[Congressional Bills 107th Congress]
[From the U.S. Government Publishing Office]
[S. 3037 Introduced in Senate (IS)]







107th CONGRESS
  2d Session
                                S. 3037

To amend the Federal Water Pollution Control Act to improve protection 
 of treatment works from terrorist and other harmful intentional acts, 
                        and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                            October 3, 2002

 Mr. Jeffords introduced the following bill; which was read twice and 
       referred to the Committee on Environment and Public Works

_______________________________________________________________________

                                 A BILL


 
To amend the Federal Water Pollution Control Act to improve protection 
 of treatment works from terrorist and other harmful intentional acts, 
                        and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Wastewater Treatment Works Security 
and Safety Act''.

SEC. 2. PROTECTION FROM TERRORIST AND OTHER HARMFUL INTENTIONAL ACTS.

    Title II of the Federal Water Pollution Control Act (33 U.S.C. 1281 
et seq.) is amended by adding at the end the following:

``SEC. 222. PROTECTION FROM TERRORIST AND OTHER HARMFUL INTENTIONAL 
              ACTS.

    ``(a) Definitions.--In this section:
            ``(1) Covered treatment works.--
                    ``(A) In general.--The term `covered treatment 
                works' means a treatment works that--
                            ``(i) serves at least 25,000 individuals; 
                        or
                            ``(ii) as determined by the Administrator 
                        before December 15, 2002, based on the factors 
                        described in subparagraph (B), presents a 
                        sufficient security risk to remain subject to 
                        this section.
                    ``(B) Factors for inclusion of treatment works.--
                The factors referred to in subparagraph (A) are--
                            ``(i) the likelihood that the treatment 
                        works will be the target of a harmful 
                        intentional act;
                            ``(ii) the consequences that would result 
                        if the treatment works were the target of a 
                        harmful intentional act; and
                            ``(iii) such other security factors as the 
                        Administrator determines to be necessary to 
                        protect--
                                    ``(I) public health, safety, and 
                                welfare;
                                    ``(II) critical infrastructure; and
                                    ``(III) national security.
            ``(2) Emergency response plan.--The term `emergency 
        response plan' means a plan that a covered treatment works is 
        required to prepare or revise, and submit to the Administrator, 
        under subsection (c).
            ``(3) Harmful intentional act.--The term `harmful 
        intentional act' means a terrorist attack or other intentional 
        act carried out with respect to a covered treatment works that 
        is intended--
                    ``(A) to substantially disrupt the ability of the 
                covered treatment works to provide safe and reliable--
                            ``(i) conveyance and treatment of 
                        wastewater; and
                            ``(ii) disposal of effluent;
                    ``(B) to damage critical infrastructure;
                    ``(C) to have an adverse effect on the environment; 
                or
                    ``(D) to otherwise pose a significant threat to 
                public health or safety.
            ``(4) Vulnerability assessment.--The term `vulnerability 
        assessment' means an assessment that a covered treatment works 
        is required to conduct and submit to the Administrator under 
        subsection (b)(1).
    ``(b) Vulnerability Assessments.--
            ``(1) Covered treatment works.--
                    ``(A) In general.--Using appropriate tools (such as 
                available vulnerability self-assessment tools), each 
                covered treatment works shall conduct and submit to the 
                Administrator an assessment of the vulnerability of the 
                covered treatment works to a harmful intentional act.
                    ``(B) Deadline for submission.--Each covered 
                treatment works shall submit a vulnerability assessment 
                to the Administrator--
                            ``(i) in the case of a covered treatment 
                        works described in subsection (a)(1)(A)(i), by 
                        not later than May 15, 2003; and
                            ``(ii) in the case of a covered treatment 
                        works described in subsection (a)(1)(A)(ii), by 
                        such date as shall be determined by the 
                        Administrator.
            ``(2) Required elements.--At a minimum, a vulnerability 
        assessment shall consist of a review of--
                    ``(A) the pipes and constructed conveyances, 
                physical barriers, treatment, storage, and disposal 
                facilities, and electronic, computer, and other 
                automated systems, that are used by the covered 
                treatment works;
                    ``(B) the use, storage, or handling of various 
                chemicals at the covered treatment works;
                    ``(C) plans and procedures of the covered treatment 
                works, to ensure, to the maximum extent practicable, 
                continued provision of service; and
                    ``(D) critical records and documents of the covered 
                treatment works.
    ``(c) Emergency Response Plan.--
            ``(1) In general.--Not later than 180 days after a covered 
        treatment works completes a vulnerability assessment in 
        accordance with subsection (b), the covered treatment works 
        shall prepare or revise, as necessary, and submit to the 
        Administrator, an emergency response plan that incorporates the 
        results of the vulnerability assessment.
            ``(2) Required elements.--The emergency response plan shall 
        include plans, procedures, identification of equipment, and 
        other activities that can--
                    ``(A) be implemented or used in the event of a 
                harmful intentional act carried out with respect to the 
                covered treatment works; and
                    ``(B) reduce or significantly lessen the impacts of 
                a harmful intentional act carried out with respect to 
                the covered treatment works.
            ``(3) Coordination with local emergency plans.--In 
        preparing or revising emergency response plans under this 
        subsection, a covered treatment works shall, to the maximum 
        extent practicable, coordinate with local emergency plans.
            ``(4) Record maintenance.--Each covered treatment works 
        shall maintain a copy of the emergency response plan prepared 
        or revised under paragraph (1), and any additional revisions to 
        such a plan completed after the date referred to in paragraph 
        (1), for a period of not less than 5 years after the date on 
        which the plan or revisions are submitted to the Administrator.
    ``(d) Requirements Relating to Vulnerability Assessments and 
Emergency Response Plans.--
            ``(1) Provision of vulnerability assessments to state and 
        local governments.--No covered treatment works shall be 
        required under State or local law to provide a vulnerability 
        assessment or emergency response plan to any State, regional, 
        or local governmental entity unless the State or local 
        government has in effect a law that requires submission of such 
        an assessment or plan to the State, regional, or local 
        governmental entity.
            ``(2) Exemption of information from disclosure.--
                    ``(A) In general.--Except as provided in 
                subparagraph (B), all information provided to the 
                Administrator under subsections (b) and (c), and all 
                information derived from that information, shall be 
                exempt from disclosure under section 552 of title 5, 
                United States Code.
                    ``(B) No exception.--Subparagraph (A) does not 
                apply to information contained in a vulnerability 
                assessment or emergency response plan that identifies--
                            ``(i) the covered treatment works 
                        submitting the vulnerability assessment or 
                        emergency response plan; or
                            ``(ii) the date of completion of the 
                        vulnerability assessment or emergency response 
                        plan.
            ``(3) Protocols to protect vulnerability assessments and 
        emergency response plans from unauthorized disclosure.--
                    ``(A) In general.--Not later than December 15, 
                2002, the Administrator, in consultation with 
                appropriate Federal law enforcement and intelligence 
                officials, shall develop such protocols as are 
                necessary to protect vulnerability assessments and 
                emergency response plans from unauthorized disclosure.
                    ``(B) Protocols.--The protocols shall ensure that--
                            ``(i) each copy of a vulnerability 
                        assessment or emergency response plan, and all 
                        information contained in or derived from the 
                        vulnerability assessment or emergency response 
                        plan, is kept in a secure location;
                            ``(ii) only individuals designated by the 
                        Administrator have access to the copies of the 
                        vulnerability assessments and emergency 
                        response plans; and
                            ``(iii) no copy of a vulnerability 
                        assessment, part of a vulnerability assessment 
                        or emergency response plan, or information 
                        contained in or derived from a vulnerability 
                        assessment or emergency response plan, is 
                        available to any individual other than an 
                        individual designated by the Administrator 
                        under clause (ii).
            ``(4) Criminal penalties for unauthorized disclosure.--
                    ``(A) In general.--Except as provided in 
                subparagraph (B), any individual referred to in 
                paragraph (3)(B)(ii) who acquires a copy of a 
                vulnerability assessment or emergency response plan, a 
                part of a vulnerability assessment or emergency 
                response plan, or any information contained in or 
                derived from a vulnerability assessment or emergency 
                response plan, and who knowingly or recklessly reveals 
                the copy, part, or information (other than in 
                accordance with subparagraph (B)) shall--
                            ``(i) be imprisoned not more than 1 year, 
                        fined in accordance with chapter 227 of title 
                        18, United States Code (applicable to class A 
                        misdemeanors), or both; and
                            ``(ii) if employed by the Federal 
                        Government, be removed from Federal employment 
                        for the lifetime of the individual.
                    ``(B) Exceptions.--Any individual referred to in 
                paragraph (3)(B)(ii)--
                            ``(i) may disclose a copy, a part, or 
                        information referred to in subparagraph (A)--
                                    ``(I) to any individual designated 
                                by the Administrator under paragraph 
                                (3)(B)(ii); or
                                    ``(II) for use under seal in any 
                                administrative or judicial proceeding 
                                relating to imposition of a penalty for 
                                failure to comply with this section; or
                            ``(ii) if the individual is an officer or 
                        employee of the United States, may discuss the 
                        contents of a vulnerability assessment or 
                        emergency response plan with a State or local 
                        official who the Administrator determines needs 
                        to know those contents.
            ``(5) Provision of information to congress.--Nothing in 
        this subsection authorizes any person to withhold any 
        information from Congress or from any committee or subcommittee 
        of Congress.
    ``(e) Grants for Compliance and Basic Security Enhancements.--
            ``(1) In general.--The Administrator, in coordination with 
        State and local governments, may make grants to covered 
        treatment works--
                    ``(A) to assist in compliance with subsections (b) 
                and (c); and
                    ``(B) to pay the costs of implementing basic 
                security enhancements of critical importance, and 
                otherwise addressing significant threats of harmful 
                intentional acts, identified under a vulnerability 
                assessment.
            ``(2) Types of basic security enhancements.--The basic 
        security enhancements referred to in paragraph (1)(B) are--
                    ``(A) purchase and installation of equipment for 
                detection of intruders;
                    ``(B) purchase and installation of fencing, gating, 
                lighting, or security cameras;
                    ``(C) tamperproofing of manhole covers, fire 
                hydrants, and valve boxes;
                    ``(D) rekeying of doors and locks;
                    ``(E) improvements to electronic, computer, and 
                other automated systems and remote security systems;
                    ``(F) participation in training programs, and 
                purchase of training manuals and guidance materials, 
                relating to security against harmful intentional acts;
                    ``(G) improvements in the use, storage, or handling 
                of chemicals;
                    ``(H) security screening of employees of the 
                covered treatment works or employees of contractor 
                support services; and
                    ``(I) such other equipment and activities as the 
                Administrator determines to be appropriate.
            ``(3) Prohibited expenditures.--The basic security 
        enhancements referred to in paragraph (1)(B) do not include 
        expenditures for--
                    ``(A) personnel costs; or
                    ``(B) monitoring, operation, or maintenance of 
                facilities, equipment, or systems.
    ``(f) Grants To Address Immediate and Urgent Security Needs.--The 
Administrator may make grants to covered treatment works to assist in 
responding to and alleviating any vulnerability to a harmful 
intentional act that the Administrator determines presents an immediate 
and urgent security need.
    ``(g) Assistance to Small Covered Treatment Works.--
            ``(1) Guidance.--The Administrator shall provide guidance 
        to covered treatment works serving a population of fewer than 
        10,000 individuals on how--
                    ``(A) to conduct vulnerability assessments;
                    ``(B) to prepare emergency response plans; and
                    ``(C) to address threats posed by harmful 
                intentional acts.
            ``(2) Grants.--The Administrator may make grants to covered 
        treatment works described in paragraph (1) to carry out 
        activities in accordance with the guidance provided under 
        paragraph (1).
    ``(h) Authorization of Appropriations.--There is authorized to be 
appropriated to carry out this section $185,000,000 for the period of 
fiscal years 2003 through 2007, of which not more than--
            ``(1) $125,000,000 for fiscal year 2003, and such sums as 
        are necessary for each of fiscal years 2004 through 2007, may 
        be used to carry out subsection (e);
            ``(2) $20,000,000 for the period of fiscal years 2003 and 
        2004 may be used to carry out subsection (f); and
            ``(3) $15,000,000 for fiscal year 2003 and such sums as are 
        necessary for each of fiscal years 2004 through 2007, may be 
        used to carry out subsection (g)(2).''.

SEC. 3. RESEARCH AND REVIEW.

    Title II of the Federal Water Pollution Control Act (33 U.S.C. 1281 
et seq.) (as amended by section 2) is amended by adding at the end the 
following:

``SEC. 223. RESEARCH AND REVIEW.

    ``(a) Definitions.--In this section, the terms `covered treatment 
works' and `harmful intentional act' have the meanings given the terms 
in section 222(a).
    ``(b) Review by Administrator.--Not later than 2 years after the 
date of enactment of this section, the Administrator, in coordination 
with appropriate Federal agencies, shall research and review (or enter 
into a contract or cooperative agreement to provide for research and 
review of)--
            ``(1) means by which terrorists or other individuals or 
        groups could carry out harmful intentional acts; and
            ``(2) means by which alternative processes of conveying, 
        treating, and disposing of wastewater could be provided in the 
        event of the destruction, impairment, or disruption of covered 
        treatment works as the result of harmful intentional acts.
    ``(c) Means of Carrying Out Harmful Intentional Acts.--Means 
referred to in subsection (b)(1) include--
            ``(1) means by which pipes and other constructed 
        conveyances used in covered treatment works could be destroyed 
        or otherwise prevented from providing adequate conveyance, 
        pretreatment, treatment, and disposal of wastewater meeting 
        applicable public health standards;
            ``(2) means by which conveyance, pretreatment, treatment, 
        storage, and disposal facilities used by, or in connection 
        with, covered treatment works could be destroyed or otherwise 
        prevented from providing adequate treatment of wastewater 
        meeting applicable public health standards;
            ``(3) means by which pipes, constructed conveyances, 
        pretreatment, treatment, storage, and disposal systems that are 
        used in connection with treatment works could be altered or 
        affected so as to pose a threat to public health, public 
        safety, or the environment;
            ``(4) means by which pipes, constructed conveyances, 
        pretreatment, treatment, storage, and disposal systems that are 
        used in connection with covered treatment works could be 
        reasonably protected from harmful intentional acts;
            ``(5) means by which pipes, constructed conveyances, 
        pretreatment, treatment, storage, and disposal systems could be 
        reasonably secured from use as a means of transportation by 
        terrorists or other individuals or groups who intend to 
        threaten public health or safety; and
            ``(6) means by which information systems, including process 
        controls and supervisory control, data acquisition, and cyber 
        systems, at covered treatment works could be disrupted by 
        terrorists or other individuals or groups.
    ``(d) Considerations.--In carrying out the review under this 
section, the Administrator--
            ``(1) shall ensure that the review reflects the needs of 
        covered treatment works of various sizes and various geographic 
        areas of the United States; and
            ``(2) may consider the vulnerability of, or potential for 
        forced interruption of service for, a region or service area, 
        including the National Capital Area.
    ``(e) Information Sharing.--As soon as practicable after the review 
carried out under this section has been evaluated by the Administrator, 
the Administrator shall disseminate to covered treatment works 
information on the results of the review through the Information 
Sharing and Analysis Center or other appropriate means.
    ``(f) Funding.--There is authorized to be appropriated to carry out 
this section $15,000,000 for the period of fiscal years 2003 through 
2007.''.

SEC. 4. REFINEMENT OF VULNERABILITY ASSESSMENT TOOLS FOR PUBLICLY OWNED 
              TREATMENT WORKS.

    Title II of the Federal Water Pollution Control Act (33 U.S.C. 1281 
et seq.) (as amended by section 3) is amended by adding at the end the 
following:

``SEC. 224. REFINEMENT OF VULNERABILITY ASSESSMENT TOOLS FOR PUBLICLY 
              OWNED TREATMENT WORKS.

    ``(a) Grants.--The Administrator may make grants to 1 or more 
nonprofit organizations for the improvement of vulnerability self-
assessment tools for publicly owned treatment works.
    ``(b) Eligible Activities.--
            ``(1) In general.--Grants provided under this section may 
        be used for--
                    ``(A) developing and distributing vulnerability 
                self-assessment software upgrades;
                    ``(B) improving and enhancing critical technical 
                and user support functions;
                    ``(C) expanding libraries of information addressing 
                both threats and countermeasures; and
                    ``(D) implementing user training initiatives.
            ``(2) Services.--Services described in paragraph (1) shall 
        be provided at no cost to recipients.
    ``(c) Authorization of Appropriations.--There is authorized to be 
appropriated to carry out this section $500,000 for each of fiscal 
years 2003 through 2007, to remain available until expended.''.
                                 <all>