[House Hearing, 112 Congress]
[From the U.S. Government Publishing Office]
THE CHEMICAL FACILITIES ANTI-TERRORISM STANDARDS PROGRAM: ADDRESSING
ITS CHALLENGES AND FINDING A WAY FORWARD
=======================================================================
HEARING
before the
SUBCOMMITTEE ON CYBERSECURITY,
INFRASTRUCTURE PROTECTION,
AND SECURITY TECHNOLOGIES
of the
COMMITTEE ON HOMELAND SECURITY
HOUSE OF REPRESENTATIVES
ONE HUNDRED TWELFTH CONGRESS
SECOND SESSION
__________
MARCH 6, 2012
__________
Serial No. 112-74
__________
Printed for the use of the Committee on Homeland Security
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Available via the World Wide Web: http://www.gpo.gov/fdsys/
__________
U.S. GOVERNMENT PRINTING OFFICE
76-601 PDF WASHINGTON : 2013
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC
area (202) 512-1800 Fax: (202) 512-2250 Mail: Stop SSOP, Washington, DC
20402-0001
COMMITTEE ON HOMELAND SECURITY
Peter T. King, New York, Chairman
Lamar Smith, Texas Bennie G. Thompson, Mississippi
Daniel E. Lungren, California Loretta Sanchez, California
Mike Rogers, Alabama Sheila Jackson Lee, Texas
Michael T. McCaul, Texas Henry Cuellar, Texas
Gus M. Bilirakis, Florida Yvette D. Clarke, New York
Paul C. Broun, Georgia Laura Richardson, California
Candice S. Miller, Michigan Danny K. Davis, Illinois
Tim Walberg, Michigan Brian Higgins, New York
Chip Cravaack, Minnesota Cedric L. Richmond, Louisiana
Joe Walsh, Illinois Hansen Clarke, Michigan
Patrick Meehan, Pennsylvania William R. Keating, Massachusetts
Ben Quayle, Arizona Kathleen C. Hochul, New York
Scott Rigell, Virginia Janice Hahn, California
Billy Long, Missouri Vacancy
Jeff Duncan, South Carolina
Tom Marino, Pennsylvania
Blake Farenthold, Texas
Robert L. Turner, New York
Michael J. Russell, Staff Director/Chief Counsel
Kerry Ann Watkins, Senior Policy Director
Michael S. Twinchek, Chief Clerk
I. Lanier Avant, Minority Staff Director
------
SUBCOMMITTEE ON CYBERSECURITY, INFRASTRUCTURE PROTECTION, AND SECURITY
TECHNOLOGIES
Daniel E. Lungren, California, Chairman
Michael T. McCaul, Texas Yvette D. Clarke, New York
Tim Walberg, Michigan, Vice Chair Laura Richardson, California
Patrick Meehan, Pennsylvania Cedric L. Richmond, Louisiana
Billy Long, Missouri William R. Keating, Massachusetts
Tom Marino, Pennsylvania Bennie G. Thompson, Mississippi
Peter T. King, New York (Ex (Ex Officio)
Officio)
Coley C. O'Brien, Staff Director
Zachary D. Harris, Subcommittee Clerk
Chris Schepis, Minority Senior Professional Staff Member
C O N T E N T S
----------
Page
STATEMENTS
The Honorable Daniel E. Lungren, a Representative in Congress
From the State of California, and Chairman, Subcommittee on
Cybersecurity, Infrastructure Protection, and Security
Technologies:
Oral Statement................................................. 1
Prepared Statement............................................. 4
The Honorable Yvette D. Clarke, a Representative in Congress From
the State of New York, and Ranking Member, Subcommittee on
Cybersecurity, Infrastructure Protection, and Security
Technologies:
Oral Statement................................................. 5
Prepared Statement............................................. 6
The Honorable Bennie G. Thompson, a Representative in Congress
From the State of Mississippi, and Ranking Member, Committee on
Homeland Security:
Prepared Statement............................................. 7
WITNESSES
Panel I
Hon. Rand Beers, Under Secretary, National Protection and
Programs Directorate, Department of Homeland Security:
Oral Statement................................................. 9
Prepared Statement............................................. 10
Ms. Penny J. Anderson, Director, Infrastructure Security
Compliance Division, Office of Infrastructure Protection,
Department of Homeland
Security....................................................... 17
Mr. David Wulf, Deputy Director, Infrastructure Security
Compliance Division, Office of Infrastructure Protection,
Department of Homeland
Security....................................................... 17
Panel II
Mr. William E. Allmond IV, Vice President, Government and Public
Relations, Society of Chemical Manufacturers and Affiliates:
Oral Statement................................................. 31
Prepared Statement............................................. 33
Mr. Timothy J. Scott, Chief Security Officer and Corporate
Director, Emergency Services and Security, Dow Chemical:
Oral Statement................................................. 38
Prepared Statement............................................. 40
Mr. David L. Wright, President, American Federation of Government
Employees Local 918:
Oral Statement................................................. 42
Prepared Statement............................................. 43
FOR THE RECORD
The Honorable Daniel E. Lungren, a Representative in Congress
From the State of California, and Chairman, Subcommittee on
Cybersecurity, Infrastructure Protection, and Security
Technologies:
Request for Report............................................. 3
APPENDIX
Questions Submitted by Chairman Daniel E. Lungren to Rand Beers.. 51
Questions Submitted by Ranking Member Yvette D. Clarke to Rand
Beers.......................................................... 60
Questions Submitted by Ranking Member Yvette D. Clarke to Penny
J. Anderson.................................................... 60
Questions Submitted by Ranking Member Yvette D. Clarke to Timothy
J. Scott....................................................... 61
Questions Submitted by Chairman Daniel E. Lungren to David L.
Wright......................................................... 61
THE CHEMICAL FACILITIES ANTI-TERRORISM STANDARDS PROGRAM: ADDRESSING
ITS CHALLENGES AND FINDING A WAY FORWARD
----------
Tuesday, March 6, 2012
U.S. House of Representatives,
Committee on Homeland Security,
Subcommittee on Cybersecurity, Infrastructure Protection,
and Security Technologies,
Washington, DC.
The subcommittee met, pursuant to call, at 2:40 p.m., in
Room 311, Cannon House Office Building, Hon. Daniel E. Lungren
[Chairman of the subcommittee] presiding.
Present: Representatives Lungren, Meehan, Marino, Clarke,
Richardson, and Richmond.
Mr. Lungren. Mr. Meehan is here and that makes two of us.
So with the approval of the Minority we can start with the two
on our side. We shall start.
The Committee on Homeland Security's Subcommittee on
Cybersecurity, Infrastructure Protection, and Security
Technologies will come to order. The subcommittee is meeting
today to examine the chemical facilities anti-terrorism
standards program at the Department of Homeland Security.
Before I start, I just want to mention that we would remind
our guests today that demonstrations from the audience,
including the use of signs, placards, and T-shirts, as well as
verbal outbursts, are a violation of the rules of the House.
The Chairman wishes to thank our guests for their cooperation
in maintaining order and proper decorum.
I would recognize myself for an opening statement. I wish
to thank Under Secretary Beers, Director Anderson, and Deputy
Director Wulf for your cooperation in providing our committee
with a detailed briefing on the challenges facing the MPPD's
Infrastructure Security Compliance Division, ISCD, on February
7. I must say that I was upset when I learned about the
widespread mismanagement training and recruiting failures in
the CFATS compliance division, which we now are learning about
more than 5 years after the program was authorized.
Some examples cited were 4,200 site security plans
submitted to ISCD with no plans being finally approved, workers
hired without appropriate skill levels, no adequate training
program for chemical inspectors having been established,
supervisors selected based on personal relationships rather
than leadership or managerial ability and experience.
The leaked Anderson memo also stated that the Congressional
mandate forced development of the CFATS program at an
impractical pace, the inference seemingly being that the
accelerated pace pushed by Congress resulted in poor program
implementation, inappropriate hirings, and wasteful expenditure
of taxpayer funds.
Now, Congress directed the Secretary in our 2007 DHS
appropriations bill to develop a regulatory framework within 6
months to address the security of U.S. chemical facilities. I
believe that was a shorter period than we had envisioned in the
bill that we worked on in this subcommittee. However, this
short time line was an expression of Congressional urgency and
concern regarding the threat to our chemical facilities, and I
don't believe it really was a hard deadline. But nonetheless we
wished to urge upon the Executive Branch our concern at that
time in the hope that this would be expedited.
Since that time, our Homeland Security Committee has
conducted numerous oversight hearings and Departmental
briefings where these compliance problems were never mentioned.
Last year I, along with my colleagues on both sides,
championed a long-term extension of the Department's CFATS
authority, H.R. 901. This was also consistent with the request
by the administration of a long-term extension. At that time
these compliance problems were never referenced to us. To the
contrary, the CFATS program was often cited as a model public-
private partnership for securing critical infrastructure. That
in fact was the hope of those of us who had any part in
offering the legislation in the first instance.
Fortunately, these program challenges were detailed in the
Anderson memo requested by you, Mr. Beers, and then exposed by
Fox News. No one likes to be surprised, especially those of us
in Congress. We have enough surprises, I guess, that we create
for ourselves. I will say mismanagement of this division was
disturbing, particularly to someone--like those of us on this
subcommittee who have been strong CFATS advocates.
So while the report was extremely disappointing, I want to
emphasize that the CFATS program has many phases and what
appears to be failures contained or pointed out in the memo, or
in the compliance phase or the final phase of the program.
CFATS has unquestionably improved the security of our chemical
industry, identifying chemicals of interest and establishing
threshold levels for those chemicals. It has also required
high-risk facilities to conduct vulnerability assessments,
development site security plans and adopt security performance
standards to mitigate identified vulnerabilities. The
Government has already spent hundreds of millions of dollars on
this chemical security program, while our private sector has
invested billions in CFATS security improvements. I believe
those are assets and investments that ought not to be wasted.
My hope is that, while the memo relates to failures in the
compliance phase of the CFATS program, that this is not used
as, or misread by people to believe that we have wasted money
in the Government and that the private sector has wasted money
as they have dealt with CFATS security improvements. Rather, I
believe, we have had a model of private-public partnership. I
devoutly hope that this will be continued.
I was pleased to see your quick response to these
management failures by issuing your list of corrective action
items. What was missing in the action item list, it appears, is
priorities and time lines. So without that, it seems to me
priority and supervision, you end up hiring unqualified
inspectors and paying them for jobs that don't yet exist.
The Anderson memo reveals the CFATS program was being
victimized by mismanagement. But as we know, mismanagement is
correctable and in no way indicates the failure of the
underlying program with security achievements. I believe that
you share that sentiment, at least as evidenced by
conversations we have had. You believe that the program is a
worthy one and one that needs to be completed. That is why I
assume the White House has supported the idea of extending the
life of this program.
I look forward to hearing your plans to reorganize this
office so it can accomplish its mission-approving site security
plans, inspecting those facilities and ensuring that they
implement the risk-based security measures outlined in their
SSP.
It is obvious, Mr. Beers, that you are responsible for the
management of the program. As Under Secretary of the National
Protection and Programs Directorate, you are in charge of
CFATS, and so adjustments of these management difficulties are
under your watch and we will be very interested to hear how you
are and intend to correct those failures.
It is my belief, and I believe it is shared by other
Members of this subcommittee, that there ought to be no more
surprises as we finish implementing the CFATS program. We will
conduct vigorous oversight of the infrastructure security
compliance division action plan.
This oversight will include--we will expect to have
quarterly briefings by Director Anderson to our subcommittee
staff on what action items and reforms have been implemented. I
have included a more detailed quarterly report request, and I
ask that it be made a part of the record. If there is no
objection we shall enter it into the record.
[The information follows:]
Request for Report Submitted by Chairman Daniel E. Lungren
Mr. Rand Beers,
Under Secretary for the National Protection and Programs Directorate,
U.S. Department of Homeland Security, Washington, DC 20528.
Dear Under Secretary Beers: As you know, I entered a request for
quarterly reporting on the status of the Chemical Facilities Anti-
Terrorism Standards (``CFATS'') program in the official record during
the House Committee on Homeland Security Subcommittee on Cybersecurity,
Infrastructure Protection, and Security's hearing on March 6, 2012. The
intent of this letter is to formalize that request and outline its
details to you.
To ensure that Congress is appropriately informed of the CFATS
program's progress towards implementation, I request a quarterly report
to the subcommittee. This report should come in the form of briefings
carried out by Ms. Penny Anderson, the Director of ISCD. At minimum, it
should include:
a. Progress reports on review, authorization, and approval of site
security plans;
b. Updates on changes to the tiering formula, facility tier
changes, and efforts to ensure security of tiering inputs and
algorithms;
c. Updates on hiring and training of inspector cadre;
d. Information about training program development and
implementation;
e. Explanations of changes in leadership and management of program.
I appreciate your cooperation on this important issue. If you have
any questions, please contact my staff director Mr. Coley O'Brien or
counsel, Ms. Monica Sanders.
Sincerely,
Daniel E. Lungren,
Chairman, Subcommittee on Cybersecurity, Infrastructure Protection
and Security Technologies, House Committee on Homeland Security.
[The statement of Mr. Lungren follows:]
Statement of Chairman Daniel E. Lungren
I want to thank Under Secretary Beers, Director Anderson, and
Deputy Director Wulf for your cooperation in providing our committee
with a detailed briefing on the challenges facing the NPPD's
Infrastructure Security Compliance Division ISCD on February 7.
I was upset when I learned about the widespread mismanagement,
training, and recruiting failures in the CFATS compliance division, 5
years after this program was first authorized. Examples:
4,200 SSPs were submitted to ISCD, less than 50 have been
approved;
No inspection program design or procedures adopted;
Restrictions on hiring qualified inspectors;
No adequate training program for inspectors to conduct
compliance inspections.
The leaked memo also stated that the Congressional mandate forced
development of the CFATS program at an impractical pace. The inference
being that the accelerated pace pushed by Congress resulted in poor
program implementation, the hiring of inappropriate staff, and the
wasteful expenditure of taxpayer funds.
Our Homeland Security Committee conducted numerous oversight
hearings and Departmental briefings, where these problems were never
mentioned. I championed a long-term extension of the Department's CFATS
Authority last year (H.R. 901) and these problems were never discussed.
To the contrary, the CFATS program was often cited as a model public/
private security partnership.
Fortunately, these program challenges were detailed in the Anderson
memo requested by you, Under Secretary Beers, and then exposed by Fox
News. No one likes to be surprised, especially Congress. The wholesale
mismanagement of this Division is disturbing, particularly to someone
like myself, who drafted the legislation CFATS was modeled after.
While this report was extremely disappointing, I want to emphasize
that the CFATS program has many phases and these failures are in the
final phase--the compliance phase of the program. This program has
unquestionably improved the security of our chemical industry,
identifying dangerous chemicals of interest and establishing threshold
levels for those chemicals. It has also required high-risk facilities
to conduct vulnerability assessments, development site security plans,
and adopt security performance standards to mitigate identified
vulnerabilities.
The Government has already spent hundreds of millions of dollars
for this chemical security program and the private sector has spent
billions of dollars.
While the compliance phase is critical to the success of CFATS by
insuring that identified security measures have been implemented by our
high-risk chemical facilities, these management problems are all
correctable.
I was pleased to see your quick response to these management
failures by issuing your list of corrective action items. What was
missing in your action item list were priorities and time lines.
Without leadership, priorities, and supervision, you end up hiring
unqualified inspectors and paying them for jobs that don't yet exist.
I look forward to hearing your plans to reorganize this office so
it can accomplish its mission--approving site security plans (SSP),
inspecting these facilities and ensuring that they implement the risk-
based security measures outlined in their SSP.
I also want to be clear that there will be no more surprises as we
finish implementing the CFATS program. I will conduct vigorous
oversight of the Infrastructure Security Compliance Division action
plan by requiring Director Anderson to report to our staff on a
quarterly basis what action items and reforms have been implemented.
I now recognize the gentle lady from New York, Ms. Clarke, for her
opening statement.
Mr. Lungren. It is now my pleasure to recognize the
gentlelady from New York, Ms. Clarke, the Ranking Member of the
subcommittee for her opening statement.
Ms. Clarke. Thank you, Mr. Chairman. Thank you for calling
this hearing on the chemical facilities anti-terrorism
standards program. The Under Secretary's Office provided us
with a confidential memorandum report that he ordered in summer
2011 for internal use, but was leaked to the news media and a
summary article published in December.
We have been provided with a rare insight into the internal
workings of a regulatory program that is experiencing drastic
spasms. The CFATS issues before us today are greater than just
the leaked internal memorandum that made headlines late last
year.
Let me review the facts. The Department established CFATS
in fiscal year 2007 and has received approximately $442 million
since then in appropriated funds to implement both the CFATS
and ammonium nitrate programs. The Department has testified
numerous times as to the successful issuance of regulation and
establishment of a regulatory framework, and DHS has annually
engaged stakeholders in a chemical security summit.
The information memorandum contains information that raises
questions about the accuracy of those presentations. The
information memorandum, for example, states that millions of
dollars of training contracts have resulted in no compliance
inspector training, the information technology systems are
insufficient to meet ISCD needs, and that regional and
headquarter locations invested in unneeded capabilities
inconsistent with mission needs.
The information memorandum identifies a series of
institutional flaws such as a lack of a system for tracking the
usage of consumable supplies, pay grades not aligning with job
requirements, and weak leadership providing the appearance of
favoritism, cronyism, and retribution.
Here is what is really disturbing. The fact that DHS raised
none of these points in its prior testimony or discussions,
instead presenting the appearance of an on-going regulatory
program. While the Under Secretary has testified that he was
not aware of the scope of the problems within ISCD until 2011,
the senior ISCD official in charge would seemingly have
possessed detailed information not available to the Under
Secretary.
Additionally, Congress has required, through appropriations
report language, both reports and briefings on facets of the
CFATS program, none of which reported the challenges ISCD was
experiencing.
It is our job to attempt to identify the root causes of the
challenges experienced by ISCD in order to avoid similar
problems in other agencies in an attempt to identify how prior
appropriated funds were spent and what value was received and
how we should attempt to identify the official or officials
responsible for the failures in ISCD performance.
Mr. Chairman, besides the fact-finding that we need to do,
there is a bigger question of authorization. It seems only
reasonable to me that in light of these leaked memorandums--
excuse me, this leaked memorandum--and the host of problems it
outlines for the CFATS program, it will behoove Congress to
think again about giving the program an extended authorization
without further committee oversight and guidance.
As you know, I offered two amendments limiting the 7-year
authorization proposed in H.R. 901. I think the idea of
limiting the authorization of this troubled program looks
pretty good today. Last Congress we brought in all the
stakeholders to craft legislation to fully authorize the
program. It was a major undertaking. We brought in industry and
labor and everyone else who had a concern about this issue.
That is the kind of guidance and authorization this troubled
program needs.
What I do know is that the front-line workers in every
Government program, whether it be law enforcement, management,
or regulatory programs, are the heart of the service to the
American people. To protect us they make sure things are secure
and they interact with business and industry and citizens every
day. These are the important workers in your CFATS program.
I am very keen to hear the testimony today of David Wright
who represents the inspectors, the lead workers, who make up
the inspector cadre, the core and the heart of this program. We
need to get their views on the problems you have found if we
are to solve these challenges.
Mr. Chairman, I hope we are going to hear some of the
answers we need today. I yield back the balance of my time.
[The statement of Ms. Clarke follows:]
Statement of Ranking Member Yvette D. Clarke
March 6, 2012
Mr. Chairman, thank you for calling this hearing on the Chemical
Facilities Anti-Terrorism Standards program. The Under Secretary's
office provided us with a confidential memorandum report that he
ordered in the summer 2011, for internal use, but was leaked to the
news media, and a summary article published in December. We have been
provided with a rare insight into the internal workings of a regulatory
program that is experiencing drastic spasms.
The CFATS issues before us today are greater than just the leaked
internal memorandum that made headlines late last year. Let me review
the facts:
The Department established CFATS in fiscal year 2007 and has
received approximately $442 million since then in appropriated
funds to implement both the CFATS and ammonium nitrate
programs.
The Department has testified numerous times as to the
successful issuance of regulation and establishment of a
regulatory framework, and DHS has annually engaged stakeholders
in a chemical security summit.
The information memorandum contains information that raises
questions about the accuracy of those presentations. The
information memorandum, for example, states that millions of
dollars of training contracts have resulted in no compliance
inspector training, that information technology systems are
insufficient to meet ISCD needs, and that regional and
headquarters locations invested in unneeded capabilities
inconsistent with mission needs.
The information memorandum identifies a series of
institutional flaws, such as the lack of a system for tracking
the usage of consumable supplies, pay grades not aligning with
job requirements, and weak leadership providing the appearance
of favoritism, cronyism, and retribution.
Here's what really disturbing, the fact that DHS raised none
of these points in its prior testimony or discussions, instead
presenting the appearance of an on-going regulatory program.
While the Under Secretary has testified that he was not aware of
the scope of the problems within ISCD until 2011, the senior ISCD
official in charge would seemingly have possessed detailed information
not available to the Under Secretary. Additionally, Congress has
required through appropriations report language both reports and
briefings on facets of the CFATS program, none of which reported the
challenges ISCD was experiencing.
It is our job to attempt to identify the root causes of the
challenges experienced by ISCD in order to avoid similar problems in
other agencies, and attempt to identify how prior appropriated funds
were spent and what value was received, and we should attempt to
identify the official or officials responsible for the failures in ISCD
performance.
Mr. Chairman, besides the fact-finding that we need to do, there is
a bigger question of authorization. It seems only reasonable to me that
in light of this leaked memorandum and the host of problems it outlines
for the CFATS program, it would behoove Congress to think again about
giving the program an extended authorization without further committee
oversight and guidance. As you know, I offered two amendments limiting
the 7-year authorization proposed in H.R. 901, and I think the idea of
limiting the authorization of this troubled program looks pretty good
today.
Last Congress we brought in all the stakeholders to craft
legislation to fully authorize this program. It was a major
undertaking. We brought in industry and labor and everyone else who had
a concern about this issue, that's the kind of guidance and
authorization this troubled program needs.
What I do know is that the front-line workers in every Government
program; whether it be law enforcement, management, or regulatory
programs, are the heart of the service to the American people. They
protect us, they make sure things are secure, and they interact with
business and industry and citizens everyday. These are the important
workers in your CFATS program, and I am very keen to hear the testimony
today of David Wright who represents the inspectors, the lead workers
who make up the inspector cadre, the core and heart of this program. We
need to get their views on the problems you have found if we are to
solve these challenges.
Mr. Chairman, I hope we are going to hear some of the answers we
need today and, I yield back.
Mr. Lungren. The gentlelady yields back.
Other Members of the committee are reminded their opening
statements may be submitted for the record.
[The statement of Ranking Member Thompson follows:]
Statement of Ranking Member Bennie G. Thompson
March 6, 2012
Mr. Chairman, thank you for holding today's hearing.
Congress expressed concern about the safety and security of
chemical facilities long before 9/11.
The danger of a sudden release of hazardous chemical fumes caused
by a terrorist attack is a nightmare scenario.
In 2006, Congress passed legislation providing the Department of
Homeland Security with the ability to assure that chemical plants are
safe and secure. This year, the authorization for that program will
expire.
Much should have happened in 6 years. But unfortunately, there is
not much progress to report.
In December 2011, we learned about the stunning lack of progress
and the serious programmatic failures when an internal memo on the
CFATS program was leaked.
It is my understanding that the Under Secretary stated on a prior
occasion that the memo ``fails to provide a complete picture of the
program.''
It is difficult for any document to capture the complete picture.
But while a picture may be incomplete, it still may be accurate.
Mr. Under Secretary, I hope your testimony covers whether many of
the troubling assertions contained in the internal memo are accurate:
Is the ISCD ready to conduct a compliance inspection?
Will inspectors will be able to review more than 20
facilities per year?
Does the unit suffer from low morale and perceptions of
favoritism?
Have job descriptions been developed?
Have in-house training courses been developed?
How much is spent on contractors?
Are contractors performing inherently Governmental
functions?
Without the answer to these questions, we cannot answer the most
important question--when will the CFATS program be fully operational?
Finally, Mr. Chairman, I need to point out that a fully functioning
program cannot occur in an atmosphere of blame and recrimination.
The most troubling aspect of this internal memo is that it makes
clear that the management of this program has developed a belief that
finger-pointing and blame are an effective way of addressing the
concerns of front-line workers.
Leadership does not point fingers. Leadership joins hands and works
together.
This program will only become fully functional with leadership and
hard work.
Mr. Under Secretary, if you do not have that kind of leadership in
this program now, I suggest you attain it quickly.
