Chemical plant securityMeasuring DHS effectiveness monitoring chemical plant safety standards

Published 31 July 2012

The events of 9/11 triggered a national re-examination of the security of facilities that use or store hazardous chemicals in quantities which, in the event of a terrorist attack, could put large numbers of Americans at risk of serious injury or death; the GAO issued a report on how DHS ensures compliance with chemical facilities security standards

The events of 9/11 triggered a national re-examination of the security of facilities that use or store hazardous chemicals in quantities which, in the event of a terrorist attack, could put large numbers of Americans at risk of serious injury or death.

GAO notes that DHS, as required by statute, issued regulations that establish standards for the security of high-risk chemical facilities. DHS established the Chemical Facility Anti-Terrorism Standards (CFATS) program to assess the risk posed by these facilities and inspect them to ensure compliance with DHS standards.

The Infrastructure Security Compliance Division (ISCD), a component of Office of Infrastructure Protection (IP), manages the program. A November 2011 internal ISCD memorandum, prepared by ISCD senior managers, has raised concerns about the management of the program.

In 26 July testimony before the Subcommittee on Homeland Security, Committee on Appropriations, GAO’s Stephen Caldwell focused on (1) how the memorandum was developed and any challenges identified; (2) what actions are being taken in response to any challenges identified; and (3) the extent to which ISCD’s proposed solutions require collaboration with the National Protection and Programs Directorate (NPPD) or IP.

Caldwell said that GAO’s comments were based on recently completed work analyzing the memorandum and related actions. GAO reviewed laws, regulations, DHS’s internal memorandum and action plans, and related documents, and interviewed DHS officials.

What GAO found
The November 2011 memorandum that discussed the management of the CFATS program was prepared based primarily on the observations of the director of DHS Infrastructure Compliance Security Division (ISCD), a component of the Office of Infrastructure Protection (IP) within the National Protection and Programs Directorate (NPPD). The memorandum was intended to highlight various challenges that have hindered ISCD efforts to implement the CFATS program.

According to the director, the challenges facing ISCD included not having a fully developed direction and plan for implementing the program, hiring staff without establishing need, and inconsistent ISCD leadership — factors that the director believed place the CFATS program at risk. These challenges centered on human capital issues, including problems hiring, training, and managing ISCD staff; mission issues, including overcoming problems reviewing facility plans to mitigate security vulnerabilities and performing compliance inspections; and administrative issues, including concerns about NPPD and IP not supporting ISCD’s management and administrative functions.

ISCD has begun to take various actions intended to address the human capital management, mission, and administrative issues identified in the ISCD memorandum and has developed a 94-item action plan to track its progress. According to ISCD managers, the plan appears to be a catalyst for addressing some of the long-standing issues the memorandum identified.

As of June 2012, ISCD reported that 40 percent (38 of 94) of the items in the plan had been completed. These include (1) requiring ISCD managers to meet with staff to involve them in addressing challenges, clarifying priorities, and changing ISCD’s culture; and (2) developing a proposal to establish a quality control function over compliance activities. The remaining 60 percent (56 of 94) that were in progress include those requiring longer-term efforts —  that is, streamlining the process for reviewing facility security plans and developing facility inspection processes; those requiring completion of other items in the plan; or those awaiting action by others, such as approvals by ISCD leadership.

GAO says that ISCD appears to be heading in the right direction, but it is too early to tell whether individual items are having their desired effect because ISCD is in the early stages of implementing corrective actions and has not established performance measures to assess results.

Moving forward, exploring opportunities to develop measures, where practical, to determine where actual performance deviates from expected results, consistent with internal control standards could help ISCD better identify any gaps between actual and expected results so that it can take further action, where needed. For example, as ISCD develops a new security plan review process, it could look for ways to measure the extent to which the time to do these reviews has been reduced as compared with the time needed under the current review process.

According to ISCD officials, almost half of the action items included in the June 2012 action plan require ISCD collaboration with or action by NPPD and IP. The ISCD memorandum stated that IP and NPPD did not provide the support needed to manage the CFATS program when the program was first under development. ISCD, IP, and NPPD officials confirmed that IP and NPPD are providing needed support and stated that the action plan prompted them to work together to address the various human capital and administrative issues identified.

GAO recommends that DHS look for opportunities, where practical, to measure its performance implementing actions items. DHS concurred with the recommendation.