Category Archives: Uncategorized

State Bill 1871, signed into law by Governor Abbott

Titled:  An Act relating to the creation of the offense of petroleum product or oil and gas equipment theft.   This penal code addition takes effect on September 1, 2017.

Definitions include: “Oil and gas equipment means machinery, drilling equipment, welding equipment, pipe, fittings, pumps, vehicles, or other equipment used in the drilling or maintenance of oil and gas wells, in the production of oil and gas, or to transport petroleum products.  Petroleum product means crude oil, natural gas, or condensate”.

The offense is committed by unlawfully appropriating oil and gas equipment “without the owner’s effective consent.”  A felony.

This is a finely crafted penal code addition – simple and direct, easy to understand, and comprehensive to our industry’s concerns.  John P. Chamberlain, Executive Director of the Energy Security Council, posted this morning:

Texas Governor Abbott signed State Bill 1871 into law. This bill applies to the theft of oil and oilfield equipment and the penalties for those committing oilfield crimes.  This law is another very useful tool for corporate security teams and law enforcement to use in the ongoing fight against oilfield theft and crime.   

 Much thanks are due to those who spent many hours helping research, craft and promote this timely legislation, including Rob Ream of BHP Billiton Petroleum; LC Wilson, Clete Buckaloo, and Kevin Pullen of Anadarko Petroleum; Mike Peters of Lewis Energy; Robert Butler from the Texas Attorney General’s office; and Paula Barnett from BP.  

2017 Port Security Grant Program (PSGP) Update 3.0 – May 18, 2017

The American Association of Port Authorities hosted a webinar regarding the FY2017 Port Security Grant Program. Duane Davis, East Section Chief for the Port Security Grant Program presented during the webinar.

Summary:

  • Notice of Funding Opportunity announcement expected June 2, 2017.
  • Grant applications will need to be submitted to FEMA by June 21, 2017.
  • Anticipated to be for the same amount as FY2016, $100,000,000.00.
  • Funding priorities remain the same as 2016:
    • Enhancing Maritime Domain Awareness
    • TWIC Readers
    • Cybersecurity Capabilities
    • Training and Exercises, etc.
  • Cost sharing remains the same as 2016, 25/75 split.

The timeframe from the NOFO announcement to application due date is only 21 days or 3 weeks. This is a very tight timeframe to get all the necessary registrations and Investment Justification (IJs) completed.

Failing to complete the following steps will likely result in an invalid application:

  • Verifying, updating, or applying for a DUNS
  • Updating or verifying SAM
  • Register and establish a AOR
  • Submit application in Grants.gov
  • Applying for, updating or verifying your EIN (can take up to 2 weeks!)
  • Submitting the final application in NDGrants

Mr. Davis stated to get the above done as soon as possible, hopefully already started. Don’t wait or it might be too late.

To read more about the PSCP, click here.

Chemical Sector Security Summit

For the first time after 10 years, the annual Chemical Sector Security Summit will be held outside the D.C. area in Houston, Texas. The summit is scheduled to take place in July 2017.

This year’s Summit will feature vital chemical security information for 2017 and beyond, while bringing together industry owners and operators, key government officials, first responders, and law enforcement to engage in face-to-face discussions and share the latest in security best practices.

Summit registration will open in spring 2017, along with updates on the venue, agenda, and speakers.

For more information, click here.

CFATS Quarterly Update

On April 4, 2017, the Department of Homeland Security (DHS) began issuing tiering notifications to Chemical Facility Anti- Terrorism Standards (CFATS) regulated facilities based on the results of DHS’s new enhanced risk-tiering methodology.

To date, approximately 12,000 updated Top-Screens have been received from the 27,000 facilities that previously reported holdings of chemicals of interest (COI) at or above the screening threshold quantity.

DHS has sent out over 10,000 tiering determination letters to facilities that have submitted new Top-Screens. Tiering letters are being prioritized based on when DHS received the facility Top-Screen, upcoming compliance inspection schedules, and to consider workload for submitters that have a high number of covered facilities with changes.

Over the next 18 months we will continue to notify facilities of the requirement to submit new Top-Screens and issue tiering decisions on a rolling basis.

I’ve Received a Tiering Letter, Now What?

As facilities receive tiering letters, their next steps will depend on their results.

Facilities new to the CFATS program will be required to submit security plans. If a current facility receives a revised tiering assessment, it does not necessarily mean that it will be required to submit a Site Security Plan (SSP)/Alternative Security Program (ASP).

Facilities should review their tiering letter along with their approved SSP/ASP to determine whether it meets the security measures associated with all the chemicals of interest (COI), specific security issues (Theft/Diversion, Release, or Sabotage), and tiers in the letter. If not, an SSP/ASP update may be required.

Examples of situations in which a facility will need to update its SSP may include:

  • Facilities that add a newly tiered COI, which is located in a new asset area not currently addressed in the SSP/ASP;
  • Facilities that increase in tier and do not have sufficient security measures to account for the higher tier;
  • Facilities with an added security concern from a current COI that lacks sufficient security measures to account for the new security concern.

For example, if a facility possesses chlorine tiered for “theft/diversion” but now must also account for chlorine as a “release” concern, the existing SSP/ASP would need to be revised to include security measures to address risks associated with release COI.

DHS will assess facilities on a case-by-case basis to ensure security measures are appropriate to their level of risk.

2017 Port Security Grant Program (PSGP) Update 2.0 – May 2017

Port Security Grants possibly announced in two weeks.

FEMA Grant Programs Directorate provided a presentation regarding the FY2017 Port Security Grant Program (PSGP).

Summary:

  • Announcement expected May 19, 2017.
  • Grants will need to be submitted to FEMA by June 19, 2017.
  • Anticipated to be for the same amount as FY2016, $100,000,000.00.
  • Funding priorities remain the same as 2016:
    • Enhancing Maritime Domain Awareness
    • TWIC Readers
    • Cybersecurity Capabilities
    • Training and Exercises, etc.
  • Cost sharing remains the same as 2016, 25/75 split.

To read more about the PSCP, click here and here.

DHS Issues Tiering Letters

Yesterday, the DHS Infrastructure Security Compliance Division began sending out tiering letters to facilities that recently submitted Top Screens using the new CSAT 2.0 tool.

You will receive an email for DHS stating that “A New CSAT Letter is Available for Your Facility Survey”. You will need to log in to your CSAT account and acknowledge receipt of the letter.

To read more about CSAT 2.0 Top Screens, click here and here.

TWIC Reader Clarification

Recently the Coast Guard shared a blog post to clarify the TWIC Reader Requirements Final Rule regarding CDC facilities.

The rule applies to facilities that are considered a Certain Dangerous Cargo (CDC) facility. These facilities are designated as Risk Group A facilities and will be expected to comply with the TWIC reader rule requirements effective August 23, 2018.

The blog post clarifies what a CDC facility is. According to PAC Decision 20-04 Certain Dangerous Cargo Facilities, in “order for a facility to be classified as a CDC facility, a vessel-to-facility interface must occur, or be capable of occurring, and involve the transfer of CDC’s in bulk”.

Blog can be read here and PAC 20-04 can be found here. To read more about the TWIC Reader Requirements Final Rule, click here.

TSA Critical Pipeline Update

Excerpts from Surface Division Director Sonya Proctor:
“TSA has completed corporate security reviews on all of the nation’s top 100 pipeline systems, which collectively transport 84 percent of the nation’s energy. Through the program, TSA evaluates operator implementation of the pipeline security guidelines.”

“To ensure we remain vigilant, TSA works closely with the pipeline industry, which consists of approximately 3,000 private companies who own and operate the Nation’s pipelines. Because they are usually unstaffed, securing pipeline facilities requires a collaborative approach across government and industry. TSA has established effective working relationships to ensure strong communication and sharing of intelligence, training resources, best practices, and security guidelines. Pipeline system owners and operators maintain direct responsibility for securing pipeline systems. TSA’s role is to support owners and operators by identifying threats, developing security programs to address those threats, and encouraging and assisting the implementation of those security programs.”

TSA Inspectors at MTSA Facilities? – Happening Now

The USCG has issued Marine Safety Information Bulletin (MSIB) 01-16 that specifies that TSA inspectors will be accompanying USCG inspection personnel when inspecting MTSA regulated facilities to verify TWIC compliance. Some of our clients have already experienced this.

