Written Statement of. Timothy J. Scott Chief Security Officer The Dow Chemical Company

Similar documents
SECURITY CODE. Responsible Care. American Chemistry Council. 7 April 2011

The Office of Infrastructure Protection

The Office of Infrastructure Protection

Chemical Facility Anti-Terrorism Standards. T. Ted Cromwell Sr. Director, Security and

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

UNSCR 1540 Compliance From Policy to Implementation

The Office of Infrastructure Protection

The Office of Infrastructure Protection

2008 National Ag Safety School. Richard Gupton Vice President, Legislative Policy & Counsel Agricultural Retailers Association

Chemical Facility Anti-Terrorism Standards

The U.S. Government s Role in Standards and Conformity Assessment

Statement for the Record. Rand Beers Under Secretary National Protection and Programs Directorate Department of Homeland Security

The Office of Infrastructure Protection

The Office of Infrastructure Protection

Statement for the Record

Cybersecurity Overview

Overview of Customs-Trade Partnership Against Terrorism (C-TPAT)

Chemical Facility Anti- Terrorism Standards

Critical Infrastructure

PIPELINE SECURITY An Overview of TSA Programs

Securing Industrial Control Systems

TSA/FTA Security and Emergency Management Action Items for Transit Agencies

Actions to Improve Chemical Facility Safety and Security A Shared Commitment Report of the Federal Working Group on Executive Order 13650

Erik Puskar Standards Coordination Office 30 May, 2013 World Trade Center Moscow

MYTH vs. REALITY The Revised Cybersecurity Act of 2012, S. 3414

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Cyber Security and Cyber Fraud

The J100 RAMCAP Method

Alternative Fuel Vehicles in State Energy Assurance Planning

New Guidance on Privacy Controls for the Federal Government

PD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection

DHS Cybersecurity: Services for State and Local Officials. February 2017

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

EXECUTIVE ORDER Chemical Facility Safety and Security: Providing ProtecFon Reduces Risk

PREPARED STATEMENT OF ERNEST R. FRAZIER, SR., ESQ. AMTRAK, CHIEF OF POLICE AND SECURITY DEPARTMENT

The NIST Cybersecurity Framework

U.S. Chemical Sector Cyber Security Strategy Edition. Chemical Sector Cyber Security Program

AMERICAN CHAMBER OF COMMERCE IN THAILAND DIGITAL ECONOMY POSITION PAPER

The President s Spectrum Policy Initiative

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

Continuous protection to reduce risk and maintain production availability

American Association of Port Authorities. Navigating the Cyber Domain. Homeland Security UNCLASSIFIED

GAO. HOMELAND SECURITY OMB s Temporary Cessation of Information Technology Funding for New Investments

Critical Infrastructure Resilience

White Paper. View cyber and mission-critical data in one dashboard

Navigation and Vessel Inspection Circular (NVIC) 05-17; Guidelines for Addressing

Department of Homeland Security Updates

Cyber Security Panel Discussion Gary Hayes, SVP & CIO Technology Operations. Arkansas Joint Committee on Energy March 16, 2016

DHS Overview of Sustainability and Environmental Programs. Dr. Teresa R. Pohlman Executive Director, Sustainability and Environmental Programs

how to manage risks in those rare cases where existing mitigation mechanisms are insufficient or impractical.

Department of Homeland Security

CRITICAL INFRASTRUCTURE AND KEY RESOURCES

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

Safety Systems are the New Target Design Security Using Safety Methods

FACTS FIGURES TÜV SÜD AG

Senate Committee on Homeland Security and Governmental Affairs Full Committee Hearing

Canadian Chemical Engineering Conference Edmonton, Alberta October 30, 2007

The Office of Infrastructure Protection

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

Corporate Security & Emergency Management Summary of Submitted 2015 Budget From Rates

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

An Overview of DHS s Role and Missions. James McCament Chief of Legislative Affairs, USCIS

Good morning, Chairman Harman, Ranking Member Reichert, and Members of

Implementation of Chemical Facility Anti-Terrorism Standards (CFATS): Issues for Congress

Security and Emergency Response Issues for the Refining and Petrochemical Industry

DISTRICT OF COLUMBIA WATER AND SEWER AUTHORITY ATTACHMENT A A-1: BACKGROUND AND CONTRACTOR QUALIFICATIONS A-2: SCOPE OF WORK

Homeland Security Institute. Annual Report. pursuant to. Homeland Security Act of 2002

Department of Homeland Security Customs and Border Protection. Centers of Excellence and Expertise

The NIS Directive and Cybersecurity in

Position Title: IT Security Specialist

DEPARTMENT OF THE AIR FORCE PRESENTATION TO THE SUBCOMMITTEE ON STRATEGIC FORCES U.S. HOUSE OF REPRESENTATIVES

SMART. Investing in urban innovation

Scope Cyber Attack Task Force (CATF)

G7 Bar Associations and Councils

RELIABILITY OF THE BULK POWER SYSTEM

Updates to the NIST Cybersecurity Framework

SAFETY Act AAPA Port Security Seminar July 19, 2012 Miami, FL. Washington, D.C

Airmen & community support missions. Two decades of taking risk in infrastructure created a fiscally unsustainable posture.

National Policy and Guiding Principles

Security and Privacy Governance Program Guidelines

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

NW NATURAL CYBER SECURITY 2016.JUNE.16

COUNTERING IMPROVISED EXPLOSIVE DEVICES

Business Continuity Management Standards A Side-by-Side Comparison

CYBER SOLUTIONS & THREAT INTELLIGENCE

Use of Standards and Conformity Assessment in U.S. Regulation: Perspective of the Private Sector

Grid Security & NERC

Oracle Buys Automated Applications Controls Leader LogicalApps

USA HEAD OFFICE 1818 N Street, NW Suite 200 Washington, DC 20036

HPH SCC CYBERSECURITY WORKING GROUP

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

All-Hazards Approach to Water Sector Security & Preparedness ANSI-HSSP Arlington, VA November 9, 2011

CA Security Management

OEMC 2016 Budget Statement of Executive Director Gary W. Schenkel to the Committee on Budget and Operations September 30, 2015

Department of Homeland Security Customs and Border Protection. Centers of Excellence and Expertise

ASSEMBLY, No STATE OF NEW JERSEY. 217th LEGISLATURE INTRODUCED FEBRUARY 4, 2016

How AlienVault ICS SIEM Supports Compliance with CFATS

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Transcription:

Written Statement of Timothy J. Scott Chief Security Officer The Dow Chemical Company Representing The Dow Chemical Company and the American Chemistry Council To the United States Senate Committee on Homeland Security and Governmental Affairs Regarding a Legislative Hearing on Charting a Path Forward for the Chemical Facilities Anti-Terrorism Standards Program May 14, 2014

Introduction Chairman Carper, Ranking Member Coburn, and members of the Committee, my name is Tim Scott, and I m the Chief Security Officer of The Dow Chemical Company. I m speaking today on behalf of Dow and the American Chemistry Council (ACC), the nation s premier chemical industry trade association. The chemical industry is an extremely diverse sector of the global economy that provides a broad range of products and services that improve the quality of life around the world. Some of the essential products we make include chemicals that provide clean drinking water, medicines and medical products, fertilizers for the farming industry, key components and chemicals for use in the high-tech manufacturing, lightweight composite materials for use in transportation, and critical items designed for top-secret military applications. The chemical industry is a multibillion dollar enterprise that provides high-paying jobs and is growing. Chemical manufacturing is returning to the United States due to a boom in domestic natural gas production, increasing the number of well-paying jobs for American families and making the U.S. a global competitor once again. An essential element for our success in the business of chemistry is to ensure the security of our products and information and the safety of our people and the communities where we operate. For members of ACC, the Responsible Care program provides the framework and foundation for managing security risks across an organization by providing an integrated approach that encompasses all aspects of the chemical supply chain: (1) Physical Plant Security, (2) Cyber and IT Security, and (3) Transportation and Value Chain Security. When treated as a system, an organization can implement a comprehensive approach to manage security risks by looking at vulnerabilities across the organization in a holistic way and by developing sound solutions that minimize the risks while maximizing the value of the business operation and protecting the critical assets of the company. Within months of the terrorist attacks of 9/11, ACC created a stringent, mandatory security program called the Responsible Care Security Code. To date, ACC member companies have invested nearly $13 billion to further enhance site, transportation, and cybersecurity at their facilities under the Security Code, which has become a gold standard for the industry and serves as a model for regulatory programs. Core elements of the Security Code include the following: Facility Security: Conduct comprehensive site security vulnerability assessments using recognized methods, such those developed by Sandia National Laboratories, the Center for Chemical Process Safety, or other equivalent methods. Implement and continuously improve site security measures within a well-defined timeline. Document security management programs, processes, and procedures. Cybersecurity:

Recognize that protecting information and information systems is a critical component of a sound security management system. Assess cybersecurity vulnerabilities and implement enhancements. Incorporate cybersecurity into training, drills, guidance, and all aspects of a Plan- Do-Check-Act security system. Take steps to protect against intrusion into facility systems and the diversion of products. Transportation and Value Chain Security: Conduct vulnerability assessments throughout the supply chain and implement security measures, including screening of transportation providers. Work with commercial partners to assess transport routing and monitor shipments. Secure access to transportation/distribution facilities. Federal Security Programs and CFATS In addition to enhancing security through strong industry initiatives such as Responsible Care, ACC and its members support an array of federal programs currently in place that give multiple agencies the authority to take a smart approach to regulating chemical security, while minimizing the burden on its operations. Some of the key agencies and programs include the following: The U.S. Department of Homeland Security s (DHS) Chemical Facility Anti-Terrorism Standards (CFATS) The U.S. Coast Guard s Maritime Transportation Security Regulations The Transportation Security Administration s (TSA) Rail Transportation Security Rule (49 CFR 1580) The U.S. Department of Transportation s (DOT) Hazardous Materials Transportation Security Plan The U.S Customs and Border Protection s (CBP) Customs-Trade Partnership Against Terrorism Under these programs, the regulated community must submit security plans for review and approval and must be subject to rigorous site inspections. Several agencies have the authority to fine or shut down a facility if it fails to be in compliance. ACC is committed to working with regulators to make these programs more effective and efficient through improved implementation and better use of private and public sector resources. In 2006, ACC helped lead the charge in Congress to pass legislation to give DHS the authority to create CFATS. This stringent DHS program regulates security for a wide variety of chemical facilities that make, store, or use chemicals, including chemical manufacturers, farmers, hospitals, and universities. CFATS allows facilities to tailor their security plans to meet their unique needs while providing DHS with clear authority to fine or shutdown facilities that do not meet the program s comprehensive security standards.

When DHS was given the authority to regulate chemical industry security, ACC and our members were an active and enthusiastic partner in the development of the Risk-Based Performance Standards model that is in place today. ACC s Responsible Care Security Code is aligned with that model in many areas and is a mandatory requirement for ACC membership. The establishment of DHS, CFATS, and the Responsible Care Security Code is a successful example of what defines a partnership everyone working together toward a common goal to defeat a common foe. Despite some challenges along the way, we believe that CFATS has turned the corner and is moving in the right direction. The quality of inspections has vastly improved. The pace of implementation has picked up significantly, and the partnership is working once again. Progress is being made, and the result is that the security of the chemical industry is stronger today, more than ever before. I would like to point out what Dow Chemical alone has done in terms of capital investments and security upgrades in an effort to lead the industry in compliance with the CFATS program. Dow has spent approximately $250 million on security systems to ensure our facilities are as safe and secure as they can reasonably be, and we have completed vulnerability assessments, audits, and security upgrades as needed at our facilities worldwide not just those regulated under CFATS in the U.S. We did this in part because we have a duty to our shareholders, employees, and communities, but also because we find the CFATS program a good model in harmony with the Responsible Care Security Code to secure our facilities. It s my understanding that Dow is the only chemical company to achieve SAFETY Act designation from DHS for both our site security and our distribution system security processes. There have been many positive developments for CFATS over the last few months with the most significant being the progress toward multi-year authorization. A multi-year authorization puts DHS and CFATS closer in line to the industry s capital planning process and allows some certainty for industry to take action. A multi-year authorization also brings stability to DHS in planning and implementing CFATS and also in staffing to be sure the necessary expertise is in place and will remain in place to accomplish the mission. Maintaining the original premise of a Risk-Based Performance Standards model approach, which permits individual sites the flexibility to determine the local solution that will meet the standards, also spurs progress. No two sites are the same, but all must meet the same goal. This flexibility allows each unique site the flexibility to take individual ownership and identify the solution that meets the performance standard in the best manner possible for that site. Conclusion While progress has been made, we are not done. Industry is not done, DHS is not done, and Congress is not done. We need to fine tune the Personnel Surety Program so that it adds value to all concerned. We need to ensure that risk is being determined in a fair and consistent manner. We need to ensure transparency about the people at sites who have access to sensitive areas and

about the risk they are working so hard to mitigate. And we need to leverage the plethora of industry security programs that are in place today, such as ACC s Responsible Care program. Put together, all of these goals will establish a sound regulatory framework that will ensure the security of our nation s chemical infrastructure for decades to come. Communication has improved between DHS and regulated sites, but there are still some barriers there. DHS field inspectors need to be viewed as an equal partner working together to defeat terrorism. We need to give the inspectors the training and resources they need so they can ensure compliance. They must understand the regulations, understand how the industry works, and understand the sites in their area of responsibility and visit those sites on a regular basis. And industry needs to challenge our peers; we need to self-regulate both upstream and downstream along the supply chain and especially those in our own back yard. CFATS is making the chemical industry more secure, today. DHS is maturing and finding its way in reaching its goals. Industry is doing its share by partnering with the government at the federal and local levels. A multi-year reauthorization and a commitment to continue the partnership in a risk-based approach is essential. Just as important, we need to bring all the players to the table we re not there yet on either the public or private sector sides. We re encouraged by the progress that is being made, but we need your help in maintaining the forward momentum.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback