Perimeter Security Planning at Chemical Facilities to Meet CFATS Regulations

Protected by Copyscape Unique Content Check
Published: 24th July 2008
Views: N/A

In March 2008, the House Committee on Homeland Security voted to amend the 2002 Homeland Security Act that will extend, modify and codify the authority of the Secretary of the Department Homeland Security (DHS) to enhance the protection against acts of terrorism. The amendment results in the adoption of the Chemical Facility Anti-Terrorism Act of 2008, which marks another step by the federal government to establish regulations for securing the nation's chemical plants and warehouses against terrorist attacks.

As of November 2007, the current Chemical Facility Anti-Terrorism Standards (CFATS) requires all facilities that actively product and store specific chemicals of interest (COI) to submit to DHS "top screen" reports on all COIs used at their facilities. From these "top screens", DHS is expected to make a determination of risk for that facility which will fall into one of four tiers. Those facilities labeled as Tier 1 will be designated as the chemical facilities that pose the greatest threat to the public and nations economic stability in the case of terrorist attack. Tier 4 designations will be given to facilities that pose minimal risk to the public.

The chemical industry is awaiting results and determinations of the top screen submittals. As of the date of this publication, it is estimated that only 90 facilities have received their Phase 1 top screens, while the majority are on standby awaiting the DHS determination. Many facilities previously undertook strides towards securing their facilities under guidelines of the Responsible Care Security Code© established by the American Chemistry Council (ACC). The ACC is made up chemical manufacturers and ancillary companies. The ACC is a proponent of setting reasonable standards for security measures and has worked closely with Congress in the implementation of CFATS.

Perimeter security constitutes a significant part of the motions set forth by CFATS. DHS has established Risk-Based Performance Standards (RBPS) to provide guidance for what perimeter and procedural security measures a facility should implement. A facility should take into account many factors which are likely to affect its Tier placement, thereby affecting its required perimeter security measures. Factors considered should include:

1. COI inventory, COI quantities and their risk of harm to the general public

2. Risk of theft of COI for chemical weapons or weapon catalysts

3. Accessibility to COI in mobile storage

4. Macro-economic risk

The CFATS process is currently migrating from top-screen notifications to Security Vulnerability Assessments (SVA). The SVA expressly tags which infrastructure targets should be protected at your facility.

At the 2008 ACC ChemSecure Conference, information was presented which shows that DHS has targeted no less than eight-teen Risk-Based Performance Standards which must be met for CFATS compliance. Almost half of these standards deal directly or indirectly with the physical perimeter security measures, some of which are to:

• Restrict Area Perimeter

• Secure Site Assets

• Screen and Control Access

• Deter, Detect, and Delay

The SVA is the precursor for the Site Security Plan (SSP). The SSP will contain explicit action items to address issues identified by the Site Security Assessment (SSA). The SSP should also include contingency plans to deal with various threat scenarios.

So, what counter measures are necessary to adequately develop and implement a SSP? First, there is no one measure which will completely satisfy requirements of CFATS. The organization should expect to implement redundant measures to sufficiently secure the facility.

The terrorist counter-measures required are influenced by the Tier designation. Tier 1 and Tier 2 require significantly greater research and resources in developing a SSP.

Customarily, the most effective physical perimeter security measures entail three specific traits. These traits establish the benchmarks that determine the effectiveness of your facility's overall perimeter security systems design, which are:

1. Deterrence

2. Detection

3. Delay

The Layered Approach


This component of your perimeter security is intended to reduce the likeliness of success for the would-be attacker. Deterrence is the first line of defense in thwarting an attack. When observing your facility, it should be visibly obvious that penetrating the perimeter is not going to be easily achieved.

The facility must initially identify what perimeter barriers will adequately secure the facility. Many chemical facilities, even likely Tier 1 and Tier 2 facilities currently have in place common chain-link fencing to protect the perimeter. However, this method poses little resistance to pedestrians and even less to vehicles.

High deterrence measures at access points are achievable through many options. First, take an inventory of the approach to facility access points. Next, examine the site lines and paths for potential pedestrian incursions and high speed vehicle attacks. If during the assessment, few obstacles are in sight, implement additional deterrents. Deterrence measures to vehicular attack include, but are not limited to:

• Geometric Roadway Design

• Access Control Points with Guard Houses, Canopies, and Traffic Islands

• Lighting

• Vehicle Barriers: Crash-rated fencing; Walls, Retractable Barriers, Bollards

• Visible Surveillance Measures: cameras, patrolling guard staff

Pedestrian deterrence measures include:

• Lighting

• Visible Cameras

• Guard Patrols

• Anti-Scaling Fence

• Signage

• Turnstiles

• Visible sensors

Deterrence starts from the edge of the facility perimeter then extends outward. Use of a combination of the measures suggested increases the level of deterrence. Developing and implementing deterrence options are best achieved with the input of multiple site operations personnel. One recommendation is to invite in consultants trained in vulnerability assessments to tour your facility. A qualified consultant will bring in fresh and unbiased eyes capable of recognizing vulnerabilities not apparent to those on site everyday.


The facility's SSP will define the assets that may be most vulnerable and of interest to potential threats. The Site Security Organization (SSO) should review various scenarios of perimeter breach and assess security measures against those outlined by the DHS Risk-Based Performance Standards (RBPS). An important element in the RBPS and any security system is detection.

