HLSS645Wk5

An FFRDC operated by the RAND Corporation under contract with DHS

HS ACHS ACAC HOMELAND SECURITY OPERATIONAL ANALYSIS CENTER

Risk-Informed Analysis of Transportation Worker Identi� cation Credential Reader Requirements JOSEPH C. CHANG, JAMES V. MARRONE, DAVID METZ, SEAN COLBERT-KELLY, MATTHEW A. DENARDO, KEITH GIERLACK, CHELSEA KOLB, RYAN BAUER, DEVON HILL, KRISTIN J. LEUSCHNER

This research was published in 2022.

Approved for public release; distribution is unlimited.

iii

About This Report

To help it implement the final reader rule entitled “Transportation Worker Identification Credential (TWIC)—Reader Requirements,” the U.S. Coast Guard (USCG) asked the Homeland Security Operational Analysis Center (HSOAC) to estimate the population of the Maritime Transportation Security Act–regulated facilities that the rule might affect; develop a transparent, objective risk assessment model for these facilities; and conduct a cost–benefit analysis of the regulation.

This report describes our analytical efforts to address the three research areas mentioned above. Because there is no database of Maritime Transportation Security Act–regulated facilities with all the requisite infor- mation about certain dangerous cargoes that facilities handle in bulk, we resorted to other data sources, such as the U.S. Environmental Protection Agency’s databases, an online survey, and interviews, to estimate the facility population. For the facility risk model, we used the modeling approach for assessing potential con- sequence included in the risk engine of the Cybersecurity and Infrastructure Security Agency’s Chemical Facility Anti-Terrorism Standards (CFATS) program, harmonizing the TWIC and CFATS programs in con- sequence assessment. Because there was no credible estimate for the probability of a transportation security incident, we used a break-even analysis to assess whether the final reader rule is cost-effective.

This research was sponsored by the USCG Office of Standards Evaluation and Development and con- ducted within the Strategy, Policy, and Operations Program of the HSOAC federally funded research and development center (FFRDC).

About the Homeland Security Operational Analysis Center

The Homeland Security Act of 2002 (Section 305 of Public Law 107-296, as codified at 6 U.S.C. § 185) autho- rizes the Secretary of Homeland Security, acting through the Under Secretary for Science and Technology, to establish one or more FFRDCs to provide independent analysis of homeland security issues. The RAND Corporation operates HSOAC as an FFRDC for the U.S. Department of Homeland Security (DHS) under contract HSHQDC-16-D-00007.

The HSOAC FFRDC provides the government with independent and objective analyses and advice in core areas important to the department in support of policy development, decisionmaking, alternative approaches, and new ideas on issues of significance. The HSOAC FFRDC also works with and supports other federal, state, local, tribal, and public- and private-sector organizations that make up the homeland security enterprise. The HSOAC FFRDC’s research is undertaken by mutual consent with DHS and is orga- nized as a set of discrete tasks. This report presents the results of research and analysis conducted under task order  70Z02320FMSR04300, Risk-Informed Analysis of Transportation Worker Identification Credential (TWIC) Reader Requirements.

The results presented in this report do not necessarily reflect official DHS opinion or policy. For more information on HSOAC, see www.rand.org/hsoac. For more information on this publication,

see www.rand.org/t/RRA1687-1.

Acknowledgments

We want to acknowledge Kimberly Wilson, Jeffrey Horn, and their colleagues in the USCG Office of Stan- dards Evaluation and Development; and Bradley Clare, Nicolette Vaughan, Andrew Meyers, and their col- leagues in the USCG Office of Port and Facility Compliance for their strong support and expert guidance

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

iv

throughout the study. Kathryn Clay and Jay Cruz of the International Liquid Terminals Association; Kimberly Wise White, Jeffrey Sloan, and William Erny of the American Chemistry Council; and Jeff Gunnulfsen of American Fuel and Petrochemical Manufacturers have been tremendously supportive by providing indus- try perspectives and reaching out to their respective memberships to seek additional inputs. We are grateful to the USCG Office of International and Domestic Port Security Assessment for providing the Maritime Security Risk Analysis Model data. We thank Henry Willis and Victoria Greenfield of HSOAC for very informative discussions about the proper interpretation of the results of a cost–benefit analysis. Comments from Alison K. Hottes of HSOAC, our informal reviewer, have greatly improved this report. Ellen M. Pint, Edward W. Chan, and Katherine Tiongson, our formal HSOAC quality-assurance reviewers, have also kept us grounded and provided helpful guidance. Rebecca Weir skillfully processed the U.S. Environmental Pro- tection Agency’s Risk Management Plan data.

Finally, we want to express our sincere gratitude to Terry McClure of the Cybersecurity and Infrastruc- ture Security Agency and Thomas Taylor of ABS Group for their generous support in providing technical expertise in and conducting a massive number of simulations of the CFATS risk engine. Without their assis- tance, this study would not have been possible.

v

Summary

S.1. Issue

The Transportation Worker Identification Credential (TWIC) program, jointly administered by the U.S. Coast Guard (USCG) and the Transportation Security Administration (TSA), requires anyone accessing a secure area at a Maritime Transportation Security Act (MTSA)–regulated facility, vessel, or outer continen- tal shelf facility either to have a TWIC or to be escorted by someone with a TWIC.1 Facilities must maintain access control programs at secure areas to verify each person’s identity and business purpose. Until recently, facilities could conduct these checks by inspecting TWICs visually; however, a 2016 USCG regulation, known as the final reader rule on TWIC reader requirements, would require any facility that the USCG determines to be of high risk to inspect TWICs electronically and verify the identities of credential holders using stored biometric data. Final implementation of the reader rule has been delayed (from 2020) until May 8, 2023, for three categories of facilities that handle certain dangerous cargoes (CDCs) in bulk.2 During the delay period, the USCG wanted to reexamine the population of facilities subject to the reader rule delay and to reestimate the costs and benefits of the TWIC reader rule.

The USCG asked the Homeland Security Operational Analysis Center, a federally funded research and development center operated by the RAND Corporation for the U.S. Department of Homeland Security, to conduct a risk-informed analysis to support the implementation of the final reader rule. The specific research questions were as follows:

• How many facilities are subject to the reader rule delay? • Is the final reader rule cost-effective for those facilities?

The researchers conducted three main tasks to answer the research questions:

1. We estimated the population of maritime facilities that handles CDCs. 2. We developed an objective, transparent risk model for these facilities. 3. We developed a revised cost–benefit analysis for the reader rule delay based on the population estima-

tion and the facility risk model.

Although many commodities are considered CDCs, only 43 CDCs are authorized to be transported by vessels in bulk, according to a 2020 USCG CDC job aid. Facilities that handle these 43 CDCs in bulk are the focus of this report.

1 For purposes of this report, facility refers to [a]ny structure or facility of any kind located, in, on, under, or adjacent to any waters subject to the jurisdiction of the United States and used, operated, or maintained by a public or private entity, including any contiguous adjoining property under common ownership or operation. (33 C.F.R. § 101.105)

2 For purposes of this report, bulk refers to a “commodity that is loaded or carried without containers or labels and that is received and handled without mark or count. This includes cargo transferred using hoses, conveyors, or vacuum systems” (33 C.F.R. § 101.105).

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

vi

S.2. Our Approach

The overarching principle of our study is transparency and defensibility in support of rulemaking and imple- mentation. To that end, we

• used only unclassified and nonproprietary data • applied consistent, reproducible approaches • clearly documented the formulations, assumptions, and limitations of our approaches.

For example, because a single comprehensive data source with the requisite information does not exist, we collected and collated facility-level information from multiple unclassified data sources to estimate the popu- lation of facilities subject to the reader rule delay. We decided to conduct a consequence-based risk assess- ment for this study because threat and vulnerability information is typically restricted.

Our facility risk model is based on the Cybersecurity and Infrastructure Security Agency’s well-known and well-documented Chemical Facility Anti-Terrorism Standards risk engine (Cybersecurity and Infra- structure Security Agency, 2021), whose consequence (in terms of the number of fatalities resulting from a potential CDC release) assessment methodologies are objective (i.e., physics-based and reproducible) and transparent (i.e., with ample documentation). We further developed a facility typology to practically group facilities based on observable attributes, such as CDC quantity and local population density. Harmonizing the consequence assessment approaches for both the Chemical Facility Anti-Terrorism Standards and TWIC programs is consistent with a 2021 U.S. Government Accountability Office recommendation that similar Department of Homeland Security chemical security programs should collaborate better (U.S. Government Accountability Office, 2021). (The TWIC program also applies to nonchemical facilities, such as ferry and cruise terminals.)

S.3. Key Findings

S.3.1. How Many Facilities Are Subject to the Reader Rule Delay? We developed the lower- and upper-bound estimates of 471 and 711 MTSA-regulated facilities, respectively, that are likely to be subject to the reader rule delay. To develop the lower bound, we counted every facility that reported at least one CDC in our data sources. Merging facilities that handle CDCs in bulk across disparate data sources required substantial matching and validation efforts. To develop the upper bound, we applied a reasonable extrapolation scheme to identify additional facilities that had operations that were likeliest to handle CDCs in bulk. These estimates (i.e., 471 and 711) fall between the (low) USCG estimate in the reader rule delay and the (high) estimate from trade associations.

The USCG may revise the final reader rule to carve out some facilities that we identified as handling CDCs. As a hypothetical example, we discussed the possibility of excluding barge fleeting, container, and International Convention for the Prevention of Pollution from Ships (best known as MARPOL, for “marine pollution”) facilities (that are not also bulk liquid facilities) and provided estimates of the numbers of such facilities.

USCG’s estimate in the 2020 TWIC reader rule delay of the number of affected facilities was based on its original standard for identifying facilities that handled CDCs and other hazardous materials, called risk groups. Our analysis shows that these original facility risk groups were a poor proxy for the population of facilities subject to the reader rule delay. Many facilities that had been categorized as not handling CDCs did, in fact, report CDCs to the data sources we used in our analysis. Among the facilities that handled CDCs,

Summary

vii

anhydrous ammonia was the most-common CDC, although many facilities handle more than one type of CDC.

S.3.2. Is the Final Reader Rule Cost-Effective for Those Facilities? Using the facility population estimates and the facility risk model, we conducted a cost–benefit analysis for MTSA-regulated facilities subject to the reader rule delay. When estimating costs, we considered the capital, maintenance, operational, additional (i.e., card and reader failures), and government costs. For estimation of benefits, we used the value of a statistical life (Putnam and Coes, 2021) to monetize the potential con- sequences avoided (in number of fatalities as suggested by the facility risk model). We assessed costs and benefits using break-even analysis, which estimates the average number of transportation security incidents (TSIs) that must be averted each year for the regulation to be cost-effective. We estimated that the TWIC reader rule would have to avert a TSI approximately every 60 to 90 years, at a minimum, to be cost-effective. The USCG previously rejected regulatory alternatives for the TWIC reader requirements when the required break-even frequency was at or below a rate of one TSI every 50 years. Whether a threshold of 60 to 90 years is reasonable will require some subjective judgment.

Although the reader rule is potentially cost-effective even in its current form, reasons exist to con- sider a more-targeted approach that excludes low-quantity or low-population density facilities, or both. Using hypothetical regulatory options, we demonstrated that a more-targeted approach affecting only higher-consequence facilities would need to avert only one TSI approximately every 200 to 600 years to be cost-effective.

Both a targeted approach and the reader rule in its current form have supporting arguments. A targeted approach lowers the regulatory burden on lower-consequence facilities, focusing on higher-consequence facilities only. As a result, a targeted approach is likelier to be cost-effective, even if TSIs occur less than once in 100 or 200 years. But a targeted approach leaves lower-consequence facilities unhardened, which could be undesirable if threat or vulnerability at those facilities is believed to be high. In addition, the rule as written is more straightforward than a targeted rule, and it satisfies the precautionary principle that casting a wide net is preferable so long as it is cost-effective. Ultimately, the USCG must consider these trade-offs in addition to cost-effectiveness when implementing the final reader rule.

S.4. Conclusion

Implementation of the final reader rule will inevitably require ongoing monitoring and enforcement. This is because the facility population will change as facilities open or close; indeed, our population estimates could become outdated in just a few years. In addition, implementation would benefit from data infrastructure that does not currently exist, such as knowledge of which facilities actually handle CDCs in bulk.

Therefore, implementation of the final reader rule would be greatly streamlined by developing a reporting system that records, at a minimum, the types and quantities of CDCs being handled at each MTSA-regulated facility. In addition, if the final reader rule carves out certain exceptions, the USCG might also want to know how CDCs are being handled. Presumably, this information must come from facilities themselves and would need to be updated at regular intervals (e.g., during review of each facility’s security plan every five years) to determine how the regulated population changes.

ix

Contents

About This Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v Figures and Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

CHAPTER ONE

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.1. The Motivation for This Study . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2. The Focus of This Study. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.3. Background on the TWIC Reader Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

1.3.1. Origins of the TWIC Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3.2. Overview of TWIC Rulemaking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

1.4. Determining Which Facilities Belonged in Risk Group A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.5. Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.6. The Organization of This Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

CHAPTER TWO

Risk Analysis for CDCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.2. Review of Existing Tools and Data Sources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.3. Development of a Risk Analysis Tool for CDCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

2.3.1. Design Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.3.2. Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2.3.3. Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

2.4. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

CHAPTER THREE

Estimating the Facility Population . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 3.1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

3.1.1. Interpretation of the Covered Population . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 3.1.2. Prior Population Estimates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

3.2. Data Sources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 3.2.1. The MISLE Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 3.2.2. Insufficiency of MSRAM Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 3.2.3. EPA’s RMP Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 3.2.4. EPA’s TRI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 3.2.5. Facility-Level Data Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 3.2.6. Supplementary Interviews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

3.3. Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 3.3.1. Facility Matching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 3.3.2. Lower-Bound Estimation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 3.3.3. Upper-Bound Estimation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

3.4. Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 3.4.1. The Data Sources Had Some Overlap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 3.4.2. Supergroups Distinguish Facilities with CDCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

x

3.4.3. Between 471 and 711 Facilities Handled CDCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 3.4.4. The Original Risk Group A Did Not Properly Classify Facilities Handling CDCs . . . . . . . . . . . . . . . . . 36 3.4.5. Six Substances Account for Half of All Reports of CDCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 3.4.6. Many Facilities Handle Multiple CDCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

3.5. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

CHAPTER FOUR

Developing the Facility Risk Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 4.1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 4.2. MSRAM Has Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 4.3. Facility Risk Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

4.3.1. The Risk Engine in the CFATS Program Risk Tiering Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 4.3.2. Development of a Facility Risk Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

4.4. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

CHAPTER FIVE

A Cost–Benefit Analysis of the Reader Rule Delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 5.1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

5.1.1. The Rationale for Break-Even Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 5.1.2. Data Sources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

5.2. Estimation of Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 5.2.1. TWIC Capital Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 5.2.2. Maintenance Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 5.2.3. Operational Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 5.2.4. Additional Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 5.2.5. Government Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 5.2.6. Summary of Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

5.3. Estimation of Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 5.3.1. Limitations to Quantifying Benefits in a Comprehensive Way . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 5.3.2. Monetizing Averted Losses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 5.3.3. Consequence and Facility Typology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 5.3.4. Discussion of Regulatory Options Based on Facility Typology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

5.4. The Break-Even Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 5.5. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

CHAPTER SIX

Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 6.1. Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 6.2. Data Sources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 6.3. Approaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

6.3.1. Risk Analysis for CDCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 6.3.2. Facility Population Estimation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 6.3.3. A Facility Risk Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 6.3.4. A Cost–Benefit Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

6.4. Key Findings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 6.5. Implementation Will Be an Ongoing Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Contents

xi

APPENDIXES

A. A Review of TWIC-Relevant Regulations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 A.1. Origins of the TWIC Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 A.2. The History of TWIC Rulemaking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 A.3. Determining Which Facilities Belong in Risk Group A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 A.4. Cost–Benefit Analyses of the TWIC Reader Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 A.5. Definition of Key Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

B. CDCs Authorized to Be Transported by Vessels in Bulk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 C. Processing of PAD in the ERG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 D. Processing of USCG NRC Incident Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 E. Processing of EPA RMP Facility Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 F. The Facility Survey Instrument . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

F.1. Introduction and Consent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 F.2. Section I: Facility Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 F.3. Section II: CDC Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 F.4. Section III: TWIC-Related Security Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 F.5. Section IV: Cost Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

G. Company Interviews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 G.1. Interview Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 G.2. Selecting Companies for Interviews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 G.3. The Facility Population . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 G.4. Interviews and Participants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 G.5. Interview Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 G.6. Key Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 G.7. Company Concerns About the Final Reader Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

H. Analysis of the MSRAM Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 H.1. Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 H.2. Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 H.3. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

I. Incorporating LandScan USA Population Data into a Simplified Model to Estimate Facility Consequences. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

I.1. The LandScan USA Population Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 I.2. Representative Population Density and Its Use for a Simplified Model to Estimate Facility

Consequences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 J. Creating a Synthetic Data Set for Analysis of Consequence Distributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

xiii

Figures and Tables

Figures

1.1. An Overview of Our Study Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.1. Distributions of NFPA Health, Flammability, and Instability Hazard Ratings . . . . . . . . . . . . . . . . . . . . . . . 17 2.2. Distributions of Scaled PAD and Number of Incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 2.3. Ranked Composite Risk Score for CDCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.1. Comparison of Lower- and Upper-Bound Population Estimation Methods . . . . . . . . . . . . . . . . . . . . . . . . . . 33 3.2. MTSA-Regulated Facilities with Potential CDC Information, by Data Source . . . . . . . . . . . . . . . . . . . . . . . 34 3.3. MTSA-Regulated Facilities Handling CDCs, by Data Source Reporting That Cargo . . . . . . . . . . . . . . . 35 3.4. Number of Facilities Reporting Each CDC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 4.1. Modeling Approaches Used in the CFATS Risk Engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 4.2. Distribution of the Number of CDCs That Individual Facilities Reported to EPA Programs . . . . . . 48 4.3. Distribution of CDCs That Accounted for the Maximum Consequences for 386 Facilities . . . . . . . . 55 5.1. Maximum Consequence Estimates for 386 Facilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 C.1. Processing Steps for Determining PAD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 E.1. Our Data Processing Procedure for the EPA RMP Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 I.1. Illustration of LandScan USA Data Where Average Population Density Can Be Calculated

for Circular Buffers of Varying Radii . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 I.2. Empirical Relationship for Fatality-Weighted Area as a Function of Quantity for Chlorine . . . . . 134 I.3. Comparison of Consequence Estimates from the CFATS Risk Engine and the Simplified

Model with the Average Population Density Determined by a 2-Mile Buffer for All CDCs Handled at 386 Facilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Tables

2.1. Metrics in and Descriptions of the Three Candidate Risk Analysis Tools for CDCs . . . . . . . . . . . . . . . . 13 2.2. Pros and Cons Associated with the Three Candidate Risk Analysis Tools for CDCs . . . . . . . . . . . . . . . . 14 2.3. The Values for the Five Metrics of Our Risk Analysis Tool for Each of the CDCs . . . . . . . . . . . . . . . . . . . 15 3.1. MISLE Data Fields Used for Analytic Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 3.2. CDCs Regulated by the RMP and TRI Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 3.3. Supergroup Definitions for MTSA-Regulated Facilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 3.4. Description of Facilities Covered by Supplementary Company Interviews . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 3.5. Categorizing Facilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 3.6. Data Source Coverage, by Supergroup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 3.7. Facilities Reporting Handling at Least One CDC, by Primary MISLE Subtype and Original

Risk Group Designation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 3.8. Number of CDCs Reported, by Facility Supergroup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 4.1. Distributions of Death and Injury Consequence Scores, in Number of Fatalities, for Attack

Scenarios in MSRAM Data, Grouped by Target Class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 4.2. Median Consequence, in Number of Fatalities, Given by the CFATS Risk Engine for Each

Combination of Categories of Toxic CDC Quantity, Representative Population Density, and NFPA Hazard Rating for 1,544 Facility–CDC Combinations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

4.3. Median Consequence, in Number of Fatalities, Given by the CFATS Risk Engine for Each Combination of Categories of Flammable CDC Quantity, Representative Population Density, and NFPA Hazard Rating for 1,544 Facility–CDC Combinations . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

xiv

4.4. Sample Size for Each Combination of Categories of Toxic CDC Quantity, Representative Population Density, and NFPA Hazard Rating for 1,544 Facility–CDC Combinations . . . . . . . . . . . . . 52

4.5. Sample Size for Each Combination of Categories of Flammable CDC Quantity, Representative Population Density, and NFPA Hazard Rating for 1,544 Facility–CDC Combinations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

4.6. Median Facility Maximum Consequence, in Number of Fatalities, Given by the CFATS Risk Engine for Each Combination of Categories of Toxic CDC Quantity, Representative Population Density, and NFPA Hazard Rating for 386 Facilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

4.7. Median Facility Maximum Consequence, in Number of Fatalities, Given by the CFATS Risk Engine for Each Combination of Categories of Flammable CDC Quantity, Representative Population Density, and NFPA Hazard Rating for 386 Facilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

4.8. Sample Size for Each Combination of Categories of Toxic CDC Quantity, Representative Population Density, and NFPA Hazard Rating for 386 Facilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

4.9. Sample Size for Each Combination of Categories of Flammable CDC Quantity, Representative Population Density, and NFPA Hazard Rating for 386 Facilities . . . . . . . . . . . . . . . . . . . . . 54

4.10. Median Facility Maximum Consequence, in Number of Fatalities, Given by the CFATS Risk Engine for Each Combination of Categories of CDC Quantity, Representative Population Density, and Toxic Versus Flammable CDCs for 386 Facilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

4.11. Sample Size for Each Combination of Categories of CDC Quantity, Representative Population Density, and Toxic Versus Flammable CDCs for 386 Facilities . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

4.12. Median Facility Maximum Consequence, in Number of Fatalities, Given by the CFATS Risk Engine for Each Combination of Categories of CDC Quantity and Representative Population Density for 386 Facilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

4.13. Sample Size for Each Combination of Categories of CDC Quantity and Representative Population Density for 386 Facilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

5.1. Compliance Costs of the Reader Rule Delay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 5.2. Total Costs for 471 Facilities That Handled Bulk CDCs, in Millions of 2020 Dollars, Using a

7-Percent Discount Rate, Lower-Bound Estimate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 5.3. Total Costs for 711 Facilities That Handled Bulk CDCs, in Millions of 2020 Dollars, Using a

7-Percent Discount Rate, Upper-Bound Estimate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 5.4. Median Facility Maximum Consequence, in Number of Fatalities, with Notional Regulatory

Option 1 for 386 Facilities Matched to EPA Databases with Quantity Information . . . . . . . . . . . . . . . . . 70 5.5. Corresponding Sample Size with Notional Regulatory Option 1 for 386 Facilities Matched

to EPA Databases with Quantity Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 5.6. Median Facility Maximum Consequence, in Number of Fatalities, with Notional Regulatory

Option 2 for 386 Facilities Matched to EPA Databases with Quantity Information . . . . . . . . . . . . . . . . . 71 5.7. Corresponding Sample Size with Notional Regulatory Option 2 for 386 Facilities Matched

to EPA Databases with Quantity Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 5.8. Break-Even Analysis, by the Final Reader Rule as Written and Notional Regulatory Option . . . . . . 72 5.9. Potential Policy Trade-Offs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 A.1. MTSA Risk Group Categories as Defined in 2009 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 A.2. Definitions Related to Maritime Facilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 B.1. CDCs Authorized to Be Carried by Maritime Vessels in Bulk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 C.1. PADs and NFPA Health, Flammability, and Instability Hazard Ratings for CDCs . . . . . . . . . . . . . . . . . . 97 D.1. Numbers of Incidents, Fatalities, and Injured for CDCs for 2011–2020 NRC Data with a

Maritime Nexus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 G.1. Types of Facilities Operated by the Represented Companies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 G.2. CDCs Identified, by Number of Facilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 H.1. Target Classes and the Corresponding Numbers of Unique Targets in the MSRAM Data . . . . . . . 124

Figures and Tables

xv

H.2. Distributions of Death and Injury Consequence Scores, in Number of Fatalities, for Attack Scenarios in the MSRAM Data, Grouped by Target Class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

H.3. Distributions of Economic Consequence Scores, in Millions of Dollars, for Attack Scenarios in the MSRAM Data, Grouped by Target Class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

H.4. Distributions of Environmental Consequence Scores, in Number of Barrels of Oil Spilled on or Near Water, for Attack Scenarios in the MSRAM Data, Grouped by Target Class . . . . . . . . . . . . . . 128

I.1. HIFLD Citations for LandScan Population Data, as of February 17, 2022. . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 I.2. Performance Measures of the Simplified Model for Different Buffer Sizes Used to

Calculate the Average Population Density . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 J.1. Median Consequence, in Number of Fatalities, Given by the Simplified Model for Each

Combination of Categories of Toxic CDC Quantity, Representative Population Density, and NFPA Hazard Rating for the Synthetic Data Set with 82,990 Cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

J.2. Median Consequence, in Number of Fatalities, Given by the Simplified Model for Each Combination of Categories of Flammable CDC Quantity, Representative Population Density, and NFPA Hazard Rating for the Synthetic Data Set with 82,990 Cases . . . . . . . . . . . . . . . . . . . 141

J.3. Sample Size for Each Combination of Categories of Toxic CDC Quantity, Representative Population Density, and NFPA Hazard Rating for the Synthetic Data Set with 82,990 Cases . . . . . 141

J.4. Sample Size for Each Combination of Categories of Flammable CDC Quantity, Representative Population Density, and NFPA Hazard Rating for the Synthetic Data Set with 82,990 Cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

1

CHAPTER ONE

Introduction

1.1. The Motivation for This Study

The Transportation Worker Identification Credential (TWIC) program was established in December 2001 as part of post-9/11 legislation designed to increase maritime security (Williams et al., 2020). The program, jointly administered by the U.S. Coast Guard (USCG) and the Transportation Security Administration (TSA), requires anyone accessing a secure area at a Maritime Transportation Security Act (MTSA)–regulated facil- ity, vessel, or outer continental shelf facility either to have a TWIC or be escorted by someone with a TWIC.1 MTSA requires, before issuance of a TWIC, that a background check and threat analysis be performed on the applicant to determine whether the person poses a risk of causing a transportation security incident (TSI).2

Facilities must maintain access control programs at secure areas to verify each person’s identity, whether they have a business purpose at the facility, and whether they hold a valid TWIC. Until recently, facilities could conduct these checks by inspecting a TWIC visually, without the use of an electronic reader. However, a 2016 USCG regulation, “Transportation Worker Identification Credential (TWIC)—Reader Requirements” (known as the final reader rule), would require any facility that the USCG determines to be of high risk to inspect each TWIC electronically and to use biometrics to verify the holder’s identity. The TWIC contains biometric data designed to ensure that the credential holder is the correct person with authorized access to secure areas. The reader pilot program was authorized in 2006, and the USCG issued the final reader rule on August 23, 2016.

The final TWIC reader rule was to have been implemented in 2018, but final implementation has been delayed numerous times, in large part because of questions and concerns about which facilities and vessels would be subject to the rule. On March 9, 2020, the USCG issued “TWIC-Reader Requirements; Delay of Effective Date” (the reader rule delay), which delayed the effective date of the final reader rule until May 8, 2023, for facilities that handle certain dangerous cargoes (CDCs) in bulk. The final reader rule delay states that, as of June 8, 2020, the final reader rule applied to all facilities that receive passenger vessels certified to carry 1,000 passengers or more and one large U.S.-flagged passenger vessel. However, three categories of facilities were exempted from the rule for three years:

• facilities that handle CDCs in bulk but do not transfer these cargoes to or from a vessel • facilities that handle CDCs in bulk and do transfer these cargoes to or from a vessel

1 Secure area is defined in Title 33 of the Code of Federal Regulations (C.F.R.) § 101.105 as “the area on board a vessel or at a facility or outer continental shelf facility over which the owner/operator has implemented security measures for access control in accordance with a Coast Guard approved security plan.” 2 Per Public Law 107-295, § 70101, a TSI is “a security incident resulting in a significant loss of life, environmental damage, transportation system disruption, or economic disruption in a particular area.”

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

2

• facilities that receive vessels carrying CDCs in bulk but do not transfer these bulk cargoes to or from those vessels during the vessel-to-facility interface.3

According to the reader rule delay, of the 525 facilities that would have been under the final reader rule, 370 were affected by the delay.

During the three-year period of the delay, the USCG wanted to reexamine which facilities actually han- dled CDCs in bulk and to determine the correct total facility population subject to the reader rule delay. Fol- lowing a risk-informed analysis, the USCG would like to reestimate the costs and benefits of the TWIC reader rule. Although CDCs generally include many types of explosives, blasting agents, poisonous (by inhalation) gases, oxidizing materials, radioactive materials, and certain other bulk liquids and solids,4 just 43 CDCs are authorized to be transported by maritime vessels in bulk, as determined in a 2020 USCG CDC job aid. Facili- ties that handle these 43 CDCs in bulk are the focus of this report.5

1.2. The Focus of This Study

The USCG asked the Homeland Security Operational Analysis Center (HSOAC), a federally funded research and development center operated by the RAND Corporation for the U.S. Department of Homeland Security (DHS), to conduct a risk-informed analysis of TWIC reader requirements. The specific research questions were

• How many facilities are subject to the reader rule delay? • Is the final reader rule cost-effective for those facilities?

Our analysis consisted of three main parts to address the research questions:

• First, because a single comprehensive data source with the requisite information does not exist, we col- lected and collated facility-level information from multiple data sources to estimate the population of maritime facilities that handled CDCs.

• Second, we implemented a facility risk model based on the objective, transparent risk assessment meth- odology of the Cybersecurity and Infrastructure Security (CISA) Chemical Facility Anti-Terrorism Standards (CFATS) risk engine (CISA, 2021) and further operationalized the model (i.e., developed a facility typology) using observable attributes.

• Third, we conducted a cost–benefit analysis—in the form of a break-even analysis—informed by the facility population estimation and the facility risk model.

In addition, we conducted an analysis of the intrinsic (facility-agnostic) risks associated with CDCs to sup- port the above three main study areas.

In Section 1.3, we provide additional background on the TWIC reader rule and discuss the methods used in this analysis.

3 The vessel-to-facility-interface is “the interaction that occurs when a vessel is directly and immediately affected by actions involving the movement of persons, cargo, vessel stores, or the provisions of facility services to or from the vessel” (33 C.F.R. § 101.105). 4 See 33 C.F.R. § 160.202 for the definition of CDC; see also Appendix B of this report. 5 At the time of this writing, the CDC job aid was under revision to provide more guidance and greater clarity to industry and USCG facility inspectors.

Introduction

3

1.3. Background on the TWIC Reader Rule

Here is an overview of the legislative origins of the TWIC program and the history of TWIC rulemaking. For more information, please see Appendix A.

1.3.1. Origins of the TWIC Program The TWIC program has its origins in post-9/11 legislation designed to increase airport and maritime secu- rity. The 2001 Aviation and Transportation Security Act (ATSA) established TSA and permitted the agency to require background checks for people with access to secure areas of airports. The 2002 MTSA called for a variety of port security measures, including the issuance of a transportation security card used for access to secure areas. Under MTSA, the TWIC program instituted the requirement for a transportation security card for workers employed in secure areas of maritime facilities (Public Law 107-295, § 701). The Security and Accountability for Every (SAFE) Port Act of 2006 authorized the Secretary of Homeland Security to establish a priority for each U.S. port for the implementation of the TWIC program based on a risk assessment (Public Law 109-347, § 104).

1.3.2. Overview of TWIC Rulemaking The first TWIC rule in 2007 set forth a process for issuing TWICs (Williams et al., 2020). This rule required MTSA-regulated vessels and port facilities to “use . . . TWIC as an access control measure” (Williams et al., 2020, p. 13). However, the rule did not order a particular method of inspecting or validating TWICs.

In 2009, the USCG proposed a rule that would classify TWIC-regulated facilities and vessels into three risk categories (risk groups A, B, and C) based on three factors:

• the maximum consequence that could result from a terrorist attack • the criticality to the country’s health, economy, and national security • the TWIC program’s utility in reducing risk (USCG, 2009, p. 13363).

Facilities and vessels deemed to be at highest risk would require electronic inspection of TWICs; those at medium risk would be subject to random electronic inspections; and those at low risk would be exempt from electronic inspection (USCG, 2009, p. 13366).

1.3.2.1. The Reader Rule In 2013, the USCG proposed limiting reader rule requirements to the highest-risk group (risk group  A), which consisted of facilities that handled CDCs in bulk and facilities accepting vessels that carried at least 1,000 passengers. Other MTSA-regulated facilities (classified as either risk group B or C) would be subject to only visual inspection of TWICs (USCG, 2013). This proposed rule was based, in part, on public comments from risk group B operators about the costs of implementing the TWIC requirements, as well as the USCG’s own preliminary regulatory impact analysis, which estimated a $26.5 million annualized cost to include only risk group A operators but an annualized cost of $141.2 million if group B were included (Office of Standards Evaluation and Development [CG-REG], 2013).

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

4

The USCG published its final reader rule in August 2016. This rule kept the risk group A requirement in place and eliminated the distinction between risk groups B and C for both vessels and facilities. The effective date of the final reader rule was intended to be August 23, 2018 (USCG, 2016, p. 57652).6

1.3.2.2. Delays in Implementing TWIC Reader Requirements The reader rule did not go into effect as planned. On June 22, 2018, the USCG issued a notice delaying for three years the effective date for certain risk group A facilities (USCG, 2018b):

1. facilities that handle CDCs in bulk but do not transfer them to or from a vessel 2. facilities that receive vessels carrying CDCs in bulk but do not transfer them to the facility during the

vessel-to-facility interface.

The delay was intended to give the USCG more time to consider industry input on the scope of the final reader rule and to review the methodology used to determine how facilities were classified into their respec- tive risk groups.

In 2020, this delay was extended to May 2023, and a third class of risk group A facilities was made sub- ject to the delay: those facilities that transfer CDCs during the vessel-to-facility interface (USCG, 2020). The USCG estimated that this delay would affect 370 of the 525 risk group A facilities subject to the final reader rule (USCG, 2020, p. 13493). Passenger facilities receiving vessels carrying at least 1,000 passengers were esti- mated to make up the remaining 155 group A facilities; such facilities were not subject to the reader rule delay and needed to comply with the rule by June 8, 2020.7

1.4. Determining Which Facilities Belonged in Risk Group A

A contentious issue between the USCG and the maritime industry is which facilities are to be considered part of risk group A and, specifically, whether a facility would be considered a “CDC facility” (i.e., part of risk group A) if it handled CDCs in a nonmaritime capacity.8 Many public comments pointed to a policy docu- ment, based on 33 C.F.R. § 105.295, that defined the term CDC facility to mean where “a vessel-to-facility interface must occur, or be capable of occurring, and involve the transfer of CDC in bulk” (MTSA/Interna- tional Ship and Port Security Policy Advisory Council, 2004). It also stated that a facility that received CDCs from certain entities, such as rail cars or tanker trucks, would not be considered a CDC facility.

This definition contrasted with the phrase “facilities that handle Certain Dangerous Cargo in bulk” used in the 2016 final reader rule, which stated that facilities that stored CDCs on their premises or received them from nonmaritime sources would be classified as risk group  A. The USCG stated that the 2016 reader rule definition is the one that would be applied once facilities have to comply with the final reader rule (USCG, 2020). This is the current state of the TWIC reader requirements that this report addresses.

6 A non–outer continental shelf (OCS) facility has some discretion in determining its MTSA-regulated footprint by declaring portions of itself as nonmaritime transportation portions. This could affect the designation of a risk group A facility if CDCs are stored or handled in the nonmaritime transportation portion. The process to request a redefinition of a facility security plan (FSP) is outlined in Commandant, 2007, Chapter 3.4. 7 In addition, one U.S.-flagged vessel must comply with the reader rule. 8 To assist industry in determining what specific commodity is a CDC, the USCG publishes the “Certain Dangerous Cargo (CDC) Job Aid.” This guidance document recognizes that determining which specific commodities are CDCs is a difficult process and uses an analysis of hazardous material (hazmat) derived from the relevant sections of Titles 46 and 49 of the U.S. Code (U.S.C.) to create a list of CDCs based on 33 C.F.R. § 160.202.

Introduction

5

The confusion over the terms “CDC facility” and “facilities that handle CDC in bulk” has implications for the final population of risk group A. In 2020, HSOAC researchers conducted a congressionally mandated assessment of the TWIC program’s risk-mitigation value, finding that the lack of clarity in the definition of CDC could mean that close to 1,000 more facilities could fall under the broad definition of CDC facility and be subject to the requirements of the final reader rule than the USCG originally estimated (Williams et al., 2020). The same HSOAC researchers found that the previous USCG report likely underestimated the costs of the rule and overstated the potential benefits.

1.5. Methodology

For this study, our overall methodology emphasized transparency and defensibility to support rulemaking. To that end, we

• used only unclassified and nonproprietary data • applied consistent, reproducible approaches • clearly documented the formulations, assumptions, and limitations of our approaches.

We required two types of information to complete our analysis:

• chemical-specific information on the inherent properties and risks of the CDCs being analyzed • facility-specific information on CDC type and quantity, plus other relevant information for under-

standing the probable effects of a TSI.

No single source covered all the desired information. We therefore considered diverse, numerous data sources for this study (with citations provided in those discussions), including the following:

• the Marine Information for Safety and Law Enforcement (MISLE) database • a subset of the Maritime Security Risk Analysis Model (MSRAM) database • the U.S. Environmental Protection Agency’s (EPA’s) Risk Management Plan (RMP) database • EPA’s Toxics Release Inventory (TRI) database • the USCG’s National Response Center (NRC) database • the LandScan USA population database • EPA and the National Oceanic and Atmospheric Administration’s (NOAA’s) Computer-Aided Manage-

ment of Emergency Operations (CAMEO) Chemicals database • the U.S. Department of Transportation’s (DOT’s) Emergency Response Guidebook (ERG) • the Federal Emergency Management Agency’s (FEMA) Port Security Grant Program database • the facility-level online survey • company-level interviews • facility-level interviews conducted in a previous HSOAC study.

Because a single comprehensive data source with the requisite information does not exist, we developed a comprehensive estimation approach for the population of facilities that are subject to the reader rule delay by leveraging many of the above data sources. We used other data sources for the facility risk model and the cost–benefit analysis.

In addition to considering the above data sources, we were deliberate in ensuring that our approaches for facility population estimation, risk assessment, and cost–benefit were transparent, objective, and repro-

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

6

ducible. This is particularly the case for the facility risk model for which we leveraged the well-known and well-documented CFATS risk engine, thus harmonizing the consequence assessment approaches for TWIC and CFATS, two DHS programs that are related to chemical security.9 Finally, although we aimed for techni- cal comprehensiveness, we strived to take a balanced approach by ensuring that our risk-informed analysis was practical for both making and implementing the rule. We also used the same balanced approach for the intrinsic (i.e., facility-agnostic) CDC risk analysis to provide background information about the properties of and a generic way to characterize CDCs. Figure 1.1 summarizes our methodology with details that we describe further in the remainder of the report.

1.6. The Organization of This Report

The remainder of this report is organized into five chapters. Chapter Two describes an analysis of the intrin- sic risks associated with CDCs authorized to be transported in bulk. The knowledge gained from this analysis was further used in subsequent analyses. Chapter Three describes our approach to estimating the population of facilities that handle CDCs in bulk. Chapter Four describes the development of a facility risk model. Chap- ter Five describes the cost–benefit analysis—in the form of break-even analysis—for facilities that are subject to the reader rule delay. Chapter Six provides our overall conclusions.

This report also contains ten appendixes to provide more in-depth discussions of various topics. Appen- dix A provides a detailed review of TWIC-relevant regulations. Appendix B provides detailed information about the 43 CDCs—authorized to be transported by vessels in bulk—that are the focus of this study. Appen- dix C describes the retrieval of the protective action distance (PAD) from DOT’s ERG. Appendix D describes the processing of the USCG NRC incident data. Appendix E describes the processing of the EPA RMP data. Appendix F reproduces the facility-level online survey instrument that we used. Appendix G describes the company-level interviews that we conducted. Appendix H describes the analysis of the MSRAM data that we received. Appendix I describes how we processed and used the LandScan USA population database. Finally, Appendix J describes the creation of a synthetic data set to better understand the dependence of estimated consequences on some observable attributes.

9 The TWIC program also applies to nonchemical facilities, such as ferry and cruise terminals.

Introduction

7

FIGURE 1.1

An Overview of Our Study Methodology

Cost–benefit analysis of the reader rule delay • From all the data sources, collect information about various cost

components associated with TWIC reader requirements. • Estimate benefits (i.e., consequences avoided) based on the

facility risk model. • Conduct a cost–benefit (break-even) analysis for lower- and

upper-bound facility population estimates and for notional subsets for a more-targeted approach.

• Discuss pros and cons for the proposed TWIC reader rule and more-targeted options.

Facility population estimation • Leverage multiple data sources (e.g., MISLE,

RMP, TRI, survey, interviews). • Match facilities across data sources to identify

facilities that handle CDCs, and, if possible, determine quantities.

• Develop a lower-bound population estimate based on facilities known to handle CDCs.

• Develop an upper-bound population estimate by reasonable extrapolation based on mutually exclusive facility supergroups.

Facility risk model • Characterize risk (consequence) for those

facilities that have detailed CDC information (i.e., type and quantity) using transparent, objective methodologies.

• Identify observable attributes that can be used as proxies for consequence.

• Develop a facility typology (i.e., ways to group facilities) using observable attributes to facilitate rulemaking and implementation.

NOTE: The facility population estimation, facility risk model, and cost–benefit analysis formed the main components of the study, whereas the CDC risk analysis provided background information about CDCs.

Facility-agnostic CDC risk analysis • Review various tools, data sources, and guidance documents. • Define desirable design requirements for the CDC risk analysis tool. • Identify suitable metrics that characterize intrinsic CDC risk. • Develop composite CDC risk scores by scaling and aggregating metrics. • Characterize CDCs in a generic way (i.e., without facility information).

For background: Intrinsic risk associated with CDCs

For the main study: A risk-informed analysis of TWIC reader requirements

9

CHAPTER TWO

Risk Analysis for CDCs

2.1. Introduction

The CDCs handled at MTSA-regulated facilities create a wide variety of hazards (e.g., toxic, flammable, explosive), necessitate multiple types of storage conditions (e.g., refrigerated, pressurized), and have many intended uses (e.g., chemical process, refrigeration). Their health effects also depend on their vastly differ- ent properties (e.g., molecular weight, toxicity limits, vapor pressure, flash point temperature, heat of com- bustion). Therefore, before conducting a risk-informed analysis of TWIC reader requirements for regulated facilities—which was the focus of this study—it would be beneficial to first analyze the intrinsic (i.e., facility- agnostic) risks associated with CDCs (see Figure  1.1 for an illustration of our process). Our goal was to develop a simple, transparent, reproducible tool for CDC risk analysis suitable for a maritime environ- ment. The tool characterized CDCs in a generic way without facility information or the need for modeling. Moreover, the process through which the tool was developed shed light on basic properties about CDCs.

The USCG CDC job aid describes 466 commodities that meet the CDC definition found in 33 C.F.R. § 160.202. However, the focus of our analysis were the 43 CDCs authorized to be transported by vessels in bulk (Commandant, 2020c):

• 1-pentene (n-amylene) • acetaldehyde • acetone cyanohydrin, stabilized • allyl alcohol • ammonia, anhydrous • ammonium nitrate with not more than 0.2 percent total combustible material, including any organic

substance, calculated as carbon to the exclusion of any other added substance • ammonium nitrate–based fertilizer • butadienes, stabilized, or butadienes and hydrocarbon mixture, stabilized and containing more than

40 percent butadienes • butane • butylene • chlorine • chlorosulfonic acid (with or without sulfur trioxide) • crotonaldehyde or crotonaldehyde, stabilized • cyclopentene • diethyl ether or ethyl ether • dimethyl ether • dimethylamine, anhydrous • dipentene • ethane, refrigerated liquid

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

10

• ethyl chloride • ethylene, refrigerated liquid (cryogenic liquid) • ethylene chlorohydrin • ethylene dibromide • ethylene oxide and propylene oxide mixtures with not more than 30 percent ethylene oxide • ethylene oxide or ethylene oxide with nitrogen up to a total pressure of 1 megapascal (MPa) (10 bar) at

50 degrees Celsius • isopentenes • isoprene, stabilized • isopropylamine • methacrylonitrile, stabilized • methane, refrigerated liquid (cryogenic liquid), or natural gas, refrigerated liquid (cryogenic liquid) with

high methane content • methyl acetylene and propadiene mixtures, stabilized • methyl bromide • methyl chloride or refrigerant gas R 40 • mixed C4 (a hydrocarbon with four carbon atoms) cargoes • pentanes • propane • propylene • propylene oxide • sulfur dioxide • sulfuric acid, fuming with 30 percent or more free sulfur trioxide • vinyl chloride, stabilized • vinyl ethyl ether, stabilized • vinylidene chloride, stabilized.

Appendix B provides additional information, including the corresponding United Nations (UN) identifica- tion (ID) number, the Chemical Abstracts Service (CAS) number (EPA, undated c; National Institutes of Health [NIH], undated), and the Chemical Hazards Response Information System (CHRIS) (USCG, 1999) code for each CDC.

From a chemical process safety viewpoint, risks depend on the likelihood of an event and the correspond- ing consequence (see, e.g., Center for Chemical Process Safety [CCPS], 2000, and CCPS, 2007). Instead of conducting a formal quantitative risk assessment, we aimed to develop a simple tool that includes proxies for likelihood and consequence by leveraging existing risk assessment tools (or methodologies) and data sources as much as possible.

In the rest of this chapter, we discuss existing tools and data sources and the development (i.e., design fundamentals, implementation, and results) of the CDC risk analysis tool.

2.2. Review of Existing Tools and Data Sources

Many risk assessment tools have been developed for different purposes. Here are a few examples:

• DHS’s Chemical Security Analysis Center (CSAC) used a chemical selection tool to determine the focus chemical for a major field experiment (McMasters, 2020).

Risk Analysis for CDCs

11

• Taxell et al. developed a comprehensive methodology for prioritizing toxic industrial chemicals for a national risk analysis (Taxell et al., 2013).

• The USCG’s MSRAM “is a terrorism risk management tool and supporting process” for “USCG analysts in each major port enabling them to perform a detailed risk analysis for all of the significant targets operating within their area of responsibility across a spectrum of attack modes” (USCG, 2018a).

• CISA’s CFATS risk tiering methodology uses a comprehensive process that involves rigorous risk calcu- lations to identify high-risk chemical facilities and assign them to one of four tiers or determine them to be untiered (CISA, undated a). Each tiered facility is then required to prepare and submit a security vulnerability assessment and either a site security plan or alternative security program.

• EPA developed systematic guidance for offsite consequence analysis for RMPs (EPA, 2009).

Although each of these tools or methodologies involves some sort of risk analysis, the first two (i.e., McMasters, 2020, and Taxell et al., 2013) are probably most relevant to an intrinsic CDC risk analysis.1

Databases abound for data that could be used as proxies for likelihood and consequence. For example, a higher toxicity limit is a proxy for a higher consequence, and a larger number of incidents is a proxy for a higher likelihood. We reviewed various chemical property and incident databases, including the following:

• EPA and NOAA’s CAMEO Chemicals database (Office of Response and Restoration, undated) • the U.S. Department of Health and Human Services’ National Institute for Occupational Safety and

Health (NIOSH) Pocket Guide to Chemical Hazards (NIOSH, 2007) • the USCG’s CHRIS manual (USCG, 1999) • NIH’s PubChem database (NIH, undated) • the USCG’s NRC incident database (NRC, undated).

Finally, in addition to the tools and data sources discussed above, we reviewed these guidance documents:2

• DOT’s ERG, a resource that first responders routinely use when responding to a chemical incident • the National Fire Protection Association’s (NFPA’s) 704  Standard System for the Identification of the

Hazards of Materials for Emergency Response (NFPA, 2017), a prevailing industry standard for labeling hazardous chemicals.

2.3. Development of a Risk Analysis Tool for CDCs

In this section, we describe (1) design fundamentals (i.e., what metrics should be included); (2) implementa- tion (i.e., how metrics should be obtained, scaled, and aggregated); and (3) results (i.e., in terms of a composite CDC risk score) of the CDC risk analysis tool.

1 However, the remaining three tools (i.e., USCG, 2018a; CISA, undated a; and EPA, 2009) are more relevant to the facility risk model described in Chapter Four. 2 The CAMEO Chemicals database (Office of Response and Restoration, undated) and the NIOSH pocket guide (NIOSH, 2007) discussed earlier also include guidance information.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

12

2.3.1. Design Fundamentals The tools, databases, and guidance documents described in Section 2.2, although informative and helpful, do not directly meet the USCG’s needs, so further customization and development are necessary. We considered these four requirements when developing a CDC risk analysis tool:

• As previously described, the CDC risk analysis tool should be transparent, reproducible, and suitable for the USCG’s purposes. So, for example, although toxicity and flammability are important, carcinogenic- ity (mentioned in Taxell et al., 2013) is less relevant.

• The tool should balance simplicity and complexity. For example, a tool that involves too many metrics might be cumbersome to operationalize. On the other hand, a tool that involves too few metrics might yield too few distinctions among CDCs.

• The tool should use metrics that are readily available and meaningful. For example, a metric can be useful, but its values might not be available for every CDC, thus making it impractical. Also, a metric can be useful and available but lack values that vary across most CDCs of interest, thus making it not meaningful.

• The tool should minimize the use of arbitrary assumptions to the extent possible.

With these requirements and the review that we conducted, we identified three candidate tools for addi- tional consideration:

• the DHS CSAC chemical selection tool (McMasters, 2020) • Taxell and colleagues’ toxic industrial chemical prioritization scheme (Taxell et al., 2013) • the NFPA 704 standard (NFPA, 2017), which, strictly speaking, is not a tool but does include impor-

tant data that can be used as proxies (i.e., health, flammability, and instability hazard ratings in lieu of detailed CDC properties).

Consistently with a classical risk analysis for chemical process safety (e.g., CCPS, 2000, and CCPS, 2007), most metrics included in these tools fall into two general categories: likelihood and consequence (e.g., deaths and injuries, property damage) of an accident. As previously stated, none of the tools is completely suitable, and each has pros and cons. Table 2.1 describes the metrics included in each tool. All three tools require scal- ing or normalization to yield useful comparisons across CDCs.

We carefully reviewed the pros and cons of each candidate tool based on the metrics and additional descriptions listed in Table 2.1. Table 2.2 summarizes our findings.

Considering (1) the design requirements of a CDC risk analysis tool; (2) the contents, pros, and cons of the three candidate tools; and (3) the totality of all the data sources reviewed thus far, we determined that the CDC risk analysis tool should include these five metrics:

• NFPA 704 health hazard rating (NFPA, 2017): This is an indicator (see Table 2.1) of a material’s capa- bility to cause personal injury due to contact with or entry into the body via inhalation, skin contact, eye contact, or ingestion. It is based primarily on acute toxicity.

• NFPA 704 flammability hazard rating (NFPA, 2017): This is an indicator (see Table 2.1) of a mate- rial’s susceptibility to burning. It considers both the form or condition of the material and its inherent properties.

• NFPA 704 instability hazard rating (NFPA, 2017): This is an indicator (see Table 2.1) of a material’s susceptibility to reaction with ambient air, light, or both and the degree of the material’s intrinsic sus- ceptibility to release energy by self-reaction or polymerization. It includes both the ability to form haz- ardous peroxides and the ability to generate sufficient release of energy to cause a hazard.

Risk Analysis for CDCs

13

TABLE 2.1

Metrics in and Descriptions of the Three Candidate Risk Analysis Tools for CDCs

Tool Number

of Metrics Metric Additional Description Source

DHS CSAC chemical selection tool

8 • AEGL 3 (i.e., toxicity) • ERG initial isolation distance • Transportation amounts by rail,

highway, and waterway • Number of accidents (past 5 years) • Number of injured (past 5 years) • Cost of property damage from

accidents (past 5 years) • Vapor pressure (i.e., volatility) • NFPA flammability hazard rating

• Some metrics are adjusted (e.g., taking the logarithm).

• All metrics are normalized (i.e., by minimum and maximum).

• A chemical’s score is the weighted sum of adjusted or normalized metrics.

• The score is further transformed to a selection probability using the beta distribution.

McMasters, 2020

Chemical prioritization scheme

16, in 3 groups

• Health hazards Ȥ Acute toxicity (inhalation, dermal, oral) Ȥ Corrosion Ȥ Irritation Ȥ Sensitization Ȥ Carcinogenicity Ȥ Mutagenicity Ȥ Reproductive toxicity

• Environmental hazards Ȥ Toxicity to aquatic organisms Ȥ Instability (e.g., detonation) Ȥ Flammability Ȥ Reactivity with water

• Probability scoring Ȥ Quantity Ȥ Number of accidents (past 30 years) Ȥ Vapor pressure (i.e., volatility) Ȥ Water solubility (i.e., ability to spread in water)

• Octanol–water partition coefficient (i.e., ability to accumulate in living organisms)

• Each metric is assigned a score between 0 and 10.

• The overall score equals the highest hazard score (from health and environmental hazard scores) times the probability score (the sum of [1] the highest of the quantity or accident scores and [2] the highest of the physical and chemical property scores).

Taxell et al., 2013

NFPA 704 standard system

4 • Health hazard rating (0–4) Ȥ 4: Deadly Ȥ 3: Extreme danger Ȥ 2: Hazardous Ȥ 1: Slightly hazardous Ȥ 0: Normal material

• Flammability hazard rating (0–4) Ȥ 4: Burn readily under ambient conditions

Ȥ 3: Ignite under ambient conditions Ȥ 2: Ignite when moderately heated Ȥ 1: Ignite when preheated Ȥ 0: Will not burn

• Instability hazard rating (0–4) Ȥ 4: May detonate Ȥ 3: Shock and heat may detonate Ȥ 2: Violent chemical change Ȥ 1: Unstable if heated Ȥ 0: Stable

• Specific hazards Ȥ Oxidizer Ȥ Acid Ȥ Alkali Ȥ Corrosive Ȥ Use no water

• Radiation hazard

• NFPA ratings mainly convert numerical physical properties (e.g., LC50, LD50, flash point, boiling point) to categories (0–4).

• The system is not a ranking methodology by itself.

NFPA, 2017

NOTE: AEGL = acute exposure guideline level. Level 3, the most severe, is assigned to a concentration level that could lead to life-threatening health effects or death (EPA, undated a). LC = lethal concentration. LC50 is the median lethal concentration. LD = lethal dose. LD50 = the median lethal dose.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

14

• DOT ERG PAD3 (Brown, Freeman, and Haney, 2017): This is the recommended standoff distance within which protection activities (e.g., evacuation, sheltering in place) might be necessary for respond- ing to a large spill.

• number of incidents with a maritime nexus (i.e., related to the maritime environment) over a rela- tively long period (NRC, undated): This is the number of incidents reported to the NRC. We considered the reported incidents for 2011 through 2020.

The first four metrics are considered proxies for consequence and the last one a proxy for likelihood. The data for all five metrics are publicly available. We considered including the numbers of fatalities and injured available in the NRC data. However, we concluded that these metrics were not meaningful because their values were 0 for most CDCs.

Note that the NFPA hazard ratings are ordinal scales (between 0 and 4), whereas the PAD and the number of incidents are ratio scales (Stevens, 1946). So, for example, an NFPA rating of 4 does not mean that it is twice as severe as an NFPA rating of 2, but a PAD of 4 miles is twice a PAD of 2 miles.

2.3.2. Implementation Once the relevant metrics for the CDC risk analysis tool had been selected, the next step was to develop the tool, a process that involves (1) acquiring the necessary data for the metrics and (2) scaling and aggregating metrics to develop a final risk score.

Table 2.3 lists the values of the five metrics for each of the 43 CDCs of interest. Additional information on the NFPA ratings can be found in Table 2.1 and NFPA, 2017. Appendix C includes the NFPA values, retrieved from EPA and NOAA’s CAMEO Chemicals database (Office of Response and Restoration, undated), for CDCs authorized to be transported by vessels in bulk. Appendix C further describes the procedure to retrieve the PAD (see the ERG; see also Brown, Freeman, and Haney, 2017) for each CDC. Appendix D describes how

3 The DHS CSAC chemical selection tool uses the initial isolation distance rather than the PAD, both of which are in DOT’s ERG. We considered the PAD because the initial isolation distance is a much shorter distance for which protective clothing and respiratory protection are required for first responders, whereas the PAD is a longer distance that is more appropriate for the general public.

TABLE 2.2

Pros and Cons Associated with the Three Candidate Risk Analysis Tools for CDCs

Candidate Tool Pros Cons

DHS CSAC chemical selection tool (McMasters, 2020)

• There are precedents in DHS applications. • Both likelihood and consequence metrics

are included. • The number of metrics considered is about

right.

• Transformations and weighting are arbitrary.

• The final product (a selection probability) is not directly relevant to the study.

Chemical prioritization scheme (Taxell et al., 2013)

• Categories of health and environmental hazards are determined based on well-defined criteria.

• Both likelihood and consequence metrics are included.

• The method of scoring is straightforward.

• The intended scope is too broad (i.e., too many metrics).

• It is not as well-known as the others.

NFPA 704 system (NFPA, 2017)

• Ratings of health, flammability, and instability hazards are based on well-defined criteria.

• It is well-known to industry.

• Data aggregation is not included. • It is overly simplistic (i.e., strictly

dependent on hazards and no consideration of likelihood).

Risk Analysis for CDCs

15

TABLE 2.3

The Values for the Five Metrics of Our Risk Analysis Tool for Each of the CDCs

Proper Shipping Name of CDC

NFPA Hazard Rating PAD, in Miles

Number of IncidentsHealth Flammability Instability

1-Pentene (n-amylene) 1 4 1 0.19 0

Acetaldehyde 2 4 2 0.19 0

Acetone cyanohydrin, stabilized 4 2 2 0.5 0

Allyl alcohol 4 3 1 0.8 1

Ammonia, anhydrous 3 1 0 2.8 49

Ammonium nitrate with not more than 0.2% total combustible material, including any organic substance, calculated as carbon to the exclusion of any other added substance

0 0 3 0.06 0

Ammonium nitrate–based fertilizer 0 0 3 0.06 6

Butadienes, stabilized, or butadienes and hydrocarbon mixture, stabilized and containing more than 40% butadienes

2 4 2 0.5 4

Butane 1 4 0 0.5 7

Butylene 1 4 0 0.5 0

Chlorine 4 0 0 7 14

Chlorosulfonic acid (with or without sulfur trioxide) 4 0 2 0.2 0

Crotonaldehyde or crotonaldehyde, stabilized 4 3 2 0.5 0

Cyclopentene 1 3 1 0.19 0

Diethyl ether or ethyl ether 1 4 1 0.19 0

Dimethyl ether 2 4 1 0.5 0

Dimethylamine, anhydrous 3 4 0 0.5 0

Dipentene 2 2 0 0.19 0

Ethane, refrigerated liquid 1 4 0 0.5 0

Ethyl chloride 2 4 0 0.5 0

Ethylene, refrigerated liquid (cryogenic liquid) 2 4 2 0.5 2

Ethylene chlorohydrin 4 2 0 0.1 0

Ethylene dibromide 3 0 0 0.1 0

Ethylene oxide and propylene oxide mixtures with not more than 30% ethylene oxide

3 4 3 0.5 0

Ethylene oxide or ethylene oxide with nitrogen up to a total pressure of 1 MPa (10 bar) at 50 degrees Celsius

3 4 3 2.1 1

Isopentenes 1 3 0 0.19 0

Isoprene, stabilized 1 4 2 0.19 1

Isopropylamine 3 4 0 0.5 0

Methacrylonitrile, stabilized 4 3 2 1.7 0

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

16

we processed the NRC data (NRC, undated) to get the number of maritime-nexus incidents associated with each CDC for 2011 through 2020.

Before determining how to scale and aggregate metrics, it was necessary to explore their distributions. The NFPA ratings are ordinal scales between 0 and 4. Figure 2.1 shows the distributions of the NFPA health, flammability, and instability hazard ratings for the 43 CDCs authorized to be transported by vessels in bulk. The NFPA health hazard rating is fairly evenly distributed among CDCs; the NFPA flammability hazard rating is skewed toward 4 (i.e., burn readily under ambient conditions); and the NFPA instability hazard rating is skewed toward 0 (i.e., stable).

In contrast to the NFPA ratings, the PAD is measured in distance (with a maximum value of 7 miles), and the number of incidents is a count (with a maximum value of 67). To create commensurable scales across disparate outcomes, a natural choice was to divide the PAD and incident numbers by their respective maxi- mal values and then multiply by 4, so that the scaled values were also between 0 and 4. Figure 2.2 shows the distributions of the scaled PAD and incident numbers. Both are heavily skewed toward the range between 0 and 1, with about 90 percent of CDCs being in that range.

The final step involves scaling and aggregating the five metrics into a composite score. Any scaling and aggregation formulations will be somewhat arbitrary; here, we describe our rationales based on Figures 2.1 and 2.2. We tried to make our model as straightforward as possible without sophisticated operations. First, we used additive, rather than multiplicative, formulation because some metrics were 0. This approach was also consistent with the DHS CSAC chemical selection tool (McMasters, 2020). Second, we wanted to give approximately equal weight to the consequence metrics (i.e., the three NFPA hazard ratings and the scaled PAD) as to the likelihood metric (scaled number of incidents). We did not further scale the NFPA health, flammability, and instability hazard ratings because they collectively had a relatively uniform distribution

Proper Shipping Name of CDC

NFPA Hazard Rating PAD, in Miles

Number of IncidentsHealth Flammability Instability

Methane, refrigerated liquid (cryogenic liquid), or natural gas, refrigerated liquid (cryogenic liquid) with high methane content

3 4 0 0.5 4

Methyl acetylene and propadiene mixtures, stabilized 1 4 3 0.5 0

Methyl bromide 3 1 0 0.5 0

Methyl chloride or refrigerant gas R 40 2 4 0 0.5 0

Mixed C4 cargoes 1 4 0 0.5 0

Pentanes 1 4 0 0.19 1

Propane 2 4 0 0.5 67

Propylene 1 4 1 0.5 3

Propylene oxide 3 4 2 0.19 0

Sulfur dioxide 3 0 0 7 17

Sulfuric acid, fuming with 30% or more free sulfur trioxide 3 0 2 4 35

Vinyl chloride, stabilized 2 4 2 0.5 4

Vinyl ethyl ether, stabilized 2 4 2 0.19 0

Vinylidene chloride, stabilized 4 4 2 0.19 0

NOTE: See Table 2.1 for definitions of the NFPA ratings.

Table 2.3—Continued

Risk Analysis for CDCs

17

between 0 and 4. We used a multiplication factor of 2 for the scaled PAD because most of its values were between 0 and 1. We used a multiplication factor of 6 for the scaled number of incidents because it was the only metric that was a proxy for likelihood and most of its values were between 0 and 1. The composite CDC risk score is then defined as follows:

composite CDC risk score = NFPA health rating + NFPA flammability rating + NFPA instability rating + (2 × scaled PAD) + (6 × scaled number of incidents).

FIGURE 2.1

Distributions of NFPA Health, Flammability, and Instability Hazard Ratings

0 1 2 3 4

N um

b er

o f C

D C

s

Rating

Health

0

5

10

15

20

25

30

0

5

10

15

20

25

30

0

5

10

15

20

25

30

0 1 2 3 4

N um

b er

o f C

D C

s

Rating

Instability

0 1 2 3 4

N um

b er

o f C

D C

s

Rating

Flammability

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

18

We emphasize that, because the composite CDC risk score is a combination of ordinal and ratio scales, a CDC with a risk score of, say, 12 does not mean that it is twice as risky as a CDC with a risk score of 6.

2.3.3. Results Section 2.3.2 described the selection of appropriate metrics for a CDC risk analysis tool and how these met- rics should be obtained, scaled, and aggregated to form a composite CDC risk score. Figure 2.3 shows the ranked composite risk scores for all CDCs authorized to be transported by vessels in bulk.

The CDCs with the five highest composite risk scores are visually separated from the rest. These five CDCs with their composite scores are listed below, which are consistent with our intuition because they are commonly handled by facilities (thus likely to have more accidents) and are either highly toxic or flammable:

• propane (30.6) • anhydrous ammonia (24.8) • fuming sulfuric acid (22.1) • sulfur dioxide (17.1) • chlorine (17.0).

In fact, anhydrous ammonia and chlorine have been the focus of recent DHS Jack Rabbit field experi- ments because of the threats they pose (e.g., Hanna, Chang, and Huq, 2016; Fox et al., 2022).

FIGURE 2.2

Distributions of Scaled PAD and Number of Incidents

[0, 1) [1, 2) [2, 3) [3, 4]

N um

b er

o f C

D C

s

Range of scaled PADs

0

5

10

15

20

25

30

35

40

0

5

10

15

20

25

30

35

40

[0, 1) [1, 2) [2, 3) [3, 4]

N um

b er

o f C

D C

s

Range of scaled numbers of incidents

Risk Analysis for CDCs

19

FIGURE 2.3

Ranked Composite Risk Score for CDCs

NOTE: In the interest of space and legibility, the figure uses abbreviated labels for the CDCs. For the full proper shipping names, please see the list in Section 2.1. Bold indicates being one of the five CDCs with the highest composite scores; the scores for these five are shown on those five bars.

0 5 10 15 20 25 30 35

Propane

Ammonia

Sulfuric acid

Sulfur dioxide

Chlorine

Ethylene oxide, or ethylene oxide with nitrogen

Methacrylonitrile

Ethylene oxide and propylene oxide mixtures

Vinylidene chloride

Butadienes

Vinyl chloride

Crotonaldehyde

Ethylene

Allyl alcohol

Propylene oxide

Methane

Acetone cyanohydrin

Methyl acetylene and propadiene mixtures

Acetaldehyde

Vinyl ethyl ether

Butane

Propylene

Isoprene

Dimethyl ether

Dimethylamine

Isopropylamine

Ethyl chloride

Methyl chloride or refrigerant gas R 40

Chlorosulfonic acid

1-Pentene

Diethyl ether

Ethylene chlorohydrin

Pentanes

Butylene

Ethane

Mixed C4 cargoes

Ammonium nitrate–based fertilizer

Cyclopentene

Methyl bromide

Dipentene

Isopentenes

Ethylene dibromide

Ammonium nitrate

Composite CDC risk score

24.8

22.1

30.6

17.0

17.1

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

20

2.4. Summary

In this chapter, we described the development of a CDC risk analysis tool that meets the USCG’s needs (i.e., appropriate for a maritime environment). The tool characterizes CDCs in a generic way and does not involve any facility-specific information or the need for modeling like in the method described in Chapter Four.

We focused on the 43 CDCs authorized to be transported by vessels in bulk (see Appendix B for more information). We began by reviewing existing tools, data sources, and guidance documents. We articulated the requirements for such a tool and narrowed down to three candidate tools for further consideration and adaptation:

• the DHS CSAC chemical selection tool (McMasters, 2020) • a toxic industrial chemical prioritization scheme (Taxell et al., 2013) • the NFPA 704 standard system (NFPA, 2017).

We carefully assessed the pros and cons of these tools to inform the selection of five metrics that should be included in the CDC risk analysis tool:

• the NFPA health, flammability, and instability hazard ratings (NFPA, 2017) • the PAD in the DOT ERG (see also Brown, Freeman, and Haney, 2017) • the number of incidents with a maritime nexus collected by the NRC (NRC, undated).

These metrics are proxies for either consequence or likelihood, the two main components of a classical risk analysis for chemical process safety (see, e.g., CCPS, 2000, and CCPS, 2007). We demonstrated how these data should be retrieved from public sources.

After collecting the necessary data for the metrics, we studied their distributions to determine how they should be scaled and aggregated. We suggested a composite CDC risk score that aggregates the five metrics. The five CDCs with the highest risk scores were

• propane • anhydrous ammonia • fuming sulfuric acid • sulfur dioxide • chlorine.

This finding is consistent with our intuition. This CDC risk analysis tool can be easily expanded to include other commodities because the requisite

data are publicly available and the formulation is simple and transparent. We note that, of the five metrics included in the CDC risk analysis tool, the three NFPA hazard ratings are between 0 and 4 and the PAD is capped at 7 miles for chlorine for the thousands of chemicals included in the DOT ERG, but the number of incidents is open-ended. If another commodity is to be included but has many more incidents, the scaling and aggregation scheme might need to be adjusted.

21

CHAPTER THREE

Estimating the Facility Population

3.1. Introduction

In this chapter, we describe the population of MTSA-regulated facilities that are likeliest to be regulated under the final reader rule. A fundamental challenge for estimating the facility population is a lack of any single comprehensive data source recording the chemicals handled at each maritime facility. So, we had to collect and collate facility-level information from multiple data sources. With these data sources, we devel- oped methods and assumptions to (1) estimate the facility population (both the lower and upper bounds), (2) characterize the facilities by industry and type of operations, and (3) describe the variety of CDCs that different types of facilities handle. We also discuss some caveats of our estimates.

3.1.1. Interpretation of the Covered Population Whether a facility is affected by the final reader rule depends on whether the facility handles CDC in bulk. The phrases handle CDC and bulk CDC as they pertain to the reader rule had to be operationalized for us to determine which facilities would need to comply with the reader rule. Here, we use existing guidance to direct our analysis.

As noted in Chapter One, the USCG elaborated on the intended interpretation of “maritime facility han- dling CDC in bulk” in the reader rule delay (USCG, 2020). In particular, the USCG’s intended interpretation is that a facility is determined to handle CDC in bulk whenever “the bulk CDC would be on the premises . . . and thus the facility’s access control system would need to be used to mitigate the risk of a TSI” (p. 13496). Importantly, this interpretation focuses on the presence of a dangerous chemical within the MTSA-regulated footprint of a facility rather than on how that chemical is used. To emphasize this point, the reader rule delay also notes that “handling a CDC” does not necessitate transferring the CDC across the maritime nexus; rather, it includes situations in which a facility “stored or used CDC, or the facility was used to transfer CDC in bulk through rail or other non-maritime means” (p. 13496).

The term bulk also requires clarification. With respect to the TWIC reader rule, the relevant definition of bulk is in 33 C.F.R. § 101.105: “a commodity that is loaded or carried without containers or labels, and that is received and handled without mark or count. This includes cargo transferred using hoses, conveyors, or vacuum systems.”1 This depends, in turn, on the definition of container in 49 C.F.R. § 450.3, which lists five specific criteria that a container must meet. A minimum volume is not among those criteria, but a minimum footprint area is. A CDC being transported in International Organization for Standardization (ISO) tanks that fit on truck chassis would not count as bulk. But it is unclear whether that CDC would count as being stored in bulk if it were then transferred to a standing storage container by means of a pipe or hose.

1 Other definitions of bulk in other contexts might be relevant for some maritime facility operations, such as the definition related to pipelines in 49 C.F.R. § 171.8.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

22

We could not observe exactly how any given facility handles CDCs, nor do we interpret the definition of container to include or exclude ISO tanks from the final reader rule. Instead, we adopted the following approach in determining whether a facility was affected by the reader rule delay: If a facility has any amount of any of the 43 CDCs authorized to be transported in bulk (see the list in Section 2.1 and Table B.1 in Appendix B) within the MTSA-regulated footprint, we consider it to handle CDC. We counted all such facilities that handled CDCs, regardless of how the substances were handled or stored. However, the USCG could opt to operationalize the definitions of bulk and container to exclude certain facilities. We therefore supplemented our total count by noting how many facilities we believe handled CDCs exclusively in ISO or freight containers.

Our approach therefore provides a population estimate that is consistent with the broadest interpretation of “facilities handling CDC in bulk.”

3.1.2. Prior Population Estimates Both the USCG and facility trade associations have presented prior estimates of the number of facilities that would be subject to the TWIC reader rule under the criteria outlined in the reader rule delay. In this section, we briefly discuss these estimates and the reasons we believe that they are inaccurate, based solely on the lan- guage in the reader rule and the data informing each estimate.

As part of the reader rule delay, the USCG estimated that the delay affected 370 facilities. This number was calculated by removing from the original set of risk group A facilities (525 total; see Section A.3) those that receive large passenger vessels (which had to comply with the reader rule by June 2020 and numbered 155 in all). However, that estimate is likely inaccurate for two reasons:

• It might include some facilities that do not handle CDCs. The original definition of risk group A was based on handling CDCs (see Appendix A), but there was no systematic method of verifying a facility to handle CDCs. Therefore, the original set of risk group A facilities might not all have handled CDCs.2

• It might exclude some facilities that do handle CDCs. Whether risk group A facilities as originally iden- tified were in line with the current interpretation of “handling CDC” is unclear. It is likely that there are facilities that should have been included in risk group A but were not. The USCG acknowledged as much in the reader rule delay, noting that there are an “unknown number of facilities that receive ves- sels carrying bulk CDC but, during that vessel-to-facility interface, do not transfer bulk CDC to or from the vessel” (USCG, 2020).

On multiple occasions, facility trade associations have suggested that the number of facilities subject to the reader rule is higher than the USCG’s estimate of 370. They have indicated that the USCG’s estimates have failed to sufficiently account for facilities that do not transfer CDCs across the maritime nexus. In a 2017 petition for rulemaking, representatives of three trade associations estimated that counting all non–maritime transfer facilities “quadrupled the number of facilities among the Associations’ membership covered by the requirement” (Walls, Friedman, and Lidiak, 2017). A subsequent comment in response to the delay notice of proposed rulemaking (NPRM) suggested that the number of non–maritime transfer facilities alone exceeds 525—the USCG’s estimate of the total number of all regulated facilities—and could be closer to 1,500.

2 Our data confirm this. The reader rule delay assumes that all 370 risk group A facilities handle CDC. However, our data show that this is not the case—some facilities originally listed as risk group A reported handling CDCs, and some did not. See Section 3.4 for more details.

Estimating the Facility Population

23

We do not have any evidence of how the commenters arrived at an estimate of 1,500.3 It is possible that non–maritime transfer facilities would be regulated under CFATS instead of MTSA and so would not be relevant to this study. However, the authors of an earlier HSOAC report also considered a scenario in which roughly 1,500 facilities would be subject to the rule (Williams et al., 2020, p. 124). Those authors arrived at this total by combining all the original risk group A facilities; non–risk group A bulk liquid or bulk oil facili- ties; and non–risk group A facilities handling hazmat, explosives, or radioactive materials.4 These broad cri- teria almost certainly result in an overestimate of the number of facilities handling CDCs. Most hazmat, not to mention explosives and radioactive materials, is not on the list of 43 CDCs authorized to be transported by maritime vessels in bulk, so facilities handling those materials but not handling the 43 CDCs would be included among the 1,500.

At the time of the reader rule delay, the USCG amended the definition of risk group A (33 C.F.R. § 105.253). The criteria defining risk group A are now identical to the criteria for being subject to the reader rule. (For clarity, we still refer to such facilities as being “subject to the reader rule” or “handling CDCs” and distinguish them from facilities originally classified as risk group A.) Therefore, by counting facilities that handle CDCs, we are simultaneously reestimating the size of risk group A under the new definition (excepting facilities receiving large passenger vessels).

According to the inclusion criteria underpinning earlier estimates, we expect that the USCG underesti- mated the number of such facilities, whereas trade associations and the earlier HSOAC author team overes- timated the number. The estimation strategy we describe next supports the USCG’s commitment to “get a much fuller estimate of the [risk group A] population” (USCG, 2020, p. 13502).

3.2. Data Sources

To estimate how many facilities handle CDCs in bulk, we ideally would have access to facility-level informa- tion on the chemicals being handled within the MTSA-regulated footprint. To further inform our facility risk model and cost–benefit analysis (Chapters Four and Five, respectively), we would also want facility-level information on the CDC-relevant consequences. For example, we would want to distinguish the consequence of an attack at a facility when a flammable chemical is the target versus when a toxic chemical is the target. However, no single data set contains all of these desirable pieces of information, so we pieced together our own data set from various incomplete sources.

3.2.1. The MISLE Database Our starting point was the MISLE database that the USCG maintains and that provides information about each MTSA-regulated maritime facility. The USCG provided us with a complete list of all facilities as of Feb- ruary 2021; the 3,005 facilities in active or caretaker status formed the basis for our analysis.5 The MISLE

3 In phone discussions with trade association representatives, we learned that they had conducted a count among their mem- bers but did not have any concrete numbers or calculations to share. 4 These counts were based on information in the MISLE database, which, as discussed in greater detail in Section 3.2.1, might be incomplete. Moreover, a facility might be listed in multiple operational categories (for example: bulk oil, containers, and large passenger vessels), but the authors of the earlier HSOAC report considered only the primary category. 5 Caretaker status is defined in 33 C.F.R. § 154.105 and refers to facilities set up to transfer oil or hazmat in bulk. In caretaker status, a facility has not been permanently shut down but has been verified to have all equipment in the maritime transfer area clear of hazmat, oil, and gas. A facility in caretaker status is not considered operationally ready and so is not required to comply with certain safety and record requirements. However, because it might still have hazmat outside of the maritime transfer area and because it could revert to active status, we include these facilities in our analysis. There were 82 MTSA-

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

24

database includes facility name and address, as well as several data fields that informed our analysis. Table 3.1 lists those fields and their role in our analysis. However, the MISLE database does not contain detailed CDC information (e.g., name and quantity).

For our population estimate, the description and subtype fields indicate some facilities that handle CDCs. For example, the description field could indicate that a facility transfers ammonium nitrate, or the facility might be listed under the subtype “CDC” (often, but not always, with a modifier to indicate the type of CDC, particularly anhydrous ammonia, liquefied natural gas, or liquefied petroleum gas). This helped us identify at least some facilities that handle CDCs. We identified 144 facilities this way, some of which also reported CDCs in other data sources discussed in the rest of this section.

3.2.2. Insufficiency of MSRAM Data To obtain information related to TSI risks and consequences, we first sought data from MSRAM. The USCG uses MSRAM to estimate risks of adversarial attacks and maintains a database of facility-specific estimates for the consequences of various attack scenarios. The database also contains information on the type and quantity of various chemicals, which is used as inputs to the MSRAM risk assessment methodology.6 Both the MSRAM data and methodology are of potential use in the facility population estimation described in this chapter and the facility risk model described in Chapter Four.

Facility-specific MSRAM consequence estimates are considered classified information. Therefore, we received only an anonymized subset of the MSRAM data from the USCG Office of International and Domes- tic Port Security Assessment (CG-PSA). However, as described in detail in Section 4.2 and Appendix H, these limited anonymized MSRAM data were not suitable for our purposes for population estimation and the facil- ity risk model. We briefly recount the reasons here:

• Because of the classification restriction, facility names were anonymized in the MSRAM data that we received. As a result, we do not know the exact facilities being considered and could not match facilities to data collected from other sources, including the MISLE database.

• In the MSRAM data that we received, only about 15 percent of the facilities had chemical informa- tion. As a result, for most facilities (which are anonymized), we do not know for sure whether they handle CDCs.

• The MSRAM consequence scores were not always generated by standardized, objective method- ologies, so we could not reproduce the results. (This point is more related to the facility risk model described in Chapter Four.)

Because of these limitations associated with the MSRAM data that we received, we sought information from other sources to create a facility-level database that was unclassified and as complete as possible.

3.2.3. EPA’s RMP Program EPA regulates many chemicals under various programs, including many of the CDCs (authorized to be transported in bulk) analyzed in this study. Facilities that handle those chemicals for particular purposes must report detailed information to EPA, regardless of whether the facility is also MTSA-regulated. There-

regulated caretaker facilities (compared to 2,923 active facilities) as of February 2021. For more information, see Comman- dant Instruction M16600.10, 2020. 6 Appendix C of Williams et al., 2020, provides additional information on the MSRAM risk assessment methodology, par- ticularly as it relates to the TWIC program.

Estimating the Facility Population

25

fore, we sought the EPA data under the assumption that many maritime facilities handling CDCs would also be required to report the presence of those chemicals to EPA.

EPA’s RMP program implements Section 112(r) of the Clean Air Act that outlines regulations meant to prepare for and mitigate the possibility of accidental release of regulated chemicals.7 A facility using any of the regulated chemicals must develop an RMP detailing, among other things, the types and quantities of chemicals on site that could be released in an accident.

The main compliance criterion is holding more than a threshold quantity of a regulated substance in a process (EPA, 2004). Here, process is defined broadly and includes storage, so, in practice, the RMP most closely matches the USCG’s interpretation of “handling CDC.” Therefore, we expect that most facilities han- dling RMP-regulated CDCs (at least, above the RMP’s threshold quantity) would report that CDC to EPA.

We requested the RMP data via the Freedom of Information Act (see EPA, undated b). We received facility- level information on chemical types, chemical mixtures, chemical quantities, and individual processes. Each facility may report that a chemical is used in multiple processes and that it can be present in mixtures with different concentrations across different processes. We processed the RMP data to obtain a single largest quantity for each chemical reported by each facility; Appendix E provides details on how we arrived at these bottom-line numbers. Picking the largest quantity is also consistent with the RMP guidance for offsite con- sequence analysis (EPA, 2009).

Although facilities also report worst-case consequence estimates as part of their RMPs, per EPA guide- lines, those estimates cannot be provided to the general public. Therefore, we used RMP mainly as a resource for chemical information but not consequence estimates.

3.2.4. EPA’s TRI EPA’s TRI program is another mandatory-reporting program for hazardous chemicals. A facility must report to TRI if it has at least ten full-time employees; operates primarily in a TRI-covered industry (determined by the North American Industry Classification System [NAICS] code); and manufactures, processes, or uses TRI-listed chemicals above a particular threshold (EPA, 2021). These criteria are narrower than the RMP’s, so we would expect fewer facilities to report to TRI than to RMP (all else equal). However, the lists of regu- lated chemicals differ, and some of the 43 CDCs authorized to be transported in bulk are regulated by TRI or RMP, but not both. Thus, we used the 2019 TRI data (the most-recently available) in addition to the RMP data (EPA, 2022).

The TRI data list unique chemical and facility combinations with quantities recorded for each of several mutually exclusive end states (e.g., release, recycling, transfers). TRI also lists the maximum quantity on site

7 Section 112(r) refers to 42 U.S.C. § 7412(r)(7)(H), the codification of the Clean Air Act amended by Section 3 of the Chemi- cal Safety Information, Site Security and Fuels Regulatory Relief Act (Public Law 106-40, 1999).

TABLE 3.1

MISLE Data Fields Used for Analytic Tasks

Data Field Description Role in Analysis

Latitude and longitude

Numeric coordinates up to eight decimal places

Used to calculate local population density for the facility risk model (see Chapter Four)

Subtype lookup name

Up to three subtypes listing facility operational categories

Used to create facility “supergroups” to calculate the upper bound of the facility population estimate (see Section 3.3.3)

Description Text field providing additional information about a facility

Used to identify facilities potentially handling CDCs (see Section 3.3.2)

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

26

at any given time, which is reported in a range based on order of magnitude. We used the maximum quan- tity (taking the geometric mean for each range) where available; otherwise, we used the maximum quantity reported among all end states.

The RMP and TRI programs collectively regulate most of the 43 CDCs of interest. Table 3.2 shows the coverage of the two programs. Eight CDCs are not regulated by either program: ammonium nitrate, ammo- nium nitrate–based fertilizer, chlorosulfonic acid, cyclopentene, dipentene, ethylene chlorohydrin, ethylene oxide mixtures, and mixed C4 cargoes. Of these, ammonium nitrate is likely to be the biggest gap in our analysis: Ammonium nitrate and ammonium nitrate–based fertilizers are common, and some facilities spe- cialize in fertilizers and would not handle other CDCs. We needed to rely on other data sources, particularly the MISLE database, to flag those facilities.

TABLE 3.2

CDCs Regulated by the RMP and TRI Programs

Proper Shipping Name of CDC Regulated by

RMPa Regulated by

TRIb

1-Pentene (n-amylene) x

Acetaldehyde x x

Acetone cyanohydrin, stabilized x

Allyl alcohol x x

Ammonia, anhydrous x x

Ammonium nitrate with not more than 0.2% total combustible material, including any organic substance, calculated as carbon to the exclusion of any other added substance

Ammonium nitrate–based fertilizer

Butadienes, stabilized, or butadienes and hydrocarbon mixture, stabilized and containing more than 40% butadienes

x

Butane x

Butylene x

Chlorine x x

Chlorosulfonic acid (with or without sulfur trioxide)

Crotonaldehyde or crotonaldehyde, stabilized x x

Cyclopentene

Diethyl ether or ethyl ether x

Dimethyl ether x

Dimethylamine, anhydrous x x

Dipentene

Ethane, refrigerated liquid x

Ethyl chloride x x

Ethylene, refrigerated liquid (cryogenic liquid) x x

Ethylene chlorohydrin

Ethylene dibromide x

Ethylene oxide and propylene oxide mixtures with not more than 30% ethylene oxide

Estimating the Facility Population

27

3.2.5. Facility-Level Data Collection Although the RMP and TRI programs provide critical CDC information about facilities, they have gaps in CDC coverage and provide no information about TWIC readers or TWIC-related expenditures. Moreover, we could not be certain that all facilities handling CDCs were also reporting to RMP or TRI. Therefore, we sought to collect primary data directly from facilities.

We designed an interview protocol to collect information directly from facility representatives, in compli- ance with the requirements of the Paperwork Reduction Act. The protocol is included in Appendix F, with questions split into four categories: basic facility information, CDC-specific information, TWIC security infrastructure, and reader rule–related costs. The survey was designed to be administered online, and we worked with trade association representatives to share the survey link with their members. Thanks to the cooperation of trade associations, the survey link was sent to the facilities mostly likely to be regulated under the reader rule—we estimated that it was shared with a few hundred facilities.

Unfortunately, despite the large number of potential respondents and three follow-up email reminders, few email recipients filled out the form. We collected ten complete responses, plus 24 partial responses that

Proper Shipping Name of CDC Regulated by

RMPa Regulated by

TRIb

Ethylene oxide or ethylene oxide with nitrogen up to a total pressure of 1 MPa (10 bar) at 50 degrees Celsius

x x

Isopentenes x

Isoprene, stabilized x x

Isopropylamine x

Methacrylonitrile, stabilized x x

Methane, refrigerated liquid (cryogenic liquid), or natural gas, refrigerated liquid (cryogenic liquid) with high methane content

x

Methyl acetylene and propadiene mixtures, stabilized x

Methyl bromide x

Methyl chloride or Refrigerant gas R 40 x x

Mixed C4 cargoes

Pentanes x

Propane x

Propylene x x

Propylene oxide x x

Sulfur dioxide x

Sulfuric acid, fuming with 30% or more free sulfur trioxide x x

Vinyl chloride, stabilized x x

Vinyl ethyl ether, stabilized x

Vinylidene chloride, stabilized x x

NOTE: See Appendix B and Commandant, 2020c, for additional information on how we developed the list of 43 CDCs. a Source: EPA, undated c. b Source: EPA, undated f.

Table 3.2—Continued

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

28

did not provide enough information to be usable. Two respondents were screened out as being ineligible, and roughly 100 others clicked the link but did not begin the survey (although we could not tell whether any instances were the same person clicking the link multiple times).

The survey did not yield enough responses to analyze the resulting patterns. To supplement the survey responses, we turned to interviews conducted for the prior HSOAC study (Williams et al., 2020). For that study, the research team had conducted roughly 200 interviews with representatives from 164 facilities of all types and sizes across the United States, covering some of the same topics as our online survey.8 We matched that interview list to the MISLE database to identify facilities that were likely to handle CDCs—for example, we flagged bulk liquid facilities but not cruise ship terminals. We also searched interview notes for mentions of “chemical” or specific CDC names. This yielded 27 facilities that were related to the current study.

We created a synthetic observation in our survey data set for each of the 27 facilities and filled in responses for all available information using the interview notes. For example, during prior interviews, facility repre- sentatives had been asked how many TWIC readers they had. If they had provided an answer, we entered that number in our survey database. If interviews had confirmed that a facility handled CDCs, we entered that information in the database. We excluded any facility for which the interviews were ambiguous as to whether they handled CDCs, and we did not review interviews for facilities from which representatives had already responded to our online survey. In the end, we added data for 20 facilities, yielding a total of 30 facilities from which we directly collected information.

3.2.6. Supplementary Interviews The facility-level data sources provided CDC information for some MTSA-regulated facilities. The lack of comprehensive coverage leaves an open question: If a facility is not identified in our data sources as handling CDCs, is that because it truly does not handle CDCs, or is it because it does not meet the reporting criteria (or did not respond to our survey)?

To assess gaps in our data, we conducted interviews with company-level representatives. Appendix  G describes these company-level interviews in detail. Office of Management and Budget (OMB) regulations under the Paperwork Reduction Act limited us to nine such interviews. Nine company-level (rather than facility-level) interviews allowed us to gather general information about large numbers of facilities and industry-level operations, although the downside is that we could not collect facility-specific information.

We created a priority list based on three criteria:

• the number of MTSA-regulated facilities that the company operates (prioritizing those with more facili- ties)

• the number of facilities for which we already had EPA or survey data (prioritizing those with more data gaps)

• the number of facilities originally categorized as risk group A rather than group B or C (prioritizing those with more group B or C facilities).

We also sought a mix of companies in terms of the types of facilities they operated, including fertilizer, barge fleeting, nonoil liquid bulk, and bulk petroleum and oil.

Trade associations again aided in contacting potential interviewees, working down our priority list until we had scheduled nine interviews. We developed a semistructured interview protocol (Section G.5) cover- ing the same topics as our online survey but at the level of a company rather than facility. We also asked

8 Appendix A of Williams et al., 2020, provides additional details on the selection criteria and interview protocol for that project.

Estimating the Facility Population

29

interviewees for their insight into the broader landscape of maritime facilities to gauge potential gaps in our existing data and the extent to which our data collection efforts covered (or did not cover) facilities handling CDCs.

Because these supplementary interviews were not at the facility level, we did not directly use them for facility population estimation. Instead, we used them mainly to verify whether we had any major gaps in data coverage.

3.3. Methodology

To estimate the number of facilities handling CDCs in bulk, our various data sources needed to be combined and the chemical information made comparable across sources. We then needed to develop a transparent, replicable approach for counting facilities that handled CDCs. This section describes our methods, with the results of our methods described in Section 3.4.

3.3.1. Facility Matching To align all our data sources, we used the MISLE database as the primary file and matched other data sources to that list. This allowed us to gauge gaps and areas of overlap. The data we collected from the online survey plus transcribed interviews were easily matched to the MISLE database because we used the MISLE ID num- bers to label respondents. The EPA databases, however, required a more time-intensive approach.

Tens of thousands of facilities report to each EPA program. To identify the MTSA-regulated facilities among the others, we could not just look for names and addresses. Many facilities shared the same name (e.g., Shell or ExxonMobil) or went by different full or various abbreviated names or spellings in different sources. Moreover, facility names change over time as they change ownership, or a data source might list the name of the operating company instead of the name of the facility itself. Although the MISLE, RMP, and TRI databases include geographic coordinates (i.e., latitude and longitude), they often have different resolu- tions or refer to different locations at a facility (especially for a large facility). Addresses, too, can differ, and the MISLE database often uses a post box address instead of the street address. We tried and concluded that standard text-mining algorithms could not be used to match name and address strings.

Instead, we conducted a computer-aided manual matching and validation procedure. This consisted of four processes:

• Collect the latitude and longitude for every facility in the MISLE, RMP, and TRI databases. • Use geospatial analytics to find every RMP and TRI facility within five miles of each MISLE facility. • Manually identify which of the nearby RMP or TRI facilities (if any) matched each MISLE facility, based

on a combination of name, address, operator name, and MISLE description. • Validate matches for a random 10-percent sample of MISLE facilities by performing a blinded replica-

tion of step 3.

In step 3, we assigned members of the research team a random set of MISLE facilities to match. In step 4, we assigned team members facilities they did not review in step 3, without showing them the results from step 3. In this way, we were able to independently verify that match rates were consistent across team mem- bers and that team members agreed on matches. In the end, team members agreed in more than 95 percent of cases reviewed in step 4.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

30

3.3.2. Lower-Bound Estimation Our matching procedure yielded a database of MISLE’s 3,005 active and caretaker facilities linked to the CDC information from the RMP or TRI database, our survey, or our previous interviews. As described in Section 3.1.1, we considered a facility as handling CDCs if the facility had CDCs present on site within its MTSA-regulated footprint. We derived our lower-bound estimate by counting the facilities that we were cer- tain had CDCs present on site—in other words, facilities for which we had information about CDCs from one or more data sources.

Formally, our lower-bound estimate totals the following groups, where each unique facility is counted just once:

• every facility that reported at least one CDC to the RMP program • every facility that reported at least one CDC to the TRI program • every facility that reported at least one CDC in our survey or interview • every facility listed in MISLE as “CDC” in at least one subtype field (see Table 3.1) • every facility listed in MISLE as handling a CDC in the description field (see Table 3.1).

This is a lower bound because we were as certain as we could be that these facilities handle CDCs. Any facilities with CDCs on site but for which we have no information would increase our total count—but we required a separate method (described in Section 3.3.3) to estimate the number of those.

The lower-bound count is not based on a facility’s risk group categorization but rather on the actual reported presence of a CDC at the facility. As discussed in Section 3.4, these are not the same: A facility’s original risk group categorization (i.e., A, B, or C) does not imply the presence or lack of CDCs. We found that our lower-bound population included some facilities from each of the original risk groups.

3.3.3. Upper-Bound Estimation Counting facilities that reported CDCs provided a clear lower bound on the number of facilities subject to the reader rule delay. However, it was difficult to estimate how many other facilities handled CDCs outside of what we knew from our data sources. To obtain an upper-bound estimate, we needed to formulate justifiable assumptions about the extent to which our existing data sources had gaps in coverage of facilities handling CDCs. We relied on two pieces of evidence:

• First, our supplementary interviews provided insight into the landscape of facilities beyond our data sources.

• Second, we used a facility classification strategy that turned MISLE subtype categories into mutually exclusive supergroups, which revealed stronger patterns in CDC handling than the more-granular but overlapping MISLE subtype fields did.

We might not have any CDC information about a facility for any of many reasons. Here are some exam- ples in which we would not have the RMP or TRI data for a facility:

• The facility did not handle CDCs. • The facility handled CDCs but below the reporting thresholds for the RMP or TRI program. • The facility reported CDCs to RMP or TRI, but we failed to match it to the MISLE database because of

a name change or address mismatch. • The facility handled only CDCs that were not regulated by RMP or TRI.

Estimating the Facility Population

31

For our upper-bound estimate, we sought to distinguish facilities described by the first bullet point, which were not subject to the final reader rule, from those described by other bullet points, which were subject to the rule but we were unable to verify as such.

The MISLE database was our only source of information about facilities for which we had no EPA or survey information. We therefore relied on MISLE’s facility subtype fields to establish an upper-bound popu- lation estimate. Because each facility could have up to three different subtypes, we started by creating mutu- ally exclusive supergroups, as shown in Table 3.3.

The first supergroup consists of every facility that was tagged in the MISLE database as a CDC or a non- petroleum hazmat facility in any of the three possible subtype fields. These subtypes were found to be likeli- est to be included in our lower-bound estimate (see Section 3.4 for more details). The MISLE database had 514 such facilities.

The second supergroup contains bulk oil and petroleum facilities that were not also in supergroup 1. In other words, these are facilities that handle bulk oil products but not also other bulk CDC or hazmat prod- ucts. This a slightly larger group, with 714 such facilities in the MISLE database.

The last supergroup contains all other facilities, such as passenger, International Convention for the Pre- vention of Pollution from Ships (known as MARPOL for “marine pollution”), barge fleeting, container, non- hazmat bulk, and boating facilities. This is the largest group, with 1,777 facilities.

To obtain our upper-bound estimate, we added all facilities in supergroup 1 to our lower bound. In other words, our upper bound totals the following groups:

• facilities already counted in the lower bound • facilities listed in supergroup 1: CDC, bulk dry/solid hazmat, and bulk liquid hazmat.

Our justification for this upper bound is based on quantitative and qualitative evidence from our supple- mentary interviews. Broadly, our interviews suggested that the EPA data provided good coverage of CDC- handling facilities among the companies we interviewed. We found no evidence that broad categories of bulk liquid storage and transfer facilities had been excluded from our lower bound. But we also learned that some other categories of facilities might have failed to be included, and there could be unique facilities or smaller companies that do not fit the general trends described by interviewees.

To examine our data coverage, we counted the total number of MTSA-regulated facilities reported by all interviewees and the total number of CDC-handling facilities that they reported. Then, we turned to the MISLE database to identify facilities that were operated by our interviewee companies; we also counted how many of those facilities we separately matched to the EPA data and how many of them reported at least one CDC in the EPA data. As Table 3.4 shows, the interviewee companies collectively operated between 127 and 131  MTSA-regulated facilities (some interviewees did not provide exact numbers). In our matched data-

TABLE 3.3

Supergroup Definitions for MTSA-Regulated Facilities

Supergroup Description Number of MTSA-Regulated Facilities

Listed in MISLE

1: Bulk hazmat other than oil

Any of a facility’s three MISLE subtypes is “CDC,” “Bulk Dry/ Solid (HAZMAT),” or “Bulk Liquid (HAZMAT).”

514

2: Bulk oil Any of a facility’s three MISLE subtypes is “Bulk Oil” and the facility is not in supergroup 1.

714

3: Other The facility is not in supergroups 1 or 2. 1,777

NOTE: Subtypes are standardized categories used in the MISLE database to describe a facility’s purpose. Each facility is listed with up to three different subtypes.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

32

base, we identified 44 of these facilities that reported to an EPA program. Our interviewees reported exactly 21 facilities that currently handle CDCs; in the EPA data, 24 (of 44) reported handling at least one CDC.9

It is clear from our interviews that the majority of these companies’ facilities do not handle CDCs, and the EPA data already revealed the ones that do. We see no evidence that we systematically missed certain types or categories of CDC-handling facilities by relying on the EPA data.

Qualitative evidence also suggested that our merged data set provided good coverage of CDC-handling facilities. Interviewees told us that most facilities in their industry would not handle CDCs; that the facilities that did usually handled large amounts on a regular basis; and that it would be unusual for a facility to handle a CDC only occasionally, thereby requiring it to change eligibility for regulation under the reader rule. Rep- resentatives of oil and petroleum companies also stated that, although some facilities did have butane tanks, that was not the norm.10 Given what we learned in the interviews, we had no reason to conclude that we had omitted large numbers of CDC-handling facilities from our lower-bound estimate.

We still had gaps, however, in our interviews: We did not talk to every bulk liquid or bulk oil company, and we were unable to talk to any fertilizer, barge fleeting, MARPOL, or bulk solid facility operators, all of which could be transporting CDCs. Discussions with representatives from several USCG sectors and dis- tricts also suggested that barge fleeting facilities, in particular, could constitute a gap in our analysis. A barge fleeting facility can receive vessels carrying CDCs in bulk but does not transfer CDCs across the maritime nexus. These facilities might not be required to report to the RMP and TRI programs, and they are not part of the trade associations with whose representatives we talked, so we might not have any information about what types of cargoes they receive.

Considering our interview findings, we concluded that facilities in supergroups 2 and 3 (except barge fleeting) were unlikely to handle CDCs unless they had already reported CDCs in one of our existing data sets. Facilities in supergroup 1 were likeliest to handle CDCs, or at least to have the ability and infrastructure to do so. We therefore include supergroup 1 facilities to get an upper-bound estimate (see Section 3.4 for the results). We believe that supergroup 1 will also include most fertilizer facilities. We also believe that this is indeed an upper bound because some facilities in supergroup 1 do not handle CDCs. For example, we learned in our interviews that several bulk liquid facilities do not handle CDCs in bulk; as described in Section 3.4, there are 70 facilities in supergroup 1 for which we have chemical data that did not report any of the 43 CDCs

9 The reported differences could be because the facility population changed since the EPA data were reported or because the interviewees had a different interpretation of “handling CDC in bulk” that was not made clear. Because we did not get facility-specific information from interviews, we are unsure whether the 21 reported in interviews are a proper subset of the 24 counted in the EPA data. Still, even if 21 were the true number, this difference of three facilities does not affect the validity of our lower-bound estimate. 10 This contradicted what we heard in discussions with representatives of trade associations, some of whom told us that virtu- ally every bulk oil facility would have a large tank of butane. According to the companies that operated those facilities, butane is not common and would be used only in certain regions of the country, and we did include these facilities in the counts of CDC-handling facilities.

TABLE 3.4

Description of Facilities Covered by Supplementary Company Interviews

Facility Category

Number of Facilities

Reported by Interviewees Matched Between MISLE and EPA Program Data

MTSA-regulated 127 to 131a 44

CDC-handling 21 24

NOTE: Numbers reflect totals across nine interviews conducted with representatives of companies that operated MTSA-regulated facilities. a Some interviewees did not give exact numbers. Appendix G provides additional tabulations of the interview results.

Estimating the Facility Population

33

authorized to be carried in bulk. Treating these as “true zeros” (i.e., facilities that definitely do not handle CDCs) gives a sense of how conservative this upper bound might be. But we also know that some barge fleet- ing facilities in supergroup 3 probably did handle CDCs. Still, according to the MISLE database, those facili- ties are not numerous enough to outnumber the 70 facilities that did not report CDCs.

Figure 3.1 summarizes the methods for attaining our lower- and upper-bound population estimates.

3.4. Results

After merging our various data sources and developing our estimation methodology, we assessed the align- ment among data sources and then estimated the population of facilities that handle CDCs. We also exam- ined various aspects of the facility population.

3.4.1. The Data Sources Had Some Overlap Across all our data sources, we had potential CDC information for 759 out of 3,005  facilities. For those 759 facilities, we had the EPA program data, the data from our own collection efforts, or an indication from the MISLE database that the facility handled CDCs. Table 3.5 shows how we identified different categories of facilities, and Figure 3.2 shows the overlap among these data sources.

The most-important sources of information were the EPA RMP and TRI programs. Collectively, each of 680 MISLE facilities was matched to a facility in the RMP or TRI database or both. For 592 facilities, the EPA data were the only source of information. The second most important source was the MISLE database. MISLE listed 144 facilities as handling CDCs; of these, 67 were not matched to any other data sources. Our own collection efforts formed the smallest group: Out of 30 facilities, nine were not in any other source.

FIGURE 3.1

Comparison of Lower- and Upper-Bound Population Estimation Methods

Steps MTSA-regulated facilities

(N = 3,005)

Excluded from the count (N = 2,294)

Included in the lower bound (N = 471)

Included in the upper bound (N = 711)

Does at least one of our data sources report the presence

of CDCs on site?

Does MISLE categorize the facility as nonoil bulk liquid or

hazmat?

No

Yes

No

Yes

List all active and caretaker facilities as of February 2021.

Assess the data set.

We found that facilities with CDCs reported in our data fell into many

subtypes and spanned all the original risk groups (A, B, and C).

Categorize the data.

We assigned facilities categorized as bulk liquid or bulk hazmat

(other than oil and petroleum) to supergroup 1.

Eliminate facilities from the data set.

The remaining facilities were presumed not to handle CDCs and

were excluded from our count.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

34

Next, we determined how many facilities actually handle CDCs. Some of the 759 facilities might have reported to EPA or to our survey but reported chemicals other than the 43 CDCs (authorized to be trans- ported in bulk) we studied. That is useful information: Reporting zero CDCs implies that the facility does not actually handle CDCs and is not subject to the rule delay.11 In all, 471 facilities reported at least one CDC, and 288 facilities reporting to EPA or to us did not disclose the presence of any CDCs. Figure 3.3 disaggregates the 471 CDC-reporting facilities across data sources.12

11 We cannot be fully certain that such facilities do not handle CDCs. It could be that they do not meet the reporting thresh- olds required by EPA, for example. But in conjunction with our company-level interviews, we used these facilities as justifica- tion for our upper bound, as described in Section 3.3.3. 12 The counts in Figures 3.2 and 3.3 might not align because we might have multiple sources of data about a facility but only one source that records CDCs. In particular, one facility in the EPA data did not report any CDCs to EPA but was described as a CDC facility in MISLE. This facility is included in the intersection of EPA and MISLE bubbles in Figure 3.2 but only in the MISLE bubble for Figure 3.3. This change brings down the combined EPA/MISLE count from 70 to 69 between the two figures and brings up the MISLE-only count from 67 to 68.

TABLE 3.5

Categorizing Facilities

Source Facilities Method Section for More

Information

MISLE database 144 Inspect the description and subtype fields in the MISLE database for specific reference to CDCs.

3.2.1

EPA database 680 Match the facilities in the EPA RMP and TRI databases to those in the MISLE database.

3.2.3, 3.2.4, and 3.3.1

Survey and interviews

30 Refer to the results of our online survey and the interviews from the previous HSOAC study (Williams et al., 2020).

3.2.5

FIGURE 3.2

MTSA-Regulated Facilities with Potential CDC Information, by Data Source

NOTE: The figure represents a total of 759 MTSA-regulated facilities for which we had data on chemicals on site, out of all 3,005 MTSA- regulated facilities. The counts from EPA and HSOAC data are of facilities for which we had any reporting data, not necessarily reports of CDCs. The MISLE counts are of facilities that were reported to handle CDCs.

Online survey + Williams et al., 2020

EPA

592

3

9

70

4

14

67

MISLE

Estimating the Facility Population

35

Figure 3.3 reaffirms the importance of the EPA data. In two-thirds of the cases (317 facilities), we know about CDCs only because they were reported to EPA. In 68 cases, the MISLE database was the only source recording the presence of CDCs; our own data collection efforts uncovered just three facilities with CDCs that would not have been counted by the other sources.

Although we identified, from various data sources, 471  facilities that reported at least one CDC, only the EPA RMP and TRI data—accounting for 397 facilities in Figure 3.3—possibly provide the information about quantity that is necessary for the facility risk model described in Chapter Four. Of the 397 facilities, we counted 386  facilities for which we also successfully retrieved the CDC quantity information for risk assessment.

3.4.2. Supergroups Distinguish Facilities with CDCs To verify the utility of our supergroups in distinguishing facilities subject to the reader rule delay, we disag- gregated the findings based on supergroup. As Table 3.6 shows, the supergroups had quite different prob-

FIGURE 3.3

MTSA-Regulated Facilities Handling CDCs, by Data Source Reporting That Cargo

NOTE: The figure represents a total of 471 facilities MTSA-regulated facilities that reported at least one CDC on site, from the sample of 759 in Figure 3.2 for which we had any chemical data.

Online survey + Williams et al., 2020

EPA

317 3

4

7

68

MISLE

369

TABLE 3.6

Data Source Coverage, by Supergroup

Supergroup Description

A. Total Number of Facilities in

MISLE

Facilities in at Least One of Three Data Sources

Facilities Reporting CDC in at Least One Data Source

B. Number C. Percentage of

Total (B/A) D. Number E. Percentage of

Total (D/A)

1 Bulk hazmat other than oil

514 344 67 274 53

2 Bulk oil 714 276 39 123 17

3 Other 1,777 139 8 74 4

Total 3,005 759 25 471 16

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

36

abilities of handling CDCs. Despite being the smallest, supergroup 1 (i.e., bulk hazmat other than oil) had the most facilities (344) about which we had data. The majority of supergroup 1 facilities (274 out of 514, or 53 percent) reported handling CDCs. By comparison, 17 percent of bulk oil facilities (supergroup 2) reported handling CDCs, and just 4 percent of all other facilities (supergroup 3) did. These findings reinforce our con- clusion that facilities from supergroups 2 and 3 should not be included in our upper-bound estimate.

3.4.3. Between 471 and 711 Facilities Handled CDCs Using the estimation approach described Sections 3.3.2 and 3.3.3, we estimated that at least 471  facilities handled CDCs. These were the facilities that we directly observed to have CDCs on site (i.e., those counted in Figure 3.3 and column D of Table 3.6). We added to those 471 the remaining facilities in supergroup 1 (240 out of 514 that were not already counted), yielding our upper-bound estimate of 711 facilities. As predicted in Section 3.1, our population estimates are between the (low) USCG estimate in the reader rule delay and the (high) estimate from trade associations.

Our estimated range is of the number of facilities handling any of the 43 CDCs that can be transported in bulk on a maritime vessel. It is not necessarily the same as the number of facilities subject to the reader rule delay. First, some facilities handling CDCs might also receive large passenger vessels and therefore would already be subject to the reader rule (at least in the secure area around passenger vessels).

It is also possible that fewer facilities will eventually be subject to the reader rule, if some do not actually handle CDCs “in bulk” or if the USCG carves out exceptions for certain types of facilities. As an example, facilities that handle CDCs only via ISO tanks or ship containers would be excluded from the rule because they do not meet the definition of handling “in bulk.” We found two such facilities, that each reported han- dling a CDC but is listed in MISLE as a container facility and falls into supergroup 3.

Other examples would be MARPOL or barge fleeting facilities. MARPOL facilities are already regu- lated under 33 U.S.C. § 1905. Barge fleeting facilities receive vessels that are themselves subject to various regulations, and there is often no transfer across the maritime nexus. Moreover, prior versions of the reader rule excluded barge fleeting facilities from risk group A (see Appendix A for a history of the regulations), although the USCG has not clarified whether they are still excluded.

As a hypothetical scenario, assume that we want to exclude all container, MARPOL, and barge fleeting facilities that handled CDCs from the rule if they were not also operating as another facility subtype (i.e., they are in supergroup 3, not supergroup 1 or 2). In our data, we counted 44 such facilities. There were an additional four passenger facilities with CDCs that we might assume were already subject to the rule. If we further excluded these facilities, between 423 and 663 facilities would be subject to the rule delay.

3.4.4. The Original Risk Group A Did Not Properly Classify Facilities Handling CDCs As shown in Table 3.6, the 471 facilities reporting handling CDCs span a variety of MISLE subtypes. Prior studies generally grouped facilities by the first subtype or by the original criteria for risk groups. Table 3.7 shows how the 471 facilities are disaggregated based on those legacy categorizations. Because the original risk groups were defined years ago, the list of MTSA-regulated facilities and some MISLE ID numbers have changed. When comparing the original list with the current one, we could not find a risk group for every facility because, for example, a facility changed names or was new since the risk groups were defined. More- over, some facilities did not receive risk group designations at the time the groups were defined.

Table 3.7 shows that the original risk group A was not a good proxy for facilities handling CDCs. At least 183 facilities handling CDCs were originally in risk group B, and at least ten were in risk group C. In addition,

Estimating the Facility Population

37

the first MISLE subtype was not a good proxy for handling CDCs; some facilities listed as nonhazmat bulk, passenger, recreational, fishing, or ship repair also handle CDCs.

In some cases, the first MISLE subtype might not represent the full range of activities performed at a facility. For instance, a shipyard might also be a MARPOL facility, which makes it likelier to handle CDCs.

But in other cases, risk group or subtype could belie the ways in which CDCs are handled. For example, two seafood facilities that were originally listed in risk group C reported anhydrous ammonia to the RMP or TRI programs. They are not cross-listed as bulk liquid or bulk oil facilities. We do not know exactly how these facilities are using anhydrous ammonia or how it is delivered to the facilities. But we learned from dis- cussions with representatives of USCG districts that large quantities of anhydrous ammonia are often used for refrigeration at food facilities. Such facilities originally would have been listed in risk group C, showing how the risk group classification system did not align with the current reader rule population.

TABLE 3.7

Facilities Reporting Handling at Least One CDC, by Primary MISLE Subtype and Original Risk Group Designation

First MISLE Subtype

Original Risk Group

TotalA B C None Unknown

Barge fleeting 1 1 0 1 8 11

Break-bulk, nonhazmat 0 2 0 0 1 3

Bulk dry or solid, hazmat 0 1 0 1 7 9

Bulk dry or solid, nonhazmat 2 21 1 0 12 36

Bulk liquid, hazmat 85 22 2 9 17 135

Bulk liquid, nonhazmat 3 3 0 0 2 8

Bulk oil, petroleum-based 25 111 0 7 19 162

Bulk oil, animal fats 1 0 0 1 0 2

Bulk oil, other 1 0 0 0 0 1

CDC 27 4 0 0 15 46

Commercial fishing 0 0 1 0 0 1

Container 0 1 1 0 4 6

MARPOL Annex Va 17 7 2 0 6 32

MARPOL reception 1 10 0 0 0 11

Passenger (all types) 0 0 3 0 3 6

Recreation 0 0 0 1 0 1

Ship repair 0 0 0 0 1 1

Total 163 183 10 20 95 471

NOTE: The sample size consists of 471 facilities included in the lower-bound population estimate. “First MISLE Subtype” denotes the first category in which the MISLE database lists a facility and is the MISLE data field that was used to analyze facilities in CG-REG, 2015, and Williams et al., 2020. The original risk groups were defined in the 2009 proposed rule, and we determined the assignments in this table by linking the current list of MTSA-regulated facilities to the list from 2009. Current facilities that we could not match to a 2009 facility are listed with an “unknown” risk group. Under the original classification, group B was the largest, roughly three to four times the size of group A or C. a Annex V covers ship-generated garbage.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

38

3.4.5. Six Substances Account for Half of All Reports of CDCs Among the 471 facilities in our lower-bound estimate, 420 reported one or more specific CDCs. Fifty-one were identified as handling CDCs but without specific information on which ones; for instance, MISLE might indicate that a facility handled CDCs without listing specific chemicals. Figure 3.4 shows the total number of facilities that reported each CDC. Because of incomplete data, these counts should be considered lower bounds of the prevalence of each CDC.

Anhydrous ammonia is the most common CDC, being reported by 247  facilities and accounting for 16  percent of all individual CDC reports. Butane, propane, propylene, pentanes, and ethylene were each reported by at least 100 facilities. These CDCs plus anhydrous ammonia collectively account for 54 percent of all CDC reports. Of these six CDCs, anhydrous ammonia and propane are also among the top five CDCs of the CDC risk analysis discussed in Chapter Two. There were no reports of vinyl ethyl ether, dipentene, ethylene chlorohydrin, ethylene oxide, or cyclopentene; none of these is regulated by RMP or TRI.

These counts should be considered lower bounds. For example, we could be undercounting ammonium nitrate facilities. The MISLE database and our survey were the only sources of information for ammonium nitrate, but the MISLE database might not make note of every ammonium nitrate facility, and our survey had few respondents.

3.4.6. Many Facilities Handle Multiple CDCs Facilities routinely handle more than one CDC. Among the 420 facilities for which we have chemical infor- mation (i.e., type but not necessarily quantity), Table 3.8 shows how the number of CDCs varies by super- group. Facilities in supergroup 1 handled the most, with nearly five different CDCs on average. In addition, most facilities in supergroup 1 handled more than one CDC. In the other supergroups, just over half of facili- ties reported just one CDC, and they handled fewer CDCs on average (about four CDCs in supergroup 2 and two in supergroup 3).

3.5. Summary

This chapter described our approach to estimating the number of facilities that handled CDCs in bulk. We counted facilities that had CDCs on site, regardless of how the CDC was handled or where it was stored. In this section, we summarize our data sources, methodology, population estimates, and caveats.

One major challenge for estimating the population of facilities subject to the final reader rule was a funda- mental lack of any single comprehensive data source recording the chemicals handled at maritime facilities. Although MSRAM ostensibly records such information, we discovered that it was not systematic and, for various other reasons, would not fit our research needs. We ended up collecting and collating facility-level information from five different, piecemeal data sources:

• the MISLE database • the EPA RMP database • the EPA TRI database • our own online survey of MTSA-regulated facilities • interviews conducted for a prior HSOAC study.

It was necessary to match maritime facilities in the reporting universe of the EPA RMP and TRI pro- grams to those in the MISLE database. Because name and address fields were nonstandardized, to facilitate facility matching, we used a computer-aided manual matching method rather than automated text analysis

Estimating the Facility Population

39

FIGURE 3.4

Number of Facilities Reporting Each CDC

NOTE: The figure counts 1,571 reports of specific CDCs from facilities in any of the following data sources: the RMP database, the TRI database, our survey or interview data, or the MISLE database. Counts come from 420 facilities reporting specific types of CDCs. We excluded 51 facilities from these counts because they reported handling CDCs without additional specifics. The data shown in this table are slightly different from those used in Section 4.3, in which the quantity information was also required.

Number of facilities reporting

247

143

128

118

109

103

85

85

80

65

54

53

51

41

38

19

17

16

16

14

13

13

11

11

8

5

4

4

3

3

3

3

2

2

1

1

1

1

0 50 100 150 200 250 300

Ammonia

Butane

Propane

Propylene

Pentanes

Ethylene

Ethane

Methane

Chlorine

Mixed C4 cargoes

Butadienes

Butylene

1-Pentene

Acetaldehyde

Isoprene

Isopentenes

Ethyl chloride

Propylene oxide

Sulfur dioxide

Ethylene oxide, or ethylene oxide with nitrogen

Allyl alcohol

Methyl chloride or refrigerant gas R 40

Sulfuric acid

Vinyl chloride

Vinylidene chloride

Dimethylamine

Methyl acetylene and propadiene mixtures

Methyl bromide

Acetone cyanohydrin

Dimethyl ether

Ethylene dibromide

Isopropylamine

Ammonium nitrate

Ammonium nitrate-based fertilizer

Chlorosulfonic acid

Crotonaldehyde

Diethyl ether or ethyl ether

Methacrylonitrile

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

40

packages. Using a random assignment and validation method, we attained upward of 95-percent agreement among team members when matching facilities between MISLE and RMP, as well as between MISLE and TRI. The EPA RMP and TRI data are the only sources for detailed CDC information (i.e., both type and quantity).

To categorize facilities in a mutually exclusive way, we sorted facilities into supergroups. We could not rely on the MISLE subtype categories because each facility had up to three separate subtypes. Our supergroups account for all three subtypes. Supergroup 1 consists of all bulk hazmat liquid (nonoil) or solid facilities plus facilities with a subtype of “CDC.” Supergroup 2 consists of all bulk oil (petroleum or otherwise) that were not also in supergroup 1. Supergroup 3 consists of all other facilities.

We developed strategies for the lower- and upper-bound estimates. For the lower-bound estimate, we counted every facility that reported at least one CDC in one of our data sources. For the upper-bound esti- mate, we added the remaining facilities in supergroup 1, which had operations that were likelier to handle CDCs in bulk. We used additional interviews with representatives from large companies to assess gaps in our data and justify this upper-bound calculation.

These estimation strategies yielded the lower- and upper-bound estimates of 471 and 711 facilities, respec- tively. Among the facilities that handled CDCs, anhydrous ammonia was most common, and many facilities handled more than one type of CDC.

Some caveats should be noted about facility population estimation:

• The USCG might determine that some facilities in our population estimates are excepted from the final reader rule. For example, some facilities might not meet the definition of handling “in bulk” if they handle CDCs only via ISO tanks. The USCG might also decide to carve out exceptions for other types of facilities. As a hypothetical example, we estimated that excluding container, MARPOL, and barge fleeting facilities that are not also bulk liquid or bulk oil facilities would exclude 44 facilities from the final reader rule.

• Our data have gaps. We believe that our upper-bound estimate accounts for two known gaps—barge fleeting facilities and ammonium nitrate facilities—but there could be other, idiosyncratic facilities that do not fit neatly into an existing categorization. We do not believe that such facilities are common. In addition, we did not observe how each facility handles CDCs.

• The population will evolve over time as facilities open, close, and change their operations. Even if our estimates were precise as of this writing, they could be out of date quickly. The original risk group clas- sification shows that, several years after the groups were defined, many facilities had opened or closed, and the groupings were out of date. Although the final reader rule population will not change by much from year to year, operationalizing or implementing the rule will necessitate that the USCG conduct ongoing monitoring. But we hope that the facility typology that we introduce in Chapters Four and Five will assist the USCG in implementing the rule.

TABLE 3.8

Number of CDCs Reported, by Facility Supergroup

Supergroup Description Average CDCs

Reported

CDCs Reported Total Number of Facilities1 2 3 4 or More

1 Bulk hazmat 4.7 78 40 24 87 274

2 Bulk oil 3.9 63 13 6 41 123

3 Other 2.3 37 18 2 11 74

NOTE: The sample consists of 420 facilities for which specific types of CDCs were reported. The data shown in this table are slightly different from those used in Section 4.3, in which the quantity information was also required.

41

CHAPTER FOUR

Developing the Facility Risk Model

4.1. Introduction

This chapter describes the development of a rigorous, objective, data-driven, consequence-based facility risk model to inform the TWIC reader requirements. Specifically, facility risk modeling in this study refers to the overall process that consists of these three steps:

1. Use objective methodologies to characterize the risk (i.e., the potential consequence, as described later in this section) associated with a facility.

2. Identify observable attributes that can be used as proxies for consequence. 3. Analyze consequence data to group facilities with similar consequences using observable attributes

(i.e., a facility typology) for the sake of rule implementation.

This risk-informed approach is consistent with Executive Order 12866, which states, “In setting regula- tory priorities, each agency shall consider, to the extent reasonable, the degree and nature of the risks posed by various substances or activities within its jurisdiction.”

The following principles guided the development of the facility risk model because of its regulatory nature:

• Methodologies should be transparent, objective, and reproducible. • Data used should be easily observable and publicly available.

If a methodology is not objective or reproducible, it is vulnerable to challenge. Similarly, if data are neither easily observable nor publicly available, even though they might be pertinent to defining risks, they are not practical to use for this regulatory application.

A homeland security risk assessment often involves the following construct for calculating the severity of risks (see, e.g., Willis, Morral, et al., 2005; Masse, O’Neil, and Rollins, 2007): risk = T × V × C, where T (threat to a target) is the likelihood of an attack occurring, V (the target’s vulnerability to the threat) is the likelihood of success given an attack occurring, and C (consequence) is the potential impacts of a successful attack to the target.1 Although this construct is commonly used in DHS risk assessments, such as MSRAM and the CFATS tiering methodology, it is generally not used in regulatory analyses mainly because threat (T) and vulner- ability (V) often involve sensitive or even classified information. For example, threat (T) is often based on intelligence community assessments that are classified and dynamic (i.e., can change suddenly). Vulnerabil-

1 The CDC risk analysis methodology described in Chapter  Two did not involve vulnerability because the analysis was intrinsic to CDC and did not refer to a specific facility’s vulnerability (i.e., it was facility-agnostic). In addition, the CDC risk analysis considered generic consequences (e.g., agnostic of locations and storage quantities of facilities).

Potential consequence can be expressed in many different forms, such as (1) fatalities, economic impact, and environmen- tal impact for MSRAM (see Section 4.2); (2) distance to toxic end point or lower flammability limit for RMP (EPA, 2009); and (3) fatalities for CFATS (see Section 4.3).

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

42

ity (V) is often sensitive (e.g., marked as sensitive security information or chemical-terrorism vulnerability information) and subjective. But a rulemaking process requires public data and stability. On the other hand, consequence (C) is more objective (e.g., science-based) and data-driven. So, for this study, we decided to use a consequence-based risk assessment whose emphasis is rulemaking rather than a full-fledged risk assessment. Examples of consequence-based assessments for regulatory analyses abound, including TSA, 2013; National Protection and Programs Directorate, 2011; U.S. Customs and Border Protection, 2008; U.S. Customs and Border Protection, 2018; and U.S. Customs and Border Protection and Bureau of Consular Affairs, 2008.

The remainder of this chapter describes the analyses we conducted to develop a facility risk model. In Section 4.2, we review the adequacy of the MSRAM methodology and corresponding data as the foundation of the facility risk model. After determining its inadequacy, in Section 4.3, we describe how we developed a facility risk model based on the CFATS consequence modeling methodology and analyze the results pro- duced by it. In Section 4.4, we provide a summary.

4.2. MSRAM Has Limitations

A natural first choice for the facility risk model is the USCG’s MSRAM because it has been used in prior TWIC rulemakings (e.g., USCG, 2008; CG-REG, 2015). However, as described in this section, the MSRAM methodology and corresponding data have limitations.

MSRAM is “a terrorism risk management tool and supporting process” for “USCG analysts in each major port enabling them to perform a detailed risk analysis for all of the significant targets operating within their area of responsibility across a spectrum of attack modes” (USCG, 2018a). As described in the previous sec- tion, MSRAM uses the T × V × C construct for risk assessment. CG-PSA provided us anonymized MSRAM consequence data because the remaining data (i.e., threat, vulnerability, and facility-specific consequence) are restricted. Appendix H describes our analysis of the MSRAM data in detail; only highlights are given here.

In MSRAM, scenario is defined as a combination of a facility (target) and an attack mode (USCG, 2018a). The data that we received from CG-PSA include the consequence assessments for 906 unique (anonymized) targets coupled with four attack modes considered to be relevant to TWIC (see, e.g., Williams et al., 2020), leading to a total of 2,608 scenarios.2 These four attack modes are

• attack by terrorist assault team • passenger or passerby explosives or improvised explosive device • sabotage • truck bomb.

Each scenario includes three types of consequence scores:

• death and injury (D/I), in number of fatalities • economic, in millions of dollars • environmental, in number of barrels of oil spilled on or near water.

Our understanding is that these consequence scores were generally determined by USCG port security spe- cialists but not always through standardized, objective modeling or assessment methodologies.

2 Not every attack mode applies to each facility.

Developing the Facility Risk Model

43

The list shows the 14 target facility classes into which the 906 targets in the MSRAM data are grouped; the last three classes are explicitly excluded from the current TWIC reader rule delay (see Chapter One):

1. Facility—CDC, material that is poisonous or toxic by inhalation 2. Facility—CDC, liquefied petroleum gas (LPG) or liquefied natural gas (LNG) or both 3. Facility—CDC, explosive cargo 4. Facility—CDC, except the previous three classes (1 through 3) 5. Facility—CDC, radiological 6. Facility—hazmat (non-CDC) 7. Facility—Petroleum and fuel storage 8. Facility—Petroleum refinery 9. Facility—Marine cargo terminals (not otherwise specified) 10. Facility—Strategic industrial facilities (military and commercial) 11. Facility—Agricultural and food 12. Facility—Passenger terminal, ferry 13. Facility—Passenger terminal, cruise ship 14. Facility—Offshore oil or gas.

Because the list of CDCs was not formalized until 2020 (Commandant, 2020c) and the MSRAM tool existed before 2020, it is unclear whether MSRAM used the same CDC definition. Only 135 (out of 906, or 15 per- cent) facilities had corresponding chemical information, which means that we did not know whether the materials contributing to the reported consequence scores involved any of the 43 CDCs authorized to be transported in bulk.

We conducted an exploratory analysis to understand the distributions of consequence scores for scenarios included in the MSRAM data. Table 4.1 shows the distributions of D/I consequence scores (in number of fatalities) for all scenarios, grouped by target class. Appendix H includes the results in a similar format for the economic and environmental consequence scores. Table 4.1 shows the minimum; maximum; mean; median; and the 5th, 25th, 75th, and 95th percentiles for each target class. Distributions are highly skewed over a huge range in which means are about an order of magnitude higher than medians and are, in fact, closer to the 75th percentiles,3 suggesting that many facilities have relatively low consequence scores and a few facilities have extremely high consequence scores.

Consider as an example the first target class: facilities that handle a CDC that is material that is poisonous or toxic by inhalation. The minimum (zero fatalities), median (189 fatalities), and maximum (82,154 fatali- ties) span five orders of magnitude.4 So, treating all facilities in this target class the same for regulation requires careful consideration (discussed more at the end of this section). As expected, this target class has, by far, the highest overall D/I consequence.

3 For example, the median, mean, and 75th percentile for the target class of facilities handling a CDC that is material that is poisonous or toxic by inhalation are 189, 2,592, and 1,885, respectively, where the mean is about 14 times higher than the median. 4 Per CG-PSA, a zero consequence means no consequence (i.e., not missing data). So, the five-orders-of-magnitude spread is technically based on a lowest fatality of 1.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

44

TABLE 4.1

Distributions of Death and Injury Consequence Scores, in Number of Fatalities, for Attack Scenarios in MSRAM Data, Grouped by Target Class

Target Class Mean Minimum 5th

Percentile 25th

Percentile Median 75th

Percentile 95th

Percentile Maximum Count

Facility— CDC, material poisonous or toxic by inhalation

2,592 0 5 34 189 1,886 10,828 82,154 249

Facility— CDC, LPG and LNG

728 0 1 18 175 722 3,437 10,399 123

Facility— CDC, explosive cargo

245 0 1 5 22 84 1,206 6,412 80

Facility— CDC, except preview three classes

393 0 1 23 55 246 2,536 3,062 47

Facility— CDC, radiological

50 50 50 50 50 50 50 50 2

Facility— hazmat (non-CDC)

33 0 2 10 15 30 153 301 200

Facility— Petroleum and fuel storage facilities

26 0 1 6 12 25 77 745 618

Facility— Petroleum refinery

235 0 2 10 34 118 966 6,147 225

Facility— Marine cargo terminals (not otherwise specified)

41 0 3 12 25 45 100 660 223

Facility— Strategic industrial facilities (military and commercial)

84 0 1 21 55 100 226 500 48

Facility— Agricultural and food

40 4 5 10 18 44 110 300 20

Total 1,835

NOTE: Because the list of CDCs was not formalized until 2020 (Commandant, 2020c) but the MSRAM tool was in existence before 2020, it is unclear whether MSRAM used the same CDC definition. Results for the target classes of ferry passenger terminal, cruise ship passenger terminal, and offshore oil or gas facility are not shown because they are not subject to the reader rule delay.

Developing the Facility Risk Model

45

In summary, we conclude that the MSRAM methodology and corresponding data are not suitable for the study based on these factors discussed earlier:

1. anonymized facility information 2. limited chemical information compared to consequence information (i.e., cannot establish linkage

between the consequences and CDCs associated with a facility) 3. lack of use of standardized, objective methodologies for estimating consequence scores.

Factors 1 and 2 affect mainly estimation of the population of facilities that handle CDCs (Chapter Three) because (1) we did not know the exact facilities being considered; (2) we could not match the MSRAM data to any other data sources; and (3)  for most facilities, we did not know which CDCs were present. Using MSRAM’s target class to discern whether a facility handled CDCs was uninformative because a facility could have multiple attributes (i.e., could be categorized under a different target class). This is like the issue with the MISLE subtype discussed in Section 3.4.4. Factor 3 affects mainly the facility risk model considered in this chapter. Because consequence assessments were not always based on standardized, objective modeling and assessment methodologies, we could not reproduce the results. These conclusions are expected because MSRAM was not originally designed to support the type of regulatory analysis considered in this study.

Additionally, and perhaps more importantly, the analysis also showed how skewed the consequence dis- tributions are (i.e., many facilities with relatively low consequence scores and few facilities with extremely high consequence scores), even for facilities in the same target class. So, treating all facilities in a class mono- lithically requires careful consideration and justification because of enormous in-class variations in conse- quence. In general, it is desirable to group only facilities with comparable consequences. However, if doing so is impractical (e.g., because of the need to use a simple facility typology for a regulatory analysis or rule implementation), median consequence is a more robust measure than mean. This has a great influence on the facility risk model described in Section 4.3 and the cost–benefit analysis described in Chapter Five.

4.3. Facility Risk Model

4.3.1. The Risk Engine in the CFATS Program Risk Tiering Methodology Because of the shortcomings associated with the MSRAM methodology and data, we then considered the “risk engine” used in the CFATS risk tiering methodology that is well documented (e.g., CISA, 2021) and has been extensively peer reviewed (Agrawal et al., 2013). It is also well-known to the chemical industry by virtue of the CFATS program.

As mentioned in Section  4.1, although the CFATS tiering methodology uses the full T  ×  V  ×  C con- struct, for our regulatory analysis, we focused mainly on the consequence modeling used in the CFATS risk engine because (1) the CFATS threat and vulnerability information is restricted and so cannot be used in a rulemaking process and (2) the information is for non-MTSA facilities and not necessarily applicable to MTSA facilities. Figure 4.1 provides an overview of the modeling approaches used in the CFATS risk engine, with further details provided in CISA, 2021. In brief, the risk engine uses the estimated number of fatalities to quantify consequence and uses different modeling approaches to estimate consequence depending on whether the CDC is toxic, flammable, or explosive. Hazards for toxic CDCs are through inhalation, whereas atmospheric (outdoor) dispersion of a toxic cloud is modeled using the Second-Order Closure Integrated Puff (SCIPUFF) model (Sykes et al., 2016) and indoor concentrations are calculated based on outdoor concentra-

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

46

tions and an air exchange rate of 0.75 air changes per hour.5 Hazards for flammable and explosive CDCs are through overpressure-induced blast effects, whereas the outdoor hazards are based on the U.S. Depart- ment of Defense’s standard trinitrotoluene (TNT) blast curves (U.S. Department of Defense, 2014) and the indoor hazards are based on the Defense Threat Reduction Agency’s Vulnerability Assessment and Protec- tion Option (VAPO) model (Nichols and Doyle, 2014). For all types of CDCs (i.e., toxic, flammable, and explosive), consequence is estimated by mapping fatality zones on the local population distribution as pro-

5 That is, 75 percent of the air inside a building will be exchanged per hour.

FIGURE 4.1

Modeling Approaches Used in the CFATS Risk Engine

Toxic Explosive

Quantity Facility location

NFPA instability rating for the CDC

Plume modeling (SCIPUFF)

TNT-equivalent charge weight

CDC type Modeling approach Other processes

Simple outdoor-to-

indoor transport

assuming air change rate = 0.75/hour

Fatality zones

(isopleths)

NOTE: The figure uses CDC rather than the CFATS terminology of chemical of interest.

Same modeling approach as �ammables

Outdoor Indoor

Public health consequence

LandScan population data

Fatality zones (isopleths)

Fatality zones

(de�ned by fatality- fraction

isopleths)

Public health consequence

LandScan population data

Outdoor Indoor

Flammable

Heat of combustion + yield factor for the CDC

TNT-equivalent charge weight

Single set of equations based

on VAPO runs for four notional building types;

casualties caused by blast

effects on structure

Blast curves; casualties

caused by direct and indirect blast effects

Outdoor Indoor

Public health consequence

LandScan population data

Fatality zones (isopleths)

CDC type

Developing the Facility Risk Model

47

vided by the Oak Ridge National Laboratory’s (ORNL’s) LandScan USA population data (ORNL, undated). See Section I.1 for more information about the LandScan USA data.

Several benefits result from using the CFATS risk engine for the facility risk model:

• As mentioned above, the tool is well-documented, peer reviewed, and well-known to the chemical industry.

• Because of the consistent use of physics-based modeling approaches, the consequence results are objec- tive, transparent, and reproducible.

• The U.S. Government Accountability Office (GAO) recommended that similar DHS chemical secu- rity programs collaborate better (GAO, 2021). The TWIC and CFATS programs have similar goals to maintain chemical security for regulated facilities, with the former and latter focusing on the maritime and nonmaritime environments, respectively.6 Therefore, harmonizing the consequence assessment approaches for these two complementary programs is highly desirable, especially for the many compa- nies that operate both TWIC- and CFATS-regulated facilities.

Although it is beneficial to harmonize the consequence assessment approaches for TWIC and CFATS, two fundamental differences prevent a direct adoption of the CFATS methodology:

• The CFATS program has an integrated Chemical Security Assessment Tool to solicit the requisite infor- mation from facilities, screen facilities for potential tiering, conduct detailed consequence assessment, and receive and review the security vulnerability assessments, site security plans, and alternative secu- rity programs that facilities submit (CISA, undated b). The USCG currently does not have comparable infrastructure.7

• For the sake of making and implementing rules, it is desirable to use observable attributes as proxies for consequence in lieu of conducting physics-based consequence modeling that requires subject-matter expertise.

Additional adaptation is, therefore, necessary. Section 4.3.2 describes how we adapted the CFATS conse- quence assessment approach to develop a facility risk model suitable for this study.

4.3.2. Development of a Facility Risk Model As mentioned in Section 4.1, in this study, we use facility risk model to mean the overall process that consists of these three steps:

1. Use objective methodologies to characterize the risk (i.e., potential consequence) associated with a facility.

2. Identify observable attributes that can be used as proxies for consequence. 3. Analyze consequence data to group facilities with similar consequences using observable attributes

(i.e., a facility typology) for the sake of rule implementation.

6 The TWIC program also applies to nonchemical facilities, such as ferry and cruise terminals. 7 The USCG requires each facility to conduct a facility security assessment to identify vulnerabilities and propose mitigating factors. Upon review by the captain of the port (COTP), these mitigating factors can be accepted and integrated into the FSP, which is reviewed for viability every five years or each time the facility changes its operations. However, these FSPs are secured and maintained by each COTP and are not centrally archived.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

48

We describe in this section how we implemented these three steps to develop a facility risk model.

4.3.2.1. Step 1: Use Objective Methodologies to Characterize the Risk Associated with a Facility We identified 397 facilities that handled CDCs authorized to be transported in bulk through the EPA data- base matching process (Section 3.4.1, Figure 3.3). From these, we successfully retrieved the corresponding detailed chemical information (i.e., both type and quantity) for 386 facilities. The EPA RMP database has pre- cise chemical type and quantity (in pounds) information stored in a Microsoft Access database (see Appen- dix E for details on EPA RMP data processing and retrieval). The EPA TRI database has chemical type and quantity (in a range by order of magnitude, also in pounds) information directly available through Microsoft Excel worksheets. Because the RMP database contains more-precise quantity information, it takes prece- dence if a facility is matched to both the RMP and TRI databases (Section 3.3.1). Seventy-nine (or 20 percent) of 386 facilities were matched only to the TRI database, in which quantity is expressed in a range. For these facilities, we assumed a representative quantity that was the geometric mean of the upper and lower bounds of the range.8 For example, if TRI indicated that the quantity was between 100,000 and 1 million pounds, the representative quantity was 316,200 lb.

Through the database matching process, we identified a total of 32 of the 43  CDCs authorized to be transported in bulk.9 Figure 4.2 shows the distribution of the number of CDCs handled by the facilities. The 386 facilities identified through the EPA database matching process handled between one and 23 CDCs, with 218 facilities (56 percent) handling multiple CDCs and 168 facilities (44 percent) handling just one CDC each, which is consistent with the information shown in Table 3.8 that also includes CDCs without the quantity information. Overall, the total number of facility–CDC combinations is 1,544.

8 We used the geometric mean because it is a more robust representative measure for values that have wide variations. 9 This is different from the 38 CDCs discussed in Section 3.4.5 (Figure 3.4), which includes those CDCs that did not have the corresponding quantity information.

FIGURE 4.2

Distribution of the Number of CDCs That Individual Facilities Reported to EPA Programs

NOTE: The total number of facilities for which the CDC quantity information is also available is 386.

168

60

27 26 16

10 7 2 10 9 11 13

7 9 4 1 1 1 2 1 1 0

25

50

75

100

125

150

175

200

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 23

N um

b er

o f f

ac ili

tie s

Number of CDCs handled

Developing the Facility Risk Model

49

CISA analysts conducted a complete risk-engine run for each facility–CDC combination to estimate the resulting potential consequence in terms of the number of fatalities using (1) the CDC quantity information identified through the EPA database matching process and (2) the default meteorological conditions outlined in CISA, 2021. This created a data set of 1,544 records, in which each record includes such information as the facility location (i.e., latitude and longitude), CDC type (e.g., anhydrous ammonia or propane), CDC quantity (in pounds), and consequence (in number of fatalities). This data set has a complete linkage among the facil- ity, CDC, and consequence, a condition that we did not have with the MSRAM data discussed in Section 4.2. From these 1,544 records, we further identified the maximum consequence associated with each facility if it handles multiple CDCs.

CISA analysts modeled each CDC as either toxic or flammable.10 Any CDC that had both toxic and flam- mable hazards was assigned to the type that would yield a higher consequence. Of the 32 CDCs that were identified through the EPA database matching process with the quantity information, 24 were considered flammable, each having an NFPA flammability hazard rating of 4; eight were considered toxic, with three and five having NFPA health hazard ratings of 4 and 3, respectively.

4.3.2.2. Step 2: Identify Observable Attributes as Proxies for Consequence Although it is possible to group facilities by consequence, that information is not directly observable because it requires the CFATS risk engine and the associated technical expertise to generate. Hence, it is desirable to consider other directly observable attributes that can serve as proxies for consequence because it would be more practical to group facilities and implement the rule.

We carefully considered how the various physics-based modeling approaches (i.e., for toxic and flam- mable or explosive CDCs) in the CFATS risk engine work to identify these potentially relevant attributes:

• First, consequence depends on CDC quantity because the higher the quantity, the higher the conse- quence.

• Second, consequence also depends on the local population because the same predicted fatality zones mapped to a more densely populated area yields a higher consequence.

• Third, the same quantity of toxic and flammable (including explosive) CDCs might lead to different consequence because of the difference between inhalation and overpressure hazards.

• Fourth, a CDC with a higher NFPA rating (for either health or flammability hazards, see Chapter Two) might yield a higher consequence.11

Weather conditions also play a critical role in atmospheric dispersion of a toxic cloud; however, we did not consider them because the CFATS risk-engine runs already assumed the conservative nighttime, stable (i.e., low-wind) conditions as the default weather conditions for toxic-CDC releases.12 Furthermore, the blast- effect model for flammable and explosive CDCs does not depend on weather conditions.

10 The CFATS risk engine models flammable and explosive chemicals similarly (see Figure 4.1). 11 Note that this is mainly a hypothesis because the CFATS risk engine does not directly use the NFPA hazard ratings as mod- eling input. 12 By conservative, we meant that the model would predict higher consequence because of less dispersion of a toxic cloud during nighttime, stable conditions.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

50

In summary, using the above heuristic arguments, we identified four plausible proxies or attributes to characterize consequence:

• CDC quantity, in pounds • local population density, in number of people per square mile • toxic versus flammable (including explosive) CDC • NFPA hazard rating (health hazard rating for toxic CDCs and flammability hazard rating for flam-

mable CDCs).

Because population distribution varies spatially, defining a representative local population density involves selecting an area for which the average density is then calculated (i.e., the total number of people in an area divided by the size of the area). We considered circular areas or buffers of various radii centered at a facility and determined that a radius of 2 miles was the preferred choice. Refer to Section I.2 for the rationale for choosing that radius.

4.3.2.3. Step 3: Analyze Consequence Data to Group Facilities by Observable Attributes The last step was to construct a way to group facilities based on observable attributes. This step was impor- tant because, for purposes of rulemaking and implementation, it is desirable to state that facilities are being regulated because of their observable attributes (e.g., storage quantity greater than a threshold and the local population density greater than another threshold), not because of consequences that are not readily avail- able without modeling.

