Category Archives: DHS

Port Security Grant-Themed Malicious Email (TLP-GREEN)

MPS-ISAO Warning Report, “Malicious Port Security Grant-Themed Email“.  The MPS-ISAO received an email sample from a U.S. Port customer this morning, and have confirmed that it is malicious.  The distribution list for this port security grant-themed email was over 500.  Please click here to see the report for email indicators.

Thanks Lester Millet for the report.

Lester J. Millet III, LEM
Safety Agency Risk Manager / FSO Workgroup Chairman
Port of South Louisiana

Identification of Additional Facilities and Assets at Risk

DHS Issues 60 Day ICR Notice for CSAT

From Chemical Facility Security News

Yesterday the DHS Cybersecurity and Infrastructure Security Agency, the agency that oversees the CFATS program, published a 60-day Information Collection Request (ICR) notice for revisions to the Chemical Security Assessment Tool (CSAT). The notice is intended to revise collection and burden estimates for data collection using CSAT 2.0.

Also included in yesterday’s ICR notice is a detailed review of the risk identification tool, Identification of Additional Facilities and Assets at Risk, that DHS is using to collect data during compliance inspections. At facilities that ship and receive COIs, the facilities are requested to voluntarily provide information on:

  • Shipping and/or receiving procedures
  • Invoices and receipts
  • Company names and locations that COI is shipped and/or received from

Facilities that are identified has having SCADA, DCS, PCS, or ICS systems are requested to voluntarily provide information on:

  • Details on the system(s) that controls, monitors, and/or manages small to large production systems as well as how the system(s) operates.
  • If it is standalone or connected to other systems or networks and document the specific brand and name of the system(s)

Thanks to PJ Coyle for the information on this ICR. To read a more detailed review of the ICR, click here. While there, subscribe the PJ’s blog.

Do you need a DOT HAZMAT Security Plan?

If you transport certain hazardous material, you probably need to implement a security plan. Many oil and gas operators are already familiar with the U.S. Coast Guard Maritime Transportation Security Act (MTSA) and DHS Chemical Facility Anti-Terrorism Standards (CFATS), but many are not familiar with the U.S. Department of Transportation’s (DOT) Pipeline and Hazardous Materials Safety Administration (PHMSA) HAZMAT Site Security Plan requirements (49 CFR Part 172.800). The rule took effect in September 2003 and requires companies that transport hazardous material to establish a written security plan. The regulation also requires specific security training requirements for HAZMAT drivers and HAZMAT employees.

Security Plan Requirements

The security plan must include an assessment of the transportation security risk for HAZMAT shipments, including site-specific and location-specific risks associated with the facilities at which the materials are prepared for transport, stored, or unloaded incident to movement, and appropriate measures to address the assessed risks. At a minimum, the security plan must include the following elements:

  • Personnel security;
  • Unauthorized access;
  • En route security;
  • Identification by job title the senior management official responsible for the development and implementation of the security plan;
  • Security duties for each position or department responsible for implementing the plan; and
  • A plan for training HAZMAT employees.

Training Requirements

The regulation requires the company/facility to ensure that each of its hazmat employees receive security awareness training as well as in-depth security training.

For more information of the DOT regulation, click here.

Last Minute Deal Extends CFATS Program

According to The Hill, Senators have struck a last-minute deal to extend the Chemical Facility Anti-Terrorism (CFATS) program. This program regulates how manufacturers must guard against potential terror attacks.

Congress will now vote on the bill to reauthorize the CFATS program for 15 months. The CFATS program was set to officially expire at the end of Thursday, January 17, 2019.

To read more about CFATS, click here.

To read The Hill, article click here.

To read more on the bill, click here.

 

The Persistent Threat of Terrorism

Since 2013 there has been 159 homegrown jihadist cases in 30 states. Recent examples of homegrown terror-related incidents cited in the report include the case of a 28-year-old Ohio resident, Laith Alebbini, who was arrested Sept. 5 and charged with attempting to provide material support to ISIS. Also on Sept. 5, 26-year-old Alexander Ciccolo of Adams, Mass., was sentenced to 20 years in prison for the same crime. According to the snapshot, Ciccolo “planned to use pressure cooker explosives and firearms to target places where large numbers of people congregated, such as college cafeterias.” Ciccolo is the son of a Boston police captain.

To read more, click here.

Do I Need to Resubmit a Top-Screen?

There are still circumstances which may require your facility to resubmit a Top-Screen today, even if you have already resubmitted using CSAT 2.0. For example, a facility must report material modifications to its chemical holdings or facility operations, as these changes may alter a facility’s tier. Material modifications may include:

  • The addition or removal of COI at the STQ and concentration
  • Changes to quantity, location, or packaging of a COI as previously reported on a Top-Screen

Facilities are encouraged to report the highest expected quantity and concentration of COI they anticipate possessing over the lifecycle of their operations. By taking this approach, facilities can maintain a more efficient reporting process as they will not need to resubmit a Top-Screen when the quantity or concentration of a COI is reduced through normal operations.

