Securing Critical Chemical Assets: The Responsible Care ® Security Code Protection of Hazardous Installations from Intentional Adversary Acts European Commission Budapest 27 April 2005 Dorothy Kellogg American Chemistry Council

Chemicals Are Essential Safety & Security Other Critical Assets Economy The chemical industry is the only thing between us and living in huts. Gregory D. L. Morris Museum of American Financial History

Responsible Care ® Security Code Analysis of Threats, Vulnerabilities and Consequences Information/Cyber Security Enhanced Security Measures Training, Drills & Guidance 3 Party Verification Leadership Commitment Documentation & Audits Communication Dialogue & Information Exchange Response to Security Threat & Incidence Change Management Continuous Improvement

Plan Leadership Commitment Prioritize Assess Act Security Measures Security Plans Training & Exercises Communicate Check Independent 3d party verification RCMS 3d party certification Improve MOC Continuous Improvement Document RCSC Security Management System Audit

Four Tiers: Tiers 1-3 – serious potential off-site impact Tier 4 – no expected serious off-site impact Based on: Attractiveness of the Target Consequence Severity Likelihood of Success Prioritize Facilities

Assess Security Vulnerabilities Understand Security-Related Risks Prioritize Risks & Identify Countermeasures 4 Categories of Threat: (1)Uncontrolled releases (2)Theft (3)Product contamination (4)Significant economic disruption “Off-Site Impact” could be from any of the 4

Site Vulnerability Assessments Facility Characterization –Assets –Consequences –Attractiveness Facility Threat Identification –Threat intelligence –Internal & external adversaries –Characteristics/capabilities Vulnerability Analysis –Attack scenarios –Layers of protection –Attractiveness Countermeasures –Deter/Detect/Delay –Recommendations –Documentation

Physical Security Examples: –Perimeter Barriers –Access Controls –Surveillance –Process Control Systems & Equipment –Loss Prevention/Materials Control/Accountability –Policies & Procedures –Crisis Management & Emergency Response Plans Security Enhancements: Physical Security Security Enhancements Must be Appropriate to the Conditions at the Site

Site Security Progress Tier 1Tier 2Tier 3Tier 4 Complete Site Vulnerability Assessments Dec 02*June 03*Dec 03* Complete Implementation of Site Security Measures Dec 03June 04Dec 04 Verification of Physical Site Security Measures Mar 04*Sept 04*Mar 05*N/A Number of Facilities Reported Facilities Completed SVAs; $2 Billion Invested since 9/11 * Reported to ACC

Reliance on Government & Other Infrastructure Transportation & Value Chain Cyber Systems Federal Government –Information –Cross-Sector Strategies –Resources –Information Protection State & Local Government –Information Protection –Protection –Response

RCSC & Government Security Programs Recommendations to non-ACC chemical assets US General Accountability Office US Coast Guard Maritime Transportation Security Program US Customs-Trade Partnership Against Terrorism (C-TPAT) State Security Programs Proposed Federal Legislation

Resources Responsible Care ® Materials ACC Site Security Guidelines ACC Transportation Security Guidelines D=4&TrackIDhttp:// D=4&TrackID=

Conclusions Chemical Industry - National Strategic Asset Committed to Performance Security is Not Environment or Safety “Plus” Security Important before 11 September; Heightened by 11 September; Remains Critical Today

Dorothy Kellogg