Potential threats from russia as the war continues. Thank all of you who have been working so hard to the front lines and to protect the Critical Infrastructure that america relies on every hour of every day. The sub partnerships are the heart of everything that we do and are vital to ensure the security in particular of chemicals the facilities that store them. Foundational to our nations most important supply chain. Just like everything that we do, this is not a Medicine Mission that the government can do alone, this is something we have to collaborate with and work on as a nation. We know that the threat is only getting more complex, more dynamic and dangerous. Whether it is nation state threats, or terrorists, threats from cyber criminals, we are dealing with a very difficult threat environment. I think the good news is, we have incredible people working across industry across the state and local level, developing defensive strategies that are going to help us ensure that we can protect this nation, particularly from chemical terrorism. We know how seriously the risks are to our system from both cyber and physical threats and the importance of programs like which really emphasize a very holistic approach that encompasses both cyber and security measures. I was going to the risk based performance standard last night in preparations for this talk. In 2009, the standards were laid out in physical security, but also cybersecurity. It was before cyber was really a thing, this committee understood the importance of a collective approach to protecting both the industry and the facility that house our chemicals. We celebrate a milestone, a decade and a half of successful collaboration with the 15th anniversary of our program. As we think about celebrating the maturity of the program, i want to emphasize the reauthorization is a very high priority for us. We cannot lose momentum in those efforts to prevent chemical terrorism. We know that the threat is real. My team and i are very focused on that. I would be remiss if i did not take the opportunity to think security inspectors. I know that there are some in the room here and watching from our regions. They work day in and day out to ensure our facilities. I am really proud of everything that they are doing. I am proud to all of the things that we do to offer voluntary services, whether there is riskbased assessment. I know theres a lot of information youre going to hear or have heard in the summit. Really important to take advantage if you are not already of some of the services we provide. We are going to talk about our cyber Incident Reporting today. Also to be able to report incidents when they incur to help inform the security of the overall sector, as well as the security of the other sectors giving the interdependence that we know what this sector. We use that information to ensure we can raise the bar on our collective defense. I know were going to get started here with kelly. I wanted to take a few are permitted opportunities to tell you how pleased i am to be here and excited i am for the ongoing collaboration that we have with this community. Thanks very much. [applause] thank you. After the fireside chat, kelly murray, she joined in 2008 and has held a variety of roles and has held a variety of roles with regulatory program. And overseeing site security plans and approval, miss murray became the head of the office of chemical security in the spring of 2021. In her role as associate director, she focuses on a wide range of chemical security initiatives, including the maturation of the program, the newly launched program, and the proposed Ammonium Nitrate security program. We are so glad that both of you could join us this morning and the floor is yours. Thank you. Thank you for your opening remarks. We are so happy to have you this year in person. Yesterday everyone got in excited nature because i am glad to be back in person. We do have a handful of questions. In your opening remarks, you touched on threats facing our Critical Infrastructure. Can you start with a snapshot of the current physical and cyber Threat Landscape and what we are doing as a nation to address that . I am excited to be here with you. Thank you for putting the summit together. It is important to walk about talk about the Threat Landscape in holistic way. We play two roles. We play a role with the american Cyber Defense agency. We are the National Coordinator for Critical Infrastructure security and resilience. We are really focused on the full range of threats that can affect all of Critical Infrastructure as we all Work Together to protect and defend it and ensure its resilience. From a cyber perspective we know it is a complex and dynamic and increasingly dangerous landscape. We have seen state actors like russia, china, iran, north korea that are increasingly well resourced in this area and sophisticated. And then, a full range of cyber criminals that have become more sophisticated and more effective given the proliferation of cyber tools. We do not have the luxury just to worry about Cyber Threats. We need to look at the full range of threats. This is something that i know ryan mentioned. Before i came to cisa i was the head of a Firm Resilience at morgan stanley. I was asked to set up our Cyber DefenseFusion Center to ensure we could understand, detents, detect and responded to all , Cyber Threats to the firm. Two years in, we were asked to expand it to a Resilience Center in the understanding that it is not just Cyber Threats, but physical threats. Terrorism, manmade threats, natural threats, hurricanes, diseases, pandemic. We really have to look at the full landscape. That is why i was so impressed with the comprehensive nature of the riskbased portfolio standards, both from looking at physical security, as well as cybersecurity. I think this is uniquely one of those sectors and industries that from the beginning really looked at the holistic Threat Landscape and that is why i am so excited about our work here at cisa and your leadership. One of the reasons we are so successful at implementing at the beginning and standardizing that process was our partnership. We as a regulator in cisa center around partnership. Could you describe cisas approach to those partnerships . Partnerships are at the core of everything we do in cisa. We do have cfats regulatory authority, but most of what we do is not regulated. Its voluntary. I