Disclaimer
This presentation is the property of its rightful owner.
Sponsored Links
1 / 30

Disclaimer PowerPoint PPT Presentation


  • 65 Views
  • Uploaded on
  • Presentation posted in: General

Disclaimer.

Download Presentation

Disclaimer

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Disclaimer

Disclaimer

The following information was presented by Matthew Bettridge of the Chemical Security Compliance Division of DHS on June 12, 2007 at the 2007 Chemical Sector Security Summit in Falls Church, VA. The information contained in this presentation is for information only and should not be construed as complete for compliance purposes.


Chemical security assessment tool csat

Overview

Chemical Security Assessment Tool (CSAT)

June 2007

Chemical Security Compliance Division

Office of Infrastructure Protection

National Protection and Programs Directorate


Chemical security assessment tool csat overview

Chemical Security Assessment Tool (CSAT) Overview

  • Chemical Security - The Mission

  • Requirements in Developing the CSAT

  • CSAT Process and Applications

    • User registration

    • Screening questionnaire (Top-Screen)

    • Security Vulnerability Assessment tool (SVA)

    • Site Security Plan (SSP) template

  • Information Protection

  • Status / Next Steps


Chemical security the mission

Chemical Security – The Mission

  • P.L. 109-295 requires the Department to regulate chemical facilities that present a high level of security risk with priority on highest risk facilities. The IFR must:

    • Identify “high security risk” facilities

    • Develop Risk Based Performance Standards (RBPS) for security at chemical facilities

    • Approve and disapprove SVA and SSP

    • Perform Inspections to confirm facility security is in accordance with SSP

    • Enforce facility compliance and seek remedies

    • Manage objections and appeals process

    • Receive, manage, store, and restrict access to Chemical-terrorism Vulnerability Information

    • Provide Consultations and Technical Assistance upon request


Chemical security compliance division cscd requirements in developing csat

Chemical Security Compliance Division (CSCD) Requirements in Developing CSAT

  • Protect facility-specific and aggregated data

  • Collect, catalog, and segregate data from a large number of chemical facilities

  • Support and inform the determination of a facility’s regulatory status and tier ranking

  • Enable automation whenever practical, possible, and appropriate

  • Integrate and operate the IT system within enterprise architecture policy mandates as well as Federal constraints imposed on regulatory data collection regimes


High level view the csat process

High Level View – The CSAT Process

Notify user of CVI responsibilities and restrictions

Top-Screen

Register CSAT Users

Security

VulnerabilityAssessment

Site Security Plan

Facility Tier

and Asset Specific

Security Issue(s)

Validate

Facility, Preparer,

Submitter & Authorizer

information

Preliminary

Approval

Exempted or not

covered at this time

or

Preliminary Facility

Tier

Reviewer

Invited by known

& trusted user

Inspection for

Final Approval


User registration

User Registration

  • Registration began on April 6th and will continue for as long as the Rule is in force

  • Go to www.dhs.gov/chemicalsecurity to register

  • Regarding Authorizers, Submitters, and Preparers

    • Each facility must have an Authorizer, Submitter, and Preparer

    • The roles may be consolidated with one person or split between three people

    • Each user will have a unique user name and password

  • Reviewers invited with the Top-Screen

  • Register prior to publication of Appendix A to ensure your facility has the full 60 days to complete the Top Screen


Registration process

Registration Process

  • Go to www.dhs.gov/chemicalsecurity. Click “Register Now”

  • Type in Captcha

  • Complete Submitter and Authorizer information. Click “Continue to Facility Information”

  • Complete Facility Information

  • On the same page complete the associated Preparer information

    • If another facility click “Add Another Facility”

    • If no other facilities associated with the Submitter & Authorizer click “Complete”


Example user role structures

Example User Role Structures


User information collected

User Information Collected


Adding a facility

Adding a Facility


Complete the registration process

Complete the Registration Process

  • After last facility & Preparer click “complete”

  • Download PDF Form

  • Sign and send to DHS

  • Email with username & temp password will be sent


User role consolidation

User Role Consolidation

  • Complete a new registration

  • New users names are created

  • Use transfer account access to consolidate user accounts


Csat user roles

CSAT User Roles


To p s creen adding a reviewer

Top Screen: Adding a Reviewer

  • Selecting a reviewer is optional

  • Added by a known CSAT user

  • May be added while the Top-Screen is active

  • May be an existing user or new user

  • New users sent an e-mail (no PDF for signature)

  • Subject to the same requirements as other CSAT users


Csat users consultants

CSAT Users & Consultants

  • DHS expects that consultants who assist facilities in complying with 6 CFR Part 27 are CVI authorized users.

  • If a facility wishes to have a private consulting company support them in completing CSAT the facility may register a person as the Preparer or invite the individual as a Reviewer.


Cvi disclaimer

CVI Disclaimer

  • All CSAT Users must accept to enter Top Screen

  • Ensures CVI tier letters may be sent to CSAT Users


To p s creen what does it do

Top Screen: What does it do?

  • Identifies the security issue(s) at a facility using the DHS Chemicals of Interest list:

    • Risk to public health and safety

    • Potential targets for theft and/or diversion of potential chemical weapons or explosive precursor

    • Reactive chemicals stored in transportation containers

    • Concentrated capacity, the loss of which poses a risk to the economy or to the delivery of mission critical functions

  • Enables DHS to directly inform a facility of its status and/or preliminary tier by letter


Top screen addresses specific security issues

Top Screen: Addresses Specific Security Issues

  • Risk to public health & safety Release: (deaths & injuries)

    • In-situ release of toxics chemicals

    • In-situ release and ignition of flammable chemicals

    • In-situ release/detonation of explosives chemicals

  • Potential targets for theft or diversion: (presence of chemical)

    • Chemical weapons and precursors

    • Weapons of mass effect

    • IED Precursors

  • Reactive and stored in transportation containers: (presence of chemical)

    • Chemicals that react with water to generate poison gasses

  • Critical to essential government missions: (facility specific basis)

  • Critical to the national or regional economy: (facility specific basis)


Top screen how does public health and safety tiering work

Top Screen: How does public health and safety tiering work?

  • Deaths and injuries are calculated using a variation of the EPA Risk Management Program (RMP) worst case scenario methodology

  • DHS’s approach adjusts the RMP*Comp exposed population estimate to account for the safety perspective:

    • Single container breach assumption

    • Residential population only

    • EPRG-2 exposure limit

    • 25 mile cutoff limit in RMP Comp

    • Uniform population density

  • DHS estimates predictable deaths and injuries that would be considered Urgent or Priority in normal medical triage

  • Process validated through independent expert panel


Post to p s creen letter from dhs

Post Top Screen Letter from DHS

  • DHS letter to a facility is protected under CVI and includes:

    • Preliminary facility tier

    • Chemicals at the facility to address in the SVA

    • Security issue associated with the identified chemical(s)

    • Next steps required by the facility


Security vulnerability assessment sva

Security Vulnerability Assessment (SVA)

  • Follows the SVA approach established by CCPS and others

    • Asset Characterization: assets associated with chemicals identified in the post Top-Screen letter

    • Threat Characterization: specific scenarios prescribed by CSAT

    • Consequence Analysis: potential consequence of scenarios against identified assets

    • Vulnerability Analysis: security measures in place to mitigate or reduce the likelihood of success of an attack on an asset

  • Cyber vulnerability assessment included

  • Tier 4 facilities upload ASPs for review


Locating critical assets

Locating Critical Assets

  • CSAT provides up to 1m resolution

  • Enables a facility to upload image if necessary


Identify attack location

Identify Attack Location

  • Each critical asset is identified

  • The location of attack is identified

  • Judgment of preparer and submitter as to impacts

  • Reasonableness verified during inspection


Sva output

SVA Output

  • Informs tier of each critical asset based on potential consequences

  • Final facility tier based on highest asset-specific tier

  • Generates a CVI protected letter to each facility that includes:

    • Final facility tier

    • Asset specific tier ranking and the associated security issue

    • Defines the next steps required by the facility

  • Information in post-SVA letter used by facility during CSAT SSP to identify the applicable RBPS based on asset tiers and security issues


Site security plan ssp content

Site Security Plan (SSP) Content

  • All critical assets in the post-SVA letter must be addressed in the SSP

  • All security measures in place or planned to achieve the applicable RBPS

  • Review of SSPs will be prioritized based upon SVA results

  • Facilities may upload ASPs for consideration


Information protection

Information Protection

  • Chemical-terrorism Vulnerability Information

    • Handling manual, web-based training, FAQs, and Work Products Guide available soon on www.dhs.gov/chemicalsecurity website

    • CVI User Authorization Request form and Non-disclosure Agreement Form sent to CSAT helpdesk

    • Unique identification # will be sent to authorized users

    • Being a CVI Authorized User does not constitute need to know

    • Presently, CSAT users agree to a disclaimer statement prior to beginning the Top Screen

  • CVI in enforcement proceedings will be treated as classified information

  • DHS has formally classified:

    • Formulas, calculations, tiering thresholds

    • Information that would inform terrorist targeting


Status and next steps

Status and Next Steps

  • User Registration operational

  • Top-Screen operational

  • SVA under development; operational in late-summer

  • SSP under development, operational in early in 2008

  • Follow-on capability enhancements to CSAT

    • Integrated RMP*Comp calculations

    • Management of facility user roles by Authorizer

    • Personnel Surety portal to Terrorism Screening Database

    • Improved integration of CVI & CSAT

    • User suggestions?


Top screen previews

Top Screen Previews

  • Small group demonstrations are available throughout the conference

  • Sign up for the top screen demos at the main registration table

  • Opportunity to review the Top Screen

  • Ask questions and get answers


Disclaimer

  • www.dhs.gov/chemicalsecurity

  • CSAT helpdesk can assist you

  • CSCD welcomes your comments and suggestions for improvement to CSAT


  • Login