Monday, July 28, 2014

Congressional Hearings – Week of 7-27-14

This is the start of the last week currently scheduled for the House and Senate to be in Washington until after the Labor Day Weekend. There is only one hearing currently scheduled that is of specific interest to readers of this blog; a Senate markup hearing that looks at a number of interesting bills including CFATS.

Senate Markup Hearing

On Wednesday the Senate Homeland Security and Governmental Affairs Committee will hold a business meeting to cover a wide range of nominations and legislation. Included in the list of bills to be addressed are:

HR 4007, the Chemical Facility Anti-Terrorism Standards Program Authorization and Accountability Act of 2014;
S 2547, the RESPONSE Act of 2014; and
S 2664, a public alert and warning system bill yet to be published.

HR 4007 is, of course, the bill of biggest interest here. The Committee leadership has been talking about writing their own bill since the first of the year, but has failed to reach a consensus on that language. There has been recent talk about Chairman Carper (D,DE) wanting to see language added that would allow Tier 4 facilities to ‘self-certify’ compliance with the site security plan requirements. That amendment would probably be acceptable to the House. Anything more complicated than that might derail passage of this bill.

House Floor

Today the House will consider a number of bills under suspension of rules. Four of them will be of interest to readers of this blog:

HR 2952 - The Critical Infrastructure Research and Development Act;
HR 3107 - The Homeland Security Cybersecurity Boots-on-the-Ground Act;
HR 3202 - The Essential Transportation Worker Identification Credential Assessment Act; and
HR 3696 - The National Cybersecurity and Critical Infrastructure Protection Act.

The House leadership has determined that these bills have enough bipartisan support to ensure their passage with a 2/3 vote. I’m kind of surprised that HR 3696 made that cut considering the number of organizations that still have problems with privacy issues in the bill. We will see if they get surprised on this vote; it does happen periodically.

S 2547 Introduced – RR Emergency Response

As I noted earlier Sen. Heitkamp (D,ND) introduced S 2547, the RESPONSE Act of 2014. The bill would amend 6 USC 318 and establish a new subcommittee of the National Advisory Council, an independent federal advisory committee that provides emergency response and planning advise to the NPPD Deputy Administrator for FEMA. The new subcommittee, the Railroad Emergency Services Preparedness, Operational Needs, and Safety Evaluation (RESPONSE) Subcommittee would provide recommendations on emergency responder training and resources relating to hazardous materials incidents involving railroads.

The RESPONSE Subcommittee

This is a ‘subcommittee’ in name only as most of its members would not come from the National Advisory Council (NAC). Statutory members would include {§318(d)(2)}:

• NPPD Deputy Administrator for FEMA (Chair);
• Director of the Office of Emergency Communications, DHS;
• NTSB Director for the Office of Railroad, Pipeline and Hazardous Materials Investigations;
• FRA Associate Administrator for Railroad Safety;
• TSA Assistant Administrator for Security Policy and Industry Engagement;
• Coast Guard Assistant Commandant for Response Policy;
• EPA Assistant Administrator for the Office of Solid Waste and Emergency Response;
• PHMSA Associate Administrator for Hazardous Materials Safety;
• FMCSA Chief Safety Officer and Assistant Administrator;

Appropriate members of the NAC would be appointed to the RESPONSE sub-committee as would other personnel from the oil, railroad and communications industries.

RESPONSE Recommendations

The bill would require the RESPONSE Subcommittee to develop recommendations to improve emergency responder training and resource allocation. The following areas are to be specifically addressed {§318(d)(6)}:

• Quality and application of training for local emergency first responders related to rail hazardous materials incidents;
• Effectiveness of funding levels related to training local emergency responders for rail hazardous materials incidents;
• Strategy for integration of commodity flow studies, mapping, and access platforms for local emergency responders;
• The lack of emergency response plans for rail, similar to existing law related to maritime and stationary facility emergency response plans;
• Development of a train incident database;
• Increasing access to relevant, useful, and timely information for the local emergency responder; and
• Determination of the most efficient agencies and offices for the implementation of the Subcommittee’s recommendations.

The problem with this bill is that it brings too many people to the table. Legitimately, the people listed in the bill all have something to contribute; but there are too many folks to effectively get anything done. The tasking probably should have been given to FEMA who then would have been directed to ‘consult with’ the agencies listed. As it is the Assistant Administrator for FEMA will have to try to herd all of the cats listed instead of actually trying to solve the problem.

Moving Forward

I suspect that this bill would have no problems passing in the Senate or the House; it is after all another pass-the-buck-to-a-committee bill that effectively costs nothing. The problem will be that this late in the session, it will be difficult for the bill to find its way to the floor for a vote. If it is considered in the Senate before the election (almost certainly after the summer recess at best) it will probably be one of those bills brought to the floor at the end of the day and considered by ‘unanimous consent’. In the House it will be considered on a Monday or Tuesday under ‘suspension of the rules’ provisions. The key to passage will be convincing the leadership to bring it to the floor.

Saturday, July 26, 2014

NIST Increases CSF Usability

This week the National Institute of Standards and Technology (NIST) expanded (somewhat) the usability of the Cybersecurity Framework (CSF) as a management tool. They published the CSF Reference Tool [Zip file containing a Windows® .EXE file; there is an alternative OS® application version]; “a FileMaker runtime database solution”.

According to the NSF web site:

“The CSF Reference Tool allows the user to browse the Framework Core by functions, categories, subcategories, informative references, search for specific words, and export the current viewed data to various file types, e.g., tab-separated text file, comma-separated text file, XML, etc.”

The tool is designed to make it easier for corporate management to use the CSF as a management tool for the implementation (and tracking the implementation) of the CSF. It makes it easier for the user to search for and extract information from the CSF Core [Excel® download] and to export that data into forms and formats that can be used for various management functions.

My biggest complaint about the CSF Core applies to this tool as well. The references data should include links to the specific areas of the applicable documents or at least to the documents themselves. I understand that there are copyright issues and many of the document owners require users to buy the documents. That and many of the documents are not formatted to be linkable down to the section level.

If NIST had been given a budget for the CSF (which would have meant that Congress get involved instead of it just being based upon an Executive Order) they might have been able to negotiate link access rights from this tool to the various standards involved. Without that capability, the utility of this tool will be limited for most organizations.

OOPS – I just found some other headaches; this file is set up to run from the NIST-CSF.exe from the extracted zip file each time it is opened. It does not automatically set up an icon or even a link on the START page. Even if you pin it to your task bar, you get ‘Run’ dialog box opening up on your screen before you get to the program. When you exit the program you get another dialog box that shows up informing you that the base program, FileMaker Pro®, ‘has stopped working’. These are software issues that ruin the run ability of the program. It is really sad that the programming skills and QA skills are so low at NIST that these types of errors remain in their distributed programs. We were not allowed to have errors like this remain in our college projects twenty years ago.

Friday, July 25, 2014

HR 3202 Reported in House – TWIC Assessment

Last week the House Homeland Security Committee published their report on HR 3202, the Essential Transportation Worker Identification Credential Assessment Act. The bill is now available for consideration by the Whole House and could be considered next week under suspension of the rules.

There has been some fine tuning made to the requirements for the independent report on the efficacy of the TWIC program, though nothing of major significance. It does expand the reporting requirements for the Comptroller General to include reporting on the progress made in implementing the plan developed by DHS.

There is one major change made in the reported bill. The Committee back-tracked on supporting the GAO report recommendation that the current TWIC Reader Rule be delayed until a comprehensive review of the efficacy of the TWIC program is completed. The new version of the bill adds §2(e)(2) that exempts the current rulemaking from any delay caused by this bill. The report explains that this way (pg 8 of the report):

“The Committee has been critical of the Department’s delay in issuing a final rule for the use of card readers at MTSA regulated vessels and facilities and, at this time, the Committee believes that the current card reader rule should move forward. The Committee directs DHS to incorporate the results of this comprehensive assessment into any additional rule making or changes to existing rules.”

One can certainly sympathize with the Committees impatience; the TWIC Reader Rule was supposed to be in place years ago. Of course, industry may not be too pleased with this change. The TWIC Readers are going to be expensive to install, use and maintain. If the TWIC program has to undergo major revisions because of the assessment required in this bill, the Readers may not be useful too far into the future. That assumes, of course, that Congress and DHS can act in an expeditious manner to implement any changes recommended by the study.

As I mentioned in an earlier blog post, I expect that this bill will receive substantial bipartisan support when it comes to the floor. With that in mind, I would not be surprised to see it considered early next week under suspension of the rules. That way the House would be done with it before the recess. I think the bill would have a good chance of passing in the Senate in September, even with the electioneering and short schedule.


As I suggested last night, the OMB announced that it had approved the EPA’s request for information concerning potential changes to their Risk Management Program. This is being reported as being a ‘Notice’ not a ‘Pre-rule’ meaning that an advance notice of proposed rulemaking could still be expected to be part of any rulemaking process arising out of this action.

It won’t be until later today that we know whether or not this notice will be published in Monday’s Federal Register, though I fully expect that it will be.

Bills Introduced – 7-24-14

There is just one week left before Congress goes home for their summer recess and we are starting to see a surge in the number of purely political bills introduced. Yesterday there were a total of 52 bills introduced and two of them may be of specific interest to readers of this blog:

S 2656 Latest Title: A bill to provide for the regulation of persistent, bioaccumulative, and toxic chemical substances, and for other purposes. Sponsor: Sen Merkley, Jeff (D,OR)

S 2664 Latest Title: A bill to amend the Homeland Security Act of 2002 to direct the Administrator of the Federal Emergency Management Agency to modernize the integrated public alert and warning system of the United States, and for other purposes. Sponsor: Sen Begich, Mark (D,AK)

Thursday, July 24, 2014

EPA to Publish Chemical Safety RFI

I got an interesting email from the EO 13650 Working Group yesterday giving me advance notice of the EPA’s press release (issued today) about their pending publication of a Request for Information (RFI) for possible revisions to the EPA’s Risk Management Program (RMP). This is part of the Agency’s response to the requirements of the President’s Executive Order on Increasing Chemical Safety and Security (EO 13650).

Now, anyone that has been following the activities of the EO 13650 Working Group has been expecting this RFI. The EPA submitted the document to the OMB for approval back in May. That approval has not yet been announced, though we may see the announcement of that approval tomorrow on the OMB’s Office of Information and Regulatory Affairs web site.

According to today’s press release the RFI has been signed and forwarded to the folks at the Federal Register for official publication. It is not going to be in tomorrow’s Federal Register, so the earliest that it could show up is in the Monday edition (which will be released on-line on Saturday). From the date of publication there will be a 90-day comment period. There will almost certainly be requests to extend that comment period due to the breadth of the information requested.

An unofficial draft of the RFI is available on the EPA web site. The documents takes pains to acknowledge that this is not the official document and that there may be minor differences between the draft and the version that will be published in the Federal Register. Still it’s nice to have the draft available so that we can opine on the contents quickly and informatively when it is published.

So I guess it is time to start reading the lengthy (115 pages) document. I’ll probably start reporting on it in detail on Saturday.
/* Use this with templates/template-twocol.html */