spend the vast majority of my career in hardcore National Security. I was in the army, deployed many times. I was in the intelligence community. In the National Security world, you can say that the federal government arguably has monopoly power. In Homeland Security and chemical security and cybersecurity, the federal government is just a partner. Its just a coequal partner with industry, and in many cases, state and local partners that, some of whom, on public utilities. So, that ability to create trust in relationships is absolutely fundamental to everything we do. Cfats is a critical piece of this. The program you started is also equally important to get a wider range of capability to help protect the entities that are not necessarily part of cfats. A lot of that work is about partnerships. I always say that the foundation of any great partnership, whether a marriage or a business deal, is trust. Building that trust is a fundamental to our success. With trust, you have to approach it with humility and transparency. And gratitude. Gratitude for people coming to the table bringing expertise, bringing ideas, bringing problemsolving and bringing a fundamental belief we have to Work Together for the collective defense of the nation. We were talking about it earlier this morning. How part since the participative this community is in building the collective defense. It is terrific to be part of this today. I know from our perspective, cfats has had a little bit of a rough start at the beginning. Building performance regulation was new and different. It turns out it was definitely the right thing to do. We have always found these partners in this room were never shy of sharing their opinion. They were never shy of collaborating and providing input. While it started off as a little bit of a rocky partnership, because we needed that humility, and to learn how to develop the program, it really turned into, and created, the trust that to this day, this group is just very open, very collaborative, very willing to express their opinions. I think this has created that trust in even a regulator. So much so that we are now all touting performancebased regulation and how that is the future of Critical Infrastructure regulation, in my mind really. I think our Industry Partners would agree. They are often the ones on the hill talking with our Congressional Committee about the benefits of cfats and need for longterm reauthorization. I think that shows a True Partnership model even in a regulatory space. Totally. You have been in this program a while, almost from the beginning. Kudos to you. This is an incredible evolution we have seen in leadership. The program has made incredible strides. It is a model, you know . As i mentioned, we are largely a voluntary agency. When you think about regulation and regulatory authority, i mentioned in my mark the cyber in my remarks the cyber and civic reporting. We will go through a rulemaking process from that. Having come from a highly regulated industry in finance, there is a place for regulation. But, regulation has to be smart. It has to not be overly burdensome. It has to ensure we are putting the right measures in place to collectively protect the sector. Ensuring we are not leading to compliance box checking. It is about optimized risk Operational Risk management. These performance standards are emblematic of a type of regulation that is really effective in this space. An effective model to think interesting model to think about is we evolve in the space, protection, Critical Infrastructure. Moving into the risk area, one of the focuses i know that has been on a lot of your minds and a lot of folks minds is a key to discussing the effort expanding convergence of cyber and physical systems. As a cisa director, what do you see as the most pressing security challenges today and in the future . This is such a important question. One of my big Strategic Priorities for the coming year is to develop a more holistic approach, given the recognition that our systems are all converging between physical and cyber. There was a call with the president s panel on Security Telecommunications yesterday that a great report on i. T. ot convergence. There is a lot of work being done in the sector on that. Certainly, there protection from both physical, but in particular Cyber Threats to Operational Technology systems. In the olden days we thought of i. T. And ot as two separate worlds. There are different systems, but given the impact that you have from Cyber Threats and i. T. Through to ot, this community realizes, given much of the processing controls, the data controls, the industrial control system, that has helped to power the chemical industry, we needed to be very mindful of all the threats that can exist to physical threats, Cyber Threats come into our Operational Technology. That is one of the things i am most focused on. As we know, these can have realworld impacts when you are inspecting things like an electric grid, a data system, a chemical processing facility. We are already putting a lot of effort into our focused. We just expanded what we called our joint Cyber Defense collaborative, but last year to bring together federal government partners, international partners, and Industry Partners for collective defense to identify activity, to create a threat picture, to drive down risk. We recently expanded that to i. T. Centers. We were asked last year by the white house to focus on protection of industrial control systems. I think the chemical sector is next in line that we will kick off the 100 day plan, probably later this year. The other thing im excited about is cybersecurity goals that reflect both i. T. And ot and we will be kicking off with some work on chemical sector goals. We will be tapping into the community. There is a lot going on in this space. I know next week we will roll out our systems. We have our newest agency in the federal government. I am excited to really get that started in terms of how we build the agency that america deserves. A lot of that will be focused on how we are reducing risk in the nation, but also how we are building success. We came off the back of another that was pieced together and now we are building one Holistic Agency to focus on the cyber threat and physical threats to the Critical Infrastructure americans rely on every hour of every day. There is a lot of work in that space. We have a very dynamic threat environment. Its not lost on anybody in this room that its ukrainian independence day. It has been six months since the unprovoked invasion by russia. Certainly, we have been concerned about potential threats from russia or statesponsored or criminally aligned groups on our Critical Infrastructure. That is why we have been talking about shields up. The important new all Critical Infrastructure owners and operators. Frankly, this is really the new normal that we need to focus on. It threats across the board. Really important work. You spoke about all of the important work coming up and building the agency and building capability to do all that work. I know we have been focusing a great deal on internally building the workforce, particularly, our Cyber Workforce. We know that Industry Partners have concerns about building their Cyber Workforce as well. Can you talk about diversity and women in the workforce initiatives and priorities and how those will help us transform the agency to provide the programs . This has been something i have been passionate about my whole life. I started as one of the first classes of women at west point when many did not want women there, did not believe women should be there. That was an early lesson in fortitude and resilience. I have always been a big believer in gender diversity. But it is much broader than that. I am interested in your views on this when you think about. When you think about diversity, neurodiversity, diversity of sexual preference, diversity of race, of national origin, skills, background, gender identity. This is about diversity of thought. This is what makes us better at our jobs, solving our most challenging technical problems. Our security problems. That is why we are focused on building an environment that not just welcomes diversity, but truly celebrates it so everybody has a true sense of belonging. That is the culture we are building at cisa. I have been here 13 months now and i have spent a significant amount of time directly engaging with our workforce to cocreate a cultural framework of values and principles that help define what we expect from each other and what we aspire to be as an organization. It is about inclusion, innovation, collaboration, teamwork, ownership, empowerment, trust, and transparency. I think for anybody looking to attract great cyber talent you have to first make sure you have a culture that will appeal to that talent. Todays cyber talent has a lot of opportunities out there and its very competitive. So, a sense of belonging. A culture of psychological safety, flexibility. We provide thousands of divisions that are remote work and telework. And a culture that really prizes people first. That is a big part of what i have been doing over the past year. Frankly what i will be doing over the next however long i am here. I am interested on your views. I can say that similarly not quite as dramatically, i was also kind of a woman in a maledominated field. I started here 15 years ago. It was a maledominated field. Before that i was at the department. Before that i was a math major. A pretty other maledominated field. While i was very used to that in coming into what is now cisa, i was lucky our program started out with a small group of folks and some amazing female leaders that i aspire to and mail leaders that diversity of thought. We were all in this group together. That is the culture that i came into cisa with p or that is what i inspired the team to continue. Hearing all of the opinions, whether it is the industry opinions, staff level opinions, hearing all of those and bringing them in so that we are as transparent as possible. That is a performance standards need to be is innovative. That is what is working with our Critical Infrastructure partners were our technologies are changing quicker than security can keep up. That is the culture that i work to instill on the team. It is what we try to bring on board. We brought a team member on not too long ago. When speaking with her, she said to me she had a lot of opportunities, when i interviewed with this team i felt like i was home. That resonated with me. I strive to create a family culture, the good kind of family culture, where there is the transparency, flexibility, comfort to make a mistake and own up to it and move past. Hearing that new employees brought under the pandemic that might not have had that connection still felt that way as early as the interview was meaningful. That is great. Are there any other key messages or takeaways that you would like to pass to the group that is at the summit. I really just came here i am so proud of you. At the end of the day, to build the trust to collaborative relationships that we need to defend the nation, and to enter our collective defense of Critical Infrastructure. We have to show our gratitude. I am incredibly proud of the team. I am proud of the partnerships. I am really grateful to this community for everything that they do on the front lines of rejecting the nation. That is a key message that i want to get across. I am excited about more collaboration, the work that we are going to do to get the cifa authorized next year. It is so important for us to make sure that we are well engaged with this Community Day in and day out to ensure the effectiveness of this program. Thank you very much for the opportunity. I hope the rest of the director easterly, associate director, thank you so much for sharing your thoughts with us this morning. Each day of the summit, we will be highlighting what makes the program so special. With messages shared by past and present leaders of your organization, as well as Industry Leaders. I want to thank a moment to thank our Communications Team that has been working hard at putting these videos together the past couple of months, in addition to preparing for the summit. It speaks volumes to the incredible work and skill set of our team here. I would love for you all to take a look at the video that we currently have for today. We will be kicking off this morning succession with a video on the importance of chemical security and the cpap program. Cfats is essential for multiple reasons but the principal reasons are that chemicals are a preferred tool of terrorists and other bad actors. Not only them not only domestically but around the globe. Bad guys over the course of the last few decades have sawed out, acquired and used chemicals in attacks that have devastated communities and killed hundreds, if not thousands of people. Cfats regulation is number one sensible and what we all want. So we want what is right for the country. Number two is the collaboration. We have good collaboration between the industry and Industry Leaders to work towards the common good of the organization. Is central because it is key to ensuring chemical entries. Collaborative jointly, cfats adapts that model. Over its 16 year history, it has become stellar, novel approach to regulations that allows one to achieve risk reduction. We will be following up sharing other videos throughout the course of today and tomorrow sessions. I would now like to hand the floor over to assistant director who would be supplying. Good morning. Welcome everyone, again. I was so excited to kick off a day. I am more excited than yesterday because yesterday went so well. Thank you all for coming back and joining us for day to of the chemical facility antiterrorism summit. I encourage you to keep your agenda open while i am talking because im going to speak on a lot of the highlevel items. Then there are sessions throughout today and tomorrow where if you are interested in something i speak of at the high level, you want to stick around for that next level for that deeper dive. I am waiting for both sides to take off. I could banter a little longer if i need to. Well, i can continue to banter. Ok. Sorry about that. These are some of the topics we are going to go through today. If any of these are of particular interest to you, strongly suggest that you take a look at your agenda, find what we are going to be covering a little deeper in the dive so you get a much deeper understanding of some of these items. As director easterly said, cfats is a priority for our department, certainly for me. Cfats is one of the only regulations that actually has an expiration date. Most regulations, as our industry members no exist in perpetuity and you have to deal with them whether you want to or not. Cfats comes with different expiration dates. Right now we are set to expire july the 27th of 2023. Which will be here before you know it. That comes extremely quickly. If congress does not act, we would technically expire. It is extremely important for us to be able to work with congress and get this program reauthorized. You heard director easterly speak to it, you heard pd secretary deputy secretary speak to it yesterday. This program is the best position to work with our Industry Partners through those industrybased standards and help us to all increase security nationwide. While i have no concerns overall that the program wouldnt the reauthorized, i definitely know that we need to stay focused on that and know that it is a target we need to work towards. The other piece to seek out authorization is getting that longterm reauthorization. For those of us that have been around for a while, we have seen a couple of months extension, we have seen year extension. It makes a really big friends for the industry stability side of the house, as well as for the Program Stability of the house to get that longterm authorization. A five year or more reauthorization of the program, it allows us to be more focused on the program and proven and allows the industry that stability they need in order to continue implementation on the program and to be innovative in your own companies and not have to worry about the cfats program. Next slide. Looking at reauthorization also allows me to look back at the past. I get to go through all of our previous testimonies on the hill and all the fun conversations. I got to do that even more this year with the 15th anniversary of cfats. It has been a world when a whirlwind to go back. It is quite entertaining to see where we came from, appreciate those struggles, know those challenges that we had to overcome together as a team, a partnership model, and then where we are going to go in the future. It has been an interesting journey to look back on some of these things and see where we can go even further in the future. Throughout the summit, you are going to see some of these videos. I hope you see some Friendly Faces and see some stories that remind you of the different times we have had here. I also encourage you to visit our website. There is a qr code in the folder for the fifth anniversary page. Theres also a link appear. We are going to be sharing blogs and stories. We encourage you to share your stories with us as well as we celebrate this milestone. Dont forget to look back at where we came from. And where we are going with this program. Next slide. We have also looked at not just the depths of cpap of cfats. We are everywhere. We have about 3300 high risk facilities under cfats but we have more than 30 we have more than 40,000 facilities that have submitted under us. That is a staggering number. It just reminds us of the breath of our community, that reach, that need for performancebased regulation in order to be able to tailor those security plans to all of these communities and the needs of the specific areas. This is one of my new favorite charts. It is so colorful but it really does highlight how expensive we are in all 50 states, and hundreds of counties and communities. Puerto rico, warm, we really do touch everywhere. I know the instructors love those sites to visit. Really just highlighting that. Next slide. At the same note, highlighting not just location and community, but also of types of industry. I will not do the prison strokes. For those of you who were here yesterday, you heard it. It will never come out of my mouth. What i will do is say, why we have these top industries, many are not surprising to folks. Chemical manufacturing, distributors, paint encoding manufacturers may be a little surprising to folks. We also have so many more. We have the prisons, hence the joke. We have the wineries and breweries, that is my personal favorite. We have the colleges and universities. We have an offshore platform that for a different reason isnt regulated by the coast guard, so that is one of the ones that we get. You get such a variety of facilities that are so much more than the chemical sector. Or the traditional chemical facility. They really do span that breath. That is why our program is so well fit to address the security needs here and the security risk. We threw up our quick side our quick slide on the secure