Chemical Plant Security Assessment: Prioritizing Facilities that Need to Be Protected

Chemical Plant Security Assessment: Prioritizing Facilities that Need to Be Protected

The security professional needs help from a process safety expert to understand and prioritize what needs to be protected on the site.

The chemical industry has been receiving continued media and government attention as having many facilities that could be terrorist targets. Unless exempt by statute or rule, chemical facilities that possess Appendix A Chemicals of Interest (COI) at the identified Screening Threshold Quantity (STQ) for any security issue must submit information for the Department of Homeland Security (DHS) review. Through an analytical review of facility COI, DHS determines a facility’s level of security risk.

About 34,000 facilities have submitted Top Screens for review by DHS, and 7,000 of those facilities were considered a High Level of Security Risk and are regulated as a "Covered Facility." The definition of “chemical facility” is very broad and could even include pool supply companies.

Security and Process Safety Experts
An evaluation of security vulnerability of any facility handling or storing hazardous chemicals requires a joint effort between a security professional and a chemical process safety professional. The security professional understands how to protect an installation -- for example, proper design of security fences and vehicle gates, intrusion detection systems, surveillance systems, site access control systems, security procedures, cyber security procedures, and proper training and qualification of security personnel.

But the security professional needs help from a process safety expert to understand and prioritize what needs to be protected on the site. The role of a process safety expert in a chemical plant security vulnerability analysis is to:

  • Understand the hazards of the materials handled or stored at the site, including acute toxicity, fire hazards, and explosion hazards.
  • Understand the ways that these hazards might be exploited by a terrorist -- for example, by release of a toxic material, fire or explosion, or theft or diversion of material for use in making explosives, bombs, or toxic materials that might be released elsewhere or used to contaminate water or food supplies.
  • Estimate the potential consequences of a loss of containment, fire, or explosion involving hazardous materials at a chemical site. This can include modeling of the consequences of material releases from a possible attack, such as releases of toxic materials or fires and explosions.
  • Based on consequence modeling, understand the potential impact of a terrorist attack on the plant and the surrounding community.
  • Understand how a facility might be attacked or sabotaged to release hazardous materials or cause fires or explosions.
  • Understand the effectiveness of process safety design features -- such as isolation valves, automatic shutdown systems, and emergency response equipment and procedures -- in mitigating the impacts of a release or process upset caused by a terrorist attack or equipment sabotage.
  • Help the security professional understand which specific facilities in the plant represent the most attractive potential terrorist targets, so that plant security resources can be directed to the areas presenting the greatest hazard.
  • Help to identify potential inherently safer design opportunities that could reduce the potential consequences of a terrorist attack and help to comply with local regulatory requirements for consideration of inherently safer technology, where these regulations exist.

Professional Societies and Industry Trade Groups
Professional societies and industry trade groups have responded to this concern by developing methodologies for security vulnerability assessment (SVA) for chemical handling facilities. The Center for Chemical Process Safety of the American Institute of Chemical Engineers developed and published a methodology for Security Vulnerability Analysis in 2003 ("Guidelines for Analyzing and Managing the Security Vulnerabilities of Fixed Chemical Sites"). The American Chemistry Council (ACC) incorporated requirements for plant security into its Responsible Care® program, and the Society of Chemical Manufacturers and Affiliates, Inc. (SOCMA) also includes security as an element of its ChemStewards® program.

Federal Regulatory Response
There also have been federal regulatory responses, including:

  • Coast Guard: The United States Coast Guard requires a security assessment and plan for about 300 chemical facilities in port areas over which it has jurisdiction, as described in 33 CFR Part 105.
  • Homeland Security Appropriations Act of 2007: This act of Congress mandated that the secretary of the Department of Homeland Security establish risk-based performance standards for the security of high-risk chemical facilities within six months of the enactment of the act. Also mandated were the development of vulnerability assessments and the development and implementation of site security plans for high-risk chemical facilities. The Chemical Facility Anti-Terrorism Standards (CFATS) interim final rule (6 CFR Part 27) was created to fulfill the requirements of this act.
  • Interim Final Rule, Chemical Facility Anti-Terrorism Standards (CFATS), published April 9, 2007: After gathering and incorporating comments from individuals, trade associations, companies, and numerous other entities, the CFATS was published as an interim final rule. An essential part of this rule was a proposed Appendix A, or the list of Chemicals of Interest (COI) and the quantities of each COI that would require a chemical facility to complete and submit a Top Screen consequence assessment to DHS through the secure online Chemical Security Assessment Tool (CSAT).
  • Appendix A to CFATS, published Nov. 20, 2007: This list consists of approximately 300 Chemicals of Interest and their individual Screening Threshold Quantities. Any facility that possesses an Appendix A COI in a quantity at or above the listed STQ for any period of time is covered by the standard and must submit a Top Screen within 60 calendar days.
  • Clarification to Chemical Facility Anti-Terrorism Standards, propane, published March 21, 2008: This notice clarifies how certain provisions of the CFATS apply to the COI propane, which is understood by DHS to contain at least 87.5 percent of the chemical propane. Specifically, this notice clarifies the STQ and counting rules that apply to the COI propane.
  • Federal Register CSAT Registration Reminder, published April 25, 2007: DHS recommends that chemical facilities register to access the CSAT system. This is a voluntary registration process for facilities that think they may be covered by the Chemical Facility Anti-Terrorism Standards located in 6 CFR Part 27 and that would like to initiate the process to determine whether or not they are covered.
  • Risk-Based Performance Standards Guidance, published May 15, 2009: This guidance provides DHS' interpretations of the level of performance facilities in each of the risk-based tiers created by CFATS should strive to achieve under each Risk-Based Performance Standard (RBPS). It also seeks to help facilities comply with CFATS by describing in greater detail the 18 RBPSs enumerated in CFATS and by providing examples of various security measures and practices that could be selected to achieve the desired level of performance for each RBPS at each tier.
  • DHS request for comment on CFATS regulatory provisions for aboveground gasoline storage tanks, published Jan. 12, 2010: DHS invited public comment on issues related to certain regulatory provisions in the CFATS that apply to facilities storing gasoline in aboveground storage tanks. Written comments were to be submitted by March 15, 2010.

State Actions
Some states are considering taking action on their own. For example, on Nov. 29, 2005, New Jersey adopted mandatory security requirements for 140 chemical facilities in the state, including a requirement for security vulnerability analysis. For 43 of those 140 facilities -- those covered by the New Jersey Toxic Catastrophe Prevention Act -- the vulnerability analysis also must include a review of the potential benefits of adopting inherently safer technology.

Featured

  • Making the Grade with Locks and Door Hardware

    Managing and maintaining locks and door hardware across a school district or university campus is a big responsibility. A building’s security needs to change over time as occupancy and use demands evolve, which can make it even more challenging. Knowing the basics of common door hardware, including locks, panic devices and door closers, can make a difference in daily operations and emergency situations. Read Now

  • Choosing the Right Solution

    Today, there is a strong shift from on-prem installations to cloud or hybrid-cloud deployments. As reported in the 2024 Genetec State of Physical Security report, 66% of end users said they will move to managing or storing more physical security in the cloud over the next two years. Read Now

  • New Report Reveals Top Security Risks for U.S. Retail Chains

    Interface Systems, a provider of security, actionable insights, and purpose-built networks for multi-location businesses, has released its 2024 State of Remote Video Monitoring in Retail Chains report. The detailed study analyzed over 2 million monitoring requests across 4,156 retail locations in the United States from September 2023 to August 2024. Read Now

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

Featured Cybersecurity

Webinars

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3