1 / 30

Disclaimer

Disclaimer.

thai
Télécharger la présentation

Disclaimer

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Disclaimer The following information was presented by Matthew Bettridge of the Chemical Security Compliance Division of DHS on June 12, 2007 at the 2007 Chemical Sector Security Summit in Falls Church, VA. The information contained in this presentation is for information only and should not be construed as complete for compliance purposes.

  2. Overview Chemical Security Assessment Tool (CSAT) June 2007 Chemical Security Compliance Division Office of Infrastructure Protection National Protection and Programs Directorate

  3. Chemical Security Assessment Tool (CSAT) Overview • Chemical Security - The Mission • Requirements in Developing the CSAT • CSAT Process and Applications • User registration • Screening questionnaire (Top-Screen) • Security Vulnerability Assessment tool (SVA) • Site Security Plan (SSP) template • Information Protection • Status / Next Steps

  4. Chemical Security – The Mission • P.L. 109-295 requires the Department to regulate chemical facilities that present a high level of security risk with priority on highest risk facilities. The IFR must: • Identify “high security risk” facilities • Develop Risk Based Performance Standards (RBPS) for security at chemical facilities • Approve and disapprove SVA and SSP • Perform Inspections to confirm facility security is in accordance with SSP • Enforce facility compliance and seek remedies • Manage objections and appeals process • Receive, manage, store, and restrict access to Chemical-terrorism Vulnerability Information • Provide Consultations and Technical Assistance upon request

  5. Chemical Security Compliance Division (CSCD) Requirements in Developing CSAT • Protect facility-specific and aggregated data • Collect, catalog, and segregate data from a large number of chemical facilities • Support and inform the determination of a facility’s regulatory status and tier ranking • Enable automation whenever practical, possible, and appropriate • Integrate and operate the IT system within enterprise architecture policy mandates as well as Federal constraints imposed on regulatory data collection regimes

  6. High Level View – The CSAT Process Notify user of CVI responsibilities and restrictions Top-Screen Register CSAT Users Security VulnerabilityAssessment Site Security Plan Facility Tier and Asset Specific Security Issue(s) Validate Facility, Preparer, Submitter & Authorizer information Preliminary Approval Exempted or not covered at this time or Preliminary Facility Tier Reviewer Invited by known & trusted user Inspection for Final Approval

  7. User Registration • Registration began on April 6th and will continue for as long as the Rule is in force • Go to www.dhs.gov/chemicalsecurity to register • Regarding Authorizers, Submitters, and Preparers • Each facility must have an Authorizer, Submitter, and Preparer • The roles may be consolidated with one person or split between three people • Each user will have a unique user name and password • Reviewers invited with the Top-Screen • Register prior to publication of Appendix A to ensure your facility has the full 60 days to complete the Top Screen

  8. Registration Process • Go to www.dhs.gov/chemicalsecurity. Click “Register Now” • Type in Captcha • Complete Submitter and Authorizer information. Click “Continue to Facility Information” • Complete Facility Information • On the same page complete the associated Preparer information • If another facility click “Add Another Facility” • If no other facilities associated with the Submitter & Authorizer click “Complete”

  9. Example User Role Structures

  10. User Information Collected

  11. Adding a Facility

  12. Complete the Registration Process • After last facility & Preparer click “complete” • Download PDF Form • Sign and send to DHS • Email with username & temp password will be sent

  13. User Role Consolidation • Complete a new registration • New users names are created • Use transfer account access to consolidate user accounts

  14. CSAT User Roles

  15. Top Screen: Adding a Reviewer • Selecting a reviewer is optional • Added by a known CSAT user • May be added while the Top-Screen is active • May be an existing user or new user • New users sent an e-mail (no PDF for signature) • Subject to the same requirements as other CSAT users

  16. CSAT Users & Consultants • DHS expects that consultants who assist facilities in complying with 6 CFR Part 27 are CVI authorized users. • If a facility wishes to have a private consulting company support them in completing CSAT the facility may register a person as the Preparer or invite the individual as a Reviewer.