To better understand how consequences (in number of fatalities) given by the CFATS risk engine vary by the four observable attributes (i.e., CDC quantity, local population density, toxic versus flammable CDC, and NFPA hazard rating), we calculated the distributions of consequences for each combination of catego- ries of observable attributes using the entire data set (i.e., 1,544 facility–CDC combinations). Two of the four attributes (i.e., toxic versus flammable and NFPA hazard rating) were already categorical. The remaining two attributes (i.e., CDC quantity and local population density) were continuous and needed to be further categorized to facilitate analysis. Because of its vast range, we subjectively categorized CDC quantity by order of magnitude. We subjectively defined population density in five categories: 0 to 99, 100 to 299, 300 to 999, 1,000 to 2,999, and at least 3,000 people per square mile, roughly by a half order of magnitude for each cat- egory. The U.S. Census Bureau has defined an urban area as at least 1,000 people per square mile (Bureau of the Census, 1994).

We grouped the 1,544 consequence estimates for each combination of categories. Tables 4.2 and 4.3 show the median consequence for each combination of categories. (Median is a more robust measure than mean for a variable that, like consequence, tends to have a skewed distribution; see Section 4.2.) Tables 4.4 and 4.5 show the corresponding sample size for each combination of categories, providing a sense of the robustness of the results.

Tables 4.2 and 4.3 show a pattern that is generally consistent with our intuition, that consequence tends to be higher for higher CDC quantity, higher population density, toxic CDCs (because of the more-severe inhalation hazards), and higher NFPA hazard rating. As mentioned in Section 4.3.2.1, every flammable CDC included in the data set had an NFPA flammability hazard rating of 4.

Tables 4.2 and 4.3 also show some unexpected results. For example, the median consequence (67 fatalities) for a quantity less than 100,000 lb., NFPA health hazard rating of 4, and population density between 1,000 and 2,999 people per square mile is higher than that (14 fatalities) for the same quantity and NFPA health hazard rating but a population density greater than 3,000 people per square mile. This is mainly because of the spottiness of data (i.e., small sample size for certain category combinations) (Tables 4.4 and 4.5).

Developing the Facility Risk Model

51

Appendix J describes the creation of a synthetic data set that covers all combinations of facilities (386 in total), CDCs (43 in total), and quantity (five representative values in total spanning five orders of magnitude), leading to a total of 82,990 records with no missing data. The synthetic data set reveals a more consistent pat- tern than that in Tables 4.2 and 4.3, supporting our approach to grouping facility consequences (i.e., facility typology) by these observable attributes. However, the synthetic data set also suggests a weak dependence on the NFPA hazard rating. This is mainly because the NFPA hazard rating and the CFATS risk engine use dif- ferent information to assess hazards and consequences. For example, the NFPA flammability hazard rating partly depends on the flash and boiling point temperatures of a CDC (NFPA, 2017), but the vapor cloud explosion modeling in the CFATS risk engine depends partly on the heat of combustion and the yield factor of a CDC (CISA, 2021). The NFPA health hazard rating considers multiple exposure pathways (e.g., inhala- tion, skin contact, eye contact, and ingestion), but the CFATS risk engine addresses mainly the inhalation hazards that can travel far.

TABLE 4.2

Median Consequence, in Number of Fatalities, Given by the CFATS Risk Engine for Each Combination of Categories of Toxic CDC Quantity, Representative Population Density, and NFPA Hazard Rating for 1,544 Facility–CDC Combinations

Quantity, in Pounds

People per Square Mile

NFPA Health Hazard Rating = 3 NFPA Health Hazard Rating = 4

0–99 100–299 300–999 1,000– 2,999 ≥3,000 0–99 100–299 300–999

1,000– 2,999 ≥3,000

≤105 0 0 0 0 0 0 4 4 67 14

105< and ≤106 1 0 2 1 9 N/A 594 792 1,319 17,168

106< and ≤107 10 224 14 79 51 58 20,904 27,031 91,172 46,564

107< and ≤108 1,175 1,687 4,037 15,091 69,560 16,554 70,525 143,346 143,375 N/A

108< and ≤109 8,262 12,876 17,593 N/A N/A N/A N/A N/A N/A N/A

NOTE: N/A = not applicable (in these tables, because there are no data for the corresponding combination of categories). Color shading is used to demonstrate relative consequence distribution: Redder shading indicates higher median consequence, and greener shading indicates lower. Each of the toxic CDCs identified via the EPA database matching process had an NFPA hazard rating of either 3 or 4.

TABLE 4.3

Median Consequence, in Number of Fatalities, Given by the CFATS Risk Engine for Each Combination of Categories of Flammable CDC Quantity, Representative Population Density, and NFPA Hazard Rating for 1,544 Facility–CDC Combinations

Quantity, in Pounds

People per Square Mile

NFPA Flammability Hazard Rating = 3 NFPA Flammability Hazard Rating = 4

0–99 100–299 300–999 1,000– 2,999 ≥3,000 0–99 100–299 300–999

1,000– 2,999 ≥3,000

≤105 N/A N/A N/A N/A N/A 0 0 1 8 19

105< and ≤106 N/A N/A N/A N/A N/A 5 23 33 61 93

106< and ≤107 N/A N/A N/A N/A N/A 10 24 158 466 1,006

107< and ≤108 N/A N/A N/A N/A N/A 243 602 773 3,242 3,092

108< and ≤109 N/A N/A N/A N/A N/A 782 2,043 3,329 11,654 N/A

NOTE: Color shading is used to demonstrate relative consequence distribution: Redder shading indicates higher median consequence, and greener shading indicates lower. Each of the flammable CDCs identified via the EPA database matching process had an NFPA hazard rating of 4.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

52

Tables 4.2 through 4.5 show the results of categorizing facility consequences based on the complete data set (i.e., all 1,544 facility–CDC combinations) and all four observable attributes, where a consistent pattern can generally be identified. In the rest of this section, we successively consolidate the data to see whether a consistent pattern can still be identified, for these two reasons:

• First, if a facility handles multiple CDCs that lead to multiple consequences, only the maximum conse- quence is of interest, which is an approach also taken by such programs as CFATS, MSRAM, and RMP.

• Second, a regulatory analysis needs to balance between technical comprehensiveness (i.e., using more observable attributes) and practicality (i.e., using fewer observable attributes).

TABLE 4.4

Sample Size for Each Combination of Categories of Toxic CDC Quantity, Representative Population Density, and NFPA Hazard Rating for 1,544 Facility–CDC Combinations

Quantity, in Pounds

People per Square Mile

NFPA Health Hazard Rating = 3 NFPA Health Hazard Rating = 4

0–99 100–299 300–999 1,000– 2,999 ≥3,000 0–99 100–299 300–999

1,000– 2,999 ≥3,000

≤105 20 23 62 47 17 7 9 21 9 2

105< and ≤106 9 12 22 17 8 0 6 2 6 3

106< and ≤107 3 5 11 4 2 1 1 6 4 1

107< and ≤108 13 10 13 5 2 4 1 6 2 0

108< and ≤109 1 3 4 0 0 0 0 0 0 0

NOTE: Color shading is used to demonstrate relative sample size distribution: Redder shading indicates smaller sample size, and greener shading indicates larger. Each of the CDCs identified via the EPA database matching process had an NFPA hazard rating of either 3 or 4.

TABLE 4.5

Sample Size for Each Combination of Categories of Flammable CDC Quantity, Representative Population Density, and NFPA Hazard Rating for 1,544 Facility–CDC Combinations

Quantity, in Pounds

People per Square Mile

NFPA Flammability Hazard Rating = 3 NFPA Flammability Hazard Rating = 4

0–99 100–299 300–999 1,000– 2,999 ≥3,000 0–99 100–299 300–999

1,000– 2,999 ≥3,000

≤105 0 0 0 0 0 22 25 67 39 4

105< and ≤106 0 0 0 0 0 22 57 103 93 31

106< and ≤107 0 0 0 0 0 54 38 119 89 32

107< and ≤108 0 0 0 0 0 31 40 101 61 24

108< and ≤109 0 0 0 0 0 4 11 29 44 N/A

NOTE: Color shading is used to demonstrate relative sample size distribution: Redder shading indicates smaller sample size, and greener shading indicates larger. Each flammable CDC identified via the EPA database matching process had an NFPA hazard rating of 4.

Developing the Facility Risk Model

53

So, we proceeded to consider these three successive consolidations to see whether facilities can still be appro- priately grouped by observable attributes:

• Consider only the facility maximum consequence but still four observable attributes (Tables 4.6 through 4.9).

• Consider only the facility maximum consequence but only three observable attributes by dropping the NFPA hazard rating (Tables 4.10 and 4.11).

• Consider only the facility maximum consequence but only two observable attributes by further drop- ping toxic versus flammable CDC (Tables 4.12 and 4.13).

The reason the NFPA hazard rating could be dropped is the weak dependence as revealed in the synthetic data set (as discussed above and in Appendix J). The reason the type of CDC (i.e., toxic versus flammable) could be dropped is that it explained less variation in consequence than the remaining two attributes did, especially for conditions associated with relatively low consequences.

TABLE 4.6

Median Facility Maximum Consequence, in Number of Fatalities, Given by the CFATS Risk Engine for Each Combination of Categories of Toxic CDC Quantity, Representative Population Density, and NFPA Hazard Rating for 386 Facilities

Quantity, in Pounds

People per Square Mile

NFPA Health Hazard Rating = 3 NFPA Health Hazard Rating = 4

0–99 100–299 300–999 1,000– 2,999 ≥3,000 0–99 100–299 300–999

1,000– 2,999 ≥3,000

≤105 0 0 0 1 0 0 3 21 154 0

105< and ≤106 4 4 3 4 N/A N/A 845 1,344 2,671 17,168

106< and ≤107 10 239 14 N/A N/A 58 20,904 28,309 91,172 46,564

107< and ≤108 1,204 1,937 4,037 21,601 69,560 16,554 70,525 193,204 143,375 N/A

108< and ≤109 8,262 12,876 17,593 N/A N/A N/A N/A N/A N/A N/A

NOTE: Color shading is used to demonstrate relative consequence distribution: Redder shading indicates higher median consequence, and greener shading indicates lower. Each toxic CDC identified via the EPA database matching process had an NFPA hazard rating of either 3 or 4.

TABLE 4.7

Median Facility Maximum Consequence, in Number of Fatalities, Given by the CFATS Risk Engine for Each Combination of Categories of Flammable CDC Quantity, Representative Population Density, and NFPA Hazard Rating for 386 Facilities

Quantity, in Pounds

People per Square Mile

NFPA Flammability Hazard Rating = 3 NFPA Flammability Hazard Rating = 4

0–99 100–299 300–999 1,000– 2,999 ≥,3000 0–99 100–299 300–999

1,000– 2,999 ≥3,000

≤105 N/A N/A N/A N/A N/A 0 3 3 33 139

105< and ≤106 N/A N/A N/A N/A N/A 12 37 48 111 104

106< and ≤107 N/A N/A N/A N/A N/A 35 38 237 524 1,424

107< and ≤108 N/A N/A N/A N/A N/A 107 602 889 2,899 5,523

108< and ≤109 N/A N/A N/A N/A N/A 500 2,381 3,404 13,430 N/A

NOTE: Color shading is used to demonstrate relative consequence distribution: Redder shading indicates higher median consequence, and greener shading indicates lower. Each flammable CDC identified via the EPA database matching process had an NFPA hazard rating of 4.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

54

Tables 4.6 through 4.9 are the same as Tables 4.2 through 4.5, except that, in the former, we considered the maximum consequence for each facility, thus reducing the sample size to 386 (also for Tables 4.10 through 4.13). Tables 4.2, 4.3, 4.6, and 4.7 have qualitatively similar distributions.

The 386 cases involve five toxic CDCs, three and two of which had NFPA health hazard ratings of 4 and 3, respectively, and 15 flammable CDCs, each of which had an NFPA flammability hazard rating of 4. Figure 4.3 shows the distribution of CDCs that accounted for the maximum consequences for the 386 facilities. Anhy- drous ammonia was most common, accounting for 102 (or 26 percent) facility maximum consequences. Just four CDCs—anhydrous ammonia, butane, propane, and chlorine—accounted for 250 (or 65 percent) facility maximum consequences. Anhydrous ammonia, propane, and chlorine are also among the five CDCs with the highest composite risk scores as identified in the generic (i.e., without using any facility-specific informa- tion and modeling) CDC risk analysis discussed in Chapter Two (see Figure 2.3).

So far, we have presented the results in four dimensions (i.e., observable attributes). It is possible to fur- ther reduce the number of dimensions, for example, to account for the desire for a more simplified regulatory process. Tables 4.10 and 4.11 are the same as Tables 4.6 through 4.9 but merge the NFPA hazard rating, reduc- ing the number of dimensions to three (i.e., CDC quantity, population density, and toxic versus flammable

TABLE 4.8

Sample Size for Each Combination of Categories of Toxic CDC Quantity, Representative Population Density, and NFPA Hazard Rating for 386 Facilities

Quantity, in Pounds

People per Square Mile

NFPA Health Hazard Rating = 3 NFPA Health Hazard Rating = 4

0–99 100–299 300–999 1,000– 2,999 ≥3,000 0–99 100–299 300–999

1,000– 2,999 ≥3,000

≤105 7 12 13 8 12 1 3 4 4 1

105< and ≤106 4 4 5 1 0 0 5 1 4 3

106< and ≤107 1 2 3 0 0 1 1 5 4 1

107< and ≤108 11 9 11 4 2 4 1 5 2 0

108< and ≤109 1 3 4 0 0 0 0 0 0 0

NOTE: Color shading is used to demonstrate relative sample size distribution: Redder shading indicates smaller sample size, and yellower shading indicates larger. Each toxic CDC identified via the EPA database matching process had an NFPA hazard rating of either 3 or 4.

TABLE 4.9

Sample Size for Each Combination of Categories of Flammable CDC Quantity, Representative Population Density, and NFPA Hazard Rating for 386 Facilities

Quantity, in Pounds

People per Square Mile

NFPA Flammability Hazard Rating = 3 NFPA Flammability Hazard Rating = 4

0–99 100–299 300–999 1,000– 2,999 ≥3,000 0–99 100–299 300–999

1,000– 2,999 ≥3,000

≤105 0 0 0 0 0 4 3 9 5 2

105< and ≤106 0 0 0 0 0 2 8 12 16 15

106< and ≤107 0 0 0 0 0 7 5 23 21 10

107< and ≤108 0 0 0 0 0 8 8 20 13 8

108< and ≤109 0 0 0 0 0 2 2 7 9 0

NOTE: Color shading is used to demonstrate relative sample size distribution: Redder shading indicates smaller sample size, and greener shading indicates larger. Each flammable CDC identified via the EPA database matching process had an NFPA hazard rating of 4.

Developing the Facility Risk Model

55

FIGURE 4.3

Distribution of CDCs That Accounted for the Maximum Consequences for 386 Facilities

NOTE: The data included in this figure are slightly different from the data in Figure 3.4, which did not require the CDC quantity information.

Number of facilities

102

51

50

47

22

20

18

16

15

9

7

7

6

6

3

2

2

1

1

1

0 20 40 60 80 100 120

Ammonia

Butane

Propane

Chlorine

Ethylene

Pentanes

Propylene

Ethane

Sulfuric acid

Butadienes

Acetaldehyde

Mixed C4 cargoes

Ethylene oxide, or ethylene oxide with nitrogen

Propylene oxide

Isoprene

Acetone cyanohydrin

Vinyl chloride

Allyl alcohol

Methyl chloride or refrigerant gas R 40

Methane

TABLE 4.10

Median Facility Maximum Consequence, in Number of Fatalities, Given by the CFATS Risk Engine for Each Combination of Categories of CDC Quantity, Representative Population Density, and Toxic Versus Flammable CDCs for 386 Facilities

Quantity, in Pounds

People per Square Mile

Toxic Flammable

0–99 100–299 300–999 1,000– 2,999 ≥3,000 0–99 100–299 300–999

1,000– 2,999 ≥3,000

≤105 0 0 0 8 0 0 3 3 33 139

105< and ≤106 4 33 10 2,113 17,168 12 37 48 111 104

106< and ≤107 34 477 18,932 91,172 46,564 35 38 237 524 1,424

107< and ≤108 1,488 2,051 7,697 29,460 69,560 107 602 889 2,899 5,523

108< and ≤109 8,262 12,876 17,593 N/A N/A 500 2,381 3,404 13,430 N/A

NOTE: Color shading is used to demonstrate relative consequence distribution: Redder shading indicates higher median consequence, and greener shading indicates lower.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

56

TABLE 4.11

Sample Size for Each Combination of Categories of CDC Quantity, Representative Population Density, and Toxic Versus Flammable CDCs for 386 Facilities

Quantity, in Pounds

People per Square Mile

Toxic Flammable

0–99 100–299 300–999 1,000– 2,999 ≥3,000 0–99 100–299 300–999

1,000– 2,999 ≥3,000

≤105 8 15 17 12 13 4 3 9 5 2

105< and ≤106 4 9 6 5 3 2 8 12 16 15

106< and ≤107 2 3 8 4 1 7 5 23 21 10

107< and ≤108 15 10 16 6 2 8 8 20 13 8

108< and ≤109 1 3 4 0 0 2 2 7 9 0

NOTE: Color shading is used to demonstrate relative sample size distribution: Redder shading indicates smaller sample size, and greener shading indicates larger.

TABLE 4.12

Median Facility Maximum Consequence, in Number of Fatalities, Given by the CFATS Risk Engine for Each Combination of Categories of CDC Quantity and Representative Population Density for 386 Facilities

Quantity, in Pounds

People per Square Mile

0–99 100–299 300–999 1,000–2,999 ≥3,000

≤105 0 0 1 11 0

105< and ≤106 8 33 40 129 116

106< and ≤107 35 53 318 592 1,484

107< and ≤108 352 1,154 1,611 3,746 6,845

108< and ≤109 800 8,163 3,708 13,430 N/A

NOTE: Color shading is used to demonstrate relative consequence distribution: Redder shading indicates higher median consequence, and greener shading indicates lower.

TABLE 4.13

Sample Size for Each Combination of Categories of CDC Quantity and Representative Population Density for 386 Facilities

Quantity, in Pounds

People per Square Mile

0–99 100–299 300–999 1,000–2,999 ≥3,000

≤105 12 18 26 17 15

105< and ≤106 6 17 18 21 18

106< and ≤107 9 8 31 25 11

107< and ≤108 23 18 36 19 10

108< and ≤109 3 5 11 9 0

NOTE: Color shading is used to demonstrate relative sample size distribution: Redder shading indicates smaller sample size, and greener shading indicates larger.

Developing the Facility Risk Model

57

CDC). This can be further demonstrated by the fact that Table 4.11 (on the sample size) results from adding the left and right halves of Tables 4.8 and 4.9.13 Table 4.10 still shows a pattern that is generally consistent with our intuition, that consequence tends to be higher for higher quantity, higher population density, and toxic CDCs (because of the severer inhalation hazards).

Tables 4.12 and 4.13 are the same as Tables 4.10 and 4.11 but further merge toxic and flammable CDCs, reducing the number of dimensions to just two (i.e., CDC quantity and population density) and the number of bins from 50 to 25. This can be further demonstrated by the fact that Table 4.13 (on the sample size) results from adding the left and right halves of Table 4.11. Table 4.12 still shows a pattern that is generally consistent with our intuition, that consequence tends to be higher for higher quantity and higher population density.

Although Table 4.12 represents a simpler, more practical facility typology (than those in Tables 4.6, 4.7, and 4.10) through which facilities can be grouped, a disadvantage is that in-group consequence variations will inevitably become larger because more dissimilar data are being merged (mainly for conditions involv- ing higher consequences). This is the balance issue—between technical comprehensiveness and practicality— discussed earlier. Nevertheless, practicality is probably more important for making and implementing the rule.

4.4. Summary

This chapter described the development of a facility risk model to inform the rulemaking process for TWIC reader requirements, consistent with the general risk-based approach recommended in Executive Order 12866 for regulatory analyses. A homeland security risk assessment often involves the risk = T × V × C construct (e.g., Willis, Morral, et al., 2005; Masse, O’Neil, and Rollins, 2007) to quantify the severity of risks, where T (threat) is the likelihood of an attack occurring, V (vulnerability) is the likelihood of success given an attack occurring, and C (consequence) is the impact of a successful attack. However, we considered consequence for this regulatory analysis because threat and vulnerability information is often restricted, if not classified, and thus not suitable for a rulemaking process. This consequence-based approach has also been used in many other regulatory analyses.

In this study, we defined facility risk modeling as the overall process that consists of these three steps (described in more detail on the next page):

1. Use objective methodologies to characterize the risk (i.e., potential consequence) associated with a facility.

2. Identify observable attributes that can be used as proxies for consequence. 3. Analyze consequence data to group facilities with similar consequences using observable attributes

(i.e., a facility typology) for the sake of rule implementation.

We first examined the adequacy of MSRAM as the foundation of the facility risk model because it has been used in prior TWIC rulemakings. However, after a careful examination, we determined that the MSRAM methodology and corresponding data were not adequate for our study because (1) facility information is ano- nymized; (2) chemical information is extremely limited (i.e., only about 15 percent of the anonymized facili- ties had chemical information); and (3) consequence scores are not always obtained through standardized, objective modeling or assessment methodologies and thus are not reproducible. This finding is expected because MSRAM was not originally developed to support regulatory analyses. However, another major find-

13 Combining the NFPA hazard rating affects only toxic CDCs because all f lammable CDCs in the data had the same NFPA flammability hazard rating of 4.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

58

ing of our analysis of the MSRAM data is that the consequence distributions are highly skewed, even for facilities that were in the same class. So, treating all facilities in a class in the same way requires careful con- sideration because of the enormous in-class variations in consequence.

We decided to base consequence assessment on the risk engine used in the CFATS risk tiering method- ology. Several benefits result from this decision. The risk engine is well documented (e.g., CISA, 2021), has been peer reviewed (Agrawal et al., 2013), and is well-known to the chemical industry. It uses state-of-the-art, physics-based models to consistently estimate the consequences of toxic and flammable or explosive CDCs. Harmonizing the consequence assessment approaches for both the CFATS and TWIC programs is also con- sistent with a recent GAO recommendation that similar DHS chemical security programs collaborate better (GAO, 2021).

A direct adoption of the CFATS methodology, however, has some challenges because (1) the USCG does not have a comparable information technology infrastructure and (2) we were dealing with a rulemaking process for which it is desirable to use observable attributes as proxies for consequence in lieu of conducting physics-based consequence modeling that requires subject-matter expertise. So we adapted the CFATS meth- odology through these three steps to develop the facility risk model:

1. Through the EPA database matching process (Section 3.3.1), we identified 386 facilities for which we could also retrieve the requisite chemical information (i.e., both type and quantity). Some facilities handled multiple CDCs. CISA analysts conducted a complete CFATS risk-engine modeling run for each facility–CDC combination on our behalf, creating a data set with complete linkage among facil- ity, CDC, and consequence for subsequent analysis.

2. We considered how the various physics-based consequence assessment models worked to identify four observable attributes that could possibly serve as proxies for consequence: (1) CDC quantity, (2) local population density, (3) toxic versus flammable CDC, and (4) NFPA hazard rating.

3. We calculated the median facility maximum consequence for each combination of categories of observable attributes to analyze the dependence of consequence on these observable attributes. We successively reduced the number of observable attributes and found that a facility typology with just two observable attributes (CDC quantity and local population density) is simpler and more practical but has larger in-group variations in consequence because more dissimilar data are being merged. We use this more practical approach in the cost–benefit analysis discussed in Chapter Five.

59

CHAPTER FIVE

A Cost–Benefit Analysis of the Reader Rule Delay

5.1. Introduction

This chapter provides a cost–benefit analysis of the USCG’s 2020 reader rule delay. The analysis conforms to the guidelines in OMB Circular A-4 and Executive Order 12866. The methodology we used was informed by CG-REG’s 2015 regulatory analysis (CG-REG, 2015) and the previous HSOAC study (Williams et al., 2020). The analysis incorporated additional information provided by the USCG, CISA, and other stakeholders. In the rest of this section, we discuss the methodological approach, including the rationale for conducting a break-even analysis. In Section 5.2, we provide an overview of key cost assumptions for the analysis. In Section 5.3, we describe the estimation of benefits, informed by the facility risk model described in Chap- ter Four. In addition, although this analysis did not provide an assessment of formal regulatory alternatives, it describes notional regulatory options that differ from the proposed regulation.1 In Section 5.4, we present the results of the break-even analysis for the proposed regulation and the different notional regulatory options. Finally, in Section 5.5, we provide a summary.

Ideally, the benefits of the proposed regulation could be quantified by estimating how effectively the regu- lation would reduce the probability of a TSI. By combining estimates of the overall risk reduction due to the regulation with monetary estimates about the potential consequence of a TSI, one could produce an estimate of the economic value of the benefits and compare it with the costs of the regulation. However, data do not exist to estimate the baseline probability of a TSI absent the regulation or the reduction in that probability due to the regulation.2 In general, TSIs are extremely infrequent events. Furthermore, historical data do not provide information about whether deficiencies in access controls contributed to TSIs or whether stronger access controls could have prevented them (Williams et al., 2020). Therefore, not only can we not determine the likelihood of a TSI under the current state of TWIC implementation; we also cannot determine how enhanced access control requirements would affect the likelihood of a TSI. The alternative is to use break- even analysis, which we describe in the rest of this section.

5.1.1. The Rationale for Break-Even Analysis The use of break-even analysis is well-established in the cost–benefit literature and has been widely used to support past DHS rulemakings.3 OMB has recommended that agencies use a break-even analysis when quan- tifying or monetizing a regulation’s benefits is not possible (e.g., when the probability of a TSI is unknown)

1 The USCG staff evaluated several regulatory alternatives for the 2016 final reader rule. The USCG did not specify regula- tory alternatives pertaining to the three categories of facilities that the reader rule delay would affect. 2 Recall the risk = T × V × C framework discussed in Section 4.1: The probability of a TSI can be considered to be T × V because T is the likelihood of an attack occurring and V is the likelihood of success given an attack occurring. 3 Sunstein, 2014, provides an in-depth justification of break-even analyses, including a review of the circumstances in which benefits might not be quantifiable. Farrow and Shapiro, 2009, provides a similar discussion pertaining to homeland security regulations in particular.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

60

(OMB, 2003). Break-even analysis answers the question of how large the (nonquantified) benefits need to be to justify the costs of a regulation. We describe in this section the mathematical framework for break-even analysis and the concept of a break-even threshold.

In the context of cost–benefit analysis, a regulation is efficient if the incremental benefits that the regula- tion would generate exceed the incremental costs of implementing the regulation (Willis and LaTourrette, 2008). In mathematical terms, benefits exceed costs when

Db – Da ≥ Cr, (5.1)

where D is the annualized damage or consequences from TSIs that could potentially be averted due to the regulation; subscripts b and a indicate conditions without the regulation (i.e., the baseline) and after the regulation is promulgated, respectively; and Cr is the annualized costs of the regulation.

The effect of a new security regulation is supposed to be to reduce risk and, in so doing, change the annu- alized potential consequences from Db to Da. A regulation can reduce risk by changing the probability of a TSI, the potential consequence, or both. Because of the dynamic nature of terrorist adaptation, it is difficult to attribute the impact of additional security measures exclusively to reducing probability or exclusively to reducing consequence (Jackson et al., 2005). We can define a relative risk reduction factor as

=

−R D D D

,b a

b (5.2)

where R characterizes the effectiveness of a regulation, ranging from 0 (no risk reduction) to 1 (complete risk reduction). Combining expressions 5.1 and 5.2 gives

≥R c

D .r

b (5.3)

The benefits exceed the costs of a regulation when the above inequality holds. The point at which the risk reduction just equals the ratio of costs to avoided consequence is the minimum risk reduction for which the regulation would be justified.4 Thus, the break-even threshold, Rt, is (i.e., replacing ≥ with = in expression 5.3)

=R c

D .t

r

b (5.4)

To convey the magnitude of the risk reduction in clearer terms, the break-even threshold is often repre- sented as a required frequency (or the length of time between incidents) with which a TSI must be averted to justify the cost of a regulation. The required break-even frequency, Ft, is expressed as the reciprocal of the break-even threshold in expression 5.4 and is interpreted as “one every x years”:

= =F

R D c

1 .t t

b

r (5.5)

4 If Rt is greater than 1, the regulation is not justified on a cost–benefit basis because its cost exceeds the expected conse- quences averted. If Db is 0, then Rt is undefined. But this would be a pathological case because it means that there is no baseline consequence to be avoided.

A Cost–Benefit Analysis of the Reader Rule Delay

61

For example, a break-even threshold of 0.01 implies that the regulation would need to successfully avert one TSI every 100 years to be cost-effective (i.e., a required break-even frequency of 100 = 1/0.01). If the regulation would avert more TSIs (on an annualized basis) than the break-even threshold—that is, at a rate exceeding the required break-even frequency (say, one TSI every 30 years)—the regulation would be cost- effective. If the regulation would not—that is, it would avert TSIs at a rate below the required break-even frequency (say, just one TSI every 300 years)—the regulation would not be cost-effective. Estimating the expected frequency at which TSIs are likely to be averted due to the regulation clearly requires subjective determination.

To further illustrate the break-even threshold with a more extreme case, assume that the break-even threshold is 0.2, so the regulation would need to successfully avert one TSI every five years to be cost-effective (i.e., a required break-even frequency of 5 = 1/0.2). Because there has not been a TSI since the origin of the TWIC program (i.e., a period longer than five years), we can reasonably conclude that the regulation in this hypothetical example would not be cost-effective.

Break-even analysis has several limitations (Baxter, 2012):

• The results of break-even analysis can be challenging to interpret. Because the baseline probability of an undesirable event is unknown, evaluating whether the break-even threshold is achievable can be dif- ficult.

• Break-even analysis cannot inform policymakers whether the benefits will exceed the costs of a regula- tion.

• Break-even analysis does not allow meaningful comparisons between regulatory alternatives with simi- lar costs. However, it could be useful in rejecting regulatory alternatives in which the costs are so large relative to the benefits (i.e., consequences averted) that the regulation is unlikely to ever be cost-effective.

Alternative approaches exist but might not mitigate these limitations. Less formalized, qualitative approaches do not necessarily provide more-useful information to policymakers. DHS analyses conducted prior to 2007 largely ignored benefits and estimated only compliance costs (Farrow and Shapiro, 2009). More- sophisticated technical approaches would require additional information and assumptions on the underlying probability distribution of threat and vulnerability (see, e.g., Willis and LaTourrette, 2008). Furthermore, break-even analysis relies on monetized valuation of averted consequences for which complete data might not exist. The consequence of a TSI could include fatal and nonfatal injuries, property damage, environmen- tal contamination or degradation, and secondary economic impacts, such as supply chain disruptions.5 Esti- mates of these factors might rely on complex models that contain proprietary or sensitive information that might not be appropriate or practical for a transparent rulemaking process.

5.1.2. Data Sources Various sources of information on the costs of the proposed regulation are described in detail in the previ- ous HSOAC report (Williams et al., 2020). For this study, we solicited additional information using an online survey of facilities likely to handle bulk CDCs (Appendix F reproduces the survey instrument). The survey sought information on the types and quantities of CDCs that facilities handled, the current state of TWIC-

5 Some of these consequence factors are included in the USCG’s MSRAM. However, the authors of CG-REG, 2015, deter- mined that many of the consequence values in MSRAM were not appropriate for regulatory analysis.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

62

related security measures, and the costs of compliance with the proposed regulation. In this section, we briefly summarize the key data sources used to inform the cost–benefit analysis:

• the TWIC reader pilot program: From 2008 to 2011, TSA conducted a pilot program in collaboration with the USCG, under the direction of the DHS Science and Technology Directorate to help inform analysis about the efficacy and costs of using biometric readers in the maritime environment.

• the Port Security Grant Program: FEMA awarded grants to ports and individual facility operators participating in the TWIC reader pilot program and has continued to issue awards for TWIC-related security measures in the past decade. We received from FEMA the program data on the number of awards and award amounts from 2007 to early 2018.

• site visits and interviews with facility operators: The research team for the previous HSOAC study (Williams et al., 2020) conducted interviews with personnel from 164 MTSA-regulated facilities (regard- less of whether they handled CDCs authorized to be transported in bulk), representing a diverse sample across several port attributes, including geographic location and size, volume of traffic, commodity type, and TWIC enrollments. During these interviews, the team asked operators about costs they had incurred to install electronic readers or physical access control systems (PACSs) and any estimated costs that resulted from evaluating the feasibility of acquiring and installing readers or other compliance measures.

• interviews with vendors: For the previous HSOAC study, the research team also spoke with vendors of readers capable of reading TWICs, including hardware, software, and PACSs. Vendors provided insights into reader equipment, installation, and integration costs, as well as other considerations, such as equipment availability.

• survey of facilities that handled bulk CDCs: As mentioned, from August to November 2021, we con- ducted an online survey of facilities likely to handle bulk CDCs (Appendix F reproduces the survey instrument).

• interviews with people from companies that owned or operated facilities that handled bulk CDCs: In addition to the online survey, we conducted interviews in 2021 with nine companies that owned or operated multiple facilities, some of which handled bulk CDCs, to obtain information about the types and quantities of chemicals handled, existing security measures, and estimated costs from feasibility assessments of acquiring and installing TWIC readers (Appendix G details the interviews and repro- duces the interview protocol).

5.2. Estimation of Costs

Our assessment of costs relied on the framework described in the previous HSOAC report but contains only facilities that handled bulk CDCs and were potentially subject to the reader rule delay. This group was a subset of all MTSA-regulated facilities. There is uncertainty about the size of the regulated universe sub- ject to the reader rule delay, as described in Chapter Three; therefore, we present a sensitivity analysis using the lower- and upper-bound estimates of the number of affected facilities. Table  5.1 defines the compli- ance cost components of the reader rule delay, with the subsequent subsections further describing each cost component.

5.2.1. TWIC Capital Costs We relied on information from FEMA’s Port Security Grant Program to estimate the up-front capital costs for TWIC-related investments for facilities that handled bulk CDCs to comply with the requirements of

A Cost–Benefit Analysis of the Reader Rule Delay

63

the reader rule delay. More than 550 port security grants were awarded for TWIC-related improvements from 2007 to 2018.6 We cross-walked the names of recipients with EPA’s RMP or TRI program data to identify facilities that reported having any CDCs on site. We identified 61 Port Security Grants awarded to 50 unique facilities that handled bulk CDCs—in some cases, facilities received separate awards in different years. Among facilities that handled CDCs in bulk, the average value per award was approximately $260,000 and the average value of all awards was approximately $310,000 per facility (measured in 2020 dollars). In comparison, for other facilities, the average value per award and average value of all awards per facility were approximately $480,000 and $840,000, respectively.7 We validated these figures from the FEMA grant pro- gram against cost information provided directly by facility operators in prior site visits, interviews, and the survey of facilities that handled bulk CDCs.

We found that the average compliance costs for facilities that handled bulk CDCs were between half and two-thirds of the typical compliance costs for other facilities that had installed TWIC readers but did not handle bulk CDCs. This is consistent with findings in the TWIC pilot program and interviews with facil- ity operators that suggested that facilities likely to handle bulk CDCs tended to have fewer physical access points and TWIC enrollments—and thus required fewer TWIC readers—than facilities that did not, such as container and large passenger (cruise) facilities.8 Given the distribution of facilities across categories describ- ing their operations, we assumed that facilities that handled bulk CDCs require about ten TWIC readers per facility, on average.

6 The total value of TWIC-related awards accounted for approximately 7.5 percent of the total amount funded by the Port Security Grant Program, or approximately $17.8 million per year (measured in 2020 dollars). 7 Heather Williams and her colleagues used the average value per award rather than the average value of all awards per facility because of the large difference between the two values and because it was not feasible to determine the portion of any awards funding repair or replacement projects given the length of time between awards (Williams et al., 2020). For the smaller subset of facilities that handled bulk CDCs, these factors are of less concern because the values are more similar and multiple grants were often awarded in proximate or adjacent years. In this study, we conservatively used the higher cost estimate of $310,000 per facility. 8 Williams and her colleagues estimated that facilities handling bulk liquids and break-bulk and solid material would require an average of approximately eight to ten TWIC readers per facility, whereas container and large passenger facilities would require an average of 16 to 18 TWIC readers per facility (Williams et al., 2020).

TABLE 5.1

Compliance Costs of the Reader Rule Delay

Cost Category Description

Capital TWIC readers, including hardware and software

Installation of TWIC readers

Infrastructure needed to install or operate TWIC readers in appropriate locations, including costs to integrate TWIC readers with existing PACSs

Maintenance Ongoing maintenance of TWIC readers

Operational Amendments to FSPs

Recordkeeping

Training of personnel to perform electronic TWIC inspections

Additional Delay costs due to reader failures

TWIC replacement costs due to card failures

Government Costs for the USCG to review amended FSPs

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

64

We further assumed that TWIC readers would become inoperable or obsolete over time. Industry repre- sentatives expressed concerns about the continued functionality of TWIC readers in harsh outdoor environ- ments and due to exposure to salt water or chemicals. Vendors and facility operators generally agreed that TWIC readers would have to be replaced about every five years on average. Informed by a review of manu- facturer list prices, we estimated that the average replacement cost would be approximately $5,700 per reader (Williams et al., 2020).

5.2.2. Maintenance Costs In addition to installing TWIC readers, facility operators will have to service those readers to ensure that they continue to function properly. Vendors of electronic readers capable of reading TWICs provided a range of maintenance cost estimates that were generally 15 to 20 percent of the list price or manufacturer’s suggested retail price (Williams et al., 2020). From this information, we assumed that the average annual maintenance cost was approximately $1,000 per reader or approximately $10,000 per facility.

5.2.3. Operational Costs 5.2.3.1. Amendments to the FSP From estimates in CG-REG, 2015, we assumed that a facility security officer (FSO) would take approximately 25 hours to review, update, and submit an amendment to the FSP detailing how TWIC readers would be incorporated into their security measures. We multiplied this estimate by the average hourly labor cost for an FSO. To estimate this, we used data from the U.S. Bureau of Labor Statistics (BLS) (BLS, 2021a) reporting a mean hourly wage of $68.93 for management occupations across all water transportation industries. We then adjusted this by the ratio of total benefits to wages and salaries for production, transportation, and material- moving industries to estimate a fully loaded hourly labor cost of $102.77.9 Therefore, we estimated that the average up-front cost to amend an FSP would be approximately $2,600 per facility.

5.2.3.2. Recordkeeping Using estimates in CG-REG, 2015, we assumed that it would take approximately 40 hours of an FSO’s time to develop a recordkeeping system to comply with the TWIC reader requirements, plus an additional six hours per year for ongoing maintenance. From our site visits and interviews with FSOs, we assessed that most PACSs and software systems for TWIC readers now in place have this recordkeeping capability. Therefore, we estimated that the up-front cost to comply with the recordkeeping requirement would be approximately $4,100 and that the recurring annual cost would be approximately $620 per facility.

5.2.3.3. Personnel Training Existing regulations require all port security personnel to be familiarized with the TWIC program and the relevant provisions of the FSP. Therefore, the only additional compliance action associated with the TWIC reader requirements entails ensuring that security staff are trained to properly conduct electronic TWIC inspections. From estimates in CG-REG, 2015, we assumed that facilities have an average of one FSO and 6.46 personnel with security duties.10 We assumed that all security staff would require four hours of train- ing in the first year and one hour of training in each subsequent year as part of the annual required facility-

9 The ratio of total benefits to wages and salaries is $10.31/$21.00 = 0.49 per BLS, 2021b. 10 Although this figure might overestimate the number of personnel with security duties at facilities that handle bulk CDCs, because those facilities tend to be smaller than others subject to the TWIC reader requirements, the training cost is relatively minor. Therefore, this assumption is unlikely to materially affect the overall cost estimate.

A Cost–Benefit Analysis of the Reader Rule Delay

65

specific MTSA training. We used an hourly fully loaded wage rate of $102.77 for an FSO and $29.85 for other security personnel.11 Thus, we estimated that the up-front training cost would be approximately $1,200 and that the recurring training cost would be approximately $300 per facility.

5.2.4. Additional Costs 5.2.4.1. Delay Costs Due to Reader Failures Electronic TWIC inspections will result in additional delay costs if a reader cannot validate a TWIC or a cardholder’s identity, thereby increasing the need for secondary screening procedures. This section quanti- fies the delay costs due to reader failures for the population of affected TWIC holders who access facilities that handle bulk CDCs. The approach differs slightly from the unit cost estimates discussed thus far because it estimates costs on a per-person rather than a per-facility basis.

To estimate these costs, we relied on information and assumptions in CG-REG, 2015. To estimate the number of TWIC holders at facilities that handled bulk CDCs, we linked the MISLE facility categories used in CG-REG, 2015, to the relevant facility supergroups subject to the reader rule delay described in Section 3.3. We then applied the USCG’s estimates of the average length of delays and the percentage of TWIC holders affected to the entire population of TWIC holders at facilities that handled bulk CDCs to estimate the extent of delays. Finally, we used a standard labor rate to monetize the effect of delays due to reader failures.

First, we used the data from the TWIC pilot program showing that 446,600  TWIC holders accessed break-bulk terminals and petroleum facilities because these two general facility categories correspond with the subset of facilities that might handle bulk CDCs (CG-REG, 2015, p. 62).12 As of February 2021, MISLE indicated that there were 490 break-bulk or bulk dry and solid facilities, 1,160 bulk liquid or bulk oil facili- ties, and 46 CDC (combined categories) facilities. Therefore, we calculated that there were approximately 263 TWIC holders per facility on average.13 Thus, using the lower- and upper-bound population estimates, we calculated that between 124,026 and 187,224 TWIC holders accessed facilities that handled bulk CDCs.14

To estimate the overall extent of delays, we relied on the USCG’s estimates of the average length of delays and the percentage of TWIC holders affected (CG-REG, 2015). Specifically, the USCG assumed that the aver- age length of time required to conduct secondary screening measures was about 46 seconds.15 The USCG also assumed that each TWIC holder would be subject to an electronic TWIC reader inspection an average of three times per week or about 150 times per year.16 According to the data from the TWIC pilot program, 17.1 percent of electronic TWIC inspections were invalid. However, the data do not provide information on the distribution of invalid inspections.17 Therefore, the USCG assumed that each of the seven failure modes

11 These estimates are based on an hourly wage rate of $68.93 for management occupations and $20.02 for protective service occupations multiplied by a fully loaded labor cost factor of 1.49 (BLS, 2021a). 12 The TWIC pilot program considered just five general facility categories: container terminals; large passenger vessels and terminals; break-bulk terminals; petroleum facilities; and small passenger vessels, towboats, and other. On the other hand, MISLE uses dozens of subtypes to designate facility types. So matching the general facility categories considered in the TWIC pilot program to the MISLE subtypes (and supergroups) considered in this study has some uncertainties. 13 We calculated the average number of TWIC holders per facility as 263.3 = 446,600 TWIC holders/1,696 facilities. 14 We calculated this range as 471 × 263.3 = 124,026 and 711 × 263.3 = 187,224. 15 This average reflects a range of five estimates from 6 seconds (for an additional visual inspection) to 120 seconds (for secu- rity personnel to travel to an unmanned access point, conduct a visual inspection, and grant or deny access). 16 This average represents a typical TWIC holder (allowing for full-time workers, part-time workers, and occasional visitors) accessing a facility anywhere from one to five days a week, 50 weeks per year. 17 The failure modes included the card being on the canceled-card list, the card being invalid, biometric failure, card fail- ure, otherwise-unreadable card, user error, and the reader failing (CG-REG, 2015). The term failure mode can be misleading

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

66

was equally likely or had about a 2.4-percent failure rate. Although not all of these are actual failures because the TWIC readers were presumably identifying invalid, expired, or canceled TWICs as they were intended to do, all invalid inspections would likely result in delays that might not have otherwise occurred.

To monetize the impact of delays, we multiplied the number of affected TWIC holders by (1) the average annual number of electronic TWIC inspections, (2) the reader failure rate, (3) the average length of delay, and (4)  the average fully loaded hourly wage rate for TWIC holders. We used a fully loaded hourly wage rate of $51.27.18 Thus, we estimated that the total cost of delays due to reader failures would be $2.1 million to $3.1 million per year for the entire population of affected TWIC holders, for the lower- and upper-bound population estimates.

5.2.4.2. TWIC Replacement Costs Due to Card Failures TWIC cardholders will incur costs to replace damaged or defective TWICs that cannot be read by elec- tronic readers. To estimate these costs, we also relied on information and assumptions in CG-REG, 2015. As described above, 17.1 percent of electronic TWIC inspections in the TWIC reader pilot program could not be validated. Because the analysis of failure modes was not backed by performance data from the TWIC reader pilot program or other information, the number of cards that would need to be replaced each year is uncertain. We assumed that two of the seven documented failure modes were associated with damaged or defective TWICs.19 Assuming that all failure modes are equally likely, we estimated that approximately 5 percent of TWICs used at facilities that handled bulk CDCs would need to be replaced each year. Based on the above estimates, this would be about 6,200 to 9,400 cards per year. The cost of a replacement card is $60.20 Therefore, we estimated that the average cost of replacing TWICs would be approximately $370,000 to $560,000 per year for the entire population of affected TWIC holders, for the lower- and upper-bound popula- tion estimates.

5.2.5. Government Costs The main cost to the USCG would be reviewing amendments to FSPs submitted by FSOs. The USCG has estimated that it would take approximately four hours to review each amended FSP after the regulation is implemented (CG-REG, 2015). For fiscal year 2020, the fully loaded hourly wage rate for officers typically tasked with this responsibility was $54.21 Therefore, the average cost to review an FSP amendment would be approximately $220 (i.e., per facility).

5.2.6. Summary of Costs Tables 5.2 and 5.3 report the total costs of the reader rule delay using the lower- and upper-bound popula- tion estimates. We anticipated a one-year implementation period. Some of the costs to industry might be subsidized by government funds, including through FEMA’s Port Security Grant Program. We estimated that the ten-year costs of the rule would range between $221 million and $333 million, in 2020 dollars. On

because the first two modes indicate the success of access control measures in rejecting invalid TWICs. 18 This estimate is based on an employment-weighted average hourly wage rate of $23.67 for sailors and marine oilers (BLS occupation code  53-5011; 9,930  employees), $41.59 for ship and boat captains and operators (occupation code  53-5020; 12,200 employees), and $39.57 for ship engineers (occupation code 53-5031; 3,580 employees) multiplied by a fully loaded labor cost factor of 1.49 (BLS, 2021a). 19 The two failure modes are card failure or otherwise-unreadable card. 20 Based on information provided at TSA, undated. 21 Based on the hourly wage rate for an E-5 officer (Commandant Instruction 7310.1U).

A Cost–Benefit Analysis of the Reader Rule Delay

67

TABLE 5.2

Total Costs for 471 Facilities That Handled Bulk CDCs, in Millions of 2020 Dollars, Using a 7-Percent Discount Rate, Lower-Bound Estimate

Year Capital Maintenance Operational Additional Government Total

2023 146.0 0 3.7 2.5 0.1 152.3

2024 0 4.4 0.4 2.3 0 7.1

2025 0 4.1 0.4 2.1 0 6.6

2026 0 3.8 0.4 2.0 0 6.2

2027 0 3.6 0.3 1.9 0 5.8

2028 19.1 3.3 0.3 1.8 0 24.5

2029 0 3.1 0.3 1.6 0 5.1

2030 0 2.9 0.3 1.5 0 4.7

2031 0 2.7 0.3 1.4 0 4.4

2032 0 2.6 0.2 1.3 0 4.1

Net present value 165.2 30.6 6.5 18.5 0.1 220.8

Annualized cost (7%) 22.0 4.1 0.9 2.5 0.01 29.4

NOTE: Totals might not sum because of rounding. Using a 3% discount rate, the net present value is $234.5 million and the annualized cost is $26.7 million. Although the table lists the first year of costs as 2023, if the implementation is delayed, changes in wages will affect the costs slightly; the majority of the costs (in 2020 dollars) would not change under the assumptions described in the text. The large capital cost in 2028 is for reader replacement.

