Cyber war games, US-visit evaluated, and chemical plant security concerns.
Traveling up a river after a day deep-sea photographing in the Gulf of Mexico, Neal Langerman, principal scientist with Advanced Chemical Safety and an officer of the division of chemical health and safety of the American Chemical Society, snapped a photo of a very large chemical plant. It occurred to Langerman that if he were a terrorist, armed with a shoulder-fired rocket-propelled grenade and not a camera, he could cause significant damage while floating safely off shore.
“An attack on a chemical facility, while it won’t have the morbidity and mortality that other kinds of incidents will have, it will really terrify people. That’s what it’s all about,” says Langerman. The impact from such an attack, he says, would probably be very localized, but it would instill great fear in the public.
As one of the 17 industries identified as critical infrastructure, the chemical industry’s assets are viewed as terrorist targets. But unlike nuclear and drinking water facilities, the chemical industry is generally not subject to any federal security requirements.
A Government Accountability Office report that evaluated a draft of the Department of Homeland Security’s (DHS’s) Chemical Sector-Specific Plan notes that “DHS has relied primarily on the voluntary participation of the private sector to address facility security. As a result, DHS cannot ensure that all high-risk facilities are assessing their vulnerability to terrorist attacks and taking corrective actions, where necessary.”
Self-regulation isn’t necessarily bad, says Daniel J. Ostergaard, former executive director of the Homeland Security Advisory Council and a partner at Phoenix Strategies, a consulting and development firm in Washington, D.C. “No one knows better than the industry how best to protect itself,” he says.
And, indeed, industry groups have proactively pushed for better security among their own members. As the GAO points out, three leading chemical associations—the American Chemistry Council, the National Association of Chemical Distributors, and the Synthetic Organic Chemical Manufacturers Association—require vulnerability assessments, risk mitigation plans, and third-party verification of security enhancements as a qualification of membership. Nonetheless, GAO auditors maintain that “additional legislation is needed to give DHS the authority to require security improvements at these facilities.”
To that end, Senator Susan M. Collins (R-ME), who chairs the Senate Homeland Security Committee, has introduced a bill, the Chemical Facility Anti-Terrorism Act of 2005, that seeks to impose better security regulation on the industry. The legislation sets criteria for designating chemical sources and facilities and directs DHS Secretary Michael Chertoff to set up a tiered risk-based system that “enables a chemical source to develop appropriate site-specific measures to meet the security performance standards established for the applicable tier.”
According to a representative from Collins’s office, the bill is a priority for the senator, but as this issue went to press, the bill had not come before the Senate for a vote.
Another bill, introduced by Rep. Christopher Shays (R-CT) in the House, seeks to require that chemical facilities establish risk-based security systems along with site-specific protective measures as appropriate. Under the bill, DHS would issue regulations requiring that chemical facility owners or operators conduct vulnerability assessments and develop site-specific-security and emergency response plans.
This legislative approach is also advocated by Chertoff, who spoke recently at the National Chemical Security Forum, telling industry attendees, “I think that we are finally at the point now that we need to have appropriate regulatory authority to allow DHS to assure that the entire chemical sector comes up to the standard that we must insist upon in order to make sure this country is safe.”
Rules would be risk-based, not one-size-fits-all. And compliance could be verified by third-party entities, Chertoff said. In addition, he said that he does not want DHS to “micromanage the chemical industry by attempting to dictate very specific ways in which security has to be achieved.”
While he is heartened by assurances that DHS won’t micromanage the industry, Jim Kapin, senior staff scientist for Advanced Chemical Safety, says that until a bill is passed and regulations are imposed, it’s difficult to assess how much autonomy the industry will have. The real problem, he argues, is not in the bill itself, but in its implementation. The proposals are not all that different from current industry best practices, he says.
Langerman adds that the bills do not address the greatest threat faced by chemical plants, which is not security within the perimeter fence, but rather security outside the fence. That’s a problem for state, federal, and local governments, he says, because the plants themselves do not own that property.
“Without the cooperation of the government around the plant…there’s very little we can do,” he says. “If a local zoning commission insists on putting up a high rise or a townhouse bordering on the plant fence, we can tell them it’s a stupid idea, but we can’t do anything about it.”
In addition, says Langerman, DHS must do a better job communicating with the industry to make them aware of threats facing their facilities. “The chemical industry is really the last to know if there’s an impending threat at our structures,” he says.
“It has to be a two-way street so that the chemical industry can get threat information from the government,” says Ostergaard. “Continued vigilance and increasing that communication flow is necessary.”
At the end of the day, says Langerman, local law enforcement and the federal government must be willing to invest in securing the areas outside the plants so that someone floating down the river can’t get a clear shot.
@ Read the full GAO report and the Chemical Facility Anti-Terrorism Act of 2005.