[Senate Report 113-263]
[From the U.S. Government Publishing Office]
113th Congress } { Report
2nd Session } SENATE { 113-263
_______________________________________________________________________
Calendar No. 578
CHEMICAL FACILITIES ANTI-TERRORISM
STANDARDS PROGRAM AUTHORIZATION AND ACCOUNTABILITY ACT OF 2014
__________
R E P O R T
of the
COMMITTEE ON HOMELAND SECURITY AND
GOVERNMENTAL AFFAIRS
UNITED STATES SENATE
to accompany
H.R. 4007
TO RECODIFY AND REAUTHORIZE THE CHEMICAL FACILITY ANTI-TERRORISM
STANDARDS PROGRAM
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
September 18, 2014.--Ordered to be printed
COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
THOMAS R. CARPER, Delaware, Chairman
CARL LEVIN, Michigan TOM COBURN, Oklahoma
MARK L. PRYOR, Arkansas JOHN McCAIN, Arizona
MARY L. LANDRIEU, Louisiana RON JOHNSON, Wisconsin
CLAIRE McCASKILL, Missouri ROB PORTMAN, Ohio
JON TESTER, Montana RAND PAUL, Kentucky
MARK BEGICH, Alaska MICHAEL B. ENZI, Wyoming
TAMMY BALDWIN, Wisconsin KELLY AYOTTE, New Hampshire
HEIDI HEITKAMP, North Dakota
Gabrielle A. Batkin, Staff Director
John P. Kilvington, Deputy Staff Director
Mary Beth Schultz, Chief Counsel
John G. Collins, Senior Professional Staff Member
Jason M. Yanussi, Senior Professional Staff Member
Abigail A. Shenkle, Legislative Aide
Keith B. Ashdown, Minority Staff Director
Christopher J. Barkley, Minority Deputy Staff Director
Andrew C. Dockham, Minority Chief Counsel
William H.W. McKenna, Minority Investigative Counsel
Laura W. Kilbride, Chief Clerk
Calendar No. 578
113th Congress } { Report
2d Session } SENATE { 113-263
=======================================================================
CHEMICAL FACILITIES ANTI-TERRORISM STANDARDS PROGRAM AUTHORIZATION AND
ACCOUNTABILITY ACT OF 2014
_______
September 18, 2014.--Ordered to be printed
_______
Mr. Carper, from the Committee on Homeland Security and Governmental
Affairs, submitted the following
R E P O R T
[To accompany H.R. 4007]
The Committee on Homeland Security and Governmental
Affairs, to which was referred the bill (H.R. 4007) to recodify
and reauthorize the Chemical Facility Anti-Terrorism Standards
Program, having considered the same, reports favorably thereon
with an amendment in the nature of a substitute and recommends
that the bill, as amended, do pass.
CONTENTS
Page
I. Purpose and Summary..............................................1
II. Background and Need for the Legislation..........................2
III. Legislative History.............................................14
IV. Section-by-Section Analysis of the Bill, as Reported............15
V. Evaluation of Regulatory Impact.................................20
VI. Congressional Budget Office Estimate............................20
VII. Changes in Existing Law Made by the Bill, as Reported...........22
I. Purpose and Summary
H.R. 4007, the Protecting and Securing Chemical Facilities
from Terrorist Attacks Act of 2014, as amended by the
Committee's substitute amendment reauthorizes the Chemical
Facility Anti-Terrorism Standards program (CFATS) of the
Department of Homeland Security. The CFATS program is designed
to help ensure that high-risk chemical facilities are secure
from terrorist attack or sabotage. Facilities that make or use
certain chemicals have been identified as a significant
security concern and one that continues to warrant a dedicated
security program at the federal level. The Committee substitute
reauthorizes the CFATS program for four years, while at the
same time mandating specific changes in response to concerns
raised about that program by both stakeholders and overseers.
Specifically, the bill directs DHS to identify high-risk
facilities through the use of specific risk criteria and
requires DHS to use risk-based performance standards for high-
risk facilities to meet. The facilities, for their part, submit
security plans laying out how they plan to meet the performance
standards, and DHS reviews and approves the plans and then
follows up with in-person inspections of the facilities to
ensure compliance.
II. Background and Need for Legislation
Chemicals are a ubiquitous part of modern life, forming
indispensable parts of a vast number of products from the
mundane to the complex. Thousands of facilities across the
country produce and store chemicals, some of which could pose a
significant threat to human health or safety if released or
misused. Certain chemicals, if released into the water or air,
pose a direct threat to the health or life of those in nearby
communities. Other chemicals can explode if abused or
mishandled posing a significant threat to the surrounding
communities or, if the chemicals are stolen and smuggled, to
other communities as well. Chemical facilities--places that
produce, store or use significant quantities of certain
chemicals--therefore offer attractive targets for terrorists
because of the large scale damage and loss of life that can
occur through a direct attack on a facility or the
misappropriation of the chemicals they produce or store. While
many of these chemicals are already regulated under various
environmental or worker safety statutes, those regulations
typically focus on the possibility of an accidental release or
misuse rather than a deliberate effort to exploit the chemicals
to inflict harm.
To protect against this security risk, in the fall of 2006,
Congress authorized the Department of Homeland Security (DHS)
to determine which chemical facilities present a high level of
security risk, establish risk-based performance standards for
securing those high-risk facilities, and enforce regulations
designed to ensure facilities posing the highest risk are
meeting those standards.\1\ In response, DHS established the
Chemical Facility Anti-Terrorism Standards (CFATS) program. The
statute establishing the CFATS program included a three-year
sunset for DHS's authority, creating initial authority for the
program but ensuring that the effectiveness of the approach
outlined in the bill could be evaluated, and other measures
considered, relatively soon after the program's inception.\2\
Since then, Congress has passed several short-term extensions,
only once making a change to the CFATS program despite
Congress' desire to monitor implementation of the program
closely.\3\ With the Department's current authority set to
expire on October 4, 2014, the Committee voted to extend the
chemical security program with a longer-term authorization
while also addressing identified weaknesses in the program.
---------------------------------------------------------------------------
\1\See P.L. 109-295, Department of Homeland Security Appropriations
Act of 2007, Sec. 550.
\2\See 152 Cong. Rec. S10351 (September 28, 2006) (Statement of
Senator Collins), at http://www.gpo.gov/fdsys/pkg/CREC-2006-09-28/pdf/
CREC-2006-09-28.pdf.
\3\Sec. 534(h) of P.L. 110-161, the Department of Homeland Security
Appropriations Act of 2008, which allowed states and political
subdivisions thereof to adopt laws regulating chemical facilities, as
long as they were at least as stringent as CFATS. Since this change
amended the authorizing language for the program, it was carried
forward in subsequent short-term extensions of the program.
---------------------------------------------------------------------------
The original 2006 authorization--which has been extended
repeatedly on various appropriations bills or spending
resolutions--directed DHS to develop a security program for
high-risk chemical facilities that would rely on performance
standards rather than specific, prescriptive measures. It also
exempted certain facilities already subject to other regulatory
regimes aimed at ensuring the security of their facilities,
such as facilities owned or operated by the Departments of
Defense or Energy, facilities already regulated under the
Maritime Transportation Security Act of 2002 or by the Nuclear
Regulatory Commission, and water and wastewater treatment
facilities.
DHS developed the core features of the CFATS program in
interim regulations issued in spring 2007. To determine which
facilities face regulation under the program, DHS developed a
list of 322 ``chemicals of interest.'' All non-exempt
facilities possessing any of the 322 ``chemicals of interest''
beyond specified threshold amounts must fill out a
questionnaire known as a ``Top-Screen.'' DHS uses the completed
Top-Screens to determine whether a facility poses a high
security risk such that it should be covered by the risk-based
performance standards. If DHS finds the facility to be ``high-
risk,'' the facility is covered by CFATS and must submit and
comply with a security plan that meets the risk-based
performance standards; those not determined to be high-risk
face no further regulatory obligations under CFATS. DHS then
assigns high-risk facilities to one of four risk-based tiers,
with progressively stricter requirements for those in the
highest risk tiers. Tier 1 facilities are the highest risk
facilities; Tier 4 includes the lowest group of high-risk
facilities.
As of August 1, 2014, more than 48,000 facilities with
chemicals of interest had submitted Top-Screens to DHS. From
those submissions, DHS categorized approximately 3,986
facilities as high-risk, triggering some level of regulation
under CFATS.\4\ As of April 2014,\5\ 121 facilities had been
preliminarily assigned\6\ to Tier 1; 382 had been assigned to
Tier 2; 1,088 had been assigned to Tier 3; and 2,542 had been
assigned to Tier 4.\7\
---------------------------------------------------------------------------
\4\See Department of Homeland Security, CFATS Update August 2014 at
http://www.dhs.gov/sites/default/files/publications/
CFATS%20FS_August2014.pdf.
\5\The number of chemical facilities covered under the program is
variously quoted in this report as between 3,986 and 4,100. This
fluctuation is due to the fact that chemical facilities can reduce or
remove their holdings of chemicals in order to tier out of the program,
so the number of covered facilities is dynamic based on facilities'
decision to ``tier out'' of the program. See ``Charting a Path Forward
for the Chemical Facilities Anti-Terrorism Standards Program,'' hearing
before the Senate Committee on Homeland Security and Governmental
Affairs, 113th Cong. 3 (May 14, 2014) (Written testimony of Suzanne
Spaulding, Under Secretary, and Director David Wulf, National
Protection and Programs Directorate, Department of Homeland Security).
\6\These figures refer to preliminary tier assignments from the
Department based on facility submission of a Top-Screen. Final tier
assignment occurs after facilities submit Security Vulnerability
Assessments; the Department then reviews these assessments to identify
which facilities should be assigned to a high-risk tier under CFATS.
\7\``Charting a Path Forward for the Chemical Facilities Anti-
Terrorism Standards Program,'' hearing before the Senate Committee on
Homeland Security and Governmental Affairs, 113th Cong. 3 (May 14,
2014) (Written testimony of Suzanne Spaulding, Under Secretary, and
Director David Wulf, National Protection and Programs Directorate,
Department of Homeland Security).
---------------------------------------------------------------------------
Facilities deemed high-risk by the Department generally
must develop an effective security plan, submit the plan to DHS
for review, and implement their security plan. The security
standards required under the CFATS program are performance
based, rather than prescriptive. This means that the Department
does not prescribe specific measures that must be taken by all
facilities; instead, the manner in which a facility chooses to
address its security vulnerabilities, although subject to
approval by the Secretary, is developed by the facility
owner.\8\
---------------------------------------------------------------------------
\8\``A performance standard specifies the outcome required, but
leaves the specific measures to achieve that outcome up to the
discretion of the regulated entity. In contrast to a design standard or
a technology-based standard that specifies exactly how to achieve
compliance, a performance standard sets a goal and lets each regulated
entity decide how to meet it.'' See Department of Homeland Security,
Risk-Based Performance Standards Guidelines, Chemical Facility Anti-
Terrorism Standards, May 2009 at http://www.dhs.gov/xlibrary/assets/
chemsec_cfats_riskbased_performance_standards.pdf, quoting Cary
Coglianese et al., Performance-Based Regulation: Prospects and
Limitations in Health, Safety, and Environmental Protection, 55 Admin.
L. Rev. 705, 706-07 (2003).
---------------------------------------------------------------------------
For example, facilities need to secure some chemicals from
theft or diversion. They can do this through various inventory
controls or physical measures (for example walls or locked
doors). It is worth noting that facilities that receive an
initial high-risk determination can resubmit their information
and ``tier out''--remove themselves from further regulation--if
they adjust their operations in a way that removes them from
the high-risk category. According to DHS officials, to date
over 3,000 facilities possessing chemicals of interest have
``voluntarily removed, reduced, or modified their holdings of
chemicals of interest.''\9\
---------------------------------------------------------------------------
\9\See Department of Homeland Security, CFATS Update August 2014 at
http://www.dhs.gov/sites/default/files/publications/
CFATS%20FS_August2014.pdf.
---------------------------------------------------------------------------
Under current procedures, following assignment of a final
risk tier by the Department, but prior to approving a facility,
DHS conducts an authorization inspection of the facility. An
authorization inspection consists of an initial, physical
review of the facility to determine if the Top-Screen, security
vulnerability assessment, and facility security plan accurately
represent and address the risks for the facility. Because the
program requires performance-based standards to mitigate risk,
facilities and the Department frequently discuss planned or
alternative mitigation measures before a plan is approved.
While this helps ensure facilities use both effective and cost-
effective measures, it can and frequently has delayed progress
within the program. Once the Department approves the covered
facility's security plan, the facility may begin implementing
the plan. The Department maintains the authority to conduct
subsequent compliance inspections to ensure facilities continue
to meet the requirements of the security plan and the program.
The implementation of the CFATS program has improved
security of chemical facilities and the safety and security of
communities located near the chemical facilities by throwing a
spotlight on security, though the Committee acknowledges
management challenges in the program have limited its
effectiveness. Under the program, chemical facilities have
systematically assessed security risks and invested in measures
to mitigate those risks. This has led many companies to take
measures to reduce risk in order to ``tier out'' of the
program. Again, since the program's inception, 3,000 facilities
have reduced risk at their facilities enough to ``tier out'' of
the program, either by reducing, eliminating, or modifying
their stores of chemicals.\10\ The fact that 3,000 facilities
have tiered out is significant given that only 4,000 facilities
are assigned to a risk tier under the program.\11\ Other
chemical facilities have begun to install security measures as
part of or in anticipation of security reviews by DHS under the
program. The CFATS requirements work to level the playing field
to allow companies to invest in security measures without
facing a competitive disadvantage. Just as importantly, through
the program the government has received information to allow it
to for the first time develop a roadmap of the facilities in
communities nationwide that pose security risks and warrant
attention. DHS officials have testified that ``interagency
partners have benefited from this information as it has
enhanced law enforcement cooperation with high-risk chemical
facilities.''\12\
---------------------------------------------------------------------------
\10\``Charting a Path Forward for the Chemical Facilities Anti-
Terrorism Standards Program,'' hearing before the Senate Committee on
Homeland Security and Governmental Affairs, 113th Cong. 2 (May 14,
2014) (Written testimony of Suzanne Spaulding, Under Secretary, and
Director David Wulf, National Protection and Programs Directorate,
Department of Homeland Security).
\11\See Department of Homeland Security, CFATS Update August 2014
at http://www.dhs.gov/sites/default/files/publications/
CFATS%20FS_August2014.pdf.
\12\``Charting a Path Forward for the Chemical Facilities Anti-
Terrorism Standards Program,'' hearing before the Senate Committee on
Homeland Security and Governmental Affairs, 113th Cong. 1 (May 14,
2014) (Written testimony of Suzanne Spaulding, Under Secretary, and
Director David Wulf, National Protection and Programs Directorate,
Department of Homeland Security).
---------------------------------------------------------------------------
Yet the program has not been without its shortcomings. It
has suffered for lack of a long-term authorization that would
allow administrators to engage in meaningful and efficient
programmatic planning, and require industry to invest in
security measures.
Just as importantly, internal and external reviews have
revealed problems with the design, implementation, and
administration of the CFATS program.\13\ These include human
capital issues,\14\ a considerable backlog of facility security
plan reviews and compliance inspections,\15\ and a flawed risk
assessment methodology.\16\ In 2011, an internal management
memorandum detailed significant mismanagement in the program,
including buying unneeded equipment and vehicles and hiring
ill-qualified workers. The memo also raised serious questions
about whether facilities were being tiered correctly.\17\ An
April 2013 GAO report looked at DHS's implementation of the
program from roughly 2011 to 2013.\18\ The report raised
several concerns with the program, most importantly that there
was a need for DHS to improve its process of assessing the risk
posed by a facility by including economic consequence among the
risk factors, and that DHS was behind in reviewing site
security plans and inspecting facilities to verify compliance.
Following an explosion at a facility in West, Texas in 2013
that never complied with its obligation to submit a Top-Screen
despite having two chemicals of interest on site over the
regulatory thresholds, GAO also recommended that DHS focus on
finding and subjecting to regulation other facilities that had
thus far ignored the mandate to report their existence to
DHS.\19\
---------------------------------------------------------------------------
\13\E.g., Sen. Tom Coburn, Ranking Member, Homeland Security &
Government Affairs Committee, Chemical Insecurity: An Assessment of
Efforts to Secure the Nation's Chemical Facilities from Terrorist
Threats (2014), at http://www.coburn.senate.gov/public/index.cfm/2014/
7/federal-chemical-security-program-in-shambles-new-report-says.
\14\See Government Accountability Office (GAO), DHS is Taking
Action to Better Manage Its Chemical Security Program, but It Is Too
Early to Assess Results, (GAO-12-515T), July 26, 2012, at 9.
\15\See Department of Homeland Security Office of the Inspector
General (DHS OIG), Effectiveness of the Infrastructure Security
Compliance Division's Management Practices to Implement the Chemical
Facility Anti-Terrorism Standards Program, (Report Number OIG-13-55),
March 2013 at 17, 19-20, and 22; and Government Accountability Office
(GAO), Critical Infrastructure Protection: DHS Efforts to Assess
Chemical Security Risk and Gather Feedback on Facility Outreach Can Be
Strengthened, (GAO-13-353), April 2013 at 18.
\16\Id at 9-15.
\17\Memorandum from Penny Anderson, Director, Infrastructure
Security Compliance Division, Office of lnfrastructure Protection and
David WuIf, Deputy Director to NPPD Undersecretary, Rand Beers:
``Challenges Facing ISCD, and the Path Forward.'' November 10, 2011.
\18\See Government Accountability Office (GAO), Critical
Infrastructure Protection: DHS Efforts to Assess Chemical Security Risk
and Gather Feedback on Facility Outreach Can Be Strengthened, (GAO-13-
353), April 2013 at 4.
\19\Id.
---------------------------------------------------------------------------
Since the 2011 memo, DHS's Infrastructure Security
Compliance Division (ISCD), which manages the CFATS program,
has taken steps to address some of these concerns. Among other
things, DHS officials improved policies and training to ensure
that inspections are conducted in a consistent and thorough
fashion; implemented an improved, streamlined Site Security
Plan (SSP) review process, which has enhanced ISCD's ability to
authorize and, as appropriate, approve security plans; and
conducted an extensive three-part review of CFATS's risk
assessment methodology, including a peer review, which is now
being partially implemented.
This legislation is designed to address the challenges that
have been identified, codify the improvements DHS has already
begun making, and authorize additional steps DHS should take to
make the program more effective.
HIGHLIGHTS OF H.R. 4007, AS AMENDED BY THE COMMITTEE
H.R. 4007, as amended by the Committee's substitute
amendment, reauthorizes the Department's CFATS program for a
period of four years, providing much-needed programmatic
stability and certainty for both the Department and regulated
facilities. It achieves this by codifying reforms,
strengthening management practices and whistleblower
protections, simplifying facility reporting and information
sharing practices, and authorizing a new expedited approval
program for lower high-risk facilities to help reduce the
backlog of unapproved facility security plans. Specifically,
the substitute amendment to H.R. 4007\20\ would:
---------------------------------------------------------------------------
\20\The legislation referred to in the body of this section is the
Carper-Coburn substitute amendment to H.R. 4007 as reported by the
Committee. The main differences between H.R. 4007 as reported by this
Committee and the legislation by the same name passed in the House
include strengthened whistleblower protections, the establishment of an
expedited approval program, changes to the Personnel Surety Program,
and a four-year authorization. For a full description of the underlying
bill, see H.R., Rep. No. 113-491, Pt. 1 (2014).
---------------------------------------------------------------------------
1. Authorize the program for a period of four years (the
House-reported version of H.R. 4007 authorized the program for
three years).
2. Permit the submission of simplified facility security
plans through an alternative security program to facilitate
compliance for small businesses and reduce the backlog of plan
approvals at the Department.
3. Create an expedited approval program to enable
facilities in the third and fourth risk tiers to implement
security plans more quickly, without compromising the
Department's ability to ensure they meet the program's security
standards.
4. Streamline the requirement for facilities to seek
background checks on those with access to the facilities by
allowing facilities to meet the requirement in more than just
one way.
5. Direct the Secretary to develop an implementation plan
for outreach to chemical facilities with regulated amounts of
chemicals of interest that have not submitted the required Top-
Screen, in order to reduce the number of facilities not
compliant with CFATS.
6. Appropriately strengthen whistleblower protections by
requiring the Secretary to establish a reporting process and
prohibiting retaliation against whistleblowers.
7. Ensure that sensitive security information provided by
chemical facilities is protected and shared with first
responders in a secure and responsible manner.
8. Ensure DHS is regularly reviewing and updating its risk
assessment model.
9. Require DHS to provide Congress key metrics for better
oversight of program performance.
Four-year authorization
The Committee substitute to H.R. 4007 will provide
stability and predictability for both DHS and regulated
facilities by providing a longer-term authorization than the
CFATS program has had before now. Up until now, Congress has
authorized the program via language in Appropriations bills,
limping from year to year and sometimes month to month.\21\ The
four-year authorization will provide industry stakeholders with
the certainty they need to invest in CFATS compliance
measures.\22\ At the Committee hearing in May, a witness
representing Dow Chemical noted that:
\21\See Pub. L. 109-295, title V, Sec. 550, Oct. 4, 2006, 120 Stat.
1388, as amended by Pub. L. 110-161, div. E, title V, Sec. 534, Dec.
26, 2007, 121 Stat. 2075; Pub. L. 111-83, title V, Sec. 550, Oct. 28,
2009, 123 Stat. 2177; Pub. L. 112-10, div. B, title VI, Sec. 1650, Apr.
15, 2011, 125 Stat. 146; Pub. L. 112-74, div. D, title V, Sec. 540,
Dec. 23, 2011, 125 Stat. 976; Pub. L. 113-6, div. D, title V, Sec. 537,
Mar. 26, 2013, 127 Stat. 373; and Pub. L. 113-76, div. F, title V,
Sec. 536, Jan. 17, 2014, 128 Stat. 275.
\22\``Charting a Path Forward for the Chemical Facilities Anti-
Terrorism Standards Program,'' hearing before the Senate Committee on
Homeland Security and Governmental Affairs, 113th Cong. 1 (May 14,
2014) (Written testimony of Suzanne Spaulding, Under Secretary, and
Director David Wulf, National Protection and Programs Directorate,
Department of Homeland Security).
Three years is the minimum to really match up with
the capital planning process for industry. If you tell
me today I have got to go do something, I will get the
money next year and probably finish the project the
year after that . . . Three is good, four is
better.\23\
---------------------------------------------------------------------------
\23\``Charting a Path Forward for the Chemical Facilities Anti-
Terrorism Standards Program,'' hearing before the Senate Committee on
Homeland Security and Governmental Affairs, 113th Cong. (May 14, 2014)
(Testimony of Timothy J. Scott on behalf of Dow Chemical Company and
the American Chemistry Council).
Likewise, representatives from the Department of Homeland
Security have noted that long-term Congressional authorization
is needed in order to cement the Department's enforcement
authorities and eliminate confusion regarding authority for the
program. For example, during the government shutdown in October
2013, Infrastructure Security Compliance Division staff were
furloughed and the CFATS program effectively ceased to exist
because the Department's authority to manage the program also
expired.\24\ DHS officials have noted the importance of a long-
term authorization in order to convey clearly the intent of
Congress, and the Department, to maintain a robust chemical
facility security program--an intent that the series of short-
term extensions simply could not convey.\25\ The Committee
believes that a four-year authorization allows the greatest
programmatic stability, affording the Department the ability to
hire qualified personnel, while requiring chemical facilities
to invest in required security measures.
---------------------------------------------------------------------------
\24\``Charting a Path Forward for the Chemical Facilities Anti-
Terrorism Standards Program,'' hearing before the Senate Committee on
Homeland Security and Governmental Affairs, 113th Cong. (May 14, 2014)
(Testimony of David Wulf, Director, National Protection and Programs
Directorate, Department of Homeland Security).
\25\Id.
---------------------------------------------------------------------------
Director David Wulf, of the Infrastructure Security
Compliance Division of the Department, testified that a longer-
term or permanent authorization would enable the Department to
recruit and retain talent, while continuing efforts to improve
the CFATS program.\26\
---------------------------------------------------------------------------
\26\Id.
---------------------------------------------------------------------------
Finally, a long-term Congressional authorization, coupled
with the additional reporting requirements in this Act, would
allow needed Congressional oversight of the program.
Alternative security programs and creation of an expedited approval
program
The legislation also creates two new, alternative options
for review that will help the Department address the backlog of
unapproved site security plans. The CFATS program has received
over 48,000 Top-Screens and has made progress in program goals,
including assigning tiers to covered chemical facilities and
assisting covered facilities in compliance and improving
security. Some 3,000 facilities have also reduced their
holdings of chemicals of interest such that they are no longer
covered by CFATS.\27\ Nevertheless, the program still faces a
significant backlog of site security plan authorizations and
compliance inspections. In its April 2013 report on CFATS, the
Government Accountability Office estimated that it could take
seven to nine years for the program to eliminate the backlog of
reviewing facilities' site security plans and conducting
compliance inspections.\28\ At a May 2014 hearing, DHS
officials testified that they had devoted more resources and
attention to the issues creating the backlog, had already begun
speeding up reviews, and believed they could get through the
backlog in half the time GAO initially assessed.\29\ However,
even accounting for that progress, sixty-one percent of the
approximately 4,100 facilities covered under the CFATS program
at that time\30\ were awaiting authorization of the site
security plans they submitted to DHS; ninety-nine percent had
yet to undergo a compliance inspection.\31\
---------------------------------------------------------------------------
\27\See Department of Homeland Security, CFATS Update August 2014
at http://www.dhs.gov/sites/default/files/publications/
CFATS%20FS_August2014.pdf.
\28\See Government Accountability Office (GAO), Critical
Infrastructure Protection: DHS Efforts to Assess Chemical Security Risk
and Gather Feedback on Facility Outreach Can Be Strengthened, (GAO-13-
353), April 2013 at 18.
\29\``Charting a Path Forward for the Chemical Facilities Anti-
Terrorism Standards Program,'' hearing before the Senate Committee on
Homeland Security and Governmental Affairs, 113th Cong. (May 14, 2014)
(Testimony of David Wulf, Director, National Protection and Programs
Directorate, Department of Homeland Security).
\30\``Charting a Path Forward for the Chemical Facilities Anti-
Terrorism Standards Program,'' hearing before the Senate Committee on
Homeland Security and Governmental Affairs, 113th Cong. 3 (May 14,
2014) (Written testimony of Suzanne Spaulding, Under Secretary, and
Director David Wulf, National Protection and Programs Directorate,
Department of Homeland Security).
\31\Ibid.
---------------------------------------------------------------------------
While the Committee believes that the Department has made
considerable progress recently in speeding up its review of
site security plans and conducting compliance inspections, it
believes it crucial to expedite these reviews further so that
needed security measures are put in place as soon as
possible.\32\ These facilities and the threats they face can be
complex and securing them in a manner that meets the mandated
performance standards can be time and capital intensive.
Companies do not want to move ahead with changes until they are
certain they know what is required. Thus the backlog in
reviewing applications inhibits facilities from implementing
the investments they want to make to improve security at their
sites, which makes the communities that surround them less
secure.
---------------------------------------------------------------------------
\32\See Department of Homeland Security, CFATS Fact Sheet,
September 2014, http://www.dhs.gov/sites/default/files/publications/
CFATS-FS-September-2014-508.pdf.
---------------------------------------------------------------------------
In response to this problem, the Committee substitute to
H.R. 4007 authorizes two new, optional tracks for covered
facilities to use in submitting security plans. The first, the
alternative security program, allows facilities to implement
security plans developed by industry associations and approved
by DHS. The legislation creating the original authority for
CFATS allowed the Department to approve Alternative Security
Plans (ASPs) that had been ``established by private sector
entities.'' But in 2007 the Department issued an Interim Final
Rule that required that ASPs be approved individually. This
change subverted Congressional intent and largely eliminated
any efficiency the program would have created. The Committee
substitute to H.R. 4007 would restore the program to its
original intent, following the model set by the U.S. Coast
Guard's Maritime Transportation Security Act (MTSA) program.
That program allows approval of ASPs for types of vessels or
facilities carrying certain dangerous chemicals.
Second, it also creates a voluntary expedited approval
program to facilitate compliance for lower-risk companies.
Under that program, which the Committee developed in
consultation with the Department and key stakeholders, DHS
would have the authority to set prescriptive, rather than
performance-based, standards for site security for facilities
assigned to tiers three and four. Facilities electing to
participate in the program would forego the need for an
authorization inspection, but could still be subject to
compliance inspections.
The Committee believes that the expedited approval program
will lessen the potentially disproportionate regulatory burden
that current CFATS regulations impose on smaller chemical
companies, which may lack the compliance infrastructure and
resources of large chemical facilities. It does this by
requiring that the Department establish clear, prescriptive
guidelines these facilities certify they will meet and to which
they will continue to adhere. This obviates the need for an
extensive submission and review process of a facility security
plan, frees DHS resources to focus on the highest risk
facilities, and allows facilities to implement security
measures more quickly. The program still maintains strong
Departmental oversight to ensure facilities are indeed secure.
Under the expedited approval program, the Department may reject
site security plans that are ``facially deficient'' or
obviously insufficient under the guidelines established by the
program. Under the program, the Department also retains the
right to conduct compliance inspections in order to determine
whether facilities have implemented the security measures
outlined in their plans.
The voluntary expedited approval program created under the
bill would require additional work by the Department at the
outset, while it develops prescriptive security measures and
security plan templates. However, it should result in a notable
reduction in the administrative burden on both facilities and
the Department, and help reduce the backlog of site security
plan reviews of lower-risk facilities.
Personnel Surety Program
Consistent with the House bill, the Committee substitute to
H.R. 4007 establishes a functional and efficient Personnel
Surety Program (PSP). As part of regulations promulgated under
the CFATS program\33\ the Department established eighteen
``risk-based performance standards'' (RBPSs) that covered
chemical facilities are required to address. There has long
been disagreement between regulated industry stakeholders and
the Department as to how facilities can satisfy RBPS-12, which
requires covered chemical facilities to take steps to determine
whether persons with access to their facility may have
terrorist ties.\34\
---------------------------------------------------------------------------
\33\6 C.F.R. Part 27.
\34\RBPS-12 provision (iv).
---------------------------------------------------------------------------
Specifically at issue has been the RBPS-12 provision (iv),
which requires facilities to establish ``measures designed to
identify persons with terrorist ties.'' DHS has issued an
interim rule that would establish a Personnel Surety Program
(PSP) that would require facilities (or other entities acting
on a facility's behalf) to submit information on individuals
with access to a covered chemical facility through a DHS
created and managed web portal at least 48 hours prior to such
a person's initial access to the facility.\35\ The Department
stated that this would allow facilities to submit information
regarding covered individuals for DHS to check whether those
individuals are on the FBI Terrorist Screening Database
(TSDB).\36\ The concern raised by regulated entities with
regards to the Department's proposal centers on the fact that a
number of other security screening programs of the Federal
Government, including the Transportation Security
Administration's Transportation Worker Identification
Credential (TWIC),\37\ already check individuals against the
TSDB. However, the Department stated in its proposal that it
would not accept the TWIC or other, similar credentials in lieu
of a submission through the DHS PSP website as described above,
unless the credential could be electronically verified. Since
many individuals who access chemical facilities are already
required to maintain a TWIC or other credential, regulated
stakeholders argue that DHS's requirement is unnecessary and
duplicative. For its part, the Department argues that repeat
vetting directly before accessing a facility is necessary to
truly determine if the individual may pose a threat.
---------------------------------------------------------------------------
\35\79 F.R. 6417.
\36\While the legislation still includes requirements for vetting
personnel at covered chemical facilities against the terrorist
screening database, the Committee has included a clear definition for
the terrorist screening database to help address any concerns or
confusion that the term could be interpreted to include new,
additional, or different databases. The legislation clarifies that the
term terrorist screening database refers to the current database
maintained by the Terrorist Screening Center.
\37\Department of Homeland Security. Transportation Security
Administration, Transportation Worker Identification Credential. August
2014 at http://www.tsa.gov/stakeholders/
transportation-worker-identification-credential-twic%C2%AE.
---------------------------------------------------------------------------
The standards chemical facilities are required to meet
under CFATS are by definition performance based, and not meant
to be prescriptive.\38\ Industry partners argue that DHS's
proposed PSP rule is far more prescriptive than what is
necessary to meet the requirements of RBPS-12. Finally, the
Committee believes the Department should avoid costly
duplication of programs.
---------------------------------------------------------------------------
\38\79 F.R. 6417.
---------------------------------------------------------------------------
To that end, the Committee believes that DHS should
leverage existing infrastructure within DHS and industry to
verify and validate identity, check criminal history, verify
and validate legal authorization to work, and identify
individuals with terrorist ties by utilizing a Federal vetting
program. Additionally, given the intent of the CFATS program to
be a flexible program based on performance, the Committee wants
to ensure that facilities have a full cadre of tools at their
disposal to meet the Risk-Based Performance Standards.
The legislation also clarifies Congressional intent related
to the CFATS program by stating that a facility may satisfy its
obligation under RBPS-12(iv) by relying upon presentation and
visual validation of any credential issued by a Federal
screening program that periodically vets individuals against
the TSDB. The intent of this provision is to ensure that the
Department cannot compel a covered chemical facility that has
already vetted an individual against an alternate Federal
screening program to then also submit information about that
individual directly to the Department, unless that person has
been identified positively against the Terrorist Screening
Database.
Finally, the Personnel Surety Program outlined in this
legislation requires DHS to provide feedback to a participating
owner or operator of a covered chemical facility about an
individual based on vetting the individual against the TSDB, to
the extent that such feedback is necessary for the facility's
compliance with CFATS regulations. Under DHS's proposal, DHS
may refuse to tell facility owners and operators when an
individual with access has come up as a TSDB match. DHS argues
that it wants to avoid interfering with ongoing law enforcement
or intelligence operations that might involve the individual in
question. But, as regulated industry partners point out, the
security of a facility is jeopardized when an owner or operator
unknowingly allows access to a suspected terrorist, creating
security and liability, concerns. H.R. 4007 attempts to strike
a balance between these two concerns by limiting notification
to a facility regarding an individual matching the TSDB only if
that individual presents a threat to the facility's physical
security in such a way as to undermine the facility's efforts
to comply with the CFATS regulations.
Outreach to covered chemical facilities
This legislation improves DHS's ability to address the
issue of ``outlier facilities'' and to identify the universe of
chemical facilities which should be subject to requirements
under CFATS. Outlier facilities are facilities that do not let
DHS know of their existence much less take steps to comply with
the CFATS program despite the fact that they possess enough
chemicals of interest to trigger regulation under the program.
Perhaps the most notable example of such a facility was the
West Fertilizer Company located in West, Texas. That company's
facility caught fire and then exploded on April 17, 2013,
killing fifteen people, injuring hundreds more, and causing an
estimated $100 million in damage. Initial reports indicated a
large amount of anhydrous ammonia as the source of the
explosions; later, authorities determined that the explosions
were caused by ammonium nitrate that was stored at the
facility.\39\ Both anhydrous ammonia and ammonium nitrate are
designated by DHS as ``chemicals of interest,'' and possession
of either above certain threshold amounts is subject to
regulation under the CFATS program.\40\ Through an
investigation following the disaster at West Fertilizer, the
Department determined that the facility had not complied with
the requirement of the CFATS program to submit a Top-Screen to
DHS.\41\ As a result, until the explosion occurred program
officials were unaware the facility existed. The EPA's Risk
Management Program (RMP), however, did have a record of this
facility.
---------------------------------------------------------------------------
\39\See U.S. Chemical Safety Board (CSB), Preliminary Findings of
the U.S. Chemical Safety Board from its Investigation of the West
Fertilizer Explosion and Fire, April 22, 2014 at http://www.csb.gov/
assets/1/19/West_Preliminary_Findings.pdf.
\40\6 CFR Part 27.
\41\Letter from Suzanne Spaulding, Acting Under Secretary, National
Protection and Programs Directorate, Department of Homeland Security,
Hon. Thomas R. Carper, Chairman, Senate Committee on Homeland Security
and Governmental Affairs, dated July 31, 2013.
---------------------------------------------------------------------------
Prior to the West Fertilizer Company disaster, DHS was
taking some actions to identify outlier facilities. DHS relied
on information sharing among state homeland security agencies,
components within the Department, and stakeholders, the
maintenance of a toll-free CFATS Tip Line, and a limited,
regional pilot program allowing CFATS inspectors to review a
database maintained by the Environmental Protection Agency.
However, as the Department acknowledged, these efforts yielded
relatively few identifications of outlier facilities.\42\ In
August 2013, after the West disaster, the President issued an
executive order addressing this issue, calling for a working
group to improve federal, state, and local coordination to
identify facilities subject to CFATS requirements.\43\ And at a
Committee hearing in May, Department officials emphasized the
critical need for continued and improved outreach in order to
identify chemical facilities potentially subject to CFATS
requirements.\44\
---------------------------------------------------------------------------
\42\Id.
\43\EO 13650.
\44\``Charting a Path Forward for the Chemical Facilities Anti-
Terrorism Standards Program,'' hearing before the Senate Committee on
Homeland Security and Governmental Affairs, 113th Cong. 5 (May 14,
2014) (Written testimony of Suzanne Spaulding, Under Secretary, and
Director David Wulf, National Protection and Programs Directorate,
Department of Homeland Security).
---------------------------------------------------------------------------
The Committee substitute to H.R. 4007 establishes and
defines the term ``chemical facilities of interest'' to mean
facilities that hold, or that the Secretary has a reasonable
basis to believe hold, chemicals of interest in excess of the
threshold quantities set under the existing CFATS standards. It
requires the Secretary to consult with other government
agencies, including state and local governments, business
associations, and labor organizations to identify such
facilities, to report to Congress regarding the steps the
Department has taken to identify chemical facilities of
interest and its progress toward achieving that goal, and to
submit an action plan for better identifying and enforcing
compliance among chemical facilities of interest to
Congress.\45\
---------------------------------------------------------------------------
\45\The Committee substitute would allow the Secretary 18 months to
produce such a plan, rather than the 90 days specified in the House
bill.
