Order Code RL31958
CRS Report for Congress
Received through the CRS Web
Chemical Facility Security:
A Comparison of S. 157 and S. 994
June 11, 2003
Linda-Jo Schierow
Specialist in Environmental Policy
Resources, Science, and Industry Division
Congressional Research Service ˜ The Library of Congress

Chemical Facility Security:
A Comparison of S. 157 and S. 994
Summary
The 108th Congress is considering legislation to reduce chemical facilities’
vulnerability to acts of terrorism, so as to protect critical sectors of the U.S.
infrastructure and reduce risks to public health and the environment. Competing
bills, S. 994 and S. 157, have been introduced into the Senate. Both would require
chemical facilities to conduct vulnerability assessments and develop and implement
site security plans, but the approaches of the bills differ with respect to the chemicals
and facilities covered, planning requirements, and mechanisms for federal and facility
accountability. In addition, S. 157 would assign the lead responsibility to the U.S.
Environmental Protection Agency (EPA), while S. 994 would give this role to the
Department of Homeland Security (DHS).
Both S. 157 and S. 994 would provide considerable discretionary authority to
the lead agency to define the universe of regulated chemicals and facilities. The bills
would initially include chemicals for which risk management plans are required
under the Clean Air Act. From that list, S. 157 would exclude “liquified petroleum
gas” that is used as fuel or held by a retail facility for sale as a fuel; S. 994 would
exclude similar facilities using “flammable substances,” as well as all federal
facilities. S. 994, but not S. 157, would require the Secretary to consider cost and
technical feasibility, and scale of operations in selecting facilities.
With respect to planning, the emphasis of S. 994 is on enhancing the security
of facilities against acts of terrorism, while S. 157 emphasizes lessening potential
consequences of releases caused by criminal acts. S. 994 would require security
measures, and identification of equipment, plans, and procedures that could be used
to respond to a chemical release. S. 157 would require “to the extent practicable” (1)
practices that reduce the possibility of a release and the associated threat to public
health and the environment; (2) measures to contain, control, or mitigate a release;
(3) buffer zones; and (4) security measures. S. 157 has numerous requirements for
consultation, and would direct EPA to review each vulnerability assessment and
security plan. S. 994 would not require submission to DHS of plans or assessments,
except at the request of the Secretary, but the bill would direct the Secretary, “as
appropriate,” to ensure compliance. Information provided to the government would
be protected from public disclosure under both bills, but only S. 994 preempts state
and local disclosure laws. Both bills specify procedures that would allow owners and
operators to prepare assessments or plans without reference to federal regulations, but
only S. 157 requires federal review of facility-specific assessments and plans. Table
1 summarizes selected provisions of the two bills in a side-by-side format. For a
broader discussion of the potential threat from, vulnerability to, and consequences of
terrorist acts at chemical facilities, and for summaries of other legislative proposals,
see CRS Report RL31530, Chemical Plant Security. This report will be updated as
events warrant.

Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
S. 157, the Chemical Security Act . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
S. 994, the Chemical Facilities Security Act . . . . . . . . . . . . . . . . . . . . . 2
Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Chemicals and facilities covered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Planning requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Accountability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
List of Tables
Table 1. Comparison of Selected Provisions of S. 157 and
S. 994 in the 108th Congress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Chemical Facility Security:
A Comparison of S. 157 and S. 994
Introduction
Facilities that handle large quantities of very hazardous chemicals may be
attractive targets for terrorists. In the event of a terrorist attack on, or theft from, such
facilities, release of such chemicals could threaten public health and the environment.
In addition, many of these chemical facilities provide products or services that are
strategically or economically critical to the U.S. infrastructure or public health. For
a discussion of the potential threat from, vulnerability to, and consequences of
terrorist acts at chemical facilities, see CRS Report RL31530, Chemical Plant
Security.

The 108th Congress is considering legislation to reduce chemical facilities’
vulnerability to acts of terrorism, in order to protect critical sectors of the U.S.
infrastructure (such as oil refineries, chemical plants, and electric utilities), and also
to reduce risks of chemical releases to public health and the environment. Two bills
with these goals, S. 994 and S. 157, have been introduced into the Senate. Both
would require chemical facilities to conduct vulnerability assessments and develop
and implement site security plans, but the approaches of the bills differ with respect
to the chemicals and facilities covered, planning requirements, and mechanisms for
federal and facility accountability. In addition, S. 994 would assign lead
responsibility to the Department of Homeland Security (DHS), while S. 157 would
give this role to the U.S. Environmental Protection Agency (EPA). This report
describes the different approaches taken in the two bills and analyzes associated
policy implications. It does not discuss the many minor differences between the two
bills, which do not generally raise controversial policy issues. The report begins with
overviews of the two bills, followed by the issue analysis. Table 1 summarizes
selected provisions of the two bills in a side-by-side format. Other proposed
legislation is discussed in the CRS report referenced above.
Background
S. 157, the Chemical Security Act. S. 157 was introduced January 14,
2003, by Senator Jon Corzine, and referred to the Committee on Environment and
Public Works. The bill is similar to S. 1602, which was reported by the Committee
on Environment and Public Works in the 107th Congress (S. Rpt. 107-342). S. 157
would direct the EPA, in consultation with DHS, to issue regulations designating
“certain combinations of chemical sources and substances of concern” as high
priority categories for oversight, based on the severity of potential harm in the event
of a release; proximity to population centers; threats to national security; threats to
critical infrastructure; threshold quantities of substances that pose a serious threat;

