[Congressional Bills 111th Congress]
[From the U.S. Government Publishing Office]
[H.R. 2883 Introduced in House (IH)]

111th CONGRESS
  1st Session
                                H. R. 2883

    To amend the Federal Water Pollution Control Act to provide for 
    security at wastewater treatment works, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                             June 16, 2009

  Ms. Eddie Bernice Johnson of Texas (for herself, Mr. Oberstar, Mr. 
 Filner, and Mrs. Napolitano) introduced the following bill; which was 
     referred to the Committee on Transportation and Infrastructure

_______________________________________________________________________

                                 A BILL


 
    To amend the Federal Water Pollution Control Act to provide for 
    security at wastewater treatment works, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Wastewater Treatment Works Security 
Act of 2009''.

SEC. 2. WASTEWATER TREATMENT WORKS SECURITY.

    Title II of the Federal Water Pollution Control Act (33 U.S.C. 1281 
et seq.) is amended by adding at the end the following:

``SEC. 222. WASTEWATER TREATMENT WORKS SECURITY.

    ``(a) Assessment of Treatment Works Vulnerability.--
            ``(1) In general.--Each owner or operator of a treatment 
        works that stores or uses a substance of concern in quantities 
        deemed by the Administrator to pose a security risk shall 
        conduct a vulnerability assessment of its treatment works.
            ``(2) Vulnerability assessments.--
                    ``(A) Definition.--In this section, the term 
                `vulnerability assessment' means an assessment of the 
                vulnerability of a treatment works to intentional 
                actions that may--
                            ``(i) substantially disrupt the ability of 
                        the treatment works to safely and reliably 
                        operate; or
                            ``(ii) have a substantial adverse effect on 
                        critical infrastructure, public health or 
                        safety, or the environment.
                    ``(B) Review.--A vulnerability assessment shall 
                include an identification of the vulnerability of the 
                treatment works'--
                            ``(i) facilities, systems, and devices used 
                        in the storage, treatment, recycling, or 
                        reclamation of municipal sewage or industrial 
                        wastes;
                            ``(ii) intercepting sewers, outfall sewers, 
                        sewage collection systems, and other 
                        constructed conveyances under the control of 
                        the owner or operator of the treatment works;
                            ``(iii) electronic, computer, and other 
                        automated systems;
                            ``(iv) pumping, power, and other equipment;
                            ``(v) use, storage, and handling of various 
                        chemicals; and
                            ``(vi) operation and maintenance 
                        procedures.
                    ``(C) Site security plan.--A vulnerability 
                assessment shall include a site security plan to 
                identify specific security enhancements, including 
                procedures, countermeasures, or equipment that the 
                owner or operator of a treatment works will implement 
                or utilize to reduce the vulnerabilities identified 
                through the review under subparagraph (B) (including 
                the identification of the extent to which 
                implementation or utilization of such security 
                enhancements may impact the operations of the treatment 
                works in meeting the goals and requirements of this 
                Act).
                    ``(D) Guidelines.--
                            ``(i) In general.--Not later than December 
                        31, 2009, the Administrator, in consultation 
                        with the Secretary of Homeland Security, shall 
                        develop and publish guidelines for carrying out 
                        a vulnerability assessment, consistent with 
                        this section and the goals and requirements of 
                        this Act, and shall periodically revise such 
                        guidelines, as appropriate.
                            ``(ii) Identification and evaluation of 
                        security enhancements.--In developing the 
                        guidelines described in clause (i), the 
                        Administrator shall--
                                    ``(I) identify an array of 
                                potential security enhancements, 
                                including procedures, countermeasures, 
                                or equipment, that the owner or 
                                operator of a treatment works can 
                                implement or utilize to reduce the 
                                vulnerability of the treatment works; 
                                and
                                    ``(II) include information on the 
                                potential effectiveness of such 
                                security enhancements in reducing the 
                                vulnerability of the treatment works.
                            ``(iii) Risk-based evaluation of treatment 
                        works.--
                                    ``(I) In general.--In developing 
                                the guidelines described in clause (i), 
                                the Administrator shall develop 
                                standards for assigning individual 
                                treatment works into 4 risk-based 
                                classifications.
                                    ``(II) Standards for risk-based 
                                classifications.--In developing such 
                                standards, the Administrator shall 
                                consider--
                                            ``(aa) the size of the 
                                        treatment works;
                                            ``(bb) the proximity of the 
                                        treatment works to large 
                                        population centers;
                                            ``(cc) the potential 
                                        adverse impacts of an 
                                        intentional act on the 
                                        operation of the treatment 
                                        works or on critical 
                                        infrastructure, public health 
                                        or safety, or the environment; 
                                        and
                                            ``(dd) any other factor 
                                        which the Administrator 
                                        determines to be appropriate.
                                    ``(III) Criteria for approval.--The 
                                Administrator may assign differing 