---------------------------------------------------------------------------
Whistleblower protections
The Committee substitute to H.R. 4007 requires the
Department to establish procedures to allow workers or
contractors to report to the Secretary regarding potential
problems or vulnerabilities at a covered chemical facility.
Further, it protects those individuals who report problems from
termination or other forms of retaliation, though it provides
no protections for individuals who are found to have lied or
misled authorities. The Committee believes that workers can
play an important role in chemical security. Few individuals
know and understand the particular vulnerabilities of a
facility more than those who work there every day. As Anna
Fendley from the United Steelworkers testified at the
Committee's hearing in May 2014, ``[Workers] would be hurt
first and worst in an attack on a facility, and therefore have
the largest stake in ensuring safety.''\46\ The Committee
believes that protecting whistleblowers could potentially help
DHS identify chemical facilities that are covered by CFATS but
are not complying with its requirements. Furthermore, the
Committee believes it is important to protect whistleblowers
from retaliation.
---------------------------------------------------------------------------
\46\``Charting a Path Forward for the Chemical Facilities Anti-
Terrorism Standards Program,'' hearing before the Senate Committee on
Homeland Security and Governmental Affairs, 113th Cong. (May 14, 2014)
(Testimony of Anna Fendley on behalf of the United Steelworkers).
---------------------------------------------------------------------------
Information sharing with first responders
The Committee substitute to H.R. 4007 would allow the
Secretary to disseminate information collected from covered
chemical facilities, including security vulnerability
assessments, site security plans, and other information, to
first responders through any medium or system the Secretary
determines appropriate.\47\ The Committee's change reflects its
intent that this potentially sensitive information be shared in
a secure and effective manner only with those individuals who
possess a need to know, and our belief that mandating that
information be shared via HSIN and HSDN could include too broad
an audience. The Committee believes the Secretary, examining
the sensitivity of the information and the relative needs of
recipients, is in the best position to make a determination.
Based on similar reasoning, the legislation exempts information
gathered from chemical facilities under the authority granted
in the bill from requests under the Freedom of Information Act.
The Committee intends this blanket exemption to preclude the
possibility that members of the public without a need to know,
including potentially bad actors, seeking to access this
information might receive it from the Federal Government
through a FOIA request.\48\
---------------------------------------------------------------------------
\47\In contrast, H.R. 4007 as passed by the House would require the
Secretary to use the Homeland Security Information Network (HSIN) or
the Homeland Secure Data Network (HSDN) to distribute such information.
Though the HSDN reaches a more limited audience and is used only to
share classified information, HSIN is a public-facing web portal that
allows for the sharing of sensitive but not classified information to
federal, state, local, tribal, territorial, international, and private
sector partners.
\48\The Committee does not intend this provision to affect one way
or the other the ability of anyone to access any information about a
chemical facility, either from the company itself, or from the
government, as provided for under any other law or program.
---------------------------------------------------------------------------
Improved risk assessment methodology
Finally, this legislation ensures that the Department fixes
its historically flawed risk assessment and tiering methodology
by requiring DHS to consider all areas of risk in developing
risk assessments in order to more accurately reflect the core
criteria of risk: threat, consequence (including both economic
consequences and fatalities), and vulnerability. The Committee
wants to ensure that all aspects of risk are being considered
when determining whether a facility presents a high enough risk
to be regulated under the CFATS program and into what tier a
facility may be placed. It further instructs the Secretary to
maintain a record of any changes to a facility's tiering status
and why the change was made. In its April 2013 report, GAO
recommended that DHS should enhance its risk assessment
approach to incorporate all elements of risk, and conduct an
independent peer review to ensure the approach is
effective.\49\ That peer review, conducted by the Homeland
Security Studies and Analysis Institute, was published in
September, 2013 and laid out a number of recommendations for
improvement.\50\ This legislation would require the Department
to develop a risk assessment approach and tiering methodology
based on that review and require the Secretary to report to
Congress on the Infrastructure Security Compliance Division's
progress in doing so within 18 months of the bill's enactment.
---------------------------------------------------------------------------
\49\See Government Accountability Office (GAO), Critical
Infrastructure Protection: DHS Efforts to Assess Chemical Security Risk
and Gather Feedback on Facility Outreach Can Be Strengthened, (GAO-13-
353), April 2013 at 9-15.
\50\See Homeland Security Studies and Analysis Institute's Tiering
Methodology Peer Review, Publication Number: RP12-22-02.
---------------------------------------------------------------------------
III. Legislative History
H.R. 4007, the Protecting and Securing Chemical Facilities
from Terrorist Attacks Act of 2014, was introduced by
Representative Meehan on February 6, 2014. The House passed the
bill on July 8, 2014, on a motion to suspend the rules and pass
the bill, as amended, by voice vote. The bill was received in
the Senate on July 9, 2014, and referred to the Homeland
Security and Governmental Affairs Committee.
Prior to the bill's referral, the Committee held a hearing
on May 14, 2014, titled ``Charting a Path Forward for the
Chemical Facilities Anti-Terrorism Standards Program.'' The
purpose of the hearing was to examine the current state of the
CFATS program and the need to reauthorize the program.
Witnesses included two senior DHS officials responsible for
managing the program, representatives from the Government
Accountability Office and Congressional Research Service, an
industry representative, and a labor representative.
The Committee considered H.R. 4007 at a business meeting on
July 30, 2014. Senators Carper and Coburn offered a substitute
amendment that made a number of changes to the bill as passed
by the House. The substitute added provisions permitting the
submission of simplified security plans through the alternative
security program; establishing an expedited approval program to
allow lower high-risk facilities to more quickly implement
security plans; requiring DHS to review and update its risk
assessment model and report key metrics to Congress so that
Congress can better perform oversight of the CFATS program;
requiring sensitive security information to be protected and
shared with first responders; and requiring the Secretary to:
collect and report on program best practices in order to assist
smaller facilities in complying with the program, develop an
implementation plan for outreach to chemical facilities of
interest; establish a program-specific reporting process for
whistleblowers, and work with industry and labor organizations
to improve information sharing.
The committee adopted the Carper-Coburn substitute, as
modified, and ordered the bill, as amended, reported favorably,
both by voice vote. Senators present for both votes were
Senators Carper, Levin, Landrieu, McCaskill, Begich, Baldwin,
Coburn, Johnson, and Ayotte. Senator Baldwin requested to be
recorded as voting ``no'' on the bill.
IV. Section-by-Section Analysis of the Bill, as Reported
Section 1--Short title
This section establishes the title of the legislation as
the ``The Protecting and Securing Chemical Facilities from
Terrorist Attacks Act of 2014.''\51\
---------------------------------------------------------------------------
\51\Note that the House version was titled, ``The Chemical Facility
Anti-Terrorism Standards Program Authorization and Accountability Act
of 2014.''
---------------------------------------------------------------------------
Section 2--Chemical Facility Anti-Terrorism Standards Program
This section amends the Homeland Security Act of 2002 (6
U.S.C. 101 et seq.), adding at the end a new title, Title XXI--
Chemical Facility Anti-Terrorism Standards.
New section 2101 of the Homeland Security Act of 2002--Definitions
This section defines key terms used in the bill, including
``CFATS regulation,'' and specifies which types of facilities
are considered to be ``covered chemical facilities,'' which
facilities are exempted, and which types of facilities are
considered to be ``chemical facilities of interest.''
This section defines ``chemical facility of interest'' as a
facility that the Secretary has reason to believe holds
threshold quantities of chemicals of interest.
It defines ``covered chemical facility'' as a facility that
the Secretary identifies as a chemical facility of interest,
which is a high-risk facility, as determined by the
Department's risk assessment methodology.
It defines ``excluded facility'' to mean a facility
regulated under the U.S. Coast Guard's Maritime Transportation
Security Act (MTSA) protocol or the Safe Drinking Water Act, a
wastewater treatment works regulated under the Federal Water
Pollution Control Act, a facility owned or operated by the
Department of Defense or the Department of Energy, or a
facility regulated by the Nuclear Regulatory Commission or by a
state that has entered into an agreement with the Nuclear
Regulatory Commission.
It defines ``expedited approval facility'' as a covered
chemical facility for which the owner or operator elects to
submit a site security plan for expedited approval under a new
program authorized in the legislation.
It defines a ``facially deficient'' security plan as a
security plan that does not support a certification that the
security measures in the plan address the security
vulnerability assessment and risk-based performance standards.
New section 2102 of the Homeland Security Act of 2002--Chemical
Facility Anti-Terrorism Standards Program
Subsection (a) requires DHS to establish risk-based
performance standards to ensure the security of chemical
facilities. It charges the Secretary of Homeland Security
(``the Secretary'') with identifying chemical facilities of
interest and covered chemical facilities. It authorizes the
Secretary to require chemical facilities of interest to submit
a Top-Screen. The subsection authorizes the Secretary to
require covered facilities to submit to the Department of
Homeland Security (``DHS'') security vulnerability assessments,
and to develop, submit, and implement site security plans.
(This language largely mirrors the original CFATS authorizing
statute, PL 109-295, the Department of Homeland Security
Appropriations Act of 2007, Sec. 550, hereinafter referred to
as ``Sec. 550'').
Subsection (b), Security Measures, describes the
requirements of a site security plan, stating they should
include security measures that, in combination, appropriately
address the security vulnerability assessment and the risk-
based performance standards for securing the facility.
Subsection (c), Approval or Disapproval of Site Security
Plans, outlines the process for DHS's review of site security
plans and improves the efficiency of the site security plan
approval process by allowing facilities to use an alternative
security program. This subsection charges the Secretary with
evaluating and approving site security plans described under
subsection (a), and specifies that the Secretary may not
require the presence or absence of particular measures.
This subsection further authorizes the Secretary to approve
alternative security programs created by outside entities, such
as the American Chemistry Council, if those programs satisfy
all the requirements of the Risk-Based Performance Standards.
If the requirements of the alternative security program do not
fully meet the requirements of the subsection, the Secretary
may recommend additional security measures to allow the program
to be approved. Further, the subsection allows the Secretary to
accept an already-approved alternative security program without
reevaluating the program.
This subsection further obligates the Secretary to employ
the risk assessment procedures established under this title,
and establishes a ``grandfather clause'' providing that, if the
legislation is enacted, a site security plan already approved
by the Secretary prior to the date of enactment of this Act
need not be reevaluated solely because of enactment of this
Act.
This subsection also creates a new expedited approval
program through which tier 3 and 4 facilities may develop and
submit a site security plan for expedited approval. It requires
that the Secretary first issue prescriptive guidance for such
facilities to meet the risk-based performance standards, and
outlines how facilities may certify that deviations from the
guidance meet or exceed the prescriptive standards. The
subsection requires the Secretary to consult with labor
organizations and Sector Coordinating Councils to develop this
guidance. The subsection establishes deadlines for facilities
to submit and certify plans for expedited approval and for the
Department to review certified plans, provides authority for
the Secretary to enforce compliance under this program, and
provides a process by which facilities can amend site security
plans. It allows the Secretary to suspend and ultimately revoke
a facility's ability to participate in the voluntary expedited
approval program if it submits a facially deficient site
security plan, and to recommend additional security measures if
it suspends a facility's certification. The subsection also
allows DHS to develop prescriptive security plan templates that
meet the risk-based performance standards and tier 3 and 4
facilities can submit as their site security plans. Finally,
the subsection requires that the Secretary fully evaluate the
expedited approval program within 18 months of enactment of the
Act.
Subsection (d), Compliance, requires the Secretary to
conduct audits or inspections of covered chemical facilities,
and would allow nongovernmental personnel to conduct audits or
inspections on behalf of the Department in order to address the
existing backlog. This section also requires the Secretary to
establish a Personnel Surety Program that ensures individuals
with access to covered chemical facilities are vetted against
the Terrorist Screening Database, the central terrorist
watchlist consolidated by the FBI's Terrorist Screening Center.
This subsection defines ``nondepartmental'' to refer to
personnel and entities that are neither employed by nor are
components or other authorities of DHS, and ``nongovernmental''
to refer to personnel or entities that are neither employed by
nor are agencies, departments, or other authorities of the
Federal Government. This subsection would allow the Secretary
to make use of nondepartmental and nongovernmental facility
inspectors in addition to DHS Inspectors, and requires the
Secretary to set high standards and professional qualifications
for both governmental and nongovernmental personnel. This will
help to expedite the rate of inspections and address the
backlog of authorization inspections DHS now faces. This
subsection also makes clear that any duties carried out by a
nongovernmental entity should not be inherently governmental
functions, and that only the Secretary or the Secretary's
designee retains the authority to approve a site security plan.
This subsection clarifies that a facility may utilize any
Federal screening program that periodically vets individuals
against the Terrorist Screening Database in order to comply
with the requirement to vet personnel against the terrorist
watchlist. This subsection also prohibits DHS from collecting
information from covered chemical facilities about an
individual unless that individual has been identified as
presenting a terrorist threat, or is being vetted under the
CFATS program's Personnel Surety Program (PSP). Finally, this
subsection instructs DHS to share any information with a
facility that the facility needs to comply with this section.
The Committee added this requirement to address concerns raised
by industry groups that the Department was not required to
share with a chemical facility information that an individual
identified through the Terrorist Screening Database as
potentially having terrorist ties had accessed the chemical
facility. Under the requirement, the Committee intends for the
Department to determine what information a facility needs in
order to comply.
Subsection (e) outlines the responsibilities of the
Secretary. It ensures that DHS is communicating with state and
local officials as well as other Federal agencies and industry
associations to identify chemical facilities of interest, and
that DHS implements a comprehensive risk assessment and
maintains records documenting the basis for any facility that
experiences a change in risk tiering.
This subsection instructs DHS to communicate with state and
local officials, as well as other Federal agencies and industry
associations, to identify chemical facilities of interest,
which will help to ensure that outlier facilities are known to
the Department. This subsection further ensures that DHS is
taking into account all relevant risk information when
developing its risk assessment standards and corresponding
tiering methodology. It also requires that the Secretary
document the basis for each change in a covered chemical
facility's tier. It also requires the Secretary to provide a
biannual report to Congress detailing specific metrics on the
program's performance in order to aid Congressional evaluation
and oversight of the program.
New section 2103 of the Homeland Security Act of 2002--Protection and
sharing of information
This section ensures that sensitive security information is
protected, and shared with first responders in a secure,
responsible manner in order to prevent loss of life and
property. It ensures that sensitive information regarding a
facility, where disclosure could present a potential risk,
developed under this Act shall not be made available for public
disclosure. However such information may be shared with state
and local government officials for purposes of carrying out
this Act. This section further ensures that first responders
are properly prepared and provided situational awareness when
responding to incidents at CFATS facilities without
compromising the security of the information. This section
allows the Secretary to disseminate information through any
medium or system deemed appropriate by the Secretary. It is the
Committee's intent that proprietary and chemical vulnerability
information shared pursuant to this section continues to be
protected against disclosure to unauthorized individuals and
the public.
New section 2104 of the Homeland Security Act of 2002--Civil
enforcement
This section specifies penalties for noncompliance and sets
the parameters of civil liability.
Subsection (a), Notice of Noncompliance, provides that if a
facility is found to be non-compliant the Secretary must first
present the facility with written notice of non-compliance
before the Department may issue fines or penalties. It further
specifies that in the event of continued non-compliance the
Secretary may assess a civil penalty, order a facility to cease
operations, or both.
Subsection (b), Civil Penalties, provides that civil
penalties may be assessed against a person who violates an
order under this Act. It further provides that any owner of a
chemical facility of interest who fails to comply with or
knowingly submits false information under the Act shall be
liable for a civil penalty.
Subsection (c), Emergency Orders, authorizes the Secretary
to direct a facility to implement emergency security measures,
or cease some or all operations if the Secretary determines
that there is a reasonable likelihood that a violation of the
CFATS regulations could result in death, serious illness,
severe personal injury, or substantial endangerment to the
public.
Subsection (d), Right of Action, clarifies that only the
Secretary (or his or her designee) may bring an action against
the owner or operator of a covered chemical facility to enforce
any of the Act's provision.
New section 2105 of the Homeland Security Act of 2002--Whistleblower
protections
This section clarifies whistleblower protections available
to chemical facility employees and contractors, and requires
these protections be publicly disclosed and advertised. It
requires the Secretary to establish a reporting procedure for
whistleblowers to report problems, deficiencies, or
vulnerabilities related to chemical security at a covered
chemical facility to DHS, and to protect the confidentiality of
an individual making a report. It further requires the
Secretary affirmatively acknowledge receipt of whistleblower
reports, if possible, and take appropriate steps to address any
problems the Department is able to substantiate.
This section also prohibits retaliatory actions against
whistleblowers by owners or operators of a chemical facility.
The section also clarifies that no employee is entitled to the
protection of this section if the employee makes false,
fictitious, or fraudulent statements or representations, and
that disclosures protected by other federal or state laws
remain in place.
New section 2106 of the Homeland Security Act of 2002--Relationship to
other laws
This section states that nothing in this Act supersedes
Federal law governing the manufacture, sale or handling of
chemical substances or mixtures. It also clarifies that States
and political subdivisions may adopt more stringent
requirements with respect to chemical facility security, unless
there is an actual conflict between this section and the law of
that State or subdivision.
New section 2107 of the Homeland Security Act of 2002--CFATS
regulations
This section specifies that the Department can continue to
follow previously-issued regulations, and does not need to
undertake a new rulemaking. This section also stipulates that
the Secretary shall rely on the authority provided in Title XXI
of the Homeland Security Act of 2002 in determining chemicals
of interest and relevant security risks, and determining
compliance with Title XXI.
New section 2108 of the Homeland Security Act of 2002--Small covered
chemical facilities
This section defines a ``small covered chemical facility''
as a facility with 100 employees or fewer. The House bill, in
contrast, defines such a facility as one having 350 or fewer
employees. The Committee believes that its definition more
accurately reflects the size of chemical facilities likely to
require the Departmental compliance assistance mandated under
the legislation. The section also allows the Secretary to
provide assistance and guidance to small covered chemical
facilities in the development of their physical security,
cybersecurity, recordkeeping, and reporting procedures. It
directs the Secretary to report to the authorizing committees
on best practices that may assist small chemical facilities in
meeting their physical security requirements under this title.
New section 2109 of the Homeland Security Act of 2002--Outreach to
chemical facilities of interest
This section directs the Secretary to develop an
implementation plan for outreach to chemical facilities of
interest in order to minimize the number of outliers.
Section 3--Assessment; reports
This section requires the Secretary to commission a third-
party study of vulnerability of covered chemical facilities to
acts of terrorism, and requires that the Secretary report to
Congress on a number of specific aspects of the CFATS program
within 18 months of enactment of this Act. It also provides for
GAO reports assessing the implementation of this Act, including
a review of the expedited approval program not later than three
years after enactment of this Act.
Section 4--Effective date; Conforming repeal
This section states that the Act shall take effect 30 days
after the date of enactment. The section also repeals the
previous authorization language, saying that it is superseded
by this Act.
Section 5--Termination
This section would sunset the program four years after
enactment.
V. Evaluation of Regulatory Impact
Pursuant to the requirement of paragraph 11(b)(1) of rule
XXVI of the Standing Rules of the Senate the Committee has
considered the regulatory impact of this bill. The bill as
amended would extend an existing regulatory program with a
number of changes. As indicated in the Congressional Budget
Office cost estimate for this bill (included below), the bill
as amended should not result in significant additional costs
beyond the current costs of complying with the CFATS program.
VI. Congressional Budget Office Cost Estimate
September 10, 2014.
Hon. Tom Carper,
Chairman, Committee on Homeland Security and Governmental Affairs, U.S.
Senate, Washington, DC.
Dear Mr. Chairman: The Congressional Budget Office has
prepared the enclosed cost estimate for H.R. 4007, the
Protecting and Securing Chemical Facilities from Terrorist
Attacks Act of 2014.
If you wish further details on this estimate, we will be
pleased to provide them. The CBO staff contact is Jason
Wheelock.
Sincerely,
Douglas W. Elmendorf.
Enclosure.
H.R. 4007--Protecting and Securing Chemical Facilities from Terrorist
Attacks Act of 2014
H.R. 4007 would extend the Department of Homeland
Security's (DHS's) authority to regulate security at certain
chemical facilities in the United States. Under the Chemical
Facility Anti-Terrorism Standards (CFATS) program, DHS collects
and reviews information from chemical facilities in the United
States to determine which facilities present security risks.
Facilities determined to present a high level of security risk
are then required to develop a Site Security Plan (SSP). DHS in
turn conducts inspections to validate the adequacy of a
facility's SSP and their compliance with it. The program is set
to end on October 4, 2014.
H.R. 4007 would authorize CFATS for an additional four
years and would create an expedited review procedure for
facilities in the lower risk tiers of the CFATS program. Based
on amounts requested for the CFATS in fiscal year 2015 as well
as information from DHS, CBO estimates that continued
implementation of CFATS would require appropriations of $87
million in 2015 and slightly higher amounts in fiscal years
2016 through 2018 after accounting for the effects of
inflation. Assuming appropriation of the estimated amounts, CBO
estimates that implementing H.R. 4007 would result in outlays
of $349 million over the 2015-2019 period.
----------------------------------------------------------------------------------------------------------------
By fiscal year, in millions of dollars--
------------------------------------------------------------
2015 2016 2017 2018 2019 2015-2019
----------------------------------------------------------------------------------------------------------------
CHANGES IN SPENDING SUBJECT TO APPROPRIATION
Estimated Authorization Level...................... 87 89 92 95 0 363
Estimated Outlays.................................. 45 78 100 103 23 349
----------------------------------------------------------------------------------------------------------------
Enacting H.R. 4007 could result in the collection of
additional civil penalties, which are recorded as revenues and
deposited in the Treasury; therefore, pay-as-you-go procedures
apply. However, CBO estimates that such collections would be
insignificant. Enacting the bill would not affect direct
spending.
H.R. 4007 would extend intergovernmental and private-sector
mandates, as defined in the Unfunded Mandates Reform Act
(UMRA), on owners and operators of public and private
facilities where certain chemicals are present. Current law
requires owners and operators to assess the vulnerability of
their facilities to a terrorist incident and to prepare and
implement facility security plans. This bill would extend, for
four years, the authority of DHS to regulate those facilities
through minimum standards designed to protect facilities from
acts of terrorism and other security risks. The requirement to
meet those standards would be a mandate on public and private
entities.
The bill would impose an additional mandate on public and
private employers by prohibiting them from discharging or
discriminating against employees who report security problems
at a covered chemical facility.
Information from DHS indicates that owners and operators of
chemical facilities already meet the existing security
standards and that they would only need to make small changes
to administrative procedures to comply with the new
whistleblower protections for their employees. Therefore, CBO
estimates that the aggregate additional costs of complying with
the mandates would be small and would fall below the annual
thresholds established in UMRA for intergovernmental and
private-sector mandates ($76 million and $152 million,
respectively, in 2014, adjusted annually for inflation).
On May 30, 2014, CBO transmitted a cost estimate for H.R.
4007 as ordered reported by the House Committee on Homeland
Security on April 30, 2014. The difference in CBO's estimates
reflects differences in the two versions of the bill. The
version reported by the House Committee on Homeland Security
would permanently authorize CFATS and would authorize the
appropriation of $87 million for each of fiscal years 2015
through 2017. The Senate version of H.R. 4007 would extend
CFATS for four years and would not specify an authorization
level for any fiscal year. Based on those differences, CBO
estimates that implementing this version of the bill would cost
approximately $80 million less than the House version over the
2015-2019 period, assuming the appropriation of the estimated
amounts.
The CBO staff contacts for this estimate are Jason Wheelock
(for federal costs), Melissa Merrell (for the intergovernmental
impact), and Paige Piper/Bach (for the private-sector impact).
The estimate was approved by Theresa Gullo, Deputy Assistant
Director for Budget Analysis.
VII. Changes in Existing Statute Made by the Bill, as Reported
In compliance with paragraph 12 of rule XXVI of the
Standing Rules of the Senate, changes in existing law made by
H.R. 4007 as reported are shown as follows (existing law
proposed to be omitted is enclosed in brackets, new matter is
printed in italic, and existing law in which no change is
proposed is shown in roman):
DEPARTMENT OF HOMELAND SECURITY APPROPRIATIONS ACT OF 2007
* * * * * * *
[Sec. 550. (a) No later than six months after the date of
enactment of this Act, the Secretary of Homeland Security shall
issue interim final regulations establishing risk-based
performance standards for security of chemical facilities and
requiring vulnerability assessments and the development and
implementation of site security plans for chemical facilities:
Provided, That such regulations shall apply to chemical
facilities that, in the discretion of the Secretary, present
high levels of security risk: Provided further, That such
regulations shall permit each such facility, in developing and
implementing site security plans, to select layered security
measures that, in combination, appropriately address the
vulnerability assessment and the risk-based performance
standards for security for the facility: Provided further, That
the Secretary may not disapprove a site security plan submitted
under this section based on the presence or absence of a
particular security measure, but the Secretary may disapprove a
site security plan if the plan fails to satisfy the risk-based
performance standards established by this section: Provided
further, That the Secretary may approve alternative security
programs established by private sector entities, Federal,
State, or local authorities, or other applicable laws if the
Secretary determines that the requirements of such programs
meet the requirements of this section and the interim
regulations: Provided further, That the Secretary shall review
and approve each vulnerability assessment and site security
plan required under this section: Provided further, That the
Secretary shall not apply regulations issued pursuant to this
section to facilities regulated pursuant to the Maritime
Transportation Security Act of 2002, Public Law 107-295, as
amended; Public Water Systems, as defined by section 1401 of
the Safe Drinking Water Act, Public Law 93-523, as amended;
Treatment Works as defined in section 212 of the Federal Water
Pollution Control Act, Public Law 92-500, as amended; any
facility owned or operated by the Department of Defense or the
Department of Energy, or any facility subject to regulation by
the Nuclear Regulatory Commission.]
[(b) Interim regulations issued under this section shall
apply until the effective date of interim or final regulations
promulgated under other laws that establish requirements and
standards referred to in subsection (a) and expressly supersede
this section: Provided, That the authority provided by this
section shall terminate three years after the date of enactment
of this Act.]
[(c) Notwithstanding any other provision of law and
subsection (b), information developed under this section,
including vulnerability assessments, site security plans, and
other security related information, records, and documents
shall be given protections from public disclosure consistent
with similar information developed by chemical facilities
subject to regulation under section 70103 of title 46, United
States Code: Provided, That this subsection does not prohibit
the sharing of such information, as the Secretary deems
appropriate, with State and local government officials
possessing the necessary security clearances, including law
enforcement officials and first responders, for the purpose of
carrying out this section, provided that such information may
not be disclosed pursuant to any State or local law: Provided
further, That in any proceeding to enforce this section,
vulnerability assessments, site security plans, and other
information submitted to or obtained by the Secretary under
this section, and related vulnerability or security
information, shall be treated as if the information were
classified material.]
[(d) Any person who violates an order issued under this
section shall be liable for a civil penalty under section
70119(a) of title 46, United States Code: Provided, That
nothing in this section confers upon any person except the
Secretary a right of action against an owner or operator of a
chemical facility to enforce any provision of this section. (e)
The Secretary of Homeland Security shall audit and inspect
chemical facilities for the purposes of determining compliance
with the regulations issued pursuant to this section.]
[(f) Nothing in this section shall be construed to
supersede, amend, alter, or affect any Federal law that
regulates the manufacture, distribution in commerce, use, sale,
other treatment, or disposal of chemical substances or
mixtures.]
[(g) If the Secretary determines that a chemical facility
is not in compliance with this section, the Secretary shall
provide the owner or operator with written notification
(including a clear explanation of deficiencies in the
vulnerability assessment and site security plan) and
opportunity for consultation, and issue an order to comply by
such date as the Secretary determines to be appropriate under
the circumstances: Provided, That if the owner or operator
continues to be in noncompliance, the Secretary may issue an
order for the facility to cease operation, until the owner or
operator complies with the order.]
[(h) This section shall not preclude or deny any right of
any State or political subdivision thereof to adopt or enforce
any regulation, requirement, or standard of performance with
respect to chemical facility security that is more stringent
than a regulation, requirement, or standard of performance
issued under this section, or otherwise impair any right or
jurisdiction of any State with respect to chemical facilities
within that State, unless there is an actual conflict between
this section and the law of that State.]
* * * * * * *
SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
(a) * * *
(b) Table of Contents.--The table of contents for this Act
is as follows:
* * * * * * *
TITLE XXI--CHEMICAL FACILITY ANTI-TERRORISM STANDARDS
Sec. 2101. Definitions.
Sec. 2102. Chemical Facility Anti-Terrorism Standards Program.
Sec. 2103. Protection and sharing of information.
Sec. 2104. Civil enforcement.
Sec. 2105. Whistleblower protections.
Sec. 2106. Relationship to other laws.
Sec. 2107. CFATS regulations.
Sec. 2108. Small covered chemical facilities.
Sec. 2109. Outreach to chemical facilities of interest.
* * * * * * *
TITLE XXI--CHEMICAL FACILITY ANTI-TERRORISM STANDARDS
SEC. 2101. DEFINITIONS.
In this title--
(1) the term ``CFATS regulation'' means--
(A) an existing CFATs regulation; and
(B) any regulation or amendment to an
existing CFATS regulation issued pursuant to
the authority under section 2107;
(2) the term ``chemical facility of interest'' means
a facility that--
(A) holds, or that the Secretary has a
reasonable basis to believe holds, a chemical
of interest, as designated under Appendix A to
part 27 of title 6, Code of Federal
Regulations, or any successor thereto, at a
threshold quantity set pursuant to relevant
risk-related security principles; and
(B) is not an excluded facility;
(3) the term ``covered chemical facility'' means a
facility that--
(A) the Secretary--
(i) identifies as a chemical facility
of interest; and
(ii) based upon review of the
facility's Top-Screen, determines meets
the risk criteria developed under
section 2102(e)(2)(B); and
(B) is not an excluded facility;
(4) the term ``excluded facility'' means--
(A) a facility regulated under the Maritime
Transportation Security Act of 2002 (Public Law
107-295; 116 Stat. 2064);
(B) a public water system, as that term is
defined in section 1401 of the Safe Drinking
Water Act (42 U.S.C. 300f);
(C) a Treatment Works, as that term is
defined in section 212 of the Federal Water
Pollution Control Act (33 U.S.C. 1292);
(D) a facility owned or operated by the
Department of Defense or the Department of
Energy; or
(E) a facility subject to regulation by the
Nuclear Regulatory Commission, or by a State
that has entered into an agreement with the
Nuclear Regulatory Commission under section 274
b. of the Atomic Energy Act of 1954 (42 U.S.C.
2021(b)) to protect against unauthorized access
of any material, activity, or structure
licensed by the Nuclear Regulatory Commission;
(5) the term ``existing CFATS regulation'' means--
(A) a regulation promulgated under section
550 of the Department of Homeland Security
Appropriations Act, 2007 (Public Law 109-295; 6
U.S.C. 121 note) that is in effect on the day
before the date of enactment of the Protecting
and Securing Chemical Facilities from Terrorist
Attacks Act of 2014; and
(B) a Federal Register notice or other
published guidance relating to section 550 of
the Department of Homeland Security
Appropriations Act, 2007 that is in effect on
the day before the date of enactment of the
Protecting and Securing Chemical Facilities
from Terrorist Attacks Act of 2014;
(6) the term ``expedited approval facility'' means a
covered chemical facility for which the owner or
operator elects to submit a site security plan in
accordance with section 2102(c)(4);
(7) the term ``facially deficient'', relating to a
site security plan, means a site security plan that
does not support a certification that the security
measures in the plan address the security vulnerability
assessment and the risk-based performance standards for
security for the facility, based on a review of--
(A) the facility's site security plan;
(B) the facility's Top-Screen;
(C) the facility's security vulnerability
assessment; or
(D) any other information that--
(i) the facility submits to the
Department; or
(ii) the Department obtains from a
public source or other source;
(8) the term ``guidance for expedited approval
facilities'' means the guidance issued under section
2102(c)(4)(B)(i);
(9) the term ``risk assessment'' means the
Secretary's application of relevant risk criteria
identified in section 2102(e)(2)(B);
(10) the term ``terrorist screening database'' means
the terrorist screening database maintained by the
Federal Government Terrorist Screening Center or its
successor;
(11) the term ``tier'' has the meaning given the term
in section 27.105 of title 6, Code of Federal
Regulations, or any successor thereto;
(12) the terms ``tiering'' and ``tiering
methodology'' mean the procedure by which the Secretary
assigns a tier to each covered chemical facility based
on the risk assessment for that covered chemical
facility;
(13) the term ``Top-Screen'' has the meaning given
the term in section 27.105 of title 6, Code of Federal
Regulations, or any successor thereto; and
(14) the term ``vulnerability assessment'' means the
identification of weaknesses in the security of a
chemical facility of interest.
SEC. 2102. CHEMICAL FACILITY ANTI-TERRORISM STANDARDS PROGRAM.
(a) Program Established.--
(1) In general.--There is in the Department a
Chemical Facility Anti-Terrorism Standards Program.
(2) Requirements.--In carrying out the Chemical
Facility Anti-Terrorism Standards Program, the
Secretary shall--
(A) identify--
(i) chemical facilities of interest;
and
(ii) covered chemical facilities;
(B) require each chemical facility of
interest to submit a Top-Screen and any other
information the Secretary determines necessary
to enable the Department to assess the security
risks associated with the facility;
(C) establish risk-based performance
standards designed to address high levels of
security risk at covered chemical facilities;
and
(D) require each covered chemical facility
to--
(i) submit a security vulnerability
assessment; and
(ii) develop, submit, and implement a
site security plan.
(b) Security Measures.--A facility, in developing a site
security plan as required under subsection (a), shall include
security measures that, in combination, appropriately address
the security vulnerability assessment and the risk-based
performance standards for security for the facility.
(c) Approval or Disapproval of Site Security Plans.--
(1) In general.--
(A) Review.--Except as provided in paragraph
(4), the Secretary shall review and approve or
disapprove each site security plan submitted
pursuant to subsection (a).
(B) Bases for disapproval.--The Secretary--
(i) may not disapprove a site
security plan based on the presence or
absence of a particular security
measure; and
(ii) shall disapprove a site security
plan if the plan fails to satisfy the
risk-based performance standards
established pursuant to subsection
(a)(2)(C).
(2) Alternative security programs.--
(A) Authority to approve.--
(i) In general.--The Secretary may
approve an alternative security program
established by a private sector entity
or a Federal, State, or local authority
or under other applicable laws, if the
Secretary determines that the
requirements of the program meet the
requirements under this section.
(ii) Additional security measures.--
If the requirements of an alternative
security program do not meet the
requirements under this section, the
Secretary may recommend additional
security measures to the program that
will enable the Secretary to approve
the program.
(B) Satisfaction of site security plan
requirement.--A covered chemical facility may
satisfy the site security plan requirement
under subsection (a) by adopting an alternative
security program that the Secretary has--
(i) reviewed and approved under
subparagraph (A); and
(ii) determined to be appropriate for
the operations and security concerns of
the covered chemical facility.
(3) Site security plan assessments.--
(A) Risk assessment policies and
procedures.--In approving or disapproving a
site security plan under this subsection, the
Secretary shall employ the risk assessment
policies and procedures developed under this
title.
(B) Previously approved plans.--In the case
of a covered chemical facility for which the
Secretary approved a site security plan before
the date of enactment of the Protecting and
Securing Chemical Facilities from Terrorist
Attacks Act of 2014, the Secretary may not
require the facility to resubmit the site
security plan solely by reason of the enactment
of this title.
(4) Expedited approval program.--
(A) In general.--A covered chemical facility
assigned to tier 3 or 4 may meet the
requirement to develop and submit a site
security plan under subsection (a)(2)(D) by
developing and submitting to the Secretary--
(i) a site security plan and the
certification described in subparagraph
(C); or
(ii) a site security plan in
conformance with a template authorized
under subparagraph (H).
(B) Guidance for expedited approval
facilities.--
(i) In general.--Not later than 180
days after the date of enactment of the
Protecting and Securing Chemical
Facilities from Terrorist Attacks Act
of 2014, the Secretary shall issue
guidance for expedited approval
facilities that identifies specific
security measures that are sufficient
to meet the risk-based performance
standards.
(ii) Material deviation from
guidance.--If a security measure in the
site security plan of an expedited
approval facility materially deviates
from a security measure in the guidance
for expedited approval facilities, the
site security plan shall include an
explanation of how such security
measure meets the risk-based
performance standards.
(iii) Process.--In developing and
issuing, or amending, the guidance for
expedited approval facilities under
this subparagraph and in collecting
information from expedited approval
facilities, the Secretary--
(I) shall consult with--
(aa) Sector
Coordinating Councils
established under
sections 201 and
871(a); and
(bb) appropriate
labor organizations;
and
(II) shall not be subject to
section 553 of title 5, United
States Code, the National
Environmental Policy Act of
1969 (42 U.S.C. 4321 et seq.),
subchapter I of chapter 35 of
title 44, United States Code,
or section 2107(b) of this
title.
(C) Certification.--The owner or operator of
an expedited approval facility shall submit to
the Secretary a certification, signed under
penalty of perjury, that--
(i) the owner or operator is familiar
with the requirements of this title and
part 27 of title 6, Code of Federal
Regulations, or any successor thereto,
and the site security plan being
submitted;
(ii) the site security plan includes
the security measures required by
subsection (b);
(iii)(I) the security measures in the
site security plan do not materially
deviate from the guidance for expedited
approval facilities except where
indicated in the site security plan;
(II) any deviations from the guidance
for expedited approval facilities in
the site security plan meet the risk-
based performance standards for the
tier to which the facility is assigned;
and
(III) the owner or operator has
provided an explanation of how the site
security plan meets the risk-based
performance standards for any material
deviation;
(iv) the owner or operator has
visited, examined, documented, and
verified that the expedited approval
facility meets the criteria set forth
in the site security plan;
(v) the expedited approval facility
has implemented all of the required
performance measures outlined in the
site security plan or set out planned
measures that will be implemented
within a reasonable time period stated
in the site security plan;
(vi) each individual responsible for
implementing the site security plan is
fully aware of the requirements
relevant to the individual's
responsibility contained in the site
security plan and is competent to carry
out those requirements; and
(vii) the owner or operator has
committed, or, in the case of planned
measures will commit, the necessary
resources to fully implement the site
security plan.
