Chemical Plant Security Assessment: Prioritizing Facilities that Need to Be Protected

Chemical Plant Security Assessment: Prioritizing Facilities that Need to Be Protected

The security professional needs help from a process safety expert to understand and prioritize what needs to be protected on the site.

The chemical industry has been receiving continued media and government attention as having many facilities that could be terrorist targets. Unless exempt by statute or rule, chemical facilities that possess Appendix A Chemicals of Interest (COI) at the identified Screening Threshold Quantity (STQ) for any security issue must submit information for the Department of Homeland Security (DHS) review. Through an analytical review of facility COI, DHS determines a facility’s level of security risk.

About 34,000 facilities have submitted Top Screens for review by DHS, and 7,000 of those facilities were considered a High Level of Security Risk and are regulated as a "Covered Facility." The definition of “chemical facility” is very broad and could even include pool supply companies.

Security and Process Safety Experts
An evaluation of security vulnerability of any facility handling or storing hazardous chemicals requires a joint effort between a security professional and a chemical process safety professional. The security professional understands how to protect an installation -- for example, proper design of security fences and vehicle gates, intrusion detection systems, surveillance systems, site access control systems, security procedures, cyber security procedures, and proper training and qualification of security personnel.

But the security professional needs help from a process safety expert to understand and prioritize what needs to be protected on the site. The role of a process safety expert in a chemical plant security vulnerability analysis is to:

  • Understand the hazards of the materials handled or stored at the site, including acute toxicity, fire hazards, and explosion hazards.
  • Understand the ways that these hazards might be exploited by a terrorist -- for example, by release of a toxic material, fire or explosion, or theft or diversion of material for use in making explosives, bombs, or toxic materials that might be released elsewhere or used to contaminate water or food supplies.
  • Estimate the potential consequences of a loss of containment, fire, or explosion involving hazardous materials at a chemical site. This can include modeling of the consequences of material releases from a possible attack, such as releases of toxic materials or fires and explosions.
  • Based on consequence modeling, understand the potential impact of a terrorist attack on the plant and the surrounding community.
  • Understand how a facility might be attacked or sabotaged to release hazardous materials or cause fires or explosions.
  • Understand the effectiveness of process safety design features -- such as isolation valves, automatic shutdown systems, and emergency response equipment and procedures -- in mitigating the impacts of a release or process upset caused by a terrorist attack or equipment sabotage.
  • Help the security professional understand which specific facilities in the plant represent the most attractive potential terrorist targets, so that plant security resources can be directed to the areas presenting the greatest hazard.
  • Help to identify potential inherently safer design opportunities that could reduce the potential consequences of a terrorist attack and help to comply with local regulatory requirements for consideration of inherently safer technology, where these regulations exist.

Professional Societies and Industry Trade Groups
Professional societies and industry trade groups have responded to this concern by developing methodologies for security vulnerability assessment (SVA) for chemical handling facilities. The Center for Chemical Process Safety of the American Institute of Chemical Engineers developed and published a methodology for Security Vulnerability Analysis in 2003 ("Guidelines for Analyzing and Managing the Security Vulnerabilities of Fixed Chemical Sites"). The American Chemistry Council (ACC) incorporated requirements for plant security into its Responsible Care® program, and the Society of Chemical Manufacturers and Affiliates, Inc. (SOCMA) also includes security as an element of its ChemStewards® program.

Federal Regulatory Response
There also have been federal regulatory responses, including:

