The Office of Infrastructure Protection

Similar documents
The Office of Infrastructure Protection

The Office of Infrastructure Protection

The Office of Infrastructure Protection

Securing the Chemical Sector:

Canadian Chemical Engineering Conference Edmonton, Alberta October 30, 2007

2008 National Ag Safety School. Richard Gupton Vice President, Legislative Policy & Counsel Agricultural Retailers Association

The Office of Infrastructure Protection

Chemical Facility Anti-Terrorism Standards. T. Ted Cromwell Sr. Director, Security and

Chemical Facility Anti-Terrorism Standards

The Office of Infrastructure Protection

Chemical Facility Anti- Terrorism Standards

Implementation of Chemical Facility Anti-Terrorism Standards (CFATS): Issues for Congress

Implementation of Chemical Facility Anti-Terrorism Standards (CFATS): Issues for Congress

Implementation of Chemical Facility Anti-Terrorism Standards (CFATS): Issues for Congress

Statement for the Record. Rand Beers Under Secretary National Protection and Programs Directorate Department of Homeland Security

RECENT DEVELOPMENT. Scott Goodman

Understanding CFATS: What It Means to Your Business Chemical Facility Anti-Terrorism Standards John C. Fannin III, CPP, LEED AP

Written Statement of. Timothy J. Scott Chief Security Officer The Dow Chemical Company

Actions to Improve Chemical Facility Safety and Security A Shared Commitment Report of the Federal Working Group on Executive Order 13650

How AlienVault ICS SIEM Supports Compliance with CFATS

The Office of Infrastructure Protection

The Ohio State University. Chemical Facility Anti-Terrorism Standards (CFATS) Program

SECURITY CODE. Responsible Care. American Chemistry Council. 7 April 2011

A CHECKLIST FOR SUBMITTING YOUR RISK MANAGEMENT PLAN (RMP) FOR CHEMICAL ACCIDENT PREVENTION

EXECUTIVE ORDER Chemical Facility Safety and Security: Providing ProtecFon Reduces Risk

Application and Instructions for Firms

uanacia 1+1 MARINE SECURITY OPERATIONS BULLETIN No:

DHS Guidance for the Expedited Approval Program

TSA/FTA Security and Emergency Management Action Items for Transit Agencies

Medical Devices and Cyber Issues JANUARY 23, American Hospital Association and BDO USA, LLP. All rights reserved.

Technical Vulnerability and Patch Management Policy Document Number: OIL-IS-POL-TVPM

DFARS Cyber Rule Considerations For Contractors In 2018

PIPELINE SECURITY An Overview of TSA Programs

The Office of Infrastructure Protection

New Information Collection Request: The Department of. Homeland Security, Office of Cybersecurity and

Select Agents and Toxins Security Plan Template

Safety Systems are the New Target Design Security Using Safety Methods

10/18/2016. Preparing Your Organization for a HHS OIG Information Security Audit. Models for Risk Assessment

Pipeline Security Guidelines. April Transportation Security Administration

National Policy and Guiding Principles

Defense Information System for Security (DISS) Frequently Asked Questions (FAQs)

Compliance with ISPS and The Maritime Transportation Security Act of 2002

Physical Security Reliability Standard Implementation

Navigation and Vessel Inspection Circular (NVIC) 05-17; Guidelines for Addressing

Effective Leadership, Role of Workers & Labor Organizations

Office of Oil and Gas Management Electronic Filing Administrator Granting User Access Guide

Department of Homeland Security Customs and Border Protection. Centers of Excellence and Expertise

Mark Your Calendars: NY Cybersecurity Regulations to Go into Effect

All-Hazards Approach to Water Sector Security & Preparedness ANSI-HSSP Arlington, VA November 9, 2011

Electric Facility Threats and Violence

DSS in Transition RMS Pilot

Department of Homeland Security Updates

TWIC or TWEAK The Transportation Worker Identification Credential:

California Code of Regulations TITLE 21. PUBLIC WORKS DIVISION 1. DEPARTMENT OF GENERAL SERVICES CHAPTER 1. OFFICE OF THE STATE ARCHITECT

Ask OMAFRA Bees Portal User Guide

Monthly Cyber Threat Briefing

Why C-TPAT? An Overview

Chapter 1. Chapter 2. Chapter 3

Notification of Issuance of Binding Operational Directive and Establishment of. AGENCY: National Protection and Programs Directorate, DHS.