TABLE 5.3

Total Costs for 711 Facilities That Handled Bulk CDCs, in Millions of 2020 Dollars, Using a 7-Percent Discount Rate, Upper-Bound Estimate

Year Capital Maintenance Operational Additional Government Total

2023 220.4 0 5.6 3.7 0.15 229.9

2024 0 6.6 0.6 3.5 0 10.7

2025 0 6.2 0.6 3.2 0 10.0

2026 0 5.8 0.5 3.0 0 9.3

2027 0 5.4 0.5 2.8 0 8.7

2028 28.9 5.1 0.5 2.6 0 37.1

2029 0 4.7 0.4 2.5 0 7.6

2030 0 4.4 0.4 2.3 0 7.1

2031 0 4.1 0.4 2.2 0 6.7

2032 0 3.9 0.4 2.0 0 6.2

Net present value 249.3 46.2 9.8 27.9 0.2 333.3

Annualized cost (7%) 33.2 6.1 1.3 3.7 0.02 44.4

NOTE: Totals might not sum because of rounding. Although the table lists the first year of costs as 2023, if the implementation is delayed, changes in wages will affect the costs slightly; the majority of the costs (in 2020 dollars) would not change under the assumptions described in the text. The large capital cost in 2028 is for reader replacement.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

68

an annualized basis, we estimated that the costs of the rule would be $29.4 million to $44.4 million using a 7-percent discount rate.

5.3. Estimation of Benefits

The final rulemaking is anticipated to enhance the security of maritime facilities that handle CDCs in bulk by providing an effective means to ensure that only someone who holds a valid TWIC is granted unescorted access to secure areas of high-risk maritime facilities. The electronic TWIC inspection requirements are intended to enhance security procedures and access control measures at certain MTSA-regulated facilities.

We calculated the break-even frequency—the number of incidents that must be averted each year for the regulation to be cost-effective—based on estimates of the potential consequence of a TSI using CISA’s CFATS risk engine (CISA, 2021) (see Section 4.3.1). The 2015 regulatory analysis (CG-REG, 2015) relied on data on potential consequences of TSIs from the USCG’s MSRAM. We concluded that the MSRAM data were unsuitable for this analysis because consequence scores were not always developed through standardized, objective modeling or assessment methodologies and thus were not easily reproducible (see Section 4.2). The CFATS modeling methodology provides a more consistent, comprehensive assessment of consequence. The CFATS methodology relies mainly on information on the types (e.g., chlorine or propane) and quantities (e.g., 100,000 lb.) of CDCs and the population density in the vicinity of each facility (Figure 4.1).

5.3.1. Limitations to Quantifying Benefits in a Comprehensive Way The CFATS risk engine allows the user to estimate the consequence of an attack in terms of the number of expected fatalities in populations near the facility (CISA, 2021). This consequence averted is then considered the benefit of the regulation. As discussed in Williams et al., 2020, the exclusion of other potential benefits likely results in an understatement of the total benefits of the TWIC reader rule. It would be desirable for the quantified benefits to also include the mitigation of injuries, property damage, environmental losses, and other direct economic impacts. However, as described in this section, several challenges exist.

For example, the tools needed for such an assessment would likely rely on sensitive or proprietary facility- specific information that is not generally available or compatible with the level of transparency required for federal rulemaking. Nevertheless, given the range of estimated fatalities and the valuation of the correspond- ing averted losses, it is likely that the number of fatalities averted represents the largest component of the potential benefits of the regulation (Williams et al., 2020, p. 250).

Another challenge is that, in the case of MSRAM, although economic and environmental consequences (in addition to fatalities) were considered, they were not necessarily standardized or objective and cannot be reproduced (see Section 4.2), thus lacking transparency.

Several studies have attempted to quantify the consequence of a major terrorist attack—analysts have pro- duced estimates of the loss of lives, property damage, and other economic impacts, such as trade disruption (Abt, 2003; Abt et al., 2003; National Protection and Programs Directorate, 2011; TSA, 2013). However, nearly all the studies with property damage estimates were developed for single locations or single representative building types, and relatively few were for the maritime environment. We are not currently aware of any anti- terrorism regulatory analyses accounting for environmental damage. Therefore, developing facility-specific estimates of impacts other than fatalities using a standardized and objective assessment methodology does not appear to be feasible currently.

A Cost–Benefit Analysis of the Reader Rule Delay

69

5.3.2. Monetizing Averted Losses Regulatory analyses typically use estimates of the value of a statistical life (VSL), which does not place a value on a human life but is used to represent the value of society’s willingness to pay to reduce low-probability mortality risks. In keeping with the DHS and DOT guidelines for regulatory analyses (Putnam and Coes, 2021), we used a VSL estimate of $11.6 million (in 2020 dollars) to evaluate in monetary terms the benefits (i.e., fatalities averted) of implementing the TWIC reader requirements for facilities that handle bulk CDCs.

5.3.3. Consequence and Facility Typology The consequence (fatality) estimates were developed using the CFATS risk engine for 386 facilities that han- dled CDCs in bulk and reported quantity information to the EPA RMP or TRI programs (Section 4.3.2). The actual number of facilities that handled bulk CDCs is higher (Section 3.4.1), but we did not have the requisite CDC quantity information to develop consequence estimates for each facility. For facilities that handled mul- tiple CDCs, we considered the CDC that would yield the maximum consequence. Figure 5.1 shows the range of these 386 consequence estimates ranked, where consequences less than 1 are set to 1 because the y-axis is on a logarithmic scale. As expected, the distribution of fatalities is heavily skewed, with nearly a quarter of the estimates below ten fatalities per event. The highest estimate is more than 200,000 fatalities. The median estimate (the 50th percentile) is 224 fatalities, and the interquartile range (between the 25th and 75th per- centiles) is between 15 and 1,703 fatalities. The figure also shows that the numbers of facilities with fatalities less than ten, between ten and 100, between 100 and 1,000, between 1,000 and 10,000, between 10,000 and 100,000, and greater than 100,000 are 89, 69, 104, 78, 39, and seven, respectively.22 This wide variation in con- sequence is like what we previously observed in MSRAM (Section 4.2).

Figure 5.1 includes only the estimated consequences without referencing any corresponding independent variables. Tables 4.6, 4.7, 4.10, and 4.12 in Chapter Four further present the median consequences when we

22 That is, we counted the corresponding number of facilities in each decade of estimated consequence (y-axis).

FIGURE 5.1

Maximum Consequence Estimates for 386 Facilities

NOTE: Estimated consequences less than 1 are set to 1 because the y-axis is on logarithmic scale.

1

10

100

1,000

10,000

100,000

1,000,000

0 25 50 75 100 125 150 175 200 225 250 275 300 325 350 375 400

E st

im at

ed c

on se

q ue

nc e

(th e

nu m

b er

o f f

at al

iti es

)

Facility rank

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

70

grouped these 386 consequence estimates by various combinations of categories of four observable attributes: (1) CDC quantity, (2) local population density, (3) toxic versus flammable or explosive CDC, and (4) NFPA hazard rating.23 Specifically, Tables 4.6 and 4.7 use all four attributes, Table 4.10 uses attributes 1 through 3, and Table 4.12 uses just attributes 1 and 2. These tables suggest a robust facility typology of using four, three, or two observable attributes. Although using more observable attributes is more technically comprehensive, using fewer observable attributes is easier and perhaps more practical.

5.3.4. Discussion of Regulatory Options Based on Facility Typology As previously discussed, CG-REG considered several regulatory alternatives for the final TWIC reader rule encompassing different categories of facilities and vessels to be regulated using the MISLE classification system (CG-REG, 2015). On the other hand, the reader rule delay did not propose different regulatory alter- natives for the subset of MTSA-regulated facilities that handled bulk CDCs.

Tables 5.4 through 5.7 present a hypothetical framework using a simplified facility typology, discussed above and in more detail in Section 4.3.2, based on two observable attributes (i.e., CDC quantity and local population density) to demonstrate two notional regulatory options to compare with the final regulation. This typology is truly risk-informed because it readily identifies, using observable attributes, subsets of facili- ties that have consequences of similar magnitudes. This is an improvement on past studies that relied on apparent facility classifications in which facilities in the same class could have enormous variations in consequences. Recall that the tables are based on the 386 facilities for which we could retrieve CDC quantity information (not just CDC type) from EPA databases to estimate consequence.

These regulatory options reflect more-targeted approaches but do not represent actual regulatory alterna- tives proposed by the USCG. Regulatory alternatives should be developed with input from stakeholders and within the legal and statutory authorities of the USCG. Although many targeted approaches are feasible, we selected two that we felt were sufficiently different from the proposed regulation to illustrate the magnitude of changes in the break-even threshold and frequency.

23 As discussed in Section 4.3.2, although it was possible to group facilities by consequence, that information was not directly observable because it required the CFATS risk engine and the associated technical expertise to generate. Hence, it was desir- able to consider other observable attributes that can serve as proxies for consequence, so that grouping facilities and imple- menting the rule would be practical.

TABLE 5.4

Median Facility Maximum Consequence, in Number of Fatalities, with Notional Regulatory Option 1 for 386 Facilities Matched to EPA Databases with Quantity Information

Quantity, in Pounds

People per Square Mile

0–99 100–299 300–999 1,000–2,999 ≥3,000

≤105 0 0 1 11 0

105< and ≤106 8 33 40 129 116

106< and ≤107 35 53 318 592 1,484

107< and ≤108 352 1,154 1,611 3,746 6,845

108< and ≤109 800 8,163 3,708 13,430 N/A

NOTE: Color shading is used to demonstrate relative consequence distributions: Redder shading indicates higher median consequence, and greener shading indicates lower. The table was presented as Table 4.12 without the blue boundary, which here indicates results of a notional regulatory option 1, which excludes facilities that handle 100,000 lb. of CDCs or less.

A Cost–Benefit Analysis of the Reader Rule Delay

71

TABLE 5.5

Corresponding Sample Size with Notional Regulatory Option 1 for 386 Facilities Matched to EPA Databases with Quantity Information

Quantity, in Pounds

People per Square Mile

0–99 100–299 300–999 1,000–2,999 ≥3,000

≤105 12 18 26 17 15

105< and ≤106 6 17 18 21 18

106< and ≤107 9 8 31 25 11

107< and ≤108 23 18 36 19 10

108< and ≤109 3 5 11 9 0

NOTE: The table was presented as Table 4.13 without the blue boundary, which here indicates results of a notional regulatory option 1.

TABLE 5.6

Median Facility Maximum Consequence, in Number of Fatalities, with Notional Regulatory Option 2 for 386 Facilities Matched to EPA Databases with Quantity Information

Quantity, in Pounds

People per Square Mile

0–99 100–299 300–999 1,000–2,999 ≥3,000

≤105 0 0 1 11 0

105< and ≤106 8 33 40 129 116

106< and ≤107 35 53 318 592 1,484

107< and ≤108 352 1,154 1,611 3,746 6,845

108< and ≤109 800 8,163 3,708 13,430 N/A

NOTE: Color shading is used to demonstrate relative consequence distributions: Redder shading indicates higher median consequence, and greener shading indicates lower. The table was presented as Table 4.12 without the red boundary, which here indicates results of a notional regulatory option 2, which excludes the following facilities inside the blue boundary in Tables 5.4 and 5.5: (1) those in areas with population densities of fewer than 1,000 people per square mile that handle 1 million pounds of CDCs or less and (2) those in areas with population densities of fewer than 100 people per square mile that handle 10 million pounds of CDCs or less.

TABLE 5.7

Corresponding Sample Size with Notional Regulatory Option 2 for 386 Facilities Matched to EPA Databases with Quantity Information

Quantity, in Pounds

People per Square Mile

0–99 100–299 300–999 1,000–2,999 ≥3,000

≤105 12 18 26 17 15

105< and ≤106 6 17 18 21 18

106< and ≤107 9 8 31 25 11

107< and ≤108 23 18 36 19 10

108< and ≤109 3 5 11 9 0

NOTE: The table was presented as Table 4.13 without the red boundary, which here indicates results of a notional regulatory option 2.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

72

The notional regulatory frameworks are as follows:

• final reader rule: The reader rule as written would regulate all facilities that handle CDCs in bulk. • option 1: This targeted approach, illustrated by the blue boundaries in Tables  5.4 and 5.5, excludes

facilities that handle 100,000 lb. of CDCs or less. This option excludes a total of 88 out of 386 facilities (23 percent).

• option 2: This more multilayered, targeted approach, illustrated by the red boundaries in Tables 5.6 and 5.7, excludes

– facilities that handle less than 100,000 lb. of CDCs – facilities in areas with population densities of fewer than 1,000 people per square mile (over a 2-mile radius; see Section 4.3.2) and at most 1 million pounds of CDCs

– facilities in areas with population densities of fewer than 100 people per square mile and at most 10 million pounds of CDCs. This option excludes a total of 138 out of 386 facilities (36 percent).

Assuming that the consequence distributions of 386 facilities shown in Tables 5.4 and 5.6 are represen- tative of the overall regulated population (between 471 and 711 facilities in total, per Section 3.4), option 1 would exempt approximately 23 percent of facilities, or roughly between 110 and 160 facilities, from imple- menting additional TWIC-related security measures. The median consequence for these exempted facilities is less than one fatality per TSI. Option 2 represents a slightly more complex set of criteria that would exempt approximately 36 percent of facilities, or roughly between 170 and 250 facilities, from undertaking additional TWIC compliance actions. The median consequence for the exempted facilities in this scenario is less than 50 fatalities. Because we lacked concrete data, we did not address whether such exemptions would limit the USCG’s ability to achieve its stated goal or potentially redirect bad actors to less secure targets.

5.4. The Break-Even Analysis

Table 5.8 reports the annualized cost of compliance activities and the break-even threshold and frequency for the final reader rule as written and for each notional regulatory option. Because the size of the regulated universe is uncertain, we present the results using the lower- and upper-bound estimates of the number of facilities that handled bulk CDCs. Furthermore, because the distributions of risk factors (i.e., consequence,

TABLE 5.8

Break-Even Analysis, by the Final Reader Rule as Written and Notional Regulatory Option

Regulatory Option

A. Number of Affected Facilities

B. Annualized Cost, in Millions

of Dollars

C. Median Number of

Fatalities Averted

D. Monetary Value of an

Averted TSI, in Millions of

Dollars E. Break-Even

Threshold (B/D)

F. Required Break-Even

Frequency (1/E): Years Between

TSIs

Lower bound

Final reader rule 471 29.4 224 2,594 0.0113 88

Option 1 364 22.7 594 6,889 0.0033 303

Option 2 303 18.9 963 11,170 0.0017 591

Upper bound

Final reader rule 711 44.4 224 2,594 0.0171 58

Option 1 549 34.2 594 6,889 0.0050 201

Option 2 457 28.5 963 11,170 0.0026 392

A Cost–Benefit Analysis of the Reader Rule Delay

73

quantity, and population density) for the regulatory universe are not completely known, we assumed that they were the same as those of the smaller, known population of the 386 facilities matched to EPA databases and used in the CFATS risk-engine simulation (the consequence distributions are shown in Tables 5.4 and 5.6). So, in column C of Table 5.8, the number of fatalities averted does not change between the lower- and upper-bound estimates because the median consequences remain the same regardless of the population size.

Column F of Table 5.8 shows that the proposed regulation would be cost-effective if it were to successfully avert a TSI at least once every 58 to 88 years (for the upper- and lower-bound population estimates, respec- tively). This roughly 60- to-90-year range contrasts with the thresholds for the notional regulatory alterna- tives. Depending on the population size and the regulatory alternative chosen, the alternative options would be cost-effective if they avoided a TSI at least once every 200 to 600 years.

Although break-even thresholds do not tell policymakers whether a regulation would actually be cost- effective, they provide a basis for comparison from which policymakers can make risk-informed, albeit sub- jective, judgments about whether a regulatory option is likely to be cost-effective (Willis and LaTourrette, 2008). A universal standard for an acceptable level of risk tolerance does not exist, but the USCG has rejected regulatory alternatives for the TWIC reader requirements when the required break-even frequency was at or below a rate of one TSI every 50 years. In CG-REG, 2015, the USCG states,

Alternative 4: Adding Certain High-consequence Facilities to Risk Group A, including Petroleum Refiner- ies, Non-CDC Bulk Hazardous Materials Facilities, and Petroleum Storage Facilities:

We considered this alternative based on the high MSRAM consequence scores associated with these three facility types, as well as due to the perception that petroleum facilities pose a greater security risk than other facility types. Despite the high MSRAM consequence scores for these facility types, the overall risk score [for non–Risk Group A entities] . . . were [sic] not as high as those in the current Risk Group A, and therefore, we rejected this alternative [with a break-even frequency of one every 50.1 years].

Alternative  5: Risk Group  A and Risk Group  B Facilities and Risk Group  A Vessels with More than 14 TWIC-holding Crewmembers:

Based on a recent study by the Homeland Security Institute, as discussed in the preamble of the NPRM, the difference in risk between Risk Group A and B facilities is great, indicating that the two risk groups do not require the same level of scrutiny for TWIC cards. Further . . . the break-even point for this alternative [one every 21.1 years] is much higher than that of the preferred alternative. Moreover, many of the comments opposing electronic TWIC inspection requirements represented the interests of owners and operators of vessels or facilities assigned to Risk Group B. For these reasons, we rejected this alternative. (pp. 92–93)

Because all notional regulatory options in Table 5.8 are at or above this threshold, policymakers will have to determine whether the final reader rule as written or a more-targeted approach is likelier to achieve the USCG’s stated objectives for the TWIC reader requirements. The final reader rule as written casts a wide net and, using the assumptions described in this chapter, might be reasonably likely to be cost-effective because the TWIC-related security costs for facilities that handle bulk CDCs tend to be lower than those for other types of facilities. Alternative targeted options (options 1 and 2) would mandate compliance actions only for higher-consequence facilities, lowering the overall industry costs, particularly the cost burden for facilities in rural areas and handling smaller quantities of CDCs. At the same time, the regulated facilities have larger expected consequences (i.e., a higher median consequence from a TSI that could potentially be averted by the regulation). So, the notional targeted options would have a lower break-even threshold for the regulation to prove cost-effective or, alternatively, increase the length of time between successfully averting TSIs required to justify the cost of the regulation.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

74

The decision to use a wide net or a more-targeted approach could depend largely on policymakers’ preferences and relative risk tolerance considering trade-offs among several factors. Table 5.9 describes these trade-offs.

Particularly, the regulation must weigh (1) a higher cost and a correspondingly lower representative con- sequence of a TSI that might be averted because of the regulation for a wider population of facilities and (2) a lower cost and a correspondingly higher representative consequence for a narrower population of facilities. For example, the expected consequences that could potentially be averted because of the regulation among facilities that handle at most 100,000 lb. of CDCs are at least one order of magnitude lower than for other facilities, in aggregate. If such facilities are less likely to be targeted by bad actors, the final reader rule is not likely to be the most cost-effective approach. In contrast, because the population of facilities that handle bulk CDCs is likely not as large as initially suggested by industry (it is well below 1,000 facilities) and the overall cost to industry is not disproportionately large for a major regulation, the precautionary principle might be a reasonable justification for a wider-net approach.

5.5. Summary

This chapter provided a cost–benefit analysis of the TWIC reader requirements for facilities that handle bulk CDCs. We built our analysis on previous economic analyses in CG-REG, 2015, and Williams et al., 2020. In this section, we summarize the data sources, methodology, limitations, and results of our analysis.

We relied on cost information from the following sources:

• the TWIC reader pilot program • FEMA’s Port Security Grant Program • interviews and site visits conducted for the prior HSOAC study • our interviews with companies that owned or operated facilities that handled bulk CDCs • our survey of facilities that handled bulk CDCs.

The potential benefits of the regulation include averting the loss of life from a TSI. We developed facility- specific estimates of the consequence of a TSI using CISA’s CFATS risk engine (CISA, 2021). We also ana- lyzed the distribution of consequence and discussed potential regulatory options based on facility typology

TABLE 5.9

Potential Policy Trade-Offs

Consideration Final Reader Rule (Wider Net) More-Targeted Options

Size of regulated facility population Larger Smaller

Costs Higher Lower

Representative consequence averted Lower Higher

Break-even threshold Higher Lower

Pros • More straightforward to implement • Satisfies the precautionary principle

• Less aggregate burden on industry • Higher representative consequence

from TSIs that could potentially be averted because of the regulation

Cons • Burdensome on low-consequence facilities

• Higher total cost

• Leaves low-consequence facilities unhardened

• Imposes additional data collection requirements for implementation

A Cost–Benefit Analysis of the Reader Rule Delay

75

(as determined by quantity and population density). Because information about the probability of a TSI was unavailable, we conducted a break-even analysis, in which we asked how large the benefits would need to be to justify the costs of a regulation. Specifically, we calculated the break-even threshold, the average number of TSIs that must be averted each year for the regulation to be cost-effective.

The limitations of this approach are uncertainty about the expected benefits, given the lack of informa- tion about the probability of a TSI and a heavily skewed distribution of consequence from a TSI that could potentially be averted because of the regulation. Break-even analysis cannot inform policymakers whether the benefits will exceed the costs of a regulation and does not allow meaningful comparisons between regu- latory options with similar costs. However, break-even analysis could be useful in rejecting extreme cases in which the regulation is unlikely to ever be cost-effective.

The break-even analysis estimated that the final reader rule as currently written would be cost-effective if it successfully averted one TSI approximately every 60 to 90 years at a minimum. Using notional regulatory options, we demonstrated that more-targeted approaches affecting only higher-consequence facilities would lower the break-even threshold, meaning that the regulation would need to avert at least one TSI approxi- mately only every 200 to 600 years to be cost-effective. Although a universal standard does not exist for what is considered a tolerable or risk-averse break-even threshold, the USCG has rejected regulatory alternatives for the TWIC reader requirements when the required break-even frequency was at or below a rate of one TSI every 50 years (CG-REG, 2015).

Because the final regulation and both notional regulatory options described in this chapter all have a required break-even frequency of averting one TSI approximately every 60 years or more, policymakers will have to determine whether a wide net or a more-targeted approach is likelier to achieve the USCG’s stated objectives for the TWIC reader requirements. The final reader rule casts a wide net but is reasonably likely to be cost-effective. Alternative targeted approaches mandating compliance actions only for relatively higher- consequence facilities would lower the break-even threshold or, alternatively, increase the length of time between successfully averting a TSI to justify the cost of the regulation.

In conclusion, policy decisions are a matter of weighing trade-offs between the size of the affected facility population, costs of the regulation, potential consequences averted, break-even threshold (or required break- even frequency), and the probability of averting a TSI (as a result of covering more or fewer facilities).

77

CHAPTER SIX

Conclusions

6.1. Background

The TWIC program, jointly administered by the USCG and TSA, requires anyone accessing a secure area at an MTSA-regulated facility, vessel, or outer continental shelf facility to either have a TWIC or be escorted by someone with a TWIC. Facilities must maintain access control programs at secure areas to verify each person’s identity and business purpose. Until recently, they could conduct these checks by inspecting TWICs visually; however, a 2016 USCG regulation, known as the final reader rule, would require any facility that the USCG determined to be of high risk to inspect TWICs electronically and verify the identities of card hold- ers using biometrics. Final implementation of the reader rule has been delayed until May 8, 2023, for three categories of facilities that handle CDCs in bulk:

(1) . . . Facilities that handle Certain Dangerous Cargoes (CDC) in bulk and transfer such cargoes from or to a vessel.

(2) . . . Facilities that handle CDC in bulk, but do not transfer it from or to a vessel.

(3) . . . Facilities that receive vessels carrying CDC in bulk but, during the vessel-to-facility interface, do not transfer it from or to the vessel. (33 C.F.R. § 105.253)

Although many commodities are considered CDCs, only 43 CDCs are authorized to be transported by ves- sels in bulk (Commandant, 2020c). These 43 CDCs are the focus of this study.

During the delay period, the USCG wanted to reexamine which facilities actually handled CDCs in bulk and to reestimate the costs and benefits of the TWIC reader rule. The USCG asked HSOAC, a federally funded research and development center operated by the RAND Corporation for DHS, to support the imple- mentation of the final reader rule. The specific research questions were

• How many facilities are subject to the reader rule delay? • Is the final reader rule cost-effective for those facilities?

We conducted three main activities to address the research questions:

• We estimated the population of maritime facilities that handle CDCs. • We developed an objective, transparent risk model for these facilities. • We developed a revised cost–benefit analysis for the reader rule delay based on the population estima-

tion and the facility risk model.

In addition, we conducted a facility-agnostic analysis of the intrinsic risks associated with CDCs to support these three main study activities.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

78

The overarching principle of our study was transparency and defensibility in support of rulemaking and implementation. To that end, we

• used only unclassified and nonproprietary data • applied consistent, reproducible approaches • clearly documented the formulations, assumptions, and limitations of our approaches.

6.2. Data Sources

We considered diverse, numerous data sources for this study. The following data sets provided information about maritime facilities:

• the MISLE database • a subset of the MSRAM database • EPA’s RMP database • EPA’s TRI database • FEMA’s Port Security Grant Program database • facility-level online survey • company-level interviews • facility-level interviews conducted for a previous HSOAC study.

We used the following sources of information about the intrinsic characteristics of chemicals and their asso- ciated hazards:

• the USCG’s NRC database • EPA and NOAA’s CAMEO Chemicals database • DOT’s ERG • the LandScan USA population database.1

Many data sources required additional processing and analyses.

6.3. Approaches

An overview of our approaches is provided below for (1) CDC risk analysis, (2) facility population estimation, (3) facility risk model, and (4) cost–benefit analysis. Items 2 through 4 collectively answer the research ques- tions, with item 1 providing supporting information.

1 Although the LandScan USA population database is not directly related to chemicals or their hazards, it determines the consequence resulting from a chemical release.

Conclusions

79

6.3.1. Risk Analysis for CDCs After reviewing numerous relevant tools, data sources, and guidance documents, we developed a tool, based on desirable design requirements, to estimate the intrinsic (i.e., facility-agnostic) risks of CDCs. The CDC risk analysis tool considers five metrics:

• the NFPA health, flammability, and instability hazard ratings (NFPA, 2017) • the PAD in DOT’s ERG (see also Brown, Freeman, and Haney, 2017) • the number of incidents with a maritime nexus collected by the NRC (NRC, undated).

We scaled and aggregated these metrics to develop a composite CDC risk score. These five CDCs were found to have the highest risk scores: propane, anhydrous ammonia, fuming sulfuric acid, sulfur dioxide, and chlorine.

6.3.2. Facility Population Estimation Because a single comprehensive data source with the requisite information did not exist, we followed a com- prehensive estimation approach for the population of facilities that were subject to the reader rule delay by leveraging many data sources (i.e., MISLE, RMP, TRI, online facility-level survey, and facility-level interviews conducted for a previous HSOAC study [Williams et al., 2020]). We identified facilities that were known to handle CDCs. This was considered a lower-bound estimate. Because we did not have detailed chemical infor- mation for all MTSA-regulated facilities, we applied a reasonable extrapolation scheme to compute an upper bound. The USCG might determine that some facilities in our population estimates should be excluded. For example, we also counted the barge fleeting, container, and MARPOL facilities in case they should be excluded.

6.3.3. A Facility Risk Model We developed a facility risk model to inform the TWIC reader requirements. We considered a consequence- based risk assessment because threat and vulnerability information is typically restricted and thus not suit- able for a transparent rulemaking process. We defined facility risk modeling as an overall process that consists of three steps:

1. Use objective methodologies to characterize the risk (i.e., potential consequence) associated with a facility.

2. Identify observable attributes that can be used as proxies for consequence. 3. Analyze consequence data to group facilities with similar consequences using observable attributes

(i.e., a facility typology) for the sake of rulemaking and implementation.

We considered the MSRAM methodology and data used in prior TWIC rulemakings (e.g., USCG, 2008; CG-REG, 2015) but determined that they were not suitable because of insufficient data and a lack of use of standardized, objective methodologies for estimating consequence. We decided instead to leverage the objec- tive CFATS risk engine, thus harmonizing the consequence assessment approaches for TWIC and CFATS, two DHS programs that are related to chemical security.2 This is consistent with a 2021 GAO recommenda- tion that similar DHS chemical security programs should better coordinate (GAO, 2021). The CFATS risk

2 The TWIC program also applies to nonchemical facilities, such as ferry and cruise terminals.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

80

engine estimates consequence in terms of the potential fatalities of a successful attack for which the entire quantity of CDC is released.

Although it is possible to group facilities by consequence, the information is not directly observable because it requires the CFATS risk engine and the associated technical expertise to generate. So it was desir- able to consider some observable attributes that could serve as proxies for consequence to make grouping facilities more practical. We found a robust facility typology with just two attributes (i.e., CDC quantity and local population density) to group the consequences generated by the CFATS risk engine.

6.3.4. A Cost–Benefit Analysis Using the population estimation and the facility risk model mentioned in Sections 6.3.2 and 6.3.3, respec- tively, we conducted a cost–benefit analysis for MTSA-regulated facilities subject to the reader rule delay. We relied on a break-even analysis because threat and vulnerability (conceptually, the probability of a TSI) cannot be estimated accurately, given how infrequently actual TSIs occur. Break-even analysis requires only the costs and benefits of a regulation and yields a minimum threshold above which the regulation would be cost-effective. In this setting, the interpretation of the threshold is the frequency of TSIs that would need to be averted for the rule to be cost-effective.

For estimation of costs, we considered the capital, maintenance, operational, additional (i.e., card and reader failures), and government costs. For estimation of benefits, we monetized the potential consequence (in number of fatalities) avoided as suggested by the facility risk model using the VSL. We calculated the break-even frequencies (i.e., the length of time between TSIs) for the lower- and upper-bound estimates of facility population, where, for each population estimate, we further considered the rule as written and more- targeted regulatory approaches. A regulation can be considered cost-effective if TSIs are assumed to happen more frequently (a measure that requires subjective determination) than the break-even frequency.

6.4. Key Findings

Our key findings answer the two core research questions:

• How many facilities are subject to the reader rule delay? • Is the final reader rule cost-effective for those facilities?

Regarding the first question, we estimated that between 471 and 711 facilities handle CDCs in bulk. Nota- bly, this range falls squarely between the USCG’s estimate in the reader rule delay and trade associations’ esti- mate in public comments. Our data also showed that the original facility risk groups—the original standard for identifying facilities that handle CDCs—was a poor proxy for the population subject to the rule delay. Many facilities originally placed in risk groups B and C, which were not believed to handle CDCs, do, in fact, report CDCs to the data sources we used in our analysis.

Still, it might not be the case that 471 to 711 facilities will actually be subject to the reader rule. The USCG could decide to carve out some types of facilities. As a hypothetical example, we excluded facilities labeled in MISLE as container, MARPOL, or barge fleeting facilities that handled CDCs but were not also bulk hazmat facilities. Container and MARPOL facilities are already regulated under other sections of the Code of Federal Regulations, and, under the NPRM, barge fleeting facilities were excepted from risk group A (although it is unclear whether that interpretation applies to the text in the reader rule delay). That could potentially reduce the regulated population by about 40 facilities. Alternatively, the USCG could opt to regulate facilities based

Conclusions

81

on other observable attributes that serve as proxies for consequence, such as quantity of CDC onsite and local population density.

Regarding the second question, we estimated that, for the range of facility population estimates above, the TWIC reader rule would have to avert a TSI approximately every 60 to 90 years, at a minimum, to be cost-effective. These estimates meet the USCG’s previously reported standard of what constitutes a reason- able threshold.

Although the reader rule is potentially cost-effective even in its current form, there are reasons to consider a more-targeted approach, excluding low-quantity or low–population density facilities or both. Using two hypothetical regulatory options, we found that more-targeted approaches would lower costs and increase the median consequence avoided. Both would raise the break-even frequency (or lower the break-even thresh- old), meaning that the regulation would have to avoid one TSI approximately every 200 to 600 years to be cost-effective.

Both a targeted approach and the reader rule in its current form have supporting arguments. A targeted approach lowers the regulatory burden on lower-consequence facilities, focusing on higher-consequence facilities only. As a result, a targeted approach is likelier to be cost-effective, even if TSIs occur less than once every 100 or 200 years. But a targeted approach leaves lower-consequence facilities unhardened, which could be undesirable if threat or vulnerability at those facilities is believed to be high. In addition, the rule as writ- ten is more straightforward than a targeted rule, and it satisfies the precautionary principle that casting a wide net is preferable so long as it is cost-effective. Ultimately, the USCG must consider these trade-offs in addition to cost-effectiveness when implementing the final reader rule.

6.5. Implementation Will Be an Ongoing Process

The reader rule will be a static regulation, but implementation will inevitably require ongoing monitoring and enforcement. This is because the facility population will change as facilities open or close; indeed, our population estimates could become outdated in just a few years.

In addition, implementation would benefit from data infrastructure that does not currently exist. Even if the rule is implemented as written, the USCG must somehow know which facilities actually handle CDCs in bulk. As our analysis showed, such information is currently unavailable from a single systematic, centralized, comprehensive source. The USCG could presumably identify these facilities by referencing FSPs (which are currently reviewed every five years with annual facility visits), but those documents are mostly in hard copies and are maintained by each COTP (i.e., not centrally archived).

Therefore, implementing the final reader rule would be greatly streamlined by developing a reporting system that records, at a minimum, the types and quantities of CDCs being handled at each MTSA-regulated facility. If the final reader rule carves out certain exceptions, the USCG might also wish to know how CDCs are being handled or the local population density around each facility. Our study showed how population density can be easily calculated at scale using just latitude and longitude, but information about how CDCs are being handled must come from facilities themselves. Presumably, this CDC-handling information would also need to be updated at regular intervals to determine how the population of regulated facilities changes.

83

APPENDIX A

A Review of TWIC-Relevant Regulations

This appendix describes regulations related to the TWIC reader rule and important terms defined in regula- tions. Sections A.1 and A.2 describe the legislative history of the TWIC program and the various versions of the TWIC reader rule, culminating in the final version of the rule and the reader rule delay studied in this report. (Section 1.3 provides an abbreviated version of the TWIC legislative history.) Sections A.3 and A.4 describe previous studies and regulatory reviews pertaining to risk group A facilities and the costs of the TWIC reader rule. Section A.5 recounts key definitions and terms.

A.1. Origins of the TWIC Program

Several pieces of legislation led to the creation of the TWIC program, including ATSA (2001), MTSA (2002), and the SAFE Port Act of 2006.

A.1.1. ATSA President George W. Bush signed ATSA into law on November 19, 2001, to fundamentally change how the United States “approaches the task of ensuring the safety and security of the civil air transportation system” (U.S. House of Representatives, 2001). ATSA established TSA and, among other things, permitted TSA to require background checks for people with access to secure areas of airports and to consider using biometric and other emerging technologies to verify the identities of people entering such areas.

A.1.2. MTSA MTSA was designed as a counterterrorism tool to enhance maritime security. The act called for a variety of port security measures, including implementation of access control programs at regulated maritime facilities and requirements for identity assurance. This included the issuance of a transportation security card used for access to secure areas. The credential was intended “to be a universally recognized identification card accepted across all modes of the national transportation system, including airports, seaports, and railroad terminals, for transportation workers requiring unescorted physical access to secure areas in this system” (GAO, 2004, p. 5).

Under MTSA, the TWIC program instituted the requirement for a transportation security card for work- ers employed in secure areas of maritime facilities. The statute prescribed

regulations to prevent an individual from entering an area of a vessel or facility that is designated as a secure area by the Secretary for purposes of a security plan for the vessel or facility that is approved by the Secretary under section 70103 of this title unless the individual—(A) holds a transportation security card issued under this section and is authorized to be in the area in accordance with the plan. (Pub. L. 107-295, 2002, § 102)

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

84

The issuance of the card would be based on a security review to examine the applicant’s criminal history and terrorism risk, and the card would include the holder’s biometric data to verify that the holder was the proper person and had authority to access secure areas.

A.1.3. The SAFE Port Act of 2006 The SAFE Port Act further enhanced security at port facilities. This act included provisions for tracking cargo containers and the implementation of radiation detection equipment at U.S. ports. Regarding TWIC, the SAFE Port Act authorized the Secretary of Homeland Security to establish a priority for each U.S. port for the implementation of the TWIC program based on a risk assessment.

This legislation also authorized a pilot program for TWIC electronic readers to “test the business pro- cesses, technology, and operational impacts required to deploy transportation security card readers at secure areas of the marine transportation system” (Pub. L. 109-347, 2006, § 104). The pilot program would take place in at least five locations no later than 180 days after the legislation’s enactment and provide a public comment period no later than two years from that enactment, with a report on the program’s findings delivered to the appropriate congressional committee.

A.2. The History of TWIC Rulemaking

This section provides additional information on the history of TWIC rulemaking. TSA established the TWIC program in December 2001 (Williams et al., 2020, p. 12). As initially conceived, the TWIC program would require the use of biometrically enabled credentials and electronic biometric card readers.

A.2.1. The First TWIC Rulemaking: 2007 As described in Williams et al., 2020,

The first rulemaking (2007) revised 49 C.F.R. Part 1572, set forth a process for issuing TWICs, and required MTSA-regulated vessels and port facilities to “use .  .  . TWIC as an access control measure” [TSA, 2007, p. 3492]. The 2007 rule did not prescribe a particular method of inspecting or validating TWIC[s]; it pro- vided only that any owner or operator of a MTSA-regulated facility or vessel “change their existing access control procedures to ensure that any merchant mariners and any other individual seeking unescorted access to a secure area of their vessel or facility has a TWIC” [TSA, 2007, pp. 3492, 3495]. (Williams et al., 2020, p. 13; bracketed citations are ours)

A.2.2. Advanced Notice of TWIC Reader Requirements: 2009 In 2009, the USCG published an advance NPRM (ANPRM) for “Transportation Worker’s Identification Credential—Reader Requirements” (USCG, 2009). The ANPRM sought public comments on classifying MTSA-regulated facilities and vessels into three risk categories based on risk analyses incorporating data from MSRAM and an analytic hierarchy process (AHP). MTSA-regulated facilities and maritime vessels were classified into risk groups A, B, and C, as shown in Table A.1.

The rankings were based on three factors:

• the maximum consequence resulting from a terrorist attack • the criticality to the country’s health, economy, and national security • the TWIC program’s utility in reducing risk (USCG, 2009, p. 13363).

A Review of TWIC-Relevant Regulations

85

The ANPRM proposed a different reader requirement for each risk group:

• For risk group A, electronic inspection of TWICs would be required at all maritime security (MARSEC) levels.

• For risk group B, random electronic inspections would be performed at MARSEC level 1 with required electronic inspections at MARSEC levels 2 and 3.1

• Risk group C would be exempt from the reader rule (USCG, 2009, p. 13366).

A.2.3. Notice of Proposed Rulemaking: 2013 Informed by subsequent analysis and review of public comments from the 2009 ANPRM, the USCG pub- lished an NPRM in 2013 (USCG, 2013). The NPRM kept the majority of the 2009 ANPRM in place but lim- ited the reader rule requirements to only risk group A for the initial implementation of the regulation, requir- ing only visual inspection of TWICs for risk groups B and C. This was based, in part, on public comments from risk group B facility operators about the costs of implementing the TWIC requirements. Analysts of the USCG’s preliminary regulatory impact of the reader rule estimated a $26.5 million annualized cost to risk

1 The MARSEC levels are as follows: MARSEC Level 1 means the level for which minimum appropriate security measures shall be maintained at all times.

MARSEC Level 2 means the level for which appropriate additional protective security measures shall be maintained for a period of time as a result of heightened risk of a transportation security incident.

MARSEC Level 3 means the level for which further specific protective security measures shall be maintained for a limited period of time when a transportation security incident is probable, imminent, or has occurred, although it may not be possible to identify the specific target. (USCG, undated)

TABLE A.1

MTSA Risk Group Categories as Defined in 2009

Risk Group Facility Criterion Vessel Criterion

A “(1) Vessels that carry Certain Dangerous Cargoes (CDC) in bulk; (2) Vessels certificated to carry more than 1,000 passengers; and (3) Towing vessels engaged in towing a barge or barges subject to paragraphs [sic] (1) or (2).”

B “(1) Vessels that carry hazardous materials other than CDC in bulk; (2) Vessels subject to 46 CFR Chapter I, Subchapter D, that carry any flammable or combustible liquid cargoes or residues [footnote omitted]; (3) Vessels certificated to carry 500 to 1,000 passengers; and (4) Towing vessels engaged in towing a barge or barges subject to paragraphs [sic] (1), (2), or (3).”

C

“(1) Facilities that handle CDC in bulk; (2) Facilities that receive vessels certificated to carry more than 1,000 passengers; and (3) Barge fleeting facilities that receive barges carrying CDC in bulk.”

“(1) Facilities that receive vessels that carry hazardous materials other than CDC in bulk; (2) Facilities that receive vessels subject to 46 CFR Chapter I, Subchapter D, that carry any flammable or combustible liquid cargoes or residues; (3) Facilities that receive vessels certificated to carry 500 to 1,000 passengers; and (4) Facilities that receive towing vessels engaged in towing a barge or barges carrying hazardous materials other than CDC in bulk, crude oil, or certificated to carry 500 to 1,000 passengers.”

“(1) MTSA-regulated facilities that receive vessels carrying non-hazardous cargoes that are required to have a vessel security plan; (2) Facilities that receive towing vessels engaged in towing a barge carrying non-hazardous cargoes; (3) Facilities that receive vessels certificated to carry less than 500 passengers.”

“(1) Vessels carrying non-hazardous cargoes that are required to have a vessel security plan; (2) Vessels certificated to carry less than 500 passengers; (3) Towing vessels engaged in towing a barge subject to paragraphs [sic] (1) or (2); Mobile Offshore Drilling Units (MODU); and (5) Offshore Supply Vessels (OSVs) subject to 46 CFR chapter I, subchapters [sic] L or I.”

SOURCE: USCG, 2009,§ (IV)(E).

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

86

group A operators. In comparison, they estimated that the annualized cost would increase to $141.2 million if risk group B were included. In addition, the USCG stated, “the average consequence figure, (the monetized costs of fatalities and injuries resulting from a TSI) would drop by more than one-third” (CG-REG, 2013, p. 17795). The NPRM did not preclude the possibility of requiring electronic inspection of TWICs for risk group B in the future but focused on a phased approach to implementation for risk group A (CG-REG, 2013, p. 17785).

A.2.4. The Final Reader Rule: 2016 In 2016, the USCG published the final reader rule. The 2016 version of the reader rule kept the risk group A requirement in place and eliminated the distinction between risk groups B and C for both vessels and facili- ties. The reader rule also provided several exemptions, as follows (USCG, 2016, p. 57654):

• clarification that, for risk group A facilities, electronic TWIC inspection is required each time someone is granted unescorted access to a secure area (a limited exception is permitted for recurring unescorted access)

• increase in the exemption from electronic TWIC inspection requirements to vessels with 20 or fewer TWIC-holding crew members2

• elimination of the special requirement that barge fleeting facilities that handle or receive barges carry- ing CDCs in bulk be classified in risk group A

• provision of additional flexibility for ferries and other vessels that use dedicated terminals in risk group A to integrate their electronic TWIC inspection programs with their terminals’ programs.

The 2016 reader rule also clarified an important point that would become a contentious issue in future interactions between the USCG and the maritime industry. Public comments raised the question of whether a facility would be considered risk group A if it handled CDCs in a nonmaritime capacity. The USCG deter- mined that those facilities would be considered to “handle CDC in bulk” and therefore were classified as risk group A because the facility would still have to account for CDC in the facility’s access control program to prevent a TSI. The effective date of the final reader rule was intended to be August 23, 2018.

A.2.5. Delay of the Effective Date for TWIC Reader Requirements: 2018 The reader rule did not go into effect as planned. In 2018, the USCG issued another NPRM, “TWIC-Reader Requirements; Delay of Effective Date,” which proposed moving the required date of implementation for two classes of risk group A facilities: (1) facilities that handle CDC in bulk but do not transfer them to or from a vessel and (2) facilities that receive vessels carrying CDCs in bulk but, during the vessel-to-facility interface, do not transfer them to the facility (USCG, 2018b). Facilities that transferred CDCs to or from a vessel and facilities that receive large passenger vessels were still required to comply with the reader rule on the previous effective date. The effective date was delayed by three years (until August 23, 2021) for the affected groups to give the USCG more time to consider industry input into the scope of the rule and to review the methodol- ogy used to determine how facilities were classified into their respective risk groups (USCG, 2018b, p. 29068).

2 Currently, only one vessel fits this criterion to be included in risk group A.

A Review of TWIC-Relevant Regulations

87

A.2.6. Delay of the Effective Date for TWIC Reader Requirements: 2020 In 2020, the USCG issued a final reader rule again delaying the effective date of the reader rule, this time to May 8, 2023 (USCG, 2020). The 2020 reader rule delay maintained the exemption for the first two classes of risk group A facilities and added facilities that transfer CDCs during the vessel-to-facility interface. The USCG estimated that this delay would affect 370 of the 525 risk group A facilities subject to the final reader rule (USCG, 2020, p.  13493). The reader rule delay was proposed after the USCG received a significant number of public comments from regulated entities about what constitutes a “CDC facility” and to give the USCG time to analyze a congressionally mandated program assessment conducted by HSOAC researchers (USCG, 2020, p. 13495; the report is Williams et al., 2020).

A.3. Determining Which Facilities Belong in Risk Group A

Public comments from the maritime industry and other stakeholders included a wide variety of concerns about the application, cost, and effectiveness of the TWIC reader rule. One source of confusion was what constitutes a CDC facility versus a facility that handles CDCs in bulk (in other words, a risk group A facil- ity). Many commenters pointed to a USCG document, based on 33 C.F.R. 105.295, that defined the term CDC facility to mean anywhere “a vessel-to-facility interface must occur, or be capable of occurring, and involve the transfer of CDC in bulk” (MTSA/International Ship and Port Security Policy Advisory Council, 2004). It also stated that facilities that received CDCs from such entities as rail cars or tanker trucks would not be considered CDC facilities.

This definition contrasted with the phrase “facilities that handle certain dangerous cargoes in bulk” used in the 2016 final reader rule, which stated that facilities that stored CDCs on their premises or received them from nonmaritime sources would be classified in risk group A. In the reader rule delay, the USCG stated that the 2016 reader rule definition is the one that would be applied once facilities have to comply with the final reader rule (USCG, 2020).

A.4. Cost–Benefit Analyses of the TWIC Reader Rule

To provide context, this section describes some of the previous cost–benefit analyses of the TWIC reader rule. Refer to Chapter Five for the results of the latest cost–benefit analysis.

A.4.1. The USCG’s Preliminary Regulatory Analysis and Final Regulatory Flexibility Analysis: 2015 The USCG conducted preliminary (CG-REG, 2013) and final (CG-REG, 2015) regulatory analyses to esti- mate the potential costs and benefits of the TWIC reader rule. These analyses determined that limiting the rule to a population of high-risk facilities—targets that would lead to high consequences in the event of a TSI—would provide the most cost-effective approach to implementing the regulation. Under the 2013 NPRM, only risk group A facilities would be required to utilize an electronic reader for identity verification and TWIC validation.

