It has been nearly three months since the American people lost an essential program guarding against the threat of terrorist exploitation of dangerous chemicals. For more than 15 years, the Chemical Facility Anti-Terrorism Standards (CFATS) program helped protect communities across the nation.
Through the CFATS program, the Cybersecurity and Infrastructure Security Agency (CISA) identified facilities with dangerous chemicals to reduce the risk that those chemicals could be weaponized by terrorists and other bad actors. The CFATS program was developed as a direct response to the terrorist attacks of 9/11, with the goal of preventing another attack of that scope. The over 300 chemicals monitored by the CFATS program, in the hands of those intent on harm, have the capability to release a toxic plume or create an explosion that in some cases could be as devastating as a nuclear blast.
On July 28, 2023, the CFATS authorization expired. The impact has been significant. CISA can no longer conduct CFATS inspections at high-risk sites, enforce the implementation of required physical and cyber security measures, or assess the risk to these facilities and the communities that surround them.
One of the most important provisions that came out of the CFATS legislation was the personnel surety vetting program. History has shown that hostile actors have attempted to use legitimate means to gain access to dangerous chemicals. To reduce this risk, CFATS mandated that anyone who might have direct access to a facility’s high-risk chemicals be vetted against the Terrorist Screening Database. CFATS ensured that CISA was vetting an average of 300 new names per day for persons with terrorist ties. As we approach the three-month mark for the program lapse, we have been unable to vet individuals gaining this level of access to dangerous chemicals. This means that since the end of July, we have not vetted over 25,000 individuals with access to dangerous chemicals who may be in position to use those chemicals in an attack on our communities.
- Cyber Policy Initiative