The Office of Infrastructure Protection

Similar documents
The Office of Infrastructure Protection

The Office of Infrastructure Protection

The Office of Infrastructure Protection

The Office of Infrastructure Protection

Canadian Chemical Engineering Conference Edmonton, Alberta October 30, 2007

Securing the Chemical Sector:

The Office of Infrastructure Protection

EXECUTIVE ORDER Chemical Facility Safety and Security: Providing ProtecFon Reduces Risk

The Office of Infrastructure Protection

Actions to Improve Chemical Facility Safety and Security A Shared Commitment Report of the Federal Working Group on Executive Order 13650

2008 National Ag Safety School. Richard Gupton Vice President, Legislative Policy & Counsel Agricultural Retailers Association

Office of Infrastructure Protection Overview

The Office of Infrastructure Protection

PIPELINE SECURITY An Overview of TSA Programs

DHS Cybersecurity: Services for State and Local Officials. February 2017

Chemical Facility Anti-Terrorism Standards. T. Ted Cromwell Sr. Director, Security and

The Office of Infrastructure Protection

The Office of Infrastructure Protection

Chemical Facility Anti- Terrorism Standards

Region Snapshot Regions I and II

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

The Office of Infrastructure Protection

Critical Infrastructure Sectors and DHS ICS CERT Overview

Chemical Facility Anti-Terrorism Standards

June 5, 2018 Independence, Ohio

The Office of Infrastructure Protection

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

Statement for the Record. Rand Beers Under Secretary National Protection and Programs Directorate Department of Homeland Security

SECURITY CODE. Responsible Care. American Chemistry Council. 7 April 2011

TSA/FTA Security and Emergency Management Action Items for Transit Agencies

The Office of Infrastructure Protection

How AlienVault ICS SIEM Supports Compliance with CFATS

Critical Infrastructure Mission Implementation by State, Local, Tribal, and Territorial Agencies and Public-Private Partnerships.

South Dakota Utah Wyoming Needs and Challenges Funding assistance Training Federal program enhancements Exercises

Region Snapshot Region IV

Written Statement of. Timothy J. Scott Chief Security Officer The Dow Chemical Company

Department of Homeland Security Updates

Sharing of Information & Intelligence on the Importation & Transportation of Food

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

DHS Supply Chain Activity: Cross-Sector Supply Chain Working Group and Strategy on Global Supply Chain Security

Executive Order: Improving Chemical Facility Safety & Security. Status Report to the President under EO EPA ACTIONS APRIL 15, 2015

Federal Civilian Executive branch State, Local, Tribal, Territorial government (SLTT) Private Sector (PS) Unclassified / Business Networks

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

Control Systems Cyber Security Awareness

Quadrennial Homeland Security Review (QHSR) Ensuring Resilience to Disasters

NFPA 3000 (PS) Standard for an Active Shooter / Hostile Event Response (ASHER) Program IT S A BIG WORLD. LET S PROTECT IT TOGETHER.

Cyber Security & Homeland Security:

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:

Food and Agriculture Sector Criticality Assessment

U.S. Department of Homeland Security Office of Cybersecurity & Communications

Member of the County or municipal emergency management organization

Election Infrastructure Security: The How and Why of It

Needs and Challenges Funding assistance Training Partnership capabilities and sustainment. Implement Risk Management

DHS Election Task Force Updates. Geoff Hale, Elections Task Force

COUNTERING IMPROVISED EXPLOSIVE DEVICES

Understanding CFATS: What It Means to Your Business Chemical Facility Anti-Terrorism Standards John C. Fannin III, CPP, LEED AP

Alternative Fuel Vehicles in State Energy Assurance Planning

Overview of the Federal Interagency Operational Plans

National Policy and Guiding Principles

Introduction to the National Response Plan and National Incident Management System

DHS Emergency Services Sector Presents Tools and Resources for First Responders. June 1, pm ET

TERRORISM LIAISON OFFICER OUTREACH PROGRAM - (TLOOP)

RECENT DEVELOPMENT. Scott Goodman

American Association of Port Authorities. Navigating the Cyber Domain. Homeland Security UNCLASSIFIED

Updates to the NIST Cybersecurity Framework

The Office of Infrastructure Protection. Background. Purpose 6/13/2016. National Protection and Programs Directorate Department of Homeland Security

Why you should adopt the NIST Cybersecurity Framework

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Implementing Executive Order and Presidential Policy Directive 21

2017 SPRING INTERNSHIP PROGRAM OPPORTUNITY

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

FEMA Region III Cyber Security Program

NATIONAL CAPITAL REGION HOMELAND SECURITY STRATEGIC PLAN SEPTEMBER 2010 WASHINGTON, DC

Florida Regional Domestic Security Task Forces

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

Chapter 1. Chapter 2. Chapter 3

Mississippi Emergency Management Agency. Shawn Wise. Office Of Preparedness

PD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection

NGA Governor s Energy Advisors Energy Policy Institute Resiliency Panel

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

HPH SCC CYBERSECURITY WORKING GROUP

S&T Stakeholders Conference

STANDARD OPERATING PROCEDURE Critical Infrastructure Credentialing/Access Program Hurricane Season

Department of Homeland Security

UNCLASSIFIED. September 24, In October 2007 the President issued his National Strategy for Information Sharing. This

Community-Based Water Resiliency

MULTI-YEAR TRAINING AND EXERCISE PLAN. Boone County Office of Emergency Management

Critical Infrastructure Protection and Suspicious Activity Reporting. Texas Department of Public Safety Intelligence & Counterterrorism Division

Bradford J. Willke. 19 September 2007

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

COUNTERING IMPROVISED EXPLOSIVE DEVICES

Local Emergency Planning Committee (LEPC)

Energy Assurance State Examples and Regional Markets Jeffrey R. Pillon, Director of Energy Assurance National Association of State Energy Officials

Emergency Support Function #12 Energy Annex. ESF Coordinator: Support Agencies:

California Cybersecurity Integration Center (Cal-CSIC)

Oregon Department of Justice

Implementation of Chemical Facility Anti-Terrorism Standards (CFATS): Issues for Congress

GIS in Situational and Operational Awareness: Supporting Public Safety from the Operations Center to the Field

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team

Transcription:

The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Chemical Facility Anti-Terrorism Standards (CFATS) Mystic REPC October 23, 2018

The CFATS Regulation The CFATS program identifies and regulates high-risk chemical facilities to ensure they implement appropriate security measures to reduce the risk of a terrorist attack associated with more than 300 chemicals of interest (COI). If held in specified quantities and concentrations, these chemicals must be reported to DHS. Facilities that store, manufacture, or distribute COI at or above screening threshold quantities (STQ) are required to comply with the CFATS standards. CFATS follows a risk-based approach, allowing DHS to focus on high-risk chemical facilities in accordance with their specific level of risk 2

Essentials of the CFATS Program DHS uses information submitted through an online survey (Top-Screen) to determine if a facility is high-risk High-risk (i.e., covered) facilities are placed in 4 tiers. Tier 1 represents the highest risk Current Population Distribution Covered facilities are required to develop and implement security plans that meet applicable risk-based performance standards (RBPS) More than 3,000 facilities have eliminated, reduced, or modified their holdings and/or processes and are no longer considered high-risk Tier 1 Tier 2 Tier 3 Tier 4 3

The CFATS Process Facility may be tiered in or drop out If the facility receives a tier Submit Top-Screen Receive a Tier (1-4) or be deemed not high-risk Provide a Security Vulnerability Assessment (SVA)/Complete Site Security Plan (SSP) or Alternative Security Plan (ASP) Receive Authorization and an Authorization Inspection Receive Approval of the SSP/ASP Implement Planned Measures and Undergo Regular Compliance Inspections All facilities with COI High-risk facilities DHS provides compliance assistance upon request at any stage of this process More than 150 Chemical Security Inspectors are available for support across the country 4

Industries with Facilities Regulated by CFATS CFATS regulates facilities in various industries, including: Academia (College & Universities) Aerial Sprayers (Non-Fertilizer) Breweries Cold Chain/Refrigeration Energy Utilities Fisheries and Hatcheries Food Processors and Co-Ops Healthcare (Hospitals & Providers) Laboratories NH3 CI AN H202 Metal Service and Metal Merchants Mining Motor Vehicle Parts Manufacturing Paints/Coatings Petrochemical Manufacturing Petroleum Refining/Oil Drilling Plastics Pulp and Paper Race Tracks Retail Storage and Distribution Semiconductors Water Parks, Pools, and Filtration Wineries 5

Region 1 and Massachusetts Snapshot CFATS Covered Facilities Entire CFATS Program 3,365 Region 1 142 Massachusetts 71 Member Communities with covered facilities 7 Massachusetts is part of Region 1, which includes Vermont, Rhode Island, Maine, New Hampshire, and Connecticut. There are six Chemical Security Inspectors, one Chief of Regulatory Compliance, and one Regulatory Analyst in Region 1. All statistics are current as of October 2018 6

