using safer chemicals and processes can provide a significant reduction in the risks from terrorist attacks and process accidents. But, by implying that this bill would require implementation of a magic bullet IST in every case is misleading proponents and opponents of the rational IST implementation.

 

Rational IST Implementation

 

The provisions of HR 5577 that require the IST review be conducted as part of the security process ensures that facilities will be actively reviewing safer alternatives at the same time they are looking at the increased costs of security. This will allow for the realistic comparison of the benefits of IST and the costs of security. If there is a realistic IST alternative available, this is the best way to ensure that companies see that it is in their best interest to implement that program.

 

Moving HR 5577 Forward

 

I applaud the intentions of Greenpeace to move the legislative process forward on HR 5577. I believe that their method needs to be modified. The House leadership is not moving this bill forward (see: “Update HR 5577 07-11-08”) and it does not appear that this bill will ever come to a vote. Instead of an email campaign to get votes lined up for the bill, there should be a campaign to get the House Committee on Energy and Commerce to take up the bill in a serious manner and move it to the floor for a vote.

Written by pjcoyle Permalink | Blog about this entry |  Add to del.icio.us |  digg this This entry has 0 comments: Add your own

Subject: PHMSA Issues Request for Comments
Time: 12:27:35 PM EDT
Author:  pjcoyle

In today’s Federal Register is a Notice for Petitions for Rule Making from the Pipeline and Hazardous Materials Safety Administration (PHMSA). It deals with two separate petitions requesting that PHMSA issue an interim rule providing for allowing for the design and building of a new series of railcars for the shipment of PIH chemical while the PHMSA completes its current rule making process on PIH Tank Car Construction Standards (see: “Proposed Rail Rule Will Increase Pressure for IST”). Comments are required to be submitted by August 22, 2008.

 

Problems with the Current Proposed Rule

 

As I noted in a series of blogs (see: “Comments on Rail Security and Safety Rules – 6-16-08” the last in the series) there have been some serious concerns expressed by shippers and the railroads about the unintended consequences of that rule. Since the proposed rule mandates an 8 year phase out of all current railcars used in the transport of PIH chemicals, no new railcars for that service are being produced or designed pending final action on the proposed rule.

 

This means that the PIH rail fleet is getting smaller as out-of-date railcars are removed from service. Additionally, fleet upgrade programs at many larger PIH shippers have been stopped, leaving less-safe railcars still in service. Comment after comment from the industry recommended that PHMSA issue an interim rule to encourage the production of the current state of the art PIH railcar until the radical new design is completed, tested and fielded.

 

Petitions for an Interim Rule

 

PHMSA has receivedtwo formal petitions to do just that. While the details of the two different petitions are different, they both seek an interim rule establishing a transitional standard that would allow an adequate service life for the new cars added to the fleet between now and the time the more radical proposed standard goes into effect.

 

PHMSA is looking for comments on these two petitions. In the Federal Register notice PHMSA put it this way:

 

• “This document is issued to obtain comments on the merits of the petitions and to assist PHMSA in making a decision of whether to proceed to issue a rule responding to the petitions under the ongoing HM-246 tank car rulemaking.”

 In most cases the comments will be a re-hash of the comments that had already been submitted on the current rule. It will be interesting to see what new data may be added. Even with the short comment period (30 days) I don’t see the PHMSA moving on this petition quickly. The Bush Administration has already announced that it is going to slow up on starting new rules in its last six months in office so it will probably be the next administration that will guide any potential interim rule through bureaucratic process.

Written by pjcoyle Permalink | Blog about this entry |  Add to del.icio.us |  digg this This entry has 0 comments: Add your own

Subject: Critical Infrastructure Partnership Advisory Council Meeting
Time: 9:28:34 AM EDT
Author:  pjcoyle

Yesterday DHS announced the upcoming meeting of the Critical Infrastructure Partnership Advisory Council on July 30th. The one day meeting will be held in <?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />Washington, D.C. The public may attend, but may not participate in the council discussions unless invited. Written comments may, however, be submitted.

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> 

According to the notice:

 

·             “The Critical Infrastructure Partnership Advisory Council represents a partnership between government and critical infrastructure/key resource (CIKR) owners and operators and provides a forum in which they can engage in a broad spectrum of activities to support and coordinate critical infrastructure protection.”

 

The agenda for this meeting includes panel discussions between participating CIKR Sectors regarding the following topics:

 

·             Asset-Based Infrastructure Protection.

·             Systems-Based Infrastructure Protection.

·             Cross-Sector Dependencies and Interdependencies.

·             Regional Implementation of the National Infrastructure Protection Plan.

Written by pjcoyle Permalink | Blog about this entry |  Add to del.icio.us |  digg this This entry has 0 comments: Add your own

Subject: Evolving Eco-Terrorist Groups - Update
Time: 2:36:04 PM EDT
Author:  pjcoyle

Every blogger needs someone that questions assumptions. For this blog that person is apparently Fred Millar. He responded to my earlier blog today and questioned how I got from “mass action” to “attack”. Looking just at the article in the Independent it is an easy jump to make. I should have looked a little farther than that.

 

If you were to go to the home page for Climate Camp 08, the jump is not as clear cut. While the page does call for “taking direct action to tackle dangerous development” it also includes instructions to leave at home things “like pen knives and anything that looks remotely nasty”.

 

Their web site makes the ‘climate camp’ and the ‘mass action’ seem like a giant party; bring the kiddies (a children’s tent will be available). But, the goal of the camp is to close down the coal fired power plant (slated for closure in the near future, another fact omitted from the Independent article).

 

Anyway, look at both sides and make your own call, only the future will tell which way things will go. I would (and have) go back and change only one thing in my earlier article:

 

• Original - “The 2008 Camp for Climate Action group is the latest group that appears to be willing to drift from protest to violent action.”

 

• New – “The 2008 Camp for Climate Action” is the latest civil disobedience group that could drift from protest to violent action. We have to wait and see what the group dynamic actually is on the day of their protest.”

Written by pjcoyle Permalink | Blog about this entry |  Add to del.icio.us |  digg this This entry has 0 comments: Add your own

Subject: Alternatives to CFATS for Theft/Diversion Chemicals
Time: 11:32:09 AM EDT
Author:  pjcoyle

There was a brief note this last weekend on BiZChina-Update.com about an alternative method for controlling theft/diversion chemicals if you are dissatisfied with the complexities of the CFATS regulations. The Chinese do it the old fashioned way; paperwork.

 

In the lead-up to the Olympic Games, China has taken on the complex task of controlling chemicals that might be useful to terrorists. Buyers must submit copies of business licenses and personal identification cards. Sellers are also regulated:

 

• “…, firms selling the chemicals must be in possession of permits and will be given the fun task of filing all information about the purchasers, such as address, transaction date, names of the chemicals purchased, quantities and the purpose of the purchase, state media reports”

Neither of these will address the theft issue. Of course, since this is one of the last ‘worker’s paradises’, they have no problems with bourgeois problems like theft. This sounds an awful lot like hand-gun control measures in various states and cities in this country; those measures have been successful in keeping hand-guns away from criminals, haven’t they?

 

Oh, I forgot, I shouldn’t make fun of the Chinese for their efforts. After all, Congress mandated that DHS develop the same kind of regulations for ammonium nitrate (see: “DHS and the Omnibus Spending Bill”).

Tags: Chemical Facility Security, Theft/Diversion Chemicals, China, Olympics

Written by pjcoyle Permalink | Blog about this entry |  Add to del.icio.us |  digg this This entry has 0 comments: Add your own

Subject: Evolving Eco-Terrorist Groups
Time: 9:43:56 AM EDT
Author:  pjcoyle

NOTE: This blog was revised at 14:30 EDT on 7-22-08. See http://journals.aol.com/chemplantsec/chemical-facility-security-news/entries/2008/07/22/evolving-eco-terrorist-groups---update/2816 for an explanation of what was changed and why.

 

A little over a week ago there was an interesting article in the online version of the British newspaper the Independent. It described a threatened attack on a power plant in Kent. A group of environmentalists have proclaimed their intent to “to force their way into the current generating station (also coal-fired) and stop it operating – for good – on the camp's ‘day of mass action’ on 9 August.” They are ‘protesting’ the intended construction of an additional coal fired plant on the same site.

 

Eco-terrorists?

 

The 2008 Camp for Climate Action” is the latest civil disobedience group that could drift from protest to violent action. We have to wait and see what the group dynamic actually is on the day of their protest. Whether this makes them a terrorist group has yet to be seen. If they content themselves with a human assault on the fences of the power plant they remain protestors, illegal protestors to be sure (there is a court injunction against their announced assault).

 

If they attempt to use weapons, or undertake a cyber attack, or subvert insiders to damage the generating station, they cross the line to become terrorists. If they do resort to terrorist action to further their cause, they will join a growing list of eco-terrorist organizations around the world.

 

The Fringes of Protests

 

Every protest movement has a wide variety of people that form that movement. The larger the movement the more likely it is that there is a fringe group that will believe that their protest justifies the use of force. The resurgent ‘green’ movement is no exception.

