Chemical Facility Security: A Comparison of S. 157 and S. 994

The 108th Congress is considering legislation to reduce chemical facilities’ vulnerability to acts of terrorism, so as to protect critical sectors of the U.S. infrastructure and reduce risks to public health and the environment. Competing bills, S. 994 and S. 157, have been introduced into the Senate. Both would require chemical facilities to conduct vulnerability assessments and develop and implement site security plans, but the approaches of the bills differ with respect to the chemicals and facilities covered, planning requirements and mechanisms for federal and facility accountability.

Order Code RL31958 CRS Report for Congress Received through the CRS Web Chemical Facility Security: A Comparison of S. 157 and S. 994 June 11, 2003 Linda-Jo Schierow Specialist in Environmental Policy Resources, Science, and Industry Division Congressional Research Service ˜ The Library of Congress Chemical Facility Security: A Comparison of S. 157 and S. 994 Summary The 108th Congress is considering legislation to reduce chemical facilities’ vulnerability to acts of terrorism, so as to protect critical sectors of the U.S. infrastructure and reduce risks to public health and the environment. Competing bills, S. 994 and S. 157, have been introduced into the Senate. Both would require chemical facilities to conduct vulnerability assessments and develop and implement site security plans, but the approaches of the bills differ with respect to the chemicals and facilities covered, planning requirements, and mechanisms for federal and facility accountability. In addition, S. 157 would assign the lead responsibility to the U.S. Environmental Protection Agency (EPA), while S. 994 would give this role to the Department of Homeland Security (DHS). Both S. 157 and S. 994 would provide considerable discretionary authority to the lead agency to define the universe of regulated chemicals and facilities. The bills would initially include chemicals for which risk management plans are required under the Clean Air Act. From that list, S. 157 would exclude “liquified petroleum gas” that is used as fuel or held by a retail facility for sale as a fuel; S. 994 would exclude similar facilities using “flammable substances,” as well as all federal facilities. S. 994, but not S. 157, would require the Secretary to consider cost and technical feasibility, and scale of operations in selecting facilities. With respect to planning, the emphasis of S. 994 is on enhancing the security of facilities against acts of terrorism, while S. 157 emphasizes lessening potential consequences of releases caused by criminal acts. S. 994 would require security measures, and identification of equipment, plans, and procedures that could be used to respond to a chemical release. S. 157 would require “to the extent practicable” (1) practices that reduce the possibility of a release and the associated threat to public health and the environment; (2) measures to contain, control, or mitigate a release; (3) buffer zones; and (4) security measures. S. 157 has numerous requirements for consultation, and would direct EPA to review each vulnerability assessment and security plan. S. 994 would not require submission to DHS of plans or assessments, except at the request of the Secretary, but the bill would direct the Secretary, “as appropriate,” to ensure compliance. Information provided to the government would be protected from public disclosure under both bills, but only S. 994 preempts state and local disclosure laws. Both bills specify procedures that would allow owners and operators to prepare assessments or plans without reference to federal regulations, but only S. 157 requires federal review of facility-specific assessments and plans. Table 1 summarizes selected provisions of the two bills in a side-by-side format. For a broader discussion of the potential threat from, vulnerability to, and consequences of terrorist acts at chemical facilities, and for summaries of other legislative proposals, see CRS Report RL31530, Chemical Plant Security. This report will be updated as events warrant. Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 S. 157, the Chemical Security Act . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 S. 994, the Chemical Facilities Security Act . . . . . . . . . . . . . . . . . . . . . 2 Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Chemicals and facilities covered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Planning requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Accountability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 List of Tables Table 1. Comparison of Selected Provisions of S. 157 and S. 994 in the 108th Congress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Chemical Facility Security: A Comparison of S. 157 and S. 994 Introduction Facilities that handle large quantities of very hazardous chemicals may be attractive targets for terrorists. In the event of a terrorist attack on, or theft from, such facilities, release of such chemicals could threaten public health and the environment. In addition, many of these chemical facilities provide products or services that are strategically or economically critical to the U.S. infrastructure or public health. For a discussion of the potential threat from, vulnerability to, and consequences of terrorist acts at chemical facilities, see CRS Report RL31530, Chemical Plant Security. The 108th Congress is considering legislation to reduce chemical facilities’ vulnerability to acts of terrorism, in order to protect critical sectors of the U.S. infrastructure (such as oil refineries, chemical plants, and electric utilities), and also to reduce risks of chemical releases to public health and the environment. Two bills with these goals, S. 994 and S. 157, have been introduced into the Senate. Both would require chemical facilities to conduct vulnerability assessments and develop and implement site security plans, but the approaches of the bills differ with respect to the chemicals and facilities covered, planning requirements, and mechanisms for federal and facility accountability. In addition, S. 994 would assign lead responsibility to the Department of Homeland Security (DHS), while S. 157 would give this role to the U.S. Environmental Protection Agency (EPA). This report describes the different approaches taken in the two bills and analyzes associated policy implications. It does not discuss the many minor differences between the two bills, which do not generally raise controversial policy issues. The report begins with overviews of the two bills, followed by the issue analysis. Table 1 summarizes selected provisions of the two bills in a side-by-side format. Other proposed legislation is discussed in the CRS report referenced above. Background S. 157, the Chemical Security Act. S. 157 was introduced January 14, 2003, by Senator Jon Corzine, and referred to the Committee on Environment and Public Works. The bill is similar to S. 1602, which was reported by the Committee on Environment and Public Works in the 107th Congress (S. Rpt. 107-342). S. 157 would direct the EPA, in consultation with DHS, to issue regulations designating “certain combinations of chemical sources and substances of concern” as high priority categories for oversight, based on the severity of potential harm in the event of a release; proximity to population centers; threats to national security; threats to critical infrastructure; threshold quantities of substances that pose a serious threat; CRS-2 and other safety or security factors that the Administrator of EPA, in consultation with the Secretary of DHS, determined to be appropriate.1 Owners and operators of listed facilities would be required to conduct vulnerability assessments; identify hazards; and prepare prevention, preparedness, and response plans to eliminate or significantly lessen the potential consequences of an unauthorized release. Each owner or operator of a regulated facility also would be required to certify in writing that the vulnerability assessment and plan had been completed, and the plan implemented. The bill would require facility owners and operators to submit to EPA copies of vulnerability assessments and plans, along with certifications, within 12 months of enactment of the Chemical Security Act for assessments, and 18 months for plans. Assessments, plans, and certifications would have to be updated periodically. S. 157 would direct EPA to review each assessment and plan, determine compliance, and certify that determination. Vulnerability assessments and plans would be protected from public disclosure under the Freedom of Information Act (FOIA). The bill also provides for early review and certification of assessments and plans that are submitted before EPA issues regulations. EPA would be authorized to issue compliance orders 30 days after either notifying a chemical source that its assessment or plan was inadequate, or first offering compliance assistance, if the plan were not revised to comply with EPA requirements. If DHS notified a chemical source that its plan or implementation was insufficient to address a threat of terrorist attack, and the chemical source failed to take adequate action in response to that notice, DHS would be authorized to secure necessary relief from a district court to abate the threat. S. 994, the Chemical Facilities Security Act. S. 994 was introduced May 5, 2003, by Senator James Inhofe, and referred to the Committee on Environment and Public Works. S. 994 would authorize the DHS to oversee security assessments and planning at selected chemical facilities. The Secretary would be directed to list, and may promulgate the list by regulation, chemical facilities that should be subject to regulation, based on: the likelihood that a facility will be the target of terrorism; nature and quantity of substances of concern present; potential extent of death, injury, or serious adverse effects to human health or the environment; potential harm to critical infrastructure and national security; cost and technical feasibility; scale of operations; and other security-related factors that the Secretary determines to be appropriate and necessary. S. 994 would require the Secretary to promulgate regulations directing owners and operators of listed facilities to conduct vulnerability assessments, identify hazards, and prepare security plans to reduce vulnerability to a terrorist release and to respond in the event of a release. Written certification of compliance would be required by DHS from each owner or operator on a schedule to be determined by the Secretary. Copies of vulnerability assessments and plans would be retained at facilities, but must be submitted to DHS on request, and updated periodically. 1 Both bills define ‘security measures” generally in terms of “hardening” the defenses of potential targets, using methods that detect adversary action, impede adversary progress, and respond to neutralize the threat. For more discussion of options for reducing risks, see CRS Report RL31530, Chemical Plant Security, pages 24-27. CRS-3 S. 994 would direct DHS to conduct, or require the conduct of, vulnerability assessments and other activities (including third-party audits) to evaluate and ensure compliance with promulgated regulations and procedures endorsed by rule. (Endorsements are discussed below.) Vulnerability assessments and plans would be protected from public disclosure under FOIA and state and local disclosure laws. Penalties are provided for unauthorized disclosure. The bill would authorize the Secretary to identify and endorse security measures that are substantially similar to any requirements promulgated by DHS. Endorsement would indicate compliance with assessment or planning requirements, if the endorsed assessment or security procedures were implemented. Any person could petition the Secretary for endorsement of existing procedures. If the Secretary chose not to endorse such procedures, the Secretary would have to provide written notice explaining why the petition was denied. Vulnerability assessments and response plans that were in accord with endorsed procedures would be exempt from other regulatory requirements. DHS would be authorized to disapprove any assessment or plan, and to order revision if it does not comply with regulations, or if the plan or implementation is insufficient to address the results of a vulnerability assessment or a threat of a terrorist release. The Secretary would be required to provide notice of disapproval explaining deficiencies, and to identify appropriate steps to achieve compliance. S. 994 would require the Secretary to issue a compliance order if a plan were disapproved, and compliance had not been achieved by a date determined by the Secretary to be appropriate. The bill also would authorize the Secretary to provide training relevant to the Chemical Facilities Security Act to state and local officials and facility owners or operators. Issues Although the two bills are similar in many ways, some differences raise significant policy issues. Selected issues are discussed in this section. Chemicals and facilities covered. Both S. 157 and S. 994 would provide considerable discretionary authority to the administering agency to define the universe of regulated chemicals and facilities. Both would have the lead agency begin by looking at the chemicals listed by EPA under the Clean Air Act (CAA), Section 112(r)(3). This list includes chlorine, anhydrous ammonia, methyl chloride, ethylene oxide, vinyl chloride, methyl isocyanate, hydrogen cyanide, ammonia, hydrogen sulfide, toluene diisocyanate, phosgene, bromine, anhydrous sulfur dioxide, and sulfur trioxide (all designated in the CAA), and other chemicals that have been determined by EPA to pose the greatest risks to human health or to the environment, based on three criteria: severity of potential acute adverse health effects, the likelihood of accidental releases, and the potential magnitude of human exposure. EPA has promulgated a list containing 77 acutely toxic substances, 63 flammable gases and volatile flammable liquids, and “high explosive substances” (59 Federal Register 4478, Jan. 31, 1994). Both bills would allow the list to be revised as necessary. CRS-4 S. 994 would exclude “flammable substances” that are used as fuel or held by a retail facility for sale as a fuel. Congress adopted this exclusion in a 1999 amendment to the CAA, primarily in response to complaints from propane retailers and users. They argued that the original CAA risk management planning requirements were redundant, given laws in 48 states requiring compliance with national safety standards established by the National Fire Protection Association (NFPA). Prior to the 1999 amendment, EPA argued that the CAA required it to list flammable and combustible liquids, other than gasoline, because they were involved in more than 128,000 reported accidental releases from 1987 through 1996, according to federal databases. However, Congress overrode EPA’s objections. S. 994 maintains this exemption which covers facilities that store or use any flammable substance, including propane, butane, natural gas, acetylene, or proylene. S. 157 would adopt a narrower exclusion for “liquified petroleum gas” (propane or a mixture of propane and butane), when used as a fuel or held by a retail facility for sale as fuel. Thus, S. 157 would exempt from security requirements propane dealers and users, without exempting other facilities that might store or use other fuels. Another explicit difference between the bills is that S. 157 would include, and S. 994 would exempt, federal facilities from assessment and planning requirements. Federal facilities include headquarters, as well as regional facilities, such as military bases, federal penitentiaries, office buildings, and national laboratories. Finally, the bills differ with respect to the selection criteria the administrating officer is to use in listing or designating facilities for regulation. Both bills direct the government to consider severity of threat and severity of potential harm in designating facilities, but the bills appear to emphasize threats from different causes, as well as different consequences of chemical releases. The emphasis in S. 157 is on eliminating or significantly lessening potential consequences of “unauthorized” releases. An unauthorized release is defined as a release that is not authorized by the owner or operator of the facility and that is caused, at least in part, by a criminal act. On the other hand, S. 994 focuses on ensuring or enhancing the security of facilities against acts of terrorism.2 Thus, the final catch-all criterion in S. 994 is to consider “other security-related factors,” while S. 157 requires considering “other safety or security factors.” S. 994 includes criteria not mentioned in S. 157: cost and technical feasibility, and scale of operations. Since the purpose of the criteria, according to S. 994, Section 4(f)((3)(B), is to help the Secretary determine which facilities present “a risk sufficient to justify ... classification as a chemical source,” inclusion of these criteria seems to imply that a “sufficient” risk under S. 994 would depend in part on the burden of reducing it. Although S. 157 does not incorporate these criteria, neither does it prohibit such consideration. Planning requirements. The different emphases of the bills (i.e., on reducing potential consequences of criminal acts, as in S. 157, vs. securing facilities from terrorists, as in S. 994) are reflected in their requirements for vulnerability assessments and planning. S. 157 requires an assessment of the vulnerability of the 2 For a definition of “security measures,” see note 1. CRS-5 source to an unauthorized release, and preparation of a prevention, preparedness, and response plan. Required plan components are “actions and procedures, including safer design and maintenance,”aimed at reducing consequences to public health and the environment. The bill defines “safer design and maintenance” as “implementation, to the extent practicable” of (1) practices that reduce the possibility of a release and the associated threat to public health and the environment (i.e., socalled “inherently safer technologies”); (2) measures that contain, control, or mitigate a release; (3) buffer zones; and (4) security measures. S. 994 requires an assessment of the vulnerability of the source to a terrorist release, and a site security plan that includes security measures and equipment, plans and procedures to respond in the event of a terrorist release, but it does not require implementation of buffer zones or inherently safer technologies. Accountability. As mentioned previously, both S. 157 and S. 994 provide considerable discretionary authority to the EPA Administrator and the DHS Secretary, respectively. Within broad guidelines, they may choose which facilities to regulate, which substances are of concern, threshold levels of chemicals that pose a significant threat, and appropriate levels of vulnerability analysis and security planning. The general advantage of executive discretion is the flexibility it allows the decision maker to efficiently adjust a program to accommodate new information or unusual circumstances. Another possible benefit is that sensitive information about facility security, as well as confidential business information, might be protected more effectively, if agencies are not obligated to publicly defend their decisions. A possible disadvantage is that Congress, and the general public, may find it more difficult to oversee and evaluate agency performance, due to a lack of specific statutory requirements to which the agency can be held accountable, as well as lack of access to decision-making processes. Several bill provisions that might open decision-making processes to public scrutiny, or otherwise provide some independent assurance that the purposes of the bills would be achieved, are described below. Agency consultation and certification. S. 157 has numerous requirements for consultation. The EPA Administrator is directed at key decision points to consult with the DHS Secretary. When designating high-priority facilities, the Administrator also must consult with state and local agencies responsible for planning for, and responding to, releases, and providing emergency health care. The Administrator must consult with all of those groups, as well as the Chemical Safety and Hazard Investigation Board [established under the CAA Section 112(r)], when promulgating regulations requiring vulnerability assessments and security planning. After facility assessments and plans have been submitted to EPA and reviewed, the Administrator must certify in writing the Administrator’s determination as to whether each assessment and plan complies with regulations. S. 157 also requires facility owners and operators to work with local law enforcement, first responders, and employees of facilities when assessing vulnerability and preparing the security plan. S. 994 does not require the Secretary to consult or certify determinations about individual facilities, but the bill does authorize the Secretary to request technical and analytical support (other than field work) from other agencies and to reimburse such agencies as appropriate. CRS-6 Facility submissions. S. 157 would require all owners and operators of chemical facilities identified by EPA regulations to submit completed vulnerability assessments and security plans to EPA before deadlines established by statute. Furthermore, owners and operators must certify in writing that assessments and plans comply with EPA regulations, and must submit such certifications to EPA. S. 994 does not require submission to DHS of plans or assessments, except at the request of the Secretary. It does, however, require owners and operators of listed facilities to certify to the Secretary in writing their compliance with DHS regulations. The Secretary is required to promulgate deadlines for certification. Neither bill would protect these self-certification documents from public disclosure. Third-party audit. S. 994 would require the Secretary, “as appropriate,” to conduct, or require to be conducted, vulnerability assessments and other activities (including third-party audits) to evaluate compliance with the Chemical Facilities Security Act. Third-party audits are inspections of facilities, assessments, and/or plans conducted by an uninterested, but expert party. S. 157 has no similar provision. Early compliance/Endorsement. Both bills provide procedures that would allow facility owners and operators to prepare vulnerability assessments or security plans without reference to federal regulations, if such assessments or plans met certain criteria. Three key differences exist between the provisions of S. 157 and S. 994. ! S. 157 would authorize approval of plans and assessments submitted prior to promulgation of final regulations, while S. 994 would allow approval of plans and assessments no matter when they were produced, as long as they were in accord with endorsed model practices. ! S. 157 would require the Administrator to review and approve or reject facility plans and assessments on a case-by-case basis, while S. 994 would authorize approval or rejection of model security practices (e.g., perhaps the vulnerability assessment methodology established by the American Chemistry Council, a trade group for chemical manufacturers, for its members), and de facto approval of all facility plans and assessments that are in accord with those models. ! S. 157 specifies procedural and substantive standards that facility owners or operators would have to meet, while S. 994 directs the Secretary to accept security measures that the Secretary finds substantially equivalent to whatever requirements the Secretary might choose to promulgate. S. 157 would direct the Administrator to review assessments and plans that facility owners or operators submit prior to publication of final EPA regulations. If the Administrator, in consultation with the Secretary, determined that an assessment or plan met the consultation, planning, and assessment requirements for high-priority facilities that are specified in Section 4(a)(3) of the Act, the Administrator would be required to certify compliance without requiring any revision of the assessment or plan. Section 4(a)(3) would require owners or operators of facilities to: (1) consult with local first responders and employees in assessing vulnerability of the source to a terrorist attack or other unauthorized release; identifying hazards that may result from release; and preparing a prevention, preparedness, and response plan; and (2) include in the plan actions and procedures, to eliminate or significantly lessen the CRS-7 potential consequences of an unauthorized release, including “implementation, to the extent practicable,” of any technology, product, raw material, or practice that reduces the possibility of a release prior to secondary containment, control, or mitigation; well-maintained secondary containment, control, or mitigation equipment; security measures; and buffer zones. S. 994 would not require facility owners or operators to submit assessments or plans to the Secretary. Rather, the bill would authorize the Secretary to promulgate regulations endorsing certain security practices as being in compliance with the law. S. 994 would authorize any person to petition the Secretary for endorsement of procedures, protocols, and standards established by law, industry, or federal, state, or local government authorities. The Secretary would be authorized to endorse such measures, if they are implemented, and if the Secretary finds them “substantially equivalent” to any requirements the Secretary may establish. S. 994 directs the Secretary to provide to each petitioner a written notice and explanation, if the Secretary chooses not to endorse the petitioner’s security measures. The bill would exempt from other regulatory requirements any vulnerability assessments and plans that are in accord with endorsed security measures. The intent of S. 157, it appears, is to ensure, through EPA oversight, the quality of vulnerability assessments and security planning at individual facilities. Quality is likely to come at the price of considerable EPA resources, however, because there may be thousands of facility assessments and plans submitted before EPA issues regulations. On the other hand, facility owners and operators may fear that under the provisions of S. 157, their early planning efforts might be in vain, if EPA later decides to reject their facility plans; that fear might cause owners and operators to delay assessments and planning until EPA’s final regulations take effect, thus defeating the purpose of the “early compliance” provision. In contrast, S. 994 would minimize the paperwork burden, and might provide assurance to facility owners and operators that their facility assessments and plans, if prepared in accord with established governmental or industrial guidance, will be acceptable to DHS. However, S. 994 provides limited means for reassuring the public that individual facility plans and assessments are adequate for security needs. This potential problem might be resolved by the Secretary, however, for example, if the Secretary promulgated rules requiring submission of copies of facility plans or required third-party audits. Disclosure. Both bills would prevent public disclosure under FOIA of any information provided to EPA or DHS, except the self-certification of compliance submitted by facility owners and operators. S. 994 has several additional provisions to prevent disclosure of information. First, it would preempt state and local laws that require disclosure. Secondly, S. 994 would require (with some exceptions) punishment of anyone who “knowingly or recklessly” disclosed protected information – removal from federal employment or office, and either imprisonment for up to one year, a fine, or both. A third provision would prevent public disclosure of the Secretary’s disapproval of an assessment or plan. Finally, S. 994 would require all information obtained or submitted by the Secretary to be treated in any judicial or administrative action as if it were classified. CRS-8 These provisions of S. 994 might make it difficult for terrorists to obtain useful information about the vulnerability or security arrangements of chemical facilities. On the other hand, the same provisions may make it difficult for U.S. citizens to learn about risks to which they might be exposed, and prevent informed public involvement in federal, state, and local policy development and contingency planning with respect to such risks. Conclusion S. 157 and S. 994 are similar in that both bills would require chemical facilities to conduct vulnerability assessments and develop and implement site security plans. In addition, both bills provide the federal lead agency with considerable discretionary authority in selecting facilities and chemicals for regulation. The bills differ in the extent to which federal (congressional and agency) and public oversight would be facilitated. S. 157 generally provides more opportunities for oversight and informed public policy development and contingency planning, while S. 994 is more protective of sensitive information so as to avoid facilitating terrorist acts. The bills also address somewhat different threats (i.e., criminal acts vs. terrorist acts) and prescribe different approaches to reduce risks: S. 994 would mandate planning and implementation to ensure plant security and adequate resources to respond to any emergency, while S. 157 would require (to the extent practicable) actions and procedures to reduce the potential for harm, in the event of a chemical release, in addition to security and emergency preparedness measures. CRS-9 Table 1. Comparison of Selected Provisions of S. 157 and S. 994 in the 108th Congress Provision Chemical Security Act (S. 157) Chemical Facilities Security Act (S. 994) Lead agency Environmental Protection Agency (EPA) Department of Homeland Security (DHS) Regulated facilities Stationary sources when coupled with certain substances that the Administrator designates as high priority categories. Requires the Administrator to designate such combinations of chemical sources and substances of concern within one year of the date of enactment of the Chemical Security Act. The Administrator must review and revise the designations as needed within 5 years after the date of promulgation. [§4(a)(1)] Non-federal, stationary sources that: are regulated by EPA under the Clean Air Act (CAA) §112(r)(7)(B)(ii);3 contain regulated substances; and are listed4 by the Secretary. Requires the Secretary to list chemical sources within 180 days after the date of enactment of the Chemical Facilities Security Act. Within 3 years after the date of promulgation of regulations, and every 3 years thereafter, the Secretary must review and update the list of regulated facilities as appropriate. [§3(1); §4(f)] Regulated substances Substances listed by the EPA under the CAA§112(r)(3) (other than liquified petroleum gas used as fuel), as well as other substances that the Administrator designates, together with certain stationary sources, as high priority. Requires the Administrator to designate such combinations of chemical sources and substances of concern within one year of the date of enactment of this Act. [§3(3); §3(9); §4(a)(1); §4(a)(5)] Substances listed by the EPA under the CAA §112(r)(3) (other than flammable substances used as fuel) that are present at regulated facilities in quantities greater than or equal to threshold quantities established by EPA under the CAA§112(r)(5). The Secretary may exempt a substance or adjust the threshold quantity. The Secretary also may designate additional substances for regulation. [§3(8); §4(g)] 3 The CAA§112(r) directs EPA to require risk management planning by facilities handling more than threshold amounts of listed chemicals. EPA lists chemicals under subsection 112(r)(3), sets thresholds under subsection 112(r)(5), and requires hazard assessments and planning to prevent and respond to accidental releases of chemicals under subsection 112(r)(7)(B)(ii). 4 Due to the bill’s syntax (“... the Secretary develop a list ...”), it is not clear from S. 994, Section 4(f)(1) whether the Secretary is required or only authorized to develop this list, although the inclusion of a deadline – “Not later than 180 days after the enactment of Chemical Facilities Security Act” – implies a mandate. CRS-10 Provision Chemical Security Act (S. 157) Chemical Facilities Security Act (S. 994) Basis for selecting substances and facilities for regulation Requires the Administrator to designate combinations of chemical sources and substances of concern based on “severity of the threat posed by an unauthorized release from the chemical sources.” Requires consideration of: severity of potential harm; proximity to population centers; threats to national security; threats to critical infrastructure; threshold quantities of substances that pose a serious threat; and other safety or security factors the Administrator, in consultation with the Secretary, determines to be appropriate. [§4(a)(1) - (2)] Requires the Secretary to designate substances of concern based on “the potential extent of death, injury, or serious adverse effects to human health or the environment that would result from a terrorist release.” Chemical sources are selected based on: consideration of likelihood that a chemical source will be the target of terrorism; nature and quantity of substances of concern present; potential extent of death, injury, or serious adverse effects to human health or the environment; potential harm to critical infrastructure and national security; cost and technical feasibility; scale of operations; and other securityrelated factors the Secretary determines to be appropriate and necessary. [§4(e) and (f)] Consultation Requires consultation with the Secretary, and in some cases with State and local agencies responsible for planning for and responding to unauthorized releases and providing emergency health care; the Chemical Safety and Hazard Investigation Board; local law enforcement, first responders, and employees. [§4(a)(1)-(5)] No similar provision Technical support No similar provision Authorizes the Secretary to request technical and analytical support (other than field work) from other agencies, and to reimburse for such support as the Secretary determines to be appropriate. [§6] Emphasis Actions and procedures to eliminate or significantly lessen the potential consequences of a release of a covered substance of concern that is caused in part by a criminal act. [§2(4); §3(10); §4(a)(3)(B)] Appropriate actions to ensure or enhance the security of sources of potentially dangerous chemicals against acts of terrorism. [§2(3)-(4) and §3(7)] CRS-11 Provision Chemical Security Act (S. 157) Chemical Facilities Security Act (S. 994) Vulnerability and risk assessments Requires the Administrator to promulgate regulations within one year of the date of enactment of this Act, requiring owners/operators of high-priority chemical sources, in consultation with local first responders and employees, to assess the vulnerability of the source to a terrorist attack or other unauthorized release, and identify hazards that may result from release. [§4(a)(3)A)] The Administrator must review and revise as necessary such regulations within 5 years of their date of promulgation. [ §4(a)(4)] Requires the Secretary to promulgate regulations within one year of the date of enactment of this Act requiring owners/operators of sources listed by the Secretary to assess vulnerability to a terrorist release and identify hazards that may result from a release. [§4(a)(1)] Authorizes the Secretary to promulgate procedures, protocols, and standards for assessments. [§4(c)] Requires that the Secretary promulgate deadlines for completion of vulnerability assessments. [§4(a)(2)] Planning and implementation Requires the Administrator to promulgate regulations within one year of the date of enactment of this Act, requiring owners and operators of high-priority chemical sources, in consultation with local first responders and employees, to prepare a prevention, preparedness, and response plan. [§4(a)(3)] The Administrator must review and revise as necessary such regulations within 5 years of their date of promulgation. [§4(a)(4)] Requires the Secretary to promulgate regulations within one year of the date of enactment of this Act requiring covered facilities to prepare and implement a site security plan. [§4(a)(1)] Requires that the Secretary promulgate deadlines for completion of plans. [§4(a)(2)] Authorizes the Secretary to promulgate procedures, protocols, and standards for plans. [§4(c)] Required plan components The plan must include actions and procedures to eliminate or significantly lessen the potential consequences of an unauthorized release, including “implementation, to the extent practicable,” of any technology, product, raw material, or practice that reduces the possibility of a release prior to secondary containment, control, or mitigation; well-maintained secondary containment, control, or mitigation equipment; security measures; and buffer zones. [§3(7); §3(11); §4(a)(3)] The plan must include security measures to reduce vulnerability to a terrorist release, and equipment, plans, and procedures that might be used in the event of a release. [§4(a)(1)] CRS-12 Provision Chemical Security Act (S. 157) Chemical Facilities Security Act (S. 994) Self-certification Requires owners/operators of high priority chemical sources to certify compliance with assessment and planning requirements. Vulnerability assessments must be certified within one year, and plans within 18 months after the date of promulgation of regulations regarding requirements for planning. [§4(b)] Requires owners/operators to certify completion of a vulnerability assessment and development and implementation of a plan, in accord with any regulations promulgated by the Secretary or with protocols and standards endorsed by the Secretary. [§4(b)(1)] Requires that the Secretary promulgate deadlines for certification of vulnerability assessments and plans. [§4(a)(2)] Reviews Requires owners/operators to review and recertify vulnerability assessments and plans within 5 years of the date of first certification, and every 3 years thereafter. [§4(b)] Requires owners/operators to review and recertify vulnerability assessments and plans within 5 years of the date of first certification, and every 5 years thereafter (or on a schedule established by the Secretary). [§4(h)] Third-party audit or certification No similar provision Requires the Secretary to conduct, or require to be conducted, vulnerability assessments and other activities (including third-party audits) to evaluate and ensure compliance. [§4(b)(3)] Submission of documents Requires submission of copies of assessments and plans to EPA. [§4(b)] Requires submission of copies of assessments and plans to DHS, on request. [§4(a)(1); §4(b)(2)] Threat information Directs the Secretary, in consultation with the Administrator, “to the maximum extent permitted by applicable authorities,” to provide to owners/operators threat information relevant to assessments and plans. [§4(a)(3)(C)] Directs the Secretary, “to the maximum extent practicable under applicable authority,” to provide an owner/operator threat information relevant to the chemical source. [§4(a)(4)] CRS-13 Provision Chemical Security Act (S. 157) Chemical Facilities Security Act (S. 994) Information protection All information provided to EPA, or derived from that information, except self-certification, is exempt from disclosure under section 552 of title 5, United States Code (FOIA). [§4(b)(4)] Same as S. 157, but also exempts such information from disclosure under state or local disclosure laws. Provides that anyone who “knowingly or recklessly discloses the information” shall be removed from federal office or employment, and be imprisoned up to one year, fined, or both. Some exceptions are allowed. [§4(i)] Also protects from disclosure any determination or order by the Secretary with respect to disapproval of an assessment or plan. [§5(d)] (See below “Compliance assistance” and “Compliance orders.”) Requires that information submitted or obtained by the Secretary, and information derived from that information, and information submitted by the Secretary be treated in any judicial or administrative action as if it were classified. [§8] Agency review The Administrator must review each assessment and plan to determine compliance and must certify each determination. [§5(a)] Requires the Secretary to ensure and evaluate compliance with regulations and endorsed procedures, protocols, or standards. [§4(b)(3)] CRS-14 Provision Chemical Security Act (S. 157) Chemical Facilities Security Act (S. 994) Early compliance Before EPA rules are promulgated, the Administrator, in consultation with the Secretary, must review each assessment or plan submitted and determine whether it meets consultation, planning, and assessment requirements for high-priority categories under §4(a)(3). See above “Vulnerability and risk assessment” and “Planning and implementation.” If such requirements are met, the Administrator must certify compliance without requiring any revision of the assessment or plan. [§5(a)(2)(C)] Authorizes the Secretary to identify and endorse security measures that, if implemented, would indicate compliance with assessment or planning requirements. Authorizes any person to petition the Secretary for endorsement of procedures, protocols, and standards established by law, industry, or federal, state, or local government authorities. Authorizes the Secretary to endorse in regulations such procedures, protocols, and standards, if the Secretary finds them in effect and substantially equivalent to any requirements the Secretary may establish. If the Secretary chooses not to endorse such procedures, protocols, and standards, the Secretary must provide to each petitioner written notice explaining why. Also authorizes petitions requesting that plans or assessments be required to address particular threats or types of threats, and authorizes the Secretary to promulgate such requirements. [§4(c)] Vulnerability assessments and response plans that are in accord with provisions endorsed by the Secretary are exempt from other regulatory requirements for plans or assessments. [§4(d)] Compliance assistance Requires the Administrator to notify a source if an assessment or plan does not comply with EPA regulations, or if a threat exists beyond the scope of the plan, or current implementation of the plan is insufficient. Directs EPA to provide advice and technical assistance to bring the assessment or plan into compliance, or to address any threat. [§5(b)] Authorizes the Secretary to disapprove a vulnerability assessment or plan, or to order revision, recertification, and resubmission of such, to correct deficiencies, if they do not comply with regulations, or if the plan, or its implementation, is insufficient. The Secretary must provide notice of disapproval, explaining deficiencies and consult to identify appropriate steps to achieve compliance. [§5(a)-(c)] CRS-15 Chemical Security Act (S. 157) Chemical Facilities Security Act (S. 994) Compliance orders Thirty days after assistance is provided, or a source receives notice, if the plan or assessment is not brought into compliance, or the source has not complied with an entry or information request, the Administrator may issue an order directing compliance, after providing the source notice of the order and opportunity for a hearing. [§5(c)] If an owner/operator fails to certify or submit a satisfactory assessment or plan, the Secretary is authorized to order certification and submission. Requires the Secretary to issue a compliance order if an assessment or plan has been disapproved, and compliance is not achieved by an appropriate date. [§5(c)] Threat notification and abatement action The Secretary must notify a source or sources of an elevated threat, if the Secretary determines that a terrorist threat exists that is beyond the scope of a submitted plan or plans, or current implementation is insufficient to address the results of vulnerability assessment or existing threat. If a source’s response to notification is insufficient, the Secretary must notify the source, the Administrator, and the Attorney General. In response to such notice, the Administrator or Attorney General may secure necessary relief to abate a threat, including orders necessary to protect public health or welfare. [§5(d)] No similar provision Record-keeping and entry High-priority sources are required to keep a current copy of each assessment and plan. The Administrator may enter the premises of an owner or operator of a source, or any premises where records are stored, on presenting credentials. The Administrator also may at reasonable times have access to and may copy records, reports, plans, or assessments. The Administrator may require a source to provide any information necessary to enforce this Act and to promulgate or enforce regulations. [§6] Sources required to prepare assessments and plans must keep a current copy. The Secretary has authority to enter premises and to copy records and other documentation that is necessary for analysis of a vulnerability assessment or site security plan or for implementation of the plan. Authorizes the Secretary to issue an order requiring compliance with this section. [§7] Provision CRS-16 Provision Chemical Security Act (S. 157) Chemical Facilities Security Act (S. 994) Penalties A district court may assess a civil penalty for violation or noncompliance with an order equal to or less than $25,000 per day. EPA may assess civil penalties less than or equal to $125,000 in an order, after providing notice and the opportunity to request within 30 days a hearing. Knowing violation or failure to comply with an order may be punished with a fine of at least $2,500, but less than $25,000, per day, and imprisonment for up to one year, or both. Subsequent violation or failure to comply may result in a fine of not more than $50,000 per day, imprisonment for up to 2 years, or both. [§7] A district court may assess a civil penalty for violation or noncompliance with an order or a site security plan (or endorsed security measure) submitted to the Secretary of not more than $50,000 per day, and may issue an order for injunctive relief. The Secretary may assess civil penalties less than or equal to $250,000 in an order, after providing notice and the opportunity to request within 30 days a hearing. Authorizes the Secretary to establish procedures for administrative hearings and review. [§8] Authorization of appropriations Authorizes such sums as are necessary. [§9] No similar provision Training No similar provision Authorizes the Secretary to provide training relevant to this Act to state and local officials and owners/operators. [§9]