CFATS National Footprint Region 10 Region 9 - Hawaii (Region 9) Region 8 Region 7 Region 6 Region Region 5 5 Region 4 Region 1 Region 2 Region 3 - Guam (Region 9) - Puerto Rico (Region 2) 7

Risk-Based Performance Standards RBPS-8 Cyber RBPS-13 Elevated Threats RBPS-14 Specific Threats, Vulnerabilities, or Risks RBPS-1 Restrict Area Perimeter Rather than prescribe specific security measures, DHS developed 18 riskbased performance standards (RBPS) Compliance with the RBPS will be tailored to fit each facility s circumstances, including tier level, security issues, and physical and operating environments 8

RBPS 9 Response Develop and exercise an emergency plan to respond to security incidents internally and with assistance of local law enforcement and first responders. Response focuses on the planning to mitigate, respond, and report incidents in a timely manner between facility personnel, first responders, and law enforcement Local Emergency Planning Committees (LEPC) may be contacted by local Chemical Security Inspectors to verify that facilities have developed plans for emergency notification, response, evacuation, etc. IP Gateway (EO Portal) A DHS platform to share and coordinate CFATS information among Federal, State, local, territorial, and tribal (SLTT) agencies partners. 9

RBPS 9 Response Cont. What are some possible facility security components related to RBPS-9? Crisis Management Plan Communication Systems Process Safeguards Outreach What are some activities a facility may want to include in its Crisis Management Plan? Contingency Plans Continuity of Operations Plan Emergency Response Post-incident Security Evacuation Notification Control Re-entry Security Response 10

RBPS 9 Response Cont. The work that high-risk chemical facilities do with first responders and law enforcement to ensure emergency response measures are in place prior to an incident bolsters our nation s security. 11

Spreading the Word DHS continues to expand outreach efforts and reach deeper into communities Increasing Federal, state, local, tribal, and territorial interagency coordination Communicating directly with facilities and corporations Participating in industry association meetings and conferences Working with communities and first responders 12

Critical Infrastructure Training Resources DHS offers a wide array of free tools and resources to government and private sector partners to enable the critical infrastructure security and resilience mission. Visit: https://www.dhs.gov/critical-infrastructure-resources to access: Cross-Sector Resources: Suspicious Activity Reporting Tool, Active Shooter Preparedness, etc. Sector-Specific Resources: DHS Sector-Specific Agencies (SSAs), Co- SSAs, and Other Department SSAs Assessment Resources: Cybersecurity Evaluation Program (CSEP), Regional Resiliency Assessment Program (RRAP), etc. You can also access FEMA training by visiting: https://www.dhs.gov/critical-infrastructure-training 13

Chemical Sector Training Resources DHS has developed a series of Web-based security awareness training courses for the critical infrastructure community and the Chemical Sector Advance your security awareness by completing training courses: How to Counter Insider Threats How to Prepare For and Respond to an Active Shooter Situation Access these security training courses by visiting: https://www.dhs.gov/chemical-sector-training 14

What is the IP Gateway? The IP Gateway is centrally-managed repository of data and capabilities, and allows stakeholders to easily access, search, retrieve, visualize, analyze, and export infrastructure data from multiple sources. DHS established the IP Gateway to improve Federal agency information sharing and coordination among Federal, State, local, territorial, and tribal (SLTT) agencies partners. IP Gateway maintains three layers of information protection: Protected Critical Infrastructure Information (PCII) Chemical-terrorism Vulnerability Information (CVI) For Official Use Only (FOUO) 15

CFATS and the IP Gateway Through the IP Gateway, CFATS data is available in a FOUO layer and a CVI layer to authorized Federal, SLTT, and first responders with an established need-to-know as determined DHS. FOUO access allows users to view information on a chemical facility (such as name, location, and geospatial information) within their State, county, and surrounding counties, whereas CVI access includes additional information, such as CFATS tiers. How do I gain access to the IP Gateway? To request access, contact your ISCD Chief of Regulatory Compliance by calling the Chemical Security Assessment Tool (CSAT) Help Desk 1-866-323-2957 or email CSAT@dhs.gov. 16

17

For more information, visit: www.dhs.gov/critical-infrastructure Fran Patno Chemical Security Inspector francis.patno@hq.dhs.gov

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback