Highlight

Chemical Security Analysis Tool, Version 2.0 (CSAT 2.0) Development

CSAT 2.0

Achievement

The Data Systems Sciences and Engineering (DSSE) group developed, tested, and deployed the Chemical Security Analysis Tool, Version 2.0 (CSAT 2.0) within a tightly constrained window of approximately 10 months. CSAT 2.0 development required coordination among several subject matter areas at the Center for Infrastructure Security Analysis (CISA), including Risk Analysis, Compliance, Operational Support Systems, and User Services, and coordination with the sponsoring U.S. Department of Homeland Security (DHS). The updated CSAT 2.0 risk methodology passed independent verification and validation, and the system withstood rigorous third-party testing prior to release.

Significance and Impact

In 2013, DHS implemented a series of external reviews of the Chemical Facility Anti-Terrorism Standards (CFATS) risk-tiering methodology by industry and government experts as part of an ongoing effort to improve the ability to identify threats to chemical facility security in the United States. As a result of this analysis, CISA deployed CSAT 2.0 in 2016, resulting in a more refined and robust system for identifying high-risk hazardous chemical facilities. CSAT 2.0 identified new high-risk facilities and determined some previous CFATS facilities no longer met the threshold for high-risk categorization. The CSAT 2.0 release also introduced a streamlined and integrated user registration and portal, providing the system’s 100,000+ users the ability to easily enter and manage their facility data and user profiles. Since the deployment, feedback from industry users has been overwhelmingly positive.

Overview

The CSAT 2.0 application updated the CISA risk-tiering methodology, which includes analysis of threat factors, potential consequences, and chemical facility vulnerabilities, while streamlining the approach to the Security Vulnerability Assessments (SVAs) and Site Security Plans (SSPs) required of the high-risk facilities. Users now are able to submit the SVAs and SSPs concurrently.

CISA’s Risk Analysis team wrote and extensively tested more complex tiering algorithms, including  improved modeling of Chemical of Interest (COI) release and theft effects, updated threat-modeling based upon feedback from government entities, and enhanced population modeling. CISA’s Compliance team coordinated with DHS for system compliance and infrastructure purchasing requirements.

CISA’s Operational Support Systems team simplified the CSAT 2.0 user registration application to only require one user per facility instead of multiple users, provide visual geospatial location selection instead of manual input of latitude and longitude, vastly improve data validation, and enable the help desk to verify or reject facility registration data entered by the users. Operational Support Systems also provided CSAT 2.0 users with the capability to access and manage their own data.