facilities. Tier one being out of those 40,000 facilities, we have about 30,000 high risk facilities. If you are in that category, welcome. You deserve to be in that category out of those 40,000, that means you are a high risk facility within cfats. You will notice most are tier four and tier three. We like to say at cfats, if you have seen one cfats, you have seen one cfats facility because of the experiences you get. Next slide. A few more fun facts about cfats. Toptier chemicals, these are not the top reported chemicals. These are the ones that come in as high risk. You will see chlorine on here twice. Chlorine is on here twice because chlorine is regulated where someone would come on to the facility, take it and use it elsewhere. Which is a different thought for a lot of folks when you are thinking chemical facility. What the cfats program does is protect our communities outside of that community border. If someone takes that to a stadium, to subway, an office building, they can do great damage. The majority of facilities that we regulate. The others here you will see may surprise you. Maybe not. Hudgins relocked Hydrogen Peroxide is a very commonly used chemical so of course is highlighted. But many folks dont think of it as a danger. So socializing that so that facilities know about them. You will see the majority of our facilities fall into that best version category. At those lucky facilities that get to be both diversion and release, as well as our very small percentage of sabotage facilities. Next slide. I love numbers. I i said earlier i was a mapped major. I packed this slide with so many numbers and fun facts. The numbers on here that i find incredibly impressive is we have received over 100,000. That is a lot of surveys. Below the cfats 2. 0 days, that was a long process. Now we are receiving them on a daily basis. Facilities are coming into the program, changing their Chemical Holdings all the time and we are processing that on a very regular basis. Over 14,000 inspections. That is a lot of inspections to see, especially when you see we did get off to a rocky start and didnt start that program until about 2012. The other interesting number here is that we have done over 10,000 compliance assistance visits. That is almost as many infections. I think that number is extremely telling in that it again highlights the partnership model. We have done almost as many assistance visits as we have done regulatory inspections. Most of most of what our program does is to help you come into compliance. It is not about the penalty, it is about assisting. I found that number incredibly telling of our story. We have over 4000 security plans approved. Somebody doing the math in their head and saying only regulate about 100 33 facilities but you say you have done 240 approvals, that is because facilities come in and out of the program. We have at facilities come into the program, that their approval, exit the plan because a reduced quantities were created a safer alternative. We have also had facilities come in a little later. That makes a facilities coming in and out. Next slide. Some more math, i know. We will start in the green box. Through those 4200 or so security plans, we have seen tens of thousands of security measures. The chemical sector cfats cfats and the the chemical sector and the cfats community at large has done a great job. Through inspections, we have also in we have also identified the enhancements these facilities can take. This can range anything from installing intrusion detection since thumbs detection systems, securitybased programs, conducting background checks required as part of cfats. Establishing restricted areas and accessing control. Tens of thousands of security measures have been implement to. At the point of approval, that means about 75 of our facility commit to a longerterm action. They commit to doing some plan enhancement in the future that they have not been able to accomplish before. 75 . All of that work leading up, all of that enhancement going on during that approval process and then on top of that there was further commitment to further enhance their security. My favorite metric. Those are security those who are Security Professionals in the roma know how hard it is to sell security. You have got to talk to corporate, find money to sell security. What is the success of security . Something not happening. How do you sell that . That is tough. How do you go and say, well, nothing happens nothing happened, so we are doing a good job so i need more. We at cfats are trying to take on to see what can we do. My favorite metric is we are able to quantitatively look at security plans from when they first enter the program to when they are approved. We see a 57 increase in security. That number is staggering to me to know that we are making that big of an impact. As director easterly said, we dont want to we want to be an curate he enhancement through partnership. That 50 tells me we are succeeding there. Next slide. Lets talk about a little of our updates and Favorite Program enhancements and improvements. Cfats security programs. One of our industry point standards, performance standard 12. That performance standard requires companies to do for types of background checks on certain individuals. That is an identity check, legal authorization to work, criminal history and screening for. A company on its own cannot just go out and start screening their employers against the terrorist screening database. That is a governmental function. Because of that, we had some products on that when we originally launched that about 10 years ago. We launched this Program Starting around 2015 or so with a very slow roll. Trying to work with industry and Law Enforcement partners on how to execute screening for highest individuals. This is one of our Key Partnership models and moments of success. It was a little dramatic. We had some pushes and pulls. We had some Difficult Conversations about how to do this. We ended up coming up with four different options for how a facility could comply with the standard. I am really happy that most facilities have chosen to go with option one, which is very easily submitting information directly to us for that terrorist high setting. That is another win for the program. One, it helps us to get that information and two, it helps us to better share that information. More than 14,000 names are being vetted against