Wednesday, February 27, 2019

CFATS Hearing – 02-27-19

Today the House Homeland Security Committee held a hearing on the CFATS program. This hearing was with government witnesses only and provided Members with a chance to closely question Director Wulf of DHS Infrastructure Security Compliance Division. A video of the hearing is available on the Committee web site.


The two government witnesses at today’s hearing were:

• David Wulf, DHS – Testimony; and
Nathan Anderson, GAO – Testimony

Their initial testimony at the hearing contained no new information. Wulf summarized the advances that the CFATS program had undergone since the 2014 authorization bill was passed. Similarly, Anderson summarized the issues that GAO had previously identified in reports issued through last summer and the actions that GAO has verified that ISCD had undertaken to comply with the recommendations from those reports.

Hearing Overview

This is the first full Committee hearing on the CFATS program since the 2014 reauthorization bill was passed. The Committee has had a mixed past on how it has looked at the CFATS program depending on which party was in control of Congress. While both parties have broadly supported the CFATS program, the Democrats have tended to be more supportive of environmental and safety advocates view points on chemical safety issues and Republicans more supportive of business interests.

Interestingly today we saw an internal conflict between the majority and minority at the very start of the meeting. Apparently, the Republicans had asked for a non-governmental witness (probably from one of the many affected industry associations) to participate in today’s hearing and that was disallowed by Chairman Thompson since the hearing was being limited to governmental witnesses.

Thompson faced similar conflicts during the last two sessions of Congress as the Ranking Member and utilized the Minority’s right to hold separate hearings to get their views on the record. Rep. Rogers (R,AL) the Ranking Member, formally asked for a separate hearing today to hear from their witness.

It will be interesting to see how these minor conflicts (at least it looks like today’s problem was relatively minor) affect future operations of the Committee.

Information Sharing

As I noted in my discussions about last session’s CFATS hearing, the Democrats are certainly looking at the CFATS reauthorization process as a chance to address information sharing about chemical hazards. Thompson in particular wants to ensure that the problems encountered at the West Fertilizer incident are not repeated.

There were a number of questions to Wulf about the efforts that ISCD has undertaken to ensure that information about chemical hazards at CFATS facilities is shared with first responders. Wulf noted that facilities are required to coordinate with local police and emergency response personnel as part of their Site Security Plan (SSP) processes. Failure to effect that coordination would be cause for disapproval of an SSP or failing an SSP compliance inspection.

Wulf also reported in response to questions by Rep. Torres-Small (D,NM) that ISCD had placed ‘outreach officials’ at each regional office to aid in the outreach process with State and local officials.


Cybersecurity was another topic that brought questions from multiple Committee Members. Wulf received multiple questions about ‘cybersecurity requirements’. He noted that there were no specific ‘requirements’ since the CFATS regulations rely on risk-base performance standards that allow facilities to craft security measures specific to the risks at their facilities.

In response to a question by Rep. Langevin (D,RI), Anderson noted that GAO had not taken a specific look at cybersecurity processes within the CFATS program, but as a general matter they had concerns throughout DHS about the human resources that the Department had for supporting cybersecurity matters. Wulf noted that all chemical security inspectors (CSI) had ‘basic’ cybersecurity training; about half had an additional two-weeks of specific cybersecurity training and there was a limited number of cybersecurity subject matter expert CSI that provided specific support where needed.

Rep. Slotkin (D,MI) had some questions about cybersecurity threat awareness within ISCD. Wulf noted that DHS NCCIC was responsible for tracking cybersecurity threats and vulnerabilities. He also reported that there is an active information sharing process between NCCIC and ISCD. He also explained that as new threats are identified, facilities are notified and are prepared to put additional security measures into place as required.

Inherently Safer Technology

Wulf was handed a number of questions about the potential of adding requirements for implementing inherently safer technology (IST) to the CFATS program. He noted that over the years in which the CFATS program has been in operation over 3,000 facilities had been removed from the program by implementing various IST processes. Wulf admitted that the information collected by ISCD as those facilities left the program could provide information that could prove valuable for both facilities in the CFATS program and the 30,000 plus other facilities that have reported to ISCD via Top Screens but were not included in the program. Currently, ISCD does not have a process for that information sharing.

Fusion Centers

Rep. Rose (D,NY) asked an interesting series of questions about CFATS and fusion centers (a topic that I had never heard before). Wulf reported that ISCD has supported a number of fusion centers with CSI. Details were spare, but it sounded like specific CSI or CSI supervisors were in contact with fusion centers, not stationed with fusion centers full-time.


For the most part I was pleasantly surprised at the general lack of speechifying during the questioning phase of this hearing. For most of the nearly two-hour long hearing, reasonably well-informed questions were posed to Wulf and Anderson with sufficient time allowed for responses.

Thompson is definitely interested in moving CFATS authorization legislation quickly to the President. He does not want to see a repeat of last year’s slow playing legislation leading to a near shutdown of the program. It will be interesting to see how quickly the staff crafts a bill to introduce over Thompson’s and Roger’s sponsorship. It will be interesting to see if Thompson can rope the leadership from the House Energy and Commerce Committee into cosponsoring such legislation like he did with the short-term reauthorization last month.

One delaying factor may be the need for a subcommittee hearing to look at cybersecurity concerns. The Cybersecurity and Infrastructure Subcommittee held a hearing last year, but it did not focus on cybersecurity. We may see Rep. Richmond (D,LA) hold a more cybersecurity focused hearing next month. That hearing would be interesting given the presence of both Reps. Slotkin (D,MI) and Langevin (D,RI) on the Subcommittee.

No comments:

/* Use this with templates/template-twocol.html */