The USCG is the lead agency for enforcement for MTSA regulated vessels and facilities, and TSA is the lead agency to pursue civil enforcement against individuals engaged in TWIC credential alteration and fraudulent use. The USCG implements its TWIC Enforcement Program at regulated vessels and facilities to ensure that TWIC programs are in compliance with approved Vessel and Facility Security Plans. The USCG verifies this onsite during inspections both visually and with the use of handheld portable TWIC readers.

TSA’s Office of Security Operations has initiated a field inspection program for their Transportation Security Inspectors-Surface (TSI-S) to conduct visual and electronic TWIC inspections at MTSA regulated facilities. It is anticipated, at least initially, that the TSI Inspectors will accompany Coast Guard personnel during Coast Guard led security inspections. However, the TSA has the authority to conduct inspections independently and should be provided relevant portions of the FSP in the areas of TWIC compliance and overall access control.

It is important to remember that ensuring that only authorized TWIC holders desiring unescorted access into Secure Areas of the vessels and facilities remains the responsibility of the VSO/FSO.

Common MTSA Facility Violations

Recently the Coast Guard listed the most common MTSA Facility Violations.  This is a good list to ensure your program is ready for their next inspection.  This is also a good list to pass on to the guard force:

Typical deficiencies areas:

  • Access Control
  • Restricted Areas
  • Drills and Exercises
  • Owner/Operator Requirements
  • Audits and VSP/FSP Amendments

Most common deficiencies noted on inspection are:

Failure to secure access points:

  • Gates left open or unattended.
  • Facilities failing to provide an escort for persons without TWIC.

Failure to check identification:

  • Individuals gaining access to facilities by piggy backing.
  • Security personnel failing to properly screen vehicles and personnel entering the facility.

Damage to perimeter fencing:

  • Holes found in perimeter fence.
  • Vegetation growing over fence line, allowing unauthorized access to occur.
  • Emergency egress gates not secure.

Missing signage:

  • Missing or improperly placed Secure Area and Restricted Area signage.

Misunderstanding or not knowing the security procedures as stated in the approved FSP:

  • Facility personnel or contract guard services failing to conduct screening at the rate specified in their FSP.
  • Facility personnel or contract guard services not properly trained on relevant provisions of the FSP.

Restricted Areas not properly marked.

  • Areas where FSP is stored (offices, file cabinets, etc.) not containing proper signage designating the area as a Restricted Area.
  • Facilities missing “Restricted Area” signage, for example:
    • Facility perimeter
    • Server rooms
    • Control centers

Not storing required documentation within a Restricted Area:

  • Sensitive Security Information (SSI) not kept in an area designated as a Restricted Area.

Drills and Exercises:

  • Failing to perform security drills in 3 month intervals.
  • Failing to perform an annual security exercise.
  • Failing to label drill and exercise documentation as SSI and store properly.
  • Failure to maintain drill and exercise records.

Improper notifications to USCG:

  • Breaches of security not immediately reported to USCG or National Response Center.
  • FSPs not being submitted for renewal prior to the expiration date.
  • FSPs containing unapproved changes and amendments.

Training:

  • Facility owners or operators failing to notify facility employees of what parts of the facility are secure areas and public access areas and ensuring such areas are clearly marked.
  • Facilities failing to train personnel with security duties; including facility personnel, contract security guard service, and/or TWIC escort companies on relevant provisions of the FSP.

Proper FSP Updating:

  • Owner/Operator failing to ensure annual audits of the FSP are conducted by persons with requisite knowledge as required by the regulation.
  • Current list of FSOs not updated in the FSP.
  • Owner/Operator section of FSP missing TWIC requirements.
  • Failing to designate a FSO and failing to designate a 24hr contact number for FSO.

Proper Implementation of FSP:

  • Owner/Operator failing to ensure that the facility operates in accordance with the approved FSP.
  • Facilities failing to follow incident procedures outlined in approved FSP.
  • Facilities failing to provide security personnel with the ability to monitor video surveillance systems per approved FSP.

Failure to conduct annual audits:

  • Facilities failing to conduct an annual audit of the FSP.
  • Failing to provide certifying documentation of annual audit.
  • Failing to follow audit requirements in accordance with the regulation.
  • Facilities failing to review the FSP and submit changes to the USCG for approval.
  • Failing to update the FSA each time the FSP is submitted for revisions.

Remember, an FSP is not a “binder on the shelf”, but a security operating plan that must be fully implemented and followed in every day operations.