We are seeing an increasing number of CFATS inspections and reviews being completed by the Department of Homeland Security. Dennis Deziel, acting director for the department's Infrastructure Security Compliance Division (ISCD) talked to a group from the National Association of Chemical Distributors. The group's annual Operation Seminar and Trade Show was held last month.
Deziel updated the group on the department's progress with CFATS and said that DHS plans to increase the number of site inspections. So far, the department has reviewed more than 38,000 Top Screens and 6,000 Security Vulnerability Assessments (SVAs). It has also received more than 3,500 Security Site Plans and has put more than 3,000 of those through an initial review and scoring process.
DHS is planning to ramp up site inspections to 30 to 40 a month. The agency is set to fill more than 250 jobs by the end of the year. Most of those openings are for chemical site inspectors. So far, the department has conducted 250 Compliance Site Assistance visits. According to the department, the purpose of these visits is to provide in-depth knowledge of and assistance in complying with CFATS. Facilities can request a Compliance Assistance Visit (CAV) via email following the instructions on the DHS website. The department has completed 80 preliminary authorization inspections.
Deziel also discussed the fact that CFATS does not just cover chemical facilities and plants. Universities, warehouses, hospitals, mining industries, chemical repackaging operations, paint and chemical manufacturers and oil and gas operations may also fall under CFATS. It applies to any facility using, making or storing chemicals on the department's list of Chemicals of Interest (COI) in quantities above certain thresholds. Deziel also noted that if DHS changes the COI list it could affect other facilities not now subject to the mandates.
DHS seems interested in making increased progress and getting the program fully implemented as soon as feasible. The department has committed to completing inspections for all Tier I facilities by the end of the year.
By: rloughin
Thursday, September 16, 2010
Wednesday, July 28, 2010
DHS Exec Takes Hard Questions on Cybersecurity
By Robert McMillan, IDG News
The U.S. Department of Homeland Security sent its highest-ranking official ever to speak at the Black Hat conference this week, and its Deputy Secretary Jane Holl Lute ended up fielding a few tough questions from skeptical computer security professionals in attendance.
During a question-and-answer session at the end of her Wednesday keynote address, one attendee asked if we should expect the DHS to give cybersecurity the same kind of treatment it's given air travel with the Transportation Security Administration. "Why should we believe that DHS, going forward, is going to protect cyber in something other than the same way?" he asked, scoring the loudest applause of the session with the question. "Now as the TSA slows down the air travel, DHS will slow down the commerce."
The undersecretary disagreed with this characterization of the TSA, but conceded that there is a "tension" in the DHS' mission. "We want to keep out people who might be dangerous, but we want to expedite legitimate trade and travel."
"We happen to believe that we can achieve our security, we can protect our rights, we can protect commerce and lawful interchange," she said. "We can have all of these things, but we need to engage in a debate about how we will prioritize and how we will strike the balance."
Security experts such as Bruce Schneier have long slammed the TSA's procedures, saying that they are ineffective and poorly thought out. Schneier calls U.S. airport screenings "security theater."
Some have also criticized the DHS as slow in its response to cyber-incidents. As industrial systems were being targeted with the Stuxnet worm two weeks ago, it took DHS' Industrial Control Systems Computer Emergency Response Team five days to push out a public alert. Critics say that was too long.
Hitting on a theme of her keynote, Lute called for real dialogue between government and industry and said she hoped that her department could be a "portal for that debate."
"You know, societies used to have conversations with themselves through their governments. In that respect, we're not talking to each other any more," she said. "In many respects we're throwing assertions back and forth at each other and seeing who has the more clever report, who has thought of the newer idea."
Hitting on another theme that the government's response to cyberthreats has been more rhetorical than practical, another attendee asked if Lute thought the U.S. would be able to secure computer systems without first experiencing a cyberdisaster, equivalent to the Sept. 11 terrorist attacks. "In Homeland Security, at the water cooler, do your peers say, 'It's just a matter of time before something horrible happens and that's when we're going to need to do what we actually need to do, instead of just talking about what needs to be done?"
"I'm a person who believes that this country can protect itself," Lute said. "I don't know what's inevitable, and I think that anybody who lived through the events of 1989 [when the Berlin Wall fell] or who lived through the events of 2001 has lost the right to say that anything is impossible."
The U.S. Department of Homeland Security sent its highest-ranking official ever to speak at the Black Hat conference this week, and its Deputy Secretary Jane Holl Lute ended up fielding a few tough questions from skeptical computer security professionals in attendance.
During a question-and-answer session at the end of her Wednesday keynote address, one attendee asked if we should expect the DHS to give cybersecurity the same kind of treatment it's given air travel with the Transportation Security Administration. "Why should we believe that DHS, going forward, is going to protect cyber in something other than the same way?" he asked, scoring the loudest applause of the session with the question. "Now as the TSA slows down the air travel, DHS will slow down the commerce."
The undersecretary disagreed with this characterization of the TSA, but conceded that there is a "tension" in the DHS' mission. "We want to keep out people who might be dangerous, but we want to expedite legitimate trade and travel."
"We happen to believe that we can achieve our security, we can protect our rights, we can protect commerce and lawful interchange," she said. "We can have all of these things, but we need to engage in a debate about how we will prioritize and how we will strike the balance."
Security experts such as Bruce Schneier have long slammed the TSA's procedures, saying that they are ineffective and poorly thought out. Schneier calls U.S. airport screenings "security theater."
Some have also criticized the DHS as slow in its response to cyber-incidents. As industrial systems were being targeted with the Stuxnet worm two weeks ago, it took DHS' Industrial Control Systems Computer Emergency Response Team five days to push out a public alert. Critics say that was too long.
Hitting on a theme of her keynote, Lute called for real dialogue between government and industry and said she hoped that her department could be a "portal for that debate."
"You know, societies used to have conversations with themselves through their governments. In that respect, we're not talking to each other any more," she said. "In many respects we're throwing assertions back and forth at each other and seeing who has the more clever report, who has thought of the newer idea."
Hitting on another theme that the government's response to cyberthreats has been more rhetorical than practical, another attendee asked if Lute thought the U.S. would be able to secure computer systems without first experiencing a cyberdisaster, equivalent to the Sept. 11 terrorist attacks. "In Homeland Security, at the water cooler, do your peers say, 'It's just a matter of time before something horrible happens and that's when we're going to need to do what we actually need to do, instead of just talking about what needs to be done?"
"I'm a person who believes that this country can protect itself," Lute said. "I don't know what's inevitable, and I think that anybody who lived through the events of 1989 [when the Berlin Wall fell] or who lived through the events of 2001 has lost the right to say that anything is impossible."
Subscribe to:
Posts (Atom)