CRS-2
and other safety or security factors that the Administrator of EPA, in consultation
with the Secretary of DHS, determined to be appropriate.1 Owners and operators of
listed facilities would be required to conduct vulnerability assessments; identify
hazards; and prepare prevention, preparedness, and response plans to eliminate or
significantly lessen the potential consequences of an unauthorized release. Each
owner or operator of a regulated facility also would be required to certify in writing
that the vulnerability assessment and plan had been completed, and the plan
implemented. The bill would require facility owners and operators to submit to EPA
copies of vulnerability assessments and plans, along with certifications, within 12
months of enactment of the Chemical Security Act for assessments, and 18 months
for plans. Assessments, plans, and certifications would have to be updated
periodically.
S. 157 would direct EPA to review each assessment and plan, determine
compliance, and certify that determination. Vulnerability assessments and plans
would be protected from public disclosure under the Freedom of Information Act
(FOIA). The bill also provides for early review and certification of assessments and
plans that are submitted before EPA issues regulations. EPA would be authorized
to issue compliance orders 30 days after either notifying a chemical source that its
assessment or plan was inadequate, or first offering compliance assistance, if the plan
were not revised to comply with EPA requirements. If DHS notified a chemical
source that its plan or implementation was insufficient to address a threat of terrorist
attack, and the chemical source failed to take adequate action in response to that
notice, DHS would be authorized to secure necessary relief from a district court to
abate the threat.
S. 994, the Chemical Facilities Security Act. S. 994 was introduced May
5, 2003, by Senator James Inhofe, and referred to the Committee on Environment
and Public Works. S. 994 would authorize the DHS to oversee security assessments
and planning at selected chemical facilities. The Secretary would be directed to list,
and may promulgate the list by regulation, chemical facilities that should be subject
to regulation, based on: the likelihood that a facility will be the target of terrorism;
nature and quantity of substances of concern present; potential extent of death, injury,
or serious adverse effects to human health or the environment; potential harm to
critical infrastructure and national security; cost and technical feasibility; scale of
operations; and other security-related factors that the Secretary determines to be
appropriate and necessary. S. 994 would require the Secretary to promulgate
regulations directing owners and operators of listed facilities to conduct vulnerability
assessments, identify hazards, and prepare security plans to reduce vulnerability to
a terrorist release and to respond in the event of a release. Written certification of
compliance would be required by DHS from each owner or operator on a schedule
to be determined by the Secretary. Copies of vulnerability assessments and plans
would be retained at facilities, but must be submitted to DHS on request, and updated
periodically.
1Both bills define ‘security measures” generally in terms of “hardening” the defenses of
potential targets, using methods that detect adversary action, impede adversary progress, and
respond to neutralize the threat. For more discussion of options for reducing risks, see CRS
Report RL31530, Chemical Plant Security, pages 24-27.

CRS-3
S. 994 would direct DHS to conduct, or require the conduct of, vulnerability
assessments and other activities (including third-party audits) to evaluate and ensure
compliance with promulgated regulations and procedures endorsed by rule.
(Endorsements are discussed below.) Vulnerability assessments and plans would be
protected from public disclosure under FOIA and state and local disclosure laws.
Penalties are provided for unauthorized disclosure.
The bill would authorize the Secretary to identify and endorse security measures
that are substantially similar to any requirements promulgated by DHS. Endorsement
would indicate compliance with assessment or planning requirements, if the endorsed
assessment or security procedures were implemented. Any person could petition the
Secretary for endorsement of existing procedures. If the Secretary chose not to
endorse such procedures, the Secretary would have to provide written notice
explaining why the petition was denied. Vulnerability assessments and response
plans that were in accord with endorsed procedures would be exempt from other
regulatory requirements.
DHS would be authorized to disapprove any assessment or plan, and to order
revision if it does not comply with regulations, or if the plan or implementation is
insufficient to address the results of a vulnerability assessment or a threat of a
terrorist release. The Secretary would be required to provide notice of disapproval
explaining deficiencies, and to identify appropriate steps to achieve compliance. S.
994 would require the Secretary to issue a compliance order if a plan were
disapproved, and compliance had not been achieved by a date determined by the
Secretary to be appropriate. The bill also would authorize the Secretary to provide
training relevant to the Chemical Facilities Security Act to state and local officials
and facility owners or operators.
Issues
Although the two bills are similar in many ways, some differences raise
significant policy issues. Selected issues are discussed in this section.
Chemicals and facilities covered. Both S. 157 and S. 994 would provide
considerable discretionary authority to the administering agency to define the
universe of regulated chemicals and facilities. Both would have the lead agency
begin by looking at the chemicals listed by EPA under the Clean Air Act (CAA),
Section 112(r)(3). This list includes chlorine, anhydrous ammonia, methyl chloride,
ethylene oxide, vinyl chloride, methyl isocyanate, hydrogen cyanide, ammonia,
hydrogen sulfide, toluene diisocyanate, phosgene, bromine, anhydrous sulfur dioxide,
and sulfur trioxide (all designated in the CAA), and other chemicals that have been
determined by EPA to pose the greatest risks to human health or to the environment,
based on three criteria: severity of potential acute adverse health effects, the
likelihood of accidental releases, and the potential magnitude of human exposure.
EPA has promulgated a list containing 77 acutely toxic substances, 63 flammable
gases and volatile flammable liquids, and “high explosive substances” (59 Federal
Register
4478, Jan. 31, 1994). Both bills would allow the list to be revised as
necessary.