                                criteria for the approval of a 
                                vulnerability assessment under 
                                paragraph (4) based on the risk-based 
                                classification of the treatment works.
                            ``(iv) Substance of concern.--
                                    ``(I) In general.--In developing 
                                the guidelines described in clause (i), 
                                the Administrator, in consultation with 
                                the Secretary of Homeland Security, may 
                                designate any chemical substance as a 
                                substance of concern.
                                    ``(II) Threshold quantity.--At the 
                                time a substance is designated pursuant 
                                to subclause (I), the Administrator 
                                shall establish by rule a threshold 
                                quantity for the release or theft of 
                                the substance, taking into account the 
                                toxicity, reactivity, volatility, 
                                dispersability, combustibility, and 
                                flammability of the substance and the 
                                amount of the substance which, as a 
                                result of the release, is known to 
                                cause or may be reasonably anticipated 
                                to cause death, injury, or a 
                                substantial adverse effect to critical 
                                infrastructure, public health or 
                                safety, or the environment.
                                    ``(III) Consideration of existing 
                                standards.--In making a determination 
                                under subclause (I), the Administrator 
                                shall take into account appendix A of 
                                part 27 of title 6, Code of Federal 
                                Regulations (or any successor 
                                regulations).
                            ``(v) Review and revision of vulnerability 
                        assessments.--In developing the guidelines 
                        described in clause (i), the Administrator 
                        shall include--
                                    ``(I) a process for the revision, 
                                if necessary, and resubmission of 
                                vulnerability assessments for treatment 
                                works conducted prior to the date of 
                                enactment of this section to determine 
                                whether they meet the requirements of 
                                this section; and
                                    ``(II) provisions for the periodic 
                                review of vulnerability assessments and 
                                revision of vulnerability assessments 
                                based on new information provided by 
                                the Administrator, in consultation with 
                                the Secretary of Homeland Security, to 
                                the owner or operator of the treatment 
                                works.
            ``(3) Certification and deadlines.--
                    ``(A) Certification.--Each owner or operator of a 
                treatment works referred to in paragraph (1) shall 
                certify to the Administrator that a vulnerability 
                assessment has been conducted for the treatment works 
                and shall submit to the Administrator a written copy of 
                the vulnerability assessment.
                    ``(B) Deadlines.--Certifications and submissions 
                referred to in subparagraph (A) shall be made prior 
                to--
                            ``(i) December 31, 2010, in the case of a 
                        treatment works with a treatment capacity of 
                        15,000,000 gallons per day or greater or that 
                        is assigned to the highest risk-based 
                        classification under the guidelines developed 
                        under paragraph (2)(D);
                            ``(ii) June 30, 2011, in the case of a 
                        treatment works that is assigned to the second 
                        highest risk-based classification under the 
                        guidelines developed under paragraph (2)(D);
                            ``(iii) December 31, 2011, in the case of a 
                        treatment works that is assigned to the third 
                        highest risk-based classification under the 
                        guidelines developed under paragraph (2)(D); 
                        and
                            ``(iv) June 30, 2012, in the case of a 
                        treatment works that is assigned to the lowest 
                        risk-based classification under guidelines 
                        developed under paragraph (2)(D).
            ``(4) Review of vulnerability assessments.--
                    ``(A) In general.--Not later than 180 days after 
                the date on which the Administrator receives a 
                vulnerability assessment under this section, the 
                Administrator shall review and approve or disapprove 
                such assessment.
                    ``(B) Disapproval.--
                            ``(i) In general.--The Administrator shall 
                        disapprove a vulnerability assessment if the 
                        Administrator determines that the vulnerability 
                        assessment does not comply with this section 
                        (including guidelines developed under paragraph 
                        (2)(D)) or implementation of any security 
                        enhancement identified under paragraph (2)(C) 
                        is not consistent with the goals and 
                        requirements of this Act.
                            ``(ii) Limitation on disapproval.--The 
                        Administrator may not disapprove a 
                        vulnerability assessment submitted under this 
                        section based on the implementation of a 
                        particular security enhancement.
                            ``(iii) Provisions of notification of 
                        disapproval.--If the Administrator disapproves 
                        the vulnerability assessment under this 
                        section, the Administrator shall provide the 
                        owner or operator of a treatment works a 
                        written notification of the disapproval that--
                                    ``(I) includes a clear explanation 
                                of deficiencies in the vulnerability 
                                assessment;
                                    ``(II) provides guidance to assist 
                                the owner or operator in addressing 
                                deficiencies; and
                                    ``(III) requires the owner or 
                                operator to revise the vulnerability 
                                assessment to address any deficiencies 
                                and, by such date as the Administrator 
                                determines is appropriate, to submit to 
                                the Administrator a revised 
                                vulnerability assessment.
            ``(5) Prohibition of public disclosure.--
                    ``(A) In general.--The Administrator shall ensure 
                that vulnerability assessments (including site security 
                plans) and other security-related information, records, 
                and documents are not disclosed except as provided in 
                this section.
                    ``(B) Specific prohibitions.--In carrying out 
                paragraph (1), the Administrator shall ensure that any 
                information contained in the vulnerability assessment 
                is not disclosed--
                            ``(i) by any Federal agency under section 
                        552 of title 5, United States Code; or
                            ``(ii) under any State or local law.
                    ``(C) Limitation.--Nothing in this paragraph shall 
                prohibit the sharing of information, as the 
                Administrator, in consultation with the Secretary of 
                Homeland Security, determines to be appropriate, with 
                State and local government officials possessing the 
                necessary security clearances, including law 
                enforcement officials and first responders, for the 
                purpose of carrying out this section.
    ``(b) Grants for Vulnerability Assessments, Security Enhancements, 
and Worker Training Programs.--
            ``(1) In general.--The Administrator may make grants to a 
        State, municipality, or intermunicipal or interstate agency--
                    ``(A) to conduct a vulnerability assessment of a 
                publicly owned treatment works;
                    ``(B) to implement security enhancements listed in 
                paragraph (2) to reduce vulnerabilities identified in 
                an approved vulnerability assessment;
                    ``(C) to implement additional security enhancements 
                to reduce vulnerabilities identified in an approved 
                vulnerability assessment; and
                    ``(D) to provide for security-related training of 
                employees of the treatment works and training for first 
                responders and emergency response providers.
            ``(2) Grants for security enhancements.--
                    ``(A) Preapproved security enhancements.--The 
                Administrator may make a grant to an applicant under 
                paragraph (1)(B) to implement a security enhancement of 
                a treatment works (identified in an approved 
                vulnerability assessment) for 1 or more of the 
                following:
                            ``(i) Purchase and installation of 
                        equipment for access control, intrusion 
                        prevention and delay, and detection of 
                        intruders and hazardous or dangerous 
                        substances, including--
                                    ``(I) barriers, fencing, and gates;
                                    ``(II) security lighting and 
                                cameras;
                                    ``(III) metal grates, wire mesh, 
                                and outfall entry barriers;
                                    ``(IV) securing of manhole covers 
                                and fill and vent pipes;
                                    ``(V) installation and re-keying of 
                                doors and locks; and
                                    ``(VI) smoke, chemical, and 
                                explosive mixture detection systems.
                            ``(ii) Security improvements to electronic, 
                        computer, or other automated systems and remote 
                        security systems, including controlling access 
                        to such systems, intrusion detection and 
                        prevention, and system backup.
                            ``(iii) Participation in training programs 
                        and the purchase of training manuals and 
                        guidance materials relating to security.
                            ``(iv) Security screening of employees or 
                        contractor support services.
                    ``(B) Additional security enhancements.--
                            ``(i) In general.--The Administrator may 
                        make grants under paragraph (1)(C) to an 
                        applicant for additional security enhancements 
                        not listed in subparagraph (A) that are 
                        identified in an approved vulnerability 
                        assessment.
                            ``(ii) Eligibility.--To be eligible for a 
                        grant under this subparagraph, an applicant 
                        must have an approved vulnerability assessment 
                        and shall submit an application to the 
                        Administrator containing such information as 
                        the Administrator may request.
                    ``(C) Limitation on use of funds.--Grants under 
                this paragraph may not be used for personnel costs or 
                operation or maintenance of facilities, equipment, or 
                systems.
                    ``(D) Federal share.--The Federal share of the cost 
                of activities funded by a grant under paragraph (1) may 
                not exceed 75 percent.
    ``(c) Technical Assistance for Small Publicly Owned Treatment 
Works.--
            ``(1) Security assessment and planning assistance.--The 
        Administrator, in coordination with the States, may provide 
        technical guidance and assistance to small publicly owned 
        treatment works on conducting a vulnerability assessment and 
        implementation of security enhancements to reduce 
        vulnerabilities identified in an approved vulnerability 
        assessment. Such assistance may include technical assistance 
        programs, training, and preliminary engineering evaluations.
            ``(2) Participation by nonprofit organizations.--The 
        Administrator may make grants to nonprofit organizations to 
        assist in accomplishing the purposes of this subsection.
            ``(3) Small publicly owned treatment works defined.--In 
        this subsection, the term `small publicly owned treatment 
        works' means a publicly owned treatment works that services a 
        population of fewer than 10,000 persons.
    ``(d) Authorization of Appropriations.--There is authorized to be 
appropriated annually to the Administrator for fiscal years 2010 
through 2014--
            ``(1) $200,000,000 for making grants under subsection (b); 
        and
            ``(2) $15,000,000 for providing technical assistance under 
        subsection (c).
Such sums shall remain available until expended.''.
                                 <all>