The Department of Homeland Security began work in 2007 on a program to secure the nation’s chemical plants from terrorist attack. But 4½ years and nearly a half-billion dollars later, there is little to show for it.
The Chemical Facilities Anti-Terrorism Standards (CFATS) program has yet to approve a single security plan for a high-risk facility, although more than 4,000 have been submitted, according to congressional testimony and documents.
A CFATS computer program made significant errors in grading risks at chemical plants in 2009 and 2010, but the errors were not reported up the management chain and did not come to light until last summer.
Last year, an internal management review found that the department failed to impose proper controls over hiring, spending and use of official vehicles.
Now, congressional investigators are launching a probe of the troubled $480 million program to look at the problems in CFATS management and assess a Homeland Security plan to fix the program.
But the problems in the program are raising other questions.
Business leaders are concerned about the department’s ability to regulate computer security in all 18 sectors of the nation’s key industries, such as banks and oil refiners, as proposed in the Senate cybersecurity bill.
At a recent Senate hearing about the bill, former Homeland Security Secretary Tom Ridge said businesses are worried about the department’s implementation of any cybersecurity authorities. They opposed “making a leap to an uncertain regulatory program,” he said.
Rand Beers, the official in charge of CFATS, acknowledged the problems. However, he said the department faced a huge and complex task in creating a full-scale regulatory program to consider the potential risks at tens of thousands of chemical plants of different sizes and functions nationwide.
“There’s a new management team in place, a comprehensive action plan and plenty of senior-level attention and involvement, so I’m confident we can overcome them,” he said in an interview.
He said the program had set up an innovative system for companies to file information electronically about their plants, their workers and the chemicals they use. The department also has hired and begun to train a national team of inspectors.
Under the program, companies have to submit data about their plants and the chemicals they use. Some have to file additional security plans if the chemicals are high-risk and the plants are near population centers.
“We have built the tools” to complete the process of approving 4,200 security plans for the highest-risk plants, Mr. Beers said.
The department has begun work on about half of the security plans from the 100 highest-risk facilities.