Managed by the Cybersecurity and Infrastructure Security Agency (CISA), the Chemical Facility Anti-Terrorism Standards (CFATS) program identifies and regulates high-risk facilities to ensure security measures are in place to reduce the risk that certain dangerous chemicals are weaponized by terrorists. Under CFATS, a chemical facility is any establishment or individual that possesses or plans to possess any of the more than 300 chemicals of interest (COI) in Appendix A at or above the listed screening threshold quantity (STQ) and concentration. These facilities must report their chemicals to CISA via an online survey, known as a Top-Screen. CISA uses the Top-Screen information a facility submits to determine if the facility is considered high-risk and must develop a security plan.
CFATS is set to expire on July 27; S. 2178, a five-year reauthorization bill, was introduced in the upper chamber on June 22. National Association of Chemical Distributors (NACD) President and CEO Eric R. Byer, who joined NACD in January 2014 as president with nearly 20 years of experience in government and public affairs as well as organizational operations, talked with HSToday about the importance of CFATS to industry and homeland security.
Q: As security leaders often stress, we are in an age of evolving threats to critical infrastructure in terms of threat actors, motives, and tactics. How does this threat evolution concern chemical facilities?
A: Chemicals are used in nearly every U.S. industry and are essential to our economy. Chemical facilities engage in the manufacturing, storage, transportation, utilization, and distribution of chemicals across a wide range of sectors, including agriculture, energy, electronics, paint and coatings, health care, pharmaceuticals, and more. Chemical facilities are deeply concerned about the ever-evolving nature of threats they face. The Chemical Facilities Anti-Terrorism Standards (CFATS) program plays a vital role in managing and safeguarding these high-risk sites against acts of terrorism. Through the implementation of performance-based security standards, each facility is required to conduct Security Vulnerability Assessments and develop Site Security Plans that comprehensively address their unique security challenges.
Q: What were some of the challenges with information sharing and regulation before CFATS?
A: Before the CFATS program was implemented, the chemical industry faced significant challenges in terms of information sharing and regulation. Communication and information exchange were limited due to the lack of established partnerships between the industry and relevant agencies. However, since the introduction of CFATS, the industry has gained access to numerous agencies with whom they can exchange critical information. Additionally, the industry now receives valuable information regarding potential issues within the communities where they operate. This enhanced information exchange helps chemical facilities to strengthen their security measures, protecting their employees, facilities, and neighboring communities. Without the CFATS program, the industry would lack these important relationships and outreach opportunities, particularly at the federal level.
Q: Tell us about the vulnerability of commonly used chemicals that may be used by actors with malicious intent.
A: The ever-changing nature of vulnerabilities emphasizes the importance of the partnership with the U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA). The CFATS program is non-prescriptive, enabling the industry to adjust its security measures in response to emerging threats. CISA plays a vital role in the constant monitoring of threats and maintains the ability to establish direct communication with covered facilities so they can enhance their security posture.
Q: As of May, CFATS covers about 3,200 facilities. How has CFATS been accepted and will continue to be accepted industry-wide?
A: As one of the most successful chemical facilities security programs in existence, the CFATS program brings stability to the industry by helping manage our nation’s high-risk chemical facilities. The public-private partnership with CISA provides the industry with the certainty needed to make long-term facility security investments and gives CISA the tools to run the program efficiently. This partnership represents how the industry and government work together to uphold the highest security standards.
Q: How else has CISA been able to help industry advance chemical security?
A: CISA is constantly looking to improve the chemical safety program. As bad actors evolve their malicious tactics, the CFATS inspectors and CISA headquarters are able to see what facilities could be affected based on a threat. This partnership is what makes the program so respected within the industry. We have placed trust in this governmental program and recognize CISA’s dedication to securing high-risk sites and preventing malicious attacks against the homeland.
Q: CFATS has been extended by Congress with bipartisan support four times. Do you see any reticence to reauthorization, and what arguments are you making to lawmakers for a quick extension?
A: Congress has repeatedly reauthorized the CFATS program with overwhelmingly strong bipartisan support, demonstrating the program’s effectiveness and the industry’s support of these important defenses. Unlike many programs that can be reauthorized retroactively, the CFATS program will sunset without congressional action, leaving our nation without critical safeguards against potential acts of terrorism and cyber-attacks. That’s why this reauthorization has been on the top of NACD’s priority list. During NACD’s annual Washington fly-in and beyond, members have been calling on Congress to swiftly reauthorize the program to ensure its mission of protecting our chemical facility sites continues in the years to come.