DHS Issues 60 Day ICR Notice for CSAT
From Chemical Facility Security News
Yesterday the DHS Cybersecurity and Infrastructure Security Agency, the agency that oversees the CFATS program, published a 60-day Information Collection Request (ICR) notice for revisions to the Chemical Security Assessment Tool (CSAT). The notice is intended to revise collection and burden estimates for data collection using CSAT 2.0.
Also included in yesterday’s ICR notice is a detailed review of the risk identification tool, Identification of Additional Facilities and Assets at Risk, that DHS is using to collect data during compliance inspections. At facilities that ship and receive COIs, the facilities are requested to voluntarily provide information on:
- Shipping and/or receiving procedures
- Invoices and receipts
- Company names and locations that COI is shipped and/or received from
Facilities that are identified has having SCADA, DCS, PCS, or ICS systems are requested to voluntarily provide information on:
- Details on the system(s) that controls, monitors, and/or manages small to large production systems as well as how the system(s) operates.
- If it is standalone or connected to other systems or networks and document the specific brand and name of the system(s)
Thanks to PJ Coyle for the information on this ICR. To read a more detailed review of the ICR, click here. While there, subscribe the PJ’s blog.
If you transport certain hazardous material, you probably need to implement a security plan. Many oil and gas operators are already familiar with the U.S. Coast Guard Maritime Transportation Security Act (MTSA) and DHS Chemical Facility Anti-Terrorism Standards (CFATS), but many are not familiar with the U.S. Department of Transportation’s (DOT) Pipeline and Hazardous Materials Safety Administration (PHMSA) HAZMAT Site Security Plan requirements (49 CFR Part 172.800). The rule took effect in September 2003 and requires companies that transport hazardous material to establish a written security plan. The regulation also requires specific security training requirements for HAZMAT drivers and HAZMAT employees.
Security Plan Requirements
The security plan must include an assessment of the transportation security risk for HAZMAT shipments, including site-specific and location-specific risks associated with the facilities at which the materials are prepared for transport, stored, or unloaded incident to movement, and appropriate measures to address the assessed risks. At a minimum, the security plan must include the following elements:
- Personnel security;
- Unauthorized access;
- En route security;
- Identification by job title the senior management official responsible for the development and implementation of the security plan;
- Security duties for each position or department responsible for implementing the plan; and
- A plan for training HAZMAT employees.
The regulation requires the company/facility to ensure that each of its hazmat employees receive security awareness training as well as in-depth security training.
For more information of the DOT regulation, click here.
Since 2013 there has been 159 homegrown jihadist cases in 30 states. Recent examples of homegrown terror-related incidents cited in the report include the case of a 28-year-old Ohio resident, Laith Alebbini, who was arrested Sept. 5 and charged with attempting to provide material support to ISIS. Also on Sept. 5, 26-year-old Alexander Ciccolo of Adams, Mass., was sentenced to 20 years in prison for the same crime. According to the snapshot, Ciccolo “planned to use pressure cooker explosives and firearms to target places where large numbers of people congregated, such as college cafeterias.” Ciccolo is the son of a Boston police captain.
To read more, click here.