WASHINGTON — With the House of Representatives having already passed the Chemical Facility Anti-Terrorism Act of 2009 and the Senate’s approval of the bill considered imminent, there is rising optimism new security regulations on facilities that store potentially dangerous chemicals will provide a windfall in new business for systems integrators.
In 2007 the Department of Homeland Security (DHS) published the Chemical Facility Anti-Terrorism Standards (CFATS) to assess and reduce threats of terrorism at high-risk facilities. While CFATS expired in October 2009, the pending legislation in Congress would extend and broaden the original act.
Congress is also debating bills that would place similar security regulations on municipal water and wastewater treatment plants. And many petrochemical facilities regulated by the Marine Transportation Security Act (MTSA) may also eventually be placed under CFATS.
“There is no doubt you will see the continuation of CFATS. It is only a question of how much will it expand,” says Dan Weiss, a CFATS expert, who recently joined Siemens to manage its security sales team in the Houston area. “It is probably one of the biggest opportunities to hit our industry in a decade.”
The DHS standards apply to any facility that manufactures, uses, stores or distributes specified quantities of any of the more than 300 “chemicals of interest.” Facilities are placed into one of four risk tiers; the highest risk classification, Tier I, includes NFPA Class 4 flammable chemicals, such as propane and butane.
It is projected more than 7,000 facilities will be required to implement a site security plan (SSP) that would include basic security features such as perimeter protection, access control and video surveillance.
A large percentage of the regulated facilities fall into the lower Tier III and Tier IV categories, which will offer the greatest opportunity for small to midsize installing security contractors, says Weiss, who formerly served as president and CEO of Infrastruct Security Inc., a leading critical infrastructure integrator.
“It is very likely CFATS will extend, for example, to a pool supply retail shop that might have a 20,000-square-foot facility for storing chlorine,” he says.
Installing security contractors will have much to consider before playing in the CFATS space, Weiss cautions. “I’m not saying only big Tier 1 integrators can do it, but you had better be prepared for the investment and commitment.”
The first step is to complete a straightforward DHS online screening process in order to receive the necessary certification required to work with CFATS facilities. (For more information, visit www.dhs.gov/chemicalsecurity.)
Other considerations include meeting insurance requirements, which can be significantly more expensive than what is typical. Plus, many CFATS facilities will require integrators to have documented proof of an internal health and safety program.
PSA Security Network is currently studying CFATS for its systems integrator members and plans to offer an intensive educational session on the subject at its PSA-TEC event in June, which is open to nonmembers as well.
“The independent, midsize integrators have not yet seen any real impact from CFATS, but I do think it’s going to create an awful lot of business,” says Bill Bozeman, president and CEO, PSA Security Network.
Although CFATS established risk-based performance standards (RBPS) for chemical facilities, Bozeman says there is much uncertainty about what specific security measures individual facilities will be required to implement.
“There isn’t a set of specifications for a particular institution that has a certain kind of chemical,” Bozeman says. “There is a lot of ambiguity that’s hanging out there.”
According to Jim Henry, chairman and CEO of Henry Bros., it will be imperative for an integrator to play the role of a subject matter expert and trusted advisor for the CFATS customer.
Henry says his company has been tracking the DHS standards for about two years and has created a “SWAT team” of CFATS-literate salespeople and project managers.
With recurring revenue in his crosshairs, Henry says his company will look to carefully direct the customer through each phase of a security installation, from site security design, to deployment and maintenance.
“CFATS is going to require a continuous, ongoing sustainment in reporting and that clearly is an RMR opportunity for companies that are in the business of service and support, rather than companies that go in and hang a bunch of cameras and readers and then disappear,” Henry says.