the database. One of the promises that we made early on when we were having the most focal conversation was that we didnt want to work with industries when there was a positive match. That is a tough ask. Because you are dealing with those Law Enforcement equities, intelligent equities. We were close with them to be able to negotiate the language on how we can make this happen. Another key measure of success for the cfats program, i am very happy if it was 413 thousand names, we have identified positive match through the cfats program. In accordance with and Law Enforcement, we have been able to work directly with the facility. That is something i dont know that folks believed we could do. I take that back to, we have the partnerships with Law Enforcement. We have partnerships with the industry and we are able to bring both to the table. Another really big moment of success for the cfats program. I spoke earlier about the rest of the facilities and how these companies that may not think of themselves as chemical disabilities chemical facilities really are chemical facilities. Or a cfats highrisk facility. One of the challenges of the cfats regulation, because we dont regulate just one sector, is that we have to continuously be doing outreach to our partners with our federal, state, local partners. Industry partners, Association Partners to get the role to get the word out and make sure folks understand the recording the reporting requirement to cfats. They may not be thinking anything of that Hydrogen Peroxide. My family owns a little ice cream shop. They are a food manufacturer. So they came up on our list of a group that may have chemicals of interest. I can attest they do not. But they were a partner we actually reached out to. My familys little ice cream truck, do you have chemicals of interest. You are a Food Manufacturing business, you might. That is a business that would never think of themselves as a cfats highrisk facility. Thankfully they are not. But that is that outreach we need to do to find these communities that may not think they are regulated under cfats. Over the years, we have identified more than 9000 facilities that failed to that failed to report to us. We are not going out there to find them immediately to tell them they have chemicals, that is not the approach. The approach is to educate them. Why are they being the fort why are they being reported to . Our work is not done. This research is something we are going to have to do for the life of the program. Different programs come into the program, Different Companies go out of the come go out of the program. 3d printing is this new, cool thing going on. That is a new target area we have to look at. We have to stay on the ball. I ask you to help me do that. Based on that partnership model, how can you help us to take the path on what is going on in the community and raise that awareness of what is reportable to cfats . One way you can really help me is by sharing our flyer. For those folks that shift chemicals, all you have to do for those folks that ship chemicals, all you have to do is attach it to the shipment. It is a great, quick, easy ad that can really help and identify those supply chain areas that we might be missing. My plea to all of you, if you can add our flyer to your packet or on your website, it would really make a big difference to us. Some other unique ways i have seen this done, some companies that manufacture or do the blending will add the cfats data sheet. Others have included it in their know your customer program. Did you know you are receiving a chemical of interest that we want to validate and verify. A lot of ways to share the information, spread the awareness and let them know, we are not the scary government, we are they here to help government and bring them into the fold of cfats. Speaking of the scary government , we do have penalty authority. We can penalize facilities. This year at our number is 38,139 dollars per violation, per day. Where on earth did you come up with that number, kelly . That is based on inflation. Our original rate was 25,000. With inflation today, that rate is at that 38,000 number. I have found that the carrot, the olive branch works a lot better than the stick. 40,000 facilities, already 300 highrisk facilities, we have imposed penalties on less than 20 facilities. It is not something we prefer. It is not the courts we actually want to take. That number of less than 20 enforcement action does highlight we are trying to work towards partnership. So, who has had a recent compliance inspection . And who has experienced our new inspection report template and heard about that . A handful. Ok. We recently underwent what was a four year in the making process to update our template for our compliance inspections. What we wanted to do was both make sure the inspection was as possible, but also gather more data. I am a big math nerd and i like data. What can we get from these compliance inspections . How many do we that we can then spread the word on so folks are better prepared for their inspection . We can also start to use all of this data to inform our best pack best practices for things like larger. One of things that you have decided to do that comply with cfats . A big effort of the new report template and why you may be hearing some different questions on your inspection is about getting that data and being able to analyze and make sure that complete inspection is going on. The inspection process has not changed. I no one area you all will definitely hear about more is on the cyber side of things. In 2016, that actually asks you to report your Cyber Systems to us. That helps analyze security measures that may be needed at your facility. We are taking that a little step further now. We are trying to understand in that border system how the systems or network, how they are configured, the software that is running on the system, so that we can make sure we are appealing so we can understand that landscape out that in their community. If you want to hear a little more about that, i would encourage you to take the two sessions we have got. One is the other is what to expect compliance for a profession. This is an area where you may hear a little bit more and be able to ask some of those critical questions. Next slide. I am going to speak about cyber a little bit. Very standard in the original regulation. Because of that, we have learned a lot about implementing fiber. Focusing on the systems your facilities have. Those afflicted on security overall. We have really been focusing on cybersecurity making sure we stay on top of that landscape. A part of getting that data from your reports and getting that data and your site security plans allows us to better feed you data on any vulnerabilities that are out there. We are now looking at the data that we have overall on vulnerability. We are reaching out to our high facility a bit of it to being regulated, but also sharing on that partnership. That is the number one act we have gotten in the past. Share that intelligence, that vulnerability. We are now really working hard to do that. Since the 2021 lance cobb landscape we were talking about we are seeing more and more activity in this area. We really do need to be cognizant and use all the resources we have available to us. Some of those resources are your cfats cfats cfats impresses, we can be difficult to navigate. We strongly encourage folks to our high dream hygiene focuses team. We are going to highlight not only what the service does, what the service has found in your community. What are the most common threats and vulnerabilities, and what are the steps you should be taking for those . We are also going to have cyber Incident Reporting session and for those that are glazing over as i have been talking cyber now, we are going to have our Cyber Security dont be scared, come and join me, learn how to speak the language. It will be fun. That is the tip of the iceberg. There are so many more services. Please reach out, use a Different Services that we are seeing. Program. We lost it in november in 2021 and its available to all around facilities and we have many different resources and things you can pull down from the webpage, things you can west can request. Strongly suggest you attend that mission. We really are excited about the program. This is about piloting something and working towards that common goal. If there is a service or a resource we have not thought of yet, please propose it. We want to look at what else we can be doing. We want to talk about where else we can be going. We are going to start to pilot some onsite assessment. We are looking at chemical security drills we can do. We want to continue the collaboration and provide you the resources and the assessment that are going to be useful to the community. If you dont see on the catalog of things we are offering, please raise it. Ask us about it and maybe we will have a team start working on developing something. Next slide. The proposed Ammonium Nitrate program. The original authority to regulate the sale in 2007. We have really struggled we are trying to balance the requirements in the Statutory Authority with the security benefits of that regulation. This regulation is at the point of sale. Nine facility. It is about to sale and transfer. It is about one chemical of Ammonium Nitrate. That means the cost and benefits of that, pretty difficult to navigate. We have been thinking a lot we had a lot of 70s on this route. We have been looking towards our international regulations. Trying to learn the best we can from them in order to propose something new. We have a supplemental proposed making we look the lookout for a new approach. Something on the something different. So we can make this the best ultimate final rule next. I was thinking of the global world. We are definitely making steps in taking amazing strides and leading the world and cubicle certainty in the u. S. It is known to talk to our international partners, they are not only does with the standards we have established, they are they are. And share all the knowledge that we have gained with a lot of our partners. One of the ways that we do that is through the global and emerging threats. The that is a group lawmakers, republicans, academia, that come together. The defense reduction agency. We worked to bring all these parties together to really analyze the situation globally on chemical security and try to come up with solutions that we can tackle. As a part of this, we come to meetings in person, which can be exciting. And what actions the Global Congress could take to achieve those. One of the highlights i like to point out is this shows that we are really leading the world. Everybody in this room would say we have a very strong chemical security culture. That is why you are here. That is why youre calling in. That is why you are paying this much attention as you are. I think we are focusing on cybersecurity. We are continuing to stay engaged. The way we do that is, with global standards. For those companies that have international print, this is a great way to use some of your Corporate Industries to let us know where they are and set that baseline across the board to elevate criminal chemical security. Overall, i just want to say thank you. I hope that what you heard here from the highlevel we have an International Session i hope folks are excited about hearing about. One of our other parties are doing and what we can learn from some of the other parties as well. With that, i will open it up to questions. I said yesterday, ask the tough questions. The mic is coming. Hi, randy connor. Do you guys have for cfats any type of certificate or report card. We dont have a report card per se. What we almost consider a certificate is a letter of approval. Once it is compliance. A certificate you could hang on the wall. It officially notifies you you are in compliance. The other piece you could always ask our instructors for they will leave you with a written document of any items that they saw were actual problems. They will also leave you with any recommendations. The question was how on the set level of approval last. That letter lasts until we see the next time, or if you were to change something your security plan. Then you would need to get a new letter. But the letter exists until we come back and see the next time. You mentioned a new way the inspectors will be doing the way the report goes. The new format. Can that be shared . Security and those things to better prepare someone. For a site visit. We have heard that one and we are working on it. We are not going to share exact templates. The template is your security plan. That is one of the things i like to tell folks. The report they are using is a temporary document for the integrator. They are looking at your