Alternative Risk Models Statistical methods used to assess risk of frequently recurring events such as natural disasters are difficult to apply to terrorism for several reasons, according to experts. In June 2023, House Committee on Energy and Commerce leaders wrote CISA Director Jen Easterly, requesting information on any prospective changes to the CFATS risk methodology and related efforts to ensure increased transparency of the process. The enhanced methodology uses site-specific information submitted by chemical facilities to assess facility vulnerability, relevant threats, and possible consequences, in order to assign a risk tier.ĬISA has not made details of the methodology public on security grounds, but states that it sought expertise from public and private sector organizations, and that Sandia National Laboratories provided third-party “verification” of the methodology. Previously, assessments were predominantly consequence-based, largely omitting threat and vulnerability considerations, according to a 2013 GAO report. The 18 CFATS performance standards to mitigate assessed risks.ĬISA introduced an enhanced tiering methodology in 2016 based on the TVC model, partl y in response to previous Government Accountability Office (GAO) findings. risk-based performance standards-covered facilities are required to implement each of.chemicals of interest-regulation of certain chemicals and mixtures or exclusion of.coverage and tiering-inclusion or exclusion of facilities in the “high-risk” tier subject to.Were originally) to quantify risk in terms of probabilities, or used qualitatively as a philosophical framework for assessing components of risk.īecause CFATS regulatory activities are fundamentally driven by risk assessments, CISA’s application of the DHS risk methodology may have regulatory implications. IN12199 CRS INSIGHT Prepared for Members andĬommittees of Congress Congressional Research Service Depending on the method or approach, the TVC terms may be either multiplied together (as they Congressional Research Service A variety of formal and informal methods may be used when applying this model to specific analytical tasks. DHS has long used this model -originally developed to inform homeland security grant award allocations-to inform various other planning, programs, and budget activities. Current DHS Risk Assessment Concepts and Methods DH S defines risk as the “potential for an unwanted outcome resulting from an incident, event, or occurrence, as determined by its likelihood and the associated consequences,” which has the three TVC components noted above. Current program authorization will expire on July 27, 2023, absent congressional action. As Congress considers reauthorization of CFATS, it may consider risk methodology issues, available oversight options, and whether current program authorities should be extended, modified, or allowed to expire. Some industry stakeholders and members of the scientific research community have proposed modifications and alternatives, or called for greater oversight of the risk methodology development process. This model has been widely used within DHS and the broader homeland security enterprise for decades, but has also bee n criticized on conceptual and methodological grounds. The Department of Homeland Security (DHS), which administers CFATS through the Cybersecurity and Infrastructure Security Agency (CISA), designed program rules and security requirements in reference to a basic risk model, which defines risk as a function of threat, vulnerability, and potential consequence (TVC). Sub-optimal risk methodologies may impose needless regulatory burdens on some stakeholders or fail to protect the public as well as intended. However, other Members, as well as some researchers and industry stakeholders, have raised concerns about the program, including questions about the risk assessment methodology used to inform CFATS regulatory activities and cost- benefit analyses. Several major industry groups hav e signaled support for CFATS extension. Some Members have introduced legislation in t he House and Senate that would provide a long-term extension of existing authorities. JThe Chemical Facility Anti-Terrorism Standards (CFATS) program imposes security requirements on certain facilities that manufacture, process, or store chemicals of interest-i.e., chemicals that bad actors might steal, divert, or exploit for nefarious purposes, including terrorism. INSIGHTi Chemical Security: Regulatory Implications of Terrorism Risk Assessment Methodology
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |