[House Hearing, 113 Congress]
[From the U.S. Government Publishing Office]
H.R. 4007, THE CHEMICAL FACILITY ANTI-TERRORISM STANDARDS AUTHORIZATION
AND ACCOUNTABILITY ACT OF 2014
=======================================================================
HEARING
before the
SUBCOMMITTEE ON CYBERSECURITY,
INFRASTRUCTURE PROTECTION,
AND SECURITY TECHNOLOGIES
of the
COMMITTEE ON HOMELAND SECURITY
HOUSE OF REPRESENTATIVES
ONE HUNDRED THIRTEENTH CONGRESS
SECOND SESSION
__________
FEBRUARY 27, 2014
__________
Serial No. 113-54
__________
Printed for the use of the Committee on Homeland Security
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Available via the World Wide Web: http://www.gpo.gov/fdsys/
__________
U.S. GOVERNMENT PRINTING OFFICE
88-171 PDF WASHINGTON : 2014
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800
DC area (202) 512-1800 Fax: (202) 512-2250 Mail: Stop SSOP,
Washington, DC 20402-0001
COMMITTEE ON HOMELAND SECURITY
Michael T. McCaul, Texas, Chairman
Lamar Smith, Texas Bennie G. Thompson, Mississippi
Peter T. King, New York Loretta Sanchez, California
Mike Rogers, Alabama Sheila Jackson Lee, Texas
Paul C. Broun, Georgia Yvette D. Clarke, New York
Candice S. Miller, Michigan, Vice Brian Higgins, New York
Chair Cedric L. Richmond, Louisiana
Patrick Meehan, Pennsylvania William R. Keating, Massachusetts
Jeff Duncan, South Carolina Ron Barber, Arizona
Tom Marino, Pennsylvania Dondald M. Payne, Jr., New Jersey
Jason Chaffetz, Utah Beto O'Rourke, Texas
Steven M. Palazzo, Mississippi Tulsi Gabbard, Hawaii
Lou Barletta, Pennsylvania Filemon Vela, Texas
Richard Hudson, North Carolina Steven A. Horsford, Nevada
Steve Daines, Montana Eric Swalwell, California
Susan W. Brooks, Indiana
Scott Perry, Pennsylvania
Mark Sanford, South Carolina
Vacancy
Vacancy, Staff Director
Michael Geffroy, Deputy Staff Director/Chief Counsel
Michael S. Twinchek, Chief Clerk
I. Lanier Avant, Minority Staff Director
------
SUBCOMMITTEE ON CYBERSECURITY, INFRASTRUCTURE PROTECTION, AND SECURITY
TECHNOLOGIES
Patrick Meehan, Pennsylvania, Chairman
Mike Rogers, Alabama Yvette D. Clarke, New York
Tom Marino, Pennsylvania William R. Keating, Massachusetts
Jason Chaffetz, Utah Filemon Vela, Texas
Steve Daines, Montana Steven A. Horsford, Nevada
Scott Perry, Pennsylvania, Vice Bennie G. Thompson, Mississippi
Chair (ex officio)
Michael T. McCaul, Texas (ex
officio)
Alex Manning, Subcommittee Staff Director
Dennis Terry, Subcommittee Clerk
C O N T E N T S
----------
Page
STATEMENTS
The Honorable Patrick Meehan, a Representative in Congress From
the State of Pennsylvania, and Chairman, Subcommittee on
Cybersecurity, Infrastructure Protection, and Security
Technologies................................................... 1
The Honorable Yvette D. Clarke, a Representative in Congress From
the State of New York, and Ranking Member, Subcommittee on
Cybersecurity, Infrastructure Protection, and Security
Technologies:
Oral Statement................................................. 4
Prepared Statement............................................. 6
The Honorable Michael T. McCaul, a Representative in Congress
From the State of Texas, and Chairman, Committee on Homeland
Security....................................................... 7
The Honorable Bennie G. Thompson, a Representative in Congress
From the State of Mississippi, and Ranking Member, Committee on
Homeland Security:
Oral Statement................................................. 8
Prepared Statement............................................. 9
The Honorable Gene Green, a Representative in Congress From the
State of Texas:
Oral Statement................................................. 10
Prepared Statement............................................. 12
WITNESSES
Panel I
Ms. Caitlin Durkovich, Assistant Secretary, Infrastructure
Protection, U.S. Department of Homeland Security, Accompanied
by David Wulf, Deputy Director, Infrastructure Security
Compliance Division:
Oral Statement................................................. 14
Joint Prepared Statement....................................... 16
Mr. Stephen L. Caldwell, Director, Homeland Security and Justice,
U.S. Government Accountability Office:
Oral Statement................................................. 21
Prepared Statement............................................. 22
Ms. Marcia Moxey Hodges, Chief Inspector, Office of Inspector
General, U.S. Department of Homeland Security:
Oral Statement................................................. 29
Prepared Statement............................................. 31
Panel II
Mr. Clyde D. Miller, Director for Corporate Security, BASF North
America, Incoming Vice Chair, American Chemistry Council
Security Committee:
Oral Statement................................................. 52
Prepared Statement............................................. 54
Ms. Kate Hampford Donahue, President, Hampford Research, Inc.,
and Member, Board of Governors, Society of Chemical
Manufacturers and Affiliates (SOCMA):
Oral Statement................................................. 57
Prepared Statement............................................. 58
Ms. Anna Fendley, Legislative Representative, United
Steelworkers:
Oral Statement................................................. 60
Prepared Statement............................................. 62
For the Record
The Honorable Patrick Meehan, a Representative in Congress From
the State of Pennsylvania, and Chairman, Subcommittee on
Cybersecurity, Infrastructure Protection, and Security
Technologies:
Letter......................................................... 51
Memorandum From the Office of Enforcement and Compliance
Assurance, United States Environmental Protection Agency,
Washington, DC............................................... 47
H.R. 4007, THE CHEMICAL FACILITY ANTI-TERRORISM STANDARDS AUTHORIZATION
AND ACCOUNTABILITY ACT OF 2014
----------
Thursday, February 27, 2014
U.S. House of Representatives,
Committee on Homeland Security,
Subcommittee on Cybersecurity, Infrastructure Protection,
and Security Technologies,
Washington, DC.
The subcommittee met, pursuant to call, at 10:09 a.m., in
Room 311, Cannon House Office Building, Hon. Patrick Meehan
[Chairman of the subcommittee] presiding.
Present: Representatives Meehan, McCaul, Perry, Clarke,
Thompson, Vela, and Horsford.
Also present: Representative Green.
Mr. Meehan. The Committee on Homeland Security,
Subcommittee on Cybersecurity, Infrastructure Protection, and
Security Technologies will come to order. The subcommittee is
meeting today to examine H.R. 4007, which is the Chemical
Facility Anti-Terrorism Standards Authorization and
Accountability Act of 2014.
I now recognize myself for an opening statement.
Chemical facilities continually rank among the most
attractive targets for terrorists because an attack on a
chemical plant would likely result in large-scale damage and
potentially terrible loss of life. What happened at West,
Texas, last spring gave us a chilling look at the devastation
that occurs when a chemical facility detonates.
To protect against potential catastrophe, Congress in 2007
authorized the Department of Homeland Security to develop a set
of vulnerability assessment standards for chemical plants and
to implement a corresponding set of regulations to ensure that
physical security of those at the highest risk. That
authorization was in effect for 3 years.
Seven years later, the resulting program, which we call
CFATS, has yet to be reauthorized. Instead, the program simply
receives appropriations year after year without any hard
guidance from this authorizing committee. While we have held
many hearings to assess the CFATS program's effectiveness and
progress, the Department is still behind in establishing
several of the program's most basic operational elements, and
we all appreciate that this is simply not acceptable.
It is the responsibility of this committee to set official
guidelines and standards of this very important program.
Oversight alone is simply not sufficient. We must give CFATS
the formal and proper direction it needs. Therefore, we must
resume our jurisdiction of the program.
H.R. 4007, the Chemical Facility Anti-Terrorism Standards
Authorization and Accountability Act of 2014, is the product of
the Homeland Security Committee's consultation with dozens of
stakeholders, including the facilities regulated under this
act, community representatives, the Energy and Commerce
Committee, the Senate Homeland Committee, and the Government
Affairs Committee in the Senate, as well as the Government
Accountability Office, the Department of Homeland Security
itself. In fact, just yesterday, the Secretary of the
Department of Homeland Security, Jeh Johnson, said about this
bill that, ``I have looked at it, I have read it, I support it,
and our critical infrastructure folks support it.''
Therefore, we have reached the rare occurrence in Congress,
constructive legislation supported by the White House, multiple
House committees, the Senate, industry, and both Republicans
and Democrats. As author of this bill, I take very seriously
the problems that have plagued this program in the past; the
now-infamous 2011 leaked memo written by the former ISCD
Director Penny Anderson and then ISCD Deputy Director David
Wulf was highly critical of the division and brought to light a
disturbing litany of management flaws and achievement gaps
within the ISCD.
In response, this committee asked both the GAO and the
inspector general to conduct a thorough review of the ISCD
operations. The findings weren't surprising. Both auditors
essentially said that the program's success had been slowed by
inadequate tools, poorly-executed processes, and harmful
mismanagement.
In the 3 years since the Anderson-Wulf memo was leaked,
ISCD has made substantial progress. The division has further
accelerated the review process for security plans at facilities
assigned a final tier under CFATS. It has significantly reduced
the overall backlog of facilities. It has made notable progress
in addressing the recommendations made by GAO in its 2013
report. It has implemented the Infrastructure Security
Compliance Division Action Plan.
In addition, ISCD has put in place a new management team,
headed by Suzanne Spaulding, the acting under secretary for
NPPD, and David Wulf, who is here with us today, now the ISCD
director. With a new management team at the helm, and tangible
progress continuing to be demonstrated, now is the time to help
CFATS begin its new chapter and take these next critically
important steps.
While progress has been made, it is now time for Congress
to step in to mandate accountability for the Department and
provide certainty to the regulated community. H.R. 4007
authorizes CFATS for the short term in order to provide the
stability and certainty both the Department and industry have
been calling for, while at the same time using the
authorization as a vehicle to mandate certain fundamental
program improvements.
Specifically, the bill improves the efficiency of a site
security plan approval process. It amends certain parts of the
original CFATS regulations to facilitate DHS industry
coordination and simplify the compliance process. It ensures
that DHS is communicating with State and local officials, as
well as other Federal agencies and industry associations, to
identify facilities of interest and implementing a sensible and
effective methodology in assessing risk and ensures DHS
accountability by requiring the Secretary to certify the
Department's progress and by authorizing GAO to conduct an on-
going assessment and report to Congress with its findings every
6 months.
Last summer, the President issued Executive Order 13650,
which improving Chemical Facility Safety and Security was the
title of that Executive Order. While I applaud the President
for his efforts, the security of our chemical facilities is too
important to be guided by studies and directives alone. It is
the duty of Congress and this committee to act.
This bill works as a complementary piece of legislation to
the President's Chemical Facility Safety and Security Working
Group. The bill mirrors and reinforces many of the EO's
initiatives. To suggest that this panel must choose between the
Executive Order and authorizing CFATS in the short term is to
create a false choice.
Secretary Johnson confirmed this sentiment yesterday,
saying, ``If we have got a good bill and there is an
opportunity to pass it in this Congress, it supports my goals
and objectives, and it enhances homeland security, I am going
to support the measure. I think we in the Congressional,
Executive branches owe it to the American people to get
something done.'' Those were his words.
Before I conclude, there is one final factor that must be
considered today. The Government shutdown in late 2013 led to
the first-ever expiration of the CFATS program. While this
expiration thankfully turned out to be only temporary, the
event nonetheless served as a wake-up call to the fragility of
our Nation's chemical security and safety.
With every appropriations cycle comes renewed anxiety that
CFATS will cease to exist. Year after year, the authorizing
committees have the opportunity to provide stability and
certainty with regard to chemical security. Year after year,
they have failed to take legislative action.
As Henry Waxman, who was the Energy and Commerce Ranking
Member, said, ``Whatever the flaws in the CFATS program, the
answer is not to let the program sunset. This state of affairs
leave dangerous chemical facilities unregulated and vulnerable
to attack.'' I agree with that statement.
The purpose of today's legislative hearing is to allow the
subcommittee to hear from industry stakeholders, Government
auditors, and those DHS officials directly responsible for
implementing CFATS as to the value of H.R. 4007.
I firmly believe this bill is a much-needed step in the
right direction. If this bill takes--it takes a fresh approach
to addressing some of the CFATS program's most basic issues.
The bill represents a new partnership among industry, the
Department, and Congress for the advancement of America's
chemical security.
The Chairman now recognizes the Ranking Member of the
subcommittee, the gentlelady from New York, Ms. Clarke, for any
statements she may have.
Ms. Clarke. I thank you, Mr. Chairman. I would like to,
before beginning my statement, acknowledge and recognize
Congressman Gene Green and ask unanimous consent that he be
allowed to sit in on this hearing.
Mr. Meehan. I thank the gentleman for attending. Without
objection, so ordered.
Ms. Clarke. Thank you, Mr. Chairman. Thank you for holding
this legislative hearing to examine your bill, H.R. 4007.
This legislation before us today would repeal and replace
the existing statute that authorizes the Department of Homeland
Security, DHS, to regulate chemical facilities for security
purposes. This subcommittee has a great stake and long history
in attempting to help the CFATS program succeed, and I have
watched with interest the development of this legislative
language. However, I do have some concerns about the approach
the bill takes.
First, the bill stands alone. It would not amend the
Homeland Security Act of 2002. This would not affect the
implementation of the bill, if it is passed and enacted into
law, but some might argue that such a bill does not provide a
firm statutory footing for the CFATS program or resolve issues
of Congressional jurisdiction.
The bill does contain much of the language in the existing
statutory authority and includes some new requirements for the
Secretary to follow. Like in the existing statutory authority,
the bill authorizes the use of a current regulatory rule that
requires such facilities to submit security vulnerability
assessments and to develop and implement site security plans
and facilities that have approved site security plans as of the
date of enactment will not have to resubmit those plans for
approval just because the bill was enacted.
The bill expressly authorizes DHS to accept the submission
alternative security programs, or ASPs, with respect to site
security plans. The practice of using ASPs is already in use at
the Department, and I am in favor of the ASPs. I think it is an
innovative approach for companies to address their security
needs.
Let me turn to the issue of standards versus regulations.
The existing statutory authority expressly directs the
Secretary to inform interim final regulations. H.R. 4007 does
not, but instead directs the creation of a program establishing
certain standards.
The bill mandates the Secretary to establish risk-based
performance standards designed to protect chemical facilities
that the Secretary determines represent a high level of
security risk. This is an important feature, because unlike the
existing statutory authority, this bill would require the
performance standards to provide protection from acts of
terrorism, while the existing statutory authority requires the
risk-based performance standards be for security. This may help
with some of our jurisdiction issues, but in my mind, the
establishment of standards as opposed to a current regulatory
scheme poses questions as to how the Department would interpret
such language, if it becomes law.
For example, I think it is possible that some stakeholders,
including some of our witnesses today, may assume that since
such standards would be binding on the public, that this
language provides an implied authority to issue regulations
under provisions of the Administrative Procedure Act to
implement these standards. On the other hand, in a close
reading of the bill, one might also assert that the removal of
the requirement to issue regulations reflects the Majority's
Congressional intent to move the CFATS program away from a
regulatory framework to a public-private partnership or some
other unspecified structure.
I am hoping to get some clarification or opinion from the
Department on how they view these issues, especially in light
of their surprisingly full-throated support of this language.
Another issue I would like to bring up is the use of
contractors in CFATS. One of the features of H.R. 4007 is that
it specifically authorizes the Secretary to designate
inspectors that are not DHS employees. The language says that
the audit and inspection processes may be carried out by a non-
Department or non-Governmental entity as approved by the
Secretary.
I understand that the bill is attempting to aid the
Department in accelerating the site security authorization
approval and compliance process, but I have serious
reservations about the use of contractors in the inspector
cadre, where this work is generally recognized as an inherently
Governmental responsibility, especially when it involves
terroristic threats and risks to the Nation.
Finally, Mr. Chairman, I am anxious to work with you on the
pressing issue of personnel surety, and I know your bill
includes some helping language, but enactment into law for H.R.
4007 may be a while off. More recently, DHS has issued a 30-day
information collection request offering its latest personnel
surety proposal. The proposal, as I understand, would accept
credentials that are vetted recurrently against the terrorist
screening database and has their validity verified on a
continuing basis by electronic or other means.
However, DHS has previously communicated with stakeholders
that it would not grant reciprocity to personnel surety
programs that vet individuals against the terrorism screening
database on a schedule not equivalent to recurrent vetting.
This poses substantial problems in a very complex arena.
Many have expressed concerns about duplication of efforts
and the burden of multiple background checks, and others have
rightfully asked about what protections might be offered for
workers who would be required to secure multiple credentials to
continue working and what financial and operation problems
would be put on facilities who are already complying with
credentialing regulations.
We must find a way to meet the needs of addressing these
risks posed by access to chemical facilities through a common-
sense approach that will likely involve multiple program
efforts to harmonize Government credentialing among the
agencies and programs. We all know the CFATS program has been
striving to improve its performance, and we commend the hard
work and leadership shown at ISCD, and we will hear today from
two agencies that have looked closely at the program to help us
determine what we might codify to help the program achieve its
potential.
Thank you, Mr. Chairman. I look forward to working with you
to make the CFATS program one we can be proud of. I yield back.
[The statement of Ranking Member Clarke follows:]
Statement of Ranking Member Yvette D. Clarke
February 27, 2014
Thank you for holding this legislative hearing to examine your
bill, H.R. 4007. The legislation before us today would repeal and
replace the existing statute that authorizes the Department of Homeland
Security (DHS) to regulate chemical facilities for security purposes.
This subcommittee has a great stake, and long history, in
attempting to help the CFATS program succeed, and I have watched with
interest the development of this legislative language. However, I do
have some concerns about the approach the bill takes.
First, the bill stands alone, and would not amend the Homeland
Security Act of 2002. This would not affect the implementation of the
bill, if it is passed and enacted into law, but some might argue that
such a bill does not provide a firm statutory footing for the CFATS
program or resolve issues of Congressional jurisdiction.
The bill does contain much of the language in the existing
statutory authority and includes some new requirements for the
Secretary to follow. Like in the existing statutory authority, the bill
authorizes the use of the current regulatory rule that requires such
facilities to submit security vulnerability assessments and to develop
and implement site security plans, and facilities that have approved
site security plans as of the date of enactment will not have to
resubmit those plans for approval just because the bill was enacted.
And the bill expressly authorizes DHS to accept the submission
alternative security programs, or ASPs, with respect to site security
plans. The practice of using ASPs is already in use at the Department,
and I'm in favor of the ASPs, I think it is an innovative approach for
companies to address their security needs.
Let me turn to the issue of standards versus regulations. The
existing statutory authority expressly directs the Secretary to issue
interim final regulations. H.R. 4007 does not, but instead directs the
creation of a program establishing certain standards.
The bill mandates the Secretary to establish risk-based performance
standards designed to protect chemical facilities that the Secretary
determines represent a high level of security risk. This is an
important feature, because unlike the existing statutory authority,
this bill would require the performance standards to provide protection
from ``acts of terrorism''; while the existing statutory authority
requires the risk-based performance standards be for ``security.'' This
may help with some of our jurisdictional issues, but in my mind, the
establishment of ``standards'' as opposed to the current regulatory
scheme, poses questions as to how the Department would interpret such
language, if it becomes law.
For example, I think it is possible that some stakeholders,
including some of our witnesses today, may assume that since such
standards would be binding on the public, that this language provides
an implied authority to issue regulations under provisions of the
Administrative Procedure Act to implement these standards.
On the other hand, in a close reading of the bill, one might also
assert that the removal of the requirement to issue regulations
reflects the majority's Congressional intent to move the CFATS program
away from a regulatory framework to a public/private partnership, or
some other unspecified structure.
I am hoping to get some clarification, or opinion from the
Department, on how they view these issues, especially in light of their
surprisingly full-throated support of this language.
Another issue I'd like to bring up is the use of contractors in
CFATS. One of the features of H.R. 4007 is that it specifically
authorizes the Secretary to designate inspectors that are not DHS
employees. The language says that the audit and inspection processes
``may be carried out by a non-Department or non-Governmental entity, as
approved by the Secretary''.
I understand that the bill is attempting to aid the Department in
accelerating the site security authorization, approval, and compliance
process, but I have serious reservations about the use of contractors
in the inspector cadre, where this work is generally recognized as an
inherently Governmental responsibility, especially when it involves
terroristic threats and risks to the Nation.
Finally, Mr. Chairman, I an anxious to work with you on the
pressing issue of Personnel Surety, and I know your bill includes some
helping language. But enactment into law for H.R. 4007 may be a while
off.
More recently, DHS has issued a 30-day information collection
request offering its latest personnel surety proposal. The proposal, as
I understand, would accept credentials that are vetted recurrently
against the terrorist-screening database and has their validity
verified on a continuing basis by electronic or other means. However,
DHS has previously communicated with stakeholders that it would not
grant reciprocity to personnel surety programs that vet individuals
against the terrorism-screening database on a schedule not equivalent
to recurrent vetting. This poses substantial problems in a very complex
arena.
Many have expressed concerns about duplication of efforts and the
burden for multiple background checks, and others have rightfully asked
about what protections might be offered for workers who would be
required to secure multiple credentials to continue working, and what
financial and operation problems would be put on facilities who are
already complying with credentialing regulations.
We must find a way to meet the needs of addressing the risks posed
by access to chemical facilities through a common-sense approach that
will likely involve multiple program efforts to harmonize Government
credentialing among the agencies and programs.
We all know that the CFATS program has been striving to improve its
performance, and we commend the hard work and leadership shown at ISCD,
and we will hear today from two agencies that have looked closely at
the program to help us determine what we might codify to help the
program achieve its potential.
Thank you Mr. Chairman, I look forward to working with you to make
the CFATS program one we can be proud of.
Mr. Meehan. I thank the Ranking Member.
The Chairman now recognizes the Chairman of the full
committee, the gentleman from Texas, Mr. McCaul, for any
statement he may have.
Mr. McCaul. Thank you, Mr. Chairman. I want to thank you
for holding this hearing, for introducing this important
legislation that I strongly support, and I want to thank Mr.
Green, Gene Green, my friend from Texas, for his support of
this legislation.
Energy and Commerce Committee has been very accommodating
with this committee in terms of jurisdiction. We have worked
out our differences to be able to move forward to this point.
As Congressman Green and I can appreciate even more so, as the
events of West, Texas, I think demonstrate, the explosion that
occurred there, and the loss of life demonstrate the need for
this legislation now.
This is a product of, Mr. Chairman, your hard work, Joan
O'Hara on the staff, over the last 6 months meeting with the
stakeholders, Government Accountability Office, Senate
authorizing committees, and most importantly, our Department of
Homeland Security officials. In my meetings with DHS, they are
strongly supportive of this legislation. They understand the
need to authorize. This committee needs to operate and
authorize.
This has never been authorized, which creates confusion not
only in the Government, but in the private sector. This has
only been done by the appropriators. It is time for this
committee to stand up and do its job and its responsibility and
authorize, and that is what I strongly support here today.
I was very pleased yesterday to hear the Secretary of
Homeland Security--he gave me private assurances that he
supports this legislation, but to hear him testify before this
committee that he is fully supportive I think sends a strong
message to this committee that we need to get our work done on
this committee and pass this out of committee.
We have enjoyed, I believe, on this committee a strong
bipartisan support on legislation, whether there is a border
security which passed unanimously out of this committee,
whether it was a cybersecurity bill that after negotiations
with the Minority passed unanimously out of this committee. I
am very proud of that record, very proud of that record.
I would ask that the Ranking Member of this committee and
the full committee go forward with that same spirit of trying
to get something done, and particularly on an issue of this
importance, and continue our governance in a bipartisan issue,
because when it comes to matters of security, I don't believe
that partisan politics have any place in it.
I will just end with the Secretary's quote, when he said
yesterday, ``We owe it to the American people to get something
done.'' I couldn't agree with the Secretary more, and I thank
him for his testimony yesterday, and I look forward to working
with the Minority to get something done in this area.
With that, Mr. Chairman, I yield back.
Mr. Meehan. I thank the Chairman for his comments and for
his presence here. I also am very grateful for the presence of
the Ranking Member on the committee, the gentleman from
Mississippi.
Mr. Thompson, you are recognized for any statements you may
have.
Mr. Thompson. Thank you very much, Mr. Chairman. I, too, am
happy that we are moving forward with a discussion of much-
needed legislation. However, there are still some differences
of interpretation about this legislation, and I think we will
see that over the course of this hearing.
However, I do want to thank you for holding this hearing to
examine your bill, H.R. 4007. As an original author of chemical
security legislation, I am supportive of DHS's efforts to raise
the level of security at our Nation's chemical facilities. If
you would have told me back in 2006, 8 years later, that CFATS
would still be operating without a free-standing authorization
in the Homeland Security Act, I would have been shocked.
Jurisdictional wrangling has been a problem.
The closest that Congress has come to approving an
authorization bill was back in 2010 when I teamed up with then-
Energy and Commerce Chairman Waxman. Since that time, the
program has faced its share of internal and external
challenges. Today, the program appears to be in a better place.
That said, there could be some major changes in the program
once the President's interagency Chemical Facility Safety and
Security Working Group completes its work to enhance chemical
sector safety and security. The legislation before us today has
some good features. Certainly, the mention of personnel surety
is a positive. However, it has some glaring weaknesses.
The bill is a stand-alone and would not amend the Homeland
Security Act. This approach potentially denies CFATS a firm
statutory footing and adds to jurisdictional conflict. The bill
maintains exemptions that were put in place in haste in 2006 of
categories of facilities even as we await the recommendations
from the President's Chemical Facility Safety and Security
Working Group.
One of my biggest issues with the bill is that it is
written so broadly as to raise questions on whether it is a
stay-the-course bill or, by making little or no references to
the existing CFATS program, requires something different. I
must say that the introduction of this bill was somewhat
surprising, since after the West, Texas, tragedy, last year,
Chairman McCaul wrote, along with Energy and Commerce Chairman
Upton, and Appropriations Subcommittee Chairman Carter, that
the basic programmatic building blocks of CFATS are missing and
they are convinced the program should not continue in its
present condition.
Since Chairman McCaul's July 2013 letter, the CFATS office
has made some modest improvement, particularly with respect to
identifying and reaching out to facilities that should be
evaluated for risk. Still, fundamental questions about the
program's implementation persist. Answers to those questions
and recommendations for reform will likely be down the road.
I wrote the President last year about my concerns regarding
the tragedy that occurred in West, Texas, and how we might
examine the processes here at DHS and other agencies to protect
citizens from similar catastrophic events, including changes in
the CFATS program.
Soon thereafter, the President issued an Executive Order
that created an interagency working group to undertake an
across-the-board examination of the programs that regulate
chemical security and safety in the Federal Government. The
interagency working group includes the Department of Homeland
Security, the Department of Agriculture, Department of Justice,
Department of Labor, Department of Transportation, and the
Environmental Protection Agency.
The Chemical Facility Safety and Security Working Group is
expected to report to the President in May. In fairness, the
Federal Government shutdown, which resulted in lapses in
funding and authority, was not helpful. For that matter,
neither is the current sequester, but we are here to talk about
making the CFATS program work for the American people and
making our Nation more secure.
As a committee, we have an obligation to advance
legislation that gives effect to our oversight finding. From
risk modeling to administrative processes, it is an excessive
and wrongheaded approach to personal security. DHS needs
guidance.
Frankly, I see nothing in the scant 11 pages of H.R. 4007
to deliver the massive reforms that will be required to make
CFATS and other chemical security programs more efficient and
productive programs.
With that, Mr. Chairman, I yield back.
[The statement of Ranking Member Thompson follows:]
Statement of Ranking Member Bennie G. Thompson
As an original author of chemical security legislation, I am
supportive of DHS' efforts to raise the level of security at our
Nation's chemical facilities. If you would have told me back in 2006
that 8 years later that CFATS would still be operating without a free-
standing authorization in the Homeland Security Act, I would have been
shocked.
Jurisdictional wrangling has been a problem. The closest that
Congress has come to approving an authorization bill was back in 2010,
when I teamed up with then-Energy and Commerce Chairman Waxman. Since
that time, the program has faced its share of internal and external
challenges.
Today, the program appears to be in a better place. That said,
there could be some major changes to the program, once the President's
inter-agency Chemical Facility Safety and Security Working Group
completes its work, to enhance chemical sector safety and security.
The legislation before us today has some good features; certainly,
the mention of personnel surety is a positive; however, it has some
glaring weaknesses.
The bill is a stand-alone and would not amend the Homeland Security
Act. This approach potentially denies CFATS a firm, statutory footing
and adds to jurisdictional conflict. The bill maintains exemptions that
were put in place, in haste, in 2006, of categories of facilities, even
as we await the recommendations from the President's Chemical Facility
Safety and Security Working Group.
One of my biggest issues with the bill is that it is written so
broadly as to raise questions on whether it is a ``stay the course''
bill or, by making little or no references to the existing CFATS
program, requires something different.
I must say that the introduction of this bill was somewhat
surprising since, after the West, Texas, tragedy last year Chairman
McCaul wrote, along with Energy and Commerce Chairman Upton, and
Appropriations Subcommittee Chairman Carter, that ``The basic
programmatic building blocks of CFATS are missing'' and they ``are
convinced the program should not continue in its present condition.''
Since Chairman McCaul's July 2013 letter, the CFATS office has made
some modest improvement, particularly with respect to identifying and
reaching out to facilities that should be evaluated for risk. Still,
fundamental questions about the program's implementation persist.
Answers to those questions and recommendations for reform will likely
be down the road.
I wrote the President last year about my concerns regarding the
tragedy that occurred in West, Texas, and how we might examine the
processes here at DHS and other agencies to protect citizens from
similar catastrophic events, including changes in the CFATS program.
Soon thereafter, the President issued an Executive Order that
created an inter-agency working group to undertake an across-the-board
examination of the programs that regulate chemical security and safety
in the Federal Government. The interagency working group includes the
Department of Homeland Security, the Department of Agriculture, the
Department of Justice, the Department of Labor, the Department of
Transportation, and the Environmental Protection Agency.
The Chemical Facility Safety and Security Working Group is expected
to report to the President in May.
In fairness, the Federal Government shutdown, which resulted in
lapses in funding and authority, was not helpful. For that matter,
neither is the current sequester, but we are here to talk about making
the CFATS program work for the American people and making our Nation
more secure.
As a committee, we have an obligation to advance legislation that
gives effect to our oversight findings. From risk modeling to
administrative processes and its excessive and wrong-headed approach to
personnel surety, DHS needs guidance. Frankly, I see nothing in the
scant 11 pages of H.R. 4007 to deliver the massive reforms that will be
required to make CFATS, and other chemical security programs more
efficient and productive programs.
Mr. Meehan. I thank the Ranking Member on the committee for
his comments. Other Members of the committee are reminded that
opening statements may be submitted for the record.
Now, before I recognize our distinguished panel before us
of witnesses today, we are privileged to have a guest at the
hearing, and I want to use the prerogative of the Chairman to
take a moment to recognize the gentleman from Texas, Mr. Green,
for any comments or questions he might have. I appreciate that
some duties that he has with regard to other committees are
going to prevent him from attending the full hearing.
So, Mr. Green, the Chairman recognizes you.
Mr. Green. Thank you, Mr. Chairman, and I thank Ranking
Member Clarke for allowing unanimous consent for me to testify,
and Members of the subcommittee, for the opportunity to speak
with you this morning regarding this important legislation.
I serve on the Energy and Commerce Committee and also on
the Environmental and Economy Subcommittee has jurisdiction
over CFATS and have worked on the issue literally since its
inception. Chemical facility security is extremely important to
the protection of the public health and safety throughout the
United States, and particularly in my district in Texas, the
Texas 29th.
I represent most of the Houston ship channel area, which is
the heart of the petrochemical complex that stretches along the
Texas Gulf Coast into Louisiana and produces many products
essential to modern life, and it is also the largest
petrochemical complex in the country.
I cannot stress how important the success of CFATS program
is to my constituents who are employees and live in these
communities that surround these facilities. They deserve the
best security standards possible to prevent the act of
terrorism on U.S. soil.
The Energy and Commerce Committee, which I sit on, has been
very active for the past two congresses on CFATS. The Energy
and Commerce Committee, like your committee, has held numerous
hearings with DHS, GAO, and stakeholders on the problem from
the program's shortcomings. In 2009 and again in 2011, Energy
and Commerce cleared CFATS authorization bills. Neither were
perfect bills, just like this one is not, but both provided
important guidelines DHS needs to proceed in fixing the
problems in CFATS.
Both efforts--one led by Democrats, and the other by
Republicans--failed to become law, and as a result, we are left
with the status quo, which continues to endanger the security
of our Nation's chemical facilities and surrounding
communities, and ultimately resulted in DHS temporarily losing
its authority to continue running CFATS during the Government
shutdown last October.
H.R. 4007, the Chemical Facility Anti-Terrorism Standards
Authorization and Accountability Act, gives this Congress a
realistic pathway toward authorization. This bill doesn't solve
every problem that exists in CFATS, and it isn't meant to do
so. What this bill will do is provide the Department, industry,
workers, and our communities the stability and certainty they
need going forward that CFATS is here to stay.
It will authorize CFATS for the first time for 2 years and
give Congress the opportunity to oversee the Department's
implementation of the program and provide Congress the time to
come to consensus on how best to fix the lingering issues. The
bill would also provide guidance on some of the most urgent
fixes needed in CFATS, including improve the efficiency of the
site security plans, allow facilities to use existing Federal
terrorist screening programs, like TWIC, to satisfy personnel
surety requirements, and limit information collected from
individuals to only what is necessary to ensure site security.
I am aware of the concerns of my colleagues that Congress
should not act on chemical security until the completion of the
administration's Chemical Facility Safety and Security Working
Group. The intention of this bill is not to interfere with the
President's Executive Order. The bill is intended narrowly in
scope in order to avoid these conflicts.
As Members of Congress, we shouldn't wait for any
administration, Democrat or Republican, in order to act and
author the laws that we know are necessary to protect the
American people from terrorist threats.
I would like to remind my colleagues of the words
yesterday, and this will be the third time you get to hear DHS
Secretary Jeh Johnson: ``We have got a good bill, and if there
is an opportunity to pass it in this Congress that supports my
goals and objectives and enhances homeland security, I am going
to support that measure.''
I think we in the Congressional and Executive branches owe
it to the American people to get something done. I ask my
colleagues on both sides of the aisle to not let the perfect be
the enemy of the good and to support this important
legislation.
Again, thank you again for the opportunity to speak this
morning, and I will yield back my time, but also recognize my
good friend from South Texas, Congressman Vela, who--I am glad
he is on Homeland Security. He represents also the Port of
Brownsville.
[The statement of Hon. Green follows:]
Statement of Honorable Gene Green
February 27, 2014
Good morning. I would like to thank Chairman Meehan, Ranking Member
Clarke, and Members of the subcommittee for the opportunity to speak
with you all this morning regarding this important legislation.
Chemical facility security is extremely important to the protection
of public health and safety throughout the United States and
particularly for my district, the Texas 29th.
I represent the Houston Ship Channel area which is the heart of a
petro-chemical complex that stretches along the Texas Gulf Coast and
produces many products essential to modern life and it is also the
largest petrochemical complex in the country.
I cannot stress how important the success of the CFATS program is
to my constituents who are the employees and live in the communities
that surround these facilities. They deserve the best security
standards possible to prevent act of terrorism on U.S. soil.
The Energy and Commerce Committee, which I sit on, has been very
active for the past two Congresses on CFATS. Energy and Commerce, like
your committee, has held numerous hearings with DHS, GAO, and
stakeholders on the program's shortcomings.
In 2009, and again in 2011, Energy and Commerce cleared CFATS
authorizations bills. Neither were perfect bills, but both provided
importance guidelines on how DHS needs to proceed in fixing the
problems in CFATS.
Both efforts, one lead by Democrats, the other by Republicans,
failed to become law, and as a result we are left with the status quo,
which continues to endanger the security of our Nation's chemical
facilities and surrounding communities and ultimately resulted in DHS
temporarily losing its authority to continue running CFATS during the
Government shutdown last October.
H.R. 4007, the Chemical Facility Anti-Terrorism Standards
Authorization and Accountability Act gives this Congress a realistic
pathway towards authorization.
This bill does not solve every problem that exists in CFATS. It
isn't meant to do so.
What this bill will do is provide the Department, industry,
workers, and our communities, the stability and certainty they need
going forward that CFATS is here to stay.
It will authorize CFATS, for the first time, for 2 years and give
Congress the opportunity to oversee the Department's implementation of
the program and provide Congress the time to come to a consensus on how
best to fix the lingering issues.
The bill will also provide guidance on some of the most urgent
fixes needed to CFATS, including:
Improve the efficiency of the site security plans;
Allow facilities to use existing Federal terrorist screening
programs, like TWIC, to satisfy personnel surety requirements,
and;
Limit information collected from individuals to only what's
necessary to ensure site security.
I am aware of the concerns of some of my colleagues that Congress
should not act on chemical security until the completion of the
administration's Chemical Facility Safety and Security Working Group.
The intention of this bill is not to interfere with the President's
EO. The bill is intentionally narrow in scope in order to avoid these
conflicts.
As Members of Congress, we shouldn't have to wait for any
administration, Democrat or Republican, in order to act and author the
laws we know are necessary to protect the American people from
terrorist threats.
I would also like to remind my colleagues of the words said in this
very room yesterday by DHS Secretary Jeh Johnson:
``We've got a good bill, and if there is an opportunity to pass it in
this Congress that supports my goals and objectives, enhances homeland
security, I'm going to support that measure. I think we in the
Congressional and Executive Branches owe it to the American people to
get something done.''
I ask my colleagues on both sides of the aisle to not let the
perfect be the enemy of the good and to support this important
legislation.
Thank you again for the opportunity to speak with all of you this
morning and I yield the balance of my time.
Mr. Meehan. Well, I thank the gentleman from Texas, and I
appreciate his taking the time out of his schedule to join us
today.
So at this point in time, let me turn to the testimony of
our witnesses. We will have two panels of witnesses, the first
constructed of members of the Department of Homeland Security
and the agencies we have asked to participate in oversight of
this program. So I will begin my identification of each of
those witnesses.
The first is Ms. Caitlin Durkovich, is the assistant
secretary for infrastructure protection at the Department of
Homeland Security. In this role, she leads the Department's
efforts to strengthen public-private partnerships and
coordinate programs to protect the Nation's critical
infrastructure, assess and mitigate risk, build resilience, and
strengthen incident response and recovery. Previously, Ms.
Durkovich served as the National Program and Protection
Directorate's chief of staff, overseeing day-to-day management
of the director and the development of internal policy and
strategic planning.
Ms. Durkovich is accompanied this morning by Mr. David
Wulf, the director of the Infrastructure Security Compliance
Division in DHS's National Program and Protection Directorate.
Mr. Wulf will not be offering an opening statement, but he is
here to answer questions, and I do--Mr. Wulf has been
previously identified in my testimony--but in his role, has
spent a significant period of time both looking at the
challenges of--been helping to direct the improvements in the
response for DHS.
We will also be joined on this panel by Mr. Stephen
Caldwell. He is the director in the Government Accountability
Office's homeland security and justice team. Most recently, Mr.
Caldwell's focus has been related to protecting critical
infrastructure and promoting resiliency. He recently raised
concerns about the risk assessment process used by ISCD in
assessing terrorist risk to the 3,500 chemical facilities under
the CFATS program.
Last on this panel, we will be joined by Ms. Marcia Hodges.
She is the chief inspector of the office of inspection of the
Department of Homeland Security's Office of Inspector General.
Ms. Hodges directly directs highly complex analytical reviews
of DHS operations and programs to determine their efficiency
and effectiveness. Prior to her service at DHS, Ms. Hodges
worked for the inspector general of the Federal Emergency
Management Agency from 1999 to 2003. In that position, Ms.
Hodges led a multi-discipline team in New York City to assist
and facilitate FEMA's response to the terrorist attacks of
September 11, 2001.
I thank you all for being here. Full written statements for
each of the witnesses have been submitted to the Chairman and
will appear in the record. So I ask you to do your best to keep
your testimony to our 5 minutes, and I will recognize our first
witness, Ms. Durkovich.
STATEMENTS OF CAITLIN DURKOVICH, ASSISTANT SECRETARY,
INFRASTRUCTURE PROTECTION, U.S. DEPARTMENT OF HOMELAND
SECURITY, ACCOMPANIED BY DAVID WULF, DEPUTY DIRECTOR,
INFRASTRUCTURE SECURITY COMPLIANCE DIVISION
Ms. Durkovich. Thank you very much, Chairman Meehan,
Ranking Member Clarke. I do also want to thank Chairman McCaul,
committee Ranking Member Thompson, Congressman Green, and
Congressman Vela for their presence here earlier this morning
and also other distinguished Members of the subcommittee.
I very much appreciate the opportunity to appear before you
today to discuss the progress made by CFATS and the need to
authorize the program. The CFATS program has made the Nation
more secure. Over the past 2 years, as you have noted, it has
made significant progress. We are pleased the subcommittee has
acknowledged this progress by introducing a bill that would
provide longer-term authorization and the authority to carry
out the program in a manner that will foster the security of
America's highest-risk chemical infrastructure.
As you are aware, the Department's current authority is set
to expire in October 2014. DHS is eager to work with this
subcommittee, our other authorization committees, and our
stakeholders to achieve passage of legislation that provides
long-term authorization and appropriately matures the CFATS
program. As I said, the CFATS program has made the Nation more
secure, and we are seeing the impact of the program at
facilities throughout the country.
For example, one facility had numerous positive aspects to
their security program but failed to address security for small
containers, which could be easily concealed in a purse or bag.
After inspection, the facility understood this vulnerability
and developed measures to prohibit bags within the restricted
areas and to inspect hand-carrier items when exiting the
restricted area.
Another recent example is a tier four facility in Missouri
that exercised its commitment to CFATS security measures and
contacted their chemical security inspector when they
discovered they had only received one of two pallets of a
chemical of interest. Our chemical inspectors worked with UPS,
local law enforcement, FBI weapons of mass destruction until
the pallet was successfully located and delivered to the
facility.
These improvements are attributable to the hard work of the
staff of the Infrastructure Security Compliance Division, which
implements the CFATS program. I have confidence in the ability
of Director Dave Wulf, who is here with me today, and the
dedicated staff of ISCD located across the country to continue
the success we have made to date.
The progress made in the last 2 years has helped to put
CFATS on a path to success, but there still is work to be done.
We continue to engage with stakeholders and focus on three core
areas of progress, reducing the backlog of security plan
approvals, improving the risk assessment process, and ensuring
that all potentially high-risk facilities are identified and
meet their CFATS obligations.
Over the past year, we have authorized, inspected, and
approved hundreds of security plans. Since Director Wulf
appeared before you last August, we have made great strides in
increasing our pace of approvals, despite the 2\1/2\-week
Government shutdown.
The number of authorizations has nearly doubled to over
1,100 authorizations. The pace of inspections has increased
dramatically, and we have now completed more than 800
inspections in total, including over 100 in January. We have
tripled the number of approved site security plans, with over
500 approved, and we are on pace to hit 1,000 this summer.
Finally, in September, we began conducting compliance
inspections at facilities with approved security plans.
Our progress demonstrates our commitment to ensuring this
program succeeds. Now we ask Congress to demonstrate your
commitment to this program in providing long-term
authorization.
The Federal funding hiatus last October illustrates the
complication faced by a program authorized through
appropriation bills. In addition to stopping all inspections,
the authorization of the CFATS program expired on October 5,
2013. The gap in program authorization caused concern among our
regulated facilities, with many questioning if the regulations
were still in effect. This uncertainty illustrated the need for
longer-term authorization outside of the appropriations
process.
The Department strongly believes that an authorization
period longer than the 2 years currently stipulated in the bill
would benefit Congressional oversight, ensuring maturation of
the program, and the review and approval of security plans.
Perhaps most importantly, long-term authorization will provide
industry with the stability needed to plan and invest in
measures to harden their sites against terrorist attack or
exploitation. Companies have communicated to us that their
capital planning and budgeting process for security
improvements often runs on a 3-to-5-year cycle, and they
deserve to know that the program will not be allowed to lapse
as they invest in many CFATS-related improvements.
Uncertainty about the future of CFATS has provided
incentive for potentially regulated facilities to ignore their
obligations and hope that the program will be allowed to
sunset. An authorization period of 5 years or longer would
enable you to send a message to facilities that may be seeking
to avoid compliance.
As we approach the anniversary of the explosion in West,
Texas, the Department remains committed to ensuring that
facilities are both aware of the requirements to report under
CFATS and complete their obligations. The committee's efforts
to codify the Department's authority to seek noncompliant
facilities will greater support our actions to bring these
facilities into compliance.
We have worked closely with our interagency partners to
implement Executive Order 13650 on improving chemical facility
safety and security, but we feel strongly that multi-year
authorization is vital now and will harmonize with the outcomes
of the Executive Order. With the progress made over the last 2
years, the CFATS program is ready for stabilization through
long-term authorization.
Finally, I want to thank the next panel, Clyde Miller, who
is representing the American Chemistry Council, and Kate
Donahue, who is representing the Society of Chemical
Manufacturers and its affiliates. Both individuals and
organizations have been important supporters as we have worked
to implement the program. It is with their input and feedback
that we have made progress in areas like developing templates
for alternative security programs, expanding outreach to
potentially noncompliant facilities, and improving our tiering
methodology.
With continued support from industry and action by Congress
to authorize the program, our mission to protect Americans will
be strengthened. Thank you. I look forward to your questions.
[The joint prepared statement of Ms. Durkovich and Mr. Wulf
follows:]
Joint Prepared Statement of Caitlin Durkovich and David Wulf
February 27, 2014
Thank you, Chairman Meehan, Ranking Member Clarke, and
distinguished Members of the subcommittee. I appreciate the opportunity
to appear before you today to discuss the Department of Homeland
Security's (DHS) regulation of high-risk chemical facilities under the
Chemical Facility Anti-Terrorism Standards (CFATS) and the need for
action to authorize the program. Over the past year, the CFATS program
has made significant progress, advancing programmatically while
simultaneously addressing internal management concerns. We are pleased
the subcommittee has acknowledged this progress by introducing a bill
that would provide longer-term authorization and the authority to carry
out the program in a manner that will foster the security of America's
highest-risk chemical infrastructure.
As you are aware, the Department's current authority under Section
550 of the Fiscal Year 2007 Department of Homeland Security
Appropriations Act, as amended, is set to expire in October 2014. DHS
is eager to work with this subcommittee, our other authorization
committees, and our stakeholders both in Government and the private
sector to achieve passage of legislation that provides long-term
authorization and appropriately matures the CFATS program. In support
of this collaboration, our testimony focuses on the progress made over
the last 2 years, our efforts to continue strengthening the program,
and the need for permanent authorization in order to fully stabilize
the program.
cfats has made the nation more secure
The CFATS program is an important part of our Nation's
counterterrorism efforts as we work with our industry stakeholders to
keep dangerous chemicals out of the hands of those who wish to do us
harm. Since the CFATS program was created, we have engaged with
industry to identify and regulate high-risk chemical facilities to
ensure they have security measures in place to reduce the risks
associated with the possession of chemicals of interest. CFATS has also
played a significant role in reducing the number of high-risk chemical
facilities that are susceptible to attack or exploitation. To date,
more than 3,000 facilities have eliminated, reduced, or modified their
holdings of chemicals of interest. The significant reduction in the
number of chemical facilities that represent the highest risk is an
important success of the CFATS program and is attributable both to the
design of the program as enacted by Congress and to the work of CFATS
personnel and industry at thousands of chemical facilities.
The progress made in the CFATS program over the last 2 years has
helped to put the program on a path to success; however, there is still
work to be done. The Department continues to engage with stakeholders
and focus on three core areas: Reducing the backlog of site security
plan approvals, improving the risk assessment process, and ensuring
that all potentially high-risk facilities are identified and are
meeting their regulatory obligations as required by CFATS. Along with
long-term authorization, our continued focus on these areas will ensure
our stakeholders have the stability they need to comply with their
regulatory obligations. We welcome the opportunity to work with you and
our stakeholders on these important issues to further improve this
vital National security program.
cfats implementation progress
The cornerstone of the CFATS program is the development,
submission, and implementation of Site Security Plans (SSPs), or
Alternative Security Programs (ASPs) in lieu of SSPs, which document
the security measures that high-risk chemical facilities utilize to
satisfy the applicable Risk-Based Performance Standards (RBPS) under
CFATS. It is important to note that these plans are not ``one-size-
fits-all,'' but are in-depth, highly customized, and account for each
facility's unique circumstances.
In order to determine whether a facility is regulated under CFATS,
the facility submits a Top-Screen to the Department's Infrastructure
Security Compliance Division (ISCD). Since we began collecting this
information in 2007, ISCD has data from more than 46,000 Top-Screens
submitted by chemical facilities, providing important information about
their chemical holdings. Based on the information received in the Top-
Screens, ISCD makes an initial determination that certain facilities
are considered high-risk and assigns each of these to a preliminary
tier.\1\ These facilities then compile and submit Security
Vulnerability Assessments (SVAs), which are used by ISCD to identify
which facilities present a terrorism risk that is sufficiently high to
warrant the assignment of a final high-risk tier under CFATS. As of
February 20, 2013, CFATS covers over 4,200 high-risk facilities Nation-
wide; of these, over 3,300 have received final high-risk determinations
and are required to develop SSPs (or ASPs) for ISCD review. The
remaining facilities are awaiting final tier determinations based on
their SVA submissions. The tiered population is dynamic and subject to
change, depending on the chemical holdings and other conditions at
facilities.
---------------------------------------------------------------------------
\1\ The Department has developed a risk-based tiering structure and
assigns facilities to one of four risk-based tiers ranging from high
(Tier 1) to low (Tier 4) risk. Assignment of tiers is based on an
assessment of the potential consequences of a successful attack on
assets associated with chemicals of interest.
----------------------------------------------------------------------------------------------------------------
Total No. Authorized Authorization Approved Compliance
Tier* of Received SSPs and Inspection SSPs and Inspections
Facilities Final Tier ASPs Conducted ASPs Conducted
----------------------------------------------------------------------------------------------------------------
1................................... 120 111 106 103 99 11
2................................... 392 343 253 234 195 1
3................................... 1,119 957 541 416 241 0
4................................... 2,571 1,914 149 28 5 0
---------------------------------------------------------------------------
Total......................... 4,202 3,325 1,049 781 540 12
----------------------------------------------------------------------------------------------------------------
* As of February 20, 2013.
** Totals do not include facilities that are no longer regulated, but have received letters of authorization,
authorization inspections, and/or approved SSPs/ASPs.
Over the past year, the CFATS program has authorized, inspected,
and approved hundreds of security plans. The program has also improved
the pace of inspections and SSP approvals, developing new processes and
distributing guidance materials. The majority of Tier 1 and Tier 2
facilities (the highest of the high-risk), as well as many Tier 3
facilities, now have an approved security plan. In September, ISCD
marked yet another milestone when we began conducting compliance
inspections for facilities with approved SSPs. During compliance
inspections, the Department verifies that the facility is implementing
the measures contained in its approved SSP. Initially, these
inspections will be conducted approximately 1 year after a facility's
SSP is approved, but the Department is developing a process whereby the
timing for compliance inspections will be based on a variety of
factors, such as the facility's risk tier, the facility and/or parent
company's past CFATS compliance history, and the number of planned
measures contained in the approved SSP.
The improvements that have been made have accelerated the pace of
approvals and we are continuing to explore areas to enhance the
program. We recognize the projected time frame for all approvals must
be reduced and we are exploring a variety of ways to increase the pace
at which approvals are granted while maintaining the quality and
thoroughness of the security plan approval process and the level of
security required at chemical facilities. These include encouraging
increased use of ASPs and supporting stakeholders' development of new
ASP templates, focusing inspections on key RBPS at lower-tier
facilities, exploring ways to streamline the security plan review and
inspection process for facilities owned by corporations with multiple
CFATS-regulated facilities, and identifying efficiencies in the
inspection and compliance assistance visit scheduling process to reduce
travel time per inspector activity. The Department is engaging with
CFATS stakeholders on efforts to expedite security plan reviews and is
committed to identifying and implementing appropriate enhancements to
streamline the CFATS process. ASPs are an important option for
facilities that desire flexibility in their site security plan, and we
appreciate the subcommittee's effort to ensure this option remains
available for the CFATS program moving forward.
cfats risk assessment
As a part of our commitment to continue moving the CFATS program
forward, NPPD has conducted a thorough review of our risk assessment
process. In support of this review, NPPD implemented a phased approach,
which included documenting all processes and procedures relating to the
risk assessment methodology; conducting an internal NPPD review of the
risk assessment process; and initiating an external peer review of the
risk assessment methodology.
All three of these phases are now complete, with the Department
receiving the CFATS Tiering Methodology Peer Review Final Report from
the expert peer review panel in October 2013. Although many of the peer
review panel's recommendations pertain to areas the Department had
previously identified for improvement, we felt it was essential to
engage external stakeholders through an external peer review. As a
result of continued stakeholder engagement, the Report provides
valuable perspectives that will inform our efforts to enhance the CFATS
risk-tiering methodology. We have analyzed the peer review
recommendations and developed an implementation plan to enable us to
address the recommendations in a timely and thoughtful manner. We also
recognize that it is essential to continue to engage our stakeholders
in implementing changes to risk assessment process.
As recommended by the Peer Review Final Report, the Department
intends to adopt appropriate changes to the tiering methodology in an
integrated fashion, addressing as many issues concurrently as feasible.
The implementation plan also addresses modifications to the tiering
methodology stemming from efforts beyond the peer review, such as the
economic and mission criticality studies being conducted on behalf of
the Department by Sandia National Laboratories. Additionally,
consistent with both recommendations within the Peer Review Final
Report and our response to the Government Accountability Office's
report on the CFATS tiering methodology, ISCD intends to have a third
party verify and validate the revised tiering methodology. As we move
forward with implementing recommendations to the tiering methodology,
we are committed to ensuring these improvements are balanced with our
stakeholders need for continued stability in tiering.
chemical facility safety and security improvement: a shared
responsibility
Since the inception of the CFATS program, the Department has worked
to ensure that potentially regulated facilities are aware of their
reporting obligation under the CFATS regulations and that they comply
with these existing regulations. Following the explosion in West,
Texas, this past April, ISCD has taken a number of steps to
reinvigorate this effort, including supporting the implementation of
Executive Order 13650, Improving Chemical Facility Safety and Security.
Under Executive Order 13650, Federal agencies are exploring options for
improving chemical facility safety and security to reduce the
likelihood of incidents occurring in the future. The working group is
developing recommendations to see if there is a need to improve
information collection, more effectively share information between
agencies, improve operational and Federal coordination efforts, and the
working group is analyzing the effectiveness of existing regulations
and policies governing chemicals and chemical facilities. These
coordinated efforts will help ensure that the Federal Government most
effectively uses the collective resources available for managing
chemical risk.
Promoting Compliance
The activities taking place in support of Executive Order 13650
complement many of the individual efforts being undertaken within the
Department, and other Federal departments and agencies, following the
tragic events in West, Texas. Since the April explosion, DHS has
engaged with numerous members of industry and all have agreed that we
must work together to prevent future incidents. Industry has offered to
share information about the CFATS regulatory requirements with other
members of industry and do their part to promote safety and security at
chemical facilities. The Department appreciates this support and looks
forward to working with industry and our Government partners to carry
out these activities. In pursuit of this shared responsibility, the
Department has undertaken significant outreach efforts throughout the
years, to inform potentially high-risk chemical facilities of their
obligations under CFATS. These outreach efforts have been a major
contributor to the submission of over 46,000 Top-Screens from
potentially high-risk chemical facilities to date.
As the tragic incident in West, Texas, demonstrated, however, not
all facilities with threshold quantities of CFATS chemicals of interest
have met their obligation to submit Top-Screens. DHS is committed to
pursuing all reasonable measures to identify potential high-risk
chemical facilities that are not among those that have already complied
with initial Top-Screen submission requirements, and we will continue
to work to get those facilities into compliance. When appropriate, the
Department can utilize available enforcement mechanisms to bring non-
compliant facilities into compliance. Both increased outreach and,
where appropriate, the use of compliance enforcement mechanisms are
part of the Department's overall strategy to reduce the likelihood of
potentially high-risk chemical facilities intentionally or
unintentionally evading identification under the CFATS program.
State and Local Partnerships
The Department's strategy for identifying potentially non-compliant
facilities also includes enhanced coordination with Federal, State, and
local partners. One such activity has been reinvigorating efforts with
the EPA and other Federal partners with regulatory authority over the
chemical industry to compare lists of regulated facilities to identify
facilities which may have complied with another regulatory program and
are potentially regulated under CFATS but have yet to comply with
CFATS. Initial results from these efforts have been promising, with the
Department seeing a substantial increase in the monthly rate of new
Top-Screen submissions having begun in August 2013.
The Department is also undertaking similar efforts with States and
localities. Since April, ISCD has reached out to officials in all 50
States, including State Homeland Security Advisors (HSAs) and the
Governors Homeland Security Advisory Council, about CFATS requirements.
These efforts are in addition to continuing to provide State HSAs and
their designees with access to information on CFATS-regulated
facilities in their jurisdictions via CFATS Share, a web-based
information-sharing portal that provides on an as-needed basis to
certain Federal, State, and local agencies access to key information on
CFATS facility information.
Outreach to Non-Compliant Facilities
The Department is expanding outreach efforts to identify
potentially non-compliant facilities and has developed an Outreach and
Engagement Strategy as well as an Outreach and Engagement
Implementation Plan to raise awareness of CFATS, the measures of
success, roles and responsibilities, and resource implications. DHS
will continue to operate its CFATS Tip Line and will follow up on any
information of potentially non-compliant facilities.
All of the aforementioned efforts are being undertaken in addition
to the larger-scale efforts being coordinated under E.O. 13650. Of
particular relevance is the effort being led by DHS under Section 5 of
the EO, which addresses Enhanced Information Collection and Sharing.
This section requires the development of recommendations on possible
changes to improve and streamline information collection from regulated
industries and recommendations to enhance data sharing between
agencies, States, localities, and Tribal entities to better identify
facilities which may not have provided all required information or may
be non-compliant with requirements.
We feel strongly that our private-sector stakeholders are key to
our efforts to enhance data sharing, increase cross-training, and
identify areas for possible regulatory changes as well as identifying
possible gaps in existing statutory authorities. Enhancing security and
building resilience across the chemical sector is not something a
single company, industry or even Government can do by itself. This has
to be a collaborative effort. It also has to be a comprehensive effort,
because of the sheer complexity of affected facilities, the linkages to
other sectors, and the potential cascading effects and consequences of
a significant attack or disruption.
industry engagement
Industry engagement has always been an important aspect of CFATS,
but will be more important than ever as we move forward with program
improvements. Chemical Security Inspectors play an important role,
serving as our boots on the ground and the face of CFATS in the field.
Inspectors provide assistance and outreach directly to facilities and
play an important role in helping to identify appropriate security
measures during the authorization inspection process. For example, one
facility had numerous positive aspects to their security program, but
failed to address any security measures for small containers, which
could easily be concealed within a handbag or backpack. After the
inspection, the facility understood the potential vulnerability and
developed planned measures to prohibit bags within the restricted area
and to inspect hand-carried items when exiting the restricted area.
Another example is a different regulated facility that had effective
security for the chemicals of interest located within the building, but
failed to address the chemicals of interest located in the open storage
yard. As a result of the inspection, the facility identified a new
restricted area to store the chemicals of interest within the main
building and added procedures to ensure that upon receipt, the
appropriate facility personnel immediately moved the chemicals of
interest into the new restricted area. In addition to conducting
inspections and providing compliance assistance to facilities, NPPD's
chemical inspectors actively work with local stakeholders and
Governmental agencies across the country.
the need for program authorization
DHS recognizes the significant work that the committee and others
have undertaken to reauthorize the CFATS program. The progress we have
made over the last 2 years demonstrates the Department's commitment to
ensuring this program is a success; now we ask Congress to demonstrate
your commitment to this program in providing a long-term authorization.
The Federal funding hiatus last October illustrates the
complications in the current authorization structure. The funding
hiatus directly impacted the CFATS program because the program is
authorized through appropriations bills. The shutdown resulted in all
ISCD staff being furloughed, which resulted in cancellation of numerous
inspections and immobilized security plan approvals. In addition to the
shutdown of programmatic activities, the authorization of the CFATS
program expired on October 5, 2013. The gap in program authorization
caused concern among regulated facilities, with many facilities
questioning whether the regulations were still in effect. This
confusion and uncertainty demonstrated the need for long-term
authorization outside of the appropriations process. Moreover, it is
unclear if the Department would have had the authority to act had there
been an exigent need during the shutdown to take enforcement action
under CFATS in furtherance of National security interests.
The Department strongly believes that an authorization period
longer than the 2 years currently stipulated in the bill would be
beneficial to your oversight activities by ensuring the full maturation
of the program and the review and approval of all backlogged Site
Security Plans. Perhaps most importantly, long-term authorization will
provide industry stakeholders with the stability needed to plan for and
invest in CFATS-related security measures to harden their critical
sites against terrorist attack or exploitation. Companies have
regularly communicated to us that their capital-planning/budgeting
processes for security improvements frequently run on a 3-to-5-year
cycle and they deserve to know that the program will not be allowed to
lapse as they invest in major CFATS-related security improvements.
Uncertainty about the future of CFATS also has provided an
incentive for potentially-regulated facilities storing large quantities
of dangerous chemicals to ignore their obligations under CFATS in hopes
that the program will be allowed to sunset. An authorization period of
5 years or longer would enable Congress to send an important message to
such facilities that may willfully be seeking to avoid compliance.
As we approach the 1-year anniversary of the explosion at the West
Fertilizer plant in Texas, the Department remains committed to ensuring
that facilities across the Nation are both aware of the requirements to
report under CFATS and complete their obligations. The committee's
efforts to codify the Department's authority to seek out non-compliant
facilities will greatly support our on-going actions to bring these
facilities into compliance. The Department has worked closely with our
interagency partners to implement Executive Order 13650, but we feel
strongly that multi-year CFATS authorization is vital now and will
harmonize with the outcomes of the Executive Order.
With the progress made over the last 2 years, the CFATS program is
ready for program stabilization through permanent or long-term
authorization. The Department has taken important steps to build a
strong CFATS program and has a seasoned leadership team committed to
the success of the program. With support from industry and action by
Congress to authorize the program, the CFATS program's mission to
protect Americans will be strengthened.
conclusion
The Department has made significant improvements to the CFATS
program and is moving forward strategically to address the challenges
that remain. With your support, we can ensure our Nation is more secure
by continuing implementation of the CFATS program, and we are committed
to working with you to pass legislation to establish permanent or long-
term authorization for the program. As we implement CFATS, we will
continue to work with stakeholders to keep our Nation secure by
preventing terrorists from exploiting chemicals or chemical facilities.
We firmly believe that CFATS is making the Nation more secure by
reducing the risks associated with our Nation's chemical infrastructure
and we are--along with our stakeholders and partners--committed to its
continued success.
Mr. Meehan. Thank you, Ms. Durkovich.
The Chairman now recognizes the gentleman from the
Government Accountability Office, Mr. Caldwell.
STATEMENT OF STEPHEN L. CALDWELL, DIRECTOR, HOMELAND SECURITY
AND JUSTICE, U.S. GOVERNMENT ACCOUNTABILITY OFFICE
Mr. Caldwell. Chairman Meehan, Ranking Member Clarke, thank
you very much for, again, asking GAO to discuss our CFATS work,
particularly at your hearing on your bill, H.R. 4007.
My written statement is based on work we have done over the
last couple of years, as well as some more recent updates in
talking to the CFATS staff. We will provide basically a status
report on four areas that are key to the program. First is
identifying chemical facilities. Next is assessing the risks
and prioritizing those facilities to decide which ones are high
risk and at what tier. The next one is reviewing facility site
security plans and improving those. Then, finally, inspecting
the facilities for compliance at the end of the process.
Based on reports we have done, the recent updates and some
of the statements by the Department today, there are certainly
some indications of process across all four of these areas.
Regarding the identification of the facilities, your last
hearing raised the issue of outliers, facilities that should
have applied, but have not. As you know, on that very same day,
the President issued the Executive Order 13650, to address that
issue, DHS as a whole has reported on some of the progress by
the 13650 working group. GAO does have a review in process to
look at the implementation of that, focused not only on DHS,
but also at OSHA, EPA, and some of the other facilities.
Regarding the assessment of risks and the prioritization of
facilities, DHS is working to implement our recommendations
related to the risk assessment methodology. As part of response
to our recommendation, they ask for a peer review from the
Homeland Security and Studies Analysis Institute. Their study
had results very similar to ours, and as mentioned, DHS has an
action plan to address that.
Regarding the review of site security plans, as noted
before, we have talked about a long backlog of that, and the
Department is taking steps to do that. When we restart our work
on this, that is one of the things will focus on, and if
appropriate, we will certainly revise our estimate from about a
year ago that it will take 7 to 9 years to resolve that
backlog.
Of course, the outstanding issue for all the facilities,
those that have had plans approved or not, relates to the
personnel surety program performance standard 12. Until that is
resolved, you know, none of the facilities actually have a
final approval of their site security plan.
Then regarding the inspections for compliance, as just
reported, the Department is just starting that process. We have
not really looked at it, but this is one of the key areas that
we will focus on as we go forward with our new review.
Closing, I would like to note the GAO still needs to verify
a lot of the progress that has been reported by the Department.
We will do that through in-depth audits, as we always do. We
are coordinating with the I.G., as we do as well, to make sure
that we have maximum coverage over the program without
duplicating work. We plan to go forward with these reviews in
response to outstanding requests we already have from the
appropriators and the authorization committees and whether or
not this bill goes forward in terms of that particular clause.
So with that, I will be happy to answer any questions.
Thank you.
[The prepared statement of Mr. Caldwell follows:]
Prepared Statement of Stephen L. Caldwell
February 27, 2014
gao highlights
Highlights of GAO-14-365T, a testimony before the Subcommittee on
Cybersecurity, Infrastructure Protection, and Security Technologies,
Committee on Homeland Security, House of Representatives.
Why GAO Did This Study
Facilities that produce, store, or use hazardous chemicals could be
of interest to terrorists intent on using toxic chemicals to inflict
mass casualties in the United States. As required by statute, DHS
issued regulations establishing standards for the security of these
facilities. DHS established the CFATS program to assess risk at
facilities covered by the regulations and inspect them to ensure
compliance. In February 2014, legislation was introduced related to
several aspects of the program.
This statement provides observations on DHS efforts related to the
CFATS program. It is based on the results of previous GAO reports in
July 2012 and April 2013, with selected updates conducted in February
2014. In conducting the earlier work, GAO reviewed DHS reports and
plans on the program and interviewed DHS officials. In addition, GAO
interviewed DHS officials to update information.
What GAO Recommends
In a July 2012 report, GAO recommended that DHS measure its
performance implementing actions to improve its management of CFATS. In
an April 2013 report, GAO recommended that DHS enhance its risk
assessment approach to incorporate all elements of risk, conduct a peer
review, and gather feedback on its outreach to facilities. DHS
concurred with these recommendations and has taken actions or has
actions underway to address them.
GAO provided a draft of the updated information to DHS for review,
and DHS confirmed its accuracy.
critical infrastructure protection.--observations on dhs efforts to
identify, prioritize, assess, and inspect chemical facilities
What GAO Found
In managing its Chemical Facility Anti-Terrorism Standards (CFATS)
program, the Department of Homeland Security (DHS) has a number of
efforts underway to identify facilities that are covered by the
program, assess risk and prioritize facilities, review and approve
facility security plans, and inspect facilities to ensure compliance
with security regulations.
Identifying facilities.--DHS has begun to work with other
agencies to identify facilities that should have reported their
chemical holdings to CFATS, but may not have done so. DHS
initially identified about 40,000 facilities by publishing a
CFATS rule requiring that facilities with certain types of
chemicals report the types and quantities of these chemicals.
However, a chemical explosion in West, Texas, last year
demonstrated the risk posed by chemicals covered by CFATS.
Subsequent to this incident, the President issued Executive
Order 13650 which was intended to improve chemical facility
safety and security in coordination with owners and operators.
Under the Executive Order, a Federal working group is sharing
information to identify additional facilities that are to be
regulated under CFATS, among other things.
Assessing risk and prioritizing facilities.--DHS has begun
to enhance its ability to assess risks and prioritize
facilities. DHS assessed the risks of facilities that reported
their chemical holdings in order to determine which ones would
be required to participate in the program and subsequently
develop site security plans. GAO's April 2013 report found
weaknesses in multiple aspects of the risk assessment and
prioritization approach and made recommendations to review and
improve this process. In February 2014, DHS officials told us
they had begun to take action to revise the process for
assessing risk and prioritizing facilities.
Reviewing security plans.--DHS has also begun to take action
to speed up its reviews of facility security plans. Per the
CFATS regulation, DHS was to review security plans and visit
the facilities to make sure their security measures met the
risk-based performance standards. GAO's April 2013 report found
a 7- to 9-year backlog for these reviews and visits, and DHS
has begun to take action to expedite these activities. As a
separate matter, one of the performance standards--personnel
surety, under which facilities are to perform background checks
and ensure appropriate credentials for personnel and visitors
as appropriate--is being developed. As of February 2014, DHS
has reviewed and conditionally approved facility plans pending
final development of the personal surety performance standard.
Inspecting to verify compliance.--In February 2014, DHS
reported it had begun to perform inspections at facilities to
ensure compliance with their site security plans. According to
DHS, these inspections are to occur about 1 year after facility
site security plan approval. Given the backlog in plan
approvals, this process has started recently and GAO has not
yet reviewed this aspect of the program.
Chairman Meehan, Ranking Member Clarke, and Members of the
subcommittee: I am pleased to be here today to discuss our work on the
Department of Homeland Security's (DHS) efforts in implementing and
managing the Chemical Facility Anti-Terrorism Standards (CFATS)
program. Facilities that produce, store, or use hazardous chemicals
could be of interest to terrorists intent on using toxic chemicals to
cause harm to surrounding populations during terrorist attacks, and
these chemicals could be stolen and used as chemical weapons, such as
improvised explosive devices, or as the ingredients for making chemical
weapons. The danger posed by these chemicals became evident last year
when ammonium nitrate--one of the chemicals covered by the CFATS
program--detonated during a fire at a fertilizer storage and
distribution facility in West, Texas. An investigation by the U.S.
Chemical Safety Board (CSB) showed that the explosion killed at least
14 people and injured more than 200 others and severely damaged or
destroyed nearly 200 homes, 3 nearby schools, a nursing home, and an
apartment complex.\1\ According to CSB, the fire at the facility
detonated about 30 tons of ammonium nitrate. This event serves as a
tragic reminder of the extent to which chemicals covered by the CFATS
program can pose a risk to surrounding populations.
---------------------------------------------------------------------------
\1\ Rafael Moure-Eraso, Chairperson, U.S. Chemical Safety Board,
testimony before the Senate Committee on Environment and Public Works,
113th Congress 1st Sess., June 27, 2013. The CSB is an independent
Federal agency charged with investigating industrial chemical
accidents. The CSB board members are appointed by the President and
confirmed by the Senate. According to the CSB website, CSB does not
issue fines or citations, but makes recommendations to plants,
regulatory agencies, industry organizations, and labor groups.
---------------------------------------------------------------------------
The DHS appropriations act for fiscal year 2007 \2\ required DHS to
issue regulations to establish risk-based performance standards for
securing facilities that possess, store, manufacture, or use chemicals
that could be of interest to terrorists, among other things. \3\ In
2007, DHS established the CFATS program to assess the risk posed by
chemical facilities, place facilities considered to be high-risk in one
of four risk-based tiers, require high-risk facilities to develop
security plans, review these plans, and inspect the facilities to
ensure compliance with regulatory requirements. DHS's National
Protection and Programs Directorate (NPPD) is responsible for the CFATS
program. Within NPPD, the Infrastructure Security Compliance Division
(ISCD), a division of the Office of Infrastructure Protection (IP),
manages the program.
---------------------------------------------------------------------------
\2\ Pub. L. No. 109-295, � 550, 120 Stat. 1355, 1388 (2006).
\3\ The CFATS regulation establishes 18 risk-based performance
standards that identify the areas for which a facility's security are
to be examined, such as perimeter security, access control, and
cybersecurity. To meet these standards, facilities are free to choose
whatever security programs or processes they deem appropriate so long
as DHS determines that the facilities achieve the requisite level of
performance in each applicable standard.
---------------------------------------------------------------------------
On February 6, 2014, Congressman Meehan and other Members of the
House of Representatives' Committee on Homeland Security, along with
one Member of the House of Representatives' Committee on Energy and
Commerce, introduced H.R. 4007, the Chemical Facility Anti-Terrorism
Standards Program Authorization and Accountability Act of 2014.\4\ This
bill would authorize the CFATS program for 2 years and would take
effect 30 days after enactment. This bill includes provisions regarding
multiple aspects of the CFATS program, including risk assessment,
security plan reviews, and facility inspections. Among other things,
H.R. 4007 would:
---------------------------------------------------------------------------
\4\ H.R. 4007, 113th Cong. (2014).
---------------------------------------------------------------------------
Require DHS to consult with the heads of other Federal
agencies, States and political subdivisions, and business
associations to identify chemical facilities of interest;
Direct DHS to develop a risk assessment approach that
includes all elements of risk, including threat data based on
available intelligence, the vulnerability of the facility to
terrorist attack, and consequence measurements including
potential economic consequences;
Reaffirm the risk-based performance standard approach to
facility security plans and the use of Alternative Security
Programs;\5\
---------------------------------------------------------------------------
\5\ Under current regulations, an Alternative Security Program
(ASP) is a third-party, facility, or industry organization's security
program that has been determined to meet the requirements of, and
provides for an equivalent level of security to that established by the
CFATS regulation. CFATS allows regulated chemical facilities to submit
an ASP in lieu of a site security plan. 6 C.F.R. � 27.235.
---------------------------------------------------------------------------
Allow chemical facilities to utilize any Federal screening
program that periodically vets individuals against the
terrorist screening database to satisfy the requirements of a
personnel surety performance standard;\6\
---------------------------------------------------------------------------
\6\ Personnel surety is one of the CFATS performance standards
under which facilities are to perform background checks and ensure
appropriate credentials for personnel and visitors as appropriate.
---------------------------------------------------------------------------
Authorize the use of non-Department or non-Government
entities, with the Secretary's approval, for audits and
inspections; and:
Require us to submit a semiannual report to Congress
containing our assessment of the implementation of the bill.
My testimony today summarizes our past work on the CFATS program
and provides our observations on the status of DHS's efforts in four
key areas--identifying facilities to be covered by CFATS, assessing
risk and prioritizing covered facilities, reviewing facility security
plans, and inspecting facilities to verify compliance with CFATS
regulations. My statement is based on reports and testimonies we issued
from July 2012 through August 2013 on various aspects of the CFATS
program in addition to work we conducted in February 2014 to update the
status of DHS actions related to these four areas.\7\ To conduct our
prior work, we reviewed applicable laws and regulations, as well as
NPPD, IP, and ISCD policies and procedures for administering the CFATS
program and conducting its mission. We interviewed senior ISCD
officials along with NPPD and IP officials to obtain their views on the
program and how ISCD assesses risk. We also reviewed ISCD documents and
data on tiered facilities and the approach used to determine a
facility's risk and assessed ISCD's process for reviewing security
plans. Further details on the scope and methodology for the previously-
issued reports are available within each of the published products. To
update our work, we met with senior ISCD officials and discussed status
updates on the four areas (identifying facilities, assessing risk and
prioritizating facilities, reviewing security plans, and inspecting
facilities). Where possible, we also reviewed available documentation
pertinent to each of the key areas. We provided a copy of new
information in this statement to DHS for review. DHS confirmed the
accuracy of this information.
---------------------------------------------------------------------------
\7\ GAO, Critical Infrastructure Protection: DHS Needs to Improve
Its Risk Assessments and Outreach for Chemical Facilities, GAO-13-801T
(Washington, DC: Aug. 1, 2013); Critical Infrastructure Protection: DHS
Efforts to Assess Chemical Security Risk and Gather Feedback on
Facility Outreach Can Be Strengthened, GAO-13-353 (Washington, DC: Apr.
5, 2013); Critical Infrastructure Protection: DHS Is Taking Action to
Better Manage Its Chemical Security Program, But It Is Too Early to
Assess Results, GAO-12-515T (Washington, DC: July 26, 2012).
---------------------------------------------------------------------------
We conducted the work on which this statement is based in
accordance with generally accepted Government auditing standards. Those
standards require that we plan and perform the audit to obtain
sufficient, appropriate evidence to provide a reasonable basis for our
findings and conclusions based on our audit objectives. We believe the
evidence obtained provides a reasonable basis for our findings and
conclusions based on our audit objectives.
observations on dhs efforts to identify facilities, assess risk, review
security plans, and verify compliance
Identifying Facilities Covered by CFATS
DHS has begun to take action to work with other agencies to
identify facilities that are required to report their chemical holdings
to DHS but may not have done so.
The first step of the CFATS process is focused on identifying
facilities that might be required to participate in the program. The
CFATS rule was published in April 2007,\8\ and appendix A to the rule,
published in November 2007, listed 322 chemicals of interest and the
screening threshold quantities for each.\9\ As a result of the CFATS
rule, about 40,000 chemical facilities reported their chemical holdings
and their quantities to DHS's ISCD.
---------------------------------------------------------------------------
\8\ 72 Fed. Reg. 17,688 (Apr. 9, 2007) (codified at 6 C.F.R. pt.
27).
\9\ 72 Fed. Reg. 65,396 (Nov. 20, 2007). According to DHS, CFATS
covers facilities that manufacture chemicals as well as facilities that
store or use certain chemicals as part of their daily operations. This
can include food-manufacturing facilities that use chemicals of
interest in the manufacturing process, universities that use chemicals
to do experiments, or warehouses that store ammonium nitrate, among
others.
---------------------------------------------------------------------------
In August 2013, we testified about the ammonium nitrate explosion
at the chemical facility in West, Texas, in the context of our past
CFATS work. Among other things, the hearing focused on whether the
West, Texas, facility should have reported its holdings to ISCD given
the amount of ammonium nitrate at the facility. During this hearing,
the Director of the CFATS program remarked that throughout the
existence of CFATS, DHS had undertaken and continued to support
outreach and industry engagement to ensure that facilities comply with
their reporting requirements. However, the Director stated that the
CFATS regulated community is large and always changing and DHS relies
on facilities to meet their reporting obligations under CFATS. At the
same hearing, a representative of the American Chemistry Council
testified that the West, Texas, facility could be considered an
``outlier'' chemical facility, that is, a facility that stores or
distributes chemical-related products, but is not part of the
established chemical industry. Preliminary findings of the CSB
investigation of the West, Texas, incident showed that although certain
Federal agencies that regulate chemical facilities may have interacted
with the facility, the ammonium nitrate at the West, Texas, facility
was not covered by these programs. For example, according to the
findings, the Environmental Protection Agency's (EPA) Risk Management
Program, which deals with the accidental release of hazardous
substances, covers the accidental release of ammonia, but not ammonium
nitrate.\10\ As a result, the facility's consequence analysis
considered only the possibility of an ammonia leak and not an explosion
of ammonium nitrate.
---------------------------------------------------------------------------
\10\ See 40 C.F.R. � 68.130.
---------------------------------------------------------------------------
On August 1, 2013, the same day as the hearing, the President
issued Executive Order 13650--Improving Chemical Facility Safety and
Security, which was intended to improve chemical facility safety and
security in coordination with owners and operators.\11\ The Executive
Order established a Chemical Facility Safety and Security Working
Group, composed of representatives from DHS; EPA; and the Departments
of Justice, Agriculture, Labor, and Transportation, and directed the
working group to identify ways to improve coordination with State and
local partners; enhance Federal agency coordination and information
sharing; modernize policies, regulations, and standards; and work with
stakeholders to identify best practices. In February 2014, DHS
officials told us that the working group has taken actions in the areas
described in the Executive Order. For example, according to DHS
officials, the working group has held listening sessions and webinars
to increase stakeholder input, explored ways to share CFATS data with
State and local partners to increase coordination, and launched a pilot
program in New York and New Jersey aimed at increasing Federal
coordination and information sharing. DHS officials also said that the
working group is exploring ways to better share information so that
Federal and State agencies can identify non-compliant chemical
facilities and identify options to improve chemical facility risk
management. This would include considering options to improve the safe
and secure storage, handling, and sale of ammonium nitrate.
---------------------------------------------------------------------------
\11\ Exec. Order No. 13,650, 78 Fed. Reg. 48,029 (Aug. 1, 2013).
---------------------------------------------------------------------------
Assessing Risk and Prioritizing Facilities
DHS has also begun to take actions to enhance its ability to assess
risk and prioritize facilities covered by the program.
For the second step of the CFATS process, facilities that possess
any of the 322 chemicals of interest at levels at or above the
screening threshold quantity must first submit data to ISCD via an on-
line tool called a Top-Screen.\12\ ISCD uses the data submitted in
facilities' Top-Screens to make an assessment as to whether facilities
are covered under the program. If DHS determines that they are covered
by CFATS, facilities are to then submit data via another on-line tool,
called a security vulnerability assessment, so that ISCD can further
assess their risk and prioritize the covered facilities.\13\ ISCD uses
a risk assessment approach to develop risk scores to assign chemical
facilities to one of four final tiers. Facilities placed in one of
these tiers (tier 1, 2, 3, or 4) are considered to be high-risk, with
tier 1 facilities considered to be the highest risk.\14\ The risk score
is intended to be derived from estimates of consequence (the adverse
effects of a successful attack), threat (the likelihood of an attack),
and vulnerability (the likelihood of a successful attack, given an
attempt). ISCD's risk assessment approach is composed of three models,
each based on a particular security issue: (1) Release, (2) theft or
diversion, and (3) sabotage, depending on the type of risk associated
with the 322 chemicals. Once ISCD estimates a risk score based on these
models, it assigns the facility to a final tier.
---------------------------------------------------------------------------
\12\ 6 C.F.R. � 27.200(b)(2).
\13\ 6 C.F.R. �� 27.215, .220.
\14\ 6 C.F.R. � 27.220.
---------------------------------------------------------------------------
Our prior work showed that the CFATS program was using an
incomplete risk assessment approach to assign chemical facilities to a
final tier. Specifically, in April 2013, we reported that the approach
ISCD used to assess risk and make decisions to place facilities in
final tiers did not consider all of the elements of consequence,
threat, and vulnerability associated with a terrorist attack involving
certain chemicals. For example, the risk assessment approach was based
primarily on consequences arising from human casualties, but did not
consider economic criticality consequences, as called for by the 2009
National Infrastructure Protection Plan (NIPP)\15\ and the CFATS
regulation.\16\ In April 2013, we reported that ISCD officials told us
that, at the inception of the CFATS program, they did not have the
capability to collect or process all of the economic data needed to
calculate the associated risks and they were not positioned to gather
all of the data needed. They said that they collected basic economic
data as part of the initial screening process; however, they would need
to modify the current tool to collect more sufficient data. We also
found that the risk assessment approach did not consider threat for
approximately 90 percent of tiered facilities. Moreover, for the
facilities that were tiered using threat considerations, ISCD was using
5-year-old data. We also found that ISCD's risk assessment approach was
not consistent with the NIPP because it did not consider vulnerability
when developing risk scores. When assessing facility risk, ISCD's risk
assessment approach treated every facility as equally vulnerable to a
terrorist attack regardless of location and on-site security. As a
result, in April 2013 we recommended that ISCD enhance its risk
assessment approach to incorporate all elements of risk and conduct a
peer review after doing so.
---------------------------------------------------------------------------
\15\ DHS, National Infrastructure Protection Plan (Washington, DC:
June 2006). The NIPP sets forth the risk management framework for the
protection and resilience of the Nation's critical infrastructure. DHS
updated the NIPP in January 2009 to include resiliency. See DHS,
National Infrastructure Protection Plan, Partnering to Enhance
Protection and Resiliency (Washington, DC: January 2009). Broadly
defined, risk management is a process that helps policymakers assess
risk, strategically allocate finite resources, and take actions under
conditions of uncertainty. DHS further updated the NIPP, which is now
called the National Plan, in December 2013. See DHS, NIPP 2013,
Partnering for Critical Infrastructure Security and Resilience
(Washington, DC: December 2013).
\16\ The CFATS regulation states that chemical facilities covered
by the rule are those that present a high risk of significant adverse
consequences for human life or health, or critical economic assets,
among other things, if subjected to terrorist attack, compromise,
infiltration, or exploitation. 6 C.F.R. �� 27.105, .205.
---------------------------------------------------------------------------
ISCD agreed with our recommendations, and in February 2014, ISCD
officials told us that they were taking steps to address them and
recommendations of a recently-released Homeland Security Studies and
Analysis Institute (HSSAI) report that examined the CFATS risk
assessment model.\17\ As with the findings in our report, HSSAI found,
among other things, that the CFATS risk assessment model inconsistently
considers risks across different scenarios and that the model does not
adequately treat facility vulnerability. Overall, HSSAI recommended
that ISCD revise the current risk-tiering model and create a standing
advisory committee--with membership drawn from Government, expert
communities, and stakeholder groups--to advise DHS on significant
changes to the methodology.
---------------------------------------------------------------------------
\17\ Homeland Security Studies and Analysis Institute, CFATS
Tiering Methodology Peer Review (For Official Use Only) (Falls Church,
Virginia: October 2013). The Homeland Security Studies and Analysis
Institute, operated by Analytic Services Inc. on behalf of DHS, is a
Federally-funded research and development center providing independent
analyses of homeland security issues.
---------------------------------------------------------------------------
In February 2014, senior ISCD officials told us that they have
developed an implementation plan that outlines how they plan to modify
the risk assessment approach to better include all elements of risk
while incorporating our findings and recommendations and those of
HSSAI. Moreover, these officials stated that they have completed
significant work with Sandia National Laboratory with the goal of
including economic consequences into their risk tiering approach. They
said that the final results of this effort to include economic
consequences will be available in the summer of 2014. With regard to
threat and vulnerability, ISCD officials said that they have been
working with multiple DHS components and agencies, including the
Transportation Security Administration and the Coast Guard, to see how
they consider threat and vulnerability in their risk assessment models.
ISCD officials said that they anticipate that the changes to the risk
tiering approach should be completed within the next 12 to 18 months.
We plan to verify this information as part of our recommendation
follow-up process.
Reviewing of Facilities' Security Plans
DHS has begun to take action to lessen the time it takes to review
site security plans which could help DHS reduce the backlog of plans
awaiting review.
For the third step of the CFATS process, ISCD is to review facility
security plans and their procedures for securing these facilities.
Under the CFATS rule, once a facility is assigned a final tier, it is
to submit a site security plan or participate in an alternative
security program in lieu of a site security plan. The security plan is
to describe security measures to be taken and how such measures are to
address applicable risk-based performance standards.\18\ After ISCD
receives the site security plan, the plan is reviewed using teams of
ISCD employees (i.e., physical, cyber, chemical, and policy
specialists), contractors, and ISCD inspectors. If ISCD finds that the
requirements are satisfied, ISCD issues a letter of authorization to
the facility. After ISCD issues a letter of authorization to the
facility, ISCD is to then inspect the facility to determine if the
security measures implemented at the site comply with the facility's
authorized plan. If ISCD determines that the site security plan is in
compliance with the CFATS regulation, ISCD approves the site security
plan, and issues a letter of approval to the facility, and the facility
is to implement the approved site security plan.
---------------------------------------------------------------------------
\18\ 6 C.F.R. � 27.225.
---------------------------------------------------------------------------
In April 2013, we reported that it could take another 7 to 9 years
before ISCD would be able to complete reviews of the approximately
3,120 plans in its queue at that time. As a result, we estimated that
the CFATS regulatory regime, including compliance inspections
(discussed in the next section), would likely not be implemented for 8
to 10 years. We also noted in April 2013 that ISCD had revised its
process for reviewing facilities' site security plans. ISCD officials
stated that they viewed ISCD's revised process to be an improvement
because, among other things, teams of experts reviewed parts of the
plans simultaneously rather than sequentially, as had occurred in the
past. In April 2013, ISCD officials said that they were exploring ways
to expedite the process, such as streamlining inspection requirements.
In February 2014, ISCD officials told us that they are taking a
number of actions intended to lessen the time it takes to complete
reviews of remaining plans including the following:
Providing updated internal guidance to inspectors and ISCD
reviewers;
Updating the internal case management system;
Providing updated external guidance to facilities to help
them better prepare their site security plans;
Conducting inspections using one or two inspectors at a time
over the course of 1 day, rather than multiple inspectors over
the course of several days;
Conducting pre-inspection calls to the facility to help
resolve technical issues before-hand;
Creating and leveraging the use of corporate inspection
documents (i.e., documents for companies that have over 7
regulated facilities in the CFATS program);\19\
---------------------------------------------------------------------------
\19\ According to ISCD officials, these documents would be designed
to provide examples of standard operating procedures regarding employee
vetting, chemical handling, or security practices that are standard
across corporations and that could be placed in a facility's file and
expedite the inspection process.
---------------------------------------------------------------------------
Supporting the use of alternative security programs to help
clear the backlog of security plans because, according to DHS
officials, alternative security plans are easier for some
facilities to prepare and use; and,
Taking steps to streamline and revise some of the on-line
data collection tools such as the site security plan to make
the process faster.
It is too soon to tell whether DHS's actions will significantly
reduce the amount of time needed to resolve the backlog of site
security plans because these actions have not yet been fully
implemented.
In April 2013, we also reported that DHS had not finalized the
personnel surety aspect of the CFATS program. The CFATS rule includes a
risk-based performance standard for personnel surety, which is intended
to provide assurance that facility employees and other individuals with
access to the facility are properly vetted and cleared for access to
the facility. In implementing this provision, we reported that DHS
intended to: (1) Require facilities to perform background checks on and
ensure appropriate credentials for facility personnel and, as
appropriate, visitors with unescorted access to restricted areas or
critical assets, and (2) check for terrorist ties by comparing certain
employee information with its terrorist screening database. However, as
of February 2014, DHS had not finalized its information collection
request that defines how the personal surety aspect of the performance
standards will be implemented. Thus, DHS is currently approving
facility security plans conditionally whereby plans are not to be
finally approved until the personnel surety aspect of the program is
finalized. According to ISCD officials, once the personal surety
performance standard is finalized, they plan to reexamine each
conditionally approved plan. They would then make final approval as
long as ISCD had assurance that the facility was in compliance with the
personnel surety performance standard. As an interim step, in February
2014, DHS published a notice about its Information Collection Request
(ICR) for personnel surety to gather information and comments prior to
submitting the ICR to the Office of Management and Budget (OMB) for
review and clearance.\20\ According to ISCD officials, it is unclear
when the personnel surety aspect of the CFATS program will be
finalized.
---------------------------------------------------------------------------
\20\ 79 Fed. Reg. 6418 (Feb. 3, 2014). DHS previously published a
notice about the personnel surety ICR on March 22, 2013. 78 Fed. Reg.
17,680 (March 22, 2013).
---------------------------------------------------------------------------
During a March 2013 hearing on the CFATS program, industry
officials discussed using DHS's Transportation Worker Identification
Credential (TWIC) as one approach for implementing the personal surety
program. The TWIC, which is also discussed in DHS's ICR, is a biometric
credential \21\ issued by DHS for maritime workers who require
unescorted access to secure areas of facilities and vessels regulated
under the Maritime Transportation Security Act of 2002 (MTSA).\22\ In
discussing TWIC in the context of CFATS during the August 2013 hearing,
officials representing some segments of the chemical industry stated
that they believe that using TWIC would lessen the reporting burden and
stop facilities from having to submit additional personnel information
to DHS while maintaining the integrity of the program. In May 2011, and
May 2013, we reported that the TWIC program has some shortfalls--
including challenges in development, testing, and implementation--that
may limit its usefulness with regard to the CFATS program.\23\ We
recommended that DHS take steps to resolve these issues, including
completing a security assessment that includes addressing internal
controls weaknesses, among other things. The explanatory statement
accompanying the Consolidated Appropriations Act, 2014, directed DHS to
complete the recommended security assessment.\24\ However, as of
February 2014, DHS had not yet done the assessment, and although DHS
had taken some steps to conduct an internal control review, it had not
corrected all the control deficiencies identified in our report.
---------------------------------------------------------------------------
\21\ A biometric access control system consists of technology that
determines an individual's identity by detecting and matching unique
physical or behavioral characteristics, such as fingerprint or voice
patterns, as a means of verifying personal identity.
\22\ Pub. L. No. 107-295, 116 Stat. 2064. The TWIC program is
intended to provide a tamper-resistant biometric credential to maritime
workers who require unescorted access to secure areas of facilities and
vessels regulated under the MTSA. TWIC is to enhance the ability of
MTSA-regulated facility and vessel owners and operators to control
access to their facilities and verify workers' identities. Under
current statute and regulation, maritime workers requiring unescorted
access to secure areas of MTSA-regulated facilities or vessels are
required to obtain a TWIC, and facility and vessel operators are
required by regulation to visually inspect each worker's TWIC before
granting unescorted access. 46 U.S.C. � 70105(a); 33 C.F.R. �� 101.514,
104.265(c), 105.255(c). Prior to being granted a TWIC, maritime workers
are required to undergo a background check, known as a security threat
assessment. See 49 C.F.R � 1572.21.
\23\ GAO, Transportation Worker Identification Credential: Card
Reader Pilot Results Are Unreliable; Security Benefits Need to Be
Reassessed, GAO-13-198 (Washington, DC: May 8, 2013); Transportation
Worker Identification Credential: Internal Control Weaknesses Need to
Be Corrected to Help Achieve Security Objectives, GAO-11-657
(Washington, DC: May 10, 2011).
\24\ Explanatory statement accompanying the Consolidated
Appropriations Act, 2014, Pub. L. No. 113-76, 128 Stat. 5 (2014).
---------------------------------------------------------------------------
Inspecting to Verify Compliance with Facility Plans
DHS reports that it has begun to perform compliance inspections at
regulated facilities. The fourth step in the CFATS process is
compliance inspections by which ISCD determines if facilities are
employing the measures described in their site security plans. During
the August 1, 2013, hearing on the West, Texas, explosion, the Director
of the CFATS program stated that ISCD planned to begin conducting
compliance inspections in September 2013 for facilities with approved
site security plans. The Director further noted that the inspections
would generally be conducted approximately 1 year after plan approval.
According to ISCD, as of February 24, 2014, ISCD had conducted 12
compliance inspections. ISCD officials stated that they have considered
using third-party non-Governmental inspectors to conduct inspections
but thus far do not have any plans to do so.
In closing, we anticipate providing oversight over the issues
outlined above and look forward to helping this and other committees of
Congress continue to oversee the CFATS program and DHS's progress in
implementing this program. Currently, the explanatory statement
accompanying the Consolidated and Further Continuing Appropriations
Act, 2013, requires GAO to continue its on-going effort to examine the
extent to which DHS has made progress and encountered challenges in
developing CFATS. Additionally, once the CFATS program begins
performing and completing a sufficient number of compliance
inspections, we are mandated to review those inspections along with
various aspects of them.\25\ Moreover, Ranking Member Thompson of the
Committee on Homeland Security has requested that we examine among
other things, DHS efforts to assess information on facilities that
submit data, but that DHS ultimately decides are not to be covered by
the program.
---------------------------------------------------------------------------
\25\ Explanatory statement accompanying the Consolidated and
Further Continuing Appropriations Act, 2013, Pub. L. No. 113-6, 127
Stat. 198 (2013).
---------------------------------------------------------------------------
Chairman Meehan, Ranking Member Clarke, and Members of the
subcommittee, this completes my prepared statement. I would be happy to
respond to any questions you may have at this time.
Mr. Meehan. I thank you, Mr. Caldwell, and I thank you and
your colleagues in the GAO for the extensive work that you do.
You perform a great service to those of us in Congress in
helping us to get to, you know, an objective assessment of
where things are and many challenging areas. Thank you for your
continuing service.
Last, I would like to recognize the gentlelady from the
inspector general's office, Ms. Hodges.
STATEMENT OF MARCIA MOXEY HODGES, CHIEF INSPECTOR, OFFICE OF
INSPECTOR GENERAL, U.S. DEPARTMENT OF HOMELAND SECURITY
Ms. Hodges. Good morning, Chairman Meehan, Ranking Member
Clarke, and Members of the subcommittee.
In response to the leaked memorandum in December 2011, we
were requested by the former subcommittee Chairman, Chairman
Lungren, to look at the issues that were identified in that
leaked memorandum. In April 2012, we were also asked by Member
Waxman of the House Committee on Energy and Commerce to look at
the issues that were identified in that leaked memorandum.
In March 2013, we issued our report, ``The Effectiveness of
the Infrastructure Security Compliance Division's Management
Practices to Implement the Chemical Facility Anti-Terrorism
Standards Program.'' We had three objectives: Whether
management controls were in place and operational to ensure the
CFATS program was not mismanaged; whether leadership
misrepresented program progress; and whether nonconforming
opinions of personnel had been suppressed or met with
retaliation. The scope of that review covered the CFATS
implementation all the way through October 2012.
We determined that ISCD needs to improve program-related
tools and processes, reduce its reliance on contractors,
eliminate program waste and duplication, follow proper hiring
practices, and provide sufficient training to all CFATS
personnel.
When Congress granted DHS the authority to regulate high-
risk chemical facilities, it required an interim final rule to
be issued within 6 months. While DHS met that deadline, there
appeared to be confusion within ISCD about the 6-month
requirement. Some employees interpreted that statute as a
mandate to stand up and implement the CFATS program within 6
months.
Misinterpretations of Congressional intent may have put
unnecessary pressure on ISCD to develop and implement the
program, resulting in poor management oversight and internal
control, personnel issues, and missed milestones. In our
report, we made 24 recommendations to correct these
deficiencies.
When the inspector general issues a report, we go through a
resolution process on open recommendations, and this procedure
requires us to perform an analysis of any and all documentation
and corrective action that has been presented by the Department
to determine whether this information meets the intent of a
recommendation. This process is repeated in 90-day intervals
until all report recommendations are closed.
Currently, this report has 12 open recommendations, and 12
are closed. Since we issued the report back in March of last
year, ISCD has provided our office with correction plan updates
regarding the progress it has made to address those
recommendations. Of the nine administrative recommendations
closed, these include selecting permanent ISCD leadership and
communicating organizational--and the structure of the staff,
reducing reliance on contractors, ensuring that proper human
resources, policies, and procedures are followed, reiterating
the process of reporting misconduct allegations, implementing a
plan to ensure long-term CFATS authorization, and establishing
internal controls for appropriated funds.
We also closed three programmatic recommendations that
concern revising the review process to reduce the site security
plan backlog, implementing a process to improve the timeliness
of facilities' submission determinations, and metrics that
measure CFATS's value accurately and demonstrate the extent to
which risk has been reduced at regulated facilities.
To close these, NPPD provided our office with evidence
showing a reduction in the site security plan backlog for all
tiers, improved response time to facility submissions,
performance metrics were placed into its annual operating plan,
as well as the Government Performance and Results Act measures.
Despite this progress, program challenges remain. Before
CFATS can attain intended program results, ISCD needs to
address the opening remaining 12 recommendations. These
recommendations include improving program tools and processes,
engaging regulated industry and Government partners, finalizing
program requirements, providing training and guidance, and
eliminating inappropriate administratively uncontrollable
overtime pay.
This concludes my remarks. Thank you for the opportunity to
testify. I welcome any questions that the Chairman or the
subcommittee Members may have.
[The prepared statement of Ms. Hodges follows:]
Prepared Statement of Marcia Moxey Hodges
February 27, 2014
Good morning, Chairman Meehan, Ranking Member Clarke, and Members
of the subcommittee. Thank you for the opportunity to testify on The
Chemical Facility Anti-Terrorism Standards Authorization and
Accountability Act of 2014.
In December 2011, a limited distribution internal memorandum,
prepared by Infrastructure Security Compliance Division (ISCD)
management, was leaked to news media. The document disclosed
allegations of employee misconduct and inadequate performance, as well
as misuse of funds and ineffective hiring within the Department of
Homeland Security's (DHS) Chemical Facility Anti-Terrorism Standards
(CFATS) Program. In February 2012, former Chairman Lungren, of the
House Committee on Homeland Security, Subcommittee on Cybersecurity,
Infrastructure Protection, and Security Technologies, requested that we
review these issues. In April 2012, Ranking Member Waxman, of the House
Committee on Energy and Commerce, also requested that we review the
challenges facing this program.
In March 2013, we issued a report, Effectiveness of the
Infrastructure Security Compliance Division's Management Practices to
Implement the Chemical Facility Anti-Terrorism Standards Program, OIG-
13-55. We reviewed whether: (1) Management controls are in place and
operational to ensure that the CFATS Program is not mismanaged; (2)
National Protection and Programs Directorate (NPPD) and ISCD leadership
misrepresented program progress; and (3) nonconforming opinions of
program personnel have been suppressed or met with retaliation.
ISCD addressed some issues contained in the December 2011
memorandum; however, challenges remain. For example, we determined ISCD
needs to improve program-related tools and processes, reduce its
reliance on contractors, eliminate program waste and duplication,
follow proper hiring practices, and provide sufficient training to
personnel at all CFATS Program levels. When Congress granted DHS the
authority to regulate high-risk chemical facilities, it required that
an interim final rule be issued within 6 months. While DHS met this
deadline when it published the CFATS Interim Final Rule in April 2007,
there appeared to be confusion throughout ISCD about the 6-month
requirement.\1\ Some ISCD employees interpreted the statute as a
mandate to stand up and implement the CFATS Program within 6 months.
Misinterpretations of Congressional intent may have put unnecessary
pressure on ISCD to develop and implement the CFATS Program, resulting
in poor management oversight and internal controls, personnel issues,
and missed milestones.
---------------------------------------------------------------------------
\1\ Chemical Facility Anti-Terrorism Standards; Interim Final Rule,
72 FR 17688, April 9, 2007.
---------------------------------------------------------------------------
In our March 2013 report, we made 24 recommendations to correct
program deficiencies and attain intended program results and outcomes.
After a report is issued, OIG standard operating procedures require
that we perform analyses of all documentation submitted by the
Department to determine whether proposed corrective actions meet the
intent of a recommendation. Corrective action plans are due 90 days
after a report is issued. Recommendation status is defined as
``unresolved or resolved'' and ``open or closed.'' An unresolved
recommendation means the corrective action plan does not meet the
intent of the recommendation. A recommendation that is resolved and
open means the corrective action plan meets the recommendation's
intent, but additional measures and milestones are necessary before the
recommendation can be closed. A recommendation that is resolved and
closed means the corrective action plan meets the recommendation's
intent, corrective action has occurred, and no additional reporting is
necessary. However, based on the recommendation, final implementation
of the corrective action may not be required to close a recommendation.
This process is repeated every 90 days until all report recommendations
are closed. Currently, 12 report recommendations are resolved and open,
and 12 recommendations are closed.
Since we issued the report, ISCD has provided our office with two
corrective action plan updates regarding its progress toward addressing
the report recommendations. The nine administrative recommendations
closed include: Selecting permanent ISCD leadership; reducing reliance
on contract personnel; developing policy for appointing acting
management; ensuring that all employees serving in an acting
supervisory capacity have a supervisory position description; ensuring
that all employees receive performance reviews; disseminating ISCD
organizational and reporting structure to staff; reiterating to all
employees the process for reporting misconduct allegations;
implementing a plan to ensure the long-term authorization of the CFATS
Program; and establishing internal controls for the accountability of
appropriated funds.
We have also closed three programmatic recommendations pertaining
to: Revising the long-term review process to reduce the Site Security
Plan backlog; implementing a process to improve the timeliness of
facility submission determinations; and program metrics that measure
CFATS Program value accurately and demonstrate the extent to which risk
has been reduced at regulated facilities. To close these programmatic
recommendations, NPPD provided our office with evidence showing a
reduction in the Site Security Plan backlog for all tiers, improved
ISCD response times to facility submissions, and performance metrics
incorporated into ISCD's Annual Operating Plan and Government
Performance and Results Act measure. Despite this progress,
programmatic challenges remain.
Before CFATS can attain intended program results, ISCD must address
the remaining 12 resolved and open recommendations. The ten resolved
and open programmatic recommendations, which are 1, 2, 4, 6, 7, 8, 9,
12, 13, and 24, include: Improving CFATS Program tools and processes;
engaging regulated industry and Government partners; and finalizing
program requirements. The two resolved and open administrative
recommendations, which are 15 and 19, include: Providing training and
guidance; and eliminating inappropriate Administratively Uncontrollable
Overtime pay.
Most industry officials believe the CFATS regulation is sound and
the performance-based philosophy is appropriate. However, ISCD needs to
modify its Chemical Security Assessment Tool (CSAT) to make it more
efficient, effective, and easier to use. For example, the Site Security
Plan is a list of yes or no questions; it is not a security plan and is
of limited use to facilities. We recommended that ISCD modify the CSAT
to capture facility data efficiently and ensure the tools provide
meaningful end products for industry users and ISCD. In its November
2013 corrective action plan update, NPPD provided some of the key
milestones and target dates for modifying the CSAT. We will close this
recommendation once we receive documentation confirming NPPD has
completed deploying the modified CSAT.
As ISCD addresses its Site Security Plan backlog, those facilities
with approved plans will need inspection. However, when we issued our
report in March 2013 ISCD had yet to define, develop, and implement
processes and procedures for Compliance Inspections, or train CFATS
personnel to conduct Compliance Inspections. In response to our
recommendation, ISCD developed a Standard Operating Procedure for
inspections of CFATS Covered Facilities, which defines the different
types of inspections, enumerates roles and responsibilities related to
inspections, and details processes and procedures for pre-inspection,
inspection, and post-inspection activities. ISCD has completed its
Compliance Inspection guidance and training materials, but this
recommendation will remain open until ISCD has trained all Chemical
Security Inspectors.
Chemical facilities must resubmit a Top-Screen when there are
changes to the use and quantities of certain chemicals of interest,
referred to in the CFATS regulation as material modifications and
changes in ownership.\2\ The regulation also requires resubmission of
Top-Screens, Security Vulnerability Assessments, and Site Security
Plans at 2 or 3 year intervals, depending on a facility's tier level.
In addition, a facility may seek a redetermination of its tier level by
filing a request with DHS' Assistant Secretary for Infrastructure
Protection. We recommended that ISCD develop a strategy and implement a
plan to address facility resubmissions and requests for redetermination
as prescribed in the CFATS regulation. In its November 2013 update,
NPPD officials provided some of the key milestones for finalizing the
procedures and policies associated with receiving, reviewing, and
responding to facility resubmissions and requests for redetermination.
The recommendation will remain open pending our receipt of the approved
final procedures for receiving, reviewing, and responding to facility
resubmissions and requests for redetermination.
---------------------------------------------------------------------------
\2\ Ibid.
---------------------------------------------------------------------------
The CFATS tiering engines were created quickly, leaving limited
time for quality assurance and internal control. Since December 2009,
multiple errors in the data and formulas used to tier chemical
facilities have been identified. Because concerns remained that the
tiering methodology was still flawed, we recommended that ISCD develop
a methodology and reporting process to identify and address errors and
anomalies that arise in the CFATS tiering methodology and risk engine.
In its November 2013 corrective action plan update, ISCD officials said
they are undertaking a three-phased approach to review the tiering
process and indicated that ISCD would be developing a formalized
process for documenting, reporting, and resolving potential anomalies
within the risk engine. This recommendation will remain open pending
our receipt of the finalized process. As the three-phased approach
includes an external peer review, we also recommended that ISCD provide
us with the review results and ISCD's action plan to implement peer
review recommendations. ISCD has received the final peer review report,
and is developing an action plan with time frames to address the
recommendations. This recommendation will remain open pending our
receipt of the integrated plan with time frames and milestones for
addressing the peer review recommendations.
Industry representatives favorably view some DHS' Infrastructure
Protection voluntary programs, and recommend these programs be used to
assist the CFATS Program. For example, the Protective Security Advisor
Program has a field cadre that specializes in public and private
outreach, and activities to reduce security risks of critical
infrastructure and key resources across all sectors. In addition, many
industry members use the Voluntary Chemical Assessment Tool, which
allows owners/operators to identify current facility risk levels using
an all-hazards approach, and it also facilitates a cost-benefit
analysis. However, since CFATS Program development, management
separated the Infrastructure Protection voluntary and regulatory
programs, impeding ISCD's ability to identify and apply best practices
across programs. We recommended ISCD document engagement with
Infrastructure Protection and DHS regulatory and voluntary programs to
identify and implement existing tools and processes that can be
leveraged to make Top-Screen, Security Vulnerability Assessments, and
the Site Security Plan tools more efficient, effective, and easier to
use for the CFATS Program. In its November 2013 update, NPPD provided
examples of collaboration since the inception of ISCD. The examples
NPPD provided demonstrate collaboration; however, these examples
pertain to the initial CFATS tools and processes development, not
current efforts to modify existing program areas. This recommendation
will remain open pending the receipt of documentation demonstrating
continued engagement between Infrastructure Protection and DHS
regulatory and voluntary programs has resulted in tangible improvements
to the Top-Screen, Security Vulnerability Assessments, and the Site
Security Plan tools.
The regulated chemical industry has embraced the Risk-Based
Performance Standards approach and the flexibility it allows. However,
challenges remain with CSAT tools, and limited feedback is provided to
facilities following submissions of Security Vulnerability Assessments
and Site Security Plans. While the industry has applauded ISCD
leadership for identifying programmatic issues, additional efforts are
necessary. Industry officials support the CFATS Program, but without a
clear path forward, they are concerned about industry resources and
funds spent to meet program requirements. As a result, we recommended
that ISCD improve the clarity of guidance provided to the CFATS-
regulated industry so that industry can benefit from regular and timely
comments on facility submissions. In its November 2013 corrective
action plan update, NPPD officials reiterated that as part of its
efforts to improve the CSAT, ISCD intends to update guidance materials
for the Top-Screen, Security Vulnerability Assessment, and Site
Security Plan. ISCD is also in the process of developing updated
guidance related to its Chemical-terrorism Vulnerability Information
program, and intends to release guidance specific to the CFATS
Personnel Surety Program when the CFATS Personnel Surety Program is
launched. The recommendation will remain open pending our receipt of
guidance materials for the Top-Screen, Security Vulnerability
Assessment, Site Security Plan, Chemical-terrorism Vulnerability
Information program, and the CFATS Personnel Surety Program.
Risk-Based Performance Standards-12, Personnel Surety, requires
regulated facilities to perform background checks and ensure
credentials for facility personnel, and for unescorted visitors with
access to restricted areas or critical assets. This includes measures
designed to: (1) Verify and validate identity; (2) check criminal
history; (3) verify and validate legal authorization to work; and (4)
identify people with terrorist ties. Since April 2010, NPPD has paid
DHS' Transportation Security Administration (TSA) more than $7.7
million to conduct vetting against the terrorist watch list, although
no names have been vetted to date. Providing names to TSA for vetting
is contingent on the Office of Management and Budget's (OMB) approval
of the program's Information Collection Request. As a result, we
recommended that ISCD limit funding for Personnel Surety Program
vetting until the Information Collection Request has been approved.
Since our review, NPPD will only allocate funding to TSA when deemed
appropriate given all relevant factors. NPPD has also submitted the
Information Collection Request necessary to move the Personnel Surety
Program forward. We acknowledge that Information Collection Request
approval rests with OMB, and this recommendation will remain open until
documentation is received that the Information Collection Request has
been approved by OMB and names have been sent to TSA for vetting.
In December 2007, Congress directed NPPD to provide a plan to
regulate the sale and transfer of ammonium nitrate by an ammonium
nitrate facility to prevent the misappropriation or use of the chemical
in an act of terrorism. However, as of March 2013, the Ammonium Nitrate
Program was only in the rulemaking process. As a result, we recommended
that ISCD develop an action plan and guidance for implementing the
Ammonium Nitrate Program, which incorporates lessons learned from CFATS
Program challenges. In its November 2013 corrective action plan update,
NPPD officials said they have been working to develop a final rule, an
action plan, and guidance for implementing the final rule. The
recommendation will remain open pending our receipt of quarterly status
updates of the Ammonium Nitrate Security Program Action Plan until all
items on the plan have been implemented. In addition, ISCD is moving
forward with a dual-functioning inspector cadre and will be hiring
inspectors for the Ammonium Nitrate Program and cross-training them on
the CFATS Program. We recommended that ISCD develop and implement a
curriculum and time line for training inspectors to perform both
Ammonium Nitrate and CFATS Program duties and responsibilities. NPPD
provided a copy of the ISCD New Chemical Security Inspector Training
Work Plan and copies of training materials for courses identified in
the Work Plan. However, this material does not include necessary
training for the proposed dual-functioning Ammonium Nitrate Security
Program inspector cadre. Therefore, the recommendation will remain open
pending our receipt of training curriculum and implementation data for
dual-functioning inspectors.
When establishing the CFATS Program, ISCD leadership envisioned an
academy to train Chemical Security Inspectors to enforce the CFATS
regulation. However, ISCD began training personnel before issuing the
CFATS Interim Final Rule, developing a program vision, or defining
inspector roles and responsibilities. In addition, by focusing training
efforts on Chemical Security Inspectors, ISCD has provided limited
guidance to headquarters staff on responsibilities and career
development. Most headquarters staff do not have formalized training,
and frequently have to learn critical position duties and functions on
the job with little guidance. We recommended that ISCD develop and
implement a learning curriculum that: (1) Describes position roles and
responsibilities clearly; (2) provides comprehensive training plans to
prepare employees to perform assigned duties; and (3) communicates
measures to assess performance. In its November 2013 corrective action
plan update, NPPD officials said that ISCD has completed a Strategic
Human Capital and Training Plan, delivered Performance Management
Training to all personnel, and is developing an ISCD Employee Handbook.
The recommendation will remain open pending our receipt of
documentation that the ISCD Employee Handbook has been developed and
disseminated to all ISCD employees.
Since its inception in 2007, ISCD has struggled with applying sound
Government practices to human capital issues, pay administration, and
resource allocation. ISCD personnel received inappropriate
Administratively Uncontrollable Overtime, which is a form of premium
pay used to compensate employees who occupy positions that require
substantial amounts of irregular and unscheduled overtime work. We were
unable to determine a definitive rationale for why inspectors were
receiving Administratively Uncontrollable Overtime and recommended that
ISCD eliminate its authorization and payment for all ISCD personnel. In
its November 2013 update, NPPD officials said that instead of
eliminating Administratively Uncontrollable Overtime, ISCD leadership
has determined that the more appropriate path is to continue to permit
CFATS Chemical Security Inspectors to claim Administratively
Uncontrollable Overtime in a manner that is consistent with rules and
regulations, and that is supported by greater oversight, increased
training, documented policies and procedures, and greater management
controls.
We consider NPPD's actions partially responsive to our
recommendation. Administratively Uncontrollable Overtime is a form of
premium pay used to compensate employees who occupy positions that
require substantial amounts of irregular, unscheduled overtime work
that cannot be controlled administratively and cannot be scheduled in
advance of the work week. According to the Interim Final Rule, the
Department will conduct audits and inspections at reasonable times and
in a reasonable manner, providing covered facility owners and operators
with advance notice before inspections, with limited exceptions.
Therefore, inspectors schedule their work in advance, eliminating the
need for Administratively Uncontrollable Overtime. The recommendation
will remain open pending our receipt and analysis of documentation that
demonstrate Administratively Uncontrollable Overtime payments to
inspectors are supported and justified by current and long-term
activities across multiple fiscal years.
Chairman Meehan, this concludes my prepared remarks. I welcome any
questions that you or the Members of the committee may have.
Mr. Meehan. I thank each of the panelists for their
testimony. Thank you, Ms. Hodges. I now recognize myself for 5
minutes of questions.
Ms. Durkovich, let me begin with you, because you have
been, along with Director Wulf, sort-of the closest to this
process, as we have moved along. This has certainly been
tenuous, from the legacy, some of which has been inherited, and
we are dealing with a regulated community that has made
significant investment over time. We are also dealing with
outliers that are out there, watching this process, and using
their assessments of it to determine how they may or may not
act in accordance with the requirements of our program.
So will you please discuss for me your assessment of what
it means to have certainty in a program of this sort?
Ms. Durkovich. Thank you very much, Chairman, and that is a
great question. As the Secretary said yesterday, DHS supports a
bill that provides long-term authorization. We firmly believe
that H.R. 4007 is an important starting point. We look forward
to working with you to continue to refine the bill, and as you
know, we hope to actually get longer-term authorization,
anywhere from 3 to 5 years, because it is important both for
our regulated community, industry that in addition to having
invested the time that they have over the last 7 years to
submit Top-Screens, to do security vulnerability assessments,
to work with us on authorization of those SSPs, to begin
implementing the recommended path forward, and as we come back
and begin compliance inspection, the investments and time and
resources--and certainly as they look to the capital planning
process--to begin to implement some of these recommended
measures, the certainty is important for them, so as they make
these investments, they know that the program is going to be
around.
As for outliers, for those facilities that have chosen for
whatever reason not to comply with their requirement to submit
Top-Screens if they may have one of the 324 possible chemicals
of interest, this will prevent them from waiting the program
out. It is certainly, I think, fair to say that there are some
facilities out there that may be waiting to see whether the
program is around next year. If we are able to guarantee
longer-term authorization, I think that that position of
waiting us out will likely dissipate.
I do agree with you, sir, that I think that it is--we owe
it to the American people, but we also owe it to our
stakeholders and we owe it to the men and women of ISCD to give
this program long-term or permanent authorization. Thank you.
Mr. Meehan. We are talking long-term. We are talking not
just the--where we go into the future, but where we have been.
We have had a complex process. There has been pain associated
with taking, first, the identification, but simply the
winnowing down and to a point in which we have been able to
significantly identify--albeit we have outliers--but
significantly identify numbers of people we have had
significant collaboration and cooperation from industry
themselves that are looking for more in the way of an ability
to contribute to moving forward.
Now, we are also appreciative that there are a lot of
questions that are being asked in the aftermath of West, Texas,
and the reality that there are, you know, outliers who are out
there, but there are also efforts to include a great number of
more agencies and others to be involved in this process.
My first question for you is: Do you see anything mutually
exclusive? The importance of us taking this objective, which we
had, which was to identify where we needed to secure dangerous
chemicals from access to those who would want to use them to
commit acts of terrorism, and that was our focus, and we have
made significant progress towards that.
Would it create ambiguity for us now to include a number of
other considerations that would not just be dealing with
security, but perhaps questions of safety in the program that
we have? Are we in any way precluded down the road from
seriously considering those issues of safety and allowing an
Executive Order to contribute? But do we have to wait in order
to authorize--do we have to wait before we authorize this
program?
Ms. Durkovich. I want to thank you again for that important
question. To answer your question directly, I do not think that
they are mutually exclusive. What our priority is, is to ensure
that we do have long-term and permanent authorization, and I
think that is one of the most important things that we can see
happen in this particular session of Congress.
As you know, we are very willing to work with you and our
colleagues in the Minority to get a bill that has bipartisan
support, but, really, again, at the end of the day, what we
need is stability and long-term authorization. I think that as
we continue to look at some of the findings that are coming out
of the work that is going on between us, between EPA, between
OSHA and other members of the interagency, that will present
other opportunities for us to look at legislation that is
needed to address some of the issues around operational
coordination, around information sharing, around ensuring that
we have compatible sets of data.
Legislation is certainly one way that we can address some
of these issues. We can work under existing regulation and
under existing authority. We can continue just to work better
together, which we have already done with the EPA, in looking
at both of our data sets and trying to cross-walk those data
sets to see where we may have outliers and to send out notices
to those facilities, letting them know that they may
potentially be regulated both by our program and by EPA.
We have had a lot of success on that front. I think that we
have already demonstrated that we can work together. But the
most important thing at the end of the day, again, is that we
provide long-term stability of the program.
It has been successful, sir. We started with 40,000
facilities that submitted Top-Screens. Through our process, we
have whittled that down to nearly 4,000 that are regulated.
Most of them have SSPs in place. We are working through the
process of authorizing and improving them and going back and
doing inspections. I think, at the end of the day, the most
important thing is long-term authorization.
Mr. Meehan. I thank you. My time is expired, but I will
before--Mr. Wulf, you have been intimately involved in this
process, as well, as we have gone, and I asked that question,
but you have been here from the beginning of the challenging
moment of trying to really get our arms around this and improve
the process. Do you have any observations on the question that
I asked?
Mr. Wulf. With regard to whether the Executive Order is
mutually exclusive to the legislation, I would completely agree
with the assistant secretary. You know, there is a lot of good
work being done on the Executive Order. Assistant Secretary
Durkovich is one of three tri-chairs of that effort.
But I think the absolute priority for us is achieving long-
term authorization of this program. It is something that will
provide much-needed certainty for industry as they consider
long-term investments and important security matters, important
security measures. From a management standpoint, it will
provide my leadership team with the stability that is needed to
plan and execute what are some really game-changing initiatives
to take CFATS even beyond the next level.
So we are doing a lot of things to continue to increase the
pace of SSP reviews, authorization inspections, and approvals.
We are getting into the regular cycle of compliance inspection
activity. You know, the ability to have a long-term
authorization would be tremendous from the standpoint of our
being able to focus on that critical mission and to be able to
recruit and retain top talent in the division.
Mr. Meehan. Thank you, Mr. Wulf.
The Chairman now recognizes the Ranking Member for her
questions.
Ms. Clarke. I thank you, Mr. Chairman.
My first question is to you, Ms. Durkovich. I want to echo
and sort of drill down a little on something Mr. Thompson asked
earlier in his statement about H.R. 4007. It provides no
explicit authorization of a specific level of appropriation. So
would you want a CFATS authorizing bill to identify funding for
the program's operations? If not, would it create the
possibility that funding for CFATS be taken from other programs
within DHS's budget? I might question whether the absence of an
authorization of appropriations indicates some Congressional
intent for DHS to provide funding for this program from within
its current budget.
Ms. Durkovich. Thank you, Ranking Member Clarke, and thank
you for that important question. Ensuring that we have adequate
funding for the program has been and remains a priority. We
certainly appreciate your support in the past and would like to
work with you to see funding authorized for CFATS in
legislation to ensure that we retain the appropriate levels in
the future, both as we continue to move the program forward and
work to implement many of the initiatives under the Executive
Order.
Ms. Clarke. So just for clarification, through the
appropriations process, not from some other means within DHS
itself?
Ms. Durkovich. Well, again, we would like to work with you
to authorize funding through the appropriations process, yes,
ma'am.
Ms. Clarke. Got it. Got it, got it. If passed and signed by
the President, the bill would take effect 30 days after
enactment. On that day, the existing statutory authority for
CFATS would be repealed by striking Section 550 from Public Law
109-295. Thus, the bill creates a free-standing program, apart
from the original authorizing DHS legislation. Additionally,
CFATS would terminate or sunset 2 years after the date it would
take effect.
Two questions: Would you want CFATS authorizing legislation
that codified the program in Homeland Security Act of 2002,
rather than leave the program stand-alone? What would be the
Department's plan for chemical security in general if Congress
failed to act if and when CFATS is sunsetted?
Ms. Durkovich. Thank you very much for that question. It
certainly does seem appropriate to me that placing a statute
for the program in the Homeland Security Act is a reasonable
thing. But, again, our goal, because of the sunsetting of the
program, is to make sure that we have multi-year or permanent
authorization, and that is our priority for this session.
We know that we will be able to work with Chairman Meehan
and with you, ma'am, I think to get us to a successful outcome
so we don't have to think about the latter part of your
question.
Ms. Clarke. Looking at a stand-alone, but you would like to
see it comprehensive?
Ms. Durkovich. If a stand-alone gets us to multi-year or
permanent authorization, that is our priority. As you know----
Ms. Clarke. I hear a major emphasis in all of this
discussion around multi-year, which this bill does not contain.
So it seems to me that that is a major priority for the
Department. Is that correct?
Ms. Durkovich. Yes. We have been clear that, again, while
we are very supportive of the bill, at the end of the day, we
would like to see a longer authorization period, either 5 years
or permanent authorization. Yes, ma'am.
Ms. Clarke. Okay. Like you, I am supportive of authorizing
CFATS program in DHS and taking the program off the
appropriations cycle. That said, I would like to talk through
the expectations the Department has for such legislation, and I
just want to get a yes-or-no to each of these questions. Would
you want it to authorize funding for the program's operations?
Ms. Durkovich. If that is something that----
Ms. Clarke. Yes or no. Yes----
Ms. Durkovich [continuing]. Could be contained in the
bill----
Ms. Clarke. Yes or no?
Ms. Durkovich [continuing]. Yes.
Ms. Clarke. Yes. Would you want it to reflect the
forthcoming findings and recommendations from the President's
Chemical Safety and Security Working Group that DHS is leading?
Ms. Durkovich. I do not think that it needs to do that, no.
Ms. Clarke. No? Would you want it to codify the program in
the Homeland Security Act?
Ms. Durkovich. That would be a desirable----
Ms. Clarke. Yes?
Ms. Durkovich. Yes, ma'am.
Ms. Clarke. Would you want it to remove the exemptions on
water facilities and other possible terrorist targets that were
hastily agreed to in 2006?
Ms. Durkovich. Again, that is something we would like to
work with you on, but at the end of the day, what is most
important----
Ms. Clarke. Yes, no?
Ms. Durkovich [continuing.] Is that we get--that is a
laudable goal, yes, ma'am.
Ms. Clarke. Yes. You did say yes?
Ms. Durkovich. Yes.
Ms. Clarke. That is what I thought. Okay, very well. I
wanted--Mr. Chairman, my time is----
Mr. Meehan. You may pursue your questions.
Ms. Clarke. Thank you. Thank you, Mr. Chairman.
Ms. Hodges, H.R. 4007 would allow the Secretary to expand
the CFATS inspector force to include contractors, which begs
the question as to whether the inspection of chemical
facilities for possible terroristic vulnerabilities is an
inherently Governmental responsibility or should be outsourced
to contractors. In 2007, during comment on the CFATS final
rule, several stakeholders expressed concerns regarding DHS's
use of third-party inspectors.
How would you describe these concerns, including the
maintenance of confidentiality of facility business
information, potential variation in training and inspection,
standards between Federal and third-party inspectors, and DHS
establishment of qualifications, certification, indemnification
of third-party inspectors?
Ms. Hodges. Contractors are used in various components of
the Department. I think the most important element is the
decisions being done are applied by Government employees.
Contractors do serve a very valuable purpose when you have
limited resources, but ultimately, they may not and should not
be ever doing anything that would be of a decision-making
inherently Governmental function.
Ms. Clarke. So you are saying that if there is a
supervisory--personnel from a Governmental standpoint,
basically, overlooking what these contractors would be doing,
you would feel more comfortable with that, but should
contractors be in a position to make decisions themselves, that
would present some discomfort?
Ms. Hodges. That would get into the area of an inherently
Governmental function, yes.
Ms. Clarke. Can you tell me in your opinion if it is
appropriate for DHS to use third-party auditors and, if so, for
which tiers of facilities and what the standards and
requirements would be for those third-party auditors? Who would
pay for the third-party auditors?
Ms. Hodges. Right, well, I think that goes back to the
initial underlying issue here about authorization. Trying to
make an estimate on resources needed or our contract staff to
augment the Federal staff is a little bit difficult now, not
knowing what the on-going appropriation would be for this
particular program.
Ms. Clarke. Very well.
Mr. Chairman, I yield back.
Mr. Meehan. I thank the gentlelady.
The Chairman now recognizes the gentleman from
Pennsylvania, Mr. Perry.
Mr. Perry. Thank you, Mr. Chairman. Greetings to the panel.
Thank you for your testimony.
My questions will be directed to the assistant secretary.
Madam Secretary, some in Congress and elsewhere have said that
the CFATS program is not operating efficiently or making
adequate progress and is in need of a complete overhaul.
Unfortunately, the individuals that have that opinion are
waiting for a unilateral overhaul that allows the
administration to dictate chemical security policy without
reasonable input from industry. I just listened to some of the
testimony regarding the backlog and approvals and the
recommendations, et cetera, and I think it lends itself at
least a portion to the credibility of that opinion.
So my questions are as follows: Can you explain to the
committee how a completed overhaul is not the right approach
and why waiting for it would make the situation more burdensome
for the Department and hinder continued progress? Finally, do
you feel that it is crucial that the industry has substantial
input into any regulations imposed upon them? If you would
comment on those two, I would appreciate it.
Ms. Durkovich. Thank you very much, sir, for that question.
It is an important question, because I firmly believe we do not
need a major overhaul of the program. As I noted in my opening
statement, the program has made this country more secure, and
we have demonstrated tremendous progress, not only over the
course of the last 7 years, but certainly over the course of
the last 2 years.
We started with over 40,000 facilities that submitted Top-
Screens. Through our process, we now have over 4,000 that are
regulated in our various stages of having both approved SSPs,
but now beginning compliance inspections. At every turn,
Director Wulf is looking at ways to improve the efficiency and
the effectiveness of the program. We do that in very close
collaboration with our stakeholders, who have provided
important input to us on the Alternative Security Program, on
our tiering methodology, on how to reach outliers, and to
overhaul the program, again, at a point where we have
demonstrated success, where we have over 500 SSPs that are
approved, where we have facilities that are making investments
and making decisions based on those SSPs again would, I think,
be unfair both to the industry itself, but also to the men and
women of ISCD.
I would like to yield the last 2\1/2\ minutes of my time to
allow Director Wulf perhaps to speak to a few minutes to that,
as well.
Mr. Wulf. I would be glad to. Thank you so much.
You know, I would add that the core of the CFATS program,
18 risk-based performance standards, a non-prescriptive program
that allows for security measures to be tailored to the
individual needs of our 4,000 regulated facilities, is strong
and is well-suited to the mission at hand.
So I would absolutely agree that a major overhaul of the
program is not needed. The program is moving absolutely in the
right direction. That is not to say that the regulation is
perfect or that we won't move forward to try to make some
tweaks and to further improve the process. Down the road, I
would anticipate an advanced notice of proposed rulemaking,
through which we will solicit from our stakeholders across the
board their thoughts on what can be done to improve the
program.
But I would absolutely, you know, want to be clear that the
core of this program is very strong and well-suited to the
mission. Appreciate the question.
Mr. Perry. So the only place that stakeholders will have a
voice is in the rulemaking or the reform maybe of--or, you
know, the modification of rules moving forward at this point?
Is that their place?
Mr. Wulf. No, we have a continuing dialogue with our
stakeholders through sector coordinating councils, the chemical
sector, the oil and natural gas sector, our other stakeholders.
We are working on a continuing basis to conduct outreach,
working with the industry associations, including ACC and
SOCMA, from which you will hear later on during this hearing,
working together on initiatives to drive the program forward,
to get the word out, to reach out to facilities that may be in
the outlier population, to work on efforts such as Alternative
Security Program templates that can further streamline industry
members' ability to develop security plans and our ability to
review, authorize, and approve those plans.
Mr. Perry. Thank you, Mr. Chairman. I yield back.
Mr. Meehan. I thank the gentleman.
The Chairman now recognizes the gentleman from Nevada, Mr.
Horsford.
Mr. Horsford. Thank you, Mr. Chairman.
Ms. Hodges, I want to thank you for coming to testify
today, and I know that our invitation to you was recent and
that your report, however, is almost a year old, so I realize
that the effort that you and your staff had put into the update
and the review of this report.
In your 2013 report, you issued 24 recommendations. Since
that time, we understand that 12 recommendations were closed.
What does this change in status tell us about the effectiveness
of the CFATS program to prevent a terrorist incident involving
a chemical plant?
Ms. Hodges. Yes, thank you for that question. The change in
the recommendation status indicates that ISCD is addressing the
report recommendations to build a basic administrative
foundation, as well as the core infrastructure to support the
program.
While the majority of the closed recommendations involved
administrative issues that were presented, the majority of the
unresolved issues have to do with programmatic areas, on-going
programmatic areas that need to be addressed.
The program is maturing, but it is not fully operational.
Even when CFATS becomes fully operational, it can't prevent an
incident, but what it can do is better prepare industry and
their facilities to mitigate risk to the incident.
Mr. Horsford. Okay. So when you assessed DHS's effort to
implement the CFATS program from inception to the end of fiscal
year 2012, at the time, among other items, you found that DHS's
officials' use of, ``confusing terminology'' led to
misunderstandings of CFATS's program progress. Likewise, we on
the committee have repeatedly expressed concern in the way that
NPPD tracks its progress, as it makes it difficult to get to an
accurate picture of the program.
Since the release of your program--of your report, excuse
me, you have made a chance to review the Department's
materials. Is that correct?
Ms. Hodges. That is correct.
Mr. Horsford. What would you say about the quality of
information that is furnished today by the program and the
terminology utilized to communicate it?
Ms. Hodges. I think there has been great strides with their
annual operating plan. That plan has realistic and thoughtful
measures. It also has milestones, time frames, and that is a
really big--from our frame of reference, our fieldwork ended
back in October 2012. The report was issued in March 2013. From
where the program was to where they are now, with just the
foundational documents of having a way forward, that has been a
big, impressive effort on the part of NPPD and ISCD.
Mr. Horsford. Do you feel that it is presented in a way
that is useful for this oversight committee to reach
conclusions about the efficacy of the program?
Ms. Hodges. With the time and the distance from our field
work, we wanted to get the measures in place. We haven't been
back with the component or with ISCD to look at whether they
have had results, you know, from those measures. So I would not
be able to articulate or weigh in if that progress would be
helpful to the subcommittee and the committee.
Mr. Horsford. Well, I would see, to the extent we can--I
mean, my experience here is rather recent, but what I find, Mr.
Chairman, and to the Ranking Member, is that a lot of times,
you know, we have these reports and their recommendations and
conclusions to the agencies, but a lot of time there is not the
follow-up or the follow-through to help us provide the proper
guidance and oversight. So that is something that I would be
interested in as a Member of the subcommittee. Maybe someone
from the agency can respond. I yield back.
Mr. Wulf. Yes, I would be glad to, and I appreciate the
opportunity. Even at the time that the inspector general issued
its report, many of the recommendations that it made and issues
it had identified had been previously identified through the
challenges memo that we prepared in the fall of 2011, and those
issues had largely been resolved through the implementation of
the action plan we had put together.
So we have done a lot of good work putting into place
important management controls, business practices, streamlining
processes with respect to the review authorization, inspection
of facilities, and approval of site security plans. You know,
acknowledging that the I.G. engagement with our division is
somewhat dated, you know, I would--I am not sure I would accept
the premise that our program is not fully operational.
Every day across America, our inspectors are working
closely with facilities and working through security measures
that are fostering security and improving security at America's
highest-risk chemical infrastructure. So the program is
absolutely on the move. Since I last testified before this
committee in August, we have more than tripled our output of
approved site security plans, more than doubled to more than
1,100 our output of authorized plans. This program is
absolutely fully operational, and the pace will only continue
to increase, and we are certainly committed to continuing to
work to improve the program going forward.
Mr. Meehan. I thank the gentleman.
Mr. Wulf, let me just ask a quick question as a follow-up
on that. There were 24 recommendations made by the OIG. Twelve
of those recommendations have been fully closed. Is that not
correct?
Mr. Wulf. That is correct. The remaining 12 are noted as
resolved, but open.
Mr. Meehan. There are three levels of scrutiny on this, so
if you had been entirely lacking on those remaining 12, some of
which, as I have reviewed the report, indicate that there are
various technical reasons why they may not be, but the bottom
line is, by having said that they were not yet closed, but you
are in that middle level of scrutiny, which you have made the
significant progress, you are pretty close to getting to
answering the questions of the OIG. Is that not accurate?
Mr. Wulf. I think that is absolutely correct, sir.
Mr. Meehan. Do you disagree, Ms. Hodges, or agree?
Ms. Hodges. I believe that, yes, 12 of the 24
recommendations are closed. The remaining open recommendations,
some of them will be more longer-term. When a recommendation is
indicated as resolved, that means that the inspector general's
office and the Department have agreed in principle on the way
forward the action plan, the milestones, the goals.
Depending on how far we are in achieving those milestones
and goals and deliverables, we would resolve and close that
particular recommendation. However, some recommendations
require a longer period of time to be resolved and then closed.
Mr. Meehan. Thank you.
The Chairman recognizes the Ranking Member, Mr. Thompson,
for questions he may have.
Mr. Thompson. Thank you very much, Mr. Chairman.
Ms. Durkovich, a lot has been talked about, about West,
Texas. Can you tell this committee, since the explosion, that
those facilities like the one in West, Texas, are now being
inspected on a regular basis?
Ms. Durkovich. Thank you for that question. Since West,
Texas, nearly a year ago, both the Department, but the
interagency, has undertaken an extraordinary effort to identify
outliers like West, Texas. We have worked very closely with our
colleagues at EPA to cross-walk our lists of regulated
facilities. We are working very closely with State homeland
security advisers, with State chemists, with State departments
of agriculture to identify facilities that may not be aware of
our regulations and/or who may not have decided to comply with
them.
We have a number of facilities since our efforts with the
EPA and to get the word out who have since submitted Top-
Screens. We are in the process of assessing and evaluating
those Top-Screens to determine which one of those will be given
a preliminary tier. But the way that our process works, sir, is
that we are not yet at a point where we are doing inspections,
but we have certainly undertaken, again, an extraordinary
effort to identify those outliers and to ensure that they have
begun the process under CFATS, which begins with a Top-Screen.
Mr. Thompson. Thank you. So for the sake of the committee,
can you give us an estimate of how many of those outliers that
might be out here?
Ms. Durkovich. I will tell you that as part of our work, we
sent out--I think it was 3,000 letters to potentially--or to
facilities that could be potentially regulated under CFATS.
Those facilities, again, have gone through--or are in process
of submitting Top-Screens. I am going to defer to Mr. Wulf, but
I think the number--I will actually let you answer that.
Mr. Wulf. Absolutely. We have taken in approximately 800
additional Top-Screen submissions from facilities since we
started this process, facilities that have threshold holdings
of high-risk chemicals of interest, beginning the process, then
as appropriate to go through the security vulnerability
assessment and sign as appropriate a final tier.
We found through this that very few of these facilities are
looking as though they are going to tier into the program. So I
am pretty confident that we have a good handle on the known
universe of high-risk chemical facilities as currently defined
in the United States. Over the course of the program's history,
we have taken in upwards of 46,000 Top-Screens.
Mr. Thompson. Right. But what I am trying to get to is--we
were told that the West, Texas, facility was one of those
outliers, that there was no review. I am trying to see--you
said 3,000. Is that the universe to your knowledge?
Ms. Durkovich. No, go ahead.
Mr. Wulf. That is the number of facilities that we
identified through a cross-walk with EPA and subsequently sent
letters. West, Texas, the West Fertilizer Company did not meet
its obligation to submit a Top-Screen. That doesn't mean that,
had it submitted a Top-Screen--and it has subsequently
submitted a Top-Screen--it would end up as a regulated facility
under CFATS, that it would be determined to be one of the
highest risk of a terrorist attack exploitation.
Mr. Thompson. So at what point would these 3,000 people you
sent letters to, what is the Department's time table for
bringing that review to completion?
Mr. Wulf. It is moving forward right now. I would
anticipate that the facilities that, you know, have moved
through and received a preliminary tier, and I believe that is
only about 40 facilities right now, would be receiving their
final tier as appropriate, developing their site security plan
in concert with our physical security specialists and chemical
security inspectors, and moving through the process of
authorization, inspection, and approval.
Mr. Thompson. Well, I guess what I am trying, Mr. Chairman,
to get to is, if it is 3,000 or the 3,000--is it X number
that--what is the time table for the agency? You talked about
it may not be involved for the tiering, but we need assurance
that these outliers, whether they voluntarily come in or you
identify them through some other process, that they don't
endanger the lives and communities just because we didn't know
they existed.
Mr. Wulf. Absolutely.
Mr. Thompson. I am trying to get us to some point of how we
are going to bring everybody into a system, regardless of where
they are.
Ms. Durkovich. So, sir, I think that this is a continuous
process, frankly. The work that we have done with the EPA to
cross-walk our list is just one step in the process. But,
frankly, we will always work very closely not only with the
major trade associations, again, with State homeland security
advisers, with State agricultural departments, with State
chemists. We are working very closely now with smaller State
associations. Some of these outliers don't always belong to the
large National associations. We are looking at how through our
voluntary program, through our protective security adviser
program, we can utilize those individuals who are--so it is
going to be an on-going process, sir.
Mr. Thompson. Well, and I understand that. But, you know,
the West, Texas, facility was not a new facility. It had been
there a long time. It had gone through some modifications. So a
lot of this information and these companies are already there.
So I am trying to figure out, how did they fall through the
system to start with?
Ms. Durkovich. So they--sir, they were in the system. They
were not necessarily in our system. We have gone through a very
important process, which is cross-walking our database with the
EPA's database. That is what resulted in the 3,000 letters that
we ended up sending out. Part of what we are doing is part of
the Executive Order----
Mr. Thompson. Yes.
Ms. Durkovich. Okay.
Mr. Thompson. Well, I understand. But if you know there are
3,000, so you assume these companies will just fill out the
form and send it back. If you know that 3,000 are there, you do
not plan to do a physical inspection of the 3,000, just if they
send it back, fine, if they don't----
Ms. Durkovich. That is how our process works, yes, sir.
They submit a Top-Screen, and then based on that Top-Screen and
the corresponding site--the security vulnerability assessment,
we then----
Mr. Thompson. So if they don't submit it, what happens?
Ms. Durkovich. Then we can issue an administrative order.
Again, we are going through the process of ensuring that all of
the people who have received letters, where appropriate, are
submitting their Top-Screens.
Because of some of the way the taxonomy of the data is
structured, a facility that is in an EPA database may be
identified differently than it is in our database, because we
look at that long, and they look at addresses, and so we have
to work through some of that, but there is a process to ensure
that those need to submit Top-Screens do.
Mr. Thompson. Mr. Chairman, I hope you can understand the
need to put some of this under one roof, because there is just
too much--too many moving parts, and there doesn't appear to be
one person really in charge. I understand the need to talk, but
somebody should have the ultimate responsibility. I think the
public would like to see some entity, DHS or something, in
charge, and we can talk to other people.
But if I might ask, Mr. Chairman, that Mr. Wulf or Ms.
Durkovich provide the committee with the current status of
those 3,000 facilities that they have identified that are
outside the system, what kind of time table they are operating
from to bring them under some kind of review, so we can assure
the public that a West, Texas-type event, if it happens, we at
least know the facility is there and that there is some
regulation being applied to it.
Ms. Durkovich. We would be happy to do that, sir. Thank
you.
Mr. Thompson. Thank you.
Mr. Meehan. I thank the Ranking Member.
Let me take a moment just to follow up on a couple of
questions with regard to that particular issue. We are talking
about outliers that may or may not be purposefully deciding
that they don't want to participate, for whatever reason. Is it
more likely that they will be inclined to participate if, in
fact, we have an authorized program than whether or not we have
an ambiguous program about whether it is moving forward or not,
in your professional opinion?
Ms. Durkovich. In my professional opinion, it is more
likely that they will participate, if there is a fully
authorized program, yes, sir.
Mr. Meehan. Now, you are also cooperating with other
members of the industry who are significantly interested in
working with you, and it is often likely that chemical
companies who are in possession very infrequently operate
entirely in isolation. By that I mean they are either selling
their product to another user or they are purposing component
chemicals from a user.
So the privity of relationships with people in the industry
is well established. So the capacity to identify through other
members who outliers may be is significantly enhanced when we,
in fact, have a program which is predictable, dependable, and
people know that they have made a commitment. Is your
professional opinion we do better working through industry to
identify outliers if we had an authorized program?
Ms. Durkovich. That is my--yes, that is my professional
opinion. I am happy to let Mr. Wulf just talk a little bit
about how we are already doing that, but yes.
Mr. Wulf. Yes, no, I am glad to, and that is absolutely the
case. We work very well with industry through the National
associations, through these State-level associations, and
through the companies that are part of those associations, and
otherwise, to identify segments of industry that we may need to
communicate with, working with them to get the word out, you
know, working together on efforts such as the chemical security
summit to bring in members of industry and educate them on the
requirements of the CFATS program and on the availability of
voluntary programs, as well. So, yes, absolutely would agree
with that.
Mr. Meehan. Okay. Well, I thank you. I am aware we have
another panel to get to, but I want to ask just a few follow-up
questions and, of course, turn it over to my colleagues to see
if they have concluding questions for this particular panel.
But let me just ask Ms. Hodges, as a matter of record, if
you do know, and I know there have been some questions about
contract employees. I am referring to the EPA. Are you aware
that it is their practice to use contract employees for
inspections and evaluations under such things as the Clean
Water Act, the Resource Conservation and Recovery Act, the
Toxic Substances Control Act, the Oil Pollution Act, the Safe
Drinking Water Act? Are you aware as to the utilization of
contract employees for those kinds of important programs?
Ms. Hodges. For the EPA?
Mr. Meehan. Yes, ma'am.
Ms. Hodges. No, I am personally not.
Mr. Meehan. Okay. Okay, well, I will ask that a letter of
record be submitted, the letter from David Kling, director of
the Federal Facilities Enforcement Office of the EPA, dated
November 1. I thank you.
Without objection, so ordered.
[The information follows:]
Memorandum From the Office of Enforcement and Compliance Assurance,
United States Environmental Protection Agency, Washington, DC
Nov. 1, 2005
memorandum
SUBJECT: Use of Contract Inspectors for EPA's Federal Facility
Compliance Inspections/Evaluations
FROM: David J. Kling, Director, Federal Facilities Enforcement Office
(2261A)
TO: Regional Federal Facilities Program Managers, Regional Federal
Facilities Senior Managers
Since some EPA Regional enforcement and compliance personnel have
recently raised questions regarding the use of contract inspectors in
compliance inspections/evaluations of Federal facilities, we are
writing to confirm that properly trained and authorized contract
inspectors are appropriate for Federal facility compliance inspections/
evaluations under the Clean Water Act (CWA), the Resource Conservation
and Recovery Act (RCRA), the Toxic Substances Control Act (TSCA), the
Oil Pollution Act (OPA) and the Safe Drinking Water Act (SDWA). The
Federal courts are split as to whether contract inspectors are
authorized to conduct inspections under the Clean Air Act (CAA), and
the Federal Insectide, Fungicide and Rodenticide Act's (FIFRA's)
language limits those who are authorized to conduct inspections.
Under the CAA, the Courts of Appeals for the Sixth, Ninth, and
Tenth Circuits have considered the issue of contract inspectors, but
have reached different conclusions that depend, in part, on the
specific area being inspected. Without a definitive answer from the
Supreme Court, we advise that Regions should not use contract
inspectors for CAA inspections. In the rare circumstance where contract
inspectors may be needed to conduct a CAA evaluation/inspection,
written approval for the use of such inspectors must first be granted
by the Federal Facilities Enforcement Office (FFEO).
Further, FIFRA's language limits those authorized to conduct
inspections to ``any officer or employee of the Environmental
Protection Agency or of any State or political subdivision.'' FIFRA �
9, 7 U.S.C. � 136g. Accordingly, we do not advise using contract
inspectors for FIFRA compliance inspections/evaluations.
Regional enforcement personnel should reacquaint themselves with
the requirements for authorizing contractors to conduct inspections.
These requirements include:
The inspection contract must contain language per EPA Order
3500.1 requiring the contract inspector to meet the training
requirements of the Order, including completion ofthe Basic
Inspector Course, health and safety training, and medium-
specific training requirements--prior to leading an inspection.
Contractors who merely assist, rather than lead,
inspections are not required to comply with all of the
requirements of EPA Order 3500.1, although meeting the
requirements is still recommended. Even if not leading
inspections, contract inspectors are obliged to have health
and safety training, as specified in EPA Order 1440.3.
The inspections must be carried out in accordance with
approved Quality Assurance/Quality Control plans (that are part
of the Regions' Quality Assurance Management Plan) and use
established procedures, such as those set forth in EPA's
Inspection Manuals.
Depending on the nature of the inspections to be conducted,
a background investigation may be required for contract
inspectors. Any background investigation requirements should be
included in the contract. Background investigations are
especially important in the Federal facilities context--
particularly at high-risk facilities (e.g., certain military
bases, nuclear weapons plants, and Classified facilities).
A contract inspector may not request or review Confidential
Business Information (CBl) unless she or he has been cleared
for CBl by EPA under the particular statute for which the
authorization is given.
EPA does not issue the same Federal credential which EPA
employees carry to contractors. A few programs issue a statute
specific credential authorizing the contractor to carry out
inspections under a specific statute. It clearly identifies the
bearer as a contractor. In most cases, EPA provides contractors
with a letter of authorization. The letter identifies the
bearer as a contractor.
Please note that OECA and OARM are developing an EPA order that
addresses the issuance of credentials to Federal employees,
State/Tribal government employees, Senior Environmental
Employees (SEEs), and contractors.
Thank you for your interest in this matter and your support for
using contract inspectors in appropriate circumstances. If you have any
questions regarding this memorandum, please contact Gracie Garcia in
OECA's Federal Facilities Enforcement Office or Phyllis Flaherty in
OECA'S Office of Compliance.
cc (electronic only): Michael S. Alushin, OECA/OC, Kenneth A.
Gigliello, OECA/OC, Phyllis E. Flaherty, OECA/OC, Sandra L. Connors,
OECA/FFEO, Bernadette Rappold, OECA/FFEO, Gregory Snyder, OECA/FFEO,
Gracie Garcia, OECA/FFEO, FFEO Liaisons, Regional Enforcement Division
Directors, Regional Media Division Directors, Regional Enforcement
Coordinators.
Mr. Meehan. Let me just close my comments--my questions.
Mr. Caldwell, you have done a great deal of oversight in this
program. I know you are responsible for sort-of looking at the
activities in response to the directions that have been given
us, but we are not operating in isolation here. You have also
been very closely associated with the things that are being
done to move forward.
From your position, you have seen this bill. Do you see any
advantages in it or any of the provisions there that you think
are helpful?
Mr. Caldwell [continuing]. Sorry, GAO doesn't have an
official position on the bill itself, but I can talk about a
couple of things there. Many of them have been said. I mean, I
think the multi-year authorization, whether it is 2, 3, 4,
whatever many years, certainly adds stability to both DHS and
to industry. I think it also provides some normalcy in terms of
being an authorized program, whether or not the appropriations
have been approved or not. As we know from recent years, that
has not always been a pretty thing.
The bill codifies some of the activities that are already
being done in the program, but that also offers some stability
to industry, because if it is purely something within the
regulations, the Department in theory could change those quite
different--you know, could change those quite dramatically.
Then industry and others, as well as the Department, would have
to react to that.
Finally, I think if you look at some of the areas that were
emphasized in the bill, they certainly are areas where GAO, as
well as I.G., has pointed out a need for corrective actions and
emphasis.
Mr. Meehan. Let me just close by an observation, as well.
You have watched. We have been through a long history, and one
of the great frustrations here has been in the past there have
been requests for responsiveness from DHS with regard to a
number of matters with Congressional oversight, and your own
investigations have demonstrated that part of these issues from
time to time have been related to not just program management
and other kinds of tools, et cetera, but the overall
responsiveness, as you have begun, do you believe that you are
seeing an improvement and important activity along the lines of
the requests and demands that you have met?
Mr. Caldwell. Yes, sir. So our first review of CFATS came
at what might be the low point of the program, when the
internal memo came out. I think relatively early, when we
started our work, the top management at NPPD talked to us,
pledged their commitment to change, as well as the commitment
from our auditor standpoint, of giving us access to their
people and documents, which they did. I think since that time,
we have had very good cooperation in terms of when we have
actually had an on-going review, getting documents, getting
access to their people, and reviewing it.
I would say, we have seen progress since that time, again,
taking the longer sweep here, in terms of the management
problems that they have identified. They sit down to track them
and look at their progress against them. In terms of the
outlier issue, they are certainly working to match data with
the other agencies, be it EPA or other ones. Whether that will
lead to some of the--I am not sure you could prevent all the
West, Texases, through that process because of the tiering
process, but at least it is progress in the sense of trying to
identify them.
They are speeding up, say, the plan reviews through the
concurrent review process. They are doing something that used
to be very sequential and very long to do. I guess maybe the
biggest thing to GAO--and I would ask Ms. Hodges to comment, if
she wants to, as well, is I think they are certainly interested
in any suggestions and recommendations that we have, and there
is an effort certainly to implement those, sir.
Mr. Meehan. Ms. Hodges, do you have a comment?
Ms. Hodges. I do believe that the component has been
responsive to our follow-up for recommendations and
documentation, yes.
Mr. Meehan. Thank you. I turn it to the Ranking Member. Do
you have any closing questions for the panel?
Ms. Clarke. I do, Mr. Chairman, but just to put in
perspective the agencies and the letter that you have submitted
for the record, those agencies don't have the mandate of
preventing terrorism. I think that that is the distinction that
we are talking about with these contractors that we really need
to make sure we hold fast to.
Ms. Durkovich, ISCD has on a number of occasions testified
that the agency is willing to accept any vetting program for
the Department as an alternative to the PSP under CFATS.
However, I understand that ISCD does not intend to accept these
alternative vetting programs without preconditions. Most
recently, Congress addressed this issue in the fiscal year 2014
omnibus appropriations bill, but I would like to get the
Department's most recent views on the PSP issues.
Ms. Durkovich. Thank you very much. I appreciate the
opportunity to address this great question.
The personnel surety program under CFATS presents a
standard that I think that any prudent company isn't already
doing or shouldn't be doing. It requires that those companies
verify the identity of new personnel, that they conduct a
criminal or a background check, and that they verify that they
are legal to work.
For those personnel with access to restricted areas or
critical assets, as you have mentioned, since this program does
have a terror--a mandate for terrorism, we are requiring a
check against the TSDB, the Terrorist Screening Database. We
have outlined a number of different options that will allow
facilities to do that, and the information collection request
that is out right now is part of the basic tenets of our
program. We allow flexibility and options for companies. We
can't mandate requirements or prescribe requirements.
As part of personnel surety and the check against this
Terrorist Screening Database, we are allowing for other
credentials to be used. However, what we want to ensure is that
we have the ability to verify the validity of those credentials
and to ensure in the intervening period since they have been
issued that that individual has not committed a crime or has
for some reason not ended up on the Terrorist Screening
Database.
That is the intent of the program, is, again, to verify
that the individual who will have access to those restricted
areas and to those critical assets is not on the TSDB. So, yes,
we are giving companies the option to leverage existing
credential programs, but, again, we want to verify the validity
of those credentials to ensure that, again, in the intervening
time since they have been issued, for some reason, that
individual has not committed a crime or has not ended up on the
screening--Terrorist Screening Database.
Ms. Clarke. What is the process for verification? Is
there----
Ms. Durkovich. There are a number of different ways.
Specific to the credential, through our CFATS tool, they can
enter their name, their date of birth, and the credential
number, and that will do a quick verification----
Ms. Clarke. So is it sort of a self-verifying----
Ms. Durkovich. No, no, no. No. Either the facility or a
third party does the verification, but it is--again, either
through the database or they can do a swipe with a TWIC reader
card, for example.
Ms. Clarke. Very well.
Mr. Chairman, I yield back. Thank you.
Mr. Meehan. I thank the Ranking Member. I thank each of the
witnesses, not just for your testimony today, but for the long
work each of you in your various capacities have given to the
oversight and continuing progress of this program. I thank you.
The Members may have additional questions, and if they are
submitted to you at some point in time, I would ask that you
respond in writing. Thank you. The panel is dismissed. The
clerk will prepare the witness table for the second panel.
I want to welcome our panel. Before I recognize the panel,
I am going to ask unanimous consent that a letter in support of
H.R. 4007 that has been signed by 24 industry associations be
entered into the record.
Without objection, that will be so ordered.
[The information follows:]
Letter Submitted by Hon. Patrick Meehan
February 7, 2014.
The Honorable Michael McCaul (R-TX),
Chairman, U.S. House of Representatives, Committee on Homeland
Security, H2-176 Ford House Office Building, Washington, DC
20515.
The Honorable Bennie Thompson (D-MS),
Ranking Member, U.S. House of Representatives, Committee on Homeland
Security, H2-176 Ford House Office Building, Washington, DC
20515.
The Honorable Patrick Meehan (R-PA),
Chairman, U.S. House of Representatives, Subcommittee on Cybersecurity,
Infrastructure Protection, and Security Technologies, H2-117
Ford House Office Building, Washington, DC 20515.
The Honorable Yvette Clarke (D-NY),
Ranking Member, U.S. House of Representatives, Subcommittee on
Cybersecurity, Infrastructure Protection, and Security
Technologies, H2-117 Ford House Office Building, Washington, DC
20515.
Dear Chairman McCaul, Ranking Member Thompson, Chairman Meehan, and
Ranking Member Clarke: We, the undersigned organizations would like to
express our support for H.R. 4007, the CFATS Authorization and
Accountability Act of 2014, a streamlined bill that provides a 2-year
authorization of the Chemical Facility Anti-Terrorism Standards (CFATS)
program and guidance to the Department of Homeland Security (DHS) on
key issues of chemical facility security.
The bill addresses several important policy goals. First, it
provides a multi-year authorization to allow DHS to confidently
implement CFATS and industry to make important investments with the
certainty that goes along with knowing the program will be authorized.
The current practice of year-to-year extensions, or worse, short-term
continuing resolutions through the appropriations process is a
destabilizing force in the implementation and investment process.
Secondly, the legislation also addresses some of the major
impediments to completing site security plans and full implementation
of the program. It addresses certain concerns surrounding the personnel
surety requirements needed for access; gives covered facilities the
ability to meet site security plans through alternate security plans
approved by DHS and an option to use third parties as inspectors;
improves Congressional oversight regarding the tiering methodology; and
ensures better coordination with State and local officials.
We recognize the complexities in implementing a program like CFATS
and are fully aware of some of the flaws in management exposed over the
past few years. This multi-year authorization will give DHS the time
and stability it needs to improve its implementation, but at the same
time, will ensure that Congress has the ability to monitor the program
and make any necessary changes to it before the next authorization.
The organizations and companies listed below represent thousands of
American businesses that employ millions of American workers. We are
manufacturers, producers, processors, distributors, transporters, and
retailers in agriculture, chemistry, energy, forest products, food
processing, medicine, and other businesses that form our Nation's
infrastructure. We support H.R. 4007, and urge you to quickly consider
and pass this important legislation.
Thank you for your timely consideration.
Sincerely,
Agricultural Retailers Association, American Chemistry Council,
American Coatings Association, American Forest & Paper Association,
American Fuel and Petrochemical Manufacturers, American Petroleum
Institute, American Trucking Associations, Association of Oil Pipe
Lines, Edison Electric Institute, Global Cold Chain Alliance, Institute
of Makers of Explosives, International Association of Refrigerated
Warehouses, International Dairy Foods Association, International Liquid
Terminals Association, International Warehouse Logistics Association,
National Agricultural Aviation Association, National Association of
Chemical Distributors, National Association of Manufacturers, National
Mining Association, National Pest Management Association, Petroleum
Marketers Association of America, Society of Chemical Manufacturers &
Affiliates, The Fertilizer Institute, U.S. Chamber of Commerce.
Mr. Meehan. I want to thank our second panel for your
presence here today and for your willingness to help us draw
light on this very, very important issue. In order of
appearance, Mr. Clyde Miller is the director of corporate
security at BASF Corporation. In this capacity, Mr. Miller is
responsible for critical security initiatives both at the
corporate level and at BASF production sites across North
America, which include the execution of a crisis management and
response plan, CFATS compliance, and company-wide security
initiatives. In addition, Mr. Miller has served as the chair of
the Chemical Sector Coordinating Council, chair of the
Partnership for Critical Infrastructure Protection, and is
currently the incoming vice chair of the American Chemistry
Council's Security Committee.
Ms. Kate Hampford Donahue is the president of Hampford
Research, a specialty chemical manufacturer serving Fortune 500
companies in the electronics, dental, personal care, printing,
and adhesive markets. In addition, Ms. Donahue's company is a
member of the board of governors of the Society of Chemical
Manufacturers and Affiliates. This association supports the
industry with programs that maximize commercial and networking
opportunities to increase public confidence and to influence
the passage of rational laws and regulations.
We are joined by Ms. Anna Fendley, who represents the
Health, Safety, and Environmental Department of the United
Steelworkers of America. USW is North America's largest
industrial union, representing 850,000 workers across a diverse
range of industries, including the majority of unionized
workers in the chemical industry and workplace that use and
store large quantities of industrial chemicals.
I may add for the record, I am quite pleased to have good
relationships with the many fine workers in the refineries in
the southeastern Pennsylvania portion that I am able to
represent, and I thank you for being here today.
In fact, I thank each of you. Your full written statements
will be entered into the record. You may give your verbal
testimony, and I am going to ask that you do your best to try
to keep it within the 5-minute time limit.
So right now, the Chairman recognizes Mr. Miller for his
testimony.
STATEMENT OF CLYDE D. MILLER, DIRECTOR FOR CORPORATE SECURITY,
BASF NORTH AMERICA, INCOMING VICE CHAIR, AMERICAN CHEMISTRY
COUNCIL SECURITY COMMITTEE
Mr. Miller. Thank you, Chairman Meehan, and good morning,
Ranking Member Clarke and Members of the committee.
I am the director of corporate security for BASF
Corporation, and I think it speaks to the importance of this
legislation that we had both Chairman McCaul and Ranking Member
Thompson from the full committee in the hearing this morning to
speak to this legislation.
I am here today on behalf of BASF and the American
Chemistry Council. As you have pointed out, I am responsible
for all the security functions at our chemical facilities at
BASF in North America, as well as the implementation of the
Chemical Facility Anti-Terrorism Standards, or CFATS.
For BASF and the chemical industry as a whole, security is
an important aspect of our operations, and there is no greater
priority than the safety and security of our employees and the
communities that surround our sites. I appreciate the
opportunity to appear this morning to provide feedback on the
legislation being considered.
To that end, in addition to my written comments, I would
like to emphasize the following points. First of all, we
support moving the CFATS regulation from an appropriations
process to an authorization process. This bill for the most
part codifies what is in the original 2006 spending bill, which
established the Nation's first comprehensive chemical facility
security regulation.
Like the original bill, it is short and to the point and
validates the original premise of risk-based performance model
focusing on security. The bill does not try to reinvent the
wheel or add complexity to the program, which seemed to doom
previous attempts at long-term authorizations. Instead, this
bill has some narrow fixes in a few areas, such as offering
options to comply with the personnel surety performance
standard. It also reiterates a part of the original regulation,
requiring DHS to use threat, vulnerability, and consequence for
assessing risk, which they had not been doing.
I look at CFATS as an essay test rather than a multiple-
choice or fill-in-the-blank exam. Due to the CFATS security
regulation being a collection of performance standards, a
facility can implement a solution that draws from all available
options to meet those standards tailored to address the unique
needs of that site.
To effectively comply with CFATS, an essay of measures has
to be implemented. This can be perimeter-related, as well as
other security measures, combined with operating measures such
as process cameras and alarms. The totality or the essay
becomes the regulation with which the facility complies. A
long-term authorized regulation provides industry with the
confidence to make long-term capital investments and having the
certainty, and having that certainty, by the way, helps DHS and
recruiting and retaining top talent to effectively oversee the
regulation.
Second, we support the implementation of the overarching
findings and recommendations of the peer review panel in the
manner mentioned in the bill. The peer review panel was
established last year by DHS to study the methodology they use
to tier facilities covered under CFATS. This effort resulted in
a report setting out key findings and overarching
recommendations to improve the consistency and transparency of
the process. As a member of that panel, it is gratifying to see
that the bill requires DHS to report on the progress and
implementation of those recommendations.
Third, Director Wulf and his team have done a tremendous
job of turning CFATS around and moving toward an effective
chemical facility security program. Since Mr. Wulf and his
management team arrived, significant progress has been made in
carrying out CFATS. For example, to streamline the process,
they embraced the American Chemistry Council's alternate
security plan template and are actually working with other
stakeholders to develop similar plans.
They significantly increased the number of approved site
security plans and the pace of inspections without impacting
the effectiveness of the program. BASF sites have gone through
these authorization inspections, and I can assure you that the
heightened pace has not reduced their effectiveness or
compromised CFATS. Mr. Wulf and his team have also undertaken
efforts to better identify facilities that should have
submitted Top-Screens, but failed to do so, by coordinating
with other agencies to identify those outliers.
Finally, the passage of this bill by no means conflicts
with the Executive Order 13650. If anything, it will add to
enhancing and strengthening security throughout the sector, one
of the goals of the EO. DHS is undertaking many of the
activities being considered under the Executive Order. Passage
of this bill would only complement those efforts and give CFATS
the permanency it needs so that it does not risk lapsing as
occurred during the Government shutdown last year.
To summarize, CFATS has had a positive impact on enhancing
security at U.S. chemical sites, and we support making it
permanent. It is a robust program requiring companies to
continually monitor their operations to ensure compliance. In
some cases, facilities have evaluated their processes and
security programs and have taken measures to reduce their risk
and actually dropped out of CFATS.
Before CFATS, BASF already had a fairly comprehensive and
effective security program. However, for our facilities under
the CFATS regulation, we have increased capital spending and
operating cost to ensure that we meet or exceed the performance
standards set out in the regulation.
A long-term authorization with Congressional oversight will
provide the regulatory certainty and operational stability to
give the industry confidence that our long-term capital
commitments to this program are appropriate. To try to reinvent
CFATS by passing more comprehensive legislation, I am afraid,
will have a significantly negative impact. We pledge our
continued support as this legislation moves forward and to
continuing to work in partnership with you and your staff.
Thank you again for the opportunity to testify in support of
this bill and to highlight improvements by DHS.
I will be glad to answer any questions you may have.
[The prepared statement of Mr. Miller follows:]
Prepared Statement of Clyde D. Miller
February 27, 2014
Good morning, Chairman Meehan, Ranking Member Clarke, and Members
of the committee. My name is Clyde Miller, and I am the director of
corporate security for BASF Corporation. I am here today on behalf of
BASF and the American Chemistry Council.
At BASF, I am responsible for all of the security functions at our
chemical facilities in North America and for the implementation of the
Chemical Facility Anti-Terrorism Standards, or CFATS, at our facilities
in the United States. I have been directly involved in that effort
since CFATS' inception. Last year, I was asked to serve on the
Department of Homeland Security (DHS)-commissioned Peer Review Panel
analyzing the CFATS risk assessment methodology that was conducted by
the Homeland Security Studies and Analysis Institute. For BASF and the
chemical industry as a whole, security is an important aspect of our
operations and there is no greater priority than the safety and
security of our employees and the communities that surround our sites.
I appreciate the opportunity to appear here this morning to provide
feedback on the Chemical Facility Anti-Terrorism Standards Program
Authorization and Accountability Act of 2014. To that end, I would like
to emphasize the following points in my remarks:
ONE.--We support moving the CFATS regulation from an
appropriations process to an authorization process.
TWO.--We support the implementation of the overarching
findings and recommendations of the Peer Review Panel, in the
manner mentioned in this bill.
THREE.--Dave Wulf and his team have done a tremendous job of
turning the CFATS program around and moving toward an effective
chemical facility security program.
FOUR.--The passage of this bill by no means conflicts with
Executive Order 13650. If anything, it will add to enhancing
and strengthening security throughout the sector--one of the
goals of the EO.
Now, I would like to elaborate on these points.
I. We support moving the CFATS program from an appropriations process
to an authorization process.
This bill, for the most part, codifies what is in the original 2006
spending bill, which established the Nation's first comprehensive
chemical facility security regulation. Like the original bill, it is
short and to the point and validates the original premise of
establishing a risk-based performance model for enhancing chemical
facility security across the Nation.
I look at CFATS as an essay test rather than a multiple choice or
fill-in-the-blank exam. Due to the CFATS security regulation being a
collection of performance standards, a facility can implement a
solution that draws from all available options to meet those standards.
And since not all facilities are the same, plans can also be tailored
to address the unique needs of individual sites. To effectively comply
with CFATS, an ``essay'' of measures has to be implemented. This can be
perimeter-related measures as well as other security measures, combined
with operating measures such as process cameras and alarms. The
totality, or ``essay,'' becomes the regulation with which the facility
complies and is given a pass or no-pass grade when undergoing a
compliance inspection by DHS. A long-term authorized regulation
provides industry with the confidence to make long-term capital
investments. Further, having that certainty helps DHS in recruiting and
retaining top talent to effectively oversee the regulation.
The bill does not try to reinvent the wheel or add complexity to
the program, which seemed to doom previous attempts at long-term
authorizations. Instead, this bill has some narrow fixes in a few areas
that need to be addressed, such as a simplified Alternative Security
Program, similar to that used by the U.S. Coast Guard under the
Maritime Transportation Security Act, implementation of third-party
inspectors and some simplified solutions to the personnel surety
program. Concerning the Personnel Surety Program, the bill requires DHS
to accept other well-established Federal credentials that currently
continually vet their holders against the Terrorist Screening Database
with no further obligation required of the facility.
This bill reiterates a part of the original regulation, using
threat, vulnerability, and consequence for assessing risk, which DHS
had not been doing, as we discovered during the previously-mentioned
peer review process. The Peer Review Panel recommended DHS evaluate all
three elements to fully assess risk, which is also required by the
National Infrastructure Protection Program of 2009 and 2013. Finally,
the bill sets up an oversight process to ensure the program continues
to make improvements and establishes accountability by setting a time
line for the Secretary of DHS to report to Congress on its progress
with implementation of recommendations made by the Peer Review Panel.
II. We support the implementation of the overarching findings and
recommendations of the Peer Review Panel, in the manner
mentioned in this bill.
A peer review panel was established last year by the Homeland
Security Studies and Analysis Institute to study the methodology used
by DHS to tier facilities covered under CFATS. This panel was made up
of subject-matter experts covering 15 areas of expertise, including
industrial security, risk analysis, toxicology, process safety,
infrastructure security, and other pertinent areas. This effort
resulted in a report setting out key findings and over-arching
recommendations. As a member of that panel, it is gratifying to see
that the effort is mentioned in this bill and requires DHS to report on
the progress in implementation of those recommendations.
III. Since Dave Wulf and his team have arrived at DHS; they have done a
tremendous job of turning around the program and moving CFATS
toward an effective chemical facility security program.
First, recognizing that the Chemical Security Assessment Tool
(CSAT) process could be streamlined, they embraced the American
Chemistry Council's Alternative Security Plan (ASP) template, which
provides an alternate path for developing and submitting site security
plans.
Second, they significantly increased the number of approved site
security plans, having recently passed the 500th approved security
plan.
Third, they have greatly increased the pace of inspections, up to
100 inspections per month. They have completed nearly all of the Tier 1
and 2 high-risk facilities and have started reaching into the Tier 3
and Tier 4 sites. BASF has had sites that have gone through these
authorization inspections and I can assure you that the heightened pace
has not reduced their effectiveness or compromised the program.
Fourth, they recognized that implementing a new regulatory program
required significant outreach to the regulated community. As a result,
they have enhanced their outreach efforts, engaging with industry via
sector councils and other means. They've increased the number of
Compliance Assistance Visits and inspectors regularly participate in
introductory meetings with owners and operators of CFATS-regulated or
potentially-regulated facilities.
Finally, DHS has undertaken efforts to better identify ``outlier''
facilities that should have submitted Top-Screens but have failed to do
so by coordinating with other agencies such as EPA, the U.S. Coast
Guard, and State and local authorities.
IV. The passage of this bill by no means conflicts with Executive Order
13650. If anything, it will add to enhancing and strengthening
security throughout the sector--one of the goals of the EO.
As just mentioned, DHS is undertaking many of the activities being
considered under the Executive Order. Passage of this bill will allow
DHS to increase these activities that go to the heart of their
mission--ensuring chemical facility security throughout the sector. It
is precisely these efforts, without any changes to the program that
might hamper efficiency or speed, that the EO--and Congress--should be
encouraging and supporting. Passing this bill will give the program the
permanency it needs so that it does not risk lapsing as occurred during
the Government shutdown last year.
conclusion
CFATS has had a positive impact on enhancing security at U.S.
chemical sites, and we support making this a permanent program for the
approximately 4,500 sites that are regulated under CFATS. It is a
robust program, for example at BASF we already had a fairly
comprehensive and effective security program. However, for facilities
under the CFATS regulation, we have seen increased capital spending and
operating costs to ensure we meet or exceed the performance standards
set out in the regulation.
In complying with CFATS facilities have evaluated their processes
and security programs and in some cases taken measures to reduce their
risk and dropped out of the program. The previously-mentioned Peer
Review made recommendations to make some process changes to make the
program more transparent and consistent. To try to reinvent CFATS by
passing more comprehensive legislation, I'm afraid, would have a
significantly negative impact on the program.
Congressional oversight via authorization would help DHS continue
to address some of the challenges they have faced implementing the
program, even as the agency has made progress with a new management
team. The industry has seen considerable increased activity from DHS,
including improved quality of inspections and faster authorizations.
Most importantly, DHS leadership has demonstrated a commitment to
working with stakeholders to improve the implementation of the CFATS
program. A long-term authorization will provide the regulatory
certainty and operational stability to give the industry confidence
that our long-term capital commitments to this program are appropriate,
and provide a stronger foundation for the overall success of the
program.
We support and share in your efforts to provide a long-term
authorization for CFATS. We pledge our continued support as this
legislation moves forward, and look forward to continuing to work in
partnership with you and your staff as this process moves forward.
Thank you again for the opportunity to testify in support of this bill.
I'll be glad to answer any questions you may have.
Mr. Meehan. Thank you, Mr. Miller.
The Chairman now recognizes Ms. Hampford Donahue.
STATEMENT OF KATE HAMPFORD DONAHUE, PRESIDENT, HAMPFORD
RESEARCH, INC., AND MEMBER, BOARD OF GOVERNORS, SOCIETY OF
CHEMICAL MANUFACTURERS AND AFFILIATES (SOCMA)
Ms. Hampford Donahue. Good afternoon, Chairman Meehan,
Ranking Member Clarke, and Members of the subcommittee. My name
is Kate Hampford Donahue, and I am president of Hampford
Research, a specialty chemical manufacturer located in
Stratford, Connecticut. We are a second-generation family-owned
business with 30 employees.
We supply complex compounds to Fortune 500 companies
serving the electronics, personal care, printing and
lithography, and industrial adhesives industries. Some of our
customers are chemical giants, and some are high-tech firms
that develop and use engineered materials, but who lack the
ability or desire to manufacture those materials themselves.
Hampford Research is a member of the Society of Chemical
Manufacturers and Affiliates, or SOCMA, where I also serve on
the board of governors. SOCMA has been and continues to be the
leading trade association representing the batch, custom, and
specialty chemical industry. I am proud today to provide
testimony on behalf of SOCMA in support of H.R. 4007, the CFATS
Authorization and Accountability Act of 2014.
SOCMA strongly supports the CFATS program and is wholly
supportive of H.R. 4007. The program requires chemical
facilities Nation-wide, including mine, to develop security
enhancements. It protects facilities against attack without
impairing the industry's ability to remain innovative. Hampford
Research takes the security of our facilities and our products
very seriously, as it does the safety of our employees and our
communities. We have literally bought into this program.
We received notice last year that our final CFATS
authorization inspection was scheduled for October 1. We
prepared as thoroughly as possible for the audit, but then our
inspection was delayed due to the Government shutdown. To make
matters worse, during the shutdown, we learned that the
legislative authorization for the CFATS program had expired.
These are the kinds of disruptions and regulatory
uncertainty that Congress should do its best to avoid. Even
under ideal circumstances, it costs companies, especially small
businesses, time and money to plan for, pay for, prepare for,
and clear days off calendars for multiple employees to comply
with the full scope of the program. Responsible companies like
Hampford want the CFATS program, but we want a stable and
predictable one.
In our re-scheduled final authorization inspection, we had
two inspectors who were knowledgeable, professional, courteous,
and practical. They engaged us in a real dialogue during the
inspection and continued that dialogue after they left. Their
focus was on creating layers of deterrent. They offered lots of
suggestions on options we might consider, but were clear that
we were the experts on our facility and only we could create a
plan that would work for us.
They were very responsive to follow-up questions from us,
as well. In addition, the entire process, from the time when we
were inspected on October 23 until we got final approval for
our plan just February 14 last week was extremely timely and
efficient.
The CFATS program went through a difficult period, but we
believe that our positive experience is an example of the
broader success story that the CFATS program has become. For
its part, DHS is making good progress in implementing the
reforms identified by Deputy Director David Wulf. SOCMA
applauds the work of Mr. Wulf and his team. We also thank him
for his quick response in developing a resource at SOCMA's
request called ``What to Expect from the Inspectors,'' that
will explain what companies should anticipate for final
authorization. This is a great example of chemical companies
wanting to do the right thing and DHS working well with them
for compliance. We are meeting mutual goals.
CFATS is reducing risk in a market-based way. Over 3,000
facilities have changed processes or inventories in ways to
screen out of the program. CFATS is driving facilities to
reduce inherent hazards, relying not on regulatory mandates,
but on the company's expert judgment to do so where it makes
sense, where it can be done without reducing product quality or
transferring risk to some other point in the supply chain.
The CFATS program is working, but would help my company and
others like it if Congress could ensure CFATS's continued
stability through a longer-term authorization like H.R. 4007.
This bill codifies what was in the original 2006 spending bill
and removes the program from annual funding fire drills. This
bill also makes a few fixes in areas where legislative change
could improve the program, including allowing facilities the
flexibility in satisfying their obligation to help screen
employees and visitors for terrorist ties if the facilities
rely on Federal credentials that are vetted against the
Terrorist Screening Database.
H.R. 4007 is a simple bill and a strong solution to help
DHS and facilities like mine concentrate on implementing the
CFATS regulations without worrying about the future of the
program. It would help me and my 30 employees of Hampford
Research significantly.
The chemical sector is united in support of this bill. Per
his testimony before the full committee in this room yesterday,
Secretary Jeh Johnson supports it, as well. Thank you very much
for this opportunity to testify, and I look forward to your
questions.
[The prepared statement of Ms. Hampford Donahue follows:]
Prepared Statement of Kate Hampford Donahue
February 27, 2014
Good morning Chairman Meehan, Ranking Member Clarke, and Members of
the subcommittee. My name is Kate Hampford Donahue and I am the
president of Hampford Research, Inc., a specialty chemical manufacturer
headquartered in Stratford, Connecticut. We are a second-generation,
family-owned business with 30 employees. We supply high-purity, complex
compounds to Fortune 500 companies serving the electronics, dental,
personal care, printing & lithography, and industrial adhesives
industries. Some of our customers are chemical giants, and some are
high-tech firms that develop and use engineered materials but lack the
ability or desire to manufacture those materials themselves. Hampford
Research is a member of the Society of Chemical Manufacturers and
Affiliates, or SOCMA, where I also serve on the board of governors.
For 90 years, SOCMA has been and continues to be the leading trade
association representing the batch, custom, and specialty chemical
industry. SOCMA's 220-plus member companies employ more than 100,000
workers across the country and produce some 50,000 products--valued at
$60 billion annually--that help make our standard of living possible.
Over 80% of SOCMA's members are small businesses and many are covered
by the CFATS program. I am proud today to provide testimony on behalf
of SOCMA in support of H.R. 4007, The CFATS Authorization and
Accountability Act of 2014.
SOCMA strongly supports the CFATS program and is wholly supportive
of H.R. 4007. The program requires chemical facilities Nation-wide,
including mine, to develop security enhancements. Its performance-based
approach protects facilities against attack without impairing the
industry's ability to remain innovative and to maintain some of the
Nation's highest-paying manufacturing jobs. Like most other specialty
chemical manufacturers covered by CFATS in our industry, Hampford
Research takes the security of our facilities and our products very
seriously, as it does the safety of our employees and communities. We
have quite literally ``bought in'' to the program.
We received notice last year that our final CFATS authorization
inspection was scheduled for October. We prepared as thoroughly as
possible for compliance--but then our inspection was delayed, due to
the Government shutdown in October. To make matters worse, during the
shutdown, we learned that on October 4, the legislative authorization
for the CFATS program had expired, albeit briefly. These are the kinds
of disruptions and regulatory uncertainty that Congress should do its
best to avoid. Even under ideal circumstances, it costs companies,
especially small businesses, time and money to plan for, pay for,
prepare for, and clear days off of calendars of multiple employees to
comply with a program like CFATS. Responsible companies like Hampford
want the CFATS program--but we want a stable and predictable program.
In our rescheduled final authorization inspection, we had two
inspectors who were knowledgeable, professional, courteous, and
practical. They engaged us in a real dialogue during the inspection--
and continued that dialogue after they left. Their focus was on
creating layers of deterrent. They offered lots of suggestions on
options we might consider but were clear that we were the experts on
our facility and only we could create a plan that would work for us.
They were very responsive to follow up questions from us. In addition,
the entire process (from when we were inspected on October 23-24 until
we got approval for our plan on February 14) was very timely and
efficient.
The CFATS program went through a difficult period, but we believe
that our positive experience is an example of the broader success story
that the CFATS program has become. As a result of the chemical sector's
strong cooperation with DHS, there has been 100% compliance by industry
with the requirements to submit Top-Screens, Security Vulnerability
Assessments and Site Security Plans. For its part, DHS is making good
progress in implementing the reforms identified by Deputy Director
David Wulf. SOCMA applauds the work of Mr. Wulf and his team. We also
thank him for his quick response in developing a resource called ``What
to Expect from the Inspectors'' that will explain what companies should
anticipate for final authorizations.
The Chemical Sector Coordinating Council suggested this idea to Mr.
Wulf last year and he enthusiastically endorsed it. While it will come
too late for Hampford Research, we expect that the tool will be very
helpful to other facilities like ours. This is a great example of
chemical companies wanting to do the right thing, and DHS working well
with them for compliance. We are meeting mutual goals.
CFATS is reducing risks in a market-based way. Over 3,000
facilities have changed processes or inventories in ways that have
enabled them to screen out of the program. CFATS is thus driving
facilities to reduce inherent hazards, relying not on regulatory
mandates but on the company's expert judgment to do so where it makes
sense--where it can be done without reducing product quality or
transferring risk to some other point in the supply chain.
The CFATS program is working, but it would help my company and
others like it if Congress would ensure CFATS's continued stability
through a longer-term authorization like H.R. 4007 would provide. This
bill simply codifies what was in the original 2006 spending bill that
established the program, and removes the program from the annual
funding fire drills. The bill also makes a few simple fixes in areas
where legislative change can improve the program:
First, it clarifies that DHS can approve generic alternative
security programs that facilities can opt into, rather than
having to approve ASPs facility-by-facility. This approach has
worked well for the maritime security program and should be
extended to CFATS.
Second, it clearly authorizes DHS to rely on third parties
to conduct authorization inspections. DHS has stepped up the
pace of inspections, but at the current rate it will still take
years and years to get through all the tier 3 and 4 facilities.
Leveraging third parties could be the key to dramatically
shortening that time table.
Third, the bill confirms that facilities can satisfy their
obligation to help screen employees and visitors for terrorist
ties if the facilities rely on Federal credentials that are
vetted against the terrorist screening database--without having
to supply any other information to DHS.
H.R. 4007 is a simple bill and strong solution that will allow DHS
and facilities like mine to concentrate on implementing the CFATS
regulations without worrying about the future of the program. It would
help me, and the 30 employees of Hampford Research, significantly. The
chemical sector is united in support of this bill.
Thank you for the opportunity to testify, and I look forward to
your questions.
Mr. Meehan. Thank you, Ms. Hampford Donahue.
The Chairman now recognizes Ms. Fendley for her testimony.
STATEMENT OF ANNA FENDLEY, LEGISLATIVE REPRESENTATIVE, UNITED
STEELWORKERS
Ms. Fendley. Thank you, Chairman Meehan and Ranking Member
Clarke, and Members of the subcommittee, for the opportunity to
testify today.
I am here on behalf of the United Steelworkers. We
represent 850,000 workers in many sectors, including the
majority of organized workers in the chemical industry.
The massive explosion nearly a year ago in West, Texas,
brought acute National attention to the vulnerabilities in our
communities and the potential for the same or much worse is
present at other facilities across the country.
CFATS was intended to be an interim measure when DHS was
given statutory authority during the 109th Congress. Subsequent
appropriations have not addressed recognized problems with the
implementation and scope of the CFATS program, and H.R. 4007
also neglects to address many of the inherent weaknesses of
CFATS, five of which I will cite today.
First, H.R. 4007 does not extend CFATS coverage to
chemicals shipped or stored outside of a facility's fence line
in nearby rail yards or elsewhere that may have little or no
security measures. Our members cite rail cars full of hazardous
chemicals parked outside fence lines near homes and other
businesses.
Employers may engage in this form of risk-shifting to be
taken off the list of high-risk facilities, or it could be
unintentional. DHS claims that ``more than 3,000 facilities
removed, reduced, or modified holdings of chemicals of
interest,'' but maintains no information as to how these
reductions in holdings were achieved.
Second, H.R. 4007 does not change the prohibition within
CFATS of any particular security measure by DHS, including a
fence in a particular area, a specific control on a unit, or
any other measure that is well-documented through past practice
to prevent catastrophic incidents.
Third, H.R. 4007 does not develop or promote the most
effective means of reducing a catastrophic chemical incident,
which is the use of safer chemical processes. Some companies
have made these changes. According to DHS, nearly 1,300
facilities have completely removed their chemicals of interest,
and approximately 600 decreased quantities of chemicals of
interest to below the threshold. But many companies will never
even look into innovating with safer processes without a legal
requirement to do so. A provision addressing this would be a
particularly effective addition to H.R. 4007.
Fourth, the personnel surety program under CFATS has the
potential for unintended consequences. H.R. 4007 does not
prevent the collection of unnecessary personal employee data by
employers or third parties that may be inaccurate. There is not
an adequate appeals process for workers who are wrongly
discriminated against during the PSP process. DHS statements
that employers are expected to follow all laws are inadequate
to protect workers in this regard.
Many have expressed concern about the duplication of
efforts and the burden for multiple background checks under the
PSP. The Transportation Worker Identification Credential, TWIC,
is an option, but it is not without concerns.
Fifth, CFATS and H.R. 4007 lack the requirement for a
meaningful role for workers in chemical security. Workers who
operate and maintain chemical facilities know the most about
what needs to be done to reduce vulnerabilities. CFATS should
require meaningful involvement of plant employees in developing
security plans and participating in the agency's inspections at
a facility. Additionally, whistleblower protections should be
added for workers or others who report vulnerabilities to the
Secretary of Homeland Security.
As the first panel cited, there have been a number of
challenges with implementing the CFATS program. The OIG and GAO
reports are important documents for serious consideration.
Another current activity to consider is the report that DHS
must provide to the House and Senate Appropriations Committees
by April.
After the explosion in West, Texas, President Obama signed
Executive Order 13650 on Improving Chemical Facility Safety and
Security. The EO's working group has been gathering stakeholder
input and is currently requesting public comments on policy
regulation and standards modernization, including issues
specific to CFATS. A status report is due to the President in
May. These documents will be very valuable to consider.
Any legislation authorizing the CFATS program must be
responsive to the identified shortcomings and challenges of
CFATS, the oversight recommendations, and other activities at
the Federal level. Congress should not merely require more
metrics from an inadequate program when there is consensus
about problems. Legislative action based on the recommendations
from OIG, GAO, the EO working group, and other stakeholders is
necessary to address the gaps in CFATS that leave millions of
American workers and communities at risk.
Thank you again for the opportunity to be here today.
[The prepared statement of Ms. Fendley follows:]
Prepared Statement of Anna Fendley
February 27, 2014
Chairman Meehan, Ranking Member Clarke, and Members of the
committee, thank you for the opportunity to testify today. My name is
Anna Fendley. I am here on behalf of the United Steel, Paper and
Forestry, Rubber, Manufacturing, Energy, Allied Industrial, and Service
Workers International Union--USW for short. We represent 850,000
workers in the sectors I just mentioned and many others, including the
majority of unionized workers in the chemical industry and hundreds of
thousands of men and women whose workplaces use and store large
quantities of industrial chemicals.
A massive explosion nearly a year ago at the West Fertilizer
Company's storage and distribution facility in West, TX killed 15
people and injured hundreds more. The blast also destroyed a nursing
home, an apartment complex, schools, and private homes. This incident
has brought acute National attention to the vulnerabilities in our
communities. As devastating as the West explosion was, the potential
for much worse is present at other facilities across the country.
Our members are well aware of the hazards and the potential for
wide-spread damage to critical infrastructure and the communities where
they work and live. Small accidental releases occur more often than the
public realizes, and it is only a matter of time before the next large
explosion or release. In one example, our members at a chemical plant
on the West Coast cite a normal procedure that turned abnormal last
year and caused a release of sulfuric acid that sent workers at the
warehouse next door to the hospital. Luckily this release was stopped
relatively quickly. However, that may not be the case in every
situation.
CFATS was intended to be an interim measure when the 109th Congress
passed legislation providing the Department of Homeland Security (DHS)
with statutory authority to regulate chemical facilities for security
purposes. Since that time subsequent Congresses have continued to
extend the authority to DHS for the CFATS program through
appropriations. These appropriations have not addressed recognized
problems within the implementation and scope of the CFATS program and
have instead allowed an inadequate and ineffective status quo. H.R.
4007 also neglects to address many of the inherent weaknesses of CFATS,
five of which of which I will cite today.
First, H.R. 4007 does not extend CFATS coverage to chemicals
shipped or stored outside of a facility's fence line in nearby rail
yards or elsewhere that may have little or no security measures.
Currently CFATS does not prevent this risk shifting from one location
to another. I have seen pictures and gotten accounts from our members
of rail cars full of hazardous chemicals parked for days outside the
fence line within yards of a busy road near homes and other businesses.
Employers may engage in this form of risk shifting to be taken off the
list of high-risk facilities, or risk shifting could be an established
practice occurring for years because workers and management do not
recognize the hazard and the potential for a criminal act. Under CFATS
there is no way of knowing if and how these risks are being shifted,
which leaves communities in danger. DHS claims that ``more than 3,000
facilities removed, reduced, or modified holdings of chemicals of
interest'' but maintains no information as to how these reductions in
holdings were achieved.\1\ The program does not know or track whether
the risk was shifted to just over the fence-line.
---------------------------------------------------------------------------
\1\ http://www.dhs.gov/sites/default/files/publications/
CFATS%20Update_February2014.pdf.
---------------------------------------------------------------------------
Second, HR 4007 does not change the prohibition within CFATS of any
``particular security measure'' by DHS including a fence in a
particular area, a specific control on a unit, or any other measure
that is well-documented through past practice to prevent catastrophic
incidents. This capacity-building measure would require covered
facilities to conduct a structured review of options that avoid
catastrophic chemical hazards in well-documented assessments and plans
that are reported to DHS. My colleagues and I work with employers every
day. Many take safety measures that go above and beyond, but there are
always some that will only do the minimum required by law and, as we
all know, some who refuse to even do the minimum required.
Third, H.R. 4007 does not develop or promote the most effective
means of reducing a catastrophic chemical incident, which is the use of
safer chemical processes. DHS,\2\ EPA,\3\ and the U.S. Chemical Safety
Board \4\ have all highlighted the effectiveness of assessing and,
where feasible, implementing safer alternatives at high-risk
facilities. Some companies have shifted to safer processes or reduced
their inventory of hazardous chemicals so they are no longer listed as
high-risk. In fact, according to a report from DHS to the Coalition to
Prevent Chemical Disasters, since the inception of the CFATS program
nearly 1,300 facilities have completely removed their Chemicals of
Interest and approximately 600 no longer possess a Chemical of Interest
at the threshold that requires submission of a Top-Screen to DHS. But
many companies will never even look into innovating with safer chemical
processes without a legal requirement to do so. Past legislation in the
House has included the requirement that covered facilities ``assess
alternatives, in particular `the technical feasibility, costs, avoided
costs (including liabilities), personnel implications, savings, and
applicability of implementing each method to reduce the consequences of
a terrorist attack'.''\5\ This provision would be a particularly
effective addition to H.R. 4007.
---------------------------------------------------------------------------
\2\ http://www.dhs.gov/news/2011/03/30/written-testimony-nppd-
house-committee-energy-and-commerce-hearingtitled-hr-908.
\3\ http://www.epa.gov/ocir/hearings/testimony/111_2009_2010/
2010_0728_ccd.pdf.
\4\ http://www.nytimes.com/2014/01/29/opinion/the-next-accident-
awaits.html?smid=pl-share&_r=0.
\5\ HR 2868--111th Congress. http://beta.congress.gov/bill/111th-
congress/house-bill/2868.
---------------------------------------------------------------------------
Fourth, the Personnel Surety Program (PSP) under CFATS has the
potential for unintended consequences. Within the current context of
the CFATS program, individual chemical facilities are responsible for
clearing workers under their PSP. H.R. 4007 does not prevent the
collection of unnecessary personal employee data by employers or third
parties that may be full of inaccuracies due to errors in reporting.
CFATS does not include an adequate appeals process for workers who are
wrongly discriminated against during the PSP process. In a February 3,
2014 Federal Register notice, DHS stated that employment decisions
based on background checks are outside of the scope of CFATS and that
DHS expects employers to comply with applicable Federal, State, and
local law regarding employment and privacy.\6\ On the whole this is
inadequate. Workers need an appeals process and whistleblower
protections under the CFATS.
---------------------------------------------------------------------------
\6\ http://www.gpo.gov/fdsys/pkg/FR-2014-02-03/pdf/2014-02082.pdf
(page 6436).
---------------------------------------------------------------------------
Many have expressed concerns about duplication of efforts and the
burden for multiple background checks. The Transportation Worker
Identification Credential (TWIC) is an option, but it is not without
concerns. What protections would be in place for workers who would
suddenly be required to secure TWICs to continue working? What
financial and operational burdens would the installation of biometric
readers put on facilities? Relying on the TWIC program in this way
could be problematic, particularly since the Coast Guard has not issued
a final rule for TWIC readers, it will not be fully deployed in ports
across the country, and there are examples of some problems with the
appeals process.
And fifth, CFATS lacks the requirement for a meaningful role for
workers in chemical security, and H.R. 4007 does not provide it.
Workers who operate and maintain chemical facilities know the most
about what needs to be done to reduce vulnerability and protect against
a terrorist attack. They would be hurt first and worst in an attack on
a facility, and therefore have the largest stake in ensuring safety.
CFATS should require meaningful involvement of plant employees in
developing security plans. DHS should also be required to include an
employee representative when the agency does inspections at a facility.
The Occupational Safety and Health Administration \7\ and the
Environmental Protection Agency \8\ both have policies that could be
used as a model for DHS to include workers in inspections.
Additionally, whistleblower protections should be added for workers or
others who report problems, deficiencies, and vulnerabilities to the
Secretary of Homeland Security.
---------------------------------------------------------------------------
\7\ https://www.osha.gov/Firm_osha_data/100006.html.
\8\ http://www.epa.gov/compliance/resources/policies/monitoring/
caa/caa112r-rmpguide.pdf.
---------------------------------------------------------------------------
As the first panel cited, there have been a number of challenges
with implementing the CFATS program. In a March 2013 report, the Office
of Inspector General (OIG) found that the program continued to face
challenges in the areas of submission tools and processes,
representation and oversight, human capital, and fiscal stewardship.\9\
OIG made 24 recommendations to improve implementation of the CFATS
program, and those recommendations should be considered. Additionally
the recommendations in the April 2013 Government Accountability Office
(GAO) report titled ``Critical Infrastructure Protection: DHS Efforts
To Assess Chemical Security Risk and Gather Feedback on Facility
Outreach Can Be Strengthened'' should be considered as the committee
considers risk assessment under the CFATS program.\10\
---------------------------------------------------------------------------
\9\ http://www.oig.dhs.gov/assets/Mgmt/2013/OIG_13-55_Mar13.pdf.
\10\ http://www.gao.gov/products/GAO-13-353.
---------------------------------------------------------------------------
Another current activity to consider is that the Joint Explanatory
Statement for the Consolidated Appropriations Act, 2014 included a
requirement that DHS provide a report to the House and Senate
Appropriations Committees, the House Committee on Energy and Commerce,
and this committee, the House Committee on Homeland Security by April
2014.\11\ This report will outline how DHS is using existing resources
and infrastructure to avoid duplication within the program and how DHS
is working to ensure that that a facility meets the personnel surety
standard. The information included in this report will be valuable to
incorporate into any legislation concerning the CFATS program.
---------------------------------------------------------------------------
\11\ http://docs.house.gov/billsthisweek/20140113/113-HR3547-JSOM-
D-F.pdf.
---------------------------------------------------------------------------
After the explosion in West, TX, President Obama signed Executive
Order (EO) 13650 on Improving Chemical Facility Safety and
Security.\12\ The EO set up a working group to improve operational
coordination with State and local partners; enhance Federal agency
coordination and information sharing; modernize policies, regulations,
and standards; and work with stakeholders to identify best practices.
The working group is co-chaired by the Department of Homeland Security,
the Environmental Protection Agency, and the Department of Labor. It
has been meeting regularly and has held listening sessions at locations
across the country to gather stakeholder input about how the agencies
can more effectively reduce the risks to workers and communities.
Additionally, there is also a document out for public comment until
March 31, 2014 requesting public input on policy, regulation, and
standards modernization. As a part of that public comment, DHS is
asking for input from stakeholders about the following issues specific
to CFATS:
---------------------------------------------------------------------------
\12\ http://www.whitehouse.gov/the-press-office/2013/08/01/
executive-order-improving-chemical-facility-safety-and-security.
---------------------------------------------------------------------------
Options to improve the secure storage, handling, and sale of
ammonium nitrate;
Potential updates to the CFATS chemicals of interest list
and the screening threshold quantities of certain substances
contained on that list;
Options for improving the coverage of reactive substances
and reactivity hazards;
Options for addressing security of chemicals at agricultural
production facilities;
Opportunities to leverage industry best practices in
chemical facility security;
Methods for identifying economically and mission-critical
chemical facilities;
Opportunities to harmonize facility security standards
across different programs; and
Approaches to identifying potential high-risk chemical
facilities that have not yet complied with their initial CFATS
obligations.\13\
---------------------------------------------------------------------------
\13\ https://www.osha.gov/chemicalexecutiveorder/
Section_6ai_Options_List.html.
---------------------------------------------------------------------------
A status report from the working group to the President is due on
May 1, 2014 along with a comprehensive and integrated standard
operating procedure that unifies the Federal approach for identifying
and responding to risks. These documents will be very valuable to
consider as a part of CFATS reform.
Any legislation authorizing the program must be responsive to the
identified shortcomings and challenges of CFATS, the oversight
recommendations, and other activities at the Federal level regarding
the CFATS program. Congress should not merely require more metrics from
an inadequate program when there is consensus about problems in the
program. Legislative action based on the recommendations from OIG, GAO,
the EO working group, and other stakeholders is necessary to address
the gaps in CFATS that leave millions of American workers and
communities at risk.
Thank you again for the opportunity to testify today.
Mr. Meehan. I thank you, Ms. Fendley. I thank each of the
panelists.
Let me begin with you, Mr. Miller, representing larger
industry in this. There has been major investment that has been
made by the industry in response to the call and a sense of
responsibility to try to meet the challenge of securing our
chemicals against the threat of potential use for terrorist
activity.
That investment has been made under the basis that there be
some kind of certainty with regard to the program. What does it
mean to business to have a question of certainty? How is it
that people make calculations about the kinds of investments
and planning that they are going to do in larger organizations
where oftentimes you can have numerous facilities and literally
millions of dollars at stake, so to speak, in the decisions
that you make?
Mr. Miller. Thank you, Mr. Chairman, for that question.
It does certainly play into the considerations of capital
planning. The reality of it is, money spent for security
measures may be money that was taken away from some other
process that we wanted to make an improvement on. But knowing
that the money that we are spending is not necessarily going to
be--I don't want to say wasted, but certainly the money that is
spent trying to comply with the program should be spent for a
good cause. Knowing that this program is going to be around and
it is going to be something that we will be complying with for
a number of years would be helpful.
Mr. Meehan. So the absence of some kind of certainty with
regard to it may in these times of difficult decision making at
a corporate level lead people to say, well, if we don't know,
resources could be shifted until there is certainty into
another area, leaving some measure of potential vulnerability
as we move forward?
Mr. Miller. Well, I think that we as an industry try to be
responsible in that area and we want to make sure that we are
doing what we should be doing in the security arena. However,
having that uncertainty can cause, I think, some companies to
proverbially kick the can down the road and wait to see what is
going to happen as to whether this regulation is going to
continue or not.
Mr. Meehan. Thank you.
Ms. Donahue, you represent many of the smaller participants
in the business. We recognize that there are numerous
components, and that may be the very place where, you know, we
have got smaller companies, smaller abilities to be responsive
to mandates and other kinds of things, and yet a similar
interest in trying to be responsive to our goal of protecting
the homeland.
What does it mean to--you used the word flexibility. What
about this legislation enables you to have some measure of
flexibility while still fulfilling the obligations that you
think the law creates?
Ms. Hampford Donahue. Well, in general, I mean, in the
course of our plan being approved, it was a real dialogue with
the inspectors. They were in our facility. They could see some
of the space limitations we were dealing with and other issues.
We talked about how we created more layers of security.
They had some ideas for us that hadn't occurred to us before,
and we had some, actually, some insights that they added to
their list, so it was it was a very collaborative process that
ended up with a plan that we could execute within our means--
again, goes back to this capital planning--I would echo it is
probably even more important for a small facility to be able to
plan capital spending, because we have fewer dollars to spend,
and chemical manufacturing is an extremely capital-intensive
business, extremely.
So the more we can plan for what is going to be required to
meet the commitments for CFATS, the better it is for us. I
mean, if we are talking about putting some new camera system
in, I need to know that that is going to be an investment that
will be able to keep for years to come and that, in 2 years, I
won't have some new set of standards that I have to meet, that
now the candid cameras aren't a good investment.
So flexibility to look at the standards and create
solutions that are executable in my facility is important, but
also this ability to plan long-term.
Mr. Meehan. That flexibility, as well, is--there is an
engagement that is taking place, in the sense of you are
collaboratively looking at the kinds of things that may be
being requested of you, but there is also a dialogue about
things, where and how you store your chemicals and otherwise.
Would it be conceivable you would be asked questions about
whether you have materials outside of the boundaries of your
particular plant?
Ms. Hampford Donahue. Absolutely.
Mr. Meehan. Would there then be an opportunity for DHS to
engage with you about ways to assure that they are at least
either in transit or you could shift things if necessarily to
assure that they are otherwise secure?
Ms. Hampford Donahue. Absolutely.
Mr. Meehan. So this is the part of the flexibility and the
ability to move forward is the on-going dialogue that takes
place, so when issues are raised with respect to security of
these, there is a capacity with the way things are being
constructed in this bill to be responsive and to take
appropriate steps to assure that they are taken.
Ms. Hampford Donahue. Based on what we have seen so far,
yes.
Mr. Meehan. Okay.
Ms. Hampford Donahue. I mean, we have an open dialogue with
the inspectors that were there, that as we implement our plan,
should, you know, you hit a speed bump that you weren't
anticipating, you know, we will be absolutely picking up the
phone to talk to them about how we best resolve, you know, any
forthcoming issues. So the dialogue that was created during the
audit was the cornerstone of this for us.
Mr. Meehan. Thank you. My time is expired, and I turn to
the Ranking Member for questions she may have.
Ms. Clarke. Thank you, Mr. Chairman. Let me thank Mr.
Miller, Ms. Hampford Donahue, and Ms. Fendley for your expert
testimony here today.
My question is to you, Ms. Fendley: In your testimony, you
mentioned that chemical security measures rarely address
capacity-building measures that would require covered
facilities to conduct a structured review of options that would
help avoid catastrophic chemical hazards and that are reported
to DHS. I know that you and your organization work with
employers every day to improve the safety and security of
workers. We also know that many companies take their corporate
responsibility to work with the citizens who live nearby
seriously and take safety measures that go above and beyond.
But there are always bad actors who do the minimum required
by law or less. Can you give us some examples of how we can
help the CFATS program and coverage avoidance of catastrophic
chemical hazard?
Ms. Fendley. Sure. Thank you for that question. The most
effective means, we believe, to avoid these catastrophic
incidents is to promote and develop the use of safer chemical
processes. As I included in my testimony, there are many
facilities that have done that, but that dramatically mitigates
the risk, should an act of terror take place.
There has been legislation in past congresses that
addresses that and included some requirements that facilities
at a minimum assess the financial and technological feasibility
to implement those kinds of processes. I think the second thing
I would add is that the CFATS program does a very good job of
hearing from industry as a stakeholder, but workers and
communities also ought to be at the table as stakeholders in
this process. Workers specifically at facility sites would be
incredibly useful in creating site security plans and
participating in inspections, because they are the people who
are really on the process every day and they understand the
true vulnerabilities.
Ms. Clarke. Ms. Hampford Donahue, you are a smaller
company, and you mentioned that part of what has sort-of
enabled you to wrap your arms around this process is the
consultative process with inspection. Part of the challenge
that we are facing right now is the outlying organization;
based on the West Virginia--excuse me, the West, Texas, model,
it seemed to be a small company, as well.
Through your trade association, have you been able to sort-
of get to those far-flung organizations to have them become a
part of your association? What are the challenges that we face
as a Nation in sort of locating those outliers? Because it
seems to me that that process of collaboration and inspection
helps those companies that may be isolated to come into
compliance and have a certain level of comfort in that
interaction.
Ms. Hampford Donahue. I am not sure that I can speak
specifically to the issue of outliers. I can speak to the kind
of dialogue that we have within the SOCMA membership. I can
tell you that when we received the call that we were going to
be inspected, that was the first call I made was to SOCMA, to
reach out to the staff there and to my fellow board of
governors, members, to find out who else had been inspected. So
it is, you know, an active engagement that we have talking
about, you know, all sorts of issues, but--CFATS being one of
them.
Beyond--I mean, talk about outliers. I don't know of any. I
mean, everybody that is in SOCMA that I know of is compliant
with whatever Government regulations they need to be.
Ms. Clarke. I guess my question to you was, have you seen
in your experience, I guess, the willingness or an ability to
identify a company that may be out there that sees your
organization as a place where they can find a home and then
ultimately become far more engaged in a trade association,
thereby getting the access to the information they would need
to be in compliance with CFATS?
I mean, I am sure there are companies that are coming on-
line every day, but there may be older ones out there that, you
know, get access to the web and see your organization. Have you
seen that as an avenue?
Ms. Hampford Donahue. Well, SOCMA has--you know, got a very
strong outreach effort to its members. Certainly, legislative
and regulatory issues are a cornerstone of that. If you go to
any SOCMA meeting, board meeting or, you know, other seminar or
session that they have, there is always a regulatory or
legislative component to what we are talking about.
So I think for us, certainly, that is one of the benefits
of SOCMA membership, is that that is the way that I make sure
that my company is always compliant with what is going on or
what we need to be, so I would assume that is why other
organizations would join, as well.
Ms. Clarke. Very well. Thank you very much, Mr. Chairman. I
yield back.
Mr. Meehan. I thank the Ranking Member.
I just have one sort-of follow-up question that I would
like to ask for some insight on. I know we have mentioned a
couple of times the personnel surety performance, and I am
aware that there is continuing difficulty with some of this.
Mr. Miller, our committee appreciates that DHS has taken some
steps. Some have called them a little overly burdensome or
invasive at times. We also want to make sure that progress in
this regard that has been made isn't retarded in a way that it
becomes difficult to do the thing we want to do, which is to
attest to the ability of somebody who is in a facility to
appropriately be there.
With these twin concerns of mine, how would you think you
would like to see the personnel surety requirement developed?
Mr. Miller. Thank you, Mr. Chairman. The personnel surety
performance standard is a tough one, because there is a certain
element of that performance standard having to do with
vetting--or vetting people against the Terrorist Screening
Database, that there is only one way that can be accomplished,
and that can only be accomplished by submitting data in some
manner to the Federal Government for them to bounce it off of
that database.
So that makes it a little bit of a challenge to say that we
should have various options to be able to comply, when you have
that restriction. So I think that is the reason for the
consideration of having--recognizing multiple credentials that
are already out there that do that thing to comply with this
performance standard.
Another option, though, too, is--and certainly it is
something that we look at our facilities--is the true issue
here is allowing people having access to the chemicals of
interest. Where we have the ability to isolate those materials
so that we can reduce the number of people that have access to
that, and we take advantage of that, that way, that reduces the
total population that we have to submit to DHS. The
simplification and the reduction of the number of people that
have access to those types of materials is what we are driving
for there.
If I might add one more thing, in some of the other
questioning--and I apologize for being so bold--but there has
been a lot of discussion about the facilities and the
population of facilities that almost sounds like this is a
static program, but it is not. All of my facilities at any
given time may decide to change a process. They may decide to
expand their processes. We have to have a process in place
where we are continually monitoring what our facilities are
doing, so that if they suddenly trigger the need for a Top-
Screen, we know about it and we can have that facility to do
that.
Same way with our warehouses and so forth, in kind-of going
to Ranking Member Clarke's question. We make sure that our
suppliers and that our warehouses and so forth recognize they
may have to comply with CFATS, because the last thing we need
is to have a warehouse or a supplier get shut down by DHS and
we can't get that--can't have that working material there.
So that is one of the ways that outreach can be done. This
is a dynamic regulation, in that it is always changing as far
as the population of facilities that are out there.
Mr. Meehan. Well, I thank you for that observation about
not only the dynamism, but we used the word flexibility before
as with anything, and one of the real objectives of this
legislation was to make it structured enough that we could be
able to accomplish the very real objectives that we share, but
also not to make it so prescriptive or to be introducing so
many new variables into these that we start to get in the way
of the very specific objective that we have now, recognizing
that that concept of flexibility always opens the door to, if
there is another kind of need, it can be included, but if we
don't have a baseline that allows us to get started, we are
going to continue to wallow in the mud and find ourselves
potentially down here 2 or 3 years later looking at the next
West, Texas, and saying, why didn't we do something to make the
difference?
I want to thank you for your testimony. I want to thank you
for your work in this very, very important area. We appreciate
the value of the information you have been able to bring to us
in deliberations about this important bill. So I thank the
witnesses.
The Members of the committee may have some additional
questions for you, and if they do, I ask that you respond in
writing. So, thank you.
Pursuant to committee rule 7(e), the record of this hearing
will be held open for 7 days. Without objection, the
subcommittee stands adjourned.
[Whereupon, at 12:32 p.m., the subcommittee was adjourned.]
[all]
