Order Code RL31530
CRS Report for Congress
Received through the CRS Web
Chemical Plant Security
Updated January 20, 2004
Linda-Jo Schierow
Specialist in Environmental Policy
Resources, Science, and Industry Division
Congressional Research Service ˜ The Library of Congress
Chemical Plant Security
Summary
Chemical facilities might be vulnerable to direct attacks by terrorists or efforts
to gain access to potentially dangerous chemicals. Because few terrorist attacks have
been attempted against chemical facilities in the United States, the risk of death and
injury in the near future is estimated to be low, relative to the likelihood of accidents
at such facilities or attacks on other targets using conventional weapons. For any
individual facility, the risk is very small, but risks may be increasing with potentially
severe consequences for human health and the environment. Available evidence
indicates that many chemical facilities may lack adequate safeguards.
Two environmental laws require chemical facility planning to protect the
general public from accidental releases of hazardous chemicals. The laws mandate
public disclosure of hazards in order to stimulate public interest in planning.
However, neither law addresses terrorism.
Congress might rely on existing efforts in the public and private sectors to
improve chemical site security, while waiting for better information about the
potential harm from terrorist attacks. Alternatively, Congress could encourage the
Environmental Protection Agency (EPA) to expand existing planning requirements
to consider terrorism, or authorize the Department of Homeland Security (DHS) to
oversee security at potentially dangerous facilities. Congress also might enact
legislation to reduce risks. One approach might be to “harden” defenses, for example
by increasing security patrols. Hardening tactics may be adapted to security needs
and layered to deepen protection. Often they can be implemented at relatively low
cost. However, even the most effective security measures might be defeated by a
determined, skilled terrorist organization. Risk also might be reduced by use of safer
chemicals, procedures, and processes, which might reduce harm from accidents as
well as attacks, but may involve higher costs. Restricting terrorists’ access to
information might be least costly, but would limit public access and reduce
accountability of facility owners. Thus, policy makers face three key issues: how to
balance the risks and benefits of public disclosure; how to weigh the relative
importance of diverse risks; and whom to hold responsible for achieving results.
The law that established DHS (P.L. 107-296) requires that it analyze
vulnerabilities and suggest ways to enhance security for “critical infrastructure.” In
the 108th Congress, S. 994, as ordered to be reported, S. 157/H.R. 1861, and H.R.
2901 would require vulnerability assessments, and security and emergency response
plans for certain chemical facilities. S. 157/H.R. 1861 also would require risk
reduction, in part by use of “inherently safer” technologies, if practicable. H.R. 2901,
which was introduced July 25, 2003, generally is similar to S. 994. See CRS Report
RL31958, Chemical Facility Security: A Comparison of S. 157 and S. 994, for a
comparison of key provisions of the Senate bills, as introduced. Other legislative
proposals would narrow public disclosure exemptions for “critical infrastructure
information” that is provided voluntarily to DHS (S. 609/H.R. 2526), or provide
funding for improvements to security at chemical facilities (S. 565/H.R. 1593 and S.
87/H.R. 1007). This report will be updated as warranted by congressional activity.
Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Risks of Terrorism at Chemical Facilities . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Nature of Hazards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Recent Trends in Overall Terrorist Activities . . . . . . . . . . . . . . . . . . . . 2
Trends in Chemical Terrorism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Predicted Risks of Chemical Terrorism . . . . . . . . . . . . . . . . . . . . . . . . . 5
Severity of Harm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Chemical Site Vulnerability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Existing Federal Requirements to Reduce Risks at Chemical Facilities . . . 13
EPCRA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
CAA Section 112(r) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
After September 11, 2001 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Administrative Initiatives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Private Sector Initiatives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Policy Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Status Quo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Collect Additional Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Improve EPA Guidance and Enforcement . . . . . . . . . . . . . . . . . . . . . . 25
Reduce Risk Through Legislation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Key Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Public Disclosure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Relative Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Responsibility and Accountability . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Legislation in the 108th Congress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Background: Action in the 107th Congress . . . . . . . . . . . . . . . . . . . . . 35
108th Congress Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Additional Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
List of Tables
Table 1. Numbers of Facilities Reporting Risk Management Plans to EPA
in Selected Industrial Categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Chemical Plant Security
Introduction
The potential harm to public health and the environment from a sudden release
of hazardous chemicals has long concerned the U.S. Congress. The sudden,
accidental release in December 1984 of methyl isocyanate in an industrial incident
at the Union Carbide plant in Bhopal, India, and the attendant loss of thousands of
lives and widespread injuries spurred legislative proposals to reduce the risk of
chemical accidents in the United States. For example, federal environmental laws
were enacted in 1986 and 1990 to mitigate and reduce the risk of accidental releases
of hazardous chemicals from manufacturing facilities, processing plants, and storage
tanks. (These laws are discussed below.) The Hazardous Materials Transportation
Act of 1975 was passed to protect the public and environment in the event of an
accident during transportation of chemicals. Other federal laws coordinate
preparedness planning and response to significant chemical spills (e.g., the
Comprehensive Environmental Response, Compensation, and Liability Act). In the
aftermath of September 11, 2001, however, Congress is re-examining existing federal
laws, including laws related to hazardous chemicals in U.S. commerce, to determine
whether they are adequate to prevent, deter, or mitigate the effects of terrorist acts.1
This report reviews requirements that aim to reduce risks to the general public
of exposure to hazardous chemicals as a result of terrorist acts at U.S. chemical
production, processing, or storage facilities.2 It considers the likelihood and severity
of harm that might result from terrorist attacks on chemical facilities, as well as from
illicit use of such facilities to gain access to hazardous chemicals (or to precursor
chemicals that can be used to produce hazardous chemicals). Federal requirements
for contingency planning and responding to chemical emergencies after they occur
are not the focus of this report.3 In addition, it does not consider hazardous materials
transport (or storage incidental to transport).4
1 There is no universally accepted definition of “terrorism.” Various definitions are
discussed in the CRS Issue Brief IB95112, Terrorism, the Future, and U.S. Foreign Policy.”
2 For information on the security of other types of facilities, see the CRS Terrorism Briefing
Book, especially the section entitled Prevention: Security Enhancements.
[http://www.congress.gov/brbk/html/ebter1.shtml], Aug. 7, 2003.
3 Instead, see the CRS Terrorism Briefing Book, the Domestic Emergency Management
section, especially the pages “Emergency Preparedness,” “FEMA Role and Responsibility,”
“Government Response Coordination,” and “Environmental Authorities.”
4 Instead, see CRS report RS21050, Hazardous Materials Transportation: Vulnerability to
Terrorists, Federal Activities, and Options to Reduce Risks.
CRS-2
The report first describes the range of terrorist acts that might threaten chemical
facilities and summarizes publicly available information relevant to risks: recent
trends in terrorist activity, including chemical use by terrorists; expert estimates of
the harm that might be inflicted through chemical terrorism; and assessments of the
vulnerability of chemical facilities. The next section of the report discusses existing
federal mandates and incentives for reducing risks of accidental releases from
chemical facilities. The remainder of the report summarizes recent Administration
and private sector initiatives to improve chemical site security; analyzes policy
options and key issues; and describes legislation in the 108th Congress.
Risks of Terrorism at Chemical Facilities
Nature of Hazards. Potential terrorist acts against chemical facilities might
be classified roughly into two categories: direct attacks on facilities or chemicals on
site, or efforts to use business contacts, facilities, and materials (e.g., letterhead,
telephones, computers, etc.) to gain access to potentially harmful materials. In either
case, terrorists may be employees (saboteurs) or outsiders, acting alone or in
collaboration with others. In the case of a direct attack, traditional or nontraditional
weapons may be employed, including explosives, incendiary devices, firearms,
airplanes, computer programs, or weapons of mass destruction (nuclear, radiological,
chemical, or biological).
In obtaining chemicals, a terrorist’s intent may be their use as weapons or to
make weapons, including but not limited to explosives, incendiaries, poisons, and
caustics. Access to chemicals might be gained by physically entering a facility and
stealing supplies, or by using legitimate or fraudulent credentials (e.g., company
stationary, order forms, computers, telephones or other resources) to order, receive,
or distribute chemicals.
Recent Trends in Overall Terrorist Activities. According to May 2001
testimony by the Director of the Federal Bureau of Investigation (FBI) to the U.S.
Senate, the total number of known or suspected acts of terrorism perpetrated in the
United States increased from 2 in 1995 to 12 in 1999.5 (Later incidents were still
being investigated.) In addition, Director Freeh reported that there were 7 planned
acts of terrorism in the United States that were prevented in 1999. Only a few of
these incidents involved chemical facilities. Overall, throughout the 1990s there
were 60 attacks characterized as terrorism claiming 182 lives and injuring over 1,932
individuals.6 In comparison, during the 1980s, there were 267 terrorist or suspected
terrorist incidents, which killed 23 people and injured 105.7 Thus, although the total
5 Freeh, Louis J., Director, Federal Bureau of Investigation. Statement for the Record on
the Threat of Terrorism to the United States before the United States Senate Committees on
Appropriations, Armed Services, and Select Committee on Intelligence. May 10, 2001.
[http://www.fbi.gov/congress/congress01/freeh051001.htm], visited Aug. 7, 2003.
6 The Oklahoma City bombing of the federal building in 1995 accounts for 168 of the 182
deaths during the decade.
7 Counterterrorism Division, Counterterrorism Threat Assessment and Warning Unit,
Federal Bureau of Investigation, Department of Justice. Terrorism in the United States
(continued...)
CRS-3
number of terrorist acts in the United States has declined in recent years, the
casualties due to terrorism have increased.
The same trends are evident internationally, although there is considerable
variation from year to year.8 Attacks against Americans abroad most often have
targeted U.S. businesses: for example, in 2000, 178 of the 206 overseas U.S. targets
struck by international terrorists were businesses.9
Data for 2001 are still being gathered as investigations of criminal acts continue.
The Pentagon and World Trade Center attacks and the attack thwarted by airline
passengers on September 11, 2001, however, clearly make 2001 the most costly year
on record in terms of U.S. terrorism casualties.10 As noted by the FBI Executive
Assistant Director for Counterterrorism and Counterintelligence, the attack of
September 11, 2001, “marked a dramatic escalation in a trend toward more
destructive terrorist attacks which began in the 1980s.”11
The September 11 attack also reflected a trend toward more indiscriminate
targeting among international terrorists. The vast majority of the more
than 3,000 victims of the attack were civilians. In addition, the attack
represented the first known case of suicide attacks carried out by
international terrorists in the United States. The September 11 attack also
marked the first successful act of international terrorism in the United
States since the vehicle bombing of the World Trade Center in February
1993.12
Other potentially important trends identified by intelligence agencies include:
! an increase in activity by loosely affiliated extremists, both
domestically and internationally; and
7 (...continued)
1999: 30 Years of Terrorism, A Special Retrospective Edition, p. 16.
8 U.S. Department of State. 2003. Patterns of Global Terrorism 2002. Appendix H.
[http://www.state.gov/s/ct/rls/pgtrpt/], visited Jan. 20, 2004.
9 U.S. Department of State. 2001. Patterns of Global Terrorism 2000. Appendix C.
[http://www.state.gov/s/ct/rls/pgtrpt/2000/2451.htm], visited Jan. 20, 2004.
10 The anthrax killings may or may not be found to meet the FBI definition of terror,
depending on whether the criminal intended to further political or social objectives.
11 Watson, Dale L., Executive Assistant Director, Counterterrorism and Counterintelligence,
Federal Bureau of Investigation. Statement for the Record on the terrorist threat confronting
the United States before the Senate Select Committee on Intelligence. Feb. 6, 2002.
[http://www.fbi.gov/congress/congress02/watson020602.htm], visited Jan. 20, 2004.
12 Ibid, p. 1.
CRS-4
! the propensity of such groups to focus on producing mass
casualties.13, 14
Trends in Chemical Terrorism. With respect to chemical and biological
terrorism, hoaxes and unsuccessful attempts by terrorists to use chemicals increased
throughout the 1990s. Loosely affiliated terrorist groups, in particular, have
demonstrated a growing interest in chemical weapons and other weapons of mass
destruction, but explosives are still the most frequently employed weapons.15
During the 1990s, both international and domestic terrorists attempted to use
explosives to release chemicals from manufacturing and storage facilities. Most of
these attempts were abroad in war zones such as Croatia, including attacks on a plant
producing fertilizer, carbon black, and light fraction petroleum products; other plants
producing pesticides; and a pharmaceutical factory using ammonia, chlorine, and
other hazardous chemicals. All of these facilities were close to population centers.
In the United States, there were at least two instances during the late 1990s when
criminals attempted to cause releases of chemicals from facilities. One involved a
large propane storage facility, and the other a gas refinery.16
Evidence that U.S. chemical facilities may be used by terrorists to gain access
to chemicals also exists. For example, one of the 1993 World Trade Center bombers,
Nidal Ayyad, became a naturalized U.S. citizen, graduated from Rutgers University,
and worked as a chemical engineer at Allied Signal, from which he used company
stationery to order chemical ingredients to make the bomb. According to a U.S.
Prosecutor in the case against the bombers, though “some suppliers balked when the
order came from outside official channels, when the delivery address was a storage
park, or when [a co-conspirator] tried to pay for the chemicals in cash,” others did
not.17 Moreover, testimony at the trial of the bombers indicated that they had
successfully stolen cyanide from a chemical facility and were training to introduce
13 Ibid.
14 Counterterrorism Division, Counterterrorism Threat Assessment and Warning Unit,
Federal Bureau of Investigation, Department of Justice. Terrorism in the United States
1999: 30 Years of Terrorism, A Special Retrospective Edition, p. 25.
15 Ibid., pp. 17, 25.
16 Department of Justice. Assessment of the Increased Risk of Terrorist or Other Criminal
Activity Associated with Posting Off-Site Consequence Analysis Information on the Internet.
April 18, 2000. p. 23-24.
17 Parachini, John V. “The World Trade Center Bombers (1993).” In: Jonathan B. Tucker
(ed.) 2000. Toxic Terror: assessing terrorist use of chemical and biological weapons.
Cambridge, MA: MIT Press. p. 190. Citing the summation statement of Henry J. DePippo,
Prosecutor, United States of America v. Mohammad A. Salameh et al., S593CR.180 (KTD),
Feb, 16, 1994, p. 8435-8439.
CRS-5
it into the ventilation systems of office buildings.18 More recently, chemical trade
publications reportedly were found in al Qaeda hideaways.19
Predicted Risks of Chemical Terrorism. The validity of any risk
assessment depends on how much is known about the hazard, risks (probabilities),
adverse effects, events and conditions that lead to or modify adverse effects or risks,
and populations or environments that influence or experience adverse effects. The
most accurate, and therefore the most useful, risk assessments generally are for
familiar, frequently occurring hazards and events with impacts that are experienced
with some regularity — e.g., for severe storms or floods. In contrast, the risk of
terrorist activity is unfamiliar (at least in the United States), rarely experienced, and
likely to vary significantly over time, depending on rather unpredictable social and
political phenomena.
The risk of terrorism targeting chemical facilities is particularly difficult to
assess for at least three reasons:
! There are few prior examples of terrorists targeting chemical
facilities;
! Numerous factors theoretically may increase or decrease risks; and
! Interactions among factors influencing risks are dynamic and
changing.
In part, these difficulties stem from the nature of terrorism and the terrorists’
deliberate efforts to do what is least expected — i.e., to defy prediction. For these
reasons, most experts have not tried to quantify risks; existing analyses of chemical
terrorism risks in the open literature are speculative and qualitative.20
Until the mid to late 1990s, reports focused on the acquisition and use of
chemical weapons, such as sarin or mustard gas. One of the most comprehensive of
these reports was a 1995 review of the open literature on terrorism that was prepared
for the Canadian Security Intelligence Service.21 According to this review of the
literature, “[t]hose authors who have speculated about the future terrorist use of
chemical agents in particular have generally rated its likelihood as quite high.”22
18 Ibid.
19 Bond, Christopher. Statement on S. 2579. Congressional Record, Daily Edition, June 5,
2002, p. S5043.
20 Computerized databases on terrorist acts offer considerable promise for risk analysts who
have access. Nevertheless, the unpredictable nature of individuals and of the social and
political forces that shape them over time will continue to challenge predictions about future
events.
21 Purver, Ron. Chemical and biological terrorism: The threat according to the open
literature,. June 1995. Canadian Security Intelligence Service.
[http://www.csis-scrs.gc.ca/eng/miscdocs/tabintr_e.html], visited Jan. 20, 2004.
22 Ibid, Chemical Terrorism, p. 28. This prediction about the use of chemical agents
contrasts with conventional wisdom that the probability of chemical weapon use is relatively
(continued...)
CRS-6
According to some, the risk also appears to be increasing. Many experts today
believe that factors that might have inhibited proliferation and use of chemicals as
weapons in the past are eroding. For example, some experts hypothesized several
years ago that the combination of chemical and strategic skills necessary to create and
deploy chemical weapons would prevent the lone terrorist from using them.23
Security experts now believe that lack of personal expertise no longer limits chemical
weapon use, because there is a tendency for terrorists with similar extreme views to
affiliate loosely with others with complementary skills and abilities. Moreover, the
rising level of education worldwide means that more people have the requisite
training in chemical engineering,24 and the Internet has simplified communications,
training, and cooperation within geographically dispersed terrorist groups.
Others have argued that chemical attacks would be unlikely, due to the
difficulties of producing and effectively delivering chemical agents in sufficient
amounts to produce mass casualties.25 However, while this may be true with regard
to military use on a large scale, where weapons are delivered by advanced systems,
it is not necessarily relevant to terrorists who may have more limited ambitions. A
1999 report by GAO summarized the situation —
... many conflicting statements have been made in public testimony before
Congress ... concerning the ease or difficulty with which terrorists could
effectively disseminate a chemical or biological agent on U.S. soil and cause
mass casualties.26
GAO studied the threat and concluded that the ease or difficulty for terrorists to cause
more than 1,000 casualties depends on the chemical or biological agent selected. The
report stated —
Experts from the scientific, intelligence, and law enforcement communities told
us that terrorists do not need sophisticated knowledge or dissemination methods
to use toxic industrial chemicals such as chlorine. In contrast, terrorists would
need a relatively high degree of sophistication to successfully cause mass
casualties with some other chemical and most biological agents.
22 (...continued)
small. The conventional prediction, however, focuses on military use of chemical weapons
in future wars among nations, rather than on chemical use by terrorists.
23 Ibid., p. 29.
24 For example, according to a June 7, 2002, New York Times opinion piece, “All-American
Osamas,” by Nicholas D. Kristof, one militia member who led a chemical attack against an
Internal Revenue Service office had a degree in chemistry from Massachusetts Institute of
Technology. Authorities reportedly believe that he made sarin in his basement. The author
indicated his source for this information was Jessica Stern, a Harvard University lecturer on
terrorism and author of The Ultimate Terrorists, published in 1999 by Harvard University
Press, Cambridge, MA.
25 Purver, p. 5-13.
26 U.S. Congress. General Accounting Office. Combating Terrorism: Need for
Comprehensive Threat and Risk Assessments of Chemical and Biological Attacks.
GAO/NSIAD-99-163. Sept. 1999. p. 1.
CRS-7
On the other hand,
“[t]errorists with less sophistication could make a chemical or biological weapon
and disseminate agents, but these would be less likely to cause mass
casualties.”27
Other factors that might have inhibited chemical use by some terrorists in the
past might not apply to loosely affiliated terrorist groups. For example, some experts
argue that terrorists supported by nation-states have been reluctant to use chemical
weapons for fear of offending other nations and neutral parties, particularly if the
sponsors were signatories of the Chemical Weapons Convention.28 Another possible
deterrent to chemical use, fear of retaliation, probably is of little concern to attackers
with no identifiable homeland or headquarters. Lack of a homeland might also lessen
concern about environmental damage that may be associated with chemical
production. Finally, one must presume that occupational safety would be of limited
concern to terrorists who are not accountable to a government, and who are willing
to sacrifice their own lives for a religious, political, or social cause.
However, many experts believe that the relative risk of terrorism involving
chemical weapons remains small. This point was stressed by John V. Parachini, a
senior associate at the Center for Nonproliferation Studies, Monterey Institute of
International Studies at a 1999 hearing before the U.S. House of Representatives,
Committee on Government Reform, Subcommittee on National Security, Veterans
Affairs, and International Relations. Referring to the risk of any use of chemical or
biological weapons he stated:
. . . attacks with chemical and biological weapons are strikingly infrequent and
the number of fatalities and casualties are far lower than those caused by
conventional explosives. According to an analysis of 105 U.S. incidents featured
in the Monterey Institute database from 1900 to 1998, only one fatality resulted
from a [chemical or biological weapon] attack. This incident involved a 1973
assassination of an Oakland, California school superintendent by the Symbionese
Liberation Army.29
Severity of Harm. It is generally agreed that chemical agents are likely to be
the least lethal of the three “weapons of mass destruction.” In part, this judgment
reflects the difficulty of producing and delivering large quantities of a lethal chemical
to the target area prior to release. On the other hand, industrial chemicals and
pesticides are readily available for purchase, and are stored in large quantities in
thousands of locations throughout the United States, often near population centers.
A key question for chemical facilities then is “How much damage could terrorists do
27 Ibid., p. 3.
28 Purver, p. 28.
29 U.S. Congress. House. Committee on Government Reform. Subcommittee on National
Security, Veterans’ Affairs, and International Relations. Combating Terrorism: Assessing
the Threat. Hearings, 106th Cong., 1st Sess., Oct. 20, 1999. Washington, U.S. Govt. Print.
Off., 2000, p. 55-56.
CRS-8
using existing stationary chemical manufacturing, processing, distribution, and
storage facilities?”
There are two key sources of information for answering this question: accident
reports and hazard assessments conducted by facility personnel or outside experts.
There is no comprehensive database for either kind of information,30 but various
groups have used publicly available data to estimate hazard potential, usually limited
to accidental releases of chemicals from chemical facilities.
A 1998 report by the U.S. Public Interest Research Group (US PIRG) and the
National Environmental Law Center, Too Close to Home: Chemical Accident Risks
in the United States, addressed the distribution of chemical facilities in the United
States relative to population distribution. It stated that “more than 41 million
Americans live within range of a toxic cloud that could result from a chemical
accident at a facility located in their home zip code.”31 Those 41 million Americans
live in zip codes that contain manufacturing companies with “vulnerable zones”
extending more than three miles from the facility, the report states. A “vulnerable
zone” is the geographic area that could be affected by the worst possible accident at
a facility.32 According to the report, the estimate of 41 million Americans at risk may
underestimate the hazard, because it was based on “assumptions about facility and
atmospheric conditions that would lead to small vulnerability zones.”33 To produce
the estimate, the study author stated that he used standard methodology used by the
U.S. Environmental Protection Agency (EPA) and data on chemical storage from
EPA’s 1995 Toxics Release Inventory, a database of routine releases of industrial
chemicals from manufacturing facilities.
Hazard estimates by James C. Belke, an EPA employee in the Chemical
Emergency Preparedness and Prevention Office, are more detailed. Based on a
preliminary analysis of approximately 15,000 facility risk management plans for
chemical facilities that were filed under the Clean Air Act, Section 112(r) before
September 25, 2000,34 Belke concluded that the median distance from a facility to
the outer edge of its vulnerable zone is 1.6 miles in the case of toxic worst case
scenarios, and 0.4 miles for flammable worst case scenarios. However, many
facilities reported vulnerable zones potentially extending 14 miles from the facility
30 The most comprehensive, but still incomplete, listing of chemical spills and releases is
kept by the National Response Center and available on the Internet at
[http://www.nrc.uscg.mil/foia.html], visited Aug. 7, 2003.
31 Laplante, Allison. 1998. Too Close To Home: A Report on Chemical Accident Risks in
the United States. U.S. Public Interest Research Group.
[http://uspirg.org/uspirg.asp?id2=5067&id3=USPIRG&], visited Aug. 7, 2003.
32 “Vulnerable zones” apply to facilities required to prepare risk management plans under
the Clean Air Act, Section 112(r). By definition, people within the zone could (but would
not necessarily) sustain serious injuries from short-term exposures.
33 Laplante, Executive Summary. p. 2.
34 Belke, James C. Chemical accident risks in U.S. industry — A preliminary analysis of
accident risk data from U.S. hazardous chemical facilities. Sept. 25, 2000. p. 24.
[http://www.epa.gov/swercepp/pubs/stockholmpaper.pdf], visited Aug. 7, 2003.
CRS-9
(primarily for releases in urban areas of chlorine stored in 90-ton rail tank cars) and
25 miles (for releases in rural terrain of chlorine stored in 90-ton rail tank cars).
Other chemicals for which reported vulnerable zones equaled or exceeded 25 miles
include anhydrous ammonia, hydrogen fluoride, sulfur dioxide, chlorine dioxide,
oleum (fuming sulfuric acid), sulfur trioxide, hydrogen chloride, hydrocyanic acid,
phosgene, propionitrile, bromine, and acrylonitrile.)
Belke found the median population “affected” in a worst case accident was 15
people, for a flammable substance, while the median for toxic substances was 1,500
people.35 (“Affected” means potentially exposed. It is highly unlikely that all people
within the vulnerable zone would be exposed due to a single release. However,
anyone within the zone could be in the path of the chemical released, given certain
environmental conditions.) Further EPA analysis of risk management plans
submitted by facilities handling chemicals covered by the CAA Section 112 revealed
that at least 123 plants reported a worst-case scenario with a vulnerability zone
containing more than a million people.36 The analysis also found that more than 700
plants could threaten 100,000 people, and at least 3,000 facilities could threaten
10,000 people in the vicinity.37
The Department of Justice (DOJ) analyzed EPA data and concluded that among
facilities submitting risk management plans to EPA, more than 7,000 facilities
projected worst case scenarios for toxic substances that could potentially affect more
than 1,000 people.38 Almost 1,700 facilities reported the possibility that a less
extreme accident might potentially affect more than 1,000 people.39
Histories of actual accidents (as opposed to hypothetical worst-case scenarios)
for facilities submitting risk management plans to EPA prior to October 21, 1999,
were summarized in a working paper prepared by the Center for Risk Management
and Decision Processes at the Wharton School, University of Pennsylvania.40 Of
14,500 reporting facilities, 1,145 reported 1,913 accidents between June 21, 1994 and
June 20, 1999. Of the 1,145 facilities reporting accidents, 346 facilities had multiple
35 Belke, p. 26.
36 Belke, J. (2001), “Chemical Accident Risks in U.S. Industry - A preliminary analysis of
accident risk data from U.S. hazardous chemical facilities”, Proceedings of the 10th
International Symposium on Loss Prevention and Safety Promotion in the Process
Industries, Stockholm, Sweden, Pasman, Fredholm, and Jacobson (eds.), Elsevier
Science B.V. — Note: This does not mean that more than a million people would be
exposed and injured, but rather that, depending on wind direction and other factors, some
portion of the population in the zone might be exposed and injured.
37 Ibid.
38 Department of Justice, p. 13.
39 Ibid.
40 Kleindorfer, Paul R., Harold Feldman, and Robert A. Lowe. Accident Epidemiology and
the U.S. Chemical Industry: Preliminary Results from RMP*Info. Working Paper 00-01-15.
Center for Risk Management and Decision Processes, The Wharton School, University of
Pennsylvania. Revised March 6, 2000. 27 p.
[http://opim.wharton.upenn.edu/risk/epi_downloads.html], visited Aug. 7, 2003.
CRS-10
accidents. Half of the chemicals for which risk management planning is required
under the CAA Section 112(r) were involved in accidents. Half of the accidents
resulted in reported injuries to workers. Accidents caused a reported 1,897 injuries
and 33 deaths to employees, 141 injuries and no deaths to non-employees. No deaths
were reported off-site. However, over 200,000 community residents were involved
in evacuations and shelter-in-place incidents.41
Further analysis by the Wharton group revealed that the risk of accidental
chemical releases and of worker injuries or property damage increased with the size
of the facility (from 10 to 1,000 full-time equivalent employees or FTEs).42 Note that
this refers to accidents of any kind, not to worst-case events.) In addition, facilities
reporting that they handled large amounts and many types of chemicals had much
higher accident rates than facilities handling smaller amounts and fewer types of
chemicals. The probability that a facility had experienced a chemical accident of any
size approached 100% for the very largest chemical manufacturers. Toxic chemicals
were more strongly associated with worker injuries, while flammable chemicals were
more strongly associated with property damage. No regional trends in accident rates
were discovered — i.e., facilities in various geographical regions had similar accident
rates.
In contrast to the above figures, which all were based on hypothetical or actual
accidents described in risk management plans, the Washington Post reported March
12, 2002, that a classified study conducted by the U.S. Army Surgeon General dated
October 29, 2001, found that a terrorist attack resulting in a chemical release in a
densely populated area could injure or kill as many as 2.4 million people.43
According to the news article, the study found “even middle-range casualty estimates
from a chemical weapons attack or explosion of a toxic chemical manufacturing plant
are as high as 903,400 people.”44 The worst-case estimate of 2.4 million casualties
from a chemical release was roughly half the surgeon general’s estimate for
casualties due to widespread use of biological weapons, according to the report. The
Army Surgeon General recently explained that the estimate of 2.4 million casualties
is of “the number of people who might request medical treatment during a total
release of a large industrial chemical manufacturing plant, in a densely populated
area, and under ideal weather conditions for maximum exposure.”45 As in most
studies of this kind, some question the magnitude and likelihood of the casualty
estimates.
41 Ibid. p. 9.
42 Elliott, Michael R., Paul Kleindorfer, and Robert A. Lowe. The Role of Hazardousness
and Regulatory Practice in the Accidental Release of Chemicals at US Industrial Facilities.
Working Paper 01-37-PK. Risk Management and Decision Processes Center, The Wharton
School, University of Pennsylvania. Summer 2001. 22 p.
[http://opim.wharton.upenn.edu/risk/downloads/01-37-PK.pdf], visited Aug. 7, 2003.
43 Pianin, Eric. “Study assesses risk of attack on chemical plant.” Washington Post, Mar.
12, 2002. p. A8.
44 Ibid.
45 Army recants attack estimates. Chemical Week, May 22, 2002. p 38.
CRS-11
Chemical Site Vulnerability. CRS identified two publicly available reports
that assess site security at U.S. chemical plants. In addition, investigative reports
published in newspapers or documented with video recordings indicate that reporters
have been able to visit various facilities without being supervised. The studies and
selected newspaper accounts are summarized below.
Prior to September 11, an assessment of chemical plant site security by the
Agency for Toxic Substances and Disease Registry (ATSDR) was considered by
many to be the most comprehensive analysis that was publicly available. ATSDR
researchers reviewed national statistics on domestic terrorism compiled by the FBI
in 1995, and interviewed security staff from facilities and potential targets in one
community with numerous chemical plants.46 ATSDR researchers concluded —
! “security at chemical plants ranged from fair to very poor;”47
! chemical plant security managers “were very pessimistic about their
ability to deter sabotage by employees, yet none of them had
implemented simple background checks for key employees such as
chemical process operators;” and
! “none of the corporate security staff had been trained to identify
combinations of common chemicals at their facilities that could be
used as improvised explosives and incendiaries.”48
The full ATSDR report was never made public, but a DOJ report noted that —
among the ‘soft targets’ that the ATSDR identified as potential terrorist sites
were chemical manufacturing plants (chlorine, peroxides, other industrial gases,
plastics, and pesticides); compressed gases in tanks, pipelines, and pumping
stations; and pesticide manufacturing and supply distributors.49
The DOJ released a study April 18, 2000, describing the risk of terrorism aimed
at chemical plants.50 It concluded that “the risk of terrorists attempting in the
foreseeable future to cause an industrial chemical release is both real and credible.”51
46 ATSDR. Industrial Chemicals and Terrorism: Human Health Threat Analysis, Mitigation
and Prevention.
[http://www.techstuff.com/terror/terror.htm], visited Aug. 7, 2003.
47 Greenpeace activists dramatized the poor security at one chlorine manufacturing plant in
February 2001. According to a report in the Washington Post, activists scaled the fence of
a large Dow Chemical plant near Baton Rouge, Louisiana, and gained access to the control
panel that regulates discharges into the Mississippi River. (“Toxic chemicals’ security
worries officials.” Washington Post, Nov. 12, 2001, p. A14.)
48 ATSDR studied two communities in different parts of the United States but only
interviewed plant security personnel in one community.
49 Department of Justice, p. 27.
50 Ibid.
51 Ibid., p. 2.
CRS-12
The study also noted that security at many industrial facilities generally is “not as
substantial as the security at other comparable potential terrorist targets.”52
In April and May, 2002, six to seven months after September 11, 2001, the
Pittsburgh Tribune-Review published a series of articles describing an investigation
of plant security conducted by the paper’s reporters. On April 7, 2002, the newspaper
stated that “anyone has unfettered access to more than two dozen potentially
dangerous plants in the region” (referring to western Pennsylvania).53 The author of
the report continued:
The security was so lax at 30 sites that in broad daylight a Trib reporter —
wearing a press pass and carrying a camera — could walk or drive right up to
tanks, pipes and control rooms considered key targets for terrorists.
The report was based on reporters’ trips to 30 plants in western Pennsylvania which
have filed risk management plans under the Clean Air Act, Section 112. Two of the
plants are among the 123 plants nationwide that have projected potential risks to
more than 1,000,000 residents in the event of a worst-case accident or attack. The
30 companies constituted more than half of the 61 sites in the region required to file
risk management plans. Fifteen of the sites to which reporters gained unchallenged
access were water treatment facilities in Pennsylvania and Maryland.
In May, another Tribune-Review article described a similar investigation of 30
additional plants in Houston, Baltimore, and Chicago.54 The report concluded that
security was lax at some of “the potentially deadliest plants” in all three cities; access
was easy to some sites owned by corporations with large security budgets;
employees, customers, neighbors, and contractors “not only let a stranger walk
through warehouses, factories, tank houses and rail depots, but also gave directions
to the most sensitive valves and control rooms;” and access to 19 sites was allowed
due to “unguarded rail lines and drainage ditches, dilapidated or nonexistent fences,
open doors, poorly angled cameras and unmanned train gates.”
Chemical manufacturers and users contacted by reporters said that they had
bolstered security recently. Several site managers reported that they made immediate
changes in procedures or construction plans in response to security breaches by the
reporters. But security cannot be ensured “overnight,”according to the president of
the Pennsylvania Chemical Industry Council,55 and it can be expensive. For example,
the newspaper reported that U.S. Steel spends more than $1 million each year to
52 Ibid., p. 30.
53 Prine, Carl. Lax security exposes lethal chemical supplies. Pittsburgh Tribune-Review,
April 7, 2002.
[http://www.pittsburghlive.com/x/tribunereview/specialreports/potentialfordisaster/s_64
612.html], visited Aug. 7, 2003.
54 Prine, Carl. Chemicals pose risks nationwide. Pittsburgh Tribune-Review, May 5, 2002.
[http://www.pittsburghlive.com/x/tribune-review/specialreports/potentialfordisaster/s_69
664.html], visited Aug. 7, 2003.
55 Prine, April 7, 2002.
CRS-13
equip, train, and hire its own hazardous chemicals response team, firefighters,
paramedics, and gate guards at its coke factory.56
Television crews again entered and photographed chemical storage areas in
November 2003.57
Conclusion. Whether recent trends in domestic and international terrorism
will continue into the future, and whether they will be reflected in risks to U.S.
chemical facilities, is unknown. Historically, there have been very few terrorist
attacks on chemical facilities in the United States. Therefore, the estimated risk of
death and injury from such attacks in the immediate future is low relative to the
likelihood of other hazardous events, such as industrial accidents or terrorist attacks
on other targets using conventional weapons. For any individual chemical plant, the
risk of attack is extremely small. However, the overall risks to chemical facilities
may be increasing.
In contrast to the low probability of chemical terrorism, possible consequences
for human health and the environment from such an event could be severe.
Moreover, limited evidence suggests that chemical facilities may be “soft targets,”
lacking in adequate safeguards against criminal and terrorist attacks.
Existing Federal Requirements to Reduce Risks
at Chemical Facilities
Two key federal laws require or encourage certain chemical facility operators
to reduce risks to the general public associated with releases of hazardous chemicals:
the Emergency Response and Community Right-to-Know Act (EPCRA) and the
Clean Air Act (CAA). Both focus on accidental releases of hazardous chemicals.
EPCRA. In 1986, two years after the Bhopal accident, Congress enacted
EPCRA (codified at 42 U.S.C. 11001-11050) as Title III of the Superfund
Amendments and Reauthorization Act (P.L. 99-499).58 EPCRA mandated the
establishment of State Emergency Response Commissions (SERCs) and Local
Emergency Response Committees (LEPCs) to coordinate planning and response to
potentially large releases of specified “extremely hazardous substances.”59 The Act
56 Ibid.
57 CBS News. “U.S. Plants: Open to Terrorists.” Sixty Minutes. Nov. 17, 2003.
[http://www.cbsnews.com/stories/2003/11/13/60minutes/main583528.shtml], visited Jan.
20, 2004.
58 For additional information about EPCRA, see CRS Report RL30798, Environmental
Laws: Summaries of Statutes Administered by the Environmental Protection Agency.
59 EPCRA required EPA to list “extremely hazardous substances” and to establish threshold
planning quantities for each substance. Originally, Congress defined chemicals as
“extremely hazardous substances” if they appeared on a list EPA published in November
1985 as Appendix A in “Chemical Emergency Preparedness Program Interim Guidance.”
However, Congress gave EPA authority to revise the list and the threshold quantities of
(continued...)
CRS-14
requires facility operators, LEPCs, and SERCs to prepare contingency plans for such
releases.
Facility managers are required to provide information to LEPCs and local
emergency responders (fire fighters, police officers, etc.) about chemicals present at
facilities and to notify those officials in the event of a sudden release. EPCRA
requires local officials to provide information about emergency plans and chemical
hazards to the general public.
EPCRA’s reporting and disclosure requirements are meant to facilitate planning,
but sometimes they also promote risk reduction. For example, facility managers
concerned about community relations sometimes reduce use of particularly toxic or
otherwise hazardous materials, sometimes to the point that they no longer have to
report, because they no longer handle reportable quantities of EPCRA chemicals. In
other cases, the public disclosure requirement may encourage them to change
chemical processes and handling in order to reduce the risk of reportable spills.
Although EPCRA requires facility reporting and cooperation in local emergency
response planning, and it may encourage risk reduction, it stops short of requiring
facilities to assess or reduce risks of chemical releases.60 Instead, the Act directed the
EPA to study the problem and to identify any gaps in federal regulation.
CAA Section 112(r). In 1990, data accumulated by EPA on chemical
accidents in the United States prompted Congress again to address the threat of
catastrophic releases of chemicals that might cause immediate deaths or injuries in
communities. It amended the Clean Air Act (CAA) to mandate EPA oversight of
risk management planning at facilities that handle more than specified threshold
quantities of hazardous substances.61 The Act defined “hazardous substances” to
include chlorine, anhydrous ammonia, methyl chloride, ethylene oxide, vinyl
chloride, methyl isocyanate, hydrogen cyanide, ammonia, hydrogen sulfide, toluene
diisocyanate, phosgene, bromine, anhydrous sulfur dioxide, sulfur trioxide, and at
least 100 other chemicals to be designated by EPA. EPA was directed to designate
chemicals posing the greatest risks to human health or to the environment, based on
59 (...continued)
chemicals. Based on listing criteria, the intent appears to be to include only chemicals in
quantities that could harm people exposed to them for only a short period of time.
Currently, there are approximately 356 such substances listed. For the list, see
[http://www.epa.gov/swercepp/ehs/ehsalpha.html], visited Jan. 20, 2004.
60 Many proponents of the reporting provisions of EPCRA argue, however, that public
disclosure of information about chemicals present and released into communities sometimes
prompts facility operators to reduce risks.
61 The Clean Air Act Amendments of 1990 gave responsibility for the prevention of
accidental chemical releases to the Occupational Safety and Health Administration (OSHA)
and EPA. OSHA has responsibility for the protection of workers from accidental chemical
releases and has promulgated the Process Safety Management Standard (29 CFR 1910.119)
in response to this requirement. EPA has incorporated the OSHA Process Safety
Management Standard as the chemical accident prevention program for certain facilities
subject to both rules.
CRS-15
three criteria: severity of potential acute adverse health effects, the likelihood of
accidental releases, and the potential magnitude of human exposure. EPA
promulgated a list of 77 acutely toxic substances, 63 flammable gases and volatile
flammable liquids, and “high explosive substances” (59 Federal Register 4478, Jan.
31, 1994). The list was amended March 13, 2000, to exclude flammable substances
when used as a fuel, or held for sale as a fuel at a retail facility.62 Selected categories
of industries with large numbers of reporting facilities are identified in Table 1.
The CAA Section 112(r) imposes “a general duty” on owners and operators of
facilities producing, processing, handling or storing any “extremely hazardous
substance” to detect and prevent or minimize accidental releases and to provide
prompt emergency response to a release in order to protect human health and the
environment. The act requires owners and operators of covered facilities to prepare
Risk Management Plans (RMPs) that summarize the potential threat of sudden, large
releases of certain chemicals, including the results of off-site consequence analysis
(OCA) for a worst-case chemical accident, and facilities’ plans to prevent releases
and mitigate any damage. Plans were to be submitted to EPA and made “available
to the public” by June 21, 1999. EPA is required to review RMPs regularly, and if
necessary, require revisions. EPA has delegated this responsibility to some states and
localities.63 (All states have authority to review RMPs at facilities that are major
sources of air pollution, which are required to obtain permits under Title V of the
Clean Air Act.)
In October 1996, the Accident Prevention Subcommittee of the Clean Air Act
Advisory Committee to EPA created the Electronic Submission Workgroup to
consider the technical and practical issues associated with an electronic database of
risk management plans. By spring 1997, the Workgroup unanimously agreed that
EPA should provide full, unrestricted access via the Internet to most RMP
information. However, advisors could not reach consensus regarding access to OCA
data.
There were concerns that in facilitating electronic access to the general U.S.
public through the Internet, EPA also would be facilitating access to these data
internationally, which might permit misuse by terrorists.64 Several members of the
Accident Prevention Subcommittee recommended EPA undertake a security study
to determine how much risk might increase as a result of putting OCA data on the
Internet. Aegis Research Corporation, ICF Incorporated, and Science Applications
62 65 Federal Register 13243-13250.
63 EPA has delegated authority to implement CAA Section 112(r) to the following states,
territories, and localities: Delaware, Florida, Georgia, Kentucky, Mississippi, New Jersey,
North Carolina, Ohio, South Carolina, Puerto Rico, Virgin Islands, Jefferson County,
Kentucky, Buncombe County and the City of Asheville, North Carolina, Forsyth County,
North Carolina, and Allegheny County, Pennsylvania. Rhode Island, Nevada, and Hawaii
are seeking delegated authority.
[http://yosemite.epa.gov/oswer/ceppoweb.nsf/content/112r-sts.htm#StateDelegation], visited
Aug.7, 2003.
64 U.S. EPA. Security Study: An Analysis of the Terrorist Risk Associated with the Public
Availability of Offsite Consequence Analysis Data under EPA’s Risk Management Program
Regulations. EPA 550-R97-003. Dec. 1993. p. 1.
CRS-16
Table 1. Numbers of Facilities Reporting Risk Management
Plans to EPA in Selected Industrial Categories
Number of reporting
facilities
Industrial Categories (NAICS code)a
(Total = 16,010)
4,500
Farm supplies wholesalers (42291)
2,048
Water supply and irrigation (22131)
1,439
Wastewater treatment (22132)
643
Refrigerated warehousing and storage facilities (49312)
561
Support activities for crop production (11511)
533
Oil and gas extraction (21111)
469
Meat processing (31161)
398
Other chemical and allied production wholesalers (42269)
372
Basic organic chemical manufacturing (32519)
368
Basic inorganic chemical manufacture (32518)
347
Farm production warehousing and storage (49313)
309
Electric power generation (22111)
298
Plastics material and resin manufacturing (32521)
290
Fertilizer manufacturing (32531)
232
Liquified petroleum gas dealers (454312)
169
Petroleum refineries (32411)
153
All other chemical product manufacturing (32599)
139
Industrial gas manufacturing (32512)
138
Petroleum bulk stations and terminals (42271)
136
General warehousing and storage facilities (49311)
103
Petrochemical manufacturing (32511)
2,365
Other
Source: Congressional Research Service. Numbers were obtained by searching the risk management
plans for U.S. facilities using the May 1, 2002 version of the EPA National Database (with off-site
consequence data) and EPA’s software RMP*Review (version 2.1).
a North American Industry Classification System (NAICS) codes.
CRS-17
International Corporation conducted the security study for EPA. The Agency
concluded from the study that —
... the risk (although still very small) was slightly more than two times higher
with unrestricted availability of the RMP with OCA data on the Internet. This
increase reflects several factors, including the nature of the OCA data elements
and the enhanced accessibility of data on the Internet to an international
audience. Taken together, the primary utility of the unrestricted RMP and OCA
data to a terrorist emerges from the capability to scan across the entire country
for the “best” targets.65
In December 1997, EPA began discussions with the FBI and other federal
agencies about the electronic RMP distribution plan. National security concerns
centered on the OCA data and their potential utility to terrorists. An interagency
agreement was reached in late October 1998 that OCA data would not be included
in RMP information placed on the Internet. Instead, EPA would make “appropriate”
OCA data available in some form on request, but access would be restricted and not
anonymous.66 The possibility that OCA data could have been distributed via the
Internet remained, however, because it could have been obtained and distributed by
any citizen under the Freedom of Information Act, according to the EPA Legal
Counsel.
To address the security concerns raised by the Section 112(r) requirements, the
Clinton Administration submitted draft legislation to Congress May 7, 1999.
Congress enacted an amended version of the legislation as an amendment to S. 880,
the Chemical Safety Information, Site Security and Fuels Regulatory Relief Act (P.L.
106-40). The new law amended Section 112 of the CAA to exempt OCA data from
disclosure under the Freedom of Information Act, and limited public availability until
EPA and DOJ issued regulations in August, 2000.
The final RMP regulation on data access was published August 4, 2000.67 It
allows public access to paper copies of sensitive OCA information through federal
reading rooms, approximately one per state, and provides Internet access to the OCA
data elements that pose the least serious criminal risk. State and local agencies are
encouraged to provide the public with read-only access to OCA information on local
facilities. At the federal reading rooms, members of the public may read OCA
information for up to 10 facilities per calendar month and for all facilities with
potential effects in the jurisdiction of the local emergency planning committee. State
and local officials and other members of the public may share OCA information as
long as the data are not conveyed in the format of sensitive portions of the RMP or
65 Ibid. p. 10.
66 Blitzer, Robert M., Former Section Chief, Domestic Terrorism/Counterterrorism Planning
Section, Federal Bureau of Investigation. Testimony before the Senate Committee on
Environment and Public Works, Subcommittee on Clean Air, Wetlands, Private Property
and Nuclear Safety. March 16, 1999.
67 65 Federal Register 48107-48133.
CRS-18
any electronic database developed by EPA from those sections.68 A Clinton
Administration proposal to implement the final rule (66 Federal Register 4021, Jan.
17, 2001) would have allowed people to view plans of facilities outside their local
area and enhanced access for “qualified researchers.” The draft plan was rescinded
by the Bush Administration (66 Federal Register 15254, Mar. 16, 2001).
The 1999 Act also directed the U.S. General Accounting Office (GAO) to report
to Congress within 3 years (i.e., before August 2002) on “the adequacy of chemical
information required to be submitted to local emergency response personnel to help
them respond to chemical incidents, the adequacy of the delivery of that information,
and the level of compliance with the requirement to submit the information.”69 That
report was released July 31, 2002. GAO concluded that EPA officials believe
industries generally are complying with reporting requirements. GAO’s conclusions
about the adequacy of information and its delivery were tentative and could not be
generalized to the universe of LEPCs.
DOJ also was directed to report to Congress within 3 years on the extent to
which RMP regulations led to actions “that are effective in detecting, preventing, and
minimizing the consequences of releases of regulated substances that may be caused
by criminal activity,” the vulnerability of facilities to criminal and terrorist activity,
“current industry practices regarding site security,” and security of transportation of
substances listed under CAA Section 112(r).”70 The law directed DOJ to consult
with state, local and federal agencies, affected industry, and the public in preparing
the report, and to submit any recommendations to Congress. An interim report was
due within one year of enactment (i.e., by August 2000). DOJ missed the interim
report deadline and expects to miss the final deadline as well. The Natural Resources
Defense Council (NRDC) filed a lawsuit against DOJ March 11, 2002, asserting that
DOJ unlawfully withheld or unreasonably delayed the report’s submission to
Congress.71 The interim report was released to Congress May 30, 2002, but withheld
from the public. On June 3, 2002, DOJ filed a motion to dismiss the NRDC lawsuit.
The NRDC moved to dismiss its lawsuit on July 1, 2002. A General Accounting
Office (GAO) study released October 10, 2002, concluded that DOJ failed to
complete the mandated study, and that the Department had the funds to do so,
although it had no specific appropriation. “Generally, when Congress imposes a new
requirement on an agency but does not appropriate funds specifically to implement
it, the agency must use existing appropriations to fund the requirement.”72
68 EPA Fact Sheet. “Chemical Safety Information, Site Security and Fuels Regulatory Relief
Act: Public Distribution of Off-Site Consequence Analysis Information.” EPA 550-F00-012,
Aug. 2000.
69 U.S. GAO. Chemical Safety: Emergency Response Community Views on the Adequacy
of Federally Required Chemical Information. GAO-02-799. Washington, DC: U.S. Govt.
Print. Off. 23 pp.
70 42 USC 7412(r)(7)(H)(xi).
71 Natural Resources Defense Council v. Ashcroft, D.D.C., No. 02-0449, Mar. 11, 2002.
72 U.S. General Accounting Office. 2002. Homeland Security: Department of Justice’s
Response to Its Congressional Mandate to Assess and Report on Chemical Industry
(continued...)
CRS-19
After September 11, 2001
Administrative Initiatives. The events of September 11, 2001, bolstered the
view that access to information about facilities should be restricted if it might make
them more vulnerable to terrorist attacks. This led EPA to limit Internet access on
its website to “sensitive” data.
Early in October 2001, EPA removed from its website general information from
risk management plans — for example, about the physical state and concentrations
of chemicals at facilities and the duration of a possible chemical release — which
previously had been considered acceptable for Internet posting. EPA reportedly
found no other information that should be removed from the Internet during the next
few months, but officials remained concerned about posted information on facility
locations that might be of use to criminals and terrorists.73 On March 14, 2002, EPA
restricted access to Envirofacts, a link to several EPA databases that allowed the user
to access facility-specific information about chemical releases, compliance with
environmental laws, and other issues. The next week, the White House sent a
memorandum to all federal agencies, ordering them to further review and protect
information that might be used to threaten national security or public safety. On May
6, 2002, President Bush signed an administrative order granting the EPA
Administrator the authority to classify as “secret” information that might pose a
national security risk.74
On the other hand, the attacks of September 11 led to increased communication
among government officials at all levels, as well as facility owners and operators.
For example, EPA advised pesticide companies and applicators to be especially
vigilant about physical security of chemicals and equipment. The Agency issued a
“chemical safety alert” tailored to the security needs of the pesticide industry, based
on an earlier paper on site security of chemical plants that first was issued in February
2000.75 In September 2002, EPA also sent about 9,400 drinking water utilities advice
about securing facilities from terrorists. (About 2,000 drinking water utilities submit
risk management plans that include worst-case scenarios under the CAA Section
112(r).)
In February 2003, the White House released The National Strategy for the
Physical Protection of Critical Infrastructures and Key Assets. It outlines goals,
principles, “a unifying structure,” roles and responsibilities, and the major cross-
sector and sector-specific initiatives of national efforts to secure infrastructures and
“assets vital to our public health and safety, national security, governance, economy,
72 (...continued)
Vulnerabilities (GAO-03-24R).
73 Preston, Meredith. “Agency considers new ways to make data on Internet site available
to public,” Daily Environment Report, Feb. 22, 2002, p. A-14.
74 67 Federal Register 31109, May 9, 2002.
75 The alerts are available through the EPA website at:
[http://yosemite.epa.gov/oswer/ceppoweb.nsf/content/ap-chsa.htm], visited Aug. 7, 2003.
CRS-20
and public confidence.”76 Chemical facilities are addressed in connection with three
critical infrastructure sectors: the chemical industry and hazardous materials, water,
and energy. EPA was the designated lead federal agency for the chemical industry
and water, while the Department of Energy (DOE) was the designated lead agency
for energy.
With respect to the chemical industry and hazardous materials, the Strategy
acknowledged both the potential economic consequences of a successful attack on
the sector and the potential threat to public health and safety. It aimed to assure
supply to downstream users of chemical products, to protect and assure the quality
of chemical stockpiles, and to reduce the risk of malicious use of inherently
hazardous chemicals. The Strategy noted that “there is currently no clear,
unambiguous legal or regulatory authority at the federal level to help ensure
comprehensive, uniform security standards for chemical facilities.”77 In particular,
the Strategy observed that federal laws might be out-of-date and no longer effective
for monitoring and controlling access to dangerous substances. The President
proposed that DHS, in concert with EPA, should “work with Congress to enact
legislation to require certain chemical facilities, particularly those that maintain large
quantities of hazardous chemicals in close proximity to population centers, to
undertake vulnerability assessments and take reasonable steps to reduce the
vulnerabilities identified.”78 The Strategy also proposed that EPA, in concert with
DHS, should review current laws and regulations pertaining to “the distribution and
sale of highly toxic pesticides and industrial chemicals.” Finally, the Strategy
suggested that DHS and EPA should encourage participation in the chemical sector’s
Information Sharing Analysis Center. The fact that security can be expensive also
was noted.
The Strategy described the importance of water from a public health and an
economic standpoint and noted that security of the water sector against terrorism had
been greatly enhanced since September 11, 2001. Challenges facing the water sector,
according to the Strategy, included the need to protect against intentional release of
toxic chemicals so as to protect the safety of people who reside or work near water
facilities. The Strategy proposed that EPA and DHS identify better ways to secure
key points of storage and distribution; improve monitoring and analysis, information
exchange, and contingency planning; and manage risks due to interdependencies with
other critical infrastructures.
The energy sector was divided into two sections: electricity and the oil/natural
gas industries. Overall, energy was described as “essential to our economy, national
defense, and quality of life.”79 The Strategy proposed that DHS and DOE work with
state and local governments and industry to identify “appropriate levels of
76 Bush, George W. Cover letter to The National Strategy for the Physical Protection of
Critical Infrastructures and Key Assets. Feb. 2003. 83 pp.
[http://www.whitehouse.gov/pcipb/physical.html], visited Aug. 7, 2003.
77 Ibid., p. 65.
78 Ibid., p. 66.
79 Ibid., p. 50.
CRS-21
redundancy” and requirements for “designing and enhancing reliability.” In addition,
DHS and DOE were to work with oil and natural gas industry representatives to
“define consistent criteria for criticality, standard approaches for vulnerability and
risk assessments,” and “physical security training for industry personnel.”80 An
advisory task force was to be convened by DHS and DOE to identify appropriate
planning requirements and approaches. Finally, the Strategy proposed that DHS and
DOE work with industry “to develop regional and national programs for identifying
spare parts, requirements, notifying parties of their availability, and distributing them
in an emergency.” There is no mention in this section of the hazardous chemicals
present in some facilities in the energy sector.81 However, it may be the
Administration’s intention that certain facilities, such as oil refineries, electric/gas
utilities, and bulk storage facilities, would be included in, and targeted by initiatives
in, multiple critical infrastructure sectors.
As the war began in Iraq, the President launched Operation Liberty Shield, a
surveillance program to provide additional security for potentially threatened
facilities in the critical infrastructure. Chemical plants were among the potential
focal points of the initiative.
On December 17, 2003, the President issued Homeland Security Presidential
Directive 7 transferring to DHS all EPA authority for overseeing the security of
chemical facilities, with the single exception of drinking water and water treatment
plants. In addition, the directive revised the Administration’s strategy for protecting
critical infrastructure by designating DHS the lead agency for the chemical sector.
The directive requires that DHS “identify, prioritize, and coordinate the protection
of critical infrastructure and key resources with an emphasis on critical infrastructure
and key resources that could be exploited to cause catastrophic health effects or mass
casualties comparable to those from the use of a weapon of mass destruction” (HSPD
7, paragraph 12). In addition, DHS must conduct or facilitate vulnerability
assessments of the chemical sector and “encourage risk management strategies to
protect against and mitigate the effects of attacks.” Finally, all departments and
agencies are directed “to work with sectors relevant to their responsibilities to reduce
the consequences of catastrophic failures not caused by terrorism” and to cooperate
with the DHS Secretary.
Private Sector Initiatives. Although trade associations for the chemical
industries have been engaged in emergency planning for many years, and began
developing guidelines for site security at least a year before September 11, 2001, the
events of that date infused on-going efforts with commitment and energy that
previously were not evident.
The American Chemistry Council (ACC, formerly the Chemical Manufacturers
Association), the Chlorine Institute, Inc., and the Synthetic Organic Chemical
Manufacturers Association issued Site Security Guidelines for the U.S. Chemical
Industry on October 23, 2001. The guidelines build on “Management Practice 15:
80 Ibid.
81 However, the first of the 8 guiding principles underpinning the strategy is “assure public
safety, public confidence, and services.”
CRS-22
Site Security” in the Responsible Care® Employee Health and Safety Code.
Responsible Care® is the ACC’s response to general public concerns about the
manufacture and use of chemicals. Members of the ACC are required to commit to
the principles of Responsible Care® and “to support a continuing effort to improve
the industry’s responsible management of chemicals” by continually improving their
health, safety and environmental performance; listening and responding to public
concerns; assisting other companies to achieve optimum performance; and reporting
their goals and progress to the public.”82 There are 180 corporate ACC members
which operate approximately 1,000 chemical facilities, representing about 90% of
U.S. chemical production capacity.83 The ACC guidelines for site security are
general, and must be adapted by chemical companies to meet site requirements.
During April 2002, ACC circulated a draft of a Security Code of Management
Practices —
to help companies achieve continuous improvement in security performance
using a risk-based approach to identify, assess and address vulnerabilities,
prevent or mitigate incidents, enhance training and response capabilities, and
maintain and improve relationships with key stakeholders.84
On June 5, 2002, the ACC Board of Directors approved the code and voted to make
it mandatory for ACC members. Some key requirements of the code include:
! training and drills for employees, contractors, customers, and
suppliers;
! consideration of process changes, material substitutions, and other
inherently safer approaches to chemical production;
! evaluation, response, and reporting of security threats; and
! internal audits.85
ACC members are required to evaluate site security using vulnerability assessment
methodology equivalent to that developed by the Department of Energy’s Sandia
Laboratories for the Department of Justice86 or by the Center for Chemical Process
Safety (an industry-funded research center).
82 The principles of Responsible Care® are listed on the ACC website at
[http://www.americanchemistry.com/], visited Aug. 7, 2003.
83 Heilprin, John. “Government to require 15,000 chemical, waste, water plants to assess
terrorism risks, make fixes,” The Associated Press, via NewsEdge Insight, June 7, 2002.
84 ACC. Responsible Care® Security Code of Management Practices Draft Concepts, April
18, 2002.
85 Responsible Care® practitioners’ website.
[http://www.americanchemistry.com/cmawebsite.nsf/s?readform&nnar-5b7jx8], visited July
1, 2002.
86 National Institute of Justice, U.S. Department of Justice. Chemical Facility Vulnerability
Assessment Methodology, NCJ 195171, July 2, 2002.
[http://www.ojp.usdoj.gov/nij/pubs-sum/195171.htm], visited Aug. 7, 2003.
CRS-23
ACC members began by assessing security, including computer security, at
high-risk facilities, as well as from supplier to manufacturer, to wholesaler, to
retailer, and finally to customer. March 7, 2003, ACC announced that all 165 of its
member companies had completed site vulnerability assessments for their 120
highest priority facilities, prior to the end of 2002, a deadline established by the
industry’s security code.87 After needed security measures have been put into place
for these high-priority facilities (site enhancements were to be completed before the
end of 2003), the ACC code requires verification by an independent third party (also
before the end of 2003). Additional facilities will undergo assessment and security
enhancements in 2004. However, the security code does not require expenditures for
risk reduction; rather it recommends decisions should be based on an evaluation of
risks and costs.
In addition to developing guidelines and a management code on site security,
ACC and other chemical trade organizations have been communicating extensively
with one another and with government officials about how to reduce the risks of
chemical terrorism. For example, ACC and the Association of American Railroads
formed a taskforce to develop strategies to ensure the safety of communities near
chemical and rail facilities.88 In addition, as mentioned above, the Center for
Chemical Process Safety has developed a risk-based methodology for assessing the
vulnerability of chemical facilities to terrorist attacks. The Synthetic Organic
Chemical Manufacturers Association (SOCMA) has developed a vulnerability
assessment methodology for smaller chemical producers.89 In addition, SOCMA has
adopted the ACC security code as a condition of membership. According to Tom
Hall, director of stewardship for CropLife America (a pesticide industry trade
association), pesticide and fertilizer distributors represented by CropLife America,
the Fertilizer Institute, and the Agricultural Retailers Association formed a working
group to tailor a vulnerability assessment methodology for rural facilities, where theft
is a greater threat than a direct attack on a facility.90 A document, Guidelines to Help
Ensure a Secure Agribusiness, was released October 24, 2002.91 Finally, the
American Petroleum Institute has published security guidelines developed in
consultation with the Department of Energy.
The U.S. General Accounting Office examined the voluntary initiatives under-
way in a report released in March 2003, Homeland Security: Voluntary Initiatives
Are Under Way at Chemical Facilities but the Extent of Security Preparedness is
87 ACC. “Chemical makers complete priority site vulnerability assessments, continue
security performance through Responsible Care®” Press release, Mar. 7, 2003.
[http://www.accnewsmedia.com/docs/1100/1090.doc?DocTypeID=4&TrackID=], visited
Aug. 7, 2003.
88 “ACC teams up with railroad association to boost chemical security,” Pesticide & Toxic
Chemical News Daily, v.4, n.5, Mar. 28, 2002, p.2.
89 DeConti, Angela. Personal communication, July 9, 2002.
90 Hall, Tom. Personal communication, July 2, 2002.
91 The Guidelines may be accessed through the Internet.
[http://www.aradc.org/secureagribusinessguidelines.pdf], visited Aug. 7, 2003.
CRS-24
Unknown.92 GAO concluded that many initiatives are admirable, but “the extent of
security preparedness at U.S. chemical facilities is unknown ... [because] no federal
requirements are in place to require chemical facilities to assess their vulnerabilities
and take steps to reduce them ... [and] no federal oversight or third-party verification
ensures that voluntary industry assessments are adequate and that necessary
corrective actions are taken.”
Policy Options
September 11, 2001 prompted policy makers to reconsider federal policy
options regarding potential terrorist threats to chemical facilities. A range of possible
strategies is summarized below.
Status Quo. Congress might rely on existing mechanisms in the public and
private sectors to continuously evaluate and improve site security. Federal statutes
already mandate facility assessments of chemical hazards and planning to prevent,
mitigate, and respond to accidental releases of hazardous chemicals. And the events
of September 11, 2001, undoubtedly have reinvigorated implementation efforts by
federal, state, and local government officials, as well as facility operators. Some state
and local governments have instituted additional security requirements. For example,
Baltimore, Maryland, requires chemical facilities to implement security measures
described by police and fire officials. Moreover, trade associations have developed
vulnerability assessment methodologies to facilitate planning for diverse types of
facilities. The ACC requires that its members assess vulnerability and devise plans
to improve security.
The establishment of a Department of Homeland Security (DHS) and Homeland
Security Presidential Directive 7 on the protection of critical infrastructure ensure a
federal role in chemical facility security planning. The President directed DHS to
identify and prioritize facilities needing protection from terrorists, to facilitate
vulnerability assessment and security planning, and to coordinate private, local, state,
and federal initiatives to improve security. However, many in Congress and
President Bush have stated that the federal government might need additional
authority to require security measures at chemical facilities, and called for legislation
that would provide that authority.93
Collect Additional Information. Another option would be to delay
addressing chemical facility security until additional information is gathered on
which to base proposals. The final DOJ assessment of chemical site security and the
impact of the current risk management planning program might provide needed
insights. For a broader view of the issue, including analysis of policy options,
92 U.S. GAO. Homeland Security: Voluntary Initiatives Are Under Way at Chemical
Facilities but the Extent of Security Preparedness is Unknown. GAO-03-439. March 2003,
41 pp.
[http://www.gao.gov/new.items/d03439.pdf], visited Jan. 20, 2004.
93 President George W. Bush. Sept. 10, 2003. “President Bush Discusses Homeland
Security at the FBI Academy,” FBI Academy, Quantico, Virginia.
CRS-25
Congress might establish a Blue Ribbon Panel or request a study by the National
Academy of Sciences. Studies could provide information about the risks of
terrorism, the risks of accidents, the views of public interest groups, and the
effectiveness of public disclosure to reduce risks. Such information might assist
Congress in evaluating alternative approaches to reducing risks. However, the
benefits gained from delaying federal decisions pending development of better risk
information must be weighed against the possibility that terrorists might strike this
kind of facility before Congress acts.
Improve EPA Guidance and Enforcement. Congress also might provide
additional resources for, or exercise increased oversight over, implementation of
existing statutes. Although neither EPCRA nor the CAA explicitly addresses
chemical releases due to criminal or terrorist acts, EPA arguably has sufficient
authority under the acts to more strongly encourage facilities to reduce their
vulnerability to terrorists. Additional resources could facilitate EPA review of
facility risk management plans. Through September 2001, EPA had reviewed only
15% of submitted plans, according to a recent report by the U.S. General Accounting
Office (GAO).94
As previously mentioned, EPA already has provided guidance to facilities on
this subject, but many public interest groups would like EPA to go farther in
interpreting the risk management planning requirements of the CAA Section 112(r).95
For example, US PIRG argued in a 1998 report:
EPA missed opportunities to require companies to identify inherently safer
technologies, and ignored comments made by a coalition of environmental and
labor organizations calling for a requirement that companies undertake
Technology Options analyses to identify inherently safer technologies.96
In lieu of regulations, EPA could be urged to provide technical assistance or
demonstration programs, or to develop incentives to encourage risk reduction.
EPA has considered revisions to either the risk management planning rule or
EPA guidance under the CAA Section 112(r)(7) to require or encourage chemical
facility owners to assess their vulnerability to terrorists and correct any significant
weaknesses. Some EPA officials expected new principles for risk management
planning to address both site and computer security; building access; background
checks; inventory controls; storage safety; and other physical security measures, as
well as changes that improve “inherent safety.”97
94 U.S. GAO, p. 4.
95 Hind, Rick. Legislative Director, Greenpeace Toxics Campaign. Letter to Christine Todd
Whitman, EPA Administrator. March 14, 2002.
96 Laplante, Allison. Too Close To Home: A Report on Chemical Accident Risks in the
United States, U.S. Public Interest Research Group, Washington, DC. July 22, 1998.
97 Heilprin, John. “Government to require 15,000 chemical, waste, water plants to assess
terrorism risks, make fixes,” The Associated Press, via NewsEdge Insight, June 7, 2002.
CRS-26
However, EPA has stated that its authority to regulate chemical site security is
unclear, and authority under the Clean Air Act has been questioned by the House
Committee on Energy and Commerce.98 In October 2002, Administrator Whitman
announced that EPA would not pursue chemical security regulations under the
CAA.99 President Bush has made it clear that he does not envision a large role for
EPA with respect to security from terrorism. Congress might ultimately elect to
clarify EPA authority through legislation, expanding or narrowing current
interpretations, or examine the adequacy of EPA’s implementation of the risk
management planning rule in congressional hearings.
A potential disadvantage of relying on existing law is that it may not apply to
all facilities of interest. For example, the CAA, Section 112 applies to chemicals that
were selected based on severity of potential acute adverse health effects, the
likelihood of accidental releases, and the potential magnitude of human exposure.
It excludes flammable substances when used as a fuel, or held for sale as a fuel at a
retail facility.
Reduce Risk Through Legislation. GAO has recommended that DHS and
EPA, in consultation with the Office of Homeland Security, jointly develop a
comprehensive national chemical security strategy, which should include a legislative
proposal “to require chemical facilities to expeditiously assess their vulnerability to
terrorist attacks and, where necessary, require these facilities to take corrective
action.”100 DHS and EPA agree.101 The National Strategy for the Physical
Protection of Critical Infrastructures and Key Assets asks DHS to work with
Congress to enact such legislation.
If Congress decides that legislation is required to reduce the risks of terrorism
targeting chemical plants, proposals might focus on preventing terrorism in general
or on reducing risks of terrorism specifically targeting102 chemical plants. A broad
focus on reducing terrorism would involve numerous issues that are beyond the scope
of this report. Interested readers are referred to the CRS Issue Brief IB95112,
Terrorism, the Future, and U.S. Foreign Policy.
A narrower focus on chemical plants might provide incentives for voluntary
private sector initiatives or new regulatory authorities to reduce risks. Stakeholder
views regarding the relative merits of voluntary versus mandatory approaches are
discussed in the next major section of this report, Policy Issues, in the subsection on
98 EPA. 2002. Lessons Learned in the Aftermath of September 11, 2001. p. ES-10.
99 Preston, Meredith. “EPA Announces Strategy to Meet Homeland Protection
Responsibility,” Daily Environment Report, Oct. 3, 2002. p. A-1.
100 GAO. Homeland Security: Voluntary Initiatives Are Under Way at Chemical Facilities,
but the Extent of Security Preparedness Is Unknown, GAO-03-439. March 2003. p. 31.
[http://www.gao.gov/cgi-bin/getrpt?GAO-03-439], visited Aug. 7, 2003.
101 Ibid.
102 Bush, George W. The National Strategy for the Physical Protection of Critical
Infrastructures and Key Assets, Feb. 2003. p. 66.
CRS-27
Responsibility and Accountability. Bills under current consideration are described
in the last major section of this report, Legislation in the 108th Congress.
The remainder of the present discussion analyzes selected strategies and tactics
for reducing risks that may be incorporated into legislation.
Physical Security Enhancement. Perhaps the most common approach to
improving site security is to “harden” defenses so that sites would be less vulnerable
to terrorists.103 According to the recently released DOJ vulnerability assessment
methodology, an effective protection system serves three functions: detection
(discovery or sensing of adversary action), delay (impediment to adversary progress),
and response by security personnel to ensure that a threat is neutralized.104 Examples
of hardening tactics include increasing security patrols, strengthening fences,
installing better locks on doors, relocating sensitive chemical processes within the
facility, installing intruder detection systems and alarms, and performing background
checks on employees. Congress has adopted such tactics in other contexts. For
example, the USA Patriot Act (P.L.107-56) requires background checks as a
condition for obtaining a license to operate a motor vehicle transporting in commerce
a hazardous material.
A key advantage of hardening tactics is their variety and adaptability to a range
of security needs. Other advantages include the ability to deepen defenses by adding
layers of protection and, in many cases, relatively low costs. A potential weakness
of this strategy is that even the most effective security measures might be disabled
or overwhelmed by a determined, skilled terrorist organization. For example, guards
may be bribed or killed, passwords discovered, alarms short-circuited, or computers
hacked. The World Trade Center and Pentagon attacks demonstrate the vulnerability
of any site to a novel and vigorous attack
Technology Assessment and Inherently Safer Options. An alternative
strategy for reducing risk is advocated by environmental groups. It would reduce the
hazardous characteristics of the facility, for example, by reducing production,
processing, storage, and use of dangerous chemicals, or changing the characteristics
of chemicals to make them less dangerous (e.g., by reducing volatility). Such tactics
aim to improve the “inherent safety” of a site, and are preferred by advocates to
target-hardening tactics, which they often refer to as “add-on safety systems.”105
According to this view, “‘Inherent Safety’ activities reduce or eliminate the
possibility of an accident occurring through the fundamental redesign of production
systems or products, reductions in chemical inventories, or substitution for hazardous
chemicals at the facility.”106 Currently, there is no U.S. law that explicitly promotes
use of safer technologies by the chemical industry.
103 National Institute of Justice, , p. 1.
104 Ibid., p. 15-16.
105 Laplante, Allison. Too Close To Home: A Report on Chemical Accident Risks in the
United States, U.S. Public Interest Research Group, Washington, DC. July 22, 1998.
106 Ibid.
CRS-28
Two potential advantages of this approach are that consequences of terrorism
may be reduced even if a terrorist succeeds in his mission, and that risks associated
with accidental releases of chemicals also are likely to be reduced. In addition,
efforts to promote inherent safety of production could fill gaps in current laws, which
address risks associated with specified chemicals and industries. According to the
U.S. Chemical Safety and Hazard Investigation Board, many reactive chemicals
responsible for industrial accidents are not covered by the CAA Section 112.107
Many facility operators have applied this approach in recent years. For example,
a utility in Ohio chose to employ a urea-based pollution control system instead of
another system which would have required storage of large quantities of ammonia.108
Shortly after September 11, the Blue Plains wastewater treatment facility in
Washington D.C. stopped using chlorine in favor of the less volatile sodium
hypochlorite bleach.109 Other water and wastewater treatment plants are making
similar changes in chemical usage.
The key disadvantages of this “safer” facility strategy are potentially higher
production and research and development costs, delays in achieving security while
new processes are put into place, and, at least in some cases, lack of feasibility.
However, advocates argue that use of safer technologies may reduce production costs
by reducing regulatory burdens, insurance premiums, transportation costs, and waste
disposal costs. Another potential disadvantage of the strategy is that some “safer”
tactics may simply spread a risk around, shift the risk to other locations or
populations, or substitute one risk for another. For example, in replacing an acutely
toxic chemical (that produces relatively severe health effects after a short exposure)
with a less acutely toxic chemical, one might increase chronic risks (due to low-level,
long-term exposures) or environmental risks (e.g., due to the chemical’s persistence).
Deterrence. A third approach to reducing risks aims to reduce theft, rather
than direct attacks, by making dangerous chemicals in use at a facility less attractive
to criminals, for example, by introducing a color or other property that facilitates
detection and tracking by authorities (so-called “taggants”), or by creating and storing
antidotes to toxic effects.110 A disadvantage of this approach is that taggants act as
contaminants, and therefore may impede chemical processes. For this reason,
taggants typically are useful only in end products, not in intermediate (i.e., process)
chemicals. Generally, such deterrents appear to be in the development stage and are
not available for immediate application.
Restricted Access to Information. Restricting terrorists’ access to
information about vulnerability and location of chemical facilities also might reduce
the risk of terrorism. This approach was taken by the 106th Congress when it enacted
107 U.S. Chemical Safety and Hazard Investigation Board website
[http://www.csb.gov/], visited Aug. 7, 2003.
108 American Electric Power, press release, Dec. 18, 2000.
109 “Toxic chemicals’ security worries officials,” Washington Post, Nov. 12, 2001.
110 Simpson, Michael. CRS Report 96-695 SPR, Fact Sheet on Taggants in Explosives, Jan.
21, 1997.
CRS-29
amendments to the CAA Section 112(r) to prevent Internet posting of risk
management plans and worst-case scenarios for accidents. Internet access to
information is a particular concern, because it permits anonymous inquiries about
sensitive U.S. facilities from remote locations. P.L. 107-296, that established DHS,
limits access to sensitive information potentially useful to terrorists by exempting
information about critical infrastructures submitted voluntarily to DHS from
disclosure requirements of the Freedom of Information Act (FOIA).
A key advantage of restricting access to sensitive information is that it is an
inexpensive method of reducing risk. However, some argue that information
restriction is contrary to American values, reduces public oversight of chemical
facilities and consequently facility operators’ incentives to reduce risk, and is not
likely to prevent determined terrorist groups from obtaining needed information.111
The general issue of public access to facility-specific information is discussed
under Key Issues, in the section on Public Disclosure.
Key Issues
Policy makers choosing among policy options for reducing terrorist risks
associated with chemical plants are faced with at least three fundamentally political
issues: the effect of public disclosure; the relative importance of diverse risks (and
associated costs and benefits of risk reduction), and who should be responsible (and
held accountable) for achieving results.
Public Disclosure. Public disclosure of information about chemical hazards
and risk management plans at industrial facilities is controversial.112 Professional and
trade groups representing the chemical industry oppose the release of information
regarding the vulnerability of facilities to terrorism and the potential off-site
consequences (OCA) to public health and the environment. They argue that terrorists
might use the information to target facilities that are most vulnerable or located near
large population centers. Congress responded to this view when it enacted
amendments to the CAA Section 112(r) in 1999. The chemical industry and some
policy analysts support legislation that would further restrict public disclosure of such
information and exempt it from requirements of the Freedom of Information Act
(FOIA). (See Legislation in the 108th Congress, below.)113
Other groups, including environmental and right-to-know advocates, oppose
restrictions on public disclosure. They argue that communities have a right to be
informed about hazards to which they might be exposed, and free access to
information is important to ensure public accountability of facility managers.
111 Ament, Lucy. “Greenpeace maps possible chemical accidents,” Pesticide & Toxic
Chemical News, July 1, 2002, p. 9-10.
112 Davis, Ann. “New alarms heat up debate on publicizing chemical risks,” Wall Street
Journal, May 30, 2002, p. A1.
113 Logomasini, Angela. Senators attempt balancing security and “right to know.” CEI On
Point, n. 86, July 30, 2002. Washington, DC: The Competitive Enterprise Institute. 8 pp.
CRS-30
Opponents of limiting public information also point out that citizens need
information to assess facility compliance with environmental laws, and if necessary,
to petition EPA or the courts for enforcement.114 Unsafe practices and inadequate
risk management plans, in particular, should be publicized, they contend, so that
communities may exert political or social pressure on plant managers to improve the
inherent safety of their facilities. Moreover, these groups want access to information
about similar facilities handling comparable chemicals across the United States, so
that plans and accident rates can be compared and analyzed to determine the
effectiveness of various safety measures. Informed citizens can work with local plant
managers to reduce the risk of accidents, they argue. This view was adopted by
Congress in the 1990 amendments to the CAA Section 112(r).115
A more recent argument in favor of public disclosure has been advanced by
investment groups, who argue, “Investors need to know about potential liabilities of
companies in which they invest.”116 Information about risks related to environmental
issues frequently is not reported to the Securities and Exchange Commission, even
though it requires disclosure of trends and uncertainties that are reasonably likely to
have an impact on companies’ profits.117
With respect to the possibility that information may be used by terrorists, right-
to-know advocates claim that public disclosure of chemical hazards motivates facility
operators to reduce chemical hazards, thereby reducing the likelihood and severity
of harm from terrorist attacks, as well as the risk of chemical accidents.
The net effect on risk to public health and the environment of public disclosure,
therefore, appears to depend on the relative risks of releases due to accidents, versus
those due to terrorism, and on the extent to which those risks are reduced or enhanced
by publication of risk management plans and similar information. However, data are
not available to calculate risks, relative risks, or risk reduction/enhancement
potential.
A related issue is the extent to which federal laws regarding public disclosure
should preempt state and local disclosure laws. P.L. 107-296, establishing DHS,
prohibits release under the authority of state and local disclosure laws of
“information (including the identity of the submitting person or entity) that is
voluntarily submitted to a covered Federal agency for use by that agency regarding
the security of critical infrastructure and protected systems.”
114 American Association of Law Libraries, American Library Association, et al. Letter to
U.S. Senators, July 12, 2002.
115 “Coalition says response to terrorism should not limit access to information,” Chemical
Regulation Reporter, v. 25, n. 45, Nov. 12, 2001. p. 1654.
116 Frieder, Julie (Calvert), Adam Kanzer (Domini Social Investments), Kathy Leonard
(Center for Responsible Investing), Sam Pierce (Ideals Work, Inc.), Steven J. Schueth (First
Affirmative Financial Network), Kenneth Scott (Walden Asset Management), Conrad
MacKerron (As You Sow Foundation), and Alison L.F. Wise (Progressive Asset
Management). Letter to U.S. Senators, July 11, 2002.
117 Najor, Pamela. “U.S. Corporations fail to disclose data to SEC on environmental risks,
report says,” Daily Environment Report, Oct. 1, 2002, p. A-10.
CRS-31
Relative Risks. Another important issue involves the diverse and sometimes
conflicting goals implicit in discussions of chemical site security enhancement; there
is general agreement that risks should be reduced and that “the greatest risks” should
be addressed first, but little discussion of which risks are “greatest” and should be
targeted and at what cost. For example, should we focus on lowering death rates or
rates of sickness and disability? Should we focus on preventive measures or
emergency response and recovery services? Should we allocate resources to prevent
worst-case scenarios, or everyday risks that add up over time? Are risks due to
chemical terrorism worse than risks of equal or greater magnitude due to explosions
or firearms? Should we emphasize measures to reduce terrorist risks that also may
improve federal efforts to prepare for and respond to other disasters, as the
President’s National Strategy suggests?118 To what extent are we willing to sacrifice
access to information about facilities in our neighborhoods, privacy, or government
accountability for the sake of risk reduction? Are we willing to shift federal
resources to a new Department of Homeland Security and away from other
programs? The answers to such questions depend on value judgments and are likely
to lead to diverse policy approaches and decisions about particular federal initiatives
to reduce the threat of terrorism.
For example, on the one hand, it often is argued that federal expenditures are
most efficient when they are allocated with respect to relative risks and risk reduction
opportunities. According to this view, relatively more federal funding should be
provided to programs targeting risks that are greater and more clearly documented
(e.g., to prevent smoking or motor vehicle accidents), than for programs targeting
small, hypothetical risks (e.g., from exposure to pesticide residues on food). Based
on this reasoning, the risks of chemical terrorism in the United States would deserve
relatively few resources, because they are hypothetical and very small. This is
especially true for individual chemical facilities. Such reasoning might leave some
chemical facilities vulnerable to attack. As explained by the President of the
Louisiana Chemical Association, “Worst-case scenarios are just that: Virtually every
safety system in every process would have to fail for a worst-case scenario to actually
happen.”119 Will the federal government or plant operators find such a scenario
incredible, and thus, not worth additional security investments? What cost is
justified for risk reduction at individual chemical facilities?
On the other hand, some have argued that the distribution of risk is more
important than the absolute or relative magnitude of risk. Scholars at the Brookings
Institution, for example, argue that federal resources to combat terrorism should be
devoted primarily to avoiding or mitigating potentially catastrophic terrorist acts.120
Catastrophic events, in which many people are killed or injured at once often strain
118 Office of Homeland Security. National Strategy for Homeland Security, July 2002. p.
3.
119 Johnson, Jeff. Chemical accident debate rolls on. Chemical and Engineering News, Apr.
9, 2001. p. 22.
[http://pubs.acs.org/cen], visited Aug. 6, 2003.
120 O’Hanlon, Michael E., Peter R. Orszag, Ivo H. Daalder, et al. 2002. Protecting the
American Homeland: A Preliminary Analysis, Brookings Institution Press, Washington, DC.
177 p.
CRS-32
local social, political, and economic systems, as well as emergency response
resources, as was well illustrated by the attack on the World Trade Center. Thus, the
Brookings report focuses on protecting against nuclear, chemical, or biological
terrorism and large-scale attacks at airports, seaports, nuclear and chemical plants,
stadiums, big commercial buildings, monuments, and American icons, as opposed
to preventing numerous smaller attacks that might produce an equal number of
casualties over a longer period of time. President Bush has directed the DHS
Secretary to set priorities for critical infrastructure protection“with an emphasis on
critical infrastructure and key resources that could be exploited to cause catastrophic
health effects or mass casualties comparable to those from the use of a weapon of
mass destruction,” but with consideration of numerous other potential effects of
terrorist acts.
Still others object to reliance on any form of cost-benefit accounting with
respect to public health and environmental risk management, because quantitative,
analytic tools often do not consider risk factors and management options that they
consider important.121 For example, one cannot produce a reliable estimate of
benefits that might accrue from basing decisions on the so-called “precautionary
principle” or most other preventive management tools, because specific kinds of
damages and clean-up costs may never occur, and thus cannot be validated or
corrected. Moreover, it can be argued that quantitative analysis is biased against
preventive measures, because the hypothetical benefits, as well as the hypothetical
risks, accrue (or not) in the future and generally are discounted (reduced in value).
Many observers feel this kind of process inevitably estimates that preventive options
will have relatively high short-term costs and relatively low and uncertain long-term
benefits.
Responsibility and Accountability. Deciding who should be responsible
for achieving results (or who should be held accountable) requires consideration of
many factors, including statutory authority, resource availability, technical
competence, political feasibility, and moral or ethical constraints. Responsibility is
multifaceted, involving financial, operational, and managerial duties, and may be
layered hierarchically. In addition, responsibility may be shared or distributed among
several private and public entities. For example, in the case of chemical plant safety,
responsibility probably will be divided in some manner to include owners/operators
of facilities, insurers, and some unit of government. It is up to policy makers to
decide upon the appropriate distribution of each component.
Generally, people agree that the federal government is responsible for
protecting citizens and the homeland, and that business owners are responsible for
not causing hazards for their employees, neighbors, and assets. However, people
have different views about who should be held accountable for the consequences of
an act of terrorism, what level of protection from risk is acceptable, whether the
private sector is likely to achieve that level of protection without public assistance
or oversight, and who should bear the costs of achieving greater safety. These
different views largely reflect general political philosophies (e.g., regarding the
121 For more on policy issues related to risk analysis and cost-benefit analysis, see CRS
Report 98-618, Environmental Risk Analysis: A Review of Public Policy Issues.
CRS-33
appropriate role of government and the value of public involvement in risk
management decisions), but they also are influenced by specific knowledge of, and
attitudes toward, the chemical industry, EPA, and other governmental and non-
governmental entities.
Some argue that the risks of terrorism for individual chemical facilities are so
small that many facility managers are unlikely to invest sufficient resources to
adequately ensure site security. Based on this view, some argue that sufficient
reductions in terrorist risks for the nation as a whole can be assured only if chemical
facilities are required to comply with federal standards for risk management, i.e., are
held accountable by government. Federally mandated standards are likely to ensure
a greater level of safety, according to this view, because administrative rule-making
procedures provide for public comments, including comments by people potentially
at risk if a terrorist attacks, but who do not directly profit from neighboring facilities.
Voluntary chemical site security measures advocated by trade associations do not
suffice, it is argued, because they do not cover all potentially dangerous facilities and
have no standards, no timelines, no hazard reduction policies, no measurable hazard
reduction goals, no accountability, and are not enforceable.122 However, at least some
trade associations plan to require independent audits of risk management plans, as
discussed below.
If Congress decides that the private sector must be held accountable, legislation
could be enacted authorizing EPA or the Department of Homeland Security to
conduct or oversee facility vulnerability studies or to set standards for facility risk
management. The Chairman and Ranking Member of the Senate Committee on
Environment and Public Works in the 107th Congress expressed a preference that
EPA lead such an effort,123 but the current Chairman of the same Senate committee
and the Chairman of the House Committee on Energy and Commerce prefer
leadership by the new Department.124
Others contend that chemical facility operators are willing and prepared to
reduce significant risks, for personal, professional, and business reasons.125 They
argue that well-managed businesses routinely assess, prioritize, and manage risks of
all kinds, including risks of potential exposure to hazardous chemicals due to
criminal or terrorist acts. Business incentives to good chemical risk management
include reduced legal liability, reduced insurance costs, enhanced reputation,
improved employee relations, and reduced costs for remediation and victim
122 Orum, Paul. Additional testimony in response to questions from Senator Jon Corzine
concerning the Chemical Security act, S. 1602, Jan. 15, 2002.
[http://www.rtk.net/wcs/test4.html], visited Aug. 7, 2003.
123 “EPA should take lead on water, chemicals in homeland security measure, Senators say,”
Daily Environment Report, July 23, 2002, p. A-2-3.
124 Letter from the House Committee on Energy and Commerce to The Honorable Tom
Ridge, June 19, 2002.
[http://energycommerce.house.gov/107/letters/06192002_613.htm], visited Aug. 7, 2003.
125 Zahodiakin, Phil. 2002. “Industry sees few unturned stones in anti-terror effort,”
Pesticide & Toxic Chemical News, Mar. 18, 2002, p. 10.
CRS-34
compensation. In the United States, environmental and occupational health and
safety laws provide additional incentives to many facility operators to responsibly
manage hazardous chemicals.
Many are opposed to new legislation, which, they argue, may disrupt and delay
installation of security enhancements by individual companies. On the other hand,
if such legislation were enacted, it could benefit businesses by shifting liability to the
government and discouraging states from adopting diverse regulatory strategies.
Industry representatives acknowledge that some guidance, training, and financial
assistance for threat assessment and risk management are needed, especially for
addressing risks to small businesses, but note that trade associations and industrial
research centers have been working for several years to fill such needs. Such groups
advocate a flexible, risk-based approach to securing facilities, arguing that “most
plants are not likely terrorist targets.”126 The ACC favors “public-private
partnerships that allow industry to do as much as they can on their own with perhaps
guidance [from government].”127 Business groups argue that most regulations
inappropriately force diverse enterprises to adopt a “one-size-fits-all” strategy. To
satisfy any public demand for assurance that risk reduction is occurring, some
industry representatives have recommended a safety certification process and are
willing to submit their facilities to independent audits.
In the National Strategy for the Physical Protection of Critical Infrastructures
and Key Assets, released in February 2003, the Bush Administration has
recommended legislation to enhance security measures at chemical facilities,128
although it had hoped to avoid that approach, according to the Secretary of the
Department of Homeland Security, Tom Ridge.129 He acknowledged that the
Administration (as of mid-July, 2002) had been leaning toward a voluntary
approach.130
The Administration also would assign financial responsibility to chemical
facility owners. According to Ridge, “[T]his is a cost [chemical companies] have to
absorb.” For their part, some pesticide trade groups would welcome increased
government assistance in the form of funding for education.131
126 Ibid.
127 Preston, Meredith, and Pat Phibbs. 2002. “EPA developing principles to identify.
address facilities vulnerable to terrorism,” Daily Environment Report, June 6, 2002. p. A-4.
128 Bush, George W. National Strategy for the Physical Protection of Critical Infrastructures
and Key Assets, Feb. 2003, p. 66.
129 Preston, Meredith. “Administration wants to avoid legislation requiring safety measures
at chemical sites,” Daily Environment Report, July 11, 2002, p. A-6.
130 Ibid.
131 Ibid.
CRS-35
Legislation in the 108th Congress
Background: Action in the 107th Congress. The 107th Congress passed
the Public Health Security and Bioterrorism Preparedness and Response Act of 2002
(P.L. 107-188), which requires many community water systems to perform
vulnerability assessments and to prepare emergency preparedness and response plans.
Some of these facilities handle significant quantities of hazardous chemicals.
Funding is authorized to assist communities in complying with the Act. It also
directs EPA to review methods to prevent, detect, and respond to threats to water
safety and infrastructure security. Congress also enacted P.L. 107-117, which
provides EPA with roughly $90 million to enhance the security of drinking water
treatment facilities. However, the 107th Congress did not enact legislation to reduce
risks of terrorism at other facilities handling potentially dangerous chemicals.
P.L. 107-296, establishing DHS, does not address chemical plant security
directly. However, the law will require DHS to analyze vulnerabilities and
recommend methods of enhancing site security at facilities that are part of the
“critical infrastructure”. As noted above, the Administration has identified chemical
facilities as part of the critical infrastructure in the National Strategy for the Physical
Protection of Critical Infrastructures and Key Assets. Chemical facilities are
included in several sectors: water utilities, the energy sector, and the chemical and
hazardous materials sector. The law exempts from public disclosure requirements
(i.e., FOIA) any information about physical and cyber security if it is submitted
voluntarily to DHS by such facilities for use by that agency related to “the security
of critical infrastructure and protected systems.” Disclosure under the authority of
state or local laws also is prohibited. Unauthorized disclosure of “critical
infrastructure information” by government employees is punishable by imprisonment,
fines, and removal from office.
108th Congress Activity. In the 108th Congress, S. 609/H.R. 2526 would
narrow the FOIA exemption provided by P.L. 107-296 to “records” concerning the
“vulnerability of and threats to critical infrastructure protection.”
Legislation addressing the risks of terrorism at chemical facilities is a priority
of the Chairman of the Senate Committee on Environment and Public Works, who
introduced S. 994, the Chemical Facility Security Act. S. 994 was amended and
approved by the Committee on October 23, 2003. In accord with the views of the
Bush Administration, S. 994 would authorize DHS to oversee security assessments
and planning at selected chemical facilities. The Secretary would be directed to list
chemical facilities that should be subject to regulation based on: the likelihood that
a facility will be the target of terrorism; nature and quantity of substances of concern
present; potential extent of death, injury, or serious adverse effects to human health
or the environment; potential harm to critical infrastructure and national security; cost
and technical feasibility; scale of operations; and other security-related factors that
the Secretary determines to be appropriate and necessary.
S. 994, as approved, would require the Secretary to promulgate regulations
directing owners and operators of listed facilities to conduct vulnerability
assessments, identify hazards, prepare security plans to reduce vulnerability to a
terrorist release and to respond in the event of a release, and update assessments and
CRS-36
plans periodically. Written certification of compliance would be required by DHS
from each owner or operator on a schedule to be determined by the Secretary. As
amended, S. 994, as approved, would require owners and operators to submit copies
of vulnerability assessments and plans to DHS.
S. 994 would direct DHS to conduct, or require the conduct of, vulnerability
assessments and other activities (including third-party audits) to evaluate and ensure
compliance with promulgated regulations and procedures endorsed by rule.
(Endorsements are discussed below.) Vulnerability assessments and plans would be
protected from public disclosure under FOIA and state and local disclosure laws.
Criminal penalties are provided for unauthorized knowing disclosure by federal
officials.
The bill would authorize the Secretary to identify and endorse security measures
that are substantially equivalent to requirements promulgated by DHS. Endorsement
would indicate compliance with assessment or planning requirements, if the endorsed
assessment or security procedures were implemented. Any person could petition the
Secretary for endorsement of existing procedures. If the Secretary chose not to
endorse such procedures, the Secretary would have to provide written notice
explaining why the petition was denied. Vulnerability assessments and response
plans that were in accord with endorsed procedures would be exempt from other
regulatory requirements.
Although S. 994 as approved, would not require DHS to review and approve
assessments and plans, DHS would be authorized to disapprove any assessment or
plan, and to order revision if it did not comply with regulations, or if the plan or
implementation were insufficient to address the results of a vulnerability assessment
or a threat of a terrorist release. The Secretary would be required to provide notice
of disapproval explaining deficiencies, and to identify appropriate steps to achieve
compliance. S. 994 would require the Secretary to issue a compliance order if a plan
were disapproved and compliance had not been achieved by a date determined by the
Secretary to be appropriate. Such orders would be protected from public disclosure.
Civil, but not criminal, penalties would be available if facility owners or operators
failed to comply with an administrative order. The bill also would authorize the
Secretary to provide training relevant to the Chemical Facilities Security Act to state
and local officials and facility owners or operators.
S. 6, Title X, and S. 157/H.R. 1861 contain provisions similar to S. 1602 in the
107th Congress. These bills would build on existing EPA authority to oversee
chemical facilities, but would require consultation with DHS. They would require
EPA to designate “certain combinations of chemical sources and substances of
concern” as high priority categories based on the severity of the threat posed by an
unauthorized release, proximity to population centers, and other criteria, and to
require owners and operators of facilities within high priority categories to conduct
vulnerability assessments, identify hazards, and prepare prevention, preparedness,
and response plans to eliminate or significantly lessen the potential consequences of
an unauthorized release. Plans would be required to incorporate inherently safer
technology, if practicable. Copies of vulnerability assessments and plans would be
submitted to EPA and updated periodically.
CRS-37
S. 6 and S. 157/H.R. 1861 would protect vulnerability assessments and plans
from public disclosure under FOIA, but the non-disclosure provisions of these bills
differ considerably from those in P.L. 107-296. Generally, compared to that law’s
exemption from FOIA for voluntarily submitted “critical infrastructure information,”
these Senate bills (but not S. 994 nor S. 2901, discussed below) appear to exempt a
narrower range of information from disclosure under FOIA, equivalent to exemptions
allowed by FOIA itself. In addition, S. 6 and S. 157/H.R. 1861 would allow
disclosure of information under state or local laws, if the state or local government
received the information independently of DHS. And they provide no civil liability
immunity for those who submit information nor criminal penalties for unauthorized
disclosure. For more on issues related to information disclosure, see CRS Report
RL31547, Critical Infrastructure Information Disclosure and Homeland Security.
S. 6 and S. 157/H.R. 1861 would direct EPA to review each assessment and
plan, determine compliance, and certify that determination. The bills provide for
early review and certification of assessments and plans submitted before EPA issues
regulations. EPA would be authorized to issue compliance orders 30 days after
notifying a chemical source that its assessment or plan was inadequate and offering
compliance assistance, if the plan was not revised to comply with EPA requirements.
If DHS notified a chemical source that its plan or implementation was insufficient
to address a threat of terrorist attack, and the chemical source took inadequate action
in response to that notice, DHS would be authorized to secure necessary relief to
abate the threat from a district court in the district where the threat exists.
For an analysis of key differences and a side-by-side comparison of selected
provisions of S. 157/H.R. 1861 and S. 994 as introduced, see CRS Report RL31958,
Chemical Facility Security: A Comparison of S. 157 and S. 994.
A modified version of S. 157 was introduced as an amendment (S.Amdt. 462)
to S. 762, a bill providing supplemental appropriations for FY 2003. The amendment
would have given DHS the lead role in chemical facility security. In addition, the
amendment would have established a Technology Transition Fund with up to $50
million in otherwise unappropriated funds from the general Treasury, to provide
grants to chemical facilities that demonstrate financial hardship to assist them in
adopting inherently safer technology. The amendment was not brought to the floor
due to an objection to legislating on an appropriation bill, a violation of a Senate rule.
The Congressional Budget Office (CBO) estimated that it would cost the federal
government $80 million over 5 years to develop vulnerability assessments and
monitor compliance with those assessments for the 12,000 to 15,000 chemical plants
and storage sites covered by S. 1602 (107th Congress). (It is not clear why CBO
assumed that bill requirements would apply to the entire universe of facilities
required to file risk management plans under the Clean Air Act, rather than to a
limited number of high-priority facilities.) CBO found it difficult to estimate the
costs to the private sector, since “a substantial number” of chemical plants have
CRS-38
security plans in place that may partially or completely satisfy the assessments
mandated by the bill.132
H.R. 2901, introduced July 25, 2003, is similar to S. 994, as approved, with a
few exceptions. Like S. 994, the House bill would make DHS the lead agency
overseeing chemical facility security, and give the DHS Secretary discretionary
authority to select facilities that should conduct vulnerability assessments and
security planning. Unlike S. 994, H.R. 2901 would exempt from its requirements
drinking water treatment facilities required to conduct vulnerability assessment under
the Safe Drinking Water Act, unless the owner or operator of such a facility
petitioned the Secretary to be subject to the requirements of this Act in lieu of the
former Act.133 Both S. 994 and H.R. 2901 would focus assessments and plans on
security (i.e., hardening) and emergency measures, in order to prevent and respond
to releases caused by terrorism, rather than on inherent safety measures that might
reduce the consequences of an unauthorized release, regardless of cause.
H.R. 2901 would protect from public disclosure under FOIA and state and local
disclosure laws the certification documents submitted by facility managers indicating
that they have complied with assessment, planning, and implementation
requirements, in addition to the vulnerability assessments and security plans, which
would be protected from disclosure under both Senate bills. Like S. 994, H.R. 2901
also would withhold such information from civil judicial or administrative
proceedings (except with respect to compliance with the chemical facility security
legislation), thus shielding facility owners from lawsuits. Penalties that would be
provided by H.R. 2901 for unauthorized disclosure are the same as under S. 994.
H.R. 2901 would require the Secretary to endorse security measures prepared
by outside groups in response to a petition, if the measures were substantially similar
to requirements promulgated by DHS. S. 994, as approved, would authorize rather
than mandate DHS endorsement. Also like S. 994, H.R. 2901 would authorize DHS
to disapprove any assessment or plan, and to order revision if it did not comply with
regulations, or if the plan or implementation were insufficient to address the results
of a vulnerability assessment or a threat of a terrorist release.
H.R. 2901 is similar to S. 157/H.R. 1861 and differs from S. 994 in a few
provisions. H.R. 2901 would require consultation between DHS and EPA, and
designation of high-priority facilities.
Other legislation that may be considered in the 108th Congress would provide
financial assistance to state and local governments, which may be used to enhance
chemical facility security. S. 565 and its companion H.R. 1593 would provide $10
132 U.S. Congress, Congressional Budget Office, Cost Estimate for S. 1602, Chemical
Security Act of 2002, p. 4.
[http://www.cbo.gov/showdoc.cfm?index=3840&sequence=0], visited Aug. 7, 2003.
133 H.R. 2901 also would exempt “a chemical source that is required to prepare a facility
vulnerability assessment and a facility security plan or emergency response plan under the
provision of chapter 701 of title 46, United States Code.” CRS could not identify that
provision.
CRS-39
billion for FY2003, while S. 87 and H.R. 1007 would provide $14 billion over four
years for grants to state and local governments that could be used to improve security
at chemical plants, as well as to enhance emergency planning and responses to
terrorist acts. The 108th Congress already has approved $22 million for research and
development at EPA of vulnerability assessment methodologies at water treatment
facilities (P.L. 108-7).
The security of wastewater treatment plants is addressed in several bills. S. 779
would require vulnerability assessments and emergency planning at plants serving
at least 25,000 people, or plants that EPA determines present “a sufficient security
risk” to justify assessments and planning. Assessments and plans would be
submitted to EPA and protected from public disclosure. Grants would be authorized
to assist compliance. The bill would provide $180 million in FY2004 through
FY2008 to carry out the program. S. 1039, amended, was reported by the Senate
Committee on Environment and Public Works on September 17, 2003. It is
essentially the same as House-passed H.R. 866. Both bills would authorize EPA
grants to states, municipalities, or intermunicipal or interstate agencies to conduct
vulnerability assessments of publicly owned treatment works and implement security
enhancements. Vulnerability assessments would not be submitted to EPA, but grant
applicants would be required to certify that assessments had been completed, as a
condition of receiving a grant for security enhancements. S. 1039/H.R. 866 would
authorize appropriations of $215 million for the program.
Conclusions
The threat of terrorism in the United States challenges the existing balance
maintained in federal laws between the public’s right to know about chemical
hazards and the chemical industry’s right to protect confidential business
information. At issue are risks to public health and safety, environmental protection,
civil rights and duties, national security, and privacy. Some are advocating a strategy
of relative risk analysis and analysis of risk management options to reveal the best
course of action. However, information appears to be inadequate for quantitative
evaluation of the risks of chemical releases, whether deliberate or accidental, and the
nature of terrorism makes prediction difficult. Moreover, there is no universally
accepted level of tolerable risk, no obvious basis for a comparison of relative risks
and benefits, and no established federal mechanism for ensuring responsible
management of the risks of chemical terrorism.
Policy makers face three key issues: how to evaluate the risks versus the benefits
of public disclosure; how to determine and prioritize the relative importance of
diverse risks; and who to hold responsible for achieving results. Legislative
proposals in the 108th Congress take a variety of approaches to enhance chemical site
security. S. 994, as approved, and H.R. 2901 would authorize DHS to oversee
security assessments and planning at selected chemical facilities. The Secretary
would be directed to require covered facilities to conduct vulnerability assessments,
identify hazards, and prepare security plans to reduce vulnerability to a terrorist
release and to respond in the event of a release. S. 6, Title X, and S. 157/H.R. 1861
would build on existing EPA authority to oversee chemical facilities. All of these
bills, except S. 994, would require DHS and EPA to designate “certain combinations
of chemical sources and substances of concern” as high priority categories. H.R.
CRS-40
2901 would require high-priority facilities to submit assessments and plans to DHS.
All these bills would require owners and operators of covered facilities to submit
assessments and plans to the relevant federal agency. S. 6 and S. 157/H.R. 1861 also
would require owners and operators of high-priority facilities to reduce consequences
in the event of an unauthorized release of a hazardous chemical. Funding for
enhancing chemical plant security is included in S. 565/H.R. 1593, S. 87/H.R. 1007,
and in the amendment to S. 762.
Additional Reading
CRS Report RL31547. Critical Infrastructure Information Disclosure and
Homeland Security.
CRS Report RL31861. High-Threat Chemical Agents: Characteristics, Effects, and
Policy Implications.
CRS Report RL31542. Homeland Security — Reducing the Vulnerability of Public
and Private Information Infrastructures to Terrorism: An Overview.
CRS Report RL31294. Safeguarding the Nation’s Drinking Water: EPA and
Congressional Actions.
CRS Report RS21026. Terrorism and Security Issues Facing the Water
Infrastructure Sector.
CRS Report RL31669. Terrorism: Background on Chemical, Biological, and Toxin
Weapons and Options for Lessening Their Impact.