An effective security system has redundant layers of detection. The facility should initially examine current and planned detection systems to identify areas of increased risk. Next, investigate what technologies fill the voids of your perimeter security environment. Most of these systems are commonly referred to as Intrusion Detection Systems (IDS).

Utilizing IDS components, such as cameras and over-speed detection systems, can give advanced warning of a threat before the perimeter is breached. IDS components help create a buffer zone that extends beyond the facility's physical boundaries. Many facilities which are subject to CFATS regulations tend to be abutted by long stretches of road leading into the facility. One of the most common tactics of perimeter breach is the use of vehicles in high speed attacks using the element of surprise and speed momentum to overcome physical barriers.

There are many options for IDS and the selection process can be somewhat daunting. Reliability of IDS to deliver accurate information should be the primary factor considered in the selection process. Do not elect to install a technology which has a high tendency to emit false alarms or is vulnerable to changes in the weather. While these technologies may have lower upfront costs, they ultimately incur higher replacement, repair, and risk costs. For instance - systems with high false-alarm rates usually are ignored or disabled by security personnel thereby increasing the vulnerability of the perimeter.

Pay careful attention to the quality of the hardware and consider if the material and equipment fit the facility's environment. Make an assessment of how vulnerable the devices are to subjugation in their desired mounting locations. If the device is vulnerable, make sure there is a method to identify the source and/or location of the breach.

IDS components use various technologies, which include:

• Infrared beams

• Fiber Optics

• Microwave

• Magnetic Switches


• Motion-Detection Video Surveillance

Virtually all IDS components are configurable into event-actuated video surveillance and alarm systems. A well designed access control system can detect an intrusion into the perimeter and initiate a sequence of alarms and counter-measures such as; barrier deployment, lock doors, e-mail and text alerts. Select an enterprise solution which is scalable to meet future needs.

There will be an endless array of options and every consultant will attempt to convince you of their products superiority. Take into consideration the attributes discussed here when comparing technologies. Instead of entertaining individuals from various manufacturers, work with a consultant who is familiar with integrating all technologies. An experienced consultant will make sure that your needs are met using the best product available versus trying to sell one particular product.


Every action results in a reaction. The effectiveness of delay mechanisms is determined by their ability to inhibit an intruder while granting security personnel time to respond.

The first priority of the DHS Risk-Based Performance Standards is to "Restrict Area Perimeter". This may be your complete facility or it may be areas where COIs are stored. The tools utilized to delay a perpetrator usually involve some type of barrier technology designed to physically prevent the threat from reaching its objective. For the majority of the perimeter, fencing or structural wall barriers can act as a delay mechanism.

Fencing and wall barrier options are selected with respect to certain considerations.

• Potential for vehicle attack

• Scalability

• Terrain

Other considerations of likely importance, but not crucial to performance include:

• Aesthetics

• Replacement Costs

• Maintenance Costs

The standard by which most security barriers are measured is the K-rating system. K-ratings are established by the U.S. Department of State and the ratings measure the energy absorption and penetration resistance assigned to a barrier system.

K-4: 15,000 lbs vehicle @ 30 mph

K-8: 15,000 lbs vehicle @ 40 mph

K-12: 15,000 lbs vehicle @ 50 mph

All K-ratings require that the vehicle be stopped within one meter at the plane of impact.

K-rated barriers will most likely be appropriate for all Tier 1 and Tier 2 facilities.

Vehicle access points into the perimeter create a need for different technology. For this vulnerability, Tier 1 and 2 facilities will have to select an active vehicle barrier. Active vehicle barriers also come with K-ratings.

Many chemical manufactures are concerned not only with securing the perimeter from vehicle attack, but ensuring the safety of authorized individuals traveling in and out of the facility. Many vehicle barrier impacts involve innocent drivers and passengers, caused by operator error or inattentive drivers. To address this concern, many facilities which have already initiated perimeter security measures have gone with a low risk K-rated barrier technology which minimized the risk of injury to drivers/passengers and liability for the facility.

In the design phase of the perimeter measures, include a standoff or buffer zone between the barriers and nearest crucial infrastructure. This buffer zone protects critical infrastructure from Vehicle Born Improvised Explosive Devices (VBIED) and Consequential Impact Debris (CID) launched from the vehicle due to the massive amount of energy released from the impact. Most K-rated vehicle barriers will arrest the threat vehicle but fail to prevent the launch of VBIED and CID into the perimeter. At this time, Department of State tests have shown only one barrier technology minimizes this risk.

For active vehicle barriers, the options include:

Automatic Bollards

• Wedges

Drop Arms

• Sliding Gates

GRAB Barriers


Feedback and guidance will come from DHS after the SVA submittals. This information will assist the Site Security Organization in formulating a Site Security Plan. Take the information presented here as a general framework to begin your perimeter security considerations and plans. Organizations will be driven by the regulations, costs, and other considerations. Developing a credible and effective Site Security Plan is generally considered the most arduous part of CFATS and the perimeter security measures are but a fraction of the process. Regardless of where your facility is in the process, do not wait to begin taking action.

This article is copyright

Report this article Ask About This Article

More to Explore