  17. CVI Disclaimer • All CSAT Users must accept to enter Top Screen • Ensures CVI tier letters may be sent to CSAT Users

  18. Top Screen: What does it do? • Identifies the security issue(s) at a facility using the DHS Chemicals of Interest list: • Risk to public health and safety • Potential targets for theft and/or diversion of potential chemical weapons or explosive precursor • Reactive chemicals stored in transportation containers • Concentrated capacity, the loss of which poses a risk to the economy or to the delivery of mission critical functions • Enables DHS to directly inform a facility of its status and/or preliminary tier by letter

  19. Top Screen: Addresses Specific Security Issues • Risk to public health & safety Release: (deaths & injuries) • In-situ release of toxics chemicals • In-situ release and ignition of flammable chemicals • In-situ release/detonation of explosives chemicals • Potential targets for theft or diversion: (presence of chemical) • Chemical weapons and precursors • Weapons of mass effect • IED Precursors • Reactive and stored in transportation containers: (presence of chemical) • Chemicals that react with water to generate poison gasses • Critical to essential government missions: (facility specific basis) • Critical to the national or regional economy: (facility specific basis)

  20. Top Screen: How does public health and safety tiering work? • Deaths and injuries are calculated using a variation of the EPA Risk Management Program (RMP) worst case scenario methodology • DHS’s approach adjusts the RMP*Comp exposed population estimate to account for the safety perspective: • Single container breach assumption • Residential population only • EPRG-2 exposure limit • 25 mile cutoff limit in RMP Comp • Uniform population density • DHS estimates predictable deaths and injuries that would be considered Urgent or Priority in normal medical triage • Process validated through independent expert panel

  21. Post Top Screen Letter from DHS • DHS letter to a facility is protected under CVI and includes: • Preliminary facility tier • Chemicals at the facility to address in the SVA • Security issue associated with the identified chemical(s) • Next steps required by the facility

  22. Security Vulnerability Assessment (SVA) • Follows the SVA approach established by CCPS and others • Asset Characterization: assets associated with chemicals identified in the post Top-Screen letter • Threat Characterization: specific scenarios prescribed by CSAT • Consequence Analysis: potential consequence of scenarios against identified assets • Vulnerability Analysis: security measures in place to mitigate or reduce the likelihood of success of an attack on an asset • Cyber vulnerability assessment included • Tier 4 facilities upload ASPs for review

  23. Locating Critical Assets • CSAT provides up to 1m resolution • Enables a facility to upload image if necessary

  24. Identify Attack Location • Each critical asset is identified • The location of attack is identified • Judgment of preparer and submitter as to impacts • Reasonableness verified during inspection

  25. SVA Output • Informs tier of each critical asset based on potential consequences • Final facility tier based on highest asset-specific tier • Generates a CVI protected letter to each facility that includes: • Final facility tier • Asset specific tier ranking and the associated security issue • Defines the next steps required by the facility • Information in post-SVA letter used by facility during CSAT SSP to identify the applicable RBPS based on asset tiers and security issues

  26. Site Security Plan (SSP) Content • All critical assets in the post-SVA letter must be addressed in the SSP • All security measures in place or planned to achieve the applicable RBPS • Review of SSPs will be prioritized based upon SVA results • Facilities may upload ASPs for consideration

  27. Information Protection • Chemical-terrorism Vulnerability Information • Handling manual, web-based training, FAQs, and Work Products Guide available soon on www.dhs.gov/chemicalsecurity website • CVI User Authorization Request form and Non-disclosure Agreement Form sent to CSAT helpdesk • Unique identification # will be sent to authorized users • Being a CVI Authorized User does not constitute need to know • Presently, CSAT users agree to a disclaimer statement prior to beginning the Top Screen • CVI in enforcement proceedings will be treated as classified information • DHS has formally classified: • Formulas, calculations, tiering thresholds • Information that would inform terrorist targeting

  28. Status and Next Steps • User Registration operational • Top-Screen operational • SVA under development; operational in late-summer • SSP under development, operational in early in 2008 • Follow-on capability enhancements to CSAT • Integrated RMP*Comp calculations • Management of facility user roles by Authorizer • Personnel Surety portal to Terrorism Screening Database • Improved integration of CVI & CSAT • User suggestions?

  29. Top Screen Previews • Small group demonstrations are available throughout the conference • Sign up for the top screen demos at the main registration table • Opportunity to review the Top Screen • Ask questions and get answers

  30. www.dhs.gov/chemicalsecurity • CSAT helpdesk can assist you • CSCD welcomes your comments and suggestions for improvement to CSAT

More Related