The 2016 reader rule subsequently removed barge fleeting facilities from risk group  A and raised the threshold for vessels being exempted from TWIC reader requirements from those carrying 14 or fewer to 20 or fewer TWIC-holding crew members. Therefore, under the 2016 reader rule the preferred alternative included 525 facilities and one vessel in risk group A.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

88

Both the preliminary and final USCG reports considered several regulatory alternatives that would modify the number of facilities and vessels subject the TWIC reader requirements. When comparing alter- natives, the USCG considered the results of a break-even analysis for different combinations of regulated entities subject to the rule. They concluded that other regulatory alternatives were likely to increase the cost burden on industry by increasing the affected population while, in some cases, being unlikely to significantly reduce the risk of a TSI. The USCG rejected two regulatory alternatives, which significantly increased the number of affected facilities from 525 to 1,174 and 2,173, respectively, because the overall risk score as deter- mined in the AHP was not as high as for risk group A facilities.3 In both cases, the average maximum conse- quence was less than half that for risk group A facilities, which implies that the TWIC reader requirements would have to successfully avert TSIs at a substantially (perhaps implausibly) higher frequency to justify the costs of the rule.4

In defending the final reader rule, the USCG referred to the risk methodology based on the AHP, and to the USCG’s own regulatory analysis (CG-REG, 2015). The comparison of the break-even thresholds across several regulatory alternatives informed the USCG’s decision to select the preferred alternative.

A.4.2. A Congressionally Mandated Assessment of the TWIC Program’s Risk- Mitigation Value The congressionally mandated assessment of the TWIC program’s risk-mitigation value, conducted by HSOAC researchers, performed a similar cost-effectiveness analysis of the reader rule using a revised set of assumptions based on the researchers’ own findings. The researchers analyzed the potential impacts of the TWIC reader requirements for a larger population of facilities potentially subject to the reader rule if a broader definition were used. Their analysis expanded the population of facilities subject to the rule to include three additional categories (Williams et al., 2020, p. 142):

• non–risk group A (nonexempt) bulk liquid or bulk oil facilities • non–risk group A (nonexempt) facilities receiving or transferring hazardous, explosive, or radioactive

materials • all non–risk group A (nonexempt) container facilities.

The additional categories were based on the presence of certain hazmat, although not necessarily all material would be considered CDC under 33 C.F.R. § 160.202.

The study team concluded that the previous USCG report likely underestimated the costs of the rule and overstated the potential benefits (Williams et al., 2020, p. 148). The analysts estimated that the expanded population could include about 1,000 additional facilities, with bulk liquid facilities (780) accounting for a vast majority of the increase. This estimate was based on a count of all hazmat facilities, yielding a population three times the USCG’s original estimate. The study team also concluded that, if the final reader rule applied to all facilities in the expanded population, the cost impacts would increase by almost a factor of four to more than $100 million per year and that this could drastically alter the cost-effectiveness of the electronic reader

3 In the final reader rule, under alternative 4, the USCG would have moved three facility categories—petroleum refineries, non-CDC bulk hazmat facilities, and petroleum storage facilities—into risk group A from risk group B, based on the average maximum consequence for these facility types. Under alternative 5, the USCG would have required TWIC readers to be used at all risk group A and B facilities. 4 For example, the benefits of the rule would be unlikely to exceed the costs if the frequency implied by the break-even threshold exceeded the number of successful attacks likely to occur in the same time frame that would not otherwise be miti- gated through non–TWIC-related security measures.

A Review of TWIC-Relevant Regulations

89

requirement (Williams et al., 2020, p. 144). As the USCG found in the comparison of its regulatory alterna- tives, this outcome would likely significantly increase the overall cost of the rule while the larger affected population would have a lower overall risk score—thus, the break-even analysis would be less likely to justify the cost of the rule. The analysis in the present study suggests that the regulated population is likely lower than the prior, conservative estimate.

A.5. Definition of Key Terms

Title 33 of the Code of Federal Regulations contains several definitions that are relevant to the analysis of the final reader rule. These definitions provide the basic understanding of the language written in statute per- taining to electronic TWIC readers, CDCs, and regulated facilities.

As shown in Table A.2, 33 C.F.R. § 101.105 provides several definitions related to maritime facilities. As listed here, 33 C.F.R. § 105.105 defines the facilities to which MTSA applies:

(1) Facility subject to 33 CFR parts [sic] 126, 127, or 154;

(2) Facility that receives vessels certificated to carry more than 150 passengers, except those vessels not car- rying and not embarking or disembarking passengers at the facility;

(3) Facility that receives vessels subject to the International Convention for [the] Safety of Life at Sea, 1974, chapter XI;

(4) Facility that receives foreign cargo vessels greater than 100 gross register tons;

(5) Facility that receives U.S. cargo vessels, greater than 100 gross register tons, subject to 46 CFR chapter I, subchapter I, except for those facilities that receive only commercial fishing vessels inspected under 46 CFR part 105; or

(6) Barge fleeting facility that receives barges carrying, in bulk, cargoes regulated by 46 CFR chapter I, sub- chapters [sic] D or O, or Certain Dangerous Cargoes. (33 C.F.R. § 105.105[a])

TABLE A.2

Definitions Related to Maritime Facilities

Term Definition

Facility “[A]ny structure or facility of any kind located in, on, under, or adjacent to any waters subject to the jurisdiction of the U.S. and used, operated, or maintained by a public or private entity, including any contiguous or adjoining property under common ownership or operation.”

Bulk “[A] commodity that is loaded or carried without containers or labels, and that is received and handled without mark or count. This includes cargo transferred using hoses, conveyors, or vacuum systems.”

Vessel-to-facility interface

“[T]he interaction that occurs when a vessel is directly and immediately affected by actions involving the movement of persons, cargo, vessel stores, or the provisions of facility services to or from the vessel.”

SOURCE: 33 C.F.R. § 101.105.

91

APPENDIX B

CDCs Authorized to Be Transported by Vessels in Bulk

In this appendix, we list the nine categories of chemicals (and, as appropriate, their residues) defined in 33 C.F.R. § 160.202 as CDCs:

• division 1.1 or 1.2 explosives as defined in 49 C.F.R. § 173.50. Division 1.1 is “explosives that have a mass explosion hazard. A mass explosion is one which affects almost the entire load instantaneously”; divi- sion 1.2 is explosives that have a projection hazard but not a mass explosion hazard.”

• division  1.5 compatibility group  D blasting agents for which a permit is required under 49 C.F.R. § 176.415 or, for which a permit is required as a condition of a Research and Special Programs Adminis- tration exemption. Group D consists of any explosive with “a means of initiation which itself possesses two effective protective features.”

• division 2.3 “poisonous gas” as listed in 49 C.F.R. § 172.101 that is also a “material poisonous by inhala- tion” as defined in 49 C.F.R. § 171.8 and that is in a quantity in excess of 1 metric ton per vessel

• division 5.1 oxidizing materials for which a permit is required under 49 C.F.R. § 176.415 or for which a permit is required as a condition of a Research and Special Programs Administration exemption

• a liquid material that has a primary or subsidiary classification of division 6.1 “poisonous material” as listed in 49 C.F.R. § 172.101 that is also a “material poisonous by inhalation” as defined in 49 C.F.R. § 171.8 and that is in a bulk packaging or that is in a quantity in excess of 20 metric tons per vessel

• class 7 “highway route controlled quantity” radioactive material or “fissile material, controlled ship- ment,” as defined in 49 C.F.R. § 173.403

• all bulk liquefied gas cargo carried under 46 C.F.R. § 151.50-31 or listed in 46 C.F.R. 154.7 that is flam- mable and/or toxic and that is not carried as CDC residue

• the following bulk liquids except when carried as CDC residue: – acetone cyanohydrin – allyl alcohol – chlorosulfonic acid – crotonaldehyde – ethylene chlorohydrin – ethylene dibromide – methacrylonitrile – oleum (fuming sulfuric acid) – propylene oxide, alone or mixed with ethylene oxide

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

92

• the following bulk solids: – ammonium nitrate listed as a division 5.1 (oxidizing) material in 49 C.F.R. § 172.101 except when carried as CDC residue

– ammonium nitrate–based fertilizer listed as a division 5.1 (oxidizing) material in 49 C.F.R. § 172.101 except when carried as CDC residue.

Because the various categories of CDCs rely on definitions in numerous other regulations, the USCG published the CDC job aid to assist industry in determining what specific chemicals are classified as CDCs.1 This guidance document translates the relevant sections of 46 and 49 C.F.R. to create a list of 466 chemicals that fit the definition of CDC based on 33 C.F.R. § 160.202.

Regulations authorized 40 of these 466  chemicals to be transported in bulk on maritime vessels. An additional three chemicals were authorized to be carried on maritime vessels based on information from the International Code for the Construction and Equipment of Ships Carrying Liquefied Gases in Bulk (IGC Code). These three chemicals were not included as CDCs in the definitions laid out in 33, 46, or 49 C.F.R.: dimethyl ether, isopropylamine, and mixed C4 cargoes.2

The CDC job aid provides the UN ID numbers and proper shipping names for these 43 CDCs, as well as a weight requirement to be considered a CDC (if applicable). Table B.1 lists this information, as well as the corresponding CAS number (EPA, undated c; NIH, undated) and the CHRIS code (USCG, 1999) for each CDC. Eleven of the 43 CDCs have weight requirements (Commandant, 2020c) to be considered CDCs. Some CDCs have multiple CHRIS codes.

TABLE B.1

CDCs Authorized to Be Carried by Maritime Vessels in Bulk

Proper Shipping Name of CDCa UN ID

Numbera CASb CHRISc

Weight Requirements to Be Considered CDC, in

Metric Tonsa

1-Pentene (n-amylene) 1108 109-67-1 PTE

Acetaldehyde 1089 75-07-0 AAD

Acetone cyanohydrin, stabilized 1541 75-86-5 ACY 20 or bulk packaging

Allyl alcohol 1098 107-18-6 ALA 20 or bulk packaging

Ammonia, anhydrous 1005 7664-41-7 AMA 1

Ammonium nitrate, with not more than 0.2% total combustible material, including any organic substance, calculated as carbon to the exclusion of any other added substance

1942 6484-52-2 AMN

Ammonium nitrate–based fertilizer 2067 6484-52-2 ANP, ANS, ANU, UAS

Butadienes, stabilized, or butadienes and hydrocarbon mixture, stabilized and containing more than 40% butadienes

1010 106-99-0 BDI, BBM

1 At the time of writing, the CDC job aid was under revision to provide more guidance and greater clarity to industry and USCG facility inspectors. 2 These three CDCs are not transported by U.S.-flag vessels in bulk; under U.S. regulations, they are characterized as flam- mable or toxic cargoes but not CDCs. They appear as CDCs only in international regulations and would be transported only by foreign-flag vessels. For more information, see Commandant, 2020c, p. 1.

CDCs Authorized to Be Transported by Vessels in Bulk

93

Proper Shipping Name of CDCa UN ID

Numbera CASb CHRISc

Weight Requirements to Be Considered CDC, in

Metric Tonsa

Butane 1011 106-97-8 BUT, IBT

Butylene 1012 25167-67-3 BTN, IBL

Chlorine 1017 7782-50-5 CLX 1

Chlorosulfonic acid (with or without sulfur trioxide) 1754 7790-94-5 CSA

Crotonaldehyde or crotonaldehyde, stabilized 1143 4170-30-3 CTA 20 or bulk packaging

Cyclopentene 2246 142-29-0 CPE

Diethyl ether or ethyl ether 1155 60-29-7 EET

Dimethyl ether 1033 115-10-6 DIM

Dimethylamine, anhydrous 1032 124-40-3 DMA

Dipentene 2052 138-86-3 DPN

Ethane, refrigerated liquid 1961 74-84-0 ETH

Ethyl chloride 1037 75-00-3 ECL

Ethylene, refrigerated liquid (cryogenic liquid) 1038 74-85-1 ETL

Ethylene chlorohydrin 1135 107-07-3 ECH 20 or bulk packaging

Ethylene dibromide 1605 106-93-4 EDB 20 or bulk packaging

Ethylene oxide and propylene oxide mixtures with not more than 30% ethylene oxide

2983 Unknown EPM

Ethylene oxide or ethylene oxide with nitrogen up to a total pressure of 1 MPa (10 bar) at 50 degrees Celsius

1040 75-21-8 EOX 1

Isopentenes 2371 563-45-1 PTX

Isoprene, stabilized 1218 78-79-5 IPR

Isopropylamine 1221 75-31-0 IPP

Methacrylonitrile, stabilized 3079 126-98-7 MET 20 or bulk packaging

Methane, refrigerated liquid (cryogenic liquid), or natural gas, refrigerated liquid (cryogenic liquid) with high methane content

1972 74-82-8 MTH

Methyl acetylene and propadiene mixtures, stabilized 1060 59355-75-8 MAP

Methyl bromide 1062 74-83-9 MTB 1

Methyl chloride or refrigerant gas R 40 1063 74-87-3 MTC

Mixed C4 cargoes Unknown Unknown BMX

Pentanes 1265 109-66-0 PTY, PTA, IPT

Propane 1978 74-98-6 PRP

Propylene 1077 115-07-1 PPL

Propylene oxide 1280 75-56-9 POX

Sulfur dioxide 1079 7446-09-5 SFD 1

Table B.1—Continued

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

94

Proper Shipping Name of CDCa UN ID

Numbera CASb CHRISc

Weight Requirements to Be Considered CDC, in

Metric Tonsa

Sulfuric acid, fuming with 30% or more free sulfur trioxide

1831 8014-95-7 SFA, OLM

Vinyl chloride, stabilized 1086 75-01-4 VCM, VCL

Vinyl ethyl ether, stabilized 1302 109-92-2 VEE

Vinylidene chloride, stabilized 1303 75-35-4 VCI

a Source: Commandant, 2020c. b Sources: EPA, undated c; NIH, undated. c Source: USCG, 1999.

Table B.1—Continued

95

APPENDIX C

Processing of PAD in the ERG

The intrinsic risk analysis of CDCs described in Chapter Two mentioned the use of PAD—the recommended standoff distance that protection activities (e.g., evacuation, sheltering in place) might require for responding to a large spill—included in DOT’s ERG (see also Brown, Freeman, and Haney, 2017).1 Because the degree of granularity for PAD differs according to chemicals in the ERG, this appendix describes how we systemati- cally retrieved the PAD values for each CDC. Figure C.1 summarizes our four processing steps, which we describe further in this appendix.

1 Recall that, by intrinsic, we mean that the analysis is agnostic to facility.

FIGURE C.1

Processing Steps for Determining PAD

NOTE: If a CDC has the same NFPA rating for both health and flammability hazards, treat it as a toxic CDC because the inhalation hazards associated with toxic CDCs typically reach farther downwind than the overpressure hazards associated with flammable CDCs.

Use the PAD for the largest container (rail tank car) under

nighttime low-wind conditions.

Calculate the median PAD of other CDCs in the database that

have the same health rating.

Calculate the median PAD of other CDCs in the database that

have the same �ammability rating.

Is the CDC covered by an ERG orange guide that has an entry for

evacuation distance for a large spill?

Is the CDC covered by ERG Table 3?

Is the CDC covered by ERG Table 1?

Is the NFPA health or �ammability hazard rating higher?

Yes

Use the PAD for a large spill under nighttime conditions.

Yes

Use the evacuation distance for a large spill.

Yes

No

No

No

Health Flammability

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

96

First, we checked whether a CDC (see Appendix B) was among the six common toxic inhalation hazard chemicals (i.e., anhydrous ammonia, chlorine, ethylene oxide, hydrogen chloride, hydrogen fluoride, and sulfur dioxide) covered in the ERG’s Table 3 on “initial isolation and protective action distances for large spills.” Four CDCs (anhydrous ammonia, chlorine, ethylene oxide, and sulfur dioxide) are present in that table. For these four CDCs, we selected the PAD for the largest container (rail tank car) under nighttime, low-wind conditions because those conditions typically give the worst-case scenarios (see, e.g., EPA, 2009).

Second, we determined which of the CDCs not listed in the ERG’s Table 3 appeared in the ERG’s Table 1 on “initial isolation and protective action distances,” which contains information for about 800 chemicals.2 For the nine CDCs that are included in the ERG’s Table 1, we selected the PAD for a large spill under nighttime conditions because those conditions typically yield the worst-case scenarios among the options included.3

Third, for CDCs not covered in the ERG’s Tables 3 and 1, we further checked whether the CDC was cov- ered by the ERG’s orange guides, general guidance on hazards and safety precautions for about 3,000 chemi- cals grouped in different categories based on their properties. For the 28 matched CDCs, we selected the cor- responding evacuation distance for a large spill as the PAD.

Fourth, after completing the first three steps, the PADs for two CDCs remained to be determined: (1) eth- ylene oxide and propylene oxide mixtures containing not more than 30 percent ethylene oxide and (2) iso- propylamine. For each of these two CDCs, we calculated the PAD as the median of the PADs for other CDCs that were of a similar type (i.e., toxic or flammable) and level of hazard. Specifically, we consulted the NFPA health or flammability hazard ratings (NFPA, 2017). (The NFPA health hazard rating describes a com- pound’s toxicity, and the NFPA flammability hazard rating describes its flammability; see Chapter Two.) We retrieved NFPA hazard ratings from EPA and NOAA’s CAMEO Chemicals database (Office of Response and Restoration, undated). We considered the higher of either the NFPA health or flammability hazard rating to be the dominant factor. The flammability hazard ratings for each of these CDCs is 4, which is higher than either CDC’s health hazard rating of 3. Thus, we estimated the PAD for each CDC as the median of the PADs for all CDCs with NFPA flammability hazard ratings of 4 (0.5 mile).

Although we have not encountered this for the list of 43 CDCs authorized to be transported by vessels in bulk, if a CDC has the same NFPA rating for both health and flammability hazards, we would treat it as a toxic CDC because the inhalation hazards associated with toxic CDCs typically reach farther downwind than the overpressure hazards associated with flammable CDCs.

Table C.1 shows the PADs and NFPA health and flammability hazard ratings for all 43 CDCs authorized to be transported by vessels in bulk. For the sake of completeness, the table also includes the NFPA instabil- ity hazard rating, which, although not used in this appendix, is used in the CDC risk analysis discussed in Chapter Two.

2 The ERG’s Table 3 contains more-granular information than the ERG’s Table 1 does. For example, the ERG’s Table 3 covers daytime and nighttime conditions with low, moderate, and high winds; the ERG’s Table 1 simply has daytime and nighttime conditions without additional refinements to account for different wind speeds. 3 The ERG defines large spill as a spill that involves quantities greater than 208  L (55  U.S. gallons) without additional clarification.

Processing of PAD in the ERG

97

TABLE C.1

PADs and NFPA Health, Flammability, and Instability Hazard Ratings for CDCs

Proper Shipping Name of CDC PAD, in Milesa

NFPAb

Health Flammability Instability

1-Pentene (n-amylene) 0.19 1 4 1

Acetaldehyde 0.19 2 4 2

Acetone cyanohydrin, stabilized 0.5 4 2 2

Allyl alcohol 0.8 4 3 1

Ammonia, anhydrous 2.8 3 1 0

Ammonium nitrate with not more than 0.2% total combustible material, including any organic substance, calculated as carbon to the exclusion of any other added substance

0.06 0 0 3

Ammonium nitrate–based fertilizer 0.06 0 0 3

Butadienes, stabilized, or butadienes and hydrocarbon mixture, stabilized and containing more than 40% butadienes

0.5 2 4 2

Butane 0.5 1 4 0

Butylene 0.5 1 4 0

Chlorine 7 4 0 0

Chlorosulfonic acid (with or without sulfur trioxide) 0.2 4 0 2

Crotonaldehyde or crotonaldehyde, stabilized 0.5 4 3 2

Cyclopentene 0.19 1 3 1

Diethyl ether or ethyl ether 0.19 1 4 1

Dimethyl ether 0.5 2 4 1

Dimethylamine, anhydrous 0.5 3 4 0

Dipentene 0.19 2 2 0

Ethane, refrigerated liquid 0.5 1 4 0

Ethyl chloride 0.5 2 4 0

Ethylene, refrigerated liquid (cryogenic liquid) 0.5 2 4 2

Ethylene chlorohydrin 0.1 4 2 0

Ethylene dibromide 0.1 3 0 0

Ethylene oxide and propylene oxide mixtures with not more than 30% ethylene oxide

0.5 3 4 3

Ethylene oxide or ethylene oxide with nitrogen up to a total pressure of 1 MPa (10 bar) at 50 degrees Celsius

2.1 3 4 3

Isopentenes 0.19 1 3 0

Isoprene, stabilized 0.19 1 4 2

Isopropylamine 0.5 3 4 0

Methacrylonitrile, stabilized 1.7 4 3 2

Methane, refrigerated liquid (cryogenic liquid), or natural gas, refrigerated liquid (cryogenic liquid) with high methane content

0.5 3 4 0

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

98

Proper Shipping Name of CDC PAD, in Milesa

NFPAb

Health Flammability Instability

Methyl acetylene and propadiene mixtures, stabilized 0.5 1 4 3

Methyl bromide 0.5 3 1 0

Methyl chloride or refrigerant gas R 40 0.5 2 4 0

Mixed C4 cargoes 0.5 1 4 0

Pentanes 0.19 1 4 0

Propane 0.5 2 4 0

Propylene 0.5 1 4 1

Propylene oxide 0.19 3 4 2

Sulfur dioxide 7 3 0 0

Sulfuric acid, fuming with 30% or more free sulfur trioxide 4 3 0 2

Vinyl chloride, stabilized 0.5 2 4 2

Vinyl ethyl ether, stabilized 0.19 2 4 2

Vinylidene chloride, stabilized 0.19 4 4 2

a Sources: DOT, 2020; Brown, Freeman, and Haney, 2017. b Source: Office of Response and Restoration, undated.

Table C.1—Continued

99

APPENDIX D

Processing of USCG NRC Incident Data

This appendix describes how we retrieved and processed the NRC incident data (NRC, undated) that the USCG maintains. We included the NRC data in the intrinsic risk analysis of CDCs as described in Chap- ter Two. By intrinsic, we mean that the analysis is agnostic to facility.

The NRC

is a part of the federally established National Response System and staffed 24 hours a day by the U.S. Coast Guard. It is the designated federal point of contact for reporting all oil, chemical, radiological, biological and etiological discharges into the environment, anywhere in the United States and its territories. (EPA, undated d)

We downloaded the complete NRC data for 2011 through 2020 from the center’s website (NRC, undated). The data were in Excel format with one file per year, amounting to roughly 273,000 reports or incidents over ten years. The incidents cover the complete spectrum, from a gasoline spill from an overturned truck to a major oil spill from an oceangoing vessel. Each Excel workbook has multiple worksheets and an index to link all information relevant to an incident from different worksheets.

We created a condensed master table that includes the following data fields for each incident:1

1. the year in which the incident occurred 2. the three-letter CHRIS code (USCG, 1999) for the material involved in the incident 3. the number of fatalities reported 4. the number of injured reported 5. the federal agency notified 6. the state agency notified.

We used data field 2 (i.e., the CHRIS code) to filter those incidents that involved the CDCs considered in this study (Appendix B). See Table B.1 for a list of the CHRIS codes used for the CDCs.

Because the NRC data include incident data for all domains (i.e., maritime and inland), we used data fields 5 and 6 to determine whether an incident had a maritime nexus, which was the focus of the study. We assumed that the USCG being notified was an indication that an incident had a maritime nexus. Because the NRC database did not have standardized entries for data field 5, we searched the field for these text strings as an indication that the USCG was notified: CG, USCG, COAST GUARD, DISTRICT, SECTOR, STATION,

1 We used the Python programming language, the data analysis library called pandas specifically, for data processing and analysis.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

100

IMD, MSD, MSO, MSU, D1, D5, D7, D8, D9, CAPT OF THE PORT, CAPTAIN OF PORT, CAPTAIN OF THE PORT, and COTP. The reasons are as follows:

• DISTRICT, SECTOR, and STATION indicate USCG jurisdictions. • D1, D5, D7, D8, and D9 are abbreviations for USCG districts; D1 further includes D11, D13, D14, and

D17. • The rest are abbreviations for different USCG offices and units: COTP, IMD (incident management divi-

sion), MSD (maritime safety detachment), MSO (maritime safety officer), and MSU (marine safety unit).

We noticed some similar text strings related to the USCG in data field 6 even though the USCG is not a state agency. So, when data field 5 was blank or included any of certain strings (NONE, N ONE, NOE, nan, or UNKNOWN), we also searched data field 6 for the same text strings described above to infer USCG rel- evance and hence a maritime nexus. We considered relevant any incident for which (1) data field 5 contained a USCG-relevant search string or (2)  data field  5 contained no information but data field  6 contained a USCG-relevant search string. About 13 percent (roughly 35,500 incidents) of the 2011–2020 NRC data were identified to have a maritime nexus through this process, regardless of whether the material involved was on the list of 43 CDCs authorized to be transported by vessels in bulk (see Appendix B). After considering just the 43 CDCs, we found only 216 USCG-relevant incidents. (We found about 16,600 incidents involving the 43 CDCs for all NRC data regardless of the presence of a maritime nexus.)

Table D.1 shows the numbers of incidents, fatalities, and injured, by CDC, for the 216 USCG-relevant incidents. About 90 percent of these incidents had zero fatalities and injured reported. Because the number of incidents with fatalities and injured was too small to provide meaningful information, we decided to con- sider only the number of incidents in the NRC data for the CDC risk analysis discussed in Chapter Two. The CDCs with the five highest numbers of maritime incidents were propane (67), anhydrous ammonia (49), sulfuric acid (35), sulfur dioxide (17), and chlorine (14). None of the remaining CDCs had more than seven incidents over a ten-year period. For all NRC data (i.e., regardless of a maritime nexus), the top five CDCs with the most incidents were anhydrous ammonia (7,223), sulfur dioxide (1,657), butadienes (1,537), sulfuric acid (1,261) and chlorine (1,088). So the two top-five lists (for maritime-nexus and all incidents) shared four common CDCs: anhydrous ammonia, sulfuric acid, sulfur dioxide, and chlorine. Moreover, propane, the CDC with the most maritime-nexus incidents, ranks sixth (858) among all NRC incidents.

TABLE D.1

Numbers of Incidents, Fatalities, and Injured for CDCs for 2011–2020 NRC Data with a Maritime Nexus

Proper Shipping Name of CDC CHRIS Code Incidents Fatalities Injured

1-Pentene (n-amylene) PTE 0 0 0

Acetaldehyde AAD 0 0 0

Acetone cyanohydrin, stabilized ACY 0 0 0

Allyl alcohol ALA 1 0 0

Ammonia, anhydrous AMA 49 2 29

Ammonium nitrate with not more than 0.2% total combustible material, including any organic substance, calculated as carbon to the exclusion of any other added substance

AMN 0 0 0

Ammonium nitrate–based fertilizer ANP, ANS, ANU, UAS

6 0 0

Processing of USCG NRC Incident Data

101

Proper Shipping Name of CDC CHRIS Code Incidents Fatalities Injured

Butadienes, stabilized, or butadienes and hydrocarbon mixture, stabilized and containing more than 40% butadienes

BDI, BBM 4 0 0

Butane BUT, IBT 7 0 0

Butylene BTN, IBL 0 0 0

Chlorine CLX 14 0 0

Chlorosulfonic acid (with or without sulfur trioxide) CSA 0 0 0

Crotonaldehyde or crotonaldehyde, stabilized CTA 0 0 0

Cyclopentene CPE 0 0 0

Diethyl ether or ethyl ether EET 0 0 0

Dimethyl ether DIM 0 0 0

Dimethylamine, anhydrous DMA 0 0 0

Dipentene DPN 0 0 0

Ethane, refrigerated liquid ETH 0 0 0

Ethyl chloride ECL 0 0 0

Ethylene, refrigerated liquid (cryogenic liquid) ETL 2 0 0

Ethylene chlorohydrin ECH 0 0 0

Ethylene dibromide EDB 0 0 0

Ethylene oxide and propylene oxide mixtures with not more than 30% ethylene oxide

EPM 0 0 0

Ethylene oxide or ethylene oxide with nitrogen up to a total pressure of 1 MPa (10 bar) at 50 degrees Celsius

EOX 1 0 0

Isopentenes PTX 0 0 0

Isoprene, stabilized IPR 1 0 0

Isopropylamine IPP 0 0 0

Methacrylonitrile, stabilized MET 0 0 0

Methane, refrigerated liquid (cryogenic liquid), or natural gas, refrigerated liquid (cryogenic liquid) with high methane content

MTH 4 0 1

Methyl acetylene and propadiene mixtures, stabilized MAP 0 0 0

Methyl bromide MTB 0 0 0

Methyl chloride or refrigerant gas R 40 MTC 0 0 0

Mixed C4 cargoes BMX 0 0 0

Pentanes PTY, PTA, IPT

1 0 0

Propane PRP 67 6 23

Propylene PPL 3 0 0

Propylene oxide POX 0 0 0

Sulfur dioxide SFD 17 0 1

Table D.1—Continued

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

102

Proper Shipping Name of CDC CHRIS Code Incidents Fatalities Injured

Sulfuric acid, fuming with 30% or more free sulfur trioxide SFA, OLM 35 2 2

Vinyl chloride, stabilized VCM, VCL 4 0 0

Vinyl ethyl ether, stabilized VEE 0 0 0

Vinylidene chloride, stabilized VCI 0 0 0

NOTE: Some CDCs have multiple CHRIS codes. The numbers of fatalities and injured listed in this table refer to the total number of people who were killed or injured in all incidents associated with CDCs, not the number of incidents with reported fatalities or injured.

Table D.1—Continued

103

APPENDIX E

Processing of EPA RMP Facility Data

Two critical pieces of information required for a risk analysis for facilities regulated by MTSA are names and quantities of toxic or flammable substances handled at a facility. However, the USCG’s MISLE database did not include such information.1 Nevertheless, many of these facilities are also regulated by EPA’s RMP rule, which implements Section 112(r) of the 1990 Clean Air Act Amendments, and are required to report chemi- cal information. So the EPA RMP database can provide some of the missing chemical information for the study because not all MTSA-regulated facilities were also regulated by the RMP rule.2

We made a Freedom of Information Act request for the EPA RMP database through EPA, undated b, following EPA-specific guidance outlined in EPA, undated e. The RMP database we received included five Microsoft Access files—each including multiple tables—with the main Access file (RMPData.mdb) being about 1.7 gigabytes in size. EPA also provided a tool called RMP*Review (version 4.3) as a graphical user interface to view the data, one RMP submission at a time. The tool, originally developed for the dated Micro- soft Windows NT operating system, did not allow for a systematic retrieval and analysis of the data. In the rest of this appendix, we describe how we processed and condensed the RMP data for the study.

The RMP database included an enormous amount of information, not all of which was relevant to the study. The database followed this hierarchical structure:

• A facility can file multiple RMP submissions over time. • Each RMP submission can include multiple processes at a facility. • Each process can include multiple chemicals or mixtures of chemicals with associated quantities.

We used the Statistical Analysis System (SAS) software package, the IMPORT procedure specifically, to process the RMP data and retrieve relevant information, including facility name, facility location, and names and quantities of chemicals associated with each process handled at each facility, and so on. Figure E.1 shows our overall data processing procedure, with the goal of retrieving names and quantities of chemicals at a facility.

The data retrieval created two Excel files. The first file (approximately 44 megabytes [MB] in size) has one record for each of roughly 12,000 facilities and contains the basic information about a facility, including RMP facility ID number, facility name, address, location (latitude and longitude), parent company name, operator name, and a general description of the facility. The second file (approximately 2.3 MB in size) has one record per chemical for each process at each facility and contains chemical information, such as chemical name, CAS number, quantity (in pounds), and whether the chemical is a part of a flammable mixture. The second

1 Although the MISLE database might have indicated that an MTSA-regulated facility handled a bulk liquid hazmat, it included neither the name (e.g., chlorine) nor the quantity (e.g., 1 million pounds) of the material. 2 The RMP rule applied to all facilities that used extremely hazardous substances (EPA, 2004), and most of these facilities were not in a maritime environment and thus not subject to the MTSA regulation. Similarly, not all MTSA-regulated facilities were regulated by the RMP rule.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

104

file includes roughly 39,000 records. From the original Access database that is about 1.7 gigabytes in size, we created two much smaller Excel files (around 46.3 MB in size) that contained the relevant information for our analysis.

We used the RMP*Review tool to perform spot checks to verify that the facility and chemical information was indeed retrieved correctly. We identified 322 facilities in the RMP database that were also MTSA facili- ties (i.e., in the MISLE database). The facility matching process was accomplished by comparing the facility information included in the first Excel file with that in the MISLE database (Section 3.3.1).

Some facilities use different quantities of a chemical in multiple processes. For our consequence analysis (Section 4.3.2), we took the conservative approach by considering the overall maximum quantity of each chemical for each facility.

FIGURE E.1

Our Data Processing Procedure for the EPA RMP Data

Identify a unique facility to process.

Ignore. Has the facility been deregistered?

Does the process involve a �ammable mixture? Identify all components in the mixture.

Choose the most recent RMP for the facility. (A facility can �le multiple RMPs over time.)

No

No

Identify all processes associated with the RMP. (Each RMP submission can include multiple processes.)

Identify all chemicals associated with each process. (Each process can involve multiple chemicals.)

Identify all chemicals associated with each process. (Each process can involve multiple chemicals.)

Yes

Yes

105

APPENDIX F

The Facility Survey Instrument

This appendix reproduces our online facility survey, including the introductory text and directions to survey respondents.

F.1. Introduction and Consent

Thank you for your interest in this survey. It is being administered by the Homeland Security Operational Analysis Center (HSOAC), a federally funded research and development center operated by the RAND Cor- poration on behalf of the Department of Homeland Security.

Pursuant to the Maritime Transportation Security Act of 2002 (MTSA), Congress requires the electronic inspection of Transportation Worker Identification Credential (TWIC) (“electronic TWIC inspection”) upon entry to secure areas on vessels and in facilities in the United States. To implement this requirement in an effective manner, the US Coast Guard (USCG) undertook a series of regulatory actions culminating in the publication of the 2016 TWIC reader rule (https://www.regulations.gov/document/USCG-2007-28915-0233) that requires electronic TWIC inspection at certain high-risk facilities (e.g., those that handle certain danger- ous cargoes [CDC(s)]) regulated under MTSA. After the publication of the TWIC reader rule, several parties petitioned [the] USCG to amend the TWIC reader rule, due to concern about the scope and cost of the rule. In addition, Congress also passed several laws that impacted implementation of the TWIC Reader program.

In response to the petition for rulemaking and other actions taken by private parties and Congress, [the] USCG delayed implementation of the TWIC reader rule until May 8, 2023, as outlined in “TWIC—Reader Requirements; Delay of Effective Date” (F.R. [Federal Register] Vol. 85 No. 46). (https://www.regulations.gov/ document/USCG-2017-0711-0017) Specifically, the reader rule delay applies to those facilities that handle CDC in bulk but do not transfer them to or from a vessel, those facilities that handle CDC in bulk and do transfer them, and those facilities that receive vessels carrying CDC in bulk but do not transfer them to or from the vessels. The purpose of this delay is to allow [the] USCG time to assess the risk assessment meth- odology used to support the 2016 rulemaking. It is with this background that [the] USCG asked HSOAC to conduct a study of high-risk maritime facilities for which the implementation of the TWIC final reader rule has been delayed until May 8, 2023.

The results of this survey will help [the] USCG make a determination regarding how to implement the final reader rule. The survey asks about the types of CDC, quantities, and modes of handling. It also asks about security infrastructure, including costs and how your facility currently checks and verifies TWICs. HSOAC treats this as proprietary information, and protects this information as such. This includes storage on password-protected servers, segregation of identifying information from survey responses, and transmis- sion of survey responses via password-protected files. Further, all questions are voluntary.

We expect that this survey will take 20–30 minutes. It may be helpful to gather in advance any informa- tion about the CDC your facility handles and any statistics about TWIC readers, the number of TWIC users at your facility, and TWIC-related cost information. The survey asks only for information about MTSA-

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

106

regulated facilities, and will not ask you as the respondent to share any personal information. Identifying information about a facility (for example, name and address) will be used only for internal HSOAC purposes. In its analysis and final report, HSOAC will not identify any interviewees or publish any individual facility- level information. Only aggregated statistics, such as averages or percentiles, will be reported. The RAND Corporation ensures the security and privacy of any proprietary information, such as CDC quantity and security infrastructure costs. Finally, all survey questions are voluntary. If you have any additional questions or concerns regarding this survey or how your responses may be used in analysis, you can contact the Prin- cipal Investigators: Dr. Joseph Chang <[email protected]> and Dr. James Marrone <[email protected]>.

F.2. Section I: Facility Information

Q1. What is the name of the facility for which you are responding?

[Type a free response.]

Q2. Is this facility regulated under MTSA? a. Yes b. No

Q3. What is the facility’s Maritime Information for Safety and Law Enforcement (MISLE) Facility ID? [Fill in the blank.]

Q4. What is the facility’s street address? [Type a free response.]

Q5. City [Type a free response.]

Q6. State [Choose from drop-down list of 50 states + six U.S. territories.]

Q7. ZIP Code [Allow either 5 or 5+4 ZIP Code.]

Q8. To facilitate more accurate consequence assessment, as an option, can you provide the representative latitude and longitude? a. Yes b. No

Q9. [If respondent answered Yes to Q8] What is the representative latitude of the facility (in decimal degrees, with at least 4 decimal places, e.g., 38.8475)? [Fill in the blank.]

Q10. [If respondent answered Yes to Q8] What is the representative longitude of the facility (in decimal degrees, with at least 4 decimal places, e.g., –77.2758)? [Fill in the blank.]

Q11. What categories most closely describe typical operations for the facility? Check all that apply. 1. Barge Fleeting 2. Boat Ramp 3. Break Bulk: HAZMAT

The Facility Survey Instrument

107

4. Break Bulk: Non-HAZMAT 5. Bulk Dry/Solid: HAZMAT 6. Bulk Dry/Solid: Non-HAZMAT 7. Bulk Liquid: HAZMAT 8. Bulk Liquid: Non-HAZMAT 9. Bulk Oil: Petroleum-based 10. Bulk Oil: Other Than Petroleum 11. CDC: Anhydrous Ammonia 12. CDC: LNG 13. CDC: LPG 14. CDC: Other LHGs [liquefied hazardous gas] 15. CDC: Other 16. Chemical Production 17. Container 18. Explosives 19. MARPOL, MARPOL Annex, MARPOL Reception 20. Offshore Support 21. Passengers: Domestic Cruises 22. Passengers: Ferries, No Vehicles 23. Passengers: Ferries with Vehicles (Incl. Railcars) 24. Passengers: Foreign Cruises 25. Passengers: Other 26. Public Access Area 27. Recreational Boating 28. Other Recreation 29. Roll-On/Roll-Off 30. Safety/Security 31. Shipyard/Ship Repair 32. Timber/Logging 33. Other (specify) __________

F.3. Section II: CDC Handling

The following questions ask about the CDC the facility handles in bulk. Please consider the following defini- tions when answering these questions:

• Facility that handles CDC in bulk is defined in the 2016 TWIC final reader rule, meaning a facility for which bulk CDC is on the premises and for which the facility’s access control would need to be used to mitigate the risk of a transportation security incident. This includes facilities that store or use CDC in bulk, and facilities that transfer CDC in bulk through rail or other non-maritime means. For more information, please see the 2016 final reader rule here (https://www.regulations.gov/document/ USCG-2007-28915-0233).

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

108

• Certain Dangerous Cargoes (CDC) refer[s] only to 42 specific chemicals that are eligible to be trans- ported by maritime vessels in bulk. These 42  chemicals1 will be listed on the following page. For more information, please refer to the USCG CDC Job Aid (https://www.regulations.gov/document/ USCG-2017-0711-0019).

Q12. What types of CDC are handled by the facility? Select all that apply. UN numbers and chemical short name are given in parentheses. 1. 1-Pentene (n-amylene) (UN1108) [1-pentene] 2. Acetaldehyde (UN1089) [acetaldehyde] 3. Acetone cyanohydrin, stabilized (UN1541) [acetone cyanohydrin] 4. Allyl alcohol (UN1098) [allyl alcohol] 5. Ammonia, anhydrous (UN1005) [anhydrous ammonia] 6. Ammonium nitrate with not more than 0.2% total combustible material, including any organic

substance, calculated as carbon to the exclusion of any other added substance (UN1942) [ammo- nium nitrate]

7. Ammonium nitrate–based fertilizer (UN2067) [ammonium nitrate fertilizer] 8. Butadienes, stabilized, or butadienes and hydrocarbon mixture, stabilized and containing more

than 40% butadienes (UN1010) [butadienes] 9. Butane (UN1011) [butane] 10. Butylene (UN1012) [butylene] 11. Chlorine (UN1017) [chlorine] 12. Chlorosulfonic acid (with or without sulfur trioxide) (UN1754) [chlorosulfonic acid] 13. Crotonaldehyde or crotonaldehyde, stabilized (UN1143) [crotonaldehyde] 14. Cyclopentene (UN2246) [cyclopentene] 15. Diethyl ether or ethyl ether (UN1155) [(di)ethyl ether] 16. Dimethyl ether (UN1033) [dimethyl ether] 17. Dimethylamine, anhydrous (UN1032) [dimethylamine] 18. Dipentene (UN2052) [dipentene] 19. Ethane, refrigerated liquid (UN1961) [ethane] 20. Ethyl chloride (UN1037) [ethyl chloride] 21. Ethylene, refrigerated liquid (cryogenic liquid) (UN1038) [refrigerated liquid ethylene] 22. Ethylene chlorohydrin (UN1135) [ethylene chlorohydrin] 23. Ethylene dibromide (UN1605) [ethylene dibromide] 24. Ethylene oxide and propylene oxide mixtures with not more than 30 percent ethylene oxide

(UN2983) [Ethylene/propylene oxide mixtures] 25. Ethylene oxide or ethylene oxide with nitrogen up to a total pressure of 1 MPa (10 bar) at

50 degrees C (UN1040) [ethylene oxide with nitrogen] 26. Isopentenes (UN2371) [isopentenes] 27. Isoprene, stabilized (UN1218) [isoprene] 28. Isopropylamine (UN1221) [isopropylamine] 29. Methacrylonitrile, stabilized (UN3079) [methacrylonitrile] 30. Methane, refrigerated liquid (cryogenic liquid), or natural gas, refrigerated liquid (cryogenic

liquid) with high methane content (UN1972) [methane]

1 The USCG suggested that we drop mixed C4 cargoes from the list because of the term’s ambiguity. So, the total number of CDCs is 42 in the survey.

The Facility Survey Instrument

109

31. Methyl acetylene and propadiene mixtures, stabilized (UN1060) [methyl acetylene/propadiene] 32. Methyl bromide (UN1062) [methyl bromide] 33. Methyl chloride or refrigerant gas R 40 (UN1063) [methyl chloride] 34. Pentanes (except UN1265) [pentanes] 35. Propane (UN1978) [propane] 36. Propylene oxide (UN1280) [propylene oxide] 37. Propylene (UN1077) [propylene] 38. Sulfur dioxide (UN1079) [sulfur dioxide] 39. Sulfuric acid, fuming with 30 percent or more free sulfur trioxide (UN1831) [sulfuric acid] 40. Vinyl chloride, stabilized (UN1086) [vinyl chloride] 41. Vinyl ethyl ether, stabilized (UN1302) [vinyl ethyl ether] 42. Vinylidene chloride, stabilized (UN1303) [vinylidene chloride].

The following screens will ask you for more information about each CDC that was chosen in the previ- ous question. We will ask each question from 13 to 20 for each CDC that was chosen above. We would like to know how each CDC is handled, the quantity present on the facility, and whether it is present on the facility in isolation or in a mixture. If you prefer not to provide precise quantity information, you can specify quanti- ties as ranges by clicking “Enter quantity as a range.”

[Question 13 through 20 were each asked once for each CDC checked in question 12, with “[CDC name]” replaced by the short name shown in brackets in question 12.]

Q13. How does the facility handle [CDC name]? Check all that apply. a. [CDC name] is transferred to/from a maritime vessel b. [CDC name] is transferred to/from a train, truck, pipeline, or other non-maritime transport c. The facility receives maritime vessels transporting [CDC name] without transferring to/from

the vessels d. [CDC name] passes through the facility (for example on a train) without stopping e. Facility stores [CDC name] without transferring to/from a vessel or other non-maritime trans-

port (e.g., rail, truck, pipeline)

Q14. What is the maximum quantity (in pounds) of [CDC name] that is present at the facility at any given time? If [CDC name] is in a mixture, the question refers to the total quantity of the mixture.

Maximum quantity: ________ pounds

Enter as a range 0 to 99 pounds 100 to 999 pounds 1,000 to 9,999 pounds 10,000 to 99,999 pounds 100,000 to 999,999 pounds 1,000,000 to 9,999,999 pounds 10,000,000 to 49,999,999 pounds 50,000,000 to 99,999,999 pounds 100,000,000 to 499,999,999 pounds 500,000,000 to 999,999,999 pounds 1 billion pounds or more

Don’t know/Prefer not to answer [Checkbox]

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

110

Q15. What is the typical quantity (in pounds) of [CDC name] that is present at the facility at any given time? If [CDC name] is in a mixture, the question refers to the total quantity of the mixture.

Typical quantity: ________ pounds

Enter as a range 0 to 99 pounds 100 to 999 pounds 1,000 to 9,999 pounds 10,000 to 99,999 pounds 100,000 to 999,999 pounds 1,000,000 to 9,999,999 pounds 10,000,000 to 49,999,999 pounds 50,000,000 to 99,999,999 pounds 100,000,000 to 499,999,999 pounds 500,000,000 to 999,999,999 pounds 1 billion pounds or more

Don’t know/Prefer not to answer [Checkbox]

Q16. Approximately how many days in a year is [CDC name] present at the facility? ________ days

Q17. Where is [CDC name] located on the facility? Select all that apply. a. On maritime vessels b. Stored within the currently defined secure area c. Stored outside of the currently defined secure area d. Passing through facility/Never stored

Q18. Is [CDC name] present on the facility in isolation or as part of a mixture? a. In isolation b. In a mixture

Q19. [If CDC is present as a mixture] What is the concentration of [CDC name] in the mixture? Enter a number between 0 and 100 percent. ________ percent

Q20. Is there any other pertinent information about the facility that you believe affects the risk or hazard posed by [CDC name] at the facility? [Type a free response with unlimited characters.]

Q21. [If zero CDCs were chosen in question 12] You did not select any of the 42 CDC[s] above. Please con- firm that the facility does not handle any of the CDC. [Checkbox] The facility does not handle any of the 42 CDC[s] included in this study.

F.4. Section III: TWIC-Related Security Infrastructure

Q22. What is the PRIMARY way TWICs are checked/verified for the facility’s access control? Select one. a. The facility uses biometric verification of TWICs b. The facility uses electronic, but not biometric, verification of TWICs c. The facility uses visual verification of TWICs d. The facility uses a separate access card, but TWIC is linked to the Personnel Access Control

System e. The facility does not currently verify TWICs

The Facility Survey Instrument

111

Q23. How many TWICs does the facility check/verify in an average month (that is, the total number of checks rather than unique number of TWICs checked)? [Fill in the blank.]

Q24. On average, how many times a day would a TWIC holder have to enter through a secure access point and validate a TWIC at the facility? For example, a person may have to make multiple deliveries to/ from a nearby warehouse or distribution center, or may have to leave the facility for lunch, and then return. [Fill in the blank.]

Q25. How many entry/exit access points does the facility have that would require TWIC validation for anyone entering the facility? [Fill in the blank.]

Q26. How many TWIC readers (both fixed and portable) have you purchased for the facility? [Fill in the blank.]

Q27. How many TWIC readers (both fixed and portable) do you plan to purchase if you are required to comply with the 2016 final reader rule? [Fill in the blank.]

Q28. Please briefly describe the modifications you have already made (e.g., altering infrastructure, redesig- nation of secure areas), if any, to comply with the 2016 final reader rule. [Type a free response with no character limit.]

Q29. Please briefly describe any modifications you would still need to make (e.g., altering infrastructure, redesignation of secure areas), if any, if your facility must comply with the 2016 final reader rule. [Type a free response with no character limit.]

F.5. Section IV: Cost Information

The last set of questions asks about money and time costs of TWIC infrastructure. This information is neces- sary for HSOAC to compare the costs and benefits of the reader rule. If you prefer to provide dollar costs in terms of ranges, rather than single dollar amounts, you can select “Enter cost range” for that question.

Q30. What was the total up-front (fixed) cost of acquiring TWIC readers, including any associated changes to physical infrastructure and any associated access control systems (PACS)? For example, costs of installation, integration, and/or upgrade. This should be a dollar value greater than or equal to zero. a. $_____________[Fill in the blank.] b. Enter cost range instead: i. Less than $99,999 ii. $100,000–249,999 iii. $250,000–499,999 iv. $500,000–999,999 v. $1,000,000–2,999,999 vi. $3,000,000–4,999,999 vii. $5,000,000 and above c. Don’t know/Prefer not to answer

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

112

Q31. What are typical annual maintenance costs for TWIC readers and associated physical infrastructure, access control system, and accessories? This should be a dollar value greater than or equal to zero. a. $_____________[Fill in the blank.] b. Enter cost range instead: i. $0 ii. $1–$2,499 iii. $2,500–$4,999 iv. $5,000–9,999 v. $10,000–24,999 vi. $25,000–49,999 vii. $50,000–99,999 viii. $100,000 and above c. Don’t know/Prefer not to answer

Q32. Approximately how many business days does it take for a manager or supervisor to amend the facil- ity security plan to account for changes to how the facility implements TWIC (e.g., to account for new processes to validate TWICs)? ________ days

Q33. Approximately how many seconds, on average, does it take to validate a worker’s or visitor’s TWIC, including checking it against the cancelled card list? (Do not include time spent waiting in queue.) _____ seconds

Q34. Use the box below to provide any additional information you believe may be pertinent to this study. [Type a free response.]

Thank you for participating in our survey. We will be contacting a small number of facilities to ask for more information regarding the topics covered in this survey. If you are willing to participate in one of these conversations, please provide your contact information below. This information will not be used for any pur- pose other than to schedule a phone call.

Name: Email: Telephone: If you would like a printable version of your responses, please click here. HSOAC will be conducting

follow-up interviews in the next two months, and will eventually make available a publicly-available report documenting results of this survey. If you have questions at any time after completing the survey, you may contact the Principal Investigators: Dr. Joseph Chang <[email protected]> and Dr. James Marrone <jmar- [email protected]>.

113

APPENDIX G

Company Interviews

This appendix provides additional information about our supplementary interviews conducted with repre- sentatives from large companies that operated multiple MTSA-regulated facilities. The information we col- lected from these interviews is at the company level, rather than the facility level. The interviews informed our upper-bound population estimate (see Section 3.3.3) but were not analyzed in detail as part of our facil- ity risk model or our cost–benefit analysis. This appendix recounts our strategy for choosing interview- ees to supplement our other data sources most effectively. In addition, our interview protocol is printed in Section G.5.

The company interviews also provided qualitative feedback on the TWIC reader rule that highlights industry concerns and some of the ways facilities are affected by the rule. This appendix closes by describing some of the concerns voiced by company representatives.

G.1. Interview Objectives

We conducted nine interviews with representatives from companies that operated maritime facilities. The main objectives of these interviews were to (1)  gather information that addressed gaps in the other data sources and (2) hear firsthand accounts from managers and operators about the benefits, costs, and difficul- ties involved in complying with the TWIC reader rule. Information gathered included the number of CDC facilities operated by the companies from which we interviewed representatives, types of CDCs handled, biometric-reader usage, initial and maintenance costs, and facility modifications needed to implement the reader rule.

G.2. Selecting Companies for Interviews

We selected potential companies based on three criteria:

• First, we examined the MISLE data to identify bulk liquid and bulk gas companies that operated mul- tiple facilities. We prioritized companies with many facilities so that we could maximize the number of facilities covered by our discussions.

• Second, we determined whether information from a company’s facilities was already available from any of the other data sources (for example, EPA data or our online survey). We prioritized companies with facilities not already covered by other data sources.

• Lastly, we looked for companies with facilities originally categorized outside of risk group A. The logic behind this criterion was to look for facilities that were not originally presumed to handle CDCs and thereby to assess gaps in the original risk grouping.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

114

Using the above three criteria, we created a prioritized list of possible companies, with nine initial compa- nies of high interest and 37 alternatives. Several of the alternatives were recommended by trade associations which we consulted for this study. After we contacted the initial nine companies, we replaced any company that refused participation or did not respond with an alternative that met similar criteria. We contacted a total of 14 companies to fill the nine interview slots. We conducted the interviews virtually in November and December 2021.

G.3. The Facility Population

The interviewed population represented nine companies that provided primarily oil, petroleum, and chemi- cal services. The companies operated a total of around 130 MTSA-regulated facilities, of which 21 operated CDCs and nine transferred CDCs across the dock.1 Table G.1 identifies the facility types operated by the represented companies.

G.4. Interviews and Participants

The interview protocol was designed to elicit information similar to what was covered in our online survey (reproduced in Appendix F): the types and quantities of CDCs handled at each facility, how CDCs are han- dled, how TWICs are currently verified, initial and maintenance costs, and facility modifications needed to comply with TWIC regulations. When conducting the interviews, we focused our questions on facilities that handled bulk CDCs instead of all MTSA-regulated facilities. Participants included a wide variety of company and facility personnel. The predominant roles of participants were FSOs and security compliance officers. Personnel in these roles were present in five of the nine interviews. Other interviewees included the chief operations officer for one company; the director of health, safety, and security for another company; and various facility operations, logistics, and regulatory compliance personnel. The complete interview protocol is provided in Section G.5.

1 The numbers of MTSA-regulated facilities and CDC facilities are approximations because some interviewees were uncer- tain as to the exact number of facilities operated by the company that were of interest to the study.

TABLE G.1

Types of Facilities Operated by the Represented Companies

Facility Type Companies Represented MTSA-Regulated

Facilities Operated Facilities Handling CDCs Facilities Transferring CDCs over the Dock

Oil or petroleum 4 46–50 8 0

Chemical 4 25 5 4

Mixed 1 56 8 5

Company Interviews

115

G.5. Interview Protocol

Title: Transportation Worker Identification Credential (TWIC) reader rule delay— Company Survey Introduction and Consent Thank you for talking to us today. We are a research team from the Homeland Security Operational Analysis Center (HSOAC), a federally funded research and development center operated by the RAND Corporation on behalf of the Department of Homeland Security.

As you know, the U.S. Coast Guard (USCG) delayed implementation of the TWIC reader rule until May 8, 2023, as outlined in “TWIC—Reader Requirements; Delay of Effective Date” (F.R. Vol. 85 No. 46). Specifi- cally, the reader rule delay applies to those facilities that handle CDC in bulk but do not transfer them to or from a vessel, those facilities that handle CDC in bulk and do transfer them, and those facilities that receive vessels carrying CDC in bulk but do not transfer them to or from the vessels. The purpose of this delay is to allow [the] USCG time to assess the risk assessment methodology used to support the 2016 rulemaking. It is with this background that [the] USCG asked HSOAC to conduct a study of high-risk maritime facilities for which the implementation of the TWIC final reader rule has been delayed.

The results of our study will help [the] USCG determine how to implement the final reader rule. To aid us in our analysis, we would like to learn more about how bulk liquid storage and transport companies operate. In particular, we would like to know about CDC, quantities, modes of handling, and security infrastructure, including costs and how your company currently checks and verifies TWICs. Many of our questions are about your industry as a whole, rather than your company in particular. Therefore, we are talking to you partly as a representative expert for bulk terminals in general. HSOAC treats this as proprietary informa- tion and protects it as such. We store all information on password-protected servers, segregate identifying information from our discussion notes, and transmit data via password-protected files. Further, all questions are voluntary. We will not indicate in our report or share with [the] USCG that we talked to you and will not mention your company by name.

If you have any additional questions or concerns regarding this survey or how your responses may be used in analysis, you can contact the Principal Investigators: Dr. Joseph Chang <[email protected]> and Dr. James Marrone <[email protected]>.

Do you agree to proceed with the discussion?

Section I: MTSA-Regulated Facilities

Approximately how many MTSA-regulated facilities does your company operate?

In what regions are these facilities located, e.g., East coast, West coast, Gulf coast, offshore, inland, etc.?

Are all of the facilities primarily bulk liquid storage/transfer? Are any mixed-use? Any primarily another purpose, such as break bulk or container facilities or passenger facilities?

Section II: CDC Handling We would like to know more about what kinds of CDCs your facilities handle in bulk. Please consider the following definitions when answering these questions:

• Facility that handles CDC in bulk is defined in the 2016 TWIC final reader rule, and includes facili- ties that store or use CDC in bulk, and facilities that transfer CDC in bulk through rail or other non- maritime means.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

116

• Certain Dangerous Cargoes (CDCs) refer[s] only to 42 specific chemicals that are eligible to be trans- ported by maritime vessels in bulk.2 We can share the full list if you would like, but some common examples are LNG, anhydrous ammonia, ammonium nitrate, chlorine, propane, and butane. [You may insert the link to the CDC job aid in a video chat: https://www.regulations.gov/document/ USCG-2017-0711-0019] For the interview team, a full list is below in alphabetical order. If the inter- viewee believes that the company or facility does not handle CDCs, you might need to go through the list.]

1-Pentene (n-amylene) (UN1108) [1-pentene] Acetaldehyde (UN1089) [acetaldehyde] Acetone cyanohydrin, stabilized (UN1541) [acetone cyanohydrin] Allyl alcohol (UN1098) [allyl alcohol] Ammonia, anhydrous (UN1005) [anhydrous ammonia] Ammonium nitrate with not more than 0.2% total combustible material, including any organic sub-

stance, calculated as carbon to the exclusion of any other added substance (UN1942) [ammo- nium nitrate]

Ammonium nitrate–based fertilizer (UN2067) [ammonium nitrate fertilizer] Butadienes, stabilized, or butadienes and hydrocarbon mixture, stabilized and containing more than

40% butadienes (UN1010) [butadienes] Butane (UN1011) [butane] Butylene (UN1012) [butylene] Chlorine (UN1017) [chlorine] Chlorosulfonic acid (with or without sulfur trioxide) (UN1754) [chlorosulfonic acid] Crotonaldehyde or crotonaldehyde, stabilized (UN1143) [crotonaldehyde] Cyclopentene (UN2246) [cyclopentene] Diethyl ether or ethyl ether (UN1155) [(di)ethyl ether] Dimethyl ether (UN1033) [dimethyl ether] Dimethylamine, anhydrous (UN1032) [dimethylamine] Dipentene (UN2052) [dipentene] Ethane, refrigerated liquid (UN1961) [ethane] Ethyl chloride (UN1037) [ethyl chloride] Ethylene, refrigerated liquid (cryogenic liquid) (UN1038) [refrigerated liquid ethylene] Ethylene chlorohydrin (UN1135) [ethylene chlorohydrin] Ethylene dibromide (UN1605) [ethylene dibromide] Ethylene oxide and propylene oxide mixtures with not more than 30 percent ethylene oxide (UN2983)

[ethylene/propylene oxide mixtures] Ethylene oxide or ethylene oxide with nitrogen up to a total pressure of 1 MPa (10 bar) at 50 degrees C

(UN1040) [ethylene oxide with nitrogen] Isopentenes (UN2371) [isopentenes] Isoprene, stabilized (UN1218) [isoprene] Isopropylamine (UN1221) [isopropylamine] Methacrylonitrile, stabilized (UN3079) [methacrylonitrile]

2 The USCG suggested that we drop mixed C4 cargoes from the list because of the term’s ambiguity. So the total number of CDCs is 42 in the survey.

Company Interviews

117

Methane, refrigerated liquid (cryogenic liquid), or natural gas, refrigerated liquid (cryogenic liquid) with high methane content (UN1972) [methane]

Methyl acetylene and propadiene mixtures, stabilized (UN1060) [methyl acetylene/propadiene] Methyl bromide (UN1062) [methyl bromide] Methyl chloride or refrigerant gas R 40 (UN1063) [methyl chloride] Pentanes (except UN1265) [pentanes] Propane (UN1978) [propane] Propylene oxide (UN1280) [propylene oxide] Propylene (UN1077) [propylene] Sulfur dioxide (UN1079) [sulfur dioxide] Sulfuric acid, fuming with 30 percent or more free sulfur trioxide (UN1831) [sulfuric acid] Vinyl chloride, stabilized (UN1086) [vinyl chloride] Vinyl ethyl ether, stabilized (UN1302) [vinyl ethyl ether] Vinylidene chloride, stabilized (UN1303) [vinylidene chloride].

Do all of your facilities handle CDCs?

If not, approximately what fraction handle CDCs?

Is this typical of other companies in your industry as well, i.e., that [most/few] facilities handle CDCs?

For those facilities that do handle CDCs, what are the typical CDCs they handle?

Is it the same across all your facilities, or is each facility different?

Is it typical for other companies in your industry to also handle those CDCs? [Probe based on their responses and industry. Try to understand the industry landscape and roughly how common it is to handle CDC.]

How would your CDC-handling facilities typically be handling those chemicals? For example: Transferring to/from a maritime vessel Transferring to/from a train, truck, pipeline, or other non-maritime transport Receiving maritime vessels transporting CDC without transferring to/from the vessels Passing through the facility (for example on a train) without stopping Storing without transferring to/from a vessel or other non-maritime transport (e.g., rail, truck, pipeline)

Again, is that typical of your industry—i.e., would most CDC-handling facilities be handling them in simi- lar ways?

What quantity of CDC is typically present at a facility at any given time? It is OK to give an order of magnitude in terms of pounds. [If they need examples: greater than 100,000 pounds? Greater than 1 million? 10 million? 100 million? Some interviewees might give quantity in tons, where 1 (short) ton = 2,000 pounds.] [If it varies by facility, get a range (smallest/largest) and also a sense of the mode or mean.]

At your facilities, would CDCs typically be located inside or outside the secure area?

Is there any other pertinent information about your facilities, your company, or your industry that you believe affects the risk or hazard posed by CDCs?

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

118

Section III: TWIC-Related Security Infrastructure To help us assess the costs and benefits of the TWIC reader rule, we would like to understand how your com- pany currently uses TWIC readers and TWICs. For this discussion, we can focus only on the facilities that handle CDC.

Is TWIC verification standardized across all of your company’s facilities? For example, do they all use the same access control systems and verify TWICs in the same way?

[If all facilities are the same] What is the primary way TWICs are checked/verified for your company’s access control? Biometric verification of TWICs Electronic, but not biometric, verification of TWICs Visual verification of TWICs Separate access card, but TWIC is linked to the Personnel Access Control System Do not currently verify TWICs

[If facilities differ] How many of your facilities currently using biometric TWIC verification? How many are using visual verification? How many are using electronic verification, or have an electronic PACS linked to TWIC? Are any not checking TWIC at all? In general, what modifications have your facilities already made (e.g., altering infrastructure, redesig- nation of secure areas), if any, to comply with the 2016 final reader rule?

Please briefly describe any modifications facilities would still need to make (e.g., altering infrastructure, redesignation of secure areas), if any, if they must comply with the 2016 final reader rule.

Section IV: Cost Information Our last set of questions asks about money and time costs of TWIC infrastructure. This information is neces- sary for HSOAC to compare the costs and benefits of the reader rule. Again, we are asking only about facili- ties that handle CDCs.

In general, how much were the up-front costs for an individual facility to comply with the reader rule? A ballpark, order-of-magnitude estimate is fine.[If they need prompting: Is it more than $100,000? More than $500,000? $1 million?]

What is [sic] a facility’s typical annual maintenance costs for TWIC readers and associated physical infra- structure, access control system, and accessories? [If they need prompting: More than $10,000? $50,000? $100,000?]

Section V: General Comments

Is there any additional information you believe might be pertinent to our study that we have not asked about?

Are there any additional concerns about the TWIC reader rule delay or the TWIC program that you would like to share?

Company Interviews

119

G.6. Key Information

G.6.1. Handling of CDCs Eight of the nine companies interviewed operated facilities that handled CDCs in bulk. The types of CDC varied by company and facility. Butane was the most common CDC operated by the companies we inter- viewed. Table G.2 lists the CDCs that the interviewees identified.

Only four of those eight companies transferred CDCs across a dock. Two of the companies had their CDCs brought in by truck or pipeline. Five companies stored CDCs on site. One company did not store CDCs but mixed butane directly into gasoline tanks and then transferred the material to rail cars at a rate of approxi- mately 120 rail cars per day. Storage quantities ranged from 30,000-gallon bullet tanks to 200,000-barrel spheres.

G.6.2. TWIC Verification Interview questions related to how facilities verified TWICs included the method of verification, the number and types of readers currently used, and the approximate number of checks per day. Six of the nine compa- nies still used visual checks in some capacity, either as the sole form of verification or in conjunction with electronic readers. Three companies used electronic readers with no biometric capability. Only three com- panies employed biometric readers, and one of these companies did not use the readers regularly but kept them in storage. Five of the companies tied their electronic or biometric readers into their own facility access systems.

As expected, the number of readers used varied from facility to facility based on the size and the number of entry and exit points. The number of readers ranged from one handheld device to a mix of 26 handheld and fixed readers. As discussed in Section G.6.3, proposed modifications to the security footprints of some facilities would affect the number of readers required to meet regulations.

Most companies did not have the data on the number of TWIC verification checks performed daily at their facilities. Several companies stated that it could be in the thousands and depended on several factors, includ- ing the numbers of contractors and truck drivers entering the facility each day and seasonal fluctuations.

TABLE G.2

CDCs Identified, by Number of Facilities

CDC Number of Companies

Ammonium nitrate 1

Anhydrous ammonia 1

Benzene 1

Butadiene 2

Butane 4

Butene 1

Ethylene 1

Pentadiene 1

Pentene 1

Propane 1

Propylene 1

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

120

G.6.3. Cost and Facility Modification The interview protocol included questions about the cost of readers and of any modification the facility would be required to implement to comply with regulations if it were required to use biometric TWIC read- ers. These modifications included additional cable and information technology infrastructure; physical structures, such as guard shacks or access control devices; and the hiring of additional personnel. The esti- mates also depended on the facility’s security footprint.

The costs of purchasing the readers varied greatly. One company estimated the unit cost of readers at $2,500 to $3,000 for equipment only. Another company provided a $15,000 to $25,000 estimate, while another responded with a $50,000 to $75,000 estimate, which included the maintenance and replacement costs. A fourth company estimated yearly maintenance costs at $150,000, while another included TWIC reader maintenance as part of normal yearly maintenance costs for the facility.

Larger costs would be incurred if a facility were required to employ TWIC biometric readers through- out its entirety. Four of the companies have petitioned the USCG to modify and shrink the footprint of the secure areas at some of their facilities to include only areas where CDCs are handled and stored. This would certainly decrease costs of purchasing, employing, and maintaining the equipment.

One company estimated the cost of compliance to be approximately $3.5 million at just one facility but noted that costs would drop to between $750,000 to $1.25 million if the USCG approved the facility’s plan to shrink the secure-area footprint. Another company estimated costs of $10 million to make an entire facility TWIC-compliant, but the interviewee said that the figure would drop to $1 million if the footprint shrank. Another company estimated that costs to upgrade to biometric readers for one facility ranged from $650,000 to $1 million.

G.7. Company Concerns About the Final Reader Rule

The interviewees provided additional anecdotal information related to their concerns about the implementa- tion of the final reader rule. The topics discussed generally included having the necessary flexibility for dif- ferent types of facilities to comply with the final reader rule without negatively affecting business operations, the reliability of TWIC readers, and the USCG definitions of the amount and handling methods for a facility to be subject to the final reader rule. These concerns are highlighted here:

• burden of TWIC readers on facility operations: One concern echoed by several companies was the burden that TWIC biometric readers would put on facility operations—specifically, traffic control at entry points. Biometric readers at vehicle access points would slow down processing and create traffic jams outside a facility. Many of these facilities are accessed by public roads, and having tanker trucks and other large vehicles stuck on public roads would create traffic congestion and safety issues.

• the need for flexibility: Some companies argued that specific features of certain facilities, such as having a public road that bisects the facility or having railcars that do not handle CDCs that pass through a secure area, necessitated flexibility in compliance. These companies also argued that (1) facility popu- lations change over time and (2) these changes could affect compliance requirements and need to be addressed in a timely manner.

• consistent application of the regulations and definitions of terms: Another concern was the applica- tion of the regulations. Several companies expressed concern that the regulations might not be applied uniformly across regions and industries. These concerns came from experiences with different COTPs interpreting rules and regulations differently. Some companies were unclear about the definitions of (1)  transferring CDCs across the dock and (2) CDCs in bulk. One company was concerned that the

Company Interviews

121

definition of bulk was not in concrete terms (i.e., without specific weight limits). One facility operated by this company received tanker trucks that injected a CDC into storage tanks and then left the area. These issues presented difficulties for companies in compliance across their facilities, introducing cost and operational uncertainties.

• TWIC reader reliability: One company representative stated that the company’s readers were often out of service and susceptible to weather conditions. Having to comply with the final reader rule combined with unreliable equipment would cause delays in operations and require personnel to verify TWICs through other means.

123

APPENDIX H

Analysis of the MSRAM Data

In this appendix, we consider the suitability for the current study of the MSRAM (USCG, 2018a) data that CG-PSA provided (see Section 4.2). MSRAM is “a terrorism risk management tool and supporting process” for “USCG analysts in each major port enabling them to perform a detailed risk analysis for all of the signifi- cant targets operating within their area of responsibility across a spectrum of attack modes” (USCG, 2018a).

The rest of the appendix has three sections:

• First, we describe the contents of the MSRAM data set. • Second, we present our exploratory analysis of the data. • Finally, we explain why we concluded that the data were unsuitable for the study and why a more con-

sistent, comprehensive approach to consequence assessment (e.g., the CFATS modeling methodology) was needed.

H.1. Data

The MSRAM data that CG-PSA provided consist mainly of scenario and chemical information stored in separate Excel worksheets. In this section, we describe these two types of information.

H.1.1. Scenario Data A MSRAM attack scenario, for which various types of consequences are estimated, is a combination of a target (or facility) and an attack mode (USCG, 2018a). Because MSRAM was originally developed for assess- ing risks in maritime environments in general, it includes many types of targets, some of which (e.g., a bridge or a tunnel near a harbor) are not regulated by MTSA. The scenario data include these components:

• anonymized target ID (e.g., Boston, MA–26 rather than the actual facility name) • target class • attack mode • D/I consequence score (in number of fatalities) • economic consequence score (in millions of dollars) • environmental consequence score (in number of barrels of oil spilled on or near water).

The data that we received included 906 unique targets. Because these targets were anonymized, we could not find any additional information about them via other means (e.g., internet search). These 906 targets were grouped into 14 target classes in MSRAM (Table H.1). Because the list of CDCs was not formalized until 2020 (Commandant, 2020c) and MSRAM existed before that, it is unclear whether MSRAM used the same CDC definition.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

124

The last three target classes (12 through 14) are excluded from the 2020 reader rule delay (see Chap- ter One). If we exclude facilities in these three classes, the total number of facilities is reduced to 643. (Some additional classes can also be interpreted as not under the reader rule delay, given sufficient information.)

Although the MSRAM user manual (USCG, 2018a) lists more than 30 attack modes considered by the model, CG-PSA provided consequences associated with only four attack modes considered to be relevant to the TWIC (see also Williams et al., 2020):

• attack by terrorist assault team • passenger or passerby explosives or improvised explosive device • sabotage • truck bomb.

As previously mentioned, an attack scenario is a combination of a facility (target) and an attack mode (USCG, 2018a). With 906 facilities and four attack modes, the MSRAM data include the consequence scores for 2,608 scenarios. (Some attack modes are not applicable to some facilities.) Consequence scores were gen- erally determined by USCG port security specialists (i.e., not always through standardized, objective model- ing or assessment methodologies). Some consequence scores have a value of 0. Per CG-PSA, a 0 consequence means no consequence.

TABLE H.1

Target Classes and the Corresponding Numbers of Unique Targets in the MSRAM Data

Target Class Number of Unique Targets

1. Facility—CDC, material poisonous or toxic by inhalation 66

2. Facility—CDC, LPG and LNG 38

3. Facility—CDC, explosive cargo 33

4. Facility—CDC, except previous three classes (1–3) 14

5. Facility—CDC, radiological 1

6. Facility—hazmat (non-CDC) 76

7. Facility—Petroleum and fuel storage facilities 236

8. Facility—Petroleum refinery 64

9. Facility—Marine cargo terminals (not otherwise specified) 92

10. Facility—Strategic industrial facilities (military and commercial) 14

11. Facility—Agricultural and food 9

12. Facility—Passenger terminal, ferry 162

13. Facility—Passenger terminal, cruise ship 85

14. Facility—Offshore oil/gas facility 16

Total 906

NOTE: Because the list of CDCs was not formalized until 2020 (Commandant, 2020c) and MSRAM existed before that, it is unclear whether MSRAM used the same CDC definition.

Analysis of the MSRAM Data

125

H.1.2. Chemical Data The chemical data we received include these components:

• anonymized target ID • chemical name • chemical amount • an indicator of whether the chemical amount is maximum or average.

We identified 48 unique chemicals in the MSRAM data we received, some of which (e.g., acetylene, hydro- gen chloride, and hydrogen fluoride) were not on the list of 43 CDCs authorized to be transferred in bulk (see Appendix B).

Only 135 (out of 906) facilities had corresponding chemical information. So about 85 percent of the facili- ties in the MSRAM data had consequence but no corresponding chemical information, which means that we do not know whether the materials contributing to the reported consequence scores involved the list of 43 CDCs. This lack of linkage between consequence and CDC limits the usefulness of the MSRAM data.

H.2. Analysis

We conducted an exploratory analysis to understand the distributions of scenario consequence scores included in the MSRAM data.

Table H.2 shows the distributions of D/I consequence scores (in number of fatalities) for all scenarios (i.e., including all attack modes) grouped by target class. This table also appears as Table 4.1 in Section 4.2 but is included here for the sake of completeness. The table shows the minimum; maximum; mean; median; and the 5th, 25th, 75th, and 95th percentiles of each target class. Distributions are highly skewed where means are about an order of magnitude higher than medians and are in fact closer to the 75th percentiles, suggesting that there are many facilities with relatively low consequence scores and a few facilities with extremely high consequence scores. Consider the first target class, “facility—CDC, material poisonous or toxic by inhala- tion,” as an example. The minimum (zero fatalities), median (189 fatalities), and maximum (82,154 fatalities) span five orders of magnitude. So, treating all facilities in this target class as a whole requires careful consid- eration (discussed more at the end of this appendix).

Table H.3 is the same as Table H.2, except that it is for economic consequence scores in millions of dollars. Distributions are again skewed. As above, consider the first target class, “facility—CDC, material poison- ous or toxic by inhalation,” as an example. The minimum ($1 million), median ($17 million), and maximum ($3 billion) span three and a half orders of magnitude.

Table H.4 is the same as Table H.2, except that it is for environmental consequence scores in number of barrels of oil spilled on or near water. Distributions are again skewed. As above, consider the first target class, “facility—CDC, material poisonous or toxic by inhalation,” as an example. The minimum (zero barrels of oil spilled), median (one barrel of oil), and maximum (20,000 barrels of oil) span four orders of magnitude. The absence of oil at many facilities likely explains the prevalence of zero and low environmental consequences in the data.

H.3. Conclusions

In this appendix, we described the MSRAM data that we received from CG-PSA and the results of an explor- atory data analysis. The MSRAM data include the consequence scores for 906 unique facilities (anonymized)

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

126

TABLE H.2

Distributions of Death and Injury Consequence Scores, in Number of Fatalities, for Attack Scenarios in the MSRAM Data, Grouped by Target Class

Target Class Mean Minimum 5th

Percentile 25th

Percentile Median 75th

Percentile 95th

Percentile Maximum Count

Facility— CDC, material poisonous or toxic by inhalation

2,592 0 5 34 189 1,886 10,828 82,154 249

Facility— CDC, LPG and LNG

728 0 1 18 175 722 3,437 10,399 123

Facility— CDC, explosive cargo

245 0 1 5 22 84 1,206 6,412 80

Facility— CDC, except preview three classes

393 0 1 23 55 246 2,536 3,062 47

Facility— CDC, radiological

50 50 50 50 50 50 50 50 2

Facility— hazmat (non-CDC)

33 0 2 10 15 30 153 301 200

Facility— Petroleum and fuel storage facilities

26 0 1 6 12 25 77 745 618

Facility— Petroleum refinery

235 0 2 10 34 118 966 6,147 225

Facility— Marine cargo terminals (not otherwise specified)

41 0 3 12 25 45 100 660 223

Facility— Strategic industrial facilities (military and commercial)

84 0 1 21 55 100 226 500 48

Facility— Agricultural and food

40 4 5 10 18 44 110 300 20

Total 1,835

NOTE: Because the list of CDCs was not formalized until 2020 (Commandant, 2020c) and MSRAM existed before that, it is unclear whether MSRAM used the same CDC definition. Results for the target classes of ferry passenger terminal, cruise ship passenger terminal, and offshore oil or gas facility are not shown because they were not subject to the reader rule delay.

Analysis of the MSRAM Data

127

TABLE H.3

Distributions of Economic Consequence Scores, in Millions of Dollars, for Attack Scenarios in the MSRAM Data, Grouped by Target Class

Target Class Mean Minimum 5th

Percentile 25th

Percentile Median 75th

Percentile 95th

Percentile Maximum Count

Facility— CDC, material poisonous or toxic by inhalation

54 1 1 5 17 50 159 3,000 249

Facility— CDC, LPG and LNG

100 1 2 25 50 150 300 600 123

Facility— CDC, explosive cargo

13 1 1 1 5 20 50 100 80

Facility— CDC, except previous three classes

53 4 4 17 30 50 150 420 47

Facility— CDC, radiological

30 30 30 30 30 30 30 30 2

Facility— hazmat (non-CDC)

31 0 1 3 17 30 165 300 200

Facility— Petroleum and fuel storage facilities

38 0 1 6 20 45 165 665 618

Facility— Petroleum refinery

164 0 3 25 88 300 500 1,600 225

Facility— Marine cargo terminals (not otherwise specified)

24 0 1 6 15 27 75 200 223

Facility— Strategic industrial facilities (military and commercial)

114 1 2 15 40 200 400 400 48

Facility— Agricultural and food

116 1 2 5 16 95 521 925 20

Total 1,835

NOTE: Because the list of CDCs was not formalized until 2020 (Commandant, 2020c) and MSRAM existed before that, it is unclear whether MSRAM used the same CDC definition. Results for the target classes of ferry passenger terminal, cruise ship passenger terminal, and offshore oil or gas facility are not shown because they were not subject to the reader rule delay.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

128

TABLE H.4

Distributions of Environmental Consequence Scores, in Number of Barrels of Oil Spilled on or Near Water, for Attack Scenarios in the MSRAM Data, Grouped by Target Class

Target Class Mean Minimum 5th

Percentile 25th

Percentile Median 75th

Percentile 95th

Percentile Maximum Count

Facility— CDC, material poisonous or toxic by inhalation

972 0 0 0 1 100 5,000 20,000 249

Facility— CDC, LPG and LNG

10,069 0 0 1 150 5,500 20,000 240,000 123

Facility— CDC, explosive cargo

596 0 0 0 0 31 209 30,000 80

Facility— CDC, except previous three classes

13,610 0 0 38 1,000 10,500 75,750 100,000 47

Facility— CDC, radiological

55 10 15 33 55 78 96 100 2

Facility— hazmat (non-CDC)

2,589 0 0 1 50 1,000 8,337 160,000 200

Facility— Petroleum and fuel storage facilities

15,068 0 0 500 5,000 13,000 75,000 565,531 618

Facility— Petroleum refinery

18,578 0 0 100 3,000 15,000 82,500 543,000 225

Facility— Marine cargo terminals (not otherwise specified)

1,388 0 0 0 75 275 5,000 50,000 223

Facility— Strategic industrial facilities (military and commercial)

10,256 0 0 10 625 5,000 25,000 150,000 48

Facility— Agricultural and food

4,463 0 1 64 150 700 24,550 35,000 20

Total 1,835

NOTE: Because the list of CDCs was not formalized until 2020 (Commandant, 2020c) and MSRAM existed before that, it is unclear whether MSRAM used the same CDC definition. Results for the target classes of ferry passenger terminal, cruise ship passenger terminal, and offshore oil or gas facility are not shown because they were not subject to the reader rule delay.

Analysis of the MSRAM Data

129

for up to four attack modes but chemical information for only 135 facilities. We concluded that the data are unsuitable for the analysis mainly because of three factors:

1. anonymized facility information 2. limited chemical information compared with the amount of consequence information (i.e., cannot

establish linkage between the consequences and CDCs associated with a facility) 3. lack of use of standardized, objective modeling or assessment methodologies through which conse-

quence scores were generated.

Factors 1 and 2 affect estimation of the population of facilities that handle CDCs (Chapter Three) because (1) we do not know the exact facilities being considered and (2) for most facilities, we do not know which CDCs are present. Using MSRAM’s target class to discern whether a facility handles CDCs is uninforma- tive because a facility could have multiple attributes (i.e., can be categorized under a different target class). Factor 3 affects the facility risk model (Chapter Four). Because consequence assessments were not always based on standardized, objective methodologies, we could not reproduce the results. These conclusions are unsurprising because MSRAM was not originally designed to support the type of regulatory analysis con- sidered in this study.

Additionally, and perhaps more importantly, the analysis showed how skewed the consequence distri- butions are even for facilities in the same class. (The same phenomenon also characterizes the results of the CFATS risk engine described in Section 4.3 for facilities known to handle CDCs.) For example, the D/I consequence scores spanned five orders of magnitude for facilities in the class of “facility—CDC, material poisonous or toxic by inhalation.” So, treating all facilities in this class monolithically requires careful con- sideration and justification because of enormous in-class variations in consequence. In general, it is desirable to group only facilities with comparable consequences. However, if doing so is impractical (e.g., because of a need to use a simple facility typology for regulatory analysis or rule implementation), median consequence is a more robust measure than mean.

131

APPENDIX I

Incorporating LandScan USA Population Data into a Simplified Model to Estimate Facility Consequences

This appendix first introduces the LandScan USA population data (ORNL, undated). It then describes (1) how we used the LandScan USA data to define the representative population density (in number of people per square mile), one of the observable attributes (Section 4.3.2) that can serve as a proxy for consequence, and (2) how we developed a simplified model to estimate facility consequences using the representative popu- lation density and the empirical relationships developed by CISA analysts (CISA, 2022).

The simplified model approximates CISA’s CFATS risk engine (CISA, 2021) and is meant to generate consequence estimates quickly. We used it mainly to facilitate (1) determination of the representative popu- lation density and (2) efficient creation of a much larger synthetic data set to verify the consequence pattern identified through the actual CFATS risk-engine runs for the 386  facilities matched to the EPA data (see Appendix J). All consequence estimates discussed in the main report (e.g., Chapters Four and Five) are still based on the actual CFATS risk-engine runs rather than the simplified model.

I.1. The LandScan USA Population Data

We used the 2019 LandScan USA population data (ORNL, undated) to characterize the population density for areas surrounding a facility. The LandScan USA data provide population counts, for both daytime and nighttime, at roughly 90-m (or 3 arc-second) resolution for the United States. The data represent baseline population estimates and do not include transitory populations (e.g., tourists). The data are also incorpo- rated in DHS’s Homeland Infrastructure Foundation-Level Data (HIFLD), from which we obtained the data. Table  I.1 shows the HIFLD citations for the LandScan population data as of February 17, 2022. Note the separate citations for the daytime and nighttime data. We processed the LandScan data using ArcMap ver- sion 10.8 from the Environmental Systems Research Institute (ESRI).

Because LandScan USA has both the daytime and nighttime versions, a natural question is which one to use. For the 386 facilities identified through the EPA database matching process (Section 3.3.1), we calculated the daytime and nighttime population counts in a circular buffer surrounding the facility location with radii of 0.25, 0.5, 1, 2, and 4 miles using ArcMap. We found that the percentages of facilities where daytime counts were higher than nighttime ones were 84, 83, 79, 75, and 67 percent for 0.25, 0.5, 1, 2, and 4 miles, respectively. So, to be more conservative, we used the daytime population for the study.

Figure I.1 illustrates the LandScan USA data. The top panel is a map for a notional facility (indicated by the destination marker) in Chesapeake, Virginia. The bottom panel is the corresponding LandScan USA raster image with five concentric circles with radii of 0.25, 0.5, 1, and 4 miles centered at the facility. Popula- tion varies spatially, as indicated by grid cells of different colors. The average population density (in number of people per square mile) can be calculated for each circular buffer by adding all population counts inside a circle and dividing the sum by the area of the circle.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

132

I.2. Representative Population Density and Its Use for a Simplified Model to Estimate Facility Consequences

As described in Section 4.3.2, CISA analysts used the CFATS risk engine (CISA, 2021) to estimate conse- quences for 386  facilities that were matched to the EPA RMP and TRI databases, from which the corre- sponding CDC information (name and quantity) can also be retrieved. However, implementing the final reader rule using observable attributes to serve as proxies for consequence would be preferable to conducting physics-based consequence modeling that requires technical expertise.

One such attribute is population density (in number of people per square mile). For example, two facili- ties that are identical except that one is in a rural area and the other is in an urban area will yield drastically different consequences. Another attribute is release quantity: All else being equal, a larger quantity will lead to a higher consequence. Although release quantity is well defined, population density is less so because it varies spatially (Figure I.1). As described in Section I.1, the LandScan population data have a 90-m resolu- tion. For practical purposes, representative population density needs to be defined, one that refers to a char- acteristic area. We describe below how this area is determined. To that end, we also describe a simplified consequence assessment model to facilitate determination of representative population density. This simpli- fied consequence assessment model was also used to generate the synthetic consequence data set described in Appendix J.

For toxic, flammable, and explosive chemicals alike, the physics-based consequence modeling in the CFATS risk engine predicts zones enclosed by various fatality isopleths. These zones are mapped to the LandScan population database to estimate consequence. For example, the five fatality isopleths considered for toxic chemicals are 90, 50, 20, 5, and 1  percent (CISA, 2021). Lower-fatality isopleths always enclose higher-fatality isopleths. The 90-percent fatality isopleth encloses the smallest fatality zone and is closest to the release. In that zone, more than 90 percent of the people are expected to be killed.1 Inside the 50-percent

1 The fatality rate for the population along the 90-percent isopleth is expected to be 90 percent, and that for the area inside the 90-percent isopleth is expected to be higher than 90 percent.

TABLE I.1

HIFLD Citations for LandScan Population Data, as of February 17, 2022

Location

Time

Daytime Nighttime

Continental United States 2021 2022a

Alaska 2022b 2022c

American Samoa 2022d 2022e

Guam 2022f 2022g

Hawaii 2022h 2022i

Puerto Rico 2022j 2022k

Virgin Islands 2022l 2022m

NOTE: All citations are under DHS in the list of references for this report (e.g., the daytime data for the continental United States came from DHS, 2021). Each reference has complete bibliographic information, including a web address.

Incorporating LandScan USA Population Data into a Simplified Model to Estimate Facility Consequences

133

FIGURE I.1

Illustration of LandScan USA Data Where Average Population Density Can Be Calculated for Circular Buffers of Varying Radii

SOURCE: Bottom map: authors’ analysis of raw (highest-resolution) LandScan Population data (CC BY 4.0) using ArcMap.

0 1–10 11–20 21–30 31–40 41–50 51–60 >60

Population (number of people per cell)

0.25-mile radius 0.5-mile radius

1-mile radius

2-mile radius

4-mile radius

Chesapeake

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

134

fatality isopleth minus the area inside the 90-percent fatality isopleth, more than 50 percent (but less than 90 percent) of the people are expected to be killed. The same applies to lower-fatality isopleths and zones.

With the results of the CFATS risk-engine simulations that systematically cover all 43 CDCs and a range of storage quantities from 0.25 to 50,000 tons (about 40 to 50 data points for the range), CISA analysts devel- oped empirical relationships (i.e., curve fits) that give fatality-weighted area as a function of CDC (e.g., chlo- rine) and quantity (e.g., 100,000 lb.). For example, for toxic chemicals, the fatality-weighted area is given as the sum of these five terms:2

• 93 percent of the zone enclosed by the 90-percent fatality isopleth • 60 percent of the zone inside the 50-percent fatality isopleth minus that inside the 90-percent fatality

isopleth • 19 percent of the zone inside the 20-percent fatality isopleth minus that inside the 50-percent fatality

isopleth • 4 percent of the zone inside the 5-percent fatality isopleth minus that inside the 20-percent fatality iso-

pleth • 0.72 percent of the zone inside the 1-percent fatality isopleth minus that inside the 5-percent fatality

isopleth.

These descriptions are mainly for toxic CDCs; CISA analysts developed separate formulations for flam- mable CDCs. See CISA, 2022, for additional details. Figure I.2 provides an example of the empirical relation-

2 CISA analysts chose the 93, 60, 19, 4, and 0.72 percent used for various fatality zones to account for the fact that (1) the fatal- ity rate is a continuous variable and (2) each fatality zone has a different assumed evacuation fraction.

FIGURE I.2

Empirical Relationship for Fatality-Weighted Area as a Function of Quantity for Chlorine

SOURCE: CISA analysis.

0.01

0.1

1

10

100

1,000

10,000 100,000 1 million 10 million 100 million

Fa ta

lit y-

w ei

gh te

d a

re a,

in s

q ua

re m

ile s

Amount of chlorine, in pounds

Incorporating LandScan USA Population Data into a Simplified Model to Estimate Facility Consequences

135

ship for chlorine. CISA analysts developed similar relationships for each of the 43 CDCs authorized to be transported in bulk.

A simplified model to estimate consequence is the product of the fatality-weighted area (based on CDC type and quantity) and the representative population density (in number of people per square mile). For example, the fatality-weighted area for 100,000 lb. of chlorine is 0.255 square miles (Figure I.2). If the repre- sentative population density is 1,000 people per square mile, the estimated number of fatalities is 255 (1,000 times 0.255).

These empirical relationships are essentially a model of a model (i.e., curve fits of the CFATS risk engine), with the benefit of computing the results quickly and avoiding the need to run a full-fledged model. Because the empirical relationships are essentially curve fits along with other simplifications, there will be some dis- crepancies between the results given by the CFATS risk engine and those from the simplified model.

We used the following approach to determine the area to use to define the representative population den- sity. We have two sets of consequence results given by the full-fledged CFATS risk engine and the simplified model, where the latter further depends on the empirical relationships and the area used to define the rep- resentative population density. We used the same five buffer zones (with radii of 0.25, 0.5, 1, 2, and 4 miles) mentioned in Section I.1 to calculate the representative population density. We then compared the agreement between the consequence estimates given by the CFATS risk engine (which uses the LandScan population data at the full 90-m resolution) and those given by the simplified model. For example, Figure I.3 shows the comparison between the CFATS risk engine and the simplified model—where the average population density was determined using a 2-mile buffer—for all the CDCs handled by the 386 facilities. Each facility handles between one and 23 CDCs (Figure 4.2), and each CDC has a corresponding consequence, for a total sample size of 1,544. There is agreement between the two approaches, with larger scatter for smaller consequences.

Table I.2 shows the performance measures (in terms of the fraction within a factor of 2 and the correla- tion coefficient) of the simplified model—with the CFATS risk engine as the benchmark—for different buffer sizes. The buffer with a radius of 2 miles has the best performance (i.e., the highest fraction within a factor of 2 and the highest correlation coefficient). Thus, we used the average (daytime) population density over a buffer with a 2-mile radius for the facility risk model (including facility typology) described in Section 4.3.2.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

136

FIGURE I.3

Comparison of Consequence Estimates from the CFATS Risk Engine and the Simplified Model with the Average Population Density Determined by a 2-Mile Buffer for All CDCs Handled at 386 Facilities

NOTE: We considered all CDCs handled at each of the 386 facilities, so the total sample size is 1,544. The figure also includes the factor-of-2 lines in dashed blue.

1

10

100

1,000

10,000

100,000

1 million

1 10 100 1,000 10,000 100,000 1 million

C on

se q

ue nc

e fr

om t

he s

im p

lif ie

d m

od el

, i n

nu m

b er

o f f

at al

iti es

Consequence from the CFATS risk engine, in number of fatalities

Incorporating LandScan USA Population Data into a Simplified Model to Estimate Facility Consequences

137

TABLE I.2

Performance Measures of the Simplified Model for Different Buffer Sizes Used to Calculate the Average Population Density

Buffer Radius, in Miles Fraction Within a Factor of 2 Correlation Coefficient

0.25 0.505 0.483

0.5 0.521 0.595

1 0.517 0.758

2 0.554 0.765

4 0.524 0.683

139

APPENDIX J

Creating a Synthetic Data Set for Analysis of Consequence Distributions

Section 4.3.2 describes our approach to developing a facility risk model we used to analyze the dependence of consequences—predicted by the CFATS risk-engine (CISA, 2021) runs for 1,544 facility–CDC combinations— on four observable attributes: (1) CDC quantity, (2) local population density, (3) toxic versus flammable CDC, and (4) NFPA hazard rating. Tables 4.2 and 4.3 summarized the results, with the corresponding sample size given in Tables 4.4 and 4.5. As described in that section, although Tables 4.2 and 4.3 showed a pattern that is generally consistent with our intuition (e.g., higher consequence for higher CDC quantity and higher popu- lation density), it also showed some unexpected results. For example, the median consequence (67 fatalities) for quantity less than 100,000 lb., NFPA health hazard rating of 4, and population density between 1,000 and 2,999 people per square mile is higher than that (14 fatalities) for the same quantity and NFPA health hazard rating but a population density greater than 3,000 people per square mile. This appendix demonstrates that these exceptions disappear once a more complete data set is used.

Based on the EPA database matching process (Section 3.3.1), we have information about 386  facilities and the CDCs handled at each facility, leading to a total of 1,544 facility–CDC combinations (Figure 4.2). To be comprehensive, we constructed a synthetic data set that includes all combinations of (1) facilities (386 in total), (2) CDCs (43 in total), and (3) five representative quantities (31,620, 316,200, 3,162,000, 31.62 million, and 316.2 million pounds).1 This led to a total of 82,990 combinations. Because the synthetic data set covers all possible combinations, we have complete knowledge about the consequence distribution, including those situations not covered by the EPA data.

Because making 82,990 CFATS risk engine runs would not be practical, we used an alternative approach. We leveraged the empirical relationships described in Section I.2 that give the fatality-weighted area as a function of quantity for each CDC (e.g., Figure I.2). Section I.2 also shows that the representative popula- tion density for a facility can be calculated using the LandScan USA data within a 2-mile radius from the facility. Finally, Section  I.2 further shows that multiplying the fatality-weighted area and the representa- tive population density is an efficient way to generate a consequence estimate that approximates the CFATS risk engine. The resultant simplified model for consequence assessment model is based on (1) local popula- tion density (which is tied to the facility location), (2) CDC type, and (3) CDC quantity, which are the three

1 These five quantities are intended to be representative of these five quantity ranges:

• 10,000 to 100,000 lb. • 100,000 to 1 million pounds • 1 million to 10 million pounds • 10 million to 100 million pounds • 100 million to 1 billion pounds

where, for example, 31,620 is the geometric mean between 10,000 and 100,000. We used the geometric mean because it is a more robust representative measure than mean for values that have wide variations.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

140

dimensions of the synthetic data set mentioned in the previous paragraph. As illustrated in Figure I.3, the consequence results from the simplified model and the actual CFATS risk engine generally agree, with larger scatter mainly for smaller consequence. However, the simplified model produces results in substantially less time than the CFATS risk engine, which makes it practical for generating a large data set.

CISA analysts modeled the 43 CDCs authorized to be transported in bulk as either toxic or flammable. (The CFATS risk engine uses the same model for flammables as it does for explosives; see Figure 4.1.) Any CDC that had both toxic and flammable hazards was assigned to the type that would yield a higher conse- quence. (The flammable category includes explosives.) For the 11 toxic CDCs, six and five of them had NFPA health hazard ratings of 4 and 3, respectively. For the 32 flammable CDCs, 27, two, one, and two of them had NFPA flammability hazard ratings of 4, 3, 2, and 0, respectively. The CDCs that had an NFPA flammabil- ity hazard rating of 0 are two variants of ammonium nitrate that were explosives and had NFPA instability hazard ratings of 3 (Table 2.3).

Tables J.1 and J.2 show the median consequence from the simplified model for each combination of cat- egories of CDC quantity, population density, toxic versus flammable CDC, and NFPA hazard rating. As expected, the tables show a more consistent pattern than those in Tables 4.2 and 4.3, in that consequence is higher for higher CDC quantity and higher population density. Tables J.3 and J.4 show the corresponding sample size for each combination of categories. As expected, each combination of categories has plenty of data points—at least 265, far more than some in the single digits in Tables 4.4 and 4.5.

Although the results based on the synthetic data set support the facility typology discussed in Tables 4.2 and 4.3, the synthetic data set suggests a weak dependence on the NFPA hazard rating. This is mainly because the CFATS risk engine does not directly use the NFPA hazard ratings for modeling. For example, the NFPA flammability hazard rating depends partly on the CDC’s flash and boiling point temperatures (NFPA, 2017), but the vapor cloud explosion modeling in the CFATS risk engine depends partly on the heat of combustion and the CDC’s yield factor (CISA, 2021). Moreover, the NFPA health hazard rating considers multiple path- ways, including inhalation, skin contact, eye contact, and ingestion; the dispersion modeling in the CFATS risk engine considers mainly inhalation hazards. Tables J.1 and J.2 also show that, compared with CDC quan- tity and local population density, whether the type of CDC is toxic or flammable contributes to less variation in consequence, especially for conditions associated with relatively low consequence.

TABLE J.1

Median Consequence, in Number of Fatalities, Given by the Simplified Model for Each Combination of Categories of Toxic CDC Quantity, Representative Population Density, and NFPA Hazard Rating for the Synthetic Data Set with 82,990 Cases

Quantity, in Pounds

People per Square Mile

NFPA Health Hazard Rating = 3 NFPA Health Hazard Rating = 4

0–99 100–299 300–999 1,000– 2,999 ≥3,000 0–99 100–299 300–999

1,000– 2,999 ≥3,000

≤105 0 0 1 3 11 0 0 1 4 14

105< and ≤106 2 10 29 84 285 1 6 18 58 210

106< and ≤107 27 189 510 1,598 5,111 22 110 350 1,103 4,125

107< and ≤108 435 3,503 9,067 29,062 93,836 668 3,540 10,971 35,128 125,019

108< and ≤109 5,417 38,749 104,459 325,722 1,088,410 6,434 38,120 109,396 353,357 1,283,167

NOTE: Color shading is used to demonstrate relative consequence distribution: Redder shading indicates higher median consequence, and greener shading indicates lower.

Creating a Synthetic Data Set for Analysis of Consequence Distributions

141

TABLE J.2

Median Consequence, in Number of Fatalities, Given by the Simplified Model for Each Combination of Categories of Flammable CDC Quantity, Representative Population Density, and NFPA Hazard Rating for the Synthetic Data Set with 82,990 Cases

Quantity, in Pounds

People per Square Mile

NFPA Flammability Hazard Rating ≤ 3 NFPA Flammability Hazard Rating = 4

0–99 100–299 300–999 1,000– 2,999 ≥3,000 0–99 100–299 300–999

1,000– 2,999 ≥3,000

≤105 0 1 4 13 43 0 2 4 13 44

105< and ≤106 1 7 19 61 203 1 7 20 60 204

106< and ≤107 5 33 90 290 962 7 35 94 285 968

107< and ≤108 23 157 433 1,388 4,620 33 167 452 1,364 4,646

108< and ≤109 113 771 2,126 6,783 22,615 161 813 2,205 6,648 22,732

NOTE: Color shading is used to demonstrate relative consequence distribution: Redder shading indicates higher median consequence, and greener shading indicates lower.

TABLE J.3

Sample Size for Each Combination of Categories of Toxic CDC Quantity, Representative Population Density, and NFPA Hazard Rating for the Synthetic Data Set with 82,990 Cases

Quantity, in Pounds

People per Square Mile

NFPA Health Hazard Rating = 3 NFPA Health Hazard Rating = 4

0–99 100–299 300–999 1,000– 2,999 ≥3,000 0–99 100–299 300–999

1,000– 2,999 ≥3,000

≤105 265 330 610 455 270 318 396 732 546 324

105< and ≤106 265 330 610 455 270 318 396 732 546 324

106< and ≤107 265 330 610 455 270 318 396 732 546 324

107< and ≤108 265 330 610 455 270 318 396 732 546 324

108< and ≤109 265 330 610 455 270 318 396 732 546 324

TABLE J.4

Sample Size for Each Combination of Categories of Flammable CDC Quantity, Representative Population Density, and NFPA Hazard Rating for the Synthetic Data Set with 82,990 Cases

Quantity, in Pounds

People per Square Mile

NFPA Flammability Hazard Rating ≤ 3 NFPA Flammability Hazard Rating = 4

0–99 100–299 300–999 1,000– 2,999 ≥3,000 0–99 100–299 300–999

1,000– 2,999 ≥3,000

≤105 265 330 610 455 270 1,431 1,782 3,294 2,457 1,458

105< and ≤106 265 330 610 455 270 1,431 1,782 3,294 2,457 1,458

106< and ≤107 265 330 610 455 270 1,431 1,782 3,294 2,457 1,458

107< and ≤108 265 330 610 455 270 1,431 1,782 3,294 2,457 1,458

108< and ≤109 265 330 610 455 270 1,431 1,782 3,294 2,457 1,458

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

142

As described in Section 4.3.2, the facility typology can be further simplified by considering fewer dimen- sions, to be more practical. Because of the above findings, we considered a simplified facility typology by considering just CDC quantity and local population density in the cost–benefit analysis.

143

Abbreviations

AHP analytic hierarchy process

ANPRM advance notice of proposed rulemaking

ATSA Aviation and Transportation Security Act

BLS U.S. Bureau of Labor Statistics

C4 a hydrocarbon with four carbon atoms

CAMEO Computer-Aided Management of Emergency Operations

CAS Chemical Abstracts Service

CCPS Center of Chemical Process Safety

CDC certain dangerous cargo

CFATS Chemical Facility Anti-Terrorism Standards

C.F.R. Code of Federal Regulations

CG-PSA U.S. Coast Guard Office of International and Domestic Port Security Assessment

CG-REG U.S. Coast Guard Office of Standards Evaluation and Development

CHRIS Chemical Hazards Response Information System

CISA Cybersecurity and Infrastructure Security Agency

COTP captain of the port

CSAC Chemical Security Analysis Center

DHS U.S. Department of Homeland Security

D/I death and injury

DOT U.S. Department of Transportation

EPA U.S. Environmental Protection Agency

ERG Emergency Response Guidebook

FEMA Federal Emergency Management Agency

FSO facility security officer

FSP facility security plan

GAO U.S. Government Accountability Office

hazmat hazardous material

HSOAC Homeland Security Operational Analysis Center

ID identification

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

144

ISO International Organization for Standardization

LNG liquefied natural gas

LPG liquefied petroleum gas

MARPOL marine pollution

MARSEC maritime security

MB megabyte

MISLE Marine Information for Safety and Law Enforcement

MPa megapascal

MSRAM Maritime Security Risk Analysis Model

MTSA Maritime Transportation Security Act

N/A not applicable

NAICS North American Industry Classification System

NFPA National Fire Protection Association

NIH National Institutes of Health

NIOSH National Institute for Occupational Safety and Health

NOAA National Oceanic and Atmospheric Administration

NPRM notice of proposed rulemaking

NRC National Response Center

OCS outer continental shelf

OMB Office of Management and Budget

ORNL Oak Ridge National Laboratory

PACS physical access control system

PAD protective action distance

RMP Risk Management Plan

SAFE Port Act Security and Accountability for Every Port Act

TRI Toxics Release Inventory

TSA Transportation Security Administration

TSI transportation security incident

TWIC Transportation Worker Identification Credential

UN United Nations

U.S.C. U.S. Code

Abbreviations

145

USCG U.S. Coast Guard

VSL value of a statistical life

147

References

Abt, Clark C., “The Economic Impact of Nuclear Terrorist Attacks on Freight Transport Systems in an Age of Seaport Vulnerability: Executive Summary,” Cambridge, Mass., prepared for U.S. Department of Transportation, Volpe National Transportation Systems Center, April 30, 2003. As of June 3, 2022: https://www.abtassociates.com/insights/publications/report/ economic-impact-of-nuclear-terrorist-attacks-on-freight-transport

Abt, Clark C., William Rhodes, Rocco Casagrande, and Gary Gaumer, “The Economic Impacts of Bioterrorist Attacks on Freight Transport Systems in an Age of Seaport Vulnerability: Executive Summary,” Cambridge, Mass., prepared for U.S. Department of Transportation, Volpe National Transportation Systems Center, May 9, 2003. As of June 3, 2022: https://www.abtassociates.com/insights/publications/report/ economic-impacts-of-bioterrorist-attacks-on-freight-transport-systems

Agrawal, Mukta, Eric Sylwester, Eric Ambinder, Joseph Chang, Anita Epstein, Vikram Gupta, Carl Hildebrand, and Peter Hull, Chemical Facility Anti-Terrorism Tiering Methodology Peer Review: Final Report, Arlington, Va.: Analytic Services, RP12-22-02, October 2013.

ATSA—See Public Law 107-71, 2001.

Aviation and Transportation Security Act—See Public Law 107-71, 2001.

Baxter, Jennifer, “Overview of Challenges Identified During the Development of Estimates of the Benefits of U.S. Customs and Border Protection Regulations,” November 29, 2011, in Victoria A. Greenfield, Henry H. Willis, and Tom LaTourrette, Assessing the Benefits of U.S. Customs and Border Protection Regulatory Actions to Reduce Terrorism Risks, Santa Monica, Calif.: RAND Corporation, CF-301-INDEC, 2012, pp. 26–32. As of May 16, 2022: https://www.rand.org/pubs/conf_proceedings/CF301.html

BLS—See U.S. Bureau of Labor Statistics.

Brown, David F., Wade A. Freeman, and William D. Haney, Development of the Table of Initial Isolation and Protective Action Distances for 2016 Emergency Response Guidebook, Argonne, Ill.: Global Security Sciences Division, Argonne National Laboratory, ANL/GSS-17/1, August 2017. As of June 3, 2022: https://trid.trb.org/view/1922760

Bureau of the Census, Economics and Statistics Administration, U.S. Department of Commerce, Geographic Areas Reference Manual, Washington, D.C., November 1994. As of March 19, 2022: https://www.census.gov/programs-surveys/geography/guidance/geographic-areas-reference-manual.html

CCPS—See Center for Chemical Process Safety.

CDC job aid—See Commandant, 2020c.

Center for Chemical Process Safety, American Institute of Chemical Engineers, Guidelines for Chemical Process Quantitative Risk Analysis, 2nd ed., New York, 2000.

———, Guidelines for Risk-Based Process Safety, Hoboken, N.J.: Wiley-Interscience, 2007.

C.F.R.—See Code of Federal Regulations.

CG-REG—See Office of Standards Evaluation and Development.

CISA—See Cybersecurity and Infrastructure Security Agency.

Clean Air Act Amendments—See Public Law 101-549, 1990.

Clinton, William J., “Executive Order 12866 of September 30, 1993: Regulatory Planning and Review,” Federal Register, Vol. 58, No. 190, October 4, 1993. As of June 3, 2022: https://www.reginfo.gov/public/jsp/Utilities/EO_Redirect.myjsp

Code of Federal Regulations, Title 33, Navigation and Navigable Waters; Chapter I, Coast Guard, Department of Homeland Security (Continued); Subchapter H, Maritime Security; Part 101, Maritime Security: General; Subpart A, General; Section 101.105, Definitions. As of June 3, 2022: https://www.ecfr.gov/current/title-33/chapter-I/subchapter-H/part-101/subpart-A/section-101.105

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

148

———, Title 33, Navigation and Navigable Waters; Chapter I, Coast Guard, Department of Homeland Security (Continued); Subchapter H, Maritime Security; Part 105, Maritime Security: Facilities; Subpart A, General; Section 105.105, Applicability. As of June 12, 2022: https://www.ecfr.gov/current/title-33/chapter-I/subchapter-H/part-105/subpart-A/section-105.105

———, Title 33, Navigation and Navigable Waters; Chapter I, Coast Guard, Department of Homeland Security; Subchapter H, Maritime Security; Part 105, Maritime Security: Facilities; Subpart B, Facility Security Requirements; Section 105.253, Risk Group Classifications for Facilities. As of March 23, 2022: https://www.ecfr.gov/current/title-33/chapter-I/subchapter-H/part-105/subpart-B/section-105.253

———, Title 33, Navigation and Navigable Waters; Chapter I, Coast Guard, Department of Homeland Security; Subchapter H, Maritime Security; Part 105, Maritime Security: Facilities; Subpart B, Facility Security Requirements; Section 105.295, Additional Requirements—Certain Dangerous Cargo (CDC) Facilities. As of June 5, 2022: https://www.ecfr.gov/current/title-33/chapter-I/subchapter-H/part-105/subpart-B/section-105.295

———, Title 33, Navigation and Navigable Waters; Chapter I, Coast Guard, Department of Homeland Security; Subchapter L, Waterfront Facilities; Part 126, Handling of Dangerous Cargo at Waterfront Facilities. As of June 12, 2022: https://www.ecfr.gov/current/title-33/chapter-I/subchapter-L/part-126

———, Title 33, Navigation and Navigable Waters; Chapter I, Coast Guard, Department of Homeland Security; Subchapter L, Waterfront Facilities; Part 127, Waterfront Facilities Handling Liquefied Natural Gas and Liquefied Hazardous Gas. As of June 12, 2022: https://www.ecfr.gov/current/title-33/chapter-I/subchapter-L/part-127

———, Title 33, Navigation and Navigable Waters; Chapter I, Coast Guard, Department of Homeland Security; Subchapter O, Pollution; Part 154, Facilities Transferring Oil or Hazardous Material in Bulk. As of June 3, 2022: https://www.ecfr.gov/current/title-33/chapter-I/subchapter-O/part-154

———, Title 33, Navigation and Navigable Waters; Chapter I, Coast Guard, Department of Homeland Security (Continued); Subchapter P, Ports and Waterways Safety; Part 160, Ports and Waterways Safety—General; Subpart C, Notification of Arrival, Hazardous Conditions, and Certain Dangerous Cargoes; Section 160.202, Definitions. As of June 3, 2022: https://www.ecfr.gov/current/title-33/chapter-I/subchapter-P/part-160/subpart-C/section-160.202

———, Title 46, Shipping; Chapter I, Coast Guard, Department of Homeland Security; Subchapter D, Tank Vessels. As of June 12, 2022: https://www.ecfr.gov/current/title-46/chapter-I/subchapter-D

———, Title 46, Shipping; Chapter I, Coast Guard, Department of Homeland Security; Subchapter I, Cargo and Miscellaneous Vessels. As of June 12, 2022: https://www.ecfr.gov/current/title-46/chapter-I/subchapter-I

———, Title 49, Transportation; Subtitle B, Other Regulations Relating to Transportation; Chapter I, Pipeline and Hazardous Materials Safety Administration, Department of Transportation; Subchapter C, Hazardous Materials Regulations; Part 171, General Information, Regulations, and Definitions; Subpart A, Applicability, General Requirements, and North American Shipments; Section 171.8, Definitions and Abbreviations. As of June 7, 2022: https://www.ecfr.gov/current/title-49/subtitle-B/chapter-I/subchapter-C/part-171/subpart-A/section-171.8

———, Title 49, Transportation; Subtitle B, Other Regulations Relating to Transportation; Chapter I, Pipeline and Hazardous Materials Safety Administration, Department of Transportation; Subchapter C, Hazardous Materials Regulations; Part 172, Hazardous Materials Table, Special Provisions, Hazardous Materials Communications, Emergency Response Information, Training Requirements, and Security Plans; Subpart B, Table of Hazardous Materials and Special Provisions; Section 172.101, Purpose and Use of Hazardous Materials Table. As of June 12, 2022: https://www.ecfr.gov/current/title-49/subtitle-B/chapter-I/subchapter-C/part-172/subpart-B/section-172.101

———, Title 49, Transportation; Subtitle B, Other Regulations Relating to Transportation; Chapter I, Pipeline and Hazardous Materials Safety Administration, Department of Transportation; Subchapter C, Hazardous Materials Regulations; Part 173, Shippers—General Requirements for Shipments and Packagings; Subpart C, Definitions, Classification and Packaging for Class 1; Section 173.50, Class 1—Definitions. As of June 12, 2022: https://www.ecfr.gov/current/title-49/subtitle-B/chapter-I/subchapter-C/part-173/subpart-C/section-173.50

References

149

———, Title 49, Transportation; Subtitle B, Other Regulations Relating to Transportation; Chapter I, Pipeline and Hazardous Materials Safety Administration, Department of Transportation; Subchapter C, Hazardous Materials Regulations; Part 173, Shippers—General Requirements for Shipments and Packagings; Subpart I, Class 7 (Radioactive) Materials; Section 173.403, Definitions. As of June 12, 2022: https://www.ecfr.gov/current/title-49/subtitle-B/chapter-I/subchapter-C/part-173/subpart-I/section-173.403

———, Title 49, Transportation; Subtitle B, Other Regulations Relating to Transportation; Chapter I, Pipeline and Hazardous Materials Safety Administration, Department of Transportation; Subchapter C, Hazardous Materials Regulations; Part 176, Carriage by Vessel; Subpart J, Detailed Requirements for Class 4 (Flammable Solids), Class 5 (Oxidizers and Organic Peroxides), and Division 1.5 Materials; Section 176.415, Permit Requirements for Division 1.5, Ammonium Nitrates, and Certain Ammonium Nitrate Fertilizers. As of June 12, 2022: https://www.ecfr.gov/current/title-49/subtitle-B/chapter-I/subchapter-C/part-176/subpart-J/section-176.415

———, Title 49, Transportation; Subtitle B, Other Regulations Relating to Transportation; Chapter IV, Coast Guard, Department of Homeland Security; Subchapter B, Safety Approval of Cargo Containers; Part 450, General; Subpart A, General Provisions; Section 450.3, Definitions. As of June 3, 2022: https://www.ecfr.gov/current/title-49/subtitle-B/chapter-IV/subchapter-B/part-450/subpart-A/section-450.3

———, Title 49, Transportation; Subtitle B; Other Regulations Relating to Transportation; Chapter XII, Transportation Security Administration, Department of Homeland Security; Subchapter D, Maritime and Surface Transportation Security; Part 1572, Credentialing and Security Threat Assessments. As of June 10, 2022: https://www.ecfr.gov/current/title-49/subtitle-B/chapter-XII/subchapter-D/part-1572

Commandant, U.S. Coast Guard, U.S. Department of Homeland Security, Guidance for the Implementation of the Transportation Worker Identification Credential (TWIC) Program in the Maritime Sector, Commandant Publication 16700.40/Navigation and Vessel Inspection Circular 03-07, July 2, 2007. As of June 3, 2022: https://www.dco.uscg.mil/Our-Organization/NVIC/Year/2000/#2007

———, “Reimbursable Standard Rates,” Commandant Instruction 7310.1U, February 2020a. As of March 24, 2022: https://www.uscg.mil/Portals/0/NPFC/docs/7310/CI_7310_1U.pdf?ver=2020-04-06-135219-117

———, Coast Guard Regulated Facility Compliance Program, Commandant Instruction M16600.10, March 2020b. As of June 3, 2020: https://www.dcms.uscg.mil/Our-Organization/Assistant-Commandant-for-C4IT-CG-6/ The-Office-of-Information-Management-CG-61/About-CG-Directives-System/ Commandant-Instruction-Manuals/smdsort2823/description/

———, Certain Dangerous Cargo (CDC) Job Aid, April 2020c. As of November 30, 2021: https://www.regulations.gov/document/USCG-2017-0711-0019

Commandant Instruction 7310.1U—See Commandant, 2020a.

Commandant Instruction M16600.10—See Commandant, 2020b.

Cybersecurity and Infrastructure Security Agency, “Chemical Facility Anti-Terrorism Standards: Tiering Methodology,” fact sheet, Washington, D.C., undated a. As of March 11, 2022: https://www.cisa.gov/cfats-tiering-methodology

———, “Chemical Security Assessment Tool (CSAT),” webpage, Washington, D.C., undated b. As of March 18, 2022: https://www.cisa.gov/chemical-security-assessment-tool

———, Chemical Facility Anti-Terrorism Standards Risk Engine Technical Report: Description of the Second- Generation Risk Engine, April 12, 2021.

———, Consequence Calculator Methodology for U.S. Coast Guard Transportation Worker Identification Credential Analysis, Draft, April 3, 2022.

DHS—See U.S. Department of Homeland Security.

DoD—See U.S. Department of Defense.

DOT—See U.S. Department of Transportation.

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

150

Emergency Response Guidebook—See Pipeline and Hazardous Materials Safety Administration, U.S. Department of Transportation, Transport Canada, and Secretaría de Infraestructura, Comunicaciones y Transportes, 2020.

EPA—See U.S. Environmental Protection Agency.

ERG—See Pipeline and Hazardous Materials Safety Administration, U.S. Department of Transportation, Transport Canada, and Secretaría de Infraestructura, Comunicaciones y Transportes, 2020.

Executive Order 12866—See Clinton, 1993.

Farrow, Scott, and Stuart Shapiro, “The Benefit–Cost Analysis of Security Focused Regulations,” Journal of Homeland Security and Emergency Management, Vol. 6, No. 1, 2009, art. 25. As of May 16, 2022: https://www.degruyter.com/document/doi/10.2202/1547-7355.1482/html

Final reader rule—See U.S. Coast Guard, 2016.

Fox, Shannon, Steven Hanna, Thomas Mazzola, Thomas Spicer, Joseph Chang, and Simon Gant, “Overview of the Jack Rabbit II (JR II) Field Experiments and Summary of the Methods Used in the Dispersion Model Comparisons,” Atmospheric Environment, Vol. 269, January 15, 2022, art. 118783.

Freedom of Information Act—See 5 U.S.C. § 552.

GAO—See U.S. Government Accountability Office.

Hanna, Steven, Joseph Chang, and Pablo Huq, “Observed Chlorine Concentrations During Jack Rabbit I and Lyme Bay Field Experiments,” Atmospheric Environment, Vol. 125, Part A, January 2016, pp. 252–256.

HHS—See U.S. Department of Health and Human Services.

International Convention for the Safety of Life at Sea, Arg.–Belg.–Chile–China–Congo–Den.–Egypt–Ger.– Ghana–Iran–Isr.–Liber.–Pol.–Port.–S. Kor.–Spain–Switz.–U.K.–U.S.–Venez., November 1, 1974. As of June 12, 2022: https://treaties.un.org/Pages/showDetails.aspx?objid=08000002800ec37f&clang=_en

Jackson, Brian A., John C. Baker, Peter Chalk, Kim Cragin, John V. Parachini, and Horacio R. Trujillo, Aptitude for Destruction, Volume 1: Organizational Learning in Terrorist Groups and Its Implications for Combating Terrorism, Santa Monica, Calif.: RAND Corporation, MG-331-NIJ, 2005. As of May 16, 2022: https://www.rand.org/pubs/monographs/MG331.html

Maritime Transportation Security Act—See Public Law 107-295, 2002.

Maritime Transportation Security Act/International Ship and Port Security Policy Advisory Council, U.S. Coast Guard, U.S. Department of Homeland Security, “Certain Dangerous Cargo Facilities,” Policy Advisory Council Issue/Discussion/Decision 20-04, May 6, 2004, in U.S. Coast Guard, U.S. Department of Homeland Security, Policy Advisory Council (PAC) Document Registry, February 2018, pp. 9–10. As of April 7, 2022: https://documents.nam.org/ERP/USCG_PAC_20-04.pdf

Masse, Todd, Siobhan O’Neil, and John Rollins, The Department of Homeland Security’s Risk Assessment Methodology: Evolution, Issues, and Options for Congress, Washington, D.C.: Congressional Research Service, RL33858, February 2007. As of March 7, 2022: https://crsreports.congress.gov/product/pdf/RL/RL33858

McMasters, Sun, Chemical Security Analysis Center, Science and Technology Directorate, U.S. Department of Homeland Security, Jack Rabbit III: Chemical Selection Tool, slide deck, Washington, D.C., December 2, 2020, Not available to the general public.

MTSA—See Public Law 107-295, 2002.

MTSA/International Ship and Port Facility Security Policy Advisory Council—See Maritime Transportation Security Act/International Ship and Port Facility Security Policy Advisory Council.

National Fire Protection Association, NFPA 704: Standard System for the Identification of the Hazards of Materials for Emergency Response, 2017.

National Institute for Occupational Safety and Health, Centers for Disease Control and Prevention, U.S. Department of Health and Human Services, NIOSH Pocket Guide to Chemical Hazards, Washington, D.C., 2005-149, September 2007. As of June 3, 2022: https://www.cdc.gov/niosh/docs/2005-149/default.html

References

151

National Institutes of Health, PubChem homepage, undated. As of March 1, 2022: https://pubchem.ncbi.nlm.nih.gov/

National Protection and Programs Directorate, U.S. Department of Homeland Security, “Ammonium Nitrate Security Program,” Federal Register, Vol. 76, No. 149, August 3, 2011, pp. 46907–46957. As of June 3, 2022: https://www.federalregister.gov/documents/2011/08/03/2011-19313/ammonium-nitrate-security-program

National Response Center, U.S. Coast Guard, homepage, undated. As of December 27, 2021: https://nrc.uscg.mil

NFPA—See National Fire Protection Association.

Nichols, J. F., and G. Doyle, “Current Engineering Models and Capabilities in the Vulnerability Assessment and Protection (VAPO) Software,” paper presented at Structures Congress 2014, Boston, Mass., April 3–5, 2014.

NIH—See National Institutes of Health.

NIOSH—See National Institute for Occupational Safety and Health.

NRC—See National Response Center.

Oak Ridge National Laboratory, “LandScan Datasets,” webpage, undated.

Office of Management and Budget, “Regulatory Analysis,” Washington, D.C., Circular A-4, September 17, 2003. As of June 3, 2022: https://www.whitehouse.gov/omb/information-for-agencies/circulars/

Office of Response and Restoration, National Ocean Service, National Oceanic and Atmospheric Administration, “CAMEO Chemicals: Database of Hazardous Materials,” webpage, undated. As of March 11, 2022: https://cameochemicals.noaa.gov/

Office of Standards Evaluation and Development, Standards Evaluation and Analysis Division, U.S. Coast Guard, U.S. Department of Homeland Security, Transportation Worker Identification Credential (TWIC)— Reader Requirements: Notice of Proposed Rulemaking—Preliminary Regulatory Analysis and Initial Regulatory Flexibility Analysis, Washington, D.C., USCG-2007-28915, February 2013. As of April 7, 2022: https://www.regulations.gov/document/USCG-2007-28915-0120

———, Transportation Worker Identification Credential (TWIC)—Reader Requirements: Final Rule—Regulatory Analysis and Final Regulatory Flexibility Analysis, Washington, D.C., USCG-2007-28915, November 2015. As of March 23, 2022: https://www.regulations.gov/document/USCG-2007-28915-0231

OMB—See Office of Management and Budget.

OMB Circular A-4—See Office of Management and Budget, 2003.

ORNL—See Oak Ridge National Laboratory.

Paperwork Reduction Act—See Public Law 96-511, 1980.

Pipeline and Hazardous Materials Safety Administration, U.S. Department of Transportation, Transport Canada, and Secretaría de Infraestructura, Comunicaciones y Transportes, 2020 Emergency Response Guidebook, 2020. As of June 3, 2022: https://www.phmsa.dot.gov/hazmat/erg/erg2020-english

Proposed rule (2009)—See U.S. Coast Guard, 2009.

Proposed rule (2013)—See U.S. Coast Guard, 2013.

Public Law 96-511, Paperwork Reduction Act of 1980, December 11, 1980. As of June 7, 2022: https://www.govinfo.gov/content/pkg/STATUTE-94/pdf/STATUTE-94-Pg2812.pdf

Public Law 101-549, Clean Air Act Amendments, November 15, 1990. As of March 23, 2022: https://www.govinfo.gov/content/pkg/STATUTE-104/pdf/STATUTE-104-Pg2399.pdf

Public Law 106-40, Chemical Safety Information, Site Security and Fuels Regulatory Relief Act, August 5, 1999. As of June 7, 2022: https://www.govinfo.gov/app/details/PLAW-106publ40

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

152

Public Law 107-71, Aviation and Transportation Security Act, November 19, 2001. As of April 7, 2022: https://www.govinfo.gov/app/details/PLAW-107publ71

Public Law 107-295, Maritime Transportation Security Act of 2002, November 25, 2002. As of April 7, 2022: https://www.govinfo.gov/app/details/PLAW-107publ295

Public Law 107-296, Homeland Security Act of 2002, November 25, 2002. As of May 12, 2019: https://www.govinfo.gov/app/details/PLAW-107publ296

Public Law 109-347, Security and Accountability for Every Port Act of 2006, October 13, 2006. As of April 7, 2022: https://www.govinfo.gov/app/details/PLAW-109publ347

Putnam, John, acting general counsel, and Christopher Coes, acting Assistant Secretary for Transportation Policy, U.S. Department of Transportation, “Guidance on the Treatment of the Economic Value of a Statistical Life (VSL) in U.S. Department of Transportation Analyses—2021 Update,” memorandum to secretarial officers and modal administrators, c. March 2021. As of March 1, 2022: https://www.transportation.gov/office-policy/transportation-policy/ revised-departmental-guidance-on-valuation-of-a-statistical-life-in-economic-analysis

Reader rule delay—See U.S. Coast Guard, 2020a.

SAFE Port Act of 2006—See Public Law 109-347, 2006.

Security and Accountability for Every Port Act of 2006—See Public Law 109-347, 2006.

Stevens, S. S., “On the Theory of Scales of Measurement,” Science, Vol. 103, No. 2684, June 7, 1946, pp. 677–680. As of May 16, 2022: https://www.science.org/doi/10.1126/science.103.2684.677

Sunstein, Cass R., “The Limits of Quantification,” California Law Review, Vol. 102, No. 6, December 2014, pp. 1369–1421. As of May 16, 2022: https://www.californialawreview.org/print/1the-limits-of-quantification/

Sykes, R. Ian, Stephen F. Parker, Douglas S. Henn, and Biswanath Chowdhury, SCIPUFF Version 3.0 Technical Documentation, Princeton, N.J.: Sage Management, February 2016.

Taxell, Piia, Kerstin Engström, Juha Tuovila, Martin Söderström, Harri Kiljunen, Paula Vanninen, and Tiina Santonen, “Methodology for National Risk Analysis and Prioritization of Toxic Industrial Chemicals,” Journal of Toxicology and Environmental Health, Part A, Vol. 76, 2013, pp. 690–700.

Transportation Security Administration, U.S. Coast Guard, U.S. Department of Homeland Security, “TWIC®,” webpage, undated. As of March 9, 2022: https://www.tsa.gov/for-industry/twic

———, “Transportation Worker Identification Credential (TWIC) Implementation in the Maritime Sector; Hazardous Materials Endorsement for a Commercial Driver’s License,” Federal Register, Vol. 72, No. 16, January 25, 2007, pp. 3491–3604. As of June 3, 2022: https://www.federalregister.gov/documents/2007/01/25/07-19/ transportation-worker-identification-credential-twic-implementation-in-the-maritime-sector-hazardous

———, Economic Analysis Branch, Aircraft Repair Station Security: Regulatory Impact Analysis, Final Regulatory Flexibility Analysis, Paperwork Reduction Act, International Trade Impact Assessment, and Unfunded Mandates Assessment—Final Rule, December 6, 2013. As of June 3, 2022: https://www.regulations.gov/document/TSA-2004-17131-0228

TSA—See Transportation Security Administration.

USCG—See U.S. Coast Guard.

U.S. Bureau of Labor Statistics, Occupational Employment and Wage Statistics, “May 2020 National Industry- Specific Occupational Employment and Wage Estimates: NAICS 483000—Water Transportation,” webpage, last modified March 31, 2021a. As of June 3, 2022: https://www.bls.gov/oes/2020/may/naics3_483000.htm

———, “Table 2. Civilian Workers by Occupational and Industry Group,” news release, December 2021b. As of March 9, 2022: https://www.bls.gov/news.release/ecec.t02.htm

References

153

U.S. Coast Guard, U.S. Department of Homeland Security, “U.S. Coast Guard Maritime Security (MARSEC) Levels,” webpage, undated. As of June 12, 2022: https://www.uscg.mil/what-is-marsec/

———, U.S. Department of Transportation, CHRIS (Chemical Hazard Response Information System) Manual, Commandant Instruction M16465.12C, January 1, 1999. As of June 3, 2022: https://www.hsdl.org/?abstract&did=24079

———, U.S. Department of Homeland Security, Independent Verification and Validation of Development of Transportation Worker Identification Credentials Reader Requirements, Washington, D.C., USCG-2007-28915- 0008, October 21, 2008. As of March 23, 2022: https://www.regulations.gov/document/USCG-2007-28915-0008

———, U.S. Department of Homeland Security, “Transportation Worker Identification Credential (TWIC)— Reader Requirements,” Federal Register, Vol. 74, No. 58, March 27, 2009, pp. 13360–13370. As of June 3, 2022: https://www.federalregister.gov/documents/2009/03/27/E9-6852/ transportation-worker-identification-credential-twic-reader-requirements

———, U.S. Department of Homeland Security, “Transportation Worker Identification Credential (TWIC)— Reader Requirements,” Federal Register, Vol. 78, No. 56, March 22, 2013, pp. 17781–17833. As of June 3, 2022: https://www.federalregister.gov/documents/2013/03/22/2013-06182/ transportation-worker-identification-credential-twic-reader-requirements

———, U.S. Department of Homeland Security, “Transportation Worker Identification Credential (TWIC)— Reader Requirements,” Federal Register, Vol. 81, No. 163, August 23, 2016, pp. 57652–57713. As of June 3, 2022: https://www.federalregister.gov/documents/2016/08/23/2016-19383/ transportation-worker-identification-credential-twic-reader-requirements

———, U.S. Department of Homeland Security, MSRAM 2018 User Manual, 2018a, Not available to the general public.

———, U.S. Department of Homeland Security, “TWIC-Reader Requirements; Delay of Effective Date,” Federal Register, Vol. 83, No. 121, June 22, 2018b, pp. 29067–29081. As of March 23, 2022: https://www.federalregister.gov/documents/2018/06/22/2018-13345/ twic-reader-requirements-delay-of-effective-date

———, U.S. Department of Homeland Security, “TWIC-Reader Requirements; Delay of Effective Date,” Federal Register, Vol. 85, No. 46, March 9, 2020, pp. 13493–13517. As of March 23, 2022: https://www.federalregister.gov/documents/2020/03/09/2019-24343/ twic-reader-requirements-delay-of-effective-date

U.S. Code, Title 5, Government Organization and Employees; Part I, The Agencies Generally; Chapter 5, Administrative Procedure; Subchapter II, Administrative Procedure; Section 552, Public Information; Agency Rules, Opinions, Orders, Records, and Proceedings. As of June 7, 2022: https://uscode.house.gov/view.xhtml?req=granuleid:USC-prelim-title5-section552&num=0&edition=prelim

———, Title 6, Domestic Security; Chapter 1, Homeland Security Organization; Subchapter III, Science and Technology in Support of Homeland Security; Section 185, Federally Funded Research and Development Centers. As of March 20, 2021: https://uscode.house.gov/view.xhtml?req=(title:6%20section:185%20edition:prelim)

———, Title 33, Navigation and Navigable Waters; Chapter 33, Prevention of Pollution from Ships; Section 1905, Pollution Reception Facilities. As of June 3, 2022: https://uscode.house.gov/view.xhtml?req=granuleid:USC-prelim-title33-section1905&num=0&edition=prelim

U.S. Customs and Border Protection, U.S. Department of Homeland Security, “Importer Security Filing and Additional Carrier Requirements,” Federal Register, Vol. 73, No. 228, November 25, 2008, pp. 71729–71785. As of June 3, 2022: https://www.federalregister.gov/documents/2008/11/25/E8-27048/ importer-security-filing-and-additional-carrier-requirements

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

154

U.S. Customs and Border Protection, U.S. Department of Homeland Security, and Bureau of Consular Affairs, U.S. Department of State, “Documents Required for Travelers Departing from or Arriving in the United States at Sea and Land Ports-of-Entry from Within the Western Hemisphere,” Federal Register, Vol. 73, No. 65, April 3, 2008, pp. 18384–18420. As of June 3, 2022: https://www.federalregister.gov/documents/2008/04/03/E8-6725/ documents-required-for-travelers-departing-from-or-arriving-in-the-united-states-at-sea-and-land

———, “Air Cargo Advance Screening (ACAS),” Federal Register, Vol. 83, No. 113, June 12, 2018, pp. 27380– 27407. As of June 3, 2022: https://www.federalregister.gov/documents/2018/06/12/2018-12315/air-cargo-advance-screening-acas

U.S. Department of Defense, Unified Facilities Criteria (UFC): Structures to Resist the Effects of Accidental Explosions, Washington, D.C., UFC-3-340-02, December 5, 2008, change 2, September 1, 2014. As of June 3, 2022: https://www.wbdg.org/ffc/dod/unified-facilities-criteria-ufc/ufc-3-340-02

U.S. Department of Homeland Security, “CONUS Day,” Homeland Infrastructure Foundation-Level Data, information and data updated December 12, 2021. As of June 12, 2022: https://hifld-geoplatform.opendata.arcgis.com/datasets/conus-day/about

———, “CONUS Night,” Homeland Infrastructure Foundation-Level Data, information and data updated January 6, 2022a. As of June 12, 2022: https://hifld-geoplatform.opendata.arcgis.com/datasets/conus-night-1/about

———, “Alaska Day,” Homeland Infrastructure Foundation-Level Data, information and data updated February 11, 2022b. As of June 12, 2022: https://hifld-geoplatform.opendata.arcgis.com/datasets/alaska-day/about

———, “Alaska Night,” Homeland Infrastructure Foundation-Level Data, information and data updated February 11, 2022c. As of June 12, 2022: https://hifld-geoplatform.opendata.arcgis.com/datasets/alaska-night/about

———, “American Samoa Day,” Homeland Infrastructure Foundation-Level Data, information and data updated February 11, 2022d. As of June 12, 2022: https://hifld-geoplatform.opendata.arcgis.com/datasets/american-samoa-day/about

———, “American Samoa Night,” Homeland Infrastructure Foundation-Level Data, information and data updated February 11, 2022e. As of June 12, 2022: https://hifld-geoplatform.opendata.arcgis.com/datasets/american-samoa-night/about

———, “Guam Day,” Homeland Infrastructure Foundation-Level Data, information and data updated February 11, 2022f. As of June 12, 2022: https://hifld-geoplatform.opendata.arcgis.com/datasets/guam-day/about

———, “Guam Night,” Homeland Infrastructure Foundation-Level Data, information and data updated February 11, 2022g. As of June 12, 2022: https://hifld-geoplatform.opendata.arcgis.com/datasets/guam-night/about

———, “Hawaii Day,” Homeland Infrastructure Foundation-Level Data, information and data updated February 11, 2022h. As of June 12, 2022: https://hifld-geoplatform.opendata.arcgis.com/datasets/hawaii-day/about

———, “Hawaii Night,” Homeland Infrastructure Foundation-Level Data, information and data updated February 11, 2022i. As of June 12, 2022: https://hifld-geoplatform.opendata.arcgis.com/datasets/hawaii-day/about

———, “Puerto Rico Day,” Homeland Infrastructure Foundation-Level Data, information and data updated February 11, 2022j. As of June 12, 2022: https://hifld-geoplatform.opendata.arcgis.com/datasets/puerto-rico-day/about

———, “Puerto Rico Night,” Homeland Infrastructure Foundation-Level Data, information and data updated February 11, 2022k. As of June 12, 2022: https://hifld-geoplatform.opendata.arcgis.com/datasets/puerto-rico-night/about

References

155

———, “Virgin Islands Day,” Homeland Infrastructure Foundation-Level Data, information and data updated February 11, 2022l. As of June 12, 2022: https://hifld-geoplatform.opendata.arcgis.com/datasets/virgin-islands-day/about

———, “Virgin Islands Night,” Homeland Infrastructure Foundation-Level Data, information and data updated February 11, 2022m. As of June 12, 2022: https://hifld-geoplatform.opendata.arcgis.com/datasets/virgin-islands-night/about

U.S. Environmental Protection Agency, “About Acute Exposure Guideline Levels (AEGLs),” webpage, undated a. As of March 11, 2022: https://www.epa.gov/aegl/about-acute-exposure-guideline-levels-aegls

———, “Accessing RMP Data,” webpage, undated b. As of March 23, 2022: https://www.epa.gov/rmp/accessing-rmp-data

———, “List of Regulated Substances Under the Risk Management Plan (RMP) Program,” webpage, undated c. As of November 30, 2021: https://www.epa.gov/rmp/list-regulated-substances-under-risk-management-plan-rmp-program

———, “National Response Center,” webpage, undated d. As of March 5, 2022: https://www.epa.gov/emergency-response/national-response-center

———, “The FOIA Request Process,” webpage, undated e. As of March 27, 2022: https://www.epa.gov/foia/foia-request-process

———, “TRI-Listed Chemicals,” webpage, undated f. As of March 31, 2022: https://www.epa.gov/toxics-release-inventory-tri-program/tri-listed-chemicals

———, “Chapter 1—General Applicability,” General Risk Management Program Guidance, April 2004. As of March 23, 2022: https://www.epa.gov/rmp/general-rmp-guidance-chapter-1-general-applicability

———, Risk Management Program Guidance for Offsite Consequence Analysis, March 2009. As of March 4, 2022: https://www.epa.gov/rmp/rmp-guidance-offsite-consequence-analysis

———, “Toxic Chemical Release Inventory Reporting Forms and Instructions Revised 2021 Version,” webpage, c. 2021. As of March 23, 2022: https://ordspub.epa.gov/ords/guideme_ext/f?p=GUIDEME:RFI::::RP:rfi:rfi

———, “TRI Data and Tools,” webpage, last updated May 25, 2022. As of March 23, 2022: https://www.epa.gov/toxics-release-inventory-tri-program/tri-data-and-tools

U.S. Government Accountability Office, Port Security: Better Planning Needed to Develop and Operate Maritime Worker Identification Card Program, Washington, D.C., GAO-05-106, December 10, 2004. As of April 7, 2022: https://www.gao.gov/products/gao-05-106

———, Chemical Security: Overlapping Programs Could Better Collaborate to Share Information and Identify Potential Security Gaps, Washington, D.C., GAO-21-12, January 21, 2021. As of May 16, 2022: https://www.gao.gov/products/gao-21-12

U.S. House of Representatives, 107th Congress, Aviation and Transportation Security Act, H. Rept. 107-296, November 16, 2001. As of June 3, 2022: https://www.congress.gov/congressional-report/107th-congress/house-report/296

Walls, Michael P., David N. Friedman, and Peter Lidiak, Petition for Rulemaking Regarding the Final Rule Entitled “Transportation Worker Identification Credential (TWIC)—Reader Requirements,” 81 Fed. Reg. 57652, August 23, 2016, petition before the U.S. Coast Guard, U.S. Department of Homeland Security, May 15, 2017. As of March 23, 2022: https://www.regulations.gov/document/USCG-2017-0447-0001

Williams, Heather J., Kristin Van Abel, David Metz, James V. Marrone, Edward W. Chan, Katherine Costello, Ryan Bauer, Devon Hill, Simon Veronneau, Joseph C. Chang, Ian Mitch, Joshua Lawrence Traub, Sarah Soliman, Zachary Haldeman, Kelly Klima, and Douglas C. Ligor, The Risk-Mitigation Value of the Transportation Worker Identification Credential: A Comprehensive Security Assessment of the TWIC Program, Homeland Security Operational Analysis Center operated by the RAND Corporation, RR-3096-DHS, 2020. As of March 7, 2022: https://www.rand.org/pubs/research_reports/RR3096.html

Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements

156

Willis, Henry H., Andrew R. Morral, Terrence K. Kelly, and Jamison Jo Medby, Estimating Terrorism Risk, Santa Monica, Calif.: RAND Corporation, MG-388-RC, 2005. As of March 7, 2022: https://www.rand.org/pubs/monographs/MG388.html

Willis, Henry H., and Tom LaTourrette, “Using Probabilistic Terrorism Risk Modeling for Regulatory Benefit– Cost Analysis: Application to the Western Hemisphere Travel Initiative in the Land Environment,” Risk Analysis, Vol. 28, No. 2, April 2008, pp. 325–339.

Cover image: Art Wager/Getty Images RR-A1687-1

A 2016 U.S. Coast Guard (USCG) regulation, “Transpor tation Worker Identif ication

Credential (TWIC)–Reader Requirements,” requires cer tain maritime facilities

determined to be of high risk to use electronic and biometric access control

programs in the facilities’ secure areas. The final version of this rule, known as

the final reader rule, has been delayed (from 2020) until May 8, 2023, for three

categories of facilities that handle cer tain dangerous cargoes (CDCs) in bulk. The USCG

asked the Homeland Security Operational Analysis Center to reestimate the population of such

regulated facilities that could be subject to the final reader rule delay, develop an objective risk

assessment model for these facilities, and conduct a cost–benefit analysis of the regulation.

This report describes researchers’ analytical efforts to address these three research areas.

Because there is no database of Maritime Transpor tation Security Act–regulated facilities that

has all the requisite information about CDCs that facilities handle in bulk, the researchers

resor ted to other data sources, such as the U.S. Environmental Protection Agency’s databases,

an online survey, and interviews, to estimate the facility population. For the facility risk

model, they used the modeling approach for assessing potential consequence included in

the risk engine of the Cybersecurity and Infrastructure Security Agency’s Chemical Facility

Anti-Terrorism Standards (CFATS) program, harmonizing the TWIC and CFATS programs in

consequence assessment. Because there was no credible estimate for the probability of a

transpor tation security incident, the researchers used a break-even analysis to assess whether

the final reader rule is cost-ef fective.

$49.95

7 8 1 9 7 7 4 0 9 8 2 9

ISBN-13 9781977409829 ISBN-10 197740982-2

54995