In a report delivered to the House Subcommittee on Homeland Security, the Government Accountability Office (GAO) said the Department of Homeland Security (DHS) is making progress in correcting mismanagement of its Chemical Security Anti-Terrorism Standards (CFATS) program.
The DHS established the CFATS program to assess the risk, if any, posed by chemical facilities; place high-risk facilities in one of four risk-based tiers; require high-risk facilities to develop security plans; review these plans; and inspect the facilities to ensure compliance with the regulatory requirements.
Internal memo
But a November 2011 internal memorandum by the director of DHS’s Infrastructure Security Compliance Division (ISCD) indicated that implementation of the CFATS program was being stalled by multiple internal problems. One major consequence is that the ISCD has not approved any site security plans or carried out any compliance inspections of regulated facilities.
The ISCD director listed various reasons for the lack of movement, including poor staffing decisions by ISCD officials; difficulty establishing a team culture that promotes professionalism, respect, and openness; a lack of measurable employee performance goals and unclear performance and conduct standards; and potential delays associated with notifying the ISCD inspector union about policies, procedures, and processes.
The slow pace of the site security plan approval process was attributed to the lack of an established inspection process and the lack of a records management system to document key decisions.
Other problems included an over-reliance on contractors, insufficient and inconsistent support by the offices that oversee human capital needs, and insufficient controls regarding the use of inspector vehicles, purchase cards, and travel.
Action list
The ISCD responded to the memo by developing a 94-item action plan to correct deficiencies and track progress. The GAO report focused on this work. The GAO found that as of June 2012, the ISCD reported that 38 of the 94 action items had been completed. The completed items were associated with “culture and human resources, contracting, and documentation.” For example, said GAO, one completed item was a survey of ISCD staff to obtain their opinions on program strengths and challenges and recommendations for program improvements. Other completed items involved quality control for compliance and enforcement activities.
The GAO states that the remaining 56 action items include those requiring longer-term efforts–e.g., , streamlining the process for reviewing facility security plans and developing facility inspection processes. Some of these measures require completion of other items in the plan or are awaiting other actions, such as approvals by ISCD leadership.
Security plans
ISCD officials told the GAO that delays in approving security plans could be corrected by improving the consistency of quality in submitted plans and dedicating trained ISCD staff to work with facilities to review and approve them. The GAO states that the ISCD developed an interim review process for backlogged Tier 1 security plans with the goal of completing reviews by the end of the calendar year. According to the GAO, the ISCD was supposed to have completed a new process to review security plans in July 2012.
“The development of a new security plan review process may be critical to the effective implementation of the CFATS program,” says the GAO. According to one ISCD official, compliance inspections cannot begin until the ISCD reviews and approves a facility’s site security plan. In March 2012, the official estimated that it could take at least 18 months for the ISCD to complete its first compliance inspections. In commenting on the GAO draft report, ISCD officials stated that inspections for all of the approximately 4,500 tiered facilities could take several years, contingent on available resources.
The GAO recommended that the DHS look for opportunities to measure its progress in implementing the action items. The DHS concurred with the recommendation.
GAO’s report is at http://www.gao.gov/assets/600/593020.pdf.