CHEMICAL SECURITY:

The Chemical Facility Anti-Terrorism Standards (CFATS) is an unprecedented regulation aimed at enhancing the security of the nation’s highest risk chemical facilities. Unlike prescriptive regulations, CFATS utilizes risk-based performance standards and requires regulated chemical facilities to complete a Security Vulnerability Assessment (SVA) and a Site Security Plan (SSP), among other things. CFATS took effect on June 8, 2007, and “Appendix A” – which helps determine whether (and to what extent) a chemical facility may be regulated – was published in late 2007. 

Facilities that continue to be classified as “high risk” following DHS review of their SVAs receive a final tier letter assigning them to one of four risk tiers that require increasingly stringent levels of security.  Each of these facilities must submit a SSP to DHS that addresses the vulnerabilities identified in its SVA. As of December 2011, DHS has classified approximately 115 facilities as final Tier 1s, 464 facilities as final Tier 2s, 1,096 facilities as final Tier 3s, and 2,070 facilities as final Tier 4s. Another 677 facilities have been preliminarily tiered by DHS.

While Congress ordered the Department of Homeland Security (DHS) to develop and enforce implementing regulations, it left significant areas of law and policy unresolved. In particular, the authority of DHS to regulate chemical facilities beyond 2012 remains an open question, though all sides agree that CFATS is here to stay.

TRANSPORTATION SECURITY:

The Transportation Security Administration (TSA) and the Pipeline and Hazardous Materials Safety Administration (PHMSA) have each published their own rail security regulations. These regulations give special attention to the transportation, storage, and custody of some hazardous materials (including toxic inhalation hazards). Because chemical manufacturing and transportation require an integrated approach to security across the entire supply chain, CFATS must be considered in light of TSA and PHMSA regulations, and vice versa. Furthermore, Congress included additional surface transportation security requirements as part of the law implementing the recommendations of the 9/11 Commission in August 2007.

The Department of Transportation’s (DOT’s) HM-232 regulations aim to enhance the security of hazardous materials transported in commerce (by truck and rail). HM-232 requires shippers of certain hazardous materials to develop and adhere to a transportation security plan and train relevant employees regarding the security plan.

IDENTIFICATION & CREDENTIALING:

The Transportation Worker Identification Credential (TWIC) is a tamper-resistant, biometric identification card required for all individuals who require unescorted access to secure areas of Maritime Transportation Security Act (MTSA)-regulated facilities and vessels. To obtain a TWIC, an individual must successfully pass a security threat assessment and provide biometric information to TSA. As of December 2011, TSA has issued over 1.9 million TWICs.

COMPLIANCE & ENFORCEMENT ACTIONS:

Homeland security regulations create enhanced compliance demands for the regulated community. Ensuring compliance requires a comprehensive knowledge of the law and the implementing regulations. Critical infrastructure owners and operators can no longer rely on their Washington federal affairs offices or industry trade organizations to provide the detailed information and insight that is now required. Proper compliance necessitates an understanding of the relationship among related regulations that appear distinct (e.g. CFATS and TWIC). When enforcement actions do occur, lawyers with homeland security expertise are ideally positioned to achieve the fairest resolution in the shortest time.