Funding Uncertainties Surround CFATS, Other DHS Security Programs
Coming into effect in 2007, the Chemical Facility Anti-Terrorism Standards (CFATS) program initiated the first-ever security regulation of the chemical sector. Notably, CFATS does not recommend specific security technologies or solutions. Rather, 18 Risk-Based Performance Standards (RBPS) have been established to help chemical facilities select and implement security measures to mitigate vulnerabilities and manage risk. This broader application allows suppliers and integrators the opportunity to work with individual facilities to address their unique security challenges.
Yet progress in legislating and implementing CFATS has proven much slower than expected. To learn more about federal funding concerns with CFATS and other security-related programs created in the wake of 9/11, SSI spoke with Don Erickson, director of government relations for the Security Industry Association (SIA).
What barriers are preventing the wider expansion of CFATS?
In the current economic climate there isn’t expected be a tremendous amount of new funding for CFATS. Congress has passed in two of its committees legislation to reauthorize the CFATS program and extend it from five to seven years. However, they have not authorized a tremendous amount of funding that would go to chemical facilities for the adoption of security solutions. Chemical facilities will have to use existing funds or they could apply for other grant programs, but they will have to fight against other competing authorized use of those funds.
Also, there is the risk within CFATS reauthorization for the 18 Risk-Based Performance Standards to be revisited legislatively. Our industry likes how [RBPS] are currently administered. However, they could start prescribing to chemicals facilities the solution they would need and that could box out certain integrators, in particular, from leveraging opportunities to work on CFATS projects.
The other dynamic is there are gaps in CFATS coverage. Certain facilities are not subject to the program. Two of them are safe drinking water facilities and waste water treatment facilities. The Obama administration has recommended this regulatory gap be closed and these facilities be subject to CFATS and the security vulnerability assessments that go with it.
Waste water facilities, in particular, are concerned about having two regulators involved. They are currently subject to EPA regulation, including a voluntary physical security program. These facilities are concerned about having DHS now getting into the mix of imposing additional requirements and compliance mandates. Republicans in the House of Representatives believe the CFATS program is in its infancy and still needs a chance to be reauthorized and proven to work on the initial facilities [before expanding the program]. So there are real challenges to closing these gaps in coverage.
Related Article: 9/11 Makes Security Priority No. 1
The Transit Security Grant Program was initially funded at more than $3 billion annually. What is the status of the program today?
Rightly or wrongly there has been some concern over how fast those funds have been dispersed to transit agencies. Certain transit systems were not being reimbursed for the cost and investment for security as quickly as they should — particularly large systems such as Chicago and New York.
It is has become very hard for SIA and other end-user organizations to advocate for these funding opportunities as we get further from 9/11. The national dynamic has changed. Now the attention is on energy efficiency and ‘buy American’ requirements and things like that. I can assure you it is very unlikely, as hard as we try, that you are going to see the Transit Security Grant Program, as well as the Port Security Grant Program, come anywhere close to the level of authorization that was originally envisioned right after 9/11.
How has the recent debt limit debate in Congress and continuing economic turmoil effected security funding?
The way Washington operates — for good or bad — has changed as the result of the whole debt limit debate. Overall, the embrace of security after 9/11 has been impacted by the economics of today. You have seen a paradigm shift. With the debt limit agreement, you are potentially talking about $1.5 trillion in automatic cuts to discretionary spending, which will effect both the Pentagon and homeland security spending. If an agreement on future budget cuts is not reached by the ‘Super Committee’ of 12 Congress members, the cuts will happen. That will absolutely effect security. You will never see the level of funding again that existed right after 9/11.
Related Article: The Long Road Still to Travel After 9/11
Give an example of a security funding program that Congress may deem as an easy target.
It is a matter of picking winners and losers in the eyes of Congress. For example, there is a report out of the DHS Inspector General’s office that outlines how grant funds for Amtrak security may not have been used very effectively or invested in the right area. Amtrak, through the Transit Security Grant Program, typically receives about $25 million in each appropriation cycle. That is obviously a big red flag in the eyes of appropriators and it will add more credence to the theory that Amtrak will not see the same level of investment any longer. We will still harden where we need to, but in this climate you are not going to reach that level of investment that everyone embraced after 9/11.
Which programs are you most concerned will not be fully funded?
We are concerned about the Port Security Grant Program because it has implications for TWIC [Transportation Worker Identification Credential], which provides funds that can and have been used by ports for TWIC cards and card readers. With the TSA [Transportation Security Administration] expected to release its report at the end of the summer about the completion of the pilot program, and with TSA and the Coast Guard poised to issue their final rules, we are very concerned there is going to be a lack of funding for full deployment of the TWIC program.
It really isn’t a TWIC program; it’s a ‘flash pass’ program. Until you have biometric readers put into place and you have that final rule come out, it is not a fully implemented TWIC program. It’s not going to provide the level of security that it could until those two things happen. If you have a lack of funding for those it is a tremendous concern for a lot of integrators and manufacturers. We are watching TWIC very carefully.
In what ways has government relations changed for the security industry since 9/11?
There weren’t a lot of relationships in terms of outreach to and from federal agencies. Where it all began was in late 2004 and early 2005 with HSPD-12 implementation. Nobody saw it coming. [The Bush administration] came out with a directive to do the standard within six months. A lot of government end users didn’t necessarily have all the technical knowledge and they came to SIA looking for expert advice. As a result, SIA formed working groups with the involvement of government employees to help address some of the implementation issues that came up with HSPD-12.
Our industry has changed and likewise the government security operation has change
d where now you have more of the interrelationship between physical security specialists and the CIO. We are trying to increase our relationship with the federal government on the IT side of the house. We will always continue to provide technical advice to the physical security specialists, but we recognize the two are interlinked.
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!
Recommended For You
Cloud security can present a paradox: companies love the flexibility and versatility of cloud security management, but are unsure if the cloud itself is secure enough to house their vitally important systems.
From processing power to lens selection to proper positioning, here are 13 tips to help shed light on proper installation of cameras in low-light conditions.