Local Emergency Management: The CFATS Challenge

Chemical facilities have always been a concern for local first responders. Most major chemical accidents rapidly overwhelm community emergency-services capabilities. Until the terrorist attacks of 11 September 2001, U.S. emergency-services agencies viewed chemical incidents as accidental events – and the tragic Bhopal (India) toxic chemical release in 1984 had already alerted emergency-services agencies worldwide as to the devastating consequences posed by chemical accidents. In the Bhopal accident, over 7,000 fatalities occurred within days of the accident; long-term casualty estimates later escalated the total to more than 100,000 victims.

The 9/11 attacks, coupled with intelligence reports of other attack plans, shows that many terrorists are willing to exploit the hazardous nature of chemical sites to further their aim of creating an atmosphere of fear and intimidation in a target population. For that reason alone, local emergency-services agencies with chemical facilities in their jurisdictions must now consider preparation for chemical-related events that are intentional as well as accidental. While there are few distinctions between managing an accidental as opposed to an intentional chemical event, the attractiveness of chemical sites as a terrorist target poses major challenges for all emergency-services disciplines.

In 2006, the federal government established the foundation for chemical-security regulations that are currently in the implementation phase. The Chemical Facility Anti-Terrorism Standards (CFATS) create uniform security standards for high-risk chemical sites throughout the United States. The CFATS regulations, administered by the Department of Homeland Security (DHS), are designed to ensure that consistent performance-based security standards are effectively applied to all chemical sites possessing certain quantities of 322 so-called “chemicals of interest.”

In order to identify high-risk chemical sites, DHS conducted a massive screening effort of nearly 40,000 producers, users, distributors, and holders of the chemicals of interest. After analyzing the data developed by the screening, the department determined that about 7,000 sites should be subject to CFATS regulations. The same data provided DHS the information needed to establish a risk ranking of the 7,000 facilities, which are grouped in four “tiers” – with Tier 1 being the highest-risk facility. The tier ratings are based on the quantity and types of chemical(s) on site, coupled with the site’s proximity to U.S. population centers.

The CFATS regulations affect local emergency-service agencies in a number of ways. First, the local emergency-services community must be aware of the DHS high-risk sites in its jurisdiction and understand what security standards apply to each site. Second, emergency-services agencies must address the information-sharing challenges posed by CFATS. Lastly, the emergency-services community needs to embrace the private chemical sector in an all-hazards approach to emergency preparedness.

Local CFATS Awareness Mandatory

At the core of the CFATS regulations are 18 Risk-Based Performance Standards (RBPSs) related to security needs. The CFATS security criteria are performance-based rather than proscriptive. This provides the opportunity for chemical sites to determine the most cost-effective way to meet CFATS regulatory performance expectations. In addition to the 18 RBPSs, DHS reserves the right to establish additional security requirements as situations or actionable intelligence may dictate.

Integrating the CFATS-regulated site and its local emergency-service providers is a major performance standard. Regulated chemical sites must, depending on their tier rankings, establish their security standards with consideration of local law-enforcement response capabilities. They also must conduct emergency preparedness exercises with local emergency-services agencies in order to validate site security plans and ensure effective local integration.

In most jurisdictions, local fire departments already have established working relationships with the chemical sites in their communities. These relationships provide an excellent springboard for developing and strengthening emergency preparedness collaboration under CFATS. The local fire department is well positioned to host interdisciplinary working groups that focus on CFATS-regulated facilities in the local jurisdiction. The DHS Office of Infrastructure Protection and the state Homeland Security Advisor’s office are excellent resources for collaboration.

CFATS Challenges to Information Sharing

CFATS provides compliance standards for information sharing. The information collected under CFATS is protected as Chemical-Terrorism Vulnerability Information (CVI), a subset of the “Sensitive but Unified” (SBU) information security designation. CVI provisions treat certain information as if it were Secret, though, to safeguard it from terrorist plotting and intelligence efforts.

A key element governing CVI access is the “need-to-know” guideline. DHS recognizes that certain disciplines of the local emergency-services community have a clear need to know certain CVI material. For that reason, the department has established procedures, in cooperation with state Homeland Security Advisors’ offices, to provide local emergency-service agencies access to such information. These procedures include a vetting process of each person nominated to be granted access as well as a short web-based training program that must be completed by that person before access is granted. Even regulated chemical sites are prohibited from disclosing CVI-designated information to unauthorized personnel.

It is vital that local emergency-services agencies determine who within their organizations has the need to know and therefore should be granted access to CVI data. These personnel decisions should take into account a need for redundancy – balanced, though, against the equally compelling need for narrow access controls. Each agency is required to establish protocols for managing its own CVI material. (This requirement is similar to but procedurally different from the requirements for managing Protected Critical Infrastructure Information (PCII) or Sensitive Secure Information (SSI) under other DHS-administered programs.)

With the CVI clearances completed, the local emergency-services community can substantively engage in broad emergency planning, working in close cooperation with representatives of the CFATS-regulated sites. Because the local CFATS-regulated chemical sites are, by DHS definition, high-risk facilities, the integrated emergency planning efforts should concentrate primarily on those sites.

DHS determines the attack scenarios that are considered to be most applicable to the chemicals of interest held at each site. Many regulated sites are already applying those attack scenarios to their respective sites and chemicals as part of what are called site-vulnerability assessments (SVAs).

The same attack scenarios, when applied to the regulated sites within a local jurisdiction, provide an ideal starting point for integrated planning. Representatives of the regulated chemical sites are the subject-matter experts on how the attack-scenario consequences are likely to unfold, taking into consideration the chemical characteristics, attack characteristics, and the site-mitigation capabilities available. Local emergency-service agencies are the subject-matter experts on local response capabilities and community-based consequence-management capabilities. The CFATS-regulated sites are required to develop site security plans (SSPs) as part of the CFATS compliance efforts. The local emergency-services community should be engaged at various points in the development of the SSPs.

Integrated Emergency Management with CFATS Focus

The inclusion of CFATS-regulated sites in local- and state-focused emergency-preparedness exercises is an important aspect of integrated planning. Exercises are a vital tool for testing and validating internal stakeholder plans as well as the interagency cohesion across disciplines and stakeholders. A critical incident involving a CFATS-regulated site changes the traditional list of stakeholders involved in that event. At the national level, each CFATS-regulated site is inherently a high-risk and potentially high-consequence site.

The integrated emergency planning required has to be carried to the next level. CFATS regulations apply to defeating or mitigating acts of terrorism. However, sound and comprehensive emergency preparedness considers cascading impacts and compounding events from an all-hazards perspective. Government and CFATS-regulated site officials should therefore examine and prepare for non-terrorist events that also might produce vulnerabilities that could be exploited by terrorists. A natural disaster typical to a particular local community – e.g., wildfires in California, hurricanes in Florida – might well diminish the security integrity at a CFATS-regulated site, leaving it more vulnerable to terrorist attack or exploitation. Since the 9/11 attacks, state, local, and tribal jurisdictions throughout the United States have greatly improved the natural-disaster preparedness capabilities of their own communities. With the CFATS regulations in place, there are new opportunities to economize on emergency preparedness efforts – e.g., by including CFATS-regulated sites in natural-disaster planning and exercises.

To summarize: CFATS was established to provide uniformity in the rules and regulations securing the nation’s hazardous-chemical sites from terrorist attacks. Chemical security standards are essential in protecting U.S. communities from malicious threats of the 21st century. Effective security requires a community effort that is inclusive of CFATS while extending beyond regulated sites to involve all local stakeholders and reasonable incident scenarios that might occur. Critical incidents and disaster events are local in nature; for that reason, the optimal solutions are almost always community-based. In short, CFATS presents regulated sites and local first-responder communities new opportunities for inclusive and focused emergency planning.

For more information on CFATS click on: www.chemicalsecurity.gov

Joseph W. Trindal

As founder and president of Direct Action Resilience LLC, Joseph Trindal leads a team of retired federal, state, and local criminal justice officials providing consulting and training services to public and private sector organizations enhancing leadership, risk management, preparedness, and police services. He serves as a senior advisor to the U.S. Department of Justice, International Criminal Justice Training and Assistance Program (ICITAP) developing and leading delivery of programs that build post-conflict nations’ capabilities for democratic policing and applied modern investigative techniques. After a 20-year career with the U.S. Marshals Service, where he served as chief deputy U.S. marshal and ERT incident commander, he accepted the invitation in 2002 to become part of the leadership standing up the U.S. Department of Homeland Security as director at Federal Protective Service for the National Capital Region. He serves on the Partnership Advisory Council at the International Association of Directors of Law Enforcement Standards and Training (IADLEST). He also serves on the International Association of Chiefs of Police, International Managers of Police Academy and College Training. He was on faculty as an instructor at George Washington University. He is past president of the InfraGard National Capital Region Members Alliance. He has published numerous articles, academic papers, and technical counter-terrorism training programs. He has two sons on active duty in the U.S. Navy. Himself a Marine Corps veteran, he holds degrees in police science and criminal justice. He has contributed to the Domestic Preparedness Journal since 2006 and is a member of the Preparedness Leadership Council.



No tags to display


Translate »