There can be no doubt that a lack of administrative clarity and
management commitment impeded this program in the past.
Congress must conduct vigilant oversight to assure that the program
begins to move forward.
These challenges show the need for a detailed, biennial
reauthorization process.
With that, I yield back.
Mr. Lungren. We are pleased to have three very
distinguished witnesses before us today on this important topic
in our first panel. Rand Beers, the Under Secretary for the
National Programs and Protection Directorate at the Department
of Homeland Security, a position he has held since June 2009.
In this role he is tasked to reduce risk to physical cyber and
communications infrastructure and collaborate with governments,
the private sector, nongovernment organizations, and
international bodies to prevent, respond to, and mitigate
threats to U.S. National security from acts of terrorism,
natural disaster, and other catastrophic events.
Ms. Penny Anderson serves as the director of the Department
of Homeland Security National Protection and Program
Directorate's Office of Infrastructure Protection,
Infrastructure Security Compliance Division. Ms. Anderson is
responsible for leading the implementation of DHS regulatory
authority for the Nation's high-risk chemical facilities, as
well as supporting National-level critical infrastructure risk
management, preparedness, and protection programs. Before
joining NPPD, Ms. Anderson served as the Transportation
Secretary Administration Federal Security Director for West
Michigan from November 2007 to July 2011. In this capacity she
was the primary point of coordination and oversight for
transportation security management in West Michigan, including
implementation of all TSA security compliance programs in that
region.
Mr. Dave Wulf joined the Department of Homeland Security in
July 2011 as the deputy director of the Infrastructure Security
Compliance Division, ISCD, within the Office for Infrastructure
Protection. In this role Mr. Wulf leads the National
implementation of the chemical facility anti-terrorism
standards program to assess high-risk chemical facilities,
promote collaborative security planning, and ensure that
covered facilities meet risk-based performance stands. Mr. Wulf
also manages the Department's efforts to establish and
implement a regulatory regime for ammonium nitrate products.
Prior to joining DHS, Mr. Wulf held a number of positions at
the Bureau of Alcohol, Tobacco, Firearms, and Explosives,
serving among other roles as the Chief of Bureau's Office of
Regulatory Affairs and Director of the National Center for
Explosives, Training, and Research.
Thank you all for being here. We will remind you that your
full written testimony will be made a part of the record. We
would ask you for a summary of 5 minutes. We have got the light
system to guide you on that.
We will just start from my left to right with Secretary
Beers first.
STATEMENT OF HON. RAND BEERS, UNDER SECRETARY, NATIONAL
PROTECTION AND PROGRAMS DIRECTORATE, DEPARTMENT OF HOMELAND
SECURITY
Mr. Beers. Thank you, Chairman Lungren and Ranking Member
Clarke, as well as distinguished Members of the subcommittee.
It is a pleasure to be here before you today to discuss the
Department's efforts to regulate security at high-risk chemical
facilities under the Chemical Facilities Anti-terrorism
Standards Act.
Alongside me today, as you indicated, are Penny Anderson
and David Wulf, the director and deputy director respectively
of the Infrastructure Security Compliance Division. They manage
CFATS program and they are also the authors of the internal
assessment, which I will discuss shortly. They are here with me
today to answer any questions that you might have about the
original content of that assessment.
As you are aware, the Department's current statutory
authority to implement CFATS, section 550 of fiscal year 2007
Department of Homeland Security Appropriations Act, as amended,
was recently extended through October 4, 2012. I strongly
believe that the CFATS program is a program that we need, and I
am confident that it has made America safer, and I would
welcome the opportunity to continue to work with this committee
and the Congress and all levels of government and the private
sector to further improve this vital National security program.
Since CFATS' inception we have issued the basic rule, we
have defined the chemicals of interest, we have jointly
conducted two surveys with industry to define the facilities
that have a substantial enough quantity of these chemicals
determined to be high-risk.
After receiving the initial submissions of more than 40,000
facilities potentially under the program, we have narrowed the
number of covered facilities to approximately 4,500. In that
process 1,600 facilities completely removed their chemicals of
interest and more than 700 other facilities have reduced their
holdings of chemicals of interest to levels resulting in that
the facilities are no longer being considered high-risk. These
actions, many of which NPPD believes were the result of choices
made by facilities after the Congressional passage of section
550 and the adoption of the CFATS regulation, have helped
reduce the number of high-risk chemical facilities located
throughout the Nation and have correspondingly made the Nation
more secure.
The Department has done much work over the past few years
to establish and implement the unprecedented regulatory
program, but CFATS clearly has challenges that still need to be
addressed. In recognition of this, upon the arrival of the
program's new director and deputy director this past summer, I
asked them to provide for my consideration their views on the
successes and challenges of the CFATS program. Candid, honest
assessments and critiques are valuable tools in evaluating
progress and determining where improvements are needed.
Furthermore, in an unprecedented program like CFATS, such
corrections can be expected and on-going decisions will need to
be made.
In late 2011 a detailed report was hand-delivered to me in
November. It is important to note that in addition to the
referenced challenges, the report also proposed for my
consideration a charted path to addressing these challenges;
specifically the action plan, with detailed recommendations for
addressing the issues identified, are those that we have shared
with the committee. Since my receipt of the report we now have
nearly 100 action items contained in this plan, and each has
been assigned to a member of the program senior leadership team
for action, and we have already seen progress on many of these
items.
For accountability, planning, and tracking purposes, the
members of the leadership team have been asked to provide
milestones and a schedule for completion of each of the tasks
assigned. The program's acting chief of staff will monitor
progress.
In addition, program leadership meets weekly with my
principal deputy under secretary, Suzanne Spalding, and
provides updates as appropriate. As I said, I am happy to
report that we have already made tangible progress in
addressing some of the challenges of this report.
One issue identified in the report is the completion of
site security plans, and we have reviewed those in I think a
consistent, reasonable, and timely fashion. We have an interim
review process that is allowing the Department to authorize
Tier 1 facility plans in a more effective and timely manner.
Using this interim report approach over the last few months
ISCD has been able to more than quadruple the number of
authorized plans. Specifically, as of January, we have 55
different SSPs that have been conditionally authorized. We
expect to complete all the Tier 1 site security plan
authorizations and to notify facilities in the coming months
ahead. ISCD also expects to begin issuing authorizations to
Tier 2 facilities in fiscal year 2012.
While this interim review process is underway, we are also
working on an even more efficient long-term approach to site
security plan reviews for Tiers 2, 3, and 4. The Department
takes its responsibility seriously for the CFATS program and
the Nation's security, and we are moving forward quickly and
strategically to address the challenges before us.
Again, we believe that CFATS is making the Nation safer and
we are dedicated to its success. We will make the necessary
course corrections to improve the program and to better protect
the Nation.
Thank you, sir and madam, and all the Members for holding
this important meeting. I am happy to respond to any of the
questions that you might have.
[The statement of Mr. Beers follows:]
Prepared Statement of Rand Beers
March 6, 2012
Thank you, Chairman Lungren, Ranking Member Clarke, and
distinguished Members of the committee. It is a pleasure to appear
before you today to discuss the Department of Homeland Security's (DHS)
efforts to regulate the security of high-risk chemical facilities under
the Chemical Facility Anti-Terrorism Standards (CFATS).
As you are aware, the Department's current statutory authority to
implement CFATS--Section 550 of the fiscal year 2007 Department of
Homeland Security Appropriations Act, as amended was recently extended
through October 4, 2012. I believe strongly in the CFATS program and
welcome the opportunity to continue to work with the committee,
Congress, and all levels of government and the private sector to
further improve this vital National security program.
In the interest of facilitating that collaboration, my testimony
today focuses on the current status of the program, examples of the
program's successes to date, some of the current challenges facing the
National Protection and Programs Directorate (NPPD) in implementing
CFATS, and the actions we are taking to address these challenges.
Additionally, I will reiterate the principles that we believe should
guide the program's maturation and continued authorization.
At my direction, the program's leadership has outlined their
priorities, the challenges they believe the program faces, and a
proposed path forward to address those challenges and accomplish
program objectives. I assure the committee that the CFATS program is
making progress; that NPPD, the Directorate with oversight
responsibility for the CFATS program, is continuously reviewing the
program to identify areas for improvement and correcting course when
necessary to ensure proper implementation; and that CFATS's value as a
National security program warrants your support and commitment.
chemical facility security regulations
Section 550 of the fiscal year 2007 Department of Homeland Security
Appropriations Act directed the Department to develop and adopt, within
6 months, a regulatory framework to address the security of chemical
facilities that the Department determines pose high levels of risk.
Specifically, Section 550(a) of the Act authorized the Department to
adopt rules requiring high-risk chemical facilities to complete
Security Vulnerability Assessments (SVAs), develop Site Security Plans
(SSPs), and implement protective measures necessary to meet risk-based
performance standards established by the Department. Consequently, the
Department published an Interim Final Rule, known as CFATS, on April 9,
2007. Section 550, however, expressly exempts from those rules certain
facilities that are regulated under other Federal statutes,
specifically those regulated by the United States Coast Guard pursuant
to the Maritime Transportation Security Act (MTSA), drinking water and
wastewater treatment facilities as defined by Section 1401 of the Safe
Water Drinking Act and Section 212 of the Federal Water Pollution
Control Act, and facilities owned or operated by the Departments of
Defense or Energy, as well as certain facilities subject to regulation
by the Nuclear Regulatory Commission (NRC).
The following core principles guided the development of the CFATS
regulatory structure:
1. Securing high-risk chemical facilities is a comprehensive
undertaking that involves a National effort, including all
levels of government and the private sector.--Integrated and
effective participation by all stakeholders--Federal, State,
local, Tribal, and territorial government partners as well as
the private sector--is essential to securing our critical
infrastructure, including high-risk chemical facilities.
Implementing this program means tackling a sophisticated and
complex set of issues related to identifying and mitigating
vulnerabilities and setting security goals. This requires a
broad spectrum of input, as the regulated facilities bridge
multiple industries and critical infrastructure sectors. By
working closely with members of industry, academia, and
partners across government at every level, we leveraged vital
knowledge and insight to develop the regulation;
2. Risk-based tiering is used to guide resource allocations.--Not
all facilities present the same level of risk. The greatest
level of scrutiny should be focused on those facilities that
present the highest risk--those that, if attacked, would
endanger the greatest number of lives;
3. Reasonable, clear, and calibrated performance standards will
lead to enhanced security.--The CFATS rule establishes
enforceable risk-based performance standards (RBPS) for the
security of our Nation's chemical facilities. High-risk
facilities have the flexibility to develop appropriate site-
specific security measures that will effectively address risk
by meeting these standards. NPPD's Infrastructure Security
Compliance Division (ISCD), the Division within NPPD
responsible for managing CFATS, will analyze all final high-
risk facility SSPs to ensure they meet the applicable RBPS and
will approve those that do. If necessary, ISCD will work with a
facility to revise and resubmit an acceptable plan and can
disapprove security plans if an acceptable plan is not
submitted; and
4. Recognition of the progress many companies have already made in
improving facility security leverages those advancements.--Many
companies made significant capital investments in security
following 9/11, and even more have done so since the passage of
the legislation establishing this program. Building on that
progress in implementing the CFATS program will raise the
overall security baseline at high-risk chemical facilities.
On November 20, 2007, the Department published CFATS's Appendix A,
which lists 322 chemicals of interest--including common industrial
chemicals such as chlorine, propane, and anhydrous ammonia--as well as
specialty chemicals, such as arsine and phosphorus trichloride. The
Department included chemicals based on the potential consequences
associated with one or more of the following three security issues:
1. Release--Toxic, flammable, or explosive chemicals that have the
potential to create significant adverse consequences for human
life or health if intentionally released or detonated;
2. Theft/Diversion--Chemicals that have the potential, if stolen or
diverted, to be used as or converted into weapons that could
cause significant adverse consequences for human life or
health; and
3. Sabotage/Contamination--Chemicals that, if mixed with other
readily available materials, have the potential to create
significant adverse consequences for human life or health.
The Department also established a Screening Threshold Quantity for
each chemical of interest based on its potential to create significant
adverse consequences to human life or health in one or more of these
ways.
Implementation of the CFATS regulation requires the Department to
identify which facilities it considers high-risk. In support of this,
ISCD developed the Chemical Security Assessment Tool (CSAT) to help the
Department identify potentially high-risk facilities and to provide
methodologies those facilities can use to conduct SVAs and to develop
SSPs. CSAT is a suite of on-line applications designed to facilitate
compliance with the program; it includes user registration, the initial
consequence-based screening tool (Top-Screen), an SVA tool, and an SSP
template. The CSAT tool is a secure method as it can be accessed only
by Chemical-terrorism Vulnerability Information (CVI) authorized users.
Through the Top-Screen process, ISCD initially identifies high-risk
facilities, which the Department then assigns to one of four
preliminary risk-based tiers, with Tier 1 representing the highest
level of potential risk. Tiered facilities must then complete SVAs and
submit them to the Department for approval, although preliminary Tier 4
facilities may submit an Alternative Security Program (ASP) in lieu of
an SVA. Each SVA is carefully reviewed for its description of how
chemicals are managed and for physical, cyber, and chemical security
risks.
After completing its review of a facility's SVA, ISCD makes a final
determination as to whether the facility is high-risk and, if so,
assigns the facility a final risk-based tier. Each final high-risk
facility is then required to develop for ISCD approval an SSP or, if it
so chooses, an ASP, that addresses its identified vulnerabilities and
security issues and satisfies the applicable RBPS. ISCD's final
determinations as to which facilities are high-risk, and as to their
appropriate tier levels, are based on each facility's individual
security risk as determined by its Top-Screen, SVA, and any other
available information. The higher the facility's risk-based tier, the
more robust the security measures it will be expected to adopt in its
SSP. Risk tier will also be a factor in determining the frequency of
inspections.
The SSP is a critical element of the Department's efforts to secure
the Nation's high-risk chemical facilities; it enables final high-risk
facilities to document their individual security strategies for meeting
the applicable RBPS. The RBPS cover the fundamentals of security, such
as restricting the area perimeter, securing site assets, screening and
controlling access, cybersecurity, training, and response. Each high-
risk facility's security strategy and measures, as described in the
SSP, will be unique, as they depend on the facility's risk level,
security issues, characteristics, and other facility-specific factors.
In fact, under Section 550, the Department cannot mandate any specific
security measure to approve the SSP.
Therefore, the CSAT SSP tool collects information on how each
facility will meet the applicable RBPS. The SSP tool is designed to
take into account the complicated nature of chemical facility security
and allows facilities to describe both facility-wide and asset-specific
security measures. NPPD understands that the private sector generally,
and CFATS-affected industries in particular, are dynamic. The SSP tool
allows facilities to involve their subject-matter experts from across
the facility, company, and corporation, as appropriate, in completing
the SSP and submitting a combination of existing and planned security
measures to satisfy the RBPS. NPPD expects that most SSPs will comprise
both existing and planned security measures. Through a review of the
SSP, in conjunction with an on-site inspection, ISCD determines whether
a facility has met the requisite level of performance given its risk
profile and thus whether its SSP should be approved.
For additional context, I would like to provide you with an example
of how some facilities approach the development and submission of their
SSPs: In the case of a Tier 1 facility with a release hazard security
issue, the facility is required to restrict the area perimeter
appropriately, which may include preventing breach by a wheeled
vehicle. To meet this standard, the facility is able to propose
numerous security measures, such as by cables anchored in concrete
blocks along with movable bollards at all active gates or by perimeter
landscaping (e.g., large boulders, steep berms, streams, or other
obstacles) that would thwart vehicle entry. The Department will approve
the security measure as long as ISCD determines it to be sufficient to
address the applicable performance standard.
In May 2009, DHS issued Risk-Based Performance Standards Guidance
to assist high-risk chemical facilities in determining appropriate
protective measures and practices to satisfy the RBPS. It is designed
to help facilities comply with CFATS by providing detailed descriptions
of the 18 RBPS as well as examples of various security measures and
practices that could enable facilities to achieve the appropriate level
of performance for the RBPS at each tier level. The Guidance also
reflects public and private-sector dialogue on the RBPS and industrial
security, including public comments on the draft guidance document.
High-risk facilities are free to make use of whichever security
programs or processes they choose--whether or not in the Guidance--
provided that they achieve the requisite level of performance under the
CFATS RBPS.
implementation status
To date, ISCD has reviewed more than 40,000 Top-Screens submitted
by chemical facilities. Since June 2008, ISCD has notified more than
7,000 facilities that they have been initially designated as high-risk
and are thus required to submit SVAs; and ISCD has completed our review
of approximately 6,500 submitted SVAs. (Note, not all facilities
initially designated as high-risk ultimately submit SVAs or ASPs, as
some choose to make material modifications to their chemical holdings,
or make other changes, prior to the SVA due date that result in the
facility no longer being considered high-risk.) In May 2009, ISCD began
notifying facilities of their final high-risk determinations, risk-
based tiering assignments, and the requirement to complete and submit
an SSP or ASP.
In May 2009, ISCD issued 141 final tier determination letters to
the highest-risk (Tier 1) facilities, confirming their high-risk status
and initiating the 120-day time frame for submitting an SSP. After
issuing this initial set of final tier determinations, ISCD
periodically issued notifications to additional facilities of their
final high-risk status. To date, more than 4,100 additional facilities
have received final high-risk determinations and tier assignments, and
several hundred that were preliminarily-tiered by ISCD were informed
that they are no longer considered high-risk.
As of February 14, 2012, CFATS covers 4,464 high-risk facilities
Nation-wide; of these 4,464 facilities, 3,693 are currently subject to
final high-risk determinations and due dates for submission of an SSP
or ASP. The remainder of the facilities are awaiting final tier
determinations based on their SVA submissions. ISCD continues to issue
final tier notifications to facilities across all four risk tiers as we
make additional final tier determinations.
It should be noted that since the inception of CFATS, more than
1,600 facilities completely removed their chemicals of interest, and
more than 700 other facilities have reduced their holdings of chemicals
of interest to levels resulting in the facilities no longer being
considered high-risk. These actions, many of which NPPD believes were
the result of choices made by facilities after Congressional passage of
Section 550 and the adoption of the CFATS regulation, have helped
reduce the number of high-risk chemical facilities located throughout
the Nation, and have correspondingly made the Nation more secure. This
is just one way in which Congress's passage of Section 550 to authorize
the CFATS program is already helping to make our citizens safer and our
Nation more secure.
Prior to approving an SSP, ISCD must first authorize the SSP.
In February 2010, ISCD began conducting pre-authorization
visits of final-tiered facilities, starting with the Tier 1
facilities, and has completed approximately 180 such pre-
authorization visits to date. ISCD used these pre-authorization
visits to help gain a comprehensive understanding of the
processes, risks, vulnerabilities, response capabilities,
security measures and practices, and other factors at a covered
facility that affect security risk and to help facilities more
fully develop and explain the security measures in their SSPs.
After ISCD issues a Letter of Authorization for a facility's
SSP, ISCD conducts a comprehensive and detailed authorization
inspection before making a final determination as to whether
the facility's SSP satisfies all applicable RBPS.
To date, ISCD has authorized or conditionally authorized
55 of the 117 Tier 1 SSPs and conducted 10 authorization
inspections.
Facilities that successfully pass inspection and that DHS
determines have satisfied the RBPS will then be issued
Letters of Approval for their SSPs.
Facilities must fully implement their approved SSPs to be
considered CFATS-compliant.
ISCD plans to issue the first Letters of Approval this
year and is currently conducting its due diligence to
ensure that the existing or planned security measures at
any facility that will receive a Letter of Approval will,
in fact, meet the appropriate risk-based performance
standards.
It is important to note that many of the roughly 4,000 SSPs
or ASPs received to date have required or likely will require
substantial additional information and clarification from the
facilities, adding to the time line as DHS works with the
facilities to fill in the gaps and finalize their SSP or ASP
submissions.
Under CFATS, when a facility does not meet its obligations
under the program, an Administrative Order is the first formal
step toward enforcement. An Administrative Order does not
impose a penalty or fine but directs the facility to take
specific action to comply with CFATS--for example, to complete
an overdue SSP within a specified time frame.
If the facility does not comply with the Administrative
Order, the Department may issue an Order Assessing Civil
Penalty of up to $25,000 each day the violation continues and/
or an Order to Cease Operations.
In June 2010, ISCD issued its first Administrative Orders to
18 chemical facilities for failure to submit an SSP. During the
remainder of the year, ISCD issued an additional 48
Administrative Orders to chemical facilities that had failed to
submit their SSPs in a timely manner under CFATS. We are
pleased to report that all 66 facilities complied with the
Administrative Orders issued. As CFATS implementation
progresses, we expect to continue to exercise our enforcement
authority to ensure CFATS compliance.
outreach efforts
Since the release of CFATS in April 2007, ISCD has taken
significant steps to publicize the rule and ensure that the regulated
community and our security partners are aware of its requirements. As
part of this outreach program, ISCD has regularly updated impacted
sectors through their Sector Coordinating Councils and the Government
Coordinating Councils of industries most impacted by CFATS, including
the Chemical, Oil and Natural Gas, and Food and Agriculture Sectors.
ISCD has also solicited feedback from our public and private sector
partners and, where appropriate, has reflected that feedback in
implementation activities.
To date, ISCD inspectors have conducted nearly 900 Compliance
Assistance Visits and have held more than 3,000 informal introductory
meetings with owners and/or operators of CFATS-regulated facilities.
ISCD staff have presented at hundreds of security and chemical industry
conferences; participated in a variety of other meetings of relevant
security partners; established a Help Desk for CFATS questions that
receives between 40 and 80 calls daily; put in place a CFATS tip-line
for anonymous chemical security reporting; and developed and regularly
updated a highly regarded Chemical Security website (www.DHS.gov/
chemicalsecurity), which includes a searchable Knowledge Center. ISCD
has also offered regular SSP training webinars to assist high-risk
facilities to complete their SSPs.
In addition, ISCD continues to focus on fostering solid working
relationships with State and local officials as well as first
responders in jurisdictions with high-risk facilities. To meet the
risk-based performance standards under CFATS, facilities need to
cultivate and maintain effective working relationships--including a
clear understanding of roles and responsibilities--with local officials
who aid in preventing, mitigating, and responding to potential attacks.
To facilitate these relationships, ISCD inspectors have been actively
working with facilities and officials in their areas of operation, and
they have participated in more than 2,000 meetings with Federal, State,
and local partners, including more than 100 Local Emergency Planning
Committee meetings. Such meetings afford ISCD inspectors with an
opportunity to provide our Federal, State, and local security partners
with a better understanding of CFATS requirements and allow our
inspectors to gain insight into the activities of Federal, State, and
local partners operating within their jurisdictions.
Other efforts to ensure State and local awareness of and
involvement in CFATS include the joint development with the State,
Local, Tribal, and Territorial Government Coordinating Council and
sharing of outreach materials specifically tailored to the emergency
response community, which summarize CFATS programs and processes for
local emergency responders; annual collaboration with the State of New
Jersey's Office of Homeland Security and Preparedness and participation
in several CFATS-based workshops hosted by the State that have brought
together facility owners/operators, site security personnel, emergency
responders, and other State-based stakeholders; and participation in
two successful CFATS workshops hosted by the State of Michigan in
Detroit and Midland, Michigan. Moving forward, ISCD hopes to continue
and expand our collaborative efforts with our State partners on CFATS-
based workshops. Additionally, in May 2010, ISCD launched a web-based
information-sharing portal called ``CFATS-Share.'' This tool provides
selected Federal, State, and local stakeholders, such as interested
State Homeland Security Advisors and their designees, DHS Protective
Security Advisors, the National Infrastructure Coordinating Center, the
DHS Chemical Sector-Specific Agency, as well as certain members of the
State, Local, Tribal and Territorial Government Coordinating Council,
access to key details on CFATS facility information as needed.
ISCD also continues to collaborate within DHS and with other
Federal agencies in the area of chemical security, including routine
engagement among the NPPD's subcomponents and with the USCG, the
Transportation Security Administration, the Department of Justice's FBI
and Bureau of Alcohol, Tobacco, Firearms and Explosives, the NRC, and
the EPA. An example of this coordination includes the establishment of
a joint ISCD/USCG CFATS-MTSA Working Group to evaluate and, where
appropriate, implement methods to harmonize the CFATS and MTSA
regulations. Similarly, NPPD has been working closely with the EPA to
begin evaluating how the CFATS approach could be used for water and
wastewater treatment facilities.
