CFATS Security Issues -- Theft and Diversion, Release, Sabotage
So what is the real reason for the CFATS mandate? What are the concerns and what is the Department of Homeland Security (DHS) looking to secure? The specific concerns about chemical production, use and storage fall into three main categories:
- Release of dangerous chemicals
- Theft and diversion of chemicals
- Sabotage or contamination
The release of dangerous chemicals and the threat that poses to the health and safety of the surrounding public is pretty obvious. Toxic, flammable or explosive chemicals can be very dangerous and cause extensive damage to people and property.
Theft and diversion gets a little murkier. Here we are talking about stealing chemicals to create chemical weapons including homemade bombs, explosives, gas bombs and Improvised Explosive Devices (IEDs). Again, stealing is pretty straightforward and that threat affects almost all CFATS facilities.
Diversion is a different story. Chemicals can be stolen at the facility or in route to the facility, but chemicals can be diverted in a number of different ways. According to DHS, diversion is the criminal act of acquiring a product (or service) by means of deception. Deception can include purchasing or paying for chemicals. The crime here is the acquisition of the chemicals even if they are purchased. Diversion includes the following tactics:
Hijacking - An example would be placing an order that puts the goods in motion and then stealing them in route.
Dummy Company - Setting up a fake company and placing an order. Once the order is delivered the company disappears.
Breakout Scheme - Variation on a Dummy Company, but a real company is purchased, usually on credit, and orders are placed through that company. The company operates until the credit runs out.
Co-opted Customer - An existing customer is co-opted by a terrorist group and is either coerced, infiltrated or bribed into ordering materials.
False Flag - Terrorists place an order as existing customer, but steal the goods once they are delivered or the order is sent to a new false address.
Pretext Purchase - For example, an order is placed by someone pretending to be a professor at a university or college chemistry department.
Cyber Attack on Business Management System - The network or computer system is hacked and a reoccurring delivery is scheduled and hidden.
Sabotage or contamination of materials is another concern driving the CFATS mandate. Chemicals that release toxic gases when exposed to water fall into this category. So businesses have to not only be concerned about someone stealing or taking COIs out of the facility, they must also be very concerned with what is coming into those facilities.
All of these scenarios have to be addressed in the Site Security Plan (SSP) and security measures must be put into place to limit the possibility of these situations happening. It takes a careful review of your facility and its business processes and knowledge of the security options available.
Copyright © ADT Security Services, Inc. 2011 - All Rights Reserved. Legal Disclaimer - Some of the individuals posting to this site, including the moderators, work for ADT Security Services, Inc. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of ADT Security Services, Inc. The content is provided for informational purposes only and is not meant to be an endorsement or representation by ADT Security Services, Inc. or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release ADT Security Services, Inc. from any liability related to your use of the Website. You also grant to ADT Security Services, Inc. a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.