A Conversation with Frank Pisciotta

Frank Pisciotta is the president of Business Protection Specialists Inc., a security consulting firm that works in a number of different verticals, including chemical security. We sat down with him to find out the on-the-ground view of CFATS compliance.

Q. Tell me about what your firm does to help facilities become CFATS-compliant.

A. We are a physical and technical security consulting firm, and we’ve been working in the chemical sector for about 21 years. As far as CFATS goes, we work alongside clients of all different sizes and types to help them achieve regulatory compliance, complete their security vulnerability assessment, develop their site security plan, and train facility security officers to comply and designing security programs. We do the front-end engineering and design to enable companies to understand what compliance with the regulations is going to cost them as soon as their plans are approved.

Q. Where in the compliance process are a lot of the facilities you are working with?

A. There are probably somewhere between five and six thousand regulated facilities in the U.S. Most have received their final determination letters, though there are still still a few a hundred that haven’t. The issue really is that DHS is understaffed for the amount of work they have to do to meet up with the regulations. While there are only five to six thousand facilities regulated, they received 38,000 topscreens from organizations with chemicals of interest. So they’ve had to wade through all of that.

The law also provides a provision to request a redetermination of your initial determination, and anyone who can get out of having to comply with this law is going to try as hard as they can to do so. So DHS has had thousands of requests for redetermination. This has slowed DHS down in terms of getting through the SSP reviews.

DHS will also tell you that their data collection tool didn’t serve them the way they thought they did – it wasn’t thorough enough. So now they have to go back to their Tier-One facilities to ask them to more clearly interpret the information that they’ve submitted. It seems that there’s one delay after another here, which means there aren’t very many companies that have SSPs approved and in place. Of the 60 facilities that we’re working with right now, none have received approval yet.

Q. What are some common challenges that facilities you’re working with are facing?

A. Prior to CFATS, you had companies that arguably had adequate security programs for their security design basis. If you looked at all the criminal threats, insider threats, workplace violence threats they faced, companies were fairly well put together to address those types of threats. When the government comes along and says, “You now have to contend with highly motivated adversaries and terrorists,” all of that drops, and you essentially have to start building your security program from the ground up again.

Also, DHS isn’t done figuring out how they’re going to implement all of this stuff. For example, there’s a requirement that people with unlimited access to these chemicals of interest undergo a terrorist background screening. But DHS doesn’t know what system they want people to use to screen these people yet.


  • Cybersecurity Awareness Month: Top Five Action Items to Elevate Your Data Security Posture Management and Secure Your Data

    October is Cybersecurity Awareness Month, and every year most tips for security hygiene and staying safe have not changed. We’ve seen them all – use strong passwords, deploy multi-factor authentication (MFA), be vigilant to spot phishing attacks, regularly update software and patch your systems. These are great recommended ongoing tips and are as relevant today as they’ve ever been. But times have changed and these best practices can no longer be the bare minimum. Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX
  • People Say the Funniest Things

    People Say the Funniest Things

    By all accounts, GSX version 2023 was completely successful. Apparently, there were plenty of mix-ups with the airlines and getting aircraft from the East Coast into Big D. I am all ears when I am in a gathering of people. You never know when a nugget of information might flip out. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity

New Products

  • XS4 Original+

    XS4 Original+

    The SALTO XS4 Original+ design is based on the same proven housing and mechanical mechanisms of the XS4 Original. The XS4 Original+, however, is embedded with SALTO’s BLUEnet real-time functionality and SVN-Flex capability that enables SALTO stand-alone smart XS4 Original+ locks to update user credentials directly at the door. Compatible with the array of SALTO platform solutions including SALTO Space data-on-card, SALTO KS Keys as a Service cloud-based access solution, and SALTO’s JustIn Mobile technology for digital keys. The XS4 Original+ also includes RFID Mifare DESFire, Bluetooth LE and NFC technology functionality. 3

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3