Internally, we are continuing to build ISCD. We have hired, or are
in the process of on-boarding, more than 206 people, and we are
continuing to hire to meet our staffing goal of 253 positions this
fiscal year. These numbers include our field inspector cadre, where we
have filled 102 of 108 field inspector positions and all 14 field
leadership positions.
identified challenges and next steps
The Department, NPPD, and ISCD have done much work over the past
few years to establish and implement this unprecedented regulatory
program, but CFATS still has challenges to address. In recognition of
this, upon the arrival of ISCD's new Director and Deputy Director, I
asked them to provide for my consideration their views on the successes
and challenges of the CFATS program. Candid, honest assessments and
critiques are valuable tools in evaluating progress and determining
where improvement is needed. Furthermore, course corrections are to be
expected and on-going decisions will need to be made.
In late November 2011, the ISCD Director and Deputy Director hand-
delivered to me a memo providing their views. It is important to note
that, in addition to the referenced challenges, the ISCD memorandum
also proposed for my consideration a charted path to addressing the
challenges. Specifically, the memorandum included an Action Plan with
detailed recommended steps for addressing the issues identified, and we
have shared those with the committee. Since my receipt of the ISCD
memorandum, each of the nearly 100 action items contained in the
proposed Action Plan has now been assigned to a member of ISCD's senior
leadership team for action, and I have already seen progress on many of
these items. For accountability, planning, and tracking purposes, the
members of that leadership team have been asked to provide milestones
and a schedule for the completion of each task assigned to them, and
the Acting ISCD Chief of Staff will monitor progress. In addition, ISCD
leadership meets with my Principal Deputy Under Secretary at least once
a week to provide status updates on the action items.
The speed with which the program was stood up necessitated some
decisions that, at the time, seemed appropriate. For example, at the
program's outset, certain roles and responsibilities were envisioned
for the program staff that, in the end, did not apply. This resulted in
the hiring of some employees whose skills did not match their ultimate
job responsibilities and the purchase of some equipment that in
hindsight appears to be unnecessary for chemical inspectors.
Additionally, we initially envisioned a greater number of field offices
than we determined were necessary to deploy in our current environment.
These decisions and the subsequent challenges that have resulted from
them are directly related to the accelerated stand-up of the program--
and while we regret that they occurred, we consider them valuable
lessons learned.
program successes
I would like to point out to the committee that NPPD has made
progress in addressing some of the other challenges in the ISCD
memorandum and Action Plan. One identified challenge regards the
ability of ISCD to complete SSP reviews in a consistent, reasonable,
and timely fashion. To help overcome past difficulties in meeting this
challenge, ISCD is utilizing an interim SSP review process that is
allowing the Department to review Tier 1 facility SSPs in a more
effective and timely manner.
Over the past few months, ISCD has been able to more than quadruple
the number of authorized SSPs, and I am pleased to report that as of
February 21, 2012, 55 of the 117 Tier 1 SSPs have been authorized or
conditionally authorized. ISCD expects to complete its review of all
Tier 1 SSPs and to notify the facilities of ISCD's decisions on those
SSPs within the coming months. ISCD also expects to begin issuing
authorizations to Tier 2 facilities during fiscal year 2012. While this
interim review process is under way, ISCD is also working on an even
more efficient long-term approach to SSP review for facilities in Tiers
2, 3, and 4. This long-term approach will incorporate lessons learned.
A second challenge identified in the memorandum concerns
organizational culture and morale. Based in part on internal staff
surveys and personal observation, ISCD leadership believes that
improved internal communication, stronger programmatic leadership,
consistent levels of accountability, and a clearly articulated shared
vision and values will significantly improve morale throughout ISCD.
The Action Plan contains numerous planned or proposed actions designed
to achieve this goal, many of which already are being implemented.
For instance, ISCD employees now contribute to, and receive a
monthly ISCD newsletter and weekly updates on ISCD events in an effort
to improve internal communications; numerous ISCD Director-led town
halls and open-door sessions have been held with employees in the
District of Columbia and throughout the country; vacancy announcements
that will be used to hire a permanent leadership team to support the
new Director and Deputy Director are going through the Departmental
human capital process; more thorough supervisory training and guidance
on performance monitoring is being identified and will be provided to
all Divisional supervisors; and a cross-Divisional working group was
established to update or develop a Division mission statement, vision
statement, and statement of core values, which will be shared and
consistently reinforced with all ISCD staff. Through these and other
activities, I believe that Division-wide morale is improving, which
ultimately will pay dividends not only in improved staff retention, but
also in improved staff performance. In addition, ISCD leadership has
worked with, and will continue to work with, the CFATS inspector
cadre's union to develop and implement appropriate and sustainable
solutions to address these challenges.
In working on implementing action items and identifying the best
solutions for the challenges facing CFATS, NPPD leadership is committed
to receiving input from and, where appropriate, collaborating with the
regulated community and our Federal, State, and local partners.
NPPD, ISCD, and the Department are taking our responsibilities for
the CFATS program and the Nation's security seriously and are moving
forward quickly and strategically to address the challenges before us.
We believe that CFATS is making the Nation safer and are dedicated to
its success. We will make the necessary course corrections to improve
the program to better protect the Nation.
legislation to permanently authorize cfats
We have benefited from the constructive dialogue with Congress,
including Members of the committee, as it continues to contemplate new
authorizing legislation for CFATS. The Department recognizes the
significant work that the committee and others have accomplished to
reauthorize the CFATS program. We appreciate this effort and look
forward to continuing the constructive engagement with Congress on
these important matters.
The Department supports a permanent authorization for the CFATS
program and is committed to working with Congress and other security
partners to establish a permanent authority for the CFATS program in
Federal law.
conclusion
As the activities described above demonstrate, NPPD is continuing
to make progress in the implementation of CFATS. CFATS already is
reducing the risks associated with our Nation's chemical
infrastructure. In August 2011, the American Chemistry Council (ACC)
conducted a survey of CFATS-regulated facility owners covering
approximately 800 facilities and received over 135 responses. Among
other things, the ACC survey found that the majority of respondents
believe extending CFATS will improve chemical security at CFATS-
regulated facilities. The results also revealed that companies have
made substantial investments in security upgrades as a result of CFATS,
and plan to make additional investments following ISCD approval of
their SSPs.
As we implement CFATS, we will continue to work with industry, our
Federal partners, States, and localities to get the job done, meet the
challenges identified in the ISCD report, and effectuate the continuing
utility of the program in preventing terrorists from exploiting
chemicals or chemical facilities in a terrorist attack against this
country.
Thank you for holding this important hearing. I would be happy to
respond to any questions you may have.
Mr. Lungren. Thank you very much Mr. Secretary.
Now Ms. Anderson.
STATEMENT OF PENNY J. ANDERSON, DIRECTOR, INFRASTRUCTURE
SECURITY COMPLIANCE DIVISION, OFFICE OF INFRASTRUCTURE
PROTECTION, DEPARTMENT OF HOMELAND SECURITY
Ms. Anderson. Thank you, Mr. Chairman. Thank you for the
opportunity to meet with you and the Members of the
subcommittee today.
I appreciate the opportunity to talk about the CFATS
program, where we are and where we need to go. I particularly
appreciate the opportunity to provide some context for this
internal memorandum. As we are all aware, that is what this
was. It was not an investigative report, it was an internal
memorandum to my leadership, expressing Mr. Wulf's and my
observations about what we thought our priorities should be,
what our challenges are, and, most importantly, about the way
forward. Because it was written in that context and meant in
that way, it didn't provide the context that would have been
necessary for external readers of the program. Again, I
appreciate the opportunity in that regard to provide some
context.
I would last like to say that while I view the challenges
identified within that memorandum as not insignificant, I also
do not view them as insurmountable. I think that an awful lot
of good work has been done by a lot of really good, hardworking
people, and that we can make the corrections necessary to keep
us on the right track and move us down the road. I again look
forward to discussing with you that way forward. Thank you,
sir.
Mr. Lungren. Thank you.
The Chair now recognizes Mr. Wulf to testify.
STATEMENT OF DAVID WULF, DEPUTY DIRECTOR, INFRASTRUCTURE
SECURITY COMPLIANCE DIVISION, OFFICE OF INFRASTRUCTURE
PROTECTION, DEPARTMENT OF HOMELAND SECURITY
Mr. Wulf. Thank you, Mr. Chairman. I don't want to
reiterate the remarks of the Under Secretary and Director
Anderson. But I will just say that I very much appreciate the
opportunity to be here today. Both Director Anderson and I
arrived at ISCD NPPD about 8 months ago. I just cannot say
enough about how excited I was to join the team at the
Department and NPPD, and specifically within our division. It
is really filled with just a huge number of talented and
committed individuals who are just completely dedicated to
moving the CFATS and our ammonium nitrate program forward.
As Director Anderson mentioned, our report did identify a
number of significant challenges. In no way are those
challenges insurmountable. We are looking forward to continuing
to work with our industry stakeholders, as well as stakeholders
within the union, to move the program forward. I am looking
forward to answering questions about the program today. Thank
you so much.
Mr. Lungren. All right.
We will have a first round of questions, 5 minutes apiece.
I will recognize myself for the purpose of asking questions.
Mr. Wulf, Ms. Anderson, if I were to just take the
testimony you just gave just now, I would think everything was
hunky-dory, that we are moving ahead, we have minor problems,
we don't have to worry about it. I would hope that that would
be the case. But in the memo you outlined some serious
problems. If you were to make an overarching statement about
the nature of the problems, what would it be? Ms. Anderson.
Ms. Anderson. Thank you, sir, for that question. An
overarching statement about the challenges. I think that many
of the challenges that we are facing are challenges that are
not uncommon to a new program standing up in a Government
environment, standing up very quickly. The statement you often
hear is ``building an airplane while flying it.''
What we are doing I think is moving in the right direction.
I think that a lot of the work that has been done is important,
it has provided a sound basis for the program technically, and
that the vast majority of the challenges are not programmatic
but more administrative in nature.
Mr. Lungren. Let me ask you this. One of the first things
you mention in the memo is at the beginning of the CFATS
program the specific requirements of our Congressional mandate
resulted in extraordinary pressure to proceed with the
development implementation of the program at an impractical
pace. What do you mean by that? I mean Congress oftentimes
urges the Executive Branch to get moving on something. This is
important. We always use the expression, ``It is not rocket
science,'' but I mean, this does involve science and does
involve chemicals, chemistry, et cetera. But what is the cause
of this extraordinary pressure? Is that really an excuse for
what you found?
Ms. Anderson. Mr. Chairman, I wasn't here when the program
stood up, and it is difficult for me to speak to what was in
people's minds, people who are not here to talk about that. But
what has been expressed to me, and I would certainly defer to
the Under Secretary to clarify or add to this, is that there
was every effort to understand, to recognize Congress' sense of
urgency in terms of the importance, the criticality of this
program, making sure that chemical facilities were secure and
that we mitigate the risk to those facilities. In the spirit of
that, we rushed forward rather quickly, and, again, in the
spirit of any new regulatory program or any new program, hit
some bumps in the road and have had to take some course
corrections. It is a big program, it is a complex program, and
I think it is not unusual to encounter some challenges on the
way.
Mr. Lungren. Under Secretary Beers, the administration has
asked for an extension, it is not a permanent--it is about as
permanent as you can get in the Executive Branch--extension, a
multi-year extension. It is one of the things that I have
supported because I do believe in this program. But what would
you say to the critics who suggest that the revelations that
are contained in this memo are evidence that we have got to go
back to ground zero, that in fact the program has failed, that
the fact that you have had these difficulties with respect to
the compliance phase is an indication of the lack of foundation
of the program itself?
Mr. Beers. Sir, in answer to that, I would say two things.
The first thing is that, as indicated by the chart up on the
screen, and I realize it is a little busy, if you were to look
at the 12 steps that are in that chart, reading from left to
right, top to bottom, we are in the 10th step of a 12-step
process at this point in time. So my first point would be we
have come a long way from the very beginning of the program in
terms of the things that we have accomplished.
As we have gotten to the compliance stage--excuse me, as we
have gotten to the site security plan authorization stage, we
have come to the realization through a number of difficult
steps and the result of the report that Ms. Anderson and Mr.
Wulf provided us, that we need to make sure that we have all of
the people and items in place that will allow us to execute the
program successfully in the final stages.
So my first point is I think we have come a long way. We
clearly still have challenges. The second point is that as long
as the program continues to operate on an annual authorization
basis since the original authorization, it leaves a degree of
uncertainty as to the long-term status of the program. I
believe that we and our industry partners will be on a much
stronger footing if you all indicate to us that you believe in
the program as we do and want to see it go forward.
Having said that, we obviously owe you a great deal of
information about the progress we make with respect to the plan
of action and would hope that in the oversight function we
would be able to provide that. Thank you.
Mr. Lungren. Thank you. My time is expired. Ms. Clarke is
recognized for 5 minutes.
Ms. Clarke. Thank you very much, Mr. Chairman. Under
Secretary Beers, your office recently provided the subcommittee
with an internal memorandum entitled ``Challenges Facing ISCD
and the Path Forward'' which identify challenges facing ISCD as
it continues implementing the CFATS programs, including those
related to human capital management, strategic planning,
procurement, and basic program administration. Many of the
challenges identified in the memorandum appear to be
longstanding issues that have hindered development of CFATS'
program for some time.
Nevertheless, when you testified before the House Committee
on Energy and Commerce on the CFATS program in March 2011, you
gave no indication there were significant problems with the
program's progress.
When did NPPD management first become aware of problems
with the CFATS program and what problems were brought to its
attention at that time?
Mr. Beers. As we have briefed this committee and other
committees, at the point in time that I asked for this report,
there had been three different pieces of information or
problems that had come to my attention which the committees
have all been briefed on. The first was related to locality
pay, the second was related to the slowness of the
authorization of the site security plans, and the third was
related to the tiering mistake that occurred within the
program. Those three items represented--and the last item came
to my attention in June last year. Those three items and a
report that I, together with Assistant Secretary Keil, had
commissioned in December 2010, formed the basis of wanting to
make sure that we had a real thorough scrub of the program.
That is what resulted in the report.
Ms. Clarke. Okay. Let me just ask. The challenges described
in the ISCD memorandum raised questions about whether ISCD is
positioned to make progress implementing the CFATS program,
especially over the short term. What barrier does ISCD face
overcoming some of the challenges discussed in the memorandum?
What can NPPD do to help ISCD overcome these challenges? What
actions can the subcommittee, and ultimately the Congress, take
to help NPPD and ISCD overcome these challenges? Does NPPD
intend to conduct a study to determine the extent to which the
management challenges outlined in the ISCD internal memorandum
extend to other NPPD components?
Mr. Beers. The NPPD front office, as well as the
infrastructure protection front office, stand fully behind the
ISCD director and deputy director. We have provided them with
human capital support in order to be able to realign the
positions and the people in the organization to ensure the best
possible match of requirements and qualifications. We have
overcome the restrictions that existed from DHS overall about
whether or not there could be training officers hired within
the office. We have regular meetings with the leadership of the
office in order to ascertain both where progress is on the plan
of action and whether there are obstacles identified that
leadership in NPPD can overcome, and, if necessary, to go to
the Secretary of Homeland Security to overcome those obstacles
should they exist.
Ms. Clarke. Let me just ask this, finally. In light of the
detailed failings of the program and especially in light of the
managerial deficiencies outlined in the recently-leaked
memorandum, is it your opinion that the program should be
reauthorized carte blanche for 7 years without any
recommendations from the authorizing committee, and if so why?
Mr. Beers. It is my hope that the committee will authorize
the program for the full 7 years in order to create stability
with the program. I believe that we can meet the oversight that
you should obviously hold us responsible for, and I think that
that is a recipe for going forward.
We have two very good people running the program now. We
have the clear intent on the part of leadership to give them
our full support, not that we didn't before, but we didn't
realize how much support was necessary. So I think that what
you see here is committed leadership that is ready to go
forward, and we would hope that you would be prepared to
authorize the program for the full 7 years.
Mr. Lungren. The gentlelady's time is expired. Mr. Meehan
from Pennsylvania is recognized for 5 minutes.
Mr. Meehan. Thank you, Mr. Chairman. Thank you for your
presence here today.
One of the big concerns, of course, is not just your work
in trying to internally resolve these issues, but the fact that
there are businesses and others who are out waiting for the
ultimate determination in a time of economic challenge that
continues to be a concern.
Can you talk to me a little bit about the tiering formulas
that are taking place and the process by which the tiers were
identified and how that resolved itself, at least at the first
level?
Mr. Beers. Sir, initially we identified chemicals of
interest and levels of holdings that sites might have to
determine whether or not a second look was required. That
information was provided. As I indicated in my opening
statement, 40,000 facilities were identified.
Mr. Meehan. Self-reported?
Mr. Beers. Self-reported, sir.
Mr. Meehan. Were any random checks done to make sure that
there was accuracy in the self-reporting?
Mr. Beers. The check was the second tiering process, sir,
which was a much more detailed--excuse me, a second assessment,
which was a much more detailed site vulnerability assessment
which was provided by those companies which reduced the 40,000
facilities to 4,000-plus facilities. So we had a pretty clear
indication there that we were getting to the heart of the high-
risk chemical facilities, who were then put into tiers
depending upon the level of their holdings and the
vulnerability of those holdings. That provided an ability to
look at each of them against a risk calculus that suggested how
great the risk was.
Mr. Meehan. At some point in the program there were some
flaws in that process.
Mr. Beers. Right.
Mr. Meehan. Can you identify how those flaws arose and what
we did to correct them?
Mr. Beers. Yes, sir. So what we discovered in the tiering
process was that the information that was used to put companies
in particular tiers--the original tiering was done with
unclassified dummy information, dummy in the sense that it
wasn't what we were going to use finally, but it gave us enough
of a sense to get within the ball park of what the risk factor
was. When we did the final tiering, that information did not
get substituted for with the information which was classified,
which was a narrower parameter of how high the risk was,
parameter in the sense of how many individuals would be
affected by a chemical release in the vicinity of the plan. So
as a result of that, we discovered that we had mis-tiered a
number of facilities and that those facilities----
Mr. Meehan. To the detriment of the facilities in the sense
some were tiered as being a higher risk or less of a risk?
Mr. Beers. All of the tiering results of that either caused
a reduction in the tiering or they stayed in the same tier. No
company that was mis-tiered went to a higher tier level as a
result of that.
Mr. Meehan. Did any of these companies challenge their
tiering?
Mr. Beers. With respect to the re-tiering, no. With respect
to tiering as a general proposition, companies change their
holdings over time, they have new procedures that they put in
place. The program allows them to come in and resubmit a screen
and ask as to whether or not that would adjust.
Mr. Meehan. That would be done in an efficient fashion?
Mr. Beers. That can be done by anyone at any time.
Mr. Meehan. I want to jump to one last question in the time
that I have. Ms. Anderson, at one point in time you had talked
a little bit about the management and the culture, where there
were some senior officials with ethical and other kinds of
performance issues that had been raised and that had not been
checked upon or had gone unchecked. Can you elaborate a little
bit on that and what has been done to try to alleviate that
issue?
Ms. Anderson. Yes, sir. Thank you for the question. I am
not sure that we identified any ethical issues per se from
amongst those that you are referring to. But certainly,
cultural challenges have been something that we have
encountered and are working to overcome. I think that, again,
it is a function of putting together a large group of people
very quickly that all have--they all come from different
places, have different life experiences, and we are squashing
them together and asking them to work together as a team.
Because of those different life experiences, different work
experiences, they have different outlooks on where we need to
go and how we need to get there. Sometimes some of the nice
things fall by the wayside in the rush to do that.
So what we are doing is everything that we can to create a
cohesive culture to bring everyone into the team as an engaged
contributing member of the team and to address the concerns
they have with regard to consistency, transparency, and
fairness.
We have done a number of things in that regard. I have
monthly all-hands meetings, town halls if you will, both
electronic or over the telephone with the field folks and in
person with our headquarters folks. We have reinvigorated or
reinstituted our newsletter. We are developing a share page, an
on-line page where we can share information with each other. We
have an open-door policy. We have a series of emails. We are
sharing information about the status of things.
So we are doing everything that we can to be as transparent
as makes sense as we can, to be as consistent, as fair, and to
let all the members of our team know what we are doing, why we
are doing it, the direction that we are going, and to solicit
their active involvement engagement in the process.
Mr. Meehan. Well, thank you for the work that you are doing
in that.
Mr. Lungren. The gentleman's time is expired. The Chairman
now recognizes the gentlelady from California, Ms. Richardson,
for 5 minutes.
Ms. Richardson. Thank you, Mr. Chairman. According to the
notes that I have here, DHS began inspections of Tier 1
facilities in February 2010. By September 2011, you had
performed only nine authorized inspections, and as of January
23 DHS had only completed 53. Are those correct numbers?
Mr. Beers. Fifty-five now, ma'am.
Ms. Richardson. Okay, 55 out of how many that need to be
done?
Mr. Beers. The overall number of site security plans that
would ultimately need to be done are----
Ms. Richardson. Your mic is not on.
Mr. Beers. Excuse me. The overall number that would need to
be done is about 4,500. The Tier 1s are about 110 to 111.
Ms. Richardson. So of the 55, did those all come out of
Tier 1?
Mr. Beers. Yes.
Ms. Richardson. In light of that, how are you planning on
being able to complete all these if we have only done 55 and
4,500 need to be done?
Mr. Beers. The current plan is that we will finish the site
security plan reviews for the Tier I facilities in the next
several months and then move on to the Tier 2 facilities in the
remainder of fiscal year 2012.
Ms. Richardson. So about what time do you think you will
start Tier 2?
Mr. Beers. Sometime this summer, roughly.
Ms. Richardson. Will the Tier 1 facilities be required to
submit new, I think they are called SSPs, even though the
inspections are just being completed now?
Mr. Beers. The plan is that the plans that we have now will
be reviewed. If they are authorized, then we would go out with
an authorization inspection to make sure that the plan as
submitted represents a reasonable approach to the facts on the
ground. The inspectors will do that. If the inspectors then
feel that that is true, then the plans would be approved.
So what we are talking about here is, as the site security
plans are authorized, then we have authorization inspectors
where our inspectors go out and look at each of those sites. So
that is the next of the last step.
Ms. Richardson. I am sorry, sir, I have only got 2 minutes
and 16 seconds.
It is my understanding under CFATS that facilities resubmit
their site security plan every 2 years for Tier 1 or Tier 2
facilities; is that correct?
Ms. Anderson. Yes ma'am, the regulation does suggest that,
but it also offers some flexibility in how we implement that.
Ms. Richardson. So then my question is, since we are late
in conducting these, are you still going to be requiring these
companies to submit them on the 2-year cycle or are you going
to be making an adjustment?
Ms. Anderson. Yes, we are right now focusing as a matter of
priority in clearing the queue of site security plans we
already have. At this point we do not anticipate in the near
term requesting resubmissions of SSPs that we have already
authorized.
Ms. Richardson. For their first 2-year submission?
Ms. Anderson. Yes ma'am, that is accurate.
Ms. Richardson. Okay. The information memorandum also
raises concerns that the content and conduct of a compliance
inspection has not been defined. It is quite possible that the
compliance inspection will yield different results than the
authorization inspection. This potentially would allow for
disparity in results. Have you implemented some changes to
address this, and if so what?
Mr. Beers. So we have a process underway to ensure that, to
the extent possible, that doesn't happen. But let me ask
Director Anderson.
Ms. Anderson. Thank you for the question. In fact, while it
is true we have not yet completed our policies and procedures
in terms of the way forward for a compliance inspection, what
we have done is we have held off on conducting further
authorization inspections pending that information, so that we
can make sure that our authorization inspections are consistent
and appropriate as they relate to our compliance inspections,
so we want to move together.
Ms. Richardson. All right. I have got 10 seconds now left.
According to the memorandum, it states that you have
approximately 108 inspectors and those inspectors can only
inspect approximately 10 to 15 percent of the facilities; is
that correct?
Ms. Anderson. We are currently evaluating our workforce in
terms of what it takes to do an inspection. When we have fully
conceptualized what an inspection is and what it takes to do
that, then we will be projecting our capabilities with our
existing and any projected workforce.
Ms. Richardson. Mr. Chairman, my time is expired, but I
have more questions. So before we release the panel, if you
could come back to me.
Mr. Lungren. Yes.
Ms. Richardson. Thank you, sir.
Mr. Lungren. Mr. Marino is recognized for 5 minutes.
Mr. Marino. Thank you, Chairman. Thank you, folks, for
being here.
I am not quite sure who to direct this question to, but I
am going to start with Mr. Beers and then perhaps both or one
of the other two can add something to this. The flaws in the
program, according to some information that you submitted to us
in preparation for today, which I commend you on the way it was
put together, did not appear overnight. How did it happen that
the information in the leaked memo made it to the media before
being shared with Congress or this committee?
Mr. Beers. Sir, what happened, with the arrival of the
report from Director Anderson and Deputy Director Wulf, was
that we had not done a thorough review to ensure that there
weren't more issues and questions and work proposals associated
with that, and we were caught in a process before we were able
to come to you and discuss this.
Mr. Marino. How many individuals had access to this
information?
Mr. Beers. To this information?
Mr. Marino. Yeah, to the report that was leaked.
Mr. Beers. I can tell you that within the Office of the
Under Secretary, I believe that number is three: myself, my
deputy, and the chief of staff.
I would have to ask Ms. Anderson how many people had access
in her office. My understanding is that only two people in the
Office of the Assistant Secretary had it, but I am not sure
about that. Penny may be able to shed more light on that.
Mr. Marino. Please.
Ms. Anderson. Thank you for the question, sir. There were
in fact seven hard copies made of the final report, two
belonging to Deputy Director Wulf and myself, and the remainder
moving forward to our leadership. There were other individuals
that were involved in the transfer of those documents, but only
seven hard copies were made.
Mr. Marino. So are you saying that only seven individuals
had access to that, or did they pass that on to someone else,
the seven hard copies?
Ms. Anderson. I can't speak--sir, I can't speak to whether
or not other folks who received copies shared them.
Mr. Marino. So we are looking anywhere from 5 to maybe 13
or 14 people had access to this. Were any of these people
interviewed subsequent to the release in the newspaper?
Mr. Beers. There is an on-going review of that, sir.
Mr. Marino. Okay. Then I will not delve into questioning
any further on this. But perhaps sometime we can get more of an
in-depth explanation. Being from law enforcement, I understand
that clearly.
Ms. Anderson, I probably at least inferred a response
incorrectly. One of my colleagues asked where we were headed
with the process, and you referred to there were cultural
challenges. Can you explain to me what you meant by cultural
challenges, and did it have anything to do with the leak of the
memo to the media?
Ms. Anderson. Sir, thank you for the question. When I
answered the question about where we were headed, I believe I
was answering a question that was specifically directed towards
our cultural, and I believe the word ``ethical'' was used, or
``issues.''
Mr. Marino. Yes.
Ms. Anderson. So we are headed in a lot of directions
depending on the challenge.
Mr. Marino. Okay. Let me narrow my question more so. Were
you talking about there is a challenge, cultural challenge as
far as information being leaked or what information can be
shared or what information to be contained? Because in my
experience, at least in the 8, 9 years I have been with the
Federal Government as U.S. attorney, now in Congress, we all
pretty much take an oath, and there is an understanding of what
information stays within an agency. Actually I am sure you
agree with me that no one other than designated individuals
should be speaking with the media.
Now, obviously, someone out there wants to make a name for
themselves or at least read an article or hear of an article
that they were associated with. But please, can you elaborate
on that?
Ms. Anderson. Yes, sir. Well, I share your disappointment
in the leak of the report. I can't speak to the motivations of
the person who leaked it, because at this point we don't know
who did leak it.
Mr. Marino. Well, we pretty much know what the motivations
are when something like this occurs. I am not holding you folks
personally responsible. I am concerned about, as you say, the
cultural aspect of this.
What training has to take place before someone gets the
point that this should not be done?
Ms. Anderson. Well, I don't believe that the cultural
challenges that I identified in the memorandum can be
attributed to the motivations of the person leaking a report.
Mr. Marino. I see my time has run out. Thank you. I yield.
Mr. Lungren. We will do a quick second round here since we
have only got four of us here. I yield myself the first 5
minutes. This is both to Ms. Anderson and Mr. Wulf, because,
Mr. Wulf, you got the pass here today so we are going to hear
from you a little bit.
In the memorandum there is a section which talks about
inadequate training capability and the clause, ``due to
restrictions placed upon our hiring,'' the division has not
been able to hire personnel with the necessary level of
knowledge, skills, and abilities needed to appropriately
achieve our mission. One example is training.
What restrictions placed upon hiring are you referring to?
Mr. Wulf. That passage of the report referred to a policy,
and the Under Secretary may be in a better position to speak at
greater length about it, but a policy that is no longer in
existence within NPPD that I believe was--that I believe was in
place to try to centralize the training function within the
directorate. So that was a policy that at the time precluded
our division from hiring, into the division specifically,
individuals with training expertise, curriculum development,
and that sort of expertise. That policy is no longer in
existence and we are moving forward to hire folks with the
appropriate expertise.
Mr. Lungren. So are you talking about you weren't able to
hire people who actually knew how to train people; is that what
you are saying?
Mr. Wulf. We did not have in our training section
individuals who had experience in the training discipline, that
is accurate. We had folks----
Mr. Lungren. And that has been corrected?
Mr. Wulf. That policy is no longer a policy, and I am told
it was a Departmental policy, not an NPPD policy.
Mr. Lungren. Mr. Beers, according to our appropriation
staff, you had a $25 million budget carry-over for this, and
even with your fiscal year 2013 cut of $14 million, that is
still $11 million that needs to be spent.
Yet in the memo there is the citation of budget constraints
as an obstacle to hiring and training personnel. What are those
budget constraints?
Mr. Beers. Sir, the budget constraints to hiring and
training personnel are in part what Mr. Wulf was alluding to,
that we couldn't use the money because the policy which was a
centralizing policy for DHS, didn't allow that to happen. Some
of the other carry-overs are a result of the program wasn't
moving, as evidenced by the slowness of the authorization site
security plans, as rapidly as we had anticipated when we
requested the money.
But let me turn to Director Anderson to elaborate further.
Ms. Anderson. I concur.
Mr. Lungren. So you had a $25 million budget carryover, a
cut of $14 million, that is still $11 million. So you are not
saying there are constraints expending those funds for this
purpose; is that right?
Mr. Beers. At this time I don't believe we have an issue.
Mr. Lungren. All right. Mr. Beers, ISCD's internal
memorandum implies that some of the challenges involved human
capital management procurement and program administration that
are outside of ISCD's control; rather, they could result from
factors imposed by such things as NPPD and DHS hirings. We
talked about procurement and budgetary policies and procedures
and practices.
To what extent are the management problems outlined in the
internal memorandum attributed to barriers associated with the
policies, procedures, and practices other than what you have
already said about the hiring?
Mr. Beers. Sir, with respect to the procurement in the
administrative issues, those are areas where the alignment
between ISCD and the Office of Infrastructure Protection and
the Office of the Under Secretary needed to be better aligned
with one another. The information flow needed to get from the
bottom to the top so that we were aware of those problems and
could fix them. This is, I think from my perspective, the most
disappointing thing about this discovery, which was epitomized
by the failure of the office to report the tiering problem that
we described to you before.
I have a consistent policy that I have told people that I
want to hear bad news first from the people who work from me
and not from people outside. I was extraordinarily disappointed
by this, and have used it as a teaching moment both with
respect to ISCD and IT, but with respect to the entirety of the
NPPD. It wasn't that I hadn't said it before, but if this kind
of a problem existed, then I needed to reiterate in the
strongest possible language that this kind of behavior was
unacceptable and didn't do justice to the people who worked for
me and didn't allow us to fix the problems that they had.
Mr. Lungren. I appreciate that. Let's hope we don't have
too many more teaching moments.
Ms. Clarke.
Ms. Clarke. Thank you, Mr. Chairman. I want to go back to a
little bit of what Congressman Marino was trying to get at. I
want to ask a couple of questions about the status of the
investigation regarding who leaked the memo to the news media.
Who is conducting the investigation, and can you explain the
process? Is it within DHS?
Mr. Beers. The Office of Compliance and Security, which is
an office within NPPD run by a certified law enforcement
officer, is conducting the investigation. It was begun in the
days after the leak. The process there is to go around and
determine, first of all, who had possession of the report at
one point in time.
As Director Anderson has indicated, the two of them
prepared the report. I don't believe there was anybody below
them who ever had access to the report, but I will let them
speak to that. It went up to me and to my deputy and chief of
staff, so that is where the report appears to have been from
its final drafting until I received it and it was leaked to the
press.
So it was to determine who the people who had custody of it
were, and interview all of them, and look for corroborating
information that might suggest who was responsible for that.
These are never, ever easy kinds of investigations, but because
of the nature of the disclosure--well, not classified
information in the sense of our classification system, it was
extraordinarily sensitive information and we would like to find
out who was responsible.
Ms. Clarke. So the process began shortly after the leak,
you stated?
Mr. Beers. Yes, ma'am.
Ms. Clarke. And it is on-going?
Mr. Beers. It is on-going. It is not one interview
necessarily, it may be reinterviews of the same person over and
over again in order to try to get stories straight.
Ms. Clarke. Got it. Thank you very much. I yield back the
balance of my time, Mr. Chairman.
Mr. Lungren. The gentlelady yields back and the Chairman
recognizes Ms. Richardson for a second round.
Ms. Richardson. Thank you, Mr. Chairman.
So if I understand you correctly, you have completed 55 of
Tier 1. You expect to be done with Tier 1 at some point in the
next couple of months, and you will start Tier 2. When do you
expect to complete Tier 2?
Mr. Beers. The expectation is sometime in fiscal year 2013.
But let me ask Director Anderson if she can be more specific
than that.
Ms. Anderson. Thank you, sir. Thank you for the question.
I think when we talk about completion, we have to talk
about what we mean by completion in the context of the process.
What we have completed so far is we have authorized or
conditionally authorized 55 site security plans. Of those 55,
10 have had authorization inspections conducted, the remaining
45 inspections are in the queue to be conducted. We expect very
soon to have completed the reviews of the actionable Tier 1s. I
say ``actionable'' because we have some Tier 1 facilities that
are not being actively reviewed because they have had a
redetermination request that we received from the facility or
for reasons like that. So we haven't continued to review the
SSP because they have asked us to reevaluate their tiering.
We have already begun reviewing the Tier 2 site security
plans and expect to have completed the reviews in the coming
year, no later than the end of 2013, but hopefully well before.
Ms. Richardson. Okay. But the actual inspections have not--
would not take place of Tier 2 probably in this year.
Ms. Anderson. No, I do not believe we will have begun the
reauthorization inspections of Tier 2 in fiscal year 2012.
Ms. Richardson. Okay. Because I have a Tier 2 facility that
is in dire need, and I will forward the information, but we
have been patiently waiting and I am very concerned as this
process continues.
My next question has do with your labor workforce.
According to the notes from our prior briefing that we have
had, there has been a high reliance of contractors in this
particular department. The question is whether there has been
an overreliance on these external folks.
To what degree do we think that it is appropriate for them
to be performing the critical core functions such as training
and development, SSP reviews and technical writing? Would you
agree there still is a--what is the reliance, the percentage in
your workforce, of contractors versus internal employees?
Mr. Beers. Let me start the answer to that question because
this is a problem or an issue that is in the nature of the
organization of the Department of Homeland Security. Well,
there are seven components which came as legacy organizations
to the Department. The headquarters elements of the Department
did not pre-exist in most cases, the stand-up of the
Department. So the initial stand-up of the Department was very
contractor-heavy. As NPPD is part of that headquarters element
so, too, were we contractor-heavy.
When I was briefed initially, the workforce of NPPD was
over 60 percent contractors. We have now gotten down to about
40 percent contractors in the last several years. So it is an
issue. But we also have a balanced workforce initiative which
requires all of our contractor hires to be reviewed not just by
us, but the Office of General Counsel, to make sure that they
are not performing inherently Government work. So that is the
framework that we are in.
Let me let Director Anderson speak to the rest of it.
Ms. Anderson. Thank you, sir. In fact, I think the Under
Secretary captured my thoughts exactly. When we talk about the
use of contractors, although we certainly are evaluating
whether or not any are doing inherently Governmental work, my
greatest concern as expressed in the memorandum to the Under
Secretary was the need for us to stabilize the program and to
create a sustainable program. With contractors coming and
going, it is very difficult to do that.
Ms. Richardson. So in light of the limited amount of
inspections that you have been able to complete, and since
currently you have approximately 108 inspectors, if you are to
do new hires is it the intention to do those from contractors
or to do them from Federal positions, or do you intend upon
increasing them at all?
Ms. Anderson. Excuse me, increasing the number of
inspectors?
Ms. Richardson. Yes.
Ms. Anderson. As I mentioned during a previous question, we
are currently evaluating what we will be able to accomplish in
terms of our compliance activities with our existing workforce
and projecting what additional resources--what we would be able
to accomplish with additional resources.
Ms. Richardson. Mr. Chairman, could I ask a follow-up
question because she didn't answer my question?
My question was, I asked you that previous question, but my
question now is: Once you do that review, if it calls for you
needing to hire more, is it your intention to hire those from
contractors or to hire them--do internal training and to hire
in Government positions? What is your intention?
Ms. Anderson. Well, insofar as we have not yet developed a
plan for additional inspector positions, I can't say
categorically that a decision has been made to move in a
certain direction, though I suppose it has been my anticipation
that new inspector positions would be Federal employees.
Ms. Richardson. Where is the bulk of your contractor
positions of 40 percent? That is my last question, Mr.
Chairman.
Mr. Beers. That is general to NPPD, that is general to
NPPD, not--I don't know the specifics with her individual work.
Ms. Richardson. If you could supply it to the committee--
because I know the Chairman wants to get on with the second
panel--of the workers that you have, of now the 40 percent,
where are they located within the Department?
Mr. Lungren. Okay, I believe the gentlelady from New York
wants to recapture the time that she gave back.
Ms. Clarke. Just a minute of it, Mr. Chairman. I appreciate
your indulgence. My question is directed to Ms. Anderson and
Mr. Wulf. We had a lot of discussion about what went wrong. I
want to focus in on the employees for a minute, because
certainly with the investigations going on, with all that has
been uncovered, there has to be some level of disruption, some
level of not knowing where they stand.
What is the relationship now with the employees? How are
the employees getting through this? What types of things have
been put in place to give some level of reassurance to people
that--you know, that first all of they are valued; but second
of all, that things will work out in the end? Have there been
conversations with their union? If you would share that with
us. Thank you.
Ms. Anderson. Yes, ma'am. Thank you for the question. I
actually am really happy you asked a question about the
workforce, because there seems to be a perception that there is
some question about the capabilities of the ISCD team. While it
is true that I have identified instances where we don't have a
good person-position fit, I can honestly say I have never
worked with a more talented, hardworking group of folks. I
think that they are the key to our success, and I am very
concerned about the impact of recent activities on their morale
and on the confidence that they have in our program and in our
way forward.
So you are correct in suggesting that there is a certain
amount of angst and there have been some dips in morale since
this, and certainly it has been a distraction from our mission
activities.
We are doing as much as we can to reassure them. We are
being as transparent as we can with them at every stage of the
process. When the Fox News article was leaked, came out as a
result of the leak, I sat down with all of my folks and talked
through it and talked about it and linked it back to previous
discussions we had had about our challenges. I have been very
open about that.
We have again set up routine communications with our folks.
We have shared with them the action plan and we have involved
them in the implementation of the action plan. We have engaged
them at every level and to every extent we can. Certainly our
engagement has involved the union. We have met with Mr. Wright
and we have, to the extent that we can, involved the inspectors
in all of these discussions and have been sharing this
information with them, reassuring them that they are an
important part of our team, they are the key to the success of
this program, and that we need to move forward with them, and
we are taking every step we can to involve them in that process
and to be transparent about it.
Mr. Lungren. Okay, the gentlelady yields back.
I want to thank the witnesses for their valuable testimony
on this first panel. Members may have some additional questions
for the witnesses and we would ask that you respond to these in
a timely fashion in writing.
With that, I would be pleased to dismiss this panel and we
will move on to Panel II. Thank you very much.
Mr. Beers. Thank you, sir.
Mr. Lungren. We have a distinguished panel of three
witnesses for our second panel.
Mr. Bill Allmond is the vice president of Government and
Public Relations for the Society of Chemical Manufacturers and
Affiliates, a position he has held since 2007. The Society is
the United States' leading trade association representing
specialty batch chemical manufacturing. Prior to joining the
Society, Mr. Allmond served for 10 years as director of
Regulatory and Public Affairs at the National Association of
Chemical Distributors.
Mr. Timothy Scott, chief security officer and corporate
director of Emergency Services and Security for the Dow
Chemical Company, a company he has served with since 1979. In
his current role, Mr. Scott leads Dow's global emergency
services and security operational organizations at over 200
locations around the world.
Mr. David Wright is the president of the American
Federation of Government Employees Local 918. In his career as
a Federal protected service officer 1986. Since that time, he
has been promoted to the rank of sergeant and inspector, and
has served as president of local 918 since 2006.
We thank all of you for being here. We, of course, will
include your written testimonies in their entirety in the
record. We would ask that you confine your statements to a
summary of 5 minutes.
We will proceed from my left to my right with Mr. Allmond
first.
STATEMENT OF WILLIAM E. ALLMOND IV, VICE PRESIDENT, GOVERNMENT
AND PUBLIC RELATIONS, SOCIETY OF CHEMICAL MANUFACTURERS AND
AFFILIATES
Mr. Allmond. Good afternoon, Chairman Lungren, Ranking
Member Clarke, and Members of the subcommittee. My name is Bill
Allmond and I am the Vice President of Government and Public
Relations at the Society of Chemical Manufacturers and
Affiliates. I am pleased to provide this testimony regarding
the problems of and the progress made by the chemical facility
anti-terrorism standards.
Nearly 6 years ago, Congress enacted a comprehensive
chemical security program known as CFATS. Thanks to this
bipartisan effort, the Department of Homeland Security and
regulated facilities are well down the road in implementing
this important program. To a great extent DHS' rules implement
the mandate issued by Congress in 2006. Regrettably, however,
DHS has stumbled in implementing those rules by failing to put
in place, among other things, basic management practices or
effective leadership.
The 2011 internal memorandum from the Infrastructure
Security Compliance Division is sobering. It demonstrates that
a Government agency without proper management can take an
effective regulatory framework and then mess it up. However, as
this subcommittee assesses the Department's failures with the
CFATS program, we must bear in mind that it is processes and
personnel that need addressing, not the program itself.
SOCMA regards the CFATS program thus far as a success,
despite the internal management challenges. We emphasize four
key facts. First, this demanding program is now requiring over
4,000 chemical facilities Nation-wide to develop and deploy
security enhancements. Covered facilities have invested
billions of dollars in security upgrades to meet CFATS'
requirements. SOCMA's members alone, a majority of which are
small manufacturers with under 40 million in annual sales, have
invested an estimated 515 million in security measures.
Hundreds of other regulated facilities that had not already
done so have made proactive investments in security measures in
anticipation of their CFATS compliance obligations.
Second, and equally important, CFATS has led over 2,000
facilities to voluntarily take steps to reduce their risk
profile, that they no longer warrant regulation. Thus, as
predicted, CFATS is driving facilities to reduce inherent
hazards where, in their expert judgment, doing so is in fact
safer, does not transfer risk to some other point in the supply
chain, and makes economic sense.
Third, Congress wisely drafted the CFATS statues to impose
security performance standards that are more demanding of
higher-risk facilities and less demanding of lower-risk
facilities. This performance-based approach protects facilities
against attack without impairing the industry's ability to
remain innovative and to maintain some of the Nation's highest-
paying manufacturing jobs.
Finally, the standards have teeth. The Secretary has the
ability to levy significant fines on a facility for
noncompliance and can even shut down a facility. Both the laws
and the rules are fundamentally sound and do not require
replacement. The regulatory program they created is not
inherently impossible for a Government agency to implement, but
it does require knowledgeable people to review SSPs and inspect
facilities, and also the courage to make decisions based on
judgment.
Unfortunately, the memorandum indicated that ISCD staff
largely does not have adequate skills in part because higher
levels of DHS prevented ISCD from being able to hire
sufficiently expert personnel. Staff have also been discouraged
from using their judgment.
On the other hand, no one should dispute the fact that
despite the challenges of CFATS implementation, the two main
alternatives would be far worse. SOCMA neither wants an absence
of chemical security regulations nor a prescriptive program
that would drive chemical operations overseas due to burdens
such as mandatory incorporation of inherently safer technology.
The internal problems holding CFATS' implementation are
serious but not insurmountable. SOCMA is confident that the new
leadership of Penny Anderson and David Wulf is committed to
improving the Nation's and the program's implementation. Thanks
to the internal assessment, they have a greater understanding
of the challenges facing them in a robust action plan.
The following are SOCMA's recommendations for placing fast
implementation back on track.
One, Congress should encourage ISCD to collaborate more
with industry where the greatest security expertise relies.
ISCD can and should be more transparent about its operations.
Also, simplifying personal surety and Federal background check
and credentialing programs needs to be a top priority. Also,
mandating inherently safer technology into the CFATS program is
the last thing ISCD should or even could try to implement.
Also, ISCD needs to retrain and, as necessary, replace much of
the staff.
Last, Congress needs to provide certainty for the regulator
and regulated alike by approving a multi-year CFATS
reauthorization. It may appear counterintuitive to advocate for
a long-term authorization of a program troubled by agency
mismanagement. But the key to fixing CFATS is a vigorous
oversight, not budget cuts or a complete reset.
We appreciate this opportunity to testify today and look
forward to your questions.
[The statement of Mr. Allmond follows:]
Prepared Statement of William E. Allmond, IV
March 6, 2012
Good morning Chairman Lungren, Ranking Member Clarke, and Members
of the subcommittee. My name is Bill Allmond and I am the Vice
President of Government & Public Relations at the Society of Chemical
Manufacturers and Affiliates (SOCMA) in Washington, DC. I am pleased to
provide this testimony regarding progress made by the Chemical Facility
Anti-Terrorism Standards.
Five-and-a-half years ago, and working in a bipartisan manner,
Congress enacted a comprehensive chemical security regulatory program,
the Chemical Facility Anti-terrorism Standards (CFATS). Thanks to this
bipartisan effort, the U.S. Department of Homeland Security (DHS) and
regulated facilities are well down the road in implementing this
important program.
Regrettably, DHS has stumbled in its implementation of the program
by failing to put in place, among other things, basic management
practices or effective leadership, both at the Division level and at
high levels. The 2011 internal memorandum ``Challenges Facing ISCD, and
the Path Forward'' issued by Penny J. Anderson and David M. Wulf of the
Infrastructure Security Compliance Division (ISCD) regarding the
process of implementation is sobering. It demonstrates the fact that a
Government agency without proper management can take a credible program
legislated by Congress and then mess it up. However, as this
subcommittee and others assess the Department's failures with the CFATS
program, we should be reminded that it is the process or personnel that
needs addressing, not the program itself.
Today we will explain why we remain supporters of the CFATS
program--despite DHS's management failings--highlight achievements as a
result of the program, and recommend solutions moving forward. At the
outset, though, we emphasize these key facts:
This demanding program is now requiring over almost 5,000
chemical facilities Nation-wide to develop and deploy
meaningful security enhancements.
Equally important, it has led over 2,000 facilities to
voluntarily take steps reduce their risk profile sufficiently
that they no longer warrant regulation under the program.
This performance-based regulation protects facilities
against attack without impairing the industry's ability to
remain innovative and to maintain some of the Nation's highest-
paying manufacturing jobs.
Finally, the standards have teeth. The Secretary of the
Department of Homeland Security has the authority to levy
significant fines on a facility for non-compliance, and can
even shut down a facility.
i. socma is the only u.s. trade association dedicated solely to serving
the needs of the specialty, batch, and custom chemical manufacturing
industry
A. SOCMA
For 91 years, the Society of Chemical Manufacturers and Affiliates
has been and continues to be the leading trade association representing
the batch, custom, and specialty chemical industry. SOCMA's nearly 230
member companies employ more than 100,000 workers across the country
and produce some 50,000 products--valued at $60 billion annually--that
make our standard of living possible. From pharmaceuticals to
cosmetics, soaps to plastics, and all manner of industrial and
construction products, SOCMA members make materials that save lives,
make our food supply safe and abundant, and enable the manufacture of
literally thousands of other products. Over 80% of SOCMA's active
members are small businesses.
ChemStewards� is SOCMA's flagship environmental, health, safety,
and security (EHS&S) continuous performance improvement program. It was
created to meet the unique needs of the batch, custom, and specialty
chemical industry, and reflects the industry's commitment to reducing
the environmental footprint left by members' facilities. As a mandatory
requirement for SOCMA members engaged in the manufacturing or handling
of synthetic and organic chemicals, ChemStewards� is helping
participants reach for superior EHS&S performance.
B. SOCMA's Security Achievements to Date
Maintaining the security of our facilities has always been a
priority for SOCMA members, and was so before September 11. After the
tragic events of 9/11, SOCMA members did not wait for new Government
regulations before researching, investing in, and implementing
additional and far-reaching facility security measures to address these
new threats. Under the ChemStewards� initiative, SOCMA members were
required to conduct security vulnerability assessments (SVAs) and to
implement security measures.
SOCMA designed an SVA methodology specifically for batch, custom,
and specialty chemical facilities that was approved by the Center for
Chemical Process Safety (CCPS) as meeting its requirements for an
effective methodology. SOCMA members have spent billions of dollars and
have devoted countless man-hours to secure their facilities and
operations. These investments will naturally continue for the
foreseeable future.
Many (though by no means all) SOCMA member company facilities are
encompassed by the CFATS program. These facilities have completed their
Site Security Plans (SSPs) and will eventually be inspected by DHS to
verify the adequacy of those plans and their conformance to them. SOCMA
has tried to actively engage with DHS to accelerate and continuously
improve the implementation of the CFATS program, exploring new
approaches to personnel surety and Alternative Security Programs.
Some of our member companies' other facilities comply with the
Coast Guard's facility security requirements under the Maritime
Transportation Security Act (MTSA).
Looking well beyond regulatory requirements, our members have also
partnered with DHS on many important voluntary security initiatives and
programs through the years, including the Risk Assessment Methodology
for Critical Asset Protection (RAMCAP), the Buffer Zone Protection
Plans, and the Homeland Security Information Network (HSIN). SOCMA is a
founding member of the Chemical Sector Coordinating Council, which has
served as a model for how critical infrastructure sectors should work
together and with DHS.
SOCMA also works jointly with DHS in organizing and financing an
annual Chemical Sector Security Summit and Expo, a hugely successful,
free event that brings together Government representatives, chemical
security experts, and industry professionals to share knowledge and
best practices to regulated and non-regulated facilities alike.
Through the Sector Council and other avenues, we and our members
have developed close and open working relationships with DHS and other
Federal agencies, and with State and local governments, to exchange
information and coordinate roles in maintaining the security of our
critical chemical facility infrastructure. In particular, we have
sought to engage continuously and constructively with ISCD, even though
we could never gain much understanding of its internal operations. As
the Anderson/Wulf memorandum reveals, we understood it far less well
than we imagined.
ii. despite departmental mismanagement, cfats is reducing risk and
``must evolve''
SOCMA wishes to emphasize that we regard the program thus far as a
success, even if its implementation is moving much more slowly than we
all would prefer. The CFATS statute was wisely drafted to be
comprehensive, appropriately performance-based, and flexibly structured
to impose security performance standards that are relatively more
demanding of higher-risk facilities and less demanding of lower-risk
plants. To a great extent, DHS's rules implement the statutory mandate
issued by Congress in 2006.
Both the law and the rules are fundamentally sound and do not
require replacement. The regulatory program they created is not
inherently impossible for a Government agency to implement, but it does
require: (i) Knowledgeable people to review SSPs and inspect plants,
and (ii) the courage to make decisions based on judgment.
Unfortunately, the memorandum indicated that DHS's ISCD staff largely
do not have adequate expertise or training, in part because higher
levels of the Department prevented them from being able to hire
sufficiently expert personnel.
Since the program was launched in 2007, over 2,000 facilities have
changed processes or inventories in ways that have enabled them to
screen out of the program. Thus, as predicted, CFATS is driving
facilities to reduce inherent hazards, where in their expert judgment
doing so is in fact safer, does not transfer risk to some other point
in the supply chain, and makes economic sense. Hundreds of other
regulated facilities who had not already done so have already made
significant proactive investments in security measures in anticipation
of compliance with the full implementation of CFATS. As a result of
CFATS, our Nation is more secure from terrorist chemical attacks and
other threats than it was before the program's inception.
Furthermore, due to the outstanding cooperation of the chemical
sector, there has been 100% compliance with the requirements to submit
Top-Screens, SVAs, and SSPs--DHS has not yet had to institute a single
administrative penalty action to enforce compliance.
It is important to note that the memorandum that we all have now
reviewed was not intended to highlight these achievements under CFATS;
it was only meant to be an internal tool for ISCD's leadership to
assess and subsequently respond to the immediate challenges to the
program's implementation. The memo overwhelmingly and repeatedly points
to process deficiency as a cause of DHS's failure to properly implement
CFATS. In fact, DHS specifically states on page 10 of its memo that,
``even with sufficient planning and vision it is a given that the
implementation of a new program will naturally result in some mistakes
and course corrections. The program must evolve.''
SOCMA also supports the CFATS program because our members have
invested significant amounts of financial and human capital in it over
the past several years. The memo details the many things not being done
by DHS. However, the industry has done a lot. Covered facilities have
invested billions of dollars in security upgrades to meet CFATS's
requirements. SOCMA's members alone, a majority of which are small
manufacturers with under $40 million in annual sales, have invested an
estimated $515 million in security measures since the inception of the
program. CFATS has provided to significant additional security to a
critical segment of our Nation's infrastructure, as well as the general
public--although, it is admittedly difficult to assign a monetary value
to this increased security for purposes of justifying the program's
annual cost to taxpayers.
Facilities with high-risk chemicals are safer today both because of
CFATS and the efforts taken by industry by their own initiative. After
9/11, and prior to DHS's issuance of the risk-based standards, many
companies already began proactively instituting security measures at
their high-risk facilities. However, there were no uniform standards
for measuring and implementing these security improvements across
industry. CFATS has standardized the security process, but has allowed
the voluntary assurance of chemical security to continue through DHS's
Voluntary Chemical Assessment Tool (VCAT). The Chemical Sector Specific
Agency developed VCAT to assist additional facilities that fall outside
CFATS to assess their own risks and to implement voluntary security
measures as desired. SOCMA has endorsed VCAT through our ChemStewards�
EHS&S management program, in which participation is mandatory for all
active members.
No one should dispute that, despite the challenges to its
implementation, the two main alternatives to CFATS--no chemical
security regulations at all, or a prescriptive program that places such
burdens on industry as mandatory incorporation of inherently safer
technology (IST) and would subsequently threaten to drive chemical
operations overseas where security standards are weaker--would both be
far worse. Since the program's inception, no terrorist attacks have
taken place in the United States that involved chemicals or that would
otherwise indicate that CFATS has failed its purpose.
iii. cfats implementation challenges are not insurmountable
The internal problems holding back CFATS implementation are serious
and significant but not insurmountable. SOCMA is confident that the new
leadership of Penny Anderson and David Wulf is committed to improving
its programmatic implementation. Thanks to the internal assessment,
they a greater understanding of the challenges facing them and a robust
action plan.
SOCMA is also committed to working with the Department to improve
its implementation, where appropriate. The industry has nothing to gain
from this crisis. And we have been concerned about the slow pace of
implementation for years. First, delays create uncertainty. Regulated
businesses do not like to hang in suspense for years wondering if their
major capital commitments were sufficient. Second, delay only invites
negative stories in the press, like the ones we are now starting to
see, questioning the security of chemical plants--when we know that
these facilities have done what they have been asked or required to do
at this stage. Delays can also make companies believe their Government
is not really serious about the security of chemical facilities. It is
hard to believe DHS is serious, when commitments made about approving
SSPs and completing pre-authorizing inspections are repeatedly broken.
Such failures cause security professionals to lose credibility with
their superiors who authorize compliance costs, as these managers
conclude that their security staff are simply ``crying wolf'' about
their regulatory obligations. DHS mismanagement has, in some cases,
stopped the forward momentum that security managers had with their own
senior management in convincing them of the need for certain cost
decisions, placing forward progress in a holding pattern.
The following are SOCMA's recommendations for placing CFATS
implementation back on track:
A. Congress Should Encourage ISCD to Embrace Greater Collaboration with
Industry to Enhance Public-Private Partnership
The CFATS framework is sound; however, DHS's implementation has
been flawed. This is largely because DHS has drifted away from the
spirit of the public-private partnership on chemical security that it
has so often hailed as a keystone of the CFATS program. Congress should
encourage ISCD to work collaboratively with the regulated community to
solve the technical, training, and tool-related issues currently
presenting challenges to the implementation of CFATS.
Industry can provide much assistance moving forward, including ways
for DHS to minimize the future cost and complexity of the CFATS
program. For example, the Chemical Sector Coordinating Council (CSCC),
the industry advisory body that interacts with DHS on security issues,
over a year ago presented DHS with a viable and immediately
implementable personnel surety proposal that addresses the many
shortfalls of the Department's own proposed program. DHS's current
proposal, which is under review by the Office of Management and Budget,
places unreasonable reporting and information-gathering burdens on
regulated sites, does not leverage the use of existing Federal
credentials that already screen candidates against the very same
background check requirements as proposed in the pilot, is overly
prescriptive and does not reflect the flexible framework of the CFATS
standards themselves.
B. More Operational Transparency Is Warranted
ISCD can safely be much more transparent about its operations.
While some classified information and chemical-terrorism vulnerability
information (CVI) should not be disseminated, there is no reason why
ISCD cannot communicate the progress of its operations more clearly and
regularly to both Congress and the public. The tremendous change that
the new ISCD leadership wants to drive will never occur unless ISCD
reports regularly to Congress. More sustained oversight will enable
Congress to hold DHS accountable going forward, so the mistakes of the
past are not repeated or perpetuated.
C. Simplifying Personnel Surety and Federal Background Check/
Credentialing Programs
Congress should assure itself both that the CFATS program continues
to be effective and that DHS and other agencies minimize duplication
and unnecessary regulatory burdens. A prime example is the personnel
surety program that DHS is developing under CFATS. Risk-Based
Performance Standard No. 12 requires facilities to implement security
measures designed to: (i) Verify and validate identity; (ii) check
criminal history; (iii) verify and validate legal authorization to
work; and (vi) identify people with terrorist ties. The facility is
responsible for the first three tasks and for determining what criminal
background findings would be disqualifying. Evaluating terrorist ties
requires Federal Government involvement however, in the form of
evaluating names against the National Terrorist Screening Database
(TSDB) maintained by the FBI.
DHS has announced its intent to establish a web-based application
that would require facility owners and operators to submit personally-
identifying information about current and prospective employees, as
well as contractor and visitor personnel seeking access to a plant.\1\
Our industry has expressed serious reservations about this proposal, in
part because of the heavy presence of contractors at chemical sites,
especially during plant-wide maintenance ``turnarounds.'' In
particular, we have strongly urged DHS to rely on the half-dozen or so
other Federally-issued credentials that involve a TSDB check. Unions
have also expressed concern about DHS's proposal.
---------------------------------------------------------------------------
\1\ See 76 Fed. Reg. 34729 (June 14, 2011).
---------------------------------------------------------------------------
DHS has been open to discussing alternative approaches, and the
industry has proposed both interim and long-term alternatives that
could involve reliance on existing Federal vetting programs (e.g., the
Transportation Worker Identification Credential or TWIC), mechanisms by
which contractor and visitor employers could submit information
regarding their own employees, and ultimately a universal Federal
security credential that would supersede all others.
While we have had productive discussions with the Office of
Infrastructure Protection on our proposals, any alternative has had to
struggle against: (i) The desires of some within DHS to make CFATS a
system for tracking who has ever had access to which chemical facility,
and (ii) resistance within TSA to allowing TWICs to be made available
to persons working in non-maritime settings. We realize that these
issues fall into the jurisdictions of multiple Congressional
committees. Especially for that reason, we urge this subcommittee and
others with jurisdiction to work together, and with DHS and other
agencies, to minimize the burdens of assuring personnel surety under
the CFATS program and, more generally, to rationalize the current crazy
quilt of security credentialing programs. Resolving this challenge
expeditiously would free up ISCD resources to focus on the more
pressing tasks of approving SSPs and initiating compliance inspections.
D. Mandating Inherently Safer Technology into CFATS Program Is the Last
Thing ISCD Should--Or Even Could--Implement
As the memorandum clearly points out, ISCD staff are substantially
lacking in knowledge and expertise even about security, much less
chemical process safety. They have shown great reluctance to make
decisions on relatively simple issues like physical security. It is
obvious to SOCMA that they are even more unqualified to make much more
sophisticated and decisions about process safety. Congress should thus
not devote any further time to discussing the discredited concept of
mandatory IST.
An IST mandate such as that contained in last year's House bill
would have created a new CFATS statute to require Tier 1 and 2
facilities to implement ``methods to reduce the consequences of a
terrorist attack''--i.e., IST--whenever DHS made specified findings
about risk reduction and technical and economic feasibility. However
commonsense such a mandate might appear on the surface, it is
fundamentally a bad idea in the security context. Inherent safety is a
superficially simple but truthfully very complex concept, and one that
is inherently unsuited to regulation. It could also wreak economic
havoc on regulated facilities, notwithstanding the findings DHS would
have to make.
First and foremost, it is important to clarify a common
misunderstanding about inherent safety. Quite simply, IST is a process-
related engineering concept, not a security one. It is premised on the
belief that, if a particular chemical process hazard can be reduced,
the overall risk associated with that process will also be reduced. In
its simplicity, it is an elegant concept, but the reality is almost
never that simple. A reduction in hazard will reduce overall risk if,
and only if, (i) that hazard is not displaced to another time or
location and (ii) it does not result in the creation of some new
hazard.
Inherent safety is only successful if the sum total of all risks
associated with a process life cycle is reduced. This is rarely a
simple calculation, and to some extent it is an irreducibly subjective
one (for example, a substitute chemical that may reduce explosion risks
may also pose chronic health risks). The calculation becomes even more
difficult when it is being done not solely for reasons of process
safety (where accident probabilities can be estimated with some degree
of confidence) but also for reasons of security (where the probability
of terrorist attack is highly uncertain but certainly low). Finally,
there is no agreed-upon methodology to measure whether one process is
inherently safer than another process. For all these reasons, the
world's foremost experts in IST and chemical engineering have
consistently recommended against regulating inherent safety for
security purposes.
E. ISCD Needs to Retrain and Potentially Replace Much of Its Staff
Furthermore, it is evident from the memorandum that ISCD needs to
retrain and may need to replace much of its staff. ISCD's Penny
Anderson and David Wulf are exceptions, however. They are not
responsible for the situation they inherited. Writing the kind of
memorandum they authored shows that they are experienced, capable
Government managers who know what needs to be done. They are going to
need a lot of help, however, including continued Congressional
oversight to make sure they are getting the cooperation they need from
DHS management and from the union.
For others within ISCD, though, the memorandum makes clear that too
few experienced staff bear the bulk of the responsibility for the
administration of CFATS, and far more do not know how to conduct their
work or even have properly defined position responsibilities; others
simply have an unrealistic view of their jobs.
Congress should examine DHS's hiring guidelines and practices to
eliminate the identified obstacles to the recruitment and retention of
qualified staff for the CFATS program. Replacing and retraining staff
may result in immediate costs to the Department in the short term, but
would lead to long-term savings through the reduction of ISCD's
reliance on contractors, which the memorandum found cost a great deal
more than Federal employees. Additionally, relying on contractors who
typically have high job turnover precipitates the need for constant
retraining. Institutional knowledge is lost when key activities are
conducted primarily with contract support.
F. Congress Needs to Provide Certainty for Regulator and Regulated
Alike By Approving a Multi-year CFATS Reauthorization
The memorandum identifies the failure to achieve long-term or
permanent authorization of CFATS as one of the greatest challenges to
the program's future success. It may appear counterintuitive to
advocate for long-term authorization of a troubled program, but the key
to fixing CFATS is vigorous oversight, not budgetary uncertainty or
budget cuts. SOCMA continues to support a long-term extension of the
standards to allow DHS and the regulated community to come fully into
compliance.
iv. conclusion
Moving forward, if DHS is to suitably engage industry and be
accountable for its progress, Congress conducts regular oversight, and
the program is provided regulatory certainty, SOCMA believes that CFATS
can successfully be implemented without the need for additional
legislation.
We appreciate this opportunity to testify before you today. I look
forward to your questions.
Mr. Lungren. Thank you for testifying.
Mr. Scott.
STATEMENT OF TIMOTHY J. SCOTT, CHIEF SECURITY OFFICER AND
CORPORATE DIRECTOR, EMERGENCY SERVICES AND SECURITY, DOW
CHEMICAL
Mr. Scott. Chairman Lungren, Ranking Member Clarke, and
Members of the subcommittee, my name is Tim Scott and I am the
chief security officer for the Dow Chemical Company. I am
speaking today on behalf of Dow and the American Chemistry
Council, the Nation's largest chemical industry trade
representative.
I will focus on four points today. First, there are clearly
concerns on all sides about the lack of significant progress on
the implementation of the chemical facility and anti-terrorism
standards. We see these as management issues and not as issues
with the CFATS concept.
Second, ACC member companies implemented the Responsible
Care Code for Security in 2002 and have voluntarily and
significantly improved the industry security over the past
decade, spending nearly $10 billion on security enhancements.
Third, CFATS has achieved some progress toward improving
the security of our Nation's chemical sector. The CFATS concept
and the design are good.
Fourth, we now have an excellent opportunity to correct the
course and complete the critical task before us.
Active significant progress on CFATS, along with the
apparent internal issues at DHS are disheartening, but not a
cause for altering our course and nullifying the efforts and
progress that have been made. The open and collaborative
partnership that made CFATS successful in the beginning clearly
has declined, and the lack of mission clarity and leadership is
apparent. This is not a condemnation of everyone and everything
in DHS; this is a breakdown in management, communication, and
collaboration, making a relatively straightforward program
overly complex and burdensome.
This is a wake-up call, not a death knell. We now have the
catalyst for change and an excellent opportunity to correct the
course and achieve success. The concept and basic design of
CFATS are solid. CFATS has potential and has sparked some
improvements in security. It can be developed in an efficient
and productive process to improve the security of our Nation's
critical chemical industry.
Industry has dedicated billions of dollars and thousands of
hours working with DHS at every level. Dow alone has spent
about $250 million on security. We have completed vulnerability
assessments, audits, and, as needed, security upgrades at
facilities worldwide, not just those regulated under CFATS in
the United States.
From the beginning and to this day, Dow has taken a
leadership position on the security issue, and Dow is the only
chemical company to achieve Safety Act designation from DHS for
both our site security and our distribution system security
processes.
The CFATS concept is good, risk-based, and focused on the
right priorities. The CFATS design is good, allowing regulated
companies to apply customized security systems and processes to
each unique site and situation to comply with DHS' established
performance standard and subject to DHS approval.
The issues with CFATS are in the details, and those can be
fixed if we work as a collaborative team with a common goal. We
need to fix what is wrong, not start over from square one, and
we don't need to make the process more complex.
There are many effective and efficient operations to
achieve the successful implementation of CFATS and the ultimate
goal of reducing the vulnerability of the chemical industry,
our communities, and our country. We can get site security
plans approved. We can get the highest-risk sites audited, we
can get agreements and plans in place to reduce vulnerabilities
and comply with the risk-based performance standards. We can
make this happen within a very reasonable period of time.
Included with my written statement are potential solutions
to some issues of most concern--the personnel surety process,
site security plan approval, transparency on the risk
assessment process, and reasonable alternatives that would
expedite the process.
This will be a difficult task, but not an impossible
mission. CFATS can work as conceived. Implementation will take
leadership, communication, and collaboration well beyond what
we have seen recently. DHS, industry, and this subcommittee can
make this work.
ACC is consistently taking a proactive approach to
security, and we have worked in good faith with DHS from the
beginning. Our members have aggressively stepped out to make
significant investments in security. Industry does not want to
waste this effort by starting over. ACC is ready and willing to
take on the challenge as an equal stakeholder to finish the
task and fully implement CFATS. We need DHS on the team to meet
this challenge with the common mission and goal. ACC asks that
you separately address the internal issues in DHS and that you
reauthorize the CFATS legislation so that we can continue the
efforts that are already underway. Thank you.
[The statement of Mr. Scott follows:]
Prepared Statement of Timothy J. Scott
March 6, 2012
Chairman Lundgren, Ranking Member Clarke and Members of the
subcommittee, my name is Tim Scott and I'm the chief security officer
of The Dow Chemical Company. I'm speaking today on behalf of Dow and
the American Chemistry Council, the Nation's largest chemical industry
trade representative.
I'll focus on 4 points today:
First--there clearly are concerns on all sides about the lack of
progress on the implementation of the CFATS program. This poses a
growing concern to both industry and this subcommittee, but we see
these as management issues--not issues with the CFATS concept.
Second--the members of the American Chemistry Council implemented
the Responsible Care Security Code in 2002 and have voluntarily and
significantly improved the security of its member facilities over the
past decade. Since the Security Code's inception ACC members have spent
nearly $10 billion on security enhancements. We have worked with DHS
from the beginning to make CFATS successful.
Third--in spite of the apparent issues the Chemical Facilities
Anti-Terrorism Standards have made some progress toward improving the
security of our Nation's chemical sector since the implementation of
the program--the concept and design of CFATS are good.
And fourth--we now have an excellent opportunity to correct the
course and complete the critical task before us.
The concerns associated with the implementation of the Chemical
Facilities Anti-Terrorism Standards (CFATS)--along with the apparent
internal issues at DHS--are disheartening, but not a cause for altering
our course and nullifying the effort and progress that have been made.
What started as a strong and successful public-private partnership with
robust communication and collaboration that made the initial CFATS
initiative successful clearly has declined. With that decline came the
stagnation of the program and progress. This is not a condemnation of
everyone and everything in DHS--there are many good people in DHS doing
their best and doing a good job--this is a breakdown in management,
communication, and collaboration making a relatively straightforward
program overly complex and burdensome.
This is a wake-up call--not a death knell. We now have the catalyst
for change and an excellent opportunity to correct the course and
complete the task at hand.
The concept and basic design of CFATS are solid. CFATS has
potential, has already sparked some improvements in chemical security
and can be developed further into an efficient, productive process to
improve the security of our Nation's critical chemical industry.
Industry has dedicated billions of dollars on security since the
implementation of CFATS. We've spent thousands of hours working with
DHS at every level.
I would like to point out what Dow Chemical alone has done in terms
of capital investments and security upgrades in an effort to lead the
industry in compliance with the CFATS program. Dow has spent
approximately $250 million on security systems to ensure our facilities
are as safe and secure as they can reasonably be and we have completed
vulnerability assessments, audits, and as-needed security upgrades at
our facilities worldwide--not just those regulated under CFATS in the
United States. We did this in part because we have a duty to our
shareholders, employees, and communities but also because we find the
CFATS program a good model--in harmony with the Responsible Care
Security Code--to secure our facilities. It's my understanding that Dow
is the only chemical company to achieve SAFETY Act designation from DHS
for both our site security and our distribution system security
processes.
The concept is good--risk-based and focused on the right
priorities. The design of the CFATS program is good--allowing the
regulated companies to apply customized security systems and processes
to each unique site and situation in compliance with the DHS-
established risk-based performance standards and DHS approvals. What's
wrong or misguided with CFATS are in the details and those can be fixed
if we work as a collaborative team with a common goal. We need to fix
what's wrong, but not start over from square one.
There are many effective and efficient options that can achieve the
successful implementation of CFATS as well as the ultimate goal of
reducing the vulnerability and mitigating the risk of the chemical
industry, our communities and our country. Working together we CAN get
site security plans approved. We CAN get the highest-risk sites
audited. We CAN get agreements and plans in place designed to reduce
vulnerabilities and comply with the risk-based performance standards.
And this CAN happen within a very reasonable period of time. I've
included with my written statement examples of potential solutions to
many of the issues that in our opinion are the areas of most
significant concern--the proposed personnel surety process, site
security plan approval, transparency on the risk assessment process,
and reasonable alternatives for site security plans and inspections
that would expedite the process.
Attached to this written statement are examples of potential
solutions to some issues of most concern--the personnel surety process,
site security plan approval, transparency of on the risk assessment
process, and reasonable alternatives that would expedite the process
overall.
This will be a difficult task, but not an impossible mission. CFATS
can work as conceived--implementation will take leadership,
communication, and collaboration well beyond what we've seen recently.
We--DHS, the industry and this subcommittee--can make this work.
ACC has historically and consistently taken a proactive approach to
security--establishing the Responsible Care Security Code in 2002 and
supporting legislation to address and improve security across the
chemical sector as a whole--and have worked in good faith with DHS. Our
members have aggressively stepped out to make significant investments
in site security. Industry does not want to waste this effort by
starting over.
ACC is ready and willing to take on the challenge as an equal
stakeholder to finish the task and fully implement CFATS. We need DHS
on the team to meet this challenge with a common mission and goal as
they were when we started this journey and our early successes were
achieved.
ACC asks that you separately address any internal issues in DHS and
that you reauthorize the CFATS legislation so we can continue the
efforts that are already well under way to secure our Nation's chemical
sector.
Attachment
Dear Members.--The following are specific recommendations for your
consideration that are intended to help improve the implementation of
CFATS. With the guidance and oversight of Congress, many of these
improvements could be achieved through administrative changes by DHS.
Personnel Surety
DHS has been unable to implement a workable personnel surety
program for CFATS facilities to properly vet thousands of employees and
contractors against the Terrorist Screening Database. DHS can address
this issue in two ways.
(1) Begin accepting information of non-vetted employees at CFATS
facilities for TSDB screening.
(2) Leverage the existing Transportation Worker Identification
Credential (TWIC) program by fully recognizing TWIC card
holders as satisfying the TSDB screening requirement.
CFATS facilities can validate TWICs using existing tools such as
the TSA's Cancelled Card List without the need to collect, protect, and
transmit sensitive workers' personal information to DHS. While we
recognize some shortcomings in the TWIC program, TSA continues to make
improvements that will further strengthen the program. There are
currently more than 1 million TWIC card holders. Most of them also work
at CFATS sites. By simply leveraging the TWIC program fully, DHS could
vastly improve personnel surety at CFATS facilities and greatly reduce
the burden to the regulated community.
As a long-term goal, DHS should consider creating an enhanced
vetting and credentialing program that incorporates the lessons from
the TWIC program and has broader application across the critical
infrastructure sectors.
Site Security Plan (SSP) Process
DHS should engage members of the CFATS regulated community and
their trade group representatives at the earliest stages and throughout
the process to improve/revamp the SSP portion of CSAT. As identified in
the ``Memo'', this has been one of the biggest road blocks in DHS's
ability to efficiently analyze and approve site security plans.
However, this will be a long-term effort to ensure it is done properly
and will likely take several months to complete.
As an interim measure, ACC recommends that DHS work with the
regulated community to accelerate the development of Alternate Security
Programs (ASPs). ASPs can be developed in a relative short time frame,
providing a standardized and consistent approach for plan submissions
and approvals. ACC began such an initiative with DHS in November 2011
and plan to have the first ASP Guidance Document ready for use by this
spring.
CFATS Program Transparency
DHS should improve the transparency of the CFATS program by
offering confidential sharing (in a classified setting if necessary) of
pertinent facility-specific DHS risk information with the owner/
operator. Facility owners/operators want to make fully-informed
decisions about managing their risks and implementing security
measures. Currently the facility is unaware of how CFATS risk-tiering
decisions are made by DHS and how changes by the facility could reduce
their risk and lower their CFATS profile. By making this process more
transparent, it would vastly improve the security awareness of the
facility and could identify potential tiering errors or anomalies
before they arise.
Alternative Inspection Program for Tier 3-4
DHS should consider an alternative self-inspection program for
lower tier facilities (Tiers 3 & 4) using accredited third-party
auditors. This alternative inspection program could be monitored with
statistical sampling (audit schedule) by DHS CFATS inspectors to verify
compliance. This would help streamline the program by lessening the
burden on the DHS inspection cadre and allow DHS to focus resources and
attention on higher-risk facilities (Tiers 1 & 2). Existing private-
sector programs could be leveraged under this concept including the
Responsible Care Security Code Program, which is mandatory for
membership in ACC and requires third-party certification by an
accredited third-party auditor.
Mr. Lungren. Thank you very much, Mr. Scott.
Now Mr. Wright is recognized for your statement.
STATEMENT OF DAVID L. WRIGHT, PRESIDENT, AMERICAN FEDERATION OF
GOVERNMENT EMPLOYEES LOCAL 918
Mr. Wright. Chairman Lungren, Ranking Member Clarke, and
Members of subcommittee. My name is David Wright. I am
president of AFG Local 918, the NPPD Union. I am also an
inspector with the Federal Protective Service, a component of
NPPD. I am here today to express our commitment to this
critical Homeland Security mission and to work with NPPD, as I
have repeatedly expressed to senior agency leaders.
I have not been given the opportunity to review the
internal report written by Director Anderson that generated
this hearing. My knowledge of the contents of the internal
report is mostly limited to what I have read in the Fox News
articles of December 2011. My perception is that these are the
types of issues that can be addressed in a good labor-
management relationship. Policies and procedures can only be
addressed effectively by taking into account the perspective of
the field-level workforce that accomplishes the work on a daily
basis.
AFGE Local 918 labor-management relationship with NPPD is
mostly cooperative and effective, in direct conflict with what
has been reported in the media as a result of the leaked
internal report. The conflict ranges from outright exaggeration
of the vehicle mileage log issues, to the implied agency
inability to implement policy and procedure due to a Union
workforce.
I have consistently pledged the Union's cooperation of many
NPPD National-level meetings, to include one meeting with
Director Anderson in September 2011. At all meetings I have
indicated the Union's readiness to remove any perceived Union
roadblocks in support of the CFATS program.
On January 9, 2012, after the negative news article, I met
with Director Anderson in the presence of Assistant Secretary
Todd Keil and senior Union leadership. Once again I reiterated
that successful accomplishment of the CFATS mission is the
Union's first priority, and that while we would expect an
opportunity to get meaningful input, there would be no Union
roadblock to implementation of critical Homeland Security
policies and procedures. I strongly reject the assertion that
the workforce is unqualified. Most have extensive background in
law enforcement, military, regulatory authority, and academics.
The chemical security workforce is dedicated, and all came
on board with the promise of building a new agency dedicated to
closing a potential gap in the Nation's Homeland Security
network, the storage of mass amounts of hazardous chemicals at
chemical facilities.
In closing I have been asked by the workforce to advise you
and the American public that the NPPD chemical security
inspector workforce is qualified, willing, ready, and able to
accomplish the critical task of assessing security at the
Nation's chemical facilities. AFGE Local 918 has repeatedly
declared its cooperation to the agency in moving forward before
and after the internal report. We are now making that
commitment to you. It is incumbent on Congress and DHS
leadership to mark that path forward.
I thank this subcommittee for the attention to this
critical Homeland Security issue and I am available for
questions.
[The statement of Mr. Wright follows:]
Prepared Statement of David L. Wright
March 6, 2012
Chairman Lungren, Ranking Member Clarke and Members of the
subcommittee: My name is David Wright. I am the president of Local 918,
the National Protection and Programs Directorate Union affiliated with
the American Federation of Government Employees (AFGE). I am also an
inspector with the Federal Protective Service (FPS) within National
Protection and Programs Directorate (NPPD). In March 2011, AFGE was
named as the exclusive bargaining unit representative of the Chemical
Security Inspectors (CSI's) as result of Federal Labor Relations
Authority certification. AFGE then delegated the responsibility to
represent the CSI's to Local 918. Up until that point, AFGE Local 918
had represented FPS employees since April 2006.
I am here today to express AFGE Local 918's commitment to the
mission and to work with NPPD--as I have repeatedly committed to Under
Secretary Beers and agency leaders. I appreciate the opportunity to
speak to the subcommittee on this critical homeland security issue.
As of today, I have not been given the opportunity to review the
internal report written by Director Penny Anderson that--at least in
part--generated this hearing. My definite knowledge of the contents of
the internal report is limited to what I have read in the FoxNews
articles in December, 2011. From what I have been able to glean from
the articles, the issues are precisely the types of issues than can be
addressed effectively in a good labor/management relationship. The
agency's policies and procedures can only be addressed thoroughly by
taking into account the perspective of the field level workforce that
accomplishes the work on a daily basis. In my Federal experience as a
subordinate employee, as a mid-level manager and as a union official--
it is my firm opinion that to ensure that the workforce is forthcoming
and thorough in their input, they must be consulted by the agency and
unafraid of retaliation.
A working example of Union participation in agency process is AFGE
Local 918's report to appropriate authorities of the failed FPS Risk
Assessment Management Program (RAMP). The failure of the RAMP Program
has since been well-documented by the Government Accountability Office
(GAO). One clear indication from GAO reports is that FPS failed to
meaningfully consult with the field level FPS Inspectors who would
accomplish the bulk of the work--a consultation that could have saved
millions of dollars on an ill-conceived, poorly designed, and
ultimately non-functional computer program. Without the workforce
disclosures and protection of members by the Union, the expenditures on
the RAMP Program would likely have been on-going.
Other accomplishments resultant of the good labor/management
relationship at NPPD and FPS are recent policy/procedure changes that
were vital to accomplishment of the FPS Mission--a National firearms
policy and a National law enforcement jurisdiction/authority policy.
The FPS draft firearms policy was presented to the Union at the
``predecisional stage'' at the FPS Policy Review Committee level--at
the same time as agency senior official's opportunity to comment. The
Union's questions were answered and the policymaking process went
forward without delay on the Union's part. Answers to complex questions
surrounding FPS authority and jurisdiction and policy are vital to the
street-level workforce that operates daily with a variety of
jurisdictional gray areas. The Union gathered the input and provided to
agency. The agency attorneys considered the workforce input and drafted
a policy easily interpreted by managers and individual law enforcement
officers. That policy was implemented without Union delay.
While there is some contention at the ISCD/IP level, the AFGE Local
918 labor/management relationship with NPPD officials is overall
cooperative and effective--in direct conflict with what has been
reported in the media as result of Director Anderson's leaked
``internal report''. The conflict ranges from outright exaggeration of
bargaining issues (vehicle mileage log issues) to the implied agency
inability to implement critical policy and procedure due to a Union
workforce.
The effective NPPD labor/management relationship is evidenced by
the union contract, my weekly contacts with NPPD Employee and Labor
Relations and my attendance at quarterly Labor/Management Forums. I
have pledged cooperation at National-level meetings with (then) Acting
IP Director Rick Driggers (May 3, 2011), ISCD/IP Director Penny
Anderson (September 30, 2011) and Under Secretary Beers (November 29,
2011). Each time, I have indicated the Union's readiness to remedy any
perceived Union roadblocks in support of the CFATS Program. After the
leaked report, I met with Director Anderson, Deputy Director Wulf, and
(then)-Assistant Secretary Todd Keil on January 19, 2012 in the
presence of senior Union leadership and NPPD Human Capital officials.
It was reiterated that successful accomplishment of the CFATS Mission
is our first priority--and that while we would expect an opportunity to
give meaningful input--there would be no Union roadblock to expediting
implementation of critical homeland security policies and procedures. I
have indicated numerous times that the labor contract contains the
following provision that allows for expedited implementation of
mission-critical policies and procedures:
``article 9--impact bargaining and mid-term bargaining
``D. POST-IMPLEMENTATION BARGAINING. The Parties agree that
effective management of the Agency and its resources is a mutual
concern. The Parties also agree that on certain limited occasions,
there may be a need for expedited implementation of new policies or
practices affecting conditions of employment. The provisions of this
Article apply to such situations. It is understood, however, that
nothing in this Article precludes the Agency and the Union from
engaging in post implementation bargaining if mutually agreeable.''
Given the union contract in place, the union has limiting time
frames that ensure negotiations and implementation in a relatively
short time. The issue of delays in workplace bargaining must also be
considered in the context of the agency bureaucracy and lack of
timeliness. A very recent example was an issue presented to the Union
last week. What would normally have been deemed as a ``negotiable
change in working conditions''--the cessation of the ISCD Hazardous
Materials certification and medical monitoring of employees--was
presented to the Union. In my limited research, I determined that the
actual ISCD Hazardous Materials certification program has been
technically and functionally dormant--if not dead--since at least mid-
2011. This matter is an indication of the slow bureaucratic pace that
is frustratingly normal in agency business.
The present CSI workforce had accomplished much groundwork to
assess the security of the Nation's chemical facilities prior to
Director Penny Anderson's arrival in July 2011. That groundwork and
industry outreach by the inspector workforce has resulted in acceptance
by private industry and hundreds of chemical facilities reducing
storage of dangerous chemicals that could be used in a criminal or
terrorist attack. Elimination of this agency at this point would result
in about 100 ``boots on the ground'', front-line inspectors being
placed out of work around the Nation. Many of the inspectors and
managers are former FPS inspectors who were lured away from their
Federal law enforcement careers. Many CSI's have experience in private
industry and are highly educated. All applied to NPPD/ISCD with the
promise of building a new homeland security agency dedicated to closing
a potentially devastating gap in the Nation's security network--the
storage of mass amounts of hazardous chemicals at the Nation's chemical
facilities.
Despite the insults and negative insinuations by the media reliant
on the Director Anderson's seemingly anti-employee internal report,
despite the on-going laborious attempts to redefine the work process--
and despite overwhelming Human Capital issues--each bargaining unit
employee is dedicated to assessing and ultimately regulating security
of hazardous chemical storage at these facilities.
In closing, I have been asked by the workforce to advise you and
the American public that the NPPD/ISCD/IP Chemical Security Inspector
workforce is qualified, willing, ready, and able to accomplish the
critical task of assessing security at the Nation's chemical
facilities. AFGE Local 918 has repeatedly declared its cooperation to
the agency in moving forward. We are now making that commitment to
you--it is incumbent on Congress and DHS leadership to mark that path
forward.
I thank the subcommittee for the attention to this critical
Homeland Security issue.
Mr. Lungren. Thank all the panel members for their
discussion. We will go into a first round of questioning.
To start off, Mr. Wright, I know you haven't seen the
entire report or the memorandum, but you have been responding
with respect to the reports you have seen and the discussions
that you have had.
What impact, if any, has this memo or the leaked part of
the memo or the way it is being described in the press had on
the morale of your members? Do they still have a desire to work
for this program? Do they still think this program worthy? Do
they still think this program is workable?
Mr. Wright. Above all, they think it is worthy and they are
ready to move forward. With that being said, there was an
aspect of insult to that report. There was an aspect of calling
into question capabilities, education, training, and so forth.
So there was and still is an aspect of being disrespected.
Mr. Lungren. Mr. Scott and Mr. Allmond, since the leaked
memo came out, how has DHS engaged you on the issues that were
outlined in the leaked memo? Has there been any suggestion of
how you work together to solve any of the issues detailed in
the memo, or is that viewed more as the Department's internal
problems that has not affected the relationship of the industry
with the Department?
Mr. Allmond. Mr. Chairman, DHS discusses these types of
issues with the industry through the Chemical Sector
Coordinating Council that Mr. Scott has been involved in, and
so have I. We haven't had too many discussions as of yet, but
we have had some preliminary discussions about some of the
things that have been holding up the program that we have
identified for well over a year now.
Mr. Lungren. Mr. Scott, you said that this report or that
which came out of this report is a wake-up call, not a death
knell for the program. It is my hope that that is the case.
Could you outline why the program, as articulated or as
legislatively drawn, and the response by the private sector to
that, is both worthy of being maintained, and what are the
essential advantages of it, as you see it in the context of, as
you say, the industry having spent billions of dollars in terms
of security?
Mr. Scott. Well, the primary reason we agree that CFATS is
a good approach is the risk-based approach that it takes. It is
really focused on the risk of each individual site, different
scenarios at each sites. So it takes the risk into question,
and then you apply the appropriate risk rating and tier level
to the site. So that is a strong positive. We want to make sure
that we are focusing on risk and that we are really focusing on
reducing the risk.
The second piece of the puzzle is that it gives you--CFATS
gives you a broad array of opportunities to reduce that risk.
It doesn't dictate any one method or means of reducing risk. So
each site, and every site is very different, in each situation,
whether it is a theft scenario or an attack scenario, the site
has the opportunity to pick the right answer, the right
solution to reduce the risk at that site, what makes sense at
that site. So the risk-based approach and the opportunity to
apply a customized security package at the site is really the
value, and that is why you can see real improvement already in
many of the sites when they start to focus on the risk and
focus on the opportunities to reduce that risk. That is why you
have seen some success already. Even though the CFATS is not
fully implemented we have seen some remarkable success.
The issues that we are facing right now are the management
issues of how to measure success and get approval of the site
security plans and get the final inspections in place; it is
not the process that has the problem.
Mr. Lungren. Mr. Allmond, you indicated that you support
Mr. Scott, a permanent or 7-year, whatever we want to call that
extension of the authorization, or as we would say up here,
permanent authorization. You indicated that without that there
is uncertainty. Some observers on the outside might say that is
overstated.
Why would your members not continue to go forward with the
capital investment necessary for securing their own assets? I
know how I would respond to that question, but I would like to
know how you would respond to that question.
Mr. Allmond. Well, Mr. Chairman, regulations in general
disproportionately impact small businesses, and when there is
the delay in the implementation of regulations, that compounds
the impact. The delays most likely have seized up compliance
costs that were budgeted. When companies sit down and do their
own annual budgets, there may be some compliance costs that
were built in that were not spent. It could have been spent on
things like manufacturing, innovation, R&D, more jobs. So in
some respects, that money was not spent and it should have
been.
Mr. Lungren. I think you indicated in your written
testimony that 80 percent of your members are small businesses?
Mr. Allmond. That is correct.
Mr. Lungren. All right. Ms. Clarke.
Ms. Clarke. Thank you, Mr. Chairman, and I thank the
witnesses for providing their insights as well.
My first question goes to Mr. Wright. Many of the problems
identified in the ISCD memorandum appear to be related to
hiring and developing staff to implement the program, including
the lack of policies and procedures to guide staff efforts to
do their jobs.
Please discuss whether you believe problems related to
hiring and developing staff and a lack of related policies and
procedures are a challenge to implementing the CFATS program,
and if so why? Then give us your experience with how the
employees were hired for the CFATS program; what is the history
from your point of view?
Mr. Wright. I think I will start with the second part of
your question first. I probably have been around longer than
any of the NPPD leadership at the inception of the CFATS
program in hiring the inspectors. We were originally detailed
from the FPS workforce. So I did attend that initial class, 1
day of a week-long course for the initial group of inspectors.
I think that was the initial, what can now be looked at as a
setback, because the focus was ultimately compliance and
ultimately law enforcement. FPS inspectors were lured away from
their Federal law enforcement careers with the promise, with
the lure of building a new agency regulating chemical
facilities. Unfortunately for those inspectors, the program was
apparently misguided or labeled as misguided and changes
occurred along the way.
Many FPS inspectors came back, and the ones that could
tolerate the loss of their Federal law enforcement career
stayed. Then there is the aspect of the management culture. It
just seems to have changed several times over the years. The
focus seems to have changed is what I am told.
Ms. Clarke. So in your opinion, to what extent do the
staffing challenges and lack of program guidance impede
progress in implementing CFATS, if at all?
Mr. Wright. I can only go back to what I have seen in the
Fox News article. Apparently Director Anderson thinks that the
mission is impeded by law enforcement officers that, ``want to
carry a badge and gun.'' It goes back to a cultural issue. It
goes back to the authorization, and let's do form a culture, an
NPPD culture, as opposed to the different cultures that have
occurred throughout the time period by bringing--by losing the
focus on the law enforcement and the compliance originally, and
seeking to refocus seemingly every year.
Ms. Clarke. So I see in the memo that there are
insinuations that the Union is causing friction in the
workplace. Would you give us the viewpoint of the employees in
the Union on this matter of workplace conditions or
relationships with management? Also, in the effort to give
feedback to DHS management, would you characterize those
efforts of employees as possibly putting themselves in the
position of being subjected to retaliation or intimidation?
Mr. Wright. The Union culture within ISCD is new. We have
been in place since March 2011. So I was absolutely blindsided
by the allegations in the news article. I have worked with
Secretary Beers' senior management for years now. That myth of
working with the unions, of the Union creating roadblocks to
implementing policies and procedures is exactly that, it is a
myth.
Ms. Clarke. Thank you.
Mr. Lungren. It is my pleasure to recognize Mr. Richmond
for 5 minutes.
Mr. Richmond. Thank you, Mr. Chairman, and I will not use
my entire 5 minutes. I guess my question is for Mr. Scott. I
will just say that we have a Dow facility in my new Second
Congressional District which will actually be the largest home
to petrochemical facilities in places that will fall under
CFATS in the country. So my concern and my goal is to make sure
that it is as efficient and as least burdensome to the
businesses that are there.
I know that at least in your recommendations, you mentioned
one way to become more efficient very quickly is to leverage
the existing relationship between CFATS by recognizing the TWIC
card. Is that one of the recommendations?
Mr. Scott. My personal opinion is that that would make the
personnel surety program a lot easier to manage, if the people
at the sites that you are talking about in your area are both
MTSA-covered sites. You will see at both of those sites
security upgrades to meet the DHS compliance requirement, so
that is what we like to do. But at those two sites you have a
TWIC card required for entry. When somebody comes to the gate
to come to work to get a Dow badge, it is very easy to look at
the TWIC card to know they have already been vetted by the
Federal Government and meet all the requirements that are
currently involved with the CFATS personnel surety requirement.
Mr. Richmond. With just Dow, how many of your facilities
are covered by CFATS and also by MTSA?
Mr. Scott. I am not sure I can answer that. I think it is
about 3 dozen. In the United States we have about 3 dozen sites
covered by one or the other. All of the sites are covered by
the ACC response security code.
Mr. Richmond. I thank you, and I yield back, Mr. Chairman.
Mr. Lungren. Ms. Richardson is recognized for 5 minutes.
Ms. Richardson. Thank you, Mr. Chairman.
My first question is for Mr. Scott. Mr. Scott, have you
presented these recommendations that are in your testimony to
DHS?
Mr. Scott. Some of the recommendations have been discussed
with DHS through the Sector Council, through individual
companies, through the ACC, the various associations. I can't
say that we have talked about each and every one of the
recommendations, but most of those have been in some
discussions, yes.
Ms. Richardson. Are you aware of any responses that might
have been received from DHS?
Mr. Scott. DHS has always been willing to sit down and talk
with us. I think we are having on-going discussions with----
Ms. Richardson. My question is: Have there been any
specific responses to the recommendations that you provided, to
your knowledge?
Mr. Scott. Not at this time, no.
Ms. Richardson. Is Dow or ACC a part of an official
advisory group within DHS, especially in light of this
memorandum that was leaked, where you provide feedback to them
or are working with them on this process?
Mr. Scott. I am not working directly with DHS on that
response. No.
Ms. Richardson. Does ACC to your knowledge have any
advisory role or working with this Department?
Mr. Scott. The ACC has offered input on several of the
recommendations. I don't know that they are having any direct
response to those recommendations as yet.
Ms. Richardson. So if I am hearing what you are saying,
there is no formal body, advisory body to your knowledge, that
you guys are participating in on a regular basis?
Mr. Scott. Not on a regular basis, no.
Ms. Richardson. Mr. Wright, I would have the same question
for you. Is there a regular advisory group that is working with
the Department to provide feedback on an on-going basis?
Mr. Wright. Not to my knowledge.
Ms. Richardson. Okay. And for you, sir, how about you?
Mr. Allmond. Well, there is the Chemical Sector
Coordinating Council, but it is not a Government advisory
board. It is an industry advisory, and that is where we do have
periodic discussions about various chemical security issues
with the Department.
Ms. Richardson. So is it a formal process of a regular
meeting that happens like once a year?
Mr. Allmond. It is probably more like four or five times a
year. It is an industry-led group that discusses chemical
security. Sometimes we do involve DHS as guests to our meeting,
but we do exchange information.
Ms. Richardson. So it is your meeting, not theirs?
Mr. Allmond. Right.
Ms. Richardson. Also in your testimony, you have referenced
that you have supplied DHS with a proposal and some things they
could consider. Have you gotten any responses to your
proposals?
Mr. Allmond. There have been discussion about the personnel
surety issue that Mr. Scott talked about, the TWIC card and
whatnot. We have had some back-and-forth on that with the
Department for many months now. We hope to have some resolution
on that. That is one of the areas in the performance standards
that is holding up the implementation, quite frankly.
Ms. Richardson. Okay. And Mr. Wright, I just wanted to
encourage you as a part of the Union that you support, I hope
that you will share with them the comments from Mr. Allmond in
his testimony where he said, in particular, we have strongly
urged DHS to rely upon half a dozen or so Federally-issued
credentials that involve the TSDB check. Unions have also
expressed a concern with DHS about the proposal, so they have
supported you in that. They have also noted, additionally,
relying upon contractors who typically have high job turnover
persist--whatever. I am struggling on that word today. A little
late last night. The need for constant retraining,
institutional knowledge is the key to activities and conducted
primarily with contract support. So they are really providing I
think a lot of support, unlike what unfortunately you have to
testify about. Your folks here have strongly commended the work
that your folks have done, so it is important to share that
with them.
Mr. Wright. Yes, thank you.
Ms. Richardson. Mr. Wright, finally my question is for you.
Have you found there to be a transparent and open process of
knowledge amongst the workforce of positions that are open and
available, since some of them are contracted positions
currently?
Mr. Wright. I don't have much experience with contractors.
I am concerned with the statements made here by Director
Anderson about the openness and transparency of the action
plan, because it has not been brought to me. I have not been
notified. I do know that there are town hall meetings. I will
also say that my workforce is at this point, I think,
intimidated and unwilling to share that information with the
Union. Also, Director Anderson is unwilling to share that plan
directly with me, despite my efforts.
Ms. Richardson. Well hopefully through this committee
looking at this closer, we can improve upon that.
Thank you all for your testimony. ``Precipitates,'' there
we go; got it, third try. Thank you, Mr. Chairman.
Mr. Lungren. I thank the gentlelady for yielding back. I
thank the witnesses for their testimony and the Members for
their questions.
The Members of the committee may have some additional
questions for the witnesses and we would ask you to respond to
these in writing in a timely fashion. The hearing record will
be held open for 10 days.
With that, this subcommittee stands adjourned.
[Whereupon, at 4:32 p.m., the subcommittee was adjourned.]
A P P E N D I X
----------
Questions Submitted by Chairman Daniel E. Lungren to Rand Beers
Question 1a. NPPD recently provided the subcommittee with an
internal memorandum entitled ``Challenges Facing ISCD, and the Path
Forward'' which identified challenges facing ISCD as it continues
implementing the CFATS program, including those related to human
capital management, strategic planning, procurement, and basic program
administration.
What factors prompted the Under Secretary to request that ISCD
develop this memorandum, and when was it written?
Question 1b. Describe any efforts to confirm the existence of
management problems discussed in the memorandum and to determine if the
underlying cause (or causes) for these problems was accurately
identified.
Answer. The Department of Homeland Security, the National
Protection and Programs Directorate (NPPD), and the Infrastructure
Security Compliance Division (ISCD) have accomplished much over the
past few years to establish and implement the Chemical Facility Anti-
Terrorism Standards (CFATS) program, but this unprecedented regulatory
program still has challenges to address. Upon the arrival of ISCD's new
Director and Deputy Director, Under Secretary Beers asked them to
provide their views on the CFATS program for his consideration. Candid,
honest assessments and critiques are valuable tools in evaluating
progress and determining where improvement is needed. Furthermore,
course corrections are to be expected in a nascent and unprecedented
program like CFATS, and on-going decisions will be necessary. The
internal memorandum in question was delivered in November 2011.
We are addressing certain programmatic and management challenges
through a comprehensive Action Plan. NPPD's senior leadership is
briefed on a regular basis on the progress made to address the items in
the Action Plan. The Department looks forward to working with Congress
to ensure continued success in the CFATS program.
Question 2a. In response to the ISCD internal memorandum, ISCD
created an action plan with numerous action items intended to address
management challenges identified in the memo.
Has ISCD evaluated the level of effort needed to complete each
action item, including establishing milestones and time lines for the
items? How has management prioritized the completion of the action
items?
Answer. Yes, the Infrastructure Security Compliance Division (ISCD)
has evaluated the level of effort required for each action item. Each
action item has been assigned to a member within ISCD's leadership team
for coordination. As part of this coordination, each item has been
assigned milestones and a tentative time frame for completion.
While the action plan does not formally prioritize the action
items, each item has milestones and a target completion date based on
ISCD's Director's guidance and the top three priorities and top three
challenges identified in the internal memorandum.
Question 2b. How is progress on the action plan being documented,
measured, and communicated to leadership within NPPD and its Office of
Infrastructure Protection?
Answer. Progress on the ISCD action plan is being documented and
managed by a designated action plan administrator in a master project
plan. The action plan administrator receives weekly updates on each
item from the coordinators. The action plan progress and highlights are
briefed weekly to ISCD, the Office of Infrastructure Protection, and
National Protection and Programs Directorate (NPPD) leadership.
Question 2c. Is NPPD confident that the action items identified
will address the root cause of the various problems? If so why? If not,
why not?
Answer. Yes, NPPD is confident that the action plan will address
the root causes of the challenges identified. The action plan has been
reviewed by NPPD and its implementation status is briefed weekly to
NPPD leadership in order to ensure that progress is being made. In
addition, at the recommendation of the Government Accountability Office
(GAO), we will develop metrics to assess the impact of Action Plan
progress, including impact on the overall implementation of the CFATS
program.
Question 3. CFATS was initially authorized in October 2006 under
the Homeland Security Act of 2007. Since that time, what has the
program achieved, and do you believe this level of progress is
sufficient given the amount of time that has elapsed?
According to DHS and CFATS Leadership, inspectors have been
conducting assistance visits to tiered facilities. What did these
assistance visits entail, and how, if at all, did they help improve
security at facilities?
Were results of these visits consistently documented?
Finally, how did these visits differ from the actual inspections
that will eventually be conducted under the CFATS program?
Answer. The Chemical Facility Anti-Terrorism Standards (CFATS)
program, as authorized in the Homeland Security Appropriation Act of
2007 (Pub. L. No. 109-295), has significantly reduced, directly or
indirectly, the overall security risk associated with the chemical
sector in several ways:
Development of a list of chemicals of interest (COI) with
screening threshold quantities (STQ), as specified in Appendix
A to CFATS, which the Department of Homeland Security (DHS)
uses to help identify potentially high-risk chemical facilities
with minimal burden on the chemical industry. Without this COI
list, it is unlikely that many of the more than 2,700
facilities that have voluntarily removed or significantly
reduced the on-site quantity of COI related to their potential
security risks would have done so.
Development of an on-line assessment tool (the ``Top-
Screen'') through which potentially high-risk chemical
facilities possessing COI at or above the applicable STQ submit
information to the Department to facilitate preliminary
identification of facilities presenting a high-security risk.
Establishment and maintenance of an up-to-date comprehensive
database, based on Top-Screen submissions, with information on
the chemical holdings and basic risk profile of more than
40,000 chemical facilities across the country.
Analysis of these Top-Screen submissions, resulting in the
initial identification of more than 7,000 preliminary high-risk
facilities.
Development of an on-line Security Vulnerability Assessment
(SVA) tool, through which preliminary high-risk facilities have
developed, and provided to the Department, additional, more-
detailed information about their chemicals, their specific
circumstances and their potential vulnerabilities, which DHS
uses to make a final determination regarding the facilities'
risk status.
Completion of the review to date of more than 7,000 SVAs,
resulting in the issuance of final high-risk determinations for
more than 3,700 facilities and assignment of those facilities
to appropriate risk-based tiers.
Development of an on-line Site Security Plan (SSP) tool for
use by final high-risk chemical facilities in the development
and submission of SSPs or Alternative Security Programs (ASPs)
for DHS's review and approval or disapproval. This SSP tool
collects information on how each facility will meet the
applicable risk-based performance standards (RBPSs) under
CFATS. The tool is designed to take into account the
complicated nature of chemical-facility security and allows
facilities to describe both facility-wide and asset-specific
security measures. This tool has helped facilities make
appropriate and sound decisions in developing security plans
that fit the unique characteristics of each facility and best
account for the facility's assets and vulnerabilities.
Publication of a RBPS Guidance document to assist CFATS-
covered facilities develop adequate SSPs. The RBPS Guidance
document provides guidance on what types and combinations of
security measures and processes may be appropriate for a
facility, based on its unique circumstances, and addresses
specific items a facility may wish to consider when selecting
security measures and procedures (such as physical and
environmental considerations, command-and-control
considerations, and the use of layered security) to satisfy the
RBPS. This document can also be of value to facilities not
regulated under CFATS since it provides guidance on effective
security measures that such unregulated facilities could
implement voluntarily.
Enhancement of the National ability to prepare for and
respond to potential threats directed at or involving aspects
of many types of chemical facilities (including facilities not
traditionally considered part of the chemical industry), based
on the information provided through Top-Screen and SVA
submissions. This has contributed greatly to the development of
a more comprehensive, Nation-wide picture of chemical security
risks and concerns. CFATS and the data the Department has
collected have given the Federal Government a far better
understanding of what dangerous chemicals are available
commercially, who has them, how they are handled and secured,
as well as which facilities present the highest risks.
Establishment of a sensitive but unclassified information-
protection regime, called Chemical-terrorism Vulnerability
Information (CVI), to help protect certain sensitive security
information developed and/or provided to the Department in
compliance with CFATS.
Completion of more than 1,000 Compliance Assistance Visits
(CAVs), and participation in more than 3,000 informal
introductory meetings with owners and/or operators of CFATS-
regulated facilities, which have helped to ensure that the
regulated community is aware of CFATS requirements and of
chemical security risks.
Development of working relationships with State and local
officials through outreach efforts beyond the regulated
community. Those relationships are enhancing the overall level
of preparedness of the Nation for preventing or responding to
potential terrorist attacks involving high-risk chemical
facilities or chemicals from those facilities and will pay
positive dividends in the event of a chemical security
incident. To this end, the Infrastructure Security Compliance
Division (ISCD) has participated in more than 2,500 meetings
involving Federal, State, and local partners, including more
than 100 Local Emergency Planning Committee meetings.
Increase in security awareness and education through
outreach activities, as well as the CFATS website and Help
Desk, which has received over 79,000 requests.
Establishment of an anonymous CFATS Tip-Line, which has
received over 100 calls and supports the reporting of
suspicious activities and the identification of facilities or
individuals who potentially are not complying with CFATS
requirements.
Collaboration within DHS and with other Federal agencies in
the area of chemical security, including routine engagement
among the National Protection and Programs Directorate's
subcomponents and with the U.S. Coast Guard; the Transportation
Security Administration; the Department of Justice's Federal
Bureau of Investigation; and Bureau of Alcohol, Tobacco,
Firearms, and Explosives, the Nuclear Regulatory Commission,
and the Environmental Protection Agency. This collaboration
allows for the identification of potential security gaps and
the sharing of lessons learned, all of which makes the overall
homeland security effort more efficient and effective.
As the above activities demonstrate, in a relatively short period
of time CFATS has helped the Nation better understand the complex
security issues associated with the chemical industry, allowed the
Federal Government to identify high-risk chemical facilities throughout
the Nation, provided tools to allow high-risk facilities assess their
vulnerabilities and develop plans to reduce their risks, spurred the
voluntary elimination or reduction of chemicals of interest at
facilities throughout the country, facilitated the selection and
implementation of security measures and procedures to reduce security
risks, and enhanced Nation-wide preparedness through increased
understanding and collaboration.
In the preliminary stages of implementing the CFATS regulation, the
inspector cadre focused much of its effort on providing outreach and on
assisting chemical facilities in understanding the requirements of this
nascent and unprecedented program. One method for providing such
assistance involves CAVs to facilities. During these CAVs, inspectors
provided information and assisted many facilities in registering to use
the on-line Chemical Security Assessment Tool (CSAT), in understanding
how to use and complete the CSAT Top Screen and Security Vulnerability
Assessment tools, and in understanding how to prepare and submit (or
revise) SSPs or ASPs. These outreach and assistance efforts were and
are essential to the effective implementation of the CFATS program. In
fact, the assistance provided by the inspectors has contributed
substantially to the submissions by chemical facilities, which to date
includes over 40,000 Top Screens, over 7,000 SVAs, and over 3,600 SSPs.
ISCD conducts CAVs at covered facilities that claim (e.g., through
requests for redetermination) to have eliminated or reduced their
chemical holdings or to have implemented other material changes to
their site or operations. These visits enable ISCD to verify the claims
made by the facilities and assist ISCD in determining whether they are
entitled to a change in their risk-based tiering determination.
In addition, CFATS inspectors have also conducted and may continue
to conduct what have been previously referred to as Preliminary
Authorization Inspections (PAIs), which are visits to CFATS-covered
facilities that have submitted SSPs but that have not yet received
Letters of Authorization for their SSPs. To avoid confusion with CFATS
authorization inspections and compliance inspections, ISCD now refers
to these inspector activities as CAVs. The main purposes of these pre-
authorization visits are: To help ISCD gain a better understanding of
the processes, risks, vulnerabilities, response capabilities, security
measures and practices, and other factors at a covered facility that
are relevant to ISCD's review of the facility's SSP; and to help
facilities more fully develop and explain the security measures in
their SSPs.
Chemical Security Inspectors document CAVs using established
templates and standards for reporting. These files are reviewed by the
inspector chain of command, analyzed by ISCD headquarters, and posted
in the facility's case files. Additional documentation is required for
all CAVs related to requests for redetermination.
CAVs differ from actual inspections because the main purposes of
the former are to assist facilities in the completion of their required
documentation (Top Screen, SVA, and/or SSP); verify claimed changes at
a facility in connection with requests for redetermination; help ISCD
gain a better understanding of the processes, risks, vulnerabilities,
response capabilities, security measures and practices, and other
factors at a covered facility that are relevant to ISCD's review of the
facility's SSP; and to help facilities more fully develop and explain
the security measures in their SSPs.
In contrast to CAVs, inspections are conducted only after a
facility's SSP or ASP has been authorized or approved. Authorization
inspections are conducted by ISCD inspectors after the facility
receives a Letter of Authorization in order to verify that the
descriptions of measures in the facility's authorized SSP or ASP are
accurate and complete, and that the equipment, processes, and
procedures described in the SSP or ASP appear to be appropriate to meet
applicable CFATS risk-based performance standards. The authorization
inspection results, as well as other relevant available information,
are evaluated by ISCD to determine whether or not DHS should issue a
Letter of Approval for the facility's SSP or ASP. Following DHS's
issuance of a Letter of Approval, ISCD will conduct compliance
inspections on a periodic and as-needed basis to verify that facilities
are complying with their approved SSPs or ASPs.
Question 4. DHS reports that, since the CFATS program's inception,
more than 1,670 facilities have completely removed their Chemicals of
Interest (COI). What assurance does DHS have that these facilities have
removed their COI?
Answer. Under the Chemical Facility Anti-Terrorism Standards
(CFATS), chemical facilities that possess any of the chemicals of
interest (COI) listed in Appendix A at or above the corresponding
screening threshold quantity (STQ) must complete and submit a Top-
Screen. If DHS determines that the facility is high-risk and the
facility subsequently makes a material modification to its operations
or site, the facility must complete a revised Top-Screen within 60 days
of the material modification. A material modification may involve, for
example, the complete removal of all COI from the facility or a
substantial reduction of COI holdings. In addition to submitting a
material modification Top-Screen, the facility has the option of
formally requesting that ISCD reevaluate the facility's tiering
designation by submitting a Request for Redetermination.
Following the submission of a material modification Top-Screen and/
or a Request for Redetermination, the Infrastructure Security
Compliance Division (ISCD) will request that the facility provide
specific documentation showing the removal or reduction of COI or other
material change in operations, such as shipping information, receiving
locations, documentation related to changes in processes, invoices,
bills of lading, sale documentation, etc. ISCD may also request that
the facility engage in a compliance assistance visit with ISCD
inspectors so they can observe and gather pertinent information to
verify the removal or reduction of COI.
As of February 3, 2012, more than 1,800 facilities have reported
that they have completely removed all of the COI that they held, and
more than 900 facilities have reported that they no longer possess the
quantity of COI that requires submission of a Top-Screen.
Question 5a. According to the ISCD Memo, as it relates to the Site
Security Plan (SSP) review process, the process is ``overly complicated
and inefficient, leading to substantial delays in completing reviews.''
To what extent has DHS engaged members of the CFATS-regulated
community, to improve/revamp the SSP portion of CFATS?
Question 5b. Has DHS considered working with the regulated
community to accelerate the development of Alternate Security Programs
(ASPs)? ASPs can be developed in a relatively short time frame,
providing a standardized and consistent approach for plan submissions
and approvals.
Answer. The Infrastructure Security Compliance Division (ISCD) has
established an interim Site Security Plan (SSP) review process that
includes the development and refinement of, and training in, review
procedures; a multi-layered approach that still allows for expeditious
review and that ensures consistency in application of standards; and a
quality assurance procedure for reviewing and reporting on the
effectiveness, efficiency, and consistency of reviews.
ISCD is in the process of further refining a long-term review
process. As part of the long-term review, ISCD is working to leverage
lessons observed in the interim review process and to include a
strategic outreach to the regulated community.
The strategic outreach will build upon existing efforts to engage
the Chemical Facility Anti-Terrorism Standards (CFATS)-regulated
community to assist with their understanding of the regulation and the
CFATS process. This has included ISCD's completion of more than 1,000
Compliance Assistance Visits and participation in more than 3,000
informal introductory meetings with owners and/or operators of CFATS-
regulated facilities. ISCD's outreach efforts have gone beyond solely
involving the representatives of CFATS-regulated facilities, and
additionally, have fostered solid working relationships with industry
trade associations, such as the American Chemistry Council (ACC) and
the Agricultural Retailers Association, for example, to discuss
specific concerns related to their organizations' constituents. ISCD is
currently participating in a working group with the ACC to consider
potential improvements to the SSP tool and to assist ACC in its efforts
to develop an Alternative Security Program (ASP) template that could
provide sufficiently detailed information to better enable the
Department of Homeland Security to review facility ASP submissions. The
option of submitting ASPs in lieu of SSPs has been emphasized to the
associations and has been incorporated into standard outreach materials
for the larger regulated community at conferences, meetings, and
presentations.
Question 6a. DHS provided briefings and other information to this
subcommittee noting that one of the factors prompting the review by
ISCD officials was that DHS discovered flaws in its methodology for
identifying the risk level of chemical facilities, whereby facilities
are assigned to specific tiers based on the potential consequences. As
a result of this flaw, some facilities were misclassified.
What was the impact of misclassifying facilities?
Question 6b. What actions were taken to correct this problem?
Answer. As briefed to the committee, 501 facility tiering decisions
were potentially affected by a data error in a computer program that
helps identify high-risk chemical facilities. Of the 501 facilities, 35
facilities had already been determined to no longer be high-risk prior
to the re-evaluation process, for reasons unrelated to the tiering
issue. Upon further review of the remaining 466 facilities, using the
corrected data, the Department of Homeland Security (DHS) determined
that 99 facilities were no longer considered high-risk; 148 facilities'
overall tier levels should be lowered; 178 facilities should retain
their facility tier levels, although other aspects of their final tier
determinations should be revised; and that 41 facilities' final tiering
results were still subject to pending review of their SVAs or Requests
for Redetermination. DHS notified all of the potentially affected
facilities of the results of this review in June 2011.
Question 6c. What assurance does NPPD have that, moving forward,
the methodology used to develop tiered lists is sound and that
facilities are properly classified? Was the methodology peer-reviewed?
Answer. The National Protection and Programs Directorate (NPPD) and
the Infrastructure Security Compliance Division (ISCD) have committed
to doing a thorough review of the CFATS risk-based tiering process and
to promptly developing appropriate responses to any significant new
tiering issues. In order to carry out this commitment, ISCD has
developed a three-phase approach including:
Thoroughly documenting all ISCD processes and procedures
relating to the tiering methodology;
Conducting an internal DHS review of the complete tiering
process;
As part of that effort, a working group composed of NPPD
experts was formed and is nearing completion of an internal
assessment of the CFATS risk-tiering methodology.
Conducting an external peer review of the risk-based tiering
methodology.
As part of the internal review, an analysis has been
developed that identifies options and various approaches
for ISCD to consider in initiating an external review.
This peer review would provide a forum for external
experts to assess the methodologies supporting CFATS.
Yes, a formal peer review of the modified Risk Analysis and
Management for Critical Asset Protection (RAMCAP) methodology used
within the CFATS risk engines was conducted in 2007. DHS is in the
process of developing a new peer review of the CFATS risk-tiering
methodology, which is part of the ISCD Action Plan.
NPPD is committed to doing a thorough review of the CFATS risk-
based tiering process--past and present. In order to do this, NPPD has
developed a three-phased approach to review its tiering methodology,
including: Thoroughly documenting all processes and procedures relating
to the tiering methodology; conducting an internal DHS review of the
complete tiering process (which is nearing completion); and conducting
a new external peer review of the risk-based tiering methodology. The
peer review will provide a forum for external experts to assess the
tiering methodologies supporting CFATS. ISCD has completed an analysis
of various approaches for conducting the external review and is
currently in the process of finalizing the acquisition documentation
for this effort. DHS expects to launch the external peer review later
this summer. The Department will keep this committee informed of the
progress on this important effort.
Question 6d. What assurance does NPPD have that, moving forward,
the methodology used to develop tiered lists is sound and that
facilities are properly classified?
Answer. Response was not received at the time of publication.
Question 7. Has DHS conducted an examination of all the algorithms
in the process? If so, were they peer-reviewed and by whom?
Answer. As part of the Department of Homeland Security's (DHS)
internal review of the complete tiering process, a working group
composed of National Protection and Programs Directorate experts was
formed and is nearing completion of an internal assessment of the
Chemical Facility Anti-Terrorism Standards risk-tiering methodology,
including review of the algorithms.
DHS is also finalizing a proposal for an external peer review of
the tiering methodology.
Question 8. In the Chemicals of Interest Appendix, will there be a
feedback process and engagement with stakeholders to help determine
threshold amounts?
Answer. If the Chemicals of Interest Appendix is revised in the
future, DHS intends to engage, as appropriate, with interested
stakeholders through the rulemaking process.
Question 9. How many regulated companies have come forward to
question their tier rankings in light of the issues with the formula?
Has any company filed a lawsuit related to this issue?
Answer. The Infrastructure Security Compliance Division (ISCD) is
not aware of any formal requests by any facility to review its tier
level as a result of the issue with the corrections made in 2010 to one
computer program that helps DHS identify high-risk chemical facilities.
ISCD is not aware of any lawsuits related to this issue.
Question 10a. ISCD's memo cites numerous examples of potential
waste, fraud, and abuse associated with the use of consumable supplies,
travel cards, and the procurement of goods needed to carry out
inspection responsibilities under the CFATS program.
What is NPPD doing to investigate these issues?
Question 10b. Has NPPD engaged the DHS Office of the Inspector
General or any other investigative body to examine these issues or any
issues associated with the ISCD memorandum? If not, why not?
Answer. In September 2010, Todd Keil, then-Assistant Secretary for
Infrastructure Protection (IP), established the Infrastructure Security
Compliance Division (ISCD) Task Force and Charter. The Task Force was
directed to review practices and policies related to the salaries and
benefits of ISCD's chemical inspectors, procurement protocols, fleet
management, and acquisition of equipment.
This Task Force review identified potential issues with ISCD's
resource management and internal management controls and processes. The
National Protection and Programs Directorate's (NPPD) leadership asked
NPPD's Office of Compliance and Security (OCS) to coordinate an
inspection of ISCD. OCS performed its inspection activities between
April and October 2011. OCS completed its report in October 2011.
Currently, both the Government Accountability Office and the
Department of Homeland Security's Office of the Inspector General are
conducting their own examinations of ISCD.
With regard to consumable supplies and travel cards specifically,
the internal ISCD memorandum states that the absence of sufficient
procedures and oversight led to an environment where fraud, waste, and
abuse could occur. However, no such incidents have been identified.
Question 11a. There have been narratives from State and local
fusion center representatives that they are unable to obtain
information from site security plans to use in vulnerability
assessment. The reason they were given is that it is classified
regulatory information not meant to be shared.
What is the source of this policy? The CFATS statutory language as
drafted in Section 550(c) of Public Law 109-293 does not preclude this
type of information sharing, in fact it encourages it.
Question 11b. Can you look into this issue and provide me with a
written explanation? If there is confusion about policy on the ground,
we like to get constituents the right information and support.
Answer. Chemical-terrorism Vulnerability Information (CVI) is a
category of sensitive, unclassified information established under
Section 550(c) of the Department of Homeland Security (DHS)
Appropriations Act of 2007 (Pub. L. 109-295) and the Chemical Facility
Anti-Terrorism Standards (CFATS) regulation to protect certain
information developed or submitted as part of the CFATS process. Thus,
CVI is not ``classified'' information as defined by Executive Order
13526. Except in exigent or emergency circumstances, only CVI
Authorized Users who have a ``need-to-know'' may have access to CVI.
Site Security Plans (SSPs) and other specified categories of CFATS-
related information are CVI and must be marked, handled, and stored in
accordance with the CVI provisions of the CFATS regulation. Please note
that although an SSP is a CVI document under CFATS, not all of the
information contained in an SSP is CVI. Specific information that a
facility develops for other, non-CFATS purposes often is not CVI even
though it may later be incorporated in an SSP.
The Infrastructure Security Compliance Division (ISCD) has, upon
request, shared CVI regarding specific high-risk facilities with CVI-
authorized users who have a need to know that information, including
non-Federal public officials at fusion centers and other State
stakeholders, such as State Homeland Security Advisors. In addition,
individuals within State and local fusion centers and other public
officials may directly contact CFATS-covered facilities within their
jurisdiction to obtain relevant information, including CVI, provided
that the individual seeking that information is a CVI Authorized User
with a need-to-know. It is through direct communication between State
and local fusion centers and CFATS-covered facilities that most
meaningful information exchanges typically occur.
To aid State and local stakeholders with preparing to access CVI,
DHS provides on-line CVI training for individuals to become CVI
Authorized Users. The training can be found at: http://www.dhs.gov/
files/programs/gc_1181835547413.shtm. In addition, DHS has prepared a
CVI Procedural Manual, with additional information about sharing of
CVI, which is available at www.dhs.gov/chemicalsecurity.
Question 12a. As part of the subcommittee's oversight role of this
program, there is an interest in the progress of the hiring and
evaluation of those charged with implementing the CFATS program. Of the
current policy- and inspector-level employees currently working on the
CFATS program, how many are qualified, properly trained and ready to
carry out their job duties today?
How many will need to be re-trained?
Question 12b. How many will need to be terminated or moved to other
divisions?
Answer. Infrastructure Security Compliance Division (ISCD) staff,
including inspectors, have been hired and trained to ensure they have
the requisite expertise in physical security, investigations, incident
management, chemistry, and other relevant fields necessary to properly
perform the duties that they have been charged with to date. ISCD
leadership has the utmost confidence in these professionals' abilities
to conduct these operations. ISCD expects additional training will be
provided to the inspector cadre as advancements in these procedures
occur or as new procedures are developed.
ISCD stood up a working group in September 2011 to review the
current processes, procedures, and equipment utilized by the inspector
cadre and to update or develop additional materials and tools to assist
the inspector cadre in performing future authorization inspections as
well as compliance inspections, which occur after approval of Site
Security Plans or Alternative Security Programs. ISCD has updated the
inspection procedures and is completing the process of providing
additional training to the entire inspector cadre.
At this time, it is not possible to say whether any employees
should be terminated or moved to other divisions. The establishment of
specific program needs and the development of the long-term process for
fulfilling identified program requirements is an on-going and dynamic
one. As the Chemical Facility Anti-Terrorism Standards program
continues to mature, ISCD will ensure that all of the positions it
needs are staffed with individuals who possess the appropriate
knowledge, skills, and abilities necessary to perform at the
appropriate level.
Question 13. How many CFATS employees have a chemistry or physical
sciences background? How many current inspectors have a chemical
facility inspection background?
Are job descriptions being designed with these qualifications in
mind?
Answer. Currently, the Infrastructure Security Compliance Division
(ISCD) employs the following number of staff with a chemistry or
physical sciences background: Five chemical engineers, one chemist,
three general engineers, and seven information technology management
specialists. In addition, ISCD currently has vacant positions for four
chemical engineers, one general engineer, and two information
technology management specialists.
The Chemical Facility Anti-Terrorism Standards (CFATS) program is
one of the first Federal regulatory programs to focus specifically on
the security risks associated with chemical facilities. Since the
program's inception, the inspector cadre has undergone training and
participated in activities to build their expertise in chemical
facility inspections.
ISCD is in the process of conducting a top-to-bottom review of the
Division's staffing to develop a Human Resources Plan that will further
define and document the roles, responsibilities, required skills, and
reporting relationships of its staff. Once the Human Resources Plan is
developed, ISCD will fully assess the Human Resources needs to include
the creation of job descriptions and determining the proper grade
levels.
Question 14a. What is the status of the inspector training program?
How close is an inspector training program to being put in place?
Question 14b. Are you working to leverage the knowledge base of
other components and agencies that have functioning inspection
programs, such as the Coast Guard or the Department of Energy?
Question 14c. Would you be willing to leverage industry expertise
in developing a training program?
Answer. The Infrastructure Security Compliance Division (ISCD)
stood up a working group in September 2011 to review the current
procedures and to consider revising or providing additional training to
assist the inspector cadre in performing future authorization
inspections and to help them to conduct compliance inspections, which
will begin after the Department of Homeland Security issues Letters of
Approval for covered facilities' Site Security Plans or Alternative
Security Programs. Throughout the development of the Chemical Facility
Anti-Terrorism Standards (CFATS) program, ISCD has worked with industry
and with Federal, State, and local partners to obtain and apply lessons
learned and best practices. The ISCD working group is leveraging these
relationships as it works to further develop and refine its inspection
procedures and training. ISCD has updated the inspection procedures and
is completing the process of providing additional training to the
entire inspector cadre.
Question 15a. Additionally, there is information related to the
memo and administration of the program that is germane to the
subcommittee's work. I have highlighted some outstanding subcommittee
requests made to your staff for which we have not received a response:
In January, committee (bipartisan) staff requested and the
subcommittee has yet to receive a time line of political and career
individuals in charge of CFATS since its inception. This request was
repeated by members in a February briefing.
Why has this information not been sent?
There has been a high amount of turnover at all levels in this
program. What impact has it had on implementation and continuity of
operations?
Answer. The following tables provide the names and tenures of
leaders within the Office of Infrastructure Protection, including the
Assistant Secretary, Deputy Assistant Secretary, Infrastructure
Security Compliance Division (ISCD) Director, and ISCD Deputy Director,
who have had responsibility for carrying out the requirements of
Section 550 of the Department of Homeland Security Appropriations Act
of 2007 (Pub. L. No. 109-295).
------------------------------------------------------------------------
Assistant Secretary Dates
------------------------------------------------------------------------
Caitlin Durkovich...................... May 2012--Present.
William Flynn (Acting)................. February 2012--May 2012.
Todd M. Keil........................... December 2009--February 2012.
William Flynn (Acting)................. September 2009--December 2009.
James L. Snyder........................ January 2009--September 2009.
Robert Stephan......................... April 2005--January 2009.
------------------------------------------------------------------------
------------------------------------------------------------------------
Deputy Assistant Secretary Dates
------------------------------------------------------------------------
William Flynn.......................... November 2010-Present
(Concurrently served as Acting
Assistant Secretary in
February 2012--May 2012).
Sue Armstrong.......................... November 2010-October 2011
(Detailed to the Federal
Protective Service (FPS) in
October 2011 and reassigned to
FPS in May 2012).
Sue Armstrong (Acting)................. September 2009-November 2010.
Vacant................................. January 2009-September 2009.
James L. Snyder (Acting)............... November 2008-January 2009.
Kevin Reardon.......................... December 2007-November 2008.
Vacant................................. March 2007-December 2007.
Tom DiNanno............................ July 2004-March 2007.
------------------------------------------------------------------------
------------------------------------------------------------------------
ISCD Director Dates
------------------------------------------------------------------------
David Wulf............................. July 2012-Present.
Penny Anderson......................... July 2011-July 2012.
Rick Driggers (Acting)................. December 2010-July 2011.
Dennis Deziel (Acting)................. September 2009-December 2010.
Sue Armstrong.......................... July 2009-September 2009.
Sue Armstrong (Acting)................. November 2008-July 2009.
James Snyder........................... November 2008-November 2008.
Sue Armstrong (Acting)................. July 2008-November 2008.
Larry Stanton (Acting)................. March 2007-July 7, 2008.
Deputy Assistant Secretary Tom DiNanno October 2006-March 2007.
(serving as chair of Chemical Security
Working Group).
------------------------------------------------------------------------
------------------------------------------------------------------------
ISCD Deputy Director Dates
------------------------------------------------------------------------
Rick Driggers (Acting)................. July 2012-Present.
David Wulf............................. July 2011-July 2012.
VACANT................................. April 2011-July 2011.
James ``Chris'' Anderson (Acting)...... December 2010-April 2011.
Todd Klessman (Acting)................. August 2010-December 2010.
Wade Townsend (Acting)................. June 2010-August 2010.
Todd Klessman (Acting)................. September 2009-June 2010.
Dennis Deziel (Acting)................. November 2008-September 2009.
Sue Armstrong.......................... November 2008-November 2008.
------------------------------------------------------------------------
Personnel turnover at the management levels of the program has
inevitably had some impact on implementation of CFATS, although
continuity of the program has been substantially maintained. In order
to minimize such impacts from past and potential future turnover, ISCD
has, among other actions, ensured that decisions, processes, and
procedures are thoroughly documented. These actions include, but are
not limited to, establishing an interim Site Security Plan review
process, forming an Inspection Tools Working Group, and implementing
the ISCD Action Plan.
Question 15b. In January, committee (bipartisan) staff also
requested a time line of how and when issues with CFATS were reported
up the chain of command. That has not been received.
When did Secretary Napolitano learn of the issues and has she
passed any direction down to Under Secretary Beers?
How much communication within DHS Headquarters and the Secretary's
Office has there been about the memo?
Answer. Secretary Napolitano became aware of the existence of the
November 2011 internal memorandum shortly after it was submitted by
ISCD leadership to the National Protection and Programs Directorate.
She instructed Under Secretary Beers, Deputy Under Secretary Spaulding,
and the ISCD leadership to move expeditiously to implement the action
plan, continue to encourage employees to come forward with any
concerns, and to keep her updated on progress and any problems.
Under Secretary Beers updates the Secretary and her immediate staff
on the Action Plan regularly. The Under Secretary meets almost daily
with the Secretary and uses those opportunities to communicate progress
on implementation of the Action Plan, major milestones, and issues that
warrant senior leadership attention. The Deputy Under Secretary and the
Assistant Secretary for Infrastructure Protection also provide periodic
updates to the Department of Homeland Security's senior-most
counselors.
Questions Submitted by Ranking Member Yvette D. Clarke to Rand Beers
Question 1. H.R. 5695, as passed by the Homeland Security Committee
in 2006 required the Secretary and Inspector General of DHS to submit
reports to Congress. These reports were to address progress in
achieving compliance, assess the effectiveness of facility security
plans, draw lessons learned, and make recommendations to improve
programs, plans, and procedures. Had these kinds of normal, authorized,
requirements been included in a comprehensive authorization of CFATS,
the first report to Congress would likely have been due some 5 years
ago, with subsequent reports due annually thereafter. Unfortunately,
the majority at the time set aside H.R. 5695 and enacted the CFATS
program as a rider on the DHS appropriations act without appropriate
oversight provisions. Would you agree that if Congress had included
basic accountability provisions in the CFATS program from the outset,
many of challenges of program implementation would have come to light
years ago rather than as the result of an internal memorandum leaked to
the news media?
Answer. The Department of Homeland Security believes that
appropriate Congressional oversight can improve accountability and
enhance the effectiveness of Executive Branch activities. As might be
expected in managing a groundbreaking program, the Infrastructure
Security Compliance Division (ISCD) has indeed encountered difficulties
in its implementation of the Chemical Facility Anti-Terrorism Standards
program. We believe the program has helped the Nation better understand
the complex security issues associated with the chemical industry,
allowed the Federal Government to identify high-risk chemical
facilities throughout the Nation, provided tools to allow high-risk
facilities to assess their vulnerabilities and develop plans to reduce
their risks, spurred the voluntary elimination or reduction of
chemicals of interest at facilities throughout the country, facilitated
the selection and implementation of security measures and procedures to
reduce security risks, and enhanced Nation-wide preparedness through
increased understanding and collaboration.
Question 2. What are your plans for well-structured and regular
reports to Congress on the progress of the CFATS program, and what are
your recommendations for the inclusion of these kinds of reports in any
future authorization by Congress?
Answer. The Department of Homeland Security (DHS) understands the
need for Congress to receive regular updates on the progress of the
Chemical Facility Anti-Terrorism Standards (CFATS) program. However,
DHS believes that briefings and other communications--in lieu of formal
reports to Congress--are the most efficient and timely methods of
updating Congress on the progress of the CFATS program. DHS has
provided and will continue to provide many such briefings whether or
not required by legislation.
Questions Submitted by Ranking Member Yvette D. Clarke to Penny J.
Anderson
Question 1a. Please provide details on the plans for the CSI
workforce, including:
Creation of new job descriptions.
Question 1b. Pay-grade levels of new hires based on any revamped
job description.
Question 1c. Whether the new plan will include career ladders. With
the need to review so many facilities, how will the performance
measurements/evaluations for inspectors be determined?
Question 1d. How will the need for overtime be addressed?
Question 1e. Will NPPD/ISCD be reducing CSI pay-grades from GS13 to
GS11 and GS12?
Question 1f. Will AUO (Administratively Uncontrollable Overtime) of
the CSI's be restricted?
Answer. The Infrastructure Security Compliance Division (ISCD) is
in the process of conducting a top-to-bottom review of the Division's
staffing to develop a Human Resources Plan that will further define and
document the roles, responsibilities, required skills, and reporting
relationships of its staff. Once the Human Resources Plan is developed
it will fully assess the Human Resources needs to include the creation
of job descriptions and determining the proper grade levels. Individual
performance management plans and the application of overtime policies,
including those regarding Administratively Uncontrollable Overtime,
will continue to comply with National Protection and Programs
Directorate, Department of Homeland Security, and Office of Personnel
Management regulations and guidelines.
Question 2. With all the CFATS implementation issues in front of
you, how are you doing on the ammonium nitrate regulations and what is
your time line?
Answer. The Notice of Proposed Rulemaking for the Ammonium Nitrate
Security Program was published in the Federal Register on August 3,
2011, and the public was given 120 days to provide comment(s)
concerning the proposed rule. Additionally, the Department of Homeland
Security (DHS) held 12 public meetings during the 120-day comment
period to brief the public on the proposed rule, listen to their
concerns, and gather comments provided during those forums. The
Department is currently evaluating the public comments and is
determining what responses will be appropriate to include in the final
rule for the Ammonium Nitrate Security Program. The Department expects
to develop a final rule in a time frame that ensures that it can
consider and respond appropriately to the concerns raised during the
public comment period while complying with all applicable Federal
rulemaking requirements and procedures.
Question 3. We know the ammonium nitrate industry has expressed
concern over the proposal to regulate mixtures at the 30 percent level
and that a meeting has been requested to better understand the thinking
of DHS in this regard. Can you tell me when you are going to meet with
industry representatives on this issue?
Answer. Members of the public, including many members of industry,
submitted many written comments discussing mixture percentages during
the 120-day comment period for the Ammonium Nitrate Security Program
from August 2011 to December 2011. During the public comment period,
the Department of Homeland Security (DHS) also hosted a series of 12
public meetings in areas of high ammonium nitrate usage around the
country in order to provide the public in-person overviews of the
proposed regulations and to solicit additional public feedback. At many
of these meetings, attendees, including industry representatives,
provided opinions and statements concerning mixture percentages. DHS is
currently reviewing all of the comments and will consider that input
when drafting responses to the comments and developing a final rule.
Questions Submitted by Ranking Member Yvette D. Clarke to Timothy J.
Scott
Question 1. Please clarify the number of Dow Chemical facilities
that are required to submit a vulnerability assessment and site
security plan to DHS under the Chemical Facility Anti-Terrorism
Standards (excluding those facilities subject only to the top screen
process but not actually assigned a risk tier).
Answer. Dow has 19 facilities (including sites acquired by
acquisition from Union Carbide Company and Rohm & Haas Corporation)
currently regulated, tiered, and required to submit a vulnerability
assessment and site security plan under CFATS.
Question 2. Likewise please separately provide the number of Dow
Chemical facilities that are subject to security requirements of the
Maritime Transportation Security Act, and the number of Dow Chemical
facilities, if any, that are subject to the security jurisdiction of
the Nuclear Regulatory Commission.
Answer. Dow has 8 facilities (including sites acquired by
acquisition from Union Carbide Company and Rohm & Haas Corporation)
subject to security requirements under the Maritime Transportation
Security Act, and one small research lab regulated under the Nuclear
Regulatory Commission.
Question 3. In your July 24, 2007 testimony before this committee
you included an illustration, ``An Integrated Approach to Chemical
Industry Security,'' which included security options for extremely
hazardous chemicals that included: Reduce inventory; reduce pressures;
lower temperature; make and use in process without storage; and use
alternates where process allows. Does Dow Chemical incorporate any or
all of these approaches into its vulnerability assessments and security
plans?
Answer. Dow conducts its vulnerability assessments with teams
consisting of both security and process safety specialists. All risk
and vulnerability reduction options are considered during these risk-
based assessments, and the option best-suited to the specific scenario
and the specific site is implemented. Dow has examples of the
implementation of each available option--inventory, pressure or
temperature reduction; in-process consumption; and product
substitution; as well as process safety implementation in new plant
design.
Questions Submitted by Chairman Daniel E. Lungren to David L. Wright
Question 1a. Initially, the ISCD memo was not released to
stakeholders in industry, the union, nor some Department employees.
Since, it has been released via different sources. Mr. Wright, did the
Department give you a reason for not providing you with the ISCD memo
to prepare for the hearing?
Answer. I do recall specifically asking the Department for a copy
of the ISCD memo in the context of preparing for the hearing. My prior
requests had been refused due to the confidential/harsh nature of the
report and the on-going investigation into the media leak. I had no
reason to believe that I would be able to obtain the report from the
Department.
Question 1b. Since much of it impacts the inspector cadre you
represent, were you given any access to it prior to the hearing? If
not, were you told why not?
Answer. I was not given access to the ISCD memo prior to the
hearing. Reason given was the confidential nature of the report and the
fact that the media leak was under investigation by DHS.
Question 1c. Have there been any meetings with the employees you
represent to discuss the contents of the memo?
Answer. I have had two Union teleconferences with the inspector
cadre prior to the hearing--one within a few days after the FoxNews
report and one within days of being notified about my requested
Congressional testimony. During the first teleconference the discussion
centered on what we could glean from the news story and the resulting
feelings of insult and degradation.
The second Union teleconference centered on my expected testimony--
I was encouraged to portray to Congress the willingness and ability of
the CFATS inspector workforce to accomplish the mission. This
teleconference also centered on the CFATS inspector's disappointment in
the performance of NPPD managers at the previous hearing at House
Energy and Commerce Committee.
I also participated (listened in) on an agency ``all-hands''
employee teleconference with NPPD Deputy Secretary Suzanne Spaulding
and ISCD Director Penny Anderson that occurred within days of the
FoxNews story during which the workforce was encouraged to proceed with
the mission regardless of media coverage.
A second all-hands teleconference with Director Anderson (which I
was unable to attend) apparently focused on some clarification by her
regarding personal insult perceived by the CFATS inspectors--of which
she apparently clarified that no insult or degradation was intended.
Question 2a. There are areas of the ISCD memo, which you have not
been allowed to view in its totality, that allude to inspectors wanting
to carry firearms and be addressed as ``commander''.
Question 2b. Do you have any knowledge of either of those
assertions being true?
Answer. As I testified to at the hearing, the NPPD CFATS inspector
force was originally staffed by law enforcement officer detailees from
the Federal Protective Service Hazmat Technician force. I distinctly
recall because I was interested in the position and because of the
competitive aspects of the detailee selection process. FPS law
enforcement officers applied for the detail after being advised that
the positions could become permanent and that ultimately--NPPD ISCD
officials would attempt to gain law enforcement authority for the
Chemical Security Inspector workforce. As I recall, the ``plan'' at the
outset was to institute a law enforcement workforce that could respond
to failed chemical facility security plans that resulted in shutdown of
facilities--or actual breaches of security.
The title ``commander'' is presently in use and appears to be an
official job title based on correspondence issued to me in the past.
The use of the term likely originated in the context of a law
enforcement ``chain of command''.
Since the Chemical Security Inspectors have joined the Union on
March 2011--none have approached the Union regarding with what many
consider to be a breach of commitment by the agency--the effort to
institute a law enforcement workforce and opportunity to continue the
Federal law enforcement career from which they departed. That promise
faded long ago and no one is pursuing the issue to my knowledge.
Since the hearing, I have learned that the agency initiative to
gain law enforcement authority was being pursued by ISCD management as
late as November 2010.
Question 3. In your written testimony to the subcommittee you noted
that there are time constraints in the union contract that would
prevent any long-term or burdensome negotiations. However, in the
leaked memo ISCD Director Penny Anderson said that there is a mileage
dispute described as starting July 2011 and is allegedly on-going. Can
you explain this situation?
Answer. Citing ``effective management of the agency and its
resources'', Article 9F of the Union Contract allows for ``expedited
implementation of policies and procedures affecting conditions of
employment''.
The ``mileage dispute'' consisted of the agency notifying the Union
about the way that Government Owned Vehicle (GOV) mileage and other GOV
issues were to be documented in a vehicle mileage log. Originally, it
was the Union's contention that reporting of GOV miles driven and fuel
usage documented at time of purchase (Government fuel card required
mileage input at fuel pump) were sufficient for documentation of miles
driven--and that the additional documentation would be duplicative and
administratively burdensome, i.e. if an inspector spent 30 minutes or
more per day detailing mileage and fueling on a website with
insufficient internet connection in a vehicle, there is at least a
duplication of effort and potential for wasting time and effort. We
were also concerned that the potential waste of time could reflect on
the supervisor's perception of inspector performance.
To further complicate matters, when asked about the new
requirements, agency cited an NPPD Policy. When Union asked to review
the policy--because we had never seen it--we were provided a copy and
it turned out to be a ``draft policy'' not ready for implementation.
Subsequently, agency provided a DHS Policy that did not require the
specificity of the new NPPD form. At each of these points, I became
increasingly aware that the agency was misleading me in performance of
my lawful responsibility to represent the members of this newly
organized portion of the FLRA-certified bargaining unit.
The Union issue was never the authority of the agency to implement
such mileage log requirements. The issue was the apparent agency
attempts to circumvent simple bargaining of ``impact and
implementation'' on the workforce. The misleading nature (whether
deliberate or not) of the agency's interaction with me developed into
mistrust. I suggested to the agency--as a vehicle mileage log for GOV's
was not a HUGE issue--that they implement the mileage log requirements
and we could discuss at a later time--post-decisional bargaining as
allowed by Union contract and they agreed. At that point, we'd had
about four teleconferences lasting about 15-20 minutes each between
four or five personnel.
The agency then neglected to implement and discuss the policy. We
filed an Unfair Labor Practice (ULP) for failure to bargain in late
August/early September. To my recollection there was no further
discussion of the issue for the remainder of the year. In January, the
FLRA informally cited that Union had offered and should pursue post-
decisional bargaining and that the ULP would ultimately be dismissed by
the FLRA Regional Director. The ULP was dropped in January 2012. Post-
decisional bargaining was pursued and ultimately dropped due to lack of
input by Union rank and file.
Question 4. Do you believe that your interactions with CFATS
leadership have been obstructive in any way?
Answer. No. To the contrary, I have advised all levels within NPPD
of our willingness to work together. When I met with ISCD Director
Anderson and Deputy David Wulf in September 2011, they cited the
temporary nature of the agency's Authorization, the concern that
significant progress of the agency had to be made and uncertainty as to
how to deal with the Union. I obligated to them on that day--that if
they did find the Union contract as burdensome in any way, a simple
communication with me would lead to elimination of any time line
issues. For example, Article 9A 1 of the contract requires notification
of changes in working conditions to be accomplished 30 days in advance
and gives 14 days for Union to respond. This requirement could--and
would--be waived in the interest of mission accomplishment at this
critical stage in the agency's development. We also discussed the
vehicle mileage log ULP and I advised hem that the ULP was a simple
issue that could be remedied by forthrightness on the part of the
agency as to the seemingly overreaching requirements.
At that time, Director Anderson expressed confidence in the efforts
to develop a good labor/management relationship. I am disappointed to
know--months later--that the internal report was likely being developed
and drafted as we were speaking that day--and that my comments and
efforts (at least to my knowledge) were not included as part of that
narrative--in what I now see as an effort to paint the picture of a bad
labor/management relationship.
Question 5. Mr. Wright, your union represents personnel in other
areas of DHS, Federal Protective service, for example. How have your
dealings with CFATS Leadership been different from your work with other
DHS components?
Answer. I have represented the Federal Protective Service personnel
since 2006. My relationship with FPS has always been a mutually
respectful and mostly beneficial relationship.
In the FPS years at ICE, the labor/management relationship with ICE
was somewhat contentious and stifled by the nature of the differing
missions, i.e. priority of Immigration and Customs Enforcement duties
versus the lower priority of FPS' mission--protection of Federal
facilities.
Upon the FPS transition to NPPD, Under Secretary Beers' recognition
of the importance of labor relations with an FPS unionized workforce
was realized--not only for the benefit of the workforce--but for the
benefit of the agency through increased employee input. At this point--
at least in the context of a working relationship with FPS and senior
NPPD officials, issues are discussed and remedied in an efficient,
usually informal manner.
Despite my outreach and my purposeful negating/relaxation of Union
contract provisions, the labor/management relationship with ISCD
remains ``cool'' after the first year of our representation in this
FLRA-certified bargaining unit.
Despite that cooled ISCD labor/management relationship, AFGE Local
918 remains committed to the successful accomplishment of the ISCD
mission at this critical stage in its history.
As with our history at FPS, ICE, and NPPD, AFGE Local 918 intends
to fully disclose any and all information regarding hindrance of ISCD
mission accomplishment to Congress.
