Today the House Homeland Security Committee held a
hearing on the CFATS program. This hearing was with government witnesses only
and provided Members with a chance to closely question Director Wulf of DHS Infrastructure
Security Compliance Division. A video
of the hearing is available on the Committee web site.
Witnesses
The two government witnesses at today’s hearing were:
• David Wulf, DHS – Testimony;
and
Their initial testimony at the hearing contained no new
information. Wulf summarized the advances that the CFATS program had undergone
since the 2014 authorization bill was passed. Similarly, Anderson summarized the
issues that GAO had previously identified in reports issued through last summer
and the actions that GAO has verified that ISCD had undertaken to comply with
the recommendations from those reports.
Hearing Overview
This is the first full Committee hearing on the CFATS program
since the 2014 reauthorization bill was passed. The Committee has had a mixed
past on how it has looked at the CFATS program depending on which party was in
control of Congress. While both parties have broadly supported the CFATS
program, the Democrats have tended to be more supportive of environmental and
safety advocates view points on chemical safety issues and Republicans more
supportive of business interests.
Interestingly today we saw an internal conflict between the
majority and minority at the very start of the meeting. Apparently, the
Republicans had asked for a non-governmental witness (probably from one of the
many affected industry associations) to participate in today’s hearing and that
was disallowed by Chairman Thompson since the hearing was being limited to
governmental witnesses.
Thompson faced similar conflicts during the last two
sessions of Congress as the Ranking Member and utilized the Minority’s right to
hold separate hearings to get their views on the record. Rep. Rogers (R,AL) the
Ranking Member, formally asked for a separate hearing today to hear from their witness.
It will be interesting to see how these minor conflicts (at
least it looks like today’s problem was relatively minor) affect future
operations of the Committee.
Information Sharing
As I noted in my discussions about last session’s CFATS
hearing, the Democrats are certainly looking at the CFATS reauthorization
process as a chance to address information sharing about chemical hazards.
Thompson in particular wants to ensure that the problems encountered at the
West Fertilizer incident are not repeated.
There were a number of questions to Wulf about the efforts
that ISCD has undertaken to ensure that information about chemical hazards at
CFATS facilities is shared with first responders. Wulf noted that facilities
are required to coordinate with local police and emergency response personnel
as part of their Site Security Plan (SSP) processes. Failure to effect that
coordination would be cause for disapproval of an SSP or failing an SSP
compliance inspection.
Wulf also reported in response to questions by Rep. Torres-Small
(D,NM) that ISCD had placed ‘outreach officials’ at each regional office to aid
in the outreach process with State and local officials.
Cybersecurity
Cybersecurity was another topic that brought questions from
multiple Committee Members. Wulf received multiple questions about ‘cybersecurity
requirements’. He noted that there were no specific ‘requirements’ since the
CFATS regulations rely on risk-base performance standards that allow facilities
to craft security measures specific to the risks at their facilities.
In response to a question by Rep. Langevin (D,RI), Anderson
noted that GAO had not taken a specific look at cybersecurity processes within
the CFATS program, but as a general matter they had concerns throughout DHS
about the human resources that the Department had for supporting cybersecurity
matters. Wulf noted that all chemical security inspectors (CSI) had ‘basic’
cybersecurity training; about half had an additional two-weeks of specific
cybersecurity training and there was a limited number of cybersecurity subject
matter expert CSI that provided specific support where needed.
Rep. Slotkin (D,MI) had some questions about cybersecurity
threat awareness within ISCD. Wulf noted that DHS NCCIC was responsible for
tracking cybersecurity threats and vulnerabilities. He also reported that there
is an active information sharing process between NCCIC and ISCD. He also
explained that as new threats are identified, facilities are notified and are
prepared to put additional security measures into place as required.
Inherently Safer Technology
Wulf was handed a number of questions about the potential of
adding requirements for implementing inherently safer technology (IST) to the
CFATS program. He noted that over the years in which the CFATS program has been
in operation over 3,000 facilities had been removed from the program by
implementing various IST processes. Wulf admitted that the information
collected by ISCD as those facilities left the program could provide
information that could prove valuable for both facilities in the CFATS program
and the 30,000 plus other facilities that have reported to ISCD via Top Screens
but were not included in the program. Currently, ISCD does not have a process
for that information sharing.
Fusion Centers
Rep. Rose (D,NY) asked an interesting series of questions
about CFATS and fusion centers (a topic that I had never heard before). Wulf
reported that ISCD has supported a number of fusion centers with CSI. Details were
spare, but it sounded like specific CSI or CSI supervisors were in contact with
fusion centers, not stationed with fusion centers full-time.
Commentary
For the most part I was pleasantly surprised at the general
lack of speechifying during the questioning phase of this hearing. For most of
the nearly two-hour long hearing, reasonably well-informed questions were posed
to Wulf and Anderson with sufficient time allowed for responses.
Thompson is definitely interested in moving CFATS
authorization legislation quickly to the President. He does not want to see a
repeat of last year’s slow playing legislation leading to a near shutdown of
the program. It will be interesting to see how quickly the staff crafts a bill
to introduce over Thompson’s and Roger’s sponsorship. It will be interesting to
see if Thompson can rope the leadership from the House Energy and Commerce
Committee into cosponsoring such legislation like he did with the short-term
reauthorization last month.
One delaying factor may be the need for a subcommittee
hearing to look at cybersecurity concerns. The Cybersecurity and Infrastructure
Subcommittee held a hearing
last year, but it did not focus on cybersecurity. We may see Rep. Richmond
(D,LA) hold a more cybersecurity focused hearing next month. That hearing would
be interesting given the presence of both Reps. Slotkin (D,MI) and Langevin
(D,RI) on the Subcommittee.
Posts
No comments:
Post a Comment