Skip to main content

Critical Infrastructure Protection: Observations on DHS Efforts to Implement and Manage its Chemical Security Program

GAO-14-608T Published: May 14, 2014. Publicly Released: May 14, 2014.
Jump To:
Skip to Highlights

Highlights

What GAO Found

In managing its Chemical Facility Anti-Terrorism Standards (CFATS) program, the Department of Homeland Security (DHS) has a number of efforts underway to identify facilities that are covered by the program, assess risk and prioritize facilities, review and approve facility security plans, and inspect facilities to ensure compliance with security regulations.

Identifying facilities. DHS has begun to work with other agencies to identify facilities that should have reported their chemical holdings to CFATS, but may not have done so. DHS initially identified about 40,000 facilities by publishing a CFATS rule requiring that facilities with certain types and quantities of chemicals report certain information to DHS. However, a chemical explosion in West, Texas last year demonstrated the risk posed by chemicals covered by CFATS. Subsequent to this incident, the President issued Executive Order 13650 which was intended to improve chemical facility safety and security in coordination with owners and operators. Under the executive order, a federal working group is sharing information to identify additional facilities that are to be regulated under CFATS, among other things.

Assessing risk and prioritizing facilities. DHS has begun to enhance its ability to assess risks and prioritize facilities. DHS assessed the risks of facilities that reported their chemical holdings in order to determine which ones would be required to participate in the program and subsequently develop site security plans. GAO's April 2013 report found weaknesses in multiple aspects of the risk assessment and prioritization approach and made recommendations to review and improve this process. In February 2014, DHS officials told us they had begun to take action to revise the process for assessing risk and prioritizing facilities.

Reviewing security plans. DHS has also begun to take action to speed up its reviews of facility security plans. Per the CFATS regulation, DHS is to review security plans and visit the facilities to make sure their security measures meet the risk-based performance standards. GAO's April 2013 report found a 7- to 9-year backlog for these reviews and visits, and DHS has begun to take action to expedite these activities. As a separate matter, one of the performance standards—personnel surety, under which facilities are to perform background checks and ensure appropriate credentials for personnel and visitors as appropriate—is being developed. Of the facility plans DHS had reviewed as of February 2014, it conditionally approved these plans pending final development of the personal surety performance standard. According to DHS officials, it is unclear when the standard will be finalized.

Inspecting to verify compliance. In February 2014, DHS reported it had begun to perform inspections at facilities to ensure compliance with their site security plans. According to DHS, these inspections are to occur about 1 year after facility site security plan approval. Given the backlog in plan approvals, this process has started recently and GAO has not yet reviewed this aspect of the program.

Why GAO Did This Study

Facilities that produce, store, or use hazardous chemicals could be of interest to terrorists intent on using toxic chemicals to inflict mass casualties in the United States. As required by statute, DHS issued regulations establishing standards for the security of these facilities. DHS established the CFATS program to assess risk at facilities covered by the regulations and inspect them to ensure compliance.

This statement provides observations on DHS efforts related to the CFATS program. It is based on the results of previous GAO reports issued in July 2012 and April 2013 and a testimony issued in February 2014. In conducting the earlier work, GAO reviewed DHS reports and plans on the program and interviewed DHS officials.

Recommendations

In a July 2012 report, GAO recommended that DHS measure its performance implementing actions to improve its management of CFATS. In an April 2013 report, GAO recommended that DHS enhance its risk assessment approach to incorporate all elements of risk, conduct a peer review, and gather feedback on its outreach to facilities. DHS concurred and has taken actions or has actions underway to address them.

Full Report

Office of Public Affairs

Topics

Chemical industryCritical infrastructure protectionFacility securityHomeland securityInternal controlsNitratesReporting requirementsRisk assessmentRisk managementSecurities regulationStandardsTerroristsInformation sharing