 

The global warming debate has fueled the re-growth of the green movement. As the rhetoric increases about the consequences of the continued uses of fossil fuels and it becomes clearer that governments are not going to eliminate coal and oil fired power generation overnight, the green fringe is going to increase.

 

Power Plants as Chemical Facilities

 

Power plants have always been chemical facilities at their core. They convert chemical energy (the combustion of fuel) to electrical energy. Modern plants have increased the chemical complexity of their operations. Anhydrous ammonia may be used to scrub various pollutants from the smoke stacks of many facilities. Chlorine may be used to control the growth of biological organisms in the cooling water. A wide variety of other chemicals are used to optimize various processes within the facility.

 

An attack on a power plant can very easily result in chemical releases of various sorts. In targeting a coal fire power plant as a CO2 source, eco-terrorists might not even know that they may be unleashing what amounts to chemical warfare on the area surrounding the plant, the employees of the facility, and even themselves. Then again, an attack on the hazardous chemical storage might just be another way to call attention to their cause.

Written by pjcoyle Permalink | Blog about this entry |  Add to del.icio.us |  digg this This entry has 0 comments: Add your own

Subject: DHS FAQ Update 7-18-08
Time: 12:42:43 PM EDT
Author:  pjcoyle

I had some problems keeping up with all of the new updates on the DHS FAQ page. On both the 15th and the 17th they posted questions at two different times. There is obviously some increased interest in the CSAT process (maybe due to SVA’s?), so rather than try to keep up with this on a daily basis (at least until things slow down), I’m going to do this weekly.

 

As of Friday there were eleven new FAQ entries (not counting the ones that I had already reviewed last week. They span a range of topics covering Registration, Top Screen, SVA, Site Security Plans and even enforcement.

 

 

• 1544: How does a facility register to complete at CSAT Top Screen?
• 1547:  Is the fact that a facility is a covered facility under 6 CFR part 27 considered CVI?
• 1548:  Is the preliminary tier determination of a covered facility by DHS considered CVI?
• 1549:  May a covered facility disclose its preliminary tier level to another entity or individual (e.g. a trade association or another facility)?
• 1550:  Does DHS need to be notified when a CVI Authorized User at a covered facility shares CVI (e.g., its preliminary tier determination) with another CVI Authorized User, who has a "need to know", within the private sector?
• 1551:  Can individuals who are not USCitizens be CVI Authorized Users?
• 1552:  Are chemicals in transit regulated under the Chemical Facility Anti-Terrorism Standards (CFATS)?
• 1553:  Does DHS have the authority to enforce the use of Inherently Safer Technology (IST) at a facility?
• 1554:  Does DHS have the authority to shut down a facility?
• 1555:  I'm not sure how this whole CSAT thing works. Can you explain it in a few sentences?
• 1556:  What web browser settings are required to access CSAT?

 

Chemical-terrorism Vulnerability Information

 

Almost half of the questions (5 out of 11) relate to CVI. This is not surprising since most people have little or now training or experience with document security measures. None of these questions (1547 through 1551) is complicated nor are the answers. The answers can be summarized as follows.

 

• That a facility is covered under CFATS (and thus a high-risk facility) is not CVI.
• The preliminary (and the final) tier level assignment is CVI.
• CVI data can be disclosed to a CVI Authorized User who has the need to know.
• DHS does not need to be notified when CVI is shared between Authorized Users with a need to know (to be safe keep a log of receipt and transmission of CVI)
• You do not have to be a US Citizen to be an Authorized User.

How Does CSAT Work?

 

This is an interesting, if probably unrealistic question. Given that the Help Desk people lived up to their name a short concise summary of the whole shebang. Who says that government has to be obfuscating? Here is the complete reply:

 

• “A facility with Appendix A COI at or above the applicable STQ is required to use the CSAT system in order to complete and submit a Top-Screen.  A facility covered by CFATS is also required to use the CSAT system, for example, to do the following:
• “Access the User Registration System
• “Identify, assign, and authorize the Authorizer, Submitter, and Preparer.
• “Send in the signed PDF form that is produced by the User Registration System to DHS.
• “Receive usernames and passwords from DHS.
• “Access the CSAT website to transfer accounts, if needed.
• “Access the CSAT website to add Reviewers, if needed.
• “Access the CSAT website to conduct the Top-Screen questionnaire, if needed.
• “Access the CSAT website to complete a Site Vulnerability Assessment, if required.”

Sounds painless, doesn’t it?

Written by pjcoyle Permalink | Blog about this entry |  Add to del.icio.us |  digg this This entry has 0 comments: Add your own