Chemical Plant Security Assessment: Prioritizing Facilities that Need to Be Protected
The security professional needs help from a process safety expert to understand and prioritize what needs to be protected on the site.
- By Mark F. Smith, Deidre L. Tate
- Jan 18, 2012
The chemical industry has been receiving continued media and government attention as having many facilities that could be terrorist targets. Unless exempt by statute or rule, chemical facilities that possess Appendix A Chemicals of Interest (COI) at the identified Screening Threshold Quantity (STQ) for any security issue must submit information for the Department of Homeland Security (DHS) review. Through an analytical review of facility COI, DHS determines a facility’s level of security risk.
About 34,000 facilities have submitted Top Screens for review by DHS, and 7,000 of those facilities were considered a High Level of Security Risk and are regulated as a "Covered Facility." The definition of “chemical facility” is very broad and could even include pool supply companies.
Security and Process Safety Experts
An evaluation of security vulnerability of any facility handling or storing hazardous chemicals requires a joint effort between a security professional and a chemical process safety professional. The security professional understands how to protect an installation -- for example, proper design of security fences and vehicle gates, intrusion detection systems, surveillance systems, site access control systems, security procedures, cyber security procedures, and proper training and qualification of security personnel.
But the security professional needs help from a process safety expert to understand and prioritize what needs to be protected on the site. The role of a process safety expert in a chemical plant security vulnerability analysis is to:
- Understand the hazards of the materials handled or stored at the site, including acute toxicity, fire hazards, and explosion hazards.
- Understand the ways that these hazards might be exploited by a terrorist -- for example, by release of a toxic material, fire or explosion, or theft or diversion of material for use in making explosives, bombs, or toxic materials that might be released elsewhere or used to contaminate water or food supplies.
- Estimate the potential consequences of a loss of containment, fire, or explosion involving hazardous materials at a chemical site. This can include modeling of the consequences of material releases from a possible attack, such as releases of toxic materials or fires and explosions.
- Based on consequence modeling, understand the potential impact of a terrorist attack on the plant and the surrounding community.
- Understand how a facility might be attacked or sabotaged to release hazardous materials or cause fires or explosions.
- Understand the effectiveness of process safety design features -- such as isolation valves, automatic shutdown systems, and emergency response equipment and procedures -- in mitigating the impacts of a release or process upset caused by a terrorist attack or equipment sabotage.
- Help the security professional understand which specific facilities in the plant represent the most attractive potential terrorist targets, so that plant security resources can be directed to the areas presenting the greatest hazard.
- Help to identify potential inherently safer design opportunities that could reduce the potential consequences of a terrorist attack and help to comply with local regulatory requirements for consideration of inherently safer technology, where these regulations exist.
Professional Societies and Industry Trade Groups
Professional societies and industry trade groups have responded to this concern by developing methodologies for security vulnerability assessment (SVA) for chemical handling facilities. The Center for Chemical Process Safety of the American Institute of Chemical Engineers developed and published a methodology for Security Vulnerability Analysis in 2003 ("Guidelines for Analyzing and Managing the Security Vulnerabilities of Fixed Chemical Sites"). The American Chemistry Council (ACC) incorporated requirements for plant security into its Responsible Care® program, and the Society of Chemical Manufacturers and Affiliates, Inc. (SOCMA) also includes security as an element of its ChemStewards® program.
Federal Regulatory Response
There also have been federal regulatory responses, including:
- Coast Guard: The United States Coast Guard requires a security assessment and plan for about 300 chemical facilities in port areas over which it has jurisdiction, as described in 33 CFR Part 105.
- Homeland Security Appropriations Act of 2007: This act of Congress mandated that the secretary of the Department of Homeland Security establish risk-based performance standards for the security of high-risk chemical facilities within six months of the enactment of the act. Also mandated were the development of vulnerability assessments and the development and implementation of site security plans for high-risk chemical facilities. The Chemical Facility Anti-Terrorism Standards (CFATS) interim final rule (6 CFR Part 27) was created to fulfill the requirements of this act.
- Interim Final Rule, Chemical Facility Anti-Terrorism Standards (CFATS), published April 9, 2007: After gathering and incorporating comments from individuals, trade associations, companies, and numerous other entities, the CFATS was published as an interim final rule. An essential part of this rule was a proposed Appendix A, or the list of Chemicals of Interest (COI) and the quantities of each COI that would require a chemical facility to complete and submit a Top Screen consequence assessment to DHS through the secure online Chemical Security Assessment Tool (CSAT).
- Appendix A to CFATS, published Nov. 20, 2007: This list consists of approximately 300 Chemicals of Interest and their individual Screening Threshold Quantities. Any facility that possesses an Appendix A COI in a quantity at or above the listed STQ for any period of time is covered by the standard and must submit a Top Screen within 60 calendar days.
- Clarification to Chemical Facility Anti-Terrorism Standards, propane, published March 21, 2008: This notice clarifies how certain provisions of the CFATS apply to the COI propane, which is understood by DHS to contain at least 87.5 percent of the chemical propane. Specifically, this notice clarifies the STQ and counting rules that apply to the COI propane.
- Federal Register CSAT Registration Reminder, published April 25, 2007: DHS recommends that chemical facilities register to access the CSAT system. This is a voluntary registration process for facilities that think they may be covered by the Chemical Facility Anti-Terrorism Standards located in 6 CFR Part 27 and that would like to initiate the process to determine whether or not they are covered.
- Risk-Based Performance Standards Guidance, published May 15, 2009: This guidance provides DHS' interpretations of the level of performance facilities in each of the risk-based tiers created by CFATS should strive to achieve under each Risk-Based Performance Standard (RBPS). It also seeks to help facilities comply with CFATS by describing in greater detail the 18 RBPSs enumerated in CFATS and by providing examples of various security measures and practices that could be selected to achieve the desired level of performance for each RBPS at each tier.
- DHS request for comment on CFATS regulatory provisions for aboveground gasoline storage tanks, published Jan. 12, 2010: DHS invited public comment on issues related to certain regulatory provisions in the CFATS that apply to facilities storing gasoline in aboveground storage tanks. Written comments were to be submitted by March 15, 2010.
State Actions
Some states are considering taking action on their own. For example, on Nov. 29, 2005, New Jersey adopted mandatory security requirements for 140 chemical facilities in the state, including a requirement for security vulnerability analysis. For 43 of those 140 facilities -- those covered by the New Jersey Toxic Catastrophe Prevention Act -- the vulnerability analysis also must include a review of the potential benefits of adopting inherently safer technology.