Chemical Facility Anti-Terrorism Standards. T. Ted Cromwell Sr. Director, Security and

Similar documents
How AlienVault ICS SIEM Supports Compliance with CFATS

Chemical Facility Anti- Terrorism Standards

Canadian Chemical Engineering Conference Edmonton, Alberta October 30, 2007

The Office of Infrastructure Protection

Chemical Facility Anti-Terrorism Standards

Understanding CFATS: What It Means to Your Business Chemical Facility Anti-Terrorism Standards John C. Fannin III, CPP, LEED AP

The Office of Infrastructure Protection

2008 National Ag Safety School. Richard Gupton Vice President, Legislative Policy & Counsel Agricultural Retailers Association

SECURITY CODE. Responsible Care. American Chemistry Council. 7 April 2011

The Office of Infrastructure Protection

The Office of Infrastructure Protection

Written Statement of. Timothy J. Scott Chief Security Officer The Dow Chemical Company

TSA/FTA Security and Emergency Management Action Items for Transit Agencies

Security Guideline for the Electricity Sub-sector: Physical Security Response

DHS Guidance for the Expedited Approval Program

RECENT DEVELOPMENT. Scott Goodman

SAND No C Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department

Compliance with ISPS and The Maritime Transportation Security Act of 2002

Securing the Chemical Sector:

Management. Port Security. Second Edition KENNETH CHRISTOPHER. CRC Press. Taylor & Francis Group. Taylor & Francis Group,

Pipeline Security Guidelines. April Transportation Security Administration

Select Agents and Toxins Security Plan Template

The Office of Infrastructure Protection

TWIC or TWEAK The Transportation Worker Identification Credential:

Statement for the Record. Rand Beers Under Secretary National Protection and Programs Directorate Department of Homeland Security

INHERENT SECURITY: PROTECTING PROCESS PLANTS AGAINST THREATS

The Corporate Security Review (CSR) Program September 11, 2008

Port Facility Cyber Security

uanacia 1+1 MARINE SECURITY OPERATIONS BULLETIN No:

Airport Security & Safety Thales, Your Trusted Hub Partner

Page 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES

Port Facility Cyber Security

The Office of Infrastructure Protection

Presented by Joe Burns Kentucky Rural Water Association July 19, 2005

AVIATION. The leading provider of integrated security solutions in the field of aviation fjcsecurity.com/fjcaviation

The Office of Infrastructure Protection

STORAGE OF SSAN. Security Risk Assessment and SECURITY PLAN. (insert name of company) SUBMITTED TO REGULATORY AUTHORITY: (insert date)

ACI-NA 2018 Risk Management Conference SAFETY Act. Washington, D.C

IC32E - Pre-Instructional Survey

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

PREPARED STATEMENT OF ERNEST R. FRAZIER, SR., ESQ. AMTRAK, CHIEF OF POLICE AND SECURITY DEPARTMENT

Live Webinar: Best Practices in Substation Security November 17, 2014

Data Centre Security. Presented by: M. Javed Wadood Managing Director (MEA)

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

SAFETY Act AAPA Port Security Seminar July 19, 2012 Miami, FL. Washington, D.C

COUNTERING IMPROVISED EXPLOSIVE DEVICES

Critical Energy Infrastructure Protection. LLNL CEIP Approach

IS-906: Workplace Security Awareness. Visual 1 IS-906: Workplace Security Awareness

RÉPUBLIQUE D HAÏTI Liberté Egalité - Fraternité

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

Physical Security. Introduction. Brian LeBlanc

Responsibilities of the Contracting Government

Securing Data Centers: The Human Element

NW NATURAL CYBER SECURITY 2016.JUNE.16

Security Management at Capital Power. Ross Johnson, CPP Senior Manager Security & Contingency Planning

Electric Facility Threats and Violence

Process Security Management: Protecting Plants Against Threats of Terrorism and Criminal Acts

Continuous Monitoring

MEASURES TO ENHANCE MARITIME SECURITY. Cyber risk management in Safety Management Systems. Submitted by United States, ICS and BIMCO SUMMARY

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Information Security Policy

Science & Technology Directorate: R&D Overview

Laguna Honda Hospital and Rehabilitation Center. Security Management Plan

1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010

Department of Homeland Security

Office of Infrastructure Protection Overview

Standard CIP 004 3a Cyber Security Personnel and Training

Security Note. BlackBerry Corporate Infrastructure

Published Privacy Impact Assessments on the Web. ACTION: Notice of Publication of Privacy Impact Assessments (PIA).

6 CONCLUSION AND RECOMMENDATION

EXECUTIVE ORDER Chemical Facility Safety and Security: Providing ProtecFon Reduces Risk

DATA SECURITY THE PROTECTION OF YOUR INFORMATION IS OUR PRIME DIRECTIVE

Cincinnati/Northern Kentucky International Airport. Partnership for Nuclear Security Insider Threat Summit September, 2015

The Office of Infrastructure Protection

Identity Theft Prevention Policy

IAEA Division of Nuclear Security

CIP Cyber Security Personnel & Training

Education Network Security

The Office of Infrastructure Protection

Critical Cyber Asset Identification Security Management Controls

The Ohio State University. Chemical Facility Anti-Terrorism Standards (CFATS) Program

Situational Crime Prevention in Anti-Terrorism Efforts

Port Facility Cyber Security

Cybersecurity and Data Protection Developments

Ohio Supercomputer Center

Security Management Seminar

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

Keys to a more secure data environment

June 17, The NPRM does not satisfy Congressional intent

Implementation of Chemical Facility Anti-Terrorism Standards (CFATS): Issues for Congress

Security Guideline for the Electricity Sector: Physical Security

Implementation of Chemical Facility Anti-Terrorism Standards (CFATS): Issues for Congress

Oracle Data Cloud ( ODC ) Inbound Security Policies

HIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED

Mitigation Controls on. 13-Dec-16 1

SECURITY & PRIVACY DOCUMENTATION

PT-BSC. PT-BSC version 0.3. Primechain Technologies Blockchain Security Controls. Version 0.4 dated 21 st October, 2017

Security Guidelines for the Electricity Sector

PIPELINE SECURITY An Overview of TSA Programs

Implementation of Chemical Facility Anti-Terrorism Standards (CFATS): Issues for Congress

Transcription:

Chemical Facility Anti-Terrorism Standards T. Ted Cromwell Sr. Director, Security and NJ ELG Operations Meeting

Today s Presentation ACC Action Major Rule Components Select Risk-Based Performance Standards Restrict Perimeter and Screen Access Secure Site Assets Recordkeeping/Reporting Training/Drills Personnel Surety 2

Action to Date ACC members have invested over $6 billion since 9/11 to enhance security through the Responsible Care Security Code (RCSC) which is mandatory for all of our members We represent over 90% of the U.S. chemical manufacturing capacity at approximately 2040 facilities nationwide Over 60% of ACC members are small business and yet regardless of facility size and chemicals used or produced, all ACC members have implemented the Security Code 3

Chemical Facility Anti-Terrorism Standards DHS Rule Components Appendix A list of chemicals and thresholds used by DHS to conduct a rough screen and prioritize sites Over 40,000 sites evaluated some still trickling in Assess for theft/diversion, sabotage, offsite consequence and economic criticality Over 7,000 sites were preliminarily deemed high risk. They must complete a vulnerability assessment Chemical Security Assessment Tool (CSAT) for tiers 1 3 and other approved methods (RCSC) for tier 4. 4

Chemical Facility Anti-Terrorism Standards 18 Risk-Based Performance Standards (RBPS) apply in whole or in part based upon vulnerabilities identified sites then select the appropriate combination of metrics based upon case-by-case analysis Site Security Plans (SSP) DHS reviews and approves SSPs which will codify the performance metrics and CSAT results once approved the site must implement the measures Enforcement includes $25,000 fines and potential facility shutdown for non-compliance Rule sunsets on October 1, 2009 5

Chemical Facility Anti-Terrorism Standards DHS rule components for high risk sites Restrict Area Perimeter Secure Site Assets Screen and Control Access Detect, Deter and Delay Shipping, Receipt and Storage Theft and Diversion Sabotage Cyber Security Response Monitoring Training Personnel Surety Elevated Threats Specific Threats Reporting Incidents Significant event response Designating Officials Recordkeeping 6

RBPS 1 Restrict Area Perimeter RBPS 2 Secure Site Assets #1 Secure and monitor the perimeter of the facility #2 Secure and monitor restricted areas or potentially critical targets within the facility Similar goals to minimize the likelihood of a successful and/or undetected penetration of the facility s perimeter and critical assets On foot or in vehicle By force, stealth, or deception Two fundamental aspects: Secure - Physically limiting accessibility to the facility/asset Monitor - Maintaining domain awareness of the perimeter/asset, including the areas immediately beyond the perimeter (the buffer zone ) 7

RBPS 1 & 2 Measures Four major categories include: Human Barriers fences, gates, guards, patrols Vehicle Barriers bollards, ditches, jersey walls Standoff distance buffer zones around the facility or key asset green areas, distance to receptor Monitoring/Surveillance video, IDS, lighting Layered security which combines these features will most often be needed to meet the requirements 8

Restricting Access? 9

RBPS 3 - Screen and Control Access Control access to the facility and to restricted areas within the facility by screening and/or inspecting individuals and vehicles as they enter: Measures to deter the unauthorized introduction of dangerous substances and devices that may facilitate an attack, or actions having serious negative consequences Measures implementing a regularly updated identification system that checks the ID of facility personnel, contractors and others seeking access 10

Five major categories include: RBPS 3 Measures Personnel ID photo ID checks, employee and contractor badges, biometrics Hand carried items inspections visual, ex-ray metal detectors Control point measures traffic calming, vehicle barriers, restrict access points, gates turnstiles, access control systems Vehicle ID and inspection visual, explosive detection, cargo inspection systems Parking security limit parking within secure areas, parking permits, gates, access 11

RBPS 11 Training Ensure proper security training, exercises and drills of facility personnel Measures to increase employee awareness, identification and response to suspicious behavior, unauthorized access etc. Develop and implement programs on a regular basis Include local first responders Document type, frequency etc. of programs for DHS inspector verification 12

RBPS 12 Personnel Surety Perform appropriate background checks on and ensure apporpriate credentials for facility personnel, and as appropriate, for unescorted visitors with access to restricted areas or critical assets: Verify and validate identity Check criminal history Verify and validate legal authorization to work Identify those with terrorist ties Submit certain information for DHS/FBI to complete analysis Contractors and anyone else gaining access to restricted areas will need to meet these requirements 13

RBPS 12 Personnel Surety Who Needs an Appropriate Background Check? All individuals who have unescorted access to critical or restricted areas or assets Current employees YES New employees YES Contractors YES Transport drivers YES Visitors -YES 14

RBPS 18 Recordkeeping CFATS has specific requirements for records at 6 CFR 27.255 Facilities must maintain 3 years of records for: Training, drills and exercises Security threats, incidents and breaches Maintenance, calibration and testing of security equipment Letters of DHS authorization and approval Documentation of audit and inspection results Six years of records are required for: Submitted top-screens, SVAs and SSPs All related correspondence with DHS Stored appropriately and available to DHS on request 15

Outlook Congressional activity will be significant in 2009 Implementation of the CFATS rule (including capital outlays) continues to ramp up through 2009 and 2010 Expectations for DHS to expand voluntary initiatives targeting facilities not subject to the rule are moving parallel to CFATS DHS working to close potential security gaps with TSA, Coast Guard and others throughout the chemical supply chain 16

Thank You! T. Ted Cromwell ted_cromwell@americanchemistry.com 703-741-5246 www.americanchemistry.com http://www.americanchemistry.com/s_rctoolkit/index.asp 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback