CFATA 2009 High Level Summary

On June 16th the 111th Congress will hold its first public hearing on the reauthorization of the CFATS regulations. There is no bill number currently available for the ‘Chemical Facility Anti-Terrorism Act of 2009’, but I have gotten hold of a copy of a committee draft (dated 06-04-09). While this may not be the version that makes it to the first markup it will be close enough so that we can understand some of the questions that will be asked during the hearing. I don’t want to post a 67 page document to the blog so what I will do is to provide a high level summary of the document. There are a lot of similarities to last year’s HR 5577, but this is not exactly the same bill. The most obvious difference is that this year’s bill does not exactly remove the water treatment facility exemption the way HR 5577 did. There is apparently a change in the way that water treatment facilities will be treated, but it is being addressed in a separate title to CFATA that is being written in the Energy and Commerce Committee and I have not yet seen a copy of that portion of CFATA. With that said here is the section by section summary of the draft bill. SEC. 101 - Findings and Purpose Summarizes the political and security situation that led to CFATS and notes that CFATA will ‘modify and make permanent’ the authority to regulate ‘security practices at chemical facilities’. SEC. 102 - Extension, Modification, and Recodification of Authority CFATA amends the Homeland Security Act by adding Title XXI. The remainder of these comments are tagged to the section numbers in that amendment SEC. 2101 – Definitions This is the typical definition of terms. It does codify the ‘Risk-Based Performance Standards’ with some revisions. The most important is the addition of “(S) Assessing and, as appropriate, utilizing methods to reduce the consequences of a terrorist attack.” The term ‘method to reduce the consequences of a terrorist attack’ is also broadly defined. SEC. 2102 - Risk-Based Designation and Ranking of Chemical Facilities The section provides authority to Secretary to designate ‘substances of concern’, a term equivalent to the current ‘chemicals of interest’. It also provides authority for the designation of ‘covered facility’ and requiring chemical facilities to submit information to the Secretary to allow for determination if the facility is a ‘covered facility’. It calls for the ranking of ‘covered facilities’ into four risk-based tiers. It also requires the Secretary to provide facilities with information about potential threats and methods of attack that could be employed against the facility. Sec. 2103 - Security Vulnerability Assessments and Site Security Plans This section provides the Secretary with the authority to establish requirements for Security Vulnerability Assessments (SVA) and Site Security Plans (SSP). This section designates the review and approval of the SVA or SSP as ‘an inherently governmental function’ which disallows for the use contractors to complete these functions. It also provides for the acceptance of Alternate Security Programs (ASP). This section effectively removes the exemption for MTSA covered facilities, and requires coordination with Coast Guard to establish facilities covered under both rules. This section also establishes an 8 hour annual training requirement for employees of covered facilities. Sec. 2104 - Site Inspections This section provides the authority for the Department to conduct inspections under this title. The inspection authority includes access to off-site records, employees and ‘employee representatives’. This section requires unannounced inspections of Tier 1 and Tier 2 facilities. Sec. 2105 – Records This section establishes the right of the Secretary to have access to applicable records. It also requires facilities to provide copies of SVA and SSP to an ‘employee representative’ from each recognized bargaining agent for the facility. These representatives would be required to follow information handling and security rules provided in this legislation. Sec. 2106 - Timely Sharing Of Threat Information This section establishes the requirements for the exchange of threat information. It requires the Secretary, within limits of national security and statutory requirements, to provide covered facilities with threat information. It provides the Secretary with the authority to require reports on threats against the facility to include “any intentional or unauthorized penetration of the physical security or cyber security of the covered chemical facility whether successful or unsuccessful”. Sec. 2107 – Enforcement This section provides the authority and establishes the general procedures for disapproving an SVA or SSP. It also establishes the authority for issuing Orders of Compliance and Orders to Cease Operations. It establishes the maximum level for Administrative penalties ($25,000/day) and court awarded Civil penalties ($50,000/day). Sec. 2108 - Whistleblower Protections This section provides the authority for protection of personnel from retaliation for filing complaints or reporting security related problems under this title. Sec. 2109 - Federal Preemption This section provides a clear and unambiguous provision for states and their subdivisions to establish and enforce stricter regulations pertaining to chemical facility security. It does not provide for the typical ‘unless it conflicts with these regulations’ provision. Sec. 2110 - Protection of Information This section establishes the Sensitive Security Information as the standard to be used for the protection of information provided to DHS instead of the current Chemical-Terrorism Vulnerability (CVI) standard in the current regulations. It also enumerates the classes of information that would be protected. Sec. 2111 - Methods To Reduce The Consequences Of A Terrorist Attack This section provides for the requirement for all covered facilities to assess ‘methods to reduce the consequences of a terrorist attack’ as part of their SSP. It then provides authority for the Secretary to require Tier 1 and Tier 2 facilities to implement methods identified in the assessment that would ‘significantly reduce risk of death, injury or serious adverse affects’, can ‘feasibly be incorporated into the operation of the covered facility’ and ‘would not significantly and demonstrably impair the ability’ of the facility to remain in business at that site. It requires the Secretary to make available information on ‘the use and availability of methods to reduce the consequence of a chemical facility terrorist incident’. Sec. 2112 - Applicability This section exempts DOD owned/operated facilities and facilities regulated by the Nuclear Regulatory Commission (and state entities authorized to act in lieu of the NRC) from coverage under this law. Sec. 2113 - Savings Clause This section provides a list of federal statutes that are not preempted by this law. It also preserves the rights of States and their sub-divisions from adopting/enforcing rules and regulations relating to environmental protection, health and safety. Sec. 2114 - Office of Chemical Facility Security This section establishes the Office of Chemical Facility Security within DHS. It also provides for qualifications and selection of a Director to head that office. Sec. 2115 - Security Background Checks Of Covered Individuals At Certain Chemical Facilities This section establishes the requirement to provide regulatory direction on the requirements for conducting background checks of for employees at covered chemical facilities that have access to restricted or critical areas at those facilities. It also provides for requirements for redress and prohibitions against unauthorized use of the information or process associated with those background checks. It also establishes what types of information uncovered in those background checks would be grounds for denying access. Sec. 2116 - Civil Actions This section provides that anyone can bring a civil action in US District Court against covered facilities or the government to enforce provisions of this Act. Sec. 2117 - Annual Report to Congress This section requires the Secretary to provide an annual report to the relevant committees in the House and Senate on the progress under this Act. Sec. 2118 - Authorization of Appropriations This section provides for the following appropriations to support the provisions of this Act:

FY2011 - $325 million ($100 million for methods to reduce consequences of terrorist attack) FY2012 - $300 million ($75 million for methods to reduce consequences of terrorist attack) FY2013 - $275 million ($50 million for methods to reduce consequences of terrorist attack)

This section also would repeal §550 of the Department of Homeland Security Appropriations Act, 2007 (Public Law 109–295). It would also authorize the Secretary as much of the current CFATS regulations as appropriate to enforce the provisions of this Act. The Secretary would be required to establish a timeline for facilities that have already completed their SVA or SSP submissions under the current regulations to re-submit to comply with the new requirements in this Act. Finally this section gives the Secretary six months to publish an NPRM for implementing these new requirements and publishing a final rule within 18 months.