National Maritime Security Advisory Committee Meeting

The National Maritime Security Advisory Committee will meet on May 3rd and 4th 2022 to review and discuss matters relating to national maritime security, including enhancing the sharing of information related to cybersecurity risks that may cause a Transportation Security Incident between relevant Federal agencies and state and local governments, public safety and emergency response agencies, law enforcement, maritime industry, port owners and operators, and facility owners and operators.

During the meeting, among other topics, the Committee will provide feedback on cyber vulnerability assessments that are being conducted within the industry and provide input to support further development of the Maritime Cyber Risk Assessment Model.

TWIC Reader Rule Update

In response to industry and other concerns regarding the Transportation Worker Identification Credential (TWIC) Reader Rule, the United States Coast Guard (USCG) contracted with the RAND Corporation to conduct a second TWIC Reader Rule assessment. This assessment, which is nearing completion and will be shared with industry in the June 2022 timeframe, will (again) assess the TWIC Reader Rule’s costs, benefits, and overall risk reduction. The USCG could use the RAND Report as the basis for additional regulatory changes.

Against this backdrop, and with the May 8, 2023 compliance deadline looming, industry widely expects the USCG to exercise regulatory flexibility. As a result of compliance uncertainty since the USCG first published the TWIC Reader Rule in August 2016 among other reasons, the USCG understands that many affected facilities require more time to comply (and/or implement strategies to reduce the compliance burden). For its own part, the USCG also recognizes the need to raise awareness regarding the technical aspects of the rule. To support these efforts and increase dialogue on these topics, the American Chemistry Council and the American Fuel & Petrochemical Manufacturers hosted the 8th Coast Guard District Commander and other senior USCG personnel at a Louisiana chemical facility in March 2022. The success of the event will spur future engagements.

Updated CFATS Compliance Inspection Guidance

The Cybersecurity and Infrastructure Security Agency (CISA) recently updated internal guidance regarding additional areas of focus that its Chemical Security Inspectors may address during Chemical Facility Anti-Terrorism Standards (CFATS) Compliance Inspections. While the scope and level of detail may still vary from Inspector-to-Inspector, facilities can expect increased attention in the following areas:

  • Cyber – A more detailed review of the facility’s critical cyber systems, including those that may be used to handle, manage, or order Chemicals of Interest (COIs) or control and monitor Closed-Circuit Television (CCTV) camera and electronic access control systems. It is suggested that facilities have local and/or corporate IT representatives available or “on call” to answer questions.
  • Background Checks – Confirmation that “affected persons” have been screened for “terrorist ties.” If using Option 1, this may include checking the facility’s “affected persons” against the list of names uploaded to the Personnel Surety Portal in the Chemical Security Assessment Tool (CSAT).
  • Detection and Response – A review of COI inventory controls, process safeguards, alarming and monitoring equipment, and/or automated mitigation measures, as applicable, to verify that the facility can promptly detect and respond to a COI release or theft.

Facilities should still be prepared to address other CFATS compliance areas, including physical security measures (e.g., fencing, gates, etc.), recordkeeping, and training.

DHS Semiannual Regulatory Agenda

The Department of Homeland Security (DHS) published its Semiannual Regulatory Agenda on January 31, 2022, and updates to the Chemical Facility Anti-Terrorism Standards (CFATS) program was listed as long-term action.
In August 2014, the Cybersecurity and Infrastructure Security Agency (CISA) invited public comment on an Advance Notice of Proposed Rulemaking (ANPRM) for potential revisions to the CFATS regulations. In June 2020, CISA published a retrospective analysis of the CFATS program for public comment. In January 2021, CISA invited additional public comment through an ANPRM regarding the removal of certain explosive chemicals from CFATS.

As part of its long-term actions, CISA intends to address many of the subjects raised in both ANPRMs and the retrospective analysis, including potential updates to CFATS cybersecurity requirements and Appendix A to 6 CFR Part 27 (i.e., the CFATS Chemical of Interest List).

CFATS Penalty Adjustment

The Department of Homeland Security has adjusted the maximum civil penalty for a violation of the Chemical Facility Anti-Terrorism Standards (CFATS) from a penalty of not more than $35,905 for each day during which a violation continues to a penalty of not more than $38,139 for each day during which a violation continues.

Revisions to the Hazardous Materials Endorsement Application Process

The Transportation Security Administration (TSA) is revising the process by which individuals apply for a Hazardous Materials Endorsement (HME) for a Commercial Driver’s License. The three changes to the program are: (1) online renewal capability; (2) enrollment in Rap Back; and (3) expanding enrollment options.

  • Online Renewal Capability – TSA is implementing an online renewal capability for both active HME holders whose Security Threat Assessment (STA) has not yet expired as well as HME holders who have a recently expired STA.
  • Enrollment in Rap Back – TSA is revising its biometric fingerprint collection process in States serviced by TSA’s enrollment contractor to now enroll HME holders in Rap Back, a service provided by the Federal Bureau of Investigation (FBI). Once an individual is enrolled in Rap Back, TSA will not be required to collect new biometric fingerprints from the individual every five years or collect a fee from the individual for the submission of fingerprints to the FBI.
  • Expanding Enrollment Options – TSA is expanding enrollment options and the potential use of biographic and biometric (e.g., fingerprints, iris scans, and/or photo) information to facilitate the STA and allow use of the information for additional comparability determinations – such as allowing the HME applicant to obtain a Transportation Worker Identification Credential (TWIC) without requiring an additional background check.