  • Coast Guard: The United States Coast Guard requires a security assessment and plan for about 300 chemical facilities in port areas over which it has jurisdiction, as described in 33 CFR Part 105.
  • Homeland Security Appropriations Act of 2007: This act of Congress mandated that the secretary of the Department of Homeland Security establish risk-based performance standards for the security of high-risk chemical facilities within six months of the enactment of the act. Also mandated were the development of vulnerability assessments and the development and implementation of site security plans for high-risk chemical facilities. The Chemical Facility Anti-Terrorism Standards (CFATS) interim final rule (6 CFR Part 27) was created to fulfill the requirements of this act.
  • Interim Final Rule, Chemical Facility Anti-Terrorism Standards (CFATS), published April 9, 2007: After gathering and incorporating comments from individuals, trade associations, companies, and numerous other entities, the CFATS was published as an interim final rule. An essential part of this rule was a proposed Appendix A, or the list of Chemicals of Interest (COI) and the quantities of each COI that would require a chemical facility to complete and submit a Top Screen consequence assessment to DHS through the secure online Chemical Security Assessment Tool (CSAT).
  • Appendix A to CFATS, published Nov. 20, 2007: This list consists of approximately 300 Chemicals of Interest and their individual Screening Threshold Quantities. Any facility that possesses an Appendix A COI in a quantity at or above the listed STQ for any period of time is covered by the standard and must submit a Top Screen within 60 calendar days.
  • Clarification to Chemical Facility Anti-Terrorism Standards, propane, published March 21, 2008: This notice clarifies how certain provisions of the CFATS apply to the COI propane, which is understood by DHS to contain at least 87.5 percent of the chemical propane. Specifically, this notice clarifies the STQ and counting rules that apply to the COI propane.
  • Federal Register CSAT Registration Reminder, published April 25, 2007: DHS recommends that chemical facilities register to access the CSAT system. This is a voluntary registration process for facilities that think they may be covered by the Chemical Facility Anti-Terrorism Standards located in 6 CFR Part 27 and that would like to initiate the process to determine whether or not they are covered.
  • Risk-Based Performance Standards Guidance, published May 15, 2009: This guidance provides DHS' interpretations of the level of performance facilities in each of the risk-based tiers created by CFATS should strive to achieve under each Risk-Based Performance Standard (RBPS). It also seeks to help facilities comply with CFATS by describing in greater detail the 18 RBPSs enumerated in CFATS and by providing examples of various security measures and practices that could be selected to achieve the desired level of performance for each RBPS at each tier.
  • DHS request for comment on CFATS regulatory provisions for aboveground gasoline storage tanks, published Jan. 12, 2010: DHS invited public comment on issues related to certain regulatory provisions in the CFATS that apply to facilities storing gasoline in aboveground storage tanks. Written comments were to be submitted by March 15, 2010.

State Actions
Some states are considering taking action on their own. For example, on Nov. 29, 2005, New Jersey adopted mandatory security requirements for 140 chemical facilities in the state, including a requirement for security vulnerability analysis. For 43 of those 140 facilities -- those covered by the New Jersey Toxic Catastrophe Prevention Act -- the vulnerability analysis also must include a review of the potential benefits of adopting inherently safer technology.

Featured

  • 7 Reasons Why Governments Need to Regulate AI

    Recently, Elon Musk unveiled two remarkable AI applications. A humanoid robot named Optimus, with its remarkable human-like speech and movements, and a fully autonomous car, absent steering wheel and pedals, called Cybercab. While these examples represent a broad trend of AI integration across industries, they highlight technology’s transformative potential, prompting a need for regulation to ensure it is used responsibly, securely and ethically. Read Now

  • OR Code Phishing on the Rise According to New Report

    KnowBe4 recently released its Q3 2024 Phishing Report. This quarter's findings reveal the most frequently clicked email subjects in simulated phishing tests, demonstrating the continued efficacy of HR and IT-related phishing attempts. KnowBe4’s Q3 2024 Phishing Report reveals that HR and IT-related phishing emails claim a significant 48.6% share of top-clicked phishing types globally. Despite evolving techniques by bad actors, phishing emails remain among the most prevalent tools for executing cyberattacks. Read Now

  • United HealthCare CEO Killed in Targeted Attack in New York City

    United HealthCare CEO Brian Thompson was killed in a targeted attack early Wednesday in Manhattan Read Now

  • Theft, Crime Driving Retail Workers to Look for New Jobs

    More than four in ten retail workers in the U.S. say they are likely to leave their current job in the next 12 months due to personal safety concerns, according to new research conducted by the Loss Prevention Research Council (LPRC) in partnership with Verkada. Read Now

Featured Cybersecurity

Webinars

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3