Chemical Security Inspector Reduction in Force

Part 4

I have been talking about the upcoming reduction in force of CISA’s Chemical Security Inspectors (CSI) this week. This will probably be the last post in this series of free posts in the series so I thought that I would try to outline what I would like to see happen. The earlier posts in this series include:

CSI RIF,

Chemical Security Inspector Reduction in Force – Part 2, and

Chemical Security Inspector Reduction in Force – Part 3

Too Late to Fix

To start with, I learned today that the CSI have been given until Monday to make their decisions about whether to take the offered ways to quit (making DHS look better than firing them would), or to stay around long enough to actually get their reduction in force (RIF) notices that everyone knows are coming. Neither option is great. Take the deferred resignation and get paid (with benefits) through the end of the fiscal year, but resignations mean that there will be no unemployment benefits. Get RIFed and they are eligible for unemployment benefits, but at much lower pay than they have been receiving. Federal medical benefits also disappear; fortunately, Obama Care is now available, not great, but better than what was available the last time I was laid off.

So, with that said, I would like to explore some other alternatives.

CFATS Reauthorization

The best solution for the CSI (and a whole bunch of other people) would be for Congress to reauthorize the CFATS program. Sen Paul (R,KY) remains a roadblock to consideration of any such bill since he is the Chair of the Senate Homeland Security and Governmental Affairs Committee. I am not sure that Paul has anything specifically against the CFATS program, but he certainly has never met a regulatory program that he supports.

But let’s ignore Paul for the moment. The chemical industry has supported the reinstatement effort for some time now, so maybe there would be a way to get this to the President’s desk, not nearly in time enough for Monday’s decision deadline, but the government has rehired a bunch of the Musk layoffs already, so perhaps the bugs have been worked out of that process.

At this point restarting the program would not just be a matter of changing the expiration date in the currently lapsed statute (6 USC 621 note). Too many things have changed at too many facilities for the program to just pick up where it left off. Back in October of 2023, I suggested how this might have been accomplished after a couple, six months of program lapse. The problems would be much worse now, all the ‘current’ inspections would have lapsed. More importantly, how many of the people with authorized access to the Chemical Security Assessment Tool (CSAT) are still working at the covered facilities? How many of them remember their CSAT passwords? I personally know one covered facility that has completely changed hands since July 27^th, 2023. So, some adjustments would have to be made to the language that I previously suggested. Still, it would be at least six months before the legislation could make its way through the process to be signed by the President (no idea where Trump stands on the issue beyond the fact that he briefly tried to defund the CFATS program in 2020), and then another six months to publish an interim final rule to get the program going again.

ChemLock Authorization

Back in January and February I did a series of blog posts (‘ChemLock and Cybersecurity’ was the last in the series and contains links to all of the earlier posts) about upgrading and authorizing the voluntary ChemLock program as a substitute for the CFATS program. To encourage folks to voluntarily participate in the program I envisioned tying it into the SAFETY Act program to give facilities some liability protection for the outcomes of attacks on the facility. CSI would be doing the same sort of work under the revamped ChemLock program that they did under the CFATS program.

Unfortunately, this is much more complex than restarting the CFATS program and I have not developed language for authorizing this expanded program. So, language would have to be negotiated and finalized, make it through the legislative process and then write the regulations. It would take at least two years from the start of the project to get to the point where facilities would begin to sign up for the program.

Industry Certification Programs

All the major chemical industry organizations have a safety/security certification program. Those programs were all crafted with the awareness that the highest risk facilities would be covered by the CFATS program, so those programs do not have the same level of facility protection engineered into them that was required at CFATS program. It is time (if they have not already done so) to establish higher security requirements for those higher risk facilities.

Unfortunately, those programs have no way to verify employees, contractors and visitors against the Terrorist Screening Database (TSDB). Facilities can get around this by requiring some form of TSA vetting by requiring folks with unaccompanied access to have a TWIC or Hazardous Material Indorsement on their CDL.

CSI that are looking for new jobs certainly need to contact these industry associations. While there may be a few positions available in program oversight, it is more likely that they will have information available about facilities that are looking for chemical facility security expertise. Some would recommend contacting facilities that CSI have been in contact with as part of their jobs, but I would carefully read any termination papers before doing so.