(D) Deadline.--
(i) In general.--Not later than 120
days after the date described in clause
(ii), the owner or operator of an
expedited approval facility shall
submit to the Secretary the site
security plan and the certification
described in subparagraph (C).
(ii) Date.--The date described in
this clause is--
(I) for an expedited approval
facility that was assigned to
tier 3 or 4 under existing
CFATS regulations before the
date of enactment of the
Protecting and Securing
Chemical Facilities from
Terrorist Attacks Act of 2014,
the date that is 210 days after
the date of enactment of that
Act; and
(II) for any expedited
approval facility not described
in subclause (I), the later
of--
(aa) the date on
which the expedited
approval facility is
assigned to tier 3 or 4
under subsection
(e)(2)(A); or
(bb) the date that is
210 days after the date
of enactment of the
Protecting and Securing
Chemical Facilities
from Terrorist Attacks
Act of 2014.
(iii) Notice.--An owner or operator
of an expedited approval facility shall
notify the Secretary of the intent of
the owner or operator to certify the
site security plan for the expedited
approval facility not later than 30
days before the date on which the owner
or operator submits the site security
plan and certification described in
subparagraph (C).
(E) Compliance.--
(i) In general.--For an expedited
approval facility submitting a site
security plan and certification in
accordance with subparagraphs (A), (B),
(C), and (D)--
(I) the expedited approval
facility shall comply with all
of the requirements of its site
security plan; and
(II) the Secretary--
(aa) except as
provided in
subparagraph (G), may
not disapprove the site
security plan; and
(bb) may audit and
inspect the expedited
approval facility under
subsection (d) to
verify compliance with
its site security plan.
(ii) Noncompliance.--If the Secretary
determines an expedited approval
facility is not in compliance with the
requirements of the site security plan
or is otherwise in violation of this
title, the Secretary may enforce
compliance in accordance with section
2104.
(F) Amendments to site security plan.--
(i) Requirement.--
(I) In general.--If the owner
or operator of an expedited
approval facility amends a site
security plan submitted under
subparagraph (A), the owner or
operator shall submit the
amended site security plan and
a certification relating to the
amended site security plan that
contains the information
described in subparagraph (C).
(II) Technical amendments.--
For purposes of this clause, an
amendment to a site security
plan includes any technical
amendment to the site security
plan.
(ii) Amendment required.--The owner
or operator of an expedited approval
facility shall amend the site security
plan if--
(I) there is a change in the
design, construction,
operation, or maintenance of
the expedited approval facility
that affects the site security
plan;
(II) the Secretary requires
additional security measures or
suspends a certification and
recommends additional security
measures under subparagraph
(G); or
(III) the owner or operator
receives notice from the
Secretary of a change in
tiering under subsection
(e)(3).
(iii) Deadline.--An amended site
security plan and certification shall
be submitted under clause (i)--
(I) in the case of a change
in design, construction,
operation, or maintenance of
the expedited approval facility
that affects the security plan,
not later than 120 days after
the date on which the change in
design, construction,
operation, or maintenance
occurred;
(II) in the case of the
Secretary requiring additional
security measures or suspending
a certification and
recommending additional
security measures under
subparagraph (G), not later
than 120 days after the date on
which the owner or operator
receives notice of the
requirement for additional
security measures or suspension
of the certification and
recommendation of additional
security measures; and
(III) in the case of a change
in tiering, not later than 120
days after the date on which
the owner or operator receives
notice under subsection (e)(3).
(G) Facially deficient site security plans.--
(i) Prohibition.--Notwithstanding
subparagraph (A) or (E), the Secretary
may suspend the authority of a covered
chemical facility to certify a site
security plan if the Secretary--
(I) determines the certified
site security plan or an
amended site security plan is
facially deficient; and
(II) not later than 100 days
after the date on which the
Secretary receives the site
security plan and
certification, provides the
covered chemical facility with
written notification that the
site security plan is facially
deficient, including a clear
explanation of each deficiency
in the site security plan.
(ii) Additional security measures.--
(I) In general.--If, during
or after a compliance
inspection of an expedited
approval facility, the
Secretary determines that
planned or implemented security
measures in the site security
plan of the facility are
insufficient to meet the risk-
based performance standards
based on misrepresentation,
omission, or an inadequate
description of the site, the
Secretary may--
(aa) require
additional security
measures; or
(bb) suspend the
certification of the
facility.
(II) Recommendation of
additional security measures.--
If the Secretary suspends the
certification of an expedited
approval facility under
subclause (I), the Secretary
shall--
(aa) recommend
specific additional
security measures that,
if made part of the
site security plan by
the facility, would
enable the Secretary to
approve the site
security plan; and
(bb) provide the
facility an opportunity
to submit a new or
modified site security
plan and certification
under subparagraph (A).
(III) Submission; review.--If
an expedited approval facility
determines to submit a new or
modified site security plan and
certification as authorized
under subclause (II)(bb)--
(aa) not later than
90 days after the date
on which the facility
receives
recommendations under
subclause (II)(aa), the
facility shall submit
the new or modified
plan and certification;
and
(bb) not later than
45 days after the date
on which the Secretary
receives the new or
modified plan under
item (aa), the
Secretary shall review
the plan and determine
whether the plan is
facially deficient.
(IV) Determination not to
include additional security
measures.--
(aa) Revocation of
certification.--If an
expedited approval
facility does not agree
to include in its site
security plan specific
additional security
measures recommended by
the Secretary under
subclause (II)(aa), or
does not submit a new
or modified site
security plan in
accordance with
subclause (III), the
Secretary may revoke
the certification of
the facility by issuing
an order under section
2104(a)(1)(B).
(bb) Effect of
revocation.--If the
Secretary revokes the
certification of an
expedited approval
facility under item
(aa) by issuing an
order under section
2104(a)(1)(B)--
(AA) the
order shall
require the
owner or
operator of the
facility to
submit a site
security plan
or alternative
security
program for
review by the
Secretary
review under
subsection
(c)(1); and
(BB) the
facility shall
no longer be
eligible to
certify a site
security plan
under this
paragraph.
(V) Facial deficiency.--If
the Secretary determines that a
new or modified site security
plan submitted by an expedited
approval facility under
subclause (III) is facially
deficient--
(aa) not later than
120 days after the date
of the determination,
the owner or operator
of the facility shall
submit a site security
plan or alternative
security program for
review by the Secretary
under subsection
(c)(1); and
(bb) the facility
shall no longer be
eligible to certify a
site security plan
under this paragraph.
(H) Templates.--
(i) In general.--The Secretary may
develop prescriptive site security plan
templates with specific security
measures to meet the risk-based
performance standards under subsection
(a)(2)(C) for adoption and
certification by a covered chemical
facility assigned to tier 3 or 4 in
lieu of developing and certifying its
own plan.
(ii) Process.--In developing and
issuing, or amending, the site security
plan templates under this subparagraph,
issuing guidance for implementation of
the templates, and in collecting
information from expedited approval
facilities, the Secretary--
(I) shall consult with--
(aa) Sector
Coordinating Councils
established under
sections 201 and
871(a); and
(bb) appropriate
labor organizations;
and
(II) shall not be subject to
section 553 of title 5, United
States Code, the National
Environmental Policy Act of
1969 (42 U.S.C. 4321 et seq.),
subchapter I of chapter 35 of
title 44, United States Code,
or section 2107(b) of this
title.
(iii) Rule of construction.--Nothing
in this subparagraph shall be construed
to prevent a covered chemical facility
from developing and certifying its own
security plan in accordance with
subparagraph (A).
(I) Evaluation.--
(i) In general.--Not later than 18
months after the date of enactment of
the Protecting and Securing Chemical
Facilities from Terrorist Attacks Act
of 2014, the Secretary shall take any
appropriate action necessary for a full
evaluation of the expedited approval
program authorized under this
paragraph, including conducting an
appropriate number of inspections, as
authorized under subsection (d), of
expedited approval facilities.
(ii) Report.--Not later than 18
months after the date of enactment of
the Protecting and Securing Chemical
Facilities from Terrorist Attacks Act
of 2014, the Secretary shall submit to
the Committee on Homeland Security and
Governmental Affairs of the Senate and
the Committee on Homeland Security of
the House of Representatives a report
that contains--
(I) any costs and
efficiencies associated with
the expedited approval program
authorized under this
paragraph;
(II) the impact of the
expedited approval program on
the backlog for site security
plan approval and authorization
inspections;
(III) an assessment of the
ability of expedited approval
facilities to submit facially
sufficient site security plans;
(IV) an assessment of any
impact of the expedited
approval program on the
security of chemical
facilities; and
(V) a recommendation by the
Secretary on the frequency of
compliance inspections that may
be required for expedited
approval facilities.
(d) Compliance.--
(1) Audits and inspections.--
(A) Definitions.--In this paragraph--
(i) the term ``nondepartmental''--
(I) with respect to
personnel, means personnel that
is not employed by the
Department; and
(II) with respect to an
entity, means an entity that is
not a component or other
authority of the Department;
and
(ii) the term ``nongovernmental''--
(I) with respect to
personnel, means personnel that
is not employed by the Federal
Government; and
(II) with respect to an
entity, means an entity that is
not an agency, department, or
other authority of the Federal
Government.
(B) Authority to conduct audits and
inspections.--The Secretary shall conduct
audits or inspections under this title using--
(i) employees of the Department; or
(ii) nondepartmental or
nongovernmental personnel approved by
the Secretary.
(C) Support personnel.--The Secretary may use
nongovernmental personnel to provide
administrative and logistical services in
support of audits and inspections under this
title.
(D) Reporting structure.--
(i) Nondepartmental and
nongovernmental audits and
inspections.--Any audit or inspection
conducted by an individual employed by
a nondepartmental or nongovernmental
entity shall be assigned in
coordination with a regional supervisor
with responsibility for supervising
inspectors within the Infrastructure
Security Compliance Division of the
Department for the region in which the
audit or inspection is to be conducted.
(ii) Requirement to report.--While an
individual employed by a
nondepartmental or nongovernmental
entity is in the field conducting an
audit or inspection under this
subsection, the individual shall report
to the regional supervisor with
responsibility for supervising
inspectors within the Infrastructure
Security Compliance Division of the
Department for the region in which the
individual is operating.
(iii) Approval.--The authority to
approve a site security plan under
subsection (c) or determine if a
covered chemical facility is in
compliance with an approved site
security plan shall be exercised solely
by the Secretary or a designee of the
Secretary within the Department.
(E) Standards for auditors and inspectors.--
The Secretary shall prescribe standards for the
training and retraining of each individual used
by the Department as an auditor or inspector,
including each individual employed by the
Department and all nondepartmental or
nongovernmental personnel, including--
(i) minimum training requirements for
new auditors and inspectors;
(ii) retraining requirements;
(iii) minimum education and
experience levels;
(iv) the submission of information as
required by the Secretary to enable
determination of whether the auditor or
inspector has a conflict of interest;
(v) the proper certification or
certifications necessary to handle
chemical-terrorism vulnerability
information (as defined in section
27.105 of title 6, Code of Federal
Regulations, or any successor thereto);
(vi) the reporting of any issue of
non-compliance with this section to the
Secretary within 24 hours; and
(vii) any additional qualifications
for fitness of duty as the Secretary
may require.
(F) Conditions for nongovernmental auditors
and inspectors.--If the Secretary arranges for
an audit or inspection under subparagraph (B)
to be carried out by a nongovernmental entity,
the Secretary shall--
(i) prescribe standards for the
qualification of the individuals who
carry out such audits and inspections
that are commensurate with the
standards for similar Government
auditors or inspectors; and
(ii) ensure that any duties carried
out by a nongovernmental entity are not
inherently governmental functions.
(2) Personnel surety.--
(A) Personnel surety program.--For purposes
of this title, the Secretary shall establish
and carry out a Personnel Surety Program that--
(i) does not require an owner or
operator of a covered chemical facility
that voluntarily participates in the
program to submit information about an
individual more than one time;
(ii) provides a participating owner
or operator of a covered chemical
facility with relevant information
about an individual based on vetting
the individual against the terrorist
screening database, to the extent that
such feedback is necessary for the
facility to be in compliance with
regulations promulgated under this
title; and
(iii) provides redress to an
individual--
(I) whose information was
vetted against the terrorist
screening database under the
program; and
(II) who believes that the
personally identifiable
information submitted to the
Department for such vetting by
a covered chemical facility, or
its designated representative,
was inaccurate.