CRS-4
S. 994 would exclude “flammable substances” that are used as fuel or held by
a retail facility for sale as a fuel. Congress adopted this exclusion in a 1999
amendment to the CAA, primarily in response to complaints from propane retailers
and users. They argued that the original CAA risk management planning
requirements were redundant, given laws in 48 states requiring compliance with
national safety standards established by the National Fire Protection Association
(NFPA). Prior to the 1999 amendment, EPA argued that the CAA required it to list
flammable and combustible liquids, other than gasoline, because they were involved
in more than 128,000 reported accidental releases from 1987 through 1996, according
to federal databases. However, Congress overrode EPA’s objections. S. 994
maintains this exemption which covers facilities that store or use any flammable
substance, including propane, butane, natural gas, acetylene, or proylene. S. 157
would adopt a narrower exclusion for “liquified petroleum gas” (propane or a
mixture of propane and butane), when used as a fuel or held by a retail facility for
sale as fuel. Thus, S. 157 would exempt from security requirements propane dealers
and users, without exempting other facilities that might store or use other fuels.
Another explicit difference between the bills is that S. 157 would include, and
S. 994 would exempt, federal facilities from assessment and planning requirements.
Federal facilities include headquarters, as well as regional facilities, such as military
bases, federal penitentiaries, office buildings, and national laboratories.
Finally, the bills differ with respect to the selection criteria the administrating
officer is to use in listing or designating facilities for regulation. Both bills direct the
government to consider severity of threat and severity of potential harm in
designating facilities, but the bills appear to emphasize threats from different causes,
as well as different consequences of chemical releases. The emphasis in S. 157 is on
eliminating or significantly lessening potential consequences of “unauthorized”
releases. An unauthorized release is defined as a release that is not authorized by the
owner or operator of the facility and that is caused, at least in part, by a criminal act.
On the other hand, S. 994 focuses on ensuring or enhancing the security of facilities
against acts of terrorism.2 Thus, the final catch-all criterion in S. 994 is to consider
“other security-related factors,” while S. 157 requires considering “other safety or
security factors.”
S. 994 includes criteria not mentioned in S. 157: cost and technical feasibility,
and scale of operations. Since the purpose of the criteria, according to S. 994,
Section 4(f)((3)(B), is to help the Secretary determine which facilities present “a risk
sufficient to justify ... classification as a chemical source,” inclusion of these criteria
seems to imply that a “sufficient” risk under S. 994 would depend in part on the
burden of reducing it. Although S. 157 does not incorporate these criteria, neither
does it prohibit such consideration.
Planning requirements. The different emphases of the bills (i.e., on
reducing potential consequences of criminal acts, as in S. 157, vs. securing facilities
from terrorists, as in S. 994) are reflected in their requirements for vulnerability
assessments and planning. S. 157 requires an assessment of the vulnerability of the
2For a definition of “security measures,” see note 1.

CRS-5
source to an unauthorized release, and preparation of a prevention, preparedness, and
response plan. Required plan components are “actions and procedures, including
safer design and maintenance,”aimed at reducing consequences to public health and
the environment. The bill defines “safer design and maintenance” as
“implementation, to the extent practicable” of (1) practices that reduce the possibility
of a release and the associated threat to public health and the environment (i.e., so-
called “inherently safer technologies”); (2) measures that contain, control, or mitigate
a release; (3) buffer zones; and (4) security measures. S. 994 requires an assessment
of the vulnerability of the source to a terrorist release, and a site security plan that
includes security measures and equipment, plans and procedures to respond in the
event of a terrorist release, but it does not require implementation of buffer zones or
inherently safer technologies.
Accountability. As mentioned previously, both S. 157 and S. 994 provide
considerable discretionary authority to the EPA Administrator and the DHS
Secretary, respectively. Within broad guidelines, they may choose which facilities
to regulate, which substances are of concern, threshold levels of chemicals that pose
a significant threat, and appropriate levels of vulnerability analysis and security
planning. The general advantage of executive discretion is the flexibility it allows
the decision maker to efficiently adjust a program to accommodate new information
or unusual circumstances. Another possible benefit is that sensitive information
about facility security, as well as confidential business information, might be
protected more effectively, if agencies are not obligated to publicly defend their
decisions. A possible disadvantage is that Congress, and the general public, may find
it more difficult to oversee and evaluate agency performance, due to a lack of specific
statutory requirements to which the agency can be held accountable, as well as lack
of access to decision-making processes. Several bill provisions that might open
decision-making processes to public scrutiny, or otherwise provide some independent
assurance that the purposes of the bills would be achieved, are described below.
Agency consultation and certification. S. 157 has numerous
requirements for consultation. The EPA Administrator is directed at key decision
points to consult with the DHS Secretary. When designating high-priority facilities,
the Administrator also must consult with state and local agencies responsible for
planning for, and responding to, releases, and providing emergency health care. The
Administrator must consult with all of those groups, as well as the Chemical Safety
and Hazard Investigation Board [established under the CAA Section 112(r)], when
promulgating regulations requiring vulnerability assessments and security planning.
After facility assessments and plans have been submitted to EPA and reviewed, the
Administrator must certify in writing the Administrator’s determination as to whether
each assessment and plan complies with regulations. S. 157 also requires facility
owners and operators to work with local law enforcement, first responders, and
employees of facilities when assessing vulnerability and preparing the security plan.
S. 994 does not require the Secretary to consult or certify determinations about
individual facilities, but the bill does authorize the Secretary to request technical and
analytical support (other than field work) from other agencies and to reimburse such
agencies as appropriate.

CRS-6
Facility submissions. S. 157 would require all owners and operators of
chemical facilities identified by EPA regulations to submit completed vulnerability
assessments and security plans to EPA before deadlines established by statute.
Furthermore, owners and operators must certify in writing that assessments and plans
comply with EPA regulations, and must submit such certifications to EPA. S. 994
does not require submission to DHS of plans or assessments, except at the request of
the Secretary. It does, however, require owners and operators of listed facilities to
certify to the Secretary in writing their compliance with DHS regulations. The
Secretary is required to promulgate deadlines for certification. Neither bill would
protect these self-certification documents from public disclosure.
Third-party audit. S. 994 would require the Secretary, “as appropriate,” to
conduct, or require to be conducted, vulnerability assessments and other activities
(including third-party audits) to evaluate compliance with the Chemical Facilities
Security Act. Third-party audits are inspections of facilities, assessments, and/or
plans conducted by an uninterested, but expert party. S. 157 has no similar provision.
Early compliance/Endorsement. Both bills provide procedures that would
allow facility owners and operators to prepare vulnerability assessments or security
plans without reference to federal regulations, if such assessments or plans met
certain criteria. Three key differences exist between the provisions of S. 157 and S.
994.
! S. 157 would authorize approval of plans and assessments submitted prior to
promulgation of final regulations, while S. 994 would allow approval of plans
and assessments no matter when they were produced, as long as they were in
accord with endorsed model practices.
! S. 157 would require the Administrator to review and approve or reject facility
plans and assessments on a case-by-case basis, while S. 994 would authorize
approval or rejection of model security practices (e.g., perhaps the
vulnerability assessment methodology established by the American Chemistry
Council, a trade group for chemical manufacturers, for its members), and de
facto
approval of all facility plans and assessments that are in accord with
those models.
! S. 157 specifies procedural and substantive standards that facility owners or
operators would have to meet, while S. 994 directs the Secretary to accept
security measures that the Secretary finds substantially equivalent to whatever
requirements the Secretary might choose to promulgate.
S. 157 would direct the Administrator to review assessments and plans that
facility owners or operators submit prior to publication of final EPA regulations. If
the Administrator, in consultation with the Secretary, determined that an assessment
or plan met the consultation, planning, and assessment requirements for high-priority
facilities that are specified in Section 4(a)(3) of the Act, the Administrator would be
required to certify compliance without requiring any revision of the assessment or
plan. Section 4(a)(3) would require owners or operators of facilities to: (1) consult
with local first responders and employees in assessing vulnerability of the source to
a terrorist attack or other unauthorized release; identifying hazards that may result
from release; and preparing a prevention, preparedness, and response plan; and (2)
include in the plan actions and procedures, to eliminate or significantly lessen the

CRS-7
potential consequences of an unauthorized release, including “implementation, to the
extent practicable,” of any technology, product, raw material, or practice that reduces
the possibility of a release prior to secondary containment, control, or mitigation;
well-maintained secondary containment, control, or mitigation equipment; security
measures; and buffer zones.
S. 994 would not require facility owners or operators to submit assessments or
plans to the Secretary. Rather, the bill would authorize the Secretary to promulgate
regulations endorsing certain security practices as being in compliance with the law.
S. 994 would authorize any person to petition the Secretary for endorsement of
procedures, protocols, and standards established by law, industry, or federal, state,
or local government authorities. The Secretary would be authorized to endorse such
measures, if they are implemented, and if the Secretary finds them “substantially
equivalent” to any requirements the Secretary may establish. S. 994 directs the
Secretary to provide to each petitioner a written notice and explanation, if the
Secretary chooses not to endorse the petitioner’s security measures. The bill would
exempt from other regulatory requirements any vulnerability assessments and plans
that are in accord with endorsed security measures.
The intent of S. 157, it appears, is to ensure, through EPA oversight, the quality
of vulnerability assessments and security planning at individual facilities. Quality is
likely to come at the price of considerable EPA resources, however, because there
may be thousands of facility assessments and plans submitted before EPA issues
regulations. On the other hand, facility owners and operators may fear that under the
provisions of S. 157, their early planning efforts might be in vain, if EPA later
decides to reject their facility plans; that fear might cause owners and operators to
delay assessments and planning until EPA’s final regulations take effect, thus
defeating the purpose of the “early compliance” provision.
In contrast, S. 994 would minimize the paperwork burden, and might provide
assurance to facility owners and operators that their facility assessments and plans,
if prepared in accord with established governmental or industrial guidance, will be
acceptable to DHS. However, S. 994 provides limited means for reassuring the
public that individual facility plans and assessments are adequate for security needs.
This potential problem might be resolved by the Secretary, however, for example, if
the Secretary promulgated rules requiring submission of copies of facility plans or
required third-party audits.

Disclosure. Both bills would prevent public disclosure under FOIA of any
information provided to EPA or DHS, except the self-certification of compliance
submitted by facility owners and operators. S. 994 has several additional provisions
to prevent disclosure of information. First, it would preempt state and local laws that
require disclosure. Secondly, S. 994 would require (with some exceptions)
punishment of anyone who “knowingly or recklessly” disclosed protected
information – removal from federal employment or office, and either imprisonment
for up to one year, a fine, or both. A third provision would prevent public disclosure
of the Secretary’s disapproval of an assessment or plan. Finally, S. 994 would
require all information obtained or submitted by the Secretary to be treated in any
judicial or administrative action as if it were classified.

CRS-8
These provisions of S. 994 might make it difficult for terrorists to obtain useful
information about the vulnerability or security arrangements of chemical facilities.
On the other hand, the same provisions may make it difficult for U.S. citizens to learn
about risks to which they might be exposed, and prevent informed public
involvement in federal, state, and local policy development and contingency planning
with respect to such risks.
Conclusion
S. 157 and S. 994 are similar in that both bills would require chemical facilities
to conduct vulnerability assessments and develop and implement site security plans.
In addition, both bills provide the federal lead agency with considerable discretionary
authority in selecting facilities and chemicals for regulation. The bills differ in the
extent to which federal (congressional and agency) and public oversight would be
facilitated. S. 157 generally provides more opportunities for oversight and informed
public policy development and contingency planning, while S. 994 is more protective
of sensitive information so as to avoid facilitating terrorist acts.
The bills also address somewhat different threats (i.e., criminal acts vs. terrorist
acts) and prescribe different approaches to reduce risks: S. 994 would mandate
planning and implementation to ensure plant security and adequate resources to
respond to any emergency, while S. 157 would require (to the extent practicable)
actions and procedures to reduce the potential for harm, in the event of a chemical
release, in addition to security and emergency preparedness measures.

CRS-9
Table 1. Comparison of Selected Provisions of S. 157 and
S. 994 in the 108th Congress
Chemical Facilities Security
Provision
Chemical Security Act (S. 157)
Act (S. 994)
Lead agency
Environmental Protection Agency
Department of Homeland
(EPA)
Security (DHS)
Regulated facilities
Stationary sources when coupled
Non-federal, stationary sources
with certain substances that the
that: are regulated by EPA under
Administrator designates as high
the Clean Air Act (CAA)
priority categories. Requires the
§112(r)(7)(B)(ii);3 contain
Administrator to designate such
regulated substances; and are
combinations of chemical sources
listed4 by the Secretary. Requires
and substances of concern within
the Secretary to list chemical
one year of the date of enactment
sources within 180 days after the
of the Chemical Security Act. The
date of enactment of the
Administrator must review and
Chemical Facilities Security Act.
revise the designations as needed
Within 3 years after the date of
within 5 years after the date of
promulgation of regulations, and
promulgation.
every 3 years thereafter, the
[§4(a)(1)]
Secretary must review and update
the list of regulated facilities as
appropriate.
[§3(1); §4(f)]
Regulated substances
Substances listed by the EPA
Substances listed by the EPA
under the CAA§112(r)(3) (other
under the CAA §112(r)(3) (other
than liquified petroleum gas used
than flammable substances used
as fuel), as well as other
as fuel) that are present at
substances that the Administrator
regulated facilities in quantities
designates, together with certain
greater than or equal to threshold
stationary sources, as high
quantities established by EPA
priority. Requires the
under the CAA§112(r)(5). The
Administrator to designate such
Secretary may exempt a
combinations of chemical sources
substance or adjust the threshold
and substances of concern within
quantity. The Secretary also may
one year of the date of enactment
designate additional substances
of this Act. [§3(3); §3(9);
for regulation. [§3(8); §4(g)]
§4(a)(1); §4(a)(5)]
3The CAA§112(r) directs EPA to require risk management planning by facilities handling more than
threshold amounts of listed chemicals. EPA lists chemicals under subsection 112(r)(3), sets thresholds
under subsection 112(r)(5), and requires hazard assessments and planning to prevent and respond to
accidental releases of chemicals under subsection 112(r)(7)(B)(ii).
4Due to the bill’s syntax (“... the Secretary develop a list ...”), it is not clear from S. 994, Section
4(f)(1) whether the Secretary is required or only authorized to develop this list, although the inclusion
of a deadline – “Not later than 180 days after the enactment of Chemical Facilities Security Act” –
implies a mandate.

CRS-10
Chemical Facilities Security
Provision
Chemical Security Act (S. 157)
Act (S. 994)
Basis for selecting
Requires the Administrator to
Requires the Secretary to
substances and
designate combinations of
designate substances of concern
facilities for
chemical sources and substances
based on “the potential extent of
regulation
of concern based on “severity of
death, injury, or serious adverse
the threat posed by an
effects to human health or the
unauthorized release from the
environment that would result
chemical sources.” Requires
from a terrorist release.”
consideration of: severity of
Chemical sources are selected
potential harm; proximity to
based on: consideration of
population centers; threats to
likelihood that a chemical source
national security; threats to
will be the target of terrorism;
critical infrastructure; threshold
nature and quantity of substances
quantities of substances that pose
of concern present; potential
a serious threat; and other safety
extent of death, injury, or serious
or security factors the
adverse effects to human health
Administrator, in consultation
or the environment; potential
with the Secretary, determines to
harm to critical infrastructure and
be appropriate. [§4(a)(1) - (2)]
national security; cost and
technical feasibility; scale of
operations; and other security-
related factors the Secretary
determines to be appropriate and
necessary. [§4(e) and (f)]
Consultation
Requires consultation with the
No similar provision
Secretary, and in some cases with
State and local agencies
responsible for planning for and
responding to unauthorized
releases and providing emergency
health care; the Chemical Safety
and Hazard Investigation Board;
local law enforcement, first
responders, and employees.
[§4(a)(1)-(5)]
Technical support
No similar provision
Authorizes the Secretary to
request technical and analytical
support (other than field work)
from other agencies, and to
reimburse for such support as the
Secretary determines to be
appropriate. [§6]
Emphasis
Actions and procedures to
Appropriate actions to ensure or
eliminate or significantly lessen
enhance the security of sources of
the potential consequences of a
potentially dangerous chemicals
release of a covered substance of
against acts of terrorism.
concern that is caused in part by a
[§2(3)-(4) and §3(7)]
criminal act. [§2(4); §3(10);
§4(a)(3)(B)]

CRS-11
Chemical Facilities Security
Provision
Chemical Security Act (S. 157)
Act (S. 994)
Vulnerability and risk
Requires the Administrator to
Requires the Secretary to
assessments
promulgate regulations within one
promulgate regulations within
year of the date of enactment of
one year of the date of enactment
this Act, requiring
of this Act requiring
owners/operators of high-priority
owners/operators of sources
chemical sources, in consultation
listed by the Secretary to assess
with local first responders and
vulnerability to a terrorist release
employees, to assess the
and identify hazards that may
vulnerability of the source to a
result from a release. [§4(a)(1)]
terrorist attack or other
Authorizes the Secretary to
unauthorized release, and identify
promulgate procedures,
hazards that may result from
protocols, and standards for
release. [§4(a)(3)A)]
assessments. [§4(c)]
The Administrator must review
Requires that the Secretary
and revise as necessary such
promulgate deadlines for
regulations within 5 years of their
completion of vulnerability
date of promulgation. [ §4(a)(4)]
assessments. [§4(a)(2)]
Planning and
Requires the Administrator to
Requires the Secretary to
implementation
promulgate regulations within one
promulgate regulations within
year of the date of enactment of
one year of the date of enactment
this Act, requiring owners and
of this Act requiring covered
operators of high-priority
facilities to prepare and
chemical sources, in consultation
implement a site security plan.
with local first responders and
[§4(a)(1)]
employees, to prepare a
Requires that the Secretary
prevention, preparedness, and
promulgate deadlines for
response plan. [§4(a)(3)]
completion of plans. [§4(a)(2)]
The Administrator must review
Authorizes the Secretary to
and revise as necessary such
promulgate procedures,
regulations within 5 years of their
protocols, and standards for
date of promulgation. [§4(a)(4)]
plans. [§4(c)]
Required plan
The plan must include actions and
The plan must include security
components
procedures to eliminate or
measures to reduce vulnerability
significantly lessen the potential
to a terrorist release, and
consequences of an unauthorized
equipment, plans, and procedures
release, including
that might be used in the event of
“implementation, to the extent
a release. [§4(a)(1)]
practicable,” of any technology,
product, raw material, or practice
that reduces the possibility of a
release prior to secondary
containment, control, or
mitigation; well-maintained
secondary containment, control,
or mitigation equipment; security
measures; and buffer zones.
[§3(7); §3(11); §4(a)(3)]

CRS-12
Chemical Facilities Security
Provision
Chemical Security Act (S. 157)
Act (S. 994)
Self-certification
Requires owners/operators of
Requires owners/operators to
high priority chemical sources to
certify completion of a
certify compliance with
vulnerability assessment and
assessment and planning
development and implementation
requirements. Vulnerability
of a plan, in accord with any
assessments must be certified
regulations promulgated by the
within one year, and plans within
Secretary or with protocols and
18 months after the date of
standards endorsed by the
promulgation of regulations
Secretary. [§4(b)(1)] Requires
regarding requirements for
that the Secretary promulgate
planning. [§4(b)]
deadlines for certification of
vulnerability assessments and
plans. [§4(a)(2)]
Reviews
Requires owners/operators to
Requires owners/operators to
review and recertify vulnerability
review and recertify vulnerability
assessments and plans within 5
assessments and plans within 5
years of the date of first
years of the date of first
certification, and every 3 years
certification, and every 5 years
thereafter. [§4(b)]
thereafter (or on a schedule
established by the Secretary).
[§4(h)]
Third-party audit or
No similar provision
Requires the Secretary to
certification
conduct, or require to be
conducted, vulnerability
assessments and other activities
(including third-party audits) to
evaluate and ensure compliance.
[§4(b)(3)]
Submission of
Requires submission of copies of
Requires submission of copies of
documents
assessments and plans to EPA.
assessments and plans to DHS,
[§4(b)]
on request. [§4(a)(1); §4(b)(2)]
Threat information
Directs the Secretary, in
Directs the Secretary, “to the
consultation with the
maximum extent practicable
Administrator, “to the maximum
under applicable authority,” to
extent permitted by applicable
provide an owner/operator threat
authorities,” to provide to
information relevant to the
owners/operators threat
chemical source. [§4(a)(4)]
information relevant to
assessments and plans.
[§4(a)(3)(C)]

CRS-13
Chemical Facilities Security
Provision
Chemical Security Act (S. 157)
Act (S. 994)
Information
All information provided to EPA,
Same as S. 157, but also exempts
protection
or derived from that information,
such information from disclosure
except self-certification, is
under state or local disclosure
exempt from disclosure under
laws. Provides that anyone who
section 552 of title 5, United
“knowingly or recklessly
States Code (FOIA). [§4(b)(4)]
discloses the information” shall
be removed from federal office
or employment, and be
imprisoned up to one year, fined,
or both. Some exceptions are
allowed. [§4(i)]
Also protects from disclosure any
determination or order by the
Secretary with respect to
disapproval of an assessment or
plan. [§5(d)] (See below
“Compliance assistance” and
“Compliance orders.”)
Requires that information
submitted or obtained by the
Secretary, and information
derived from that information,
and information submitted by the
Secretary be treated in any
judicial or administrative action
as if it were classified. [§8]
Agency review
The Administrator must review
Requires the Secretary to ensure
each assessment and plan to
and evaluate compliance with
determine compliance and must
regulations and endorsed
certify each determination.
procedures, protocols, or
[§5(a)]
standards. [§4(b)(3)]

CRS-14
Chemical Facilities Security
Provision
Chemical Security Act (S. 157)
Act (S. 994)
Early compliance
Before EPA rules are
Authorizes the Secretary to
promulgated, the Administrator,
identify and endorse security
in consultation with the Secretary,
measures that, if implemented,
must review each assessment or
would indicate compliance with
plan submitted and determine
assessment or planning
whether it meets consultation,
requirements. Authorizes any
planning, and assessment
person to petition the Secretary
requirements for high-priority
for endorsement of procedures,
categories under §4(a)(3). See
protocols, and standards
above “Vulnerability and risk
established by law, industry, or
assessment” and “Planning and
federal, state, or local
implementation.” If such
government authorities.
requirements are met, the
Authorizes the Secretary to
Administrator must certify
endorse in regulations such
compliance without requiring any
procedures, protocols, and
revision of the assessment or plan.
standards, if the Secretary finds
[§5(a)(2)(C)]
them in effect and substantially
equivalent to any requirements
the Secretary may establish. If
the Secretary chooses not to
endorse such procedures,
protocols, and standards, the
Secretary must provide to each
petitioner written notice
explaining why. Also authorizes
petitions requesting that plans or
assessments be required to
address particular threats or types
of threats, and authorizes the
Secretary to promulgate such
requirements. [§4(c)]
Vulnerability assessments and
response plans that are in accord
with provisions endorsed by the
Secretary are exempt from other
regulatory requirements for plans
or assessments. [§4(d)]
Compliance
Requires the Administrator to
Authorizes the Secretary to
assistance
notify a source if an assessment or
disapprove a vulnerability
plan does not comply with EPA
assessment or plan, or to order
regulations, or if a threat exists
revision, recertification, and
beyond the scope of the plan, or
resubmission of such, to correct
current implementation of the
deficiencies, if they do not
plan is insufficient. Directs EPA
comply with regulations, or if the
to provide advice and technical
plan, or its implementation, is
assistance to bring the assessment
insufficient. The Secretary must
or plan into compliance, or to
provide notice of disapproval,
address any threat. [§5(b)]
explaining deficiencies and
consult to identify appropriate
steps to achieve compliance.
[§5(a)-(c)]

CRS-15
Chemical Facilities Security
Provision
Chemical Security Act (S. 157)
Act (S. 994)
Compliance orders
Thirty days after assistance is
If an owner/operator fails to
provided, or a source receives
certify or submit a satisfactory
notice, if the plan or assessment is
assessment or plan, the Secretary
not brought into compliance, or
is authorized to order
the source has not complied with
certification and submission.
an entry or information request,
Requires the Secretary to issue a
the Administrator may issue an
compliance order if an
order directing compliance, after
assessment or plan has been
providing the source notice of the
disapproved, and compliance is
order and opportunity for a
not achieved by an appropriate
hearing. [§5(c)]
date. [§5(c)]
Threat notification
The Secretary must notify a
No similar provision
and abatement action
source or sources of an elevated
threat, if the Secretary determines
that a terrorist threat exists that is
beyond the scope of a submitted
plan or plans, or current
implementation is insufficient to
address the results of vulnerability
assessment or existing threat. If a
source’s response to notification
is insufficient, the Secretary must
notify the source, the
Administrator, and the Attorney
General. In response to such
notice, the Administrator or
Attorney General may secure
necessary relief to abate a threat,
including orders necessary to
protect public health or welfare.
[§5(d)]
Record-keeping and
High-priority sources are required
Sources required to prepare
entry
to keep a current copy of each
assessments and plans must keep
assessment and plan. The
a current copy. The Secretary
Administrator may enter the
has authority to enter premises
premises of an owner or operator
and to copy records and other
of a source, or any premises
documentation that is necessary
where records are stored, on
for analysis of a vulnerability
presenting credentials. The
assessment or site security plan
Administrator also may at
or for implementation of the plan.
reasonable times have access to
Authorizes the Secretary to issue
and may copy records, reports,
an order requiring compliance
plans, or assessments. The
with this section. [§7]
Administrator may require a
source to provide any information
necessary to enforce this Act and
to promulgate or enforce
regulations. [§6]

CRS-16
Chemical Facilities Security
Provision
Chemical Security Act (S. 157)
Act (S. 994)
Penalties
A district court may assess a civil
A district court may assess a civil
penalty for violation or non-
penalty for violation or non-
compliance with an order equal to
compliance with an order or a
or less than $25,000 per day.
site security plan (or endorsed
EPA may assess civil penalties
security measure) submitted to
less than or equal to $125,000 in
the Secretary of not more than
an order, after providing notice
$50,000 per day, and may issue
and the opportunity to request
an order for injunctive relief. The
within 30 days a hearing.
Secretary may assess civil
Knowing violation or failure to
penalties less than or equal to
comply with an order may be
$250,000 in an order, after
punished with a fine of at least
providing notice and the
$2,500, but less than $25,000, per
opportunity to request within 30
day, and imprisonment for up to
days a hearing. Authorizes the
one year, or both. Subsequent
Secretary to establish procedures
violation or failure to comply may
for administrative hearings and
result in a fine of not more than
review. [§8]
$50,000 per day, imprisonment
for up to 2 years, or both. [§7]
Authorization of
Authorizes such sums as are
No similar provision
appropriations
necessary. [§9]
Training
No similar provision
Authorizes the Secretary to
provide training relevant to this
Act to state and local officials
and owners/operators. [§9]