INDUSTRIAL SECURITY AWARENESS SEMINAR FEBRUARY 21, 2007 - NJIT

1. INDUSTRIAL SECURITY AWARENESS SEMINAR FEBRUARY 21, 2007 - NJIT PUTTING TOGETHER AN EFFECTIVE SECURITY PLAN G. ELSNER INFINEUM USA L.P.

2. RATIONALE • Security has been in the limelight since 9/11. • Chemical process industry could be a target. • Government agencies and industry networks heavily involved in enhancing security of critical infrastructure. • Information • Tools • Buffer zone protection plans • Regulations • Guidance documents • Managers are being flooded with information. • Security is everyone’s business.

3. OBJECTIVE • Develop and implement an effective security plan. • Prevent incidents that could impact employees, equipment, public at large and ultimately the business. • Establish a broad-based frame work of communication, awareness and preparedness. • Everyone has a role and responsibility in the plan.

4. KEY ELEMENTS OF A SECURITY PLAN • Security organization and communication network • Operation plan and security advisory system • Threat assessment and communication • Security vulnerability assessment • Countermeasures and self-assessment • Security drills and preparedness • Awareness training

5. ORGANIZATION AND COMMUNICATION • Security is no longer limited to vandalism and theft. • It should be integrated into your site’s Health, Safety, and Environmental (HSE) program. • Focal point of contact • Communication with other functional groups. • Interaction with government and law enforcement agencies (local, state and federal) • Regulatory requirements • Intelligence data interpretation • Interaction with industry networks • Guidance • Voluntary programs • Best practices • Technology

6. OPERATIONS’ PLANS AND HOMELAND SECURITY ADVISORY SYSTEM (HSAS) • Remain vigilant and prepared at all threat conditions • HSAS system based on increasing risk of terrorist attack. • Suggested protective measures for each threat condition level. • Agency-specific protective measures based on intel data.

7. OPERATIONS’ PLANS AND HOMELAND SECURITY ADVISORY SYSTEM (HSAS) (Cont’d.) • Site specific response plan • Fundamental countermeasures in place all the time • Access control • Background checks • Fencing • Activated security countermeasures based on threat level • Surveillance cameras monitoring on a more frequent basis • Visitor escorts • Vehicular inspections • Additional police rounds • Activated operational process countermeasures based on elevated threat level • Unit shutdowns • Depletion of inventory • Relocation of hazardous materials

8. REGULATORY OVERVIEW AND INDUSTRY ASSOCIATION REQUIREMENTS • U.S. Coast Guard Maritime Security (MARSEC) • Additional security on the shipping and petrochemical industry • MARSEC security levels or directives issued when additional security measures are required to respond to threat assessments. • Department of Transportation (DOT) Security Requirements for Hazardous Materials Transportation (HM-232) • New requirements to enhance the security of hazardous materials. • Shippers of certain highly hazardous materials and shipments of such that require placarding must develop and implement security plans. • Training of employees shipping hazardous materials must include security components.

9. REGULATORY OVERVIEW AND INDUSTRY ASSOCIATION REQUIREMENTS (Cont’d.) • Best practices Standards at TCPA/DPCC Chemical Sector Facilities • Conduct a Security Vulnerability Assessment (SVA) • Develop a prevention, preparedness and response plan that reflect the status of all the best practices identified by the Domestic Security Preparedness Task Force. • Review of the practicability and the potential for adopting inherently safer technology.

10. REGULATORY OVERVIEW AND INDUSTRY ASSOCIATION REQUIREMENTS (Cont’d.) • American Chemistry Council Security Code of Management • Leadership commitment to security • Analysis of potential security threats and vulnerability (SVA) • Implementation of security measures • Protection of information systems (cyber security). • Documentation of securing management programs, processes and procedures. • Training, drills and guidance. • Communication with stakeholders. • Third party verification of countermeasures.

11. SECURITY LEGISLATION IN PROGRESS • Section 550 of the Homeland Security Appropriation Act of 2007 – 6 CFR Part 27 • Provides DHS with the authority to regulate the security of high risk chemical facilities. • Chemical facilities fitting a risk profile would complete a screening phase. • “High risk” facilities would be required to prepare and submit an SVA and a security plan. • The Department would review submissions for compliance with risk-based standards (proposed 6 CFR Part 27.230). • The Department or 3rd party auditor would follow up with a site inspection and audit. • Deficiencies would be addressed by further consultation with the Department.

12. SECURITY LEGISLATION IN PROGRESS (cont’d.) • Rail Transportation Security – 49 CFR Parts 1520 and 1580 • Broad scope aimed at nation’s rail transportation system and rail operations at certain, fixed site facilities that ship or receive specified hazardous materials by rail. • Allows TSA to enhance risk security and coordinate its activities with other Federal agencies. • Requires that regulated facilities allow TSA and DHS to inspect facilities and records relevant to risk security. • Regulated parties must designate risk security coordinators and report significant security concerns to DHS. • Freight rail carriers and certain facilities handling hazardous materials must be equipped to report location and shipping information to TSA upon request. • Facilities must also implement chain of custody to ensure positive and secure exchange of hazardous materials.

13. THREAT ASSESSMENT AND COMMUNICATION • Assessment of potential terrorist threats focuses on a similar approach to that used to assess process safety risks. • Hazard identification • Assets or hazards that could be targets of terrorist acts. • Potential consequences due to security compromise • Assets, community, corporate impact, economic impact.

14. THREAT ASSESSMENT AND COMMUNICATION (Cont’d.) • Risk assessment • Risk control factors based on assessment • Communication with law enforcement, coordination via regional advisors, and interaction with security industry networks validates threat scenarios.

15. SECURITY VULNERABILITY ASSESSMENTS (SVA) • Better understanding of security risks and identification of security of weaknesses • Effort is accomplished by conducting an analysis of assets and scenarios. • Define security hazards • Identify and assess threats • Define potential vulnerabilities • Evaluate countermeasures • Deliverable includes potential scenarios, what needs to be protected based on risk and what countermeasures need to be implemented to reduce the risk.

16. SECURITY COUNTERMEASURES • Based on the type and location of a threat. • Internal (permanent employee, temporary employee, contractor, visitor) • External (vehicle with explosive device, firearm, process control system breach) • Types • Human • Physical • Information Technology • Guidance • N.J. Domestic Security Preparedness Task Force – Best Practices • Site security guidelines (ACC) • Chemical Industry Data Exchange (CIDX) – Cyber Security

17. SECURITY PREPAREDNESS • Emergency response plans • Understand site hazards and response strategy • Awareness training • Security is everyone’s business • Understand your role in security plan • Security drills • Actions to be taken based on alert levels and threat information. • Communication with agencies, employees, law enforcement, OEMs.

18. SECURITY PREPAREDNESS (Cont’d.) • Systems, procedures, countermeasures, self assessments • Verify the integrity of your physical countermeasures • Communication • Coordinate with local, site and federal services on threat assessments, countermeasures, guidance.