CYBER SECURITY BRIEF. Presented By: Curt Parkinson DCMA

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

OIT Services and Responsibilities

IMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION

Texas A&M University Controlled Substances Guidelines Training Module. September 2017

The J100 RAMCAP Method

Use of Controlled Substances in Research

SECURITY & PRIVACY DOCUMENTATION

Information Collection Request: The Department of Homeland. Security, Stakeholder Engagement and Cyber Infrastructure

Outline. Why protect CUI? Current Practices. Information Security Reform. Implementation. Understanding the CUI Program. Impacts to National Security

Why you should adopt the NIST Cybersecurity Framework

The President s National Security Telecommunications. AGENCY: National Protection and Programs Directorate,

The Corporate Security Review (CSR) Program September 11, 2008

CAM: Certifying the Future of Business Aviation

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

Medicare Enrollment Application Submission Options

S&T Stakeholders Conference

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

Cell and PDAs Policy

Web Hosting: Mason Home Page Server (Jiju) Service Level Agreement 2012

Cyber Security Incident Report

NY DFS Cybersecurity Regulations August 8, 2017

OPT workshops are MANDATORY for all students applying for Post-Completion OPT. Students must attend either an in-person workshop, or complete an

STANDARD OPERATING PROCEDURE Critical Infrastructure Credentialing/Access Program Hurricane Season

PCI COMPLIANCE IS NO LONGER OPTIONAL

NYDFS Cybersecurity Regulations

SECTION.0900 LEAD-BASED PAINT HAZARD MANAGEMENT PROGRAM FOR RENOVATION, REPAIR AND PAINTING

Situational Crime Prevention in Anti-Terrorism Efforts

CNSC Presentation to the Federal Agency for Nuclear Control

Assured Compliance through Information Security Continuous Monitoring

2014 Meaningful Use Attestation and CMS Audit Preparedness

Performance- Based Approach to the Security of Radioactive Sealed Sources: A Canadian Perspective

DISTRICT OF COLUMBIA WATER AND SEWER AUTHORITY ATTACHMENT A A-1: BACKGROUND AND CONTRACTOR QUALIFICATIONS A-2: SCOPE OF WORK

Executive Order 13556

Cybersecurity and Hospitals: A Board Perspective

COMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards

Data Backup and Contingency Planning Procedure

GUIDE FOR THE PREPARATION OF SANITIZED AND DERIVATIVE WORK PRODUCTS USING CHEMICAL-TERRORISM VULNERABILITY INFORMATION (CVI)

INFORMATION ASSURANCE DIRECTORATE

TOWING VESSEL INSPECTION BUREAU (TVIB)

Cybersecurity Challenges

Transcription:

The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Overview of the Chemical Facility Anti-Terrorism Standards (CFATS) November 2012

Why Chemical Facility Security? The Homeland faces a persistent and evolving threat from terrorist groups and cells. Chemical facilities potentially are attractive targets as: A successful attack on some chemical facilities could potentially cause a significant number of deaths and injuries. Certain chemical facilities possess materials that could be stolen or diverted and used as or converted into weapons for use offsite. In 2006, Congress authorized the Department to regulate security at highrisk chemical facilities. Covered facilities must perform Security Vulnerability Assessments (SVAs) and implement Site Security Plans (SSPs) containing security measures that meet DHS-defined Risk-Based Performance Standards (RBPS). The Department developed the Chemical Facility Anti-Terrorism Standards (CFATS), 6 CFR Part 27, to implement this authority. 2

Who Is Regulated? To determine if a facility is subject to CFATS, DHS looks at the unique circumstances faced by the facility, starting with the quantities of Chemicals of Interest (COI) the facility possesses. Potential regulation is not based on the facility type, meaning that many different types of facilities may be subject to CFATS, including: Chemical manufacturers Warehouse and distributors Chemical repackaging operations Oil and gas operations Hospitals Semi-conductor manufacturers Paint manufacturers Colleges and universities 3

CFATS Process Initiate CFATS Process Complete Top-Screen Complete SVA or ASP Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Facility with Chemicals of Interest (COI) at or above the Screening Threshold Quantity (STQ) recognizes the need to submit a Top- Screen and completes CVI training and CSAT user registration. CFATS Help Desk registers the facility and provides a user ID and password. Facility completes Top-Screen, identifying chemicals and quantities and providing other relevant information. DHS reviews Top- Screen information and determines the facility's Preliminary Tier status or determines that facility is not high-risk. DHS sends facility a Preliminary Tier letter and deadline for completing a Security Vulnerability Assessment (SVA) or an Alternative Security Program (ASP for Tier 4 facilities, if they choose). If DHS has determined that the facility is not high-risk, the facility is sent a letter releasing it from further regulation. Covered (high-risk) facility completes an SVA or ASP to provide more detailed information about COI and vulnerability to attack. SVA/ASP Review Complete SSP or ASP Authorization Inspection & Approval Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 DHS reviews SVA or ASP information provided and determines facility s Final Tier or that facility is not high-risk. DHS notifies the facility of its final status and tiered facilities are provided deadlines for completing an Site Security Plan (SSP) or ASP. Facility completes an SSP or ASP detailing sitespecific security measures to satisfy applicable Risk- Based Performance Standards. DHS reviews SSP or ASP and (a) issues authorization letter for SSP or ASP and schedules an inspection or (b) issues notice to resolve deficiencies. Failure to resolve deficiencies may result in disapproval. DHS conducts authorization inspection, reviews all available information, and either issues a Letter of Approval for the SSP or ASP or issues notice to the facility to resolve deficiencies. Failure to resolve deficiencies may result in disapproval. If SSP or ASP is approved, DHS conducts compliance inspections on a regular and recurring basis to verify continued compliance with the approved SSP or ASP.

Site Security Plan (SSP) Review and Inspections DHS uses a two-step process to determine if an SSP (or ASP) meets all applicable risk-based performance standards (RBPS). An SSP (or ASP) is reviewed by DHS If it appears to meet the applicable RBPS, the facility will receive a Letter of Authorization and an inspection is scheduled. If it does not meet the applicable RBPS, the facility will receive a letter identifying deficiencies that must be resolved prior to authorization or final approval. After a facility receives a Letter of Authorization, DHS will inspect the facility for compliance with CFATS and will either issue a Letter of Approval approving the SSP (or ASP) or issue a notice of deficiencies that must be resolved prior to final approval. Inspections typically take approximately one week and involve two or more inspectors. Facilities should be prepared to show all security elements in the authorized SSP (or ASP) during an inspection. 5

Risk-Based Performance Standards (RBPS) A CFATS-covered facility must submit for DHS approval an SSP or, if the facility chooses, an ASP that contains security measures that meet all applicable RBPS. RBPS are non-prescriptive, and thus provide facilities with substantial flexibility, including the ability to leverage existing measures where appropriate. Compliance with the RBPS will be tailored to fit each facility s circumstances, including tier level, security issues, and physical and operating environments. Consequently, measures appropriate to meet an RBPS for one type of facility will not necessarily be appropriate for anther type of facility (e.g., DHS would not expect a covered university to necessarily employ the same type of measures as a large chemical manufacturer). CFATS currently has 18 RBPS, addressing areas such as perimeter security; shipping, receipt, and storage; cybersecurity; personnel surety; training; and recordkeeping. 6

Key CFATS Tools Chemical Security Assessment Tool (CSAT): CSAT is the backbone of the CFATS program, and currently includes four primary applications: User Registration Top-Screen SVA SSP Chemical-terrorism Vulnerability Information (CVI): CVI is the information protection category used to ensure secure handling of certain sensitive CFATS-related information. Except in emergency or exigent circumstances, only CVI authorized users with a need-to-know are permitted to access the CSAT Top-Screen, SVA, and SSP, certain correspondence, and other types CVI as specified in CFATS. Persons potentially eligible to access CVI include facility employees; Federal employees, contractors, and grantees; and State/local government employees. DHS provides online CVI training and authorization. 7

Program Status: Covered Facilities DHS has received over 41,000 Top-Screens. Of the Top-Screens received and analyzed, DHS issued preliminary tier notification and SVA due dates to over 7,800 facilities. DHS has received over 8,000 SVAs and has reviewed nearly all of them. As of September 04, 2012, CFATS covers 4,433 facilities (3,660 final tiered facilities, 773 preliminarily tiered facilities) across all 50 states. Tier Final Tiered Facilities Facilities Awaiting Final Tier 1 114 7 2 452 51 3 1069 174 4 2025 541 Total 3660 773 All statistics are current as of September 4, 2012 8

Program Status: Other Results Since the inception of CFATS, more than 2,700 chemical facilities have eliminated, reduced, or otherwise made modifications to their holdings of potentially dangerous chemicals and are now no longer considered high-risk. 9

Available Resources Outreach: DHS outreach for CFATS is a continuous effort to educate stakeholders on the program. To request a CFATS presentation or a CAV, individuals may submit a request through the program Web site, located at www.dhs.gov/chemicalsecurity, or by e-mailing DHS at CFATS@dhs.gov. CFATS Help Desk: DHS has developed a CFATS Help Desk that individuals can call or email with questions on the CFATS program. Hours of Operation are 7:00 AM 7:00 PM, Monday through Friday. The CFATS Help Desk toll-free number is 1-866-323-2957. The CFATS Help Desk email address is csat@dhs.gov. CFATS Web site: For CFATS Frequently Asked Questions (FAQs), CVI training, and other useful CFATS-related information, please go to www.dhs.gov/chemicalsecurity. 10

For more information visit: www.dhs.gov/criticalinfrastructure Todd Klessman Infrastructure Security Compliance Division Office of Infrastructure Protection todd.klessman@hq.dhs.gov

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback