Chemical Plant Security Assessment: Prioritizing Facilities that Need to Be Protected

Chemical Plant Security Assessment: Prioritizing Facilities that Need to Be Protected

The security professional needs help from a process safety expert to understand and prioritize what needs to be protected on the site.

  • By Mark F. Smith, Deidre L. Tate
  • Jan 18, 2012

The chemical industry has been receiving continued media and government attention as having many facilities that could be terrorist targets. Unless exempt by statute or rule, chemical facilities that possess Appendix A Chemicals of Interest (COI) at the identified Screening Threshold Quantity (STQ) for any security issue must submit information for the Department of Homeland Security (DHS) review. Through an analytical review of facility COI, DHS determines a facility’s level of security risk.

About 34,000 facilities have submitted Top Screens for review by DHS, and 7,000 of those facilities were considered a High Level of Security Risk and are regulated as a "Covered Facility." The definition of “chemical facility” is very broad and could even include pool supply companies.

Security and Process Safety Experts
An evaluation of security vulnerability of any facility handling or storing hazardous chemicals requires a joint effort between a security professional and a chemical process safety professional. The security professional understands how to protect an installation -- for example, proper design of security fences and vehicle gates, intrusion detection systems, surveillance systems, site access control systems, security procedures, cyber security procedures, and proper training and qualification of security personnel.

But the security professional needs help from a process safety expert to understand and prioritize what needs to be protected on the site. The role of a process safety expert in a chemical plant security vulnerability analysis is to:

  • Understand the hazards of the materials handled or stored at the site, including acute toxicity, fire hazards, and explosion hazards.
  • Understand the ways that these hazards might be exploited by a terrorist -- for example, by release of a toxic material, fire or explosion, or theft or diversion of material for use in making explosives, bombs, or toxic materials that might be released elsewhere or used to contaminate water or food supplies.
  • Estimate the potential consequences of a loss of containment, fire, or explosion involving hazardous materials at a chemical site. This can include modeling of the consequences of material releases from a possible attack, such as releases of toxic materials or fires and explosions.
  • Based on consequence modeling, understand the potential impact of a terrorist attack on the plant and the surrounding community.
  • Understand how a facility might be attacked or sabotaged to release hazardous materials or cause fires or explosions.
  • Understand the effectiveness of process safety design features -- such as isolation valves, automatic shutdown systems, and emergency response equipment and procedures -- in mitigating the impacts of a release or process upset caused by a terrorist attack or equipment sabotage.
  • Help the security professional understand which specific facilities in the plant represent the most attractive potential terrorist targets, so that plant security resources can be directed to the areas presenting the greatest hazard.
  • Help to identify potential inherently safer design opportunities that could reduce the potential consequences of a terrorist attack and help to comply with local regulatory requirements for consideration of inherently safer technology, where these regulations exist.

Professional Societies and Industry Trade Groups
Professional societies and industry trade groups have responded to this concern by developing methodologies for security vulnerability assessment (SVA) for chemical handling facilities. The Center for Chemical Process Safety of the American Institute of Chemical Engineers developed and published a methodology for Security Vulnerability Analysis in 2003 ("Guidelines for Analyzing and Managing the Security Vulnerabilities of Fixed Chemical Sites"). The American Chemistry Council (ACC) incorporated requirements for plant security into its Responsible Care® program, and the Society of Chemical Manufacturers and Affiliates, Inc. (SOCMA) also includes security as an element of its ChemStewards® program.

Federal Regulatory Response
There also have been federal regulatory responses, including:

  • Coast Guard: The United States Coast Guard requires a security assessment and plan for about 300 chemical facilities in port areas over which it has jurisdiction, as described in 33 CFR Part 105.
  • Homeland Security Appropriations Act of 2007: This act of Congress mandated that the secretary of the Department of Homeland Security establish risk-based performance standards for the security of high-risk chemical facilities within six months of the enactment of the act. Also mandated were the development of vulnerability assessments and the development and implementation of site security plans for high-risk chemical facilities. The Chemical Facility Anti-Terrorism Standards (CFATS) interim final rule (6 CFR Part 27) was created to fulfill the requirements of this act.
  • Interim Final Rule, Chemical Facility Anti-Terrorism Standards (CFATS), published April 9, 2007: After gathering and incorporating comments from individuals, trade associations, companies, and numerous other entities, the CFATS was published as an interim final rule. An essential part of this rule was a proposed Appendix A, or the list of Chemicals of Interest (COI) and the quantities of each COI that would require a chemical facility to complete and submit a Top Screen consequence assessment to DHS through the secure online Chemical Security Assessment Tool (CSAT).
  • Appendix A to CFATS, published Nov. 20, 2007: This list consists of approximately 300 Chemicals of Interest and their individual Screening Threshold Quantities. Any facility that possesses an Appendix A COI in a quantity at or above the listed STQ for any period of time is covered by the standard and must submit a Top Screen within 60 calendar days.
  • Clarification to Chemical Facility Anti-Terrorism Standards, propane, published March 21, 2008: This notice clarifies how certain provisions of the CFATS apply to the COI propane, which is understood by DHS to contain at least 87.5 percent of the chemical propane. Specifically, this notice clarifies the STQ and counting rules that apply to the COI propane.
  • Federal Register CSAT Registration Reminder, published April 25, 2007: DHS recommends that chemical facilities register to access the CSAT system. This is a voluntary registration process for facilities that think they may be covered by the Chemical Facility Anti-Terrorism Standards located in 6 CFR Part 27 and that would like to initiate the process to determine whether or not they are covered.
  • Risk-Based Performance Standards Guidance, published May 15, 2009: This guidance provides DHS' interpretations of the level of performance facilities in each of the risk-based tiers created by CFATS should strive to achieve under each Risk-Based Performance Standard (RBPS). It also seeks to help facilities comply with CFATS by describing in greater detail the 18 RBPSs enumerated in CFATS and by providing examples of various security measures and practices that could be selected to achieve the desired level of performance for each RBPS at each tier.
  • DHS request for comment on CFATS regulatory provisions for aboveground gasoline storage tanks, published Jan. 12, 2010: DHS invited public comment on issues related to certain regulatory provisions in the CFATS that apply to facilities storing gasoline in aboveground storage tanks. Written comments were to be submitted by March 15, 2010.

State Actions
Some states are considering taking action on their own. For example, on Nov. 29, 2005, New Jersey adopted mandatory security requirements for 140 chemical facilities in the state, including a requirement for security vulnerability analysis. For 43 of those 140 facilities -- those covered by the New Jersey Toxic Catastrophe Prevention Act -- the vulnerability analysis also must include a review of the potential benefits of adopting inherently safer technology.

Featured

  • Cost: Reactive vs. Proactive Security

    Security breaches often happen despite the availability of tools to prevent them. To combat this problem, the industry is shifting from reactive correction to proactive protection. This article will examine why so many security leaders have realized they must “lead before the breach” – not after. Read Now

  • Achieving Clear Audio

    In today’s ever-changing world of security and risk management, effective communication via an intercom and door entry communication system is a critical communication tool to keep a facility’s staff, visitors and vendors safe. Read Now

  • Beyond Apps: Access Control for Today’s Residents

    The modern resident lives in an app-saturated world. From banking to grocery delivery, fitness tracking to ridesharing, nearly every service demands another download. But when it comes to accessing the place you live, most people do not want to clutter their phone with yet another app, especially if its only purpose is to open a door. Read Now

  • Survey: 48 Percent of Worshippers Feel Less Safe Attending In-Person Services

    Almost half (48%) of those who attend religious services say they feel less safe attending in-person due to rising acts of violence at places of worship. In fact, 39% report these safety concerns have led them to change how often they attend in-person services, according to new research from Verkada conducted online by The Harris Poll among 1,123 U.S. adults who attend a religious service or event at least once a month. Read Now

  • AI Used as Part of Sophisticated Espionage Campaign

    A cybersecurity inflection point has been reached in which AI models has become genuinely useful in cybersecurity operation. But to no surprise, they can used for both good works and ill will. Systemic evaluations show cyber capabilities double in six months, and they have been tracking real-world cyberattacks showing how malicious actors were using AI capabilities. These capabilities were predicted and are expected to evolve, but what stood out for researchers was how quickly they have done so, at scale. Read Now

Most   Popular

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.