Category Archives: Chemical Industry Security

Chemical Vulnerability and Anti-Terrorism

This entry was posted by on .

CVI and CFAT information are regulated by DHS and relate to Chemical Vulnerability Information and Chemical Facility Anti-Terrorism. If your company has CVI responsibilities, how are you managing access to the information and assets in your organization by vendors, visitors, technicians, and security staff?

Without a solid visitor management approach, you end up in a situation where people who are knowledgeable of significant vulnerabilities may not have been trained on how to handle that information. Get CVI certified, register all your vendors with this certification, and know how, when, and where they touch your critical CVI.

Chemical Vulnerability Information or CVI is information that is intended to be protected by DHS directive. Companies that handle chemicals, be it for manufacturing, food production, or other purposes, have an obligation to protect this information. With that obligation comes a need for companies to have a way to ensure they can prove that the information is protected, and to follow certain procedures in order to ensure their employees, contractors, and vendors also protect this information.

The first step in dealing with CVI is to cover the basic handling instructions. DHS has provided documents and training to ensure that these practices are carried out in a timely and organized manner. The actual practices are: 

        • Storage of CVI
        • Marking of CVI
        • Transmission of CVI
        • Responsibilities when in transit with CVI
        • Destruction of CVI

The DHS directive in 6CFR S 27.400 (e) (3) indicates that DHS provided CVI Training is necessary and appropriate for anyone who will access, use, store, mark, transmit, mange, or destroy this information. Thankfully, this training is publicly available, free, and not too difficult for individuals to acquire. By going to this link, staff, contractors, consultants, or other individuals at your organization can take this training.

These staff members should report to the organization that they have had training, and provide their certification number. That information should be stored, and used to ensure that exposure to this kind of information is managed effectively. If you have new vendors or contractors that visit your site, you should prevent access to areas that will expose this information, or access to the actual assets that are protected, if the individual has not had this training.

Using a tool like the Alert Enterprise Guardian Express and Visitor Management, you can manage visitor access, check your HR systems, or even store certification numbers for staff, ensuring that your CVI is protected. Having a fully audited workflow, individuals can be approved once credentials have been validated, ensuring that you are proactively meeting the CVI and CFAT standards put forth by DHS.

If you would like to better understand how Alert Enterprise can help you to protect your CVI assets, and also manage your overall security posture and risk, please contact us to discuss.

As provided by 6 CFR S 27.400(e) (3), DHS has determined that, except under emergency or exigent circumstances, successful completion of DHS-provided CVI training is a necessary and appropriate condition for any individual’s access to CVI. DHS reserves the right under 6 CFR S 27.400(e)(2) (iii) to require non-disclosure agreements in the future, as appropriate, as a condition for becoming an Authorized User or otherwise obtaining access to CVI. 

From < read more

Stop Attacks and Disasters Across IT, OT and Physical Assets with Security Software

This entry was posted by on .

Attacks and Disasters Happen Across all Verticals, and They Often Cross IT, OT, and Physical Infrastructure. So How Does it Make Sense to Have a Security Strategy that Only Protects IT?

Below are a few examples of attacks and disasters that happened across IT, Operational Technology (OT), and Physical Assets across many different verticals. Most of these are recent, but one of them was 30-years ago and most people still remember it.


Electrical Substation

The attack began just before 1 am on April 16 last year, when someone slipped into an underground vault not far from a busy freeway and cut telephone cables not far from San Jose, CA. Within 1/2 hour, snipers opened fire on an outlying electrical substation. Shooting for 19 minutes, they surgically knocked out 17 giant transformers that funnel power to a nearby metropolis. A minute before police arrived, the shooters disappeared into the night. Power disruption was avoided by rerouting power from other stations, but the station remained closed for 27 days for repairs. Other Utilities Substations that have experienced trouble are: Melbourne, Australia, Scarborough, Ontario and Warren, Minnesota to name a few. read more

Security Software That Stops Threats Across IT, OT and Physical Assets

This entry was posted by on .

“Attacks and disasters don’t happen in technology silos, they happen across IT, OT, and Physical Assets.”
—Jasvir Gill
Founder and CEO, Alert Enterprise!
Former Founder and CEO of Virsa Systems (Acquired by SAP)


 AlertEnterprise is utilized by energy, oil and gas, airports, federal, chemical, enterprise  customers and more. We are recognized by top industry analysts as a technology innovator because our software uniquely detects, mitigates, and in many cases stops threats and disasters across IT, OT, and Physical Assets. read more

Converging on an Un-Common Cure for the Chemical Terrorist

This entry was posted by on .

On June 26, 2009 in a congressional roll call joint statement issued by four powerful congressional leaders (Thompson, Waxman, Jackson Lee and Markey) called for support for the bill HR 2868 that would grant Department of Homeland Security the authority to make the CFATS program permanent going forward. Some of the important provisions of this bill include reducing the threshold amounts of dangerous chemicals or switching to safer chemicals. Additionally water treatment and distribution systems, waste water treatment and port facilities would no longer be exempt from complying with these safety provisions. read more

CFATS prescribes a risk management approach to security

This entry was posted by on .

CFATS – Chemical Facility Anti-Terrorism Standards has been enacted by Department of Homeland Security to protect infrastructure that includes production, storage and transportations of chemicals that are hazardous in nature.

Various government regulatory agencies have created classification systems for different kinds of materials. According toe the American Chemistry Council, the US chemical industry produces $755 Billion dollars in product every year. These products are categorized as read more