Critical Infrastructure Protection: DHS Is Taking Action to Better Manage Its Chemical Security Program, but It Is Too Early to Assess Results
Highlights
What GAO Found
The November 2011 memorandum that discussed the management of the Chemical Facility Anti-Terrorism Standards (CFATS) program was prepared based primarily on the observations of the former Director of the Department of Homeland Securitys (DHS) Infrastructure Security Compliance Division (ISCD), a division of the Office of Infrastructure Protection (IP) within the National Protection and Programs Directorate (NPPD). The memorandum was intended to highlight various challenges that have hindered ISCD efforts to implement the CFATS program. According to the former Director, the challenges facing ISCD included not having a fully developed direction and plan for implementing the program, hiring staff without establishing need, and inconsistent ISCD leadershipfactors that the Director believed place the CFATS program at risk. These challenges centered on three main areas: (1) human capital issues, including problems hiring, training, and managing ISCD staff; (2) mission issues, including problems reviewing facility plans to mitigate security vulnerabilities; and (3) administrative issues, including concerns about NPPD and IP not supporting ISCDs management and administrative functions.
ISCD has begun to take various actions intended to address the issues identified in the ISCD memorandum and has developed a 94-item action plan to track its progress. According to ISCD managers, the plan appears to be a catalyst for addressing some of the long-standing issues the memorandum identified. As of June 2012, ISCD reported that 40 percent (38 of 94) of the items in the plan had been completed. These include directing ISCD managers to meet with staff to involve them in addressing challenges, clarifying priorities, and changing ISCDs culture; and developing a proposal to establish a quality control function over compliance activities. The remaining 60 percent (56 of 94) that were in progress include those requiring longer-term effortsi.e., streamlining the process for reviewing facility security plans and developing facility inspection processes; those requiring completion of other items in the plan; or those awaiting action by others, such as approvals by ISCD leadership. ISCD appears to be heading in the right direction, but it is too early to tell if corrective actions are having their desired effect because ISCD is in the early stages of implementing them and has not yet established performance measures to assess results.
According to ISCD officials, almost half of the action items included in the June 2012 action plan require ISCD collaboration with or action by NPPD and IP. The ISCD memorandum stated that IP and NPPD did not provide the support needed to manage the CFATS program when the program was first under development. ISCD, IP, and NPPD officials confirmed that IP and NPPD are now providing needed support and stated that the action plan prompted them to work together to address the various human capital and administrative issues identified.
Why GAO Did This Study
The events of September 11, 2001, triggered a national re-examination of the security of facilities that use or store hazardous chemicals in quantities that, in the event of a terrorist attack, could put large numbers of Americans at risk of serious injury or death. As required by statute, DHS issued regulations that establish standards for the security of high-risk chemical facilities. DHS established the CFATS program to assess the risk posed by these facilities and inspect them to ensure compliance with DHS standards. ISCD, a division of IP, manages the program. A November 2011 internal ISCD memorandum, prepared by ISCD senior managers, expressed concerns about the management of the program. This statement addresses (1) how the memorandum was developed and any challenges identified, (2) what actions are being taken in response to any challenges identified, and (3) the extent to which ISCDs proposed solutions require collaboration with NPPD or IP. GAOs comments are based on recently completed work analyzing the memorandum and related actions. GAO reviewed laws, regulations, DHSs internal memorandum and action plans, and related documents, and interviewed DHS officials.
In a July 2012 report, GAO recommended that ISCD explore opportunities to develop measures, where practical, to determine where actual performance deviates from expected results. ISCD concurred and has taken action to address the recommendation.
For more information, contact Cathleen A. Berrick, (202) 512-8777, BerrickC@gao.gov.