trick theory plan and their numbers you have blazoned you can verify that onsite. There are some of those additional questions about those numbers and that is what we are looking to put a new fax sheet together. There is a new that includes individuals we would expect, we want to see the records, we are going to be updating that fact sheet with a little more detail based on some of the questions you are asking me and some of the new reports. Good morning. Thank you. I have been doing this since 2007. As we go forward being in the energy business, we are seeing a lot of tsa, dhs. Now, there is not many of us on the security side. In my company. Is there any coordination in your efforts, especially as we come forward i know that folks in the room and on the line are regulated by alphabet soup. That can lead to lots of concerns and a lot of burden. We as part of dhs, th coast guard are meeting on a daily basis to talk specifically on cyber and where we all think we need to go or best harmonize. There are statutory limitations in the different authorities estimate how far we can harmonize. Insufficiently bit eventually that they are learning and we are sharing as much as we can to harmonize those efforts. The Critical Infrastructure cyber Incident Reporting act. Part of that is a requirement for harv for harmonizing. It has always been a long term goal. I dont think will ever get to all small working on. Thank you for the comment from the inspector at the health decks. The question notes about the reporting. You mentioned a reporting about cyber features in place. Will you please read when that repetitive that requires for boarding on those people. How would you expect those people to respond . It may have been a voluntary approach. What we used to do, we would ask that question during the inspection and approval process. Inspection inspectors would come out during the first inspection. Or sometimes our analyst would come out and talk to us. What are your Cyber Systems . How are they connected . Understanding the cyber posture of a facility. In 2016 to 2018, as we rode out our new Online Security plans, that is when we included those security questions specifically in the tool. We expect facilities to ask that. We have it was more a formula rising and putting the data and where we can grab it here. The question for folks on the line, how has that been going . How is the feedback from industry . We originally rolled that out in 2016. It was a very slow and tailored rollout of our revised tools. It finished around the 2018 timeframe. That has been good. Specifically as we used that information to inform companies of potential threats and vulnerabilities, we have had a lot of positive feedback. Thank you for sharing that information, and for tailoring your performance standards to my facility. Those facilities that had the Industrial Controls the phone order and the mangled track sheet might not need all of that. This was a way for us to more clearly more clearly tailored to those facilities. There is a fact sheet on our website that also talks about this system requires these sorts of security measures to better align with our performance standards. How are we doing . You mentioned the options for screening terrorist ties. I am looking to get more on those. All who or where should i talk to . I strongly suggest you go to the cfats options. There are four basic options. Option one is direct setting where you submit the individuals information directly in the portal to us. Option two is submitting information to us but taking credit for an existing credential, so putting that information into the system. Option three is an option for is a verification of credential. Those two ladies sitting over there are the absolute experts on it. Yup, over here. We have got to we have got two mics coming to you. Thank you. Great information. First time here at this conference. You shared some data points. I am a person that loves data points, too. Are there other data points more on the side of the success of the program in terms of threats, realworld threats. We have heard some anecdotes yesterday and in some sessions today with some tea studies, but are there other more detailed data points that can help to sell the program to the executives in the business and say these are threats that are real, participants in the program shared they have stopped these kind of things from happening as a result. I have a lot of anecdotes. Unfortunately, the data is harder in that area. Because what do you credit with stopping something . I love where your mind is at. But unfortunately, i dont have real data on that. I have a lot of fun and does. One of the anecdotes we hear quite frequently is talking about the relationship was First Responders and how that relationship was established because of feedback. In this we have a lot of those good stories to tell. Unfortunately, i dont have numbers to back that up. It is the problem with security regulation. Any other questions . I will be around all summit. I think we are clear. [applause] cspan is your unfiltered view of government. We are funded by these Television Companies and more. Including comcast. You think this is just a Community Center . No, it is way more than that. So students from lowincome families can get the tools they need to be ready. Comcast supports cspan as a public service, along with these other television providers. President Lyndon Johnson signed the Social Security amendments into july into law and july of 1965. This established medicare, a Health Insurance for the elderly and medicaid, for people with limited income. We look at that landmark legislation tonight at 8 00 a. M. On cspan. It is a part of our washington journal series airing all week here on cspan. Be uptodate in the latest with publishing with books, tvs and podcasts about books. With current Nonfiction Book releases. As well as Industry News and trends to insider next. You can find the book on cspan now our free mobile app or wherever you get your podcasts. The House Budget Committee held a hearing on whether the debt budget should be eliminated. Mick mulvaney was among the witnesses. Kentucky Democrat John yarmuth said the debt limit should be abolished. It is about two and a half hours. This hearing will come to order. Good morning and welcome to the budget committees hearing on why Congress Needs to abolish the debt limit. Without objection, share the