A Conversation with Frank Pisciotta

Frank Pisciotta is the president of Business Protection Specialists Inc., a security consulting firm that works in a number of different verticals, including chemical security. We sat down with him to find out the on-the-ground view of CFATS compliance.

Q. Tell me about what your firm does to help facilities become CFATS-compliant.

A. We are a physical and technical security consulting firm, and we’ve been working in the chemical sector for about 21 years. As far as CFATS goes, we work alongside clients of all different sizes and types to help them achieve regulatory compliance, complete their security vulnerability assessment, develop their site security plan, and train facility security officers to comply and designing security programs. We do the front-end engineering and design to enable companies to understand what compliance with the regulations is going to cost them as soon as their plans are approved.

Q. Where in the compliance process are a lot of the facilities you are working with?

A. There are probably somewhere between five and six thousand regulated facilities in the U.S. Most have received their final determination letters, though there are still still a few a hundred that haven’t. The issue really is that DHS is understaffed for the amount of work they have to do to meet up with the regulations. While there are only five to six thousand facilities regulated, they received 38,000 topscreens from organizations with chemicals of interest. So they’ve had to wade through all of that.

The law also provides a provision to request a redetermination of your initial determination, and anyone who can get out of having to comply with this law is going to try as hard as they can to do so. So DHS has had thousands of requests for redetermination. This has slowed DHS down in terms of getting through the SSP reviews.

DHS will also tell you that their data collection tool didn’t serve them the way they thought they did – it wasn’t thorough enough. So now they have to go back to their Tier-One facilities to ask them to more clearly interpret the information that they’ve submitted. It seems that there’s one delay after another here, which means there aren’t very many companies that have SSPs approved and in place. Of the 60 facilities that we’re working with right now, none have received approval yet.

Q. What are some common challenges that facilities you’re working with are facing?

A. Prior to CFATS, you had companies that arguably had adequate security programs for their security design basis. If you looked at all the criminal threats, insider threats, workplace violence threats they faced, companies were fairly well put together to address those types of threats. When the government comes along and says, “You now have to contend with highly motivated adversaries and terrorists,” all of that drops, and you essentially have to start building your security program from the ground up again.

Also, DHS isn’t done figuring out how they’re going to implement all of this stuff. For example, there’s a requirement that people with unlimited access to these chemicals of interest undergo a terrorist background screening. But DHS doesn’t know what system they want people to use to screen these people yet.

Featured

Featured Cybersecurity

Webinars

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3