(B) Personnel surety program
implementation.--To the extent that a risk-
based performance standard established under
subsection (a) requires identifying individuals
with ties to terrorism--
(i) a covered chemical facility may
satisfy its obligation under the
standard by using any Federal screening
program that periodically vets
individuals against the terrorist
screening database, or any successor
program, including the Personnel Surety
Program established under subparagraph
(A); and
(ii) the Secretary may not require a
covered chemical facility to submit any
information about an individual unless
the individual--
(I) is to be vetted under the
Personnel Surety Program; or
(II) has been identified as
presenting a terrorism security
risk.
(3) Availability of information.--The Secretary shall
share with the owner or operator of a covered chemical
facility any information that the owner or operator
needs to comply with this section.
(e) Responsibilities of the Secretary.--
(1) Identification of chemical facilities of
interest.--In carrying out this title, the Secretary
shall consult with the heads of other Federal agencies,
States and political subdivisions thereof, relevant
business associations, and public and private labor
organizations to identify all chemical facilities of
interest.
(2) Risk assessment.--
(A) In general.--For purposes of this title,
the Secretary shall develop a security risk
assessment approach and corresponding tiering
methodology for covered chemical facilities
that incorporates the relevant elements of
risk, including threat, vulnerability, and
consequence.
(B) Criteria for determining security risk.--
The criteria for determining the security risk
of terrorism associated with a covered chemical
facility shall take into account--
(i) relevant threat information;
(ii) potential economic consequences
and the potential loss of human life in
the event of the facility being subject
to a terrorist attack, compromise,
infiltration, or exploitation; and
(iii) vulnerability of the facility
to a terrorist attack, compromise,
infiltration, or exploitation.
(3) Changes in tiering.--
(A) Maintenance of records.--The Secretary
shall document the basis for each instance in
which--
(i) tiering for a covered chemical
facility is changed; or
(ii) a covered chemical facility is
determined to no longer be subject to
the requirements under this title.
(B) Required information.--The records
maintained under subparagraph (A) shall include
information on whether and how the Secretary
confirmed the information that was the basis
for the change or determination described in
subparagraph (A).
(4) Semiannual performance reporting.--Not later than
6 months after the date of enactment of the Protecting
and Securing Chemical Facilities from Terrorist Attacks
Act of 2014, and not less frequently than once every 6
months thereafter, the Secretary shall submit to the
Committee on Homeland Security and Governmental Affairs
of the Senate and the Committee on Homeland Security of
the House of Representatives a report that describes,
for the period covered by the report--
(A) the number of covered chemical facilities
in the United States;
(B) the average number of days spent
reviewing site security or an alternative
security program for a covered chemical
facility prior to approval;
(C) the number of covered chemical facilities
inspected;
(D) the average number of covered chemical
facilities inspected per inspector; and
(E) any other information that the Secretary
determines will be helpful to Congress in
evaluating the performance of the Chemical
Facility Anti-Terrorism Standards Program.
SEC. 2103. PROTECTION AND SHARING OF INFORMATION.
(a) In General.--Notwithstanding any other provision of
law, information developed under this title, including
vulnerability assessments, site security plans, and other
security related information, records, and documents shall be
given protections from public disclosure consistent with the
protection of similar information under section 70103(d) of
title 46, United States Code.
(b) Sharing of Information With States and Local
Governments.--Nothing in this section shall be construed to
prohibit the sharing of information developed under this title,
as the Secretary determines appropriate, with State and local
government officials possessing a need to know and the
necessary security clearances, including law enforcement
officials and first responders, for the purpose of carrying out
this title.
(c) Sharing of Information With First Responders.--
(1) Requirement.--The Secretary shall provide to
State, local, and regional fusion centers (as that term
is defined in section 210A(j)(1)) and State and local
government officials, as the Secretary determines
appropriate, such information as is necessary to help
ensure that first responders are properly prepared and
provided with the situational awareness needed to
respond to security incidents at covered chemical
facilities.
(2) Dissemination.--The Secretary shall disseminate
information under paragraph (1) through a medium or
system determined by the Secretary to be appropriate to
ensure the secure and expeditious dissemination of such
information to necessary selected individuals.
(d) Enforcement Proceedings.--In any proceeding to enforce
this section, vulnerability assessments, site security plans,
and other information submitted to or obtained by the Secretary
under this title, and related vulnerability or security
information, shall be treated as if the information were
classified information.
(e) Availability of Information.--Notwithstanding any other
provision of law (including section 552(b)(3) of title 5,
United States Code), section 552 of title 5, United States Code
(commonly known as the Freedom of Information Act') shall not
apply to information protected from public disclosure pursuant
to subsection (a) of this section.
SEC. 2104. CIVIL ENFORCEMENT.
(a) Notice of Noncompliance.--
(1) Notice.--If the Secretary determines that a
covered chemical facility is not in compliance with
this title, the Secretary shall--
(A) provide the owner or operator of the
facility with--
(i) not later than 14 days after date
on which the Secretary makes the
determination, a written notification
of noncompliance that includes a clear
explanation of any deficiency in the
security vulnerability assessment or
site security plan; and
(ii) an opportunity for consultation
with the Secretary or the Secretary's
designee; and
(B) issue to the owner or operator of the
facility an order to comply with this title by
a date specified by the Secretary in the order,
which date shall be not later than 180 days
after the date on which the Secretary issues
the order.
(2) Continued noncompliance.--If an owner or operator
continues to be in noncompliance with this title after
the date specified in an order issued under paragraph
(1)(B), the Secretary may enter an order in accordance
with this section assessing a civil penalty, an order
to cease operations, or both.
(b) Civil Penalties.--
(1) Violations of orders.--Any person who violates an
order issued under this title shall be liable for a
civil penalty under section 70119(a) of title 46,
United States Code.
(2) Non-reporting chemical facilities of interest.--
Any owner of a chemical facility of interest who fails
to comply with, or knowingly submits false information
under, this title or the CFATS regulations shall be
liable for a civil penalty under section 70119(a) of
title 46, United States Code.
(c) Emergency Orders.--
(1) In general.--Notwithstanding subsection (a) or
any site security plan or alternative security program
approved under this title, if the Secretary determines
that there is a reasonable likelihood that a violation
of this title or the CFATS regulations by a chemical
facility could result in death, serious illness, severe
personal injury, or substantial endangerment to the
public, the Secretary may direct the facility,
effective immediately or as soon as practicable, to--
(A) cease some or all operations; or
(B) implement appropriate emergency security
measures.
(2) Limitation on delegation.--The Secretary may not
delegate the authority under paragraph (1) to any
official other than the Under Secretary for the
National Protection and Programs Directorate.
(d) Right of Action.--Nothing in this title confers upon
any person except the Secretary or his or her designee a right
of action against an owner or operator of a covered chemical
facility to enforce any provision of this title.
SEC. 2105. WHISTLEBLOWER PROTECTIONS.
(a) Procedure for Reporting Problems.--
(1) Establishment of a reporting procedure.--Not
later than 180 days after the date of enactment of the
Protecting and Securing Chemical Facilities from
Terrorist Attacks Act of 2014, the Secretary shall
establish, and provide information to the public
regarding, a procedure under which any employee or
contractor of a chemical facility may submit a report
to the Secretary regarding problems, deficiencies, or
vulnerabilities at a covered chemical facility that are
associated with the risk of a chemical facility
terrorist incident.
(2) Confidentiality.--The Secretary shall keep
confidential the identity of an individual who submits
a report under paragraph (1) and any such report shall
be treated as a record containing protected information
to the extent that the report does not consist of
publicly available information.
(3) Acknowledgment of receipt.--If a report submitted
under paragraph (1) identifies the individual making
the report, the Secretary shall promptly respond to the
individual directly and shall promptly acknowledge
receipt of the report.
(4) Steps to address problems.--The Secretary shall--
(A) review and consider the information
provided in any report submitted under
paragraph (1); and
(B) take appropriate steps under this title
if necessary to address any substantiated
problems, deficiencies, or vulnerabilities
associated with the risk of a chemical facility
terrorist incident identified in the report.
(5) Retaliation prohibited.--
(A) In general.--An owner or operator of a
covered chemical facility or agent thereof may
not discharge an employee or otherwise
discriminate against an employee with respect
to the compensation provided to, or terms,
conditions, or privileges of the employment of,
the employee because the employee (or an
individual acting pursuant to a request of the
employee) submitted a report under paragraph
(1).
(B) Exception.--An employee shall not be
entitled to the protections under this section
if the employee--
(i) knowingly and willfully makes any
false, fictitious, or fraudulent
statement or representation; or
(ii) uses any false writing or
document knowing the writing or
document contains any false,
fictitious, or fraudulent statement or
entry.
(b) Protected Disclosures.--Nothing in this title shall be
construed to limit the right of an individual to make any
disclosure--
(1) protected or authorized under section 2302(b)(8)
or 7211 of title 5, United States Code;
(2) protected under any other Federal or State law
that shields the disclosing individual against
retaliation or discrimination for having made the
disclosure in the public interest; or
(3) to the Special Counsel of an agency, the
inspector general of an agency, or any other employee
designated by the head of an agency to receive
disclosures similar to the disclosures described in
paragraphs (1) and (2).
(c) Publication of Rights.--The Secretary, in partnership
with industry associations and labor organizations, shall make
publicly available both physically and online the rights that
an individual who discloses information, including security-
sensitive information, regarding problems, deficiencies, or
vulnerabilities at a covered chemical facility would have under
Federal whistleblower protection laws or this title.
(d) Protected Information.--All information contained in a
report made under this subsection (a) shall be protected in
accordance with section 2103.
SEC. 2106. RELATIONSHIP TO OTHER LAWS.
(a) Other Federal Laws.--Nothing in this title shall be
construed to supersede, amend, alter, or affect any Federal law
that regulates the manufacture, distribution in commerce, use,
sale, other treatment, or disposal of chemical substances or
mixtures.
(b) States and Political Subdivisions.--This title shall
not preclude or deny any right of any State or political
subdivision thereof to adopt or enforce any regulation,
requirement, or standard of performance with respect to
chemical facility security that is more stringent than a
regulation, requirement, or standard of performance issued
under this section, or otherwise impair any right or
jurisdiction of any State with respect to chemical facilities
within that State, unless there is an actual conflict between
this section and the law of that State.
SEC. 2107. CFATS REGULATIONS.
(a) General Authority.--The Secretary may, in accordance
with chapter 5 of title 5, United States Code, promulgate
regulations or amend existing CFATS regulations to implement
the provisions under this title.
(b) Existing CFATS Regulations.--
(1) In general.--Notwithstanding section 4(b) of the
Protecting and Securing Chemical Facilities from
Terrorist Attacks Act of 2014, each existing CFATS
regulation shall remain in effect unless the Secretary
amends, consolidates, or repeals the regulation.
(2) Repeal.--Not later than 30 days after the date of
enactment of the Protecting and Securing Chemical
Facilities from Terrorist Attacks Act of 2014, the
Secretary shall repeal any existing CFATS regulation
that the Secretary determines is duplicative of, or
conflicts with, this title.
(c) Authority.--The Secretary shall exclusively rely upon
authority provided under this title in--
(1) determining compliance with this title;
(2) identifying chemicals of interest; and
(3) determining security risk associated with a
chemical facility.
SEC. 2108. SMALL COVERED CHEMICAL FACILITIES.
(a) Definition.--In this section, the term ``small covered
chemical facility'' means a covered chemical facility that--
(1) has fewer than 100 employees employed at the
covered chemical facility; and
(2) is owned and operated by a small business concern
(as defined in section 3 of the Small Business Act (15
U.S.C. 632)).
(b) Assistance to Facilities.--The Secretary may provide
guidance and, as appropriate, tools, methodologies, or computer
software, to assist small covered chemical facilities in
developing the physical security, cybersecurity, recordkeeping,
and reporting procedures required under this title.
(c) Report.--The Secretary shall submit to the Committee on
Homeland Security and Governmental Affairs of the Senate and
the Committee on Homeland Security of the House of
Representatives a report on best practices that may assist
small covered chemical facilities in development of physical
security best practices.
SEC. 2109. OUTREACH TO CHEMICAL FACILITIES OF INTEREST.
Not later than 90 days after the date of enactment of the
Protecting and Securing Chemical Facilities from Terrorist
Attacks Act of 2014, the Secretary shall establish an outreach
implementation plan, in coordination with the heads of other
appropriate Federal and State agencies, relevant business
associations, and public and private labor organizations, to--
(1) identify chemical facilities of interest; and
(2) make available compliance assistance materials
and information on education and training.
