1. CFATS Aka: Chemical Facility Anti-terrorism Standards Clyde D. Miller Director, Corporate Security June 9, 2010

4. History of CFATS  Section 550 of the DHS Appropriations Act of 2007 – October 2006  Interim Final Rule November 2007  Three-Year Sunset Provision (From October 2006)  Final Appendix A – November 2007  Currently 322 Chemicals of Interest (COI)  Three Security Issues – Release, Theft & Sabotage  Minimum Concentration Rules were developed  Agriculture Exemption – December 2007  “COI solely for preparation for treatment of or during application to crops, feed, land or other areas on an agricultural production facility”  Currently Extended Through October 2010

5. CFATS Process  Determine COI over Threshold  Access CSAT  Registration of Facility  Top Screen  Security Vulnerability Assessment  Site Security Plan

6. Performance Standards vs. Measures  Risk-based performance standards, rather than mandate specific security measures  Plan can’t be rejected re: Specific Measures  Avoid Prescriptive Requirements  Requires Security Professionals

7. Risk Based Performance Standards 1. Restricted Area Perimeter 2. Securing Site Assets 3. Screening and Access Controls 4. Deter, Detect and Delay 5. Shipping, Receipt and Storage 6. Theft and Diversion 7. Sabotage 8. Cyber 9. Response 10. Monitoring 11. Training 12. Personnel Surety 13. Elevated Threats 14. Specific Threats, Vulnerabilities or Risks 15. Reporting of Significant Security Incidents 16. Significant Security Incidents and Suspicious Activities 17. Officials and Organizations 18. Records 19. Others as determined by DHS

8. Chemical Vulnerability Information (CVI)   Top-Screen   Security Vulnerability Assessments   Site Security Plans   Tiering Level   Training   Drills and Exercises   Incidents and breaches of security   Maintenance, calibration, and testing of security equipment   Security threats   Audits   Letters of Authorization and Approval from DHS   Documentation identifying the results of audits and inspections by DHS   Alternative Security Programs   Any records required to be created or retained by a covered facility   Sensitive portions of orders, notices or letters under CFATS   Other information developed for chemical facility security purposes that the Secretary determines is similar to that covered

9. Inherently Safer Technology and CFATS  No specific IST elements in CFATS  Incentive to conduct IST evaluation  Elimination of COI’s  Not transfer risk  Reduction of mixture  Facilities have dropped from program  Others have not

10. New Twist - In or Out? New Twist - In or Out?  Reducing COI below STQ does not necessarily remove facility from CFATS regime  DHS Says: The STQs trigger preliminary screening requirements rather than the threshold quantity for establishing whether a facility is a high-risk facility

11. RBPS Twelve – Personnel Surety  Measures designed to verify and validate identity  Measures designed to check criminal history  Measures designed to verify and validate legal authorization to work  Measures designed to identify people with terrorist ties  Guidance Suggests Recurring Vetting

12. Executing RBPS Twelve  Recurring Vetting of Employees and Contractors  Terrorist Screening Database (TSDB, Not to be confused with “No Fly List”)  Classified  Company will not get results  Lengthy data sets  Employees and Contractors  Either unescorted or escorted access to restricted areas or critical assets  Unescorted visitors who have access to restricted areas or critical assets

13. Data Sets  DHS may collect the following information from individuals:  Full name  Date of birth  Place of birth  Gender  Citizenship  Passport information  Visa information  Alien registration number  DHS Redress Number (if available)  Work phone number(s)  Work e-mail address(es)

14. Status of CFATS 2010  Top Screens Completed  Preliminary Tiers Issued  SVAs Completed  Tiers 1 & 2 Final Tiering  SSPs underway  Inspections for Tier 1 Facilities  Tiers 3 & 4 to come in waves

15. Latest CFATS Numbers * An Evolving Process * November 2009 vs. June 2010 Preliminary Tier November Preliminary Tier June Final Tier November Final Tier June Totals Nov Totals June Tier 185172224180229 Tier 254 578516632570 Tier 33181571,0991,1001,4171,257 Tier 43,3401,9644731,3133,8133,277 Totals3,7202,1802,3223,1536,0425,333

16. What Does It Take to Comply? A Team Effort is Required:  Security – Both Site & Corporate  Site Management – Site Manager & Preparer  Site Shipping & Receiving  IT – Both Site & Corporate  Engineering – Both Site & Corporate  Ecology  Customer Service  Lawyers?

17. Son of CFATS Senate and House  Maritime Transportation Security Act (MTSA) Sites  Labor involvement  Training Requirements  Background Waivers  No State Preemption  IST issues  Mandatory Consideration – All Tiers  Mandatory Implementation Tiers 1 & 2  Explain Why Not  Possible out for impracticality or economics  3 rd Party Right of Action  Lawyer Full Employment Act  Gulf Disaster Effect

18. Discussion Clyde Miller Director, Corporate Security BASF Corporation