Chemical Facility Security: Issues and Options
for the 112th Congress
Dana A. Shea
Specialist in Science and Technology Policy
February 17, 2011
Congressional Research Service
7-5700
www.crs.gov
R41642
CRS Report for Congress
P
repared for Members and Committees of Congress
Chemical Facility Security: Issues and Options for the 112th Congress
Summary
The Department of Homeland Security (DHS) has statutory authority to regulate chemical
facilities for security purposes. The 111th Congress extended this authority through March 4,
2011, and debated the scope and details of reauthorization. Some Members of Congress supported
an extension, either short or long term, of the existing authority. Other Members called for
revision and more extensive codification of chemical facility security regulatory provisions. The
tension between continuing and changing the statutory authority was exacerbated by questions
regarding the current law’s effectiveness in reducing chemical facility risk and the sufficiency of
federal funding for chemical facility security.
The DHS is in the process of implementing the authorized regulations, called chemical facility
anti-terrorism standards (CFATS). The DHS finalized CFATS regulations in 2007. No chemical
facilities have completed the CFATS process, which starts with information submission by
chemical facilities and finishes with inspection and approval of facility security measures by
DHS. Several factors, including the level of detail provided to DHS and the availability of
inspectors, likely complicate the inspection process and lead to delays in inspection.
Policymakers have questioned whether the compliance rate with the CFATS is sufficient to
address this homeland security issue.
Key policy issues debated in previous Congresses contributed to the reauthorization debate.
These issues included the adequacy of DHS resources and effort; the appropriateness and scope
of federal preemption of state chemical facility security activities; the availability of information
for public comment, potential litigation, and congressional oversight; the universe of facilities
that should be considered as chemical facilities; and the role of inherently safer technologies in
achieving security goals.
The 112th Congress might take various approaches to this issue. Congress might allow the
statutory authority to expire but continue providing appropriations to administer the regulations.
Congress might permanently or temporarily extend the expiring statutory authority in order to
observe the impact of the current regulations and, if necessary, address any perceived weaknesses
at a later date. Congress might codify the existing regulation in statute and reduce the discretion
available to the Secretary of Homeland Security to change the current regulatory framework.
Alternatively, Congress might substantively change the current regulation’s implementation,
scope, or impact by amending the existing statute or creating a new one. Finally, Congress might
choose to terminate the program by allowing its authority to lapse and removing funding for the
program. This last approach would leave chemical facility security regulation to the discretion of
state and local governments.
Congressional Research Service
Chemical Facility Security: Issues and Options for the 112th Congress
Contents
Introduction ................................................................................................................................ 1
Overview of Statute and Regulation ............................................................................................ 1
Implementation ........................................................................................................................... 3
Policy Issues ............................................................................................................................... 6
Adequacy of Funds ............................................................................................................... 7
Rate of Inspection ................................................................................................................. 7
Federal Preemption of State Activities ................................................................................... 9
Transparency of Process...................................................................................................... 10
Definition of Chemical Facility ........................................................................................... 11
Inherently Safer Technologies ............................................................................................. 13
Policy Options .......................................................................................................................... 15
Maintain the Existing Regulatory Framework...................................................................... 15
Extend the Sunset Date ................................................................................................. 16
Codify Existing Regulations.......................................................................................... 16
Alter the Existing Statutory Authority ................................................................................. 17
Accelerate or Decelerate Compliance Activities ............................................................ 17
Incorporate Additional Facility Types ............................................................................ 17
Harmonize Regulations ................................................................................................. 20
Consider Inherently Safer Technologies ........................................................................ 20
Modify Information Security Provisions........................................................................ 22
Preempt State Regulations............................................................................................. 23
Congressional Action ................................................................................................................ 24
Extend the Existing Authority ............................................................................................. 24
Modify the Existing Authority............................................................................................. 24
Tables
Table 1. DHS Funding for Chemical Facility Security Regulation by Fiscal Year ......................... 4
Table 2. Facilities Regulated by DHS under CFATS .................................................................... 5
Contacts
Author Contact Information ...................................................................................................... 25
Congressional Research Service
Chemical Facility Security: Issues and Options for the 112th Congress
Introduction
Since before September 11, 2001, congressional policymakers have expressed concern about the
safety and security of facilities possessing certain amounts of hazardous chemicals. The sudden
release of hazardous chemicals from facilities storing large quantities might potentially harm
large numbers of persons living or working near the facility. Chemical facilities engaged in
security activities on a voluntary basis, and some states enacted laws requiring additional
consideration of security at chemical facilities.1 Congress debated whether the federal
governments should regulate such facilities for security purposes to reduce the risk they pose. The
109th Congress passed legislation in 2006 providing the Department of Homeland Security (DHS)
statutory authority to regulate chemical facilities for security purposes. This statutory authority
expires in March 2011. Advocacy groups, stakeholders, and policymakers have called for
congressional reauthorization of this authority, though they disagree about the preferred approach.
Congress may extend the existing authority, revise the existing authority to resolve potentially
contentious issues, or allow this authority to lapse.
This report provides a brief overview of the existing statutory authority and the regulation
implementing this authority. It describes several policy issues raised in previous debates
regarding chemical facility security and identifies policy options for congressional consideration.
Finally, legislation in the 112th Congress is discussed.
Overview of Statute and Regulation
Congress provided statutory authority to DHS to regulate chemical facilities for security
purposes. This statutory authority gave some explicit authorities to DHS and left other
implementation aspects to the discretion of the Secretary of Homeland Security. The statute
contains a “sunset provision” and expires on March 4, 2011.2
On April 9, 2007, the Department of Homeland Security issued an interim final rule regarding the
Chemical Facility Anti-Terrorism Standards (CFATS).3 This interim final rule entered into force
on June 8, 2007. The interim final rule implements both statutory authority explicit in P.L. 109-
295, Section 550, and authorities DHS found to be implicitly granted. In promulgating the interim
final rule, DHS interpreted the language of the statute to determine what it asserts was the intent
of Congress when crafting the statutory authority. Consequently, much of the rule arises from the
Secretary’s discretion and interpretation of legislative intent rather than explicit statutory detail.
1 For example, New Jersey, Maryland, and New York each enacted laws addressing security at chemical facilities.
2 The original statute expired on October 4, 2009, three years after enactment. The Department of Homeland Security
Appropriations Act, 2010 (P.L. 111-83) extended the existing statutory authority an additional year. The Continuing
Appropriations Act, 2011 (P.L. 111-242) extended the statutory authority through December 3, 2010. The second
continuing resolution, P.L. 111-290, extended the statutory authority through December 18, 2010. The third continuing
resolution, P.L. 111-317, extended the statutory authority through December 21, 2010. The fourth continuing
resolution, P.L. 111-322, extended the statutory authority through March 4, 2011.
3 An interim final rule is a rule that meets the requirements for a final rule and that has the same force and effect as a
final rule, but that contains an invitation for further public comment on its provisions. After reviewing comments to the
interim final rule, an agency may modify the interim final rule and issue a “final” final rule.
The DHS issued a proposed rule in December 2006 and solicited public comments. 71 Federal Register 78276-78332
(December 28, 2006).
Congressional Research Service
1
Chemical Facility Security: Issues and Options for the 112th Congress
Under the interim final rule, the Secretary of Homeland Security determines which chemical
facilities must meet regulatory security requirements, based on the degree of risk posed by each
facility. Chemical facilities with greater than specified quantities of potentially dangerous
chemicals must submit information to DHS, so that DHS can determine the facility’s risk status.
The statute exempts several types of facilities from the Secretary’s authority: facilities defined as
a water system or wastewater treatment works; facilities owned or operated by the Department of
Defense or Department of Energy; facilities regulated by the Nuclear Regulatory Commission;
and those facilities regulated under the Maritime Transportation Security Act of 2002 (P.L. 107-
295).
The DHS lists 322 chemicals as “chemicals of interest” for the purposes of compliance with
CFATS.4 The DHS considers each chemical in the context of three threats: release; theft or
diversion; and sabotage and contamination. The DHS assigns high-risk facilities into one of four
risk-based tiers. The statute mandated that DHS establish performance-based security
requirements. The DHS created graduated performance-based requirements for facilities assigned
to each risk-based tier.5 Facilities in higher risk tiers must meet more stringent performance-based
requirements.
All high-risk facilities must assess their vulnerabilities, develop an effective security plan, submit
these documents to DHS, and implement their security plan.6 The vulnerability assessment serves
two purposes under the interim final rule. One is to determine or confirm the placement of the
facility in a risk-based tier. The other is to provide a baseline against which to evaluate the site
security plan activities.
The site security plans must address the vulnerability assessment by describing how activities in
the plan correspond to securing facility vulnerabilities. Additionally, the site security plan must
address preparations for and deterrents against specific modes of potential terrorist attack, as
applicable and identified by DHS. The site security plans must also describe how the activities
taken by the facility meet the risk-based performance standards provided by DHS.
The DHS must review and approve the submitted documents, audit and inspect chemical
facilities, and determine regulatory compliance. The DHS may disapprove submitted
vulnerability assessments or site security plans that fail to meet DHS standards. The DHS may
not disapprove an assessment or plan because of the presence or absence of a specific measure. In
the case of disapproval, DHS will identify in writing those areas of the assessment and/or plan
4 In November 2007, DHS issued an appendix to the interim final rule containing the list of chemicals of interest [72
Federal Register 65396-65435 (November 20, 2007)].
5 According to the White House Office of Management and Budget, a performance standard is a standard
that states requirements in terms of required results with criteria for verifying compliance but
without stating the methods for achieving required results. A performance standard may define the
functional requirements for the item, operational requirements, and/or interface and
interchangeability characteristics. A performance standard may be viewed in juxtaposition to a
prescriptive standard which may specify design requirements, such as materials to be used, how a
requirement is to be achieved, or how an item is to be fabricated or constructed.
Office of Management and Budget, The White House, “Federal Participation in the Development and Use of Voluntary
Consensus Standards and in Conformity Assessment Activities,” Circular A-119, February 10, 1998. For example, a
performance standard might require that a facility perimeter be secured, while a prescriptive standard might dictate the
height and type of fence to be used to secure the perimeter.
6 High-risk facilities may develop vulnerability assessments and site security plans using alternative security programs
so long as they meet the tiered, performance-based requirements of the interim final rule.
Congressional Research Service
2
Chemical Facility Security: Issues and Options for the 112th Congress
that need improvement. Owners or operators of chemical facilities may appeal such decisions to
DHS.
Similarly, if, after inspecting a chemical facility, DHS finds a facility not in compliance, the
Secretary must write to the facility explaining the deficiencies found, provide an opportunity for
the facility to consult with DHS, and issue an order to the facility to comply by a specified date. If
the facility continues to be out of compliance, DHS may fine and, eventually, order the facility to
cease operation. The interim final rule establishes the process by which chemical facilities can
appeal DHS decisions and rulings, but the statute prohibits third-party suits for enforcement
purposes.
The interim final rule creates a category of information protected from disclosure under the
Freedom of Information Act (FOIA) and comparable state and local laws. The DHS named this
category of information “Chemical-terrorism Vulnerability Information” (CVI). This category
protects information generated under the interim final rule, as well as any information developed
for chemical facility security purposes that the Secretary determines needs protection. In
accordance with statute, judicial and administrative proceedings shall treat CVI as classified
information. The DHS asserts sole discretion regarding who will be eligible to receive CVI.
Disclosure of CVI may be punishable by fine.
The interim final rule states it preempts state and local regulation that “conflicts with, hinders,
poses an obstacle to or frustrates the purposes of” the federal regulation. States, localities, or
affected companies may request a decision from DHS regarding potential conflict between the
regulations. Since DHS promulgated the interim final rule, Congress has amended P.L. 109-295,
Section 550, to state that such preemption will occur only in the case of an “actual conflict.”7 The
DHS has not issued revised regulations addressing this change in statute.
Implementation
Within DHS, the National Protection and Programs Directorate (NPPD) is responsible for
chemical facility security regulations. The NPPD attempts to generally reduce the risks to the
homeland and has various offices addressing both physical and virtual threats. Within NPPD, the
Office of Infrastructure Protection, through its Infrastructure Security Compliance Division,
oversees the CFATS program.8 As seen in Table 1, requested and appropriated funding for this
program has annually increased since its creation. Additionally, full-time equivalent staffing for
this program has also increased. This increase in staffing reflects, in part, the development of a
cadre of CFATS inspectors, based in regional offices.
The DHS received statutory authority to regulate chemical facilities in 2006. It did not possess a
chemical facility security office or inspector cadre at that time. The DHS requested additional
positions to create an inspector cadre and is still in the process of hiring. As of February 2011,
DHS had hired 109 inspectors.9
7 P.L. 110-161, the Consolidated Appropriations Act, 2008, Section 534.
8 The budget request for the Infrastructure Security Compliance Project contains the funding and personnel efforts
allocated for implementing the CFATS regulations.
9 Oral testimony of Rand Beers, Under Secretary, National Protection and Programs Directorate, before the House
Homeland Security Committee, Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies,
(continued...)
Congressional Research Service
3
Chemical Facility Security: Issues and Options for the 112th Congress
Chemical inspectors must be able to assess the security measures at a chemical facility using the
performance-based criteria developed by DHS. Performance-based security measures are likely
more difficult than prescriptive measures for chemical inspectors to assess and thus require
greater training and experience in the inspector cadre. In order to overcome this challenge, DHS
has established a Basic Inspector School training program for its inspector cadre. Such training,
while likely improving the quality of inspection, also introduces additional time between the
hiring of new inspectors and their deployment in the field.
Table 1. DHS Funding for Chemical Facility Security Regulation by Fiscal Year
(in millions)
Full-time
Fiscal Year
Request
Appropriation
Equivalents
FY2007 $10 $22a 0
FY2008 25
50
21
FY2009 63
78b 78
FY2010 103c 103d 246
FY2011 105e
f 257
Source: Department of Homeland Security, Preparedness Directorate, Infrastructure Protection and
Information Security, FY2007 Congressional Justification; Department of Homeland Security, National Protection
and Programs Directorate, Infrastructure Protection and Information Security, Fiscal Year 2008 Congressional
Justification; Department of Homeland Security, National Protection and Programs Directorate, Infrastructure
Protection and Information Security, Fiscal Year 2009 Congressional Justification; Department of Homeland
Security, National Protection and Programs Directorate, Infrastructure Protection and Information Security,
Fiscal Year 2010 Congressional Justification; H.Rept. 109-699; P.L. 110-28; the explanatory statement for P.L. 110-
161 at Congressional Record, December 17, 2007, p. H16092; the explanatory statement for P.L. 110-329 at
Congressional Record, September 24, 2008, pp. H9806-H9807; and H.Rept. 111-298.
Notes: Funding levels rounded to nearest million. A full-time equivalent equals one staff person working a full-
time work schedule for one year.
a. Including funds provided in supplemental appropriations.
b. Of the funds appropriated for the Infrastructure Security Compliance Project, $5 million were designated
for activities related to the development of ammonium nitrate regulations.
c. Of the funds requested for the Infrastructure Security Compliance Project, $14 million were designated for
activities related to the development of ammonium nitrate regulations.
d. Of the funds appropriated for the Infrastructure Security Compliance Project, $14 million were designated
for activities related to the development of ammonium nitrate regulations.
e. The DHS would use some requested funds to regulate ammonium nitrate sale and transfer.
f.
The continuing resolution provides funding for FY2011 at FY2010 levels.
(...continued)
February 11, 2011.
As of July 2010, DHS had hired 88 field personnel, including 11 regional commanders. Office of Infrastructure
Protection, National Protection and Programs Directorate, Department of Homeland Security, Update on
Implementation of the Chemical Facility Anti-Terrorism Standards and Development of Ammonium Nitrate
Regulations-2010 Chemical Sector Coordinating Council Security Summit, July 7, 2010.
Congressional Research Service
4
Chemical Facility Security: Issues and Options for the 112th Congress
As of January 2011, more than 38,000 chemical facilities had registered with DHS and completed
the Top-Screen process.10 Of these facilities, DHS considered more than 7,000 as high-risk and
required to submit a site vulnerability assessment.11 From the submitted site vulnerability
assessments, DHS identified and placed 4,755 facilities into preliminary or final risk tiers. Table
2 identifies by risk tier the universe of regulated facilities, with tier 1 those of highest risk.
Table 2. Facilities Regulated by DHS under CFATS
Risk
Facilities with
Facilities Awaiting Final
Total Facilities
Tier
Regulated Final Tier Decision
Tier Decision
1 218 3
221
2 535 38
573
3 1,126 146
1,272
4 2,215 474
2,689
Total 4,094 661 4,755
Source: Infrastructure Security Compliance Division, Office of Infrastructure Protection, National Protection
and Programs Directorate, Department of Homeland Security, Chemical Facility Anti-Terrorism Standards, January
27, 2011.
Notes: DHS has preliminarily assigned some facilities to a risk tier. Final assignment to a risk tier occurs after
final review of submitted vulnerability assessments.
The number of chemical facilities assigned a risk tier by DHS has declined since the CFATS
program began. This decline is likely due to a number of factors, including erroneous filing by
regulated entities, process changes on the part of regulated entities, and business operations and
decisions. The DHS has also engaged in targeted outreach activities to identify those facilities that
fall under the regulation but have not yet complied by filing required information.
The DHS planned to begin inspections of Tier 1 facilities as quickly as 14 months after issuance
of regulations.12 A series of factors have delayed inspections, including the release of additional
regulatory information in the form of an appendix, and the need to build an inspector cadre,
establish a regional infrastructure, and perform pre-authorization inspections at facilities. DHS
officials provided a series of timeframes for beginning inspections.13 The DHS began inspections
10 The Top-Screen process is the initial submission of information to DHS to determine whether a facility is high risk.
11 Infrastructure Security Compliance Division, Office of Infrastructure Protection, National Protection and Programs
Directorate, Department of Homeland Security, Chemical Facility Anti-Terrorism Standards, January 27, 2011.
12 Department of Homeland Security, Chemical Facility Anti-Terrorism Standards Interim Final Rule Regulatory
Assessment, DHS-2006-0073, April 1, 2007, p. 15.
13 In July 2007, DHS provided testimony that formal site inspections of a selected group of facilities would begin by
the end of the calendar year (Testimony of Robert B. Stephan, Assistant Secretary for Infrastructure Protection,
National Protection and Programs Directorate, Department of Homeland Security, before the House Committee on
Homeland Security, Subcommittee on Transportation Security and Infrastructure, July 24, 2007). In December 2007,
DHS provided testimony that facility inspection would begin in fall of 2008 (Testimony of Robert B. Stephan,
Assistant Secretary for Infrastructure Protection, National Protection and Programs Directorate, Department of
Homeland Security, before the House Committee on Homeland Security, Subcommittee on Transportation Security and
Infrastructure, December 13, 2007). In 2009, DHS provided testimony that inspections would begin in the first quarter
of FY2010 (Testimony of Philip Reitinger, Deputy Under Secretary, National Protection and Programs Directorate,
Department of Homeland Security, before the House Committee on Homeland Security, June 16, 2009). The DHS now
states that it expects to inspect all Tier 1 facilities by the end of calendar year 2011. Oral testimony of Rand Beers,
Under Secretary, National Protection and Programs Directorate, before the House Homeland Security Committee,
(continued...)
Congressional Research Service
5
Chemical Facility Security: Issues and Options for the 112th Congress
of Tier 1 facilities in February 2010.14 Although the DHS testified that they planned to inspect all
Tier 1 facilities by the end of calendar year 2010,15 DHS had only performed four authorization
inspections as of January 2011.16 The DHS has not approved the implementation of any site
security plan.17 The DHS now states that it expects to inspect all Tier 1 facilities by the end of
calendar year 2011.18
The DHS has identified as a factor in the delay of the inspection schedule the necessary iteration
between DHS and the regulated entity regarding its site security plan.19 The DHS has issued 63
administrative orders to compel facilities to complete their site security plans.20 In addition, DHS
established a pre-authorization inspection process to gain additional information from facilities in
order to fully assess the submitted site security plan. Once DHS completes a pre-authorization
inspection at a facility, the facility may amend its site security plan to reflect the results of the
pre-authorization inspection. The DHS has performed more than 150 pre-authorization
inspections to date.
Policy Issues
Previous congressional discussion on chemical facility security raised several contentious policy
issues.21 Some issues, such as whether DHS has sufficient funds to adequately oversee chemical
facility security; whether the federal chemical facility security regulations should preempt state
regulations; and how much information developed for chemical security purposes individuals
may share outside of the facility and the federal government, will exist even if Congress extends
the existing statutory authority. Other issues, such as what facilities should DHS regulate as a
chemical facility and whether DHS should require chemical facilities to adopt or consider
adopting inherently safer technologies, may be more likely to be addressed if Congress chooses to
revise or expand existing authority.
(...continued)
Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies, February 11, 2011.
14 Testimony of Rand Beers, Under Secretary, National Protection and Programs Directorate, Department of Homeland
Security, before the Senate Committee on Homeland Security and Governmental Affairs, March 3, 2010.
15 Oral testimony of Rand Beers, Under Secretary, National Protection and Programs Directorate, Department of
Homeland Security, before the Senate Committee on Homeland Security and Governmental Affairs, March 3, 2010.
16 Infrastructure Security Compliance Division, Office of Infrastructure Protection, National Protection and Programs
Directorate, Department of Homeland Security, Chemical Facility Anti-Terrorism Standards, January 27, 2011.
17 Oral testimony of Rand Beers, Under Secretary, National Protection and Programs Directorate, before the House
Homeland Security Committee, Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies,
February 11, 2011.
18 Oral testimony of Rand Beers, Under Secretary, National Protection and Programs Directorate, before the House
Homeland Security Committee, Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies,
February 11, 2011.
19 The DHS identified such iteration on the contents of site security plans as one factor delaying the start of the
inspection process from December 2009 to February 2010. Oral testimony of Rand Beers, Under Secretary, National
Protection and Programs Directorate, Department of Homeland Security, before the Senate Committee on Homeland
Security and Governmental Affairs, March 3, 2010.
20 Infrastructure Security Compliance Division, Office of Infrastructure Protection, National Protection and Programs
Directorate, Department of Homeland Security, Chemical Facility Anti-Terrorism Standards, January 27, 2011.
21 Congressional policymakers have debated chemical facility security issues since at least the 106th Congress.
Congressional Research Service
6
Chemical Facility Security: Issues and Options for the 112th Congress
Adequacy of Funds
The regulation establishes an oversight structure that relies on DHS personnel inspecting
chemical facilities and ascertaining whether regulated entities have implemented their approved
site security plans. Although the use of performance-based measures, where chemical facilities
have flexibility in how to achieve the required security performance, may reduce some demands
on the regulated entities, it may also require greater training and judgment on the part of DHS
inspectors. Inspecting the regulated facilities likely will be costly. Congressional oversight has
raised the question of whether DHS has requested and received appropriated funds sufficient to
hire and retain the staff necessary to perform the required compliance inspections.22
Some policymakers have expressed surprise at the pace of inspection and have suggested that
DHS increase it.23 The DHS may face challenges when creating the necessary infrastructure to
perform nationwide inspections. As stated by DHS when describing its efforts to hire, train, and
deploy an inspector cadre and support staff:
Infrastructure Security Inspectors, located in up to 10 primary field offices across the Nation,
will inspect and ensure regulatory compliance at facilities covered by the CFATS regulation,
including site security plan approval and maintaining respective inspection and audit
schedule. Creating a fully functional cadre will require not just recruiting and training staff,
but also procurement of communications and [information technology] equipment (laptops,
blackberries, etc.) to facilitate work efforts while conducting inspections and traveling, but
also the acquisition of office space and equipment, government vehicles, support staff, safety
equipment and clothing, and support for frequent travel.24
The degree to which funds meet agency needs likely depends on factors external and internal to
DHS. External factors include the number of regulated facilities and the sufficiency of security
plan implementation. Internal factors include the ratio between headquarters staff and field
inspectors; the risk tiers of the regulated facilities; and the timetable for implementation. Once the
DHS determines the number of regulated facilities and their associated timetables, DHS may be
able to more comprehensively determine its resource needs.25 Now that DHS has begun
implementation of these requirements, it may be able to provide further estimates of both funding
and staff requirements.
Rate of Inspection
No chemical facilities have completed the CFATS process, which starts with information
submission by chemical facilities and finishes with inspection and approval of security measures
by DHS.26 Several factors likely complicate the inspection process and lead to delays in
22 House Committee on Homeland Security, Subcommittee on Transportation Security and Infrastructure Protection,
Chemical Security: The Implementation of the Chemical Facility Anti-Terrorism Standards and the Road Ahead, 110th
Congress, December 12, 2007.
23 Monica Hatcher, “Why Chemical Plants Are Vulnerable to Terrorism,” Houston Chronicle, April 5, 2010.
24 Department of Homeland Security, National Protection and Programs Directorate, Infrastructure Protection and
Information Security, Fiscal Year 2009 Congressional Justification, p. IPIS-41.
25 Congress required DHS in FY2006 and FY2007 to report on the resources needed to create and implement
mandatory security requirements. See P.L. 109-295, Department of Homeland Security Appropriations Act, 2007, and
H.Rept. 109-241, accompanying P.L. 109-90, Department of Homeland Security Appropriations Act, 2006.
26 Oral testimony of Rand Beers, Under Secretary, National Protection and Programs Directorate, before the House
(continued...)
Congressional Research Service
7
Chemical Facility Security: Issues and Options for the 112th Congress
inspection. A primary factor appears to be that the information facilities submit in site security
plans does not provide what DHS views as necessary detail to evaluate compliance.27 Rather than
reject these site security plans, DHS has implemented an additional inspection function, a pre-
authorization inspection, to allow DHS to gather the necessary information from regulated
facilities. Policymakers have questioned whether DHS should continue at the current pace or
accelerate the compliance process.
While pre-authorization inspections may lead to higher quality site security plan submissions,
they appear to be a significant drain on DHS resources. The DHS cites it has performed over 175
pre-authorization inspections but only four authorization inspections.28 In principle, such pre-
authorization inspections may lower the future inspection burden, as CFATS inspectors will be
familiar with security measures at the chemical facility. Such familiarity may hasten the actual
authorization inspection.
The DHS has also suggested that pre-authorization inspections are most necessary at high risk tier
facilities, due to the complexity of the facility, the potential presence of multiple chemicals of
interest, and the higher risk-based performance standards that apply. Lower tiered facilities may
not need pre-authorization inspections both because of their comparative simplicity and the best
practices developed through the experiences of higher-tiered facilities.
In contrast, some policymakers have questioned whether the low inspection rate is due to
constraints in the number of chemical facility security inspectors hired by DHS or the availability
of appropriated funding. The CFATS regulation states that DHS will inspect the implementation
of site security plans at all facilities and requires that facilities resubmit their site security plan
every two years for Tier 1 and Tier 2 facilities or three years for Tier 3 and Tier 4 facilities. This
requires DHS to perform approximately 1,700 inspections annually in order to inspect each
facility’s implementation of its site security plan. The DHS has asserted that inspections require
two or more inspectors and approximately one week to perform.29
The DHS appears to have requested sufficient inspectors to manage the workload associated with
a reinspection cycle of every two years for top tier facilities and every three years for lower tier
facilities, but such a staffing level may be insufficient to address the large number of initial
regulatory submissions.30 This level of staffing would appear to require approximately a full cycle
of inspections to reduce the backlog created from the initial site security plan submissions. If
DHS were to hire additional inspectors, it might reduce the backlog of site security plans but also
run the risk of having additional unnecessary staff in future years.
(...continued)
Homeland Security Committee, Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies,
February 11, 2011.
27 For example, see Department of Homeland Security, Chemical Facility Anti-Terrorism Standards Site Security Plans
and Preliminary Inspections, NASTTPO Annual Meeting, May 12, 2010; and W. Koch, Air Products, Overview of DHS
CFATS Pre Authorization Visit, July 7, 2010.
28 Testimony of Rand Beers, Under Secretary, National Protection and Programs Directorate, before the House
Homeland Security Committee, Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies,
February 11, 2011.
29 Department of Homeland Security, The Chemical Facility Anti-Terrorism Standards—Update for the Chemical
Sector Security Summit, June 29, 2009.
30 CRS calculation assuming two inspectors per inspection and one inspection per week.
Congressional Research Service
8
Chemical Facility Security: Issues and Options for the 112th Congress
Finally, because DHS has focused on inspecting those facilities in the highest risk tier, it
potentially faces the most complicated inspection environments. Inspections of lower risk tier
facilities may pose fewer complications, take less time, and involve fewer inspectors. If so, DHS
might quickly and substantially increase the number of facilities inspected by focusing efforts on
lower tier facilities. Through this approach, DHS might gain insight and experience among the
inspector cadre while reducing some national risk.31
Federal Preemption of State Activities
The original statute did not expressly address the issue of federal preemption of state and local
chemical facility security statute or regulation. When DHS issued regulations establishing the
CFATS program, DHS asserted that the CFATS regulations would preempt state and local
chemical facility security statute or regulation that conflicted with, hindered, posed an obstacle, or
frustrated the purposes of the federal regulation.32 Subsequent to the release of the regulation,
Congress amended DHS’s statutory authority to state that only in the case of an “actual conflict”
would the federal regulation preempt state authority. Few states have established independent
chemical facility security regulatory programs and conflict between the federal and state activities
has not yet occurred.33 The DHS did not identify any state programs that conflict with the CFATS
regulations.34 The DHS has also not altered its regulatory language in response to the statutory
amendment.
Advocates for federal preemption call for a uniform security framework across the nation. They
assert that a “patchwork” of regulations might develop if states independently develop additional
chemical facility security regulations.35 Variances in security requirements might lead to differing
regulatory compliance costs, and companies might suffer competitive disadvantage based on their
geographic location.
Supporters of state rights to regulate chemical facility security claim that the federal regulation
should be a minimum standard with which all regulated entities must comply. They assert that
DHS should allow states to develop more stringent regulations than the federal regulations. They
claim such regulations would increase security. Some supporters of state regulation suggest that
more stringent, conflicting state regulations should preempt the federal regulations.36 Such a case
31 It should be noted that all facilities regulated under CFATS are by definition high-risk chemical facilities and that a
lower or higher risk tier is relative to other high-risk chemical facilities.
32 72 Federal Register 17688–17745 (April 9, 2007) at 17739.
33 Several states, including New Jersey, Maryland, and New York, have implemented laws addressing security at
chemical facilities.
34 72 Federal Register 17688–17745 (April 9, 2007) at 17727.
35 See, for example, National Association of Chemical Distributors, “NACD Key Issue: Chemical Facility Security,”
Key Issues 2009 Washington Fly-In 111th Congress.
36 For example, in the 111th Congress, Representative Rothman asked Secretary of Homeland Security Napolitano,
And in particular, there was language enacted in 2008 which said that the states could have their
own regulations with regard to securing chemical plant facilities unless there was a conflict with
the federal requirements. Might it be time to revisit that language to allow each state to have its
own chemical plant security regulations, even stricter than a national minimum standard, even if
they conflict?
(“House Appropriations Subcommittee on Homeland Security Holds Hearing on the Department of Homeland
Security,” CQ Congressional Transcripts, May 12, 2009.)
Congressional Research Service
9
Chemical Facility Security: Issues and Options for the 112th Congress
might occur if a state regulation mandated the use of a particular security approach at chemical
facilities, conflicting with the federal regulation that adopts a performance-based, rather than
prescriptive, approach. The desire to retain industries that might relocate faced with increased
regulation arguably would temper state inclinations to require overly stringent or incompatible
regulations.
Some policymakers may assert that chemical facility security should be left to the states rather
than be implemented as a federal regulation. If Congress allows the statutory authority to expire
and does not appropriate funds for the further implementation of CFATS, the authority would
lapse and states would again be responsible for determining what security regulation of chemical
facilities is necessary.
Transparency of Process
The CFATS process involves determining chemical facility vulnerabilities and developing
security plans to address them. Information developed in this process is not to be widely and
openly disseminated. The CFATS program protects this information by categorizing it as CVI and
providing penalties for its disclosure. Some advocates have argued for greater transparency in the
CFATS process, even if the program protects detailed information regarding potential
vulnerabilities and specific security measures. They assert that those individuals living in
surrounding communities require such non-detailed information to plan effectively and make
choices in an emergency.37
The current statute and regulation protect security-related information from public disclosure.
Only specific “covered persons” may access such protected information. While acknowledging a
legitimate homeland security need to protect security information, some policymakers have
questioned whether information protection regimes applied to chemical facilities meet other
needs. For example, first responders and community representatives have highlighted how such
information protection regimes may impede emergency response and the ability of those in the
surrounding community to react to emergency situations at the chemical facility.38 Additionally,
worker representatives have raised concerns that these information protection regimes and the
lack of mandated inclusion of worker representatives may impede worker input into security
plans.39
The current information protection regimes for chemical facility security information, CVI under
CFATS and SSI under MTSA, do not contain penalties for incorrectly marking information as
protected. Only disclosure of correctly marked information is penalized. Additionally, the
chemical facility is responsible for identifying and appropriately marking protected information.
These information markings only would be assessed in the case of dispute. As was asserted
during congressional oversight, this disparity may lead to a tendency by regulated entities, in
37 OMB Watch and Public Citizen, “Chemical Facility Anti-Terrorism Standards, Department of Homeland Security,
DHS-2006-0073,” Letter, February 7, 2007.
38 Testimony of Joseph Crawford, Chief of Police, City Saint Albans, West Virginia, before the House Committee on
Energy and Commerce, Subcommittee on Oversight and Investigations, April 21, 2009; and testimony of Kent Carper,
President, Kanawha County Commission, Kanawha County, West Virginia, before the House Committee on Energy
and Commerce, Subcommittee on Oversight and Investigations, April 21, 2009.
39 See, for example, testimony of Glenn Erwin, United Steelworkers International Union, before the Senate Committee
on Homeland Security and Governmental Affairs, July 13, 2005.
Congressional Research Service
10
Chemical Facility Security: Issues and Options for the 112th Congress
order to protect themselves against potential liability or scrutiny, to erroneously protect
information that should be made available to the public.40
Congressional investigation indicated that documents related to a 2007 explosion at a Bayer
CropScience chemical facility in West Virginia were incorrectly labeled as protected from
disclosure.41 The DHS regulated this chemical facility under the Maritime Transportation Security
Act (MTSA), not CFATS.42 In this case, security information was protected from disclosure as
Sensitive Security Information (SSI), an information protection regime similar to CVI. Company
officials broadly applied SSI markings to facility documents partly in hopes of avoiding a public
debate on the use and storage of particular chemicals at the facility. This revelation led to
questions regarding the application and oversight of such protective markings.43
Additionally, the existing statute contains no provisions explicitly protecting or allowing for
concerned covered persons to divulge protected information or to challenge the categorization of
information as protected in an attempt to inform authorities about security vulnerabilities or other
weaknesses. Depending on the circumstances, those individuals might be penalized for their
disclosure of protected information. The CFATS regulations, reflecting this inherent tension,
provide for a point of contact to which such information might be revealed, but also state
“Section 550 did not give DHS authority to provide whistleblower protection, and so DHS has
not incorporated specific whistleblower protections into this regulation.”44
Definition of Chemical Facility
The DHS regulates both entities that possess and manufacture chemicals of interest. Thus, the
term chemical facility encompasses many types of facilities, including agricultural facilities,
universities, and others. With DHS defining chemical facilities according to possession of a
substance of concern, facilities not part of the chemical manufacturing and distributing chain have
become regulated facilities. Stakeholders have expressed concern that the number of entities so
regulated might be unwieldy and that the regulatory program might focus on many chemical
facilities that pose little risk rather than on those facilities that posed more substantial risk. For
example, during the rulemaking process, DHS received commentary and revised its regulatory
threshold for possession of propane, stating:
DHS, however, set the [screening threshold quantities] for propane in this final rule at 60,000
pounds. Sixty thousand pounds is the estimated maximum amount of propane that non-
industrial propane customers, such as restaurants and farmers, typically use. The Department
believes that non-industrial users, especially those in rural areas, do not have the potential to
create a significant risk to human life or health as would industrial users. The Department
has elected, at this time, to focus efforts on large commercial propane establishments but
40 “House Energy and Commerce Subcommittee on Oversight and Investigations Holds Hearing on the Bayer
CropScience Facility Explosion,” CQ Congressional Transcripts, April 21, 2009.
41 For example, see “House Energy and Commerce Subcommittee on Oversight and Investigations Holds Hearing on
the Bayer CropScience Facility Explosion,” CQ Congressional Transcripts, April 21, 2009.
42 The DHS regulates for security purposes chemical facilities located in ports under the Maritime Transportation
Security Act of 2002 (P.L. 107-295). The chemical facility security statute exempts chemical facilities regulated under
MTSA.
43 Testimony of William B. Buckner, President and Chief Executive Officer of Bayer CropScience, before the House
Committee on Energy and Commerce, Subcommittee on Oversight and Investigations, April 21, 2009.
44 72 Federal Register 17688–17745 (April 9, 2007) at 17718.
Congressional Research Service
11
Chemical Facility Security: Issues and Options for the 112th Congress
may, after providing the public with an opportunity for notice and comment, extend its
[CFATS] screening efforts to smaller facilities in the future. This higher [screening threshold
quantity] will focus DHS’s security screening effort on industrial and major consumers,
regional suppliers, bulk retail, and storage sites and away from non-industrial propane
customers.45
Similarly, academic institutions have asserted that DHS should not apply CFATS regulations to
them because of the dispersed nature of chemical holdings at colleges and universities. These
institutions claim that regulatory compliance costs would not be commensurate with the risk
reduction.46 While the regulatory compliance costs likely decrease at lower risk tiers compared to
higher risk tiers, all regulated entities bear compliance costs as continued annual expenses.
As mentioned above, the statutory authority underlying CFATS exempts several types of
facilities, including water and wastewater treatment facilities. The federal government does not
regulate water and wastewater treatment facilities for chemical security purposes. Instead, current
chemical security efforts at water and wastewater treatment facilities are voluntary in nature.47
Some advocacy groups have called for inclusion of currently exempt facilities, such as water and
wastewater treatment facilities.48 Some drinking water and wastewater treatment facilities possess
large amounts of potentially hazardous chemicals, such as chlorine, for purposes such as
disinfection.49 Advocates for their inclusion in security regulations cite the presence of such
potentially hazardous chemicals and their relative proximity to population centers as reasons to
mandate security measures for such facilities. In contrast, representatives of the water sector point
to the critical role that water and wastewater treatment facilities play in daily life. They caution
against including these facilities in the existing regulatory framework because of the potential for
undue public impacts. They cite, for example, loss of basic fire protection and sanitation services
if the federal government orders a water or wastewater utility to cease operations for security
reasons or failure to comply with regulation.50
If Congress were to remove the drinking water and wastewater treatment facility exemption, the
number of regulated facilities might substantially increase, placing additional burdens on the
CFATS program. The United States contains approximately 52,000 community water systems and
16,500 wastewater treatment facilities.51 These facilities vary substantially in size and service.
45 72 Federal Register 65396–65435 (November 20, 2007) at 65406.
46 72 Federal Register 65396–65435 (November 20, 2007) at 65412.
47 Congress required certain drinking water facilities to perform vulnerability assessments and develop emergency
response plans through section 401 of P.L. 107-188, the Public Health Security and Bioterrorism Preparedness and
Response Act of 2002. For more information on drinking water security activities, see CRS Report RL31294,
Safeguarding the Nation’s Drinking Water: EPA and Congressional Actions, by Mary Tiemann.
48 See, for example, Paul Orum and Reece Rushing, Center for American Progress, Chemical Security 101: What You
Don’t Have Can’t Leak, or Be Blown Up by Terrorists, November 2008; and testimony of Philip J. Crowley, Senior
Fellow and Director of Homeland Security, Center for American Progress, before the House Committee on Energy and
Commerce, Subcommittee on Environment and Hazardous Materials, June 12, 2008.
49 See U.S. Environmental Protection Agency, Factoids: Drinking Water and Ground Water Statistics for 2008, EPA
816-K-08-004, November 2008; and U.S. Environmental Protection Agency, Clean Watersheds Needs Survey 2004:
Report to Congress, January 2008.
50 American Water Works Association, “Chemical Facility Security,” Fact Sheet, 2009, online at
http://www.awwa.org/files/GovtPublicAffairs/PDF/2009Security.pdf. For more information on security issues in the
water infrastructure sector, see CRS Report RL32189, Terrorism and Security Issues Facing the Water Infrastructure
Sector, by Claudia Copeland.
51 See U.S. Environmental Protection Agency, Factoids: Drinking Water and Ground Water Statistics for 2008, EPA
816-K-08-004, November 2008; and U.S. Environmental Protection Agency, Clean Watersheds Needs Survey 2004:
(continued...)
Congressional Research Service
12
Chemical Facility Security: Issues and Options for the 112th Congress
The number of regulated facilities would depend on the criteria used to determine inclusion, such
as chemical possession or number of individuals served. It is likely that only a subset of these
facilities would meet a regulatory threshold.52 A DHS official testified that approximately 6,000
facilities would likely meet the CFATS threshold.53
Inherently Safer Technologies
Previous debate on chemical facility security has included whether to mandate the adoption or
consideration of changes in chemical processes to reduce the potential consequences following a
successful attack on a chemical facility. Suggestions for such changes have included reducing the
amount of chemical stored onsite and changing the chemicals used. In previous congressional
debate, these approaches have been referred to as inherently safer technologies or methods to
reduce the consequences of a terrorist attack.
A fundamental challenge for inherently safer technologies is how to compare one technology with
its potential replacement. It is challenging to unequivocally state that one technology is inherently
safer than the other without adequate metrics. Risk factors may exist outside of the comparison
framework.54 Some experts have asserted that the metrics for comparing industrial processes are
not yet fully established and need additional research and study.55 The National Academies have
recommended that DHS support research and development to foster cost-effective, inherently
safer chemistries and chemical processes.56A facility might consider many additional factors
beyond homeland security implications when weighing the applicability and benefit of switching
from one process to another. These factors include cost, technical challenges regarding
implementation in specific situations, supply chain impacts, quality and availability of end
products, and indirect effects caused to workers.57
(...continued)
Report to Congress, January 2008. For comparison, more than 38,000 chemical facilities filed a Top-Screen under
CFATS.
52 For example, the number of individuals served by the drinking water facility might be used as a regulatory criterion.
Section 401 of the Public Health Security and Bioterrorism Preparedness and Response Act of 2002 (P.L. 107-188)
mandated drinking water facilities serving more than 3,300 individuals develop an emergency response plan and
perform a vulnerability assessment. Approximately 8,400 community water systems met this requirement at that time.
For more information on drinking water security activities, see CRS Report RL31294, Safeguarding the Nation’s
Drinking Water: EPA and Congressional Actions, by Mary Tiemann.
53 Oral testimony of Rand Beers, Under Secretary, National Protection and Programs Directorate, before the House
Homeland Security Committee, Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies,
February 11, 2011.
54 For example, the replacement of hydrogen fluoride with sulfuric acid for refinery processing would replace a more
toxic chemical with a less toxic one. In this case, experts estimate that equivalent processing capacity would require
twenty-five times more sulfuric acid. Thus, more chemical storage facilities and transportation would be required,
potentially posing different dangers than atmospheric release to the surrounding community. Determining which
chemical process had less overall risk might require considering factors both internal and external to the chemical
facility and the surrounding community. See Testimony of Dr. M. Sam Mannan, Director, Mary Kay O’Connor Process
Safety Center, Texas A&M University, before the House Committee on Homeland Security, December 12, 2007.
55 Testimony of Dr. M. Sam Mannan, Director, Mary Kay O’Connor Process Safety Center, Texas A&M University,
before the House Committee on Homeland Security, December 12, 2007.
56 Committee on Assessing Vulnerabilities Related to the Nation’s Chemical Infrastructure, National Research Council,
Terrorism and the Chemical Infrastructure: Protecting People and Reducing Vulnerabilities, 2006.
57 For further discussion on this issue, see Center for Chemical Process Safety, American Institute of Chemical
Engineers, Final Report: Definition for Inherently Safer Technology in Production, Transportation, Storage, and Use,
(continued...)
Congressional Research Service
13
Chemical Facility Security: Issues and Options for the 112th Congress
Supporters of adopting these approaches as a way to improve chemical facility security argue that
reducing or removing these chemicals from a facility will reduce the incentive to attack the
facility. They suggest that reducing the consequences of a release also lowers the threat from
terrorist attack and mitigates the risk to the surrounding populace. They point to facilities that
have voluntarily changed amounts of chemicals on hand or chemical processes in use as examples
that facilities can implement such an approach in a cost-effective, practical fashion.58
Opponents of mandating what proponents call inherently safer technologies question the validity
of the approach as a security tool and the government’s ability to effectively oversee its
implementation. Industrial entities assert that process safety engineers within the regulated
industry already employ such approaches and that these are safety, not security, methods. They
assert that process safety experts and business executives should determine the applicability and
financial practicality of changing existing processes at specific chemical facilities.59 They also
state concern that few existing alternative approaches are well understood with regard to their
unanticipated side effects. They claim that researchers should continue to study these alternative
approaches rather than immediately apply them, since unanticipated side effects could injure
business and other interests.60 A third opposing view questions whether the federal government
contains the required technical expertise to adjudicate the practicality and benefit of alternative
technological approaches. Holders of this view raise concerns that the federal government may
not possess the required knowledge or expertise to judge whether a particular site can implement
alternative technology, even if the alternative theoretically provides benefits over existing
technology.61
Some industry representatives have asserted that an inherently safer technology mandate might
have a potentially significant negative financial impact.62 Regulated entities incur a cost when
meeting existing CFATS requirements, and small businesses may be challenged to make
(...continued)
July 2010.
58 See, for example, Paul Orum and Reece Rushing, Center for American Progress, Preventing Toxic Terrorism: How
Some Chemical Facilities are Removing Danger to American Communities, April 2006; and Paul Orum and Reece
Rushing, Center for American Progress, Chemical Security 101: What You Don’t Have Can’t Leak, or Be Blown Up by
Terrorists, November 2008.
59 See, for example, Testimony of Timothy J. Scott, Dow Chemical Company, before the House Committee on
Homeland Security, Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies, February
11, 2011; and Testimony of Marty Durbin, Managing Director, Federal Affairs, American Chemistry Council, before
the House Committee on Energy and Commerce, Subcommittee on Environment and Hazardous Materials, June 12,
2008.
60 For example, EPA experts have pointed to the change by drinking water treatment facilities between two approved
disinfectants—chlorine and chloramine—as correlated with an unexpected increase in levels of lead in drinking water
due to increased corrosion. Government Accountability Office, Lead in D.C. Drinking Water, GAO-05-344, March
2005.
61 See, for example, Testimony of M. Sam Mannan, Director, Mary Kay O’Connor Process Safety Center, Texas A&M
University, before the House Committee on Homeland Security, Subcommittee on Cybersecurity, Infrastructure
Protection, and Security Technologies, February 11, 2011; Testimony of Dennis C. Hendershot, Staff Consultant,
Center for Chemical Process Safety, American Institute of Chemical Engineers, before the Senate Committee on
Environment and Public Works, June 21, 2006, S.Hrg. 109-1044; and Testimony of Matthew Barmasse, Synthetic
Organic Chemical Manufacturers Association, before the Senate Committee on Homeland Security and Governmental
Affairs, July 13, 2005.
62 Testimony of Stephen Poorman, International EHS Manager, FUJIFILM Imaging Colorants Ltd., on behalf of the
Society of Chemical Manufacturers and Affiliates before the Senate Committee on Homeland Security and
Governmental Affairs on March 3, 2010.
Congressional Research Service
14
Chemical Facility Security: Issues and Options for the 112th Congress
necessary capital investments. In its interim final rule, DHS estimated that CFATS “may have a
significant economic impact on a substantial number of small entities.”63 Because of the
performance-based nature of the regulatory requirement, it is difficult to detail the exact impact
on small businesses.64 Policymakers in previous Congresses highlighted the issue of small
business impact, especially in the context of requiring additional measures that might hurt
productivity.
Policy Options
The statutory authority for CFATS expires on March 4, 2011. The 112th Congress may address
chemical facility security through several options. Congress might extend further the existing
statutory authority by revising or repealing its sunset provision; codify the existing regulations;
amend the existing statutory authority; address existing programmatic activities; or restrict or
expand the scope of chemical facility security regulation.
If Congress does not act and allows the statutory authority to expire, the authority for the
application and enforcement of the CFATS regulations may be brought into question. In the case
where Congress allows the statutory authority to expire, but Congress appropriates funds for
enforcing the CFATS program, DHS will likely be able to enforce the CFATS regulations. The
Government Accountability Office (GAO) has found that in the case where a program’s statutory
authority expires, but Congress explicitly appropriates funding for it, the program may continue
to operate without interruption.65 If Congress allows the statutory authority to expire and also
does not appropriate funding for implementing the CFATS program, the CFATS regulations will
likely also lapse. In this case, the states would likely become the primary source of any chemical
facility security regulation.
Maintain the Existing Regulatory Framework
The existing statutory authority places much of the CFATS regulatory framework at the discretion
of the Secretary of Homeland Security. The DHS is still in the process of implementing these
regulations and has not yet determined their efficacy. Congressional oversight of their
implementation, enforcement, and efficacy may play a key role in determining the sufficiency of
the existing authority and regulations. Congress might choose to maintain the existing regulations
by extending the statutory authority’s sunset date or codifying the existing regulations. Also, as
noted above, allowing the statutory authority to expire could in effect maintain the existing
regulatory framework if Congress continues to fund implementation, although this might lead to
litigation.
63 72 Federal Register 17688–17745 (April 9, 2007) at 17772.
64 Department of Homeland Security, Chemical Facility Anti-Terrorism Standards Interim Final Rule Regulatory
Assessment, DHS-2006-0073, April 1, 2007.
65 Office of the General Counsel, General Accounting Office, Principles of Federal Appropriations Law, Third Edition,
GAO-04-261SP, January, 2004, pp. 2-70–2-71.
Congressional Research Service
15
Chemical Facility Security: Issues and Options for the 112th Congress
Extend the Sunset Date
Congressional policymakers might choose to extend the current statutory authority for a fixed or
indefinite time. In passing the 2010 DHS appropriations act (P.L. 111-83), Congress extended the
existing statutory authority one year to October 4, 2010, as requested by the Obama
Administration.66 The Continuing Appropriations Act, 2011 (P.L. 111-242) extended the statutory
authority through December 3, 2010. The second continuing appropriations act, P.L. 111-290,
extended the statutory authority through December 18, 2010. The third continuing appropriations
act, P.L. 111-317, extended the statutory authority through December 21, 2010. The fourth
continuing appropriations act, P.L. 111-322, extended the statutory authority through March 4,
2011. The Obama Administration requests an additional one year extension of the statutory
authority until October 4, 2011.67 Extending the existing statutory authority may provide
regulated entities continuity and protect them from losing those resources already expended in
regulatory compliance. An extension may allow assessment of the efficacy of the existing
regulations and inclusion of this information in any future attempts to revise or extend DHS’s
statutory authority. Moreover, since DHS is in the process of implementing current regulations,
some policymakers argue for a simple extension without changing statutory requirements.
The Obama Administration supports enacting a permanent statutory authority.68 Congress might
make the existing program permanent by removing the sunset date entirely. Some chemical
manufacturers support converting the existing program into a permanent program.69 The removal
of the sunset date would maintain the current discretion granted to the Secretary of Homeland
Security to develop regulations and might allow assessment of the efficacy of the existing
regulations. Making the existing statute permanent would provide consistency in authority and
remove the statutory pressure to reauthorize the program. The presence of a sunset date for the
statutory authority increases the likelihood of congressional attention to chemical facility security
as a legislative topic. Some advocates who wish for more regular congressional review of the
statute might oppose removing the sunset date.
Codify Existing Regulations
Congressional policymakers might choose to affirm the existing regulations by codifying them or
their principles in statute. Such codification could reduce the discretion of the Secretary of
Homeland Security to alter the CFATS regulations in the future. The existing statutory authority
grants broad discretion to the Secretary to develop many elements of the CFATS regulations.
Future Secretaries may choose to alter its structure or approach and still comply with the existing
statute. Policymakers might identify specific components of the existing regulation that they wish
any future regulation to retain and codify those portions. Doing so might limit the ability of the
Secretary to react to changing circumstance, gained experience, and new knowledge. On the other
66 Department of Homeland Security, FY2010 Budget Justification.
67 Office of Management and Budget, The White House, Budget of the United States Government, Fiscal Year 2011,
Appendix, p. 574.
68 Oral testimony of Rand Beers, Under Secretary, National Protection and Programs Directorate, before the House
Homeland Security Committee, Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies,
February 11, 2011.
69 Randy Dearth and Cal Dooley, “Commentary: Taking Chemical Plant Security In Pittsburgh Seriously,” Pittsburgh
Post-Gazette, May 27, 2009.
Congressional Research Service
16
Chemical Facility Security: Issues and Options for the 112th Congress
hand, the codified portions might enhance the regulated community’s ability to plan for future
expenses and requirements.
Alter the Existing Statutory Authority
Congressional policymakers might choose to alter the existing statutory authority to modify the
existing regulations, address stakeholder concerns, or broadly change the regulatory program.
Accelerate or Decelerate Compliance Activities
The DHS bases its schedule for facility CFATS compliance on the chemical facility’s assigned
risk tier. Those chemical facilities assigned to higher risk tiers have a more accelerated
compliance and resubmission schedule than those assigned to lower risk tiers. Congress might
attempt to accelerate the compliance schedule by increasing funding available to DHS for
CFATS, thereby increasing the ability of DHS to provide feedback to regulated entities, review
submissions, and inspect facilities filing site security plans. Additional funding might reduce or
mitigate inefficiencies or delays related to DHS processing of submissions.
Alternatively, policymakers might provide DHS with the authority to use third parties as CFATS
inspectors. The DHS could then augment the number of CFATS inspectors to meet increased
demand or delegate inspection authority to state and local governments. Third-party inspectors
might allow DHS to draw on expertise outside of the federal government in assessing the efficacy
of the implemented site security activities. The DHS may need to define the roles and
responsibilities of these inspectors and how DHS will assess and accredit their qualifications. The
DHS has stated its intent to issue a rulemaking regarding the use of third-party auditors but has
not yet done so.70 The use of third-party inspectors might lead to concerns about equal treatment
of chemical facilities by different third-party inspectors, and questions about whether homeland
security inspections of this type are an inherently governmental responsibility that only federal
employees should perform.
Congress might choose to slow the implementation schedule of the chemical facility security
regulations. Concern about the impact of the regulation on small businesses or other entities
might lead to a decelerated compliance schedule. The DHS has already implemented select
regulatory extensions for certain agricultural operations.71 Congressional policymakers might
direct DHS to provide longer submission, implementation, and resubmission timelines for those
regulated entities that might suffer disproportionate economic burdens from compliance.
Incorporate Additional Facility Types
Policymakers might remove some or all of the statutory exclusions from the CFATS program. The
DHS and the Environmental Protection Agency (EPA) have called for additional authorities to
regulate water and wastewater treatment facilities:
The Department of Homeland Security and the Environmental Protection Agency believe
that there is an important gap in the framework for regulating the security of chemicals at
70 72 Federal Register 17688–17745 (April 9, 2007) at 17712.
71 73 Federal Register 1640 (January 9, 2008).
Congressional Research Service
17
Chemical Facility Security: Issues and Options for the 112th Congress
water and wastewater treatment facilities in the United States. The authority for regulating
the chemical industry purposefully excludes from its coverage water and wastewater
treatment facilities. We need to work with the Congress to close this gap in the chemical
security authorities in order to secure chemicals of interest at these facilities and protect the
communities they serve. Water and wastewater treatment facilities that are determined to be
high-risk due to the presence of chemicals of interest should be regulated for security in a
manner that is consistent with the CFATS risk and performance-based framework while also
recognizing the unique public health and environmental requirements and responsibilities of
such facilities.72
The EPA has testified that the Obama Administration believes that EPA should be the lead agency
for chemical security for both drinking water and wastewater systems, with DHS supporting
EPA’s efforts.73 The EPA also supports providing states with an important role in regulating
chemical security at water systems, including determinations, auditing, and inspecting.74
In addition, DHS supports modifying the existing exemption for (1) MTSA facilities to increase
security at these facilities to the CFATS standard and (2) facilities regulated by the Nuclear
Regulatory Commission to clarify the scope of the exemption.75
If Congress provides the executive branch with statutory authority to regulate water and
wastewater treatment facilities for chemical security purposes, it may weigh several policy
decisions. Among these choices are: which facilities should be regulated; how stringent such
security measures should be; what federal agency should oversee them; and whether compliance
with these security measures is feasible given the public nature of many water and wastewater
treatment facilities.
One option for congressional policymakers might be to include water and wastewater treatment
facilities under the existing CFATS regulations, effectively removing the exemption currently in
statute. This would place water and wastewater treatment facilities on par with other possessors
of chemicals of interest. The DHS would provide oversight of all regulated chemical facilities.76
Opponents might claim that activities under CFATS, such as vulnerability assessment, duplicate
existing requirements under the Safe Drinking Water Act.77 Also, opponents of such an approach
72 Testimony of Benjamin H. Grumbles, Assistant Administrator for Water, U.S. Environmental Protection Agency
before the House Committee on Energy and Commerce, Subcommittee on Environment and Hazardous Materials, June
12, 2008. See also testimony of Rand Beers, Under Secretary, National Protection and Programs Directorate,
Department of Homeland Security, before the Senate Committee on Homeland Security and Governmental Affairs,
March 3, 2010.
73 Testimony of Peter S. Silva, Assistant Administrator for Water, Environmental Protection Agency, before the Senate
Committee on Homeland Security and Governmental Affairs, March 3, 2010.
74 Testimony of Peter S. Silva, Assistant Administrator for Water, Environmental Protection Agency, before the Senate
Committee on Homeland Security and Governmental Affairs, March 3, 2010.
75 Testimony of Rand Beers, Under Secretary, National Protection and Programs Directorate, Department of Homeland
Security, before the Senate Committee on Homeland Security and Governmental Affairs, March 3, 2010. The DHS and
the Nuclear Regulatory Commission are developing a memorandum of agreement regarding security at chemical
facilities regulated by the Nuclear Regulatory Commission (Personal communication between DHS and CRS, February
2, 2011).
76 Those chemical facilities exempt from CFATS because they are regulated under MTSA are overseen by the Coast
Guard, which is part of DHS. The DHS testified that 365 facilities are fully exempt from CFATS regulation due to
compliance with MTSA, while 135 are partially exempt (“House Homeland Security Committee Holds Hearing on the
Chemical Facility Antiterrorism Act of 2009,” CQ Congressional Transcripts, June 16, 2009).
77 Section 1433 of the Safe Drinking Water Act as amended by section 401 of P.L. 107-188, the Public Health Security
(continued...)
Congressional Research Service
18
Chemical Facility Security: Issues and Options for the 112th Congress
cite the essential role that water and wastewater treatment facilities play in daily life and assert
that several authorities available to DHS under CFATS, such as the ability to require a facility to
cease operations, are inappropriate if applied to a municipal utility.78
Another option might be to grant statutory authority to regulate water and wastewater treatment
facilities for security purposes to EPA or require DHS to consult with EPA regarding its
regulation of water and wastewater treatment facilities. Since water treatment facilities must
provide a vulnerability assessment to EPA, some facilities might view regulation under CFATS as
redundant in this context. Some industry representatives have expressed concern regarding the
effects of multiple agencies regulating security at drinking water and wastewater treatment
facilities.79 They assert that municipalities that operate both types of facilities might face
conflicting regulations and guidance if different agencies regulate drinking water and wastewater
treatment facilities. These stakeholders suggest that EPA retaining the lead for water and
wastewater facilities would be more efficient. Following prior debate on chemical facility
security, Congress provided statutory authority for chemical security to DHS. This separated DHS
security responsibilities from the public health and safety responsibilities given to EPA. Providing
one agency the authority to oversee safety and security operations may reduce the potential for
redundancy and other inefficiencies but also might increase stakeholder reluctance to voluntarily
consult on security issues.80
If policymakers assign responsibility for chemical facility security at different facilities to
different agencies, each agency affected will promulgate separate rules. These rules may be
similar or different depending on the agencies’ statutory authority, interpretation of that authority,
and ability of the regulated entities to comply as well as any interagency coordination that might
occur. Congress may wish to assess the areas where such facilities are similar and different in
order to provide authorities that meet any unique characteristics.
Any new regulation of drinking water and wastewater treatment facilities is likely to cause the
regulated entities, and potentially the federal government, to incur some costs. Representatives of
the water and wastewater sectors argue that local ratepayers will eventually bear the capital and
ongoing costs incurred due to increased security measures.81 Congressional policymakers may
wish to consider whether the regulated entities should bear these costs, as is done for other
regulated chemical facilities, and by those ratepayers they serve or by the taxpayers in general
through financial assistance to the regulated entities. Additionally, if inclusion of other facility
types significantly increases the number of regulated entities, DHS may require additional funds
to process regulatory submissions and perform required inspections.
(...continued)
and Bioterrorism Preparedness and Response Act of 2002.
78 Testimony of Brad Coffey, Association of Metropolitan Water Agencies, before the House Committee on Energy
and Commerce, Subcommittee on Environment and Hazardous Materials, June 12, 2008.
79 See, for example, American Water Works Association, “AWWA Members Urged to Contact Congress on Chemical
Security Bill,” and Association of Metropolitan Water Agencies, “Drinking Water Security and Treatment Mandates,”
Policy Resolution, October 2008.
80 Some agencies oversee both safety and security issues. For example, the U.S. Coast Guard has both safety and
security responsibilities for ports.
81 Testimony of Brad Coffey, Association of Metropolitan Water Agencies, before the House Committee on Energy
and Commerce, Subcommittee on Environment and Hazardous Materials, June 12, 2008.
Congressional Research Service
19
Chemical Facility Security: Issues and Options for the 112th Congress
Harmonize Regulations
Other security provisions, such as MTSA, apply to some facilities exempt from the existing
chemical facility security regulations. The DHS supports modifying the existing exemption for
MTSA facilities to increase security at these facilities to the CFATS standard and modifying the
existing exemption for facilities regulated by the Nuclear Regulatory Commission to clarify the
scope of the exemption.82 The EPA has testified that the Obama Administration believes that DHS
should be responsible for ensuring consistency of high-risk chemical facility security across all
critical infrastructure sectors.83 If Congress modifies these exemptions, conflicts may arise
between requirements under chemical facility security regulations and these other provisions. One
approach to resolving these conflicts is to identify which statute would supersede the others,
providing a single statutory requirement. Critics of such an approach might assert that the
superseding statute does not contain all of the protections present in the other statutes. Another
approach might be to require agencies to generally harmonize the regulations implementing each
statute. Regulatory agencies might identify and determine the best ways to meet statutory
requirements while also limiting regulatory duplication or contradiction. Such harmonization
might reduce the regulatory burden on companies possessing facilities regulated under two
frameworks, such as MTSA and CFATS, by allowing a single security approach to the
regulations. In contrast, if the process of harmonization leads to a significant increase in security
requirements, the regulatory burden faced by industry might increase.
Consider Inherently Safer Technologies
Congressional policymakers may choose to address the issue of inherently safer technologies,
sometimes called methods to reduce the consequences of terrorist attack. One approach might be
to mandate the implementation of inherently safer technologies for a set of processes. Another
might be to mandate the consideration of implementation of inherently safer technologies with
certain criteria controlling whether implementation is required. A third approach might be to
mandate the development of a federal repository of inherently safer technology approaches and
consideration of chemical processes against those options listed in the repository. Stakeholders
might assess and review the viability of applying these inherently safer approaches at lower cost
if such information were centralized and freely available. Alternatively, policymakers might
establish an incentive-based structure outside of the chemical facility security mandate to
encourage the adoption of inherently safer technologies by regulated entities. Lastly,
congressional policymakers might choose to not require any consideration or adoption of
inherently safer technology approaches.
The Obama Administration has given some support to the use of inherently safer technologies to
enhance security at high-risk chemical facilities. It has established a series of principles directing
its policy:
• The Administration supports consistency of inherently safer technology
approaches for facilities regardless of sector.
82 Testimony of Rand Beers, Under Secretary, National Protection and Programs Directorate, Department of Homeland
Security, before the Senate Committee on Homeland Security and Governmental Affairs, March 3, 2010.
83 Testimony of Peter S. Silva, Assistant Administrator for Water, Environmental Protection Agency, before the Senate
Committee on Homeland Security and Governmental Affairs, March 3, 2010.
Congressional Research Service
20
Chemical Facility Security: Issues and Options for the 112th Congress
• The Administration believes that all high-risk chemical facilities, Tiers 1-4,
should assess [inherently safer technology] methods and report the assessment in
the facilities’ site security plans. Further, the appropriate regulatory entity should
have the authority to require facilities posing the highest degree of risk (Tiers 1
and 2) to implement inherently safer technology methods if such methods
demonstrably enhance overall security, are determined to be feasible, and, in the
case of water sector facilities, consider public health and environmental
requirements.
• For Tier 3 and 4 facilities, the appropriate regulatory entity should review the
inherently safer technology assessment contained in the site security plan. The
entity should be authorized to provide recommendations on implementing
inherently safer technologies, but it would not have the authority to require
facilities to implement the inherently safer technology methods.
• The Administration believes that flexibility and staggered implementation would
be required in implementing this new inherently safer technology policy.84
A congressional mandate for regulated entities to adopt or consider adopting inherently safer
technologies may lead regulated entities to consider factors such as homeland security impact in
their chemical process assessments. Some experts assert that existing chemical process safety
activities consider and assess inherently safer technology approaches.85 These assessments may
lead to changes in chemical process when deemed safer, more reliable, and cost-effective. The
extent to which homeland security impact has factored into these industry decisions is unknown,
but DHS has identified cases where chemical facilities have voluntarily modified chemical
processes to lower their CFATS tier. An additional complication to assessing inherently safer
technology is the varying amounts and quality of information available regarding industrial
implementation of inherently safer technologies. While some facilities have converted to
processes generally deemed as inherently safer, other facilities may not have sufficient
information available to effectively assess the impacts from changing existing processes to ones
considered inherently safer.86 The differences that exist among chemical facilities, in terms of
chemical process, facility layout, and ability to finance implementation may challenge mandatory
implementation of inherently safer technologies at regulated entities. Even the mandatory
consideration of inherently safer technologies may place a financial burden on some small
regulated entities. Congress might limit mandatory measures to those facilities considered by
DHS to pose the most risk or might provide such financial assistance to regulated facilities.87
84 Testimony of Rand Beers, Under Secretary, National Protection and Programs Directorate, Department of Homeland
Security, before the Senate Committee on Homeland Security and Governmental Affairs, March 3, 2010.
85 See, for example, Testimony of Dennis C. Hendershot, Staff Consultant, Center for Chemical Process Safety,
American Institute of Chemical Engineers, before the Senate Committee on Environment and Public Works, June 21,
2006, S.Hrg. 109-1044.
86 The DHS Science and Technology (S&T) Directorate is engaged in a Chemical Infrastructure Risk Assessment
Project that, among other goals, will assess the potential for safer alternative processes that may reduce risk to a select
subset of high volume toxic chemicals (Department of Homeland Security, FY2010 Budget Justification, pp. S&T
R&D - 27–28). The Chemical Security Analysis Center of the DHS S&T Directorate contracted with the Center for
Chemical Process Safety of the American Institute of Chemical Engineers to develop a technically based definition for
inherently safer technology. See Center for Chemical Process Safety, American Institute of Chemical Engineers, Final
Report: Definition for Inherently Safer Technology in Production, Transportation, Storage, and Use, July 2010.
87 Section 401 of the Public Health Security and Bioterrorism Preparedness and Response Act of 2002 (P.L. 107-188)
mandated drinking water facilities serving more than 3,300 individuals develop an emergency response plan and
perform a vulnerability assessment. Funds were authorized to help offset the costs to these facilities.
Congressional Research Service
21
Chemical Facility Security: Issues and Options for the 112th Congress
Policymakers might choose to try to further incentivize regulated entities to adopt inherently safer
technologies. Under the CFATS regulations, facilities that adopt inherently safer technologies
might change their assigned risk tier by reducing the amount of chemicals of interest on hand.
Policymakers might provide regulated entities that adopt inherently safer technologies with
financial or regulatory incentives. Alternatively, policymakers might direct DHS or another
agency to perform inherently safer technology assessments for regulated entities, transferring the
cost of such assessment from the facility to the federal government.88 The regulated entity or the
overseeing agency might use the results of these assessments to guide implementation.
Modify Information Security Provisions
Congressional policymakers might choose to increase transparency in the CFATS process by
altering the information security provisions of the program. Such an approach might include
increasing the number and type of individuals granted access to CVI, improving information
exchange with first responders, and adjusting the manner by which courts and administrative
proceedings handle CVI. The Obama Administration has testified that CVI is a distinct
information protection regime and expressed support for maintaining it in its current form.89
Congress might choose to amend the existing statutory authority to address policy concerns. For
example, while still retaining protections for vulnerability or security related information,
Congressional policymakers might require that DHS gather and document specific input. Such
input might come from outside groups, worker organizations, or other trade representatives
through formal and informal mechanisms or by the solicitation, development, and use of industry
best practices. Policymakers might direct DHS to make specific types of information, such as the
results of enforcement activities or the approval of successful implementation of a site security
plan, more generally available. By mandating the inclusion of such information gathering or the
release of specific information, congressional policymakers might facilitate greater cooperation
between various stakeholder groups. Conversely, such requirements may raise concerns about the
degree of security given to the protected information, since more individuals will participate in its
development and analysis, perhaps increasing the ability of malicious persons to use such
information for targeting purposes. As more information about the vulnerability assessment
process and the results of the security process becomes available, the potential that adversaries
might combine this disparate information to obtain insight into a security weakness might
increase. Congressional policymakers might require that the executive branch or another entity
identify the threats or vulnerabilities that might accrue from release of a greater amount of
chemical facility security information prior to implementing such a policy change.90
88 Following investigation into the explosion at the Bayer CropScience facility in Institute, WV, members of Congress
requested that the Chemical Safety Board provide recommendations on the adoption of alternative chemical processes
at the chemical facility. Rep. Henry A. Waxman, Sen. John D. Rockefeller IV, Rep. Bart Stupak, and Rep. Edward J.
Markey, Letter to John Bresland, May 4, 2009, online at http://energycommerce.house.gov/Press_111/20090504/
bayer.pdf.
89 Testimony of Rand Beers, Under Secretary, National Protection and Programs Directorate, Department of Homeland
Security, before the Senate Committee on Homeland Security and Governmental Affairs, March 3, 2010.
90 A similar approach was taken with regard to making available chemical facility information submitted to the EPA
under the auspices of the Risk Management Program. In this case, Congress directed the President to assess the
potential risk of placing this information on the Internet. See Section 3 of Chemical Safety Information, Site Security
and Fuels Regulatory Relief Act (P.L. 106-40).
Congressional Research Service
22
Chemical Facility Security: Issues and Options for the 112th Congress
Congressional policymakers might choose to alter the information protection regime afforded to
chemical facility security information by specifically expanding access to first responders. The
existing regulation explicitly states that information developed in response to other laws or
regulations, such as Emergency Planning and Community Right-to-Know Act, are not protected
from disclosure. Enhancing first responder access to such information might minimize perceived
barriers to disclosing information during an accident. For example, Congress might mandate that
each jurisdiction containing a regulated chemical facility contain a first responder designated as a
covered individual.
Congressional policymakers might choose to further limit dissemination of CVI so as to increase
barriers to its release. Congress might prohibit DHS from sharing such information outside of the
federal government or set particular criteria that would allow CVI access to state and local
officials. Limiting the number of individuals with access to CVI may make it more difficult for
those wishing to do harm to obtain technical or operational security information. Conversely,
state and local officials may not support such an approach, as limitations on distribution may also
adversely affect emergency response at a regulated facility or inhibit the ability of state and local
law enforcement officials to provide targeted protection of particular chemical facility assets.
Policymakers might also choose to address the issue of identifying and marking protected
information by mandating review of marked documents. Congressional policymakers might place
this responsibility to review and certify marked information on the chemical facility.
Alternatively, the federal government might review and certify documents marked CVI on a
regular basis. Industry representatives may not support such a review requirement due to the
additional regulatory burden caused by the review. Additionally, while such review might
potentially limiting incorrect marking, it may inhibit information reporting by regulated entities to
the federal government. Additionally, absent a penalty for incorrect marking, it is unclear how to
assure compliance.
Congressional policymakers may also address concerns raised regarding the ability of concerned
individuals to report misdeeds by creating a “whistleblower” reporting mechanism.91 One
approach might be to codify the current mechanism of reporting such concerns specific to DHS or
a similar federal entity, such as an agency Inspector General. Alternatively, Congress might create
a more general exemption to the penalties arising from disclosure of protected information for
those individuals who report such concerns to federal officials. As part of a whistleblower
mechanism, policymakers might choose to extend protections against retaliation or other job-
related actions to those individuals availing themselves of current or newly established reporting
mechanisms.
Preempt State Regulations
Congress addressed the issue of federal preemption of state chemical facility security statutes and
regulations in the 110th Congress, placing in statute the requirement that only when an “actual
conflict” occurs between state and federal regulation will the state regulation be preempted.92
Congressional policymakers may choose to further limit the cases where federal regulation would
preempt state regulation by affirming the right of states to make chemical facility security
91 While DHS has established a “CFATS Tip-Line” where individuals may report security concerns, individuals using
the tip-line accrue no special protections.
92 P.L. 110-161, the Consolidated Appropriations Act, 2008, Section 534.
Congressional Research Service
23
Chemical Facility Security: Issues and Options for the 112th Congress
regulations that are more stringent than federal regulation even if they conflict. Alternatively,
policymakers may choose to increase the number of cases where federal regulations preempt
those of a state by expanding the types of conflict, beyond “actual,” that will lead to preemption.
Congressional Action
The annual appropriations process provided FY2010 funding for implementation of chemical
facility security regulation and extended this funding through March 4, 2011. The Department of
Homeland Security Appropriations Act, 2010 (P.L. 111-83) provided an extension of the existing
statutory authority to October 4, 2010. The Continuing Appropriations Act, 2011 (P.L. 111-242)
extended the statutory authority to December 3, 2010. The second continuing appropriations act,
P.L. 111-290, extended the statutory authority through December 18, 2010. The third continuing
appropriations act, P.L. 111-317, extended the statutory authority through December 21, 2010.
The fourth continuing appropriations act, P.L. 111-322, extended the statutory authority through
March 4, 2011.
Extend the Existing Authority
The Obama Administration has requested an extension of the statutory authority in each budget
request. It requested an extension of the statutory authority to October 4, 2011, in the FY2011
budget and an extension to October 4, 2013, in the FY2012 budget.93
Section 1116 of H.R. 1, the Full-Year Continuing Appropriations Act, 2011, would extend the
statutory authority to October 4, 2011.
Modify the Existing Authority
H.R. 225, the Chemical Facility Security Improvement Act of 2011, would prohibit the Secretary
of Homeland Security from approving a chemical facility site security plan if the plan did not
meet or exceed existing state or local security requirements. It would allow the Secretary of
Homeland Security to mandate the use of specific security measures in site security plans. The
bill would also cause protected information to be treated as sensitive security information in both
general and legal proceedings. Finally, the act would no longer prohibit third-party individuals
from bringing suit in court to require the Secretary of Homeland Security to enforce chemical
facility security regulations against a chemical facility.
93 Office of Management and Budget, The White House, Budget of the United States Government, Fiscal Year 2011,
Appendix, p. 574; Office of Management and Budget, The White House, Budget of the United States Government,
Fiscal Year 2012, Appendix, p. 553.
Congressional Research Service
24
Chemical Facility Security: Issues and Options for the 112th Congress
Author Contact Information
Dana A. Shea
Specialist in Science and Technology Policy
dshea@crs.loc.gov, 7-6844
Congressional Research Service
25