Additionally, CFATS-covered facilities are required to update their Top-Screens on a regular basis, as determined by their tier:

  • A Tier 1 or Tier 2 facility must update its Top-Screen two years after its SSP is approved
  • A Tier 3 or Tier 4 facility must update its Top-Screen three years after its SSP is approved

Let us know if we can help you prepare and submit your CFATS Top Screen and prepare your facility for a Compliance Inspection.

To read about what to expect from a CFATS CI, click here.

DHS OIG Review of the USCG Oversight of the TWIC Program

The Department of Homeland Security’s Office of Inspector General performed a review of the USCG oversight of the TWIC program and found that the USCG “does not have a full understanding of the extent to which the TWIC program address security risks in the maritime environment”.

Report Findings:

  • DHS did not complete the mandated TWIC Program assessment
  • USCG needs to clarify TWIC Reader requirements for industry
  • USCG needs to improve TWIC card verification process
    • USCG completed 33,800 TWIC verifications, but only used electronic TWIC readers to verify just 2,425 cards, or 1 in 15 cards
  • USCG needs to strengthen oversight guidance on TWIC program

The report also lists four recommendation for DHS and the USCG:

  • DHS Under Secretary of Science and Technology complete the TWIC program assessment required by Public Law 114-278 to evaluate the security value of the TWIC program.
  • The USCG’s Assistant Commandant for Prevention Policy take action to more clearly define the applicable facilities that have certain dangerous cargo in bulk and which must implement the use of electronic TWIC readers as an access control measure.
  • The USCG’s Assistant Commandant for Prevention Policy improve the Coast Guard’s use of electronic TWIC card readers during annual inspections at regulated facilities by procuring new TWIC card readers.
  • The USCG’s Assistant Commandant for Prevention Policy revise and strengthen the Coast Guard TWIC Verification and Enforcement Guide.

DHS concurred with all four of the recommendations and stated that the Homeland Security Operational Analysis Center is currently conducting an assessment of the TWIC program. The estimated completion date for the DHS assessment is March 30, 2020.

To download a copy of the full report, click here.

Preparing for a CFATS Compliance Inspection

Many companies aren’t prepared when they receive a letter from the DHS Infrastructure Security Compliance Division (ISCD) notifying them of an upcoming facility Compliance Inspection (CI). You might have documents that are out of date, or you may be missing the necessary forms. If left unchecked, you could be forced to waste time and money in enforcing corrective actions. When it comes to advising our clients to be prepared, these are the top three tips we give them for a successful CFATS Compliance Inspection.

Review Your Documents

When you receive a notice from DHS about an upcoming inspection, this is always a good time to review your security plan and required documents to make sure that you have everything in order. Also, this is a good time to verify that you have conducted the required drills and/or exercises, and an annual audit of the security plan.

Training Moment

Training is very important for facility personnel and this is a good opportunity to make sure all your training is up to date and to have a general discussion regarding security of the facility. The training can focus on topics that will most likely be covered during the inspection; including access control, monitoring, screening, security personnel (who is the FSO, Alt. FSO?), NTAS security measures, etc.

 Organize

One thing that we recommend and develop for majority of our clients is to have a single security plan binder with all relevant documents and forms. This is a perfect, centralized place to store and secure all the forms and documents that the inspectors will want to review during the inspection. We have had great success with these binders for all of our regulated clients; CFATS, MTSA, TSA, DOT, etc. As we tell our clients, it is best to get the inspectors the requested material in a timely fashion and get the inspection over with as quickly as possible.

Recently one of our clients had a Compliance Inspection that they passed without any issues, “We went through our security plan book while the inspector was here and we were complimented on how all the files were in one book and not in different locations.  We didn’t spend much time with it, because everything was in the binder that they had questions about.”

Let us know if we can help you prepare for your CFATS Compliance Inspection and develop a security binder for you and help you succeed with your inspections.

To read about what to expect from a CFATS CI, click here.

TSA Begins Issuing New TWIC Cards

The Transportation Security Administration (TSA) began issuing the new TWIC NexGen cards on July 10, 2018. The new cards incorporate enhanced security features (click here to read more).

Details about the new TWIC NexGen card:

  • Current TWIC card holders do not need to replace a valid TWIC card with the new TWIC card design.
  • Regulated entities that require TWIC for access will accept and recognize both the current and new TWIC designs until the card’s expiration.
  • The new card design is compatible with qualified TWIC readers.
  • To deter alteration of the card’s expiration date, the new card includes a color-coded expiration date box that will update on an annual basis.
  • The fee for the newly re-designed TWIC card remains unchanged ($125.25) and the credential is valid for five years.

Click here to read more about the TWIC NexGen cards.

Click here for a TWIC NexGen Authentication Guide